Merge branch 'master' of https://github.com/MoonchildProductions/UXP into pm_url_1

686 files changed, 38873 insertions, 64802 deletions

diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md
new file mode 100644
index 000000000..7acdedb4f
--- /dev/null
+++ b/.github/CONTRIBUTING.md
@@ -0,0 +1,86 @@
+# Code contribution guidelines

+

+To make sure code changes remain easy to organize, find and troubleshoot, please use the following guidelines when contributing code to the Pale Moon project (and UXP). These guidelines may, for some of you, sound tedious or more work than you'd prefer to put in, but keep in mind that a single paragraph of explanation with a code commit can save hours of work later on, and code comments can save your hide when trying to debug or improve code.

+

+## General guideline for issues

+

+Issues are the main drivers behind getting code changes accepted into our source tree. Issues should be opened, and properly labeled, for any of the following:

+- Code bugs (broken functionality)

+- Regressions (functionality that worked before but has either stopped working, is working in a different way than intended, or e.g. has become poorly performing)

+- Enhancements (new code/features)

+- Improvements (better/improved way of existing functionality)

+- General development direction goals (META issues)

+

+Labels should mostly be assigned to issues, not pull requests (PRs).

+

+Issues opened should, where possible, only address one thing at a time. Never roll multiple bugs or enhancements that aren't directly required to be done at the same time into a single issue.

+

+Issues should include:

+### For bugs

+- Description of the bug

+- Affected versions/features

+- Steps to reproduce the bug

+- Expected result when performing the steps

+- Actual result when performing the steps

+### For regressions

+- Description of the regression

+- Affected versions/features

+- What the previous behavior was

+- What the current (incorrect) behavior is

+### For enhancements and improvements

+- Description of the enhancement

+- Background: why is this needed or desired?

+- Impact of the enhancement/improvement

+### META issues

+- A general description, including **what** and **why** should be tackled

+- Links from the individual components of the META goal (by referencing from the actual individual issues)

+For META issues it is important that discussion about specific implementation parts are in the individual component issues and not in the META issue, so it can keep a quick overview of linked components that need to be tackled.

+

+

+## General guideline for submitting pull requests

+

+Most of our code changes will likely be submitted by collaborators from our community. This will be ported from other projects (e.g. Mozilla-based code) or new implementations, or a mix. The standard way of getting your code into Pale Moon or UXP is by way of creating a pull request against the master branch (trunk).

+

+A good pull request will:

+- **Have an issue associated with it!** Even though GitHub offers very similar tools for PRs as it does for issues, any reasoning behind code commits in a PR have to be explained in an accompanying issue.

+- Describe in detail **what** the code change attempts to achieve, and **how** it achieves this. If you have references to external sources, e.g. if your code is based on specific code from Mozilla, then including them is of course excellent, but it's important to provide a clear description alongside it.

+- Not just be a list of links or references. See the previous point. References are OK but do not provide a reason by themselves for a code change. Especially with porting code across from other projects, it is important to keep PRs and explanations in our tree and not dependent on third-party sources.

+- Verify that the code is exactly catered to our tree and in line with our feature set(s) and direction. Just 'porting something across because it is in other browsers" is not a reason or justification by itself. If needed, discuss the **why** for a code change in the attached issue before putting work into a PR that may otherwise be rejected.

+- Only address one bug, issue or enhancement. It is extremely important to keep individual code commits separate so that in case of back-outs, this can be done in a controlled and isolated manner.

+- If there are dependencies on other code being checked in, it is important that the PR lists exactly which other PRs need to be checked in first before the one in question can be merged. If at all possible, keep PR interdependency to a minimum.

+

+The odd small minor one-liner pull request may not need an issue dedicated to it, but when it comes to modifying and refactoring chunks of many files, then yes it would be not only nice, but required, to have a chance to have discussion about it before it is accepted into the tree.

+

+PRs that encompass major code changes or touch many files or functions should preferably get a review. Reviewing can be volunteered or requested.

+

+## Code Style

+

+Because our software encompasses many components of which a good portion is third-party, code style can vary significantly throughout our code base. It's therefore important to keep code as consistent as possible.

+

+Important when editing/adding code:

+

+1. Stick to the style of surrounding code. If you're editing code in a module that deviates from our generally-used code style, don't mix in generally-used code style with the deviating code style. E.g. if a source file uses tabs everywhere, and you edit this code, also use tabs. If you feel code style should be rewritten to improve legibility, preferably create a separate issue to change it and do not roll it in with functional code changes!

+2. Use the following guideline where there's no clear deviating style in use:

+    - Put opening function/scope braces at the end of the line.

+    - Align closing braces with the indentation of the first character of the function/scope

+    - Use a line cap of 80 characters. Put continuations on the next line if it overflows.

+    - Use spaces for indentation, and indent scopes 2 spaces.  

+    Example:

+    ```C++

+    nsSVGFilterFrame*

+    nsSVGFilterFrame::GetReferencedFilterIfNotInUse() {

+      nsSVGFilterFrame* referenced = GetReferencedFilter();

+      if (!referenced)

+        return nullptr;

+    

+      if (referenced->mLoopFlag) {

+        // XXXjwatt: we should really send an error to the JavaScript Console here:

+        NS_WARNING("Filter reference loop detected while inheriting attribute!");

+        return nullptr;

+      }

+    

+      return referenced;

+    }

+    ```

+3. Comment your code where prudent! Documenting what you're doing, especially in a complex piece of code, is very important to keep it easy to debug.

+4. Try not to write "as compact as possible" source code. Many languages have facilities to write very compact source code by gluing a lot of statements together on single lines, but you should avoid this to keep it readable. Other people than yourself will be looking at and trying to understand your code, and it's important to keep proper paragraphing, whitespace and above all logical names for variables and functions.

diff --git a/CLOBBER b/CLOBBER
index 5dd4ee07f..ebe3d9f8c 100644
--- a/CLOBBER
+++ b/CLOBBER
@@ -22,4 +22,4 @@
 # changes to stick? As of bug 928195, this shouldn't be necessary! Please
 # don't change CLOBBER for WebIDL changes any more.
 
-Clobber for un-folding browsercomps
\ No newline at end of file
+Clobber for updating ffvpx
diff --git a/application/palemoon/app/profile/palemoon.js b/application/palemoon/app/profile/palemoon.js
index ee4a95d38..20919eca4 100644
--- a/application/palemoon/app/profile/palemoon.js
+++ b/application/palemoon/app/profile/palemoon.js
@@ -756,6 +756,7 @@ pref("goanna.handlerService.allowRegisterFromDifferentHost", false);
 
 pref("browser.geolocation.warning.infoURL", "http://www.palemoon.org/info-url/geolocation.shtml");
 pref("browser.mixedcontent.warning.infoURL", "http://www.palemoon.org/info-url/mixedcontent.shtml");
+pref("browser.push.warning.infoURL", "https://www.mozilla.org/%LOCALE%/firefox/push/");
 
 pref("browser.EULA.version", 3);
 pref("browser.rights.version", 3);
diff --git a/application/palemoon/base/content/browser-fullScreen.js b/application/palemoon/base/content/browser-fullScreen.js
index 400340e77..73b10ae85 100644
--- a/application/palemoon/base/content/browser-fullScreen.js
+++ b/application/palemoon/base/content/browser-fullScreen.js
@@ -354,11 +354,10 @@ var FullScreen = {
                            "fullscreen",
                            Services.perms.ALLOW_ACTION,
                            Services.perms.EXPIRE_SESSION);
-        let host = uri.host;
         var onFullscreenchange = function onFullscreenchange(event) {
           if (event.target == document && document.mozFullScreenElement == null) {
             // The chrome document has left fullscreen. Remove the temporary permission grant.
-            Services.perms.remove(host, "fullscreen");
+            Services.perms.remove(uri, "fullscreen");
             document.removeEventListener("mozfullscreenchange", onFullscreenchange);
           }
         }
diff --git a/application/palemoon/base/content/browser-plugins.js b/application/palemoon/base/content/browser-plugins.js
index 769ac6d8a..838268203 100644
--- a/application/palemoon/base/content/browser-plugins.js
+++ b/application/palemoon/base/content/browser-plugins.js
@@ -470,28 +470,12 @@ var gPluginHandler = {
     }
   },
 
-  // Match the behaviour of nsPermissionManager
-  _getHostFromPrincipal: function PH_getHostFromPrincipal(principal) {
-    if (!principal.URI || principal.URI.schemeIs("moz-nullprincipal")) {
-      return "(null)";
-    }
-
-    try {
-      if (principal.URI.host)
-        return principal.URI.host;
-    } catch (e) {}
-
-    return principal.origin;
-  },
-
   _makeCenterActions: function PH_makeCenterActions(notification) {
     let contentWindow = notification.browser.contentWindow;
     let cwu = contentWindow.QueryInterface(Ci.nsIInterfaceRequestor)
                            .getInterface(Ci.nsIDOMWindowUtils);
 
     let principal = contentWindow.document.nodePrincipal;
-    // This matches the behavior of nsPermssionManager, used for display purposes only
-    let principalHost = this._getHostFromPrincipal(principal);
 
     let centerActions = [];
     let pluginsFound = new Set();
@@ -517,11 +501,11 @@ var gPluginHandler = {
       let permissionObj = Services.perms.
         getPermissionObject(principal, pluginInfo.permissionString, false);
       if (permissionObj) {
-        pluginInfo.pluginPermissionHost = permissionObj.host;
+        pluginInfo.pluginPermissionPrePath = permissionObj.principal.originNoSuffix;
         pluginInfo.pluginPermissionType = permissionObj.expireType;
       }
       else {
-        pluginInfo.pluginPermissionHost = principalHost;
+        pluginInfo.pluginPermissionPrePath = principal.originNoSuffix;
         pluginInfo.pluginPermissionType = undefined;
       }
 
diff --git a/application/palemoon/base/content/browser.js b/application/palemoon/base/content/browser.js
index 5fe475338..bfdc1e30b 100644
--- a/application/palemoon/base/content/browser.js
+++ b/application/palemoon/base/content/browser.js
@@ -86,14 +86,8 @@ this.__defineSetter__("AddonManager", function (val) {
   return this.AddonManager = val;
 });
 
-this.__defineGetter__("PluralForm", function() {
-  Cu.import("resource://gre/modules/PluralForm.jsm");
-  return this.PluralForm;
-});
-this.__defineSetter__("PluralForm", function (val) {
-  delete this.PluralForm;
-  return this.PluralForm = val;
-});
+XPCOMUtils.defineLazyModuleGetter(this, "PluralForm",
+  "resource://gre/modules/PluralForm.jsm");
 
 XPCOMUtils.defineLazyModuleGetter(this, "AboutHomeUtils",
   "resource:///modules/AboutHomeUtils.jsm");
diff --git a/application/palemoon/base/content/pageinfo/pageInfo.js b/application/palemoon/base/content/pageinfo/pageInfo.js
index 83f0ddb91..6b02bc370 100644
--- a/application/palemoon/base/content/pageinfo/pageInfo.js
+++ b/application/palemoon/base/content/pageinfo/pageInfo.js
@@ -1112,8 +1112,9 @@ var imagePermissionObserver = {
         var row = getSelectedRow(imageTree);
         var item = gImageView.data[row][COL_IMAGE_NODE];
         var url = gImageView.data[row][COL_IMAGE_ADDRESS];
-        if (makeURI(url).host == permission.host)
+        if (permission.matchesURI(makeURI(url), true)) {
           makeBlockImage(url);
+        }
       }
     }
   }
diff --git a/application/palemoon/base/content/pageinfo/permissions.js b/application/palemoon/base/content/pageinfo/permissions.js
index 2fa0cc303..68261ce6e 100644
--- a/application/palemoon/base/content/pageinfo/permissions.js
+++ b/application/palemoon/base/content/pageinfo/permissions.js
@@ -98,7 +98,7 @@ var permissionObserver = {
     if (aTopic == "perm-changed") {
       var permission = aSubject.QueryInterface(
                        Components.interfaces.nsIPermission);
-      if (permission.host == gPermURI.host) {
+      if (permission.matchesURI(gPermURI, true)) {
         if (permission.type in gPermObj)
           initRow(permission.type);
         else if (permission.type.startsWith("plugin"))
@@ -119,7 +119,7 @@ function onLoadPermission(principal)
     gPermURI = uri;
     gPermPrincipal = principal;
     var hostText = document.getElementById("hostText");
-    hostText.value = gPermURI.host;
+    hostText.value = gPermURI.prePath;
 
     for (var i in gPermObj)
       initRow(i);
diff --git a/application/palemoon/base/content/urlbarBindings.xml b/application/palemoon/base/content/urlbarBindings.xml
index 3d22b2de4..985769ec2 100644
--- a/application/palemoon/base/content/urlbarBindings.xml
+++ b/application/palemoon/base/content/urlbarBindings.xml
@@ -1370,8 +1370,8 @@
             return;
           }
 
-          let host = gPluginHandler._getHostFromPrincipal(this.notification.browser.contentWindow.document.nodePrincipal);
-          this._setupDescription("pluginActivateMultiple.message", null, host);
+          let prePath = this.notification.browser.contentWindow.document.nodePrincipal.URI.prePath;
+          this._setupDescription("pluginActivateMultiple.message", null, prePath);
 
           var showBox = document.getAnonymousElementByAttribute(this, "anonid", "plugin-notification-showbox");
 
@@ -1410,7 +1410,7 @@
       <method name="_setupSingleState">
         <body><![CDATA[
           var action = this.notification.options.centerActions[0];
-          var host = action.pluginPermissionHost;
+          var prePath = action.pluginPermissionPrePath;
 
           let label, linkLabel, linkUrl, button1, button2;
 
@@ -1505,7 +1505,7 @@
               Cu.reportError(Error("Unexpected blocklist state"));
             }
           }
-          this._setupDescription(label, action.pluginName, host);
+          this._setupDescription(label, action.pluginName, prePath);
           this._setupLink(linkLabel, action.detailsLink);
 
           this._primaryButton.label = gNavigatorBundle.getString(button1.label);
@@ -1526,7 +1526,7 @@
       <method name="_setupDescription">
         <parameter name="baseString" />
         <parameter name="pluginName" /> <!-- null for the multiple-plugin case -->
-        <parameter name="host" />
+        <parameter name="prePath" />
         <body><![CDATA[
           var bsn = this._brandShortName;
           var span = document.getAnonymousElementByAttribute(this, "anonid", "click-to-play-plugins-notification-description");
@@ -1534,17 +1534,17 @@
             span.removeChild(span.lastChild);
           }
 
-          var args = ["__host__", this._brandShortName];
+          var args = ["__prepath__", this._brandShortName];
           if (pluginName) {
             args.unshift(pluginName);
           }
           var bases = gNavigatorBundle.getFormattedString(baseString, args).
-            split("__host__", 2);
+            split("__prepath__", 2);
 
           span.appendChild(document.createTextNode(bases[0]));
-          var hostSpan = document.createElementNS("http://www.w3.org/1999/xhtml", "em");
-          hostSpan.appendChild(document.createTextNode(host));
-          span.appendChild(hostSpan);
+          var prePathSpan = document.createElementNS("http://www.w3.org/1999/xhtml", "em");
+          prePathSpan.appendChild(document.createTextNode(prePath));
+          span.appendChild(prePathSpan);
           span.appendChild(document.createTextNode(bases[1] + " "));
         ]]></body>
       </method>
diff --git a/application/palemoon/components/nsBrowserGlue.js b/application/palemoon/components/nsBrowserGlue.js
index 225cddd52..6563df4e6 100644
--- a/application/palemoon/components/nsBrowserGlue.js
+++ b/application/palemoon/components/nsBrowserGlue.js
@@ -39,6 +39,9 @@ Cu.import("resource://gre/modules/Services.jsm");
   ["DateTimePickerHelper", "resource://gre/modules/DateTimePickerHelper.jsm"],
 ].forEach(([name, resource]) => XPCOMUtils.defineLazyModuleGetter(this, name, resource));
 
+XPCOMUtils.defineLazyServiceGetter(this, "AlertsService",
+                                   "@mozilla.org/alerts-service;1", "nsIAlertsService");
+
 const PREF_PLUGINS_NOTIFYUSER = "plugins.update.notifyUser";
 const PREF_PLUGINS_UPDATEURL  = "plugins.update.url";
 
@@ -825,16 +828,6 @@ BrowserGlue.prototype = {
     if (actions.indexOf("showAlert") == -1)
       return;
 
-    let notifier;
-    try {
-      notifier = Cc["@mozilla.org/alerts-service;1"].
-                 getService(Ci.nsIAlertsService);
-    }
-    catch (e) {
-      // nsIAlertsService is not available for this platform
-      return;
-    }
-
     let title = getNotifyString({propName: "alertTitle",
                                  stringName: "puAlertTitle",
                                  stringParams: [appName]});
@@ -856,10 +849,11 @@ BrowserGlue.prototype = {
     try {
       // This will throw NS_ERROR_NOT_AVAILABLE if the notification cannot
       // be displayed per the idl.
-      notifier.showAlertNotification(null, title, text,
-                                     true, url, clickCallback);
+      AlertsService.showAlertNotification(null, title, text,
+                                          true, url, clickCallback);
     }
     catch (e) {
+      Cu.reportError(e);
     }
   },
 
@@ -1191,7 +1185,7 @@ BrowserGlue.prototype = {
   },
 
   _migrateUI: function BG__migrateUI() {
-    const UI_VERSION = 15;
+    const UI_VERSION = 17;
     const BROWSER_DOCURL = "chrome://browser/content/browser.xul#";
     let currentUIVersion = 0;
     try {
@@ -1386,6 +1380,10 @@ BrowserGlue.prototype = {
       }
     }
 
+    if (currentUIVersion < 17) {
+      this._notifyNotificationsUpgrade();
+    }
+
     if (this._dirty)
       this._dataSource.QueryInterface(Ci.nsIRDFRemoteDataSource).Flush();
 
@@ -1396,6 +1394,52 @@ BrowserGlue.prototype = {
     Services.prefs.setIntPref("browser.migration.version", UI_VERSION);
   },
 
+  _hasExistingNotificationPermission: function BG__hasExistingNotificationPermission() {
+    let enumerator = Services.perms.enumerator;
+    while (enumerator.hasMoreElements()) {
+      let permission = enumerator.getNext().QueryInterface(Ci.nsIPermission);
+      if (permission.type == "desktop-notification") {
+        return true;
+      }
+    }
+    return false;
+  },
+
+  _notifyNotificationsUpgrade: function BG__notifyNotificationsUpgrade() {
+    if (!this._hasExistingNotificationPermission()) {
+      return;
+    }
+    function clickCallback(subject, topic, data) {
+      if (topic != "alertclickcallback")
+        return;
+      let win = RecentWindow.getMostRecentBrowserWindow();
+      win.openUILinkIn(data, "tab");
+    }
+    // Show the application icon for XUL notifications. We assume system-level
+    // notifications will include their own icon.
+    let imageURL = this._hasSystemAlertsService() ? "" :
+                   "chrome://branding/content/about-logo.png";
+    let title = gBrowserBundle.GetStringFromName("webNotifications.upgradeTitle");
+    let text = gBrowserBundle.GetStringFromName("webNotifications.upgradeBody");
+    let url = Services.urlFormatter.formatURLPref("browser.push.warning.infoURL");
+
+    try {
+      AlertsService.showAlertNotification(imageURL, title, text,
+                                          true, url, clickCallback);
+    }
+    catch (e) {
+      Cu.reportError(e);
+    }
+  },
+
+  _hasSystemAlertsService: function() {
+    try {
+      return !!Cc["@mozilla.org/system-alerts-service;1"].getService(
+        Ci.nsIAlertsService);
+    } catch (e) {}
+    return false;
+  },
+
   _getPersist: function BG__getPersist(aSource, aProperty) {
     var target = this._dataSource.GetTarget(aSource, aProperty, true);
     if (target instanceof Ci.nsIRDFLiteral)
@@ -1645,6 +1689,16 @@ ContentPermissionPrompt.prototype = {
     return chromeWin;
   },
 
+  _getBrowserForRequest: function (aRequest) {
+    let requestingWindow = aRequest.window.top;
+    // find the requesting browser or iframe
+    let browser = requestingWindow.QueryInterface(Ci.nsIInterfaceRequestor)
+                                  .getInterface(Ci.nsIWebNavigation)
+                                  .QueryInterface(Ci.nsIDocShell)
+                                  .chromeEventHandler;
+    return browser;
+  },
+
   /**
    * Show a permission prompt.
    *
@@ -1809,30 +1863,49 @@ ContentPermissionPrompt.prototype = {
     var message = browserBundle.formatStringFromName("webNotifications.showFromSite",
                                                      [requestingURI.host], 1);
 
-    var actions = [
-      {
-        stringId: "webNotifications.showForSession",
-        action: Ci.nsIPermissionManager.ALLOW_ACTION,
-        expireType: Ci.nsIPermissionManager.EXPIRE_SESSION,
-        callback: function() {},
-      },
-      {
-        stringId: "webNotifications.alwaysShow",
-        action: Ci.nsIPermissionManager.ALLOW_ACTION,
-        expireType: null,
-        callback: function() {},
-      },
-      {
-        stringId: "webNotifications.neverShow",
-        action: Ci.nsIPermissionManager.DENY_ACTION,
-        expireType: null,
-        callback: function() {},
-      },
-    ];
+    var actions;
+
+    var browser = this._getBrowserForRequest(aRequest);
+    // Only show "allow for session" in PB mode, we don't
+    // support "allow for session" in non-PB mode.
+    if (PrivateBrowsingUtils.isBrowserPrivate(browser)) {
+      actions = [
+        {
+          stringId: "webNotifications.showForSession",
+          action: Ci.nsIPermissionManager.ALLOW_ACTION,
+          expireType: Ci.nsIPermissionManager.EXPIRE_SESSION,
+          callback: function() {},
+        },
+      ];
+    } else {
+      actions = [
+        {
+          stringId: "webNotifications.showForSession",
+          action: Ci.nsIPermissionManager.ALLOW_ACTION,
+          expireType: Ci.nsIPermissionManager.EXPIRE_SESSION,
+          callback: function() {},
+        },
+        {
+          stringId: "webNotifications.alwaysShow",
+          action: Ci.nsIPermissionManager.ALLOW_ACTION,
+          expireType: null,
+          callback: function() {},
+        },
+        {
+          stringId: "webNotifications.neverShow",
+          action: Ci.nsIPermissionManager.DENY_ACTION,
+          expireType: null,
+          callback: function() {},
+        },
+      ];
+    }
+    var options = {
+      learnMoreURL: Services.urlFormatter.formatURLPref("browser.push.warning.infoURL"),
+    };
 
     this._showPrompt(aRequest, message, "desktop-notification", actions,
                      "web-notifications",
-                     "web-notifications-notification-icon", null);
+                     "web-notifications-notification-icon", options);
   },
 
   _promptPointerLock: function CPP_promtPointerLock(aRequest, autoAllow) {
@@ -1875,7 +1948,6 @@ ContentPermissionPrompt.prototype = {
   },
 
   prompt: function CPP_prompt(request) {
-
     // Only allow exactly one permission rquest here.
     let types = request.types.QueryInterface(Ci.nsIArray);
     if (types.length != 1) {
@@ -1921,15 +1993,15 @@ ContentPermissionPrompt.prototype = {
 
     // Show the prompt.
     switch (perm.type) {
-    case "geolocation":
-      this._promptGeo(request);
-      break;
-    case "desktop-notification":
-      this._promptWebNotifications(request);
-      break;
-    case "pointerLock":
-      this._promptPointerLock(request, autoAllow);
-      break;
+      case "geolocation":
+        this._promptGeo(request);
+        break;
+      case "desktop-notification":
+        this._promptWebNotifications(request);
+        break;
+      case "pointerLock":
+        this._promptPointerLock(request, autoAllow);
+        break;
     }
   },
 
diff --git a/application/palemoon/components/preferences/aboutPermissions.js b/application/palemoon/components/preferences/aboutPermissions.js
index 31b48f88e..531bb061f 100644
--- a/application/palemoon/components/preferences/aboutPermissions.js
+++ b/application/palemoon/components/preferences/aboutPermissions.js
@@ -2,17 +2,25 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
+"use strict";
+
 var Ci = Components.interfaces;
 var Cc = Components.classes;
 var Cu = Components.utils;
 
+Cu.import("resource://gre/modules/XPCOMUtils.jsm");
 Cu.import("resource://gre/modules/Services.jsm");
-Cu.import("resource://gre/modules/PluralForm.jsm");
 Cu.import("resource://gre/modules/DownloadUtils.jsm");
 Cu.import("resource://gre/modules/AddonManager.jsm");
 Cu.import("resource://gre/modules/NetUtil.jsm");
 Cu.import("resource://gre/modules/ForgetAboutSite.jsm");
 
+XPCOMUtils.defineLazyModuleGetter(this, "PluralForm",
+                                  "resource://gre/modules/PluralForm.jsm");
+
+var gSecMan = Cc["@mozilla.org/scriptsecuritymanager;1"].
+              getService(Ci.nsIScriptSecurityManager);
+
 var gFaviconService = Cc["@mozilla.org/browser/favicon-service;1"].
                       getService(Ci.nsIFaviconService);
 
@@ -22,7 +30,7 @@ var gPlacesDatabase = Cc["@mozilla.org/browser/nav-history-service;1"].
                       clone(true);
 
 var gSitesStmt = gPlacesDatabase.createAsyncStatement(
-                  "SELECT get_unreversed_host(rev_host) AS host " +
+                  "SELECT url " +
                   "FROM moz_places " +
                   "WHERE rev_host > '.' " +
                   "AND visit_count > 0 " +
@@ -54,14 +62,11 @@ const MASTER_PASSWORD_MESSAGE = "User canceled master password entry";
 const TEST_EXACT_PERM_TYPES = ["desktop-notification", "geo", "pointerLock"];
 
 /**
- * Site object represents a single site, uniquely identified by a host.
+ * Site object represents a single site, uniquely identified by a principal.
  */
-function Site(host) {
-  this.host = host;
+function Site(principal) {
+  this.principal = principal;
   this.listitem = null;
-
-  this.httpURI = NetUtil.newURI("http://" + this.host);
-  this.httpsURI = NetUtil.newURI("https://" + this.host);
 }
 
 Site.prototype = {
@@ -83,16 +88,10 @@ Site.prototype = {
       }
     }
 
-    // Try to find favicon for both URIs, but always prefer the https favicon.
-    gFaviconService.getFaviconURLForPage(this.httpsURI, function(aURI) {
+    // Get the favicon for the origin
+    gFaviconService.getFaviconURLForPage(this.principal.URI, function (aURI) {
       if (aURI) {
         invokeCallback(aURI);
-      } else {
-        gFaviconService.getFaviconURLForPage(this.httpURI, function(aURI) {
-          if (aURI) {
-            invokeCallback(aURI);
-          }
-        });
       }
     }.bind(this));
   },
@@ -104,7 +103,9 @@ Site.prototype = {
    *        A function that takes the visit count (a number) as a parameter.
    */
   getVisitCount: function Site_getVisitCount(aCallback) {
-    let rev_host = this.host.split("").reverse().join("") + ".";
+    // XXX This won't be a very reliable system, as it will count both http: and https: visits
+    // Unfortunately, I don't think that there is a much better way to do it right now.
+    let rev_host = this.principal.URI.host.split("").reverse().join("") + ".";
     gVisitStmt.params.rev_host = rev_host;
     gVisitStmt.executeAsync({
       handleResult: function(aResults) {
@@ -147,9 +148,9 @@ Site.prototype = {
 
     let permissionValue;
     if (TEST_EXACT_PERM_TYPES.indexOf(aType) == -1) {
-      permissionValue = Services.perms.testPermission(this.httpURI, aType);
+      permissionValue = Services.perms.testPermissionFromPrincipal(this.principal, aType);
     } else {
-      permissionValue = Services.perms.testExactPermission(this.httpURI, aType);
+      permissionValue = Services.perms.testExactPermissionFromPrincipal(this.principal, aType);
     }
     aResultObj.value = permissionValue;
 
@@ -187,9 +188,7 @@ Site.prototype = {
       }
     }
 
-    // Using httpURI is kind of bogus, but the permission manager stores
-    // the permission for the host, so the right thing happens in the end.
-    Services.perms.add(this.httpURI, aType, aPerm);
+    Services.perms.addFromPrincipal(this.principal, aType, aPerm);
   },
 
   /**
@@ -200,7 +199,7 @@ Site.prototype = {
    *        e.g. "cookie", "geo", "indexedDB", "popup", "image"
    */
   clearPermission: function Site_clearPermission(aType) {
-    Services.perms.remove(this.host, aType);
+    Services.perms.removeFromPrincipal(this.principal, aType);
   },
 
   /**
@@ -210,11 +209,9 @@ Site.prototype = {
    */
   get logins() {
     try {
-      let httpLogins = Services.logins.findLogins(
-          {}, this.httpURI.prePath, "", "");
-      let httpsLogins = Services.logins.findLogins(
-          {}, this.httpsURI.prePath, "", "");
-      return httpLogins.concat(httpsLogins);
+     let logins = Services.logins.findLogins({},
+                  this.principal.originNoSuffix, "", "");
+     return logins;
     } catch (e) {
       if (!e.message.includes(MASTER_PASSWORD_MESSAGE)) {
         Cu.reportError("AboutPermissions: " + e);
@@ -227,8 +224,7 @@ Site.prototype = {
     // Only say that login saving is blocked if it is blocked for both
     // http and https.
     try {
-      return Services.logins.getLoginSavingEnabled(this.httpURI.prePath) &&
-             Services.logins.getLoginSavingEnabled(this.httpsURI.prePath);
+      return Services.logins.getLoginSavingEnabled(this.principal.originNoSuffix);
     } catch (e) {
       if (!e.message.includes(MASTER_PASSWORD_MESSAGE)) {
         Cu.reportError("AboutPermissions: " + e);
@@ -239,8 +235,7 @@ Site.prototype = {
 
   set loginSavingEnabled(isEnabled) {
     try {
-      Services.logins.setLoginSavingEnabled(this.httpURI.prePath, isEnabled);
-      Services.logins.setLoginSavingEnabled(this.httpsURI.prePath, isEnabled);
+      Services.logins.setLoginSavingEnabled(this.principal.originNoSuffix, isEnabled);
     } catch (e) {
       if (!e.message.includes(MASTER_PASSWORD_MESSAGE)) {
         Cu.reportError("AboutPermissions: " + e);
@@ -279,7 +274,11 @@ Site.prototype = {
    * Removes all data from the browser corresponding to the site.
    */
   forgetSite: function Site_forgetSite() {
-    ForgetAboutSite.removeDataFromDomain(this.host)
+    // XXX This removes data for an entire domain, rather than just
+    // an origin. This may produce confusing results, as data will
+    // be cleared for the http:// as well as the https:// domain
+    // if you try to forget the https:// site.
+    ForgetAboutSite.removeDataFromDomain(this.principal.URI.host)
                    .catch(Cu.reportError);
   }
 }
@@ -461,10 +460,18 @@ var AboutPermissions = {
   LIST_BUILD_DELAY: 100, // delay between intervals
 
   /**
-   * Stores a mapping of host strings to Site objects.
+   * Stores a mapping of origin strings to Site objects.
    */
   _sites: {},
 
+  /**
+   * Using a getter for sitesFilter to avoid races with tests.
+   */
+  get sitesFilter () {
+    delete this.sitesFilter;
+    return this.sitesFilter = document.getElementById("sites-filter");
+  },
+
   sitesList: null,
   _selectedSite: null,
 
@@ -721,9 +728,9 @@ var AboutPermissions = {
           break;
         }
         let permission = aSubject.QueryInterface(Ci.nsIPermission);
-        // We can't compare selectedSite.host and permission.host here because
-        // we need to handle the case where a parent domain was changed in
-        // a way that affects the subdomain.
+        // We can't compare selectedSite.principal and permission.principal here
+        // because we need to handle the case where a parent domain was changed
+        // in a way that affects the subdomain.
         if (this._supportedPermissions.indexOf(permission.type) != -1) {
           this.updatePermission(permission.type);
         }
@@ -798,8 +805,11 @@ var AboutPermissions = {
         AboutPermissions.startSitesListBatch();
         let row;
         while (row = aResults.getNextRow()) {
-          let host = row.getResultByName("host");
-          AboutPermissions.addHost(host);
+          let spec = row.getResultByName("url");
+          let uri = NetUtil.newURI(spec);
+          let principal = gSecMan.getNoAppCodebasePrincipal(uri);
+
+          AboutPermissions.addPrincipal(principal);
         }
         AboutPermissions.endSitesListBatch();
       },
@@ -853,7 +863,8 @@ var AboutPermissions = {
           // i.e.: "chrome://weave" (Sync)
           if (!aLogin.hostname.startsWith(schemeChrome + ":")) {
             let uri = NetUtil.newURI(aLogin.hostname);
-            this.addHost(uri.host);
+            let principal = gSecMan.getNoAppCodebasePrincipal(uri);
+            this.addPrincipal(principal);
           }
         } catch (e) {
           Cu.reportError("AboutPermissions: " + e);
@@ -869,7 +880,8 @@ var AboutPermissions = {
           // i.e.: "chrome://weave" (Sync)
           if (!aHostname.startsWith(schemeChrome + ":")) {
             let uri = NetUtil.newURI(aHostname);
-            this.addHost(uri.host);
+            let principal = gSecMan.getNoAppCodebasePrincipal(uri);
+            this.addPrincipal(principal);
           }
         } catch (e) {
           Cu.reportError("AboutPermissions: " + e);
@@ -887,7 +899,7 @@ var AboutPermissions = {
       let permission = enumerator.getNext().QueryInterface(Ci.nsIPermission);
       // Only include sites with exceptions set for supported permission types.
       if (this._supportedPermissions.indexOf(permission.type) != -1) {
-        this.addHost(permission.host);
+        this.addPrincipal(permission.principal);
       }
       itemCnt++;
     }
@@ -898,15 +910,15 @@ var AboutPermissions = {
   /**
    * Creates a new Site and adds it to _sites if it's not already there.
    *
-   * @param aHost
-   *        A host string.
+   * @param aPrincipal
+   *        A principal.
    */
-  addHost: function(aHost) {
-    if (aHost in this._sites) {
+  addPrincipal: function(aPrincipal) {
+    if (aPrincipal.origin in this._sites) {
       return;
     }
-    let site = new Site(aHost);
-    this._sites[aHost] = site;
+    let site = new Site(aPrincipal);
+    this._sites[aPrincipal.origin] = site;
     this.addToSitesList(site);
   },
 
@@ -919,7 +931,7 @@ var AboutPermissions = {
   addToSitesList: function(aSite) {
     let item = document.createElement("richlistitem");
     item.setAttribute("class", "site");
-    item.setAttribute("value", aSite.host);
+    item.setAttribute("value", aSite.principal.origin);
 
     aSite.getFavicon(function(aURL) {
       item.setAttribute("favicon", aURL);
@@ -927,9 +939,8 @@ var AboutPermissions = {
     aSite.listitem = item;
 
     // Make sure to only display relevant items when list is filtered.
-    let filterValue =
-        document.getElementById("sites-filter").value.toLowerCase();
-    item.collapsed = aSite.host.toLowerCase().indexOf(filterValue) == -1;
+    let filterValue = this.sitesFilter.value.toLowerCase();
+    item.collapsed = aSite.principal.origin.toLowerCase().indexOf(filterValue) == -1;
 
     (this._listFragment || this.sitesList).appendChild(item);
   },
@@ -951,8 +962,7 @@ var AboutPermissions = {
    */
   filterSitesList: function() {
     let siteItems = this.sitesList.children;
-    let filterValue =
-        document.getElementById("sites-filter").value.toLowerCase();
+    let filterValue = this.sitesFilter.value.toLowerCase();
 
     if (filterValue == "") {
       for (let i = 0, iLen = siteItems.length; i < iLen; i++) {
@@ -983,9 +993,9 @@ var AboutPermissions = {
    *        The host string corresponding to the site to delete.
    */
   deleteFromSitesList: function(aHost) {
-    for (let host in this._sites) {
-      let site = this._sites[host];
-      if (site.host.hasRootDomain(aHost)) {
+    for (let origin in this._sites) {
+      let site = this._sites[origin];
+      if (site.principal.URI.host.hasRootDomain(aHost)) {
         if (site == this._selectedSite) {
           // Replace site-specific interface with "All Sites" interface.
           this.sitesList.selectedItem =
@@ -993,7 +1003,7 @@ var AboutPermissions = {
         }
 
         this.sitesList.removeChild(site.listitem);
-        delete this._sites[site.host];
+        delete this._sites[site.principal.origin];
       }
     }
   },
@@ -1009,9 +1019,9 @@ var AboutPermissions = {
       return;
     }
 
-    let host = event.target.value;
-    let site = this._selectedSite = this._sites[host];
-    document.getElementById("site-label").value = host;
+    let origin = event.target.value;
+    let site = this._selectedSite = this._sites[origin];
+    document.getElementById("site-label").value = origin;
     document.getElementById("header-deck").selectedPanel =
         document.getElementById("site-header");
 
@@ -1245,19 +1255,19 @@ var AboutPermissions = {
    * Opens password manager dialog.
    */
   managePasswords: function() {
-    let selectedHost = "";
+    let selectedOrigin = "";
     if (this._selectedSite) {
-      selectedHost = this._selectedSite.host;
+      selectedOrigin = this._selectedSite.principal.URI.prePath;
     }
 
     let win = Services.wm.getMostRecentWindow("Toolkit:PasswordManager");
     if (win) {
-      win.setFilter(selectedHost);
+      win.setFilter(selectedOrigin);
       win.focus();
     } else {
       window.openDialog("chrome://passwordmgr/content/passwordManager.xul",
                         "Toolkit:PasswordManager", "",
-                        {filterString : selectedHost});
+                        {filterString : selectedOrigin});
     }
   },
 
@@ -1313,10 +1323,12 @@ var AboutPermissions = {
    * Opens cookie manager dialog.
    */
   manageCookies: function() {
+    // Cookies are stored by-host, and thus we filter the cookie window
+    // using only the host of the selected principal's origin
     let selectedHost = "";
     let selectedDomain = "";
     if (this._selectedSite) {
-      selectedHost = this._selectedSite.host;
+      selectedHost = this._selectedSite.principal.URI.host;
       selectedDomain = this.domainFromHost(selectedHost);
     }
 
@@ -1328,6 +1340,13 @@ var AboutPermissions = {
       window.openDialog("chrome://browser/content/preferences/cookies.xul",
                         "Browser:Cookies", "", {filterString : selectedDomain});
     }
+  },
+
+  /**
+   * Focusses the filter box.
+   */
+  focusFilterBox: function() {
+    this.sitesFilter.focus();
   }
 }
 
diff --git a/application/palemoon/components/preferences/aboutPermissions.xul b/application/palemoon/components/preferences/aboutPermissions.xul
index bd5a205c7..c099161f2 100644
--- a/application/palemoon/components/preferences/aboutPermissions.xul
+++ b/application/palemoon/components/preferences/aboutPermissions.xul
@@ -25,6 +25,10 @@
   <script type="application/javascript"
           src="chrome://browser/content/preferences/aboutPermissions.js"/>
 
+  <keyset>
+    <key key="&focusSearch.key;" modifiers="accel" oncommand="AboutPermissions.focusFilterBox();"/>
+  </keyset>
+
   <hbox flex="1" id="permissions-header">
     <label id="permissions-pagetitle">&permissionsManager.title;</label>
   </hbox>
@@ -390,7 +394,6 @@
           </hbox>
         </vbox>
       </hbox>
-
     </vbox>
   </hbox>
 
diff --git a/application/palemoon/components/preferences/advanced.js b/application/palemoon/components/preferences/advanced.js
index 429a0c419..0803496fe 100644
--- a/application/palemoon/components/preferences/advanced.js
+++ b/application/palemoon/components/preferences/advanced.js
@@ -8,6 +8,7 @@ Components.utils.import("resource://gre/modules/DownloadUtils.jsm");
 Components.utils.import("resource://gre/modules/ctypes.jsm");
 Components.utils.import("resource://gre/modules/Services.jsm");
 Components.utils.import("resource://gre/modules/LoadContextInfo.jsm");
+Components.utils.import("resource://gre/modules/BrowserUtils.jsm");
 
 var gAdvancedPane = {
   _inited: false,
@@ -377,7 +378,7 @@ var gAdvancedPane = {
   },
 
   // XXX: duplicated in browser.js
-  _getOfflineAppUsage: function (host, groups)
+  _getOfflineAppUsage: function (perm, groups)
   {
     var cacheService = Components.classes["@mozilla.org/network/application-cache-service;1"].
                        getService(Components.interfaces.nsIApplicationCacheService);
@@ -390,7 +391,7 @@ var gAdvancedPane = {
     var usage = 0;
     for (var i = 0; i < groups.length; i++) {
       var uri = ios.newURI(groups[i], null, null);
-      if (uri.asciiHost == host) {
+      if (perm.matchesURI(uri, true)) {
         var cache = cacheService.getActiveCache(groups[i]);
         usage += cache.usage;
       }
@@ -427,9 +428,9 @@ var gAdvancedPane = {
         var row = document.createElement("listitem");
         row.id = "";
         row.className = "offlineapp";
-        row.setAttribute("host", perm.host);
+        row.setAttribute("origin", perm.principal.origin);
         var converted = DownloadUtils.
-                        convertByteUnits(this._getOfflineAppUsage(perm.host, groups));
+                        convertByteUnits(this._getOfflineAppUsage(perm, groups));
         row.setAttribute("usage",
                          bundle.getFormattedString("offlineAppUsage",
                                                    converted));
@@ -453,7 +454,8 @@ var gAdvancedPane = {
   {
     var list = document.getElementById("offlineAppsList");
     var item = list.selectedItem;
-    var host = item.getAttribute("host");
+    var origin = item.getAttribute("origin");
+    var principal = BrowserUtils.principalFromOrigin(origin);
 
     var prompts = Components.classes["@mozilla.org/embedcomp/prompt-service;1"]
                             .getService(Components.interfaces.nsIPromptService);
@@ -462,35 +464,34 @@ var gAdvancedPane = {
 
     var bundle = document.getElementById("bundlePreferences");
     var title = bundle.getString("offlineAppRemoveTitle");
-    var prompt = bundle.getFormattedString("offlineAppRemovePrompt", [host]);
+    var prompt = bundle.getFormattedString("offlineAppRemovePrompt", [principal.URI.prePath]);
     var confirm = bundle.getString("offlineAppRemoveConfirm");
     var result = prompts.confirmEx(window, title, prompt, flags, confirm,
                                    null, null, null, {});
     if (result != 0)
       return;
 
-    // clear offline cache entries
-    var cacheService = Components.classes["@mozilla.org/network/application-cache-service;1"].
-                       getService(Components.interfaces.nsIApplicationCacheService);
-    var ios = Components.classes["@mozilla.org/network/io-service;1"].
-              getService(Components.interfaces.nsIIOService);
-    var groups = cacheService.getGroups();
-    for (var i = 0; i < groups.length; i++) {
-        var uri = ios.newURI(groups[i], null, null);
-        if (uri.asciiHost == host) {
+    // get the permission
+    var pm = Components.classes["@mozilla.org/permissionmanager;1"]
+                       .getService(Components.interfaces.nsIPermissionManager);
+    var perm = pm.getPermissionObject(principal, "offline-app");
+    if (perm) {
+      // clear offline cache entries
+      try {
+        var cacheService = Components.classes["@mozilla.org/network/application-cache-service;1"].
+                           getService(Components.interfaces.nsIApplicationCacheService);
+        var groups = cacheService.getGroups();
+        for (var i = 0; i < groups.length; i++) {
+          var uri = Services.io.newURI(groups[i], null, null);
+          if (perm.matchesURI(uri, true)) {
             var cache = cacheService.getActiveCache(groups[i]);
             cache.discard();
+          }
         }
-    }
-
-    // remove the permission
-    var pm = Components.classes["@mozilla.org/permissionmanager;1"]
-                       .getService(Components.interfaces.nsIPermissionManager);
-    pm.remove(host, "offline-app",
-              Components.interfaces.nsIPermissionManager.ALLOW_ACTION);
-    pm.remove(host, "offline-app",
-              Components.interfaces.nsIOfflineCacheUpdateService.ALLOW_NO_WARN);
+      } catch (e) {}
 
+      pm.removePermission(perm);
+    }
     list.removeChild(item);
     gAdvancedPane.offlineAppSelected();
     this.updateActualAppCacheSize();
diff --git a/application/palemoon/components/preferences/cookies.js b/application/palemoon/components/preferences/cookies.js
index ea7e7d4e2..4ef30d48e 100644
--- a/application/palemoon/components/preferences/cookies.js
+++ b/application/palemoon/components/preferences/cookies.js
@@ -5,6 +5,8 @@
 
 const nsICookie = Components.interfaces.nsICookie;
 
+Components.utils.import("resource://gre/modules/PluralForm.jsm");
+
 var gCookiesWindow = {
   _cm               : Components.classes["@mozilla.org/cookiemanager;1"]
                                 .getService(Components.interfaces.nsICookieManager),
@@ -24,6 +26,11 @@ var gCookiesWindow = {
     this._bundle = document.getElementById("bundlePreferences");
     this._tree = document.getElementById("cookiesList");
 
+    let removeAllCookies = document.getElementById("removeAllCookies");
+    removeAllCookies.setAttribute("accesskey", this._bundle.getString("removeAllCookies.accesskey"));
+    let removeSelectedCookies = document.getElementById("removeSelectedCookies");
+    removeSelectedCookies.setAttribute("accesskey", this._bundle.getString("removeSelectedCookies.accesskey"));
+
     this._populateList(true);
 
     document.getElementById("filter").focus();
@@ -558,12 +565,12 @@ var gCookiesWindow = {
     if (item && seln.count == 1 && item.container && item.open)
       selectedCookieCount += 2;
 
-    var removeCookie = document.getElementById("removeCookie");
-    var removeCookies = document.getElementById("removeCookies");
-    removeCookie.parentNode.selectedPanel =
-      selectedCookieCount == 1 ? removeCookie : removeCookies;
+    let buttonLabel = this._bundle.getString("removeSelectedCookies.label");
+    let removeSelectedCookies = document.getElementById("removeSelectedCookies");
+    removeSelectedCookies.label = PluralForm.get(selectedCookieCount, buttonLabel)
+                                            .replace("#1", selectedCookieCount);
 
-    removeCookie.disabled = removeCookies.disabled = !(seln.count > 0);
+    removeSelectedCookies.disabled = !(seln.count > 0);
   },
 
   performDeletion: function gCookiesWindow_performDeletion(deleteItems) {
@@ -725,8 +732,13 @@ var gCookiesWindow = {
   },
 
   onCookieKeyPress: function (aEvent) {
-    if (aEvent.keyCode == 46)
+    if (aEvent.keyCode == KeyEvent.DOM_VK_DELETE
+#ifdef XP_MACOSX
+        || aEvent.keyCode == KeyEvent.DOM_VK_BACK_SPACE
+#endif
+       ) {
       this.deleteCookie();
+    }
   },
 
   _lastSortProperty : "",
@@ -868,7 +880,17 @@ var gCookiesWindow = {
   },
 
   _updateRemoveAllButton: function gCookiesWindow__updateRemoveAllButton() {
-    document.getElementById("removeAllCookies").disabled = this._view._rowCount == 0;
+    let removeAllCookies = document.getElementById("removeAllCookies");
+    removeAllCookies.disabled = this._view._rowCount == 0;
+
+    let labelStringID = "removeAllCookies.label";
+    let accessKeyStringID = "removeAllCookies.accesskey";
+    if (this._view._filtered) {
+      labelStringID = "removeAllShownCookies.label";
+      accessKeyStringID = "removeAllShownCookies.accesskey";
+    }
+    removeAllCookies.setAttribute("label", this._bundle.getString(labelStringID));
+    removeAllCookies.setAttribute("accesskey", this._bundle.getString(accessKeyStringID));
   },
 
   filter: function () {
diff --git a/application/palemoon/components/preferences/cookies.xul b/application/palemoon/components/preferences/cookies.xul
index 8ff0d90ec..60725e9d8 100644
--- a/application/palemoon/components/preferences/cookies.xul
+++ b/application/palemoon/components/preferences/cookies.xul
@@ -91,16 +91,9 @@
   </vbox>
   <hbox align="end">
     <hbox class="actionButtons" flex="1">
-      <deck oncommand="gCookiesWindow.deleteCookie();">
-        <button id="removeCookie" disabled="true" icon="remove"
-                label="&button.removecookie.label;"
-                accesskey="&button.removecookie.accesskey;"/>
-        <button id="removeCookies" disabled="true" icon="remove"
-                label="&button.removecookies.label;"
-                accesskey="&button.removecookie.accesskey;"/>
-      </deck>
+      <button id="removeSelectedCookies" disabled="true" icon="clear"
+              oncommand="gCookiesWindow.deleteCookie();"/>
       <button id="removeAllCookies" disabled="true" icon="clear"
-              label="&button.removeallcookies.label;" accesskey="&button.removeallcookies.accesskey;"
               oncommand="gCookiesWindow.deleteAllCookies();"/>
       <spacer flex="1"/>
 #ifndef XP_MACOSX
diff --git a/application/palemoon/components/preferences/handlers.xml b/application/palemoon/components/preferences/handlers.xml
index d60792803..5fb915cee 100644
--- a/application/palemoon/components/preferences/handlers.xml
+++ b/application/palemoon/components/preferences/handlers.xml
@@ -72,7 +72,7 @@
 	   extends="chrome://global/content/bindings/listbox.xml#listitem">
     <content>
       <children>
-	<xul:listcell xbl:inherits="label=host"/>
+	<xul:listcell xbl:inherits="label=origin"/>
 	<xul:listcell xbl:inherits="label=usage"/>
       </children>
     </content>
diff --git a/application/palemoon/components/preferences/jar.mn b/application/palemoon/components/preferences/jar.mn
index a27784305..798a2dae4 100644
--- a/application/palemoon/components/preferences/jar.mn
+++ b/application/palemoon/components/preferences/jar.mn
@@ -15,7 +15,7 @@ browser.jar:
 *   content/browser/preferences/applicationManager.js
 *   content/browser/preferences/colors.xul
 *   content/browser/preferences/cookies.xul
-    content/browser/preferences/cookies.js
+*   content/browser/preferences/cookies.js
     content/browser/preferences/content.xul
     content/browser/preferences/content.js
 *   content/browser/preferences/connection.xul
@@ -28,8 +28,8 @@ browser.jar:
     content/browser/preferences/languages.js
 *   content/browser/preferences/main.xul
     content/browser/preferences/main.js
-*   content/browser/preferences/permissions.xul
-    content/browser/preferences/permissions.js
+    content/browser/preferences/permissions.xul
+*   content/browser/preferences/permissions.js
 *   content/browser/preferences/preferences.xul
     content/browser/preferences/privacy.xul
     content/browser/preferences/privacy.js
diff --git a/application/palemoon/components/preferences/permissions.js b/application/palemoon/components/preferences/permissions.js
index 785e26d5e..4b1bf41b2 100644
--- a/application/palemoon/components/preferences/permissions.js
+++ b/application/palemoon/components/preferences/permissions.js
@@ -3,38 +3,40 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
+Components.utils.import("resource://gre/modules/Services.jsm");
+
 const nsIPermissionManager = Components.interfaces.nsIPermissionManager;
 const nsICookiePermission = Components.interfaces.nsICookiePermission;
 
 const NOTIFICATION_FLUSH_PERMISSIONS = "flush-pending-permissions";
 
-function Permission(host, rawHost, type, capability, perm) 
+function Permission(principal, type, capability)
 {
-  this.host = host;
-  this.rawHost = rawHost;
+  this.principal = principal;
+  this.origin = principal.origin;
   this.type = type;
   this.capability = capability;
-  this.perm = perm;
 }
 
 var gPermissionManager = {
-  _type         : "",
-  _permissions  : [],
-  _pm           : Components.classes["@mozilla.org/permissionmanager;1"]
-                            .getService(Components.interfaces.nsIPermissionManager),
-  _bundle       : null,
-  _tree         : null,
-  
+  _type                 : "",
+  _permissions          : [],
+  _permissionsToAdd     : new Map(),
+  _permissionsToDelete  : new Map(),
+  _bundle               : null,
+  _tree                 : null,
+  _observerRemoved      : false,
+
   _view: {
     _rowCount: 0,
-    get rowCount() 
-    { 
-      return this._rowCount; 
+    get rowCount()
+    {
+      return this._rowCount;
     },
     getCellText: function (aRow, aColumn)
     {
       if (aColumn.id == "siteCol")
-        return gPermissionManager._permissions[aRow].rawHost;
+        return gPermissionManager._permissions[aRow].origin;
       else if (aColumn.id == "statusCol")
         return gPermissionManager._permissions[aRow].capability;
       return "";
@@ -57,7 +59,7 @@ var gPermissionManager = {
       return "";
     }
   },
-  
+
   _getCapabilityString: function (aCapability)
   {
     var stringKey = null;
@@ -77,44 +79,66 @@ var gPermissionManager = {
     }
     return this._bundle.getString(stringKey);
   },
-  
+
   addPermission: function (aCapability)
   {
     var textbox = document.getElementById("url");
-    var host = textbox.value.replace(/^\s*([-\w]*:\/+)?/, ""); // trim any leading space and scheme
+    var input_url = textbox.value.replace(/^\s*/, ""); // trim any leading space
+    let principal;
     try {
-      var ioService = Components.classes["@mozilla.org/network/io-service;1"]
-                                .getService(Components.interfaces.nsIIOService);
-      var uri = ioService.newURI("http://"+host, null, null);
-      host = uri.host;
+      // The origin accessor on the principal object will throw if the
+      // principal doesn't have a canonical origin representation. This will
+      // help catch cases where the URI parser parsed something like
+      // `localhost:8080` as having the scheme `localhost`, rather than being
+      // an invalid URI. A canonical origin representation is required by the
+      // permission manager for storage, so this won't prevent any valid
+      // permissions from being entered by the user.
+      let uri;
+      try {
+        uri = Services.io.newURI(input_url, null, null);
+        principal = Services.scriptSecurityManager.getNoAppCodebasePrincipal(uri);
+        // If we have ended up with an unknown scheme, the following will throw.
+        principal.origin;
+      } catch(ex) {
+        uri = Services.io.newURI("http://" + input_url, null, null);
+        principal = Services.scriptSecurityManager.getNoAppCodebasePrincipal(uri);
+        // If we have ended up with an unknown scheme, the following will throw.
+        principal.origin;
+      }
     } catch(ex) {
-      var promptService = Components.classes["@mozilla.org/embedcomp/prompt-service;1"]
-                                    .getService(Components.interfaces.nsIPromptService);
       var message = this._bundle.getString("invalidURI");
       var title = this._bundle.getString("invalidURITitle");
-      promptService.alert(window, title, message);
+      Services.prompt.alert(window, title, message);
       return;
     }
 
     var capabilityString = this._getCapabilityString(aCapability);
 
     // check whether the permission already exists, if not, add it
-    var exists = false;
+    let permissionExists = false;
+    let capabilityExists = false;
     for (var i = 0; i < this._permissions.length; ++i) {
-      if (this._permissions[i].rawHost == host) {
-        // Avoid calling the permission manager if the capability settings are
-        // the same. Otherwise allow the call to the permissions manager to
-        // update the listbox for us.
-        exists = this._permissions[i].perm == aCapability;
+      if (this._permissions[i].principal.equals(principal)) {
+        permissionExists = true;
+        capabilityExists = this._permissions[i].capability == capabilityString;
+        if (!capabilityExists) {
+          this._permissions[i].capability = capabilityString;
+        }
         break;
       }
     }
     
-    if (!exists) {
-      host = (host.charAt(0) == ".") ? host.substring(1,host.length) : host;
-      var uri = ioService.newURI("http://" + host, null, null);
-      this._pm.add(uri, this._type, aCapability);
+
+    let permissionParams = {principal: principal, type: this._type, capability: aCapability};
+    if (!permissionExists) {
+      this._permissionsToAdd.set(principal.origin, permissionParams);
+      this._addPermission(permissionParams);
+    }
+    else if (!capabilityExists) {
+      this._permissionsToAdd.set(principal.origin, permissionParams);
+      this._handleCapabilityChange();
     }
+
     textbox.value = "";
     textbox.focus();
 
@@ -124,14 +148,58 @@ var gPermissionManager = {
     // enable "remove all" button as needed
     document.getElementById("removeAllPermissions").disabled = this._permissions.length == 0;
   },
-  
+
+  _removePermission: function(aPermission)
+  {
+    this._removePermissionFromList(aPermission.principal);
+
+    // If this permission was added during this session, let's remove
+    // it from the pending adds list to prevent calls to the
+    // permission manager.
+    let isNewPermission = this._permissionsToAdd.delete(aPermission.principal.origin);
+
+    if (!isNewPermission) {
+      this._permissionsToDelete.set(aPermission.principal.origin, aPermission);
+    }
+
+  },
+
+  _handleCapabilityChange: function ()
+  {
+    // Re-do the sort, if the status changed from Block to Allow
+    // or vice versa, since if we're sorted on status, we may no
+    // longer be in order.
+    if (this._lastPermissionSortColumn == "statusCol") {
+      this._resortPermissions();
+    }
+    this._tree.treeBoxObject.invalidate();
+  },
+
+  _addPermission: function(aPermission)
+  {
+    this._addPermissionToList(aPermission);
+    ++this._view._rowCount;
+    this._tree.treeBoxObject.rowCountChanged(this._view.rowCount - 1, 1);
+    // Re-do the sort, since we inserted this new item at the end.
+    this._resortPermissions();
+  },
+
+  _resortPermissions: function()
+  {
+    gTreeUtils.sort(this._tree, this._view, this._permissions,
+                    this._lastPermissionSortColumn,
+                    this._permissionsComparator,
+                    this._lastPermissionSortColumn, 
+                    !this._lastPermissionSortAscending); // keep sort direction        
+  },
+
   onHostInput: function (aSiteField)
   {
     document.getElementById("btnSession").disabled = !aSiteField.value;
     document.getElementById("btnBlock").disabled = !aSiteField.value;
     document.getElementById("btnAllow").disabled = !aSiteField.value;
   },
-  
+
   onWindowKeyPress: function (aEvent)
   {
     if (aEvent.keyCode == KeyEvent.DOM_VK_ESCAPE)
@@ -143,14 +211,14 @@ var gPermissionManager = {
     if (aEvent.keyCode == KeyEvent.DOM_VK_RETURN)
       document.getElementById("btnAllow").click();
   },
-  
+
   onLoad: function ()
   {
     this._bundle = document.getElementById("bundlePreferences");
     var params = window.arguments[0];
     this.init(params);
   },
-  
+
   init: function (aParams)
   {
     if (this._type) {
@@ -160,14 +228,14 @@ var gPermissionManager = {
 
     this._type = aParams.permissionType;
     this._manageCapability = aParams.manageCapability;
-    
+
     var permissionsText = document.getElementById("permissionsText");
     while (permissionsText.hasChildNodes())
       permissionsText.removeChild(permissionsText.firstChild);
     permissionsText.appendChild(document.createTextNode(aParams.introText));
 
     document.title = aParams.windowTitle;
-    
+
     document.getElementById("btnBlock").hidden    = !aParams.blockVisible;
     document.getElementById("btnSession").hidden  = !aParams.sessionVisible;
     document.getElementById("btnAllow").hidden    = !aParams.allowVisible;
@@ -183,64 +251,64 @@ var gPermissionManager = {
     var urlLabel = document.getElementById("urlLabel");
     urlLabel.hidden = !urlFieldVisible;
 
-    var os = Components.classes["@mozilla.org/observer-service;1"]
-                       .getService(Components.interfaces.nsIObserverService);
-    os.notifyObservers(null, NOTIFICATION_FLUSH_PERMISSIONS, this._type);
-    os.addObserver(this, "perm-changed", false);
+    let treecols = document.getElementsByTagName("treecols")[0];
+    treecols.addEventListener("click", event => {
+      if (event.target.nodeName != "treecol" || event.button != 0) {
+        return;
+      }
+
+      let sortField = event.target.getAttribute("data-field-name");
+      if (!sortField) {
+        return;
+      }
+
+      gPermissionManager.onPermissionSort(sortField);
+    });
+
+    Services.obs.notifyObservers(null, NOTIFICATION_FLUSH_PERMISSIONS, this._type);
+    Services.obs.addObserver(this, "perm-changed", false);
 
     this._loadPermissions();
-    
+
     urlField.focus();
   },
-  
+
   uninit: function ()
   {
-    var os = Components.classes["@mozilla.org/observer-service;1"]
-                       .getService(Components.interfaces.nsIObserverService);
-    os.removeObserver(this, "perm-changed");
+    if (!this._observerRemoved) {
+      Services.obs.removeObserver(this, "perm-changed");
+
+      this._observerRemoved = true;
+    }
   },
-  
+
   observe: function (aSubject, aTopic, aData)
   {
     if (aTopic == "perm-changed") {
       var permission = aSubject.QueryInterface(Components.interfaces.nsIPermission);
+
+      // Ignore unrelated permission types.
+      if (permission.type != this._type)
+        return;
+
       if (aData == "added") {
-        this._addPermissionToList(permission);
-        ++this._view._rowCount;
-        this._tree.treeBoxObject.rowCountChanged(this._view.rowCount - 1, 1);        
-        // Re-do the sort, since we inserted this new item at the end. 
-        gTreeUtils.sort(this._tree, this._view, this._permissions,
-                        this._lastPermissionSortColumn,
-                        this._permissionsComparator,
-                        this._lastPermissionSortColumn, 
-                        !this._lastPermissionSortAscending); // keep sort direction        
+        this._addPermission(permission);
       }
       else if (aData == "changed") {
         for (var i = 0; i < this._permissions.length; ++i) {
-          if (this._permissions[i].host == permission.host) {
+          if (permission.matches(this._permissions[i].principal, true)) {
             this._permissions[i].capability = this._getCapabilityString(permission.capability);
             break;
           }
         }
-        // Re-do the sort, if the status changed from Block to Allow
-        // or vice versa, since if we're sorted on status, we may no
-        // longer be in order. 
-        if (this._lastPermissionSortColumn == "statusCol") {
-          gTreeUtils.sort(this._tree, this._view, this._permissions,
-                          this._lastPermissionSortColumn,
-                          this._permissionsComparator,
-                          this._lastPermissionSortColumn, 
-                          !this._lastPermissionSortAscending); // keep sort direction
-        }
-        this._tree.treeBoxObject.invalidate();
+        this._handleCapabilityChange();
+      }
+      else if (aData == "deleted") {
+        this._removePermissionFromList(permission.principal);
       }
-      // No UI other than this window causes this method to be sent a "deleted"
-      // notification, so we don't need to implement it since Delete is handled
-      // directly by the Permission Removal handlers. If that ever changes, those
-      // implementations will have to move into here. 
     }
   },
-  
+
   onPermissionSelected: function ()
   {
     var hasSelection = this._tree.view.selection.count > 0;
@@ -257,8 +325,8 @@ var gPermissionManager = {
     gTreeUtils.deleteSelectedItems(this._tree, this._view, this._permissions, removedPermissions);
     for (var i = 0; i < removedPermissions.length; ++i) {
       var p = removedPermissions[i];
-      this._pm.remove(p.host, p.type);
-    }    
+      this._removePermission(p);
+    }
     document.getElementById("removePermission").disabled = !this._permissions.length;
     document.getElementById("removeAllPermissions").disabled = !this._permissions.length;
   },
@@ -271,18 +339,23 @@ var gPermissionManager = {
     gTreeUtils.deleteAll(this._tree, this._view, this._permissions, removedPermissions);
     for (var i = 0; i < removedPermissions.length; ++i) {
       var p = removedPermissions[i];
-      this._pm.remove(p.host, p.type);
-    }    
+      this._removePermission(p);
+    }
     document.getElementById("removePermission").disabled = true;
     document.getElementById("removeAllPermissions").disabled = true;
   },
-  
+
   onPermissionKeyPress: function (aEvent)
   {
-    if (aEvent.keyCode == 46)
+    if (aEvent.keyCode == KeyEvent.DOM_VK_DELETE
+#ifdef XP_MACOSX
+        || aEvent.keyCode == KeyEvent.DOM_VK_BACK_SPACE
+#endif
+       ) {
       this.onPermissionDeleted();
+    }
   },
-  
+
   _lastPermissionSortColumn: "",
   _lastPermissionSortAscending: false,
   _permissionsComparator : function (a, b)
@@ -293,16 +366,34 @@ var gPermissionManager = {
   
   onPermissionSort: function (aColumn)
   {
-    this._lastPermissionSortAscending = gTreeUtils.sort(this._tree, 
-                                                        this._view, 
+    this._lastPermissionSortAscending = gTreeUtils.sort(this._tree,
+                                                        this._view,
                                                         this._permissions,
                                                         aColumn,
                                                         this._permissionsComparator,
-                                                        this._lastPermissionSortColumn, 
+                                                        this._lastPermissionSortColumn,
                                                         this._lastPermissionSortAscending);
     this._lastPermissionSortColumn = aColumn;
   },
-  
+
+  onApplyChanges: function()
+  {
+    // Stop observing permission changes since we are about
+    // to write out the pending adds/deletes and don't need
+    // to update the UI
+    this.uninit();
+
+    for (let permissionParams of this._permissionsToAdd.values()) {
+      Services.perms.addFromPrincipal(permissionParams.principal, permissionParams.type, permissionParams.capability);
+    }
+
+    for (let p of this._permissionsToDelete.values()) {
+      Services.perms.removeFromPrincipal(p.principal, p.type);
+    }
+
+    window.close();
+  },
+
   _loadPermissions: function ()
   {
     this._tree = document.getElementById("permissionsTree");
@@ -310,48 +401,59 @@ var gPermissionManager = {
 
     // load permissions into a table
     var count = 0;
-    var enumerator = this._pm.enumerator;
+    var enumerator = Services.perms.enumerator;
     while (enumerator.hasMoreElements()) {
       var nextPermission = enumerator.getNext().QueryInterface(Components.interfaces.nsIPermission);
       this._addPermissionToList(nextPermission);
     }
-   
+
     this._view._rowCount = this._permissions.length;
 
     // sort and display the table
     this._tree.view = this._view;
-    this.onPermissionSort("rawHost");
+    this.onPermissionSort("origin");
 
     // disable "remove all" button if there are none
     document.getElementById("removeAllPermissions").disabled = this._permissions.length == 0;
   },
-  
+
   _addPermissionToList: function (aPermission)
   {
     if (aPermission.type == this._type &&
         (!this._manageCapability ||
          (aPermission.capability == this._manageCapability))) {
 
-      var host = aPermission.host;
+      var principal = aPermission.principal;
       var capabilityString = this._getCapabilityString(aPermission.capability);
-      var p = new Permission(host,
-                             (host.charAt(0) == ".") ? host.substring(1,host.length) : host,
+      var p = new Permission(principal,
                              aPermission.type,
-                             capabilityString, 
-                             aPermission.capability);
+                             capabilityString);
       this._permissions.push(p);
-    }  
+    }
   },
-  
-  setHost: function (aHost)
+
+  _removePermissionFromList: function (aPrincipal)
+  {
+    for (let i = 0; i < this._permissions.length; ++i) {
+      if (this._permissions[i].principal.equals(aPrincipal)) {
+        this._permissions.splice(i, 1);
+        this._view._rowCount--;
+        this._tree.treeBoxObject.rowCountChanged(this._view.rowCount - 1, -1);
+        this._tree.treeBoxObject.invalidate();
+        break;
+      }
+    }
+  },
+
+  setOrigin: function (aOrigin)
   {
-    document.getElementById("url").value = aHost;
+    document.getElementById("url").value = aOrigin;
   }
 };
 
-function setHost(aHost)
+function setOrigin(aOrigin)
 {
-  gPermissionManager.setHost(aHost);
+  gPermissionManager.setOrigin(aOrigin);
 }
 
 function initWithParams(aParams)
diff --git a/application/palemoon/components/preferences/permissions.xul b/application/palemoon/components/preferences/permissions.xul
index fd550e8f7..33806cc27 100644
--- a/application/palemoon/components/preferences/permissions.xul
+++ b/application/palemoon/components/preferences/permissions.xul
@@ -1,12 +1,12 @@
 <?xml version="1.0"?>
 
-# -*- Mode: Java; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+<!-- -*- Mode: Java; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- -->
+<!-- This Source Code Form is subject to the terms of the Mozilla Public
+   - License, v. 2.0. If a copy of the MPL was not distributed with this
+   - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
 
-<?xml-stylesheet href="chrome://global/skin/" type="text/css"?> 
-<?xml-stylesheet href="chrome://browser/skin/preferences/preferences.css" type="text/css"?> 
+<?xml-stylesheet href="chrome://global/skin/" type="text/css"?>
+<?xml-stylesheet href="chrome://browser/skin/preferences/preferences.css" type="text/css"?>
 
 <!DOCTYPE dialog SYSTEM "chrome://browser/locale/preferences/permissions.dtd" >
 
@@ -35,7 +35,7 @@
     <separator class="thin"/>
     <label id="urlLabel" control="url" value="&address.label;" accesskey="&address.accesskey;"/>
     <hbox align="start">
-      <textbox id="url" flex="1" 
+      <textbox id="url" flex="1"
                oninput="gPermissionManager.onHostInput(event.target);"
                onkeypress="gPermissionManager.onHostKeyPress(event);"/>
     </hbox>
@@ -54,30 +54,32 @@
           onselect="gPermissionManager.onPermissionSelected();">
       <treecols>
         <treecol id="siteCol" label="&treehead.sitename.label;" flex="3"
-                onclick="gPermissionManager.onPermissionSort('rawHost');" persist="width"/>
+                 data-field-name="origin" persist="width"/>
         <splitter class="tree-splitter"/>
         <treecol id="statusCol" label="&treehead.status.label;" flex="1"
-                onclick="gPermissionManager.onPermissionSort('capability');" persist="width"/>
+                 data-field-name="capability" persist="width"/>
       </treecols>
       <treechildren/>
     </tree>
   </vbox>
-  <hbox align="end">
-    <hbox class="actionButtons" flex="1">
+  <vbox>
+    <hbox class="actionButtons" align="left" flex="1">
       <button id="removePermission" disabled="true"
               accesskey="&removepermission.accesskey;"
               icon="remove" label="&removepermission.label;"
               oncommand="gPermissionManager.onPermissionDeleted();"/>
       <button id="removeAllPermissions"
               icon="clear" label="&removeallpermissions.label;"
-              accesskey="&removeallpermissions.accesskey;" 
+              accesskey="&removeallpermissions.accesskey;"
               oncommand="gPermissionManager.onAllPermissionsDeleted();"/>
-      <spacer flex="1"/>
-#ifndef XP_MACOSX
+    </hbox>
+    <spacer flex="1"/>
+    <hbox class="actionButtons" align="right" flex="1">
       <button oncommand="close();" icon="close"
-              label="&button.close.label;" accesskey="&button.close.accesskey;"/>
-#endif
+              label="&button.cancel.label;" accesskey="&button.cancel.accesskey;" />
+      <button id="btnApplyChanges" oncommand="gPermissionManager.onApplyChanges();" icon="save"
+              label="&button.ok.label;" accesskey="&button.ok.accesskey;"/>
     </hbox>
     <resizer type="window" dir="bottomend"/>
-  </hbox>
+  </vbox>
 </window>
diff --git a/application/palemoon/components/preferences/security.js b/application/palemoon/components/preferences/security.js
index 56664bf66..9d5f302a2 100644
--- a/application/palemoon/components/preferences/security.js
+++ b/application/palemoon/components/preferences/security.js
@@ -131,9 +131,21 @@ var gSecurityPane = {
    */
   showPasswordExceptions: function ()
   {
+    let bundlePrefs = document.getElementById("bundlePreferences");
+    let params = {
+      blockVisible: true,
+      sessionVisible: false,
+      allowVisible: false,
+      hideStatusColumn: true,
+      prefilledHost: "",
+      permissionType: "login-saving",
+      windowTitle: bundlePrefs.getString("savedLoginsExceptions_title"),
+      introText: bundlePrefs.getString("savedLoginsExceptions_desc")
+    };
+
     document.documentElement.openWindow("Toolkit:PasswordManagerExceptions",
-                                        "chrome://passwordmgr/content/passwordManagerExceptions.xul",
-                                        "", null);
+                                        "chrome://browser/content/preferences/permissions.xul",
+                                        null, params);
   },
 
   /**
diff --git a/application/palemoon/locales/en-US/chrome/browser/browser.properties b/application/palemoon/locales/en-US/chrome/browser/browser.properties
index 518f1b0de..7f1c88a88 100644
--- a/application/palemoon/locales/en-US/chrome/browser/browser.properties
+++ b/application/palemoon/locales/en-US/chrome/browser/browser.properties
@@ -305,6 +305,10 @@ webNotifications.alwaysShow.accesskey=A
 webNotifications.neverShow=Always Block Notifications
 webNotifications.neverShow.accesskey=N
 webNotifications.showFromSite=Would you like to show notifications from %S?
+# LOCALIZATION NOTE (webNotifications.upgradeTitle): When using native notifications on OS X, the title may be truncated around 32 characters.
+webNotifications.upgradeTitle=Upgraded notifications
+# LOCALIZATION NOTE (webNotifications.upgradeBody): When using native notifications on OS X, the body may be truncated around 100 characters in some views.
+webNotifications.upgradeBody=You can now receive notifications from sites that are not currently loaded. Click to learn more.
 
 # Pointer lock UI
 
diff --git a/application/palemoon/locales/en-US/chrome/browser/preferences/aboutPermissions.dtd b/application/palemoon/locales/en-US/chrome/browser/preferences/aboutPermissions.dtd
index ff1da3dd0..9e36520c8 100644
--- a/application/palemoon/locales/en-US/chrome/browser/preferences/aboutPermissions.dtd
+++ b/application/palemoon/locales/en-US/chrome/browser/preferences/aboutPermissions.dtd
@@ -54,3 +54,5 @@
 <!ENTITY fullscreen.label                "Fullscreen">
 
 <!ENTITY pointerLock.label               "Hide the Mouse Pointer">
+
+<!ENTITY focusSearch.key                 "f">
diff --git a/application/palemoon/locales/en-US/chrome/browser/preferences/cookies.dtd b/application/palemoon/locales/en-US/chrome/browser/preferences/cookies.dtd
index 06f57c435..c83331328 100644
--- a/application/palemoon/locales/en-US/chrome/browser/preferences/cookies.dtd
+++ b/application/palemoon/locales/en-US/chrome/browser/preferences/cookies.dtd
@@ -7,11 +7,6 @@
 <!ENTITY     cookiesonsystem.label          "The following cookies are stored on your computer:">
 <!ENTITY     cookiename.label               "Cookie Name">
 <!ENTITY     cookiedomain.label             "Site"> 
-<!ENTITY     button.removecookies.label     "Remove Cookies">
-<!ENTITY     button.removecookie.label      "Remove Cookie">
-<!ENTITY     button.removecookie.accesskey  "R">
-<!ENTITY     button.removeallcookies.label  "Remove All Cookies">
-<!ENTITY     button.removeallcookies.accesskey "A">
 
 <!ENTITY     props.name.label               "Name:">
 <!ENTITY     props.value.label              "Content:">
diff --git a/application/palemoon/locales/en-US/chrome/browser/preferences/permissions.dtd b/application/palemoon/locales/en-US/chrome/browser/preferences/permissions.dtd
index f6a9c466c..e61228b76 100644
--- a/application/palemoon/locales/en-US/chrome/browser/preferences/permissions.dtd
+++ b/application/palemoon/locales/en-US/chrome/browser/preferences/permissions.dtd
@@ -3,7 +3,7 @@
    - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
 
 <!ENTITY window.title                 "Exceptions">
-<!ENTITY window.width                 "36em">
+<!ENTITY window.width                 "45em">
 
 <!ENTITY treehead.sitename.label      "Site">
 <!ENTITY treehead.status.label        "Status">
@@ -21,6 +21,8 @@
 <!ENTITY allow.accesskey              "A">
 <!ENTITY windowClose.key              "w">
 
-<!ENTITY button.close.label           "Close">
-<!ENTITY button.close.accesskey       "C">
+<!ENTITY button.cancel.label          "Cancel">
+<!ENTITY button.cancel.accesskey      "C">
+<!ENTITY button.ok.label              "Save Changes">
+<!ENTITY button.ok.accesskey          "S">
 
diff --git a/application/palemoon/locales/en-US/chrome/browser/preferences/preferences.properties b/application/palemoon/locales/en-US/chrome/browser/preferences/preferences.properties
index 826f1463d..3eebbcbec 100644
--- a/application/palemoon/locales/en-US/chrome/browser/preferences/preferences.properties
+++ b/application/palemoon/locales/en-US/chrome/browser/preferences/preferences.properties
@@ -15,7 +15,7 @@ labelDefaultFont=Default (%S)
 
 #### Permissions Manager
 
-cookiepermissionstext=You can specify which websites are always or never allowed to use cookies.  Type the exact address of the site you want to manage and then click Block, Allow for Session, or Allow.
+cookiepermissionstext=You can specify which websites are always or never allowed to use cookies. Type the exact address of the site you want to manage and then click Block, Allow for Session, or Allow.
 cookiepermissionstitle=Exceptions - Cookies
 addonspermissionstext=You can specify which websites are allowed to install add-ons. Type the exact address of the site you want to allow and then click Allow.
 addons_permissions_title=Allowed Sites - Add-ons Installation
@@ -23,6 +23,8 @@ popuppermissionstext=You can specify which websites are allowed to open pop-up w
 popuppermissionstitle=Allowed Sites - Pop-ups
 invalidURI=Please enter a valid hostname
 invalidURITitle=Invalid Hostname Entered
+savedLoginsExceptions_title=Exceptions - Saved Logins
+savedLoginsExceptions_desc=Logins for the following sites will not be saved:
 
 #### Master Password
 
@@ -93,9 +95,30 @@ noCookieSelected=<no cookie selected>
 cookiesAll=The following cookies are stored on your computer:
 cookiesFiltered=The following cookies match your search:
 
+# LOCALIZATION NOTE (removeAllCookies, removeAllShownCookies):
+# removeAllCookies and removeAllShownCookies are both used on the same one button,
+# never displayed together and can share the same accesskey.
+# When only partial cookies are shown as a result of keyword search,
+# removeAllShownCookies is displayed as button label.
+# removeAllCookies is displayed when no keyword search and all cookies are shown.
+removeAllCookies.label=Remove All
+removeAllCookies.accesskey=A
+removeAllShownCookies.label=Remove All Shown
+removeAllShownCookies.accesskey=A
+
+# LOCALIZATION NOTE (removeSelectedCookies):
+# Semicolon-separated list of plural forms. See:
+# http://developer.mozilla.org/en/docs/Localization_and_Plurals
+# If you need to display the number of selected elements in your language,
+# you can use #1 in your localization as a placeholder for the number.
+# For example this is the English string with numbers:
+# removeSelectedCookied=Remove #1 Selected;Remove #1 Selected
+removeSelectedCookies.label=Remove Selected;Remove Selected
+removeSelectedCookies.accesskey=R
+
 #### Offline apps
 offlineAppRemoveTitle=Remove offline website data
-offlineAppRemovePrompt=After removing this data, %S will not be available offline.  Are you sure you want to remove this offline website?
+offlineAppRemovePrompt=After removing this data, %S will not be available offline. Are you sure you want to remove this offline website?
 offlineAppRemoveConfirm=Remove offline data
 
 # LOCALIZATION NOTE: The next string is for the disk usage of the
diff --git a/application/palemoon/modules/PopupNotifications.jsm b/application/palemoon/modules/PopupNotifications.jsm
index 15c8915ed..0cb970230 100644
--- a/application/palemoon/modules/PopupNotifications.jsm
+++ b/application/palemoon/modules/PopupNotifications.jsm
@@ -12,6 +12,7 @@ const NOTIFICATION_EVENT_DISMISSED = "dismissed";
 const NOTIFICATION_EVENT_REMOVED = "removed";
 const NOTIFICATION_EVENT_SHOWING = "showing";
 const NOTIFICATION_EVENT_SHOWN = "shown";
+const NOTIFICATION_EVENT_SWAPPING = "swapping";
 
 const ICON_SELECTOR = ".notification-anchor-icon";
 const ICON_ATTRIBUTE_SHOWING = "showing";
@@ -237,9 +238,23 @@ PopupNotifications.prototype = {
    *                                  tabs)
    *                     "removed": notification has been removed (due to
    *                                location change or user action)
+   *                     "showing": notification is about to be shown
+   *                                (this can be fired multiple times as
+   *                                 notifications are dismissed and re-shown)
    *                     "shown": notification has been shown (this can be fired
    *                              multiple times as notifications are dismissed
    *                              and re-shown)
+   *                     "swapping": the docshell of the browser that created
+   *                                 the notification is about to be swapped to
+   *                                 another browser. A second parameter contains
+   *                                 the browser that is receiving the docshell,
+   *                                 so that the event callback can transfer stuff
+   *                                 specific to this notification.
+   *                                 If the callback returns true, the notification
+   *                                 will be moved to the new browser.
+   *                                 If the callback isn't implemented, returns false,
+   *                                 or doesn't return any value, the notification
+   *                                 will be removed.
    *        neverShow:   Indicate that no popup should be shown for this
    *                     notification. Useful for just showing the anchor icon.
    *        removeOnDismissal:
@@ -829,13 +844,60 @@ PopupNotifications.prototype = {
     this._update(notifications, anchor);
   },
 
-  _fireCallback: function PopupNotifications_fireCallback(n, event) {
+  _swapBrowserNotifications: function PopupNotifications_swapBrowserNoficications(ourBrowser, otherBrowser) {
+    // When swaping browser docshells (e.g. dragging tab to new window) we need
+    // to update our notification map.
+
+    let ourNotifications = this._getNotificationsForBrowser(ourBrowser);
+    let other = otherBrowser.ownerDocument.defaultView.PopupNotifications;
+    if (!other) {
+      if (ourNotifications.length > 0)
+        Cu.reportError("unable to swap notifications: otherBrowser doesn't support notifications");
+      return;
+    }
+    let otherNotifications = other._getNotificationsForBrowser(otherBrowser);
+    if (ourNotifications.length < 1 && otherNotifications.length < 1) {
+      // No notification to swap.
+      return;
+    }
+
+    otherNotifications = otherNotifications.filter(n => {
+      if (this._fireCallback(n, NOTIFICATION_EVENT_SWAPPING, ourBrowser)) {
+        n.browser = ourBrowser;
+        n.owner = this;
+        return true;
+      }
+      other._fireCallback(n, NOTIFICATION_EVENT_REMOVED);
+      return false;
+    });
+
+    ourNotifications = ourNotifications.filter(n => {
+      if (this._fireCallback(n, NOTIFICATION_EVENT_SWAPPING, otherBrowser)) {
+        n.browser = otherBrowser;
+        n.owner = other;
+        return true;
+      }
+      this._fireCallback(n, NOTIFICATION_EVENT_REMOVED);
+      return false;
+    });
+
+    this._setNotificationsForBrowser(otherBrowser, ourNotifications);
+    other._setNotificationsForBrowser(ourBrowser, otherNotifications);
+
+    if (otherNotifications.length > 0)
+      this._update(otherNotifications, otherNotifications[0].anchorElement);
+    if (ourNotifications.length > 0)
+      other._update(ourNotifications, ourNotifications[0].anchorElement);
+  },
+
+  _fireCallback: function PopupNotifications_fireCallback(n, event, ...args) {
     try {
       if (n.options.eventCallback)
-        n.options.eventCallback.call(n, event);
+        return n.options.eventCallback.call(n, event, ...args);
     } catch (error) {
       Cu.reportError(error);
     }
+    return undefined;
   },
 
   _onPopupHidden: function PopupNotifications_onPopupHidden(event) {
diff --git a/application/palemoon/modules/webrtcUI.jsm b/application/palemoon/modules/webrtcUI.jsm
index c957bfd9a..819ca181f 100644
--- a/application/palemoon/modules/webrtcUI.jsm
+++ b/application/palemoon/modules/webrtcUI.jsm
@@ -11,9 +11,11 @@ const Cc = Components.classes;
 const Ci = Components.interfaces;
 
 Cu.import("resource://gre/modules/Services.jsm");
-Cu.import("resource://gre/modules/PluralForm.jsm");
 Cu.import("resource://gre/modules/XPCOMUtils.jsm");
 
+XPCOMUtils.defineLazyModuleGetter(this, "PluralForm",
+                                  "resource://gre/modules/PluralForm.jsm");
+
 XPCOMUtils.defineLazyServiceGetter(this, "MediaManagerService",
                                    "@mozilla.org/mediaManagerService;1",
                                    "nsIMediaManagerService");
@@ -128,62 +130,14 @@ function prompt(aWindowID, aCallID, aAudioRequested, aVideoRequested, aDevices)
   let message = stringBundle.getFormattedString("getUserMedia.share" + requestType + ".message",
                                                 [ host ]);
 
-  function listDevices(menupopup, devices) {
-    while (menupopup.lastChild)
-      menupopup.removeChild(menupopup.lastChild);
-
-    let deviceIndex = 0;
-    for (let device of devices) {
-      addDeviceToList(menupopup, device.name, deviceIndex);
-      deviceIndex++;
-    }
-  }
-
-  function addDeviceToList(menupopup, deviceName, deviceIndex) {
-    let menuitem = chromeDoc.createElement("menuitem");
-    menuitem.setAttribute("value", deviceIndex);
-    menuitem.setAttribute("label", deviceName);
-    menuitem.setAttribute("tooltiptext", deviceName);
-    menupopup.appendChild(menuitem);
-  }
-
-  chromeDoc.getElementById("webRTC-selectCamera").hidden = !videoDevices.length;
-  chromeDoc.getElementById("webRTC-selectMicrophone").hidden = !audioDevices.length;
-
-  let camMenupopup = chromeDoc.getElementById("webRTC-selectCamera-menupopup");
-  let micMenupopup = chromeDoc.getElementById("webRTC-selectMicrophone-menupopup");
-  listDevices(camMenupopup, videoDevices);
-  listDevices(micMenupopup, audioDevices);
-  if (requestType == "CameraAndMicrophone") {
-    addDeviceToList(camMenupopup, stringBundle.getString("getUserMedia.noVideo.label"), "-1");
-    addDeviceToList(micMenupopup, stringBundle.getString("getUserMedia.noAudio.label"), "-1");
-  }
-
   let mainAction = {
     label: PluralForm.get(requestType == "CameraAndMicrophone" ? 2 : 1,
                           stringBundle.getString("getUserMedia.shareSelectedDevices.label")),
     accessKey: stringBundle.getString("getUserMedia.shareSelectedDevices.accesskey"),
-    callback: function () {
-      let allowedDevices = Cc["@mozilla.org/supports-array;1"]
-                             .createInstance(Ci.nsISupportsArray);
-      if (videoDevices.length) {
-        let videoDeviceIndex = chromeDoc.getElementById("webRTC-selectCamera-menulist").value;
-        if (videoDeviceIndex != "-1")
-          allowedDevices.AppendElement(videoDevices[videoDeviceIndex]);
-      }
-      if (audioDevices.length) {
-        let audioDeviceIndex = chromeDoc.getElementById("webRTC-selectMicrophone-menulist").value;
-        if (audioDeviceIndex != "-1")
-          allowedDevices.AppendElement(audioDevices[audioDeviceIndex]);
-      }
-
-      if (allowedDevices.Count() == 0) {
-        denyRequest(aCallID);
-        return;
-      }
-
-      Services.obs.notifyObservers(allowedDevices, "getUserMedia:response:allow", aCallID);
-    }
+    // The real callback will be set during the "showing" event. The
+    // empty function here is so that PopupNotifications.show doesn't
+    // reject the action.
+    callback: function() {}
   };
 
   let secondaryActions = [{
@@ -194,7 +148,72 @@ function prompt(aWindowID, aCallID, aAudioRequested, aVideoRequested, aDevices)
     }
   }];
 
-  let options = null;
+  let options = {
+    eventCallback: function(aTopic, aNewBrowser) {
+      if (aTopic == "swapping")
+        return true;
+
+      if (aTopic != "showing")
+        return false;
+
+      let chromeDoc = this.browser.ownerDocument;
+
+      function listDevices(menupopup, devices) {
+        while (menupopup.lastChild)
+          menupopup.removeChild(menupopup.lastChild);
+
+        let deviceIndex = 0;
+        for (let device of devices) {
+          addDeviceToList(menupopup, device.name, deviceIndex);
+          deviceIndex++;
+        }
+      }
+
+      function addDeviceToList(menupopup, deviceName, deviceIndex) {
+        let menuitem = chromeDoc.createElement("menuitem");
+        menuitem.setAttribute("value", deviceIndex);
+        menuitem.setAttribute("label", deviceName);
+        menuitem.setAttribute("tooltiptext", deviceName);
+        menupopup.appendChild(menuitem);
+      }
+
+      chromeDoc.getElementById("webRTC-selectCamera").hidden = !videoDevices.length;
+      chromeDoc.getElementById("webRTC-selectMicrophone").hidden = !audioDevices.length;
+
+      let camMenupopup = chromeDoc.getElementById("webRTC-selectCamera-menupopup");
+      let micMenupopup = chromeDoc.getElementById("webRTC-selectMicrophone-menupopup");
+      listDevices(camMenupopup, videoDevices);
+      listDevices(micMenupopup, audioDevices);
+      if (requestType == "CameraAndMicrophone") {
+        let stringBundle = chromeDoc.defaultView.gNavigatorBundle;
+        addDeviceToList(camMenupopup, stringBundle.getString("getUserMedia.noVideo.label"), "-1");
+        addDeviceToList(micMenupopup, stringBundle.getString("getUserMedia.noAudio.label"), "-1");
+      }
+
+      this.mainAction.callback = function() {
+        let allowedDevices = Cc["@mozilla.org/supports-array;1"]
+                               .createInstance(Ci.nsISupportsArray);
+        if (videoDevices.length) {
+          let videoDeviceIndex = chromeDoc.getElementById("webRTC-selectCamera-menulist").value;
+          if (videoDeviceIndex != "-1")
+            allowedDevices.AppendElement(videoDevices[videoDeviceIndex]);
+        }
+        if (audioDevices.length) {
+          let audioDeviceIndex = chromeDoc.getElementById("webRTC-selectMicrophone-menulist").value;
+          if (audioDeviceIndex != "-1")
+            allowedDevices.AppendElement(audioDevices[audioDeviceIndex]);
+        }
+
+        if (allowedDevices.Count() == 0) {
+          denyRequest(aCallID);
+          return;
+        }
+
+        Services.obs.notifyObservers(allowedDevices, "getUserMedia:response:allow", aCallID);
+      };
+      return true;
+    }
+  };
 
   chromeWin.PopupNotifications.show(browser, "webRTC-shareDevices", message,
                                     "webRTC-shareDevices-notification-icon", mainAction,
@@ -254,7 +273,8 @@ function showBrowserSpecificIndicator(aBrowser) {
   }];
   let options = {
     hideNotNow: true,
-    dismissed: true
+    dismissed: true,
+    eventCallback: function(aTopic) aTopic == "swapping"
   };
   chromeWin.PopupNotifications.show(aBrowser, "webRTC-sharingDevices", message,
                                     "webRTC-sharingDevices-notification-icon", mainAction,
diff --git a/application/palemoon/themes/linux/Push-16.png b/application/palemoon/themes/linux/Push-16.png
new file mode 100644
index 000000000..082b17781
--- /dev/null
+++ b/application/palemoon/themes/linux/Push-16.png
diff --git a/application/palemoon/themes/linux/Push-64.png b/application/palemoon/themes/linux/Push-64.png
new file mode 100644
index 000000000..6e09ab9c3
--- /dev/null
+++ b/application/palemoon/themes/linux/Push-64.png
diff --git a/application/palemoon/themes/linux/browser.css b/application/palemoon/themes/linux/browser.css
index 4f4964db8..131a63a90 100644
--- a/application/palemoon/themes/linux/browser.css
+++ b/application/palemoon/themes/linux/browser.css
@@ -1169,6 +1169,10 @@ toolbar[iconsize="small"] #webrtc-status-button {
   list-style-image: url(chrome://browser/skin/Geolocation-64.png);
 }
 
+.popup-notification-icon[popupid="push"] {
+  list-style-image: url(chrome://browser/skin/Push-64.png);
+}
+
 .popup-notification-icon[popupid="xpinstall-disabled"],
 .popup-notification-icon[popupid="addon-progress"],
 .popup-notification-icon[popupid="addon-install-cancelled"],
@@ -1288,6 +1292,10 @@ toolbar[iconsize="small"] #webrtc-status-button {
   list-style-image: url(chrome://browser/skin/Geolocation-16.png);
 }
 
+#push-notification-icon {
+  list-style-image: url(chrome://browser/skin/Push-16.png);
+}
+
 #addons-notification-icon {
   list-style-image: url(chrome://mozapps/skin/extensions/extensionGeneric-16.png);
 }
@@ -1374,7 +1382,18 @@ toolbar[iconsize="small"] #webrtc-status-button {
 
 .web-notifications-notification-icon,
 #web-notifications-notification-icon {
-  list-style-image: url(chrome://browser/skin/notification-16.png);
+  list-style-image: url(chrome://browser/skin/web-notifications-tray.svg);
+  -moz-image-region: rect(0, 16px, 16px, 0);
+}
+
+.web-notifications-notification-icon:hover,
+#web-notifications-notification-icon:hover {
+  -moz-image-region: rect(0, 32px, 16px, 16px);
+}
+
+.web-notifications-notification-icon:hover:active,
+#web-notifications-notification-icon:hover:active {
+  -moz-image-region: rect(0, 48px, 16px, 32px);
 }
 
 #pointerLock-notification-icon {
diff --git a/application/palemoon/themes/linux/jar.mn b/application/palemoon/themes/linux/jar.mn
index 7e67d0129..3c2ac406e 100644
--- a/application/palemoon/themes/linux/jar.mn
+++ b/application/palemoon/themes/linux/jar.mn
@@ -36,8 +36,6 @@ browser.jar:
   skin/classic/browser/mixed-content-blocked-64.png
   skin/classic/browser/monitor.png
   skin/classic/browser/monitor_16-10.png
-  skin/classic/browser/notification-16.png
-  skin/classic/browser/notification-64.png
 * skin/classic/browser/pageInfo.css
   skin/classic/browser/pageInfo.png
   skin/classic/browser/page-livemarks.png
@@ -54,6 +52,8 @@ browser.jar:
   skin/classic/browser/Toolbar.png
   skin/classic/browser/Toolbar-small.png
   skin/classic/browser/urlbar-arrow.png
+  skin/classic/browser/web-notifications-icon.svg
+  skin/classic/browser/web-notifications-tray.svg
 #ifdef MOZ_WEBRTC
   skin/classic/browser/webRTC-shareDevice-16.png
   skin/classic/browser/webRTC-shareDevice-64.png
diff --git a/application/palemoon/themes/linux/notification-16.png b/application/palemoon/themes/linux/notification-16.png
deleted file mode 100644
index 6b2df7341..000000000
--- a/application/palemoon/themes/linux/notification-16.png
+++ /dev/null
diff --git a/application/palemoon/themes/linux/notification-64.png b/application/palemoon/themes/linux/notification-64.png
deleted file mode 100644
index a01d0ab77..000000000
--- a/application/palemoon/themes/linux/notification-64.png
+++ /dev/null
diff --git a/application/palemoon/themes/linux/preferences/aboutPermissions.css b/application/palemoon/themes/linux/preferences/aboutPermissions.css
index 406568831..224c88018 100644
--- a/application/palemoon/themes/linux/preferences/aboutPermissions.css
+++ b/application/palemoon/themes/linux/preferences/aboutPermissions.css
@@ -90,7 +90,7 @@
   list-style-image: url(chrome://global/skin/icons/question-64.png);
 }
 .pref-icon[type="desktop-notification"] {
-  list-style-image: url(chrome://browser/skin/notification-64.png);
+  list-style-image: url(chrome://browser/skin/web-notifications-icon.svg);
 }
 .pref-icon[type="install"] {
   list-style-image: url(chrome://mozapps/skin/extensions/extensionGeneric.png);
diff --git a/application/palemoon/themes/linux/web-notifications-icon.svg b/application/palemoon/themes/linux/web-notifications-icon.svg
new file mode 100644
index 000000000..f7186c727
--- /dev/null
+++ b/application/palemoon/themes/linux/web-notifications-icon.svg
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- This Source Code Form is subject to the terms of the Mozilla Public
+   - License, v. 2.0. If a copy of the MPL was not distributed with this
+   - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
+<svg xmlns="http://www.w3.org/2000/svg" preserveAspectRatio="xMidYMid" width="64" height="64" viewBox="0 0 64 64">
+  <defs>
+    <style>
+      .icon {
+        fill: #a6a6a6;
+        fill-rule: evenodd;
+      }
+    </style>
+  </defs>
+  <path d="M57,48 L46,48 L46,60.016 L32.482,48 L7,48 C5.343,48 4,46.657 4,45 L4,11.031 C4,9.374 5.343,8.031 7,8.031 L57,8.031 C58.657,8.031 60,9.374 60,11.031 L60,45 C60,46.657 58.657,48 57,48 ZM36,16.031 C36,14.927 35.105,14.031 34,14.031 L30,14.031 C28.895,14.031 28,14.927 28,16.031 L28,30.031 C28,31.136 28.895,32.031 30,32.031 L34,32.031 C35.105,32.031 36,31.136 36,30.031 L36,16.031 ZM36,37.5 C36,36.672 35.328,36 34.5,36 L29.5,36 C28.672,36 28,36.672 28,37.5 L28,40.5 C28,41.328 28.672,42 29.5,42 L34.5,42 C35.328,42 36,41.328 36,40.5 L36,37.5 Z" class="icon"/>
+</svg>
diff --git a/application/palemoon/themes/linux/web-notifications-tray.svg b/application/palemoon/themes/linux/web-notifications-tray.svg
new file mode 100644
index 000000000..314026a10
--- /dev/null
+++ b/application/palemoon/themes/linux/web-notifications-tray.svg
@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- This Source Code Form is subject to the terms of the Mozilla Public
+   - License, v. 2.0. If a copy of the MPL was not distributed with this
+   - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
+<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="48" height="16" viewBox="0 0 96 32">
+  <defs>
+    <style>
+      .style-icon-notification {
+        fill: #666666;
+      }
+      .style-icon-notification.hover {
+        fill: #808080;
+      }
+      .style-icon-notification.active {
+        fill: #4d4d4d;
+      }
+    </style>
+    <path id="shape-notifcations-push" d="M27,23.969 L24,23.969 L24,29.977 L17.241,23.969 L5,23.969 C3.343,23.969 2,22.626 2,20.969 L2,6.969 C2,5.312 3.343,3.969 5,3.969 L27,3.969 C28.657,3.969 30,5.312 30,6.969 L30,20.969 C30,22.626 28.657,23.969 27,23.969 ZM18,8.969 C18,7.864 17.105,6.969 16,6.969 C14.895,6.969 14,7.864 14,8.969 L14,13.969 C14,15.073 14.895,15.969 16,15.969 C17.105,15.969 18,15.073 18,13.969 L18,8.969 ZM16.5,17.969 L15.5,17.969 C14.672,17.969 14,18.640 14,19.469 C14,20.297 14.672,20.969 15.5,20.969 L16.5,20.969 C17.328,20.969 18,20.297 18,19.469 C18,18.640 17.328,17.969 16.5,17.969 Z"/>
+  </defs>
+  <use xlink:href="#shape-notifcations-push" class="style-icon-notification"/>
+  <use xlink:href="#shape-notifcations-push" transform="translate(32)" class="style-icon-notification hover"/>
+  <use xlink:href="#shape-notifcations-push" transform="translate(64)" class="style-icon-notification active"/>
+</svg>
diff --git a/application/palemoon/themes/osx/Push-16.png b/application/palemoon/themes/osx/Push-16.png
new file mode 100644
index 000000000..54ef8f8ea
--- /dev/null
+++ b/application/palemoon/themes/osx/Push-16.png
diff --git a/application/palemoon/themes/osx/Push-64.png b/application/palemoon/themes/osx/Push-64.png
new file mode 100644
index 000000000..099b9c76f
--- /dev/null
+++ b/application/palemoon/themes/osx/Push-64.png
diff --git a/application/palemoon/themes/osx/browser.css b/application/palemoon/themes/osx/browser.css
index 8d709d8e1..58443fa76 100644
--- a/application/palemoon/themes/osx/browser.css
+++ b/application/palemoon/themes/osx/browser.css
@@ -1975,6 +1975,10 @@ toolbarbutton.bookmark-item[dragover="true"][open="true"] {
     list-style-image: url(chrome://browser/skin/Geolocation-16.png);
 }
 
+#push-notification-icon {
+  list-style-image: url(chrome://browser/skin/Push-16.png);
+}
+
 #addons-notification-icon {
     list-style-image: url(chrome://mozapps/skin/extensions/extensionGeneric-16.png);
 }
@@ -2061,7 +2065,18 @@ toolbarbutton.bookmark-item[dragover="true"][open="true"] {
 
 .web-notifications-notification-icon,
 #web-notifications-notification-icon {
-    list-style-image: url(chrome://browser/skin/notification-16.png);
+  list-style-image: url(chrome://browser/skin/web-notifications-tray.svg);
+  -moz-image-region: rect(0, 16px, 16px, 0);
+}
+
+.web-notifications-notification-icon:hover,
+#web-notifications-notification-icon:hover {
+  -moz-image-region: rect(0, 32px, 16px, 16px);
+}
+
+.web-notifications-notification-icon:hover:active,
+#web-notifications-notification-icon:hover:active {
+  -moz-image-region: rect(0, 48px, 16px, 32px);
 }
 
 #pointerLock-notification-icon {
diff --git a/application/palemoon/themes/osx/jar.mn b/application/palemoon/themes/osx/jar.mn
index 186cd8a75..a085c5f81 100644
--- a/application/palemoon/themes/osx/jar.mn
+++ b/application/palemoon/themes/osx/jar.mn
@@ -41,8 +41,6 @@ browser.jar:
         skin/classic/browser/mixed-content-blocked-64.png
         skin/classic/browser/monitor.png
         skin/classic/browser/monitor_16-10.png
-        skin/classic/browser/notification-16.png
-        skin/classic/browser/notification-64.png
         skin/classic/browser/pageInfo.css
         skin/classic/browser/pageInfo.png
         skin/classic/browser/page-livemarks.png
@@ -70,6 +68,8 @@ browser.jar:
         skin/classic/browser/urlbar-history-dropmarker.png
         skin/classic/browser/webapps-16.png
         skin/classic/browser/webapps-64.png
+        skin/classic/browser/web-notifications-icon.svg
+        skin/classic/browser/web-notifications-tray.svg
         skin/classic/browser/notification-pluginNormal.png           (../shared/plugins/notification-pluginNormal.png)
         skin/classic/browser/notification-pluginAlert.png            (../shared/plugins/notification-pluginAlert.png)
         skin/classic/browser/notification-pluginBlocked.png          (../shared/plugins/notification-pluginBlocked.png)
diff --git a/application/palemoon/themes/osx/notification-16.png b/application/palemoon/themes/osx/notification-16.png
deleted file mode 100644
index 6b2df7341..000000000
--- a/application/palemoon/themes/osx/notification-16.png
+++ /dev/null
diff --git a/application/palemoon/themes/osx/notification-64.png b/application/palemoon/themes/osx/notification-64.png
deleted file mode 100644
index a01d0ab77..000000000
--- a/application/palemoon/themes/osx/notification-64.png
+++ /dev/null
diff --git a/application/palemoon/themes/osx/preferences/aboutPermissions.css b/application/palemoon/themes/osx/preferences/aboutPermissions.css
index cfb941bbb..a97e71e04 100644
--- a/application/palemoon/themes/osx/preferences/aboutPermissions.css
+++ b/application/palemoon/themes/osx/preferences/aboutPermissions.css
@@ -93,7 +93,7 @@
   list-style-image: url(chrome://global/skin/icons/question-64.png);
 }
 .pref-icon[type="desktop-notification"] {
-  list-style-image: url(chrome://browser/skin/notification-64.png);
+  list-style-image: url(chrome://browser/skin/web-notifications-icon.svg);
 }
 .pref-icon[type="install"] {
   list-style-image: url(chrome://mozapps/skin/extensions/extensionGeneric.png);
diff --git a/application/palemoon/themes/osx/web-notifications-icon.svg b/application/palemoon/themes/osx/web-notifications-icon.svg
new file mode 100644
index 000000000..f7186c727
--- /dev/null
+++ b/application/palemoon/themes/osx/web-notifications-icon.svg
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- This Source Code Form is subject to the terms of the Mozilla Public
+   - License, v. 2.0. If a copy of the MPL was not distributed with this
+   - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
+<svg xmlns="http://www.w3.org/2000/svg" preserveAspectRatio="xMidYMid" width="64" height="64" viewBox="0 0 64 64">
+  <defs>
+    <style>
+      .icon {
+        fill: #a6a6a6;
+        fill-rule: evenodd;
+      }
+    </style>
+  </defs>
+  <path d="M57,48 L46,48 L46,60.016 L32.482,48 L7,48 C5.343,48 4,46.657 4,45 L4,11.031 C4,9.374 5.343,8.031 7,8.031 L57,8.031 C58.657,8.031 60,9.374 60,11.031 L60,45 C60,46.657 58.657,48 57,48 ZM36,16.031 C36,14.927 35.105,14.031 34,14.031 L30,14.031 C28.895,14.031 28,14.927 28,16.031 L28,30.031 C28,31.136 28.895,32.031 30,32.031 L34,32.031 C35.105,32.031 36,31.136 36,30.031 L36,16.031 ZM36,37.5 C36,36.672 35.328,36 34.5,36 L29.5,36 C28.672,36 28,36.672 28,37.5 L28,40.5 C28,41.328 28.672,42 29.5,42 L34.5,42 C35.328,42 36,41.328 36,40.5 L36,37.5 Z" class="icon"/>
+</svg>
diff --git a/application/palemoon/themes/osx/web-notifications-tray.svg b/application/palemoon/themes/osx/web-notifications-tray.svg
new file mode 100644
index 000000000..314026a10
--- /dev/null
+++ b/application/palemoon/themes/osx/web-notifications-tray.svg
@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- This Source Code Form is subject to the terms of the Mozilla Public
+   - License, v. 2.0. If a copy of the MPL was not distributed with this
+   - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
+<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="48" height="16" viewBox="0 0 96 32">
+  <defs>
+    <style>
+      .style-icon-notification {
+        fill: #666666;
+      }
+      .style-icon-notification.hover {
+        fill: #808080;
+      }
+      .style-icon-notification.active {
+        fill: #4d4d4d;
+      }
+    </style>
+    <path id="shape-notifcations-push" d="M27,23.969 L24,23.969 L24,29.977 L17.241,23.969 L5,23.969 C3.343,23.969 2,22.626 2,20.969 L2,6.969 C2,5.312 3.343,3.969 5,3.969 L27,3.969 C28.657,3.969 30,5.312 30,6.969 L30,20.969 C30,22.626 28.657,23.969 27,23.969 ZM18,8.969 C18,7.864 17.105,6.969 16,6.969 C14.895,6.969 14,7.864 14,8.969 L14,13.969 C14,15.073 14.895,15.969 16,15.969 C17.105,15.969 18,15.073 18,13.969 L18,8.969 ZM16.5,17.969 L15.5,17.969 C14.672,17.969 14,18.640 14,19.469 C14,20.297 14.672,20.969 15.5,20.969 L16.5,20.969 C17.328,20.969 18,20.297 18,19.469 C18,18.640 17.328,17.969 16.5,17.969 Z"/>
+  </defs>
+  <use xlink:href="#shape-notifcations-push" class="style-icon-notification"/>
+  <use xlink:href="#shape-notifcations-push" transform="translate(32)" class="style-icon-notification hover"/>
+  <use xlink:href="#shape-notifcations-push" transform="translate(64)" class="style-icon-notification active"/>
+</svg>
diff --git a/application/palemoon/themes/windows/Push-16.png b/application/palemoon/themes/windows/Push-16.png
new file mode 100644
index 000000000..d710e7336
--- /dev/null
+++ b/application/palemoon/themes/windows/Push-16.png
diff --git a/application/palemoon/themes/windows/Push-64.png b/application/palemoon/themes/windows/Push-64.png
new file mode 100644
index 000000000..27fecb858
--- /dev/null
+++ b/application/palemoon/themes/windows/Push-64.png
diff --git a/application/palemoon/themes/windows/browser.css b/application/palemoon/themes/windows/browser.css
index 1c51accae..3d519ba85 100644
--- a/application/palemoon/themes/windows/browser.css
+++ b/application/palemoon/themes/windows/browser.css
@@ -2548,7 +2548,18 @@ toolbarbutton.bookmark-item[dragover="true"][open="true"] {
 
 .web-notifications-notification-icon,
 #web-notifications-notification-icon {
-  list-style-image: url(chrome://browser/skin/notification-16.png);
+  list-style-image: url(chrome://browser/skin/web-notifications-tray.svg);
+  -moz-image-region: rect(0, 16px, 16px, 0);
+}
+
+.web-notifications-notification-icon:hover,
+#web-notifications-notification-icon:hover {
+  -moz-image-region: rect(0, 32px, 16px, 16px);
+}
+
+.web-notifications-notification-icon:hover:active,
+#web-notifications-notification-icon:hover:active {
+  -moz-image-region: rect(0, 48px, 16px, 32px);
 }
 
 #pointerLock-notification-icon {
diff --git a/application/palemoon/themes/windows/jar.mn b/application/palemoon/themes/windows/jar.mn
index a66714b13..8c0d9a5cc 100644
--- a/application/palemoon/themes/windows/jar.mn
+++ b/application/palemoon/themes/windows/jar.mn
@@ -42,8 +42,6 @@ browser.jar:
         skin/classic/browser/mixed-content-blocked-64.png
         skin/classic/browser/monitor.png
         skin/classic/browser/monitor_16-10.png
-        skin/classic/browser/notification-16.png
-        skin/classic/browser/notification-64.png
         skin/classic/browser/pageInfo.css
         skin/classic/browser/pageInfo.png
         skin/classic/browser/page-livemarks.png                      (feeds/feedIcon16.png)
@@ -72,6 +70,8 @@ browser.jar:
         skin/classic/browser/urlbar-history-dropmarker.png
         skin/classic/browser/webapps-16.png
         skin/classic/browser/webapps-64.png
+        skin/classic/browser/web-notifications-icon.svg
+        skin/classic/browser/web-notifications-tray.svg
         skin/classic/browser/notification-pluginNormal.png           (../shared/plugins/notification-pluginNormal.png)
         skin/classic/browser/notification-pluginAlert.png            (../shared/plugins/notification-pluginAlert.png)
         skin/classic/browser/notification-pluginBlocked.png          (../shared/plugins/notification-pluginBlocked.png)
diff --git a/application/palemoon/themes/windows/notification-16.png b/application/palemoon/themes/windows/notification-16.png
deleted file mode 100644
index 6b2df7341..000000000
--- a/application/palemoon/themes/windows/notification-16.png
+++ /dev/null
diff --git a/application/palemoon/themes/windows/notification-64.png b/application/palemoon/themes/windows/notification-64.png
deleted file mode 100644
index a01d0ab77..000000000
--- a/application/palemoon/themes/windows/notification-64.png
+++ /dev/null
diff --git a/application/palemoon/themes/windows/preferences/aboutPermissions.css b/application/palemoon/themes/windows/preferences/aboutPermissions.css
index d9db6ccbf..73b8d6e14 100644
--- a/application/palemoon/themes/windows/preferences/aboutPermissions.css
+++ b/application/palemoon/themes/windows/preferences/aboutPermissions.css
@@ -93,7 +93,7 @@
   list-style-image: url(chrome://global/skin/icons/question-48.png);
 }
 .pref-icon[type="desktop-notification"] {
-  list-style-image: url(chrome://browser/skin/notification-64.png);
+  list-style-image: url(chrome://browser/skin/web-notifications-icon.svg);
 }
 .pref-icon[type="install"] {
   list-style-image: url(chrome://mozapps/skin/extensions/extensionGeneric-48.png);
diff --git a/application/palemoon/themes/windows/web-notifications-icon.svg b/application/palemoon/themes/windows/web-notifications-icon.svg
new file mode 100644
index 000000000..f7186c727
--- /dev/null
+++ b/application/palemoon/themes/windows/web-notifications-icon.svg
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- This Source Code Form is subject to the terms of the Mozilla Public
+   - License, v. 2.0. If a copy of the MPL was not distributed with this
+   - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
+<svg xmlns="http://www.w3.org/2000/svg" preserveAspectRatio="xMidYMid" width="64" height="64" viewBox="0 0 64 64">
+  <defs>
+    <style>
+      .icon {
+        fill: #a6a6a6;
+        fill-rule: evenodd;
+      }
+    </style>
+  </defs>
+  <path d="M57,48 L46,48 L46,60.016 L32.482,48 L7,48 C5.343,48 4,46.657 4,45 L4,11.031 C4,9.374 5.343,8.031 7,8.031 L57,8.031 C58.657,8.031 60,9.374 60,11.031 L60,45 C60,46.657 58.657,48 57,48 ZM36,16.031 C36,14.927 35.105,14.031 34,14.031 L30,14.031 C28.895,14.031 28,14.927 28,16.031 L28,30.031 C28,31.136 28.895,32.031 30,32.031 L34,32.031 C35.105,32.031 36,31.136 36,30.031 L36,16.031 ZM36,37.5 C36,36.672 35.328,36 34.5,36 L29.5,36 C28.672,36 28,36.672 28,37.5 L28,40.5 C28,41.328 28.672,42 29.5,42 L34.5,42 C35.328,42 36,41.328 36,40.5 L36,37.5 Z" class="icon"/>
+</svg>
diff --git a/application/palemoon/themes/windows/web-notifications-tray.svg b/application/palemoon/themes/windows/web-notifications-tray.svg
new file mode 100644
index 000000000..314026a10
--- /dev/null
+++ b/application/palemoon/themes/windows/web-notifications-tray.svg
@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- This Source Code Form is subject to the terms of the Mozilla Public
+   - License, v. 2.0. If a copy of the MPL was not distributed with this
+   - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
+<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="48" height="16" viewBox="0 0 96 32">
+  <defs>
+    <style>
+      .style-icon-notification {
+        fill: #666666;
+      }
+      .style-icon-notification.hover {
+        fill: #808080;
+      }
+      .style-icon-notification.active {
+        fill: #4d4d4d;
+      }
+    </style>
+    <path id="shape-notifcations-push" d="M27,23.969 L24,23.969 L24,29.977 L17.241,23.969 L5,23.969 C3.343,23.969 2,22.626 2,20.969 L2,6.969 C2,5.312 3.343,3.969 5,3.969 L27,3.969 C28.657,3.969 30,5.312 30,6.969 L30,20.969 C30,22.626 28.657,23.969 27,23.969 ZM18,8.969 C18,7.864 17.105,6.969 16,6.969 C14.895,6.969 14,7.864 14,8.969 L14,13.969 C14,15.073 14.895,15.969 16,15.969 C17.105,15.969 18,15.073 18,13.969 L18,8.969 ZM16.5,17.969 L15.5,17.969 C14.672,17.969 14,18.640 14,19.469 C14,20.297 14.672,20.969 15.5,20.969 L16.5,20.969 C17.328,20.969 18,20.297 18,19.469 C18,18.640 17.328,17.969 16.5,17.969 Z"/>
+  </defs>
+  <use xlink:href="#shape-notifcations-push" class="style-icon-notification"/>
+  <use xlink:href="#shape-notifcations-push" transform="translate(32)" class="style-icon-notification hover"/>
+  <use xlink:href="#shape-notifcations-push" transform="translate(64)" class="style-icon-notification active"/>
+</svg>
diff --git a/browser/components/preferences/cookies.js b/browser/components/preferences/cookies.js
index 1042642da..921eee4c0 100644
--- a/browser/components/preferences/cookies.js
+++ b/browser/components/preferences/cookies.js
@@ -30,6 +30,11 @@ var gCookiesWindow = {
     this._bundle = document.getElementById("bundlePreferences");
     this._tree = document.getElementById("cookiesList");
 
+    let removeAllCookies = document.getElementById("removeAllCookies");
+    removeAllCookies.setAttribute("accesskey", this._bundle.getString("removeAllCookies.accesskey"));
+    let removeSelectedCookies = document.getElementById("removeSelectedCookies");
+    removeSelectedCookies.setAttribute("accesskey", this._bundle.getString("removeSelectedCookies.accesskey"));
+
     this._populateList(true);
 
     document.getElementById("filter").focus();
@@ -582,7 +587,7 @@ var gCookiesWindow = {
       }
     }
 
-    let buttonLabel = this._bundle.getString("removeSelectedCookies");
+    let buttonLabel = this._bundle.getString("removeSelectedCookies.label");
     let removeSelectedCookies = document.getElementById("removeSelectedCookies");
     removeSelectedCookies.label = PluralForm.get(selectedCookieCount, buttonLabel)
                                             .replace("#1", selectedCookieCount);
@@ -894,7 +899,17 @@ var gCookiesWindow = {
   },
 
   _updateRemoveAllButton: function gCookiesWindow__updateRemoveAllButton() {
-    document.getElementById("removeAllCookies").disabled = this._view._rowCount == 0;
+    let removeAllCookies = document.getElementById("removeAllCookies");
+    removeAllCookies.disabled = this._view._rowCount == 0;
+
+    let labelStringID = "removeAllCookies.label";
+    let accessKeyStringID = "removeAllCookies.accesskey";
+    if (this._view._filtered) {
+      labelStringID = "removeAllShownCookies.label";
+      accessKeyStringID = "removeAllShownCookies.accesskey";
+    }
+    removeAllCookies.setAttribute("label", this._bundle.getString(labelStringID));
+    removeAllCookies.setAttribute("accesskey", this._bundle.getString(accessKeyStringID));
   },
 
   filter: function () {
diff --git a/browser/components/preferences/cookies.xul b/browser/components/preferences/cookies.xul
index cda6ea220..bd60d9346 100644
--- a/browser/components/preferences/cookies.xul
+++ b/browser/components/preferences/cookies.xul
@@ -96,10 +96,8 @@
   <hbox align="end">
     <hbox class="actionButtons" flex="1">
       <button id="removeSelectedCookies" disabled="true" icon="clear"
-              accesskey="&button.removeSelectedCookies.accesskey;"
               oncommand="gCookiesWindow.deleteCookie();"/>
       <button id="removeAllCookies" disabled="true" icon="clear"
-              label="&button.removeAllCookies.label;" accesskey="&button.removeAllCookies.accesskey;"
               oncommand="gCookiesWindow.deleteAllCookies();"/>
       <spacer flex="1"/>
 #ifndef XP_MACOSX
diff --git a/browser/locales/en-US/chrome/browser/preferences/cookies.dtd b/browser/locales/en-US/chrome/browser/preferences/cookies.dtd
index 9dfafffa5..5e7df9609 100644
--- a/browser/locales/en-US/chrome/browser/preferences/cookies.dtd
+++ b/browser/locales/en-US/chrome/browser/preferences/cookies.dtd
@@ -7,13 +7,6 @@
 <!ENTITY     cookiesonsystem.label          "The following cookies are stored on your computer:">
 <!ENTITY     cookiename.label               "Cookie Name">
 <!ENTITY     cookiedomain.label             "Site"> 
-<!-- LOCALIZATION NOTE (button.removeSelectedCookies.accesskey):
-  The label associated with this accesskey can be found in 
-  preferences.properties as removeSelectedCookies.
--->
-<!ENTITY     button.removeSelectedCookies.accesskey "R">
-<!ENTITY     button.removeAllCookies.label "Remove All">
-<!ENTITY     button.removeAllCookies.accesskey "A">
 
 <!ENTITY     props.name.label               "Name:">
 <!ENTITY     props.value.label              "Content:">
diff --git a/browser/locales/en-US/chrome/browser/preferences/preferences.properties b/browser/locales/en-US/chrome/browser/preferences/preferences.properties
index bf9ac602b..da40f40a9 100644
--- a/browser/locales/en-US/chrome/browser/preferences/preferences.properties
+++ b/browser/locales/en-US/chrome/browser/preferences/preferences.properties
@@ -21,7 +21,7 @@ acceptVeryLargeMinimumFont=Keep my changes anyway
 
 trackingprotectionpermissionstext=You have disabled Tracking Protection on these sites.
 trackingprotectionpermissionstitle=Exceptions - Tracking Protection
-cookiepermissionstext=You can specify which websites are always or never allowed to use cookies.  Type the exact address of the site you want to manage and then click Block, Allow for Session, or Allow.
+cookiepermissionstext=You can specify which websites are always or never allowed to use cookies. Type the exact address of the site you want to manage and then click Block, Allow for Session, or Allow.
 cookiepermissionstitle=Exceptions - Cookies
 addonspermissionstext=You can specify which websites are allowed to install add-ons. Type the exact address of the site you want to allow and then click Allow.
 addons_permissions_title=Allowed Sites - Add-ons Installation
@@ -123,6 +123,18 @@ cannot=Block
 noCookieSelected=<no cookie selected>
 cookiesAll=The following cookies are stored on your computer:
 cookiesFiltered=The following cookies match your search:
+
+# LOCALIZATION NOTE (removeAllCookies, removeAllShownCookies):
+# removeAllCookies and removeAllShownCookies are both used on the same one button,
+# never displayed together and can share the same accesskey.
+# When only partial cookies are shown as a result of keyword search,
+# removeAllShownCookies is displayed as button label.
+# removeAllCookies is displayed when no keyword search and all cookies are shown.
+removeAllCookies.label=Remove All
+removeAllCookies.accesskey=A
+removeAllShownCookies.label=Remove All Shown
+removeAllShownCookies.accesskey=A
+
 # LOCALIZATION NOTE (removeSelectedCookies):
 # Semicolon-separated list of plural forms. See:
 # http://developer.mozilla.org/en/docs/Localization_and_Plurals
@@ -130,13 +142,15 @@ cookiesFiltered=The following cookies match your search:
 # you can use #1 in your localization as a placeholder for the number.
 # For example this is the English string with numbers:
 # removeSelectedCookied=Remove #1 Selected;Remove #1 Selected
-removeSelectedCookies=Remove Selected;Remove Selected
+removeSelectedCookies.label=Remove Selected;Remove Selected
+removeSelectedCookies.accesskey=R
+
 defaultUserContextLabel=None
 
 #### Offline apps
 offlineAppsList.height=7em
 offlineAppRemoveTitle=Remove offline website data
-offlineAppRemovePrompt=After removing this data, %S will not be available offline.  Are you sure you want to remove this offline website?
+offlineAppRemovePrompt=After removing this data, %S will not be available offline. Are you sure you want to remove this offline website?
 offlineAppRemoveConfirm=Remove offline data
 
 # LOCALIZATION NOTE: The next string is for the disk usage of the
diff --git a/config/external/nss/nss.symbols b/config/external/nss/nss.symbols
index ba5492c37..41f8ee7a9 100644
--- a/config/external/nss/nss.symbols
+++ b/config/external/nss/nss.symbols
@@ -271,7 +271,6 @@ NSS_IsInitialized
 NSS_OptionSet
 NSS_NoDB_Init
 NSS_SecureMemcmp
-NSS_SecureMemcmpZero
 NSS_SetAlgorithmPolicy
 NSS_SetDomesticPolicy
 NSS_Shutdown
@@ -279,9 +278,6 @@ NSSSMIME_GetVersion
 NSS_SMIMESignerInfo_SaveSMIMEProfile
 NSS_SMIMEUtil_FindBulkAlgForRecipients
 NSSSSL_GetVersion
-#ifdef XP_WIN
-_NSSUTIL_Access
-#endif
 NSSUTIL_ArgDecodeNumber
 NSSUTIL_ArgFetchValue
 NSSUTIL_ArgGetLabel
@@ -303,9 +299,6 @@ NSSUTIL_MkModuleSpec
 NSSUTIL_MkNSSString
 NSSUTIL_MkSlotString
 NSSUTIL_Quote
-#ifdef XP_WIN
-_NSSUTIL_UTF8ToWide
-#endif
 PK11_AlgtagToMechanism
 PK11_Authenticate
 PK11_ChangePW
@@ -490,7 +483,6 @@ PORT_UCS2_ASCIIConversion_Util
 PORT_UCS2_UTF8Conversion
 PORT_UCS2_UTF8Conversion_Util
 PORT_ZAlloc
-PORT_ZAllocAlignedOffset_Util
 PORT_ZAlloc_Util
 PORT_ZFree_Util
 SEC_AnyTemplate_Util @DATA@
diff --git a/dom/media/Benchmark.cpp b/dom/media/Benchmark.cpp
index 1ba6e561c..fdbedeca5 100644
--- a/dom/media/Benchmark.cpp
+++ b/dom/media/Benchmark.cpp
@@ -22,7 +22,7 @@ namespace mozilla {
 
 // Update this version number to force re-running the benchmark. Such as when
 // an improvement to FFVP9 or LIBVPX is deemed worthwhile.
-const uint32_t VP9Benchmark::sBenchmarkVersionID = 2;
+const uint32_t VP9Benchmark::sBenchmarkVersionID = 3;
 
 const char* VP9Benchmark::sBenchmarkFpsPref = "media.benchmark.vp9.fps";
 const char* VP9Benchmark::sBenchmarkFpsVersionCheck = "media.benchmark.vp9.versioncheck";
diff --git a/dom/media/platforms/ffmpeg/FFmpegVideoDecoder.cpp b/dom/media/platforms/ffmpeg/FFmpegVideoDecoder.cpp
index 5c1b6c97b..aec1e9136 100644
--- a/dom/media/platforms/ffmpeg/FFmpegVideoDecoder.cpp
+++ b/dom/media/platforms/ffmpeg/FFmpegVideoDecoder.cpp
@@ -181,8 +181,8 @@ FFmpegVideoDecoder<LIBAV_VER>::DoDecode(MediaRawData* aSample, bool* aGotFrame)
 #endif
       )) {
     while (inputSize) {
-      uint8_t* data;
-      int size;
+      uint8_t* data = inputData;
+      int size = inputSize;
       int len = mLib->av_parser_parse2(mCodecParser, mCodecContext, &data, &size,
                                        inputData, inputSize,
                                        aSample->mTime, aSample->mTimecode,
diff --git a/media/ffvpx/COPYING.GPLv2 b/media/ffvpx/COPYING.GPLv2
deleted file mode 100644
index d159169d1..000000000
--- a/media/ffvpx/COPYING.GPLv2
+++ /dev/null
@@ -1,339 +0,0 @@
-                    GNU GENERAL PUBLIC LICENSE
-                       Version 2, June 1991
-
- Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
- 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- Everyone is permitted to copy and distribute verbatim copies
- of this license document, but changing it is not allowed.
-
-                            Preamble
-
-  The licenses for most software are designed to take away your
-freedom to share and change it.  By contrast, the GNU General Public
-License is intended to guarantee your freedom to share and change free
-software--to make sure the software is free for all its users.  This
-General Public License applies to most of the Free Software
-Foundation's software and to any other program whose authors commit to
-using it.  (Some other Free Software Foundation software is covered by
-the GNU Lesser General Public License instead.)  You can apply it to
-your programs, too.
-
-  When we speak of free software, we are referring to freedom, not
-price.  Our General Public Licenses are designed to make sure that you
-have the freedom to distribute copies of free software (and charge for
-this service if you wish), that you receive source code or can get it
-if you want it, that you can change the software or use pieces of it
-in new free programs; and that you know you can do these things.
-
-  To protect your rights, we need to make restrictions that forbid
-anyone to deny you these rights or to ask you to surrender the rights.
-These restrictions translate to certain responsibilities for you if you
-distribute copies of the software, or if you modify it.
-
-  For example, if you distribute copies of such a program, whether
-gratis or for a fee, you must give the recipients all the rights that
-you have.  You must make sure that they, too, receive or can get the
-source code.  And you must show them these terms so they know their
-rights.
-
-  We protect your rights with two steps: (1) copyright the software, and
-(2) offer you this license which gives you legal permission to copy,
-distribute and/or modify the software.
-
-  Also, for each author's protection and ours, we want to make certain
-that everyone understands that there is no warranty for this free
-software.  If the software is modified by someone else and passed on, we
-want its recipients to know that what they have is not the original, so
-that any problems introduced by others will not reflect on the original
-authors' reputations.
-
-  Finally, any free program is threatened constantly by software
-patents.  We wish to avoid the danger that redistributors of a free
-program will individually obtain patent licenses, in effect making the
-program proprietary.  To prevent this, we have made it clear that any
-patent must be licensed for everyone's free use or not licensed at all.
-
-  The precise terms and conditions for copying, distribution and
-modification follow.
-
-                    GNU GENERAL PUBLIC LICENSE
-   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
-
-  0. This License applies to any program or other work which contains
-a notice placed by the copyright holder saying it may be distributed
-under the terms of this General Public License.  The "Program", below,
-refers to any such program or work, and a "work based on the Program"
-means either the Program or any derivative work under copyright law:
-that is to say, a work containing the Program or a portion of it,
-either verbatim or with modifications and/or translated into another
-language.  (Hereinafter, translation is included without limitation in
-the term "modification".)  Each licensee is addressed as "you".
-
-Activities other than copying, distribution and modification are not
-covered by this License; they are outside its scope.  The act of
-running the Program is not restricted, and the output from the Program
-is covered only if its contents constitute a work based on the
-Program (independent of having been made by running the Program).
-Whether that is true depends on what the Program does.
-
-  1. You may copy and distribute verbatim copies of the Program's
-source code as you receive it, in any medium, provided that you
-conspicuously and appropriately publish on each copy an appropriate
-copyright notice and disclaimer of warranty; keep intact all the
-notices that refer to this License and to the absence of any warranty;
-and give any other recipients of the Program a copy of this License
-along with the Program.
-
-You may charge a fee for the physical act of transferring a copy, and
-you may at your option offer warranty protection in exchange for a fee.
-
-  2. You may modify your copy or copies of the Program or any portion
-of it, thus forming a work based on the Program, and copy and
-distribute such modifications or work under the terms of Section 1
-above, provided that you also meet all of these conditions:
-
-    a) You must cause the modified files to carry prominent notices
-    stating that you changed the files and the date of any change.
-
-    b) You must cause any work that you distribute or publish, that in
-    whole or in part contains or is derived from the Program or any
-    part thereof, to be licensed as a whole at no charge to all third
-    parties under the terms of this License.
-
-    c) If the modified program normally reads commands interactively
-    when run, you must cause it, when started running for such
-    interactive use in the most ordinary way, to print or display an
-    announcement including an appropriate copyright notice and a
-    notice that there is no warranty (or else, saying that you provide
-    a warranty) and that users may redistribute the program under
-    these conditions, and telling the user how to view a copy of this
-    License.  (Exception: if the Program itself is interactive but
-    does not normally print such an announcement, your work based on
-    the Program is not required to print an announcement.)
-
-These requirements apply to the modified work as a whole.  If
-identifiable sections of that work are not derived from the Program,
-and can be reasonably considered independent and separate works in
-themselves, then this License, and its terms, do not apply to those
-sections when you distribute them as separate works.  But when you
-distribute the same sections as part of a whole which is a work based
-on the Program, the distribution of the whole must be on the terms of
-this License, whose permissions for other licensees extend to the
-entire whole, and thus to each and every part regardless of who wrote it.
-
-Thus, it is not the intent of this section to claim rights or contest
-your rights to work written entirely by you; rather, the intent is to
-exercise the right to control the distribution of derivative or
-collective works based on the Program.
-
-In addition, mere aggregation of another work not based on the Program
-with the Program (or with a work based on the Program) on a volume of
-a storage or distribution medium does not bring the other work under
-the scope of this License.
-
-  3. You may copy and distribute the Program (or a work based on it,
-under Section 2) in object code or executable form under the terms of
-Sections 1 and 2 above provided that you also do one of the following:
-
-    a) Accompany it with the complete corresponding machine-readable
-    source code, which must be distributed under the terms of Sections
-    1 and 2 above on a medium customarily used for software interchange; or,
-
-    b) Accompany it with a written offer, valid for at least three
-    years, to give any third party, for a charge no more than your
-    cost of physically performing source distribution, a complete
-    machine-readable copy of the corresponding source code, to be
-    distributed under the terms of Sections 1 and 2 above on a medium
-    customarily used for software interchange; or,
-
-    c) Accompany it with the information you received as to the offer
-    to distribute corresponding source code.  (This alternative is
-    allowed only for noncommercial distribution and only if you
-    received the program in object code or executable form with such
-    an offer, in accord with Subsection b above.)
-
-The source code for a work means the preferred form of the work for
-making modifications to it.  For an executable work, complete source
-code means all the source code for all modules it contains, plus any
-associated interface definition files, plus the scripts used to
-control compilation and installation of the executable.  However, as a
-special exception, the source code distributed need not include
-anything that is normally distributed (in either source or binary
-form) with the major components (compiler, kernel, and so on) of the
-operating system on which the executable runs, unless that component
-itself accompanies the executable.
-
-If distribution of executable or object code is made by offering
-access to copy from a designated place, then offering equivalent
-access to copy the source code from the same place counts as
-distribution of the source code, even though third parties are not
-compelled to copy the source along with the object code.
-
-  4. You may not copy, modify, sublicense, or distribute the Program
-except as expressly provided under this License.  Any attempt
-otherwise to copy, modify, sublicense or distribute the Program is
-void, and will automatically terminate your rights under this License.
-However, parties who have received copies, or rights, from you under
-this License will not have their licenses terminated so long as such
-parties remain in full compliance.
-
-  5. You are not required to accept this License, since you have not
-signed it.  However, nothing else grants you permission to modify or
-distribute the Program or its derivative works.  These actions are
-prohibited by law if you do not accept this License.  Therefore, by
-modifying or distributing the Program (or any work based on the
-Program), you indicate your acceptance of this License to do so, and
-all its terms and conditions for copying, distributing or modifying
-the Program or works based on it.
-
-  6. Each time you redistribute the Program (or any work based on the
-Program), the recipient automatically receives a license from the
-original licensor to copy, distribute or modify the Program subject to
-these terms and conditions.  You may not impose any further
-restrictions on the recipients' exercise of the rights granted herein.
-You are not responsible for enforcing compliance by third parties to
-this License.
-
-  7. If, as a consequence of a court judgment or allegation of patent
-infringement or for any other reason (not limited to patent issues),
-conditions are imposed on you (whether by court order, agreement or
-otherwise) that contradict the conditions of this License, they do not
-excuse you from the conditions of this License.  If you cannot
-distribute so as to satisfy simultaneously your obligations under this
-License and any other pertinent obligations, then as a consequence you
-may not distribute the Program at all.  For example, if a patent
-license would not permit royalty-free redistribution of the Program by
-all those who receive copies directly or indirectly through you, then
-the only way you could satisfy both it and this License would be to
-refrain entirely from distribution of the Program.
-
-If any portion of this section is held invalid or unenforceable under
-any particular circumstance, the balance of the section is intended to
-apply and the section as a whole is intended to apply in other
-circumstances.
-
-It is not the purpose of this section to induce you to infringe any
-patents or other property right claims or to contest validity of any
-such claims; this section has the sole purpose of protecting the
-integrity of the free software distribution system, which is
-implemented by public license practices.  Many people have made
-generous contributions to the wide range of software distributed
-through that system in reliance on consistent application of that
-system; it is up to the author/donor to decide if he or she is willing
-to distribute software through any other system and a licensee cannot
-impose that choice.
-
-This section is intended to make thoroughly clear what is believed to
-be a consequence of the rest of this License.
-
-  8. If the distribution and/or use of the Program is restricted in
-certain countries either by patents or by copyrighted interfaces, the
-original copyright holder who places the Program under this License
-may add an explicit geographical distribution limitation excluding
-those countries, so that distribution is permitted only in or among
-countries not thus excluded.  In such case, this License incorporates
-the limitation as if written in the body of this License.
-
-  9. The Free Software Foundation may publish revised and/or new versions
-of the General Public License from time to time.  Such new versions will
-be similar in spirit to the present version, but may differ in detail to
-address new problems or concerns.
-
-Each version is given a distinguishing version number.  If the Program
-specifies a version number of this License which applies to it and "any
-later version", you have the option of following the terms and conditions
-either of that version or of any later version published by the Free
-Software Foundation.  If the Program does not specify a version number of
-this License, you may choose any version ever published by the Free Software
-Foundation.
-
-  10. If you wish to incorporate parts of the Program into other free
-programs whose distribution conditions are different, write to the author
-to ask for permission.  For software which is copyrighted by the Free
-Software Foundation, write to the Free Software Foundation; we sometimes
-make exceptions for this.  Our decision will be guided by the two goals
-of preserving the free status of all derivatives of our free software and
-of promoting the sharing and reuse of software generally.
-
-                            NO WARRANTY
-
-  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
-FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
-OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
-PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
-OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
-TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
-PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
-REPAIR OR CORRECTION.
-
-  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
-WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
-REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
-INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
-OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
-TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
-YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
-PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
-POSSIBILITY OF SUCH DAMAGES.
-
-                     END OF TERMS AND CONDITIONS
-
-            How to Apply These Terms to Your New Programs
-
-  If you develop a new program, and you want it to be of the greatest
-possible use to the public, the best way to achieve this is to make it
-free software which everyone can redistribute and change under these terms.
-
-  To do so, attach the following notices to the program.  It is safest
-to attach them to the start of each source file to most effectively
-convey the exclusion of warranty; and each file should have at least
-the "copyright" line and a pointer to where the full notice is found.
-
-    <one line to give the program's name and a brief idea of what it does.>
-    Copyright (C) <year>  <name of author>
-
-    This program is free software; you can redistribute it and/or modify
-    it under the terms of the GNU General Public License as published by
-    the Free Software Foundation; either version 2 of the License, or
-    (at your option) any later version.
-
-    This program is distributed in the hope that it will be useful,
-    but WITHOUT ANY WARRANTY; without even the implied warranty of
-    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-    GNU General Public License for more details.
-
-    You should have received a copy of the GNU General Public License along
-    with this program; if not, write to the Free Software Foundation, Inc.,
-    51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-
-Also add information on how to contact you by electronic and paper mail.
-
-If the program is interactive, make it output a short notice like this
-when it starts in an interactive mode:
-
-    Gnomovision version 69, Copyright (C) year name of author
-    Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
-    This is free software, and you are welcome to redistribute it
-    under certain conditions; type `show c' for details.
-
-The hypothetical commands `show w' and `show c' should show the appropriate
-parts of the General Public License.  Of course, the commands you use may
-be called something other than `show w' and `show c'; they could even be
-mouse-clicks or menu items--whatever suits your program.
-
-You should also get your employer (if you work as a programmer) or your
-school, if any, to sign a "copyright disclaimer" for the program, if
-necessary.  Here is a sample; alter the names:
-
-  Yoyodyne, Inc., hereby disclaims all copyright interest in the program
-  `Gnomovision' (which makes passes at compilers) written by James Hacker.
-
-  <signature of Ty Coon>, 1 April 1989
-  Ty Coon, President of Vice
-
-This General Public License does not permit incorporating your program into
-proprietary programs.  If your program is a subroutine library, you may
-consider it more useful to permit linking proprietary applications with the
-library.  If this is what you want to do, use the GNU Lesser General
-Public License instead of this License.
diff --git a/media/ffvpx/COPYING.GPLv3 b/media/ffvpx/COPYING.GPLv3
deleted file mode 100644
index 94a9ed024..000000000
--- a/media/ffvpx/COPYING.GPLv3
+++ /dev/null
@@ -1,674 +0,0 @@
-                    GNU GENERAL PUBLIC LICENSE
-                       Version 3, 29 June 2007
-
- Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
- Everyone is permitted to copy and distribute verbatim copies
- of this license document, but changing it is not allowed.
-
-                            Preamble
-
-  The GNU General Public License is a free, copyleft license for
-software and other kinds of works.
-
-  The licenses for most software and other practical works are designed
-to take away your freedom to share and change the works.  By contrast,
-the GNU General Public License is intended to guarantee your freedom to
-share and change all versions of a program--to make sure it remains free
-software for all its users.  We, the Free Software Foundation, use the
-GNU General Public License for most of our software; it applies also to
-any other work released this way by its authors.  You can apply it to
-your programs, too.
-
-  When we speak of free software, we are referring to freedom, not
-price.  Our General Public Licenses are designed to make sure that you
-have the freedom to distribute copies of free software (and charge for
-them if you wish), that you receive source code or can get it if you
-want it, that you can change the software or use pieces of it in new
-free programs, and that you know you can do these things.
-
-  To protect your rights, we need to prevent others from denying you
-these rights or asking you to surrender the rights.  Therefore, you have
-certain responsibilities if you distribute copies of the software, or if
-you modify it: responsibilities to respect the freedom of others.
-
-  For example, if you distribute copies of such a program, whether
-gratis or for a fee, you must pass on to the recipients the same
-freedoms that you received.  You must make sure that they, too, receive
-or can get the source code.  And you must show them these terms so they
-know their rights.
-
-  Developers that use the GNU GPL protect your rights with two steps:
-(1) assert copyright on the software, and (2) offer you this License
-giving you legal permission to copy, distribute and/or modify it.
-
-  For the developers' and authors' protection, the GPL clearly explains
-that there is no warranty for this free software.  For both users' and
-authors' sake, the GPL requires that modified versions be marked as
-changed, so that their problems will not be attributed erroneously to
-authors of previous versions.
-
-  Some devices are designed to deny users access to install or run
-modified versions of the software inside them, although the manufacturer
-can do so.  This is fundamentally incompatible with the aim of
-protecting users' freedom to change the software.  The systematic
-pattern of such abuse occurs in the area of products for individuals to
-use, which is precisely where it is most unacceptable.  Therefore, we
-have designed this version of the GPL to prohibit the practice for those
-products.  If such problems arise substantially in other domains, we
-stand ready to extend this provision to those domains in future versions
-of the GPL, as needed to protect the freedom of users.
-
-  Finally, every program is threatened constantly by software patents.
-States should not allow patents to restrict development and use of
-software on general-purpose computers, but in those that do, we wish to
-avoid the special danger that patents applied to a free program could
-make it effectively proprietary.  To prevent this, the GPL assures that
-patents cannot be used to render the program non-free.
-
-  The precise terms and conditions for copying, distribution and
-modification follow.
-
-                       TERMS AND CONDITIONS
-
-  0. Definitions.
-
-  "This License" refers to version 3 of the GNU General Public License.
-
-  "Copyright" also means copyright-like laws that apply to other kinds of
-works, such as semiconductor masks.
-
-  "The Program" refers to any copyrightable work licensed under this
-License.  Each licensee is addressed as "you".  "Licensees" and
-"recipients" may be individuals or organizations.
-
-  To "modify" a work means to copy from or adapt all or part of the work
-in a fashion requiring copyright permission, other than the making of an
-exact copy.  The resulting work is called a "modified version" of the
-earlier work or a work "based on" the earlier work.
-
-  A "covered work" means either the unmodified Program or a work based
-on the Program.
-
-  To "propagate" a work means to do anything with it that, without
-permission, would make you directly or secondarily liable for
-infringement under applicable copyright law, except executing it on a
-computer or modifying a private copy.  Propagation includes copying,
-distribution (with or without modification), making available to the
-public, and in some countries other activities as well.
-
-  To "convey" a work means any kind of propagation that enables other
-parties to make or receive copies.  Mere interaction with a user through
-a computer network, with no transfer of a copy, is not conveying.
-
-  An interactive user interface displays "Appropriate Legal Notices"
-to the extent that it includes a convenient and prominently visible
-feature that (1) displays an appropriate copyright notice, and (2)
-tells the user that there is no warranty for the work (except to the
-extent that warranties are provided), that licensees may convey the
-work under this License, and how to view a copy of this License.  If
-the interface presents a list of user commands or options, such as a
-menu, a prominent item in the list meets this criterion.
-
-  1. Source Code.
-
-  The "source code" for a work means the preferred form of the work
-for making modifications to it.  "Object code" means any non-source
-form of a work.
-
-  A "Standard Interface" means an interface that either is an official
-standard defined by a recognized standards body, or, in the case of
-interfaces specified for a particular programming language, one that
-is widely used among developers working in that language.
-
-  The "System Libraries" of an executable work include anything, other
-than the work as a whole, that (a) is included in the normal form of
-packaging a Major Component, but which is not part of that Major
-Component, and (b) serves only to enable use of the work with that
-Major Component, or to implement a Standard Interface for which an
-implementation is available to the public in source code form.  A
-"Major Component", in this context, means a major essential component
-(kernel, window system, and so on) of the specific operating system
-(if any) on which the executable work runs, or a compiler used to
-produce the work, or an object code interpreter used to run it.
-
-  The "Corresponding Source" for a work in object code form means all
-the source code needed to generate, install, and (for an executable
-work) run the object code and to modify the work, including scripts to
-control those activities.  However, it does not include the work's
-System Libraries, or general-purpose tools or generally available free
-programs which are used unmodified in performing those activities but
-which are not part of the work.  For example, Corresponding Source
-includes interface definition files associated with source files for
-the work, and the source code for shared libraries and dynamically
-linked subprograms that the work is specifically designed to require,
-such as by intimate data communication or control flow between those
-subprograms and other parts of the work.
-
-  The Corresponding Source need not include anything that users
-can regenerate automatically from other parts of the Corresponding
-Source.
-
-  The Corresponding Source for a work in source code form is that
-same work.
-
-  2. Basic Permissions.
-
-  All rights granted under this License are granted for the term of
-copyright on the Program, and are irrevocable provided the stated
-conditions are met.  This License explicitly affirms your unlimited
-permission to run the unmodified Program.  The output from running a
-covered work is covered by this License only if the output, given its
-content, constitutes a covered work.  This License acknowledges your
-rights of fair use or other equivalent, as provided by copyright law.
-
-  You may make, run and propagate covered works that you do not
-convey, without conditions so long as your license otherwise remains
-in force.  You may convey covered works to others for the sole purpose
-of having them make modifications exclusively for you, or provide you
-with facilities for running those works, provided that you comply with
-the terms of this License in conveying all material for which you do
-not control copyright.  Those thus making or running the covered works
-for you must do so exclusively on your behalf, under your direction
-and control, on terms that prohibit them from making any copies of
-your copyrighted material outside their relationship with you.
-
-  Conveying under any other circumstances is permitted solely under
-the conditions stated below.  Sublicensing is not allowed; section 10
-makes it unnecessary.
-
-  3. Protecting Users' Legal Rights From Anti-Circumvention Law.
-
-  No covered work shall be deemed part of an effective technological
-measure under any applicable law fulfilling obligations under article
-11 of the WIPO copyright treaty adopted on 20 December 1996, or
-similar laws prohibiting or restricting circumvention of such
-measures.
-
-  When you convey a covered work, you waive any legal power to forbid
-circumvention of technological measures to the extent such circumvention
-is effected by exercising rights under this License with respect to
-the covered work, and you disclaim any intention to limit operation or
-modification of the work as a means of enforcing, against the work's
-users, your or third parties' legal rights to forbid circumvention of
-technological measures.
-
-  4. Conveying Verbatim Copies.
-
-  You may convey verbatim copies of the Program's source code as you
-receive it, in any medium, provided that you conspicuously and
-appropriately publish on each copy an appropriate copyright notice;
-keep intact all notices stating that this License and any
-non-permissive terms added in accord with section 7 apply to the code;
-keep intact all notices of the absence of any warranty; and give all
-recipients a copy of this License along with the Program.
-
-  You may charge any price or no price for each copy that you convey,
-and you may offer support or warranty protection for a fee.
-
-  5. Conveying Modified Source Versions.
-
-  You may convey a work based on the Program, or the modifications to
-produce it from the Program, in the form of source code under the
-terms of section 4, provided that you also meet all of these conditions:
-
-    a) The work must carry prominent notices stating that you modified
-    it, and giving a relevant date.
-
-    b) The work must carry prominent notices stating that it is
-    released under this License and any conditions added under section
-    7.  This requirement modifies the requirement in section 4 to
-    "keep intact all notices".
-
-    c) You must license the entire work, as a whole, under this
-    License to anyone who comes into possession of a copy.  This
-    License will therefore apply, along with any applicable section 7
-    additional terms, to the whole of the work, and all its parts,
-    regardless of how they are packaged.  This License gives no
-    permission to license the work in any other way, but it does not
-    invalidate such permission if you have separately received it.
-
-    d) If the work has interactive user interfaces, each must display
-    Appropriate Legal Notices; however, if the Program has interactive
-    interfaces that do not display Appropriate Legal Notices, your
-    work need not make them do so.
-
-  A compilation of a covered work with other separate and independent
-works, which are not by their nature extensions of the covered work,
-and which are not combined with it such as to form a larger program,
-in or on a volume of a storage or distribution medium, is called an
-"aggregate" if the compilation and its resulting copyright are not
-used to limit the access or legal rights of the compilation's users
-beyond what the individual works permit.  Inclusion of a covered work
-in an aggregate does not cause this License to apply to the other
-parts of the aggregate.
-
-  6. Conveying Non-Source Forms.
-
-  You may convey a covered work in object code form under the terms
-of sections 4 and 5, provided that you also convey the
-machine-readable Corresponding Source under the terms of this License,
-in one of these ways:
-
-    a) Convey the object code in, or embodied in, a physical product
-    (including a physical distribution medium), accompanied by the
-    Corresponding Source fixed on a durable physical medium
-    customarily used for software interchange.
-
-    b) Convey the object code in, or embodied in, a physical product
-    (including a physical distribution medium), accompanied by a
-    written offer, valid for at least three years and valid for as
-    long as you offer spare parts or customer support for that product
-    model, to give anyone who possesses the object code either (1) a
-    copy of the Corresponding Source for all the software in the
-    product that is covered by this License, on a durable physical
-    medium customarily used for software interchange, for a price no
-    more than your reasonable cost of physically performing this
-    conveying of source, or (2) access to copy the
-    Corresponding Source from a network server at no charge.
-
-    c) Convey individual copies of the object code with a copy of the
-    written offer to provide the Corresponding Source.  This
-    alternative is allowed only occasionally and noncommercially, and
-    only if you received the object code with such an offer, in accord
-    with subsection 6b.
-
-    d) Convey the object code by offering access from a designated
-    place (gratis or for a charge), and offer equivalent access to the
-    Corresponding Source in the same way through the same place at no
-    further charge.  You need not require recipients to copy the
-    Corresponding Source along with the object code.  If the place to
-    copy the object code is a network server, the Corresponding Source
-    may be on a different server (operated by you or a third party)
-    that supports equivalent copying facilities, provided you maintain
-    clear directions next to the object code saying where to find the
-    Corresponding Source.  Regardless of what server hosts the
-    Corresponding Source, you remain obligated to ensure that it is
-    available for as long as needed to satisfy these requirements.
-
-    e) Convey the object code using peer-to-peer transmission, provided
-    you inform other peers where the object code and Corresponding
-    Source of the work are being offered to the general public at no
-    charge under subsection 6d.
-
-  A separable portion of the object code, whose source code is excluded
-from the Corresponding Source as a System Library, need not be
-included in conveying the object code work.
-
-  A "User Product" is either (1) a "consumer product", which means any
-tangible personal property which is normally used for personal, family,
-or household purposes, or (2) anything designed or sold for incorporation
-into a dwelling.  In determining whether a product is a consumer product,
-doubtful cases shall be resolved in favor of coverage.  For a particular
-product received by a particular user, "normally used" refers to a
-typical or common use of that class of product, regardless of the status
-of the particular user or of the way in which the particular user
-actually uses, or expects or is expected to use, the product.  A product
-is a consumer product regardless of whether the product has substantial
-commercial, industrial or non-consumer uses, unless such uses represent
-the only significant mode of use of the product.
-
-  "Installation Information" for a User Product means any methods,
-procedures, authorization keys, or other information required to install
-and execute modified versions of a covered work in that User Product from
-a modified version of its Corresponding Source.  The information must
-suffice to ensure that the continued functioning of the modified object
-code is in no case prevented or interfered with solely because
-modification has been made.
-
-  If you convey an object code work under this section in, or with, or
-specifically for use in, a User Product, and the conveying occurs as
-part of a transaction in which the right of possession and use of the
-User Product is transferred to the recipient in perpetuity or for a
-fixed term (regardless of how the transaction is characterized), the
-Corresponding Source conveyed under this section must be accompanied
-by the Installation Information.  But this requirement does not apply
-if neither you nor any third party retains the ability to install
-modified object code on the User Product (for example, the work has
-been installed in ROM).
-
-  The requirement to provide Installation Information does not include a
-requirement to continue to provide support service, warranty, or updates
-for a work that has been modified or installed by the recipient, or for
-the User Product in which it has been modified or installed.  Access to a
-network may be denied when the modification itself materially and
-adversely affects the operation of the network or violates the rules and
-protocols for communication across the network.
-
-  Corresponding Source conveyed, and Installation Information provided,
-in accord with this section must be in a format that is publicly
-documented (and with an implementation available to the public in
-source code form), and must require no special password or key for
-unpacking, reading or copying.
-
-  7. Additional Terms.
-
-  "Additional permissions" are terms that supplement the terms of this
-License by making exceptions from one or more of its conditions.
-Additional permissions that are applicable to the entire Program shall
-be treated as though they were included in this License, to the extent
-that they are valid under applicable law.  If additional permissions
-apply only to part of the Program, that part may be used separately
-under those permissions, but the entire Program remains governed by
-this License without regard to the additional permissions.
-
-  When you convey a copy of a covered work, you may at your option
-remove any additional permissions from that copy, or from any part of
-it.  (Additional permissions may be written to require their own
-removal in certain cases when you modify the work.)  You may place
-additional permissions on material, added by you to a covered work,
-for which you have or can give appropriate copyright permission.
-
-  Notwithstanding any other provision of this License, for material you
-add to a covered work, you may (if authorized by the copyright holders of
-that material) supplement the terms of this License with terms:
-
-    a) Disclaiming warranty or limiting liability differently from the
-    terms of sections 15 and 16 of this License; or
-
-    b) Requiring preservation of specified reasonable legal notices or
-    author attributions in that material or in the Appropriate Legal
-    Notices displayed by works containing it; or
-
-    c) Prohibiting misrepresentation of the origin of that material, or
-    requiring that modified versions of such material be marked in
-    reasonable ways as different from the original version; or
-
-    d) Limiting the use for publicity purposes of names of licensors or
-    authors of the material; or
-
-    e) Declining to grant rights under trademark law for use of some
-    trade names, trademarks, or service marks; or
-
-    f) Requiring indemnification of licensors and authors of that
-    material by anyone who conveys the material (or modified versions of
-    it) with contractual assumptions of liability to the recipient, for
-    any liability that these contractual assumptions directly impose on
-    those licensors and authors.
-
-  All other non-permissive additional terms are considered "further
-restrictions" within the meaning of section 10.  If the Program as you
-received it, or any part of it, contains a notice stating that it is
-governed by this License along with a term that is a further
-restriction, you may remove that term.  If a license document contains
-a further restriction but permits relicensing or conveying under this
-License, you may add to a covered work material governed by the terms
-of that license document, provided that the further restriction does
-not survive such relicensing or conveying.
-
-  If you add terms to a covered work in accord with this section, you
-must place, in the relevant source files, a statement of the
-additional terms that apply to those files, or a notice indicating
-where to find the applicable terms.
-
-  Additional terms, permissive or non-permissive, may be stated in the
-form of a separately written license, or stated as exceptions;
-the above requirements apply either way.
-
-  8. Termination.
-
-  You may not propagate or modify a covered work except as expressly
-provided under this License.  Any attempt otherwise to propagate or
-modify it is void, and will automatically terminate your rights under
-this License (including any patent licenses granted under the third
-paragraph of section 11).
-
-  However, if you cease all violation of this License, then your
-license from a particular copyright holder is reinstated (a)
-provisionally, unless and until the copyright holder explicitly and
-finally terminates your license, and (b) permanently, if the copyright
-holder fails to notify you of the violation by some reasonable means
-prior to 60 days after the cessation.
-
-  Moreover, your license from a particular copyright holder is
-reinstated permanently if the copyright holder notifies you of the
-violation by some reasonable means, this is the first time you have
-received notice of violation of this License (for any work) from that
-copyright holder, and you cure the violation prior to 30 days after
-your receipt of the notice.
-
-  Termination of your rights under this section does not terminate the
-licenses of parties who have received copies or rights from you under
-this License.  If your rights have been terminated and not permanently
-reinstated, you do not qualify to receive new licenses for the same
-material under section 10.
-
-  9. Acceptance Not Required for Having Copies.
-
-  You are not required to accept this License in order to receive or
-run a copy of the Program.  Ancillary propagation of a covered work
-occurring solely as a consequence of using peer-to-peer transmission
-to receive a copy likewise does not require acceptance.  However,
-nothing other than this License grants you permission to propagate or
-modify any covered work.  These actions infringe copyright if you do
-not accept this License.  Therefore, by modifying or propagating a
-covered work, you indicate your acceptance of this License to do so.
-
-  10. Automatic Licensing of Downstream Recipients.
-
-  Each time you convey a covered work, the recipient automatically
-receives a license from the original licensors, to run, modify and
-propagate that work, subject to this License.  You are not responsible
-for enforcing compliance by third parties with this License.
-
-  An "entity transaction" is a transaction transferring control of an
-organization, or substantially all assets of one, or subdividing an
-organization, or merging organizations.  If propagation of a covered
-work results from an entity transaction, each party to that
-transaction who receives a copy of the work also receives whatever
-licenses to the work the party's predecessor in interest had or could
-give under the previous paragraph, plus a right to possession of the
-Corresponding Source of the work from the predecessor in interest, if
-the predecessor has it or can get it with reasonable efforts.
-
-  You may not impose any further restrictions on the exercise of the
-rights granted or affirmed under this License.  For example, you may
-not impose a license fee, royalty, or other charge for exercise of
-rights granted under this License, and you may not initiate litigation
-(including a cross-claim or counterclaim in a lawsuit) alleging that
-any patent claim is infringed by making, using, selling, offering for
-sale, or importing the Program or any portion of it.
-
-  11. Patents.
-
-  A "contributor" is a copyright holder who authorizes use under this
-License of the Program or a work on which the Program is based.  The
-work thus licensed is called the contributor's "contributor version".
-
-  A contributor's "essential patent claims" are all patent claims
-owned or controlled by the contributor, whether already acquired or
-hereafter acquired, that would be infringed by some manner, permitted
-by this License, of making, using, or selling its contributor version,
-but do not include claims that would be infringed only as a
-consequence of further modification of the contributor version.  For
-purposes of this definition, "control" includes the right to grant
-patent sublicenses in a manner consistent with the requirements of
-this License.
-
-  Each contributor grants you a non-exclusive, worldwide, royalty-free
-patent license under the contributor's essential patent claims, to
-make, use, sell, offer for sale, import and otherwise run, modify and
-propagate the contents of its contributor version.
-
-  In the following three paragraphs, a "patent license" is any express
-agreement or commitment, however denominated, not to enforce a patent
-(such as an express permission to practice a patent or covenant not to
-sue for patent infringement).  To "grant" such a patent license to a
-party means to make such an agreement or commitment not to enforce a
-patent against the party.
-
-  If you convey a covered work, knowingly relying on a patent license,
-and the Corresponding Source of the work is not available for anyone
-to copy, free of charge and under the terms of this License, through a
-publicly available network server or other readily accessible means,
-then you must either (1) cause the Corresponding Source to be so
-available, or (2) arrange to deprive yourself of the benefit of the
-patent license for this particular work, or (3) arrange, in a manner
-consistent with the requirements of this License, to extend the patent
-license to downstream recipients.  "Knowingly relying" means you have
-actual knowledge that, but for the patent license, your conveying the
-covered work in a country, or your recipient's use of the covered work
-in a country, would infringe one or more identifiable patents in that
-country that you have reason to believe are valid.
-
-  If, pursuant to or in connection with a single transaction or
-arrangement, you convey, or propagate by procuring conveyance of, a
-covered work, and grant a patent license to some of the parties
-receiving the covered work authorizing them to use, propagate, modify
-or convey a specific copy of the covered work, then the patent license
-you grant is automatically extended to all recipients of the covered
-work and works based on it.
-
-  A patent license is "discriminatory" if it does not include within
-the scope of its coverage, prohibits the exercise of, or is
-conditioned on the non-exercise of one or more of the rights that are
-specifically granted under this License.  You may not convey a covered
-work if you are a party to an arrangement with a third party that is
-in the business of distributing software, under which you make payment
-to the third party based on the extent of your activity of conveying
-the work, and under which the third party grants, to any of the
-parties who would receive the covered work from you, a discriminatory
-patent license (a) in connection with copies of the covered work
-conveyed by you (or copies made from those copies), or (b) primarily
-for and in connection with specific products or compilations that
-contain the covered work, unless you entered into that arrangement,
-or that patent license was granted, prior to 28 March 2007.
-
-  Nothing in this License shall be construed as excluding or limiting
-any implied license or other defenses to infringement that may
-otherwise be available to you under applicable patent law.
-
-  12. No Surrender of Others' Freedom.
-
-  If conditions are imposed on you (whether by court order, agreement or
-otherwise) that contradict the conditions of this License, they do not
-excuse you from the conditions of this License.  If you cannot convey a
-covered work so as to satisfy simultaneously your obligations under this
-License and any other pertinent obligations, then as a consequence you may
-not convey it at all.  For example, if you agree to terms that obligate you
-to collect a royalty for further conveying from those to whom you convey
-the Program, the only way you could satisfy both those terms and this
-License would be to refrain entirely from conveying the Program.
-
-  13. Use with the GNU Affero General Public License.
-
-  Notwithstanding any other provision of this License, you have
-permission to link or combine any covered work with a work licensed
-under version 3 of the GNU Affero General Public License into a single
-combined work, and to convey the resulting work.  The terms of this
-License will continue to apply to the part which is the covered work,
-but the special requirements of the GNU Affero General Public License,
-section 13, concerning interaction through a network will apply to the
-combination as such.
-
-  14. Revised Versions of this License.
-
-  The Free Software Foundation may publish revised and/or new versions of
-the GNU General Public License from time to time.  Such new versions will
-be similar in spirit to the present version, but may differ in detail to
-address new problems or concerns.
-
-  Each version is given a distinguishing version number.  If the
-Program specifies that a certain numbered version of the GNU General
-Public License "or any later version" applies to it, you have the
-option of following the terms and conditions either of that numbered
-version or of any later version published by the Free Software
-Foundation.  If the Program does not specify a version number of the
-GNU General Public License, you may choose any version ever published
-by the Free Software Foundation.
-
-  If the Program specifies that a proxy can decide which future
-versions of the GNU General Public License can be used, that proxy's
-public statement of acceptance of a version permanently authorizes you
-to choose that version for the Program.
-
-  Later license versions may give you additional or different
-permissions.  However, no additional obligations are imposed on any
-author or copyright holder as a result of your choosing to follow a
-later version.
-
-  15. Disclaimer of Warranty.
-
-  THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
-APPLICABLE LAW.  EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
-HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
-OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
-THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
-IS WITH YOU.  SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
-ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
-
-  16. Limitation of Liability.
-
-  IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
-WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
-THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
-GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
-USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
-DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
-PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
-EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
-SUCH DAMAGES.
-
-  17. Interpretation of Sections 15 and 16.
-
-  If the disclaimer of warranty and limitation of liability provided
-above cannot be given local legal effect according to their terms,
-reviewing courts shall apply local law that most closely approximates
-an absolute waiver of all civil liability in connection with the
-Program, unless a warranty or assumption of liability accompanies a
-copy of the Program in return for a fee.
-
-                     END OF TERMS AND CONDITIONS
-
-            How to Apply These Terms to Your New Programs
-
-  If you develop a new program, and you want it to be of the greatest
-possible use to the public, the best way to achieve this is to make it
-free software which everyone can redistribute and change under these terms.
-
-  To do so, attach the following notices to the program.  It is safest
-to attach them to the start of each source file to most effectively
-state the exclusion of warranty; and each file should have at least
-the "copyright" line and a pointer to where the full notice is found.
-
-    <one line to give the program's name and a brief idea of what it does.>
-    Copyright (C) <year>  <name of author>
-
-    This program is free software: you can redistribute it and/or modify
-    it under the terms of the GNU General Public License as published by
-    the Free Software Foundation, either version 3 of the License, or
-    (at your option) any later version.
-
-    This program is distributed in the hope that it will be useful,
-    but WITHOUT ANY WARRANTY; without even the implied warranty of
-    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-    GNU General Public License for more details.
-
-    You should have received a copy of the GNU General Public License
-    along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-Also add information on how to contact you by electronic and paper mail.
-
-  If the program does terminal interaction, make it output a short
-notice like this when it starts in an interactive mode:
-
-    <program>  Copyright (C) <year>  <name of author>
-    This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
-    This is free software, and you are welcome to redistribute it
-    under certain conditions; type `show c' for details.
-
-The hypothetical commands `show w' and `show c' should show the appropriate
-parts of the General Public License.  Of course, your program's commands
-might be different; for a GUI interface, you would use an "about box".
-
-  You should also get your employer (if you work as a programmer) or school,
-if any, to sign a "copyright disclaimer" for the program, if necessary.
-For more information on this, and how to apply and follow the GNU GPL, see
-<http://www.gnu.org/licenses/>.
-
-  The GNU General Public License does not permit incorporating your program
-into proprietary programs.  If your program is a subroutine library, you
-may consider it more useful to permit linking proprietary applications with
-the library.  If this is what you want to do, use the GNU Lesser General
-Public License instead of this License.  But first, please read
-<http://www.gnu.org/philosophy/why-not-lgpl.html>.
diff --git a/media/ffvpx/CREDITS b/media/ffvpx/CREDITS
deleted file mode 100644
index e29f0b853..000000000
--- a/media/ffvpx/CREDITS
+++ /dev/null
@@ -1,6 +0,0 @@
-See the Git history of the project (git://source.ffmpeg.org/ffmpeg) to
-get the names of people who have contributed to FFmpeg.
-
-To check the log, you can type the command "git log" in the FFmpeg
-source directory, or browse the online repository at
-http://source.ffmpeg.org.
diff --git a/media/ffvpx/Changelog b/media/ffvpx/Changelog
deleted file mode 100644
index 2e1cd36f5..000000000
--- a/media/ffvpx/Changelog
+++ /dev/null
@@ -1,1476 +0,0 @@
-Entries are sorted chronologically from oldest to youngest within each release,
-releases are sorted from youngest to oldest.
-
-version 3.0:
-- Common Encryption (CENC) MP4 encoding and decoding support
-- DXV decoding
-- extrastereo filter
-- ocr filter
-- alimiter filter
-- stereowiden filter
-- stereotools filter
-- rubberband filter
-- tremolo filter
-- agate filter
-- chromakey filter
-- maskedmerge filter
-- Screenpresso SPV1 decoding
-- chromaprint fingerprinting muxer
-- ffplay dynamic volume control
-- displace filter
-- selectivecolor filter
-- extensive native AAC encoder improvements and removal of experimental flag
-- ADPCM PSX decoder
-- 3dostr, dcstr, fsb, genh, vag, xvag, ads, msf, svag & vpk demuxer
-- zscale filter
-- wve demuxer
-- zero-copy Intel QSV transcoding in ffmpeg
-- shuffleframes filter
-- SDX2 DPCM decoder
-- vibrato filter
-- innoHeim/Rsupport Screen Capture Codec decoder
-- ADPCM AICA decoder
-- Interplay ACM demuxer and audio decoder
-- XMA1 & XMA2 decoder
-- realtime filter
-- anoisesrc audio filter source
-- IVR demuxer
-- compensationdelay filter
-- acompressor filter
-- support encoding 16-bit RLE SGI images
-- apulsator filter
-- sidechaingate audio filter
-- mipsdspr1 option has been renamed to mipsdsp
-- aemphasis filter
-- mips32r5 option has been removed
-- mips64r6 option has been removed
-- DXVA2-accelerated VP9 decoding
-- SOFAlizer: virtual binaural acoustics filter
-- VAAPI VP9 hwaccel
-- audio high-order multiband parametric equalizer
-- automatic bitstream filtering
-- showspectrumpic filter
-- libstagefright support removed
-- spectrumsynth filter
-- ahistogram filter
-- only seek with the right mouse button in ffplay
-- toggle full screen when double-clicking with the left mouse button in ffplay
-- afftfilt filter
-- convolution filter
-- libquvi support removed
-- support for dvaudio in wav and avi
-- libaacplus and libvo-aacenc support removed
-- Cineform HD decoder
-- new DCA decoder with full support for DTS-HD extensions
-- significant performance improvements in Windows Television (WTV) demuxer
-- nnedi deinterlacer
-- streamselect video and astreamselect audio filter
-- swaprect filter
-- metadata video and ametadata audio filter
-- SMPTE VC-2 HQ profile support for the Dirac decoder
-- SMPTE VC-2 native encoder supporting the HQ profile
-
-
-version 2.8:
-- colorkey video filter
-- BFSTM/BCSTM demuxer
-- little-endian ADPCM_THP decoder
-- Hap decoder and encoder
-- DirectDraw Surface image/texture decoder
-- ssim filter
-- optional new ASF demuxer
-- showvolume filter
-- Many improvements to the JPEG 2000 decoder
-- Go2Meeting decoding support
-- adrawgraph audio and drawgraph video filter
-- removegrain video filter
-- Intel QSV-accelerated MPEG-2 video and HEVC encoding
-- Intel QSV-accelerated MPEG-2 video and HEVC decoding
-- Intel QSV-accelerated VC-1 video decoding
-- libkvazaar HEVC encoder
-- erosion, dilation, deflate and inflate video filters
-- Dynamic Audio Normalizer as dynaudnorm filter
-- Reverse video and areverse audio filter
-- Random filter
-- deband filter
-- AAC fixed-point decoding
-- sidechaincompress audio filter
-- bitstream filter for converting HEVC from MP4 to Annex B
-- acrossfade audio filter
-- allyuv and allrgb video sources
-- atadenoise video filter
-- OS X VideoToolbox support
-- aphasemeter filter
-- showfreqs filter
-- vectorscope filter
-- waveform filter
-- hstack and vstack filter
-- Support DNx100 (1440x1080@8)
-- VAAPI hevc hwaccel
-- VDPAU hevc hwaccel
-- framerate filter
-- Switched default encoders for webm to VP9 and Opus
-- Removed experimental flag from the JPEG 2000 encoder
-
-
-version 2.7:
-- FFT video filter
-- TDSC decoder
-- DTS lossless extension (XLL) decoding (not lossless, disabled by default)
-- showwavespic filter
-- DTS decoding through libdcadec
-- Drop support for nvenc API before 5.0
-- nvenc HEVC encoder
-- Detelecine filter
-- Intel QSV-accelerated H.264 encoding
-- MMAL-accelerated H.264 decoding
-- basic APNG encoder and muxer with default extension "apng"
-- unpack DivX-style packed B-frames in MPEG-4 bitstream filter
-- WebM Live Chunk Muxer
-- nvenc level and tier options
-- chorus filter
-- Canopus HQ/HQA decoder
-- Automatically rotate videos based on metadata in ffmpeg
-- improved Quickdraw compatibility
-- VP9 high bit-depth and extended colorspaces decoding support
-- WebPAnimEncoder API when available for encoding and muxing WebP
-- Direct3D11-accelerated decoding
-- Support Secure Transport
-- Multipart JPEG demuxer
-
-
-version 2.6:
-- nvenc encoder
-- 10bit spp filter
-- colorlevels filter
-- RIFX format for *.wav files
-- RTP/mpegts muxer
-- non continuous cache protocol support
-- tblend filter
-- cropdetect support for non 8bpp, absolute (if limit >= 1) and relative (if limit < 1.0) threshold
-- Camellia symmetric block cipher
-- OpenH264 encoder wrapper
-- VOC seeking support
-- Closed caption Decoder
-- fspp, uspp, pp7 MPlayer postprocessing filters ported to native filters
-- showpalette filter
-- Twofish symmetric block cipher
-- Support DNx100 (960x720@8)
-- eq2 filter ported from libmpcodecs as eq filter
-- removed libmpcodecs
-- Changed default DNxHD colour range in QuickTime .mov derivatives to mpeg range
-- ported softpulldown filter from libmpcodecs as repeatfields filter
-- dcshift filter
-- RTP depacketizer for loss tolerant payload format for MP3 audio (RFC 5219)
-- RTP depacketizer for AC3 payload format (RFC 4184)
-- palettegen and paletteuse filters
-- VP9 RTP payload format (draft 0) experimental depacketizer
-- RTP depacketizer for DV (RFC 6469)
-- DXVA2-accelerated HEVC decoding
-- AAC ELD 480 decoding
-- Intel QSV-accelerated H.264 decoding
-- DSS SP decoder and DSS demuxer
-- Fix stsd atom corruption in DNxHD QuickTimes
-- Canopus HQX decoder
-- RTP depacketization of T.140 text (RFC 4103)
-- Port MIPS optimizations to 64-bit
-
-
-version 2.5:
-- HEVC/H.265 RTP payload format (draft v6) packetizer
-- SUP/PGS subtitle demuxer
-- ffprobe -show_pixel_formats option
-- CAST128 symmetric block cipher, ECB mode
-- STL subtitle demuxer and decoder
-- libutvideo YUV 4:2:2 10bit support
-- XCB-based screen-grabber
-- UDP-Lite support (RFC 3828)
-- xBR scaling filter
-- AVFoundation screen capturing support
-- ffserver supports codec private options
-- creating DASH compatible fragmented MP4, MPEG-DASH segmenting muxer
-- WebP muxer with animated WebP support
-- zygoaudio decoding support
-- APNG demuxer
-- postproc visualization support
-
-
-version 2.4:
-- Icecast protocol
-- ported lenscorrection filter from frei0r filter
-- large optimizations in dctdnoiz to make it usable
-- ICY metadata are now requested by default with the HTTP protocol
-- support for using metadata in stream specifiers in fftools
-- LZMA compression support in TIFF decoder
-- H.261 RTP payload format (RFC 4587) depacketizer and experimental packetizer
-- HEVC/H.265 RTP payload format (draft v6) depacketizer
-- added codecview filter to visualize information exported by some codecs
-- Matroska 3D support thorugh side data
-- HTML generation using texi2html is deprecated in favor of makeinfo/texi2any
-- silenceremove filter
-
-
-version 2.3:
-- AC3 fixed-point decoding
-- shuffleplanes filter
-- subfile protocol
-- Phantom Cine demuxer
-- replaygain data export
-- VP7 video decoder
-- Alias PIX image encoder and decoder
-- Improvements to the BRender PIX image decoder
-- Improvements to the XBM decoder
-- QTKit input device
-- improvements to OpenEXR image decoder
-- support decoding 16-bit RLE SGI images
-- GDI screen grabbing for Windows
-- alternative rendition support for HTTP Live Streaming
-- AVFoundation input device
-- Direct Stream Digital (DSD) decoder
-- Magic Lantern Video (MLV) demuxer
-- On2 AVC (Audio for Video) decoder
-- support for decoding through DXVA2 in ffmpeg
-- libbs2b-based stereo-to-binaural audio filter
-- libx264 reference frames count limiting depending on level
-- native Opus decoder
-- display matrix export and rotation API
-- WebVTT encoder
-- showcqt multimedia filter
-- zoompan filter
-- signalstats filter
-- hqx filter (hq2x, hq3x, hq4x)
-- flanger filter
-- Image format auto-detection
-- LRC demuxer and muxer
-- Samba protocol (via libsmbclient)
-- WebM DASH Manifest muxer
-- libfribidi support in drawtext
-
-
-version 2.2:
-
-- HNM version 4 demuxer and video decoder
-- Live HDS muxer
-- setsar/setdar filters now support variables in ratio expressions
-- elbg filter
-- string validation in ffprobe
-- support for decoding through VDPAU in ffmpeg (the -hwaccel option)
-- complete Voxware MetaSound decoder
-- remove mp3_header_compress bitstream filter
-- Windows resource files for shared libraries
-- aeval filter
-- stereoscopic 3d metadata handling
-- WebP encoding via libwebp
-- ATRAC3+ decoder
-- VP8 in Ogg demuxing
-- side & metadata support in NUT
-- framepack filter
-- XYZ12 rawvideo support in NUT
-- Exif metadata support in WebP decoder
-- OpenGL device
-- Use metadata_header_padding to control padding in ID3 tags (currently used in
-  MP3, AIFF, and OMA files), FLAC header, and the AVI "junk" block.
-- Mirillis FIC video decoder
-- Support DNx444
-- libx265 encoder
-- dejudder filter
-- Autodetect VDA like all other hardware accelerations
-- aliases and defaults for Ogg subtypes (opus, spx)
-
-
-version 2.1:
-
-- aecho filter
-- perspective filter ported from libmpcodecs
-- ffprobe -show_programs option
-- compand filter
-- RTMP seek support
-- when transcoding with ffmpeg (i.e. not streamcopying), -ss is now accurate
-  even when used as an input option. Previous behavior can be restored with
-  the -noaccurate_seek option.
-- ffmpeg -t option can now be used for inputs, to limit the duration of
-  data read from an input file
-- incomplete Voxware MetaSound decoder
-- read EXIF metadata from JPEG
-- DVB teletext decoder
-- phase filter ported from libmpcodecs
-- w3fdif filter
-- Opus support in Matroska
-- FFV1 version 1.3 is stable and no longer experimental
-- FFV1: YUVA(444,422,420) 9, 10 and 16 bit support
-- changed DTS stream id in lavf mpeg ps muxer from 0x8a to 0x88, to be
-  more consistent with other muxers.
-- adelay filter
-- pullup filter ported from libmpcodecs
-- ffprobe -read_intervals option
-- Lossless and alpha support for WebP decoder
-- Error Resilient AAC syntax (ER AAC LC) decoding
-- Low Delay AAC (ER AAC LD) decoding
-- mux chapters in ASF files
-- SFTP protocol (via libssh)
-- libx264: add ability to encode in YUVJ422P and YUVJ444P
-- Fraps: use BT.709 colorspace by default for yuv, as reference fraps decoder does
-- make decoding alpha optional for prores, ffv1 and vp6 by setting
-  the skip_alpha flag.
-- ladspa wrapper filter
-- native VP9 decoder
-- dpx parser
-- max_error_rate parameter in ffmpeg
-- PulseAudio output device
-- ReplayGain scanner
-- Enhanced Low Delay AAC (ER AAC ELD) decoding (no LD SBR support)
-- Linux framebuffer output device
-- HEVC decoder
-- raw HEVC, HEVC in MOV/MP4, HEVC in Matroska, HEVC in MPEG-TS demuxing
-- mergeplanes filter
-
-
-version 2.0:
-
-- curves filter
-- reference-counting for AVFrame and AVPacket data
-- ffmpeg now fails when input options are used for output file
-  or vice versa
-- support for Monkey's Audio versions from 3.93
-- perms and aperms filters
-- audio filtering support in ffplay
-- 10% faster aac encoding on x86 and MIPS
-- sine audio filter source
-- WebP demuxing and decoding support
-- ffmpeg options -filter_script and -filter_complex_script, which allow a
-  filtergraph description to be read from a file
-- OpenCL support
-- audio phaser filter
-- separatefields filter
-- libquvi demuxer
-- uniform options syntax across all filters
-- telecine filter
-- interlace filter
-- smptehdbars source
-- inverse telecine filters (fieldmatch and decimate)
-- colorbalance filter
-- colorchannelmixer filter
-- The matroska demuxer can now output proper verbatim ASS packets. It will
-  become the default at the next libavformat major bump.
-- decent native animated GIF encoding
-- asetrate filter
-- interleave filter
-- timeline editing with filters
-- vidstabdetect and vidstabtransform filters for video stabilization using
-  the vid.stab library
-- astats filter
-- trim and atrim filters
-- ffmpeg -t and -ss (output-only) options are now sample-accurate when
-  transcoding audio
-- Matroska muxer can now put the index at the beginning of the file.
-- extractplanes filter
-- avectorscope filter
-- ADPCM DTK decoder
-- ADP demuxer
-- RSD demuxer
-- RedSpark demuxer
-- ADPCM IMA Radical decoder
-- zmq filters
-- DCT denoiser filter (dctdnoiz)
-- Wavelet denoiser filter ported from libmpcodecs as owdenoise (formerly "ow")
-- Apple Intermediate Codec decoder
-- Escape 130 video decoder
-- FTP protocol support
-- V4L2 output device
-- 3D LUT filter (lut3d)
-- SMPTE 302M audio encoder
-- support for slice multithreading in libavfilter
-- Hald CLUT support (generation and filtering)
-- VC-1 interlaced B-frame support
-- support for WavPack muxing (raw and in Matroska)
-- XVideo output device
-- vignette filter
-- True Audio (TTA) encoder
-- Go2Webinar decoder
-- mcdeint filter ported from libmpcodecs
-- sab filter ported from libmpcodecs
-- ffprobe -show_chapters option
-- WavPack encoding through libwavpack
-- rotate filter
-- spp filter ported from libmpcodecs
-- libgme support
-- psnr filter
-
-
-version 1.2:
-
-- VDPAU hardware acceleration through normal hwaccel
-- SRTP support
-- Error diffusion dither in Swscale
-- Chained Ogg support
-- Theora Midstream reconfiguration support
-- EVRC decoder
-- audio fade filter
-- filtering audio with unknown channel layout
-- allpass, bass, bandpass, bandreject, biquad, equalizer, highpass, lowpass
-  and treble audio filter
-- improved showspectrum filter, with multichannel support and sox-like colors
-- histogram filter
-- tee muxer
-- il filter ported from libmpcodecs
-- support ID3v2 tags in ASF files
-- encrypted TTA stream decoding support
-- RF64 support in WAV muxer
-- noise filter ported from libmpcodecs
-- Subtitles character encoding conversion
-- blend filter
-- stereo3d filter ported from libmpcodecs
-
-
-version 1.1:
-
-- stream disposition information printing in ffprobe
-- filter for loudness analysis following EBU R128
-- Opus encoder using libopus
-- ffprobe -select_streams option
-- Pinnacle TARGA CineWave YUV16 decoder
-- TAK demuxer, decoder and parser
-- DTS-HD demuxer
-- remove -same_quant, it hasn't worked for years
-- FFM2 support
-- X-Face image encoder and decoder
-- 24-bit FLAC encoding
-- multi-channel ALAC encoding up to 7.1
-- metadata (INFO tag) support in WAV muxer
-- subtitles raw text decoder
-- support for building DLLs using MSVC
-- LVF demuxer
-- ffescape tool
-- metadata (info chunk) support in CAF muxer
-- field filter ported from libmpcodecs
-- AVR demuxer
-- geq filter ported from libmpcodecs
-- remove ffserver daemon mode
-- AST muxer/demuxer
-- new expansion syntax for drawtext
-- BRender PIX image decoder
-- ffprobe -show_entries option
-- ffprobe -sections option
-- ADPCM IMA Dialogic decoder
-- BRSTM demuxer
-- animated GIF decoder and demuxer
-- PVF demuxer
-- subtitles filter
-- IRCAM muxer/demuxer
-- Paris Audio File demuxer
-- Virtual concatenation demuxer
-- VobSub demuxer
-- JSON captions for TED talks decoding support
-- SOX Resampler support in libswresample
-- aselect filter
-- SGI RLE 8-bit / Silicon Graphics RLE 8-bit video decoder
-- Silicon Graphics Motion Video Compressor 1 & 2 decoder
-- Silicon Graphics Movie demuxer
-- apad filter
-- Resolution & pixel format change support with multithreading for H.264
-- documentation split into per-component manuals
-- pp (postproc) filter ported from MPlayer
-- NIST Sphere demuxer
-- MPL2, VPlayer, MPlayer, AQTitle, PJS and SubViewer v1 subtitles demuxers and decoders
-- Sony Wave64 muxer
-- adobe and limelight publisher authentication in RTMP
-- data: URI scheme
-- support building on the Plan 9 operating system
-- kerndeint filter ported from MPlayer
-- histeq filter ported from VirtualDub
-- Megalux Frame demuxer
-- 012v decoder
-- Improved AVC Intra decoding support
-
-
-version 1.0:
-
-- INI and flat output in ffprobe
-- Scene detection in libavfilter
-- Indeo Audio decoder
-- channelsplit audio filter
-- setnsamples audio filter
-- atempo filter
-- ffprobe -show_data option
-- RTMPT protocol support
-- iLBC encoding/decoding via libilbc
-- Microsoft Screen 1 decoder
-- join audio filter
-- audio channel mapping filter
-- Microsoft ATC Screen decoder
-- RTSP listen mode
-- TechSmith Screen Codec 2 decoder
-- AAC encoding via libfdk-aac
-- Microsoft Expression Encoder Screen decoder
-- RTMPS protocol support
-- RTMPTS protocol support
-- RTMPE protocol support
-- RTMPTE protocol support
-- showwaves and showspectrum filter
-- LucasArts SMUSH SANM playback support
-- LucasArts SMUSH VIMA audio decoder (ADPCM)
-- LucasArts SMUSH demuxer
-- SAMI, RealText and SubViewer demuxers and decoders
-- Heart Of Darkness PAF playback support
-- iec61883 device
-- asettb filter
-- new option: -progress
-- 3GPP Timed Text encoder/decoder
-- GeoTIFF decoder support
-- ffmpeg -(no)stdin option
-- Opus decoder using libopus
-- caca output device using libcaca
-- alphaextract and alphamerge filters
-- concat filter
-- flite filter
-- Canopus Lossless Codec decoder
-- bitmap subtitles in filters (experimental and temporary)
-- MP2 encoding via TwoLAME
-- bmp parser
-- smptebars source
-- asetpts filter
-- hue filter
-- ICO muxer
-- SubRip encoder and decoder without embedded timing
-- edge detection filter
-- framestep filter
-- ffmpeg -shortest option is now per-output file
-  -pass and -passlogfile are now per-output stream
-- volume measurement filter
-- Ut Video encoder
-- Microsoft Screen 2 decoder
-- smartblur filter ported from MPlayer
-- CPiA decoder
-- decimate filter ported from MPlayer
-- RTP depacketization of JPEG
-- Smooth Streaming live segmenter muxer
-- F4V muxer
-- sendcmd and asendcmd filters
-- WebVTT demuxer and decoder (simple tags supported)
-- RTP packetization of JPEG
-- faststart option in the MOV/MP4 muxer
-- support for building with MSVC
-
-
-version 0.11:
-
-- Fixes: CVE-2012-2772, CVE-2012-2774, CVE-2012-2775, CVE-2012-2776, CVE-2012-2777,
-         CVE-2012-2779, CVE-2012-2782, CVE-2012-2783, CVE-2012-2784, CVE-2012-2785,
-         CVE-2012-2786, CVE-2012-2787, CVE-2012-2788, CVE-2012-2789, CVE-2012-2790,
-         CVE-2012-2791, CVE-2012-2792, CVE-2012-2793, CVE-2012-2794, CVE-2012-2795,
-         CVE-2012-2796, CVE-2012-2797, CVE-2012-2798, CVE-2012-2799, CVE-2012-2800,
-         CVE-2012-2801, CVE-2012-2802, CVE-2012-2803, CVE-2012-2804,
-- v408 Quicktime and Microsoft AYUV Uncompressed 4:4:4:4 encoder and decoder
-- setfield filter
-- CDXL demuxer and decoder
-- Apple ProRes encoder
-- ffprobe -count_packets and -count_frames options
-- Sun Rasterfile Encoder
-- ID3v2 attached pictures reading and writing
-- WMA Lossless decoder
-- bluray protocol
-- blackdetect filter
-- libutvideo encoder wrapper (--enable-libutvideo)
-- swapuv filter
-- bbox filter
-- XBM encoder and decoder
-- RealAudio Lossless decoder
-- ZeroCodec decoder
-- tile video filter
-- Metal Gear Solid: The Twin Snakes demuxer
-- OpenEXR image decoder
-- removelogo filter
-- drop support for ffmpeg without libavfilter
-- drawtext video filter: fontconfig support
-- ffmpeg -benchmark_all option
-- super2xsai filter ported from libmpcodecs
-- add libavresample audio conversion library for compatibility
-- MicroDVD decoder
-- Avid Meridien (AVUI) encoder and decoder
-- accept + prefix to -pix_fmt option to disable automatic conversions.
-- complete audio filtering in libavfilter and ffmpeg
-- add fps filter
-- vorbis parser
-- png parser
-- audio mix filter
-- ffv1: support (draft) version 1.3
-
-
-version 0.10:
-
-- Fixes: CVE-2011-3929, CVE-2011-3934, CVE-2011-3935, CVE-2011-3936,
-         CVE-2011-3937, CVE-2011-3940, CVE-2011-3941, CVE-2011-3944,
-         CVE-2011-3945, CVE-2011-3946, CVE-2011-3947, CVE-2011-3949,
-         CVE-2011-3950, CVE-2011-3951, CVE-2011-3952
-- v410 Quicktime Uncompressed 4:4:4 10-bit encoder and decoder
-- SBaGen (SBG) binaural beats script demuxer
-- OpenMG Audio muxer
-- Timecode extraction in DV and MOV
-- thumbnail video filter
-- XML output in ffprobe
-- asplit audio filter
-- tinterlace video filter
-- astreamsync audio filter
-- amerge audio filter
-- ISMV (Smooth Streaming) muxer
-- GSM audio parser
-- SMJPEG muxer
-- XWD encoder and decoder
-- Automatic thread count based on detection number of (available) CPU cores
-- y41p Brooktree Uncompressed 4:1:1 12-bit encoder and decoder
-- ffprobe -show_error option
-- Avid 1:1 10-bit RGB Packer codec
-- v308 Quicktime Uncompressed 4:4:4 encoder and decoder
-- yuv4 libquicktime packed 4:2:0 encoder and decoder
-- ffprobe -show_frames option
-- silencedetect audio filter
-- ffprobe -show_program_version, -show_library_versions, -show_versions options
-- rv34: frame-level multi-threading
-- optimized iMDCT transform on x86 using SSE for for mpegaudiodec
-- Improved PGS subtitle decoder
-- dumpgraph option to lavfi device
-- r210 and r10k encoders
-- ffwavesynth decoder
-- aviocat tool
-- ffeval tool
-- support encoding and decoding 4-channel SGI images
-
-
-version 0.9:
-
-- openal input device added
-- boxblur filter added
-- BWF muxer
-- Flash Screen Video 2 decoder
-- lavfi input device added
-- added avconv, which is almost the same for now, except
-for a few incompatible changes in the options, which will hopefully make them
-easier to use. The changes are:
-    * The options placement is now strictly enforced! While in theory the
-      options for ffmpeg should be given in [input options] -i INPUT [output
-      options] OUTPUT order, in practice it was possible to give output options
-      before the -i and it mostly worked. Except when it didn't - the behavior was
-      a bit inconsistent. In avconv, it is not possible to mix input and output
-      options. All non-global options are reset after an input or output filename.
-    * All per-file options are now truly per-file - they apply only to the next
-      input or output file and specifying different values for different files
-      will now work properly (notably -ss and -t options).
-    * All per-stream options are now truly per-stream - it is possible to
-      specify which stream(s) should a given option apply to. See the Stream
-      specifiers section in the avconv manual for details.
-    * In ffmpeg some options (like -newvideo/-newaudio/...) are irregular in the
-      sense that they're specified after the output filename instead of before,
-      like all other options. In avconv this irregularity is removed, all options
-      apply to the next input or output file.
-    * -newvideo/-newaudio/-newsubtitle options were removed. Not only were they
-      irregular and highly confusing, they were also redundant. In avconv the -map
-      option will create new streams in the output file and map input streams to
-      them. E.g. avconv -i INPUT -map 0 OUTPUT will create an output stream for
-      each stream in the first input file.
-    * The -map option now has slightly different and more powerful syntax:
-        + Colons (':') are used to separate file index/stream type/stream index
-          instead of dots. Comma (',') is used to separate the sync stream instead
-          of colon.. This is done for consistency with other options.
-        + It's possible to specify stream type. E.g. -map 0:a:2 creates an
-          output stream from the third input audio stream.
-        + Omitting the stream index now maps all the streams of the given type,
-          not just the first. E.g. -map 0:s creates output streams for all the
-          subtitle streams in the first input file.
-        + Since -map can now match multiple streams, negative mappings were
-          introduced. Negative mappings disable some streams from an already
-          defined map. E.g. '-map 0 -map -0:a:1' means 'create output streams for
-          all the stream in the first input file, except for the second audio
-          stream'.
-    * There is a new option -c (or -codec) for choosing the decoder/encoder to
-      use, which makes it possible to precisely specify target stream(s) consistently with
-      other options. E.g. -c:v lib264 sets the codec for all video streams, -c:a:0
-      libvorbis sets the codec for the first audio stream and -c copy copies all
-      the streams without reencoding. Old -vcodec/-acodec/-scodec options are now
-      aliases to -c:v/a/s
-    * It is now possible to precisely specify which stream should an AVOption
-      apply to. E.g. -b:v:0 2M sets the bitrate for the first video stream, while
-      -b:a 128k sets the bitrate for all audio streams. Note that the old -ab 128k
-      syntax is deprecated and will stop working soon.
-    * -map_chapters now takes only an input file index and applies to the next
-      output file. This is consistent with how all the other options work.
-    * -map_metadata now takes only an input metadata specifier and applies to
-      the next output file. Output metadata specifier is now part of the option
-      name, similarly to the AVOptions/map/codec feature above.
-    * -metadata can now be used to set metadata on streams and chapters, e.g.
-      -metadata:s:1 language=eng sets the language of the first stream to 'eng'.
-      This made -vlang/-alang/-slang options redundant, so they were removed.
-    * -qscale option now uses stream specifiers and applies to all streams, not
-      just video. I.e. plain -qscale number would now apply to all streams. To get
-      the old behavior, use -qscale:v. Also there is now a shortcut -q for -qscale
-      and -aq is now an alias for -q:a.
-    * -vbsf/-absf/-sbsf options were removed and replaced by a -bsf option which
-      uses stream specifiers. Use -bsf:v/a/s instead of the old options.
-    * -itsscale option now uses stream specifiers, so its argument is only the
-      scale parameter.
-    * -intra option was removed, use -g 0 for the same effect.
-    * -psnr option was removed, use -flags +psnr for the same effect.
-    * -vf option is now an alias to the new -filter option, which uses stream specifiers.
-    * -vframes/-aframes/-dframes options are now aliases to the new -frames option.
-    * -vtag/-atag/-stag options are now aliases to the new -tag option.
-- XMV demuxer
-- LOAS demuxer
-- ashowinfo filter added
-- Windows Media Image decoder
-- amovie source added
-- LATM muxer/demuxer
-- Speex encoder via libspeex
-- JSON output in ffprobe
-- WTV muxer
-- Optional C++ Support (needed for libstagefright)
-- H.264 Decoding on Android via Stagefright
-- Prores decoder
-- BIN/XBIN/ADF/IDF text file decoder
-- aconvert audio filter added
-- audio support to lavfi input device added
-- libcdio-paranoia input device for audio CD grabbing
-- Apple ProRes decoder
-- CELT in Ogg demuxing
-- G.723.1 demuxer and decoder
-- libmodplug support (--enable-libmodplug)
-- VC-1 interlaced decoding
-- libutvideo wrapper (--enable-libutvideo)
-- aevalsrc audio source added
-- Ut Video decoder
-- Speex encoding via libspeex
-- 4:2:2 H.264 decoding support
-- 4:2:2 and 4:4:4 H.264 encoding with libx264
-- Pulseaudio input device
-- Prores encoder
-- Video Decoder Acceleration (VDA) HWAccel module.
-- replacement Indeo 3 decoder
-- new ffmpeg option: -map_channel
-- volume audio filter added
-- earwax audio filter added
-- libv4l2 support (--enable-libv4l2)
-- TLS/SSL and HTTPS protocol support
-- AVOptions API rewritten and documented
-- most of CODEC_FLAG2_*, some CODEC_FLAG_* and many codec-specific fields in
-  AVCodecContext deprecated. Codec private options should be used instead.
-- Properly working defaults in libx264 wrapper, support for native presets.
-- Encrypted OMA files support
-- Discworld II BMV decoding support
-- VBLE Decoder
-- OS X Video Decoder Acceleration (VDA) support
-- compact and csv output in ffprobe
-- pan audio filter
-- IFF Amiga Continuous Bitmap (ACBM) decoder
-- ass filter
-- CRI ADX audio format muxer and demuxer
-- Playstation Portable PMP format demuxer
-- Microsoft Windows ICO demuxer
-- life source
-- PCM format support in OMA demuxer
-- CLJR encoder
-- new option: -report
-- Dxtory capture format decoder
-- cellauto source
-- Simple segmenting muxer
-- Indeo 4 decoder
-- SMJPEG demuxer
-
-
-version 0.8:
-
-- many many things we forgot because we rather write code than changelogs
-- WebM support in Matroska de/muxer
-- low overhead Ogg muxing
-- MMS-TCP support
-- VP8 de/encoding via libvpx
-- Demuxer for On2's IVF format
-- Pictor/PC Paint decoder
-- HE-AAC v2 decoder
-- HE-AAC v2 encoding with libaacplus
-- libfaad2 wrapper removed
-- DTS-ES extension (XCh) decoding support
-- native VP8 decoder
-- RTSP tunneling over HTTP
-- RTP depacketization of SVQ3
-- -strict inofficial replaced by -strict unofficial
-- ffplay -exitonkeydown and -exitonmousedown options added
-- native GSM / GSM MS decoder
-- RTP depacketization of QDM2
-- ANSI/ASCII art playback system
-- Lego Mindstorms RSO de/muxer
-- libavcore added (and subsequently removed)
-- SubRip subtitle file muxer and demuxer
-- Chinese AVS encoding via libxavs
-- ffprobe -show_packets option added
-- RTP packetization of Theora and Vorbis
-- RTP depacketization of MP4A-LATM
-- RTP packetization and depacketization of VP8
-- hflip filter
-- Apple HTTP Live Streaming demuxer
-- a64 codec
-- MMS-HTTP support
-- G.722 ADPCM audio encoder/decoder
-- R10k video decoder
-- ocv_smooth filter
-- frei0r wrapper filter
-- change crop filter syntax to width:height:x:y
-- make the crop filter accept parametric expressions
-- make ffprobe accept AVFormatContext options
-- yadif filter
-- blackframe filter
-- Demuxer for Leitch/Harris' VR native stream format (LXF)
-- RTP depacketization of the X-QT QuickTime format
-- SAP (Session Announcement Protocol, RFC 2974) muxer and demuxer
-- cropdetect filter
-- ffmpeg -crop* options removed
-- transpose filter added
-- ffmpeg -force_key_frames option added
-- demuxer for receiving raw rtp:// URLs without an SDP description
-- single stream LATM/LOAS decoder
-- setpts filter added
-- Win64 support for optimized x86 assembly functions
-- MJPEG/AVI1 to JPEG/JFIF bitstream filter
-- ASS subtitle encoder and decoder
-- IEC 61937 encapsulation for E-AC-3, TrueHD, DTS-HD (for HDMI passthrough)
-- overlay filter added
-- rename aspect filter to setdar, and pixelaspect to setsar
-- IEC 61937 demuxer
-- Mobotix .mxg demuxer
-- frei0r source added
-- hqdn3d filter added
-- RTP depacketization of QCELP
-- FLAC parser added
-- gradfun filter added
-- AMR-WB decoder
-- replace the ocv_smooth filter with a more generic ocv filter
-- Windows Televison (WTV) demuxer
-- FFmpeg metadata format muxer and demuxer
-- SubRip (srt) subtitle encoder and decoder
-- floating-point AC-3 encoder added
-- Lagarith decoder
-- ffmpeg -copytb option added
-- IVF muxer added
-- Wing Commander IV movies decoder added
-- movie source added
-- Bink version 'b' audio and video decoder
-- Bitmap Brothers JV playback system
-- Apple HTTP Live Streaming protocol handler
-- sndio support for playback and record
-- Linux framebuffer input device added
-- Chronomaster DFA decoder
-- DPX image encoder
-- MicroDVD subtitle file muxer and demuxer
-- Playstation Portable PMP format demuxer
-- fieldorder video filter added
-- AAC encoding via libvo-aacenc
-- AMR-WB encoding via libvo-amrwbenc
-- xWMA demuxer
-- Mobotix MxPEG decoder
-- VP8 frame-multithreading
-- NEON optimizations for VP8
-- Lots of deprecated API cruft removed
-- fft and imdct optimizations for AVX (Sandy Bridge) processors
-- showinfo filter added
-- SMPTE 302M AES3 audio decoder
-- Apple Core Audio Format muxer
-- 9bit and 10bit per sample support in the H.264 decoder
-- 9bit and 10bit FFV1 encoding / decoding
-- split filter added
-- select filter added
-- sdl output device added
-- libmpcodecs video filter support (3 times as many filters than before)
-- mpeg2 aspect ratio dection fixed
-- libxvid aspect pickiness fixed
-- Frame multithreaded decoding
-- E-AC-3 audio encoder
-- ac3enc: add channel coupling support
-- floating-point sample format support to the ac3, eac3, dca, aac, and vorbis decoders.
-- H264/MPEG frame-level multi-threading
-- All av_metadata_* functions renamed to av_dict_* and moved to libavutil
-- 4:4:4 H.264 decoding support
-- 10-bit H.264 optimizations for x86
-- lut, lutrgb, and lutyuv filters added
-- buffersink libavfilter sink added
-- Bump libswscale for recently reported ABI break
-- New J2K encoder (via OpenJPEG)
-
-
-version 0.7:
-
-- all the changes for 0.8, but keeping API/ABI compatibility with the 0.6 release
-
-
-version 0.6:
-
-- PB-frame decoding for H.263
-- deprecated vhook subsystem removed
-- deprecated old scaler removed
-- VQF demuxer
-- Alpha channel scaler
-- PCX encoder
-- RTP packetization of H.263
-- RTP packetization of AMR
-- RTP depacketization of Vorbis
-- CorePNG decoding support
-- Cook multichannel decoding support
-- introduced avlanguage helpers in libavformat
-- 8088flex TMV demuxer and decoder
-- per-stream language-tags extraction in asfdec
-- V210 decoder and encoder
-- remaining GPL parts in AC-3 decoder converted to LGPL
-- QCP demuxer
-- SoX native format muxer and demuxer
-- AMR-NB decoding/encoding, AMR-WB decoding via OpenCORE libraries
-- DPX image decoder
-- Electronic Arts Madcow decoder
-- DivX (XSUB) subtitle encoder
-- nonfree libamr support for AMR-NB/WB decoding/encoding removed
-- experimental AAC encoder
-- RTP depacketization of ASF and RTSP from WMS servers
-- RTMP support in libavformat
-- noX handling for OPT_BOOL X options
-- Wave64 demuxer
-- IEC-61937 compatible Muxer
-- TwinVQ decoder
-- Bluray (PGS) subtitle decoder
-- LPCM support in MPEG-TS (HDMV RID as found on Blu-ray disks)
-- WMA Pro decoder
-- Core Audio Format demuxer
-- ATRAC1 decoder
-- MD STUDIO audio demuxer
-- RF64 support in WAV demuxer
-- MPEG-4 Audio Lossless Coding (ALS) decoder
-- -formats option split into -formats, -codecs, -bsfs, and -protocols
-- IV8 demuxer
-- CDG demuxer and decoder
-- R210 decoder
-- Auravision Aura 1 and 2 decoders
-- Deluxe Paint Animation playback system
-- SIPR decoder
-- Adobe Filmstrip muxer and demuxer
-- RTP depacketization of H.263
-- Bink demuxer and audio/video decoders
-- enable symbol versioning by default for linkers that support it
-- IFF PBM/ILBM bitmap decoder
-- concat protocol
-- Indeo 5 decoder
-- RTP depacketization of AMR
-- WMA Voice decoder
-- ffprobe tool
-- AMR-NB decoder
-- RTSP muxer
-- HE-AAC v1 decoder
-- Kega Game Video (KGV1) decoder
-- VorbisComment writing for FLAC, Ogg FLAC and Ogg Speex files
-- RTP depacketization of Theora
-- HTTP Digest authentication
-- RTMP/RTMPT/RTMPS/RTMPE/RTMPTE protocol support via librtmp
-- Psygnosis YOP demuxer and video decoder
-- spectral extension support in the E-AC-3 decoder
-- unsharp video filter
-- RTP hinting in the mov/3gp/mp4 muxer
-- Dirac in Ogg demuxing
-- seek to keyframes in Ogg
-- 4:2:2 and 4:4:4 Theora decoding
-- 35% faster VP3/Theora decoding
-- faster AAC decoding
-- faster H.264 decoding
-- RealAudio 1.0 (14.4K) encoder
-
-
-version 0.5:
-
-- DV50 AKA DVCPRO50 encoder, decoder, muxer and demuxer
-- TechSmith Camtasia (TSCC) video decoder
-- IBM Ultimotion (ULTI) video decoder
-- Sierra Online audio file demuxer and decoder
-- Apple QuickDraw (qdrw) video decoder
-- Creative ADPCM audio decoder (16 bits as well as 8 bits schemes)
-- Electronic Arts Multimedia (WVE/UV2/etc.) file demuxer
-- Miro VideoXL (VIXL) video decoder
-- H.261 video encoder
-- QPEG video decoder
-- Nullsoft Video (NSV) file demuxer
-- Shorten audio decoder
-- LOCO video decoder
-- Apple Lossless Audio Codec (ALAC) decoder
-- Winnov WNV1 video decoder
-- Autodesk Animator Studio Codec (AASC) decoder
-- Indeo 2 video decoder
-- Fraps FPS1 video decoder
-- Snow video encoder/decoder
-- Sonic audio encoder/decoder
-- Vorbis audio decoder
-- Macromedia ADPCM decoder
-- Duck TrueMotion 2 video decoder
-- support for decoding FLX and DTA extensions in FLIC files
-- H.264 custom quantization matrices support
-- ffserver fixed, it should now be usable again
-- QDM2 audio decoder
-- Real Cooker audio decoder
-- TrueSpeech audio decoder
-- WMA2 audio decoder fixed, now all files should play correctly
-- RealAudio 14.4 and 28.8 decoders fixed
-- JPEG-LS decoder
-- build system improvements
-- tabs and trailing whitespace removed from the codebase
-- CamStudio video decoder
-- AIFF/AIFF-C audio format, encoding and decoding
-- ADTS AAC file reading and writing
-- Creative VOC file reading and writing
-- American Laser Games multimedia (*.mm) playback system
-- Zip Motion Blocks Video decoder
-- improved Theora/VP3 decoder
-- True Audio (TTA) decoder
-- AVS demuxer and video decoder
-- JPEG-LS encoder
-- Smacker demuxer and decoder
-- NuppelVideo/MythTV demuxer and RTjpeg decoder
-- KMVC decoder
-- MPEG-2 intra VLC support
-- MPEG-2 4:2:2 encoder
-- Flash Screen Video decoder
-- GXF demuxer
-- Chinese AVS decoder
-- GXF muxer
-- MXF demuxer
-- VC-1/WMV3/WMV9 video decoder
-- MacIntel support
-- AviSynth support
-- VMware video decoder
-- VP5 video decoder
-- VP6 video decoder
-- WavPack lossless audio decoder
-- Targa (.TGA) picture decoder
-- Vorbis audio encoder
-- Delphine Software .cin demuxer/audio and video decoder
-- Tiertex .seq demuxer/video decoder
-- MTV demuxer
-- TIFF picture encoder and decoder
-- GIF picture decoder
-- Intel Music Coder decoder
-- Zip Motion Blocks Video encoder
-- Musepack decoder
-- Flash Screen Video encoder
-- Theora encoding via libtheora
-- BMP encoder
-- WMA encoder
-- GSM-MS encoder and decoder
-- DCA decoder
-- DXA demuxer and decoder
-- DNxHD decoder
-- Gamecube movie (.THP) playback system
-- Blackfin optimizations
-- Interplay C93 demuxer and video decoder
-- Bethsoft VID demuxer and video decoder
-- CRYO APC demuxer
-- ATRAC3 decoder
-- V.Flash PTX decoder
-- RoQ muxer, RoQ audio encoder
-- Renderware TXD demuxer and decoder
-- extern C declarations for C++ removed from headers
-- sws_flags command line option
-- codebook generator
-- RoQ video encoder
-- QTRLE encoder
-- OS/2 support removed and restored again
-- AC-3 decoder
-- NUT muxer
-- additional SPARC (VIS) optimizations
-- Matroska muxer
-- slice-based parallel H.264 decoding
-- Monkey's Audio demuxer and decoder
-- AMV audio and video decoder
-- DNxHD encoder
-- H.264 PAFF decoding
-- Nellymoser ASAO decoder
-- Beam Software SIFF demuxer and decoder
-- libvorbis Vorbis decoding removed in favor of native decoder
-- IntraX8 (J-Frame) subdecoder for WMV2 and VC-1
-- Ogg (Theora, Vorbis and FLAC) muxer
-- The "device" muxers and demuxers are now in a new libavdevice library
-- PC Paintbrush PCX decoder
-- Sun Rasterfile decoder
-- TechnoTrend PVA demuxer
-- Linux Media Labs MPEG-4 (LMLM4) demuxer
-- AVM2 (Flash 9) SWF muxer
-- QT variant of IMA ADPCM encoder
-- VFW grabber
-- iPod/iPhone compatible mp4 muxer
-- Mimic decoder
-- MSN TCP Webcam stream demuxer
-- RL2 demuxer / decoder
-- IFF demuxer
-- 8SVX audio decoder
-- non-recursive Makefiles
-- BFI demuxer
-- MAXIS EA XA (.xa) demuxer / decoder
-- BFI video decoder
-- OMA demuxer
-- MLP/TrueHD decoder
-- Electronic Arts CMV decoder
-- Motion Pixels Video decoder
-- Motion Pixels MVI demuxer
-- removed animated GIF decoder/demuxer
-- D-Cinema audio muxer
-- Electronic Arts TGV decoder
-- Apple Lossless Audio Codec (ALAC) encoder
-- AAC decoder
-- floating point PCM encoder/decoder
-- MXF muxer
-- DV100 AKA DVCPRO HD decoder and demuxer
-- E-AC-3 support added to AC-3 decoder
-- Nellymoser ASAO encoder
-- ASS and SSA demuxer and muxer
-- liba52 wrapper removed
-- SVQ3 watermark decoding support
-- Speex decoding via libspeex
-- Electronic Arts TGQ decoder
-- RV40 decoder
-- QCELP / PureVoice decoder
-- RV30 decoder
-- hybrid WavPack support
-- R3D REDCODE demuxer
-- ALSA support for playback and record
-- Electronic Arts TQI decoder
-- OpenJPEG based JPEG 2000 decoder
-- NC (NC4600) camera file demuxer
-- Gopher client support
-- MXF D-10 muxer
-- generic metadata API
-- flash ScreenVideo2 encoder
-
-
-version 0.4.9-pre1:
-
-- DV encoder, DV muxer
-- Microsoft RLE video decoder
-- Microsoft Video-1 decoder
-- Apple Animation (RLE) decoder
-- Apple Graphics (SMC) decoder
-- Apple Video (RPZA) decoder
-- Cinepak decoder
-- Sega FILM (CPK) file demuxer
-- Westwood multimedia support (VQA & AUD files)
-- Id Quake II CIN playback support
-- 8BPS video decoder
-- FLIC playback support
-- RealVideo 2.0 (RV20) decoder
-- Duck TrueMotion v1 (DUCK) video decoder
-- Sierra VMD demuxer and video decoder
-- MSZH and ZLIB decoder support
-- SVQ1 video encoder
-- AMR-WB support
-- PPC optimizations
-- rate distortion optimal cbp support
-- rate distorted optimal ac prediction for MPEG-4
-- rate distorted optimal lambda->qp support
-- AAC encoding with libfaac
-- Sunplus JPEG codec (SP5X) support
-- use Lagrange multipler instead of QP for ratecontrol
-- Theora/VP3 decoding support
-- XA and ADX ADPCM codecs
-- export MPEG-2 active display area / pan scan
-- Add support for configuring with IBM XLC
-- floating point AAN DCT
-- initial support for zygo video (not complete)
-- RGB ffv1 support
-- new audio/video parser API
-- av_log() system
-- av_read_frame() and av_seek_frame() support
-- missing last frame fixes
-- seek by mouse in ffplay
-- noise reduction of DCT coefficients
-- H.263 OBMC & 4MV support
-- H.263 alternative inter vlc support
-- H.263 loop filter
-- H.263 slice structured mode
-- interlaced DCT support for MPEG-2 encoding
-- stuffing to stay above min_bitrate
-- MB type & QP visualization
-- frame stepping for ffplay
-- interlaced motion estimation
-- alternate scantable support
-- SVCD scan offset support
-- closed GOP support
-- SSE2 FDCT
-- quantizer noise shaping
-- G.726 ADPCM audio codec
-- MS ADPCM encoding
-- multithreaded/SMP motion estimation
-- multithreaded/SMP encoding for MPEG-1/MPEG-2/MPEG-4/H.263
-- multithreaded/SMP decoding for MPEG-2
-- FLAC decoder
-- Metrowerks CodeWarrior suppport
-- H.263+ custom pcf support
-- nicer output for 'ffmpeg -formats'
-- Matroska demuxer
-- SGI image format, encoding and decoding
-- H.264 loop filter support
-- H.264 CABAC support
-- nicer looking arrows for the motion vector visualization
-- improved VCD support
-- audio timestamp drift compensation
-- MPEG-2 YUV 422/444 support
-- polyphase kaiser windowed sinc and blackman nuttall windowed sinc audio resample
-- better image scaling
-- H.261 support
-- correctly interleave packets during encoding
-- VIS optimized motion compensation
-- intra_dc_precision>0 encoding support
-- support reuse of motion vectors/MB types/field select values of the source video
-- more accurate deblock filter
-- padding support
-- many optimizations and bugfixes
-- FunCom ISS audio file demuxer and according ADPCM decoding
-
-
-version 0.4.8:
-
-- MPEG-2 video encoding (Michael)
-- Id RoQ playback subsystem (Mike Melanson and Tim Ferguson)
-- Wing Commander III Movie (.mve) file playback subsystem (Mike Melanson
-  and Mario Brito)
-- Xan DPCM audio decoder (Mario Brito)
-- Interplay MVE playback subsystem (Mike Melanson)
-- Duck DK3 and DK4 ADPCM audio decoders (Mike Melanson)
-
-
-version 0.4.7:
-
-- RealAudio 1.0 (14_4) and 2.0 (28_8) native decoders. Author unknown, code from mplayerhq
-  (originally from public domain player for Amiga at http://www.honeypot.net/audio)
-- current version now also compiles with older GCC (Fabrice)
-- 4X multimedia playback system including 4xm file demuxer (Mike
-  Melanson), and 4X video and audio codecs (Michael)
-- Creative YUV (CYUV) decoder (Mike Melanson)
-- FFV1 codec (our very simple lossless intra only codec, compresses much better
-  than HuffYUV) (Michael)
-- ASV1 (Asus), H.264, Intel indeo3 codecs have been added (various)
-- tiny PNG encoder and decoder, tiny GIF decoder, PAM decoder (PPM with
-  alpha support), JPEG YUV colorspace support. (Fabrice Bellard)
-- ffplay has been replaced with a newer version which uses SDL (optionally)
-  for multiplatform support (Fabrice)
-- Sorenson Version 3 codec (SVQ3) support has been added (decoding only) - donated
-  by anonymous
-- AMR format has been added (Johannes Carlsson)
-- 3GP support has been added (Johannes Carlsson)
-- VP3 codec has been added (Mike Melanson)
-- more MPEG-1/2 fixes
-- better multiplatform support, MS Visual Studio fixes (various)
-- AltiVec optimizations (Magnus Damn and others)
-- SH4 processor support has been added (BERO)
-- new public interfaces (avcodec_get_pix_fmt) (Roman Shaposhnick)
-- VOB streaming support (Brian Foley)
-- better MP3 autodetection (Andriy Rysin)
-- qpel encoding (Michael)
-- 4mv+b frames encoding finally fixed (Michael)
-- chroma ME (Michael)
-- 5 comparison functions for ME (Michael)
-- B-frame encoding speedup (Michael)
-- WMV2 codec (unfinished - Michael)
-- user specified diamond size for EPZS (Michael)
-- Playstation STR playback subsystem, still experimental (Mike and Michael)
-- ASV2 codec (Michael)
-- CLJR decoder (Alex)
-
-.. And lots more new enhancements and fixes.
-
-
-version 0.4.6:
-
-- completely new integer only MPEG audio layer 1/2/3 decoder rewritten
-  from scratch
-- Recoded DCT and motion vector search with gcc (no longer depends on nasm)
-- fix quantization bug in AC3 encoder
-- added PCM codecs and format. Corrected WAV/AVI/ASF PCM issues
-- added prototype ffplay program
-- added GOB header parsing on H.263/H.263+ decoder (Juanjo)
-- bug fix on MCBPC tables of H.263 (Juanjo)
-- bug fix on DC coefficients of H.263 (Juanjo)
-- added Advanced Prediction Mode on H.263/H.263+ decoder (Juanjo)
-- now we can decode H.263 streams found in QuickTime files (Juanjo)
-- now we can decode H.263 streams found in VIVO v1 files(Juanjo)
-- preliminary RTP "friendly" mode for H.263/H.263+ coding. (Juanjo)
-- added GOB header for H.263/H.263+ coding on RTP mode (Juanjo)
-- now H.263 picture size is returned on the first decoded frame (Juanjo)
-- added first regression tests
-- added MPEG-2 TS demuxer
-- new demux API for libav
-- more accurate and faster IDCT (Michael)
-- faster and entropy-controlled motion search (Michael)
-- two pass video encoding (Michael)
-- new video rate control (Michael)
-- added MSMPEG4V1, MSMPEGV2 and WMV1 support (Michael)
-- great performance improvement of video encoders and decoders (Michael)
-- new and faster bit readers and vlc parsers (Michael)
-- high quality encoding mode: tries all macroblock/VLC types (Michael)
-- added DV video decoder
-- preliminary RTP/RTSP support in ffserver and libavformat
-- H.263+ AIC decoding/encoding support (Juanjo)
-- VCD MPEG-PS mode (Juanjo)
-- PSNR stuff (Juanjo)
-- simple stats output (Juanjo)
-- 16-bit and 15-bit RGB/BGR/GBR support (Bisqwit)
-
-
-version 0.4.5:
-
-- some header fixes (Zdenek Kabelac <kabi at informatics.muni.cz>)
-- many MMX optimizations (Nick Kurshev <nickols_k at mail.ru>)
-- added configure system (actually a small shell script)
-- added MPEG audio layer 1/2/3 decoding using LGPL'ed mpglib by
-  Michael Hipp (temporary solution - waiting for integer only
-  decoder)
-- fixed VIDIOCSYNC interrupt
-- added Intel H.263 decoding support ('I263' AVI fourCC)
-- added Real Video 1.0 decoding (needs further testing)
-- simplified image formats again. Added PGM format (=grey
-  pgm). Renamed old PGM to PGMYUV.
-- fixed msmpeg4 slice issues (tell me if you still find problems)
-- fixed OpenDivX bugs with newer versions (added VOL header decoding)
-- added support for MPlayer interface
-- added macroblock skip optimization
-- added MJPEG decoder
-- added mmx/mmxext IDCT from libmpeg2
-- added pgmyuvpipe, ppm, and ppm_pipe formats (original patch by Celer
-  <celer at shell.scrypt.net>)
-- added pixel format conversion layer (e.g. for MJPEG or PPM)
-- added deinterlacing option
-- MPEG-1/2 fixes
-- MPEG-4 vol header fixes (Jonathan Marsden <snmjbm at pacbell.net>)
-- ARM optimizations (Lionel Ulmer <lionel.ulmer at free.fr>).
-- Windows porting of file converter
-- added MJPEG raw format (input/output)
-- added JPEG image format support (input/output)
-
-
-version 0.4.4:
-
-- fixed some std header definitions (Bjorn Lindgren
-  <bjorn.e.lindgren at telia.com>).
-- added MPEG demuxer (MPEG-1 and 2 compatible).
-- added ASF demuxer
-- added prototype RM demuxer
-- added AC3 decoding (done with libac3 by Aaron Holtzman)
-- added decoding codec parameter guessing (.e.g. for MPEG, because the
-  header does not include them)
-- fixed header generation in MPEG-1, AVI and ASF muxer: wmplayer can now
-  play them (only tested video)
-- fixed H.263 white bug
-- fixed phase rounding in img resample filter
-- add MMX code for polyphase img resample filter
-- added CPU autodetection
-- added generic title/author/copyright/comment string handling (ASF and RM
-  use them)
-- added SWF demux to extract MP3 track (not usable yet because no MP3
-  decoder)
-- added fractional frame rate support
-- codecs are no longer searched by read_header() (should fix ffserver
-  segfault)
-
-
-version 0.4.3:
-
-- BGR24 patch (initial patch by Jeroen Vreeken <pe1rxq at amsat.org>)
-- fixed raw yuv output
-- added motion rounding support in MPEG-4
-- fixed motion bug rounding in MSMPEG4
-- added B-frame handling in video core
-- added full MPEG-1 decoding support
-- added partial (frame only) MPEG-2 support
-- changed the FOURCC code for H.263 to "U263" to be able to see the
-  +AVI/H.263 file with the UB Video H.263+ decoder. MPlayer works with
-  this +codec ;) (JuanJo).
-- Halfpel motion estimation after MB type selection (JuanJo)
-- added pgm and .Y.U.V output format
-- suppressed 'img:' protocol. Simply use: /tmp/test%d.[pgm|Y] as input or
-  output.
-- added pgmpipe I/O format (original patch from Martin Aumueller
-  <lists at reserv.at>, but changed completely since we use a format
-  instead of a protocol)
-
-
-version 0.4.2:
-
-- added H.263/MPEG-4/MSMPEG4 decoding support. MPEG-4 decoding support
-  (for OpenDivX) is almost complete: 8x8 MVs and rounding are
-  missing. MSMPEG4 support is complete.
-- added prototype MPEG-1 decoder. Only I- and P-frames handled yet (it
-  can decode ffmpeg MPEGs :-)).
-- added libavcodec API documentation (see apiexample.c).
-- fixed image polyphase bug (the bottom of some images could be
-  greenish)
-- added support for non clipped motion vectors (decoding only)
-  and image sizes non-multiple of 16
-- added support for AC prediction (decoding only)
-- added file overwrite confirmation (can be disabled with -y)
-- added custom size picture to H.263 using H.263+ (Juanjo)
-
-
-version 0.4.1:
-
-- added MSMPEG4 (aka DivX) compatible encoder. Changed default codec
-  of AVI and ASF to DIV3.
-- added -me option to set motion estimation method
-  (default=log). suppressed redundant -hq option.
-- added options -acodec and -vcodec to force a given codec (useful for
-  AVI for example)
-- fixed -an option
-- improved dct_quantize speed
-- factorized some motion estimation code
-
-
-version 0.4.0:
-
-- removing grab code from ffserver and moved it to ffmpeg. Added
-  multistream support to ffmpeg.
-- added timeshifting support for live feeds (option ?date=xxx in the
-  URL)
-- added high quality image resize code with polyphase filter (need
-  mmx/see optimization). Enable multiple image size support in ffserver.
-- added multi live feed support in ffserver
-- suppressed master feature from ffserver (it should be done with an
-  external program which opens the .ffm url and writes it to another
-  ffserver)
-- added preliminary support for video stream parsing (WAV and AVI half
-  done). Added proper support for audio/video file conversion in
-  ffmpeg.
-- added preliminary support for video file sending from ffserver
-- redesigning I/O subsystem: now using URL based input and output
-  (see avio.h)
-- added WAV format support
-- added "tty user interface" to ffmpeg to stop grabbing gracefully
-- added MMX/SSE optimizations to SAD (Sums of Absolutes Differences)
-  (Juan J. Sierralta P. a.k.a. "Juanjo" <juanjo at atmlab.utfsm.cl>)
-- added MMX DCT from mpeg2_movie 1.5 (Juanjo)
-- added new motion estimation algorithms, log and phods (Juanjo)
-- changed directories: libav for format handling, libavcodec for
-  codecs
-
-
-version 0.3.4:
-
-- added stereo in MPEG audio encoder
-
-
-version 0.3.3:
-
-- added 'high quality' mode which use motion vectors. It can be used in
-  real time at low resolution.
-- fixed rounding problems which caused quality problems at high
-  bitrates and large GOP size
-
-
-version 0.3.2: small fixes
-
-- ASF fixes
-- put_seek bug fix
-
-
-version 0.3.1: added avi/divx support
-
-- added AVI support
-- added MPEG-4 codec compatible with OpenDivX. It is based on the H.263 codec
-- added sound for flash format (not tested)
-
-
-version 0.3: initial public release
diff --git a/media/ffvpx/FILES b/media/ffvpx/FILES
new file mode 100644
index 000000000..ff8a2da43
--- /dev/null
+++ b/media/ffvpx/FILES
@@ -0,0 +1,282 @@
+./COPYING.LGPLv2.1
+./COPYING.LGPLv3
+./compat/va_copy.h
+./compat/w32pthreads.h
+./compat/atomics/win32/stdatomic.h
+./libavcodec/audioconvert.c
+./libavcodec/audioconvert.h
+./libavcodec/avpicture.c
+./libavcodec/bit_depth_template.c
+./libavcodec/fdctdsp.h
+./libavcodec/flacdata.c
+./libavcodec/flacdata.h
+./libavcodec/flacdsp_lpc_template.c
+./libavcodec/frame_thread_encoder.h
+./libavcodec/golomb.c
+./libavcodec/h263dsp.h
+./libavcodec/h264pred.c
+./libavcodec/h264pred.h
+./libavcodec/h264pred_template.c
+./libavcodec/log2_tab.c
+./libavcodec/mathtables.c
+./libavcodec/motion_est.h
+./libavcodec/mpeg12data.h
+./libavcodec/mpegpicture.h
+./libavcodec/mpegutils.h
+./libavcodec/mpegvideodsp.h
+./libavcodec/mpegvideoencdsp.h
+./libavcodec/parser.h
+./libavcodec/profiles.c
+./libavcodec/profiles.h
+./libavcodec/pthread.c
+./libavcodec/pthread_internal.h
+./libavcodec/qpeldsp.h
+./libavcodec/qsv_api.c
+./libavcodec/raw.h
+./libavcodec/rectangle.h
+./libavcodec/resample.c
+./libavcodec/resample2.c
+./libavcodec/reverse.c
+./libavcodec/rl.h
+./libavcodec/rnd_avg.h
+./libavcodec/unary.h
+./libavcodec/videodsp_template.c
+./libavcodec/vorbis_parser.c
+./libavcodec/vorbis_parser_internal.h
+./libavcodec/vp8data.h
+./libavcodec/vp9_parser.c
+./libavcodec/vp9dsp_10bpp.c
+./libavcodec/vp9dsp_12bpp.c
+./libavcodec/vp9dsp_8bpp.c
+./libavcodec/x86/constants.c
+./libavcodec/x86/flacdsp.asm
+./libavcodec/x86/mathops.h
+./libavcodec/x86/vp56_arith.h
+./libavcodec/x86/vp9dsp_init.h
+./libavcodec/x86/vp9dsp_init_10bpp.c
+./libavcodec/x86/vp9dsp_init_12bpp.c
+./libavcodec/x86/vp9intrapred.asm
+./libavcodec/x86/vp9itxfm_16bpp.asm
+./libavcodec/x86/vp9itxfm_template.asm
+./libavcodec/x86/vp9mc_16bpp.asm
+./libavcodec/x86/vp9lpf.asm
+./libavcodec/x86/vp9lpf_16bpp.asm
+./libavcodec/x86/constants.h
+./libavcodec/x86/flacdsp_init.c
+./libavcodec/x86/h264_intrapred.asm
+./libavcodec/x86/h264_intrapred_10bit.asm
+./libavcodec/x86/h264_intrapred_init.c
+./libavcodec/x86/videodsp.asm
+./libavcodec/x86/videodsp_init.c
+./libavcodec/x86/vp8dsp.asm
+./libavcodec/x86/vp8dsp_init.c
+./libavcodec/x86/vp8dsp_loopfilter.asm
+./libavcodec/x86/vp9dsp_init.c
+./libavcodec/x86/vp9dsp_init_16bpp.c
+./libavcodec/x86/vp9dsp_init_16bpp_template.c
+./libavcodec/x86/vp9intrapred_16bpp.asm
+./libavcodec/x86/vp9itxfm.asm
+./libavcodec/x86/vp9mc.asm
+./libavcodec/xiph.c
+./libavcodec/xiph.h
+./libavcodec/bsf.h
+./libavcodec/h264dsp.h
+./libavcodec/imgconvert.c
+./libavcodec/bsf.c
+./libavcodec/decode.c
+./libavcodec/decode.h
+./libavcodec/hwaccel.h
+./libavcodec/vp9block.c
+./libavcodec/vp9data.c
+./libavcodec/vp9dec.h
+./libavcodec/vp9lpf.c
+./libavcodec/vp9mvs.c
+./libavcodec/vp9prob.c
+./libavcodec/vp9recon.c
+./libavcodec/vp9shared.h
+./libavcodec/allcodecs.c
+./libavcodec/avcodec.h
+./libavcodec/avpacket.c
+./libavcodec/bitstream.c
+./libavcodec/blockdsp.h
+./libavcodec/bytestream.h
+./libavcodec/codec_desc.c
+./libavcodec/error_resilience.h
+./libavcodec/flac.c
+./libavcodec/flac.h
+./libavcodec/flac_parser.c
+./libavcodec/flacdec.c
+./libavcodec/flacdsp.c
+./libavcodec/flacdsp.h
+./libavcodec/flacdsp_template.c
+./libavcodec/get_bits.h
+./libavcodec/golomb.h
+./libavcodec/h264chroma.h
+./libavcodec/hpeldsp.h
+./libavcodec/idctdsp.h
+./libavcodec/internal.h
+./libavcodec/mathops.h
+./libavcodec/me_cmp.h
+./libavcodec/mpegvideo.h
+./libavcodec/options.c
+./libavcodec/options_table.h
+./libavcodec/parser.c
+./libavcodec/pixblockdsp.h
+./libavcodec/pthread_frame.c
+./libavcodec/pthread_slice.c
+./libavcodec/put_bits.h
+./libavcodec/ratecontrol.h
+./libavcodec/raw.c
+./libavcodec/thread.h
+./libavcodec/utils.c
+./libavcodec/version.h
+./libavcodec/videodsp.c
+./libavcodec/videodsp.h
+./libavcodec/vlc.h
+./libavcodec/vorbis_parser.h
+./libavcodec/vp3dsp.h
+./libavcodec/vp56.h
+./libavcodec/vp56dsp.h
+./libavcodec/vp56rac.c
+./libavcodec/vp8.c
+./libavcodec/vp8.h
+./libavcodec/vp8_parser.c
+./libavcodec/vp8dsp.c
+./libavcodec/vp8dsp.h
+./libavcodec/vp9.c
+./libavcodec/vp9.h
+./libavcodec/vp9_mc_template.c
+./libavcodec/vp9data.h
+./libavcodec/vp9dsp.c
+./libavcodec/vp9dsp.h
+./libavcodec/vp9dsp_template.c
+./libavcodec/bitstream_filters.c
+./libavcodec/bitstream_filter.c
+./libavcodec/bsf_list.c
+./libavcodec/null_bsf.c
+./libavutil/adler32.c
+./libavutil/atomic.c
+./libavutil/atomic.h
+./libavutil/atomic_win32.h
+./libavutil/avutilres.rc
+./libavutil/base64.c
+./libavutil/base64.h
+./libavutil/bprint.c
+./libavutil/bprint.h
+./libavutil/bswap.h
+./libavutil/color_utils.c
+./libavutil/color_utils.h
+./libavutil/colorspace.h
+./libavutil/common.h
+./libavutil/crc.c
+./libavutil/dict.h
+./libavutil/error.c
+./libavutil/error.h
+./libavutil/eval.h
+./libavutil/ffmath.h
+./libavutil/ffversion.h
+./libavutil/fifo.c
+./libavutil/fifo.h
+./libavutil/fixed_dsp.c
+./libavutil/fixed_dsp.h
+./libavutil/integer.c
+./libavutil/integer.h
+./libavutil/intfloat.h
+./libavutil/intmath.c
+./libavutil/intmath.h
+./libavutil/libm.h
+./libavutil/lls.c
+./libavutil/lls.h
+./libavutil/log2_tab.c
+./libavutil/macros.h
+./libavutil/mem_internal.h
+./libavutil/parseutils.h
+./libavutil/pixelutils.c
+./libavutil/pixelutils.h
+./libavutil/qsort.h
+./libavutil/rational.c
+./libavutil/replaygain.h
+./libavutil/reverse.c
+./libavutil/threadmessage.h
+./libavutil/time_internal.h
+./libavutil/x86/bswap.h
+./libavutil/x86/cpuid.asm
+./libavutil/x86/fixed_dsp.asm
+./libavutil/x86/fixed_dsp_init.c
+./libavutil/x86/intmath.h
+./libavutil/x86/intreadwrite.h
+./libavutil/x86/lls.asm
+./libavutil/x86/lls_init.c
+./libavutil/x86/pixelutils.asm
+./libavutil/x86/pixelutils.h
+./libavutil/x86/pixelutils_init.c
+./libavutil/x86/timer.h
+./libavutil/x86/asm.h
+./libavutil/x86/imgutils.asm
+./libavutil/x86/imgutils_init.c
+./libavutil/x86/cpu.c
+./libavutil/x86/cpu.h
+./libavutil/x86/emms.asm
+./libavutil/x86/emms.h
+./libavutil/x86/float_dsp.asm
+./libavutil/x86/float_dsp_init.c
+./libavutil/x86/x86inc.asm
+./libavutil/x86/x86util.asm
+./libavutil/adler32.h
+./libavutil/avassert.h
+./libavutil/avconfig.h
+./libavutil/crc.h
+./libavutil/dict.c
+./libavutil/dynarray.h
+./libavutil/log.h
+./libavutil/mathematics.h
+./libavutil/rational.h
+./libavutil/samplefmt.c
+./libavutil/samplefmt.h
+./libavutil/timestamp.h
+./libavutil/opt.c
+./libavutil/imgutils_internal.h
+./libavutil/reverse.h
+./libavutil/slicethread.c
+./libavutil/slicethread.h
+./libavutil/atomic_gcc.h
+./libavutil/attributes.h
+./libavutil/avstring.c
+./libavutil/avstring.h
+./libavutil/avutil.h
+./libavutil/buffer.c
+./libavutil/buffer.h
+./libavutil/buffer_internal.h
+./libavutil/channel_layout.c
+./libavutil/channel_layout.h
+./libavutil/cpu.c
+./libavutil/cpu.h
+./libavutil/cpu_internal.h
+./libavutil/eval.c
+./libavutil/float_dsp.c
+./libavutil/float_dsp.h
+./libavutil/frame.c
+./libavutil/frame.h
+./libavutil/hwcontext.h
+./libavutil/imgutils.c
+./libavutil/imgutils.h
+./libavutil/internal.h
+./libavutil/intreadwrite.h
+./libavutil/log.c
+./libavutil/mathematics.c
+./libavutil/mem.c
+./libavutil/mem.h
+./libavutil/opt.h
+./libavutil/parseutils.c
+./libavutil/pixdesc.c
+./libavutil/pixdesc.h
+./libavutil/pixfmt.h
+./libavutil/thread.h
+./libavutil/threadmessage.c
+./libavutil/time.c
+./libavutil/timecode.c
+./libavutil/timecode.h
+./libavutil/timer.h
+./libavutil/utils.c
+./libavutil/version.h
+
diff --git a/media/ffvpx/INSTALL.md b/media/ffvpx/INSTALL.md
deleted file mode 100644
index 5db912231..000000000
--- a/media/ffvpx/INSTALL.md
+++ /dev/null
@@ -1,17 +0,0 @@
-#Installing FFmpeg:
-
-1. Type `./configure` to create the configuration. A list of configure
-options is printed by running `configure --help`.
-
-    `configure` can be launched from a directory different from the FFmpeg
-sources to build the objects out of tree. To do this, use an absolute
-path when launching `configure`, e.g. `/ffmpegdir/ffmpeg/configure`.
-
-2. Then type `make` to build FFmpeg. GNU Make 3.81 or later is required.
-
-3. Type `make install` to install all binaries and libraries you built.
-
-NOTICE
-------
-
- - Non system dependencies (e.g. libx264, libvpx) are disabled by default.
diff --git a/media/ffvpx/LICENSE.md b/media/ffvpx/LICENSE.md
deleted file mode 100644
index 0c53d0f5a..000000000
--- a/media/ffvpx/LICENSE.md
+++ /dev/null
@@ -1,114 +0,0 @@
-#FFmpeg:
-
-Most files in FFmpeg are under the GNU Lesser General Public License version 2.1
-or later (LGPL v2.1+). Read the file `COPYING.LGPLv2.1` for details. Some other
-files have MIT/X11/BSD-style licenses. In combination the LGPL v2.1+ applies to
-FFmpeg.
-
-Some optional parts of FFmpeg are licensed under the GNU General Public License
-version 2 or later (GPL v2+). See the file `COPYING.GPLv2` for details. None of
-these parts are used by default, you have to explicitly pass `--enable-gpl` to
-configure to activate them. In this case, FFmpeg's license changes to GPL v2+.
-
-Specifically, the GPL parts of FFmpeg are:
-
-- libpostproc
-- optional x86 optimizations in the files
-  - `libavcodec/x86/flac_dsp_gpl.asm`
-  - `libavcodec/x86/idct_mmx.c`
-  - `libavfilter/x86/vf_removegrain.asm`
-- libutvideo encoding/decoding wrappers in
-  `libavcodec/libutvideo*.cpp`
-- the X11 grabber in `libavdevice/x11grab.c`
-- the swresample test app in
-  `libswresample/swresample-test.c`
-- the `texi2pod.pl` tool
-- the following filters in libavfilter:
-    - `f_ebur128.c`
-    - `vf_blackframe.c`
-    - `vf_boxblur.c`
-    - `vf_colormatrix.c`
-    - `vf_cover_rect.c`
-    - `vf_cropdetect.c`
-    - `vf_delogo.c`
-    - `vf_eq.c`
-    - `vf_find_rect.c`
-    - `vf_fspp.c`
-    - `vf_geq.c`
-    - `vf_histeq.c`
-    - `vf_hqdn3d.c`
-    - `vf_interlace.c`
-    - `vf_kerndeint.c`
-    - `vf_mcdeint.c`
-    - `vf_mpdecimate.c`
-    - `vf_owdenoise.c`
-    - `vf_perspective.c`
-    - `vf_phase.c`
-    - `vf_pp.c`
-    - `vf_pp7.c`
-    - `vf_pullup.c`
-    - `vf_sab.c`
-    - `vf_smartblur.c`
-    - `vf_repeatfields.c`
-    - `vf_spp.c`
-    - `vf_stereo3d.c`
-    - `vf_super2xsai.c`
-    - `vf_tinterlace.c`
-    - `vf_uspp.c`
-    - `vsrc_mptestsrc.c`
-
-Should you, for whatever reason, prefer to use version 3 of the (L)GPL, then
-the configure parameter `--enable-version3` will activate this licensing option
-for you. Read the file `COPYING.LGPLv3` or, if you have enabled GPL parts,
-`COPYING.GPLv3` to learn the exact legal terms that apply in this case.
-
-There are a handful of files under other licensing terms, namely:
-
-* The files `libavcodec/jfdctfst.c`, `libavcodec/jfdctint_template.c` and
-  `libavcodec/jrevdct.c` are taken from libjpeg, see the top of the files for
-  licensing details. Specifically note that you must credit the IJG in the
-  documentation accompanying your program if you only distribute executables.
-  You must also indicate any changes including additions and deletions to
-  those three files in the documentation.
-* `tests/reference.pnm` is under the expat license.
-
-
-external libraries
-==================
-
-FFmpeg can be combined with a number of external libraries, which sometimes
-affect the licensing of binaries resulting from the combination.
-
-compatible libraries
---------------------
-
-The following libraries are under GPL:
-- frei0r
-- libcdio
-- librubberband
-- libutvideo
-- libvidstab
-- libx264
-- libx265
-- libxavs
-- libxvid
-
-When combining them with FFmpeg, FFmpeg needs to be licensed as GPL as well by
-passing `--enable-gpl` to configure.
-
-The OpenCORE and VisualOn libraries are under the Apache License 2.0. That
-license is incompatible with the LGPL v2.1 and the GPL v2, but not with
-version 3 of those licenses. So to combine these libraries with FFmpeg, the
-license version needs to be upgraded by passing `--enable-version3` to configure.
-
-incompatible libraries
-----------------------
-
-The Fraunhofer AAC library and FAAC are under licenses which
-are incompatible with the GPLv2 and v3. We do not know for certain if their
-licenses are compatible with the LGPL.
-If you wish to enable these libraries, pass `--enable-nonfree` to configure.
-But note that if you enable any of these libraries the resulting binary will
-be under a complex license mix that is more restrictive than the LGPL and that
-may result in additional obligations. It is possible that these
-restrictions cause the resulting binary to be unredistributeable.
diff --git a/media/ffvpx/MAINTAINERS b/media/ffvpx/MAINTAINERS
deleted file mode 100644
index e57150da9..000000000
--- a/media/ffvpx/MAINTAINERS
+++ /dev/null
@@ -1,619 +0,0 @@
-FFmpeg maintainers
-==================
-
-Below is a list of the people maintaining different parts of the
-FFmpeg code.
-
-Please try to keep entries where you are the maintainer up to date!
-
-Names in () mean that the maintainer currently has no time to maintain the code.
-A (CC <address>) after the name means that the maintainer prefers to be CC-ed on
-patches and related discussions.
-
-
-Project Leader
-==============
-
-  final design decisions
-
-
-Applications
-============
-
-ffmpeg:
-  ffmpeg.c                              Michael Niedermayer
-
-ffplay:
-  ffplay.c                              Marton Balint
-
-ffprobe:
-  ffprobe.c                             Stefano Sabatini
-
-ffserver:
-  ffserver.c                            Reynaldo H. Verdejo Pinochet
-
-Commandline utility code:
-  cmdutils.c, cmdutils.h                Michael Niedermayer
-
-QuickTime faststart:
-  tools/qt-faststart.c                  Baptiste Coudurier
-
-
-Miscellaneous Areas
-===================
-
-documentation                           Stefano Sabatini, Mike Melanson, Timothy Gu, Lou Logan
-build system (configure, makefiles)     Diego Biurrun, Mans Rullgard
-project server                          Árpád Gereöffy, Michael Niedermayer, Reimar Doeffinger, Alexander Strasser, Lou Logan
-presets                                 Robert Swain
-metadata subsystem                      Aurelien Jacobs
-release management                      Michael Niedermayer
-
-
-Communication
-=============
-
-website                                 Deby Barbara Lepage
-fate.ffmpeg.org                         Timothy Gu
-Trac bug tracker                        Alexander Strasser, Michael Niedermayer, Carl Eugen Hoyos, Lou Logan
-mailing lists                           Michael Niedermayer, Baptiste Coudurier, Lou Logan
-Google+                                 Paul B Mahol, Michael Niedermayer, Alexander Strasser
-Twitter                                 Lou Logan, Reynaldo H. Verdejo Pinochet
-Launchpad                               Timothy Gu
-
-
-libavutil
-=========
-
-External Interfaces:
-  libavutil/avutil.h                    Michael Niedermayer
-Internal Interfaces:
-  libavutil/common.h                    Michael Niedermayer
-
-Other:
-  aes_ctr.c, aes_ctr.h                  Eran Kornblau
-  bprint                                Nicolas George
-  bswap.h
-  des                                   Reimar Doeffinger
-  dynarray.h                            Nicolas George
-  eval.c, eval.h                        Michael Niedermayer
-  float_dsp                             Loren Merritt
-  hash                                  Reimar Doeffinger
-  intfloat*                             Michael Niedermayer
-  integer.c, integer.h                  Michael Niedermayer
-  lzo                                   Reimar Doeffinger
-  mathematics.c, mathematics.h          Michael Niedermayer
-  mem.c, mem.h                          Michael Niedermayer
-  opencl.c, opencl.h                    Wei Gao
-  opt.c, opt.h                          Michael Niedermayer
-  rational.c, rational.h                Michael Niedermayer
-  rc4                                   Reimar Doeffinger
-  ripemd.c, ripemd.h                    James Almer
-  timecode                              Clément Bœsch
-
-
-libavcodec
-==========
-
-Generic Parts:
-  External Interfaces:
-    avcodec.h                           Michael Niedermayer
-  utility code:
-    utils.c                             Michael Niedermayer
-  audio and video frame extraction:
-    parser.c                            Michael Niedermayer
-  bitstream reading:
-    bitstream.c, bitstream.h            Michael Niedermayer
-  CABAC:
-    cabac.h, cabac.c                    Michael Niedermayer
-  codec names:
-    codec_names.sh                      Nicolas George
-  DSP utilities:
-    dsputils.c, dsputils.h              Michael Niedermayer
-  entropy coding:
-    rangecoder.c, rangecoder.h          Michael Niedermayer
-    lzw.*                               Michael Niedermayer
-  floating point AAN DCT:
-    faandct.c, faandct.h                Michael Niedermayer
-  Golomb coding:
-    golomb.c, golomb.h                  Michael Niedermayer
-  LPC:
-    lpc.c, lpc.h                        Justin Ruggles
-  motion estimation:
-    motion*                             Michael Niedermayer
-  rate control:
-    ratecontrol.c                       Michael Niedermayer
-    libxvid_rc.c                        Michael Niedermayer
-  simple IDCT:
-    simple_idct.c, simple_idct.h        Michael Niedermayer
-  postprocessing:
-    libpostproc/*                       Michael Niedermayer
-  table generation:
-    tableprint.c, tableprint.h          Reimar Doeffinger
-  fixed point FFT:
-    fft*                                Zeljko Lukac
-  Text Subtitles                        Clément Bœsch
-
-Codecs:
-  4xm.c                                 Michael Niedermayer
-  8bps.c                                Roberto Togni
-  8svx.c                                Jaikrishnan Menon
-  aacenc*, aaccoder.c                   Rostislav Pehlivanov
-  aasc.c                                Kostya Shishkov
-  ac3*                                  Justin Ruggles
-  alacenc.c                             Jaikrishnan Menon
-  alsdec.c                              Thilo Borgmann
-  apedec.c                              Kostya Shishkov
-  ass*                                  Aurelien Jacobs
-  asv*                                  Michael Niedermayer
-  atrac3*                               Benjamin Larsson
-  atrac3plus*                           Maxim Poliakovski
-  bgmc.c, bgmc.h                        Thilo Borgmann
-  bink.c                                Kostya Shishkov
-  binkaudio.c                           Peter Ross
-  bmp.c                                 Mans Rullgard, Kostya Shishkov
-  cavs*                                 Stefan Gehrer
-  cdxl.c                                Paul B Mahol
-  celp_filters.*                        Vitor Sessak
-  cinepak.c                             Roberto Togni
-  cinepakenc.c                          Rl / Aetey G.T. AB
-  ccaption_dec.c                        Anshul Maheshwari
-  cljr                                  Alex Beregszaszi
-  cllc.c                                Derek Buitenhuis
-  cook.c, cookdata.h                    Benjamin Larsson
-  cpia.c                                Stephan Hilb
-  crystalhd.c                           Philip Langdale
-  cscd.c                                Reimar Doeffinger
-  dca.c                                 Kostya Shishkov, Benjamin Larsson
-  dirac*                                Rostislav Pehlivanov
-  dnxhd*                                Baptiste Coudurier
-  dpcm.c                                Mike Melanson
-  dss_sp.c                              Oleksij Rempel, Michael Niedermayer
-  dv.c                                  Roman Shaposhnik
-  dvbsubdec.c                           Anshul Maheshwari
-  dxa.c                                 Kostya Shishkov
-  eacmv*, eaidct*, eat*                 Peter Ross
-  evrc*                                 Paul B Mahol
-  exif.c, exif.h                        Thilo Borgmann
-  ffv1*                                 Michael Niedermayer
-  ffwavesynth.c                         Nicolas George
-  fic.c                                 Derek Buitenhuis
-  flac*                                 Justin Ruggles
-  flashsv*                              Benjamin Larsson
-  flicvideo.c                           Mike Melanson
-  g722.c                                Martin Storsjo
-  g726.c                                Roman Shaposhnik
-  gifdec.c                              Baptiste Coudurier
-  h261*                                 Michael Niedermayer
-  h263*                                 Michael Niedermayer
-  h264*                                 Loren Merritt, Michael Niedermayer
-  hap*                                  Tom Butterworth
-  huffyuv*                              Michael Niedermayer, Christophe Gisquet
-  idcinvideo.c                          Mike Melanson
-  imc*                                  Benjamin Larsson
-  indeo2*                               Kostya Shishkov
-  indeo5*                               Kostya Shishkov
-  interplayvideo.c                      Mike Melanson
-  ivi*                                  Kostya Shishkov
-  jacosub*                              Clément Bœsch
-  jpeg2000*                             Nicolas Bertrand
-  jpeg_ls.c                             Kostya Shishkov
-  jvdec.c                               Peter Ross
-  kmvc.c                                Kostya Shishkov
-  lcl*.c                                Roberto Togni, Reimar Doeffinger
-  libcelt_dec.c                         Nicolas George
-  libdirac*                             David Conrad
-  libgsm.c                              Michel Bardiaux
-  libkvazaar.c                          Arttu Ylä-Outinen
-  libopenjpeg.c                         Jaikrishnan Menon
-  libopenjpegenc.c                      Michael Bradshaw
-  libschroedinger*                      David Conrad
-  libspeexdec.c                         Justin Ruggles
-  libtheoraenc.c                        David Conrad
-  libutvideo*                           Carl Eugen Hoyos
-  libvorbis.c                           David Conrad
-  libvpx*                               James Zern
-  libx264.c                             Mans Rullgard, Jason Garrett-Glaser
-  libx265.c                             Derek Buitenhuis
-  libxavs.c                             Stefan Gehrer
-  libzvbi-teletextdec.c                 Marton Balint
-  loco.c                                Kostya Shishkov
-  lzo.h, lzo.c                          Reimar Doeffinger
-  mdec.c                                Michael Niedermayer
-  mimic.c                               Ramiro Polla
-  mjpeg*.c                              Michael Niedermayer
-  mlp*                                  Ramiro Polla
-  mmvideo.c                             Peter Ross
-  mpc*                                  Kostya Shishkov
-  mpeg12.c, mpeg12data.h                Michael Niedermayer
-  mpegvideo.c, mpegvideo.h              Michael Niedermayer
-  mqc*                                  Nicolas Bertrand
-  msmpeg4.c, msmpeg4data.h              Michael Niedermayer
-  msrle.c                               Mike Melanson
-  msvideo1.c                            Mike Melanson
-  nellymoserdec.c                       Benjamin Larsson
-  nuv.c                                 Reimar Doeffinger
-  nvenc.c                               Timo Rothenpieler
-  paf.*                                 Paul B Mahol
-  pcx.c                                 Ivo van Poorten
-  pgssubdec.c                           Reimar Doeffinger
-  ptx.c                                 Ivo van Poorten
-  qcelp*                                Reynaldo H. Verdejo Pinochet
-  qdm2.c, qdm2data.h                    Roberto Togni, Benjamin Larsson
-  qdrw.c                                Kostya Shishkov
-  qpeg.c                                Kostya Shishkov
-  qsv*                                  Ivan Uskov
-  qtrle.c                               Mike Melanson
-  ra144.c, ra144.h, ra288.c, ra288.h    Roberto Togni
-  resample2.c                           Michael Niedermayer
-  rl2.c                                 Sascha Sommer
-  rpza.c                                Roberto Togni
-  rtjpeg.c, rtjpeg.h                    Reimar Doeffinger
-  rv10.c                                Michael Niedermayer
-  rv3*                                  Kostya Shishkov
-  rv4*                                  Kostya Shishkov, Christophe Gisquet
-  s3tc*                                 Ivo van Poorten
-  smacker.c                             Kostya Shishkov
-  smc.c                                 Mike Melanson
-  smvjpegdec.c                          Ash Hughes
-  snow*                                 Michael Niedermayer, Loren Merritt
-  sonic.c                               Alex Beregszaszi
-  srt*                                  Aurelien Jacobs
-  sunrast.c                             Ivo van Poorten
-  svq3.c                                Michael Niedermayer
-  tak*                                  Paul B Mahol
-  targa.c                               Kostya Shishkov
-  tiff.c                                Kostya Shishkov
-  truemotion1*                          Mike Melanson
-  truemotion2*                          Kostya Shishkov
-  truespeech.c                          Kostya Shishkov
-  tscc.c                                Kostya Shishkov
-  tta.c                                 Alex Beregszaszi, Jaikrishnan Menon
-  ttaenc.c                              Paul B Mahol
-  txd.c                                 Ivo van Poorten
-  ulti*                                 Kostya Shishkov
-  v410*.c                               Derek Buitenhuis
-  vb.c                                  Kostya Shishkov
-  vble.c                                Derek Buitenhuis
-  vc1*                                  Kostya Shishkov, Christophe Gisquet
-  vc2*                                  Rostislav Pehlivanov
-  vcr1.c                                Michael Niedermayer
-  vda_h264_dec.c                        Xidorn Quan
-  vima.c                                Paul B Mahol
-  vmnc.c                                Kostya Shishkov
-  vorbisdec.c                           Denes Balatoni, David Conrad
-  vorbisenc.c                           Oded Shimon
-  vp3*                                  Mike Melanson
-  vp5                                   Aurelien Jacobs
-  vp6                                   Aurelien Jacobs
-  vp8                                   David Conrad, Jason Garrett-Glaser, Ronald Bultje
-  vp9                                   Ronald Bultje, Clément Bœsch
-  vqavideo.c                            Mike Melanson
-  wavpack.c                             Kostya Shishkov
-  wmaprodec.c                           Sascha Sommer
-  wmavoice.c                            Ronald S. Bultje
-  wmv2.c                                Michael Niedermayer
-  wnv1.c                                Kostya Shishkov
-  xan.c                                 Mike Melanson
-  xbm*                                  Paul B Mahol
-  xface                                 Stefano Sabatini
-  xl.c                                  Kostya Shishkov
-  xvmc.c                                Ivan Kalvachev
-  xwd*                                  Paul B Mahol
-  zerocodec.c                           Derek Buitenhuis
-  zmbv*                                 Kostya Shishkov
-
-Hardware acceleration:
-  crystalhd.c                           Philip Langdale
-  dxva2*                                Hendrik Leppkes, Laurent Aimar
-  vaapi*                                Gwenole Beauchesne
-  vda*                                  Sebastien Zwickert
-  vdpau*                                Philip Langdale, Carl Eugen Hoyos
-  videotoolbox*                         Sebastien Zwickert
-
-
-libavdevice
-===========
-  External Interface:
-    libavdevice/avdevice.h
-
-
-  avfoundation.m                        Thilo Borgmann
-  decklink*                             Deti Fliegl
-  dshow.c                               Roger Pack (CC rogerdpack@gmail.com)
-  fbdev_enc.c                           Lukasz Marek
-  gdigrab.c                             Roger Pack (CC rogerdpack@gmail.com)
-  iec61883.c                            Georg Lippitsch
-  lavfi                                 Stefano Sabatini
-  libdc1394.c                           Roman Shaposhnik
-  opengl_enc.c                          Lukasz Marek
-  pulse_audio_enc.c                     Lukasz Marek
-  qtkit.m                               Thilo Borgmann
-  sdl                                   Stefano Sabatini
-  v4l2.c                                Giorgio Vazzana
-  vfwcap.c                              Ramiro Polla
-  xv.c                                  Lukasz Marek
-
-libavfilter
-===========
-
-Generic parts:
-  graphdump.c                           Nicolas George
-
-Filters:
-  f_drawgraph.c                         Paul B Mahol
-  af_adelay.c                           Paul B Mahol
-  af_aecho.c                            Paul B Mahol
-  af_afade.c                            Paul B Mahol
-  af_amerge.c                           Nicolas George
-  af_aphaser.c                          Paul B Mahol
-  af_aresample.c                        Michael Niedermayer
-  af_astats.c                           Paul B Mahol
-  af_atempo.c                           Pavel Koshevoy
-  af_biquads.c                          Paul B Mahol
-  af_chorus.c                           Paul B Mahol
-  af_compand.c                          Paul B Mahol
-  af_ladspa.c                           Paul B Mahol
-  af_pan.c                              Nicolas George
-  af_sidechaincompress.c                Paul B Mahol
-  af_silenceremove.c                    Paul B Mahol
-  avf_aphasemeter.c                     Paul B Mahol
-  avf_avectorscope.c                    Paul B Mahol
-  avf_showcqt.c                         Muhammad Faiz
-  vf_blend.c                            Paul B Mahol
-  vf_chromakey.c                        Timo Rothenpieler
-  vf_colorchannelmixer.c                Paul B Mahol
-  vf_colorbalance.c                     Paul B Mahol
-  vf_colorkey.c                         Timo Rothenpieler
-  vf_colorlevels.c                      Paul B Mahol
-  vf_deband.c                           Paul B Mahol
-  vf_dejudder.c                         Nicholas Robbins
-  vf_delogo.c                           Jean Delvare (CC <jdelvare@suse.com>)
-  vf_drawbox.c/drawgrid                 Andrey Utkin
-  vf_extractplanes.c                    Paul B Mahol
-  vf_histogram.c                        Paul B Mahol
-  vf_hqx.c                              Clément Bœsch
-  vf_idet.c                             Pascal Massimino
-  vf_il.c                               Paul B Mahol
-  vf_lenscorrection.c                   Daniel Oberhoff
-  vf_mergeplanes.c                      Paul B Mahol
-  vf_neighbor.c                         Paul B Mahol
-  vf_psnr.c                             Paul B Mahol
-  vf_random.c                           Paul B Mahol
-  vf_scale.c                            Michael Niedermayer
-  vf_separatefields.c                   Paul B Mahol
-  vf_ssim.c                             Paul B Mahol
-  vf_stereo3d.c                         Paul B Mahol
-  vf_telecine.c                         Paul B Mahol
-  vf_yadif.c                            Michael Niedermayer
-  vf_zoompan.c                          Paul B Mahol
-
-Sources:
-  vsrc_mandelbrot.c                     Michael Niedermayer
-
-libavformat
-===========
-
-Generic parts:
-  External Interface:
-    libavformat/avformat.h              Michael Niedermayer
-  Utility Code:
-    libavformat/utils.c                 Michael Niedermayer
-
-
-Muxers/Demuxers:
-  4xm.c                                 Mike Melanson
-  aadec.c                               Vesselin Bontchev (vesselin.bontchev at yandex dot com)
-  adtsenc.c                             Robert Swain
-  afc.c                                 Paul B Mahol
-  aiffdec.c                             Baptiste Coudurier, Matthieu Bouron
-  aiffenc.c                             Baptiste Coudurier, Matthieu Bouron
-  ape.c                                 Kostya Shishkov
-  apngdec.c                             Benoit Fouet
-  ass*                                  Aurelien Jacobs
-  astdec.c                              Paul B Mahol
-  astenc.c                              James Almer
-  avi*                                  Michael Niedermayer
-  avisynth.c                            AvxSynth Team (avxsynth.testing at gmail dot com)
-  avr.c                                 Paul B Mahol
-  bink.c                                Peter Ross
-  brstm.c                               Paul B Mahol
-  caf*                                  Peter Ross
-  cdxl.c                                Paul B Mahol
-  crc.c                                 Michael Niedermayer
-  daud.c                                Reimar Doeffinger
-  dss.c                                 Oleksij Rempel, Michael Niedermayer
-  dtshddec.c                            Paul B Mahol
-  dv.c                                  Roman Shaposhnik
-  dxa.c                                 Kostya Shishkov
-  electronicarts.c                      Peter Ross
-  epafdec.c                             Paul B Mahol
-  ffm*                                  Baptiste Coudurier
-  flac*                                 Justin Ruggles
-  flic.c                                Mike Melanson
-  flvdec.c, flvenc.c                    Michael Niedermayer
-  gxf.c                                 Reimar Doeffinger
-  gxfenc.c                              Baptiste Coudurier
-  hls.c                                 Anssi Hannula
-  hls encryption (hlsenc.c)             Christian Suloway
-  idcin.c                               Mike Melanson
-  idroqdec.c                            Mike Melanson
-  iff.c                                 Jaikrishnan Menon
-  img2*.c                               Michael Niedermayer
-  ipmovie.c                             Mike Melanson
-  ircam*                                Paul B Mahol
-  iss.c                                 Stefan Gehrer
-  jacosub*                              Clément Bœsch
-  jvdec.c                               Peter Ross
-  libmodplug.c                          Clément Bœsch
-  libnut.c                              Oded Shimon
-  lmlm4.c                               Ivo van Poorten
-  lvfdec.c                              Paul B Mahol
-  lxfdec.c                              Tomas Härdin
-  matroska.c                            Aurelien Jacobs
-  matroskadec.c                         Aurelien Jacobs
-  matroskaenc.c                         David Conrad
-  matroska subtitles (matroskaenc.c)    John Peebles
-  metadata*                             Aurelien Jacobs
-  mgsts.c                               Paul B Mahol
-  microdvd*                             Aurelien Jacobs
-  mm.c                                  Peter Ross
-  mov.c                                 Michael Niedermayer, Baptiste Coudurier
-  movenc.c                              Baptiste Coudurier, Matthieu Bouron
-  movenccenc.c                          Eran Kornblau
-  mpc.c                                 Kostya Shishkov
-  mpeg.c                                Michael Niedermayer
-  mpegenc.c                             Michael Niedermayer
-  mpegts.c                              Marton Balint
-  mpegtsenc.c                           Baptiste Coudurier
-  msnwc_tcp.c                           Ramiro Polla
-  mtv.c                                 Reynaldo H. Verdejo Pinochet
-  mxf*                                  Baptiste Coudurier
-  mxfdec.c                              Tomas Härdin
-  nistspheredec.c                       Paul B Mahol
-  nsvdec.c                              Francois Revol
-  nut*                                  Michael Niedermayer
-  nuv.c                                 Reimar Doeffinger
-  oggdec.c, oggdec.h                    David Conrad
-  oggenc.c                              Baptiste Coudurier
-  oggparse*.c                           David Conrad
-  oggparsedaala*                        Rostislav Pehlivanov
-  oma.c                                 Maxim Poliakovski
-  paf.c                                 Paul B Mahol
-  psxstr.c                              Mike Melanson
-  pva.c                                 Ivo van Poorten
-  pvfdec.c                              Paul B Mahol
-  r3d.c                                 Baptiste Coudurier
-  raw.c                                 Michael Niedermayer
-  rdt.c                                 Ronald S. Bultje
-  rl2.c                                 Sascha Sommer
-  rmdec.c, rmenc.c                      Ronald S. Bultje, Kostya Shishkov
-  rtmp*                                 Kostya Shishkov
-  rtp.c, rtpenc.c                       Martin Storsjo
-  rtpdec_ac3.*                          Gilles Chanteperdrix
-  rtpdec_dv.*                           Thomas Volkert
-  rtpdec_h261.*, rtpenc_h261.*          Thomas Volkert
-  rtpdec_hevc.*, rtpenc_hevc.*          Thomas Volkert
-  rtpdec_mpa_robust.*                   Gilles Chanteperdrix
-  rtpdec_asf.*                          Ronald S. Bultje
-  rtpdec_vp9.c                          Thomas Volkert
-  rtpenc_mpv.*, rtpenc_aac.*            Martin Storsjo
-  rtsp.c                                Luca Barbato
-  sbgdec.c                              Nicolas George
-  sdp.c                                 Martin Storsjo
-  segafilm.c                            Mike Melanson
-  segment.c                             Stefano Sabatini
-  siff.c                                Kostya Shishkov
-  smacker.c                             Kostya Shishkov
-  smjpeg*                               Paul B Mahol
-  spdif*                                Anssi Hannula
-  srtdec.c                              Aurelien Jacobs
-  swf.c                                 Baptiste Coudurier
-  takdec.c                              Paul B Mahol
-  tta.c                                 Alex Beregszaszi
-  txd.c                                 Ivo van Poorten
-  voc.c                                 Aurelien Jacobs
-  wav.c                                 Michael Niedermayer
-  wc3movie.c                            Mike Melanson
-  webm dash (matroskaenc.c)             Vignesh Venkatasubramanian
-  webvtt*                               Matthew J Heaney
-  westwood.c                            Mike Melanson
-  wtv.c                                 Peter Ross
-  wv.c                                  Kostya Shishkov
-  wvenc.c                               Paul B Mahol
-
-Protocols:
-  async.c                               Zhang Rui
-  bluray.c                              Petri Hintukainen
-  ftp.c                                 Lukasz Marek
-  http.c                                Ronald S. Bultje
-  libssh.c                              Lukasz Marek
-  mms*.c                                Ronald S. Bultje
-  udp.c                                 Luca Abeni
-  icecast.c                             Marvin Scholz
-
-
-libswresample
-=============
-
-Generic parts:
-  audioconvert.c                        Michael Niedermayer
-  dither.c                              Michael Niedermayer
-  rematrix*.c                           Michael Niedermayer
-  swresample*.c                         Michael Niedermayer
-
-Resamplers:
-  resample*.c                           Michael Niedermayer
-  soxr_resample.c                       Rob Sykes
-
-
-Operating systems / CPU architectures
-=====================================
-
-Alpha                                   Mans Rullgard, Falk Hueffner
-ARM                                     Mans Rullgard
-AVR32                                   Mans Rullgard
-MIPS                                    Mans Rullgard, Nedeljko Babic
-Mac OS X / PowerPC                      Romain Dolbeau, Guillaume Poirier
-Amiga / PowerPC                         Colin Ward
-Linux / PowerPC                         Luca Barbato
-Windows MinGW                           Alex Beregszaszi, Ramiro Polla
-Windows Cygwin                          Victor Paesa
-Windows MSVC                            Matthew Oliver, Hendrik Leppkes
-Windows ICL                             Matthew Oliver
-ADI/Blackfin DSP                        Marc Hoffman
-Sparc                                   Roman Shaposhnik
-x86                                     Michael Niedermayer
-
-
-Releases
-========
-
-2.8                                     Michael Niedermayer
-2.7                                     Michael Niedermayer
-2.6                                     Michael Niedermayer
-2.5                                     Michael Niedermayer
-2.4                                     Michael Niedermayer
-
-If you want to maintain an older release, please contact us
-
-
-GnuPG Fingerprints of maintainers and contributors
-==================================================
-
-Alexander Strasser            1C96 78B7 83CB 8AA7 9AF5 D1EB A7D8 A57B A876 E58F
-Anssi Hannula                 1A92 FF42 2DD9 8D2E 8AF7 65A9 4278 C520 513D F3CB
-Anton Khirnov                 6D0C 6625 56F8 65D1 E5F5 814B B50A 1241 C067 07AB
-Ash Hughes                    694D 43D2 D180 C7C7 6421 ABD3 A641 D0B7 623D 6029
-Attila Kinali                 11F0 F9A6 A1D2 11F6 C745 D10C 6520 BCDD F2DF E765
-Baptiste Coudurier            8D77 134D 20CC 9220 201F C5DB 0AC9 325C 5C1A BAAA
-Ben Littler                   3EE3 3723 E560 3214 A8CD 4DEB 2CDB FCE7 768C 8D2C
-Benoit Fouet                  B22A 4F4F 43EF 636B BB66 FCDC 0023 AE1E 2985 49C8
-Clément Bœsch                 52D0 3A82 D445 F194 DB8B 2B16 87EE 2CB8 F4B8 FCF9
-Daniel Verkamp                78A6 07ED 782C 653E C628 B8B9 F0EB 8DD8 2F0E 21C7
-Diego Biurrun                 8227 1E31 B6D9 4994 7427 E220 9CAE D6CC 4757 FCC5
-FFmpeg release signing key    FCF9 86EA 15E6 E293 A564 4F10 B432 2F04 D676 58D8
-Ganesh Ajjanagadde            C96A 848E 97C3 CEA2 AB72 5CE4 45F9 6A2D 3C36 FB1B
-Gwenole Beauchesne            2E63 B3A6 3E44 37E2 017D 2704 53C7 6266 B153 99C4
-Jaikrishnan Menon             61A1 F09F 01C9 2D45 78E1 C862 25DC 8831 AF70 D368
-Jean Delvare                  7CA6 9F44 60F1 BDC4 1FD2 C858 A552 6B9B B3CD 4E6A
-Justin Ruggles                3136 ECC0 C10D 6C04 5F43 CA29 FCBE CD2A 3787 1EBF
-Loren Merritt                 ABD9 08F4 C920 3F65 D8BE 35D7 1540 DAA7 060F 56DE
-Lou Logan                     7D68 DC73 CBEF EABB 671A B6CF 621C 2E28 82F8 DC3A
-Luca Barbato                  6677 4209 213C 8843 5B67 29E7 E84C 78C2 84E9 0E34
-Michael Niedermayer           9FF2 128B 147E F673 0BAD F133 611E C787 040B 0FAB
-Nicolas George                24CE 01CE 9ACC 5CEB 74D8 8D9D B063 D997 36E5 4C93
-Panagiotis Issaris            6571 13A3 33D9 3726 F728 AA98 F643 B12E ECF3 E029
-Peter Ross                    A907 E02F A6E5 0CD2 34CD 20D2 6760 79C5 AC40 DD6B
-Philip Langdale               5DC5 8D66 5FBA 3A43 18EC 045E F8D6 B194 6A75 682E
-Reimar Doeffinger             C61D 16E5 9E2C D10C 8958 38A4 0899 A2B9 06D4 D9C7
-Reinhard Tartler              9300 5DC2 7E87 6C37 ED7B CA9A 9808 3544 9453 48A4
-Reynaldo H. Verdejo Pinochet  6E27 CD34 170C C78E 4D4F 5F40 C18E 077F 3114 452A
-Robert Swain                  EE7A 56EA 4A81 A7B5 2001 A521 67FA 362D A2FC 3E71
-Sascha Sommer                 38A0 F88B 868E 9D3A 97D4 D6A0 E823 706F 1E07 0D3C
-Stefano Sabatini              0D0B AD6B 5330 BBAD D3D6 6A0C 719C 2839 FC43 2D5F
-Stephan Hilb                  4F38 0B3A 5F39 B99B F505 E562 8D5C 5554 4E17 8863
-Tiancheng "Timothy" Gu        9456 AFC0 814A 8139 E994 8351 7FE6 B095 B582 B0D4
-Tim Nicholson                 38CF DB09 3ED0 F607 8B67 6CED 0C0B FC44 8B0B FC83
-Tomas Härdin                  A79D 4E3D F38F 763F 91F5 8B33 A01E 8AE0 41BB 2551
-Wei Gao                       4269 7741 857A 0E60 9EC5 08D2 4744 4EFA 62C1 87B9
diff --git a/media/ffvpx/README.md b/media/ffvpx/README.md
deleted file mode 100644
index 241919193..000000000
--- a/media/ffvpx/README.md
+++ /dev/null
@@ -1,49 +0,0 @@
-FFmpeg README
-=============
-
-FFmpeg is a collection of libraries and tools to process multimedia content
-such as audio, video, subtitles and related metadata.
-
-## Libraries
-
-* `libavcodec` provides implementation of a wider range of codecs.
-* `libavformat` implements streaming protocols, container formats and basic I/O access.
-* `libavutil` includes hashers, decompressors and miscellaneous utility functions.
-* `libavfilter` provides a mean to alter decoded Audio and Video through chain of filters.
-* `libavdevice` provides an abstraction to access capture and playback devices.
-* `libswresample` implements audio mixing and resampling routines.
-* `libswscale` implements color conversion and scaling routines.
-
-## Tools
-
-* [ffmpeg](https://ffmpeg.org/ffmpeg.html) is a command line toolbox to
-  manipulate, convert and stream multimedia content.
-* [ffplay](https://ffmpeg.org/ffplay.html) is a minimalistic multimedia player.
-* [ffprobe](https://ffmpeg.org/ffprobe.html) is a simple analysis tool to inspect
-  multimedia content.
-* [ffserver](https://ffmpeg.org/ffserver.html) is a multimedia streaming server
-  for live broadcasts.
-* Additional small tools such as `aviocat`, `ismindex` and `qt-faststart`.
-
-## Documentation
-
-The offline documentation is available in the **doc/** directory.
-
-The online documentation is available in the main [website](https://ffmpeg.org)
-and in the [wiki](https://trac.ffmpeg.org).
-
-### Examples
-
-Coding examples are available in the **doc/examples** directory.
-
-## License
-
-FFmpeg codebase is mainly LGPL-licensed with optional components licensed under
-GPL. Please refer to the LICENSE file for detailed information.
-
-## Contributing
-
-Patches should be submitted to the ffmpeg-devel mailing list using
-`git format-patch` or `git send-email`. Github pull requests should be
-avoided because they are not part of our review process. Few developers
-follow pull requests so they will likely be ignored.
diff --git a/media/ffvpx/README_MCP b/media/ffvpx/README_MCP
new file mode 100644
index 000000000..4555e08da
--- /dev/null
+++ b/media/ffvpx/README_MCP
@@ -0,0 +1,48 @@
+This directory contains files used in goanna builds from FFmpeg
+(http://ffmpeg.org). The current files are from FFmpeg as of
+Release 3.4.2
+All source files match their path from the library's source archive.
+
+Currently, we only use the vp8 and vp9 portion of the library, and only on x86
+based platforms. If this changes, configuration files will most likely
+need to be updated.
+
+AVX2 must be disabled on Linux 32 bits due to the use of yasm 1.1 on the build bots.
+Once yasm is upgraded to 1.2 or later, AVX2 code could be re-enabled.
+Add --disable-avx2 to configure on those platforms.
+
+configuration files were generated as follow using the configure script:
+./configure --disable-everything --disable-protocols --disable-demuxers --disable-muxers --disable-filters --disable-programs --disable-doc --disable-parsers --enable-parser=vp8 --enable-parser=vp9 --enable-decoder=vp8 --enable-decoder=vp9 --disable-static --enable-shared --disable-debug --disable-sdl2 --disable-libxcb --disable-securetransport --disable-iconv --disable-swresample --disable-swscale --disable-avdevice --disable-avfilter --disable-avformat --disable-d3d11va --disable-dxva2 --disable-vaapi --disable-vda --disable-vdpau --disable-videotoolbox --enable-decoder=flac --enable-asm --enable-x86asm
+
+config*:
+replace: /HAVE_(MALLOC_H|ARC4RANDOM|LOCALTIME_R|MEMALIGN|POSIX_MEMALIGN)/d
+
+config_darwin32.h:
+add to configure command: --disable-asm --disable-yasm --cc='clang -m32'
+
+config_unix32.h:
+add to configure command: --disable-asm --disable-x86asm --cc='clang -m32'
+replace: s/HAVE_SYSCTL 1/HAVE_SYSCTL 0/ and s/HAVE_MEMALIGN 1/HAVE_MEMALIGN 0/ and s/HAVE_POSIX_MEMALIGN 1/HAVE_POSIX_MEMALIGN 0/
+
+
+config_unix32.h/config_unix64.h/config_unix64.asm:
+replace: s/HAVE_SYSCTL 1/HAVE_SYSCTL 0
+
+config_win32/64.h/asm:
+add to configure command: --toolchain=msvc
+
+Regenerate defaults_disabled.{h,asm} with:
+$ grep -E ".*_(INDEV|OUTDEV|DECODER|ENCODER|DEMUXER|MUXER|PARSER|FILTER|HWACCEL|PROTOCOL|ENCODERS|DECODERS|HWACCELS|INDEVS|OUTDEVS|FILTERS|DEMUXERS|MUXERS|PROTOCOLS) 0" config.h > ~/Work/Mozilla/mozilla-central/media/ffvpx/defaults_disabled.h
+$ grep -E ".*_(INDEV|OUTDEV|DECODER|ENCODER|DEMUXER|MUXER|PARSER|FILTER|HWACCEL|PROTOCOL|ENCODERS|DECODERS|HWACCELS|INDEVS|OUTDEVS|FILTERS|DEMUXERS|MUXERS|PROTOCOLS) 0" config.asm > ~/Work/Mozilla/mozilla-central/media/ffvpx/defaults_disabled.asm
+
+All new decoders/muxers/encoders/... should be added in the list of dummy functions found in libavcodec/dummy_funcs.c
+otherwise linkage will fail on Windows. On other platforms they are optimised out and aren't necessary.
+The GNU comm utility is a useful tool to compare and extract only the changes.
+
+To update the source tree, perform a diff on the files listed in FILES.
+The diffs should typically apply to the ffvpx tree.
+e.g. something like this would do:
+Run in the ffmpeg original tree:
+$ for i in `cat $PATH_CENTRAL/media/ffvpx/FILES`; do diff $REV_LASTSYNC HEAD >> patch.diff; done
+Then apply patch.diff on the ffvpx tree.
+Compilation will reveal if any files are missing.
diff --git a/media/ffvpx/README_MOZILLA b/media/ffvpx/README_MOZILLA
deleted file mode 100644
index 7f42d0513..000000000
--- a/media/ffvpx/README_MOZILLA
+++ /dev/null
@@ -1,39 +0,0 @@
-This directory contains files used in goanna builds from FFmpeg
-(http://ffmpeg.org). The current files are from FFmpeg as of
-revision n3.2-65-gee56777
-All source files match their path from the library's source archive.
-
-Currently, we only use the vp8 and vp9 portion of the library, and only on x86
-based platforms. If this changes, configuration files will most likely
-need to be updated.
-
-AVX2 must be disabled on Linux due to the use of yasm 1.1 on the build bots.
-Once yasm is upgraded to 1.2 or later, AVX2 code could be re-enabled.
-Add --disable-avx2 to configure on those platforms.
-
-configuration files were generated as follow using the configure script:
-./configure --disable-everything --disable-protocols --disable-demuxers --disable-muxers --disable-filters --disable-programs --disable-doc --disable-parsers --enable-parser=vp8 --enable-parser=vp9 --enable-decoder=vp8 --enable-decoder=vp9 --disable-static --enable-shared --disable-debug --disable-sdl --disable-libxcb --disable-securetransport --disable-iconv --disable-swresample --disable-swscale --disable-avdevice --disable-avfilter --disable-avformat --disable-d3d11va --disable-dxva2 --disable-vaapi --disable-vda --disable-vdpau --disable-videotoolbox --enable-asm --enable-yasm
-
-config*:
-replace: /HAVE_(MALLOC_H|ARC4RANDOM|LOCALTIME_R|MEMALIGN|POSIX_MEMALIGN)/d
-
-config_darwin32.h:
-add to configure command: --disable-asm --disable-yasm --cc='clang -m32'
-
-config_unix32.h:
-add to configure command: --disable-asm --disable-yasm --cc='clang -m32'
-replace: s/HAVE_SYSCTL 1/HAVE_SYSCTL 0/ and s/HAVE_MEMALIGN 1/HAVE_MEMALIGN 0/ and s/HAVE_POSIX_MEMALIGN 1/HAVE_POSIX_MEMALIGN 0/
-
-
-config_unix64.h/config_unix64.asm:
-replace: s/HAVE_SYSCTL 1/HAVE_SYSCTL 0
-
-config_win32/64.h/asm:
-add to configure command: --toolchain=msvc
-
-23 Sept 2016: libavcodec/pthread_frame.c has been patched so as to avoid
-generating large numbers of warnings from TSan (Thread Sanitizer) when
-decoding vp9 streams.  This will likely be fixed upstream sometime soon.
-When resyncing with upstream, first un-apply the patch shown at
-https://bugzilla.mozilla.org/show_bug.cgi?id=1274256#c60, then resync,
-then assess whether the patch is still necessary.
diff --git a/media/ffvpx/RELEASE b/media/ffvpx/RELEASE
deleted file mode 100644
index 9f55b2ccb..000000000
--- a/media/ffvpx/RELEASE
+++ /dev/null
@@ -1 +0,0 @@
-3.0
diff --git a/media/ffvpx/RELEASE_NOTES b/media/ffvpx/RELEASE_NOTES
deleted file mode 100644
index 861dc04a1..000000000
--- a/media/ffvpx/RELEASE_NOTES
+++ /dev/null
@@ -1,15 +0,0 @@
-
-              ┌─────────────────────────────────────────┐
-              │ RELEASE NOTES for FFmpeg 3.0 "Einstein" │
-              └─────────────────────────────────────────┘
-
-   The FFmpeg Project proudly presents FFmpeg 3.0 "Einstein", about 5
-   months after the release of FFmpeg 2.8.
-
-   A complete Changelog is available at the root of the project, and the
-   complete Git history on http://source.ffmpeg.org.
-
-   We hope you will like this release as much as we enjoyed working on it, and
-   as usual, if you have any questions about it, or any FFmpeg related topic,
-   feel free to join us on the #ffmpeg IRC channel (on irc.freenode.net) or ask
-   on the mailing-lists.
diff --git a/media/ffvpx/changes.patch b/media/ffvpx/changes.patch
index 9cb49afaf..49a49b26b 100644
--- a/media/ffvpx/changes.patch
+++ b/media/ffvpx/changes.patch
@@ -50,16 +50,3 @@ index 9fb8d0a..97ad3b9 100644
          rgba_color[0] = rgba >> 24;
          rgba_color[1] = rgba >> 16;
          rgba_color[2] = rgba >> 8;
-diff --git a/media/ffvpx/libavcodec/options.c b/media/ffvpx/libavcodec/options.c
-index d8e3dbf..f25df2a 100644
---- a/media/ffvpx/libavcodec/options.c
-+++ b/media/ffvpx/libavcodec/options.c
-@@ -34,7 +34,7 @@
- #include <string.h>
- 
- FF_DISABLE_DEPRECATION_WARNINGS
--#include "options_table.h"
-+#include "ff_options_table.h"
- FF_ENABLE_DEPRECATION_WARNINGS
- 
- static const char* context_to_name(void* ptr) {
diff --git a/media/ffvpx/compat/atomics/win32/stdatomic.h b/media/ffvpx/compat/atomics/win32/stdatomic.h
new file mode 100644
index 000000000..bb8e6e7e1
--- /dev/null
+++ b/media/ffvpx/compat/atomics/win32/stdatomic.h
@@ -0,0 +1,181 @@
+/*
+ * This file is part of FFmpeg.
+ *
+ * FFmpeg is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * FFmpeg is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with FFmpeg; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#ifndef COMPAT_ATOMICS_WIN32_STDATOMIC_H
+#define COMPAT_ATOMICS_WIN32_STDATOMIC_H
+
+#define WIN32_LEAN_AND_MEAN
+#include <stddef.h>
+#include <stdint.h>
+#include <windows.h>
+
+#define ATOMIC_FLAG_INIT 0
+
+#define ATOMIC_VAR_INIT(value) (value)
+
+#define atomic_init(obj, value) \
+do {                            \
+    *(obj) = (value);           \
+} while(0)
+
+#define kill_dependency(y) ((void)0)
+
+#define atomic_thread_fence(order) \
+    MemoryBarrier();
+
+#define atomic_signal_fence(order) \
+    ((void)0)
+
+#define atomic_is_lock_free(obj) 0
+
+typedef intptr_t atomic_flag;
+typedef intptr_t atomic_bool;
+typedef intptr_t atomic_char;
+typedef intptr_t atomic_schar;
+typedef intptr_t atomic_uchar;
+typedef intptr_t atomic_short;
+typedef intptr_t atomic_ushort;
+typedef intptr_t atomic_int;
+typedef intptr_t atomic_uint;
+typedef intptr_t atomic_long;
+typedef intptr_t atomic_ulong;
+typedef intptr_t atomic_llong;
+typedef intptr_t atomic_ullong;
+typedef intptr_t atomic_wchar_t;
+typedef intptr_t atomic_int_least8_t;
+typedef intptr_t atomic_uint_least8_t;
+typedef intptr_t atomic_int_least16_t;
+typedef intptr_t atomic_uint_least16_t;
+typedef intptr_t atomic_int_least32_t;
+typedef intptr_t atomic_uint_least32_t;
+typedef intptr_t atomic_int_least64_t;
+typedef intptr_t atomic_uint_least64_t;
+typedef intptr_t atomic_int_fast8_t;
+typedef intptr_t atomic_uint_fast8_t;
+typedef intptr_t atomic_int_fast16_t;
+typedef intptr_t atomic_uint_fast16_t;
+typedef intptr_t atomic_int_fast32_t;
+typedef intptr_t atomic_uint_fast32_t;
+typedef intptr_t atomic_int_fast64_t;
+typedef intptr_t atomic_uint_fast64_t;
+typedef intptr_t atomic_intptr_t;
+typedef intptr_t atomic_uintptr_t;
+typedef intptr_t atomic_size_t;
+typedef intptr_t atomic_ptrdiff_t;
+typedef intptr_t atomic_intmax_t;
+typedef intptr_t atomic_uintmax_t;
+
+#define atomic_store(object, desired)   \
+do {                                    \
+    *(object) = (desired);              \
+    MemoryBarrier();                    \
+} while (0)
+
+#define atomic_store_explicit(object, desired, order) \
+    atomic_store(object, desired)
+
+#define atomic_load(object) \
+    (MemoryBarrier(), *(object))
+
+#define atomic_load_explicit(object, order) \
+    atomic_load(object)
+
+#define atomic_exchange(object, desired) \
+    InterlockedExchangePointer(object, desired);
+
+#define atomic_exchange_explicit(object, desired, order) \
+    atomic_exchange(object, desired)
+
+static inline int atomic_compare_exchange_strong(intptr_t *object, intptr_t *expected,
+                                                 intptr_t desired)
+{
+    intptr_t old = *expected;
+    *expected = (intptr_t)InterlockedCompareExchangePointer(
+        (PVOID *)object, (PVOID)desired, (PVOID)old);
+    return *expected == old;
+}
+
+#define atomic_compare_exchange_strong_explicit(object, expected, desired, success, failure) \
+    atomic_compare_exchange_strong(object, expected, desired)
+
+#define atomic_compare_exchange_weak(object, expected, desired) \
+    atomic_compare_exchange_strong(object, expected, desired)
+
+#define atomic_compare_exchange_weak_explicit(object, expected, desired, success, failure) \
+    atomic_compare_exchange_weak(object, expected, desired)
+
+#ifdef _WIN64
+#define atomic_fetch_add(object, operand) \
+    InterlockedExchangeAdd64(object, operand)
+
+#define atomic_fetch_sub(object, operand) \
+    InterlockedExchangeAdd64(object, -(operand))
+
+#define atomic_fetch_or(object, operand) \
+    InterlockedOr64(object, operand)
+
+#define atomic_fetch_xor(object, operand) \
+    InterlockedXor64(object, operand)
+
+#define atomic_fetch_and(object, operand) \
+    InterlockedAnd64(object, operand)
+#else
+#define atomic_fetch_add(object, operand) \
+    InterlockedExchangeAdd(object, operand)
+
+#define atomic_fetch_sub(object, operand) \
+    InterlockedExchangeAdd(object, -(operand))
+
+#define atomic_fetch_or(object, operand) \
+    InterlockedOr(object, operand)
+
+#define atomic_fetch_xor(object, operand) \
+    InterlockedXor(object, operand)
+
+#define atomic_fetch_and(object, operand) \
+    InterlockedAnd(object, operand)
+#endif /* _WIN64 */
+
+#define atomic_fetch_add_explicit(object, operand, order) \
+    atomic_fetch_add(object, operand)
+
+#define atomic_fetch_sub_explicit(object, operand, order) \
+    atomic_fetch_sub(object, operand)
+
+#define atomic_fetch_or_explicit(object, operand, order) \
+    atomic_fetch_or(object, operand)
+
+#define atomic_fetch_xor_explicit(object, operand, order) \
+    atomic_fetch_xor(object, operand)
+
+#define atomic_fetch_and_explicit(object, operand, order) \
+    atomic_fetch_and(object, operand)
+
+#define atomic_flag_test_and_set(object) \
+    atomic_exchange(object, 1)
+
+#define atomic_flag_test_and_set_explicit(object, order) \
+    atomic_flag_test_and_set(object)
+
+#define atomic_flag_clear(object) \
+    atomic_store(object, 0)
+
+#define atomic_flag_clear_explicit(object, order) \
+    atomic_flag_clear(object)
+
+#endif /* COMPAT_ATOMICS_WIN32_STDATOMIC_H */
diff --git a/media/ffvpx/compat/w32pthreads.h b/media/ffvpx/compat/w32pthreads.h
index 4ac2a995b..eeead6051 100644
--- a/media/ffvpx/compat/w32pthreads.h
+++ b/media/ffvpx/compat/w32pthreads.h
@@ -77,7 +77,7 @@ typedef struct pthread_cond_t {
 
 static av_unused unsigned __stdcall attribute_align_arg win32thread_worker(void *arg)
 {
-    pthread_t *h = arg;
+    pthread_t *h = (pthread_t*)arg;
     h->ret = h->func(h->arg);
     return 0;
 }
@@ -270,7 +270,7 @@ static av_unused int pthread_cond_init(pthread_cond_t *cond, const void *unused_
     }
 
     /* non native condition variables */
-    win32_cond = av_mallocz(sizeof(win32_cond_t));
+    win32_cond = (win32_cond_t*)av_mallocz(sizeof(win32_cond_t));
     if (!win32_cond)
         return ENOMEM;
     cond->Ptr = win32_cond;
@@ -288,7 +288,7 @@ static av_unused int pthread_cond_init(pthread_cond_t *cond, const void *unused_
 
 static av_unused int pthread_cond_destroy(pthread_cond_t *cond)
 {
-    win32_cond_t *win32_cond = cond->Ptr;
+    win32_cond_t *win32_cond = (win32_cond_t*)cond->Ptr;
     /* native condition variables do not destroy */
     if (cond_init)
         return 0;
@@ -305,7 +305,7 @@ static av_unused int pthread_cond_destroy(pthread_cond_t *cond)
 
 static av_unused int pthread_cond_broadcast(pthread_cond_t *cond)
 {
-    win32_cond_t *win32_cond = cond->Ptr;
+    win32_cond_t *win32_cond = (win32_cond_t*)cond->Ptr;
     int have_waiter;
 
     if (cond_broadcast) {
@@ -337,7 +337,7 @@ static av_unused int pthread_cond_broadcast(pthread_cond_t *cond)
 
 static av_unused int pthread_cond_wait(pthread_cond_t *cond, pthread_mutex_t *mutex)
 {
-    win32_cond_t *win32_cond = cond->Ptr;
+    win32_cond_t *win32_cond = (win32_cond_t*)cond->Ptr;
     int last_waiter;
     if (cond_wait) {
         cond_wait(cond, mutex, INFINITE);
@@ -369,7 +369,7 @@ static av_unused int pthread_cond_wait(pthread_cond_t *cond, pthread_mutex_t *mu
 
 static av_unused int pthread_cond_signal(pthread_cond_t *cond)
 {
-    win32_cond_t *win32_cond = cond->Ptr;
+    win32_cond_t *win32_cond = (win32_cond_t*)cond->Ptr;
     int have_waiter;
     if (cond_signal) {
         cond_signal(cond);
@@ -397,20 +397,20 @@ static av_unused int pthread_cond_signal(pthread_cond_t *cond)
 static av_unused void w32thread_init(void)
 {
 #if _WIN32_WINNT < 0x0600
-    HANDLE kernel_dll = GetModuleHandle(TEXT("kernel32.dll"));
+    HMODULE kernel_dll = GetModuleHandle(TEXT("kernel32.dll"));
     /* if one is available, then they should all be available */
-    cond_init      =
-        (void*)GetProcAddress(kernel_dll, "InitializeConditionVariable");
-    cond_broadcast =
-        (void*)GetProcAddress(kernel_dll, "WakeAllConditionVariable");
-    cond_signal    =
-        (void*)GetProcAddress(kernel_dll, "WakeConditionVariable");
-    cond_wait      =
-        (void*)GetProcAddress(kernel_dll, "SleepConditionVariableCS");
-    initonce_begin =
-        (void*)GetProcAddress(kernel_dll, "InitOnceBeginInitialize");
-    initonce_complete =
-        (void*)GetProcAddress(kernel_dll, "InitOnceComplete");
+    cond_init      = (void (WINAPI*)(pthread_cond_t *))
+        GetProcAddress(kernel_dll, "InitializeConditionVariable");
+    cond_broadcast = (void (WINAPI*)(pthread_cond_t *))
+        GetProcAddress(kernel_dll, "WakeAllConditionVariable");
+    cond_signal    = (void (WINAPI*)(pthread_cond_t *))
+        GetProcAddress(kernel_dll, "WakeConditionVariable");
+    cond_wait      = (BOOL (WINAPI*)(pthread_cond_t *, pthread_mutex_t *, DWORD))
+        GetProcAddress(kernel_dll, "SleepConditionVariableCS");
+    initonce_begin = (BOOL (WINAPI*)(pthread_once_t *, DWORD, BOOL *, void **))
+        GetProcAddress(kernel_dll, "InitOnceBeginInitialize");
+    initonce_complete = (BOOL (WINAPI*)(pthread_once_t *, DWORD, void *))
+        GetProcAddress(kernel_dll, "InitOnceComplete");
 #endif
 
 }
diff --git a/media/ffvpx/config_common.h b/media/ffvpx/config_common.h
index 6ee60762f..dd3b3e170 100644
--- a/media/ffvpx/config_common.h
+++ b/media/ffvpx/config_common.h
@@ -1,3 +1,4 @@
 #ifndef MOZ_FFVPX_CONFIG_COMMON_H
 #define MOZ_FFVPX_CONFIG_COMMON_H
+#include "defaults_disabled.h"
 #endif
diff --git a/media/ffvpx/config_darwin32.h b/media/ffvpx/config_darwin32.h
index de232dca2..f92be8737 100644
--- a/media/ffvpx/config_darwin32.h
+++ b/media/ffvpx/config_darwin32.h
@@ -384,15 +384,7 @@
 #define HAVE_XLIB 0
 #define CONFIG_BSFS 0
 #define CONFIG_DECODERS 1
-#define CONFIG_ENCODERS 0
-#define CONFIG_HWACCELS 0
 #define CONFIG_PARSERS 1
-#define CONFIG_INDEVS 0
-#define CONFIG_OUTDEVS 0
-#define CONFIG_FILTERS 0
-#define CONFIG_DEMUXERS 0
-#define CONFIG_MUXERS 0
-#define CONFIG_PROTOCOLS 0
 #define CONFIG_DOC 0
 #define CONFIG_HTMLPAGES 1
 #define CONFIG_MANPAGES 1
@@ -514,7 +506,6 @@
 #define CONFIG_VAAPI 0
 #define CONFIG_VDA 0
 #define CONFIG_VDPAU 0
-#define CONFIG_VIDEOTOOLBOX_HWACCEL 0
 #define CONFIG_XVMC 0
 #define CONFIG_FTRAPV 0
 #define CONFIG_GRAY 0
@@ -579,7 +570,6 @@
 #define CONFIG_FDCTDSP 0
 #define CONFIG_FLACDSP 1
 #define CONFIG_FMTCONVERT 0
-#define CONFIG_FRAME_THREAD_ENCODER 0
 #define CONFIG_G722DSP 0
 #define CONFIG_GOLOMB 1
 #define CONFIG_GPLV3 0
@@ -655,1570 +645,10 @@
 #define CONFIG_REMOVE_EXTRADATA_BSF 0
 #define CONFIG_TEXT2MOVSUB_BSF 0
 #define CONFIG_VP9_SUPERFRAME_BSF 0
-#define CONFIG_AASC_DECODER 0
-#define CONFIG_AIC_DECODER 0
-#define CONFIG_ALIAS_PIX_DECODER 0
-#define CONFIG_AMV_DECODER 0
-#define CONFIG_ANM_DECODER 0
-#define CONFIG_ANSI_DECODER 0
-#define CONFIG_APNG_DECODER 0
-#define CONFIG_ASV1_DECODER 0
-#define CONFIG_ASV2_DECODER 0
-#define CONFIG_AURA_DECODER 0
-#define CONFIG_AURA2_DECODER 0
-#define CONFIG_AVRP_DECODER 0
-#define CONFIG_AVRN_DECODER 0
-#define CONFIG_AVS_DECODER 0
-#define CONFIG_AVUI_DECODER 0
-#define CONFIG_AYUV_DECODER 0
-#define CONFIG_BETHSOFTVID_DECODER 0
-#define CONFIG_BFI_DECODER 0
-#define CONFIG_BINK_DECODER 0
-#define CONFIG_BMP_DECODER 0
-#define CONFIG_BMV_VIDEO_DECODER 0
-#define CONFIG_BRENDER_PIX_DECODER 0
-#define CONFIG_C93_DECODER 0
-#define CONFIG_CAVS_DECODER 0
-#define CONFIG_CDGRAPHICS_DECODER 0
-#define CONFIG_CDXL_DECODER 0
-#define CONFIG_CFHD_DECODER 0
-#define CONFIG_CINEPAK_DECODER 0
-#define CONFIG_CLJR_DECODER 0
-#define CONFIG_CLLC_DECODER 0
-#define CONFIG_COMFORTNOISE_DECODER 0
-#define CONFIG_CPIA_DECODER 0
-#define CONFIG_CSCD_DECODER 0
-#define CONFIG_CYUV_DECODER 0
-#define CONFIG_DDS_DECODER 0
-#define CONFIG_DFA_DECODER 0
-#define CONFIG_DIRAC_DECODER 0
-#define CONFIG_DNXHD_DECODER 0
-#define CONFIG_DPX_DECODER 0
-#define CONFIG_DSICINVIDEO_DECODER 0
-#define CONFIG_DVAUDIO_DECODER 0
-#define CONFIG_DVVIDEO_DECODER 0
-#define CONFIG_DXA_DECODER 0
-#define CONFIG_DXTORY_DECODER 0
-#define CONFIG_DXV_DECODER 0
-#define CONFIG_EACMV_DECODER 0
-#define CONFIG_EAMAD_DECODER 0
-#define CONFIG_EATGQ_DECODER 0
-#define CONFIG_EATGV_DECODER 0
-#define CONFIG_EATQI_DECODER 0
-#define CONFIG_EIGHTBPS_DECODER 0
-#define CONFIG_EIGHTSVX_EXP_DECODER 0
-#define CONFIG_EIGHTSVX_FIB_DECODER 0
-#define CONFIG_ESCAPE124_DECODER 0
-#define CONFIG_ESCAPE130_DECODER 0
-#define CONFIG_EXR_DECODER 0
-#define CONFIG_FFV1_DECODER 0
-#define CONFIG_FFVHUFF_DECODER 0
-#define CONFIG_FIC_DECODER 0
-#define CONFIG_FLASHSV_DECODER 0
-#define CONFIG_FLASHSV2_DECODER 0
-#define CONFIG_FLIC_DECODER 0
-#define CONFIG_FLV_DECODER 0
-#define CONFIG_FOURXM_DECODER 0
-#define CONFIG_FRAPS_DECODER 0
-#define CONFIG_FRWU_DECODER 0
-#define CONFIG_G2M_DECODER 0
-#define CONFIG_GIF_DECODER 0
-#define CONFIG_H261_DECODER 0
-#define CONFIG_H263_DECODER 0
-#define CONFIG_H263I_DECODER 0
-#define CONFIG_H263P_DECODER 0
-#define CONFIG_H264_DECODER 0
-#define CONFIG_H264_CRYSTALHD_DECODER 0
-#define CONFIG_H264_MEDIACODEC_DECODER 0
-#define CONFIG_H264_MMAL_DECODER 0
-#define CONFIG_H264_QSV_DECODER 0
-#define CONFIG_H264_VDA_DECODER 0
-#define CONFIG_H264_VDPAU_DECODER 0
-#define CONFIG_HAP_DECODER 0
-#define CONFIG_HEVC_DECODER 0
-#define CONFIG_HEVC_QSV_DECODER 0
-#define CONFIG_HNM4_VIDEO_DECODER 0
-#define CONFIG_HQ_HQA_DECODER 0
-#define CONFIG_HQX_DECODER 0
-#define CONFIG_HUFFYUV_DECODER 0
-#define CONFIG_IDCIN_DECODER 0
-#define CONFIG_IFF_ILBM_DECODER 0
-#define CONFIG_INDEO2_DECODER 0
-#define CONFIG_INDEO3_DECODER 0
-#define CONFIG_INDEO4_DECODER 0
-#define CONFIG_INDEO5_DECODER 0
-#define CONFIG_INTERPLAY_VIDEO_DECODER 0
-#define CONFIG_JPEG2000_DECODER 0
-#define CONFIG_JPEGLS_DECODER 0
-#define CONFIG_JV_DECODER 0
-#define CONFIG_KGV1_DECODER 0
-#define CONFIG_KMVC_DECODER 0
-#define CONFIG_LAGARITH_DECODER 0
-#define CONFIG_LOCO_DECODER 0
-#define CONFIG_M101_DECODER 0
-#define CONFIG_MAGICYUV_DECODER 0
-#define CONFIG_MDEC_DECODER 0
-#define CONFIG_MIMIC_DECODER 0
-#define CONFIG_MJPEG_DECODER 0
-#define CONFIG_MJPEGB_DECODER 0
-#define CONFIG_MMVIDEO_DECODER 0
-#define CONFIG_MOTIONPIXELS_DECODER 0
-#define CONFIG_MPEG_XVMC_DECODER 0
-#define CONFIG_MPEG1VIDEO_DECODER 0
-#define CONFIG_MPEG2VIDEO_DECODER 0
-#define CONFIG_MPEG4_DECODER 0
-#define CONFIG_MPEG4_CRYSTALHD_DECODER 0
-#define CONFIG_MPEG4_MMAL_DECODER 0
-#define CONFIG_MPEG4_VDPAU_DECODER 0
-#define CONFIG_MPEGVIDEO_DECODER 0
-#define CONFIG_MPEG_VDPAU_DECODER 0
-#define CONFIG_MPEG1_VDPAU_DECODER 0
-#define CONFIG_MPEG2_MMAL_DECODER 0
-#define CONFIG_MPEG2_CRYSTALHD_DECODER 0
-#define CONFIG_MPEG2_QSV_DECODER 0
-#define CONFIG_MSA1_DECODER 0
-#define CONFIG_MSMPEG4_CRYSTALHD_DECODER 0
-#define CONFIG_MSMPEG4V1_DECODER 0
-#define CONFIG_MSMPEG4V2_DECODER 0
-#define CONFIG_MSMPEG4V3_DECODER 0
-#define CONFIG_MSRLE_DECODER 0
-#define CONFIG_MSS1_DECODER 0
-#define CONFIG_MSS2_DECODER 0
-#define CONFIG_MSVIDEO1_DECODER 0
-#define CONFIG_MSZH_DECODER 0
-#define CONFIG_MTS2_DECODER 0
-#define CONFIG_MVC1_DECODER 0
-#define CONFIG_MVC2_DECODER 0
-#define CONFIG_MXPEG_DECODER 0
-#define CONFIG_NUV_DECODER 0
-#define CONFIG_PAF_VIDEO_DECODER 0
-#define CONFIG_PAM_DECODER 0
-#define CONFIG_PBM_DECODER 0
-#define CONFIG_PCX_DECODER 0
-#define CONFIG_PGM_DECODER 0
-#define CONFIG_PGMYUV_DECODER 0
-#define CONFIG_PICTOR_DECODER 0
-#define CONFIG_PNG_DECODER 0
-#define CONFIG_PPM_DECODER 0
-#define CONFIG_PRORES_DECODER 0
-#define CONFIG_PRORES_LGPL_DECODER 0
-#define CONFIG_PTX_DECODER 0
-#define CONFIG_QDRAW_DECODER 0
-#define CONFIG_QPEG_DECODER 0
-#define CONFIG_QTRLE_DECODER 0
-#define CONFIG_R10K_DECODER 0
-#define CONFIG_R210_DECODER 0
-#define CONFIG_RAWVIDEO_DECODER 0
-#define CONFIG_RL2_DECODER 0
-#define CONFIG_ROQ_DECODER 0
-#define CONFIG_RPZA_DECODER 0
-#define CONFIG_RSCC_DECODER 0
-#define CONFIG_RV10_DECODER 0
-#define CONFIG_RV20_DECODER 0
-#define CONFIG_RV30_DECODER 0
-#define CONFIG_RV40_DECODER 0
-#define CONFIG_S302M_DECODER 0
-#define CONFIG_SANM_DECODER 0
-#define CONFIG_SCREENPRESSO_DECODER 0
-#define CONFIG_SDX2_DPCM_DECODER 0
-#define CONFIG_SGI_DECODER 0
-#define CONFIG_SGIRLE_DECODER 0
-#define CONFIG_SHEERVIDEO_DECODER 0
-#define CONFIG_SMACKER_DECODER 0
-#define CONFIG_SMC_DECODER 0
-#define CONFIG_SMVJPEG_DECODER 0
-#define CONFIG_SNOW_DECODER 0
-#define CONFIG_SP5X_DECODER 0
-#define CONFIG_SUNRAST_DECODER 0
-#define CONFIG_SVQ1_DECODER 0
-#define CONFIG_SVQ3_DECODER 0
-#define CONFIG_TARGA_DECODER 0
-#define CONFIG_TARGA_Y216_DECODER 0
-#define CONFIG_TDSC_DECODER 0
-#define CONFIG_THEORA_DECODER 0
-#define CONFIG_THP_DECODER 0
-#define CONFIG_TIERTEXSEQVIDEO_DECODER 0
-#define CONFIG_TIFF_DECODER 0
-#define CONFIG_TMV_DECODER 0
-#define CONFIG_TRUEMOTION1_DECODER 0
-#define CONFIG_TRUEMOTION2_DECODER 0
-#define CONFIG_TRUEMOTION2RT_DECODER 0
-#define CONFIG_TSCC_DECODER 0
-#define CONFIG_TSCC2_DECODER 0
-#define CONFIG_TXD_DECODER 0
-#define CONFIG_ULTI_DECODER 0
-#define CONFIG_UTVIDEO_DECODER 0
-#define CONFIG_V210_DECODER 0
-#define CONFIG_V210X_DECODER 0
-#define CONFIG_V308_DECODER 0
-#define CONFIG_V408_DECODER 0
-#define CONFIG_V410_DECODER 0
-#define CONFIG_VB_DECODER 0
-#define CONFIG_VBLE_DECODER 0
-#define CONFIG_VC1_DECODER 0
-#define CONFIG_VC1_CRYSTALHD_DECODER 0
-#define CONFIG_VC1_VDPAU_DECODER 0
-#define CONFIG_VC1IMAGE_DECODER 0
-#define CONFIG_VC1_MMAL_DECODER 0
-#define CONFIG_VC1_QSV_DECODER 0
-#define CONFIG_VCR1_DECODER 0
-#define CONFIG_VMDVIDEO_DECODER 0
-#define CONFIG_VMNC_DECODER 0
-#define CONFIG_VP3_DECODER 0
-#define CONFIG_VP5_DECODER 0
-#define CONFIG_VP6_DECODER 0
-#define CONFIG_VP6A_DECODER 0
-#define CONFIG_VP6F_DECODER 0
-#define CONFIG_VP7_DECODER 0
 #define CONFIG_VP8_DECODER 1
 #define CONFIG_VP9_DECODER 1
-#define CONFIG_VQA_DECODER 0
-#define CONFIG_WEBP_DECODER 0
-#define CONFIG_WMV1_DECODER 0
-#define CONFIG_WMV2_DECODER 0
-#define CONFIG_WMV3_DECODER 0
-#define CONFIG_WMV3_CRYSTALHD_DECODER 0
-#define CONFIG_WMV3_VDPAU_DECODER 0
-#define CONFIG_WMV3IMAGE_DECODER 0
-#define CONFIG_WNV1_DECODER 0
-#define CONFIG_XAN_WC3_DECODER 0
-#define CONFIG_XAN_WC4_DECODER 0
-#define CONFIG_XBM_DECODER 0
-#define CONFIG_XFACE_DECODER 0
-#define CONFIG_XL_DECODER 0
-#define CONFIG_XWD_DECODER 0
-#define CONFIG_Y41P_DECODER 0
-#define CONFIG_YLC_DECODER 0
-#define CONFIG_YOP_DECODER 0
-#define CONFIG_YUV4_DECODER 0
-#define CONFIG_ZERO12V_DECODER 0
-#define CONFIG_ZEROCODEC_DECODER 0
-#define CONFIG_ZLIB_DECODER 0
-#define CONFIG_ZMBV_DECODER 0
-#define CONFIG_AAC_DECODER 0
-#define CONFIG_AAC_FIXED_DECODER 0
-#define CONFIG_AAC_LATM_DECODER 0
-#define CONFIG_AC3_DECODER 0
-#define CONFIG_AC3_FIXED_DECODER 0
-#define CONFIG_ALAC_DECODER 0
-#define CONFIG_ALS_DECODER 0
-#define CONFIG_AMRNB_DECODER 0
-#define CONFIG_AMRWB_DECODER 0
-#define CONFIG_APE_DECODER 0
-#define CONFIG_ATRAC1_DECODER 0
-#define CONFIG_ATRAC3_DECODER 0
-#define CONFIG_ATRAC3P_DECODER 0
-#define CONFIG_BINKAUDIO_DCT_DECODER 0
-#define CONFIG_BINKAUDIO_RDFT_DECODER 0
-#define CONFIG_BMV_AUDIO_DECODER 0
-#define CONFIG_COOK_DECODER 0
-#define CONFIG_DCA_DECODER 0
-#define CONFIG_DSD_LSBF_DECODER 0
-#define CONFIG_DSD_MSBF_DECODER 0
-#define CONFIG_DSD_LSBF_PLANAR_DECODER 0
-#define CONFIG_DSD_MSBF_PLANAR_DECODER 0
-#define CONFIG_DSICINAUDIO_DECODER 0
-#define CONFIG_DSS_SP_DECODER 0
-#define CONFIG_DST_DECODER 0
-#define CONFIG_EAC3_DECODER 0
-#define CONFIG_EVRC_DECODER 0
-#define CONFIG_FFWAVESYNTH_DECODER 0
 #define CONFIG_FLAC_DECODER 1
-#define CONFIG_G723_1_DECODER 0
-#define CONFIG_G729_DECODER 0
-#define CONFIG_GSM_DECODER 0
-#define CONFIG_GSM_MS_DECODER 0
-#define CONFIG_IAC_DECODER 0
-#define CONFIG_IMC_DECODER 0
-#define CONFIG_INTERPLAY_ACM_DECODER 0
-#define CONFIG_MACE3_DECODER 0
-#define CONFIG_MACE6_DECODER 0
-#define CONFIG_METASOUND_DECODER 0
-#define CONFIG_MLP_DECODER 0
-#define CONFIG_MP1_DECODER 0
-#define CONFIG_MP1FLOAT_DECODER 0
-#define CONFIG_MP2_DECODER 0
-#define CONFIG_MP2FLOAT_DECODER 0
-#define CONFIG_MP3_DECODER 0
-#define CONFIG_MP3FLOAT_DECODER 0
-#define CONFIG_MP3ADU_DECODER 0
-#define CONFIG_MP3ADUFLOAT_DECODER 0
-#define CONFIG_MP3ON4_DECODER 0
-#define CONFIG_MP3ON4FLOAT_DECODER 0
-#define CONFIG_MPC7_DECODER 0
-#define CONFIG_MPC8_DECODER 0
-#define CONFIG_NELLYMOSER_DECODER 0
-#define CONFIG_ON2AVC_DECODER 0
-#define CONFIG_OPUS_DECODER 0
-#define CONFIG_PAF_AUDIO_DECODER 0
-#define CONFIG_QCELP_DECODER 0
-#define CONFIG_QDM2_DECODER 0
-#define CONFIG_RA_144_DECODER 0
-#define CONFIG_RA_288_DECODER 0
-#define CONFIG_RALF_DECODER 0
-#define CONFIG_SHORTEN_DECODER 0
-#define CONFIG_SIPR_DECODER 0
-#define CONFIG_SMACKAUD_DECODER 0
-#define CONFIG_SONIC_DECODER 0
-#define CONFIG_TAK_DECODER 0
-#define CONFIG_TRUEHD_DECODER 0
-#define CONFIG_TRUESPEECH_DECODER 0
-#define CONFIG_TTA_DECODER 0
-#define CONFIG_TWINVQ_DECODER 0
-#define CONFIG_VMDAUDIO_DECODER 0
-#define CONFIG_VORBIS_DECODER 0
-#define CONFIG_WAVPACK_DECODER 0
-#define CONFIG_WMALOSSLESS_DECODER 0
-#define CONFIG_WMAPRO_DECODER 0
-#define CONFIG_WMAV1_DECODER 0
-#define CONFIG_WMAV2_DECODER 0
-#define CONFIG_WMAVOICE_DECODER 0
-#define CONFIG_WS_SND1_DECODER 0
-#define CONFIG_XMA1_DECODER 0
-#define CONFIG_XMA2_DECODER 0
-#define CONFIG_PCM_ALAW_DECODER 0
-#define CONFIG_PCM_BLURAY_DECODER 0
-#define CONFIG_PCM_DVD_DECODER 0
-#define CONFIG_PCM_F32BE_DECODER 0
-#define CONFIG_PCM_F32LE_DECODER 0
-#define CONFIG_PCM_F64BE_DECODER 0
-#define CONFIG_PCM_F64LE_DECODER 0
-#define CONFIG_PCM_LXF_DECODER 0
-#define CONFIG_PCM_MULAW_DECODER 0
-#define CONFIG_PCM_S8_DECODER 0
-#define CONFIG_PCM_S8_PLANAR_DECODER 0
-#define CONFIG_PCM_S16BE_DECODER 0
-#define CONFIG_PCM_S16BE_PLANAR_DECODER 0
-#define CONFIG_PCM_S16LE_DECODER 0
-#define CONFIG_PCM_S16LE_PLANAR_DECODER 0
-#define CONFIG_PCM_S24BE_DECODER 0
-#define CONFIG_PCM_S24DAUD_DECODER 0
-#define CONFIG_PCM_S24LE_DECODER 0
-#define CONFIG_PCM_S24LE_PLANAR_DECODER 0
-#define CONFIG_PCM_S32BE_DECODER 0
-#define CONFIG_PCM_S32LE_DECODER 0
-#define CONFIG_PCM_S32LE_PLANAR_DECODER 0
-#define CONFIG_PCM_S64BE_DECODER 0
-#define CONFIG_PCM_S64LE_DECODER 0
-#define CONFIG_PCM_U8_DECODER 0
-#define CONFIG_PCM_U16BE_DECODER 0
-#define CONFIG_PCM_U16LE_DECODER 0
-#define CONFIG_PCM_U24BE_DECODER 0
-#define CONFIG_PCM_U24LE_DECODER 0
-#define CONFIG_PCM_U32BE_DECODER 0
-#define CONFIG_PCM_U32LE_DECODER 0
-#define CONFIG_PCM_ZORK_DECODER 0
-#define CONFIG_INTERPLAY_DPCM_DECODER 0
-#define CONFIG_ROQ_DPCM_DECODER 0
-#define CONFIG_SOL_DPCM_DECODER 0
-#define CONFIG_XAN_DPCM_DECODER 0
-#define CONFIG_ADPCM_4XM_DECODER 0
-#define CONFIG_ADPCM_ADX_DECODER 0
-#define CONFIG_ADPCM_AFC_DECODER 0
-#define CONFIG_ADPCM_AICA_DECODER 0
-#define CONFIG_ADPCM_CT_DECODER 0
-#define CONFIG_ADPCM_DTK_DECODER 0
-#define CONFIG_ADPCM_EA_DECODER 0
-#define CONFIG_ADPCM_EA_MAXIS_XA_DECODER 0
-#define CONFIG_ADPCM_EA_R1_DECODER 0
-#define CONFIG_ADPCM_EA_R2_DECODER 0
-#define CONFIG_ADPCM_EA_R3_DECODER 0
-#define CONFIG_ADPCM_EA_XAS_DECODER 0
-#define CONFIG_ADPCM_G722_DECODER 0
-#define CONFIG_ADPCM_G726_DECODER 0
-#define CONFIG_ADPCM_G726LE_DECODER 0
-#define CONFIG_ADPCM_IMA_AMV_DECODER 0
-#define CONFIG_ADPCM_IMA_APC_DECODER 0
-#define CONFIG_ADPCM_IMA_DAT4_DECODER 0
-#define CONFIG_ADPCM_IMA_DK3_DECODER 0
-#define CONFIG_ADPCM_IMA_DK4_DECODER 0
-#define CONFIG_ADPCM_IMA_EA_EACS_DECODER 0
-#define CONFIG_ADPCM_IMA_EA_SEAD_DECODER 0
-#define CONFIG_ADPCM_IMA_ISS_DECODER 0
-#define CONFIG_ADPCM_IMA_OKI_DECODER 0
-#define CONFIG_ADPCM_IMA_QT_DECODER 0
-#define CONFIG_ADPCM_IMA_RAD_DECODER 0
-#define CONFIG_ADPCM_IMA_SMJPEG_DECODER 0
-#define CONFIG_ADPCM_IMA_WAV_DECODER 0
-#define CONFIG_ADPCM_IMA_WS_DECODER 0
-#define CONFIG_ADPCM_MS_DECODER 0
-#define CONFIG_ADPCM_MTAF_DECODER 0
-#define CONFIG_ADPCM_PSX_DECODER 0
-#define CONFIG_ADPCM_SBPRO_2_DECODER 0
-#define CONFIG_ADPCM_SBPRO_3_DECODER 0
-#define CONFIG_ADPCM_SBPRO_4_DECODER 0
-#define CONFIG_ADPCM_SWF_DECODER 0
-#define CONFIG_ADPCM_THP_DECODER 0
-#define CONFIG_ADPCM_THP_LE_DECODER 0
-#define CONFIG_ADPCM_VIMA_DECODER 0
-#define CONFIG_ADPCM_XA_DECODER 0
-#define CONFIG_ADPCM_YAMAHA_DECODER 0
-#define CONFIG_SSA_DECODER 0
-#define CONFIG_ASS_DECODER 0
-#define CONFIG_CCAPTION_DECODER 0
-#define CONFIG_DVBSUB_DECODER 0
-#define CONFIG_DVDSUB_DECODER 0
-#define CONFIG_JACOSUB_DECODER 0
-#define CONFIG_MICRODVD_DECODER 0
-#define CONFIG_MOVTEXT_DECODER 0
-#define CONFIG_MPL2_DECODER 0
-#define CONFIG_PGSSUB_DECODER 0
-#define CONFIG_PJS_DECODER 0
-#define CONFIG_REALTEXT_DECODER 0
-#define CONFIG_SAMI_DECODER 0
-#define CONFIG_SRT_DECODER 0
-#define CONFIG_STL_DECODER 0
-#define CONFIG_SUBRIP_DECODER 0
-#define CONFIG_SUBVIEWER_DECODER 0
-#define CONFIG_SUBVIEWER1_DECODER 0
-#define CONFIG_TEXT_DECODER 0
-#define CONFIG_VPLAYER_DECODER 0
-#define CONFIG_WEBVTT_DECODER 0
-#define CONFIG_XSUB_DECODER 0
-#define CONFIG_AAC_AT_DECODER 0
-#define CONFIG_AC3_AT_DECODER 0
-#define CONFIG_ADPCM_IMA_QT_AT_DECODER 0
-#define CONFIG_ALAC_AT_DECODER 0
-#define CONFIG_AMR_NB_AT_DECODER 0
-#define CONFIG_EAC3_AT_DECODER 0
-#define CONFIG_GSM_MS_AT_DECODER 0
-#define CONFIG_ILBC_AT_DECODER 0
-#define CONFIG_MP1_AT_DECODER 0
-#define CONFIG_MP2_AT_DECODER 0
-#define CONFIG_MP3_AT_DECODER 0
-#define CONFIG_PCM_ALAW_AT_DECODER 0
-#define CONFIG_PCM_MULAW_AT_DECODER 0
-#define CONFIG_QDMC_AT_DECODER 0
-#define CONFIG_QDM2_AT_DECODER 0
-#define CONFIG_LIBCELT_DECODER 0
-#define CONFIG_LIBFDK_AAC_DECODER 0
-#define CONFIG_LIBGSM_DECODER 0
-#define CONFIG_LIBGSM_MS_DECODER 0
-#define CONFIG_LIBILBC_DECODER 0
-#define CONFIG_LIBOPENCORE_AMRNB_DECODER 0
-#define CONFIG_LIBOPENCORE_AMRWB_DECODER 0
-#define CONFIG_LIBOPENJPEG_DECODER 0
-#define CONFIG_LIBOPUS_DECODER 0
-#define CONFIG_LIBSCHROEDINGER_DECODER 0
-#define CONFIG_LIBSPEEX_DECODER 0
-#define CONFIG_LIBVORBIS_DECODER 0
-#define CONFIG_LIBVPX_VP8_DECODER 0
-#define CONFIG_LIBVPX_VP9_DECODER 0
-#define CONFIG_LIBZVBI_TELETEXT_DECODER 0
-#define CONFIG_BINTEXT_DECODER 0
-#define CONFIG_XBIN_DECODER 0
-#define CONFIG_IDF_DECODER 0
-#define CONFIG_LIBOPENH264_DECODER 0
-#define CONFIG_H263_CUVID_DECODER 0
-#define CONFIG_H264_CUVID_DECODER 0
-#define CONFIG_HEVC_CUVID_DECODER 0
-#define CONFIG_HEVC_MEDIACODEC_DECODER 0
-#define CONFIG_MJPEG_CUVID_DECODER 0
-#define CONFIG_MPEG1_CUVID_DECODER 0
-#define CONFIG_MPEG2_CUVID_DECODER 0
-#define CONFIG_MPEG4_CUVID_DECODER 0
-#define CONFIG_MPEG4_MEDIACODEC_DECODER 0
-#define CONFIG_VC1_CUVID_DECODER 0
-#define CONFIG_VP8_CUVID_DECODER 0
-#define CONFIG_VP8_MEDIACODEC_DECODER 0
-#define CONFIG_VP9_CUVID_DECODER 0
-#define CONFIG_VP9_MEDIACODEC_DECODER 0
-#define CONFIG_AA_DEMUXER 0
-#define CONFIG_AAC_DEMUXER 0
-#define CONFIG_AC3_DEMUXER 0
-#define CONFIG_ACM_DEMUXER 0
-#define CONFIG_ACT_DEMUXER 0
-#define CONFIG_ADF_DEMUXER 0
-#define CONFIG_ADP_DEMUXER 0
-#define CONFIG_ADS_DEMUXER 0
-#define CONFIG_ADX_DEMUXER 0
-#define CONFIG_AEA_DEMUXER 0
-#define CONFIG_AFC_DEMUXER 0
-#define CONFIG_AIFF_DEMUXER 0
-#define CONFIG_AIX_DEMUXER 0
-#define CONFIG_AMR_DEMUXER 0
-#define CONFIG_ANM_DEMUXER 0
-#define CONFIG_APC_DEMUXER 0
-#define CONFIG_APE_DEMUXER 0
-#define CONFIG_APNG_DEMUXER 0
-#define CONFIG_AQTITLE_DEMUXER 0
-#define CONFIG_ASF_DEMUXER 0
-#define CONFIG_ASF_O_DEMUXER 0
-#define CONFIG_ASS_DEMUXER 0
-#define CONFIG_AST_DEMUXER 0
-#define CONFIG_AU_DEMUXER 0
-#define CONFIG_AVI_DEMUXER 0
-#define CONFIG_AVISYNTH_DEMUXER 0
-#define CONFIG_AVR_DEMUXER 0
-#define CONFIG_AVS_DEMUXER 0
-#define CONFIG_BETHSOFTVID_DEMUXER 0
-#define CONFIG_BFI_DEMUXER 0
-#define CONFIG_BINTEXT_DEMUXER 0
-#define CONFIG_BINK_DEMUXER 0
-#define CONFIG_BIT_DEMUXER 0
-#define CONFIG_BMV_DEMUXER 0
-#define CONFIG_BFSTM_DEMUXER 0
-#define CONFIG_BRSTM_DEMUXER 0
-#define CONFIG_BOA_DEMUXER 0
-#define CONFIG_C93_DEMUXER 0
-#define CONFIG_CAF_DEMUXER 0
-#define CONFIG_CAVSVIDEO_DEMUXER 0
-#define CONFIG_CDG_DEMUXER 0
-#define CONFIG_CDXL_DEMUXER 0
-#define CONFIG_CINE_DEMUXER 0
-#define CONFIG_CONCAT_DEMUXER 0
-#define CONFIG_DATA_DEMUXER 0
-#define CONFIG_DAUD_DEMUXER 0
-#define CONFIG_DCSTR_DEMUXER 0
-#define CONFIG_DFA_DEMUXER 0
-#define CONFIG_DIRAC_DEMUXER 0
-#define CONFIG_DNXHD_DEMUXER 0
-#define CONFIG_DSF_DEMUXER 0
-#define CONFIG_DSICIN_DEMUXER 0
-#define CONFIG_DSS_DEMUXER 0
-#define CONFIG_DTS_DEMUXER 0
-#define CONFIG_DTSHD_DEMUXER 0
-#define CONFIG_DV_DEMUXER 0
-#define CONFIG_DVBSUB_DEMUXER 0
-#define CONFIG_DVBTXT_DEMUXER 0
-#define CONFIG_DXA_DEMUXER 0
-#define CONFIG_EA_DEMUXER 0
-#define CONFIG_EA_CDATA_DEMUXER 0
-#define CONFIG_EAC3_DEMUXER 0
-#define CONFIG_EPAF_DEMUXER 0
-#define CONFIG_FFM_DEMUXER 0
-#define CONFIG_FFMETADATA_DEMUXER 0
-#define CONFIG_FILMSTRIP_DEMUXER 0
-#define CONFIG_FLAC_DEMUXER 0
-#define CONFIG_FLIC_DEMUXER 0
-#define CONFIG_FLV_DEMUXER 0
-#define CONFIG_LIVE_FLV_DEMUXER 0
-#define CONFIG_FOURXM_DEMUXER 0
-#define CONFIG_FRM_DEMUXER 0
-#define CONFIG_FSB_DEMUXER 0
-#define CONFIG_G722_DEMUXER 0
-#define CONFIG_G723_1_DEMUXER 0
-#define CONFIG_G729_DEMUXER 0
-#define CONFIG_GENH_DEMUXER 0
-#define CONFIG_GIF_DEMUXER 0
-#define CONFIG_GSM_DEMUXER 0
-#define CONFIG_GXF_DEMUXER 0
-#define CONFIG_H261_DEMUXER 0
-#define CONFIG_H263_DEMUXER 0
-#define CONFIG_H264_DEMUXER 0
-#define CONFIG_HEVC_DEMUXER 0
-#define CONFIG_HLS_DEMUXER 0
-#define CONFIG_HNM_DEMUXER 0
-#define CONFIG_ICO_DEMUXER 0
-#define CONFIG_IDCIN_DEMUXER 0
-#define CONFIG_IDF_DEMUXER 0
-#define CONFIG_IFF_DEMUXER 0
-#define CONFIG_ILBC_DEMUXER 0
-#define CONFIG_IMAGE2_DEMUXER 0
-#define CONFIG_IMAGE2PIPE_DEMUXER 0
-#define CONFIG_IMAGE2_ALIAS_PIX_DEMUXER 0
-#define CONFIG_IMAGE2_BRENDER_PIX_DEMUXER 0
-#define CONFIG_INGENIENT_DEMUXER 0
-#define CONFIG_IPMOVIE_DEMUXER 0
-#define CONFIG_IRCAM_DEMUXER 0
-#define CONFIG_ISS_DEMUXER 0
-#define CONFIG_IV8_DEMUXER 0
-#define CONFIG_IVF_DEMUXER 0
-#define CONFIG_IVR_DEMUXER 0
-#define CONFIG_JACOSUB_DEMUXER 0
-#define CONFIG_JV_DEMUXER 0
-#define CONFIG_LMLM4_DEMUXER 0
-#define CONFIG_LOAS_DEMUXER 0
-#define CONFIG_LRC_DEMUXER 0
-#define CONFIG_LVF_DEMUXER 0
-#define CONFIG_LXF_DEMUXER 0
-#define CONFIG_M4V_DEMUXER 0
-#define CONFIG_MATROSKA_DEMUXER 0
-#define CONFIG_MGSTS_DEMUXER 0
-#define CONFIG_MICRODVD_DEMUXER 0
-#define CONFIG_MJPEG_DEMUXER 0
-#define CONFIG_MLP_DEMUXER 0
-#define CONFIG_MLV_DEMUXER 0
-#define CONFIG_MM_DEMUXER 0
-#define CONFIG_MMF_DEMUXER 0
-#define CONFIG_MOV_DEMUXER 0
-#define CONFIG_MP3_DEMUXER 0
-#define CONFIG_MPC_DEMUXER 0
-#define CONFIG_MPC8_DEMUXER 0
-#define CONFIG_MPEGPS_DEMUXER 0
-#define CONFIG_MPEGTS_DEMUXER 0
-#define CONFIG_MPEGTSRAW_DEMUXER 0
-#define CONFIG_MPEGVIDEO_DEMUXER 0
-#define CONFIG_MPJPEG_DEMUXER 0
-#define CONFIG_MPL2_DEMUXER 0
-#define CONFIG_MPSUB_DEMUXER 0
-#define CONFIG_MSF_DEMUXER 0
-#define CONFIG_MSNWC_TCP_DEMUXER 0
-#define CONFIG_MTAF_DEMUXER 0
-#define CONFIG_MTV_DEMUXER 0
-#define CONFIG_MUSX_DEMUXER 0
-#define CONFIG_MV_DEMUXER 0
-#define CONFIG_MVI_DEMUXER 0
-#define CONFIG_MXF_DEMUXER 0
-#define CONFIG_MXG_DEMUXER 0
-#define CONFIG_NC_DEMUXER 0
-#define CONFIG_NISTSPHERE_DEMUXER 0
-#define CONFIG_NSV_DEMUXER 0
-#define CONFIG_NUT_DEMUXER 0
-#define CONFIG_NUV_DEMUXER 0
-#define CONFIG_OGG_DEMUXER 0
-#define CONFIG_OMA_DEMUXER 0
-#define CONFIG_PAF_DEMUXER 0
-#define CONFIG_PCM_ALAW_DEMUXER 0
-#define CONFIG_PCM_MULAW_DEMUXER 0
-#define CONFIG_PCM_F64BE_DEMUXER 0
-#define CONFIG_PCM_F64LE_DEMUXER 0
-#define CONFIG_PCM_F32BE_DEMUXER 0
-#define CONFIG_PCM_F32LE_DEMUXER 0
-#define CONFIG_PCM_S32BE_DEMUXER 0
-#define CONFIG_PCM_S32LE_DEMUXER 0
-#define CONFIG_PCM_S24BE_DEMUXER 0
-#define CONFIG_PCM_S24LE_DEMUXER 0
-#define CONFIG_PCM_S16BE_DEMUXER 0
-#define CONFIG_PCM_S16LE_DEMUXER 0
-#define CONFIG_PCM_S8_DEMUXER 0
-#define CONFIG_PCM_U32BE_DEMUXER 0
-#define CONFIG_PCM_U32LE_DEMUXER 0
-#define CONFIG_PCM_U24BE_DEMUXER 0
-#define CONFIG_PCM_U24LE_DEMUXER 0
-#define CONFIG_PCM_U16BE_DEMUXER 0
-#define CONFIG_PCM_U16LE_DEMUXER 0
-#define CONFIG_PCM_U8_DEMUXER 0
-#define CONFIG_PJS_DEMUXER 0
-#define CONFIG_PMP_DEMUXER 0
-#define CONFIG_PVA_DEMUXER 0
-#define CONFIG_PVF_DEMUXER 0
-#define CONFIG_QCP_DEMUXER 0
-#define CONFIG_R3D_DEMUXER 0
-#define CONFIG_RAWVIDEO_DEMUXER 0
-#define CONFIG_REALTEXT_DEMUXER 0
-#define CONFIG_REDSPARK_DEMUXER 0
-#define CONFIG_RL2_DEMUXER 0
-#define CONFIG_RM_DEMUXER 0
-#define CONFIG_ROQ_DEMUXER 0
-#define CONFIG_RPL_DEMUXER 0
-#define CONFIG_RSD_DEMUXER 0
-#define CONFIG_RSO_DEMUXER 0
-#define CONFIG_RTP_DEMUXER 0
-#define CONFIG_RTSP_DEMUXER 0
-#define CONFIG_SAMI_DEMUXER 0
-#define CONFIG_SAP_DEMUXER 0
-#define CONFIG_SBG_DEMUXER 0
-#define CONFIG_SDP_DEMUXER 0
-#define CONFIG_SDR2_DEMUXER 0
-#define CONFIG_SEGAFILM_DEMUXER 0
-#define CONFIG_SHORTEN_DEMUXER 0
-#define CONFIG_SIFF_DEMUXER 0
-#define CONFIG_SLN_DEMUXER 0
-#define CONFIG_SMACKER_DEMUXER 0
-#define CONFIG_SMJPEG_DEMUXER 0
-#define CONFIG_SMUSH_DEMUXER 0
-#define CONFIG_SOL_DEMUXER 0
-#define CONFIG_SOX_DEMUXER 0
-#define CONFIG_SPDIF_DEMUXER 0
-#define CONFIG_SRT_DEMUXER 0
-#define CONFIG_STR_DEMUXER 0
-#define CONFIG_STL_DEMUXER 0
-#define CONFIG_SUBVIEWER1_DEMUXER 0
-#define CONFIG_SUBVIEWER_DEMUXER 0
-#define CONFIG_SUP_DEMUXER 0
-#define CONFIG_SVAG_DEMUXER 0
-#define CONFIG_SWF_DEMUXER 0
-#define CONFIG_TAK_DEMUXER 0
-#define CONFIG_TEDCAPTIONS_DEMUXER 0
-#define CONFIG_THP_DEMUXER 0
-#define CONFIG_THREEDOSTR_DEMUXER 0
-#define CONFIG_TIERTEXSEQ_DEMUXER 0
-#define CONFIG_TMV_DEMUXER 0
-#define CONFIG_TRUEHD_DEMUXER 0
-#define CONFIG_TTA_DEMUXER 0
-#define CONFIG_TXD_DEMUXER 0
-#define CONFIG_TTY_DEMUXER 0
-#define CONFIG_V210_DEMUXER 0
-#define CONFIG_V210X_DEMUXER 0
-#define CONFIG_VAG_DEMUXER 0
-#define CONFIG_VC1_DEMUXER 0
-#define CONFIG_VC1T_DEMUXER 0
-#define CONFIG_VIVO_DEMUXER 0
-#define CONFIG_VMD_DEMUXER 0
-#define CONFIG_VOBSUB_DEMUXER 0
-#define CONFIG_VOC_DEMUXER 0
-#define CONFIG_VPK_DEMUXER 0
-#define CONFIG_VPLAYER_DEMUXER 0
-#define CONFIG_VQF_DEMUXER 0
-#define CONFIG_W64_DEMUXER 0
-#define CONFIG_WAV_DEMUXER 0
-#define CONFIG_WC3_DEMUXER 0
-#define CONFIG_WEBM_DASH_MANIFEST_DEMUXER 0
-#define CONFIG_WEBVTT_DEMUXER 0
-#define CONFIG_WSAUD_DEMUXER 0
-#define CONFIG_WSD_DEMUXER 0
-#define CONFIG_WSVQA_DEMUXER 0
-#define CONFIG_WTV_DEMUXER 0
-#define CONFIG_WVE_DEMUXER 0
-#define CONFIG_WV_DEMUXER 0
-#define CONFIG_XA_DEMUXER 0
-#define CONFIG_XBIN_DEMUXER 0
-#define CONFIG_XMV_DEMUXER 0
-#define CONFIG_XVAG_DEMUXER 0
-#define CONFIG_XWMA_DEMUXER 0
-#define CONFIG_YOP_DEMUXER 0
-#define CONFIG_YUV4MPEGPIPE_DEMUXER 0
-#define CONFIG_IMAGE_BMP_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_DDS_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_DPX_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_EXR_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_J2K_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_JPEG_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_JPEGLS_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_PAM_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_PBM_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_PCX_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_PGMYUV_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_PGM_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_PICTOR_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_PNG_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_PPM_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_QDRAW_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_SGI_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_SUNRAST_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_TIFF_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_WEBP_PIPE_DEMUXER 0
-#define CONFIG_LIBGME_DEMUXER 0
-#define CONFIG_LIBMODPLUG_DEMUXER 0
-#define CONFIG_LIBNUT_DEMUXER 0
-#define CONFIG_LIBOPENMPT_DEMUXER 0
-#define CONFIG_A64MULTI_ENCODER 0
-#define CONFIG_A64MULTI5_ENCODER 0
-#define CONFIG_ALIAS_PIX_ENCODER 0
-#define CONFIG_AMV_ENCODER 0
-#define CONFIG_APNG_ENCODER 0
-#define CONFIG_ASV1_ENCODER 0
-#define CONFIG_ASV2_ENCODER 0
-#define CONFIG_AVRP_ENCODER 0
-#define CONFIG_AVUI_ENCODER 0
-#define CONFIG_AYUV_ENCODER 0
-#define CONFIG_BMP_ENCODER 0
-#define CONFIG_CINEPAK_ENCODER 0
-#define CONFIG_CLJR_ENCODER 0
-#define CONFIG_COMFORTNOISE_ENCODER 0
-#define CONFIG_DNXHD_ENCODER 0
-#define CONFIG_DPX_ENCODER 0
-#define CONFIG_DVVIDEO_ENCODER 0
-#define CONFIG_FFV1_ENCODER 0
-#define CONFIG_FFVHUFF_ENCODER 0
-#define CONFIG_FLASHSV_ENCODER 0
-#define CONFIG_FLASHSV2_ENCODER 0
-#define CONFIG_FLV_ENCODER 0
-#define CONFIG_GIF_ENCODER 0
-#define CONFIG_H261_ENCODER 0
-#define CONFIG_H263_ENCODER 0
-#define CONFIG_H263P_ENCODER 0
-#define CONFIG_HAP_ENCODER 0
-#define CONFIG_HUFFYUV_ENCODER 0
-#define CONFIG_JPEG2000_ENCODER 0
-#define CONFIG_JPEGLS_ENCODER 0
-#define CONFIG_LJPEG_ENCODER 0
-#define CONFIG_MJPEG_ENCODER 0
-#define CONFIG_MPEG1VIDEO_ENCODER 0
-#define CONFIG_MPEG2VIDEO_ENCODER 0
-#define CONFIG_MPEG4_ENCODER 0
-#define CONFIG_MSMPEG4V2_ENCODER 0
-#define CONFIG_MSMPEG4V3_ENCODER 0
-#define CONFIG_MSVIDEO1_ENCODER 0
-#define CONFIG_PAM_ENCODER 0
-#define CONFIG_PBM_ENCODER 0
-#define CONFIG_PCX_ENCODER 0
-#define CONFIG_PGM_ENCODER 0
-#define CONFIG_PGMYUV_ENCODER 0
-#define CONFIG_PNG_ENCODER 0
-#define CONFIG_PPM_ENCODER 0
-#define CONFIG_PRORES_ENCODER 0
-#define CONFIG_PRORES_AW_ENCODER 0
-#define CONFIG_PRORES_KS_ENCODER 0
-#define CONFIG_QTRLE_ENCODER 0
-#define CONFIG_R10K_ENCODER 0
-#define CONFIG_R210_ENCODER 0
-#define CONFIG_RAWVIDEO_ENCODER 0
-#define CONFIG_ROQ_ENCODER 0
-#define CONFIG_RV10_ENCODER 0
-#define CONFIG_RV20_ENCODER 0
-#define CONFIG_S302M_ENCODER 0
-#define CONFIG_SGI_ENCODER 0
-#define CONFIG_SNOW_ENCODER 0
-#define CONFIG_SUNRAST_ENCODER 0
-#define CONFIG_SVQ1_ENCODER 0
-#define CONFIG_TARGA_ENCODER 0
-#define CONFIG_TIFF_ENCODER 0
-#define CONFIG_UTVIDEO_ENCODER 0
-#define CONFIG_V210_ENCODER 0
-#define CONFIG_V308_ENCODER 0
-#define CONFIG_V408_ENCODER 0
-#define CONFIG_V410_ENCODER 0
-#define CONFIG_VC2_ENCODER 0
-#define CONFIG_WRAPPED_AVFRAME_ENCODER 0
-#define CONFIG_WMV1_ENCODER 0
-#define CONFIG_WMV2_ENCODER 0
-#define CONFIG_XBM_ENCODER 0
-#define CONFIG_XFACE_ENCODER 0
-#define CONFIG_XWD_ENCODER 0
-#define CONFIG_Y41P_ENCODER 0
-#define CONFIG_YUV4_ENCODER 0
-#define CONFIG_ZLIB_ENCODER 0
-#define CONFIG_ZMBV_ENCODER 0
-#define CONFIG_AAC_ENCODER 0
-#define CONFIG_AC3_ENCODER 0
-#define CONFIG_AC3_FIXED_ENCODER 0
-#define CONFIG_ALAC_ENCODER 0
-#define CONFIG_DCA_ENCODER 0
-#define CONFIG_EAC3_ENCODER 0
-#define CONFIG_FLAC_ENCODER 0
-#define CONFIG_G723_1_ENCODER 0
-#define CONFIG_MLP_ENCODER 0
-#define CONFIG_MP2_ENCODER 0
-#define CONFIG_MP2FIXED_ENCODER 0
-#define CONFIG_NELLYMOSER_ENCODER 0
-#define CONFIG_RA_144_ENCODER 0
-#define CONFIG_SONIC_ENCODER 0
-#define CONFIG_SONIC_LS_ENCODER 0
-#define CONFIG_TRUEHD_ENCODER 0
-#define CONFIG_TTA_ENCODER 0
-#define CONFIG_VORBIS_ENCODER 0
-#define CONFIG_WAVPACK_ENCODER 0
-#define CONFIG_WMAV1_ENCODER 0
-#define CONFIG_WMAV2_ENCODER 0
-#define CONFIG_PCM_ALAW_ENCODER 0
-#define CONFIG_PCM_F32BE_ENCODER 0
-#define CONFIG_PCM_F32LE_ENCODER 0
-#define CONFIG_PCM_F64BE_ENCODER 0
-#define CONFIG_PCM_F64LE_ENCODER 0
-#define CONFIG_PCM_MULAW_ENCODER 0
-#define CONFIG_PCM_S8_ENCODER 0
-#define CONFIG_PCM_S8_PLANAR_ENCODER 0
-#define CONFIG_PCM_S16BE_ENCODER 0
-#define CONFIG_PCM_S16BE_PLANAR_ENCODER 0
-#define CONFIG_PCM_S16LE_ENCODER 0
-#define CONFIG_PCM_S16LE_PLANAR_ENCODER 0
-#define CONFIG_PCM_S24BE_ENCODER 0
-#define CONFIG_PCM_S24DAUD_ENCODER 0
-#define CONFIG_PCM_S24LE_ENCODER 0
-#define CONFIG_PCM_S24LE_PLANAR_ENCODER 0
-#define CONFIG_PCM_S32BE_ENCODER 0
-#define CONFIG_PCM_S32LE_ENCODER 0
-#define CONFIG_PCM_S32LE_PLANAR_ENCODER 0
-#define CONFIG_PCM_S64BE_ENCODER 0
-#define CONFIG_PCM_S64LE_ENCODER 0
-#define CONFIG_PCM_U8_ENCODER 0
-#define CONFIG_PCM_U16BE_ENCODER 0
-#define CONFIG_PCM_U16LE_ENCODER 0
-#define CONFIG_PCM_U24BE_ENCODER 0
-#define CONFIG_PCM_U24LE_ENCODER 0
-#define CONFIG_PCM_U32BE_ENCODER 0
-#define CONFIG_PCM_U32LE_ENCODER 0
-#define CONFIG_ROQ_DPCM_ENCODER 0
-#define CONFIG_ADPCM_ADX_ENCODER 0
-#define CONFIG_ADPCM_G722_ENCODER 0
-#define CONFIG_ADPCM_G726_ENCODER 0
-#define CONFIG_ADPCM_IMA_QT_ENCODER 0
-#define CONFIG_ADPCM_IMA_WAV_ENCODER 0
-#define CONFIG_ADPCM_MS_ENCODER 0
-#define CONFIG_ADPCM_SWF_ENCODER 0
-#define CONFIG_ADPCM_YAMAHA_ENCODER 0
-#define CONFIG_SSA_ENCODER 0
-#define CONFIG_ASS_ENCODER 0
-#define CONFIG_DVBSUB_ENCODER 0
-#define CONFIG_DVDSUB_ENCODER 0
-#define CONFIG_MOVTEXT_ENCODER 0
-#define CONFIG_SRT_ENCODER 0
-#define CONFIG_SUBRIP_ENCODER 0
-#define CONFIG_TEXT_ENCODER 0
-#define CONFIG_WEBVTT_ENCODER 0
-#define CONFIG_XSUB_ENCODER 0
-#define CONFIG_AAC_AT_ENCODER 0
-#define CONFIG_ALAC_AT_ENCODER 0
-#define CONFIG_ILBC_AT_ENCODER 0
-#define CONFIG_PCM_ALAW_AT_ENCODER 0
-#define CONFIG_PCM_MULAW_AT_ENCODER 0
-#define CONFIG_LIBFDK_AAC_ENCODER 0
-#define CONFIG_LIBGSM_ENCODER 0
-#define CONFIG_LIBGSM_MS_ENCODER 0
-#define CONFIG_LIBILBC_ENCODER 0
-#define CONFIG_LIBMP3LAME_ENCODER 0
-#define CONFIG_LIBOPENCORE_AMRNB_ENCODER 0
-#define CONFIG_LIBOPENJPEG_ENCODER 0
-#define CONFIG_LIBOPUS_ENCODER 0
-#define CONFIG_LIBSCHROEDINGER_ENCODER 0
-#define CONFIG_LIBSHINE_ENCODER 0
-#define CONFIG_LIBSPEEX_ENCODER 0
-#define CONFIG_LIBTHEORA_ENCODER 0
-#define CONFIG_LIBTWOLAME_ENCODER 0
-#define CONFIG_LIBVO_AMRWBENC_ENCODER 0
-#define CONFIG_LIBVORBIS_ENCODER 0
-#define CONFIG_LIBVPX_VP8_ENCODER 0
-#define CONFIG_LIBVPX_VP9_ENCODER 0
-#define CONFIG_LIBWAVPACK_ENCODER 0
-#define CONFIG_LIBWEBP_ANIM_ENCODER 0
-#define CONFIG_LIBWEBP_ENCODER 0
-#define CONFIG_LIBX262_ENCODER 0
-#define CONFIG_LIBX264_ENCODER 0
-#define CONFIG_LIBX264RGB_ENCODER 0
-#define CONFIG_LIBX265_ENCODER 0
-#define CONFIG_LIBXAVS_ENCODER 0
-#define CONFIG_LIBXVID_ENCODER 0
-#define CONFIG_LIBOPENH264_ENCODER 0
-#define CONFIG_H264_NVENC_ENCODER 0
-#define CONFIG_H264_OMX_ENCODER 0
-#define CONFIG_H264_QSV_ENCODER 0
-#define CONFIG_H264_VAAPI_ENCODER 0
-#define CONFIG_H264_VIDEOTOOLBOX_ENCODER 0
-#define CONFIG_NVENC_ENCODER 0
-#define CONFIG_NVENC_H264_ENCODER 0
-#define CONFIG_NVENC_HEVC_ENCODER 0
-#define CONFIG_HEVC_NVENC_ENCODER 0
-#define CONFIG_HEVC_QSV_ENCODER 0
-#define CONFIG_HEVC_VAAPI_ENCODER 0
-#define CONFIG_LIBKVAZAAR_ENCODER 0
-#define CONFIG_MJPEG_VAAPI_ENCODER 0
-#define CONFIG_MPEG2_QSV_ENCODER 0
-#define CONFIG_ABENCH_FILTER 0
-#define CONFIG_ACOMPRESSOR_FILTER 0
-#define CONFIG_ACROSSFADE_FILTER 0
-#define CONFIG_ACRUSHER_FILTER 0
-#define CONFIG_ADELAY_FILTER 0
-#define CONFIG_AECHO_FILTER 0
-#define CONFIG_AEMPHASIS_FILTER 0
-#define CONFIG_AEVAL_FILTER 0
-#define CONFIG_AFADE_FILTER 0
-#define CONFIG_AFFTFILT_FILTER 0
-#define CONFIG_AFORMAT_FILTER 0
-#define CONFIG_AGATE_FILTER 0
-#define CONFIG_AINTERLEAVE_FILTER 0
-#define CONFIG_ALIMITER_FILTER 0
-#define CONFIG_ALLPASS_FILTER 0
-#define CONFIG_ALOOP_FILTER 0
-#define CONFIG_AMERGE_FILTER 0
-#define CONFIG_AMETADATA_FILTER 0
-#define CONFIG_AMIX_FILTER 0
-#define CONFIG_ANEQUALIZER_FILTER 0
-#define CONFIG_ANULL_FILTER 0
-#define CONFIG_APAD_FILTER 0
-#define CONFIG_APERMS_FILTER 0
-#define CONFIG_APHASER_FILTER 0
-#define CONFIG_APULSATOR_FILTER 0
-#define CONFIG_AREALTIME_FILTER 0
-#define CONFIG_ARESAMPLE_FILTER 0
-#define CONFIG_AREVERSE_FILTER 0
-#define CONFIG_ASELECT_FILTER 0
-#define CONFIG_ASENDCMD_FILTER 0
-#define CONFIG_ASETNSAMPLES_FILTER 0
-#define CONFIG_ASETPTS_FILTER 0
-#define CONFIG_ASETRATE_FILTER 0
-#define CONFIG_ASETTB_FILTER 0
-#define CONFIG_ASHOWINFO_FILTER 0
-#define CONFIG_ASIDEDATA_FILTER 0
-#define CONFIG_ASPLIT_FILTER 0
-#define CONFIG_ASTATS_FILTER 0
-#define CONFIG_ASTREAMSELECT_FILTER 0
-#define CONFIG_ASYNCTS_FILTER 0
-#define CONFIG_ATEMPO_FILTER 0
-#define CONFIG_ATRIM_FILTER 0
-#define CONFIG_AZMQ_FILTER 0
-#define CONFIG_BANDPASS_FILTER 0
-#define CONFIG_BANDREJECT_FILTER 0
-#define CONFIG_BASS_FILTER 0
-#define CONFIG_BIQUAD_FILTER 0
-#define CONFIG_BS2B_FILTER 0
-#define CONFIG_CHANNELMAP_FILTER 0
-#define CONFIG_CHANNELSPLIT_FILTER 0
-#define CONFIG_CHORUS_FILTER 0
-#define CONFIG_COMPAND_FILTER 0
-#define CONFIG_COMPENSATIONDELAY_FILTER 0
-#define CONFIG_CRYSTALIZER_FILTER 0
-#define CONFIG_DCSHIFT_FILTER 0
-#define CONFIG_DYNAUDNORM_FILTER 0
-#define CONFIG_EARWAX_FILTER 0
-#define CONFIG_EBUR128_FILTER 0
-#define CONFIG_EQUALIZER_FILTER 0
-#define CONFIG_EXTRASTEREO_FILTER 0
-#define CONFIG_FIREQUALIZER_FILTER 0
-#define CONFIG_FLANGER_FILTER 0
-#define CONFIG_HDCD_FILTER 0
-#define CONFIG_HIGHPASS_FILTER 0
-#define CONFIG_JOIN_FILTER 0
-#define CONFIG_LADSPA_FILTER 0
-#define CONFIG_LOUDNORM_FILTER 0
-#define CONFIG_LOWPASS_FILTER 0
-#define CONFIG_PAN_FILTER 0
-#define CONFIG_REPLAYGAIN_FILTER 0
-#define CONFIG_RESAMPLE_FILTER 0
-#define CONFIG_RUBBERBAND_FILTER 0
-#define CONFIG_SIDECHAINCOMPRESS_FILTER 0
-#define CONFIG_SIDECHAINGATE_FILTER 0
-#define CONFIG_SILENCEDETECT_FILTER 0
-#define CONFIG_SILENCEREMOVE_FILTER 0
-#define CONFIG_SOFALIZER_FILTER 0
-#define CONFIG_STEREOTOOLS_FILTER 0
-#define CONFIG_STEREOWIDEN_FILTER 0
-#define CONFIG_TREBLE_FILTER 0
-#define CONFIG_TREMOLO_FILTER 0
-#define CONFIG_VIBRATO_FILTER 0
-#define CONFIG_VOLUME_FILTER 0
-#define CONFIG_VOLUMEDETECT_FILTER 0
-#define CONFIG_AEVALSRC_FILTER 0
-#define CONFIG_ANOISESRC_FILTER 0
-#define CONFIG_ANULLSRC_FILTER 0
-#define CONFIG_FLITE_FILTER 0
-#define CONFIG_SINE_FILTER 0
-#define CONFIG_ANULLSINK_FILTER 0
-#define CONFIG_ALPHAEXTRACT_FILTER 0
-#define CONFIG_ALPHAMERGE_FILTER 0
-#define CONFIG_ASS_FILTER 0
-#define CONFIG_ATADENOISE_FILTER 0
-#define CONFIG_AVGBLUR_FILTER 0
-#define CONFIG_BBOX_FILTER 0
-#define CONFIG_BENCH_FILTER 0
-#define CONFIG_BITPLANENOISE_FILTER 0
-#define CONFIG_BLACKDETECT_FILTER 0
-#define CONFIG_BLACKFRAME_FILTER 0
-#define CONFIG_BLEND_FILTER 0
-#define CONFIG_BOXBLUR_FILTER 0
-#define CONFIG_BWDIF_FILTER 0
-#define CONFIG_CHROMAKEY_FILTER 0
-#define CONFIG_CIESCOPE_FILTER 0
-#define CONFIG_CODECVIEW_FILTER 0
-#define CONFIG_COLORBALANCE_FILTER 0
-#define CONFIG_COLORCHANNELMIXER_FILTER 0
-#define CONFIG_COLORKEY_FILTER 0
-#define CONFIG_COLORLEVELS_FILTER 0
-#define CONFIG_COLORMATRIX_FILTER 0
-#define CONFIG_COLORSPACE_FILTER 0
-#define CONFIG_CONVOLUTION_FILTER 0
-#define CONFIG_COPY_FILTER 0
-#define CONFIG_COREIMAGE_FILTER 0
-#define CONFIG_COVER_RECT_FILTER 0
-#define CONFIG_CROP_FILTER 0
-#define CONFIG_CROPDETECT_FILTER 0
-#define CONFIG_CURVES_FILTER 0
-#define CONFIG_DATASCOPE_FILTER 0
-#define CONFIG_DCTDNOIZ_FILTER 0
-#define CONFIG_DEBAND_FILTER 0
-#define CONFIG_DECIMATE_FILTER 0
-#define CONFIG_DEFLATE_FILTER 0
-#define CONFIG_DEJUDDER_FILTER 0
-#define CONFIG_DELOGO_FILTER 0
-#define CONFIG_DESHAKE_FILTER 0
-#define CONFIG_DETELECINE_FILTER 0
-#define CONFIG_DILATION_FILTER 0
-#define CONFIG_DISPLACE_FILTER 0
-#define CONFIG_DRAWBOX_FILTER 0
-#define CONFIG_DRAWGRAPH_FILTER 0
-#define CONFIG_DRAWGRID_FILTER 0
-#define CONFIG_DRAWTEXT_FILTER 0
-#define CONFIG_EDGEDETECT_FILTER 0
-#define CONFIG_ELBG_FILTER 0
-#define CONFIG_EQ_FILTER 0
-#define CONFIG_EROSION_FILTER 0
-#define CONFIG_EXTRACTPLANES_FILTER 0
-#define CONFIG_FADE_FILTER 0
-#define CONFIG_FFTFILT_FILTER 0
-#define CONFIG_FIELD_FILTER 0
-#define CONFIG_FIELDHINT_FILTER 0
-#define CONFIG_FIELDMATCH_FILTER 0
-#define CONFIG_FIELDORDER_FILTER 0
-#define CONFIG_FIND_RECT_FILTER 0
-#define CONFIG_FORMAT_FILTER 0
-#define CONFIG_FPS_FILTER 0
-#define CONFIG_FRAMEPACK_FILTER 0
-#define CONFIG_FRAMERATE_FILTER 0
-#define CONFIG_FRAMESTEP_FILTER 0
-#define CONFIG_FREI0R_FILTER 0
-#define CONFIG_FSPP_FILTER 0
-#define CONFIG_GBLUR_FILTER 0
-#define CONFIG_GEQ_FILTER 0
-#define CONFIG_GRADFUN_FILTER 0
-#define CONFIG_HALDCLUT_FILTER 0
-#define CONFIG_HFLIP_FILTER 0
-#define CONFIG_HISTEQ_FILTER 0
-#define CONFIG_HISTOGRAM_FILTER 0
-#define CONFIG_HQDN3D_FILTER 0
-#define CONFIG_HQX_FILTER 0
-#define CONFIG_HSTACK_FILTER 0
-#define CONFIG_HUE_FILTER 0
-#define CONFIG_HWDOWNLOAD_FILTER 0
-#define CONFIG_HWUPLOAD_FILTER 0
-#define CONFIG_HWUPLOAD_CUDA_FILTER 0
-#define CONFIG_HYSTERESIS_FILTER 0
-#define CONFIG_IDET_FILTER 0
-#define CONFIG_IL_FILTER 0
-#define CONFIG_INFLATE_FILTER 0
-#define CONFIG_INTERLACE_FILTER 0
-#define CONFIG_INTERLEAVE_FILTER 0
-#define CONFIG_KERNDEINT_FILTER 0
-#define CONFIG_LENSCORRECTION_FILTER 0
-#define CONFIG_LOOP_FILTER 0
-#define CONFIG_LUT_FILTER 0
-#define CONFIG_LUT2_FILTER 0
-#define CONFIG_LUT3D_FILTER 0
-#define CONFIG_LUTRGB_FILTER 0
-#define CONFIG_LUTYUV_FILTER 0
-#define CONFIG_MASKEDCLAMP_FILTER 0
-#define CONFIG_MASKEDMERGE_FILTER 0
-#define CONFIG_MCDEINT_FILTER 0
-#define CONFIG_MERGEPLANES_FILTER 0
-#define CONFIG_MESTIMATE_FILTER 0
-#define CONFIG_METADATA_FILTER 0
-#define CONFIG_MINTERPOLATE_FILTER 0
-#define CONFIG_MPDECIMATE_FILTER 0
-#define CONFIG_NEGATE_FILTER 0
-#define CONFIG_NLMEANS_FILTER 0
-#define CONFIG_NNEDI_FILTER 0
-#define CONFIG_NOFORMAT_FILTER 0
-#define CONFIG_NOISE_FILTER 0
-#define CONFIG_NULL_FILTER 0
-#define CONFIG_OCR_FILTER 0
-#define CONFIG_OCV_FILTER 0
-#define CONFIG_OVERLAY_FILTER 0
-#define CONFIG_OWDENOISE_FILTER 0
-#define CONFIG_PAD_FILTER 0
-#define CONFIG_PALETTEGEN_FILTER 0
-#define CONFIG_PALETTEUSE_FILTER 0
-#define CONFIG_PERMS_FILTER 0
-#define CONFIG_PERSPECTIVE_FILTER 0
-#define CONFIG_PHASE_FILTER 0
-#define CONFIG_PIXDESCTEST_FILTER 0
-#define CONFIG_PP_FILTER 0
-#define CONFIG_PP7_FILTER 0
-#define CONFIG_PREWITT_FILTER 0
-#define CONFIG_PSNR_FILTER 0
-#define CONFIG_PULLUP_FILTER 0
-#define CONFIG_QP_FILTER 0
-#define CONFIG_RANDOM_FILTER 0
-#define CONFIG_READVITC_FILTER 0
-#define CONFIG_REALTIME_FILTER 0
-#define CONFIG_REMAP_FILTER 0
-#define CONFIG_REMOVEGRAIN_FILTER 0
-#define CONFIG_REMOVELOGO_FILTER 0
-#define CONFIG_REPEATFIELDS_FILTER 0
-#define CONFIG_REVERSE_FILTER 0
-#define CONFIG_ROTATE_FILTER 0
-#define CONFIG_SAB_FILTER 0
-#define CONFIG_SCALE_FILTER 0
-#define CONFIG_SCALE_NPP_FILTER 0
-#define CONFIG_SCALE_VAAPI_FILTER 0
-#define CONFIG_SCALE2REF_FILTER 0
-#define CONFIG_SELECT_FILTER 0
-#define CONFIG_SELECTIVECOLOR_FILTER 0
-#define CONFIG_SENDCMD_FILTER 0
-#define CONFIG_SEPARATEFIELDS_FILTER 0
-#define CONFIG_SETDAR_FILTER 0
-#define CONFIG_SETFIELD_FILTER 0
-#define CONFIG_SETPTS_FILTER 0
-#define CONFIG_SETSAR_FILTER 0
-#define CONFIG_SETTB_FILTER 0
-#define CONFIG_SHOWINFO_FILTER 0
-#define CONFIG_SHOWPALETTE_FILTER 0
-#define CONFIG_SHUFFLEFRAMES_FILTER 0
-#define CONFIG_SHUFFLEPLANES_FILTER 0
-#define CONFIG_SIDEDATA_FILTER 0
-#define CONFIG_SIGNALSTATS_FILTER 0
-#define CONFIG_SMARTBLUR_FILTER 0
-#define CONFIG_SOBEL_FILTER 0
-#define CONFIG_SPLIT_FILTER 0
-#define CONFIG_SPP_FILTER 0
-#define CONFIG_SSIM_FILTER 0
-#define CONFIG_STEREO3D_FILTER 0
-#define CONFIG_STREAMSELECT_FILTER 0
-#define CONFIG_SUBTITLES_FILTER 0
-#define CONFIG_SUPER2XSAI_FILTER 0
-#define CONFIG_SWAPRECT_FILTER 0
-#define CONFIG_SWAPUV_FILTER 0
-#define CONFIG_TBLEND_FILTER 0
-#define CONFIG_TELECINE_FILTER 0
-#define CONFIG_THUMBNAIL_FILTER 0
-#define CONFIG_TILE_FILTER 0
-#define CONFIG_TINTERLACE_FILTER 0
-#define CONFIG_TRANSPOSE_FILTER 0
-#define CONFIG_TRIM_FILTER 0
-#define CONFIG_UNSHARP_FILTER 0
-#define CONFIG_USPP_FILTER 0
-#define CONFIG_VAGUEDENOISER_FILTER 0
-#define CONFIG_VECTORSCOPE_FILTER 0
-#define CONFIG_VFLIP_FILTER 0
-#define CONFIG_VIDSTABDETECT_FILTER 0
-#define CONFIG_VIDSTABTRANSFORM_FILTER 0
-#define CONFIG_VIGNETTE_FILTER 0
-#define CONFIG_VSTACK_FILTER 0
-#define CONFIG_W3FDIF_FILTER 0
-#define CONFIG_WAVEFORM_FILTER 0
-#define CONFIG_WEAVE_FILTER 0
-#define CONFIG_XBR_FILTER 0
-#define CONFIG_YADIF_FILTER 0
-#define CONFIG_ZMQ_FILTER 0
-#define CONFIG_ZOOMPAN_FILTER 0
-#define CONFIG_ZSCALE_FILTER 0
-#define CONFIG_ALLRGB_FILTER 0
-#define CONFIG_ALLYUV_FILTER 0
-#define CONFIG_CELLAUTO_FILTER 0
-#define CONFIG_COLOR_FILTER 0
-#define CONFIG_COREIMAGESRC_FILTER 0
-#define CONFIG_FREI0R_SRC_FILTER 0
-#define CONFIG_HALDCLUTSRC_FILTER 0
-#define CONFIG_LIFE_FILTER 0
-#define CONFIG_MANDELBROT_FILTER 0
-#define CONFIG_MPTESTSRC_FILTER 0
-#define CONFIG_NULLSRC_FILTER 0
-#define CONFIG_RGBTESTSRC_FILTER 0
-#define CONFIG_SMPTEBARS_FILTER 0
-#define CONFIG_SMPTEHDBARS_FILTER 0
-#define CONFIG_TESTSRC_FILTER 0
-#define CONFIG_TESTSRC2_FILTER 0
-#define CONFIG_YUVTESTSRC_FILTER 0
-#define CONFIG_NULLSINK_FILTER 0
-#define CONFIG_ADRAWGRAPH_FILTER 0
-#define CONFIG_AHISTOGRAM_FILTER 0
-#define CONFIG_APHASEMETER_FILTER 0
-#define CONFIG_AVECTORSCOPE_FILTER 0
-#define CONFIG_CONCAT_FILTER 0
-#define CONFIG_SHOWCQT_FILTER 0
-#define CONFIG_SHOWFREQS_FILTER 0
-#define CONFIG_SHOWSPECTRUM_FILTER 0
-#define CONFIG_SHOWSPECTRUMPIC_FILTER 0
-#define CONFIG_SHOWVOLUME_FILTER 0
-#define CONFIG_SHOWWAVES_FILTER 0
-#define CONFIG_SHOWWAVESPIC_FILTER 0
-#define CONFIG_SPECTRUMSYNTH_FILTER 0
-#define CONFIG_AMOVIE_FILTER 0
-#define CONFIG_MOVIE_FILTER 0
-#define CONFIG_H263_CUVID_HWACCEL 0
-#define CONFIG_H263_VAAPI_HWACCEL 0
-#define CONFIG_H263_VIDEOTOOLBOX_HWACCEL 0
-#define CONFIG_H264_CUVID_HWACCEL 0
-#define CONFIG_H264_D3D11VA_HWACCEL 0
-#define CONFIG_H264_DXVA2_HWACCEL 0
-#define CONFIG_H264_MEDIACODEC_HWACCEL 0
-#define CONFIG_H264_MMAL_HWACCEL 0
-#define CONFIG_H264_QSV_HWACCEL 0
-#define CONFIG_H264_VAAPI_HWACCEL 0
-#define CONFIG_H264_VDA_HWACCEL 0
-#define CONFIG_H264_VDA_OLD_HWACCEL 0
-#define CONFIG_H264_VDPAU_HWACCEL 0
-#define CONFIG_H264_VIDEOTOOLBOX_HWACCEL 0
-#define CONFIG_HEVC_CUVID_HWACCEL 0
-#define CONFIG_HEVC_D3D11VA_HWACCEL 0
-#define CONFIG_HEVC_DXVA2_HWACCEL 0
-#define CONFIG_HEVC_MEDIACODEC_HWACCEL 0
-#define CONFIG_HEVC_QSV_HWACCEL 0
-#define CONFIG_HEVC_VAAPI_HWACCEL 0
-#define CONFIG_HEVC_VDPAU_HWACCEL 0
-#define CONFIG_MJPEG_CUVID_HWACCEL 0
-#define CONFIG_MPEG1_CUVID_HWACCEL 0
-#define CONFIG_MPEG1_XVMC_HWACCEL 0
-#define CONFIG_MPEG1_VDPAU_HWACCEL 0
-#define CONFIG_MPEG1_VIDEOTOOLBOX_HWACCEL 0
-#define CONFIG_MPEG2_CUVID_HWACCEL 0
-#define CONFIG_MPEG2_XVMC_HWACCEL 0
-#define CONFIG_MPEG2_D3D11VA_HWACCEL 0
-#define CONFIG_MPEG2_DXVA2_HWACCEL 0
-#define CONFIG_MPEG2_MMAL_HWACCEL 0
-#define CONFIG_MPEG2_QSV_HWACCEL 0
-#define CONFIG_MPEG2_VAAPI_HWACCEL 0
-#define CONFIG_MPEG2_VDPAU_HWACCEL 0
-#define CONFIG_MPEG2_VIDEOTOOLBOX_HWACCEL 0
-#define CONFIG_MPEG4_CUVID_HWACCEL 0
-#define CONFIG_MPEG4_MEDIACODEC_HWACCEL 0
-#define CONFIG_MPEG4_MMAL_HWACCEL 0
-#define CONFIG_MPEG4_VAAPI_HWACCEL 0
-#define CONFIG_MPEG4_VDPAU_HWACCEL 0
-#define CONFIG_MPEG4_VIDEOTOOLBOX_HWACCEL 0
-#define CONFIG_VC1_CUVID_HWACCEL 0
-#define CONFIG_VC1_D3D11VA_HWACCEL 0
-#define CONFIG_VC1_DXVA2_HWACCEL 0
-#define CONFIG_VC1_VAAPI_HWACCEL 0
-#define CONFIG_VC1_VDPAU_HWACCEL 0
-#define CONFIG_VC1_MMAL_HWACCEL 0
-#define CONFIG_VC1_QSV_HWACCEL 0
-#define CONFIG_VP8_CUVID_HWACCEL 0
-#define CONFIG_VP8_MEDIACODEC_HWACCEL 0
-#define CONFIG_VP9_CUVID_HWACCEL 0
-#define CONFIG_VP9_D3D11VA_HWACCEL 0
-#define CONFIG_VP9_DXVA2_HWACCEL 0
-#define CONFIG_VP9_MEDIACODEC_HWACCEL 0
-#define CONFIG_VP9_VAAPI_HWACCEL 0
-#define CONFIG_WMV3_D3D11VA_HWACCEL 0
-#define CONFIG_WMV3_DXVA2_HWACCEL 0
-#define CONFIG_WMV3_VAAPI_HWACCEL 0
-#define CONFIG_WMV3_VDPAU_HWACCEL 0
-#define CONFIG_ALSA_INDEV 0
-#define CONFIG_AVFOUNDATION_INDEV 0
-#define CONFIG_BKTR_INDEV 0
-#define CONFIG_DECKLINK_INDEV 0
-#define CONFIG_DSHOW_INDEV 0
-#define CONFIG_DV1394_INDEV 0
-#define CONFIG_FBDEV_INDEV 0
-#define CONFIG_GDIGRAB_INDEV 0
-#define CONFIG_IEC61883_INDEV 0
-#define CONFIG_JACK_INDEV 0
-#define CONFIG_LAVFI_INDEV 0
-#define CONFIG_OPENAL_INDEV 0
-#define CONFIG_OSS_INDEV 0
-#define CONFIG_PULSE_INDEV 0
-#define CONFIG_QTKIT_INDEV 0
-#define CONFIG_SNDIO_INDEV 0
-#define CONFIG_V4L2_INDEV 0
-#define CONFIG_VFWCAP_INDEV 0
-#define CONFIG_X11GRAB_INDEV 0
-#define CONFIG_X11GRAB_XCB_INDEV 0
-#define CONFIG_LIBCDIO_INDEV 0
-#define CONFIG_LIBDC1394_INDEV 0
-#define CONFIG_A64_MUXER 0
-#define CONFIG_AC3_MUXER 0
-#define CONFIG_ADTS_MUXER 0
-#define CONFIG_ADX_MUXER 0
-#define CONFIG_AIFF_MUXER 0
-#define CONFIG_AMR_MUXER 0
-#define CONFIG_APNG_MUXER 0
-#define CONFIG_ASF_MUXER 0
-#define CONFIG_ASS_MUXER 0
-#define CONFIG_AST_MUXER 0
-#define CONFIG_ASF_STREAM_MUXER 0
-#define CONFIG_AU_MUXER 0
-#define CONFIG_AVI_MUXER 0
-#define CONFIG_AVM2_MUXER 0
-#define CONFIG_BIT_MUXER 0
-#define CONFIG_CAF_MUXER 0
-#define CONFIG_CAVSVIDEO_MUXER 0
-#define CONFIG_CRC_MUXER 0
-#define CONFIG_DASH_MUXER 0
-#define CONFIG_DATA_MUXER 0
-#define CONFIG_DAUD_MUXER 0
-#define CONFIG_DIRAC_MUXER 0
-#define CONFIG_DNXHD_MUXER 0
-#define CONFIG_DTS_MUXER 0
-#define CONFIG_DV_MUXER 0
-#define CONFIG_EAC3_MUXER 0
-#define CONFIG_F4V_MUXER 0
-#define CONFIG_FFM_MUXER 0
-#define CONFIG_FFMETADATA_MUXER 0
-#define CONFIG_FIFO_MUXER 0
-#define CONFIG_FILMSTRIP_MUXER 0
-#define CONFIG_FLAC_MUXER 0
-#define CONFIG_FLV_MUXER 0
-#define CONFIG_FRAMECRC_MUXER 0
-#define CONFIG_FRAMEHASH_MUXER 0
-#define CONFIG_FRAMEMD5_MUXER 0
-#define CONFIG_G722_MUXER 0
-#define CONFIG_G723_1_MUXER 0
-#define CONFIG_GIF_MUXER 0
-#define CONFIG_GSM_MUXER 0
-#define CONFIG_GXF_MUXER 0
-#define CONFIG_H261_MUXER 0
-#define CONFIG_H263_MUXER 0
-#define CONFIG_H264_MUXER 0
-#define CONFIG_HASH_MUXER 0
-#define CONFIG_HDS_MUXER 0
-#define CONFIG_HEVC_MUXER 0
-#define CONFIG_HLS_MUXER 0
-#define CONFIG_ICO_MUXER 0
-#define CONFIG_ILBC_MUXER 0
-#define CONFIG_IMAGE2_MUXER 0
-#define CONFIG_IMAGE2PIPE_MUXER 0
-#define CONFIG_IPOD_MUXER 0
-#define CONFIG_IRCAM_MUXER 0
-#define CONFIG_ISMV_MUXER 0
-#define CONFIG_IVF_MUXER 0
-#define CONFIG_JACOSUB_MUXER 0
-#define CONFIG_LATM_MUXER 0
-#define CONFIG_LRC_MUXER 0
-#define CONFIG_M4V_MUXER 0
-#define CONFIG_MD5_MUXER 0
-#define CONFIG_MATROSKA_MUXER 0
-#define CONFIG_MATROSKA_AUDIO_MUXER 0
-#define CONFIG_MICRODVD_MUXER 0
-#define CONFIG_MJPEG_MUXER 0
-#define CONFIG_MLP_MUXER 0
-#define CONFIG_MMF_MUXER 0
-#define CONFIG_MOV_MUXER 0
-#define CONFIG_MP2_MUXER 0
-#define CONFIG_MP3_MUXER 0
-#define CONFIG_MP4_MUXER 0
-#define CONFIG_MPEG1SYSTEM_MUXER 0
-#define CONFIG_MPEG1VCD_MUXER 0
-#define CONFIG_MPEG1VIDEO_MUXER 0
-#define CONFIG_MPEG2DVD_MUXER 0
-#define CONFIG_MPEG2SVCD_MUXER 0
-#define CONFIG_MPEG2VIDEO_MUXER 0
-#define CONFIG_MPEG2VOB_MUXER 0
-#define CONFIG_MPEGTS_MUXER 0
-#define CONFIG_MPJPEG_MUXER 0
-#define CONFIG_MXF_MUXER 0
-#define CONFIG_MXF_D10_MUXER 0
-#define CONFIG_MXF_OPATOM_MUXER 0
-#define CONFIG_NULL_MUXER 0
-#define CONFIG_NUT_MUXER 0
-#define CONFIG_OGA_MUXER 0
-#define CONFIG_OGG_MUXER 0
-#define CONFIG_OGV_MUXER 0
-#define CONFIG_OMA_MUXER 0
-#define CONFIG_OPUS_MUXER 0
-#define CONFIG_PCM_ALAW_MUXER 0
-#define CONFIG_PCM_MULAW_MUXER 0
-#define CONFIG_PCM_F64BE_MUXER 0
-#define CONFIG_PCM_F64LE_MUXER 0
-#define CONFIG_PCM_F32BE_MUXER 0
-#define CONFIG_PCM_F32LE_MUXER 0
-#define CONFIG_PCM_S32BE_MUXER 0
-#define CONFIG_PCM_S32LE_MUXER 0
-#define CONFIG_PCM_S24BE_MUXER 0
-#define CONFIG_PCM_S24LE_MUXER 0
-#define CONFIG_PCM_S16BE_MUXER 0
-#define CONFIG_PCM_S16LE_MUXER 0
-#define CONFIG_PCM_S8_MUXER 0
-#define CONFIG_PCM_U32BE_MUXER 0
-#define CONFIG_PCM_U32LE_MUXER 0
-#define CONFIG_PCM_U24BE_MUXER 0
-#define CONFIG_PCM_U24LE_MUXER 0
-#define CONFIG_PCM_U16BE_MUXER 0
-#define CONFIG_PCM_U16LE_MUXER 0
-#define CONFIG_PCM_U8_MUXER 0
-#define CONFIG_PSP_MUXER 0
-#define CONFIG_RAWVIDEO_MUXER 0
-#define CONFIG_RM_MUXER 0
-#define CONFIG_ROQ_MUXER 0
-#define CONFIG_RSO_MUXER 0
-#define CONFIG_RTP_MUXER 0
-#define CONFIG_RTP_MPEGTS_MUXER 0
-#define CONFIG_RTSP_MUXER 0
-#define CONFIG_SAP_MUXER 0
-#define CONFIG_SEGMENT_MUXER 0
-#define CONFIG_STREAM_SEGMENT_MUXER 0
-#define CONFIG_SINGLEJPEG_MUXER 0
-#define CONFIG_SMJPEG_MUXER 0
-#define CONFIG_SMOOTHSTREAMING_MUXER 0
-#define CONFIG_SOX_MUXER 0
-#define CONFIG_SPX_MUXER 0
-#define CONFIG_SPDIF_MUXER 0
-#define CONFIG_SRT_MUXER 0
-#define CONFIG_SWF_MUXER 0
-#define CONFIG_TEE_MUXER 0
-#define CONFIG_TG2_MUXER 0
-#define CONFIG_TGP_MUXER 0
-#define CONFIG_MKVTIMESTAMP_V2_MUXER 0
-#define CONFIG_TRUEHD_MUXER 0
-#define CONFIG_TTA_MUXER 0
-#define CONFIG_UNCODEDFRAMECRC_MUXER 0
-#define CONFIG_VC1_MUXER 0
-#define CONFIG_VC1T_MUXER 0
-#define CONFIG_VOC_MUXER 0
-#define CONFIG_W64_MUXER 0
-#define CONFIG_WAV_MUXER 0
-#define CONFIG_WEBM_MUXER 0
-#define CONFIG_WEBM_DASH_MANIFEST_MUXER 0
-#define CONFIG_WEBM_CHUNK_MUXER 0
-#define CONFIG_WEBP_MUXER 0
-#define CONFIG_WEBVTT_MUXER 0
-#define CONFIG_WTV_MUXER 0
-#define CONFIG_WV_MUXER 0
-#define CONFIG_YUV4MPEGPIPE_MUXER 0
-#define CONFIG_CHROMAPRINT_MUXER 0
-#define CONFIG_LIBNUT_MUXER 0
-#define CONFIG_ALSA_OUTDEV 0
-#define CONFIG_CACA_OUTDEV 0
-#define CONFIG_DECKLINK_OUTDEV 0
-#define CONFIG_FBDEV_OUTDEV 0
-#define CONFIG_OPENGL_OUTDEV 0
-#define CONFIG_OSS_OUTDEV 0
-#define CONFIG_PULSE_OUTDEV 0
-#define CONFIG_SDL2_OUTDEV 0
-#define CONFIG_SNDIO_OUTDEV 0
-#define CONFIG_V4L2_OUTDEV 0
-#define CONFIG_XV_OUTDEV 0
-#define CONFIG_AAC_PARSER 0
-#define CONFIG_AAC_LATM_PARSER 0
-#define CONFIG_AC3_PARSER 0
-#define CONFIG_ADX_PARSER 0
-#define CONFIG_BMP_PARSER 0
-#define CONFIG_CAVSVIDEO_PARSER 0
-#define CONFIG_COOK_PARSER 0
-#define CONFIG_DCA_PARSER 0
-#define CONFIG_DIRAC_PARSER 0
-#define CONFIG_DNXHD_PARSER 0
-#define CONFIG_DPX_PARSER 0
-#define CONFIG_DVAUDIO_PARSER 0
-#define CONFIG_DVBSUB_PARSER 0
-#define CONFIG_DVDSUB_PARSER 0
-#define CONFIG_DVD_NAV_PARSER 0
 #define CONFIG_FLAC_PARSER 1
-#define CONFIG_G729_PARSER 0
-#define CONFIG_GSM_PARSER 0
-#define CONFIG_H261_PARSER 0
-#define CONFIG_H263_PARSER 0
-#define CONFIG_H264_PARSER 0
-#define CONFIG_HEVC_PARSER 0
-#define CONFIG_MJPEG_PARSER 0
-#define CONFIG_MLP_PARSER 0
-#define CONFIG_MPEG4VIDEO_PARSER 0
-#define CONFIG_MPEGAUDIO_PARSER 0
-#define CONFIG_MPEGVIDEO_PARSER 0
-#define CONFIG_OPUS_PARSER 0
-#define CONFIG_PNG_PARSER 0
-#define CONFIG_PNM_PARSER 0
-#define CONFIG_RV30_PARSER 0
-#define CONFIG_RV40_PARSER 0
-#define CONFIG_TAK_PARSER 0
-#define CONFIG_VC1_PARSER 0
-#define CONFIG_VORBIS_PARSER 0
-#define CONFIG_VP3_PARSER 0
 #define CONFIG_VP8_PARSER 1
 #define CONFIG_VP9_PARSER 1
-#define CONFIG_ASYNC_PROTOCOL 0
-#define CONFIG_BLURAY_PROTOCOL 0
-#define CONFIG_CACHE_PROTOCOL 0
-#define CONFIG_CONCAT_PROTOCOL 0
-#define CONFIG_CRYPTO_PROTOCOL 0
-#define CONFIG_DATA_PROTOCOL 0
-#define CONFIG_FFRTMPCRYPT_PROTOCOL 0
-#define CONFIG_FFRTMPHTTP_PROTOCOL 0
-#define CONFIG_FILE_PROTOCOL 0
-#define CONFIG_FTP_PROTOCOL 0
-#define CONFIG_GOPHER_PROTOCOL 0
-#define CONFIG_HLS_PROTOCOL 0
-#define CONFIG_HTTP_PROTOCOL 0
-#define CONFIG_HTTPPROXY_PROTOCOL 0
-#define CONFIG_HTTPS_PROTOCOL 0
-#define CONFIG_ICECAST_PROTOCOL 0
-#define CONFIG_MMSH_PROTOCOL 0
-#define CONFIG_MMST_PROTOCOL 0
-#define CONFIG_MD5_PROTOCOL 0
-#define CONFIG_PIPE_PROTOCOL 0
-#define CONFIG_RTMP_PROTOCOL 0
-#define CONFIG_RTMPE_PROTOCOL 0
-#define CONFIG_RTMPS_PROTOCOL 0
-#define CONFIG_RTMPT_PROTOCOL 0
-#define CONFIG_RTMPTE_PROTOCOL 0
-#define CONFIG_RTMPTS_PROTOCOL 0
-#define CONFIG_RTP_PROTOCOL 0
-#define CONFIG_SCTP_PROTOCOL 0
-#define CONFIG_SRTP_PROTOCOL 0
-#define CONFIG_SUBFILE_PROTOCOL 0
-#define CONFIG_TEE_PROTOCOL 0
-#define CONFIG_TCP_PROTOCOL 0
-#define CONFIG_TLS_GNUTLS_PROTOCOL 0
-#define CONFIG_TLS_SCHANNEL_PROTOCOL 0
-#define CONFIG_TLS_SECURETRANSPORT_PROTOCOL 0
-#define CONFIG_TLS_OPENSSL_PROTOCOL 0
-#define CONFIG_UDP_PROTOCOL 0
-#define CONFIG_UDPLITE_PROTOCOL 0
-#define CONFIG_UNIX_PROTOCOL 0
-#define CONFIG_LIBRTMP_PROTOCOL 0
-#define CONFIG_LIBRTMPE_PROTOCOL 0
-#define CONFIG_LIBRTMPS_PROTOCOL 0
-#define CONFIG_LIBRTMPT_PROTOCOL 0
-#define CONFIG_LIBRTMPTE_PROTOCOL 0
-#define CONFIG_LIBSSH_PROTOCOL 0
-#define CONFIG_LIBSMBCLIENT_PROTOCOL 0
 #endif /* FFMPEG_CONFIG_H */
diff --git a/media/ffvpx/config_darwin64.asm b/media/ffvpx/config_darwin64.asm
index 0e386ee14..7eccf378e 100644
--- a/media/ffvpx/config_darwin64.asm
+++ b/media/ffvpx/config_darwin64.asm
@@ -63,8 +63,8 @@
 %define HAVE_MIPSDSP 0
 %define HAVE_MIPSDSPR2 0
 %define HAVE_MSA 0
-%define HAVE_LOONGSON2 1
-%define HAVE_LOONGSON3 1
+%define HAVE_LOONGSON2 0
+%define HAVE_LOONGSON3 0
 %define HAVE_MMI 0
 %define HAVE_ARMV5TE_EXTERNAL 0
 %define HAVE_ARMV6_EXTERNAL 0
@@ -162,32 +162,33 @@
 %define HAVE_LOCAL_ALIGNED_16 1
 %define HAVE_LOCAL_ALIGNED_32 1
 %define HAVE_SIMD_ALIGN_16 1
+%define HAVE_SIMD_ALIGN_32 1
 %define HAVE_ATOMICS_GCC 1
 %define HAVE_ATOMICS_SUNCC 0
 %define HAVE_ATOMICS_WIN32 0
 %define HAVE_ATOMIC_CAS_PTR 0
-%define HAVE_ATOMIC_COMPARE_EXCHANGE 1
 %define HAVE_MACHINE_RW_BARRIER 0
 %define HAVE_MEMORYBARRIER 0
 %define HAVE_MM_EMPTY 1
 %define HAVE_RDTSC 0
 %define HAVE_SARESTART 1
-%define HAVE_SEM_TIMEDWAIT 1
+%define HAVE_SEM_TIMEDWAIT 0
 %define HAVE_SYNC_VAL_COMPARE_AND_SWAP 1
 %define HAVE_CABS 1
 %define HAVE_CEXP 1
 %define HAVE_INLINE_ASM 1
 %define HAVE_SYMVER 1
-%define HAVE_YASM 1
+%define HAVE_X86ASM 1
 %define HAVE_BIGENDIAN 0
 %define HAVE_FAST_UNALIGNED 1
-%define HAVE_ALSA_ASOUNDLIB_H 0
 %define HAVE_ALTIVEC_H 0
 %define HAVE_ARPA_INET_H 1
 %define HAVE_ASM_TYPES_H 0
 %define HAVE_CDIO_PARANOIA_H 0
 %define HAVE_CDIO_PARANOIA_PARANOIA_H 0
-%define HAVE_DISPATCH_DISPATCH_H 0
+%define HAVE_CUDA_H 0
+%define HAVE_D3D11_H 0
+%define HAVE_DISPATCH_DISPATCH_H 1
 %define HAVE_DEV_BKTR_IOCTL_BT848_H 0
 %define HAVE_DEV_BKTR_IOCTL_METEOR_H 0
 %define HAVE_DEV_IC_BT8XX_H 0
@@ -196,7 +197,7 @@
 %define HAVE_DIRECT_H 0
 %define HAVE_DIRENT_H 1
 %define HAVE_DLFCN_H 1
-%define HAVE_D3D11_H 0
+%define HAVE_DXGIDEBUG_H 0
 %define HAVE_DXVA_H 0
 %define HAVE_ES2_GL_H 0
 %define HAVE_GSM_H 0
@@ -205,13 +206,15 @@
 %define HAVE_MACHINE_IOCTL_BT848_H 0
 %define HAVE_MACHINE_IOCTL_METEOR_H 0
 %define HAVE_OPENCV2_CORE_CORE_C_H 0
+%define HAVE_OPENJPEG_2_3_OPENJPEG_H 0
+%define HAVE_OPENJPEG_2_2_OPENJPEG_H 0
 %define HAVE_OPENJPEG_2_1_OPENJPEG_H 0
 %define HAVE_OPENJPEG_2_0_OPENJPEG_H 0
 %define HAVE_OPENJPEG_1_5_OPENJPEG_H 0
 %define HAVE_OPENGL_GL3_H 0
 %define HAVE_POLL_H 1
-%define HAVE_SNDIO_H 0
 %define HAVE_SOUNDCARD_H 0
+%define HAVE_STDATOMIC_H 1
 %define HAVE_SYS_MMAN_H 1
 %define HAVE_SYS_PARAM_H 1
 %define HAVE_SYS_RESOURCE_H 1
@@ -258,12 +261,11 @@
 %define HAVE_TRUNCF 1
 %define HAVE_ACCESS 1
 %define HAVE_ALIGNED_MALLOC 0
-%define HAVE_CLOCK_GETTIME 0
+%define HAVE_CLOCK_GETTIME 1
 %define HAVE_CLOSESOCKET 0
 %define HAVE_COMMANDLINETOARGVW 0
 %define HAVE_COTASKMEMFREE 0
 %define HAVE_CRYPTGENRANDOM 0
-%define HAVE_DLOPEN 1
 %define HAVE_FCNTL 1
 %define HAVE_FLT_LIM 1
 %define HAVE_FORK 1
@@ -304,18 +306,20 @@
 %define HAVE_SYSCONF 1
 %define HAVE_SYSCTL 1
 %define HAVE_USLEEP 1
-%define HAVE_UTGETOSTYPEFROMSTRING 1
+%define HAVE_UTGETOSTYPEFROMSTRING 0
 %define HAVE_VIRTUALALLOC 0
 %define HAVE_WGLGETPROCADDRESS 0
 %define HAVE_PTHREADS 1
 %define HAVE_OS2THREADS 0
 %define HAVE_W32THREADS 0
 %define HAVE_AS_DN_DIRECTIVE 0
+%define HAVE_AS_FPU_DIRECTIVE 0
 %define HAVE_AS_FUNC 0
 %define HAVE_AS_OBJECT_ARCH 0
 %define HAVE_ASM_MOD_Q 0
 %define HAVE_ATTRIBUTE_MAY_ALIAS 1
 %define HAVE_ATTRIBUTE_PACKED 1
+%define HAVE_BLOCKS_EXTENSION 1
 %define HAVE_EBP_AVAILABLE 1
 %define HAVE_EBX_AVAILABLE 1
 %define HAVE_GNU_AS 0
@@ -332,6 +336,7 @@
 %define HAVE_XFORM_ASM 0
 %define HAVE_XMM_CLOBBERS 1
 %define HAVE_CONDITION_VARIABLE_PTR 0
+%define HAVE_KCMVIDEOCODECTYPE_HEVC 0
 %define HAVE_SOCKLEN_T 1
 %define HAVE_STRUCT_ADDRINFO 1
 %define HAVE_STRUCT_GROUP_SOURCE_REQ 1
@@ -348,50 +353,38 @@
 %define HAVE_STRUCT_V4L2_FRMIVALENUM_DISCRETE 0
 %define HAVE_ATOMICS_NATIVE 1
 %define HAVE_DOS_PATHS 0
-%define HAVE_DXVA2_LIB 0
-%define HAVE_DXVA2API_COBJ 0
 %define HAVE_LIBC_MSVCRT 0
-%define HAVE_LIBDC1394_1 0
-%define HAVE_LIBDC1394_2 0
 %define HAVE_MAKEINFO 1
-%define HAVE_MAKEINFO_HTML 1
+%define HAVE_MAKEINFO_HTML 0
 %define HAVE_MMAL_PARAMETER_VIDEO_MAX_NUM_CALLBACKS 0
 %define HAVE_PERL 1
 %define HAVE_POD2MAN 1
-%define HAVE_SDL2 0
 %define HAVE_SECTION_DATA_REL_RO 0
 %define HAVE_TEXI2HTML 0
 %define HAVE_THREADS 1
+%define HAVE_UWP 0
 %define HAVE_VAAPI_DRM 0
 %define HAVE_VAAPI_X11 0
 %define HAVE_VDPAU_X11 0
 %define HAVE_WINRT 0
-%define HAVE_XLIB 0
-%define CONFIG_BSFS 0
-%define CONFIG_DECODERS 1
-%define CONFIG_ENCODERS 0
-%define CONFIG_HWACCELS 0
-%define CONFIG_PARSERS 1
-%define CONFIG_INDEVS 0
-%define CONFIG_OUTDEVS 0
-%define CONFIG_FILTERS 0
-%define CONFIG_DEMUXERS 0
-%define CONFIG_MUXERS 0
-%define CONFIG_PROTOCOLS 0
 %define CONFIG_DOC 0
-%define CONFIG_HTMLPAGES 1
+%define CONFIG_HTMLPAGES 0
 %define CONFIG_MANPAGES 1
 %define CONFIG_PODPAGES 1
 %define CONFIG_TXTPAGES 1
 %define CONFIG_AVIO_DIR_CMD_EXAMPLE 1
 %define CONFIG_AVIO_READING_EXAMPLE 1
-%define CONFIG_DECODING_ENCODING_EXAMPLE 0
+%define CONFIG_DECODE_AUDIO_EXAMPLE 1
+%define CONFIG_DECODE_VIDEO_EXAMPLE 1
 %define CONFIG_DEMUXING_DECODING_EXAMPLE 0
+%define CONFIG_ENCODE_AUDIO_EXAMPLE 1
+%define CONFIG_ENCODE_VIDEO_EXAMPLE 1
 %define CONFIG_EXTRACT_MVS_EXAMPLE 0
 %define CONFIG_FILTER_AUDIO_EXAMPLE 0
 %define CONFIG_FILTERING_AUDIO_EXAMPLE 0
 %define CONFIG_FILTERING_VIDEO_EXAMPLE 0
 %define CONFIG_HTTP_MULTICLIENT_EXAMPLE 0
+%define CONFIG_HW_DECODE_EXAMPLE 0
 %define CONFIG_METADATA_EXAMPLE 0
 %define CONFIG_MUXING_EXAMPLE 0
 %define CONFIG_QSVDEC_EXAMPLE 0
@@ -400,27 +393,55 @@
 %define CONFIG_SCALING_VIDEO_EXAMPLE 0
 %define CONFIG_TRANSCODE_AAC_EXAMPLE 0
 %define CONFIG_TRANSCODING_EXAMPLE 0
+%define CONFIG_ALSA 0
+%define CONFIG_APPKIT 1
+%define CONFIG_AVFOUNDATION 1
+%define CONFIG_BZLIB 1
+%define CONFIG_COREIMAGE 1
+%define CONFIG_ICONV 0
+%define CONFIG_JACK 0
+%define CONFIG_LIBXCB 0
+%define CONFIG_LIBXCB_SHM 0
+%define CONFIG_LIBXCB_SHAPE 0
+%define CONFIG_LIBXCB_XFIXES 0
+%define CONFIG_LZMA 0
+%define CONFIG_SCHANNEL 0
+%define CONFIG_SDL2 0
+%define CONFIG_SECURETRANSPORT 0
+%define CONFIG_SNDIO 0
+%define CONFIG_XLIB 1
+%define CONFIG_ZLIB 1
 %define CONFIG_AVISYNTH 0
-%define CONFIG_BZLIB 0
-%define CONFIG_CHROMAPRINT 0
-%define CONFIG_CRYSTALHD 0
-%define CONFIG_DECKLINK 0
 %define CONFIG_FREI0R 0
-%define CONFIG_GCRYPT 0
+%define CONFIG_LIBCDIO 0
+%define CONFIG_LIBRUBBERBAND 0
+%define CONFIG_LIBVIDSTAB 0
+%define CONFIG_LIBX264 0
+%define CONFIG_LIBX265 0
+%define CONFIG_LIBXAVS 0
+%define CONFIG_LIBXVID 0
+%define CONFIG_DECKLINK 0
+%define CONFIG_LIBNDI_NEWTEK 0
+%define CONFIG_LIBFDK_AAC 0
+%define CONFIG_OPENSSL 0
 %define CONFIG_GMP 0
+%define CONFIG_LIBOPENCORE_AMRNB 0
+%define CONFIG_LIBOPENCORE_AMRWB 0
+%define CONFIG_LIBVO_AMRWBENC 0
+%define CONFIG_RKMPP 0
+%define CONFIG_LIBSMBCLIENT 0
+%define CONFIG_CHROMAPRINT 0
+%define CONFIG_GCRYPT 0
 %define CONFIG_GNUTLS 0
-%define CONFIG_ICONV 0
 %define CONFIG_JNI 0
 %define CONFIG_LADSPA 0
 %define CONFIG_LIBASS 0
 %define CONFIG_LIBBLURAY 0
 %define CONFIG_LIBBS2B 0
 %define CONFIG_LIBCACA 0
-%define CONFIG_LIBCDIO 0
 %define CONFIG_LIBCELT 0
 %define CONFIG_LIBDC1394 0
-%define CONFIG_LIBEBUR128 0
-%define CONFIG_LIBFDK_AAC 0
+%define CONFIG_LIBDRM 0
 %define CONFIG_LIBFLITE 0
 %define CONFIG_LIBFONTCONFIG 0
 %define CONFIG_LIBFREETYPE 0
@@ -432,18 +453,15 @@
 %define CONFIG_LIBKVAZAAR 0
 %define CONFIG_LIBMODPLUG 0
 %define CONFIG_LIBMP3LAME 0
-%define CONFIG_LIBNUT 0
-%define CONFIG_LIBOPENCORE_AMRNB 0
-%define CONFIG_LIBOPENCORE_AMRWB 0
+%define CONFIG_LIBMYSOFA 0
 %define CONFIG_LIBOPENCV 0
 %define CONFIG_LIBOPENH264 0
 %define CONFIG_LIBOPENJPEG 0
 %define CONFIG_LIBOPENMPT 0
 %define CONFIG_LIBOPUS 0
 %define CONFIG_LIBPULSE 0
+%define CONFIG_LIBRSVG 0
 %define CONFIG_LIBRTMP 0
-%define CONFIG_LIBRUBBERBAND 0
-%define CONFIG_LIBSCHROEDINGER 0
 %define CONFIG_LIBSHINE 0
 %define CONFIG_LIBSMBCLIENT 0
 %define CONFIG_LIBSNAPPY 0
@@ -454,53 +472,37 @@
 %define CONFIG_LIBTHEORA 0
 %define CONFIG_LIBTWOLAME 0
 %define CONFIG_LIBV4L2 0
-%define CONFIG_LIBVIDSTAB 0
-%define CONFIG_LIBVO_AMRWBENC 0
+%define CONFIG_LIBVMAF 0
 %define CONFIG_LIBVORBIS 0
 %define CONFIG_LIBVPX 0
 %define CONFIG_LIBWAVPACK 0
 %define CONFIG_LIBWEBP 0
-%define CONFIG_LIBX264 0
-%define CONFIG_LIBX265 0
-%define CONFIG_LIBXAVS 0
-%define CONFIG_LIBXCB 0
-%define CONFIG_LIBXCB_SHM 0
-%define CONFIG_LIBXCB_SHAPE 0
-%define CONFIG_LIBXCB_XFIXES 0
-%define CONFIG_LIBXVID 0
+%define CONFIG_LIBXML2 0
 %define CONFIG_LIBZIMG 0
 %define CONFIG_LIBZMQ 0
 %define CONFIG_LIBZVBI 0
-%define CONFIG_LZMA 0
 %define CONFIG_MEDIACODEC 0
-%define CONFIG_NETCDF 0
 %define CONFIG_OPENAL 0
 %define CONFIG_OPENCL 0
 %define CONFIG_OPENGL 0
-%define CONFIG_OPENSSL 0
-%define CONFIG_SCHANNEL 0
-%define CONFIG_SDL 0
-%define CONFIG_SDL2 0
-%define CONFIG_SECURETRANSPORT 0
-%define CONFIG_VIDEOTOOLBOX 0
-%define CONFIG_X11GRAB 0
-%define CONFIG_XLIB 0
-%define CONFIG_ZLIB 0
-%define CONFIG_AUDIOTOOLBOX 0
+%define CONFIG_AUDIOTOOLBOX 1
+%define CONFIG_CRYSTALHD 0
 %define CONFIG_CUDA 0
 %define CONFIG_CUVID 0
 %define CONFIG_D3D11VA 0
 %define CONFIG_DXVA2 0
-%define CONFIG_LIBMFX 0
-%define CONFIG_LIBNPP 0
-%define CONFIG_MMAL 0
 %define CONFIG_NVENC 0
-%define CONFIG_OMX 0
 %define CONFIG_VAAPI 0
 %define CONFIG_VDA 0
 %define CONFIG_VDPAU 0
-%define CONFIG_VIDEOTOOLBOX_HWACCEL 0
+%define CONFIG_VIDEOTOOLBOX 0
+%define CONFIG_V4L2_M2M 0
 %define CONFIG_XVMC 0
+%define CONFIG_CUDA_SDK 0
+%define CONFIG_LIBNPP 0
+%define CONFIG_LIBMFX 0
+%define CONFIG_MMAL 0
+%define CONFIG_OMX 0
 %define CONFIG_FTRAPV 0
 %define CONFIG_GRAY 0
 %define CONFIG_HARDCODED_TABLES 0
@@ -539,16 +541,27 @@
 %define CONFIG_PIXELUTILS 0
 %define CONFIG_NETWORK 0
 %define CONFIG_RDFT 0
+%define CONFIG_AUTODETECT 0
 %define CONFIG_FONTCONFIG 0
-%define CONFIG_MEMALIGN_HACK 0
+%define CONFIG_LINUX_PERF 0
 %define CONFIG_MEMORY_POISONING 0
 %define CONFIG_NEON_CLOBBER_TEST 0
+%define CONFIG_OSSFUZZ 0
 %define CONFIG_PIC 1
-%define CONFIG_POD2MAN 1
-%define CONFIG_RAISE_MAJOR 0
 %define CONFIG_THUMB 0
 %define CONFIG_VALGRIND_BACKTRACE 0
 %define CONFIG_XMM_CLOBBER_TEST 0
+%define CONFIG_BSFS 1
+%define CONFIG_DECODERS 1
+%define CONFIG_ENCODERS 0
+%define CONFIG_HWACCELS 0
+%define CONFIG_PARSERS 1
+%define CONFIG_INDEVS 0
+%define CONFIG_OUTDEVS 0
+%define CONFIG_FILTERS 0
+%define CONFIG_DEMUXERS 0
+%define CONFIG_MUXERS 0
+%define CONFIG_PROTOCOLS 0
 %define CONFIG_AANDCTTABLES 0
 %define CONFIG_AC3DSP 0
 %define CONFIG_AUDIO_FRAME_QUEUE 0
@@ -566,20 +579,22 @@
 %define CONFIG_FMTCONVERT 0
 %define CONFIG_FRAME_THREAD_ENCODER 0
 %define CONFIG_G722DSP 0
-%define CONFIG_GOLOMB 1
+%define CONFIG_GOLOMB 0
 %define CONFIG_GPLV3 0
 %define CONFIG_H263DSP 0
 %define CONFIG_H264CHROMA 0
 %define CONFIG_H264DSP 0
+%define CONFIG_H264PARSE 0
 %define CONFIG_H264PRED 1
 %define CONFIG_H264QPEL 0
+%define CONFIG_HEVCPARSE 0
 %define CONFIG_HPELDSP 0
 %define CONFIG_HUFFMAN 0
 %define CONFIG_HUFFYUVDSP 0
 %define CONFIG_HUFFYUVENCDSP 0
 %define CONFIG_IDCTDSP 0
 %define CONFIG_IIRFILTER 0
-%define CONFIG_IMDCT15 0
+%define CONFIG_MDCT15 0
 %define CONFIG_INTRAX8 0
 %define CONFIG_ISO_MEDIA 0
 %define CONFIG_IVIDSP 0
@@ -588,12 +603,14 @@
 %define CONFIG_LIBX262 0
 %define CONFIG_LLAUDDSP 0
 %define CONFIG_LLVIDDSP 0
+%define CONFIG_LLVIDENCDSP 0
 %define CONFIG_LPC 0
 %define CONFIG_LZF 0
 %define CONFIG_ME_CMP 0
 %define CONFIG_MPEG_ER 0
 %define CONFIG_MPEGAUDIO 0
 %define CONFIG_MPEGAUDIODSP 0
+%define CONFIG_MPEGAUDIOHEADER 0
 %define CONFIG_MPEGVIDEO 0
 %define CONFIG_MPEGVIDEOENC 0
 %define CONFIG_MSS34DSP 0
@@ -615,1594 +632,19 @@
 %define CONFIG_TEXTUREDSP 0
 %define CONFIG_TEXTUREDSPENC 0
 %define CONFIG_TPELDSP 0
+%define CONFIG_VAAPI_1 0
 %define CONFIG_VAAPI_ENCODE 0
 %define CONFIG_VC1DSP 0
 %define CONFIG_VIDEODSP 1
 %define CONFIG_VP3DSP 0
 %define CONFIG_VP56DSP 0
 %define CONFIG_VP8DSP 1
-%define CONFIG_VT_BT2020 0
 %define CONFIG_WMA_FREQS 0
 %define CONFIG_WMV2DSP 0
-%define CONFIG_AAC_ADTSTOASC_BSF 0
-%define CONFIG_CHOMP_BSF 0
-%define CONFIG_DUMP_EXTRADATA_BSF 0
-%define CONFIG_DCA_CORE_BSF 0
-%define CONFIG_H264_MP4TOANNEXB_BSF 0
-%define CONFIG_HEVC_MP4TOANNEXB_BSF 0
-%define CONFIG_IMX_DUMP_HEADER_BSF 0
-%define CONFIG_MJPEG2JPEG_BSF 0
-%define CONFIG_MJPEGA_DUMP_HEADER_BSF 0
-%define CONFIG_MP3_HEADER_DECOMPRESS_BSF 0
-%define CONFIG_MPEG4_UNPACK_BFRAMES_BSF 0
-%define CONFIG_MOV2TEXTSUB_BSF 0
-%define CONFIG_NOISE_BSF 0
-%define CONFIG_REMOVE_EXTRADATA_BSF 0
-%define CONFIG_TEXT2MOVSUB_BSF 0
-%define CONFIG_VP9_SUPERFRAME_BSF 0
-%define CONFIG_AASC_DECODER 0
-%define CONFIG_AIC_DECODER 0
-%define CONFIG_ALIAS_PIX_DECODER 0
-%define CONFIG_AMV_DECODER 0
-%define CONFIG_ANM_DECODER 0
-%define CONFIG_ANSI_DECODER 0
-%define CONFIG_APNG_DECODER 0
-%define CONFIG_ASV1_DECODER 0
-%define CONFIG_ASV2_DECODER 0
-%define CONFIG_AURA_DECODER 0
-%define CONFIG_AURA2_DECODER 0
-%define CONFIG_AVRP_DECODER 0
-%define CONFIG_AVRN_DECODER 0
-%define CONFIG_AVS_DECODER 0
-%define CONFIG_AVUI_DECODER 0
-%define CONFIG_AYUV_DECODER 0
-%define CONFIG_BETHSOFTVID_DECODER 0
-%define CONFIG_BFI_DECODER 0
-%define CONFIG_BINK_DECODER 0
-%define CONFIG_BMP_DECODER 0
-%define CONFIG_BMV_VIDEO_DECODER 0
-%define CONFIG_BRENDER_PIX_DECODER 0
-%define CONFIG_C93_DECODER 0
-%define CONFIG_CAVS_DECODER 0
-%define CONFIG_CDGRAPHICS_DECODER 0
-%define CONFIG_CDXL_DECODER 0
-%define CONFIG_CFHD_DECODER 0
-%define CONFIG_CINEPAK_DECODER 0
-%define CONFIG_CLJR_DECODER 0
-%define CONFIG_CLLC_DECODER 0
-%define CONFIG_COMFORTNOISE_DECODER 0
-%define CONFIG_CPIA_DECODER 0
-%define CONFIG_CSCD_DECODER 0
-%define CONFIG_CYUV_DECODER 0
-%define CONFIG_DDS_DECODER 0
-%define CONFIG_DFA_DECODER 0
-%define CONFIG_DIRAC_DECODER 0
-%define CONFIG_DNXHD_DECODER 0
-%define CONFIG_DPX_DECODER 0
-%define CONFIG_DSICINVIDEO_DECODER 0
-%define CONFIG_DVAUDIO_DECODER 0
-%define CONFIG_DVVIDEO_DECODER 0
-%define CONFIG_DXA_DECODER 0
-%define CONFIG_DXTORY_DECODER 0
-%define CONFIG_DXV_DECODER 0
-%define CONFIG_EACMV_DECODER 0
-%define CONFIG_EAMAD_DECODER 0
-%define CONFIG_EATGQ_DECODER 0
-%define CONFIG_EATGV_DECODER 0
-%define CONFIG_EATQI_DECODER 0
-%define CONFIG_EIGHTBPS_DECODER 0
-%define CONFIG_EIGHTSVX_EXP_DECODER 0
-%define CONFIG_EIGHTSVX_FIB_DECODER 0
-%define CONFIG_ESCAPE124_DECODER 0
-%define CONFIG_ESCAPE130_DECODER 0
-%define CONFIG_EXR_DECODER 0
-%define CONFIG_FFV1_DECODER 0
-%define CONFIG_FFVHUFF_DECODER 0
-%define CONFIG_FIC_DECODER 0
-%define CONFIG_FLASHSV_DECODER 0
-%define CONFIG_FLASHSV2_DECODER 0
-%define CONFIG_FLIC_DECODER 0
-%define CONFIG_FLV_DECODER 0
-%define CONFIG_FOURXM_DECODER 0
-%define CONFIG_FRAPS_DECODER 0
-%define CONFIG_FRWU_DECODER 0
-%define CONFIG_G2M_DECODER 0
-%define CONFIG_GIF_DECODER 0
-%define CONFIG_H261_DECODER 0
-%define CONFIG_H263_DECODER 0
-%define CONFIG_H263I_DECODER 0
-%define CONFIG_H263P_DECODER 0
-%define CONFIG_H264_DECODER 0
-%define CONFIG_H264_CRYSTALHD_DECODER 0
-%define CONFIG_H264_MEDIACODEC_DECODER 0
-%define CONFIG_H264_MMAL_DECODER 0
-%define CONFIG_H264_QSV_DECODER 0
-%define CONFIG_H264_VDA_DECODER 0
-%define CONFIG_H264_VDPAU_DECODER 0
-%define CONFIG_HAP_DECODER 0
-%define CONFIG_HEVC_DECODER 0
-%define CONFIG_HEVC_QSV_DECODER 0
-%define CONFIG_HNM4_VIDEO_DECODER 0
-%define CONFIG_HQ_HQA_DECODER 0
-%define CONFIG_HQX_DECODER 0
-%define CONFIG_HUFFYUV_DECODER 0
-%define CONFIG_IDCIN_DECODER 0
-%define CONFIG_IFF_ILBM_DECODER 0
-%define CONFIG_INDEO2_DECODER 0
-%define CONFIG_INDEO3_DECODER 0
-%define CONFIG_INDEO4_DECODER 0
-%define CONFIG_INDEO5_DECODER 0
-%define CONFIG_INTERPLAY_VIDEO_DECODER 0
-%define CONFIG_JPEG2000_DECODER 0
-%define CONFIG_JPEGLS_DECODER 0
-%define CONFIG_JV_DECODER 0
-%define CONFIG_KGV1_DECODER 0
-%define CONFIG_KMVC_DECODER 0
-%define CONFIG_LAGARITH_DECODER 0
-%define CONFIG_LOCO_DECODER 0
-%define CONFIG_M101_DECODER 0
-%define CONFIG_MAGICYUV_DECODER 0
-%define CONFIG_MDEC_DECODER 0
-%define CONFIG_MIMIC_DECODER 0
-%define CONFIG_MJPEG_DECODER 0
-%define CONFIG_MJPEGB_DECODER 0
-%define CONFIG_MMVIDEO_DECODER 0
-%define CONFIG_MOTIONPIXELS_DECODER 0
-%define CONFIG_MPEG_XVMC_DECODER 0
-%define CONFIG_MPEG1VIDEO_DECODER 0
-%define CONFIG_MPEG2VIDEO_DECODER 0
-%define CONFIG_MPEG4_DECODER 0
-%define CONFIG_MPEG4_CRYSTALHD_DECODER 0
-%define CONFIG_MPEG4_MMAL_DECODER 0
-%define CONFIG_MPEG4_VDPAU_DECODER 0
-%define CONFIG_MPEGVIDEO_DECODER 0
-%define CONFIG_MPEG_VDPAU_DECODER 0
-%define CONFIG_MPEG1_VDPAU_DECODER 0
-%define CONFIG_MPEG2_MMAL_DECODER 0
-%define CONFIG_MPEG2_CRYSTALHD_DECODER 0
-%define CONFIG_MPEG2_QSV_DECODER 0
-%define CONFIG_MSA1_DECODER 0
-%define CONFIG_MSMPEG4_CRYSTALHD_DECODER 0
-%define CONFIG_MSMPEG4V1_DECODER 0
-%define CONFIG_MSMPEG4V2_DECODER 0
-%define CONFIG_MSMPEG4V3_DECODER 0
-%define CONFIG_MSRLE_DECODER 0
-%define CONFIG_MSS1_DECODER 0
-%define CONFIG_MSS2_DECODER 0
-%define CONFIG_MSVIDEO1_DECODER 0
-%define CONFIG_MSZH_DECODER 0
-%define CONFIG_MTS2_DECODER 0
-%define CONFIG_MVC1_DECODER 0
-%define CONFIG_MVC2_DECODER 0
-%define CONFIG_MXPEG_DECODER 0
-%define CONFIG_NUV_DECODER 0
-%define CONFIG_PAF_VIDEO_DECODER 0
-%define CONFIG_PAM_DECODER 0
-%define CONFIG_PBM_DECODER 0
-%define CONFIG_PCX_DECODER 0
-%define CONFIG_PGM_DECODER 0
-%define CONFIG_PGMYUV_DECODER 0
-%define CONFIG_PICTOR_DECODER 0
-%define CONFIG_PNG_DECODER 0
-%define CONFIG_PPM_DECODER 0
-%define CONFIG_PRORES_DECODER 0
-%define CONFIG_PRORES_LGPL_DECODER 0
-%define CONFIG_PTX_DECODER 0
-%define CONFIG_QDRAW_DECODER 0
-%define CONFIG_QPEG_DECODER 0
-%define CONFIG_QTRLE_DECODER 0
-%define CONFIG_R10K_DECODER 0
-%define CONFIG_R210_DECODER 0
-%define CONFIG_RAWVIDEO_DECODER 0
-%define CONFIG_RL2_DECODER 0
-%define CONFIG_ROQ_DECODER 0
-%define CONFIG_RPZA_DECODER 0
-%define CONFIG_RSCC_DECODER 0
-%define CONFIG_RV10_DECODER 0
-%define CONFIG_RV20_DECODER 0
-%define CONFIG_RV30_DECODER 0
-%define CONFIG_RV40_DECODER 0
-%define CONFIG_S302M_DECODER 0
-%define CONFIG_SANM_DECODER 0
-%define CONFIG_SCREENPRESSO_DECODER 0
-%define CONFIG_SDX2_DPCM_DECODER 0
-%define CONFIG_SGI_DECODER 0
-%define CONFIG_SGIRLE_DECODER 0
-%define CONFIG_SHEERVIDEO_DECODER 0
-%define CONFIG_SMACKER_DECODER 0
-%define CONFIG_SMC_DECODER 0
-%define CONFIG_SMVJPEG_DECODER 0
-%define CONFIG_SNOW_DECODER 0
-%define CONFIG_SP5X_DECODER 0
-%define CONFIG_SUNRAST_DECODER 0
-%define CONFIG_SVQ1_DECODER 0
-%define CONFIG_SVQ3_DECODER 0
-%define CONFIG_TARGA_DECODER 0
-%define CONFIG_TARGA_Y216_DECODER 0
-%define CONFIG_TDSC_DECODER 0
-%define CONFIG_THEORA_DECODER 0
-%define CONFIG_THP_DECODER 0
-%define CONFIG_TIERTEXSEQVIDEO_DECODER 0
-%define CONFIG_TIFF_DECODER 0
-%define CONFIG_TMV_DECODER 0
-%define CONFIG_TRUEMOTION1_DECODER 0
-%define CONFIG_TRUEMOTION2_DECODER 0
-%define CONFIG_TRUEMOTION2RT_DECODER 0
-%define CONFIG_TSCC_DECODER 0
-%define CONFIG_TSCC2_DECODER 0
-%define CONFIG_TXD_DECODER 0
-%define CONFIG_ULTI_DECODER 0
-%define CONFIG_UTVIDEO_DECODER 0
-%define CONFIG_V210_DECODER 0
-%define CONFIG_V210X_DECODER 0
-%define CONFIG_V308_DECODER 0
-%define CONFIG_V408_DECODER 0
-%define CONFIG_V410_DECODER 0
-%define CONFIG_VB_DECODER 0
-%define CONFIG_VBLE_DECODER 0
-%define CONFIG_VC1_DECODER 0
-%define CONFIG_VC1_CRYSTALHD_DECODER 0
-%define CONFIG_VC1_VDPAU_DECODER 0
-%define CONFIG_VC1IMAGE_DECODER 0
-%define CONFIG_VC1_MMAL_DECODER 0
-%define CONFIG_VC1_QSV_DECODER 0
-%define CONFIG_VCR1_DECODER 0
-%define CONFIG_VMDVIDEO_DECODER 0
-%define CONFIG_VMNC_DECODER 0
-%define CONFIG_VP3_DECODER 0
-%define CONFIG_VP5_DECODER 0
-%define CONFIG_VP6_DECODER 0
-%define CONFIG_VP6A_DECODER 0
-%define CONFIG_VP6F_DECODER 0
-%define CONFIG_VP7_DECODER 0
+%define CONFIG_NULL_BSF 1
 %define CONFIG_VP8_DECODER 1
 %define CONFIG_VP9_DECODER 1
-%define CONFIG_VQA_DECODER 0
-%define CONFIG_WEBP_DECODER 0
-%define CONFIG_WMV1_DECODER 0
-%define CONFIG_WMV2_DECODER 0
-%define CONFIG_WMV3_DECODER 0
-%define CONFIG_WMV3_CRYSTALHD_DECODER 0
-%define CONFIG_WMV3_VDPAU_DECODER 0
-%define CONFIG_WMV3IMAGE_DECODER 0
-%define CONFIG_WNV1_DECODER 0
-%define CONFIG_XAN_WC3_DECODER 0
-%define CONFIG_XAN_WC4_DECODER 0
-%define CONFIG_XBM_DECODER 0
-%define CONFIG_XFACE_DECODER 0
-%define CONFIG_XL_DECODER 0
-%define CONFIG_XWD_DECODER 0
-%define CONFIG_Y41P_DECODER 0
-%define CONFIG_YLC_DECODER 0
-%define CONFIG_YOP_DECODER 0
-%define CONFIG_YUV4_DECODER 0
-%define CONFIG_ZERO12V_DECODER 0
-%define CONFIG_ZEROCODEC_DECODER 0
-%define CONFIG_ZLIB_DECODER 0
-%define CONFIG_ZMBV_DECODER 0
-%define CONFIG_AAC_DECODER 0
-%define CONFIG_AAC_FIXED_DECODER 0
-%define CONFIG_AAC_LATM_DECODER 0
-%define CONFIG_AC3_DECODER 0
-%define CONFIG_AC3_FIXED_DECODER 0
-%define CONFIG_ALAC_DECODER 0
-%define CONFIG_ALS_DECODER 0
-%define CONFIG_AMRNB_DECODER 0
-%define CONFIG_AMRWB_DECODER 0
-%define CONFIG_APE_DECODER 0
-%define CONFIG_ATRAC1_DECODER 0
-%define CONFIG_ATRAC3_DECODER 0
-%define CONFIG_ATRAC3P_DECODER 0
-%define CONFIG_BINKAUDIO_DCT_DECODER 0
-%define CONFIG_BINKAUDIO_RDFT_DECODER 0
-%define CONFIG_BMV_AUDIO_DECODER 0
-%define CONFIG_COOK_DECODER 0
-%define CONFIG_DCA_DECODER 0
-%define CONFIG_DSD_LSBF_DECODER 0
-%define CONFIG_DSD_MSBF_DECODER 0
-%define CONFIG_DSD_LSBF_PLANAR_DECODER 0
-%define CONFIG_DSD_MSBF_PLANAR_DECODER 0
-%define CONFIG_DSICINAUDIO_DECODER 0
-%define CONFIG_DSS_SP_DECODER 0
-%define CONFIG_DST_DECODER 0
-%define CONFIG_EAC3_DECODER 0
-%define CONFIG_EVRC_DECODER 0
-%define CONFIG_FFWAVESYNTH_DECODER 0
 %define CONFIG_FLAC_DECODER 1
-%define CONFIG_G723_1_DECODER 0
-%define CONFIG_G729_DECODER 0
-%define CONFIG_GSM_DECODER 0
-%define CONFIG_GSM_MS_DECODER 0
-%define CONFIG_IAC_DECODER 0
-%define CONFIG_IMC_DECODER 0
-%define CONFIG_INTERPLAY_ACM_DECODER 0
-%define CONFIG_MACE3_DECODER 0
-%define CONFIG_MACE6_DECODER 0
-%define CONFIG_METASOUND_DECODER 0
-%define CONFIG_MLP_DECODER 0
-%define CONFIG_MP1_DECODER 0
-%define CONFIG_MP1FLOAT_DECODER 0
-%define CONFIG_MP2_DECODER 0
-%define CONFIG_MP2FLOAT_DECODER 0
-%define CONFIG_MP3_DECODER 0
-%define CONFIG_MP3FLOAT_DECODER 0
-%define CONFIG_MP3ADU_DECODER 0
-%define CONFIG_MP3ADUFLOAT_DECODER 0
-%define CONFIG_MP3ON4_DECODER 0
-%define CONFIG_MP3ON4FLOAT_DECODER 0
-%define CONFIG_MPC7_DECODER 0
-%define CONFIG_MPC8_DECODER 0
-%define CONFIG_NELLYMOSER_DECODER 0
-%define CONFIG_ON2AVC_DECODER 0
-%define CONFIG_OPUS_DECODER 0
-%define CONFIG_PAF_AUDIO_DECODER 0
-%define CONFIG_QCELP_DECODER 0
-%define CONFIG_QDM2_DECODER 0
-%define CONFIG_RA_144_DECODER 0
-%define CONFIG_RA_288_DECODER 0
-%define CONFIG_RALF_DECODER 0
-%define CONFIG_SHORTEN_DECODER 0
-%define CONFIG_SIPR_DECODER 0
-%define CONFIG_SMACKAUD_DECODER 0
-%define CONFIG_SONIC_DECODER 0
-%define CONFIG_TAK_DECODER 0
-%define CONFIG_TRUEHD_DECODER 0
-%define CONFIG_TRUESPEECH_DECODER 0
-%define CONFIG_TTA_DECODER 0
-%define CONFIG_TWINVQ_DECODER 0
-%define CONFIG_VMDAUDIO_DECODER 0
-%define CONFIG_VORBIS_DECODER 0
-%define CONFIG_WAVPACK_DECODER 0
-%define CONFIG_WMALOSSLESS_DECODER 0
-%define CONFIG_WMAPRO_DECODER 0
-%define CONFIG_WMAV1_DECODER 0
-%define CONFIG_WMAV2_DECODER 0
-%define CONFIG_WMAVOICE_DECODER 0
-%define CONFIG_WS_SND1_DECODER 0
-%define CONFIG_XMA1_DECODER 0
-%define CONFIG_XMA2_DECODER 0
-%define CONFIG_PCM_ALAW_DECODER 0
-%define CONFIG_PCM_BLURAY_DECODER 0
-%define CONFIG_PCM_DVD_DECODER 0
-%define CONFIG_PCM_F32BE_DECODER 0
-%define CONFIG_PCM_F32LE_DECODER 0
-%define CONFIG_PCM_F64BE_DECODER 0
-%define CONFIG_PCM_F64LE_DECODER 0
-%define CONFIG_PCM_LXF_DECODER 0
-%define CONFIG_PCM_MULAW_DECODER 0
-%define CONFIG_PCM_S8_DECODER 0
-%define CONFIG_PCM_S8_PLANAR_DECODER 0
-%define CONFIG_PCM_S16BE_DECODER 0
-%define CONFIG_PCM_S16BE_PLANAR_DECODER 0
-%define CONFIG_PCM_S16LE_DECODER 0
-%define CONFIG_PCM_S16LE_PLANAR_DECODER 0
-%define CONFIG_PCM_S24BE_DECODER 0
-%define CONFIG_PCM_S24DAUD_DECODER 0
-%define CONFIG_PCM_S24LE_DECODER 0
-%define CONFIG_PCM_S24LE_PLANAR_DECODER 0
-%define CONFIG_PCM_S32BE_DECODER 0
-%define CONFIG_PCM_S32LE_DECODER 0
-%define CONFIG_PCM_S32LE_PLANAR_DECODER 0
-%define CONFIG_PCM_S64BE_DECODER 0
-%define CONFIG_PCM_S64LE_DECODER 0
-%define CONFIG_PCM_U8_DECODER 0
-%define CONFIG_PCM_U16BE_DECODER 0
-%define CONFIG_PCM_U16LE_DECODER 0
-%define CONFIG_PCM_U24BE_DECODER 0
-%define CONFIG_PCM_U24LE_DECODER 0
-%define CONFIG_PCM_U32BE_DECODER 0
-%define CONFIG_PCM_U32LE_DECODER 0
-%define CONFIG_PCM_ZORK_DECODER 0
-%define CONFIG_INTERPLAY_DPCM_DECODER 0
-%define CONFIG_ROQ_DPCM_DECODER 0
-%define CONFIG_SOL_DPCM_DECODER 0
-%define CONFIG_XAN_DPCM_DECODER 0
-%define CONFIG_ADPCM_4XM_DECODER 0
-%define CONFIG_ADPCM_ADX_DECODER 0
-%define CONFIG_ADPCM_AFC_DECODER 0
-%define CONFIG_ADPCM_AICA_DECODER 0
-%define CONFIG_ADPCM_CT_DECODER 0
-%define CONFIG_ADPCM_DTK_DECODER 0
-%define CONFIG_ADPCM_EA_DECODER 0
-%define CONFIG_ADPCM_EA_MAXIS_XA_DECODER 0
-%define CONFIG_ADPCM_EA_R1_DECODER 0
-%define CONFIG_ADPCM_EA_R2_DECODER 0
-%define CONFIG_ADPCM_EA_R3_DECODER 0
-%define CONFIG_ADPCM_EA_XAS_DECODER 0
-%define CONFIG_ADPCM_G722_DECODER 0
-%define CONFIG_ADPCM_G726_DECODER 0
-%define CONFIG_ADPCM_G726LE_DECODER 0
-%define CONFIG_ADPCM_IMA_AMV_DECODER 0
-%define CONFIG_ADPCM_IMA_APC_DECODER 0
-%define CONFIG_ADPCM_IMA_DAT4_DECODER 0
-%define CONFIG_ADPCM_IMA_DK3_DECODER 0
-%define CONFIG_ADPCM_IMA_DK4_DECODER 0
-%define CONFIG_ADPCM_IMA_EA_EACS_DECODER 0
-%define CONFIG_ADPCM_IMA_EA_SEAD_DECODER 0
-%define CONFIG_ADPCM_IMA_ISS_DECODER 0
-%define CONFIG_ADPCM_IMA_OKI_DECODER 0
-%define CONFIG_ADPCM_IMA_QT_DECODER 0
-%define CONFIG_ADPCM_IMA_RAD_DECODER 0
-%define CONFIG_ADPCM_IMA_SMJPEG_DECODER 0
-%define CONFIG_ADPCM_IMA_WAV_DECODER 0
-%define CONFIG_ADPCM_IMA_WS_DECODER 0
-%define CONFIG_ADPCM_MS_DECODER 0
-%define CONFIG_ADPCM_MTAF_DECODER 0
-%define CONFIG_ADPCM_PSX_DECODER 0
-%define CONFIG_ADPCM_SBPRO_2_DECODER 0
-%define CONFIG_ADPCM_SBPRO_3_DECODER 0
-%define CONFIG_ADPCM_SBPRO_4_DECODER 0
-%define CONFIG_ADPCM_SWF_DECODER 0
-%define CONFIG_ADPCM_THP_DECODER 0
-%define CONFIG_ADPCM_THP_LE_DECODER 0
-%define CONFIG_ADPCM_VIMA_DECODER 0
-%define CONFIG_ADPCM_XA_DECODER 0
-%define CONFIG_ADPCM_YAMAHA_DECODER 0
-%define CONFIG_SSA_DECODER 0
-%define CONFIG_ASS_DECODER 0
-%define CONFIG_CCAPTION_DECODER 0
-%define CONFIG_DVBSUB_DECODER 0
-%define CONFIG_DVDSUB_DECODER 0
-%define CONFIG_JACOSUB_DECODER 0
-%define CONFIG_MICRODVD_DECODER 0
-%define CONFIG_MOVTEXT_DECODER 0
-%define CONFIG_MPL2_DECODER 0
-%define CONFIG_PGSSUB_DECODER 0
-%define CONFIG_PJS_DECODER 0
-%define CONFIG_REALTEXT_DECODER 0
-%define CONFIG_SAMI_DECODER 0
-%define CONFIG_SRT_DECODER 0
-%define CONFIG_STL_DECODER 0
-%define CONFIG_SUBRIP_DECODER 0
-%define CONFIG_SUBVIEWER_DECODER 0
-%define CONFIG_SUBVIEWER1_DECODER 0
-%define CONFIG_TEXT_DECODER 0
-%define CONFIG_VPLAYER_DECODER 0
-%define CONFIG_WEBVTT_DECODER 0
-%define CONFIG_XSUB_DECODER 0
-%define CONFIG_AAC_AT_DECODER 0
-%define CONFIG_AC3_AT_DECODER 0
-%define CONFIG_ADPCM_IMA_QT_AT_DECODER 0
-%define CONFIG_ALAC_AT_DECODER 0
-%define CONFIG_AMR_NB_AT_DECODER 0
-%define CONFIG_EAC3_AT_DECODER 0
-%define CONFIG_GSM_MS_AT_DECODER 0
-%define CONFIG_ILBC_AT_DECODER 0
-%define CONFIG_MP1_AT_DECODER 0
-%define CONFIG_MP2_AT_DECODER 0
-%define CONFIG_MP3_AT_DECODER 0
-%define CONFIG_PCM_ALAW_AT_DECODER 0
-%define CONFIG_PCM_MULAW_AT_DECODER 0
-%define CONFIG_QDMC_AT_DECODER 0
-%define CONFIG_QDM2_AT_DECODER 0
-%define CONFIG_LIBCELT_DECODER 0
-%define CONFIG_LIBFDK_AAC_DECODER 0
-%define CONFIG_LIBGSM_DECODER 0
-%define CONFIG_LIBGSM_MS_DECODER 0
-%define CONFIG_LIBILBC_DECODER 0
-%define CONFIG_LIBOPENCORE_AMRNB_DECODER 0
-%define CONFIG_LIBOPENCORE_AMRWB_DECODER 0
-%define CONFIG_LIBOPENJPEG_DECODER 0
-%define CONFIG_LIBOPUS_DECODER 0
-%define CONFIG_LIBSCHROEDINGER_DECODER 0
-%define CONFIG_LIBSPEEX_DECODER 0
-%define CONFIG_LIBVORBIS_DECODER 0
-%define CONFIG_LIBVPX_VP8_DECODER 0
-%define CONFIG_LIBVPX_VP9_DECODER 0
-%define CONFIG_LIBZVBI_TELETEXT_DECODER 0
-%define CONFIG_BINTEXT_DECODER 0
-%define CONFIG_XBIN_DECODER 0
-%define CONFIG_IDF_DECODER 0
-%define CONFIG_LIBOPENH264_DECODER 0
-%define CONFIG_H263_CUVID_DECODER 0
-%define CONFIG_H264_CUVID_DECODER 0
-%define CONFIG_HEVC_CUVID_DECODER 0
-%define CONFIG_HEVC_MEDIACODEC_DECODER 0
-%define CONFIG_MJPEG_CUVID_DECODER 0
-%define CONFIG_MPEG1_CUVID_DECODER 0
-%define CONFIG_MPEG2_CUVID_DECODER 0
-%define CONFIG_MPEG4_CUVID_DECODER 0
-%define CONFIG_MPEG4_MEDIACODEC_DECODER 0
-%define CONFIG_VC1_CUVID_DECODER 0
-%define CONFIG_VP8_CUVID_DECODER 0
-%define CONFIG_VP8_MEDIACODEC_DECODER 0
-%define CONFIG_VP9_CUVID_DECODER 0
-%define CONFIG_VP9_MEDIACODEC_DECODER 0
-%define CONFIG_AA_DEMUXER 0
-%define CONFIG_AAC_DEMUXER 0
-%define CONFIG_AC3_DEMUXER 0
-%define CONFIG_ACM_DEMUXER 0
-%define CONFIG_ACT_DEMUXER 0
-%define CONFIG_ADF_DEMUXER 0
-%define CONFIG_ADP_DEMUXER 0
-%define CONFIG_ADS_DEMUXER 0
-%define CONFIG_ADX_DEMUXER 0
-%define CONFIG_AEA_DEMUXER 0
-%define CONFIG_AFC_DEMUXER 0
-%define CONFIG_AIFF_DEMUXER 0
-%define CONFIG_AIX_DEMUXER 0
-%define CONFIG_AMR_DEMUXER 0
-%define CONFIG_ANM_DEMUXER 0
-%define CONFIG_APC_DEMUXER 0
-%define CONFIG_APE_DEMUXER 0
-%define CONFIG_APNG_DEMUXER 0
-%define CONFIG_AQTITLE_DEMUXER 0
-%define CONFIG_ASF_DEMUXER 0
-%define CONFIG_ASF_O_DEMUXER 0
-%define CONFIG_ASS_DEMUXER 0
-%define CONFIG_AST_DEMUXER 0
-%define CONFIG_AU_DEMUXER 0
-%define CONFIG_AVI_DEMUXER 0
-%define CONFIG_AVISYNTH_DEMUXER 0
-%define CONFIG_AVR_DEMUXER 0
-%define CONFIG_AVS_DEMUXER 0
-%define CONFIG_BETHSOFTVID_DEMUXER 0
-%define CONFIG_BFI_DEMUXER 0
-%define CONFIG_BINTEXT_DEMUXER 0
-%define CONFIG_BINK_DEMUXER 0
-%define CONFIG_BIT_DEMUXER 0
-%define CONFIG_BMV_DEMUXER 0
-%define CONFIG_BFSTM_DEMUXER 0
-%define CONFIG_BRSTM_DEMUXER 0
-%define CONFIG_BOA_DEMUXER 0
-%define CONFIG_C93_DEMUXER 0
-%define CONFIG_CAF_DEMUXER 0
-%define CONFIG_CAVSVIDEO_DEMUXER 0
-%define CONFIG_CDG_DEMUXER 0
-%define CONFIG_CDXL_DEMUXER 0
-%define CONFIG_CINE_DEMUXER 0
-%define CONFIG_CONCAT_DEMUXER 0
-%define CONFIG_DATA_DEMUXER 0
-%define CONFIG_DAUD_DEMUXER 0
-%define CONFIG_DCSTR_DEMUXER 0
-%define CONFIG_DFA_DEMUXER 0
-%define CONFIG_DIRAC_DEMUXER 0
-%define CONFIG_DNXHD_DEMUXER 0
-%define CONFIG_DSF_DEMUXER 0
-%define CONFIG_DSICIN_DEMUXER 0
-%define CONFIG_DSS_DEMUXER 0
-%define CONFIG_DTS_DEMUXER 0
-%define CONFIG_DTSHD_DEMUXER 0
-%define CONFIG_DV_DEMUXER 0
-%define CONFIG_DVBSUB_DEMUXER 0
-%define CONFIG_DVBTXT_DEMUXER 0
-%define CONFIG_DXA_DEMUXER 0
-%define CONFIG_EA_DEMUXER 0
-%define CONFIG_EA_CDATA_DEMUXER 0
-%define CONFIG_EAC3_DEMUXER 0
-%define CONFIG_EPAF_DEMUXER 0
-%define CONFIG_FFM_DEMUXER 0
-%define CONFIG_FFMETADATA_DEMUXER 0
-%define CONFIG_FILMSTRIP_DEMUXER 0
-%define CONFIG_FLAC_DEMUXER 0
-%define CONFIG_FLIC_DEMUXER 0
-%define CONFIG_FLV_DEMUXER 0
-%define CONFIG_LIVE_FLV_DEMUXER 0
-%define CONFIG_FOURXM_DEMUXER 0
-%define CONFIG_FRM_DEMUXER 0
-%define CONFIG_FSB_DEMUXER 0
-%define CONFIG_G722_DEMUXER 0
-%define CONFIG_G723_1_DEMUXER 0
-%define CONFIG_G729_DEMUXER 0
-%define CONFIG_GENH_DEMUXER 0
-%define CONFIG_GIF_DEMUXER 0
-%define CONFIG_GSM_DEMUXER 0
-%define CONFIG_GXF_DEMUXER 0
-%define CONFIG_H261_DEMUXER 0
-%define CONFIG_H263_DEMUXER 0
-%define CONFIG_H264_DEMUXER 0
-%define CONFIG_HEVC_DEMUXER 0
-%define CONFIG_HLS_DEMUXER 0
-%define CONFIG_HNM_DEMUXER 0
-%define CONFIG_ICO_DEMUXER 0
-%define CONFIG_IDCIN_DEMUXER 0
-%define CONFIG_IDF_DEMUXER 0
-%define CONFIG_IFF_DEMUXER 0
-%define CONFIG_ILBC_DEMUXER 0
-%define CONFIG_IMAGE2_DEMUXER 0
-%define CONFIG_IMAGE2PIPE_DEMUXER 0
-%define CONFIG_IMAGE2_ALIAS_PIX_DEMUXER 0
-%define CONFIG_IMAGE2_BRENDER_PIX_DEMUXER 0
-%define CONFIG_INGENIENT_DEMUXER 0
-%define CONFIG_IPMOVIE_DEMUXER 0
-%define CONFIG_IRCAM_DEMUXER 0
-%define CONFIG_ISS_DEMUXER 0
-%define CONFIG_IV8_DEMUXER 0
-%define CONFIG_IVF_DEMUXER 0
-%define CONFIG_IVR_DEMUXER 0
-%define CONFIG_JACOSUB_DEMUXER 0
-%define CONFIG_JV_DEMUXER 0
-%define CONFIG_LMLM4_DEMUXER 0
-%define CONFIG_LOAS_DEMUXER 0
-%define CONFIG_LRC_DEMUXER 0
-%define CONFIG_LVF_DEMUXER 0
-%define CONFIG_LXF_DEMUXER 0
-%define CONFIG_M4V_DEMUXER 0
-%define CONFIG_MATROSKA_DEMUXER 0
-%define CONFIG_MGSTS_DEMUXER 0
-%define CONFIG_MICRODVD_DEMUXER 0
-%define CONFIG_MJPEG_DEMUXER 0
-%define CONFIG_MLP_DEMUXER 0
-%define CONFIG_MLV_DEMUXER 0
-%define CONFIG_MM_DEMUXER 0
-%define CONFIG_MMF_DEMUXER 0
-%define CONFIG_MOV_DEMUXER 0
-%define CONFIG_MP3_DEMUXER 0
-%define CONFIG_MPC_DEMUXER 0
-%define CONFIG_MPC8_DEMUXER 0
-%define CONFIG_MPEGPS_DEMUXER 0
-%define CONFIG_MPEGTS_DEMUXER 0
-%define CONFIG_MPEGTSRAW_DEMUXER 0
-%define CONFIG_MPEGVIDEO_DEMUXER 0
-%define CONFIG_MPJPEG_DEMUXER 0
-%define CONFIG_MPL2_DEMUXER 0
-%define CONFIG_MPSUB_DEMUXER 0
-%define CONFIG_MSF_DEMUXER 0
-%define CONFIG_MSNWC_TCP_DEMUXER 0
-%define CONFIG_MTAF_DEMUXER 0
-%define CONFIG_MTV_DEMUXER 0
-%define CONFIG_MUSX_DEMUXER 0
-%define CONFIG_MV_DEMUXER 0
-%define CONFIG_MVI_DEMUXER 0
-%define CONFIG_MXF_DEMUXER 0
-%define CONFIG_MXG_DEMUXER 0
-%define CONFIG_NC_DEMUXER 0
-%define CONFIG_NISTSPHERE_DEMUXER 0
-%define CONFIG_NSV_DEMUXER 0
-%define CONFIG_NUT_DEMUXER 0
-%define CONFIG_NUV_DEMUXER 0
-%define CONFIG_OGG_DEMUXER 0
-%define CONFIG_OMA_DEMUXER 0
-%define CONFIG_PAF_DEMUXER 0
-%define CONFIG_PCM_ALAW_DEMUXER 0
-%define CONFIG_PCM_MULAW_DEMUXER 0
-%define CONFIG_PCM_F64BE_DEMUXER 0
-%define CONFIG_PCM_F64LE_DEMUXER 0
-%define CONFIG_PCM_F32BE_DEMUXER 0
-%define CONFIG_PCM_F32LE_DEMUXER 0
-%define CONFIG_PCM_S32BE_DEMUXER 0
-%define CONFIG_PCM_S32LE_DEMUXER 0
-%define CONFIG_PCM_S24BE_DEMUXER 0
-%define CONFIG_PCM_S24LE_DEMUXER 0
-%define CONFIG_PCM_S16BE_DEMUXER 0
-%define CONFIG_PCM_S16LE_DEMUXER 0
-%define CONFIG_PCM_S8_DEMUXER 0
-%define CONFIG_PCM_U32BE_DEMUXER 0
-%define CONFIG_PCM_U32LE_DEMUXER 0
-%define CONFIG_PCM_U24BE_DEMUXER 0
-%define CONFIG_PCM_U24LE_DEMUXER 0
-%define CONFIG_PCM_U16BE_DEMUXER 0
-%define CONFIG_PCM_U16LE_DEMUXER 0
-%define CONFIG_PCM_U8_DEMUXER 0
-%define CONFIG_PJS_DEMUXER 0
-%define CONFIG_PMP_DEMUXER 0
-%define CONFIG_PVA_DEMUXER 0
-%define CONFIG_PVF_DEMUXER 0
-%define CONFIG_QCP_DEMUXER 0
-%define CONFIG_R3D_DEMUXER 0
-%define CONFIG_RAWVIDEO_DEMUXER 0
-%define CONFIG_REALTEXT_DEMUXER 0
-%define CONFIG_REDSPARK_DEMUXER 0
-%define CONFIG_RL2_DEMUXER 0
-%define CONFIG_RM_DEMUXER 0
-%define CONFIG_ROQ_DEMUXER 0
-%define CONFIG_RPL_DEMUXER 0
-%define CONFIG_RSD_DEMUXER 0
-%define CONFIG_RSO_DEMUXER 0
-%define CONFIG_RTP_DEMUXER 0
-%define CONFIG_RTSP_DEMUXER 0
-%define CONFIG_SAMI_DEMUXER 0
-%define CONFIG_SAP_DEMUXER 0
-%define CONFIG_SBG_DEMUXER 0
-%define CONFIG_SDP_DEMUXER 0
-%define CONFIG_SDR2_DEMUXER 0
-%define CONFIG_SEGAFILM_DEMUXER 0
-%define CONFIG_SHORTEN_DEMUXER 0
-%define CONFIG_SIFF_DEMUXER 0
-%define CONFIG_SLN_DEMUXER 0
-%define CONFIG_SMACKER_DEMUXER 0
-%define CONFIG_SMJPEG_DEMUXER 0
-%define CONFIG_SMUSH_DEMUXER 0
-%define CONFIG_SOL_DEMUXER 0
-%define CONFIG_SOX_DEMUXER 0
-%define CONFIG_SPDIF_DEMUXER 0
-%define CONFIG_SRT_DEMUXER 0
-%define CONFIG_STR_DEMUXER 0
-%define CONFIG_STL_DEMUXER 0
-%define CONFIG_SUBVIEWER1_DEMUXER 0
-%define CONFIG_SUBVIEWER_DEMUXER 0
-%define CONFIG_SUP_DEMUXER 0
-%define CONFIG_SVAG_DEMUXER 0
-%define CONFIG_SWF_DEMUXER 0
-%define CONFIG_TAK_DEMUXER 0
-%define CONFIG_TEDCAPTIONS_DEMUXER 0
-%define CONFIG_THP_DEMUXER 0
-%define CONFIG_THREEDOSTR_DEMUXER 0
-%define CONFIG_TIERTEXSEQ_DEMUXER 0
-%define CONFIG_TMV_DEMUXER 0
-%define CONFIG_TRUEHD_DEMUXER 0
-%define CONFIG_TTA_DEMUXER 0
-%define CONFIG_TXD_DEMUXER 0
-%define CONFIG_TTY_DEMUXER 0
-%define CONFIG_V210_DEMUXER 0
-%define CONFIG_V210X_DEMUXER 0
-%define CONFIG_VAG_DEMUXER 0
-%define CONFIG_VC1_DEMUXER 0
-%define CONFIG_VC1T_DEMUXER 0
-%define CONFIG_VIVO_DEMUXER 0
-%define CONFIG_VMD_DEMUXER 0
-%define CONFIG_VOBSUB_DEMUXER 0
-%define CONFIG_VOC_DEMUXER 0
-%define CONFIG_VPK_DEMUXER 0
-%define CONFIG_VPLAYER_DEMUXER 0
-%define CONFIG_VQF_DEMUXER 0
-%define CONFIG_W64_DEMUXER 0
-%define CONFIG_WAV_DEMUXER 0
-%define CONFIG_WC3_DEMUXER 0
-%define CONFIG_WEBM_DASH_MANIFEST_DEMUXER 0
-%define CONFIG_WEBVTT_DEMUXER 0
-%define CONFIG_WSAUD_DEMUXER 0
-%define CONFIG_WSD_DEMUXER 0
-%define CONFIG_WSVQA_DEMUXER 0
-%define CONFIG_WTV_DEMUXER 0
-%define CONFIG_WVE_DEMUXER 0
-%define CONFIG_WV_DEMUXER 0
-%define CONFIG_XA_DEMUXER 0
-%define CONFIG_XBIN_DEMUXER 0
-%define CONFIG_XMV_DEMUXER 0
-%define CONFIG_XVAG_DEMUXER 0
-%define CONFIG_XWMA_DEMUXER 0
-%define CONFIG_YOP_DEMUXER 0
-%define CONFIG_YUV4MPEGPIPE_DEMUXER 0
-%define CONFIG_IMAGE_BMP_PIPE_DEMUXER 0
-%define CONFIG_IMAGE_DDS_PIPE_DEMUXER 0
-%define CONFIG_IMAGE_DPX_PIPE_DEMUXER 0
-%define CONFIG_IMAGE_EXR_PIPE_DEMUXER 0
-%define CONFIG_IMAGE_J2K_PIPE_DEMUXER 0
-%define CONFIG_IMAGE_JPEG_PIPE_DEMUXER 0
-%define CONFIG_IMAGE_JPEGLS_PIPE_DEMUXER 0
-%define CONFIG_IMAGE_PAM_PIPE_DEMUXER 0
-%define CONFIG_IMAGE_PBM_PIPE_DEMUXER 0
-%define CONFIG_IMAGE_PCX_PIPE_DEMUXER 0
-%define CONFIG_IMAGE_PGMYUV_PIPE_DEMUXER 0
-%define CONFIG_IMAGE_PGM_PIPE_DEMUXER 0
-%define CONFIG_IMAGE_PICTOR_PIPE_DEMUXER 0
-%define CONFIG_IMAGE_PNG_PIPE_DEMUXER 0
-%define CONFIG_IMAGE_PPM_PIPE_DEMUXER 0
-%define CONFIG_IMAGE_QDRAW_PIPE_DEMUXER 0
-%define CONFIG_IMAGE_SGI_PIPE_DEMUXER 0
-%define CONFIG_IMAGE_SUNRAST_PIPE_DEMUXER 0
-%define CONFIG_IMAGE_TIFF_PIPE_DEMUXER 0
-%define CONFIG_IMAGE_WEBP_PIPE_DEMUXER 0
-%define CONFIG_LIBGME_DEMUXER 0
-%define CONFIG_LIBMODPLUG_DEMUXER 0
-%define CONFIG_LIBNUT_DEMUXER 0
-%define CONFIG_LIBOPENMPT_DEMUXER 0
-%define CONFIG_A64MULTI_ENCODER 0
-%define CONFIG_A64MULTI5_ENCODER 0
-%define CONFIG_ALIAS_PIX_ENCODER 0
-%define CONFIG_AMV_ENCODER 0
-%define CONFIG_APNG_ENCODER 0
-%define CONFIG_ASV1_ENCODER 0
-%define CONFIG_ASV2_ENCODER 0
-%define CONFIG_AVRP_ENCODER 0
-%define CONFIG_AVUI_ENCODER 0
-%define CONFIG_AYUV_ENCODER 0
-%define CONFIG_BMP_ENCODER 0
-%define CONFIG_CINEPAK_ENCODER 0
-%define CONFIG_CLJR_ENCODER 0
-%define CONFIG_COMFORTNOISE_ENCODER 0
-%define CONFIG_DNXHD_ENCODER 0
-%define CONFIG_DPX_ENCODER 0
-%define CONFIG_DVVIDEO_ENCODER 0
-%define CONFIG_FFV1_ENCODER 0
-%define CONFIG_FFVHUFF_ENCODER 0
-%define CONFIG_FLASHSV_ENCODER 0
-%define CONFIG_FLASHSV2_ENCODER 0
-%define CONFIG_FLV_ENCODER 0
-%define CONFIG_GIF_ENCODER 0
-%define CONFIG_H261_ENCODER 0
-%define CONFIG_H263_ENCODER 0
-%define CONFIG_H263P_ENCODER 0
-%define CONFIG_HAP_ENCODER 0
-%define CONFIG_HUFFYUV_ENCODER 0
-%define CONFIG_JPEG2000_ENCODER 0
-%define CONFIG_JPEGLS_ENCODER 0
-%define CONFIG_LJPEG_ENCODER 0
-%define CONFIG_MJPEG_ENCODER 0
-%define CONFIG_MPEG1VIDEO_ENCODER 0
-%define CONFIG_MPEG2VIDEO_ENCODER 0
-%define CONFIG_MPEG4_ENCODER 0
-%define CONFIG_MSMPEG4V2_ENCODER 0
-%define CONFIG_MSMPEG4V3_ENCODER 0
-%define CONFIG_MSVIDEO1_ENCODER 0
-%define CONFIG_PAM_ENCODER 0
-%define CONFIG_PBM_ENCODER 0
-%define CONFIG_PCX_ENCODER 0
-%define CONFIG_PGM_ENCODER 0
-%define CONFIG_PGMYUV_ENCODER 0
-%define CONFIG_PNG_ENCODER 0
-%define CONFIG_PPM_ENCODER 0
-%define CONFIG_PRORES_ENCODER 0
-%define CONFIG_PRORES_AW_ENCODER 0
-%define CONFIG_PRORES_KS_ENCODER 0
-%define CONFIG_QTRLE_ENCODER 0
-%define CONFIG_R10K_ENCODER 0
-%define CONFIG_R210_ENCODER 0
-%define CONFIG_RAWVIDEO_ENCODER 0
-%define CONFIG_ROQ_ENCODER 0
-%define CONFIG_RV10_ENCODER 0
-%define CONFIG_RV20_ENCODER 0
-%define CONFIG_S302M_ENCODER 0
-%define CONFIG_SGI_ENCODER 0
-%define CONFIG_SNOW_ENCODER 0
-%define CONFIG_SUNRAST_ENCODER 0
-%define CONFIG_SVQ1_ENCODER 0
-%define CONFIG_TARGA_ENCODER 0
-%define CONFIG_TIFF_ENCODER 0
-%define CONFIG_UTVIDEO_ENCODER 0
-%define CONFIG_V210_ENCODER 0
-%define CONFIG_V308_ENCODER 0
-%define CONFIG_V408_ENCODER 0
-%define CONFIG_V410_ENCODER 0
-%define CONFIG_VC2_ENCODER 0
-%define CONFIG_WRAPPED_AVFRAME_ENCODER 0
-%define CONFIG_WMV1_ENCODER 0
-%define CONFIG_WMV2_ENCODER 0
-%define CONFIG_XBM_ENCODER 0
-%define CONFIG_XFACE_ENCODER 0
-%define CONFIG_XWD_ENCODER 0
-%define CONFIG_Y41P_ENCODER 0
-%define CONFIG_YUV4_ENCODER 0
-%define CONFIG_ZLIB_ENCODER 0
-%define CONFIG_ZMBV_ENCODER 0
-%define CONFIG_AAC_ENCODER 0
-%define CONFIG_AC3_ENCODER 0
-%define CONFIG_AC3_FIXED_ENCODER 0
-%define CONFIG_ALAC_ENCODER 0
-%define CONFIG_DCA_ENCODER 0
-%define CONFIG_EAC3_ENCODER 0
-%define CONFIG_FLAC_ENCODER 0
-%define CONFIG_G723_1_ENCODER 0
-%define CONFIG_MLP_ENCODER 0
-%define CONFIG_MP2_ENCODER 0
-%define CONFIG_MP2FIXED_ENCODER 0
-%define CONFIG_NELLYMOSER_ENCODER 0
-%define CONFIG_RA_144_ENCODER 0
-%define CONFIG_SONIC_ENCODER 0
-%define CONFIG_SONIC_LS_ENCODER 0
-%define CONFIG_TRUEHD_ENCODER 0
-%define CONFIG_TTA_ENCODER 0
-%define CONFIG_VORBIS_ENCODER 0
-%define CONFIG_WAVPACK_ENCODER 0
-%define CONFIG_WMAV1_ENCODER 0
-%define CONFIG_WMAV2_ENCODER 0
-%define CONFIG_PCM_ALAW_ENCODER 0
-%define CONFIG_PCM_F32BE_ENCODER 0
-%define CONFIG_PCM_F32LE_ENCODER 0
-%define CONFIG_PCM_F64BE_ENCODER 0
-%define CONFIG_PCM_F64LE_ENCODER 0
-%define CONFIG_PCM_MULAW_ENCODER 0
-%define CONFIG_PCM_S8_ENCODER 0
-%define CONFIG_PCM_S8_PLANAR_ENCODER 0
-%define CONFIG_PCM_S16BE_ENCODER 0
-%define CONFIG_PCM_S16BE_PLANAR_ENCODER 0
-%define CONFIG_PCM_S16LE_ENCODER 0
-%define CONFIG_PCM_S16LE_PLANAR_ENCODER 0
-%define CONFIG_PCM_S24BE_ENCODER 0
-%define CONFIG_PCM_S24DAUD_ENCODER 0
-%define CONFIG_PCM_S24LE_ENCODER 0
-%define CONFIG_PCM_S24LE_PLANAR_ENCODER 0
-%define CONFIG_PCM_S32BE_ENCODER 0
-%define CONFIG_PCM_S32LE_ENCODER 0
-%define CONFIG_PCM_S32LE_PLANAR_ENCODER 0
-%define CONFIG_PCM_S64BE_ENCODER 0
-%define CONFIG_PCM_S64LE_ENCODER 0
-%define CONFIG_PCM_U8_ENCODER 0
-%define CONFIG_PCM_U16BE_ENCODER 0
-%define CONFIG_PCM_U16LE_ENCODER 0
-%define CONFIG_PCM_U24BE_ENCODER 0
-%define CONFIG_PCM_U24LE_ENCODER 0
-%define CONFIG_PCM_U32BE_ENCODER 0
-%define CONFIG_PCM_U32LE_ENCODER 0
-%define CONFIG_ROQ_DPCM_ENCODER 0
-%define CONFIG_ADPCM_ADX_ENCODER 0
-%define CONFIG_ADPCM_G722_ENCODER 0
-%define CONFIG_ADPCM_G726_ENCODER 0
-%define CONFIG_ADPCM_IMA_QT_ENCODER 0
-%define CONFIG_ADPCM_IMA_WAV_ENCODER 0
-%define CONFIG_ADPCM_MS_ENCODER 0
-%define CONFIG_ADPCM_SWF_ENCODER 0
-%define CONFIG_ADPCM_YAMAHA_ENCODER 0
-%define CONFIG_SSA_ENCODER 0
-%define CONFIG_ASS_ENCODER 0
-%define CONFIG_DVBSUB_ENCODER 0
-%define CONFIG_DVDSUB_ENCODER 0
-%define CONFIG_MOVTEXT_ENCODER 0
-%define CONFIG_SRT_ENCODER 0
-%define CONFIG_SUBRIP_ENCODER 0
-%define CONFIG_TEXT_ENCODER 0
-%define CONFIG_WEBVTT_ENCODER 0
-%define CONFIG_XSUB_ENCODER 0
-%define CONFIG_AAC_AT_ENCODER 0
-%define CONFIG_ALAC_AT_ENCODER 0
-%define CONFIG_ILBC_AT_ENCODER 0
-%define CONFIG_PCM_ALAW_AT_ENCODER 0
-%define CONFIG_PCM_MULAW_AT_ENCODER 0
-%define CONFIG_LIBFDK_AAC_ENCODER 0
-%define CONFIG_LIBGSM_ENCODER 0
-%define CONFIG_LIBGSM_MS_ENCODER 0
-%define CONFIG_LIBILBC_ENCODER 0
-%define CONFIG_LIBMP3LAME_ENCODER 0
-%define CONFIG_LIBOPENCORE_AMRNB_ENCODER 0
-%define CONFIG_LIBOPENJPEG_ENCODER 0
-%define CONFIG_LIBOPUS_ENCODER 0
-%define CONFIG_LIBSCHROEDINGER_ENCODER 0
-%define CONFIG_LIBSHINE_ENCODER 0
-%define CONFIG_LIBSPEEX_ENCODER 0
-%define CONFIG_LIBTHEORA_ENCODER 0
-%define CONFIG_LIBTWOLAME_ENCODER 0
-%define CONFIG_LIBVO_AMRWBENC_ENCODER 0
-%define CONFIG_LIBVORBIS_ENCODER 0
-%define CONFIG_LIBVPX_VP8_ENCODER 0
-%define CONFIG_LIBVPX_VP9_ENCODER 0
-%define CONFIG_LIBWAVPACK_ENCODER 0
-%define CONFIG_LIBWEBP_ANIM_ENCODER 0
-%define CONFIG_LIBWEBP_ENCODER 0
-%define CONFIG_LIBX262_ENCODER 0
-%define CONFIG_LIBX264_ENCODER 0
-%define CONFIG_LIBX264RGB_ENCODER 0
-%define CONFIG_LIBX265_ENCODER 0
-%define CONFIG_LIBXAVS_ENCODER 0
-%define CONFIG_LIBXVID_ENCODER 0
-%define CONFIG_LIBOPENH264_ENCODER 0
-%define CONFIG_H264_NVENC_ENCODER 0
-%define CONFIG_H264_OMX_ENCODER 0
-%define CONFIG_H264_QSV_ENCODER 0
-%define CONFIG_H264_VAAPI_ENCODER 0
-%define CONFIG_H264_VIDEOTOOLBOX_ENCODER 0
-%define CONFIG_NVENC_ENCODER 0
-%define CONFIG_NVENC_H264_ENCODER 0
-%define CONFIG_NVENC_HEVC_ENCODER 0
-%define CONFIG_HEVC_NVENC_ENCODER 0
-%define CONFIG_HEVC_QSV_ENCODER 0
-%define CONFIG_HEVC_VAAPI_ENCODER 0
-%define CONFIG_LIBKVAZAAR_ENCODER 0
-%define CONFIG_MJPEG_VAAPI_ENCODER 0
-%define CONFIG_MPEG2_QSV_ENCODER 0
-%define CONFIG_ABENCH_FILTER 0
-%define CONFIG_ACOMPRESSOR_FILTER 0
-%define CONFIG_ACROSSFADE_FILTER 0
-%define CONFIG_ACRUSHER_FILTER 0
-%define CONFIG_ADELAY_FILTER 0
-%define CONFIG_AECHO_FILTER 0
-%define CONFIG_AEMPHASIS_FILTER 0
-%define CONFIG_AEVAL_FILTER 0
-%define CONFIG_AFADE_FILTER 0
-%define CONFIG_AFFTFILT_FILTER 0
-%define CONFIG_AFORMAT_FILTER 0
-%define CONFIG_AGATE_FILTER 0
-%define CONFIG_AINTERLEAVE_FILTER 0
-%define CONFIG_ALIMITER_FILTER 0
-%define CONFIG_ALLPASS_FILTER 0
-%define CONFIG_ALOOP_FILTER 0
-%define CONFIG_AMERGE_FILTER 0
-%define CONFIG_AMETADATA_FILTER 0
-%define CONFIG_AMIX_FILTER 0
-%define CONFIG_ANEQUALIZER_FILTER 0
-%define CONFIG_ANULL_FILTER 0
-%define CONFIG_APAD_FILTER 0
-%define CONFIG_APERMS_FILTER 0
-%define CONFIG_APHASER_FILTER 0
-%define CONFIG_APULSATOR_FILTER 0
-%define CONFIG_AREALTIME_FILTER 0
-%define CONFIG_ARESAMPLE_FILTER 0
-%define CONFIG_AREVERSE_FILTER 0
-%define CONFIG_ASELECT_FILTER 0
-%define CONFIG_ASENDCMD_FILTER 0
-%define CONFIG_ASETNSAMPLES_FILTER 0
-%define CONFIG_ASETPTS_FILTER 0
-%define CONFIG_ASETRATE_FILTER 0
-%define CONFIG_ASETTB_FILTER 0
-%define CONFIG_ASHOWINFO_FILTER 0
-%define CONFIG_ASIDEDATA_FILTER 0
-%define CONFIG_ASPLIT_FILTER 0
-%define CONFIG_ASTATS_FILTER 0
-%define CONFIG_ASTREAMSELECT_FILTER 0
-%define CONFIG_ASYNCTS_FILTER 0
-%define CONFIG_ATEMPO_FILTER 0
-%define CONFIG_ATRIM_FILTER 0
-%define CONFIG_AZMQ_FILTER 0
-%define CONFIG_BANDPASS_FILTER 0
-%define CONFIG_BANDREJECT_FILTER 0
-%define CONFIG_BASS_FILTER 0
-%define CONFIG_BIQUAD_FILTER 0
-%define CONFIG_BS2B_FILTER 0
-%define CONFIG_CHANNELMAP_FILTER 0
-%define CONFIG_CHANNELSPLIT_FILTER 0
-%define CONFIG_CHORUS_FILTER 0
-%define CONFIG_COMPAND_FILTER 0
-%define CONFIG_COMPENSATIONDELAY_FILTER 0
-%define CONFIG_CRYSTALIZER_FILTER 0
-%define CONFIG_DCSHIFT_FILTER 0
-%define CONFIG_DYNAUDNORM_FILTER 0
-%define CONFIG_EARWAX_FILTER 0
-%define CONFIG_EBUR128_FILTER 0
-%define CONFIG_EQUALIZER_FILTER 0
-%define CONFIG_EXTRASTEREO_FILTER 0
-%define CONFIG_FIREQUALIZER_FILTER 0
-%define CONFIG_FLANGER_FILTER 0
-%define CONFIG_HDCD_FILTER 0
-%define CONFIG_HIGHPASS_FILTER 0
-%define CONFIG_JOIN_FILTER 0
-%define CONFIG_LADSPA_FILTER 0
-%define CONFIG_LOUDNORM_FILTER 0
-%define CONFIG_LOWPASS_FILTER 0
-%define CONFIG_PAN_FILTER 0
-%define CONFIG_REPLAYGAIN_FILTER 0
-%define CONFIG_RESAMPLE_FILTER 0
-%define CONFIG_RUBBERBAND_FILTER 0
-%define CONFIG_SIDECHAINCOMPRESS_FILTER 0
-%define CONFIG_SIDECHAINGATE_FILTER 0
-%define CONFIG_SILENCEDETECT_FILTER 0
-%define CONFIG_SILENCEREMOVE_FILTER 0
-%define CONFIG_SOFALIZER_FILTER 0
-%define CONFIG_STEREOTOOLS_FILTER 0
-%define CONFIG_STEREOWIDEN_FILTER 0
-%define CONFIG_TREBLE_FILTER 0
-%define CONFIG_TREMOLO_FILTER 0
-%define CONFIG_VIBRATO_FILTER 0
-%define CONFIG_VOLUME_FILTER 0
-%define CONFIG_VOLUMEDETECT_FILTER 0
-%define CONFIG_AEVALSRC_FILTER 0
-%define CONFIG_ANOISESRC_FILTER 0
-%define CONFIG_ANULLSRC_FILTER 0
-%define CONFIG_FLITE_FILTER 0
-%define CONFIG_SINE_FILTER 0
-%define CONFIG_ANULLSINK_FILTER 0
-%define CONFIG_ALPHAEXTRACT_FILTER 0
-%define CONFIG_ALPHAMERGE_FILTER 0
-%define CONFIG_ASS_FILTER 0
-%define CONFIG_ATADENOISE_FILTER 0
-%define CONFIG_AVGBLUR_FILTER 0
-%define CONFIG_BBOX_FILTER 0
-%define CONFIG_BENCH_FILTER 0
-%define CONFIG_BITPLANENOISE_FILTER 0
-%define CONFIG_BLACKDETECT_FILTER 0
-%define CONFIG_BLACKFRAME_FILTER 0
-%define CONFIG_BLEND_FILTER 0
-%define CONFIG_BOXBLUR_FILTER 0
-%define CONFIG_BWDIF_FILTER 0
-%define CONFIG_CHROMAKEY_FILTER 0
-%define CONFIG_CIESCOPE_FILTER 0
-%define CONFIG_CODECVIEW_FILTER 0
-%define CONFIG_COLORBALANCE_FILTER 0
-%define CONFIG_COLORCHANNELMIXER_FILTER 0
-%define CONFIG_COLORKEY_FILTER 0
-%define CONFIG_COLORLEVELS_FILTER 0
-%define CONFIG_COLORMATRIX_FILTER 0
-%define CONFIG_COLORSPACE_FILTER 0
-%define CONFIG_CONVOLUTION_FILTER 0
-%define CONFIG_COPY_FILTER 0
-%define CONFIG_COREIMAGE_FILTER 0
-%define CONFIG_COVER_RECT_FILTER 0
-%define CONFIG_CROP_FILTER 0
-%define CONFIG_CROPDETECT_FILTER 0
-%define CONFIG_CURVES_FILTER 0
-%define CONFIG_DATASCOPE_FILTER 0
-%define CONFIG_DCTDNOIZ_FILTER 0
-%define CONFIG_DEBAND_FILTER 0
-%define CONFIG_DECIMATE_FILTER 0
-%define CONFIG_DEFLATE_FILTER 0
-%define CONFIG_DEJUDDER_FILTER 0
-%define CONFIG_DELOGO_FILTER 0
-%define CONFIG_DESHAKE_FILTER 0
-%define CONFIG_DETELECINE_FILTER 0
-%define CONFIG_DILATION_FILTER 0
-%define CONFIG_DISPLACE_FILTER 0
-%define CONFIG_DRAWBOX_FILTER 0
-%define CONFIG_DRAWGRAPH_FILTER 0
-%define CONFIG_DRAWGRID_FILTER 0
-%define CONFIG_DRAWTEXT_FILTER 0
-%define CONFIG_EDGEDETECT_FILTER 0
-%define CONFIG_ELBG_FILTER 0
-%define CONFIG_EQ_FILTER 0
-%define CONFIG_EROSION_FILTER 0
-%define CONFIG_EXTRACTPLANES_FILTER 0
-%define CONFIG_FADE_FILTER 0
-%define CONFIG_FFTFILT_FILTER 0
-%define CONFIG_FIELD_FILTER 0
-%define CONFIG_FIELDHINT_FILTER 0
-%define CONFIG_FIELDMATCH_FILTER 0
-%define CONFIG_FIELDORDER_FILTER 0
-%define CONFIG_FIND_RECT_FILTER 0
-%define CONFIG_FORMAT_FILTER 0
-%define CONFIG_FPS_FILTER 0
-%define CONFIG_FRAMEPACK_FILTER 0
-%define CONFIG_FRAMERATE_FILTER 0
-%define CONFIG_FRAMESTEP_FILTER 0
-%define CONFIG_FREI0R_FILTER 0
-%define CONFIG_FSPP_FILTER 0
-%define CONFIG_GBLUR_FILTER 0
-%define CONFIG_GEQ_FILTER 0
-%define CONFIG_GRADFUN_FILTER 0
-%define CONFIG_HALDCLUT_FILTER 0
-%define CONFIG_HFLIP_FILTER 0
-%define CONFIG_HISTEQ_FILTER 0
-%define CONFIG_HISTOGRAM_FILTER 0
-%define CONFIG_HQDN3D_FILTER 0
-%define CONFIG_HQX_FILTER 0
-%define CONFIG_HSTACK_FILTER 0
-%define CONFIG_HUE_FILTER 0
-%define CONFIG_HWDOWNLOAD_FILTER 0
-%define CONFIG_HWUPLOAD_FILTER 0
-%define CONFIG_HWUPLOAD_CUDA_FILTER 0
-%define CONFIG_HYSTERESIS_FILTER 0
-%define CONFIG_IDET_FILTER 0
-%define CONFIG_IL_FILTER 0
-%define CONFIG_INFLATE_FILTER 0
-%define CONFIG_INTERLACE_FILTER 0
-%define CONFIG_INTERLEAVE_FILTER 0
-%define CONFIG_KERNDEINT_FILTER 0
-%define CONFIG_LENSCORRECTION_FILTER 0
-%define CONFIG_LOOP_FILTER 0
-%define CONFIG_LUT_FILTER 0
-%define CONFIG_LUT2_FILTER 0
-%define CONFIG_LUT3D_FILTER 0
-%define CONFIG_LUTRGB_FILTER 0
-%define CONFIG_LUTYUV_FILTER 0
-%define CONFIG_MASKEDCLAMP_FILTER 0
-%define CONFIG_MASKEDMERGE_FILTER 0
-%define CONFIG_MCDEINT_FILTER 0
-%define CONFIG_MERGEPLANES_FILTER 0
-%define CONFIG_MESTIMATE_FILTER 0
-%define CONFIG_METADATA_FILTER 0
-%define CONFIG_MINTERPOLATE_FILTER 0
-%define CONFIG_MPDECIMATE_FILTER 0
-%define CONFIG_NEGATE_FILTER 0
-%define CONFIG_NLMEANS_FILTER 0
-%define CONFIG_NNEDI_FILTER 0
-%define CONFIG_NOFORMAT_FILTER 0
-%define CONFIG_NOISE_FILTER 0
-%define CONFIG_NULL_FILTER 0
-%define CONFIG_OCR_FILTER 0
-%define CONFIG_OCV_FILTER 0
-%define CONFIG_OVERLAY_FILTER 0
-%define CONFIG_OWDENOISE_FILTER 0
-%define CONFIG_PAD_FILTER 0
-%define CONFIG_PALETTEGEN_FILTER 0
-%define CONFIG_PALETTEUSE_FILTER 0
-%define CONFIG_PERMS_FILTER 0
-%define CONFIG_PERSPECTIVE_FILTER 0
-%define CONFIG_PHASE_FILTER 0
-%define CONFIG_PIXDESCTEST_FILTER 0
-%define CONFIG_PP_FILTER 0
-%define CONFIG_PP7_FILTER 0
-%define CONFIG_PREWITT_FILTER 0
-%define CONFIG_PSNR_FILTER 0
-%define CONFIG_PULLUP_FILTER 0
-%define CONFIG_QP_FILTER 0
-%define CONFIG_RANDOM_FILTER 0
-%define CONFIG_READVITC_FILTER 0
-%define CONFIG_REALTIME_FILTER 0
-%define CONFIG_REMAP_FILTER 0
-%define CONFIG_REMOVEGRAIN_FILTER 0
-%define CONFIG_REMOVELOGO_FILTER 0
-%define CONFIG_REPEATFIELDS_FILTER 0
-%define CONFIG_REVERSE_FILTER 0
-%define CONFIG_ROTATE_FILTER 0
-%define CONFIG_SAB_FILTER 0
-%define CONFIG_SCALE_FILTER 0
-%define CONFIG_SCALE_NPP_FILTER 0
-%define CONFIG_SCALE_VAAPI_FILTER 0
-%define CONFIG_SCALE2REF_FILTER 0
-%define CONFIG_SELECT_FILTER 0
-%define CONFIG_SELECTIVECOLOR_FILTER 0
-%define CONFIG_SENDCMD_FILTER 0
-%define CONFIG_SEPARATEFIELDS_FILTER 0
-%define CONFIG_SETDAR_FILTER 0
-%define CONFIG_SETFIELD_FILTER 0
-%define CONFIG_SETPTS_FILTER 0
-%define CONFIG_SETSAR_FILTER 0
-%define CONFIG_SETTB_FILTER 0
-%define CONFIG_SHOWINFO_FILTER 0
-%define CONFIG_SHOWPALETTE_FILTER 0
-%define CONFIG_SHUFFLEFRAMES_FILTER 0
-%define CONFIG_SHUFFLEPLANES_FILTER 0
-%define CONFIG_SIDEDATA_FILTER 0
-%define CONFIG_SIGNALSTATS_FILTER 0
-%define CONFIG_SMARTBLUR_FILTER 0
-%define CONFIG_SOBEL_FILTER 0
-%define CONFIG_SPLIT_FILTER 0
-%define CONFIG_SPP_FILTER 0
-%define CONFIG_SSIM_FILTER 0
-%define CONFIG_STEREO3D_FILTER 0
-%define CONFIG_STREAMSELECT_FILTER 0
-%define CONFIG_SUBTITLES_FILTER 0
-%define CONFIG_SUPER2XSAI_FILTER 0
-%define CONFIG_SWAPRECT_FILTER 0
-%define CONFIG_SWAPUV_FILTER 0
-%define CONFIG_TBLEND_FILTER 0
-%define CONFIG_TELECINE_FILTER 0
-%define CONFIG_THUMBNAIL_FILTER 0
-%define CONFIG_TILE_FILTER 0
-%define CONFIG_TINTERLACE_FILTER 0
-%define CONFIG_TRANSPOSE_FILTER 0
-%define CONFIG_TRIM_FILTER 0
-%define CONFIG_UNSHARP_FILTER 0
-%define CONFIG_USPP_FILTER 0
-%define CONFIG_VAGUEDENOISER_FILTER 0
-%define CONFIG_VECTORSCOPE_FILTER 0
-%define CONFIG_VFLIP_FILTER 0
-%define CONFIG_VIDSTABDETECT_FILTER 0
-%define CONFIG_VIDSTABTRANSFORM_FILTER 0
-%define CONFIG_VIGNETTE_FILTER 0
-%define CONFIG_VSTACK_FILTER 0
-%define CONFIG_W3FDIF_FILTER 0
-%define CONFIG_WAVEFORM_FILTER 0
-%define CONFIG_WEAVE_FILTER 0
-%define CONFIG_XBR_FILTER 0
-%define CONFIG_YADIF_FILTER 0
-%define CONFIG_ZMQ_FILTER 0
-%define CONFIG_ZOOMPAN_FILTER 0
-%define CONFIG_ZSCALE_FILTER 0
-%define CONFIG_ALLRGB_FILTER 0
-%define CONFIG_ALLYUV_FILTER 0
-%define CONFIG_CELLAUTO_FILTER 0
-%define CONFIG_COLOR_FILTER 0
-%define CONFIG_COREIMAGESRC_FILTER 0
-%define CONFIG_FREI0R_SRC_FILTER 0
-%define CONFIG_HALDCLUTSRC_FILTER 0
-%define CONFIG_LIFE_FILTER 0
-%define CONFIG_MANDELBROT_FILTER 0
-%define CONFIG_MPTESTSRC_FILTER 0
-%define CONFIG_NULLSRC_FILTER 0
-%define CONFIG_RGBTESTSRC_FILTER 0
-%define CONFIG_SMPTEBARS_FILTER 0
-%define CONFIG_SMPTEHDBARS_FILTER 0
-%define CONFIG_TESTSRC_FILTER 0
-%define CONFIG_TESTSRC2_FILTER 0
-%define CONFIG_YUVTESTSRC_FILTER 0
-%define CONFIG_NULLSINK_FILTER 0
-%define CONFIG_ADRAWGRAPH_FILTER 0
-%define CONFIG_AHISTOGRAM_FILTER 0
-%define CONFIG_APHASEMETER_FILTER 0
-%define CONFIG_AVECTORSCOPE_FILTER 0
-%define CONFIG_CONCAT_FILTER 0
-%define CONFIG_SHOWCQT_FILTER 0
-%define CONFIG_SHOWFREQS_FILTER 0
-%define CONFIG_SHOWSPECTRUM_FILTER 0
-%define CONFIG_SHOWSPECTRUMPIC_FILTER 0
-%define CONFIG_SHOWVOLUME_FILTER 0
-%define CONFIG_SHOWWAVES_FILTER 0
-%define CONFIG_SHOWWAVESPIC_FILTER 0
-%define CONFIG_SPECTRUMSYNTH_FILTER 0
-%define CONFIG_AMOVIE_FILTER 0
-%define CONFIG_MOVIE_FILTER 0
-%define CONFIG_H263_CUVID_HWACCEL 0
-%define CONFIG_H263_VAAPI_HWACCEL 0
-%define CONFIG_H263_VIDEOTOOLBOX_HWACCEL 0
-%define CONFIG_H264_CUVID_HWACCEL 0
-%define CONFIG_H264_D3D11VA_HWACCEL 0
-%define CONFIG_H264_DXVA2_HWACCEL 0
-%define CONFIG_H264_MEDIACODEC_HWACCEL 0
-%define CONFIG_H264_MMAL_HWACCEL 0
-%define CONFIG_H264_QSV_HWACCEL 0
-%define CONFIG_H264_VAAPI_HWACCEL 0
-%define CONFIG_H264_VDA_HWACCEL 0
-%define CONFIG_H264_VDA_OLD_HWACCEL 0
-%define CONFIG_H264_VDPAU_HWACCEL 0
-%define CONFIG_H264_VIDEOTOOLBOX_HWACCEL 0
-%define CONFIG_HEVC_CUVID_HWACCEL 0
-%define CONFIG_HEVC_D3D11VA_HWACCEL 0
-%define CONFIG_HEVC_DXVA2_HWACCEL 0
-%define CONFIG_HEVC_MEDIACODEC_HWACCEL 0
-%define CONFIG_HEVC_QSV_HWACCEL 0
-%define CONFIG_HEVC_VAAPI_HWACCEL 0
-%define CONFIG_HEVC_VDPAU_HWACCEL 0
-%define CONFIG_MJPEG_CUVID_HWACCEL 0
-%define CONFIG_MPEG1_CUVID_HWACCEL 0
-%define CONFIG_MPEG1_XVMC_HWACCEL 0
-%define CONFIG_MPEG1_VDPAU_HWACCEL 0
-%define CONFIG_MPEG1_VIDEOTOOLBOX_HWACCEL 0
-%define CONFIG_MPEG2_CUVID_HWACCEL 0
-%define CONFIG_MPEG2_XVMC_HWACCEL 0
-%define CONFIG_MPEG2_D3D11VA_HWACCEL 0
-%define CONFIG_MPEG2_DXVA2_HWACCEL 0
-%define CONFIG_MPEG2_MMAL_HWACCEL 0
-%define CONFIG_MPEG2_QSV_HWACCEL 0
-%define CONFIG_MPEG2_VAAPI_HWACCEL 0
-%define CONFIG_MPEG2_VDPAU_HWACCEL 0
-%define CONFIG_MPEG2_VIDEOTOOLBOX_HWACCEL 0
-%define CONFIG_MPEG4_CUVID_HWACCEL 0
-%define CONFIG_MPEG4_MEDIACODEC_HWACCEL 0
-%define CONFIG_MPEG4_MMAL_HWACCEL 0
-%define CONFIG_MPEG4_VAAPI_HWACCEL 0
-%define CONFIG_MPEG4_VDPAU_HWACCEL 0
-%define CONFIG_MPEG4_VIDEOTOOLBOX_HWACCEL 0
-%define CONFIG_VC1_CUVID_HWACCEL 0
-%define CONFIG_VC1_D3D11VA_HWACCEL 0
-%define CONFIG_VC1_DXVA2_HWACCEL 0
-%define CONFIG_VC1_VAAPI_HWACCEL 0
-%define CONFIG_VC1_VDPAU_HWACCEL 0
-%define CONFIG_VC1_MMAL_HWACCEL 0
-%define CONFIG_VC1_QSV_HWACCEL 0
-%define CONFIG_VP8_CUVID_HWACCEL 0
-%define CONFIG_VP8_MEDIACODEC_HWACCEL 0
-%define CONFIG_VP9_CUVID_HWACCEL 0
-%define CONFIG_VP9_D3D11VA_HWACCEL 0
-%define CONFIG_VP9_DXVA2_HWACCEL 0
-%define CONFIG_VP9_MEDIACODEC_HWACCEL 0
-%define CONFIG_VP9_VAAPI_HWACCEL 0
-%define CONFIG_WMV3_D3D11VA_HWACCEL 0
-%define CONFIG_WMV3_DXVA2_HWACCEL 0
-%define CONFIG_WMV3_VAAPI_HWACCEL 0
-%define CONFIG_WMV3_VDPAU_HWACCEL 0
-%define CONFIG_ALSA_INDEV 0
-%define CONFIG_AVFOUNDATION_INDEV 0
-%define CONFIG_BKTR_INDEV 0
-%define CONFIG_DECKLINK_INDEV 0
-%define CONFIG_DSHOW_INDEV 0
-%define CONFIG_DV1394_INDEV 0
-%define CONFIG_FBDEV_INDEV 0
-%define CONFIG_GDIGRAB_INDEV 0
-%define CONFIG_IEC61883_INDEV 0
-%define CONFIG_JACK_INDEV 0
-%define CONFIG_LAVFI_INDEV 0
-%define CONFIG_OPENAL_INDEV 0
-%define CONFIG_OSS_INDEV 0
-%define CONFIG_PULSE_INDEV 0
-%define CONFIG_QTKIT_INDEV 0
-%define CONFIG_SNDIO_INDEV 0
-%define CONFIG_V4L2_INDEV 0
-%define CONFIG_VFWCAP_INDEV 0
-%define CONFIG_X11GRAB_INDEV 0
-%define CONFIG_X11GRAB_XCB_INDEV 0
-%define CONFIG_LIBCDIO_INDEV 0
-%define CONFIG_LIBDC1394_INDEV 0
-%define CONFIG_A64_MUXER 0
-%define CONFIG_AC3_MUXER 0
-%define CONFIG_ADTS_MUXER 0
-%define CONFIG_ADX_MUXER 0
-%define CONFIG_AIFF_MUXER 0
-%define CONFIG_AMR_MUXER 0
-%define CONFIG_APNG_MUXER 0
-%define CONFIG_ASF_MUXER 0
-%define CONFIG_ASS_MUXER 0
-%define CONFIG_AST_MUXER 0
-%define CONFIG_ASF_STREAM_MUXER 0
-%define CONFIG_AU_MUXER 0
-%define CONFIG_AVI_MUXER 0
-%define CONFIG_AVM2_MUXER 0
-%define CONFIG_BIT_MUXER 0
-%define CONFIG_CAF_MUXER 0
-%define CONFIG_CAVSVIDEO_MUXER 0
-%define CONFIG_CRC_MUXER 0
-%define CONFIG_DASH_MUXER 0
-%define CONFIG_DATA_MUXER 0
-%define CONFIG_DAUD_MUXER 0
-%define CONFIG_DIRAC_MUXER 0
-%define CONFIG_DNXHD_MUXER 0
-%define CONFIG_DTS_MUXER 0
-%define CONFIG_DV_MUXER 0
-%define CONFIG_EAC3_MUXER 0
-%define CONFIG_F4V_MUXER 0
-%define CONFIG_FFM_MUXER 0
-%define CONFIG_FFMETADATA_MUXER 0
-%define CONFIG_FIFO_MUXER 0
-%define CONFIG_FILMSTRIP_MUXER 0
-%define CONFIG_FLAC_MUXER 0
-%define CONFIG_FLV_MUXER 0
-%define CONFIG_FRAMECRC_MUXER 0
-%define CONFIG_FRAMEHASH_MUXER 0
-%define CONFIG_FRAMEMD5_MUXER 0
-%define CONFIG_G722_MUXER 0
-%define CONFIG_G723_1_MUXER 0
-%define CONFIG_GIF_MUXER 0
-%define CONFIG_GSM_MUXER 0
-%define CONFIG_GXF_MUXER 0
-%define CONFIG_H261_MUXER 0
-%define CONFIG_H263_MUXER 0
-%define CONFIG_H264_MUXER 0
-%define CONFIG_HASH_MUXER 0
-%define CONFIG_HDS_MUXER 0
-%define CONFIG_HEVC_MUXER 0
-%define CONFIG_HLS_MUXER 0
-%define CONFIG_ICO_MUXER 0
-%define CONFIG_ILBC_MUXER 0
-%define CONFIG_IMAGE2_MUXER 0
-%define CONFIG_IMAGE2PIPE_MUXER 0
-%define CONFIG_IPOD_MUXER 0
-%define CONFIG_IRCAM_MUXER 0
-%define CONFIG_ISMV_MUXER 0
-%define CONFIG_IVF_MUXER 0
-%define CONFIG_JACOSUB_MUXER 0
-%define CONFIG_LATM_MUXER 0
-%define CONFIG_LRC_MUXER 0
-%define CONFIG_M4V_MUXER 0
-%define CONFIG_MD5_MUXER 0
-%define CONFIG_MATROSKA_MUXER 0
-%define CONFIG_MATROSKA_AUDIO_MUXER 0
-%define CONFIG_MICRODVD_MUXER 0
-%define CONFIG_MJPEG_MUXER 0
-%define CONFIG_MLP_MUXER 0
-%define CONFIG_MMF_MUXER 0
-%define CONFIG_MOV_MUXER 0
-%define CONFIG_MP2_MUXER 0
-%define CONFIG_MP3_MUXER 0
-%define CONFIG_MP4_MUXER 0
-%define CONFIG_MPEG1SYSTEM_MUXER 0
-%define CONFIG_MPEG1VCD_MUXER 0
-%define CONFIG_MPEG1VIDEO_MUXER 0
-%define CONFIG_MPEG2DVD_MUXER 0
-%define CONFIG_MPEG2SVCD_MUXER 0
-%define CONFIG_MPEG2VIDEO_MUXER 0
-%define CONFIG_MPEG2VOB_MUXER 0
-%define CONFIG_MPEGTS_MUXER 0
-%define CONFIG_MPJPEG_MUXER 0
-%define CONFIG_MXF_MUXER 0
-%define CONFIG_MXF_D10_MUXER 0
-%define CONFIG_MXF_OPATOM_MUXER 0
-%define CONFIG_NULL_MUXER 0
-%define CONFIG_NUT_MUXER 0
-%define CONFIG_OGA_MUXER 0
-%define CONFIG_OGG_MUXER 0
-%define CONFIG_OGV_MUXER 0
-%define CONFIG_OMA_MUXER 0
-%define CONFIG_OPUS_MUXER 0
-%define CONFIG_PCM_ALAW_MUXER 0
-%define CONFIG_PCM_MULAW_MUXER 0
-%define CONFIG_PCM_F64BE_MUXER 0
-%define CONFIG_PCM_F64LE_MUXER 0
-%define CONFIG_PCM_F32BE_MUXER 0
-%define CONFIG_PCM_F32LE_MUXER 0
-%define CONFIG_PCM_S32BE_MUXER 0
-%define CONFIG_PCM_S32LE_MUXER 0
-%define CONFIG_PCM_S24BE_MUXER 0
-%define CONFIG_PCM_S24LE_MUXER 0
-%define CONFIG_PCM_S16BE_MUXER 0
-%define CONFIG_PCM_S16LE_MUXER 0
-%define CONFIG_PCM_S8_MUXER 0
-%define CONFIG_PCM_U32BE_MUXER 0
-%define CONFIG_PCM_U32LE_MUXER 0
-%define CONFIG_PCM_U24BE_MUXER 0
-%define CONFIG_PCM_U24LE_MUXER 0
-%define CONFIG_PCM_U16BE_MUXER 0
-%define CONFIG_PCM_U16LE_MUXER 0
-%define CONFIG_PCM_U8_MUXER 0
-%define CONFIG_PSP_MUXER 0
-%define CONFIG_RAWVIDEO_MUXER 0
-%define CONFIG_RM_MUXER 0
-%define CONFIG_ROQ_MUXER 0
-%define CONFIG_RSO_MUXER 0
-%define CONFIG_RTP_MUXER 0
-%define CONFIG_RTP_MPEGTS_MUXER 0
-%define CONFIG_RTSP_MUXER 0
-%define CONFIG_SAP_MUXER 0
-%define CONFIG_SEGMENT_MUXER 0
-%define CONFIG_STREAM_SEGMENT_MUXER 0
-%define CONFIG_SINGLEJPEG_MUXER 0
-%define CONFIG_SMJPEG_MUXER 0
-%define CONFIG_SMOOTHSTREAMING_MUXER 0
-%define CONFIG_SOX_MUXER 0
-%define CONFIG_SPX_MUXER 0
-%define CONFIG_SPDIF_MUXER 0
-%define CONFIG_SRT_MUXER 0
-%define CONFIG_SWF_MUXER 0
-%define CONFIG_TEE_MUXER 0
-%define CONFIG_TG2_MUXER 0
-%define CONFIG_TGP_MUXER 0
-%define CONFIG_MKVTIMESTAMP_V2_MUXER 0
-%define CONFIG_TRUEHD_MUXER 0
-%define CONFIG_TTA_MUXER 0
-%define CONFIG_UNCODEDFRAMECRC_MUXER 0
-%define CONFIG_VC1_MUXER 0
-%define CONFIG_VC1T_MUXER 0
-%define CONFIG_VOC_MUXER 0
-%define CONFIG_W64_MUXER 0
-%define CONFIG_WAV_MUXER 0
-%define CONFIG_WEBM_MUXER 0
-%define CONFIG_WEBM_DASH_MANIFEST_MUXER 0
-%define CONFIG_WEBM_CHUNK_MUXER 0
-%define CONFIG_WEBP_MUXER 0
-%define CONFIG_WEBVTT_MUXER 0
-%define CONFIG_WTV_MUXER 0
-%define CONFIG_WV_MUXER 0
-%define CONFIG_YUV4MPEGPIPE_MUXER 0
-%define CONFIG_CHROMAPRINT_MUXER 0
-%define CONFIG_LIBNUT_MUXER 0
-%define CONFIG_ALSA_OUTDEV 0
-%define CONFIG_CACA_OUTDEV 0
-%define CONFIG_DECKLINK_OUTDEV 0
-%define CONFIG_FBDEV_OUTDEV 0
-%define CONFIG_OPENGL_OUTDEV 0
-%define CONFIG_OSS_OUTDEV 0
-%define CONFIG_PULSE_OUTDEV 0
-%define CONFIG_SDL2_OUTDEV 0
-%define CONFIG_SNDIO_OUTDEV 0
-%define CONFIG_V4L2_OUTDEV 0
-%define CONFIG_XV_OUTDEV 0
-%define CONFIG_AAC_PARSER 0
-%define CONFIG_AAC_LATM_PARSER 0
-%define CONFIG_AC3_PARSER 0
-%define CONFIG_ADX_PARSER 0
-%define CONFIG_BMP_PARSER 0
-%define CONFIG_CAVSVIDEO_PARSER 0
-%define CONFIG_COOK_PARSER 0
-%define CONFIG_DCA_PARSER 0
-%define CONFIG_DIRAC_PARSER 0
-%define CONFIG_DNXHD_PARSER 0
-%define CONFIG_DPX_PARSER 0
-%define CONFIG_DVAUDIO_PARSER 0
-%define CONFIG_DVBSUB_PARSER 0
-%define CONFIG_DVDSUB_PARSER 0
-%define CONFIG_DVD_NAV_PARSER 0
-%define CONFIG_FLAC_PARSER 1
-%define CONFIG_G729_PARSER 0
-%define CONFIG_GSM_PARSER 0
-%define CONFIG_H261_PARSER 0
-%define CONFIG_H263_PARSER 0
-%define CONFIG_H264_PARSER 0
-%define CONFIG_HEVC_PARSER 0
-%define CONFIG_MJPEG_PARSER 0
-%define CONFIG_MLP_PARSER 0
-%define CONFIG_MPEG4VIDEO_PARSER 0
-%define CONFIG_MPEGAUDIO_PARSER 0
-%define CONFIG_MPEGVIDEO_PARSER 0
-%define CONFIG_OPUS_PARSER 0
-%define CONFIG_PNG_PARSER 0
-%define CONFIG_PNM_PARSER 0
-%define CONFIG_RV30_PARSER 0
-%define CONFIG_RV40_PARSER 0
-%define CONFIG_TAK_PARSER 0
-%define CONFIG_VC1_PARSER 0
-%define CONFIG_VORBIS_PARSER 0
-%define CONFIG_VP3_PARSER 0
+%define CONFIG_FLAC_PARSER 0
 %define CONFIG_VP8_PARSER 1
 %define CONFIG_VP9_PARSER 1
-%define CONFIG_ASYNC_PROTOCOL 0
-%define CONFIG_BLURAY_PROTOCOL 0
-%define CONFIG_CACHE_PROTOCOL 0
-%define CONFIG_CONCAT_PROTOCOL 0
-%define CONFIG_CRYPTO_PROTOCOL 0
-%define CONFIG_DATA_PROTOCOL 0
-%define CONFIG_FFRTMPCRYPT_PROTOCOL 0
-%define CONFIG_FFRTMPHTTP_PROTOCOL 0
-%define CONFIG_FILE_PROTOCOL 0
-%define CONFIG_FTP_PROTOCOL 0
-%define CONFIG_GOPHER_PROTOCOL 0
-%define CONFIG_HLS_PROTOCOL 0
-%define CONFIG_HTTP_PROTOCOL 0
-%define CONFIG_HTTPPROXY_PROTOCOL 0
-%define CONFIG_HTTPS_PROTOCOL 0
-%define CONFIG_ICECAST_PROTOCOL 0
-%define CONFIG_MMSH_PROTOCOL 0
-%define CONFIG_MMST_PROTOCOL 0
-%define CONFIG_MD5_PROTOCOL 0
-%define CONFIG_PIPE_PROTOCOL 0
-%define CONFIG_RTMP_PROTOCOL 0
-%define CONFIG_RTMPE_PROTOCOL 0
-%define CONFIG_RTMPS_PROTOCOL 0
-%define CONFIG_RTMPT_PROTOCOL 0
-%define CONFIG_RTMPTE_PROTOCOL 0
-%define CONFIG_RTMPTS_PROTOCOL 0
-%define CONFIG_RTP_PROTOCOL 0
-%define CONFIG_SCTP_PROTOCOL 0
-%define CONFIG_SRTP_PROTOCOL 0
-%define CONFIG_SUBFILE_PROTOCOL 0
-%define CONFIG_TEE_PROTOCOL 0
-%define CONFIG_TCP_PROTOCOL 0
-%define CONFIG_TLS_GNUTLS_PROTOCOL 0
-%define CONFIG_TLS_SCHANNEL_PROTOCOL 0
-%define CONFIG_TLS_SECURETRANSPORT_PROTOCOL 0
-%define CONFIG_TLS_OPENSSL_PROTOCOL 0
-%define CONFIG_UDP_PROTOCOL 0
-%define CONFIG_UDPLITE_PROTOCOL 0
-%define CONFIG_UNIX_PROTOCOL 0
-%define CONFIG_LIBRTMP_PROTOCOL 0
-%define CONFIG_LIBRTMPE_PROTOCOL 0
-%define CONFIG_LIBRTMPS_PROTOCOL 0
-%define CONFIG_LIBRTMPT_PROTOCOL 0
-%define CONFIG_LIBRTMPTE_PROTOCOL 0
-%define CONFIG_LIBSSH_PROTOCOL 0
-%define CONFIG_LIBSMBCLIENT_PROTOCOL 0
diff --git a/media/ffvpx/config_darwin64.h b/media/ffvpx/config_darwin64.h
index e1d42ad39..72f1d6dad 100644
--- a/media/ffvpx/config_darwin64.h
+++ b/media/ffvpx/config_darwin64.h
@@ -1,12 +1,12 @@
 /* Automatically generated by configure - do not modify! */
 #ifndef FFMPEG_CONFIG_H
 #define FFMPEG_CONFIG_H
-#define FFMPEG_CONFIGURATION "--disable-everything --disable-protocols --disable-demuxers --disable-muxers --disable-filters --disable-programs --disable-doc --disable-parsers --enable-parser=vp8 --enable-parser=vp9 --enable-decoder=vp8 --enable-decoder=vp9 --disable-static --enable-shared --disable-debug --disable-sdl --disable-libxcb --disable-securetransport --disable-iconv --disable-swresample --disable-swscale --disable-avdevice --disable-avfilter --disable-avformat --disable-d3d11va --disable-dxva2 --disable-vaapi --disable-vda --disable-vdpau --disable-videotoolbox --enable-asm --enable-yasm"
+#define FFMPEG_CONFIGURATION "--disable-everything --disable-protocols --disable-demuxers --disable-muxers --disable-filters --disable-programs --disable-doc --disable-parsers --enable-parser=vp8 --enable-parser=vp9 --enable-decoder=vp8 --enable-decoder=vp9 --disable-static --enable-shared --disable-debug --disable-sdl2 --disable-libxcb --disable-securetransport --disable-iconv --disable-swresample --disable-swscale --disable-avdevice --disable-avfilter --disable-avformat --disable-d3d11va --disable-dxva2 --disable-vaapi --disable-vdpau --disable-videotoolbox --enable-decoder=flac --enable-asm --enable-x86asm"
 #define FFMPEG_LICENSE "LGPL version 2.1 or later"
-#define CONFIG_THIS_YEAR 2016
+#define CONFIG_THIS_YEAR 2017
 #define FFMPEG_DATADIR "/usr/local/share/ffmpeg"
 #define AVCONV_DATADIR "/usr/local/share/ffmpeg"
-#define CC_IDENT "Apple LLVM version 7.0.2 (clang-700.1.81)"
+#define CC_IDENT "Apple LLVM version 9.0.0 (clang-900.0.38)"
 #define av_restrict restrict
 #define EXTERN_PREFIX "_"
 #define EXTERN_ASM _
@@ -79,8 +79,8 @@
 #define HAVE_MIPSDSP 0
 #define HAVE_MIPSDSPR2 0
 #define HAVE_MSA 0
-#define HAVE_LOONGSON2 1
-#define HAVE_LOONGSON3 1
+#define HAVE_LOONGSON2 0
+#define HAVE_LOONGSON3 0
 #define HAVE_MMI 0
 #define HAVE_ARMV5TE_EXTERNAL 0
 #define HAVE_ARMV6_EXTERNAL 0
@@ -178,33 +178,33 @@
 #define HAVE_LOCAL_ALIGNED_16 1
 #define HAVE_LOCAL_ALIGNED_32 1
 #define HAVE_SIMD_ALIGN_16 1
+#define HAVE_SIMD_ALIGN_32 1
 #define HAVE_ATOMICS_GCC 1
 #define HAVE_ATOMICS_SUNCC 0
 #define HAVE_ATOMICS_WIN32 0
 #define HAVE_ATOMIC_CAS_PTR 0
-#define HAVE_ATOMIC_COMPARE_EXCHANGE 1
 #define HAVE_MACHINE_RW_BARRIER 0
 #define HAVE_MEMORYBARRIER 0
 #define HAVE_MM_EMPTY 1
 #define HAVE_RDTSC 0
 #define HAVE_SARESTART 1
-#define HAVE_SEM_TIMEDWAIT 1
+#define HAVE_SEM_TIMEDWAIT 0
 #define HAVE_SYNC_VAL_COMPARE_AND_SWAP 1
 #define HAVE_CABS 1
 #define HAVE_CEXP 1
 #define HAVE_INLINE_ASM 1
 #define HAVE_SYMVER 1
-#define HAVE_YASM 1
+#define HAVE_X86ASM 1
 #define HAVE_BIGENDIAN 0
 #define HAVE_FAST_UNALIGNED 1
-#define HAVE_INCOMPATIBLE_LIBAV_ABI 0
-#define HAVE_ALSA_ASOUNDLIB_H 0
 #define HAVE_ALTIVEC_H 0
 #define HAVE_ARPA_INET_H 1
 #define HAVE_ASM_TYPES_H 0
 #define HAVE_CDIO_PARANOIA_H 0
 #define HAVE_CDIO_PARANOIA_PARANOIA_H 0
-#define HAVE_DISPATCH_DISPATCH_H 0
+#define HAVE_CUDA_H 0
+#define HAVE_D3D11_H 0
+#define HAVE_DISPATCH_DISPATCH_H 1
 #define HAVE_DEV_BKTR_IOCTL_BT848_H 0
 #define HAVE_DEV_BKTR_IOCTL_METEOR_H 0
 #define HAVE_DEV_IC_BT8XX_H 0
@@ -213,7 +213,7 @@
 #define HAVE_DIRECT_H 0
 #define HAVE_DIRENT_H 1
 #define HAVE_DLFCN_H 1
-#define HAVE_D3D11_H 0
+#define HAVE_DXGIDEBUG_H 0
 #define HAVE_DXVA_H 0
 #define HAVE_ES2_GL_H 0
 #define HAVE_GSM_H 0
@@ -222,13 +222,15 @@
 #define HAVE_MACHINE_IOCTL_BT848_H 0
 #define HAVE_MACHINE_IOCTL_METEOR_H 0
 #define HAVE_OPENCV2_CORE_CORE_C_H 0
+#define HAVE_OPENJPEG_2_3_OPENJPEG_H 0
+#define HAVE_OPENJPEG_2_2_OPENJPEG_H 0
 #define HAVE_OPENJPEG_2_1_OPENJPEG_H 0
 #define HAVE_OPENJPEG_2_0_OPENJPEG_H 0
 #define HAVE_OPENJPEG_1_5_OPENJPEG_H 0
 #define HAVE_OPENGL_GL3_H 0
 #define HAVE_POLL_H 1
-#define HAVE_SNDIO_H 0
 #define HAVE_SOUNDCARD_H 0
+#define HAVE_STDATOMIC_H 1
 #define HAVE_SYS_MMAN_H 1
 #define HAVE_SYS_PARAM_H 1
 #define HAVE_SYS_RESOURCE_H 1
@@ -275,12 +277,11 @@
 #define HAVE_TRUNCF 1
 #define HAVE_ACCESS 1
 #define HAVE_ALIGNED_MALLOC 0
-#define HAVE_CLOCK_GETTIME 0
+#define HAVE_CLOCK_GETTIME 1
 #define HAVE_CLOSESOCKET 0
 #define HAVE_COMMANDLINETOARGVW 0
 #define HAVE_COTASKMEMFREE 0
 #define HAVE_CRYPTGENRANDOM 0
-#define HAVE_DLOPEN 1
 #define HAVE_FCNTL 1
 #define HAVE_FLT_LIM 1
 #define HAVE_FORK 1
@@ -319,19 +320,22 @@
 #define HAVE_SLEEP 0
 #define HAVE_STRERROR_R 1
 #define HAVE_SYSCONF 1
+#define HAVE_SYSCTL 1
 #define HAVE_USLEEP 1
-#define HAVE_UTGETOSTYPEFROMSTRING 1
+#define HAVE_UTGETOSTYPEFROMSTRING 0
 #define HAVE_VIRTUALALLOC 0
 #define HAVE_WGLGETPROCADDRESS 0
 #define HAVE_PTHREADS 1
 #define HAVE_OS2THREADS 0
 #define HAVE_W32THREADS 0
 #define HAVE_AS_DN_DIRECTIVE 0
+#define HAVE_AS_FPU_DIRECTIVE 0
 #define HAVE_AS_FUNC 0
 #define HAVE_AS_OBJECT_ARCH 0
 #define HAVE_ASM_MOD_Q 0
 #define HAVE_ATTRIBUTE_MAY_ALIAS 1
 #define HAVE_ATTRIBUTE_PACKED 1
+#define HAVE_BLOCKS_EXTENSION 1
 #define HAVE_EBP_AVAILABLE 1
 #define HAVE_EBX_AVAILABLE 1
 #define HAVE_GNU_AS 0
@@ -348,6 +352,7 @@
 #define HAVE_XFORM_ASM 0
 #define HAVE_XMM_CLOBBERS 1
 #define HAVE_CONDITION_VARIABLE_PTR 0
+#define HAVE_KCMVIDEOCODECTYPE_HEVC 0
 #define HAVE_SOCKLEN_T 1
 #define HAVE_STRUCT_ADDRINFO 1
 #define HAVE_STRUCT_GROUP_SOURCE_REQ 1
@@ -364,50 +369,38 @@
 #define HAVE_STRUCT_V4L2_FRMIVALENUM_DISCRETE 0
 #define HAVE_ATOMICS_NATIVE 1
 #define HAVE_DOS_PATHS 0
-#define HAVE_DXVA2_LIB 0
-#define HAVE_DXVA2API_COBJ 0
 #define HAVE_LIBC_MSVCRT 0
-#define HAVE_LIBDC1394_1 0
-#define HAVE_LIBDC1394_2 0
 #define HAVE_MAKEINFO 1
-#define HAVE_MAKEINFO_HTML 1
+#define HAVE_MAKEINFO_HTML 0
 #define HAVE_MMAL_PARAMETER_VIDEO_MAX_NUM_CALLBACKS 0
 #define HAVE_PERL 1
 #define HAVE_POD2MAN 1
-#define HAVE_SDL2 0
 #define HAVE_SECTION_DATA_REL_RO 0
 #define HAVE_TEXI2HTML 0
 #define HAVE_THREADS 1
+#define HAVE_UWP 0
 #define HAVE_VAAPI_DRM 0
 #define HAVE_VAAPI_X11 0
 #define HAVE_VDPAU_X11 0
 #define HAVE_WINRT 0
-#define HAVE_XLIB 0
-#define CONFIG_BSFS 0
-#define CONFIG_DECODERS 1
-#define CONFIG_ENCODERS 0
-#define CONFIG_HWACCELS 0
-#define CONFIG_PARSERS 1
-#define CONFIG_INDEVS 0
-#define CONFIG_OUTDEVS 0
-#define CONFIG_FILTERS 0
-#define CONFIG_DEMUXERS 0
-#define CONFIG_MUXERS 0
-#define CONFIG_PROTOCOLS 0
 #define CONFIG_DOC 0
-#define CONFIG_HTMLPAGES 1
+#define CONFIG_HTMLPAGES 0
 #define CONFIG_MANPAGES 1
 #define CONFIG_PODPAGES 1
 #define CONFIG_TXTPAGES 1
 #define CONFIG_AVIO_DIR_CMD_EXAMPLE 1
 #define CONFIG_AVIO_READING_EXAMPLE 1
-#define CONFIG_DECODING_ENCODING_EXAMPLE 0
+#define CONFIG_DECODE_AUDIO_EXAMPLE 1
+#define CONFIG_DECODE_VIDEO_EXAMPLE 1
 #define CONFIG_DEMUXING_DECODING_EXAMPLE 0
+#define CONFIG_ENCODE_AUDIO_EXAMPLE 1
+#define CONFIG_ENCODE_VIDEO_EXAMPLE 1
 #define CONFIG_EXTRACT_MVS_EXAMPLE 0
 #define CONFIG_FILTER_AUDIO_EXAMPLE 0
 #define CONFIG_FILTERING_AUDIO_EXAMPLE 0
 #define CONFIG_FILTERING_VIDEO_EXAMPLE 0
 #define CONFIG_HTTP_MULTICLIENT_EXAMPLE 0
+#define CONFIG_HW_DECODE_EXAMPLE 0
 #define CONFIG_METADATA_EXAMPLE 0
 #define CONFIG_MUXING_EXAMPLE 0
 #define CONFIG_QSVDEC_EXAMPLE 0
@@ -416,27 +409,55 @@
 #define CONFIG_SCALING_VIDEO_EXAMPLE 0
 #define CONFIG_TRANSCODE_AAC_EXAMPLE 0
 #define CONFIG_TRANSCODING_EXAMPLE 0
+#define CONFIG_ALSA 0
+#define CONFIG_APPKIT 1
+#define CONFIG_AVFOUNDATION 1
+#define CONFIG_BZLIB 1
+#define CONFIG_COREIMAGE 1
+#define CONFIG_ICONV 0
+#define CONFIG_JACK 0
+#define CONFIG_LIBXCB 0
+#define CONFIG_LIBXCB_SHM 0
+#define CONFIG_LIBXCB_SHAPE 0
+#define CONFIG_LIBXCB_XFIXES 0
+#define CONFIG_LZMA 0
+#define CONFIG_SCHANNEL 0
+#define CONFIG_SDL2 0
+#define CONFIG_SECURETRANSPORT 0
+#define CONFIG_SNDIO 0
+#define CONFIG_XLIB 1
+#define CONFIG_ZLIB 1
 #define CONFIG_AVISYNTH 0
-#define CONFIG_BZLIB 0
-#define CONFIG_CHROMAPRINT 0
-#define CONFIG_CRYSTALHD 0
-#define CONFIG_DECKLINK 0
 #define CONFIG_FREI0R 0
-#define CONFIG_GCRYPT 0
+#define CONFIG_LIBCDIO 0
+#define CONFIG_LIBRUBBERBAND 0
+#define CONFIG_LIBVIDSTAB 0
+#define CONFIG_LIBX264 0
+#define CONFIG_LIBX265 0
+#define CONFIG_LIBXAVS 0
+#define CONFIG_LIBXVID 0
+#define CONFIG_DECKLINK 0
+#define CONFIG_LIBNDI_NEWTEK 0
+#define CONFIG_LIBFDK_AAC 0
+#define CONFIG_OPENSSL 0
 #define CONFIG_GMP 0
+#define CONFIG_LIBOPENCORE_AMRNB 0
+#define CONFIG_LIBOPENCORE_AMRWB 0
+#define CONFIG_LIBVO_AMRWBENC 0
+#define CONFIG_RKMPP 0
+#define CONFIG_LIBSMBCLIENT 0
+#define CONFIG_CHROMAPRINT 0
+#define CONFIG_GCRYPT 0
 #define CONFIG_GNUTLS 0
-#define CONFIG_ICONV 0
 #define CONFIG_JNI 0
 #define CONFIG_LADSPA 0
 #define CONFIG_LIBASS 0
 #define CONFIG_LIBBLURAY 0
 #define CONFIG_LIBBS2B 0
 #define CONFIG_LIBCACA 0
-#define CONFIG_LIBCDIO 0
 #define CONFIG_LIBCELT 0
 #define CONFIG_LIBDC1394 0
-#define CONFIG_LIBEBUR128 0
-#define CONFIG_LIBFDK_AAC 0
+#define CONFIG_LIBDRM 0
 #define CONFIG_LIBFLITE 0
 #define CONFIG_LIBFONTCONFIG 0
 #define CONFIG_LIBFREETYPE 0
@@ -448,18 +469,15 @@
 #define CONFIG_LIBKVAZAAR 0
 #define CONFIG_LIBMODPLUG 0
 #define CONFIG_LIBMP3LAME 0
-#define CONFIG_LIBNUT 0
-#define CONFIG_LIBOPENCORE_AMRNB 0
-#define CONFIG_LIBOPENCORE_AMRWB 0
+#define CONFIG_LIBMYSOFA 0
 #define CONFIG_LIBOPENCV 0
 #define CONFIG_LIBOPENH264 0
 #define CONFIG_LIBOPENJPEG 0
 #define CONFIG_LIBOPENMPT 0
 #define CONFIG_LIBOPUS 0
 #define CONFIG_LIBPULSE 0
+#define CONFIG_LIBRSVG 0
 #define CONFIG_LIBRTMP 0
-#define CONFIG_LIBRUBBERBAND 0
-#define CONFIG_LIBSCHROEDINGER 0
 #define CONFIG_LIBSHINE 0
 #define CONFIG_LIBSMBCLIENT 0
 #define CONFIG_LIBSNAPPY 0
@@ -470,53 +488,37 @@
 #define CONFIG_LIBTHEORA 0
 #define CONFIG_LIBTWOLAME 0
 #define CONFIG_LIBV4L2 0
-#define CONFIG_LIBVIDSTAB 0
-#define CONFIG_LIBVO_AMRWBENC 0
+#define CONFIG_LIBVMAF 0
 #define CONFIG_LIBVORBIS 0
 #define CONFIG_LIBVPX 0
 #define CONFIG_LIBWAVPACK 0
 #define CONFIG_LIBWEBP 0
-#define CONFIG_LIBX264 0
-#define CONFIG_LIBX265 0
-#define CONFIG_LIBXAVS 0
-#define CONFIG_LIBXCB 0
-#define CONFIG_LIBXCB_SHM 0
-#define CONFIG_LIBXCB_SHAPE 0
-#define CONFIG_LIBXCB_XFIXES 0
-#define CONFIG_LIBXVID 0
+#define CONFIG_LIBXML2 0
 #define CONFIG_LIBZIMG 0
 #define CONFIG_LIBZMQ 0
 #define CONFIG_LIBZVBI 0
-#define CONFIG_LZMA 0
 #define CONFIG_MEDIACODEC 0
-#define CONFIG_NETCDF 0
 #define CONFIG_OPENAL 0
 #define CONFIG_OPENCL 0
 #define CONFIG_OPENGL 0
-#define CONFIG_OPENSSL 0
-#define CONFIG_SCHANNEL 0
-#define CONFIG_SDL 0
-#define CONFIG_SDL2 0
-#define CONFIG_SECURETRANSPORT 0
-#define CONFIG_VIDEOTOOLBOX 0
-#define CONFIG_X11GRAB 0
-#define CONFIG_XLIB 0
-#define CONFIG_ZLIB 0
-#define CONFIG_AUDIOTOOLBOX 0
+#define CONFIG_AUDIOTOOLBOX 1
+#define CONFIG_CRYSTALHD 0
 #define CONFIG_CUDA 0
 #define CONFIG_CUVID 0
 #define CONFIG_D3D11VA 0
 #define CONFIG_DXVA2 0
-#define CONFIG_LIBMFX 0
-#define CONFIG_LIBNPP 0
-#define CONFIG_MMAL 0
 #define CONFIG_NVENC 0
-#define CONFIG_OMX 0
 #define CONFIG_VAAPI 0
 #define CONFIG_VDA 0
 #define CONFIG_VDPAU 0
-#define CONFIG_VIDEOTOOLBOX_HWACCEL 0
+#define CONFIG_VIDEOTOOLBOX 0
+#define CONFIG_V4L2_M2M 0
 #define CONFIG_XVMC 0
+#define CONFIG_CUDA_SDK 0
+#define CONFIG_LIBNPP 0
+#define CONFIG_LIBMFX 0
+#define CONFIG_MMAL 0
+#define CONFIG_OMX 0
 #define CONFIG_FTRAPV 0
 #define CONFIG_GRAY 0
 #define CONFIG_HARDCODED_TABLES 0
@@ -555,16 +557,27 @@
 #define CONFIG_PIXELUTILS 0
 #define CONFIG_NETWORK 0
 #define CONFIG_RDFT 0
+#define CONFIG_AUTODETECT 0
 #define CONFIG_FONTCONFIG 0
-#define CONFIG_MEMALIGN_HACK 0
+#define CONFIG_LINUX_PERF 0
 #define CONFIG_MEMORY_POISONING 0
 #define CONFIG_NEON_CLOBBER_TEST 0
+#define CONFIG_OSSFUZZ 0
 #define CONFIG_PIC 1
-#define CONFIG_POD2MAN 1
-#define CONFIG_RAISE_MAJOR 0
 #define CONFIG_THUMB 0
 #define CONFIG_VALGRIND_BACKTRACE 0
 #define CONFIG_XMM_CLOBBER_TEST 0
+#define CONFIG_BSFS 1
+#define CONFIG_DECODERS 1
+#define CONFIG_ENCODERS 0
+#define CONFIG_HWACCELS 0
+#define CONFIG_PARSERS 1
+#define CONFIG_INDEVS 0
+#define CONFIG_OUTDEVS 0
+#define CONFIG_FILTERS 0
+#define CONFIG_DEMUXERS 0
+#define CONFIG_MUXERS 0
+#define CONFIG_PROTOCOLS 0
 #define CONFIG_AANDCTTABLES 0
 #define CONFIG_AC3DSP 0
 #define CONFIG_AUDIO_FRAME_QUEUE 0
@@ -582,20 +595,22 @@
 #define CONFIG_FMTCONVERT 0
 #define CONFIG_FRAME_THREAD_ENCODER 0
 #define CONFIG_G722DSP 0
-#define CONFIG_GOLOMB 1
+#define CONFIG_GOLOMB 0
 #define CONFIG_GPLV3 0
 #define CONFIG_H263DSP 0
 #define CONFIG_H264CHROMA 0
 #define CONFIG_H264DSP 0
+#define CONFIG_H264PARSE 0
 #define CONFIG_H264PRED 1
 #define CONFIG_H264QPEL 0
+#define CONFIG_HEVCPARSE 0
 #define CONFIG_HPELDSP 0
 #define CONFIG_HUFFMAN 0
 #define CONFIG_HUFFYUVDSP 0
 #define CONFIG_HUFFYUVENCDSP 0
 #define CONFIG_IDCTDSP 0
 #define CONFIG_IIRFILTER 0
-#define CONFIG_IMDCT15 0
+#define CONFIG_MDCT15 0
 #define CONFIG_INTRAX8 0
 #define CONFIG_ISO_MEDIA 0
 #define CONFIG_IVIDSP 0
@@ -604,12 +619,14 @@
 #define CONFIG_LIBX262 0
 #define CONFIG_LLAUDDSP 0
 #define CONFIG_LLVIDDSP 0
+#define CONFIG_LLVIDENCDSP 0
 #define CONFIG_LPC 0
 #define CONFIG_LZF 0
 #define CONFIG_ME_CMP 0
 #define CONFIG_MPEG_ER 0
 #define CONFIG_MPEGAUDIO 0
 #define CONFIG_MPEGAUDIODSP 0
+#define CONFIG_MPEGAUDIOHEADER 0
 #define CONFIG_MPEGVIDEO 0
 #define CONFIG_MPEGVIDEOENC 0
 #define CONFIG_MSS34DSP 0
@@ -631,1595 +648,20 @@
 #define CONFIG_TEXTUREDSP 0
 #define CONFIG_TEXTUREDSPENC 0
 #define CONFIG_TPELDSP 0
+#define CONFIG_VAAPI_1 0
 #define CONFIG_VAAPI_ENCODE 0
 #define CONFIG_VC1DSP 0
 #define CONFIG_VIDEODSP 1
 #define CONFIG_VP3DSP 0
 #define CONFIG_VP56DSP 0
 #define CONFIG_VP8DSP 1
-#define CONFIG_VT_BT2020 0
 #define CONFIG_WMA_FREQS 0
 #define CONFIG_WMV2DSP 0
-#define CONFIG_AAC_ADTSTOASC_BSF 0
-#define CONFIG_CHOMP_BSF 0
-#define CONFIG_DUMP_EXTRADATA_BSF 0
-#define CONFIG_DCA_CORE_BSF 0
-#define CONFIG_H264_MP4TOANNEXB_BSF 0
-#define CONFIG_HEVC_MP4TOANNEXB_BSF 0
-#define CONFIG_IMX_DUMP_HEADER_BSF 0
-#define CONFIG_MJPEG2JPEG_BSF 0
-#define CONFIG_MJPEGA_DUMP_HEADER_BSF 0
-#define CONFIG_MP3_HEADER_DECOMPRESS_BSF 0
-#define CONFIG_MPEG4_UNPACK_BFRAMES_BSF 0
-#define CONFIG_MOV2TEXTSUB_BSF 0
-#define CONFIG_NOISE_BSF 0
-#define CONFIG_REMOVE_EXTRADATA_BSF 0
-#define CONFIG_TEXT2MOVSUB_BSF 0
-#define CONFIG_VP9_SUPERFRAME_BSF 0
-#define CONFIG_AASC_DECODER 0
-#define CONFIG_AIC_DECODER 0
-#define CONFIG_ALIAS_PIX_DECODER 0
-#define CONFIG_AMV_DECODER 0
-#define CONFIG_ANM_DECODER 0
-#define CONFIG_ANSI_DECODER 0
-#define CONFIG_APNG_DECODER 0
-#define CONFIG_ASV1_DECODER 0
-#define CONFIG_ASV2_DECODER 0
-#define CONFIG_AURA_DECODER 0
-#define CONFIG_AURA2_DECODER 0
-#define CONFIG_AVRP_DECODER 0
-#define CONFIG_AVRN_DECODER 0
-#define CONFIG_AVS_DECODER 0
-#define CONFIG_AVUI_DECODER 0
-#define CONFIG_AYUV_DECODER 0
-#define CONFIG_BETHSOFTVID_DECODER 0
-#define CONFIG_BFI_DECODER 0
-#define CONFIG_BINK_DECODER 0
-#define CONFIG_BMP_DECODER 0
-#define CONFIG_BMV_VIDEO_DECODER 0
-#define CONFIG_BRENDER_PIX_DECODER 0
-#define CONFIG_C93_DECODER 0
-#define CONFIG_CAVS_DECODER 0
-#define CONFIG_CDGRAPHICS_DECODER 0
-#define CONFIG_CDXL_DECODER 0
-#define CONFIG_CFHD_DECODER 0
-#define CONFIG_CINEPAK_DECODER 0
-#define CONFIG_CLJR_DECODER 0
-#define CONFIG_CLLC_DECODER 0
-#define CONFIG_COMFORTNOISE_DECODER 0
-#define CONFIG_CPIA_DECODER 0
-#define CONFIG_CSCD_DECODER 0
-#define CONFIG_CYUV_DECODER 0
-#define CONFIG_DDS_DECODER 0
-#define CONFIG_DFA_DECODER 0
-#define CONFIG_DIRAC_DECODER 0
-#define CONFIG_DNXHD_DECODER 0
-#define CONFIG_DPX_DECODER 0
-#define CONFIG_DSICINVIDEO_DECODER 0
-#define CONFIG_DVAUDIO_DECODER 0
-#define CONFIG_DVVIDEO_DECODER 0
-#define CONFIG_DXA_DECODER 0
-#define CONFIG_DXTORY_DECODER 0
-#define CONFIG_DXV_DECODER 0
-#define CONFIG_EACMV_DECODER 0
-#define CONFIG_EAMAD_DECODER 0
-#define CONFIG_EATGQ_DECODER 0
-#define CONFIG_EATGV_DECODER 0
-#define CONFIG_EATQI_DECODER 0
-#define CONFIG_EIGHTBPS_DECODER 0
-#define CONFIG_EIGHTSVX_EXP_DECODER 0
-#define CONFIG_EIGHTSVX_FIB_DECODER 0
-#define CONFIG_ESCAPE124_DECODER 0
-#define CONFIG_ESCAPE130_DECODER 0
-#define CONFIG_EXR_DECODER 0
-#define CONFIG_FFV1_DECODER 0
-#define CONFIG_FFVHUFF_DECODER 0
-#define CONFIG_FIC_DECODER 0
-#define CONFIG_FLASHSV_DECODER 0
-#define CONFIG_FLASHSV2_DECODER 0
-#define CONFIG_FLIC_DECODER 0
-#define CONFIG_FLV_DECODER 0
-#define CONFIG_FOURXM_DECODER 0
-#define CONFIG_FRAPS_DECODER 0
-#define CONFIG_FRWU_DECODER 0
-#define CONFIG_G2M_DECODER 0
-#define CONFIG_GIF_DECODER 0
-#define CONFIG_H261_DECODER 0
-#define CONFIG_H263_DECODER 0
-#define CONFIG_H263I_DECODER 0
-#define CONFIG_H263P_DECODER 0
-#define CONFIG_H264_DECODER 0
-#define CONFIG_H264_CRYSTALHD_DECODER 0
-#define CONFIG_H264_MEDIACODEC_DECODER 0
-#define CONFIG_H264_MMAL_DECODER 0
-#define CONFIG_H264_QSV_DECODER 0
-#define CONFIG_H264_VDA_DECODER 0
-#define CONFIG_H264_VDPAU_DECODER 0
-#define CONFIG_HAP_DECODER 0
-#define CONFIG_HEVC_DECODER 0
-#define CONFIG_HEVC_QSV_DECODER 0
-#define CONFIG_HNM4_VIDEO_DECODER 0
-#define CONFIG_HQ_HQA_DECODER 0
-#define CONFIG_HQX_DECODER 0
-#define CONFIG_HUFFYUV_DECODER 0
-#define CONFIG_IDCIN_DECODER 0
-#define CONFIG_IFF_ILBM_DECODER 0
-#define CONFIG_INDEO2_DECODER 0
-#define CONFIG_INDEO3_DECODER 0
-#define CONFIG_INDEO4_DECODER 0
-#define CONFIG_INDEO5_DECODER 0
-#define CONFIG_INTERPLAY_VIDEO_DECODER 0
-#define CONFIG_JPEG2000_DECODER 0
-#define CONFIG_JPEGLS_DECODER 0
-#define CONFIG_JV_DECODER 0
-#define CONFIG_KGV1_DECODER 0
-#define CONFIG_KMVC_DECODER 0
-#define CONFIG_LAGARITH_DECODER 0
-#define CONFIG_LOCO_DECODER 0
-#define CONFIG_M101_DECODER 0
-#define CONFIG_MAGICYUV_DECODER 0
-#define CONFIG_MDEC_DECODER 0
-#define CONFIG_MIMIC_DECODER 0
-#define CONFIG_MJPEG_DECODER 0
-#define CONFIG_MJPEGB_DECODER 0
-#define CONFIG_MMVIDEO_DECODER 0
-#define CONFIG_MOTIONPIXELS_DECODER 0
-#define CONFIG_MPEG_XVMC_DECODER 0
-#define CONFIG_MPEG1VIDEO_DECODER 0
-#define CONFIG_MPEG2VIDEO_DECODER 0
-#define CONFIG_MPEG4_DECODER 0
-#define CONFIG_MPEG4_CRYSTALHD_DECODER 0
-#define CONFIG_MPEG4_MMAL_DECODER 0
-#define CONFIG_MPEG4_VDPAU_DECODER 0
-#define CONFIG_MPEGVIDEO_DECODER 0
-#define CONFIG_MPEG_VDPAU_DECODER 0
-#define CONFIG_MPEG1_VDPAU_DECODER 0
-#define CONFIG_MPEG2_MMAL_DECODER 0
-#define CONFIG_MPEG2_CRYSTALHD_DECODER 0
-#define CONFIG_MPEG2_QSV_DECODER 0
-#define CONFIG_MSA1_DECODER 0
-#define CONFIG_MSMPEG4_CRYSTALHD_DECODER 0
-#define CONFIG_MSMPEG4V1_DECODER 0
-#define CONFIG_MSMPEG4V2_DECODER 0
-#define CONFIG_MSMPEG4V3_DECODER 0
-#define CONFIG_MSRLE_DECODER 0
-#define CONFIG_MSS1_DECODER 0
-#define CONFIG_MSS2_DECODER 0
-#define CONFIG_MSVIDEO1_DECODER 0
-#define CONFIG_MSZH_DECODER 0
-#define CONFIG_MTS2_DECODER 0
-#define CONFIG_MVC1_DECODER 0
-#define CONFIG_MVC2_DECODER 0
-#define CONFIG_MXPEG_DECODER 0
-#define CONFIG_NUV_DECODER 0
-#define CONFIG_PAF_VIDEO_DECODER 0
-#define CONFIG_PAM_DECODER 0
-#define CONFIG_PBM_DECODER 0
-#define CONFIG_PCX_DECODER 0
-#define CONFIG_PGM_DECODER 0
-#define CONFIG_PGMYUV_DECODER 0
-#define CONFIG_PICTOR_DECODER 0
-#define CONFIG_PNG_DECODER 0
-#define CONFIG_PPM_DECODER 0
-#define CONFIG_PRORES_DECODER 0
-#define CONFIG_PRORES_LGPL_DECODER 0
-#define CONFIG_PTX_DECODER 0
-#define CONFIG_QDRAW_DECODER 0
-#define CONFIG_QPEG_DECODER 0
-#define CONFIG_QTRLE_DECODER 0
-#define CONFIG_R10K_DECODER 0
-#define CONFIG_R210_DECODER 0
-#define CONFIG_RAWVIDEO_DECODER 0
-#define CONFIG_RL2_DECODER 0
-#define CONFIG_ROQ_DECODER 0
-#define CONFIG_RPZA_DECODER 0
-#define CONFIG_RSCC_DECODER 0
-#define CONFIG_RV10_DECODER 0
-#define CONFIG_RV20_DECODER 0
-#define CONFIG_RV30_DECODER 0
-#define CONFIG_RV40_DECODER 0
-#define CONFIG_S302M_DECODER 0
-#define CONFIG_SANM_DECODER 0
-#define CONFIG_SCREENPRESSO_DECODER 0
-#define CONFIG_SDX2_DPCM_DECODER 0
-#define CONFIG_SGI_DECODER 0
-#define CONFIG_SGIRLE_DECODER 0
-#define CONFIG_SHEERVIDEO_DECODER 0
-#define CONFIG_SMACKER_DECODER 0
-#define CONFIG_SMC_DECODER 0
-#define CONFIG_SMVJPEG_DECODER 0
-#define CONFIG_SNOW_DECODER 0
-#define CONFIG_SP5X_DECODER 0
-#define CONFIG_SUNRAST_DECODER 0
-#define CONFIG_SVQ1_DECODER 0
-#define CONFIG_SVQ3_DECODER 0
-#define CONFIG_TARGA_DECODER 0
-#define CONFIG_TARGA_Y216_DECODER 0
-#define CONFIG_TDSC_DECODER 0
-#define CONFIG_THEORA_DECODER 0
-#define CONFIG_THP_DECODER 0
-#define CONFIG_TIERTEXSEQVIDEO_DECODER 0
-#define CONFIG_TIFF_DECODER 0
-#define CONFIG_TMV_DECODER 0
-#define CONFIG_TRUEMOTION1_DECODER 0
-#define CONFIG_TRUEMOTION2_DECODER 0
-#define CONFIG_TRUEMOTION2RT_DECODER 0
-#define CONFIG_TSCC_DECODER 0
-#define CONFIG_TSCC2_DECODER 0
-#define CONFIG_TXD_DECODER 0
-#define CONFIG_ULTI_DECODER 0
-#define CONFIG_UTVIDEO_DECODER 0
-#define CONFIG_V210_DECODER 0
-#define CONFIG_V210X_DECODER 0
-#define CONFIG_V308_DECODER 0
-#define CONFIG_V408_DECODER 0
-#define CONFIG_V410_DECODER 0
-#define CONFIG_VB_DECODER 0
-#define CONFIG_VBLE_DECODER 0
-#define CONFIG_VC1_DECODER 0
-#define CONFIG_VC1_CRYSTALHD_DECODER 0
-#define CONFIG_VC1_VDPAU_DECODER 0
-#define CONFIG_VC1IMAGE_DECODER 0
-#define CONFIG_VC1_MMAL_DECODER 0
-#define CONFIG_VC1_QSV_DECODER 0
-#define CONFIG_VCR1_DECODER 0
-#define CONFIG_VMDVIDEO_DECODER 0
-#define CONFIG_VMNC_DECODER 0
-#define CONFIG_VP3_DECODER 0
-#define CONFIG_VP5_DECODER 0
-#define CONFIG_VP6_DECODER 0
-#define CONFIG_VP6A_DECODER 0
-#define CONFIG_VP6F_DECODER 0
-#define CONFIG_VP7_DECODER 0
+#define CONFIG_NULL_BSF 1
 #define CONFIG_VP8_DECODER 1
 #define CONFIG_VP9_DECODER 1
-#define CONFIG_VQA_DECODER 0
-#define CONFIG_WEBP_DECODER 0
-#define CONFIG_WMV1_DECODER 0
-#define CONFIG_WMV2_DECODER 0
-#define CONFIG_WMV3_DECODER 0
-#define CONFIG_WMV3_CRYSTALHD_DECODER 0
-#define CONFIG_WMV3_VDPAU_DECODER 0
-#define CONFIG_WMV3IMAGE_DECODER 0
-#define CONFIG_WNV1_DECODER 0
-#define CONFIG_XAN_WC3_DECODER 0
-#define CONFIG_XAN_WC4_DECODER 0
-#define CONFIG_XBM_DECODER 0
-#define CONFIG_XFACE_DECODER 0
-#define CONFIG_XL_DECODER 0
-#define CONFIG_XWD_DECODER 0
-#define CONFIG_Y41P_DECODER 0
-#define CONFIG_YLC_DECODER 0
-#define CONFIG_YOP_DECODER 0
-#define CONFIG_YUV4_DECODER 0
-#define CONFIG_ZERO12V_DECODER 0
-#define CONFIG_ZEROCODEC_DECODER 0
-#define CONFIG_ZLIB_DECODER 0
-#define CONFIG_ZMBV_DECODER 0
-#define CONFIG_AAC_DECODER 0
-#define CONFIG_AAC_FIXED_DECODER 0
-#define CONFIG_AAC_LATM_DECODER 0
-#define CONFIG_AC3_DECODER 0
-#define CONFIG_AC3_FIXED_DECODER 0
-#define CONFIG_ALAC_DECODER 0
-#define CONFIG_ALS_DECODER 0
-#define CONFIG_AMRNB_DECODER 0
-#define CONFIG_AMRWB_DECODER 0
-#define CONFIG_APE_DECODER 0
-#define CONFIG_ATRAC1_DECODER 0
-#define CONFIG_ATRAC3_DECODER 0
-#define CONFIG_ATRAC3P_DECODER 0
-#define CONFIG_BINKAUDIO_DCT_DECODER 0
-#define CONFIG_BINKAUDIO_RDFT_DECODER 0
-#define CONFIG_BMV_AUDIO_DECODER 0
-#define CONFIG_COOK_DECODER 0
-#define CONFIG_DCA_DECODER 0
-#define CONFIG_DSD_LSBF_DECODER 0
-#define CONFIG_DSD_MSBF_DECODER 0
-#define CONFIG_DSD_LSBF_PLANAR_DECODER 0
-#define CONFIG_DSD_MSBF_PLANAR_DECODER 0
-#define CONFIG_DSICINAUDIO_DECODER 0
-#define CONFIG_DSS_SP_DECODER 0
-#define CONFIG_DST_DECODER 0
-#define CONFIG_EAC3_DECODER 0
-#define CONFIG_EVRC_DECODER 0
-#define CONFIG_FFWAVESYNTH_DECODER 0
 #define CONFIG_FLAC_DECODER 1
-#define CONFIG_G723_1_DECODER 0
-#define CONFIG_G729_DECODER 0
-#define CONFIG_GSM_DECODER 0
-#define CONFIG_GSM_MS_DECODER 0
-#define CONFIG_IAC_DECODER 0
-#define CONFIG_IMC_DECODER 0
-#define CONFIG_INTERPLAY_ACM_DECODER 0
-#define CONFIG_MACE3_DECODER 0
-#define CONFIG_MACE6_DECODER 0
-#define CONFIG_METASOUND_DECODER 0
-#define CONFIG_MLP_DECODER 0
-#define CONFIG_MP1_DECODER 0
-#define CONFIG_MP1FLOAT_DECODER 0
-#define CONFIG_MP2_DECODER 0
-#define CONFIG_MP2FLOAT_DECODER 0
-#define CONFIG_MP3_DECODER 0
-#define CONFIG_MP3FLOAT_DECODER 0
-#define CONFIG_MP3ADU_DECODER 0
-#define CONFIG_MP3ADUFLOAT_DECODER 0
-#define CONFIG_MP3ON4_DECODER 0
-#define CONFIG_MP3ON4FLOAT_DECODER 0
-#define CONFIG_MPC7_DECODER 0
-#define CONFIG_MPC8_DECODER 0
-#define CONFIG_NELLYMOSER_DECODER 0
-#define CONFIG_ON2AVC_DECODER 0
-#define CONFIG_OPUS_DECODER 0
-#define CONFIG_PAF_AUDIO_DECODER 0
-#define CONFIG_QCELP_DECODER 0
-#define CONFIG_QDM2_DECODER 0
-#define CONFIG_RA_144_DECODER 0
-#define CONFIG_RA_288_DECODER 0
-#define CONFIG_RALF_DECODER 0
-#define CONFIG_SHORTEN_DECODER 0
-#define CONFIG_SIPR_DECODER 0
-#define CONFIG_SMACKAUD_DECODER 0
-#define CONFIG_SONIC_DECODER 0
-#define CONFIG_TAK_DECODER 0
-#define CONFIG_TRUEHD_DECODER 0
-#define CONFIG_TRUESPEECH_DECODER 0
-#define CONFIG_TTA_DECODER 0
-#define CONFIG_TWINVQ_DECODER 0
-#define CONFIG_VMDAUDIO_DECODER 0
-#define CONFIG_VORBIS_DECODER 0
-#define CONFIG_WAVPACK_DECODER 0
-#define CONFIG_WMALOSSLESS_DECODER 0
-#define CONFIG_WMAPRO_DECODER 0
-#define CONFIG_WMAV1_DECODER 0
-#define CONFIG_WMAV2_DECODER 0
-#define CONFIG_WMAVOICE_DECODER 0
-#define CONFIG_WS_SND1_DECODER 0
-#define CONFIG_XMA1_DECODER 0
-#define CONFIG_XMA2_DECODER 0
-#define CONFIG_PCM_ALAW_DECODER 0
-#define CONFIG_PCM_BLURAY_DECODER 0
-#define CONFIG_PCM_DVD_DECODER 0
-#define CONFIG_PCM_F32BE_DECODER 0
-#define CONFIG_PCM_F32LE_DECODER 0
-#define CONFIG_PCM_F64BE_DECODER 0
-#define CONFIG_PCM_F64LE_DECODER 0
-#define CONFIG_PCM_LXF_DECODER 0
-#define CONFIG_PCM_MULAW_DECODER 0
-#define CONFIG_PCM_S8_DECODER 0
-#define CONFIG_PCM_S8_PLANAR_DECODER 0
-#define CONFIG_PCM_S16BE_DECODER 0
-#define CONFIG_PCM_S16BE_PLANAR_DECODER 0
-#define CONFIG_PCM_S16LE_DECODER 0
-#define CONFIG_PCM_S16LE_PLANAR_DECODER 0
-#define CONFIG_PCM_S24BE_DECODER 0
-#define CONFIG_PCM_S24DAUD_DECODER 0
-#define CONFIG_PCM_S24LE_DECODER 0
-#define CONFIG_PCM_S24LE_PLANAR_DECODER 0
-#define CONFIG_PCM_S32BE_DECODER 0
-#define CONFIG_PCM_S32LE_DECODER 0
-#define CONFIG_PCM_S32LE_PLANAR_DECODER 0
-#define CONFIG_PCM_S64BE_DECODER 0
-#define CONFIG_PCM_S64LE_DECODER 0
-#define CONFIG_PCM_U8_DECODER 0
-#define CONFIG_PCM_U16BE_DECODER 0
-#define CONFIG_PCM_U16LE_DECODER 0
-#define CONFIG_PCM_U24BE_DECODER 0
-#define CONFIG_PCM_U24LE_DECODER 0
-#define CONFIG_PCM_U32BE_DECODER 0
-#define CONFIG_PCM_U32LE_DECODER 0
-#define CONFIG_PCM_ZORK_DECODER 0
-#define CONFIG_INTERPLAY_DPCM_DECODER 0
-#define CONFIG_ROQ_DPCM_DECODER 0
-#define CONFIG_SOL_DPCM_DECODER 0
-#define CONFIG_XAN_DPCM_DECODER 0
-#define CONFIG_ADPCM_4XM_DECODER 0
-#define CONFIG_ADPCM_ADX_DECODER 0
-#define CONFIG_ADPCM_AFC_DECODER 0
-#define CONFIG_ADPCM_AICA_DECODER 0
-#define CONFIG_ADPCM_CT_DECODER 0
-#define CONFIG_ADPCM_DTK_DECODER 0
-#define CONFIG_ADPCM_EA_DECODER 0
-#define CONFIG_ADPCM_EA_MAXIS_XA_DECODER 0
-#define CONFIG_ADPCM_EA_R1_DECODER 0
-#define CONFIG_ADPCM_EA_R2_DECODER 0
-#define CONFIG_ADPCM_EA_R3_DECODER 0
-#define CONFIG_ADPCM_EA_XAS_DECODER 0
-#define CONFIG_ADPCM_G722_DECODER 0
-#define CONFIG_ADPCM_G726_DECODER 0
-#define CONFIG_ADPCM_G726LE_DECODER 0
-#define CONFIG_ADPCM_IMA_AMV_DECODER 0
-#define CONFIG_ADPCM_IMA_APC_DECODER 0
-#define CONFIG_ADPCM_IMA_DAT4_DECODER 0
-#define CONFIG_ADPCM_IMA_DK3_DECODER 0
-#define CONFIG_ADPCM_IMA_DK4_DECODER 0
-#define CONFIG_ADPCM_IMA_EA_EACS_DECODER 0
-#define CONFIG_ADPCM_IMA_EA_SEAD_DECODER 0
-#define CONFIG_ADPCM_IMA_ISS_DECODER 0
-#define CONFIG_ADPCM_IMA_OKI_DECODER 0
-#define CONFIG_ADPCM_IMA_QT_DECODER 0
-#define CONFIG_ADPCM_IMA_RAD_DECODER 0
-#define CONFIG_ADPCM_IMA_SMJPEG_DECODER 0
-#define CONFIG_ADPCM_IMA_WAV_DECODER 0
-#define CONFIG_ADPCM_IMA_WS_DECODER 0
-#define CONFIG_ADPCM_MS_DECODER 0
-#define CONFIG_ADPCM_MTAF_DECODER 0
-#define CONFIG_ADPCM_PSX_DECODER 0
-#define CONFIG_ADPCM_SBPRO_2_DECODER 0
-#define CONFIG_ADPCM_SBPRO_3_DECODER 0
-#define CONFIG_ADPCM_SBPRO_4_DECODER 0
-#define CONFIG_ADPCM_SWF_DECODER 0
-#define CONFIG_ADPCM_THP_DECODER 0
-#define CONFIG_ADPCM_THP_LE_DECODER 0
-#define CONFIG_ADPCM_VIMA_DECODER 0
-#define CONFIG_ADPCM_XA_DECODER 0
-#define CONFIG_ADPCM_YAMAHA_DECODER 0
-#define CONFIG_SSA_DECODER 0
-#define CONFIG_ASS_DECODER 0
-#define CONFIG_CCAPTION_DECODER 0
-#define CONFIG_DVBSUB_DECODER 0
-#define CONFIG_DVDSUB_DECODER 0
-#define CONFIG_JACOSUB_DECODER 0
-#define CONFIG_MICRODVD_DECODER 0
-#define CONFIG_MOVTEXT_DECODER 0
-#define CONFIG_MPL2_DECODER 0
-#define CONFIG_PGSSUB_DECODER 0
-#define CONFIG_PJS_DECODER 0
-#define CONFIG_REALTEXT_DECODER 0
-#define CONFIG_SAMI_DECODER 0
-#define CONFIG_SRT_DECODER 0
-#define CONFIG_STL_DECODER 0
-#define CONFIG_SUBRIP_DECODER 0
-#define CONFIG_SUBVIEWER_DECODER 0
-#define CONFIG_SUBVIEWER1_DECODER 0
-#define CONFIG_TEXT_DECODER 0
-#define CONFIG_VPLAYER_DECODER 0
-#define CONFIG_WEBVTT_DECODER 0
-#define CONFIG_XSUB_DECODER 0
-#define CONFIG_AAC_AT_DECODER 0
-#define CONFIG_AC3_AT_DECODER 0
-#define CONFIG_ADPCM_IMA_QT_AT_DECODER 0
-#define CONFIG_ALAC_AT_DECODER 0
-#define CONFIG_AMR_NB_AT_DECODER 0
-#define CONFIG_EAC3_AT_DECODER 0
-#define CONFIG_GSM_MS_AT_DECODER 0
-#define CONFIG_ILBC_AT_DECODER 0
-#define CONFIG_MP1_AT_DECODER 0
-#define CONFIG_MP2_AT_DECODER 0
-#define CONFIG_MP3_AT_DECODER 0
-#define CONFIG_PCM_ALAW_AT_DECODER 0
-#define CONFIG_PCM_MULAW_AT_DECODER 0
-#define CONFIG_QDMC_AT_DECODER 0
-#define CONFIG_QDM2_AT_DECODER 0
-#define CONFIG_LIBCELT_DECODER 0
-#define CONFIG_LIBFDK_AAC_DECODER 0
-#define CONFIG_LIBGSM_DECODER 0
-#define CONFIG_LIBGSM_MS_DECODER 0
-#define CONFIG_LIBILBC_DECODER 0
-#define CONFIG_LIBOPENCORE_AMRNB_DECODER 0
-#define CONFIG_LIBOPENCORE_AMRWB_DECODER 0
-#define CONFIG_LIBOPENJPEG_DECODER 0
-#define CONFIG_LIBOPUS_DECODER 0
-#define CONFIG_LIBSCHROEDINGER_DECODER 0
-#define CONFIG_LIBSPEEX_DECODER 0
-#define CONFIG_LIBVORBIS_DECODER 0
-#define CONFIG_LIBVPX_VP8_DECODER 0
-#define CONFIG_LIBVPX_VP9_DECODER 0
-#define CONFIG_LIBZVBI_TELETEXT_DECODER 0
-#define CONFIG_BINTEXT_DECODER 0
-#define CONFIG_XBIN_DECODER 0
-#define CONFIG_IDF_DECODER 0
-#define CONFIG_LIBOPENH264_DECODER 0
-#define CONFIG_H263_CUVID_DECODER 0
-#define CONFIG_H264_CUVID_DECODER 0
-#define CONFIG_HEVC_CUVID_DECODER 0
-#define CONFIG_HEVC_MEDIACODEC_DECODER 0
-#define CONFIG_MJPEG_CUVID_DECODER 0
-#define CONFIG_MPEG1_CUVID_DECODER 0
-#define CONFIG_MPEG2_CUVID_DECODER 0
-#define CONFIG_MPEG4_CUVID_DECODER 0
-#define CONFIG_MPEG4_MEDIACODEC_DECODER 0
-#define CONFIG_VC1_CUVID_DECODER 0
-#define CONFIG_VP8_CUVID_DECODER 0
-#define CONFIG_VP8_MEDIACODEC_DECODER 0
-#define CONFIG_VP9_CUVID_DECODER 0
-#define CONFIG_VP9_MEDIACODEC_DECODER 0
-#define CONFIG_AA_DEMUXER 0
-#define CONFIG_AAC_DEMUXER 0
-#define CONFIG_AC3_DEMUXER 0
-#define CONFIG_ACM_DEMUXER 0
-#define CONFIG_ACT_DEMUXER 0
-#define CONFIG_ADF_DEMUXER 0
-#define CONFIG_ADP_DEMUXER 0
-#define CONFIG_ADS_DEMUXER 0
-#define CONFIG_ADX_DEMUXER 0
-#define CONFIG_AEA_DEMUXER 0
-#define CONFIG_AFC_DEMUXER 0
-#define CONFIG_AIFF_DEMUXER 0
-#define CONFIG_AIX_DEMUXER 0
-#define CONFIG_AMR_DEMUXER 0
-#define CONFIG_ANM_DEMUXER 0
-#define CONFIG_APC_DEMUXER 0
-#define CONFIG_APE_DEMUXER 0
-#define CONFIG_APNG_DEMUXER 0
-#define CONFIG_AQTITLE_DEMUXER 0
-#define CONFIG_ASF_DEMUXER 0
-#define CONFIG_ASF_O_DEMUXER 0
-#define CONFIG_ASS_DEMUXER 0
-#define CONFIG_AST_DEMUXER 0
-#define CONFIG_AU_DEMUXER 0
-#define CONFIG_AVI_DEMUXER 0
-#define CONFIG_AVISYNTH_DEMUXER 0
-#define CONFIG_AVR_DEMUXER 0
-#define CONFIG_AVS_DEMUXER 0
-#define CONFIG_BETHSOFTVID_DEMUXER 0
-#define CONFIG_BFI_DEMUXER 0
-#define CONFIG_BINTEXT_DEMUXER 0
-#define CONFIG_BINK_DEMUXER 0
-#define CONFIG_BIT_DEMUXER 0
-#define CONFIG_BMV_DEMUXER 0
-#define CONFIG_BFSTM_DEMUXER 0
-#define CONFIG_BRSTM_DEMUXER 0
-#define CONFIG_BOA_DEMUXER 0
-#define CONFIG_C93_DEMUXER 0
-#define CONFIG_CAF_DEMUXER 0
-#define CONFIG_CAVSVIDEO_DEMUXER 0
-#define CONFIG_CDG_DEMUXER 0
-#define CONFIG_CDXL_DEMUXER 0
-#define CONFIG_CINE_DEMUXER 0
-#define CONFIG_CONCAT_DEMUXER 0
-#define CONFIG_DATA_DEMUXER 0
-#define CONFIG_DAUD_DEMUXER 0
-#define CONFIG_DCSTR_DEMUXER 0
-#define CONFIG_DFA_DEMUXER 0
-#define CONFIG_DIRAC_DEMUXER 0
-#define CONFIG_DNXHD_DEMUXER 0
-#define CONFIG_DSF_DEMUXER 0
-#define CONFIG_DSICIN_DEMUXER 0
-#define CONFIG_DSS_DEMUXER 0
-#define CONFIG_DTS_DEMUXER 0
-#define CONFIG_DTSHD_DEMUXER 0
-#define CONFIG_DV_DEMUXER 0
-#define CONFIG_DVBSUB_DEMUXER 0
-#define CONFIG_DVBTXT_DEMUXER 0
-#define CONFIG_DXA_DEMUXER 0
-#define CONFIG_EA_DEMUXER 0
-#define CONFIG_EA_CDATA_DEMUXER 0
-#define CONFIG_EAC3_DEMUXER 0
-#define CONFIG_EPAF_DEMUXER 0
-#define CONFIG_FFM_DEMUXER 0
-#define CONFIG_FFMETADATA_DEMUXER 0
-#define CONFIG_FILMSTRIP_DEMUXER 0
-#define CONFIG_FLAC_DEMUXER 0
-#define CONFIG_FLIC_DEMUXER 0
-#define CONFIG_FLV_DEMUXER 0
-#define CONFIG_LIVE_FLV_DEMUXER 0
-#define CONFIG_FOURXM_DEMUXER 0
-#define CONFIG_FRM_DEMUXER 0
-#define CONFIG_FSB_DEMUXER 0
-#define CONFIG_G722_DEMUXER 0
-#define CONFIG_G723_1_DEMUXER 0
-#define CONFIG_G729_DEMUXER 0
-#define CONFIG_GENH_DEMUXER 0
-#define CONFIG_GIF_DEMUXER 0
-#define CONFIG_GSM_DEMUXER 0
-#define CONFIG_GXF_DEMUXER 0
-#define CONFIG_H261_DEMUXER 0
-#define CONFIG_H263_DEMUXER 0
-#define CONFIG_H264_DEMUXER 0
-#define CONFIG_HEVC_DEMUXER 0
-#define CONFIG_HLS_DEMUXER 0
-#define CONFIG_HNM_DEMUXER 0
-#define CONFIG_ICO_DEMUXER 0
-#define CONFIG_IDCIN_DEMUXER 0
-#define CONFIG_IDF_DEMUXER 0
-#define CONFIG_IFF_DEMUXER 0
-#define CONFIG_ILBC_DEMUXER 0
-#define CONFIG_IMAGE2_DEMUXER 0
-#define CONFIG_IMAGE2PIPE_DEMUXER 0
-#define CONFIG_IMAGE2_ALIAS_PIX_DEMUXER 0
-#define CONFIG_IMAGE2_BRENDER_PIX_DEMUXER 0
-#define CONFIG_INGENIENT_DEMUXER 0
-#define CONFIG_IPMOVIE_DEMUXER 0
-#define CONFIG_IRCAM_DEMUXER 0
-#define CONFIG_ISS_DEMUXER 0
-#define CONFIG_IV8_DEMUXER 0
-#define CONFIG_IVF_DEMUXER 0
-#define CONFIG_IVR_DEMUXER 0
-#define CONFIG_JACOSUB_DEMUXER 0
-#define CONFIG_JV_DEMUXER 0
-#define CONFIG_LMLM4_DEMUXER 0
-#define CONFIG_LOAS_DEMUXER 0
-#define CONFIG_LRC_DEMUXER 0
-#define CONFIG_LVF_DEMUXER 0
-#define CONFIG_LXF_DEMUXER 0
-#define CONFIG_M4V_DEMUXER 0
-#define CONFIG_MATROSKA_DEMUXER 0
-#define CONFIG_MGSTS_DEMUXER 0
-#define CONFIG_MICRODVD_DEMUXER 0
-#define CONFIG_MJPEG_DEMUXER 0
-#define CONFIG_MLP_DEMUXER 0
-#define CONFIG_MLV_DEMUXER 0
-#define CONFIG_MM_DEMUXER 0
-#define CONFIG_MMF_DEMUXER 0
-#define CONFIG_MOV_DEMUXER 0
-#define CONFIG_MP3_DEMUXER 0
-#define CONFIG_MPC_DEMUXER 0
-#define CONFIG_MPC8_DEMUXER 0
-#define CONFIG_MPEGPS_DEMUXER 0
-#define CONFIG_MPEGTS_DEMUXER 0
-#define CONFIG_MPEGTSRAW_DEMUXER 0
-#define CONFIG_MPEGVIDEO_DEMUXER 0
-#define CONFIG_MPJPEG_DEMUXER 0
-#define CONFIG_MPL2_DEMUXER 0
-#define CONFIG_MPSUB_DEMUXER 0
-#define CONFIG_MSF_DEMUXER 0
-#define CONFIG_MSNWC_TCP_DEMUXER 0
-#define CONFIG_MTAF_DEMUXER 0
-#define CONFIG_MTV_DEMUXER 0
-#define CONFIG_MUSX_DEMUXER 0
-#define CONFIG_MV_DEMUXER 0
-#define CONFIG_MVI_DEMUXER 0
-#define CONFIG_MXF_DEMUXER 0
-#define CONFIG_MXG_DEMUXER 0
-#define CONFIG_NC_DEMUXER 0
-#define CONFIG_NISTSPHERE_DEMUXER 0
-#define CONFIG_NSV_DEMUXER 0
-#define CONFIG_NUT_DEMUXER 0
-#define CONFIG_NUV_DEMUXER 0
-#define CONFIG_OGG_DEMUXER 0
-#define CONFIG_OMA_DEMUXER 0
-#define CONFIG_PAF_DEMUXER 0
-#define CONFIG_PCM_ALAW_DEMUXER 0
-#define CONFIG_PCM_MULAW_DEMUXER 0
-#define CONFIG_PCM_F64BE_DEMUXER 0
-#define CONFIG_PCM_F64LE_DEMUXER 0
-#define CONFIG_PCM_F32BE_DEMUXER 0
-#define CONFIG_PCM_F32LE_DEMUXER 0
-#define CONFIG_PCM_S32BE_DEMUXER 0
-#define CONFIG_PCM_S32LE_DEMUXER 0
-#define CONFIG_PCM_S24BE_DEMUXER 0
-#define CONFIG_PCM_S24LE_DEMUXER 0
-#define CONFIG_PCM_S16BE_DEMUXER 0
-#define CONFIG_PCM_S16LE_DEMUXER 0
-#define CONFIG_PCM_S8_DEMUXER 0
-#define CONFIG_PCM_U32BE_DEMUXER 0
-#define CONFIG_PCM_U32LE_DEMUXER 0
-#define CONFIG_PCM_U24BE_DEMUXER 0
-#define CONFIG_PCM_U24LE_DEMUXER 0
-#define CONFIG_PCM_U16BE_DEMUXER 0
-#define CONFIG_PCM_U16LE_DEMUXER 0
-#define CONFIG_PCM_U8_DEMUXER 0
-#define CONFIG_PJS_DEMUXER 0
-#define CONFIG_PMP_DEMUXER 0
-#define CONFIG_PVA_DEMUXER 0
-#define CONFIG_PVF_DEMUXER 0
-#define CONFIG_QCP_DEMUXER 0
-#define CONFIG_R3D_DEMUXER 0
-#define CONFIG_RAWVIDEO_DEMUXER 0
-#define CONFIG_REALTEXT_DEMUXER 0
-#define CONFIG_REDSPARK_DEMUXER 0
-#define CONFIG_RL2_DEMUXER 0
-#define CONFIG_RM_DEMUXER 0
-#define CONFIG_ROQ_DEMUXER 0
-#define CONFIG_RPL_DEMUXER 0
-#define CONFIG_RSD_DEMUXER 0
-#define CONFIG_RSO_DEMUXER 0
-#define CONFIG_RTP_DEMUXER 0
-#define CONFIG_RTSP_DEMUXER 0
-#define CONFIG_SAMI_DEMUXER 0
-#define CONFIG_SAP_DEMUXER 0
-#define CONFIG_SBG_DEMUXER 0
-#define CONFIG_SDP_DEMUXER 0
-#define CONFIG_SDR2_DEMUXER 0
-#define CONFIG_SEGAFILM_DEMUXER 0
-#define CONFIG_SHORTEN_DEMUXER 0
-#define CONFIG_SIFF_DEMUXER 0
-#define CONFIG_SLN_DEMUXER 0
-#define CONFIG_SMACKER_DEMUXER 0
-#define CONFIG_SMJPEG_DEMUXER 0
-#define CONFIG_SMUSH_DEMUXER 0
-#define CONFIG_SOL_DEMUXER 0
-#define CONFIG_SOX_DEMUXER 0
-#define CONFIG_SPDIF_DEMUXER 0
-#define CONFIG_SRT_DEMUXER 0
-#define CONFIG_STR_DEMUXER 0
-#define CONFIG_STL_DEMUXER 0
-#define CONFIG_SUBVIEWER1_DEMUXER 0
-#define CONFIG_SUBVIEWER_DEMUXER 0
-#define CONFIG_SUP_DEMUXER 0
-#define CONFIG_SVAG_DEMUXER 0
-#define CONFIG_SWF_DEMUXER 0
-#define CONFIG_TAK_DEMUXER 0
-#define CONFIG_TEDCAPTIONS_DEMUXER 0
-#define CONFIG_THP_DEMUXER 0
-#define CONFIG_THREEDOSTR_DEMUXER 0
-#define CONFIG_TIERTEXSEQ_DEMUXER 0
-#define CONFIG_TMV_DEMUXER 0
-#define CONFIG_TRUEHD_DEMUXER 0
-#define CONFIG_TTA_DEMUXER 0
-#define CONFIG_TXD_DEMUXER 0
-#define CONFIG_TTY_DEMUXER 0
-#define CONFIG_V210_DEMUXER 0
-#define CONFIG_V210X_DEMUXER 0
-#define CONFIG_VAG_DEMUXER 0
-#define CONFIG_VC1_DEMUXER 0
-#define CONFIG_VC1T_DEMUXER 0
-#define CONFIG_VIVO_DEMUXER 0
-#define CONFIG_VMD_DEMUXER 0
-#define CONFIG_VOBSUB_DEMUXER 0
-#define CONFIG_VOC_DEMUXER 0
-#define CONFIG_VPK_DEMUXER 0
-#define CONFIG_VPLAYER_DEMUXER 0
-#define CONFIG_VQF_DEMUXER 0
-#define CONFIG_W64_DEMUXER 0
-#define CONFIG_WAV_DEMUXER 0
-#define CONFIG_WC3_DEMUXER 0
-#define CONFIG_WEBM_DASH_MANIFEST_DEMUXER 0
-#define CONFIG_WEBVTT_DEMUXER 0
-#define CONFIG_WSAUD_DEMUXER 0
-#define CONFIG_WSD_DEMUXER 0
-#define CONFIG_WSVQA_DEMUXER 0
-#define CONFIG_WTV_DEMUXER 0
-#define CONFIG_WVE_DEMUXER 0
-#define CONFIG_WV_DEMUXER 0
-#define CONFIG_XA_DEMUXER 0
-#define CONFIG_XBIN_DEMUXER 0
-#define CONFIG_XMV_DEMUXER 0
-#define CONFIG_XVAG_DEMUXER 0
-#define CONFIG_XWMA_DEMUXER 0
-#define CONFIG_YOP_DEMUXER 0
-#define CONFIG_YUV4MPEGPIPE_DEMUXER 0
-#define CONFIG_IMAGE_BMP_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_DDS_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_DPX_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_EXR_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_J2K_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_JPEG_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_JPEGLS_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_PAM_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_PBM_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_PCX_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_PGMYUV_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_PGM_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_PICTOR_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_PNG_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_PPM_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_QDRAW_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_SGI_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_SUNRAST_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_TIFF_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_WEBP_PIPE_DEMUXER 0
-#define CONFIG_LIBGME_DEMUXER 0
-#define CONFIG_LIBMODPLUG_DEMUXER 0
-#define CONFIG_LIBNUT_DEMUXER 0
-#define CONFIG_LIBOPENMPT_DEMUXER 0
-#define CONFIG_A64MULTI_ENCODER 0
-#define CONFIG_A64MULTI5_ENCODER 0
-#define CONFIG_ALIAS_PIX_ENCODER 0
-#define CONFIG_AMV_ENCODER 0
-#define CONFIG_APNG_ENCODER 0
-#define CONFIG_ASV1_ENCODER 0
-#define CONFIG_ASV2_ENCODER 0
-#define CONFIG_AVRP_ENCODER 0
-#define CONFIG_AVUI_ENCODER 0
-#define CONFIG_AYUV_ENCODER 0
-#define CONFIG_BMP_ENCODER 0
-#define CONFIG_CINEPAK_ENCODER 0
-#define CONFIG_CLJR_ENCODER 0
-#define CONFIG_COMFORTNOISE_ENCODER 0
-#define CONFIG_DNXHD_ENCODER 0
-#define CONFIG_DPX_ENCODER 0
-#define CONFIG_DVVIDEO_ENCODER 0
-#define CONFIG_FFV1_ENCODER 0
-#define CONFIG_FFVHUFF_ENCODER 0
-#define CONFIG_FLASHSV_ENCODER 0
-#define CONFIG_FLASHSV2_ENCODER 0
-#define CONFIG_FLV_ENCODER 0
-#define CONFIG_GIF_ENCODER 0
-#define CONFIG_H261_ENCODER 0
-#define CONFIG_H263_ENCODER 0
-#define CONFIG_H263P_ENCODER 0
-#define CONFIG_HAP_ENCODER 0
-#define CONFIG_HUFFYUV_ENCODER 0
-#define CONFIG_JPEG2000_ENCODER 0
-#define CONFIG_JPEGLS_ENCODER 0
-#define CONFIG_LJPEG_ENCODER 0
-#define CONFIG_MJPEG_ENCODER 0
-#define CONFIG_MPEG1VIDEO_ENCODER 0
-#define CONFIG_MPEG2VIDEO_ENCODER 0
-#define CONFIG_MPEG4_ENCODER 0
-#define CONFIG_MSMPEG4V2_ENCODER 0
-#define CONFIG_MSMPEG4V3_ENCODER 0
-#define CONFIG_MSVIDEO1_ENCODER 0
-#define CONFIG_PAM_ENCODER 0
-#define CONFIG_PBM_ENCODER 0
-#define CONFIG_PCX_ENCODER 0
-#define CONFIG_PGM_ENCODER 0
-#define CONFIG_PGMYUV_ENCODER 0
-#define CONFIG_PNG_ENCODER 0
-#define CONFIG_PPM_ENCODER 0
-#define CONFIG_PRORES_ENCODER 0
-#define CONFIG_PRORES_AW_ENCODER 0
-#define CONFIG_PRORES_KS_ENCODER 0
-#define CONFIG_QTRLE_ENCODER 0
-#define CONFIG_R10K_ENCODER 0
-#define CONFIG_R210_ENCODER 0
-#define CONFIG_RAWVIDEO_ENCODER 0
-#define CONFIG_ROQ_ENCODER 0
-#define CONFIG_RV10_ENCODER 0
-#define CONFIG_RV20_ENCODER 0
-#define CONFIG_S302M_ENCODER 0
-#define CONFIG_SGI_ENCODER 0
-#define CONFIG_SNOW_ENCODER 0
-#define CONFIG_SUNRAST_ENCODER 0
-#define CONFIG_SVQ1_ENCODER 0
-#define CONFIG_TARGA_ENCODER 0
-#define CONFIG_TIFF_ENCODER 0
-#define CONFIG_UTVIDEO_ENCODER 0
-#define CONFIG_V210_ENCODER 0
-#define CONFIG_V308_ENCODER 0
-#define CONFIG_V408_ENCODER 0
-#define CONFIG_V410_ENCODER 0
-#define CONFIG_VC2_ENCODER 0
-#define CONFIG_WRAPPED_AVFRAME_ENCODER 0
-#define CONFIG_WMV1_ENCODER 0
-#define CONFIG_WMV2_ENCODER 0
-#define CONFIG_XBM_ENCODER 0
-#define CONFIG_XFACE_ENCODER 0
-#define CONFIG_XWD_ENCODER 0
-#define CONFIG_Y41P_ENCODER 0
-#define CONFIG_YUV4_ENCODER 0
-#define CONFIG_ZLIB_ENCODER 0
-#define CONFIG_ZMBV_ENCODER 0
-#define CONFIG_AAC_ENCODER 0
-#define CONFIG_AC3_ENCODER 0
-#define CONFIG_AC3_FIXED_ENCODER 0
-#define CONFIG_ALAC_ENCODER 0
-#define CONFIG_DCA_ENCODER 0
-#define CONFIG_EAC3_ENCODER 0
-#define CONFIG_FLAC_ENCODER 0
-#define CONFIG_G723_1_ENCODER 0
-#define CONFIG_MLP_ENCODER 0
-#define CONFIG_MP2_ENCODER 0
-#define CONFIG_MP2FIXED_ENCODER 0
-#define CONFIG_NELLYMOSER_ENCODER 0
-#define CONFIG_RA_144_ENCODER 0
-#define CONFIG_SONIC_ENCODER 0
-#define CONFIG_SONIC_LS_ENCODER 0
-#define CONFIG_TRUEHD_ENCODER 0
-#define CONFIG_TTA_ENCODER 0
-#define CONFIG_VORBIS_ENCODER 0
-#define CONFIG_WAVPACK_ENCODER 0
-#define CONFIG_WMAV1_ENCODER 0
-#define CONFIG_WMAV2_ENCODER 0
-#define CONFIG_PCM_ALAW_ENCODER 0
-#define CONFIG_PCM_F32BE_ENCODER 0
-#define CONFIG_PCM_F32LE_ENCODER 0
-#define CONFIG_PCM_F64BE_ENCODER 0
-#define CONFIG_PCM_F64LE_ENCODER 0
-#define CONFIG_PCM_MULAW_ENCODER 0
-#define CONFIG_PCM_S8_ENCODER 0
-#define CONFIG_PCM_S8_PLANAR_ENCODER 0
-#define CONFIG_PCM_S16BE_ENCODER 0
-#define CONFIG_PCM_S16BE_PLANAR_ENCODER 0
-#define CONFIG_PCM_S16LE_ENCODER 0
-#define CONFIG_PCM_S16LE_PLANAR_ENCODER 0
-#define CONFIG_PCM_S24BE_ENCODER 0
-#define CONFIG_PCM_S24DAUD_ENCODER 0
-#define CONFIG_PCM_S24LE_ENCODER 0
-#define CONFIG_PCM_S24LE_PLANAR_ENCODER 0
-#define CONFIG_PCM_S32BE_ENCODER 0
-#define CONFIG_PCM_S32LE_ENCODER 0
-#define CONFIG_PCM_S32LE_PLANAR_ENCODER 0
-#define CONFIG_PCM_S64BE_ENCODER 0
-#define CONFIG_PCM_S64LE_ENCODER 0
-#define CONFIG_PCM_U8_ENCODER 0
-#define CONFIG_PCM_U16BE_ENCODER 0
-#define CONFIG_PCM_U16LE_ENCODER 0
-#define CONFIG_PCM_U24BE_ENCODER 0
-#define CONFIG_PCM_U24LE_ENCODER 0
-#define CONFIG_PCM_U32BE_ENCODER 0
-#define CONFIG_PCM_U32LE_ENCODER 0
-#define CONFIG_ROQ_DPCM_ENCODER 0
-#define CONFIG_ADPCM_ADX_ENCODER 0
-#define CONFIG_ADPCM_G722_ENCODER 0
-#define CONFIG_ADPCM_G726_ENCODER 0
-#define CONFIG_ADPCM_IMA_QT_ENCODER 0
-#define CONFIG_ADPCM_IMA_WAV_ENCODER 0
-#define CONFIG_ADPCM_MS_ENCODER 0
-#define CONFIG_ADPCM_SWF_ENCODER 0
-#define CONFIG_ADPCM_YAMAHA_ENCODER 0
-#define CONFIG_SSA_ENCODER 0
-#define CONFIG_ASS_ENCODER 0
-#define CONFIG_DVBSUB_ENCODER 0
-#define CONFIG_DVDSUB_ENCODER 0
-#define CONFIG_MOVTEXT_ENCODER 0
-#define CONFIG_SRT_ENCODER 0
-#define CONFIG_SUBRIP_ENCODER 0
-#define CONFIG_TEXT_ENCODER 0
-#define CONFIG_WEBVTT_ENCODER 0
-#define CONFIG_XSUB_ENCODER 0
-#define CONFIG_AAC_AT_ENCODER 0
-#define CONFIG_ALAC_AT_ENCODER 0
-#define CONFIG_ILBC_AT_ENCODER 0
-#define CONFIG_PCM_ALAW_AT_ENCODER 0
-#define CONFIG_PCM_MULAW_AT_ENCODER 0
-#define CONFIG_LIBFDK_AAC_ENCODER 0
-#define CONFIG_LIBGSM_ENCODER 0
-#define CONFIG_LIBGSM_MS_ENCODER 0
-#define CONFIG_LIBILBC_ENCODER 0
-#define CONFIG_LIBMP3LAME_ENCODER 0
-#define CONFIG_LIBOPENCORE_AMRNB_ENCODER 0
-#define CONFIG_LIBOPENJPEG_ENCODER 0
-#define CONFIG_LIBOPUS_ENCODER 0
-#define CONFIG_LIBSCHROEDINGER_ENCODER 0
-#define CONFIG_LIBSHINE_ENCODER 0
-#define CONFIG_LIBSPEEX_ENCODER 0
-#define CONFIG_LIBTHEORA_ENCODER 0
-#define CONFIG_LIBTWOLAME_ENCODER 0
-#define CONFIG_LIBVO_AMRWBENC_ENCODER 0
-#define CONFIG_LIBVORBIS_ENCODER 0
-#define CONFIG_LIBVPX_VP8_ENCODER 0
-#define CONFIG_LIBVPX_VP9_ENCODER 0
-#define CONFIG_LIBWAVPACK_ENCODER 0
-#define CONFIG_LIBWEBP_ANIM_ENCODER 0
-#define CONFIG_LIBWEBP_ENCODER 0
-#define CONFIG_LIBX262_ENCODER 0
-#define CONFIG_LIBX264_ENCODER 0
-#define CONFIG_LIBX264RGB_ENCODER 0
-#define CONFIG_LIBX265_ENCODER 0
-#define CONFIG_LIBXAVS_ENCODER 0
-#define CONFIG_LIBXVID_ENCODER 0
-#define CONFIG_LIBOPENH264_ENCODER 0
-#define CONFIG_H264_NVENC_ENCODER 0
-#define CONFIG_H264_OMX_ENCODER 0
-#define CONFIG_H264_QSV_ENCODER 0
-#define CONFIG_H264_VAAPI_ENCODER 0
-#define CONFIG_H264_VIDEOTOOLBOX_ENCODER 0
-#define CONFIG_NVENC_ENCODER 0
-#define CONFIG_NVENC_H264_ENCODER 0
-#define CONFIG_NVENC_HEVC_ENCODER 0
-#define CONFIG_HEVC_NVENC_ENCODER 0
-#define CONFIG_HEVC_QSV_ENCODER 0
-#define CONFIG_HEVC_VAAPI_ENCODER 0
-#define CONFIG_LIBKVAZAAR_ENCODER 0
-#define CONFIG_MJPEG_VAAPI_ENCODER 0
-#define CONFIG_MPEG2_QSV_ENCODER 0
-#define CONFIG_ABENCH_FILTER 0
-#define CONFIG_ACOMPRESSOR_FILTER 0
-#define CONFIG_ACROSSFADE_FILTER 0
-#define CONFIG_ACRUSHER_FILTER 0
-#define CONFIG_ADELAY_FILTER 0
-#define CONFIG_AECHO_FILTER 0
-#define CONFIG_AEMPHASIS_FILTER 0
-#define CONFIG_AEVAL_FILTER 0
-#define CONFIG_AFADE_FILTER 0
-#define CONFIG_AFFTFILT_FILTER 0
-#define CONFIG_AFORMAT_FILTER 0
-#define CONFIG_AGATE_FILTER 0
-#define CONFIG_AINTERLEAVE_FILTER 0
-#define CONFIG_ALIMITER_FILTER 0
-#define CONFIG_ALLPASS_FILTER 0
-#define CONFIG_ALOOP_FILTER 0
-#define CONFIG_AMERGE_FILTER 0
-#define CONFIG_AMETADATA_FILTER 0
-#define CONFIG_AMIX_FILTER 0
-#define CONFIG_ANEQUALIZER_FILTER 0
-#define CONFIG_ANULL_FILTER 0
-#define CONFIG_APAD_FILTER 0
-#define CONFIG_APERMS_FILTER 0
-#define CONFIG_APHASER_FILTER 0
-#define CONFIG_APULSATOR_FILTER 0
-#define CONFIG_AREALTIME_FILTER 0
-#define CONFIG_ARESAMPLE_FILTER 0
-#define CONFIG_AREVERSE_FILTER 0
-#define CONFIG_ASELECT_FILTER 0
-#define CONFIG_ASENDCMD_FILTER 0
-#define CONFIG_ASETNSAMPLES_FILTER 0
-#define CONFIG_ASETPTS_FILTER 0
-#define CONFIG_ASETRATE_FILTER 0
-#define CONFIG_ASETTB_FILTER 0
-#define CONFIG_ASHOWINFO_FILTER 0
-#define CONFIG_ASIDEDATA_FILTER 0
-#define CONFIG_ASPLIT_FILTER 0
-#define CONFIG_ASTATS_FILTER 0
-#define CONFIG_ASTREAMSELECT_FILTER 0
-#define CONFIG_ASYNCTS_FILTER 0
-#define CONFIG_ATEMPO_FILTER 0
-#define CONFIG_ATRIM_FILTER 0
-#define CONFIG_AZMQ_FILTER 0
-#define CONFIG_BANDPASS_FILTER 0
-#define CONFIG_BANDREJECT_FILTER 0
-#define CONFIG_BASS_FILTER 0
-#define CONFIG_BIQUAD_FILTER 0
-#define CONFIG_BS2B_FILTER 0
-#define CONFIG_CHANNELMAP_FILTER 0
-#define CONFIG_CHANNELSPLIT_FILTER 0
-#define CONFIG_CHORUS_FILTER 0
-#define CONFIG_COMPAND_FILTER 0
-#define CONFIG_COMPENSATIONDELAY_FILTER 0
-#define CONFIG_CRYSTALIZER_FILTER 0
-#define CONFIG_DCSHIFT_FILTER 0
-#define CONFIG_DYNAUDNORM_FILTER 0
-#define CONFIG_EARWAX_FILTER 0
-#define CONFIG_EBUR128_FILTER 0
-#define CONFIG_EQUALIZER_FILTER 0
-#define CONFIG_EXTRASTEREO_FILTER 0
-#define CONFIG_FIREQUALIZER_FILTER 0
-#define CONFIG_FLANGER_FILTER 0
-#define CONFIG_HDCD_FILTER 0
-#define CONFIG_HIGHPASS_FILTER 0
-#define CONFIG_JOIN_FILTER 0
-#define CONFIG_LADSPA_FILTER 0
-#define CONFIG_LOUDNORM_FILTER 0
-#define CONFIG_LOWPASS_FILTER 0
-#define CONFIG_PAN_FILTER 0
-#define CONFIG_REPLAYGAIN_FILTER 0
-#define CONFIG_RESAMPLE_FILTER 0
-#define CONFIG_RUBBERBAND_FILTER 0
-#define CONFIG_SIDECHAINCOMPRESS_FILTER 0
-#define CONFIG_SIDECHAINGATE_FILTER 0
-#define CONFIG_SILENCEDETECT_FILTER 0
-#define CONFIG_SILENCEREMOVE_FILTER 0
-#define CONFIG_SOFALIZER_FILTER 0
-#define CONFIG_STEREOTOOLS_FILTER 0
-#define CONFIG_STEREOWIDEN_FILTER 0
-#define CONFIG_TREBLE_FILTER 0
-#define CONFIG_TREMOLO_FILTER 0
-#define CONFIG_VIBRATO_FILTER 0
-#define CONFIG_VOLUME_FILTER 0
-#define CONFIG_VOLUMEDETECT_FILTER 0
-#define CONFIG_AEVALSRC_FILTER 0
-#define CONFIG_ANOISESRC_FILTER 0
-#define CONFIG_ANULLSRC_FILTER 0
-#define CONFIG_FLITE_FILTER 0
-#define CONFIG_SINE_FILTER 0
-#define CONFIG_ANULLSINK_FILTER 0
-#define CONFIG_ALPHAEXTRACT_FILTER 0
-#define CONFIG_ALPHAMERGE_FILTER 0
-#define CONFIG_ASS_FILTER 0
-#define CONFIG_ATADENOISE_FILTER 0
-#define CONFIG_AVGBLUR_FILTER 0
-#define CONFIG_BBOX_FILTER 0
-#define CONFIG_BENCH_FILTER 0
-#define CONFIG_BITPLANENOISE_FILTER 0
-#define CONFIG_BLACKDETECT_FILTER 0
-#define CONFIG_BLACKFRAME_FILTER 0
-#define CONFIG_BLEND_FILTER 0
-#define CONFIG_BOXBLUR_FILTER 0
-#define CONFIG_BWDIF_FILTER 0
-#define CONFIG_CHROMAKEY_FILTER 0
-#define CONFIG_CIESCOPE_FILTER 0
-#define CONFIG_CODECVIEW_FILTER 0
-#define CONFIG_COLORBALANCE_FILTER 0
-#define CONFIG_COLORCHANNELMIXER_FILTER 0
-#define CONFIG_COLORKEY_FILTER 0
-#define CONFIG_COLORLEVELS_FILTER 0
-#define CONFIG_COLORMATRIX_FILTER 0
-#define CONFIG_COLORSPACE_FILTER 0
-#define CONFIG_CONVOLUTION_FILTER 0
-#define CONFIG_COPY_FILTER 0
-#define CONFIG_COREIMAGE_FILTER 0
-#define CONFIG_COVER_RECT_FILTER 0
-#define CONFIG_CROP_FILTER 0
-#define CONFIG_CROPDETECT_FILTER 0
-#define CONFIG_CURVES_FILTER 0
-#define CONFIG_DATASCOPE_FILTER 0
-#define CONFIG_DCTDNOIZ_FILTER 0
-#define CONFIG_DEBAND_FILTER 0
-#define CONFIG_DECIMATE_FILTER 0
-#define CONFIG_DEFLATE_FILTER 0
-#define CONFIG_DEJUDDER_FILTER 0
-#define CONFIG_DELOGO_FILTER 0
-#define CONFIG_DESHAKE_FILTER 0
-#define CONFIG_DETELECINE_FILTER 0
-#define CONFIG_DILATION_FILTER 0
-#define CONFIG_DISPLACE_FILTER 0
-#define CONFIG_DRAWBOX_FILTER 0
-#define CONFIG_DRAWGRAPH_FILTER 0
-#define CONFIG_DRAWGRID_FILTER 0
-#define CONFIG_DRAWTEXT_FILTER 0
-#define CONFIG_EDGEDETECT_FILTER 0
-#define CONFIG_ELBG_FILTER 0
-#define CONFIG_EQ_FILTER 0
-#define CONFIG_EROSION_FILTER 0
-#define CONFIG_EXTRACTPLANES_FILTER 0
-#define CONFIG_FADE_FILTER 0
-#define CONFIG_FFTFILT_FILTER 0
-#define CONFIG_FIELD_FILTER 0
-#define CONFIG_FIELDHINT_FILTER 0
-#define CONFIG_FIELDMATCH_FILTER 0
-#define CONFIG_FIELDORDER_FILTER 0
-#define CONFIG_FIND_RECT_FILTER 0
-#define CONFIG_FORMAT_FILTER 0
-#define CONFIG_FPS_FILTER 0
-#define CONFIG_FRAMEPACK_FILTER 0
-#define CONFIG_FRAMERATE_FILTER 0
-#define CONFIG_FRAMESTEP_FILTER 0
-#define CONFIG_FREI0R_FILTER 0
-#define CONFIG_FSPP_FILTER 0
-#define CONFIG_GBLUR_FILTER 0
-#define CONFIG_GEQ_FILTER 0
-#define CONFIG_GRADFUN_FILTER 0
-#define CONFIG_HALDCLUT_FILTER 0
-#define CONFIG_HFLIP_FILTER 0
-#define CONFIG_HISTEQ_FILTER 0
-#define CONFIG_HISTOGRAM_FILTER 0
-#define CONFIG_HQDN3D_FILTER 0
-#define CONFIG_HQX_FILTER 0
-#define CONFIG_HSTACK_FILTER 0
-#define CONFIG_HUE_FILTER 0
-#define CONFIG_HWDOWNLOAD_FILTER 0
-#define CONFIG_HWUPLOAD_FILTER 0
-#define CONFIG_HWUPLOAD_CUDA_FILTER 0
-#define CONFIG_HYSTERESIS_FILTER 0
-#define CONFIG_IDET_FILTER 0
-#define CONFIG_IL_FILTER 0
-#define CONFIG_INFLATE_FILTER 0
-#define CONFIG_INTERLACE_FILTER 0
-#define CONFIG_INTERLEAVE_FILTER 0
-#define CONFIG_KERNDEINT_FILTER 0
-#define CONFIG_LENSCORRECTION_FILTER 0
-#define CONFIG_LOOP_FILTER 0
-#define CONFIG_LUT_FILTER 0
-#define CONFIG_LUT2_FILTER 0
-#define CONFIG_LUT3D_FILTER 0
-#define CONFIG_LUTRGB_FILTER 0
-#define CONFIG_LUTYUV_FILTER 0
-#define CONFIG_MASKEDCLAMP_FILTER 0
-#define CONFIG_MASKEDMERGE_FILTER 0
-#define CONFIG_MCDEINT_FILTER 0
-#define CONFIG_MERGEPLANES_FILTER 0
-#define CONFIG_MESTIMATE_FILTER 0
-#define CONFIG_METADATA_FILTER 0
-#define CONFIG_MINTERPOLATE_FILTER 0
-#define CONFIG_MPDECIMATE_FILTER 0
-#define CONFIG_NEGATE_FILTER 0
-#define CONFIG_NLMEANS_FILTER 0
-#define CONFIG_NNEDI_FILTER 0
-#define CONFIG_NOFORMAT_FILTER 0
-#define CONFIG_NOISE_FILTER 0
-#define CONFIG_NULL_FILTER 0
-#define CONFIG_OCR_FILTER 0
-#define CONFIG_OCV_FILTER 0
-#define CONFIG_OVERLAY_FILTER 0
-#define CONFIG_OWDENOISE_FILTER 0
-#define CONFIG_PAD_FILTER 0
-#define CONFIG_PALETTEGEN_FILTER 0
-#define CONFIG_PALETTEUSE_FILTER 0
-#define CONFIG_PERMS_FILTER 0
-#define CONFIG_PERSPECTIVE_FILTER 0
-#define CONFIG_PHASE_FILTER 0
-#define CONFIG_PIXDESCTEST_FILTER 0
-#define CONFIG_PP_FILTER 0
-#define CONFIG_PP7_FILTER 0
-#define CONFIG_PREWITT_FILTER 0
-#define CONFIG_PSNR_FILTER 0
-#define CONFIG_PULLUP_FILTER 0
-#define CONFIG_QP_FILTER 0
-#define CONFIG_RANDOM_FILTER 0
-#define CONFIG_READVITC_FILTER 0
-#define CONFIG_REALTIME_FILTER 0
-#define CONFIG_REMAP_FILTER 0
-#define CONFIG_REMOVEGRAIN_FILTER 0
-#define CONFIG_REMOVELOGO_FILTER 0
-#define CONFIG_REPEATFIELDS_FILTER 0
-#define CONFIG_REVERSE_FILTER 0
-#define CONFIG_ROTATE_FILTER 0
-#define CONFIG_SAB_FILTER 0
-#define CONFIG_SCALE_FILTER 0
-#define CONFIG_SCALE_NPP_FILTER 0
-#define CONFIG_SCALE_VAAPI_FILTER 0
-#define CONFIG_SCALE2REF_FILTER 0
-#define CONFIG_SELECT_FILTER 0
-#define CONFIG_SELECTIVECOLOR_FILTER 0
-#define CONFIG_SENDCMD_FILTER 0
-#define CONFIG_SEPARATEFIELDS_FILTER 0
-#define CONFIG_SETDAR_FILTER 0
-#define CONFIG_SETFIELD_FILTER 0
-#define CONFIG_SETPTS_FILTER 0
-#define CONFIG_SETSAR_FILTER 0
-#define CONFIG_SETTB_FILTER 0
-#define CONFIG_SHOWINFO_FILTER 0
-#define CONFIG_SHOWPALETTE_FILTER 0
-#define CONFIG_SHUFFLEFRAMES_FILTER 0
-#define CONFIG_SHUFFLEPLANES_FILTER 0
-#define CONFIG_SIDEDATA_FILTER 0
-#define CONFIG_SIGNALSTATS_FILTER 0
-#define CONFIG_SMARTBLUR_FILTER 0
-#define CONFIG_SOBEL_FILTER 0
-#define CONFIG_SPLIT_FILTER 0
-#define CONFIG_SPP_FILTER 0
-#define CONFIG_SSIM_FILTER 0
-#define CONFIG_STEREO3D_FILTER 0
-#define CONFIG_STREAMSELECT_FILTER 0
-#define CONFIG_SUBTITLES_FILTER 0
-#define CONFIG_SUPER2XSAI_FILTER 0
-#define CONFIG_SWAPRECT_FILTER 0
-#define CONFIG_SWAPUV_FILTER 0
-#define CONFIG_TBLEND_FILTER 0
-#define CONFIG_TELECINE_FILTER 0
-#define CONFIG_THUMBNAIL_FILTER 0
-#define CONFIG_TILE_FILTER 0
-#define CONFIG_TINTERLACE_FILTER 0
-#define CONFIG_TRANSPOSE_FILTER 0
-#define CONFIG_TRIM_FILTER 0
-#define CONFIG_UNSHARP_FILTER 0
-#define CONFIG_USPP_FILTER 0
-#define CONFIG_VAGUEDENOISER_FILTER 0
-#define CONFIG_VECTORSCOPE_FILTER 0
-#define CONFIG_VFLIP_FILTER 0
-#define CONFIG_VIDSTABDETECT_FILTER 0
-#define CONFIG_VIDSTABTRANSFORM_FILTER 0
-#define CONFIG_VIGNETTE_FILTER 0
-#define CONFIG_VSTACK_FILTER 0
-#define CONFIG_W3FDIF_FILTER 0
-#define CONFIG_WAVEFORM_FILTER 0
-#define CONFIG_WEAVE_FILTER 0
-#define CONFIG_XBR_FILTER 0
-#define CONFIG_YADIF_FILTER 0
-#define CONFIG_ZMQ_FILTER 0
-#define CONFIG_ZOOMPAN_FILTER 0
-#define CONFIG_ZSCALE_FILTER 0
-#define CONFIG_ALLRGB_FILTER 0
-#define CONFIG_ALLYUV_FILTER 0
-#define CONFIG_CELLAUTO_FILTER 0
-#define CONFIG_COLOR_FILTER 0
-#define CONFIG_COREIMAGESRC_FILTER 0
-#define CONFIG_FREI0R_SRC_FILTER 0
-#define CONFIG_HALDCLUTSRC_FILTER 0
-#define CONFIG_LIFE_FILTER 0
-#define CONFIG_MANDELBROT_FILTER 0
-#define CONFIG_MPTESTSRC_FILTER 0
-#define CONFIG_NULLSRC_FILTER 0
-#define CONFIG_RGBTESTSRC_FILTER 0
-#define CONFIG_SMPTEBARS_FILTER 0
-#define CONFIG_SMPTEHDBARS_FILTER 0
-#define CONFIG_TESTSRC_FILTER 0
-#define CONFIG_TESTSRC2_FILTER 0
-#define CONFIG_YUVTESTSRC_FILTER 0
-#define CONFIG_NULLSINK_FILTER 0
-#define CONFIG_ADRAWGRAPH_FILTER 0
-#define CONFIG_AHISTOGRAM_FILTER 0
-#define CONFIG_APHASEMETER_FILTER 0
-#define CONFIG_AVECTORSCOPE_FILTER 0
-#define CONFIG_CONCAT_FILTER 0
-#define CONFIG_SHOWCQT_FILTER 0
-#define CONFIG_SHOWFREQS_FILTER 0
-#define CONFIG_SHOWSPECTRUM_FILTER 0
-#define CONFIG_SHOWSPECTRUMPIC_FILTER 0
-#define CONFIG_SHOWVOLUME_FILTER 0
-#define CONFIG_SHOWWAVES_FILTER 0
-#define CONFIG_SHOWWAVESPIC_FILTER 0
-#define CONFIG_SPECTRUMSYNTH_FILTER 0
-#define CONFIG_AMOVIE_FILTER 0
-#define CONFIG_MOVIE_FILTER 0
-#define CONFIG_H263_CUVID_HWACCEL 0
-#define CONFIG_H263_VAAPI_HWACCEL 0
-#define CONFIG_H263_VIDEOTOOLBOX_HWACCEL 0
-#define CONFIG_H264_CUVID_HWACCEL 0
-#define CONFIG_H264_D3D11VA_HWACCEL 0
-#define CONFIG_H264_DXVA2_HWACCEL 0
-#define CONFIG_H264_MEDIACODEC_HWACCEL 0
-#define CONFIG_H264_MMAL_HWACCEL 0
-#define CONFIG_H264_QSV_HWACCEL 0
-#define CONFIG_H264_VAAPI_HWACCEL 0
-#define CONFIG_H264_VDA_HWACCEL 0
-#define CONFIG_H264_VDA_OLD_HWACCEL 0
-#define CONFIG_H264_VDPAU_HWACCEL 0
-#define CONFIG_H264_VIDEOTOOLBOX_HWACCEL 0
-#define CONFIG_HEVC_CUVID_HWACCEL 0
-#define CONFIG_HEVC_D3D11VA_HWACCEL 0
-#define CONFIG_HEVC_DXVA2_HWACCEL 0
-#define CONFIG_HEVC_MEDIACODEC_HWACCEL 0
-#define CONFIG_HEVC_QSV_HWACCEL 0
-#define CONFIG_HEVC_VAAPI_HWACCEL 0
-#define CONFIG_HEVC_VDPAU_HWACCEL 0
-#define CONFIG_MJPEG_CUVID_HWACCEL 0
-#define CONFIG_MPEG1_CUVID_HWACCEL 0
-#define CONFIG_MPEG1_XVMC_HWACCEL 0
-#define CONFIG_MPEG1_VDPAU_HWACCEL 0
-#define CONFIG_MPEG1_VIDEOTOOLBOX_HWACCEL 0
-#define CONFIG_MPEG2_CUVID_HWACCEL 0
-#define CONFIG_MPEG2_XVMC_HWACCEL 0
-#define CONFIG_MPEG2_D3D11VA_HWACCEL 0
-#define CONFIG_MPEG2_DXVA2_HWACCEL 0
-#define CONFIG_MPEG2_MMAL_HWACCEL 0
-#define CONFIG_MPEG2_QSV_HWACCEL 0
-#define CONFIG_MPEG2_VAAPI_HWACCEL 0
-#define CONFIG_MPEG2_VDPAU_HWACCEL 0
-#define CONFIG_MPEG2_VIDEOTOOLBOX_HWACCEL 0
-#define CONFIG_MPEG4_CUVID_HWACCEL 0
-#define CONFIG_MPEG4_MEDIACODEC_HWACCEL 0
-#define CONFIG_MPEG4_MMAL_HWACCEL 0
-#define CONFIG_MPEG4_VAAPI_HWACCEL 0
-#define CONFIG_MPEG4_VDPAU_HWACCEL 0
-#define CONFIG_MPEG4_VIDEOTOOLBOX_HWACCEL 0
-#define CONFIG_VC1_CUVID_HWACCEL 0
-#define CONFIG_VC1_D3D11VA_HWACCEL 0
-#define CONFIG_VC1_DXVA2_HWACCEL 0
-#define CONFIG_VC1_VAAPI_HWACCEL 0
-#define CONFIG_VC1_VDPAU_HWACCEL 0
-#define CONFIG_VC1_MMAL_HWACCEL 0
-#define CONFIG_VC1_QSV_HWACCEL 0
-#define CONFIG_VP8_CUVID_HWACCEL 0
-#define CONFIG_VP8_MEDIACODEC_HWACCEL 0
-#define CONFIG_VP9_CUVID_HWACCEL 0
-#define CONFIG_VP9_D3D11VA_HWACCEL 0
-#define CONFIG_VP9_DXVA2_HWACCEL 0
-#define CONFIG_VP9_MEDIACODEC_HWACCEL 0
-#define CONFIG_VP9_VAAPI_HWACCEL 0
-#define CONFIG_WMV3_D3D11VA_HWACCEL 0
-#define CONFIG_WMV3_DXVA2_HWACCEL 0
-#define CONFIG_WMV3_VAAPI_HWACCEL 0
-#define CONFIG_WMV3_VDPAU_HWACCEL 0
-#define CONFIG_ALSA_INDEV 0
-#define CONFIG_AVFOUNDATION_INDEV 0
-#define CONFIG_BKTR_INDEV 0
-#define CONFIG_DECKLINK_INDEV 0
-#define CONFIG_DSHOW_INDEV 0
-#define CONFIG_DV1394_INDEV 0
-#define CONFIG_FBDEV_INDEV 0
-#define CONFIG_GDIGRAB_INDEV 0
-#define CONFIG_IEC61883_INDEV 0
-#define CONFIG_JACK_INDEV 0
-#define CONFIG_LAVFI_INDEV 0
-#define CONFIG_OPENAL_INDEV 0
-#define CONFIG_OSS_INDEV 0
-#define CONFIG_PULSE_INDEV 0
-#define CONFIG_QTKIT_INDEV 0
-#define CONFIG_SNDIO_INDEV 0
-#define CONFIG_V4L2_INDEV 0
-#define CONFIG_VFWCAP_INDEV 0
-#define CONFIG_X11GRAB_INDEV 0
-#define CONFIG_X11GRAB_XCB_INDEV 0
-#define CONFIG_LIBCDIO_INDEV 0
-#define CONFIG_LIBDC1394_INDEV 0
-#define CONFIG_A64_MUXER 0
-#define CONFIG_AC3_MUXER 0
-#define CONFIG_ADTS_MUXER 0
-#define CONFIG_ADX_MUXER 0
-#define CONFIG_AIFF_MUXER 0
-#define CONFIG_AMR_MUXER 0
-#define CONFIG_APNG_MUXER 0
-#define CONFIG_ASF_MUXER 0
-#define CONFIG_ASS_MUXER 0
-#define CONFIG_AST_MUXER 0
-#define CONFIG_ASF_STREAM_MUXER 0
-#define CONFIG_AU_MUXER 0
-#define CONFIG_AVI_MUXER 0
-#define CONFIG_AVM2_MUXER 0
-#define CONFIG_BIT_MUXER 0
-#define CONFIG_CAF_MUXER 0
-#define CONFIG_CAVSVIDEO_MUXER 0
-#define CONFIG_CRC_MUXER 0
-#define CONFIG_DASH_MUXER 0
-#define CONFIG_DATA_MUXER 0
-#define CONFIG_DAUD_MUXER 0
-#define CONFIG_DIRAC_MUXER 0
-#define CONFIG_DNXHD_MUXER 0
-#define CONFIG_DTS_MUXER 0
-#define CONFIG_DV_MUXER 0
-#define CONFIG_EAC3_MUXER 0
-#define CONFIG_F4V_MUXER 0
-#define CONFIG_FFM_MUXER 0
-#define CONFIG_FFMETADATA_MUXER 0
-#define CONFIG_FIFO_MUXER 0
-#define CONFIG_FILMSTRIP_MUXER 0
-#define CONFIG_FLAC_MUXER 0
-#define CONFIG_FLV_MUXER 0
-#define CONFIG_FRAMECRC_MUXER 0
-#define CONFIG_FRAMEHASH_MUXER 0
-#define CONFIG_FRAMEMD5_MUXER 0
-#define CONFIG_G722_MUXER 0
-#define CONFIG_G723_1_MUXER 0
-#define CONFIG_GIF_MUXER 0
-#define CONFIG_GSM_MUXER 0
-#define CONFIG_GXF_MUXER 0
-#define CONFIG_H261_MUXER 0
-#define CONFIG_H263_MUXER 0
-#define CONFIG_H264_MUXER 0
-#define CONFIG_HASH_MUXER 0
-#define CONFIG_HDS_MUXER 0
-#define CONFIG_HEVC_MUXER 0
-#define CONFIG_HLS_MUXER 0
-#define CONFIG_ICO_MUXER 0
-#define CONFIG_ILBC_MUXER 0
-#define CONFIG_IMAGE2_MUXER 0
-#define CONFIG_IMAGE2PIPE_MUXER 0
-#define CONFIG_IPOD_MUXER 0
-#define CONFIG_IRCAM_MUXER 0
-#define CONFIG_ISMV_MUXER 0
-#define CONFIG_IVF_MUXER 0
-#define CONFIG_JACOSUB_MUXER 0
-#define CONFIG_LATM_MUXER 0
-#define CONFIG_LRC_MUXER 0
-#define CONFIG_M4V_MUXER 0
-#define CONFIG_MD5_MUXER 0
-#define CONFIG_MATROSKA_MUXER 0
-#define CONFIG_MATROSKA_AUDIO_MUXER 0
-#define CONFIG_MICRODVD_MUXER 0
-#define CONFIG_MJPEG_MUXER 0
-#define CONFIG_MLP_MUXER 0
-#define CONFIG_MMF_MUXER 0
-#define CONFIG_MOV_MUXER 0
-#define CONFIG_MP2_MUXER 0
-#define CONFIG_MP3_MUXER 0
-#define CONFIG_MP4_MUXER 0
-#define CONFIG_MPEG1SYSTEM_MUXER 0
-#define CONFIG_MPEG1VCD_MUXER 0
-#define CONFIG_MPEG1VIDEO_MUXER 0
-#define CONFIG_MPEG2DVD_MUXER 0
-#define CONFIG_MPEG2SVCD_MUXER 0
-#define CONFIG_MPEG2VIDEO_MUXER 0
-#define CONFIG_MPEG2VOB_MUXER 0
-#define CONFIG_MPEGTS_MUXER 0
-#define CONFIG_MPJPEG_MUXER 0
-#define CONFIG_MXF_MUXER 0
-#define CONFIG_MXF_D10_MUXER 0
-#define CONFIG_MXF_OPATOM_MUXER 0
-#define CONFIG_NULL_MUXER 0
-#define CONFIG_NUT_MUXER 0
-#define CONFIG_OGA_MUXER 0
-#define CONFIG_OGG_MUXER 0
-#define CONFIG_OGV_MUXER 0
-#define CONFIG_OMA_MUXER 0
-#define CONFIG_OPUS_MUXER 0
-#define CONFIG_PCM_ALAW_MUXER 0
-#define CONFIG_PCM_MULAW_MUXER 0
-#define CONFIG_PCM_F64BE_MUXER 0
-#define CONFIG_PCM_F64LE_MUXER 0
-#define CONFIG_PCM_F32BE_MUXER 0
-#define CONFIG_PCM_F32LE_MUXER 0
-#define CONFIG_PCM_S32BE_MUXER 0
-#define CONFIG_PCM_S32LE_MUXER 0
-#define CONFIG_PCM_S24BE_MUXER 0
-#define CONFIG_PCM_S24LE_MUXER 0
-#define CONFIG_PCM_S16BE_MUXER 0
-#define CONFIG_PCM_S16LE_MUXER 0
-#define CONFIG_PCM_S8_MUXER 0
-#define CONFIG_PCM_U32BE_MUXER 0
-#define CONFIG_PCM_U32LE_MUXER 0
-#define CONFIG_PCM_U24BE_MUXER 0
-#define CONFIG_PCM_U24LE_MUXER 0
-#define CONFIG_PCM_U16BE_MUXER 0
-#define CONFIG_PCM_U16LE_MUXER 0
-#define CONFIG_PCM_U8_MUXER 0
-#define CONFIG_PSP_MUXER 0
-#define CONFIG_RAWVIDEO_MUXER 0
-#define CONFIG_RM_MUXER 0
-#define CONFIG_ROQ_MUXER 0
-#define CONFIG_RSO_MUXER 0
-#define CONFIG_RTP_MUXER 0
-#define CONFIG_RTP_MPEGTS_MUXER 0
-#define CONFIG_RTSP_MUXER 0
-#define CONFIG_SAP_MUXER 0
-#define CONFIG_SEGMENT_MUXER 0
-#define CONFIG_STREAM_SEGMENT_MUXER 0
-#define CONFIG_SINGLEJPEG_MUXER 0
-#define CONFIG_SMJPEG_MUXER 0
-#define CONFIG_SMOOTHSTREAMING_MUXER 0
-#define CONFIG_SOX_MUXER 0
-#define CONFIG_SPX_MUXER 0
-#define CONFIG_SPDIF_MUXER 0
-#define CONFIG_SRT_MUXER 0
-#define CONFIG_SWF_MUXER 0
-#define CONFIG_TEE_MUXER 0
-#define CONFIG_TG2_MUXER 0
-#define CONFIG_TGP_MUXER 0
-#define CONFIG_MKVTIMESTAMP_V2_MUXER 0
-#define CONFIG_TRUEHD_MUXER 0
-#define CONFIG_TTA_MUXER 0
-#define CONFIG_UNCODEDFRAMECRC_MUXER 0
-#define CONFIG_VC1_MUXER 0
-#define CONFIG_VC1T_MUXER 0
-#define CONFIG_VOC_MUXER 0
-#define CONFIG_W64_MUXER 0
-#define CONFIG_WAV_MUXER 0
-#define CONFIG_WEBM_MUXER 0
-#define CONFIG_WEBM_DASH_MANIFEST_MUXER 0
-#define CONFIG_WEBM_CHUNK_MUXER 0
-#define CONFIG_WEBP_MUXER 0
-#define CONFIG_WEBVTT_MUXER 0
-#define CONFIG_WTV_MUXER 0
-#define CONFIG_WV_MUXER 0
-#define CONFIG_YUV4MPEGPIPE_MUXER 0
-#define CONFIG_CHROMAPRINT_MUXER 0
-#define CONFIG_LIBNUT_MUXER 0
-#define CONFIG_ALSA_OUTDEV 0
-#define CONFIG_CACA_OUTDEV 0
-#define CONFIG_DECKLINK_OUTDEV 0
-#define CONFIG_FBDEV_OUTDEV 0
-#define CONFIG_OPENGL_OUTDEV 0
-#define CONFIG_OSS_OUTDEV 0
-#define CONFIG_PULSE_OUTDEV 0
-#define CONFIG_SDL2_OUTDEV 0
-#define CONFIG_SNDIO_OUTDEV 0
-#define CONFIG_V4L2_OUTDEV 0
-#define CONFIG_XV_OUTDEV 0
-#define CONFIG_AAC_PARSER 0
-#define CONFIG_AAC_LATM_PARSER 0
-#define CONFIG_AC3_PARSER 0
-#define CONFIG_ADX_PARSER 0
-#define CONFIG_BMP_PARSER 0
-#define CONFIG_CAVSVIDEO_PARSER 0
-#define CONFIG_COOK_PARSER 0
-#define CONFIG_DCA_PARSER 0
-#define CONFIG_DIRAC_PARSER 0
-#define CONFIG_DNXHD_PARSER 0
-#define CONFIG_DPX_PARSER 0
-#define CONFIG_DVAUDIO_PARSER 0
-#define CONFIG_DVBSUB_PARSER 0
-#define CONFIG_DVDSUB_PARSER 0
-#define CONFIG_DVD_NAV_PARSER 0
-#define CONFIG_FLAC_PARSER 1
-#define CONFIG_G729_PARSER 0
-#define CONFIG_GSM_PARSER 0
-#define CONFIG_H261_PARSER 0
-#define CONFIG_H263_PARSER 0
-#define CONFIG_H264_PARSER 0
-#define CONFIG_HEVC_PARSER 0
-#define CONFIG_MJPEG_PARSER 0
-#define CONFIG_MLP_PARSER 0
-#define CONFIG_MPEG4VIDEO_PARSER 0
-#define CONFIG_MPEGAUDIO_PARSER 0
-#define CONFIG_MPEGVIDEO_PARSER 0
-#define CONFIG_OPUS_PARSER 0
-#define CONFIG_PNG_PARSER 0
-#define CONFIG_PNM_PARSER 0
-#define CONFIG_RV30_PARSER 0
-#define CONFIG_RV40_PARSER 0
-#define CONFIG_TAK_PARSER 0
-#define CONFIG_VC1_PARSER 0
-#define CONFIG_VORBIS_PARSER 0
-#define CONFIG_VP3_PARSER 0
+#define CONFIG_FLAC_PARSER 0
 #define CONFIG_VP8_PARSER 1
 #define CONFIG_VP9_PARSER 1
-#define CONFIG_ASYNC_PROTOCOL 0
-#define CONFIG_BLURAY_PROTOCOL 0
-#define CONFIG_CACHE_PROTOCOL 0
-#define CONFIG_CONCAT_PROTOCOL 0
-#define CONFIG_CRYPTO_PROTOCOL 0
-#define CONFIG_DATA_PROTOCOL 0
-#define CONFIG_FFRTMPCRYPT_PROTOCOL 0
-#define CONFIG_FFRTMPHTTP_PROTOCOL 0
-#define CONFIG_FILE_PROTOCOL 0
-#define CONFIG_FTP_PROTOCOL 0
-#define CONFIG_GOPHER_PROTOCOL 0
-#define CONFIG_HLS_PROTOCOL 0
-#define CONFIG_HTTP_PROTOCOL 0
-#define CONFIG_HTTPPROXY_PROTOCOL 0
-#define CONFIG_HTTPS_PROTOCOL 0
-#define CONFIG_ICECAST_PROTOCOL 0
-#define CONFIG_MMSH_PROTOCOL 0
-#define CONFIG_MMST_PROTOCOL 0
-#define CONFIG_MD5_PROTOCOL 0
-#define CONFIG_PIPE_PROTOCOL 0
-#define CONFIG_RTMP_PROTOCOL 0
-#define CONFIG_RTMPE_PROTOCOL 0
-#define CONFIG_RTMPS_PROTOCOL 0
-#define CONFIG_RTMPT_PROTOCOL 0
-#define CONFIG_RTMPTE_PROTOCOL 0
-#define CONFIG_RTMPTS_PROTOCOL 0
-#define CONFIG_RTP_PROTOCOL 0
-#define CONFIG_SCTP_PROTOCOL 0
-#define CONFIG_SRTP_PROTOCOL 0
-#define CONFIG_SUBFILE_PROTOCOL 0
-#define CONFIG_TEE_PROTOCOL 0
-#define CONFIG_TCP_PROTOCOL 0
-#define CONFIG_TLS_GNUTLS_PROTOCOL 0
-#define CONFIG_TLS_SCHANNEL_PROTOCOL 0
-#define CONFIG_TLS_SECURETRANSPORT_PROTOCOL 0
-#define CONFIG_TLS_OPENSSL_PROTOCOL 0
-#define CONFIG_UDP_PROTOCOL 0
-#define CONFIG_UDPLITE_PROTOCOL 0
-#define CONFIG_UNIX_PROTOCOL 0
-#define CONFIG_LIBRTMP_PROTOCOL 0
-#define CONFIG_LIBRTMPE_PROTOCOL 0
-#define CONFIG_LIBRTMPS_PROTOCOL 0
-#define CONFIG_LIBRTMPT_PROTOCOL 0
-#define CONFIG_LIBRTMPTE_PROTOCOL 0
-#define CONFIG_LIBSSH_PROTOCOL 0
-#define CONFIG_LIBSMBCLIENT_PROTOCOL 0
 #endif /* FFMPEG_CONFIG_H */
diff --git a/media/ffvpx/config_unix32.h b/media/ffvpx/config_unix32.h
index 9318d1851..c2316caab 100644
--- a/media/ffvpx/config_unix32.h
+++ b/media/ffvpx/config_unix32.h
@@ -1,12 +1,12 @@
 /* Automatically generated by configure - do not modify! */
 #ifndef FFMPEG_CONFIG_H
 #define FFMPEG_CONFIG_H
-#define FFMPEG_CONFIGURATION "--disable-everything --disable-protocols --disable-demuxers --disable-muxers --disable-filters --disable-programs --disable-doc --disable-parsers --enable-parser=vp8 --enable-parser=vp9 --enable-decoder=vp8 --enable-decoder=vp9 --disable-static --enable-shared --disable-debug --disable-sdl --disable-libxcb --disable-securetransport --disable-iconv --disable-swresample --disable-swscale --disable-avdevice --disable-avfilter --disable-avformat --disable-d3d11va --disable-dxva2 --disable-vaapi --disable-vda --disable-vdpau --disable-videotoolbox --enable-asm --enable-yasm --disable-asm --disable-yasm --cc='gcc -m32'"
+#define FFMPEG_CONFIGURATION "--disable-everything --disable-protocols --disable-demuxers --disable-muxers --disable-filters --disable-programs --disable-doc --disable-parsers --enable-parser=vp8 --enable-parser=vp9 --enable-decoder=vp8 --enable-decoder=vp9 --disable-static --enable-shared --disable-debug --disable-sdl2 --disable-libxcb --disable-securetransport --disable-iconv --disable-swresample --disable-swscale --disable-avdevice --disable-avfilter --disable-avformat --disable-d3d11va --disable-dxva2 --disable-vaapi --disable-vda --disable-vdpau --disable-videotoolbox --enable-decoder=flac --disable-asm --disable-x86asm"
 #define FFMPEG_LICENSE "LGPL version 2.1 or later"
-#define CONFIG_THIS_YEAR 2016
+#define CONFIG_THIS_YEAR 2017
 #define FFMPEG_DATADIR "/usr/local/share/ffmpeg"
 #define AVCONV_DATADIR "/usr/local/share/ffmpeg"
-#define CC_IDENT "gcc 4.6 (Ubuntu/Linaro 4.6.3-1ubuntu5)"
+#define CC_IDENT "gcc 6.3.0 (Ubuntu 6.3.0-12ubuntu2) 20170406"
 #define av_restrict restrict
 #define EXTERN_PREFIX ""
 #define EXTERN_ASM
@@ -178,11 +178,11 @@
 #define HAVE_LOCAL_ALIGNED_16 1
 #define HAVE_LOCAL_ALIGNED_32 1
 #define HAVE_SIMD_ALIGN_16 0
+#define HAVE_SIMD_ALIGN_32 0
 #define HAVE_ATOMICS_GCC 1
 #define HAVE_ATOMICS_SUNCC 0
 #define HAVE_ATOMICS_WIN32 0
 #define HAVE_ATOMIC_CAS_PTR 0
-#define HAVE_ATOMIC_COMPARE_EXCHANGE 0
 #define HAVE_MACHINE_RW_BARRIER 0
 #define HAVE_MEMORYBARRIER 0
 #define HAVE_MM_EMPTY 0
@@ -194,15 +194,16 @@
 #define HAVE_CEXP 1
 #define HAVE_INLINE_ASM 1
 #define HAVE_SYMVER 1
-#define HAVE_YASM 0
+#define HAVE_X86ASM 0
 #define HAVE_BIGENDIAN 0
 #define HAVE_FAST_UNALIGNED 0
-#define HAVE_ALSA_ASOUNDLIB_H 0
 #define HAVE_ALTIVEC_H 0
 #define HAVE_ARPA_INET_H 1
 #define HAVE_ASM_TYPES_H 1
 #define HAVE_CDIO_PARANOIA_H 0
 #define HAVE_CDIO_PARANOIA_PARANOIA_H 0
+#define HAVE_CUDA_H 0
+#define HAVE_D3D11_H 0
 #define HAVE_DISPATCH_DISPATCH_H 0
 #define HAVE_DEV_BKTR_IOCTL_BT848_H 0
 #define HAVE_DEV_BKTR_IOCTL_METEOR_H 0
@@ -212,7 +213,7 @@
 #define HAVE_DIRECT_H 0
 #define HAVE_DIRENT_H 1
 #define HAVE_DLFCN_H 1
-#define HAVE_D3D11_H 0
+#define HAVE_DXGIDEBUG_H 0
 #define HAVE_DXVA_H 0
 #define HAVE_ES2_GL_H 0
 #define HAVE_GSM_H 0
@@ -221,13 +222,15 @@
 #define HAVE_MACHINE_IOCTL_BT848_H 0
 #define HAVE_MACHINE_IOCTL_METEOR_H 0
 #define HAVE_OPENCV2_CORE_CORE_C_H 0
+#define HAVE_OPENJPEG_2_3_OPENJPEG_H 0
+#define HAVE_OPENJPEG_2_2_OPENJPEG_H 0
 #define HAVE_OPENJPEG_2_1_OPENJPEG_H 0
 #define HAVE_OPENJPEG_2_0_OPENJPEG_H 0
 #define HAVE_OPENJPEG_1_5_OPENJPEG_H 0
 #define HAVE_OPENGL_GL3_H 0
 #define HAVE_POLL_H 1
-#define HAVE_SNDIO_H 0
 #define HAVE_SOUNDCARD_H 0
+#define HAVE_STDATOMIC_H 1
 #define HAVE_SYS_MMAN_H 1
 #define HAVE_SYS_PARAM_H 1
 #define HAVE_SYS_RESOURCE_H 1
@@ -279,7 +282,6 @@
 #define HAVE_COMMANDLINETOARGVW 0
 #define HAVE_COTASKMEMFREE 0
 #define HAVE_CRYPTGENRANDOM 0
-#define HAVE_DLOPEN 1
 #define HAVE_FCNTL 1
 #define HAVE_FLT_LIM 1
 #define HAVE_FORK 1
@@ -318,6 +320,7 @@
 #define HAVE_SLEEP 0
 #define HAVE_STRERROR_R 1
 #define HAVE_SYSCONF 1
+#define HAVE_SYSCTL 0
 #define HAVE_USLEEP 1
 #define HAVE_UTGETOSTYPEFROMSTRING 0
 #define HAVE_VIRTUALALLOC 0
@@ -326,11 +329,13 @@
 #define HAVE_OS2THREADS 0
 #define HAVE_W32THREADS 0
 #define HAVE_AS_DN_DIRECTIVE 0
+#define HAVE_AS_FPU_DIRECTIVE 0
 #define HAVE_AS_FUNC 0
 #define HAVE_AS_OBJECT_ARCH 0
 #define HAVE_ASM_MOD_Q 0
 #define HAVE_ATTRIBUTE_MAY_ALIAS 1
 #define HAVE_ATTRIBUTE_PACKED 1
+#define HAVE_BLOCKS_EXTENSION 0
 #define HAVE_EBP_AVAILABLE 1
 #define HAVE_EBX_AVAILABLE 1
 #define HAVE_GNU_AS 0
@@ -347,6 +352,7 @@
 #define HAVE_XFORM_ASM 0
 #define HAVE_XMM_CLOBBERS 0
 #define HAVE_CONDITION_VARIABLE_PTR 0
+#define HAVE_KCMVIDEOCODECTYPE_HEVC 0
 #define HAVE_SOCKLEN_T 1
 #define HAVE_STRUCT_ADDRINFO 1
 #define HAVE_STRUCT_GROUP_SOURCE_REQ 1
@@ -363,36 +369,20 @@
 #define HAVE_STRUCT_V4L2_FRMIVALENUM_DISCRETE 1
 #define HAVE_ATOMICS_NATIVE 1
 #define HAVE_DOS_PATHS 0
-#define HAVE_DXVA2_LIB 0
-#define HAVE_DXVA2API_COBJ 0
 #define HAVE_LIBC_MSVCRT 0
-#define HAVE_LIBDC1394_1 0
-#define HAVE_LIBDC1394_2 0
 #define HAVE_MAKEINFO 0
 #define HAVE_MAKEINFO_HTML 0
 #define HAVE_MMAL_PARAMETER_VIDEO_MAX_NUM_CALLBACKS 0
 #define HAVE_PERL 1
 #define HAVE_POD2MAN 1
-#define HAVE_SDL2 0
 #define HAVE_SECTION_DATA_REL_RO 1
 #define HAVE_TEXI2HTML 0
 #define HAVE_THREADS 1
+#define HAVE_UWP 0
 #define HAVE_VAAPI_DRM 0
 #define HAVE_VAAPI_X11 0
 #define HAVE_VDPAU_X11 0
 #define HAVE_WINRT 0
-#define HAVE_XLIB 0
-#define CONFIG_BSFS 0
-#define CONFIG_DECODERS 1
-#define CONFIG_ENCODERS 0
-#define CONFIG_HWACCELS 0
-#define CONFIG_PARSERS 1
-#define CONFIG_INDEVS 0
-#define CONFIG_OUTDEVS 0
-#define CONFIG_FILTERS 0
-#define CONFIG_DEMUXERS 0
-#define CONFIG_MUXERS 0
-#define CONFIG_PROTOCOLS 0
 #define CONFIG_DOC 0
 #define CONFIG_HTMLPAGES 0
 #define CONFIG_MANPAGES 1
@@ -400,13 +390,17 @@
 #define CONFIG_TXTPAGES 0
 #define CONFIG_AVIO_DIR_CMD_EXAMPLE 1
 #define CONFIG_AVIO_READING_EXAMPLE 1
-#define CONFIG_DECODING_ENCODING_EXAMPLE 0
+#define CONFIG_DECODE_AUDIO_EXAMPLE 1
+#define CONFIG_DECODE_VIDEO_EXAMPLE 1
 #define CONFIG_DEMUXING_DECODING_EXAMPLE 0
+#define CONFIG_ENCODE_AUDIO_EXAMPLE 1
+#define CONFIG_ENCODE_VIDEO_EXAMPLE 1
 #define CONFIG_EXTRACT_MVS_EXAMPLE 0
 #define CONFIG_FILTER_AUDIO_EXAMPLE 0
 #define CONFIG_FILTERING_AUDIO_EXAMPLE 0
 #define CONFIG_FILTERING_VIDEO_EXAMPLE 0
 #define CONFIG_HTTP_MULTICLIENT_EXAMPLE 0
+#define CONFIG_HW_DECODE_EXAMPLE 0
 #define CONFIG_METADATA_EXAMPLE 0
 #define CONFIG_MUXING_EXAMPLE 0
 #define CONFIG_QSVDEC_EXAMPLE 0
@@ -415,27 +409,55 @@
 #define CONFIG_SCALING_VIDEO_EXAMPLE 0
 #define CONFIG_TRANSCODE_AAC_EXAMPLE 0
 #define CONFIG_TRANSCODING_EXAMPLE 0
-#define CONFIG_AVISYNTH 0
+#define CONFIG_ALSA 0
+#define CONFIG_APPKIT 0
+#define CONFIG_AVFOUNDATION 0
 #define CONFIG_BZLIB 0
-#define CONFIG_CHROMAPRINT 0
-#define CONFIG_CRYSTALHD 0
-#define CONFIG_DECKLINK 0
+#define CONFIG_COREIMAGE 0
+#define CONFIG_ICONV 0
+#define CONFIG_JACK 0
+#define CONFIG_LIBXCB 0
+#define CONFIG_LIBXCB_SHM 0
+#define CONFIG_LIBXCB_SHAPE 0
+#define CONFIG_LIBXCB_XFIXES 0
+#define CONFIG_LZMA 0
+#define CONFIG_SCHANNEL 0
+#define CONFIG_SDL2 0
+#define CONFIG_SECURETRANSPORT 0
+#define CONFIG_SNDIO 0
+#define CONFIG_XLIB 1
+#define CONFIG_ZLIB 0
+#define CONFIG_AVISYNTH 0
 #define CONFIG_FREI0R 0
-#define CONFIG_GCRYPT 0
+#define CONFIG_LIBCDIO 0
+#define CONFIG_LIBRUBBERBAND 0
+#define CONFIG_LIBVIDSTAB 0
+#define CONFIG_LIBX264 0
+#define CONFIG_LIBX265 0
+#define CONFIG_LIBXAVS 0
+#define CONFIG_LIBXVID 0
+#define CONFIG_DECKLINK 0
+#define CONFIG_LIBNDI_NEWTEK 0
+#define CONFIG_LIBFDK_AAC 0
+#define CONFIG_OPENSSL 0
 #define CONFIG_GMP 0
+#define CONFIG_LIBOPENCORE_AMRNB 0
+#define CONFIG_LIBOPENCORE_AMRWB 0
+#define CONFIG_LIBVO_AMRWBENC 0
+#define CONFIG_RKMPP 0
+#define CONFIG_LIBSMBCLIENT 0
+#define CONFIG_CHROMAPRINT 0
+#define CONFIG_GCRYPT 0
 #define CONFIG_GNUTLS 0
-#define CONFIG_ICONV 0
 #define CONFIG_JNI 0
 #define CONFIG_LADSPA 0
 #define CONFIG_LIBASS 0
 #define CONFIG_LIBBLURAY 0
 #define CONFIG_LIBBS2B 0
 #define CONFIG_LIBCACA 0
-#define CONFIG_LIBCDIO 0
 #define CONFIG_LIBCELT 0
 #define CONFIG_LIBDC1394 0
-#define CONFIG_LIBEBUR128 0
-#define CONFIG_LIBFDK_AAC 0
+#define CONFIG_LIBDRM 0
 #define CONFIG_LIBFLITE 0
 #define CONFIG_LIBFONTCONFIG 0
 #define CONFIG_LIBFREETYPE 0
@@ -447,18 +469,15 @@
 #define CONFIG_LIBKVAZAAR 0
 #define CONFIG_LIBMODPLUG 0
 #define CONFIG_LIBMP3LAME 0
-#define CONFIG_LIBNUT 0
-#define CONFIG_LIBOPENCORE_AMRNB 0
-#define CONFIG_LIBOPENCORE_AMRWB 0
+#define CONFIG_LIBMYSOFA 0
 #define CONFIG_LIBOPENCV 0
 #define CONFIG_LIBOPENH264 0
 #define CONFIG_LIBOPENJPEG 0
 #define CONFIG_LIBOPENMPT 0
 #define CONFIG_LIBOPUS 0
 #define CONFIG_LIBPULSE 0
+#define CONFIG_LIBRSVG 0
 #define CONFIG_LIBRTMP 0
-#define CONFIG_LIBRUBBERBAND 0
-#define CONFIG_LIBSCHROEDINGER 0
 #define CONFIG_LIBSHINE 0
 #define CONFIG_LIBSMBCLIENT 0
 #define CONFIG_LIBSNAPPY 0
@@ -469,52 +488,37 @@
 #define CONFIG_LIBTHEORA 0
 #define CONFIG_LIBTWOLAME 0
 #define CONFIG_LIBV4L2 0
-#define CONFIG_LIBVIDSTAB 0
-#define CONFIG_LIBVO_AMRWBENC 0
+#define CONFIG_LIBVMAF 0
 #define CONFIG_LIBVORBIS 0
 #define CONFIG_LIBVPX 0
 #define CONFIG_LIBWAVPACK 0
 #define CONFIG_LIBWEBP 0
-#define CONFIG_LIBX264 0
-#define CONFIG_LIBX265 0
-#define CONFIG_LIBXAVS 0
-#define CONFIG_LIBXCB 0
-#define CONFIG_LIBXCB_SHM 0
-#define CONFIG_LIBXCB_SHAPE 0
-#define CONFIG_LIBXCB_XFIXES 0
-#define CONFIG_LIBXVID 0
+#define CONFIG_LIBXML2 0
 #define CONFIG_LIBZIMG 0
 #define CONFIG_LIBZMQ 0
 #define CONFIG_LIBZVBI 0
-#define CONFIG_LZMA 0
 #define CONFIG_MEDIACODEC 0
-#define CONFIG_NETCDF 0
 #define CONFIG_OPENAL 0
 #define CONFIG_OPENCL 0
 #define CONFIG_OPENGL 0
-#define CONFIG_OPENSSL 0
-#define CONFIG_SCHANNEL 0
-#define CONFIG_SDL 0
-#define CONFIG_SDL2 0
-#define CONFIG_SECURETRANSPORT 0
-#define CONFIG_X11GRAB 0
-#define CONFIG_XLIB 0
-#define CONFIG_ZLIB 0
 #define CONFIG_AUDIOTOOLBOX 0
-#define CONFIG_CUDA 0
-#define CONFIG_CUVID 0
+#define CONFIG_CRYSTALHD 0
+#define CONFIG_CUDA 1
+#define CONFIG_CUVID 1
 #define CONFIG_D3D11VA 0
 #define CONFIG_DXVA2 0
-#define CONFIG_LIBMFX 0
-#define CONFIG_LIBNPP 0
-#define CONFIG_MMAL 0
-#define CONFIG_NVENC 0
-#define CONFIG_OMX 0
+#define CONFIG_NVENC 1
 #define CONFIG_VAAPI 0
 #define CONFIG_VDA 0
 #define CONFIG_VDPAU 0
-#define CONFIG_VIDEOTOOLBOX_HWACCEL 0
+#define CONFIG_VIDEOTOOLBOX 0
+#define CONFIG_V4L2_M2M 1
 #define CONFIG_XVMC 0
+#define CONFIG_CUDA_SDK 0
+#define CONFIG_LIBNPP 0
+#define CONFIG_LIBMFX 0
+#define CONFIG_MMAL 0
+#define CONFIG_OMX 0
 #define CONFIG_FTRAPV 0
 #define CONFIG_GRAY 0
 #define CONFIG_HARDCODED_TABLES 0
@@ -553,16 +557,27 @@
 #define CONFIG_PIXELUTILS 0
 #define CONFIG_NETWORK 0
 #define CONFIG_RDFT 0
+#define CONFIG_AUTODETECT 0
 #define CONFIG_FONTCONFIG 0
-#define CONFIG_MEMALIGN_HACK 0
+#define CONFIG_LINUX_PERF 0
 #define CONFIG_MEMORY_POISONING 0
 #define CONFIG_NEON_CLOBBER_TEST 0
-#define CONFIG_PIC 0
-#define CONFIG_POD2MAN 1
-#define CONFIG_RAISE_MAJOR 0
+#define CONFIG_OSSFUZZ 0
+#define CONFIG_PIC 1
 #define CONFIG_THUMB 0
 #define CONFIG_VALGRIND_BACKTRACE 0
 #define CONFIG_XMM_CLOBBER_TEST 0
+#define CONFIG_BSFS 1
+#define CONFIG_DECODERS 1
+#define CONFIG_ENCODERS 0
+#define CONFIG_HWACCELS 0
+#define CONFIG_PARSERS 1
+#define CONFIG_INDEVS 0
+#define CONFIG_OUTDEVS 0
+#define CONFIG_FILTERS 0
+#define CONFIG_DEMUXERS 0
+#define CONFIG_MUXERS 0
+#define CONFIG_PROTOCOLS 0
 #define CONFIG_AANDCTTABLES 0
 #define CONFIG_AC3DSP 0
 #define CONFIG_AUDIO_FRAME_QUEUE 0
@@ -580,20 +595,22 @@
 #define CONFIG_FMTCONVERT 0
 #define CONFIG_FRAME_THREAD_ENCODER 0
 #define CONFIG_G722DSP 0
-#define CONFIG_GOLOMB 1
+#define CONFIG_GOLOMB 0
 #define CONFIG_GPLV3 0
 #define CONFIG_H263DSP 0
 #define CONFIG_H264CHROMA 0
 #define CONFIG_H264DSP 0
+#define CONFIG_H264PARSE 0
 #define CONFIG_H264PRED 1
 #define CONFIG_H264QPEL 0
+#define CONFIG_HEVCPARSE 0
 #define CONFIG_HPELDSP 0
 #define CONFIG_HUFFMAN 0
 #define CONFIG_HUFFYUVDSP 0
 #define CONFIG_HUFFYUVENCDSP 0
 #define CONFIG_IDCTDSP 0
 #define CONFIG_IIRFILTER 0
-#define CONFIG_IMDCT15 0
+#define CONFIG_MDCT15 0
 #define CONFIG_INTRAX8 0
 #define CONFIG_ISO_MEDIA 0
 #define CONFIG_IVIDSP 0
@@ -602,12 +619,14 @@
 #define CONFIG_LIBX262 0
 #define CONFIG_LLAUDDSP 0
 #define CONFIG_LLVIDDSP 0
+#define CONFIG_LLVIDENCDSP 0
 #define CONFIG_LPC 0
 #define CONFIG_LZF 0
 #define CONFIG_ME_CMP 0
 #define CONFIG_MPEG_ER 0
 #define CONFIG_MPEGAUDIO 0
 #define CONFIG_MPEGAUDIODSP 0
+#define CONFIG_MPEGAUDIOHEADER 0
 #define CONFIG_MPEGVIDEO 0
 #define CONFIG_MPEGVIDEOENC 0
 #define CONFIG_MSS34DSP 0
@@ -629,1595 +648,20 @@
 #define CONFIG_TEXTUREDSP 0
 #define CONFIG_TEXTUREDSPENC 0
 #define CONFIG_TPELDSP 0
+#define CONFIG_VAAPI_1 0
 #define CONFIG_VAAPI_ENCODE 0
 #define CONFIG_VC1DSP 0
 #define CONFIG_VIDEODSP 1
 #define CONFIG_VP3DSP 0
 #define CONFIG_VP56DSP 0
 #define CONFIG_VP8DSP 1
-#define CONFIG_VT_BT2020 0
 #define CONFIG_WMA_FREQS 0
 #define CONFIG_WMV2DSP 0
-#define CONFIG_AAC_ADTSTOASC_BSF 0
-#define CONFIG_CHOMP_BSF 0
-#define CONFIG_DUMP_EXTRADATA_BSF 0
-#define CONFIG_DCA_CORE_BSF 0
-#define CONFIG_H264_MP4TOANNEXB_BSF 0
-#define CONFIG_HEVC_MP4TOANNEXB_BSF 0
-#define CONFIG_IMX_DUMP_HEADER_BSF 0
-#define CONFIG_MJPEG2JPEG_BSF 0
-#define CONFIG_MJPEGA_DUMP_HEADER_BSF 0
-#define CONFIG_MP3_HEADER_DECOMPRESS_BSF 0
-#define CONFIG_MPEG4_UNPACK_BFRAMES_BSF 0
-#define CONFIG_MOV2TEXTSUB_BSF 0
-#define CONFIG_NOISE_BSF 0
-#define CONFIG_REMOVE_EXTRADATA_BSF 0
-#define CONFIG_TEXT2MOVSUB_BSF 0
-#define CONFIG_VP9_SUPERFRAME_BSF 0
-#define CONFIG_AASC_DECODER 0
-#define CONFIG_AIC_DECODER 0
-#define CONFIG_ALIAS_PIX_DECODER 0
-#define CONFIG_AMV_DECODER 0
-#define CONFIG_ANM_DECODER 0
-#define CONFIG_ANSI_DECODER 0
-#define CONFIG_APNG_DECODER 0
-#define CONFIG_ASV1_DECODER 0
-#define CONFIG_ASV2_DECODER 0
-#define CONFIG_AURA_DECODER 0
-#define CONFIG_AURA2_DECODER 0
-#define CONFIG_AVRP_DECODER 0
-#define CONFIG_AVRN_DECODER 0
-#define CONFIG_AVS_DECODER 0
-#define CONFIG_AVUI_DECODER 0
-#define CONFIG_AYUV_DECODER 0
-#define CONFIG_BETHSOFTVID_DECODER 0
-#define CONFIG_BFI_DECODER 0
-#define CONFIG_BINK_DECODER 0
-#define CONFIG_BMP_DECODER 0
-#define CONFIG_BMV_VIDEO_DECODER 0
-#define CONFIG_BRENDER_PIX_DECODER 0
-#define CONFIG_C93_DECODER 0
-#define CONFIG_CAVS_DECODER 0
-#define CONFIG_CDGRAPHICS_DECODER 0
-#define CONFIG_CDXL_DECODER 0
-#define CONFIG_CFHD_DECODER 0
-#define CONFIG_CINEPAK_DECODER 0
-#define CONFIG_CLJR_DECODER 0
-#define CONFIG_CLLC_DECODER 0
-#define CONFIG_COMFORTNOISE_DECODER 0
-#define CONFIG_CPIA_DECODER 0
-#define CONFIG_CSCD_DECODER 0
-#define CONFIG_CYUV_DECODER 0
-#define CONFIG_DDS_DECODER 0
-#define CONFIG_DFA_DECODER 0
-#define CONFIG_DIRAC_DECODER 0
-#define CONFIG_DNXHD_DECODER 0
-#define CONFIG_DPX_DECODER 0
-#define CONFIG_DSICINVIDEO_DECODER 0
-#define CONFIG_DVAUDIO_DECODER 0
-#define CONFIG_DVVIDEO_DECODER 0
-#define CONFIG_DXA_DECODER 0
-#define CONFIG_DXTORY_DECODER 0
-#define CONFIG_DXV_DECODER 0
-#define CONFIG_EACMV_DECODER 0
-#define CONFIG_EAMAD_DECODER 0
-#define CONFIG_EATGQ_DECODER 0
-#define CONFIG_EATGV_DECODER 0
-#define CONFIG_EATQI_DECODER 0
-#define CONFIG_EIGHTBPS_DECODER 0
-#define CONFIG_EIGHTSVX_EXP_DECODER 0
-#define CONFIG_EIGHTSVX_FIB_DECODER 0
-#define CONFIG_ESCAPE124_DECODER 0
-#define CONFIG_ESCAPE130_DECODER 0
-#define CONFIG_EXR_DECODER 0
-#define CONFIG_FFV1_DECODER 0
-#define CONFIG_FFVHUFF_DECODER 0
-#define CONFIG_FIC_DECODER 0
-#define CONFIG_FLASHSV_DECODER 0
-#define CONFIG_FLASHSV2_DECODER 0
-#define CONFIG_FLIC_DECODER 0
-#define CONFIG_FLV_DECODER 0
-#define CONFIG_FOURXM_DECODER 0
-#define CONFIG_FRAPS_DECODER 0
-#define CONFIG_FRWU_DECODER 0
-#define CONFIG_G2M_DECODER 0
-#define CONFIG_GIF_DECODER 0
-#define CONFIG_H261_DECODER 0
-#define CONFIG_H263_DECODER 0
-#define CONFIG_H263I_DECODER 0
-#define CONFIG_H263P_DECODER 0
-#define CONFIG_H264_DECODER 0
-#define CONFIG_H264_CRYSTALHD_DECODER 0
-#define CONFIG_H264_MEDIACODEC_DECODER 0
-#define CONFIG_H264_MMAL_DECODER 0
-#define CONFIG_H264_QSV_DECODER 0
-#define CONFIG_H264_VDA_DECODER 0
-#define CONFIG_H264_VDPAU_DECODER 0
-#define CONFIG_HAP_DECODER 0
-#define CONFIG_HEVC_DECODER 0
-#define CONFIG_HEVC_QSV_DECODER 0
-#define CONFIG_HNM4_VIDEO_DECODER 0
-#define CONFIG_HQ_HQA_DECODER 0
-#define CONFIG_HQX_DECODER 0
-#define CONFIG_HUFFYUV_DECODER 0
-#define CONFIG_IDCIN_DECODER 0
-#define CONFIG_IFF_ILBM_DECODER 0
-#define CONFIG_INDEO2_DECODER 0
-#define CONFIG_INDEO3_DECODER 0
-#define CONFIG_INDEO4_DECODER 0
-#define CONFIG_INDEO5_DECODER 0
-#define CONFIG_INTERPLAY_VIDEO_DECODER 0
-#define CONFIG_JPEG2000_DECODER 0
-#define CONFIG_JPEGLS_DECODER 0
-#define CONFIG_JV_DECODER 0
-#define CONFIG_KGV1_DECODER 0
-#define CONFIG_KMVC_DECODER 0
-#define CONFIG_LAGARITH_DECODER 0
-#define CONFIG_LOCO_DECODER 0
-#define CONFIG_M101_DECODER 0
-#define CONFIG_MAGICYUV_DECODER 0
-#define CONFIG_MDEC_DECODER 0
-#define CONFIG_MIMIC_DECODER 0
-#define CONFIG_MJPEG_DECODER 0
-#define CONFIG_MJPEGB_DECODER 0
-#define CONFIG_MMVIDEO_DECODER 0
-#define CONFIG_MOTIONPIXELS_DECODER 0
-#define CONFIG_MPEG_XVMC_DECODER 0
-#define CONFIG_MPEG1VIDEO_DECODER 0
-#define CONFIG_MPEG2VIDEO_DECODER 0
-#define CONFIG_MPEG4_DECODER 0
-#define CONFIG_MPEG4_CRYSTALHD_DECODER 0
-#define CONFIG_MPEG4_MMAL_DECODER 0
-#define CONFIG_MPEG4_VDPAU_DECODER 0
-#define CONFIG_MPEGVIDEO_DECODER 0
-#define CONFIG_MPEG_VDPAU_DECODER 0
-#define CONFIG_MPEG1_VDPAU_DECODER 0
-#define CONFIG_MPEG2_MMAL_DECODER 0
-#define CONFIG_MPEG2_CRYSTALHD_DECODER 0
-#define CONFIG_MPEG2_QSV_DECODER 0
-#define CONFIG_MSA1_DECODER 0
-#define CONFIG_MSMPEG4_CRYSTALHD_DECODER 0
-#define CONFIG_MSMPEG4V1_DECODER 0
-#define CONFIG_MSMPEG4V2_DECODER 0
-#define CONFIG_MSMPEG4V3_DECODER 0
-#define CONFIG_MSRLE_DECODER 0
-#define CONFIG_MSS1_DECODER 0
-#define CONFIG_MSS2_DECODER 0
-#define CONFIG_MSVIDEO1_DECODER 0
-#define CONFIG_MSZH_DECODER 0
-#define CONFIG_MTS2_DECODER 0
-#define CONFIG_MVC1_DECODER 0
-#define CONFIG_MVC2_DECODER 0
-#define CONFIG_MXPEG_DECODER 0
-#define CONFIG_NUV_DECODER 0
-#define CONFIG_PAF_VIDEO_DECODER 0
-#define CONFIG_PAM_DECODER 0
-#define CONFIG_PBM_DECODER 0
-#define CONFIG_PCX_DECODER 0
-#define CONFIG_PGM_DECODER 0
-#define CONFIG_PGMYUV_DECODER 0
-#define CONFIG_PICTOR_DECODER 0
-#define CONFIG_PNG_DECODER 0
-#define CONFIG_PPM_DECODER 0
-#define CONFIG_PRORES_DECODER 0
-#define CONFIG_PRORES_LGPL_DECODER 0
-#define CONFIG_PTX_DECODER 0
-#define CONFIG_QDRAW_DECODER 0
-#define CONFIG_QPEG_DECODER 0
-#define CONFIG_QTRLE_DECODER 0
-#define CONFIG_R10K_DECODER 0
-#define CONFIG_R210_DECODER 0
-#define CONFIG_RAWVIDEO_DECODER 0
-#define CONFIG_RL2_DECODER 0
-#define CONFIG_ROQ_DECODER 0
-#define CONFIG_RPZA_DECODER 0
-#define CONFIG_RSCC_DECODER 0
-#define CONFIG_RV10_DECODER 0
-#define CONFIG_RV20_DECODER 0
-#define CONFIG_RV30_DECODER 0
-#define CONFIG_RV40_DECODER 0
-#define CONFIG_S302M_DECODER 0
-#define CONFIG_SANM_DECODER 0
-#define CONFIG_SCREENPRESSO_DECODER 0
-#define CONFIG_SDX2_DPCM_DECODER 0
-#define CONFIG_SGI_DECODER 0
-#define CONFIG_SGIRLE_DECODER 0
-#define CONFIG_SHEERVIDEO_DECODER 0
-#define CONFIG_SMACKER_DECODER 0
-#define CONFIG_SMC_DECODER 0
-#define CONFIG_SMVJPEG_DECODER 0
-#define CONFIG_SNOW_DECODER 0
-#define CONFIG_SP5X_DECODER 0
-#define CONFIG_SUNRAST_DECODER 0
-#define CONFIG_SVQ1_DECODER 0
-#define CONFIG_SVQ3_DECODER 0
-#define CONFIG_TARGA_DECODER 0
-#define CONFIG_TARGA_Y216_DECODER 0
-#define CONFIG_TDSC_DECODER 0
-#define CONFIG_THEORA_DECODER 0
-#define CONFIG_THP_DECODER 0
-#define CONFIG_TIERTEXSEQVIDEO_DECODER 0
-#define CONFIG_TIFF_DECODER 0
-#define CONFIG_TMV_DECODER 0
-#define CONFIG_TRUEMOTION1_DECODER 0
-#define CONFIG_TRUEMOTION2_DECODER 0
-#define CONFIG_TRUEMOTION2RT_DECODER 0
-#define CONFIG_TSCC_DECODER 0
-#define CONFIG_TSCC2_DECODER 0
-#define CONFIG_TXD_DECODER 0
-#define CONFIG_ULTI_DECODER 0
-#define CONFIG_UTVIDEO_DECODER 0
-#define CONFIG_V210_DECODER 0
-#define CONFIG_V210X_DECODER 0
-#define CONFIG_V308_DECODER 0
-#define CONFIG_V408_DECODER 0
-#define CONFIG_V410_DECODER 0
-#define CONFIG_VB_DECODER 0
-#define CONFIG_VBLE_DECODER 0
-#define CONFIG_VC1_DECODER 0
-#define CONFIG_VC1_CRYSTALHD_DECODER 0
-#define CONFIG_VC1_VDPAU_DECODER 0
-#define CONFIG_VC1IMAGE_DECODER 0
-#define CONFIG_VC1_MMAL_DECODER 0
-#define CONFIG_VC1_QSV_DECODER 0
-#define CONFIG_VCR1_DECODER 0
-#define CONFIG_VMDVIDEO_DECODER 0
-#define CONFIG_VMNC_DECODER 0
-#define CONFIG_VP3_DECODER 0
-#define CONFIG_VP5_DECODER 0
-#define CONFIG_VP6_DECODER 0
-#define CONFIG_VP6A_DECODER 0
-#define CONFIG_VP6F_DECODER 0
-#define CONFIG_VP7_DECODER 0
+#define CONFIG_NULL_BSF 1
 #define CONFIG_VP8_DECODER 1
 #define CONFIG_VP9_DECODER 1
-#define CONFIG_VQA_DECODER 0
-#define CONFIG_WEBP_DECODER 0
-#define CONFIG_WMV1_DECODER 0
-#define CONFIG_WMV2_DECODER 0
-#define CONFIG_WMV3_DECODER 0
-#define CONFIG_WMV3_CRYSTALHD_DECODER 0
-#define CONFIG_WMV3_VDPAU_DECODER 0
-#define CONFIG_WMV3IMAGE_DECODER 0
-#define CONFIG_WNV1_DECODER 0
-#define CONFIG_XAN_WC3_DECODER 0
-#define CONFIG_XAN_WC4_DECODER 0
-#define CONFIG_XBM_DECODER 0
-#define CONFIG_XFACE_DECODER 0
-#define CONFIG_XL_DECODER 0
-#define CONFIG_XWD_DECODER 0
-#define CONFIG_Y41P_DECODER 0
-#define CONFIG_YLC_DECODER 0
-#define CONFIG_YOP_DECODER 0
-#define CONFIG_YUV4_DECODER 0
-#define CONFIG_ZERO12V_DECODER 0
-#define CONFIG_ZEROCODEC_DECODER 0
-#define CONFIG_ZLIB_DECODER 0
-#define CONFIG_ZMBV_DECODER 0
-#define CONFIG_AAC_DECODER 0
-#define CONFIG_AAC_FIXED_DECODER 0
-#define CONFIG_AAC_LATM_DECODER 0
-#define CONFIG_AC3_DECODER 0
-#define CONFIG_AC3_FIXED_DECODER 0
-#define CONFIG_ALAC_DECODER 0
-#define CONFIG_ALS_DECODER 0
-#define CONFIG_AMRNB_DECODER 0
-#define CONFIG_AMRWB_DECODER 0
-#define CONFIG_APE_DECODER 0
-#define CONFIG_ATRAC1_DECODER 0
-#define CONFIG_ATRAC3_DECODER 0
-#define CONFIG_ATRAC3P_DECODER 0
-#define CONFIG_BINKAUDIO_DCT_DECODER 0
-#define CONFIG_BINKAUDIO_RDFT_DECODER 0
-#define CONFIG_BMV_AUDIO_DECODER 0
-#define CONFIG_COOK_DECODER 0
-#define CONFIG_DCA_DECODER 0
-#define CONFIG_DSD_LSBF_DECODER 0
-#define CONFIG_DSD_MSBF_DECODER 0
-#define CONFIG_DSD_LSBF_PLANAR_DECODER 0
-#define CONFIG_DSD_MSBF_PLANAR_DECODER 0
-#define CONFIG_DSICINAUDIO_DECODER 0
-#define CONFIG_DSS_SP_DECODER 0
-#define CONFIG_DST_DECODER 0
-#define CONFIG_EAC3_DECODER 0
-#define CONFIG_EVRC_DECODER 0
-#define CONFIG_FFWAVESYNTH_DECODER 0
 #define CONFIG_FLAC_DECODER 1
-#define CONFIG_G723_1_DECODER 0
-#define CONFIG_G729_DECODER 0
-#define CONFIG_GSM_DECODER 0
-#define CONFIG_GSM_MS_DECODER 0
-#define CONFIG_IAC_DECODER 0
-#define CONFIG_IMC_DECODER 0
-#define CONFIG_INTERPLAY_ACM_DECODER 0
-#define CONFIG_MACE3_DECODER 0
-#define CONFIG_MACE6_DECODER 0
-#define CONFIG_METASOUND_DECODER 0
-#define CONFIG_MLP_DECODER 0
-#define CONFIG_MP1_DECODER 0
-#define CONFIG_MP1FLOAT_DECODER 0
-#define CONFIG_MP2_DECODER 0
-#define CONFIG_MP2FLOAT_DECODER 0
-#define CONFIG_MP3_DECODER 0
-#define CONFIG_MP3FLOAT_DECODER 0
-#define CONFIG_MP3ADU_DECODER 0
-#define CONFIG_MP3ADUFLOAT_DECODER 0
-#define CONFIG_MP3ON4_DECODER 0
-#define CONFIG_MP3ON4FLOAT_DECODER 0
-#define CONFIG_MPC7_DECODER 0
-#define CONFIG_MPC8_DECODER 0
-#define CONFIG_NELLYMOSER_DECODER 0
-#define CONFIG_ON2AVC_DECODER 0
-#define CONFIG_OPUS_DECODER 0
-#define CONFIG_PAF_AUDIO_DECODER 0
-#define CONFIG_QCELP_DECODER 0
-#define CONFIG_QDM2_DECODER 0
-#define CONFIG_RA_144_DECODER 0
-#define CONFIG_RA_288_DECODER 0
-#define CONFIG_RALF_DECODER 0
-#define CONFIG_SHORTEN_DECODER 0
-#define CONFIG_SIPR_DECODER 0
-#define CONFIG_SMACKAUD_DECODER 0
-#define CONFIG_SONIC_DECODER 0
-#define CONFIG_TAK_DECODER 0
-#define CONFIG_TRUEHD_DECODER 0
-#define CONFIG_TRUESPEECH_DECODER 0
-#define CONFIG_TTA_DECODER 0
-#define CONFIG_TWINVQ_DECODER 0
-#define CONFIG_VMDAUDIO_DECODER 0
-#define CONFIG_VORBIS_DECODER 0
-#define CONFIG_WAVPACK_DECODER 0
-#define CONFIG_WMALOSSLESS_DECODER 0
-#define CONFIG_WMAPRO_DECODER 0
-#define CONFIG_WMAV1_DECODER 0
-#define CONFIG_WMAV2_DECODER 0
-#define CONFIG_WMAVOICE_DECODER 0
-#define CONFIG_WS_SND1_DECODER 0
-#define CONFIG_XMA1_DECODER 0
-#define CONFIG_XMA2_DECODER 0
-#define CONFIG_PCM_ALAW_DECODER 0
-#define CONFIG_PCM_BLURAY_DECODER 0
-#define CONFIG_PCM_DVD_DECODER 0
-#define CONFIG_PCM_F32BE_DECODER 0
-#define CONFIG_PCM_F32LE_DECODER 0
-#define CONFIG_PCM_F64BE_DECODER 0
-#define CONFIG_PCM_F64LE_DECODER 0
-#define CONFIG_PCM_LXF_DECODER 0
-#define CONFIG_PCM_MULAW_DECODER 0
-#define CONFIG_PCM_S8_DECODER 0
-#define CONFIG_PCM_S8_PLANAR_DECODER 0
-#define CONFIG_PCM_S16BE_DECODER 0
-#define CONFIG_PCM_S16BE_PLANAR_DECODER 0
-#define CONFIG_PCM_S16LE_DECODER 0
-#define CONFIG_PCM_S16LE_PLANAR_DECODER 0
-#define CONFIG_PCM_S24BE_DECODER 0
-#define CONFIG_PCM_S24DAUD_DECODER 0
-#define CONFIG_PCM_S24LE_DECODER 0
-#define CONFIG_PCM_S24LE_PLANAR_DECODER 0
-#define CONFIG_PCM_S32BE_DECODER 0
-#define CONFIG_PCM_S32LE_DECODER 0
-#define CONFIG_PCM_S32LE_PLANAR_DECODER 0
-#define CONFIG_PCM_S64BE_DECODER 0
-#define CONFIG_PCM_S64LE_DECODER 0
-#define CONFIG_PCM_U8_DECODER 0
-#define CONFIG_PCM_U16BE_DECODER 0
-#define CONFIG_PCM_U16LE_DECODER 0
-#define CONFIG_PCM_U24BE_DECODER 0
-#define CONFIG_PCM_U24LE_DECODER 0
-#define CONFIG_PCM_U32BE_DECODER 0
-#define CONFIG_PCM_U32LE_DECODER 0
-#define CONFIG_PCM_ZORK_DECODER 0
-#define CONFIG_INTERPLAY_DPCM_DECODER 0
-#define CONFIG_ROQ_DPCM_DECODER 0
-#define CONFIG_SOL_DPCM_DECODER 0
-#define CONFIG_XAN_DPCM_DECODER 0
-#define CONFIG_ADPCM_4XM_DECODER 0
-#define CONFIG_ADPCM_ADX_DECODER 0
-#define CONFIG_ADPCM_AFC_DECODER 0
-#define CONFIG_ADPCM_AICA_DECODER 0
-#define CONFIG_ADPCM_CT_DECODER 0
-#define CONFIG_ADPCM_DTK_DECODER 0
-#define CONFIG_ADPCM_EA_DECODER 0
-#define CONFIG_ADPCM_EA_MAXIS_XA_DECODER 0
-#define CONFIG_ADPCM_EA_R1_DECODER 0
-#define CONFIG_ADPCM_EA_R2_DECODER 0
-#define CONFIG_ADPCM_EA_R3_DECODER 0
-#define CONFIG_ADPCM_EA_XAS_DECODER 0
-#define CONFIG_ADPCM_G722_DECODER 0
-#define CONFIG_ADPCM_G726_DECODER 0
-#define CONFIG_ADPCM_G726LE_DECODER 0
-#define CONFIG_ADPCM_IMA_AMV_DECODER 0
-#define CONFIG_ADPCM_IMA_APC_DECODER 0
-#define CONFIG_ADPCM_IMA_DAT4_DECODER 0
-#define CONFIG_ADPCM_IMA_DK3_DECODER 0
-#define CONFIG_ADPCM_IMA_DK4_DECODER 0
-#define CONFIG_ADPCM_IMA_EA_EACS_DECODER 0
-#define CONFIG_ADPCM_IMA_EA_SEAD_DECODER 0
-#define CONFIG_ADPCM_IMA_ISS_DECODER 0
-#define CONFIG_ADPCM_IMA_OKI_DECODER 0
-#define CONFIG_ADPCM_IMA_QT_DECODER 0
-#define CONFIG_ADPCM_IMA_RAD_DECODER 0
-#define CONFIG_ADPCM_IMA_SMJPEG_DECODER 0
-#define CONFIG_ADPCM_IMA_WAV_DECODER 0
-#define CONFIG_ADPCM_IMA_WS_DECODER 0
-#define CONFIG_ADPCM_MS_DECODER 0
-#define CONFIG_ADPCM_MTAF_DECODER 0
-#define CONFIG_ADPCM_PSX_DECODER 0
-#define CONFIG_ADPCM_SBPRO_2_DECODER 0
-#define CONFIG_ADPCM_SBPRO_3_DECODER 0
-#define CONFIG_ADPCM_SBPRO_4_DECODER 0
-#define CONFIG_ADPCM_SWF_DECODER 0
-#define CONFIG_ADPCM_THP_DECODER 0
-#define CONFIG_ADPCM_THP_LE_DECODER 0
-#define CONFIG_ADPCM_VIMA_DECODER 0
-#define CONFIG_ADPCM_XA_DECODER 0
-#define CONFIG_ADPCM_YAMAHA_DECODER 0
-#define CONFIG_SSA_DECODER 0
-#define CONFIG_ASS_DECODER 0
-#define CONFIG_CCAPTION_DECODER 0
-#define CONFIG_DVBSUB_DECODER 0
-#define CONFIG_DVDSUB_DECODER 0
-#define CONFIG_JACOSUB_DECODER 0
-#define CONFIG_MICRODVD_DECODER 0
-#define CONFIG_MOVTEXT_DECODER 0
-#define CONFIG_MPL2_DECODER 0
-#define CONFIG_PGSSUB_DECODER 0
-#define CONFIG_PJS_DECODER 0
-#define CONFIG_REALTEXT_DECODER 0
-#define CONFIG_SAMI_DECODER 0
-#define CONFIG_SRT_DECODER 0
-#define CONFIG_STL_DECODER 0
-#define CONFIG_SUBRIP_DECODER 0
-#define CONFIG_SUBVIEWER_DECODER 0
-#define CONFIG_SUBVIEWER1_DECODER 0
-#define CONFIG_TEXT_DECODER 0
-#define CONFIG_VPLAYER_DECODER 0
-#define CONFIG_WEBVTT_DECODER 0
-#define CONFIG_XSUB_DECODER 0
-#define CONFIG_AAC_AT_DECODER 0
-#define CONFIG_AC3_AT_DECODER 0
-#define CONFIG_ADPCM_IMA_QT_AT_DECODER 0
-#define CONFIG_ALAC_AT_DECODER 0
-#define CONFIG_AMR_NB_AT_DECODER 0
-#define CONFIG_EAC3_AT_DECODER 0
-#define CONFIG_GSM_MS_AT_DECODER 0
-#define CONFIG_ILBC_AT_DECODER 0
-#define CONFIG_MP1_AT_DECODER 0
-#define CONFIG_MP2_AT_DECODER 0
-#define CONFIG_MP3_AT_DECODER 0
-#define CONFIG_PCM_ALAW_AT_DECODER 0
-#define CONFIG_PCM_MULAW_AT_DECODER 0
-#define CONFIG_QDMC_AT_DECODER 0
-#define CONFIG_QDM2_AT_DECODER 0
-#define CONFIG_LIBCELT_DECODER 0
-#define CONFIG_LIBFDK_AAC_DECODER 0
-#define CONFIG_LIBGSM_DECODER 0
-#define CONFIG_LIBGSM_MS_DECODER 0
-#define CONFIG_LIBILBC_DECODER 0
-#define CONFIG_LIBOPENCORE_AMRNB_DECODER 0
-#define CONFIG_LIBOPENCORE_AMRWB_DECODER 0
-#define CONFIG_LIBOPENJPEG_DECODER 0
-#define CONFIG_LIBOPUS_DECODER 0
-#define CONFIG_LIBSCHROEDINGER_DECODER 0
-#define CONFIG_LIBSPEEX_DECODER 0
-#define CONFIG_LIBVORBIS_DECODER 0
-#define CONFIG_LIBVPX_VP8_DECODER 0
-#define CONFIG_LIBVPX_VP9_DECODER 0
-#define CONFIG_LIBZVBI_TELETEXT_DECODER 0
-#define CONFIG_BINTEXT_DECODER 0
-#define CONFIG_XBIN_DECODER 0
-#define CONFIG_IDF_DECODER 0
-#define CONFIG_LIBOPENH264_DECODER 0
-#define CONFIG_H263_CUVID_DECODER 0
-#define CONFIG_H264_CUVID_DECODER 0
-#define CONFIG_HEVC_CUVID_DECODER 0
-#define CONFIG_HEVC_MEDIACODEC_DECODER 0
-#define CONFIG_MJPEG_CUVID_DECODER 0
-#define CONFIG_MPEG1_CUVID_DECODER 0
-#define CONFIG_MPEG2_CUVID_DECODER 0
-#define CONFIG_MPEG4_CUVID_DECODER 0
-#define CONFIG_MPEG4_MEDIACODEC_DECODER 0
-#define CONFIG_VC1_CUVID_DECODER 0
-#define CONFIG_VP8_CUVID_DECODER 0
-#define CONFIG_VP8_MEDIACODEC_DECODER 0
-#define CONFIG_VP9_CUVID_DECODER 0
-#define CONFIG_VP9_MEDIACODEC_DECODER 0
-#define CONFIG_AA_DEMUXER 0
-#define CONFIG_AAC_DEMUXER 0
-#define CONFIG_AC3_DEMUXER 0
-#define CONFIG_ACM_DEMUXER 0
-#define CONFIG_ACT_DEMUXER 0
-#define CONFIG_ADF_DEMUXER 0
-#define CONFIG_ADP_DEMUXER 0
-#define CONFIG_ADS_DEMUXER 0
-#define CONFIG_ADX_DEMUXER 0
-#define CONFIG_AEA_DEMUXER 0
-#define CONFIG_AFC_DEMUXER 0
-#define CONFIG_AIFF_DEMUXER 0
-#define CONFIG_AIX_DEMUXER 0
-#define CONFIG_AMR_DEMUXER 0
-#define CONFIG_ANM_DEMUXER 0
-#define CONFIG_APC_DEMUXER 0
-#define CONFIG_APE_DEMUXER 0
-#define CONFIG_APNG_DEMUXER 0
-#define CONFIG_AQTITLE_DEMUXER 0
-#define CONFIG_ASF_DEMUXER 0
-#define CONFIG_ASF_O_DEMUXER 0
-#define CONFIG_ASS_DEMUXER 0
-#define CONFIG_AST_DEMUXER 0
-#define CONFIG_AU_DEMUXER 0
-#define CONFIG_AVI_DEMUXER 0
-#define CONFIG_AVISYNTH_DEMUXER 0
-#define CONFIG_AVR_DEMUXER 0
-#define CONFIG_AVS_DEMUXER 0
-#define CONFIG_BETHSOFTVID_DEMUXER 0
-#define CONFIG_BFI_DEMUXER 0
-#define CONFIG_BINTEXT_DEMUXER 0
-#define CONFIG_BINK_DEMUXER 0
-#define CONFIG_BIT_DEMUXER 0
-#define CONFIG_BMV_DEMUXER 0
-#define CONFIG_BFSTM_DEMUXER 0
-#define CONFIG_BRSTM_DEMUXER 0
-#define CONFIG_BOA_DEMUXER 0
-#define CONFIG_C93_DEMUXER 0
-#define CONFIG_CAF_DEMUXER 0
-#define CONFIG_CAVSVIDEO_DEMUXER 0
-#define CONFIG_CDG_DEMUXER 0
-#define CONFIG_CDXL_DEMUXER 0
-#define CONFIG_CINE_DEMUXER 0
-#define CONFIG_CONCAT_DEMUXER 0
-#define CONFIG_DATA_DEMUXER 0
-#define CONFIG_DAUD_DEMUXER 0
-#define CONFIG_DCSTR_DEMUXER 0
-#define CONFIG_DFA_DEMUXER 0
-#define CONFIG_DIRAC_DEMUXER 0
-#define CONFIG_DNXHD_DEMUXER 0
-#define CONFIG_DSF_DEMUXER 0
-#define CONFIG_DSICIN_DEMUXER 0
-#define CONFIG_DSS_DEMUXER 0
-#define CONFIG_DTS_DEMUXER 0
-#define CONFIG_DTSHD_DEMUXER 0
-#define CONFIG_DV_DEMUXER 0
-#define CONFIG_DVBSUB_DEMUXER 0
-#define CONFIG_DVBTXT_DEMUXER 0
-#define CONFIG_DXA_DEMUXER 0
-#define CONFIG_EA_DEMUXER 0
-#define CONFIG_EA_CDATA_DEMUXER 0
-#define CONFIG_EAC3_DEMUXER 0
-#define CONFIG_EPAF_DEMUXER 0
-#define CONFIG_FFM_DEMUXER 0
-#define CONFIG_FFMETADATA_DEMUXER 0
-#define CONFIG_FILMSTRIP_DEMUXER 0
-#define CONFIG_FLAC_DEMUXER 0
-#define CONFIG_FLIC_DEMUXER 0
-#define CONFIG_FLV_DEMUXER 0
-#define CONFIG_LIVE_FLV_DEMUXER 0
-#define CONFIG_FOURXM_DEMUXER 0
-#define CONFIG_FRM_DEMUXER 0
-#define CONFIG_FSB_DEMUXER 0
-#define CONFIG_G722_DEMUXER 0
-#define CONFIG_G723_1_DEMUXER 0
-#define CONFIG_G729_DEMUXER 0
-#define CONFIG_GENH_DEMUXER 0
-#define CONFIG_GIF_DEMUXER 0
-#define CONFIG_GSM_DEMUXER 0
-#define CONFIG_GXF_DEMUXER 0
-#define CONFIG_H261_DEMUXER 0
-#define CONFIG_H263_DEMUXER 0
-#define CONFIG_H264_DEMUXER 0
-#define CONFIG_HEVC_DEMUXER 0
-#define CONFIG_HLS_DEMUXER 0
-#define CONFIG_HNM_DEMUXER 0
-#define CONFIG_ICO_DEMUXER 0
-#define CONFIG_IDCIN_DEMUXER 0
-#define CONFIG_IDF_DEMUXER 0
-#define CONFIG_IFF_DEMUXER 0
-#define CONFIG_ILBC_DEMUXER 0
-#define CONFIG_IMAGE2_DEMUXER 0
-#define CONFIG_IMAGE2PIPE_DEMUXER 0
-#define CONFIG_IMAGE2_ALIAS_PIX_DEMUXER 0
-#define CONFIG_IMAGE2_BRENDER_PIX_DEMUXER 0
-#define CONFIG_INGENIENT_DEMUXER 0
-#define CONFIG_IPMOVIE_DEMUXER 0
-#define CONFIG_IRCAM_DEMUXER 0
-#define CONFIG_ISS_DEMUXER 0
-#define CONFIG_IV8_DEMUXER 0
-#define CONFIG_IVF_DEMUXER 0
-#define CONFIG_IVR_DEMUXER 0
-#define CONFIG_JACOSUB_DEMUXER 0
-#define CONFIG_JV_DEMUXER 0
-#define CONFIG_LMLM4_DEMUXER 0
-#define CONFIG_LOAS_DEMUXER 0
-#define CONFIG_LRC_DEMUXER 0
-#define CONFIG_LVF_DEMUXER 0
-#define CONFIG_LXF_DEMUXER 0
-#define CONFIG_M4V_DEMUXER 0
-#define CONFIG_MATROSKA_DEMUXER 0
-#define CONFIG_MGSTS_DEMUXER 0
-#define CONFIG_MICRODVD_DEMUXER 0
-#define CONFIG_MJPEG_DEMUXER 0
-#define CONFIG_MLP_DEMUXER 0
-#define CONFIG_MLV_DEMUXER 0
-#define CONFIG_MM_DEMUXER 0
-#define CONFIG_MMF_DEMUXER 0
-#define CONFIG_MOV_DEMUXER 0
-#define CONFIG_MP3_DEMUXER 0
-#define CONFIG_MPC_DEMUXER 0
-#define CONFIG_MPC8_DEMUXER 0
-#define CONFIG_MPEGPS_DEMUXER 0
-#define CONFIG_MPEGTS_DEMUXER 0
-#define CONFIG_MPEGTSRAW_DEMUXER 0
-#define CONFIG_MPEGVIDEO_DEMUXER 0
-#define CONFIG_MPJPEG_DEMUXER 0
-#define CONFIG_MPL2_DEMUXER 0
-#define CONFIG_MPSUB_DEMUXER 0
-#define CONFIG_MSF_DEMUXER 0
-#define CONFIG_MSNWC_TCP_DEMUXER 0
-#define CONFIG_MTAF_DEMUXER 0
-#define CONFIG_MTV_DEMUXER 0
-#define CONFIG_MUSX_DEMUXER 0
-#define CONFIG_MV_DEMUXER 0
-#define CONFIG_MVI_DEMUXER 0
-#define CONFIG_MXF_DEMUXER 0
-#define CONFIG_MXG_DEMUXER 0
-#define CONFIG_NC_DEMUXER 0
-#define CONFIG_NISTSPHERE_DEMUXER 0
-#define CONFIG_NSV_DEMUXER 0
-#define CONFIG_NUT_DEMUXER 0
-#define CONFIG_NUV_DEMUXER 0
-#define CONFIG_OGG_DEMUXER 0
-#define CONFIG_OMA_DEMUXER 0
-#define CONFIG_PAF_DEMUXER 0
-#define CONFIG_PCM_ALAW_DEMUXER 0
-#define CONFIG_PCM_MULAW_DEMUXER 0
-#define CONFIG_PCM_F64BE_DEMUXER 0
-#define CONFIG_PCM_F64LE_DEMUXER 0
-#define CONFIG_PCM_F32BE_DEMUXER 0
-#define CONFIG_PCM_F32LE_DEMUXER 0
-#define CONFIG_PCM_S32BE_DEMUXER 0
-#define CONFIG_PCM_S32LE_DEMUXER 0
-#define CONFIG_PCM_S24BE_DEMUXER 0
-#define CONFIG_PCM_S24LE_DEMUXER 0
-#define CONFIG_PCM_S16BE_DEMUXER 0
-#define CONFIG_PCM_S16LE_DEMUXER 0
-#define CONFIG_PCM_S8_DEMUXER 0
-#define CONFIG_PCM_U32BE_DEMUXER 0
-#define CONFIG_PCM_U32LE_DEMUXER 0
-#define CONFIG_PCM_U24BE_DEMUXER 0
-#define CONFIG_PCM_U24LE_DEMUXER 0
-#define CONFIG_PCM_U16BE_DEMUXER 0
-#define CONFIG_PCM_U16LE_DEMUXER 0
-#define CONFIG_PCM_U8_DEMUXER 0
-#define CONFIG_PJS_DEMUXER 0
-#define CONFIG_PMP_DEMUXER 0
-#define CONFIG_PVA_DEMUXER 0
-#define CONFIG_PVF_DEMUXER 0
-#define CONFIG_QCP_DEMUXER 0
-#define CONFIG_R3D_DEMUXER 0
-#define CONFIG_RAWVIDEO_DEMUXER 0
-#define CONFIG_REALTEXT_DEMUXER 0
-#define CONFIG_REDSPARK_DEMUXER 0
-#define CONFIG_RL2_DEMUXER 0
-#define CONFIG_RM_DEMUXER 0
-#define CONFIG_ROQ_DEMUXER 0
-#define CONFIG_RPL_DEMUXER 0
-#define CONFIG_RSD_DEMUXER 0
-#define CONFIG_RSO_DEMUXER 0
-#define CONFIG_RTP_DEMUXER 0
-#define CONFIG_RTSP_DEMUXER 0
-#define CONFIG_SAMI_DEMUXER 0
-#define CONFIG_SAP_DEMUXER 0
-#define CONFIG_SBG_DEMUXER 0
-#define CONFIG_SDP_DEMUXER 0
-#define CONFIG_SDR2_DEMUXER 0
-#define CONFIG_SEGAFILM_DEMUXER 0
-#define CONFIG_SHORTEN_DEMUXER 0
-#define CONFIG_SIFF_DEMUXER 0
-#define CONFIG_SLN_DEMUXER 0
-#define CONFIG_SMACKER_DEMUXER 0
-#define CONFIG_SMJPEG_DEMUXER 0
-#define CONFIG_SMUSH_DEMUXER 0
-#define CONFIG_SOL_DEMUXER 0
-#define CONFIG_SOX_DEMUXER 0
-#define CONFIG_SPDIF_DEMUXER 0
-#define CONFIG_SRT_DEMUXER 0
-#define CONFIG_STR_DEMUXER 0
-#define CONFIG_STL_DEMUXER 0
-#define CONFIG_SUBVIEWER1_DEMUXER 0
-#define CONFIG_SUBVIEWER_DEMUXER 0
-#define CONFIG_SUP_DEMUXER 0
-#define CONFIG_SVAG_DEMUXER 0
-#define CONFIG_SWF_DEMUXER 0
-#define CONFIG_TAK_DEMUXER 0
-#define CONFIG_TEDCAPTIONS_DEMUXER 0
-#define CONFIG_THP_DEMUXER 0
-#define CONFIG_THREEDOSTR_DEMUXER 0
-#define CONFIG_TIERTEXSEQ_DEMUXER 0
-#define CONFIG_TMV_DEMUXER 0
-#define CONFIG_TRUEHD_DEMUXER 0
-#define CONFIG_TTA_DEMUXER 0
-#define CONFIG_TXD_DEMUXER 0
-#define CONFIG_TTY_DEMUXER 0
-#define CONFIG_V210_DEMUXER 0
-#define CONFIG_V210X_DEMUXER 0
-#define CONFIG_VAG_DEMUXER 0
-#define CONFIG_VC1_DEMUXER 0
-#define CONFIG_VC1T_DEMUXER 0
-#define CONFIG_VIVO_DEMUXER 0
-#define CONFIG_VMD_DEMUXER 0
-#define CONFIG_VOBSUB_DEMUXER 0
-#define CONFIG_VOC_DEMUXER 0
-#define CONFIG_VPK_DEMUXER 0
-#define CONFIG_VPLAYER_DEMUXER 0
-#define CONFIG_VQF_DEMUXER 0
-#define CONFIG_W64_DEMUXER 0
-#define CONFIG_WAV_DEMUXER 0
-#define CONFIG_WC3_DEMUXER 0
-#define CONFIG_WEBM_DASH_MANIFEST_DEMUXER 0
-#define CONFIG_WEBVTT_DEMUXER 0
-#define CONFIG_WSAUD_DEMUXER 0
-#define CONFIG_WSD_DEMUXER 0
-#define CONFIG_WSVQA_DEMUXER 0
-#define CONFIG_WTV_DEMUXER 0
-#define CONFIG_WVE_DEMUXER 0
-#define CONFIG_WV_DEMUXER 0
-#define CONFIG_XA_DEMUXER 0
-#define CONFIG_XBIN_DEMUXER 0
-#define CONFIG_XMV_DEMUXER 0
-#define CONFIG_XVAG_DEMUXER 0
-#define CONFIG_XWMA_DEMUXER 0
-#define CONFIG_YOP_DEMUXER 0
-#define CONFIG_YUV4MPEGPIPE_DEMUXER 0
-#define CONFIG_IMAGE_BMP_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_DDS_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_DPX_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_EXR_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_J2K_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_JPEG_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_JPEGLS_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_PAM_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_PBM_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_PCX_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_PGMYUV_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_PGM_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_PICTOR_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_PNG_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_PPM_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_QDRAW_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_SGI_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_SUNRAST_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_TIFF_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_WEBP_PIPE_DEMUXER 0
-#define CONFIG_LIBGME_DEMUXER 0
-#define CONFIG_LIBMODPLUG_DEMUXER 0
-#define CONFIG_LIBNUT_DEMUXER 0
-#define CONFIG_LIBOPENMPT_DEMUXER 0
-#define CONFIG_A64MULTI_ENCODER 0
-#define CONFIG_A64MULTI5_ENCODER 0
-#define CONFIG_ALIAS_PIX_ENCODER 0
-#define CONFIG_AMV_ENCODER 0
-#define CONFIG_APNG_ENCODER 0
-#define CONFIG_ASV1_ENCODER 0
-#define CONFIG_ASV2_ENCODER 0
-#define CONFIG_AVRP_ENCODER 0
-#define CONFIG_AVUI_ENCODER 0
-#define CONFIG_AYUV_ENCODER 0
-#define CONFIG_BMP_ENCODER 0
-#define CONFIG_CINEPAK_ENCODER 0
-#define CONFIG_CLJR_ENCODER 0
-#define CONFIG_COMFORTNOISE_ENCODER 0
-#define CONFIG_DNXHD_ENCODER 0
-#define CONFIG_DPX_ENCODER 0
-#define CONFIG_DVVIDEO_ENCODER 0
-#define CONFIG_FFV1_ENCODER 0
-#define CONFIG_FFVHUFF_ENCODER 0
-#define CONFIG_FLASHSV_ENCODER 0
-#define CONFIG_FLASHSV2_ENCODER 0
-#define CONFIG_FLV_ENCODER 0
-#define CONFIG_GIF_ENCODER 0
-#define CONFIG_H261_ENCODER 0
-#define CONFIG_H263_ENCODER 0
-#define CONFIG_H263P_ENCODER 0
-#define CONFIG_HAP_ENCODER 0
-#define CONFIG_HUFFYUV_ENCODER 0
-#define CONFIG_JPEG2000_ENCODER 0
-#define CONFIG_JPEGLS_ENCODER 0
-#define CONFIG_LJPEG_ENCODER 0
-#define CONFIG_MJPEG_ENCODER 0
-#define CONFIG_MPEG1VIDEO_ENCODER 0
-#define CONFIG_MPEG2VIDEO_ENCODER 0
-#define CONFIG_MPEG4_ENCODER 0
-#define CONFIG_MSMPEG4V2_ENCODER 0
-#define CONFIG_MSMPEG4V3_ENCODER 0
-#define CONFIG_MSVIDEO1_ENCODER 0
-#define CONFIG_PAM_ENCODER 0
-#define CONFIG_PBM_ENCODER 0
-#define CONFIG_PCX_ENCODER 0
-#define CONFIG_PGM_ENCODER 0
-#define CONFIG_PGMYUV_ENCODER 0
-#define CONFIG_PNG_ENCODER 0
-#define CONFIG_PPM_ENCODER 0
-#define CONFIG_PRORES_ENCODER 0
-#define CONFIG_PRORES_AW_ENCODER 0
-#define CONFIG_PRORES_KS_ENCODER 0
-#define CONFIG_QTRLE_ENCODER 0
-#define CONFIG_R10K_ENCODER 0
-#define CONFIG_R210_ENCODER 0
-#define CONFIG_RAWVIDEO_ENCODER 0
-#define CONFIG_ROQ_ENCODER 0
-#define CONFIG_RV10_ENCODER 0
-#define CONFIG_RV20_ENCODER 0
-#define CONFIG_S302M_ENCODER 0
-#define CONFIG_SGI_ENCODER 0
-#define CONFIG_SNOW_ENCODER 0
-#define CONFIG_SUNRAST_ENCODER 0
-#define CONFIG_SVQ1_ENCODER 0
-#define CONFIG_TARGA_ENCODER 0
-#define CONFIG_TIFF_ENCODER 0
-#define CONFIG_UTVIDEO_ENCODER 0
-#define CONFIG_V210_ENCODER 0
-#define CONFIG_V308_ENCODER 0
-#define CONFIG_V408_ENCODER 0
-#define CONFIG_V410_ENCODER 0
-#define CONFIG_VC2_ENCODER 0
-#define CONFIG_WRAPPED_AVFRAME_ENCODER 0
-#define CONFIG_WMV1_ENCODER 0
-#define CONFIG_WMV2_ENCODER 0
-#define CONFIG_XBM_ENCODER 0
-#define CONFIG_XFACE_ENCODER 0
-#define CONFIG_XWD_ENCODER 0
-#define CONFIG_Y41P_ENCODER 0
-#define CONFIG_YUV4_ENCODER 0
-#define CONFIG_ZLIB_ENCODER 0
-#define CONFIG_ZMBV_ENCODER 0
-#define CONFIG_AAC_ENCODER 0
-#define CONFIG_AC3_ENCODER 0
-#define CONFIG_AC3_FIXED_ENCODER 0
-#define CONFIG_ALAC_ENCODER 0
-#define CONFIG_DCA_ENCODER 0
-#define CONFIG_EAC3_ENCODER 0
-#define CONFIG_FLAC_ENCODER 0
-#define CONFIG_G723_1_ENCODER 0
-#define CONFIG_MLP_ENCODER 0
-#define CONFIG_MP2_ENCODER 0
-#define CONFIG_MP2FIXED_ENCODER 0
-#define CONFIG_NELLYMOSER_ENCODER 0
-#define CONFIG_RA_144_ENCODER 0
-#define CONFIG_SONIC_ENCODER 0
-#define CONFIG_SONIC_LS_ENCODER 0
-#define CONFIG_TRUEHD_ENCODER 0
-#define CONFIG_TTA_ENCODER 0
-#define CONFIG_VORBIS_ENCODER 0
-#define CONFIG_WAVPACK_ENCODER 0
-#define CONFIG_WMAV1_ENCODER 0
-#define CONFIG_WMAV2_ENCODER 0
-#define CONFIG_PCM_ALAW_ENCODER 0
-#define CONFIG_PCM_F32BE_ENCODER 0
-#define CONFIG_PCM_F32LE_ENCODER 0
-#define CONFIG_PCM_F64BE_ENCODER 0
-#define CONFIG_PCM_F64LE_ENCODER 0
-#define CONFIG_PCM_MULAW_ENCODER 0
-#define CONFIG_PCM_S8_ENCODER 0
-#define CONFIG_PCM_S8_PLANAR_ENCODER 0
-#define CONFIG_PCM_S16BE_ENCODER 0
-#define CONFIG_PCM_S16BE_PLANAR_ENCODER 0
-#define CONFIG_PCM_S16LE_ENCODER 0
-#define CONFIG_PCM_S16LE_PLANAR_ENCODER 0
-#define CONFIG_PCM_S24BE_ENCODER 0
-#define CONFIG_PCM_S24DAUD_ENCODER 0
-#define CONFIG_PCM_S24LE_ENCODER 0
-#define CONFIG_PCM_S24LE_PLANAR_ENCODER 0
-#define CONFIG_PCM_S32BE_ENCODER 0
-#define CONFIG_PCM_S32LE_ENCODER 0
-#define CONFIG_PCM_S32LE_PLANAR_ENCODER 0
-#define CONFIG_PCM_S64BE_ENCODER 0
-#define CONFIG_PCM_S64LE_ENCODER 0
-#define CONFIG_PCM_U8_ENCODER 0
-#define CONFIG_PCM_U16BE_ENCODER 0
-#define CONFIG_PCM_U16LE_ENCODER 0
-#define CONFIG_PCM_U24BE_ENCODER 0
-#define CONFIG_PCM_U24LE_ENCODER 0
-#define CONFIG_PCM_U32BE_ENCODER 0
-#define CONFIG_PCM_U32LE_ENCODER 0
-#define CONFIG_ROQ_DPCM_ENCODER 0
-#define CONFIG_ADPCM_ADX_ENCODER 0
-#define CONFIG_ADPCM_G722_ENCODER 0
-#define CONFIG_ADPCM_G726_ENCODER 0
-#define CONFIG_ADPCM_IMA_QT_ENCODER 0
-#define CONFIG_ADPCM_IMA_WAV_ENCODER 0
-#define CONFIG_ADPCM_MS_ENCODER 0
-#define CONFIG_ADPCM_SWF_ENCODER 0
-#define CONFIG_ADPCM_YAMAHA_ENCODER 0
-#define CONFIG_SSA_ENCODER 0
-#define CONFIG_ASS_ENCODER 0
-#define CONFIG_DVBSUB_ENCODER 0
-#define CONFIG_DVDSUB_ENCODER 0
-#define CONFIG_MOVTEXT_ENCODER 0
-#define CONFIG_SRT_ENCODER 0
-#define CONFIG_SUBRIP_ENCODER 0
-#define CONFIG_TEXT_ENCODER 0
-#define CONFIG_WEBVTT_ENCODER 0
-#define CONFIG_XSUB_ENCODER 0
-#define CONFIG_AAC_AT_ENCODER 0
-#define CONFIG_ALAC_AT_ENCODER 0
-#define CONFIG_ILBC_AT_ENCODER 0
-#define CONFIG_PCM_ALAW_AT_ENCODER 0
-#define CONFIG_PCM_MULAW_AT_ENCODER 0
-#define CONFIG_LIBFDK_AAC_ENCODER 0
-#define CONFIG_LIBGSM_ENCODER 0
-#define CONFIG_LIBGSM_MS_ENCODER 0
-#define CONFIG_LIBILBC_ENCODER 0
-#define CONFIG_LIBMP3LAME_ENCODER 0
-#define CONFIG_LIBOPENCORE_AMRNB_ENCODER 0
-#define CONFIG_LIBOPENJPEG_ENCODER 0
-#define CONFIG_LIBOPUS_ENCODER 0
-#define CONFIG_LIBSCHROEDINGER_ENCODER 0
-#define CONFIG_LIBSHINE_ENCODER 0
-#define CONFIG_LIBSPEEX_ENCODER 0
-#define CONFIG_LIBTHEORA_ENCODER 0
-#define CONFIG_LIBTWOLAME_ENCODER 0
-#define CONFIG_LIBVO_AMRWBENC_ENCODER 0
-#define CONFIG_LIBVORBIS_ENCODER 0
-#define CONFIG_LIBVPX_VP8_ENCODER 0
-#define CONFIG_LIBVPX_VP9_ENCODER 0
-#define CONFIG_LIBWAVPACK_ENCODER 0
-#define CONFIG_LIBWEBP_ANIM_ENCODER 0
-#define CONFIG_LIBWEBP_ENCODER 0
-#define CONFIG_LIBX262_ENCODER 0
-#define CONFIG_LIBX264_ENCODER 0
-#define CONFIG_LIBX264RGB_ENCODER 0
-#define CONFIG_LIBX265_ENCODER 0
-#define CONFIG_LIBXAVS_ENCODER 0
-#define CONFIG_LIBXVID_ENCODER 0
-#define CONFIG_LIBOPENH264_ENCODER 0
-#define CONFIG_H264_NVENC_ENCODER 0
-#define CONFIG_H264_OMX_ENCODER 0
-#define CONFIG_H264_QSV_ENCODER 0
-#define CONFIG_H264_VAAPI_ENCODER 0
-#define CONFIG_H264_VIDEOTOOLBOX_ENCODER 0
-#define CONFIG_NVENC_ENCODER 0
-#define CONFIG_NVENC_H264_ENCODER 0
-#define CONFIG_NVENC_HEVC_ENCODER 0
-#define CONFIG_HEVC_NVENC_ENCODER 0
-#define CONFIG_HEVC_QSV_ENCODER 0
-#define CONFIG_HEVC_VAAPI_ENCODER 0
-#define CONFIG_LIBKVAZAAR_ENCODER 0
-#define CONFIG_MJPEG_VAAPI_ENCODER 0
-#define CONFIG_MPEG2_QSV_ENCODER 0
-#define CONFIG_ABENCH_FILTER 0
-#define CONFIG_ACOMPRESSOR_FILTER 0
-#define CONFIG_ACROSSFADE_FILTER 0
-#define CONFIG_ACRUSHER_FILTER 0
-#define CONFIG_ADELAY_FILTER 0
-#define CONFIG_AECHO_FILTER 0
-#define CONFIG_AEMPHASIS_FILTER 0
-#define CONFIG_AEVAL_FILTER 0
-#define CONFIG_AFADE_FILTER 0
-#define CONFIG_AFFTFILT_FILTER 0
-#define CONFIG_AFORMAT_FILTER 0
-#define CONFIG_AGATE_FILTER 0
-#define CONFIG_AINTERLEAVE_FILTER 0
-#define CONFIG_ALIMITER_FILTER 0
-#define CONFIG_ALLPASS_FILTER 0
-#define CONFIG_ALOOP_FILTER 0
-#define CONFIG_AMERGE_FILTER 0
-#define CONFIG_AMETADATA_FILTER 0
-#define CONFIG_AMIX_FILTER 0
-#define CONFIG_ANEQUALIZER_FILTER 0
-#define CONFIG_ANULL_FILTER 0
-#define CONFIG_APAD_FILTER 0
-#define CONFIG_APERMS_FILTER 0
-#define CONFIG_APHASER_FILTER 0
-#define CONFIG_APULSATOR_FILTER 0
-#define CONFIG_AREALTIME_FILTER 0
-#define CONFIG_ARESAMPLE_FILTER 0
-#define CONFIG_AREVERSE_FILTER 0
-#define CONFIG_ASELECT_FILTER 0
-#define CONFIG_ASENDCMD_FILTER 0
-#define CONFIG_ASETNSAMPLES_FILTER 0
-#define CONFIG_ASETPTS_FILTER 0
-#define CONFIG_ASETRATE_FILTER 0
-#define CONFIG_ASETTB_FILTER 0
-#define CONFIG_ASHOWINFO_FILTER 0
-#define CONFIG_ASIDEDATA_FILTER 0
-#define CONFIG_ASPLIT_FILTER 0
-#define CONFIG_ASTATS_FILTER 0
-#define CONFIG_ASTREAMSELECT_FILTER 0
-#define CONFIG_ASYNCTS_FILTER 0
-#define CONFIG_ATEMPO_FILTER 0
-#define CONFIG_ATRIM_FILTER 0
-#define CONFIG_AZMQ_FILTER 0
-#define CONFIG_BANDPASS_FILTER 0
-#define CONFIG_BANDREJECT_FILTER 0
-#define CONFIG_BASS_FILTER 0
-#define CONFIG_BIQUAD_FILTER 0
-#define CONFIG_BS2B_FILTER 0
-#define CONFIG_CHANNELMAP_FILTER 0
-#define CONFIG_CHANNELSPLIT_FILTER 0
-#define CONFIG_CHORUS_FILTER 0
-#define CONFIG_COMPAND_FILTER 0
-#define CONFIG_COMPENSATIONDELAY_FILTER 0
-#define CONFIG_CRYSTALIZER_FILTER 0
-#define CONFIG_DCSHIFT_FILTER 0
-#define CONFIG_DYNAUDNORM_FILTER 0
-#define CONFIG_EARWAX_FILTER 0
-#define CONFIG_EBUR128_FILTER 0
-#define CONFIG_EQUALIZER_FILTER 0
-#define CONFIG_EXTRASTEREO_FILTER 0
-#define CONFIG_FIREQUALIZER_FILTER 0
-#define CONFIG_FLANGER_FILTER 0
-#define CONFIG_HDCD_FILTER 0
-#define CONFIG_HIGHPASS_FILTER 0
-#define CONFIG_JOIN_FILTER 0
-#define CONFIG_LADSPA_FILTER 0
-#define CONFIG_LOUDNORM_FILTER 0
-#define CONFIG_LOWPASS_FILTER 0
-#define CONFIG_PAN_FILTER 0
-#define CONFIG_REPLAYGAIN_FILTER 0
-#define CONFIG_RESAMPLE_FILTER 0
-#define CONFIG_RUBBERBAND_FILTER 0
-#define CONFIG_SIDECHAINCOMPRESS_FILTER 0
-#define CONFIG_SIDECHAINGATE_FILTER 0
-#define CONFIG_SILENCEDETECT_FILTER 0
-#define CONFIG_SILENCEREMOVE_FILTER 0
-#define CONFIG_SOFALIZER_FILTER 0
-#define CONFIG_STEREOTOOLS_FILTER 0
-#define CONFIG_STEREOWIDEN_FILTER 0
-#define CONFIG_TREBLE_FILTER 0
-#define CONFIG_TREMOLO_FILTER 0
-#define CONFIG_VIBRATO_FILTER 0
-#define CONFIG_VOLUME_FILTER 0
-#define CONFIG_VOLUMEDETECT_FILTER 0
-#define CONFIG_AEVALSRC_FILTER 0
-#define CONFIG_ANOISESRC_FILTER 0
-#define CONFIG_ANULLSRC_FILTER 0
-#define CONFIG_FLITE_FILTER 0
-#define CONFIG_SINE_FILTER 0
-#define CONFIG_ANULLSINK_FILTER 0
-#define CONFIG_ALPHAEXTRACT_FILTER 0
-#define CONFIG_ALPHAMERGE_FILTER 0
-#define CONFIG_ASS_FILTER 0
-#define CONFIG_ATADENOISE_FILTER 0
-#define CONFIG_AVGBLUR_FILTER 0
-#define CONFIG_BBOX_FILTER 0
-#define CONFIG_BENCH_FILTER 0
-#define CONFIG_BITPLANENOISE_FILTER 0
-#define CONFIG_BLACKDETECT_FILTER 0
-#define CONFIG_BLACKFRAME_FILTER 0
-#define CONFIG_BLEND_FILTER 0
-#define CONFIG_BOXBLUR_FILTER 0
-#define CONFIG_BWDIF_FILTER 0
-#define CONFIG_CHROMAKEY_FILTER 0
-#define CONFIG_CIESCOPE_FILTER 0
-#define CONFIG_CODECVIEW_FILTER 0
-#define CONFIG_COLORBALANCE_FILTER 0
-#define CONFIG_COLORCHANNELMIXER_FILTER 0
-#define CONFIG_COLORKEY_FILTER 0
-#define CONFIG_COLORLEVELS_FILTER 0
-#define CONFIG_COLORMATRIX_FILTER 0
-#define CONFIG_COLORSPACE_FILTER 0
-#define CONFIG_CONVOLUTION_FILTER 0
-#define CONFIG_COPY_FILTER 0
-#define CONFIG_COREIMAGE_FILTER 0
-#define CONFIG_COVER_RECT_FILTER 0
-#define CONFIG_CROP_FILTER 0
-#define CONFIG_CROPDETECT_FILTER 0
-#define CONFIG_CURVES_FILTER 0
-#define CONFIG_DATASCOPE_FILTER 0
-#define CONFIG_DCTDNOIZ_FILTER 0
-#define CONFIG_DEBAND_FILTER 0
-#define CONFIG_DECIMATE_FILTER 0
-#define CONFIG_DEFLATE_FILTER 0
-#define CONFIG_DEJUDDER_FILTER 0
-#define CONFIG_DELOGO_FILTER 0
-#define CONFIG_DESHAKE_FILTER 0
-#define CONFIG_DETELECINE_FILTER 0
-#define CONFIG_DILATION_FILTER 0
-#define CONFIG_DISPLACE_FILTER 0
-#define CONFIG_DRAWBOX_FILTER 0
-#define CONFIG_DRAWGRAPH_FILTER 0
-#define CONFIG_DRAWGRID_FILTER 0
-#define CONFIG_DRAWTEXT_FILTER 0
-#define CONFIG_EDGEDETECT_FILTER 0
-#define CONFIG_ELBG_FILTER 0
-#define CONFIG_EQ_FILTER 0
-#define CONFIG_EROSION_FILTER 0
-#define CONFIG_EXTRACTPLANES_FILTER 0
-#define CONFIG_FADE_FILTER 0
-#define CONFIG_FFTFILT_FILTER 0
-#define CONFIG_FIELD_FILTER 0
-#define CONFIG_FIELDHINT_FILTER 0
-#define CONFIG_FIELDMATCH_FILTER 0
-#define CONFIG_FIELDORDER_FILTER 0
-#define CONFIG_FIND_RECT_FILTER 0
-#define CONFIG_FORMAT_FILTER 0
-#define CONFIG_FPS_FILTER 0
-#define CONFIG_FRAMEPACK_FILTER 0
-#define CONFIG_FRAMERATE_FILTER 0
-#define CONFIG_FRAMESTEP_FILTER 0
-#define CONFIG_FREI0R_FILTER 0
-#define CONFIG_FSPP_FILTER 0
-#define CONFIG_GBLUR_FILTER 0
-#define CONFIG_GEQ_FILTER 0
-#define CONFIG_GRADFUN_FILTER 0
-#define CONFIG_HALDCLUT_FILTER 0
-#define CONFIG_HFLIP_FILTER 0
-#define CONFIG_HISTEQ_FILTER 0
-#define CONFIG_HISTOGRAM_FILTER 0
-#define CONFIG_HQDN3D_FILTER 0
-#define CONFIG_HQX_FILTER 0
-#define CONFIG_HSTACK_FILTER 0
-#define CONFIG_HUE_FILTER 0
-#define CONFIG_HWDOWNLOAD_FILTER 0
-#define CONFIG_HWUPLOAD_FILTER 0
-#define CONFIG_HWUPLOAD_CUDA_FILTER 0
-#define CONFIG_HYSTERESIS_FILTER 0
-#define CONFIG_IDET_FILTER 0
-#define CONFIG_IL_FILTER 0
-#define CONFIG_INFLATE_FILTER 0
-#define CONFIG_INTERLACE_FILTER 0
-#define CONFIG_INTERLEAVE_FILTER 0
-#define CONFIG_KERNDEINT_FILTER 0
-#define CONFIG_LENSCORRECTION_FILTER 0
-#define CONFIG_LOOP_FILTER 0
-#define CONFIG_LUT_FILTER 0
-#define CONFIG_LUT2_FILTER 0
-#define CONFIG_LUT3D_FILTER 0
-#define CONFIG_LUTRGB_FILTER 0
-#define CONFIG_LUTYUV_FILTER 0
-#define CONFIG_MASKEDCLAMP_FILTER 0
-#define CONFIG_MASKEDMERGE_FILTER 0
-#define CONFIG_MCDEINT_FILTER 0
-#define CONFIG_MERGEPLANES_FILTER 0
-#define CONFIG_MESTIMATE_FILTER 0
-#define CONFIG_METADATA_FILTER 0
-#define CONFIG_MINTERPOLATE_FILTER 0
-#define CONFIG_MPDECIMATE_FILTER 0
-#define CONFIG_NEGATE_FILTER 0
-#define CONFIG_NLMEANS_FILTER 0
-#define CONFIG_NNEDI_FILTER 0
-#define CONFIG_NOFORMAT_FILTER 0
-#define CONFIG_NOISE_FILTER 0
-#define CONFIG_NULL_FILTER 0
-#define CONFIG_OCR_FILTER 0
-#define CONFIG_OCV_FILTER 0
-#define CONFIG_OVERLAY_FILTER 0
-#define CONFIG_OWDENOISE_FILTER 0
-#define CONFIG_PAD_FILTER 0
-#define CONFIG_PALETTEGEN_FILTER 0
-#define CONFIG_PALETTEUSE_FILTER 0
-#define CONFIG_PERMS_FILTER 0
-#define CONFIG_PERSPECTIVE_FILTER 0
-#define CONFIG_PHASE_FILTER 0
-#define CONFIG_PIXDESCTEST_FILTER 0
-#define CONFIG_PP_FILTER 0
-#define CONFIG_PP7_FILTER 0
-#define CONFIG_PREWITT_FILTER 0
-#define CONFIG_PSNR_FILTER 0
-#define CONFIG_PULLUP_FILTER 0
-#define CONFIG_QP_FILTER 0
-#define CONFIG_RANDOM_FILTER 0
-#define CONFIG_READVITC_FILTER 0
-#define CONFIG_REALTIME_FILTER 0
-#define CONFIG_REMAP_FILTER 0
-#define CONFIG_REMOVEGRAIN_FILTER 0
-#define CONFIG_REMOVELOGO_FILTER 0
-#define CONFIG_REPEATFIELDS_FILTER 0
-#define CONFIG_REVERSE_FILTER 0
-#define CONFIG_ROTATE_FILTER 0
-#define CONFIG_SAB_FILTER 0
-#define CONFIG_SCALE_FILTER 0
-#define CONFIG_SCALE_NPP_FILTER 0
-#define CONFIG_SCALE_VAAPI_FILTER 0
-#define CONFIG_SCALE2REF_FILTER 0
-#define CONFIG_SELECT_FILTER 0
-#define CONFIG_SELECTIVECOLOR_FILTER 0
-#define CONFIG_SENDCMD_FILTER 0
-#define CONFIG_SEPARATEFIELDS_FILTER 0
-#define CONFIG_SETDAR_FILTER 0
-#define CONFIG_SETFIELD_FILTER 0
-#define CONFIG_SETPTS_FILTER 0
-#define CONFIG_SETSAR_FILTER 0
-#define CONFIG_SETTB_FILTER 0
-#define CONFIG_SHOWINFO_FILTER 0
-#define CONFIG_SHOWPALETTE_FILTER 0
-#define CONFIG_SHUFFLEFRAMES_FILTER 0
-#define CONFIG_SHUFFLEPLANES_FILTER 0
-#define CONFIG_SIDEDATA_FILTER 0
-#define CONFIG_SIGNALSTATS_FILTER 0
-#define CONFIG_SMARTBLUR_FILTER 0
-#define CONFIG_SOBEL_FILTER 0
-#define CONFIG_SPLIT_FILTER 0
-#define CONFIG_SPP_FILTER 0
-#define CONFIG_SSIM_FILTER 0
-#define CONFIG_STEREO3D_FILTER 0
-#define CONFIG_STREAMSELECT_FILTER 0
-#define CONFIG_SUBTITLES_FILTER 0
-#define CONFIG_SUPER2XSAI_FILTER 0
-#define CONFIG_SWAPRECT_FILTER 0
-#define CONFIG_SWAPUV_FILTER 0
-#define CONFIG_TBLEND_FILTER 0
-#define CONFIG_TELECINE_FILTER 0
-#define CONFIG_THUMBNAIL_FILTER 0
-#define CONFIG_TILE_FILTER 0
-#define CONFIG_TINTERLACE_FILTER 0
-#define CONFIG_TRANSPOSE_FILTER 0
-#define CONFIG_TRIM_FILTER 0
-#define CONFIG_UNSHARP_FILTER 0
-#define CONFIG_USPP_FILTER 0
-#define CONFIG_VAGUEDENOISER_FILTER 0
-#define CONFIG_VECTORSCOPE_FILTER 0
-#define CONFIG_VFLIP_FILTER 0
-#define CONFIG_VIDSTABDETECT_FILTER 0
-#define CONFIG_VIDSTABTRANSFORM_FILTER 0
-#define CONFIG_VIGNETTE_FILTER 0
-#define CONFIG_VSTACK_FILTER 0
-#define CONFIG_W3FDIF_FILTER 0
-#define CONFIG_WAVEFORM_FILTER 0
-#define CONFIG_WEAVE_FILTER 0
-#define CONFIG_XBR_FILTER 0
-#define CONFIG_YADIF_FILTER 0
-#define CONFIG_ZMQ_FILTER 0
-#define CONFIG_ZOOMPAN_FILTER 0
-#define CONFIG_ZSCALE_FILTER 0
-#define CONFIG_ALLRGB_FILTER 0
-#define CONFIG_ALLYUV_FILTER 0
-#define CONFIG_CELLAUTO_FILTER 0
-#define CONFIG_COLOR_FILTER 0
-#define CONFIG_COREIMAGESRC_FILTER 0
-#define CONFIG_FREI0R_SRC_FILTER 0
-#define CONFIG_HALDCLUTSRC_FILTER 0
-#define CONFIG_LIFE_FILTER 0
-#define CONFIG_MANDELBROT_FILTER 0
-#define CONFIG_MPTESTSRC_FILTER 0
-#define CONFIG_NULLSRC_FILTER 0
-#define CONFIG_RGBTESTSRC_FILTER 0
-#define CONFIG_SMPTEBARS_FILTER 0
-#define CONFIG_SMPTEHDBARS_FILTER 0
-#define CONFIG_TESTSRC_FILTER 0
-#define CONFIG_TESTSRC2_FILTER 0
-#define CONFIG_YUVTESTSRC_FILTER 0
-#define CONFIG_NULLSINK_FILTER 0
-#define CONFIG_ADRAWGRAPH_FILTER 0
-#define CONFIG_AHISTOGRAM_FILTER 0
-#define CONFIG_APHASEMETER_FILTER 0
-#define CONFIG_AVECTORSCOPE_FILTER 0
-#define CONFIG_CONCAT_FILTER 0
-#define CONFIG_SHOWCQT_FILTER 0
-#define CONFIG_SHOWFREQS_FILTER 0
-#define CONFIG_SHOWSPECTRUM_FILTER 0
-#define CONFIG_SHOWSPECTRUMPIC_FILTER 0
-#define CONFIG_SHOWVOLUME_FILTER 0
-#define CONFIG_SHOWWAVES_FILTER 0
-#define CONFIG_SHOWWAVESPIC_FILTER 0
-#define CONFIG_SPECTRUMSYNTH_FILTER 0
-#define CONFIG_AMOVIE_FILTER 0
-#define CONFIG_MOVIE_FILTER 0
-#define CONFIG_H263_CUVID_HWACCEL 0
-#define CONFIG_H263_VAAPI_HWACCEL 0
-#define CONFIG_H263_VIDEOTOOLBOX_HWACCEL 0
-#define CONFIG_H264_CUVID_HWACCEL 0
-#define CONFIG_H264_D3D11VA_HWACCEL 0
-#define CONFIG_H264_DXVA2_HWACCEL 0
-#define CONFIG_H264_MEDIACODEC_HWACCEL 0
-#define CONFIG_H264_MMAL_HWACCEL 0
-#define CONFIG_H264_QSV_HWACCEL 0
-#define CONFIG_H264_VAAPI_HWACCEL 0
-#define CONFIG_H264_VDA_HWACCEL 0
-#define CONFIG_H264_VDA_OLD_HWACCEL 0
-#define CONFIG_H264_VDPAU_HWACCEL 0
-#define CONFIG_H264_VIDEOTOOLBOX_HWACCEL 0
-#define CONFIG_HEVC_CUVID_HWACCEL 0
-#define CONFIG_HEVC_D3D11VA_HWACCEL 0
-#define CONFIG_HEVC_DXVA2_HWACCEL 0
-#define CONFIG_HEVC_MEDIACODEC_HWACCEL 0
-#define CONFIG_HEVC_QSV_HWACCEL 0
-#define CONFIG_HEVC_VAAPI_HWACCEL 0
-#define CONFIG_HEVC_VDPAU_HWACCEL 0
-#define CONFIG_MJPEG_CUVID_HWACCEL 0
-#define CONFIG_MPEG1_CUVID_HWACCEL 0
-#define CONFIG_MPEG1_XVMC_HWACCEL 0
-#define CONFIG_MPEG1_VDPAU_HWACCEL 0
-#define CONFIG_MPEG1_VIDEOTOOLBOX_HWACCEL 0
-#define CONFIG_MPEG2_CUVID_HWACCEL 0
-#define CONFIG_MPEG2_XVMC_HWACCEL 0
-#define CONFIG_MPEG2_D3D11VA_HWACCEL 0
-#define CONFIG_MPEG2_DXVA2_HWACCEL 0
-#define CONFIG_MPEG2_MMAL_HWACCEL 0
-#define CONFIG_MPEG2_QSV_HWACCEL 0
-#define CONFIG_MPEG2_VAAPI_HWACCEL 0
-#define CONFIG_MPEG2_VDPAU_HWACCEL 0
-#define CONFIG_MPEG2_VIDEOTOOLBOX_HWACCEL 0
-#define CONFIG_MPEG4_CUVID_HWACCEL 0
-#define CONFIG_MPEG4_MEDIACODEC_HWACCEL 0
-#define CONFIG_MPEG4_MMAL_HWACCEL 0
-#define CONFIG_MPEG4_VAAPI_HWACCEL 0
-#define CONFIG_MPEG4_VDPAU_HWACCEL 0
-#define CONFIG_MPEG4_VIDEOTOOLBOX_HWACCEL 0
-#define CONFIG_VC1_CUVID_HWACCEL 0
-#define CONFIG_VC1_D3D11VA_HWACCEL 0
-#define CONFIG_VC1_DXVA2_HWACCEL 0
-#define CONFIG_VC1_VAAPI_HWACCEL 0
-#define CONFIG_VC1_VDPAU_HWACCEL 0
-#define CONFIG_VC1_MMAL_HWACCEL 0
-#define CONFIG_VC1_QSV_HWACCEL 0
-#define CONFIG_VP8_CUVID_HWACCEL 0
-#define CONFIG_VP8_MEDIACODEC_HWACCEL 0
-#define CONFIG_VP9_CUVID_HWACCEL 0
-#define CONFIG_VP9_D3D11VA_HWACCEL 0
-#define CONFIG_VP9_DXVA2_HWACCEL 0
-#define CONFIG_VP9_MEDIACODEC_HWACCEL 0
-#define CONFIG_VP9_VAAPI_HWACCEL 0
-#define CONFIG_WMV3_D3D11VA_HWACCEL 0
-#define CONFIG_WMV3_DXVA2_HWACCEL 0
-#define CONFIG_WMV3_VAAPI_HWACCEL 0
-#define CONFIG_WMV3_VDPAU_HWACCEL 0
-#define CONFIG_ALSA_INDEV 0
-#define CONFIG_AVFOUNDATION_INDEV 0
-#define CONFIG_BKTR_INDEV 0
-#define CONFIG_DECKLINK_INDEV 0
-#define CONFIG_DSHOW_INDEV 0
-#define CONFIG_DV1394_INDEV 0
-#define CONFIG_FBDEV_INDEV 0
-#define CONFIG_GDIGRAB_INDEV 0
-#define CONFIG_IEC61883_INDEV 0
-#define CONFIG_JACK_INDEV 0
-#define CONFIG_LAVFI_INDEV 0
-#define CONFIG_OPENAL_INDEV 0
-#define CONFIG_OSS_INDEV 0
-#define CONFIG_PULSE_INDEV 0
-#define CONFIG_QTKIT_INDEV 0
-#define CONFIG_SNDIO_INDEV 0
-#define CONFIG_V4L2_INDEV 0
-#define CONFIG_VFWCAP_INDEV 0
-#define CONFIG_X11GRAB_INDEV 0
-#define CONFIG_X11GRAB_XCB_INDEV 0
-#define CONFIG_LIBCDIO_INDEV 0
-#define CONFIG_LIBDC1394_INDEV 0
-#define CONFIG_A64_MUXER 0
-#define CONFIG_AC3_MUXER 0
-#define CONFIG_ADTS_MUXER 0
-#define CONFIG_ADX_MUXER 0
-#define CONFIG_AIFF_MUXER 0
-#define CONFIG_AMR_MUXER 0
-#define CONFIG_APNG_MUXER 0
-#define CONFIG_ASF_MUXER 0
-#define CONFIG_ASS_MUXER 0
-#define CONFIG_AST_MUXER 0
-#define CONFIG_ASF_STREAM_MUXER 0
-#define CONFIG_AU_MUXER 0
-#define CONFIG_AVI_MUXER 0
-#define CONFIG_AVM2_MUXER 0
-#define CONFIG_BIT_MUXER 0
-#define CONFIG_CAF_MUXER 0
-#define CONFIG_CAVSVIDEO_MUXER 0
-#define CONFIG_CRC_MUXER 0
-#define CONFIG_DASH_MUXER 0
-#define CONFIG_DATA_MUXER 0
-#define CONFIG_DAUD_MUXER 0
-#define CONFIG_DIRAC_MUXER 0
-#define CONFIG_DNXHD_MUXER 0
-#define CONFIG_DTS_MUXER 0
-#define CONFIG_DV_MUXER 0
-#define CONFIG_EAC3_MUXER 0
-#define CONFIG_F4V_MUXER 0
-#define CONFIG_FFM_MUXER 0
-#define CONFIG_FFMETADATA_MUXER 0
-#define CONFIG_FIFO_MUXER 0
-#define CONFIG_FILMSTRIP_MUXER 0
-#define CONFIG_FLAC_MUXER 0
-#define CONFIG_FLV_MUXER 0
-#define CONFIG_FRAMECRC_MUXER 0
-#define CONFIG_FRAMEHASH_MUXER 0
-#define CONFIG_FRAMEMD5_MUXER 0
-#define CONFIG_G722_MUXER 0
-#define CONFIG_G723_1_MUXER 0
-#define CONFIG_GIF_MUXER 0
-#define CONFIG_GSM_MUXER 0
-#define CONFIG_GXF_MUXER 0
-#define CONFIG_H261_MUXER 0
-#define CONFIG_H263_MUXER 0
-#define CONFIG_H264_MUXER 0
-#define CONFIG_HASH_MUXER 0
-#define CONFIG_HDS_MUXER 0
-#define CONFIG_HEVC_MUXER 0
-#define CONFIG_HLS_MUXER 0
-#define CONFIG_ICO_MUXER 0
-#define CONFIG_ILBC_MUXER 0
-#define CONFIG_IMAGE2_MUXER 0
-#define CONFIG_IMAGE2PIPE_MUXER 0
-#define CONFIG_IPOD_MUXER 0
-#define CONFIG_IRCAM_MUXER 0
-#define CONFIG_ISMV_MUXER 0
-#define CONFIG_IVF_MUXER 0
-#define CONFIG_JACOSUB_MUXER 0
-#define CONFIG_LATM_MUXER 0
-#define CONFIG_LRC_MUXER 0
-#define CONFIG_M4V_MUXER 0
-#define CONFIG_MD5_MUXER 0
-#define CONFIG_MATROSKA_MUXER 0
-#define CONFIG_MATROSKA_AUDIO_MUXER 0
-#define CONFIG_MICRODVD_MUXER 0
-#define CONFIG_MJPEG_MUXER 0
-#define CONFIG_MLP_MUXER 0
-#define CONFIG_MMF_MUXER 0
-#define CONFIG_MOV_MUXER 0
-#define CONFIG_MP2_MUXER 0
-#define CONFIG_MP3_MUXER 0
-#define CONFIG_MP4_MUXER 0
-#define CONFIG_MPEG1SYSTEM_MUXER 0
-#define CONFIG_MPEG1VCD_MUXER 0
-#define CONFIG_MPEG1VIDEO_MUXER 0
-#define CONFIG_MPEG2DVD_MUXER 0
-#define CONFIG_MPEG2SVCD_MUXER 0
-#define CONFIG_MPEG2VIDEO_MUXER 0
-#define CONFIG_MPEG2VOB_MUXER 0
-#define CONFIG_MPEGTS_MUXER 0
-#define CONFIG_MPJPEG_MUXER 0
-#define CONFIG_MXF_MUXER 0
-#define CONFIG_MXF_D10_MUXER 0
-#define CONFIG_MXF_OPATOM_MUXER 0
-#define CONFIG_NULL_MUXER 0
-#define CONFIG_NUT_MUXER 0
-#define CONFIG_OGA_MUXER 0
-#define CONFIG_OGG_MUXER 0
-#define CONFIG_OGV_MUXER 0
-#define CONFIG_OMA_MUXER 0
-#define CONFIG_OPUS_MUXER 0
-#define CONFIG_PCM_ALAW_MUXER 0
-#define CONFIG_PCM_MULAW_MUXER 0
-#define CONFIG_PCM_F64BE_MUXER 0
-#define CONFIG_PCM_F64LE_MUXER 0
-#define CONFIG_PCM_F32BE_MUXER 0
-#define CONFIG_PCM_F32LE_MUXER 0
-#define CONFIG_PCM_S32BE_MUXER 0
-#define CONFIG_PCM_S32LE_MUXER 0
-#define CONFIG_PCM_S24BE_MUXER 0
-#define CONFIG_PCM_S24LE_MUXER 0
-#define CONFIG_PCM_S16BE_MUXER 0
-#define CONFIG_PCM_S16LE_MUXER 0
-#define CONFIG_PCM_S8_MUXER 0
-#define CONFIG_PCM_U32BE_MUXER 0
-#define CONFIG_PCM_U32LE_MUXER 0
-#define CONFIG_PCM_U24BE_MUXER 0
-#define CONFIG_PCM_U24LE_MUXER 0
-#define CONFIG_PCM_U16BE_MUXER 0
-#define CONFIG_PCM_U16LE_MUXER 0
-#define CONFIG_PCM_U8_MUXER 0
-#define CONFIG_PSP_MUXER 0
-#define CONFIG_RAWVIDEO_MUXER 0
-#define CONFIG_RM_MUXER 0
-#define CONFIG_ROQ_MUXER 0
-#define CONFIG_RSO_MUXER 0
-#define CONFIG_RTP_MUXER 0
-#define CONFIG_RTP_MPEGTS_MUXER 0
-#define CONFIG_RTSP_MUXER 0
-#define CONFIG_SAP_MUXER 0
-#define CONFIG_SEGMENT_MUXER 0
-#define CONFIG_STREAM_SEGMENT_MUXER 0
-#define CONFIG_SINGLEJPEG_MUXER 0
-#define CONFIG_SMJPEG_MUXER 0
-#define CONFIG_SMOOTHSTREAMING_MUXER 0
-#define CONFIG_SOX_MUXER 0
-#define CONFIG_SPX_MUXER 0
-#define CONFIG_SPDIF_MUXER 0
-#define CONFIG_SRT_MUXER 0
-#define CONFIG_SWF_MUXER 0
-#define CONFIG_TEE_MUXER 0
-#define CONFIG_TG2_MUXER 0
-#define CONFIG_TGP_MUXER 0
-#define CONFIG_MKVTIMESTAMP_V2_MUXER 0
-#define CONFIG_TRUEHD_MUXER 0
-#define CONFIG_TTA_MUXER 0
-#define CONFIG_UNCODEDFRAMECRC_MUXER 0
-#define CONFIG_VC1_MUXER 0
-#define CONFIG_VC1T_MUXER 0
-#define CONFIG_VOC_MUXER 0
-#define CONFIG_W64_MUXER 0
-#define CONFIG_WAV_MUXER 0
-#define CONFIG_WEBM_MUXER 0
-#define CONFIG_WEBM_DASH_MANIFEST_MUXER 0
-#define CONFIG_WEBM_CHUNK_MUXER 0
-#define CONFIG_WEBP_MUXER 0
-#define CONFIG_WEBVTT_MUXER 0
-#define CONFIG_WTV_MUXER 0
-#define CONFIG_WV_MUXER 0
-#define CONFIG_YUV4MPEGPIPE_MUXER 0
-#define CONFIG_CHROMAPRINT_MUXER 0
-#define CONFIG_LIBNUT_MUXER 0
-#define CONFIG_ALSA_OUTDEV 0
-#define CONFIG_CACA_OUTDEV 0
-#define CONFIG_DECKLINK_OUTDEV 0
-#define CONFIG_FBDEV_OUTDEV 0
-#define CONFIG_OPENGL_OUTDEV 0
-#define CONFIG_OSS_OUTDEV 0
-#define CONFIG_PULSE_OUTDEV 0
-#define CONFIG_SDL2_OUTDEV 0
-#define CONFIG_SNDIO_OUTDEV 0
-#define CONFIG_V4L2_OUTDEV 0
-#define CONFIG_XV_OUTDEV 0
-#define CONFIG_AAC_PARSER 0
-#define CONFIG_AAC_LATM_PARSER 0
-#define CONFIG_AC3_PARSER 0
-#define CONFIG_ADX_PARSER 0
-#define CONFIG_BMP_PARSER 0
-#define CONFIG_CAVSVIDEO_PARSER 0
-#define CONFIG_COOK_PARSER 0
-#define CONFIG_DCA_PARSER 0
-#define CONFIG_DIRAC_PARSER 0
-#define CONFIG_DNXHD_PARSER 0
-#define CONFIG_DPX_PARSER 0
-#define CONFIG_DVAUDIO_PARSER 0
-#define CONFIG_DVBSUB_PARSER 0
-#define CONFIG_DVDSUB_PARSER 0
-#define CONFIG_DVD_NAV_PARSER 0
-#define CONFIG_FLAC_PARSER 1
-#define CONFIG_G729_PARSER 0
-#define CONFIG_GSM_PARSER 0
-#define CONFIG_H261_PARSER 0
-#define CONFIG_H263_PARSER 0
-#define CONFIG_H264_PARSER 0
-#define CONFIG_HEVC_PARSER 0
-#define CONFIG_MJPEG_PARSER 0
-#define CONFIG_MLP_PARSER 0
-#define CONFIG_MPEG4VIDEO_PARSER 0
-#define CONFIG_MPEGAUDIO_PARSER 0
-#define CONFIG_MPEGVIDEO_PARSER 0
-#define CONFIG_OPUS_PARSER 0
-#define CONFIG_PNG_PARSER 0
-#define CONFIG_PNM_PARSER 0
-#define CONFIG_RV30_PARSER 0
-#define CONFIG_RV40_PARSER 0
-#define CONFIG_TAK_PARSER 0
-#define CONFIG_VC1_PARSER 0
-#define CONFIG_VORBIS_PARSER 0
-#define CONFIG_VP3_PARSER 0
+#define CONFIG_FLAC_PARSER 0
 #define CONFIG_VP8_PARSER 1
 #define CONFIG_VP9_PARSER 1
-#define CONFIG_ASYNC_PROTOCOL 0
-#define CONFIG_BLURAY_PROTOCOL 0
-#define CONFIG_CACHE_PROTOCOL 0
-#define CONFIG_CONCAT_PROTOCOL 0
-#define CONFIG_CRYPTO_PROTOCOL 0
-#define CONFIG_DATA_PROTOCOL 0
-#define CONFIG_FFRTMPCRYPT_PROTOCOL 0
-#define CONFIG_FFRTMPHTTP_PROTOCOL 0
-#define CONFIG_FILE_PROTOCOL 0
-#define CONFIG_FTP_PROTOCOL 0
-#define CONFIG_GOPHER_PROTOCOL 0
-#define CONFIG_HLS_PROTOCOL 0
-#define CONFIG_HTTP_PROTOCOL 0
-#define CONFIG_HTTPPROXY_PROTOCOL 0
-#define CONFIG_HTTPS_PROTOCOL 0
-#define CONFIG_ICECAST_PROTOCOL 0
-#define CONFIG_MMSH_PROTOCOL 0
-#define CONFIG_MMST_PROTOCOL 0
-#define CONFIG_MD5_PROTOCOL 0
-#define CONFIG_PIPE_PROTOCOL 0
-#define CONFIG_RTMP_PROTOCOL 0
-#define CONFIG_RTMPE_PROTOCOL 0
-#define CONFIG_RTMPS_PROTOCOL 0
-#define CONFIG_RTMPT_PROTOCOL 0
-#define CONFIG_RTMPTE_PROTOCOL 0
-#define CONFIG_RTMPTS_PROTOCOL 0
-#define CONFIG_RTP_PROTOCOL 0
-#define CONFIG_SCTP_PROTOCOL 0
-#define CONFIG_SRTP_PROTOCOL 0
-#define CONFIG_SUBFILE_PROTOCOL 0
-#define CONFIG_TEE_PROTOCOL 0
-#define CONFIG_TCP_PROTOCOL 0
-#define CONFIG_TLS_GNUTLS_PROTOCOL 0
-#define CONFIG_TLS_SCHANNEL_PROTOCOL 0
-#define CONFIG_TLS_SECURETRANSPORT_PROTOCOL 0
-#define CONFIG_TLS_OPENSSL_PROTOCOL 0
-#define CONFIG_UDP_PROTOCOL 0
-#define CONFIG_UDPLITE_PROTOCOL 0
-#define CONFIG_UNIX_PROTOCOL 0
-#define CONFIG_LIBRTMP_PROTOCOL 0
-#define CONFIG_LIBRTMPE_PROTOCOL 0
-#define CONFIG_LIBRTMPS_PROTOCOL 0
-#define CONFIG_LIBRTMPT_PROTOCOL 0
-#define CONFIG_LIBRTMPTE_PROTOCOL 0
-#define CONFIG_LIBSSH_PROTOCOL 0
-#define CONFIG_LIBSMBCLIENT_PROTOCOL 0
 #endif /* FFMPEG_CONFIG_H */
diff --git a/media/ffvpx/config_unix64.asm b/media/ffvpx/config_unix64.asm
index 61cfce6a6..beb7f3b02 100644
--- a/media/ffvpx/config_unix64.asm
+++ b/media/ffvpx/config_unix64.asm
@@ -40,7 +40,7 @@
 %define HAVE_AMD3DNOW 1
 %define HAVE_AMD3DNOWEXT 1
 %define HAVE_AVX 1
-%define HAVE_AVX2 0
+%define HAVE_AVX2 1
 %define HAVE_FMA3 1
 %define HAVE_FMA4 1
 %define HAVE_MMX 1
@@ -63,8 +63,8 @@
 %define HAVE_MIPSDSP 0
 %define HAVE_MIPSDSPR2 0
 %define HAVE_MSA 0
-%define HAVE_LOONGSON2 1
-%define HAVE_LOONGSON3 1
+%define HAVE_LOONGSON2 0
+%define HAVE_LOONGSON3 0
 %define HAVE_MMI 0
 %define HAVE_ARMV5TE_EXTERNAL 0
 %define HAVE_ARMV6_EXTERNAL 0
@@ -84,7 +84,7 @@
 %define HAVE_AMD3DNOW_EXTERNAL 1
 %define HAVE_AMD3DNOWEXT_EXTERNAL 1
 %define HAVE_AVX_EXTERNAL 1
-%define HAVE_AVX2_EXTERNAL 0
+%define HAVE_AVX2_EXTERNAL 1
 %define HAVE_FMA3_EXTERNAL 1
 %define HAVE_FMA4_EXTERNAL 1
 %define HAVE_MMX_EXTERNAL 1
@@ -128,7 +128,7 @@
 %define HAVE_AMD3DNOW_INLINE 1
 %define HAVE_AMD3DNOWEXT_INLINE 1
 %define HAVE_AVX_INLINE 1
-%define HAVE_AVX2_INLINE 0
+%define HAVE_AVX2_INLINE 1
 %define HAVE_FMA3_INLINE 1
 %define HAVE_FMA4_INLINE 1
 %define HAVE_MMX_INLINE 1
@@ -162,11 +162,11 @@
 %define HAVE_LOCAL_ALIGNED_16 1
 %define HAVE_LOCAL_ALIGNED_32 1
 %define HAVE_SIMD_ALIGN_16 1
+%define HAVE_SIMD_ALIGN_32 1
 %define HAVE_ATOMICS_GCC 1
 %define HAVE_ATOMICS_SUNCC 0
 %define HAVE_ATOMICS_WIN32 0
 %define HAVE_ATOMIC_CAS_PTR 0
-%define HAVE_ATOMIC_COMPARE_EXCHANGE 0
 %define HAVE_MACHINE_RW_BARRIER 0
 %define HAVE_MEMORYBARRIER 0
 %define HAVE_MM_EMPTY 1
@@ -178,15 +178,16 @@
 %define HAVE_CEXP 1
 %define HAVE_INLINE_ASM 1
 %define HAVE_SYMVER 1
-%define HAVE_YASM 1
+%define HAVE_X86ASM 1
 %define HAVE_BIGENDIAN 0
 %define HAVE_FAST_UNALIGNED 1
-%define HAVE_ALSA_ASOUNDLIB_H 0
 %define HAVE_ALTIVEC_H 0
 %define HAVE_ARPA_INET_H 1
 %define HAVE_ASM_TYPES_H 1
 %define HAVE_CDIO_PARANOIA_H 0
 %define HAVE_CDIO_PARANOIA_PARANOIA_H 0
+%define HAVE_CUDA_H 0
+%define HAVE_D3D11_H 0
 %define HAVE_DISPATCH_DISPATCH_H 0
 %define HAVE_DEV_BKTR_IOCTL_BT848_H 0
 %define HAVE_DEV_BKTR_IOCTL_METEOR_H 0
@@ -196,7 +197,7 @@
 %define HAVE_DIRECT_H 0
 %define HAVE_DIRENT_H 1
 %define HAVE_DLFCN_H 1
-%define HAVE_D3D11_H 0
+%define HAVE_DXGIDEBUG_H 0
 %define HAVE_DXVA_H 0
 %define HAVE_ES2_GL_H 0
 %define HAVE_GSM_H 0
@@ -205,13 +206,15 @@
 %define HAVE_MACHINE_IOCTL_BT848_H 0
 %define HAVE_MACHINE_IOCTL_METEOR_H 0
 %define HAVE_OPENCV2_CORE_CORE_C_H 0
+%define HAVE_OPENJPEG_2_3_OPENJPEG_H 0
+%define HAVE_OPENJPEG_2_2_OPENJPEG_H 0
 %define HAVE_OPENJPEG_2_1_OPENJPEG_H 0
 %define HAVE_OPENJPEG_2_0_OPENJPEG_H 0
 %define HAVE_OPENJPEG_1_5_OPENJPEG_H 0
 %define HAVE_OPENGL_GL3_H 0
 %define HAVE_POLL_H 1
-%define HAVE_SNDIO_H 0
 %define HAVE_SOUNDCARD_H 0
+%define HAVE_STDATOMIC_H 1
 %define HAVE_SYS_MMAN_H 1
 %define HAVE_SYS_PARAM_H 1
 %define HAVE_SYS_RESOURCE_H 1
@@ -263,7 +266,6 @@
 %define HAVE_COMMANDLINETOARGVW 0
 %define HAVE_COTASKMEMFREE 0
 %define HAVE_CRYPTGENRANDOM 0
-%define HAVE_DLOPEN 1
 %define HAVE_FCNTL 1
 %define HAVE_FLT_LIM 1
 %define HAVE_FORK 1
@@ -311,11 +313,13 @@
 %define HAVE_OS2THREADS 0
 %define HAVE_W32THREADS 0
 %define HAVE_AS_DN_DIRECTIVE 0
+%define HAVE_AS_FPU_DIRECTIVE 0
 %define HAVE_AS_FUNC 0
 %define HAVE_AS_OBJECT_ARCH 0
 %define HAVE_ASM_MOD_Q 0
 %define HAVE_ATTRIBUTE_MAY_ALIAS 1
 %define HAVE_ATTRIBUTE_PACKED 1
+%define HAVE_BLOCKS_EXTENSION 0
 %define HAVE_EBP_AVAILABLE 1
 %define HAVE_EBX_AVAILABLE 1
 %define HAVE_GNU_AS 0
@@ -332,6 +336,7 @@
 %define HAVE_XFORM_ASM 0
 %define HAVE_XMM_CLOBBERS 1
 %define HAVE_CONDITION_VARIABLE_PTR 0
+%define HAVE_KCMVIDEOCODECTYPE_HEVC 0
 %define HAVE_SOCKLEN_T 1
 %define HAVE_STRUCT_ADDRINFO 1
 %define HAVE_STRUCT_GROUP_SOURCE_REQ 1
@@ -348,36 +353,20 @@
 %define HAVE_STRUCT_V4L2_FRMIVALENUM_DISCRETE 1
 %define HAVE_ATOMICS_NATIVE 1
 %define HAVE_DOS_PATHS 0
-%define HAVE_DXVA2_LIB 0
-%define HAVE_DXVA2API_COBJ 0
 %define HAVE_LIBC_MSVCRT 0
-%define HAVE_LIBDC1394_1 0
-%define HAVE_LIBDC1394_2 0
 %define HAVE_MAKEINFO 0
 %define HAVE_MAKEINFO_HTML 0
 %define HAVE_MMAL_PARAMETER_VIDEO_MAX_NUM_CALLBACKS 0
 %define HAVE_PERL 1
 %define HAVE_POD2MAN 1
-%define HAVE_SDL2 0
 %define HAVE_SECTION_DATA_REL_RO 1
 %define HAVE_TEXI2HTML 0
 %define HAVE_THREADS 1
+%define HAVE_UWP 0
 %define HAVE_VAAPI_DRM 0
 %define HAVE_VAAPI_X11 0
 %define HAVE_VDPAU_X11 0
 %define HAVE_WINRT 0
-%define HAVE_XLIB 0
-%define CONFIG_BSFS 0
-%define CONFIG_DECODERS 1
-%define CONFIG_ENCODERS 0
-%define CONFIG_HWACCELS 0
-%define CONFIG_PARSERS 1
-%define CONFIG_INDEVS 0
-%define CONFIG_OUTDEVS 0
-%define CONFIG_FILTERS 0
-%define CONFIG_DEMUXERS 0
-%define CONFIG_MUXERS 0
-%define CONFIG_PROTOCOLS 0
 %define CONFIG_DOC 0
 %define CONFIG_HTMLPAGES 0
 %define CONFIG_MANPAGES 1
@@ -385,13 +374,17 @@
 %define CONFIG_TXTPAGES 0
 %define CONFIG_AVIO_DIR_CMD_EXAMPLE 1
 %define CONFIG_AVIO_READING_EXAMPLE 1
-%define CONFIG_DECODING_ENCODING_EXAMPLE 0
+%define CONFIG_DECODE_AUDIO_EXAMPLE 1
+%define CONFIG_DECODE_VIDEO_EXAMPLE 1
 %define CONFIG_DEMUXING_DECODING_EXAMPLE 0
+%define CONFIG_ENCODE_AUDIO_EXAMPLE 1
+%define CONFIG_ENCODE_VIDEO_EXAMPLE 1
 %define CONFIG_EXTRACT_MVS_EXAMPLE 0
 %define CONFIG_FILTER_AUDIO_EXAMPLE 0
 %define CONFIG_FILTERING_AUDIO_EXAMPLE 0
 %define CONFIG_FILTERING_VIDEO_EXAMPLE 0
 %define CONFIG_HTTP_MULTICLIENT_EXAMPLE 0
+%define CONFIG_HW_DECODE_EXAMPLE 0
 %define CONFIG_METADATA_EXAMPLE 0
 %define CONFIG_MUXING_EXAMPLE 0
 %define CONFIG_QSVDEC_EXAMPLE 0
@@ -400,27 +393,55 @@
 %define CONFIG_SCALING_VIDEO_EXAMPLE 0
 %define CONFIG_TRANSCODE_AAC_EXAMPLE 0
 %define CONFIG_TRANSCODING_EXAMPLE 0
-%define CONFIG_AVISYNTH 0
+%define CONFIG_ALSA 1
+%define CONFIG_APPKIT 0
+%define CONFIG_AVFOUNDATION 0
 %define CONFIG_BZLIB 0
-%define CONFIG_CHROMAPRINT 0
-%define CONFIG_CRYSTALHD 0
-%define CONFIG_DECKLINK 0
+%define CONFIG_COREIMAGE 0
+%define CONFIG_ICONV 0
+%define CONFIG_JACK 0
+%define CONFIG_LIBXCB 0
+%define CONFIG_LIBXCB_SHM 0
+%define CONFIG_LIBXCB_SHAPE 0
+%define CONFIG_LIBXCB_XFIXES 0
+%define CONFIG_LZMA 1
+%define CONFIG_SCHANNEL 0
+%define CONFIG_SDL2 0
+%define CONFIG_SECURETRANSPORT 0
+%define CONFIG_SNDIO 0
+%define CONFIG_XLIB 1
+%define CONFIG_ZLIB 1
+%define CONFIG_AVISYNTH 0
 %define CONFIG_FREI0R 0
-%define CONFIG_GCRYPT 0
+%define CONFIG_LIBCDIO 0
+%define CONFIG_LIBRUBBERBAND 0
+%define CONFIG_LIBVIDSTAB 0
+%define CONFIG_LIBX264 0
+%define CONFIG_LIBX265 0
+%define CONFIG_LIBXAVS 0
+%define CONFIG_LIBXVID 0
+%define CONFIG_DECKLINK 0
+%define CONFIG_LIBNDI_NEWTEK 0
+%define CONFIG_LIBFDK_AAC 0
+%define CONFIG_OPENSSL 0
 %define CONFIG_GMP 0
+%define CONFIG_LIBOPENCORE_AMRNB 0
+%define CONFIG_LIBOPENCORE_AMRWB 0
+%define CONFIG_LIBVO_AMRWBENC 0
+%define CONFIG_RKMPP 0
+%define CONFIG_LIBSMBCLIENT 0
+%define CONFIG_CHROMAPRINT 0
+%define CONFIG_GCRYPT 0
 %define CONFIG_GNUTLS 0
-%define CONFIG_ICONV 0
 %define CONFIG_JNI 0
 %define CONFIG_LADSPA 0
 %define CONFIG_LIBASS 0
 %define CONFIG_LIBBLURAY 0
 %define CONFIG_LIBBS2B 0
 %define CONFIG_LIBCACA 0
-%define CONFIG_LIBCDIO 0
 %define CONFIG_LIBCELT 0
 %define CONFIG_LIBDC1394 0
-%define CONFIG_LIBEBUR128 0
-%define CONFIG_LIBFDK_AAC 0
+%define CONFIG_LIBDRM 0
 %define CONFIG_LIBFLITE 0
 %define CONFIG_LIBFONTCONFIG 0
 %define CONFIG_LIBFREETYPE 0
@@ -432,18 +453,15 @@
 %define CONFIG_LIBKVAZAAR 0
 %define CONFIG_LIBMODPLUG 0
 %define CONFIG_LIBMP3LAME 0
-%define CONFIG_LIBNUT 0
-%define CONFIG_LIBOPENCORE_AMRNB 0
-%define CONFIG_LIBOPENCORE_AMRWB 0
+%define CONFIG_LIBMYSOFA 0
 %define CONFIG_LIBOPENCV 0
 %define CONFIG_LIBOPENH264 0
 %define CONFIG_LIBOPENJPEG 0
 %define CONFIG_LIBOPENMPT 0
 %define CONFIG_LIBOPUS 0
 %define CONFIG_LIBPULSE 0
+%define CONFIG_LIBRSVG 0
 %define CONFIG_LIBRTMP 0
-%define CONFIG_LIBRUBBERBAND 0
-%define CONFIG_LIBSCHROEDINGER 0
 %define CONFIG_LIBSHINE 0
 %define CONFIG_LIBSMBCLIENT 0
 %define CONFIG_LIBSNAPPY 0
@@ -454,53 +472,37 @@
 %define CONFIG_LIBTHEORA 0
 %define CONFIG_LIBTWOLAME 0
 %define CONFIG_LIBV4L2 0
-%define CONFIG_LIBVIDSTAB 0
-%define CONFIG_LIBVO_AMRWBENC 0
+%define CONFIG_LIBVMAF 0
 %define CONFIG_LIBVORBIS 0
 %define CONFIG_LIBVPX 0
 %define CONFIG_LIBWAVPACK 0
 %define CONFIG_LIBWEBP 0
-%define CONFIG_LIBX264 0
-%define CONFIG_LIBX265 0
-%define CONFIG_LIBXAVS 0
-%define CONFIG_LIBXCB 0
-%define CONFIG_LIBXCB_SHM 0
-%define CONFIG_LIBXCB_SHAPE 0
-%define CONFIG_LIBXCB_XFIXES 0
-%define CONFIG_LIBXVID 0
+%define CONFIG_LIBXML2 0
 %define CONFIG_LIBZIMG 0
 %define CONFIG_LIBZMQ 0
 %define CONFIG_LIBZVBI 0
-%define CONFIG_LZMA 0
 %define CONFIG_MEDIACODEC 0
-%define CONFIG_NETCDF 0
 %define CONFIG_OPENAL 0
 %define CONFIG_OPENCL 0
 %define CONFIG_OPENGL 0
-%define CONFIG_OPENSSL 0
-%define CONFIG_SCHANNEL 0
-%define CONFIG_SDL 0
-%define CONFIG_SDL2 0
-%define CONFIG_SECURETRANSPORT 0
-%define CONFIG_VIDEOTOOLBOX 0
-%define CONFIG_X11GRAB 0
-%define CONFIG_XLIB 0
-%define CONFIG_ZLIB 0
 %define CONFIG_AUDIOTOOLBOX 0
-%define CONFIG_CUDA 0
-%define CONFIG_CUVID 0
+%define CONFIG_CRYSTALHD 0
+%define CONFIG_CUDA 1
+%define CONFIG_CUVID 1
 %define CONFIG_D3D11VA 0
 %define CONFIG_DXVA2 0
-%define CONFIG_LIBMFX 0
-%define CONFIG_LIBNPP 0
-%define CONFIG_MMAL 0
-%define CONFIG_NVENC 0
-%define CONFIG_OMX 0
+%define CONFIG_NVENC 1
 %define CONFIG_VAAPI 0
 %define CONFIG_VDA 0
 %define CONFIG_VDPAU 0
-%define CONFIG_VIDEOTOOLBOX_HWACCEL 0
+%define CONFIG_VIDEOTOOLBOX 0
+%define CONFIG_V4L2_M2M 1
 %define CONFIG_XVMC 0
+%define CONFIG_CUDA_SDK 0
+%define CONFIG_LIBNPP 0
+%define CONFIG_LIBMFX 0
+%define CONFIG_MMAL 0
+%define CONFIG_OMX 0
 %define CONFIG_FTRAPV 0
 %define CONFIG_GRAY 0
 %define CONFIG_HARDCODED_TABLES 0
@@ -539,16 +541,27 @@
 %define CONFIG_PIXELUTILS 0
 %define CONFIG_NETWORK 0
 %define CONFIG_RDFT 0
+%define CONFIG_AUTODETECT 0
 %define CONFIG_FONTCONFIG 0
-%define CONFIG_MEMALIGN_HACK 0
+%define CONFIG_LINUX_PERF 0
 %define CONFIG_MEMORY_POISONING 0
 %define CONFIG_NEON_CLOBBER_TEST 0
+%define CONFIG_OSSFUZZ 0
 %define CONFIG_PIC 1
-%define CONFIG_POD2MAN 1
-%define CONFIG_RAISE_MAJOR 0
 %define CONFIG_THUMB 0
 %define CONFIG_VALGRIND_BACKTRACE 0
 %define CONFIG_XMM_CLOBBER_TEST 0
+%define CONFIG_BSFS 1
+%define CONFIG_DECODERS 1
+%define CONFIG_ENCODERS 0
+%define CONFIG_HWACCELS 0
+%define CONFIG_PARSERS 1
+%define CONFIG_INDEVS 0
+%define CONFIG_OUTDEVS 0
+%define CONFIG_FILTERS 0
+%define CONFIG_DEMUXERS 0
+%define CONFIG_MUXERS 0
+%define CONFIG_PROTOCOLS 0
 %define CONFIG_AANDCTTABLES 0
 %define CONFIG_AC3DSP 0
 %define CONFIG_AUDIO_FRAME_QUEUE 0
@@ -566,20 +579,22 @@
 %define CONFIG_FMTCONVERT 0
 %define CONFIG_FRAME_THREAD_ENCODER 0
 %define CONFIG_G722DSP 0
-%define CONFIG_GOLOMB 1
+%define CONFIG_GOLOMB 0
 %define CONFIG_GPLV3 0
 %define CONFIG_H263DSP 0
 %define CONFIG_H264CHROMA 0
 %define CONFIG_H264DSP 0
+%define CONFIG_H264PARSE 0
 %define CONFIG_H264PRED 1
 %define CONFIG_H264QPEL 0
+%define CONFIG_HEVCPARSE 0
 %define CONFIG_HPELDSP 0
 %define CONFIG_HUFFMAN 0
 %define CONFIG_HUFFYUVDSP 0
 %define CONFIG_HUFFYUVENCDSP 0
 %define CONFIG_IDCTDSP 0
 %define CONFIG_IIRFILTER 0
-%define CONFIG_IMDCT15 0
+%define CONFIG_MDCT15 0
 %define CONFIG_INTRAX8 0
 %define CONFIG_ISO_MEDIA 0
 %define CONFIG_IVIDSP 0
@@ -588,12 +603,14 @@
 %define CONFIG_LIBX262 0
 %define CONFIG_LLAUDDSP 0
 %define CONFIG_LLVIDDSP 0
+%define CONFIG_LLVIDENCDSP 0
 %define CONFIG_LPC 0
 %define CONFIG_LZF 0
 %define CONFIG_ME_CMP 0
 %define CONFIG_MPEG_ER 0
 %define CONFIG_MPEGAUDIO 0
 %define CONFIG_MPEGAUDIODSP 0
+%define CONFIG_MPEGAUDIOHEADER 0
 %define CONFIG_MPEGVIDEO 0
 %define CONFIG_MPEGVIDEOENC 0
 %define CONFIG_MSS34DSP 0
@@ -615,1594 +632,19 @@
 %define CONFIG_TEXTUREDSP 0
 %define CONFIG_TEXTUREDSPENC 0
 %define CONFIG_TPELDSP 0
+%define CONFIG_VAAPI_1 0
 %define CONFIG_VAAPI_ENCODE 0
 %define CONFIG_VC1DSP 0
 %define CONFIG_VIDEODSP 1
 %define CONFIG_VP3DSP 0
 %define CONFIG_VP56DSP 0
 %define CONFIG_VP8DSP 1
-%define CONFIG_VT_BT2020 0
 %define CONFIG_WMA_FREQS 0
 %define CONFIG_WMV2DSP 0
-%define CONFIG_AAC_ADTSTOASC_BSF 0
-%define CONFIG_CHOMP_BSF 0
-%define CONFIG_DUMP_EXTRADATA_BSF 0
-%define CONFIG_DCA_CORE_BSF 0
-%define CONFIG_H264_MP4TOANNEXB_BSF 0
-%define CONFIG_HEVC_MP4TOANNEXB_BSF 0
-%define CONFIG_IMX_DUMP_HEADER_BSF 0
-%define CONFIG_MJPEG2JPEG_BSF 0
-%define CONFIG_MJPEGA_DUMP_HEADER_BSF 0
-%define CONFIG_MP3_HEADER_DECOMPRESS_BSF 0
-%define CONFIG_MPEG4_UNPACK_BFRAMES_BSF 0
-%define CONFIG_MOV2TEXTSUB_BSF 0
-%define CONFIG_NOISE_BSF 0
-%define CONFIG_REMOVE_EXTRADATA_BSF 0
-%define CONFIG_TEXT2MOVSUB_BSF 0
-%define CONFIG_VP9_SUPERFRAME_BSF 0
-%define CONFIG_AASC_DECODER 0
-%define CONFIG_AIC_DECODER 0
-%define CONFIG_ALIAS_PIX_DECODER 0
-%define CONFIG_AMV_DECODER 0
-%define CONFIG_ANM_DECODER 0
-%define CONFIG_ANSI_DECODER 0
-%define CONFIG_APNG_DECODER 0
-%define CONFIG_ASV1_DECODER 0
-%define CONFIG_ASV2_DECODER 0
-%define CONFIG_AURA_DECODER 0
-%define CONFIG_AURA2_DECODER 0
-%define CONFIG_AVRP_DECODER 0
-%define CONFIG_AVRN_DECODER 0
-%define CONFIG_AVS_DECODER 0
-%define CONFIG_AVUI_DECODER 0
-%define CONFIG_AYUV_DECODER 0
-%define CONFIG_BETHSOFTVID_DECODER 0
-%define CONFIG_BFI_DECODER 0
-%define CONFIG_BINK_DECODER 0
-%define CONFIG_BMP_DECODER 0
-%define CONFIG_BMV_VIDEO_DECODER 0
-%define CONFIG_BRENDER_PIX_DECODER 0
-%define CONFIG_C93_DECODER 0
-%define CONFIG_CAVS_DECODER 0
-%define CONFIG_CDGRAPHICS_DECODER 0
-%define CONFIG_CDXL_DECODER 0
-%define CONFIG_CFHD_DECODER 0
-%define CONFIG_CINEPAK_DECODER 0
-%define CONFIG_CLJR_DECODER 0
-%define CONFIG_CLLC_DECODER 0
-%define CONFIG_COMFORTNOISE_DECODER 0
-%define CONFIG_CPIA_DECODER 0
-%define CONFIG_CSCD_DECODER 0
-%define CONFIG_CYUV_DECODER 0
-%define CONFIG_DDS_DECODER 0
-%define CONFIG_DFA_DECODER 0
-%define CONFIG_DIRAC_DECODER 0
-%define CONFIG_DNXHD_DECODER 0
-%define CONFIG_DPX_DECODER 0
-%define CONFIG_DSICINVIDEO_DECODER 0
-%define CONFIG_DVAUDIO_DECODER 0
-%define CONFIG_DVVIDEO_DECODER 0
-%define CONFIG_DXA_DECODER 0
-%define CONFIG_DXTORY_DECODER 0
-%define CONFIG_DXV_DECODER 0
-%define CONFIG_EACMV_DECODER 0
-%define CONFIG_EAMAD_DECODER 0
-%define CONFIG_EATGQ_DECODER 0
-%define CONFIG_EATGV_DECODER 0
-%define CONFIG_EATQI_DECODER 0
-%define CONFIG_EIGHTBPS_DECODER 0
-%define CONFIG_EIGHTSVX_EXP_DECODER 0
-%define CONFIG_EIGHTSVX_FIB_DECODER 0
-%define CONFIG_ESCAPE124_DECODER 0
-%define CONFIG_ESCAPE130_DECODER 0
-%define CONFIG_EXR_DECODER 0
-%define CONFIG_FFV1_DECODER 0
-%define CONFIG_FFVHUFF_DECODER 0
-%define CONFIG_FIC_DECODER 0
-%define CONFIG_FLASHSV_DECODER 0
-%define CONFIG_FLASHSV2_DECODER 0
-%define CONFIG_FLIC_DECODER 0
-%define CONFIG_FLV_DECODER 0
-%define CONFIG_FOURXM_DECODER 0
-%define CONFIG_FRAPS_DECODER 0
-%define CONFIG_FRWU_DECODER 0
-%define CONFIG_G2M_DECODER 0
-%define CONFIG_GIF_DECODER 0
-%define CONFIG_H261_DECODER 0
-%define CONFIG_H263_DECODER 0
-%define CONFIG_H263I_DECODER 0
-%define CONFIG_H263P_DECODER 0
-%define CONFIG_H264_DECODER 0
-%define CONFIG_H264_CRYSTALHD_DECODER 0
-%define CONFIG_H264_MEDIACODEC_DECODER 0
-%define CONFIG_H264_MMAL_DECODER 0
-%define CONFIG_H264_QSV_DECODER 0
-%define CONFIG_H264_VDA_DECODER 0
-%define CONFIG_H264_VDPAU_DECODER 0
-%define CONFIG_HAP_DECODER 0
-%define CONFIG_HEVC_DECODER 0
-%define CONFIG_HEVC_QSV_DECODER 0
-%define CONFIG_HNM4_VIDEO_DECODER 0
-%define CONFIG_HQ_HQA_DECODER 0
-%define CONFIG_HQX_DECODER 0
-%define CONFIG_HUFFYUV_DECODER 0
-%define CONFIG_IDCIN_DECODER 0
-%define CONFIG_IFF_ILBM_DECODER 0
-%define CONFIG_INDEO2_DECODER 0
-%define CONFIG_INDEO3_DECODER 0
-%define CONFIG_INDEO4_DECODER 0
-%define CONFIG_INDEO5_DECODER 0
-%define CONFIG_INTERPLAY_VIDEO_DECODER 0
-%define CONFIG_JPEG2000_DECODER 0
-%define CONFIG_JPEGLS_DECODER 0
-%define CONFIG_JV_DECODER 0
-%define CONFIG_KGV1_DECODER 0
-%define CONFIG_KMVC_DECODER 0
-%define CONFIG_LAGARITH_DECODER 0
-%define CONFIG_LOCO_DECODER 0
-%define CONFIG_M101_DECODER 0
-%define CONFIG_MAGICYUV_DECODER 0
-%define CONFIG_MDEC_DECODER 0
-%define CONFIG_MIMIC_DECODER 0
-%define CONFIG_MJPEG_DECODER 0
-%define CONFIG_MJPEGB_DECODER 0
-%define CONFIG_MMVIDEO_DECODER 0
-%define CONFIG_MOTIONPIXELS_DECODER 0
-%define CONFIG_MPEG_XVMC_DECODER 0
-%define CONFIG_MPEG1VIDEO_DECODER 0
-%define CONFIG_MPEG2VIDEO_DECODER 0
-%define CONFIG_MPEG4_DECODER 0
-%define CONFIG_MPEG4_CRYSTALHD_DECODER 0
-%define CONFIG_MPEG4_MMAL_DECODER 0
-%define CONFIG_MPEG4_VDPAU_DECODER 0
-%define CONFIG_MPEGVIDEO_DECODER 0
-%define CONFIG_MPEG_VDPAU_DECODER 0
-%define CONFIG_MPEG1_VDPAU_DECODER 0
-%define CONFIG_MPEG2_MMAL_DECODER 0
-%define CONFIG_MPEG2_CRYSTALHD_DECODER 0
-%define CONFIG_MPEG2_QSV_DECODER 0
-%define CONFIG_MSA1_DECODER 0
-%define CONFIG_MSMPEG4_CRYSTALHD_DECODER 0
-%define CONFIG_MSMPEG4V1_DECODER 0
-%define CONFIG_MSMPEG4V2_DECODER 0
-%define CONFIG_MSMPEG4V3_DECODER 0
-%define CONFIG_MSRLE_DECODER 0
-%define CONFIG_MSS1_DECODER 0
-%define CONFIG_MSS2_DECODER 0
-%define CONFIG_MSVIDEO1_DECODER 0
-%define CONFIG_MSZH_DECODER 0
-%define CONFIG_MTS2_DECODER 0
-%define CONFIG_MVC1_DECODER 0
-%define CONFIG_MVC2_DECODER 0
-%define CONFIG_MXPEG_DECODER 0
-%define CONFIG_NUV_DECODER 0
-%define CONFIG_PAF_VIDEO_DECODER 0
-%define CONFIG_PAM_DECODER 0
-%define CONFIG_PBM_DECODER 0
-%define CONFIG_PCX_DECODER 0
-%define CONFIG_PGM_DECODER 0
-%define CONFIG_PGMYUV_DECODER 0
-%define CONFIG_PICTOR_DECODER 0
-%define CONFIG_PNG_DECODER 0
-%define CONFIG_PPM_DECODER 0
-%define CONFIG_PRORES_DECODER 0
-%define CONFIG_PRORES_LGPL_DECODER 0
-%define CONFIG_PTX_DECODER 0
-%define CONFIG_QDRAW_DECODER 0
-%define CONFIG_QPEG_DECODER 0
-%define CONFIG_QTRLE_DECODER 0
-%define CONFIG_R10K_DECODER 0
-%define CONFIG_R210_DECODER 0
-%define CONFIG_RAWVIDEO_DECODER 0
-%define CONFIG_RL2_DECODER 0
-%define CONFIG_ROQ_DECODER 0
-%define CONFIG_RPZA_DECODER 0
-%define CONFIG_RSCC_DECODER 0
-%define CONFIG_RV10_DECODER 0
-%define CONFIG_RV20_DECODER 0
-%define CONFIG_RV30_DECODER 0
-%define CONFIG_RV40_DECODER 0
-%define CONFIG_S302M_DECODER 0
-%define CONFIG_SANM_DECODER 0
-%define CONFIG_SCREENPRESSO_DECODER 0
-%define CONFIG_SDX2_DPCM_DECODER 0
-%define CONFIG_SGI_DECODER 0
-%define CONFIG_SGIRLE_DECODER 0
-%define CONFIG_SHEERVIDEO_DECODER 0
-%define CONFIG_SMACKER_DECODER 0
-%define CONFIG_SMC_DECODER 0
-%define CONFIG_SMVJPEG_DECODER 0
-%define CONFIG_SNOW_DECODER 0
-%define CONFIG_SP5X_DECODER 0
-%define CONFIG_SUNRAST_DECODER 0
-%define CONFIG_SVQ1_DECODER 0
-%define CONFIG_SVQ3_DECODER 0
-%define CONFIG_TARGA_DECODER 0
-%define CONFIG_TARGA_Y216_DECODER 0
-%define CONFIG_TDSC_DECODER 0
-%define CONFIG_THEORA_DECODER 0
-%define CONFIG_THP_DECODER 0
-%define CONFIG_TIERTEXSEQVIDEO_DECODER 0
-%define CONFIG_TIFF_DECODER 0
-%define CONFIG_TMV_DECODER 0
-%define CONFIG_TRUEMOTION1_DECODER 0
-%define CONFIG_TRUEMOTION2_DECODER 0
-%define CONFIG_TRUEMOTION2RT_DECODER 0
-%define CONFIG_TSCC_DECODER 0
-%define CONFIG_TSCC2_DECODER 0
-%define CONFIG_TXD_DECODER 0
-%define CONFIG_ULTI_DECODER 0
-%define CONFIG_UTVIDEO_DECODER 0
-%define CONFIG_V210_DECODER 0
-%define CONFIG_V210X_DECODER 0
-%define CONFIG_V308_DECODER 0
-%define CONFIG_V408_DECODER 0
-%define CONFIG_V410_DECODER 0
-%define CONFIG_VB_DECODER 0
-%define CONFIG_VBLE_DECODER 0
-%define CONFIG_VC1_DECODER 0
-%define CONFIG_VC1_CRYSTALHD_DECODER 0
-%define CONFIG_VC1_VDPAU_DECODER 0
-%define CONFIG_VC1IMAGE_DECODER 0
-%define CONFIG_VC1_MMAL_DECODER 0
-%define CONFIG_VC1_QSV_DECODER 0
-%define CONFIG_VCR1_DECODER 0
-%define CONFIG_VMDVIDEO_DECODER 0
-%define CONFIG_VMNC_DECODER 0
-%define CONFIG_VP3_DECODER 0
-%define CONFIG_VP5_DECODER 0
-%define CONFIG_VP6_DECODER 0
-%define CONFIG_VP6A_DECODER 0
-%define CONFIG_VP6F_DECODER 0
-%define CONFIG_VP7_DECODER 0
+%define CONFIG_NULL_BSF 1
 %define CONFIG_VP8_DECODER 1
 %define CONFIG_VP9_DECODER 1
-%define CONFIG_VQA_DECODER 0
-%define CONFIG_WEBP_DECODER 0
-%define CONFIG_WMV1_DECODER 0
-%define CONFIG_WMV2_DECODER 0
-%define CONFIG_WMV3_DECODER 0
-%define CONFIG_WMV3_CRYSTALHD_DECODER 0
-%define CONFIG_WMV3_VDPAU_DECODER 0
-%define CONFIG_WMV3IMAGE_DECODER 0
-%define CONFIG_WNV1_DECODER 0
-%define CONFIG_XAN_WC3_DECODER 0
-%define CONFIG_XAN_WC4_DECODER 0
-%define CONFIG_XBM_DECODER 0
-%define CONFIG_XFACE_DECODER 0
-%define CONFIG_XL_DECODER 0
-%define CONFIG_XWD_DECODER 0
-%define CONFIG_Y41P_DECODER 0
-%define CONFIG_YLC_DECODER 0
-%define CONFIG_YOP_DECODER 0
-%define CONFIG_YUV4_DECODER 0
-%define CONFIG_ZERO12V_DECODER 0
-%define CONFIG_ZEROCODEC_DECODER 0
-%define CONFIG_ZLIB_DECODER 0
-%define CONFIG_ZMBV_DECODER 0
-%define CONFIG_AAC_DECODER 0
-%define CONFIG_AAC_FIXED_DECODER 0
-%define CONFIG_AAC_LATM_DECODER 0
-%define CONFIG_AC3_DECODER 0
-%define CONFIG_AC3_FIXED_DECODER 0
-%define CONFIG_ALAC_DECODER 0
-%define CONFIG_ALS_DECODER 0
-%define CONFIG_AMRNB_DECODER 0
-%define CONFIG_AMRWB_DECODER 0
-%define CONFIG_APE_DECODER 0
-%define CONFIG_ATRAC1_DECODER 0
-%define CONFIG_ATRAC3_DECODER 0
-%define CONFIG_ATRAC3P_DECODER 0
-%define CONFIG_BINKAUDIO_DCT_DECODER 0
-%define CONFIG_BINKAUDIO_RDFT_DECODER 0
-%define CONFIG_BMV_AUDIO_DECODER 0
-%define CONFIG_COOK_DECODER 0
-%define CONFIG_DCA_DECODER 0
-%define CONFIG_DSD_LSBF_DECODER 0
-%define CONFIG_DSD_MSBF_DECODER 0
-%define CONFIG_DSD_LSBF_PLANAR_DECODER 0
-%define CONFIG_DSD_MSBF_PLANAR_DECODER 0
-%define CONFIG_DSICINAUDIO_DECODER 0
-%define CONFIG_DSS_SP_DECODER 0
-%define CONFIG_DST_DECODER 0
-%define CONFIG_EAC3_DECODER 0
-%define CONFIG_EVRC_DECODER 0
-%define CONFIG_FFWAVESYNTH_DECODER 0
 %define CONFIG_FLAC_DECODER 1
-%define CONFIG_G723_1_DECODER 0
-%define CONFIG_G729_DECODER 0
-%define CONFIG_GSM_DECODER 0
-%define CONFIG_GSM_MS_DECODER 0
-%define CONFIG_IAC_DECODER 0
-%define CONFIG_IMC_DECODER 0
-%define CONFIG_INTERPLAY_ACM_DECODER 0
-%define CONFIG_MACE3_DECODER 0
-%define CONFIG_MACE6_DECODER 0
-%define CONFIG_METASOUND_DECODER 0
-%define CONFIG_MLP_DECODER 0
-%define CONFIG_MP1_DECODER 0
-%define CONFIG_MP1FLOAT_DECODER 0
-%define CONFIG_MP2_DECODER 0
-%define CONFIG_MP2FLOAT_DECODER 0
-%define CONFIG_MP3_DECODER 0
-%define CONFIG_MP3FLOAT_DECODER 0
-%define CONFIG_MP3ADU_DECODER 0
-%define CONFIG_MP3ADUFLOAT_DECODER 0
-%define CONFIG_MP3ON4_DECODER 0
-%define CONFIG_MP3ON4FLOAT_DECODER 0
-%define CONFIG_MPC7_DECODER 0
-%define CONFIG_MPC8_DECODER 0
-%define CONFIG_NELLYMOSER_DECODER 0
-%define CONFIG_ON2AVC_DECODER 0
-%define CONFIG_OPUS_DECODER 0
-%define CONFIG_PAF_AUDIO_DECODER 0
-%define CONFIG_QCELP_DECODER 0
-%define CONFIG_QDM2_DECODER 0
-%define CONFIG_RA_144_DECODER 0
-%define CONFIG_RA_288_DECODER 0
-%define CONFIG_RALF_DECODER 0
-%define CONFIG_SHORTEN_DECODER 0
-%define CONFIG_SIPR_DECODER 0
-%define CONFIG_SMACKAUD_DECODER 0
-%define CONFIG_SONIC_DECODER 0
-%define CONFIG_TAK_DECODER 0
-%define CONFIG_TRUEHD_DECODER 0
-%define CONFIG_TRUESPEECH_DECODER 0
-%define CONFIG_TTA_DECODER 0
-%define CONFIG_TWINVQ_DECODER 0
-%define CONFIG_VMDAUDIO_DECODER 0
-%define CONFIG_VORBIS_DECODER 0
-%define CONFIG_WAVPACK_DECODER 0
-%define CONFIG_WMALOSSLESS_DECODER 0
-%define CONFIG_WMAPRO_DECODER 0
-%define CONFIG_WMAV1_DECODER 0
-%define CONFIG_WMAV2_DECODER 0
-%define CONFIG_WMAVOICE_DECODER 0
-%define CONFIG_WS_SND1_DECODER 0
-%define CONFIG_XMA1_DECODER 0
-%define CONFIG_XMA2_DECODER 0
-%define CONFIG_PCM_ALAW_DECODER 0
-%define CONFIG_PCM_BLURAY_DECODER 0
-%define CONFIG_PCM_DVD_DECODER 0
-%define CONFIG_PCM_F32BE_DECODER 0
-%define CONFIG_PCM_F32LE_DECODER 0
-%define CONFIG_PCM_F64BE_DECODER 0
-%define CONFIG_PCM_F64LE_DECODER 0
-%define CONFIG_PCM_LXF_DECODER 0
-%define CONFIG_PCM_MULAW_DECODER 0
-%define CONFIG_PCM_S8_DECODER 0
-%define CONFIG_PCM_S8_PLANAR_DECODER 0
-%define CONFIG_PCM_S16BE_DECODER 0
-%define CONFIG_PCM_S16BE_PLANAR_DECODER 0
-%define CONFIG_PCM_S16LE_DECODER 0
-%define CONFIG_PCM_S16LE_PLANAR_DECODER 0
-%define CONFIG_PCM_S24BE_DECODER 0
-%define CONFIG_PCM_S24DAUD_DECODER 0
-%define CONFIG_PCM_S24LE_DECODER 0
-%define CONFIG_PCM_S24LE_PLANAR_DECODER 0
-%define CONFIG_PCM_S32BE_DECODER 0
-%define CONFIG_PCM_S32LE_DECODER 0
-%define CONFIG_PCM_S32LE_PLANAR_DECODER 0
-%define CONFIG_PCM_S64BE_DECODER 0
-%define CONFIG_PCM_S64LE_DECODER 0
-%define CONFIG_PCM_U8_DECODER 0
-%define CONFIG_PCM_U16BE_DECODER 0
-%define CONFIG_PCM_U16LE_DECODER 0
-%define CONFIG_PCM_U24BE_DECODER 0
-%define CONFIG_PCM_U24LE_DECODER 0
-%define CONFIG_PCM_U32BE_DECODER 0
-%define CONFIG_PCM_U32LE_DECODER 0
-%define CONFIG_PCM_ZORK_DECODER 0
-%define CONFIG_INTERPLAY_DPCM_DECODER 0
-%define CONFIG_ROQ_DPCM_DECODER 0
-%define CONFIG_SOL_DPCM_DECODER 0
-%define CONFIG_XAN_DPCM_DECODER 0
-%define CONFIG_ADPCM_4XM_DECODER 0
-%define CONFIG_ADPCM_ADX_DECODER 0
-%define CONFIG_ADPCM_AFC_DECODER 0
-%define CONFIG_ADPCM_AICA_DECODER 0
-%define CONFIG_ADPCM_CT_DECODER 0
-%define CONFIG_ADPCM_DTK_DECODER 0
-%define CONFIG_ADPCM_EA_DECODER 0
-%define CONFIG_ADPCM_EA_MAXIS_XA_DECODER 0
-%define CONFIG_ADPCM_EA_R1_DECODER 0
-%define CONFIG_ADPCM_EA_R2_DECODER 0
-%define CONFIG_ADPCM_EA_R3_DECODER 0
-%define CONFIG_ADPCM_EA_XAS_DECODER 0
-%define CONFIG_ADPCM_G722_DECODER 0
-%define CONFIG_ADPCM_G726_DECODER 0
-%define CONFIG_ADPCM_G726LE_DECODER 0
-%define CONFIG_ADPCM_IMA_AMV_DECODER 0
-%define CONFIG_ADPCM_IMA_APC_DECODER 0
-%define CONFIG_ADPCM_IMA_DAT4_DECODER 0
-%define CONFIG_ADPCM_IMA_DK3_DECODER 0
-%define CONFIG_ADPCM_IMA_DK4_DECODER 0
-%define CONFIG_ADPCM_IMA_EA_EACS_DECODER 0
-%define CONFIG_ADPCM_IMA_EA_SEAD_DECODER 0
-%define CONFIG_ADPCM_IMA_ISS_DECODER 0
-%define CONFIG_ADPCM_IMA_OKI_DECODER 0
-%define CONFIG_ADPCM_IMA_QT_DECODER 0
-%define CONFIG_ADPCM_IMA_RAD_DECODER 0
-%define CONFIG_ADPCM_IMA_SMJPEG_DECODER 0
-%define CONFIG_ADPCM_IMA_WAV_DECODER 0
-%define CONFIG_ADPCM_IMA_WS_DECODER 0
-%define CONFIG_ADPCM_MS_DECODER 0
-%define CONFIG_ADPCM_MTAF_DECODER 0
-%define CONFIG_ADPCM_PSX_DECODER 0
-%define CONFIG_ADPCM_SBPRO_2_DECODER 0
-%define CONFIG_ADPCM_SBPRO_3_DECODER 0
-%define CONFIG_ADPCM_SBPRO_4_DECODER 0
-%define CONFIG_ADPCM_SWF_DECODER 0
-%define CONFIG_ADPCM_THP_DECODER 0
-%define CONFIG_ADPCM_THP_LE_DECODER 0
-%define CONFIG_ADPCM_VIMA_DECODER 0
-%define CONFIG_ADPCM_XA_DECODER 0
-%define CONFIG_ADPCM_YAMAHA_DECODER 0
-%define CONFIG_SSA_DECODER 0
-%define CONFIG_ASS_DECODER 0
-%define CONFIG_CCAPTION_DECODER 0
-%define CONFIG_DVBSUB_DECODER 0
-%define CONFIG_DVDSUB_DECODER 0
-%define CONFIG_JACOSUB_DECODER 0
-%define CONFIG_MICRODVD_DECODER 0
-%define CONFIG_MOVTEXT_DECODER 0
-%define CONFIG_MPL2_DECODER 0
-%define CONFIG_PGSSUB_DECODER 0
-%define CONFIG_PJS_DECODER 0
-%define CONFIG_REALTEXT_DECODER 0
-%define CONFIG_SAMI_DECODER 0
-%define CONFIG_SRT_DECODER 0
-%define CONFIG_STL_DECODER 0
-%define CONFIG_SUBRIP_DECODER 0
-%define CONFIG_SUBVIEWER_DECODER 0
-%define CONFIG_SUBVIEWER1_DECODER 0
-%define CONFIG_TEXT_DECODER 0
-%define CONFIG_VPLAYER_DECODER 0
-%define CONFIG_WEBVTT_DECODER 0
-%define CONFIG_XSUB_DECODER 0
-%define CONFIG_AAC_AT_DECODER 0
-%define CONFIG_AC3_AT_DECODER 0
-%define CONFIG_ADPCM_IMA_QT_AT_DECODER 0
-%define CONFIG_ALAC_AT_DECODER 0
-%define CONFIG_AMR_NB_AT_DECODER 0
-%define CONFIG_EAC3_AT_DECODER 0
-%define CONFIG_GSM_MS_AT_DECODER 0
-%define CONFIG_ILBC_AT_DECODER 0
-%define CONFIG_MP1_AT_DECODER 0
-%define CONFIG_MP2_AT_DECODER 0
-%define CONFIG_MP3_AT_DECODER 0
-%define CONFIG_PCM_ALAW_AT_DECODER 0
-%define CONFIG_PCM_MULAW_AT_DECODER 0
-%define CONFIG_QDMC_AT_DECODER 0
-%define CONFIG_QDM2_AT_DECODER 0
-%define CONFIG_LIBCELT_DECODER 0
-%define CONFIG_LIBFDK_AAC_DECODER 0
-%define CONFIG_LIBGSM_DECODER 0
-%define CONFIG_LIBGSM_MS_DECODER 0
-%define CONFIG_LIBILBC_DECODER 0
-%define CONFIG_LIBOPENCORE_AMRNB_DECODER 0
-%define CONFIG_LIBOPENCORE_AMRWB_DECODER 0
-%define CONFIG_LIBOPENJPEG_DECODER 0
-%define CONFIG_LIBOPUS_DECODER 0
-%define CONFIG_LIBSCHROEDINGER_DECODER 0
-%define CONFIG_LIBSPEEX_DECODER 0
-%define CONFIG_LIBVORBIS_DECODER 0
-%define CONFIG_LIBVPX_VP8_DECODER 0
-%define CONFIG_LIBVPX_VP9_DECODER 0
-%define CONFIG_LIBZVBI_TELETEXT_DECODER 0
-%define CONFIG_BINTEXT_DECODER 0
-%define CONFIG_XBIN_DECODER 0
-%define CONFIG_IDF_DECODER 0
-%define CONFIG_LIBOPENH264_DECODER 0
-%define CONFIG_H263_CUVID_DECODER 0
-%define CONFIG_H264_CUVID_DECODER 0
-%define CONFIG_HEVC_CUVID_DECODER 0
-%define CONFIG_HEVC_MEDIACODEC_DECODER 0
-%define CONFIG_MJPEG_CUVID_DECODER 0
-%define CONFIG_MPEG1_CUVID_DECODER 0
-%define CONFIG_MPEG2_CUVID_DECODER 0
-%define CONFIG_MPEG4_CUVID_DECODER 0
-%define CONFIG_MPEG4_MEDIACODEC_DECODER 0
-%define CONFIG_VC1_CUVID_DECODER 0
-%define CONFIG_VP8_CUVID_DECODER 0
-%define CONFIG_VP8_MEDIACODEC_DECODER 0
-%define CONFIG_VP9_CUVID_DECODER 0
-%define CONFIG_VP9_MEDIACODEC_DECODER 0
-%define CONFIG_AA_DEMUXER 0
-%define CONFIG_AAC_DEMUXER 0
-%define CONFIG_AC3_DEMUXER 0
-%define CONFIG_ACM_DEMUXER 0
-%define CONFIG_ACT_DEMUXER 0
-%define CONFIG_ADF_DEMUXER 0
-%define CONFIG_ADP_DEMUXER 0
-%define CONFIG_ADS_DEMUXER 0
-%define CONFIG_ADX_DEMUXER 0
-%define CONFIG_AEA_DEMUXER 0
-%define CONFIG_AFC_DEMUXER 0
-%define CONFIG_AIFF_DEMUXER 0
-%define CONFIG_AIX_DEMUXER 0
-%define CONFIG_AMR_DEMUXER 0
-%define CONFIG_ANM_DEMUXER 0
-%define CONFIG_APC_DEMUXER 0
-%define CONFIG_APE_DEMUXER 0
-%define CONFIG_APNG_DEMUXER 0
-%define CONFIG_AQTITLE_DEMUXER 0
-%define CONFIG_ASF_DEMUXER 0
-%define CONFIG_ASF_O_DEMUXER 0
-%define CONFIG_ASS_DEMUXER 0
-%define CONFIG_AST_DEMUXER 0
-%define CONFIG_AU_DEMUXER 0
-%define CONFIG_AVI_DEMUXER 0
-%define CONFIG_AVISYNTH_DEMUXER 0
-%define CONFIG_AVR_DEMUXER 0
-%define CONFIG_AVS_DEMUXER 0
-%define CONFIG_BETHSOFTVID_DEMUXER 0
-%define CONFIG_BFI_DEMUXER 0
-%define CONFIG_BINTEXT_DEMUXER 0
-%define CONFIG_BINK_DEMUXER 0
-%define CONFIG_BIT_DEMUXER 0
-%define CONFIG_BMV_DEMUXER 0
-%define CONFIG_BFSTM_DEMUXER 0
-%define CONFIG_BRSTM_DEMUXER 0
-%define CONFIG_BOA_DEMUXER 0
-%define CONFIG_C93_DEMUXER 0
-%define CONFIG_CAF_DEMUXER 0
-%define CONFIG_CAVSVIDEO_DEMUXER 0
-%define CONFIG_CDG_DEMUXER 0
-%define CONFIG_CDXL_DEMUXER 0
-%define CONFIG_CINE_DEMUXER 0
-%define CONFIG_CONCAT_DEMUXER 0
-%define CONFIG_DATA_DEMUXER 0
-%define CONFIG_DAUD_DEMUXER 0
-%define CONFIG_DCSTR_DEMUXER 0
-%define CONFIG_DFA_DEMUXER 0
-%define CONFIG_DIRAC_DEMUXER 0
-%define CONFIG_DNXHD_DEMUXER 0
-%define CONFIG_DSF_DEMUXER 0
-%define CONFIG_DSICIN_DEMUXER 0
-%define CONFIG_DSS_DEMUXER 0
-%define CONFIG_DTS_DEMUXER 0
-%define CONFIG_DTSHD_DEMUXER 0
-%define CONFIG_DV_DEMUXER 0
-%define CONFIG_DVBSUB_DEMUXER 0
-%define CONFIG_DVBTXT_DEMUXER 0
-%define CONFIG_DXA_DEMUXER 0
-%define CONFIG_EA_DEMUXER 0
-%define CONFIG_EA_CDATA_DEMUXER 0
-%define CONFIG_EAC3_DEMUXER 0
-%define CONFIG_EPAF_DEMUXER 0
-%define CONFIG_FFM_DEMUXER 0
-%define CONFIG_FFMETADATA_DEMUXER 0
-%define CONFIG_FILMSTRIP_DEMUXER 0
-%define CONFIG_FLAC_DEMUXER 0
-%define CONFIG_FLIC_DEMUXER 0
-%define CONFIG_FLV_DEMUXER 0
-%define CONFIG_LIVE_FLV_DEMUXER 0
-%define CONFIG_FOURXM_DEMUXER 0
-%define CONFIG_FRM_DEMUXER 0
-%define CONFIG_FSB_DEMUXER 0
-%define CONFIG_G722_DEMUXER 0
-%define CONFIG_G723_1_DEMUXER 0
-%define CONFIG_G729_DEMUXER 0
-%define CONFIG_GENH_DEMUXER 0
-%define CONFIG_GIF_DEMUXER 0
-%define CONFIG_GSM_DEMUXER 0
-%define CONFIG_GXF_DEMUXER 0
-%define CONFIG_H261_DEMUXER 0
-%define CONFIG_H263_DEMUXER 0
-%define CONFIG_H264_DEMUXER 0
-%define CONFIG_HEVC_DEMUXER 0
-%define CONFIG_HLS_DEMUXER 0
-%define CONFIG_HNM_DEMUXER 0
-%define CONFIG_ICO_DEMUXER 0
-%define CONFIG_IDCIN_DEMUXER 0
-%define CONFIG_IDF_DEMUXER 0
-%define CONFIG_IFF_DEMUXER 0
-%define CONFIG_ILBC_DEMUXER 0
-%define CONFIG_IMAGE2_DEMUXER 0
-%define CONFIG_IMAGE2PIPE_DEMUXER 0
-%define CONFIG_IMAGE2_ALIAS_PIX_DEMUXER 0
-%define CONFIG_IMAGE2_BRENDER_PIX_DEMUXER 0
-%define CONFIG_INGENIENT_DEMUXER 0
-%define CONFIG_IPMOVIE_DEMUXER 0
-%define CONFIG_IRCAM_DEMUXER 0
-%define CONFIG_ISS_DEMUXER 0
-%define CONFIG_IV8_DEMUXER 0
-%define CONFIG_IVF_DEMUXER 0
-%define CONFIG_IVR_DEMUXER 0
-%define CONFIG_JACOSUB_DEMUXER 0
-%define CONFIG_JV_DEMUXER 0
-%define CONFIG_LMLM4_DEMUXER 0
-%define CONFIG_LOAS_DEMUXER 0
-%define CONFIG_LRC_DEMUXER 0
-%define CONFIG_LVF_DEMUXER 0
-%define CONFIG_LXF_DEMUXER 0
-%define CONFIG_M4V_DEMUXER 0
-%define CONFIG_MATROSKA_DEMUXER 0
-%define CONFIG_MGSTS_DEMUXER 0
-%define CONFIG_MICRODVD_DEMUXER 0
-%define CONFIG_MJPEG_DEMUXER 0
-%define CONFIG_MLP_DEMUXER 0
-%define CONFIG_MLV_DEMUXER 0
-%define CONFIG_MM_DEMUXER 0
-%define CONFIG_MMF_DEMUXER 0
-%define CONFIG_MOV_DEMUXER 0
-%define CONFIG_MP3_DEMUXER 0
-%define CONFIG_MPC_DEMUXER 0
-%define CONFIG_MPC8_DEMUXER 0
-%define CONFIG_MPEGPS_DEMUXER 0
-%define CONFIG_MPEGTS_DEMUXER 0
-%define CONFIG_MPEGTSRAW_DEMUXER 0
-%define CONFIG_MPEGVIDEO_DEMUXER 0
-%define CONFIG_MPJPEG_DEMUXER 0
-%define CONFIG_MPL2_DEMUXER 0
-%define CONFIG_MPSUB_DEMUXER 0
-%define CONFIG_MSF_DEMUXER 0
-%define CONFIG_MSNWC_TCP_DEMUXER 0
-%define CONFIG_MTAF_DEMUXER 0
-%define CONFIG_MTV_DEMUXER 0
-%define CONFIG_MUSX_DEMUXER 0
-%define CONFIG_MV_DEMUXER 0
-%define CONFIG_MVI_DEMUXER 0
-%define CONFIG_MXF_DEMUXER 0
-%define CONFIG_MXG_DEMUXER 0
-%define CONFIG_NC_DEMUXER 0
-%define CONFIG_NISTSPHERE_DEMUXER 0
-%define CONFIG_NSV_DEMUXER 0
-%define CONFIG_NUT_DEMUXER 0
-%define CONFIG_NUV_DEMUXER 0
-%define CONFIG_OGG_DEMUXER 0
-%define CONFIG_OMA_DEMUXER 0
-%define CONFIG_PAF_DEMUXER 0
-%define CONFIG_PCM_ALAW_DEMUXER 0
-%define CONFIG_PCM_MULAW_DEMUXER 0
-%define CONFIG_PCM_F64BE_DEMUXER 0
-%define CONFIG_PCM_F64LE_DEMUXER 0
-%define CONFIG_PCM_F32BE_DEMUXER 0
-%define CONFIG_PCM_F32LE_DEMUXER 0
-%define CONFIG_PCM_S32BE_DEMUXER 0
-%define CONFIG_PCM_S32LE_DEMUXER 0
-%define CONFIG_PCM_S24BE_DEMUXER 0
-%define CONFIG_PCM_S24LE_DEMUXER 0
-%define CONFIG_PCM_S16BE_DEMUXER 0
-%define CONFIG_PCM_S16LE_DEMUXER 0
-%define CONFIG_PCM_S8_DEMUXER 0
-%define CONFIG_PCM_U32BE_DEMUXER 0
-%define CONFIG_PCM_U32LE_DEMUXER 0
-%define CONFIG_PCM_U24BE_DEMUXER 0
-%define CONFIG_PCM_U24LE_DEMUXER 0
-%define CONFIG_PCM_U16BE_DEMUXER 0
-%define CONFIG_PCM_U16LE_DEMUXER 0
-%define CONFIG_PCM_U8_DEMUXER 0
-%define CONFIG_PJS_DEMUXER 0
-%define CONFIG_PMP_DEMUXER 0
-%define CONFIG_PVA_DEMUXER 0
-%define CONFIG_PVF_DEMUXER 0
-%define CONFIG_QCP_DEMUXER 0
-%define CONFIG_R3D_DEMUXER 0
-%define CONFIG_RAWVIDEO_DEMUXER 0
-%define CONFIG_REALTEXT_DEMUXER 0
-%define CONFIG_REDSPARK_DEMUXER 0
-%define CONFIG_RL2_DEMUXER 0
-%define CONFIG_RM_DEMUXER 0
-%define CONFIG_ROQ_DEMUXER 0
-%define CONFIG_RPL_DEMUXER 0
-%define CONFIG_RSD_DEMUXER 0
-%define CONFIG_RSO_DEMUXER 0
-%define CONFIG_RTP_DEMUXER 0
-%define CONFIG_RTSP_DEMUXER 0
-%define CONFIG_SAMI_DEMUXER 0
-%define CONFIG_SAP_DEMUXER 0
-%define CONFIG_SBG_DEMUXER 0
-%define CONFIG_SDP_DEMUXER 0
-%define CONFIG_SDR2_DEMUXER 0
-%define CONFIG_SEGAFILM_DEMUXER 0
-%define CONFIG_SHORTEN_DEMUXER 0
-%define CONFIG_SIFF_DEMUXER 0
-%define CONFIG_SLN_DEMUXER 0
-%define CONFIG_SMACKER_DEMUXER 0
-%define CONFIG_SMJPEG_DEMUXER 0
-%define CONFIG_SMUSH_DEMUXER 0
-%define CONFIG_SOL_DEMUXER 0
-%define CONFIG_SOX_DEMUXER 0
-%define CONFIG_SPDIF_DEMUXER 0
-%define CONFIG_SRT_DEMUXER 0
-%define CONFIG_STR_DEMUXER 0
-%define CONFIG_STL_DEMUXER 0
-%define CONFIG_SUBVIEWER1_DEMUXER 0
-%define CONFIG_SUBVIEWER_DEMUXER 0
-%define CONFIG_SUP_DEMUXER 0
-%define CONFIG_SVAG_DEMUXER 0
-%define CONFIG_SWF_DEMUXER 0
-%define CONFIG_TAK_DEMUXER 0
-%define CONFIG_TEDCAPTIONS_DEMUXER 0
-%define CONFIG_THP_DEMUXER 0
-%define CONFIG_THREEDOSTR_DEMUXER 0
-%define CONFIG_TIERTEXSEQ_DEMUXER 0
-%define CONFIG_TMV_DEMUXER 0
-%define CONFIG_TRUEHD_DEMUXER 0
-%define CONFIG_TTA_DEMUXER 0
-%define CONFIG_TXD_DEMUXER 0
-%define CONFIG_TTY_DEMUXER 0
-%define CONFIG_V210_DEMUXER 0
-%define CONFIG_V210X_DEMUXER 0
-%define CONFIG_VAG_DEMUXER 0
-%define CONFIG_VC1_DEMUXER 0
-%define CONFIG_VC1T_DEMUXER 0
-%define CONFIG_VIVO_DEMUXER 0
-%define CONFIG_VMD_DEMUXER 0
-%define CONFIG_VOBSUB_DEMUXER 0
-%define CONFIG_VOC_DEMUXER 0
-%define CONFIG_VPK_DEMUXER 0
-%define CONFIG_VPLAYER_DEMUXER 0
-%define CONFIG_VQF_DEMUXER 0
-%define CONFIG_W64_DEMUXER 0
-%define CONFIG_WAV_DEMUXER 0
-%define CONFIG_WC3_DEMUXER 0
-%define CONFIG_WEBM_DASH_MANIFEST_DEMUXER 0
-%define CONFIG_WEBVTT_DEMUXER 0
-%define CONFIG_WSAUD_DEMUXER 0
-%define CONFIG_WSD_DEMUXER 0
-%define CONFIG_WSVQA_DEMUXER 0
-%define CONFIG_WTV_DEMUXER 0
-%define CONFIG_WVE_DEMUXER 0
-%define CONFIG_WV_DEMUXER 0
-%define CONFIG_XA_DEMUXER 0
-%define CONFIG_XBIN_DEMUXER 0
-%define CONFIG_XMV_DEMUXER 0
-%define CONFIG_XVAG_DEMUXER 0
-%define CONFIG_XWMA_DEMUXER 0
-%define CONFIG_YOP_DEMUXER 0
-%define CONFIG_YUV4MPEGPIPE_DEMUXER 0
-%define CONFIG_IMAGE_BMP_PIPE_DEMUXER 0
-%define CONFIG_IMAGE_DDS_PIPE_DEMUXER 0
-%define CONFIG_IMAGE_DPX_PIPE_DEMUXER 0
-%define CONFIG_IMAGE_EXR_PIPE_DEMUXER 0
-%define CONFIG_IMAGE_J2K_PIPE_DEMUXER 0
-%define CONFIG_IMAGE_JPEG_PIPE_DEMUXER 0
-%define CONFIG_IMAGE_JPEGLS_PIPE_DEMUXER 0
-%define CONFIG_IMAGE_PAM_PIPE_DEMUXER 0
-%define CONFIG_IMAGE_PBM_PIPE_DEMUXER 0
-%define CONFIG_IMAGE_PCX_PIPE_DEMUXER 0
-%define CONFIG_IMAGE_PGMYUV_PIPE_DEMUXER 0
-%define CONFIG_IMAGE_PGM_PIPE_DEMUXER 0
-%define CONFIG_IMAGE_PICTOR_PIPE_DEMUXER 0
-%define CONFIG_IMAGE_PNG_PIPE_DEMUXER 0
-%define CONFIG_IMAGE_PPM_PIPE_DEMUXER 0
-%define CONFIG_IMAGE_QDRAW_PIPE_DEMUXER 0
-%define CONFIG_IMAGE_SGI_PIPE_DEMUXER 0
-%define CONFIG_IMAGE_SUNRAST_PIPE_DEMUXER 0
-%define CONFIG_IMAGE_TIFF_PIPE_DEMUXER 0
-%define CONFIG_IMAGE_WEBP_PIPE_DEMUXER 0
-%define CONFIG_LIBGME_DEMUXER 0
-%define CONFIG_LIBMODPLUG_DEMUXER 0
-%define CONFIG_LIBNUT_DEMUXER 0
-%define CONFIG_LIBOPENMPT_DEMUXER 0
-%define CONFIG_A64MULTI_ENCODER 0
-%define CONFIG_A64MULTI5_ENCODER 0
-%define CONFIG_ALIAS_PIX_ENCODER 0
-%define CONFIG_AMV_ENCODER 0
-%define CONFIG_APNG_ENCODER 0
-%define CONFIG_ASV1_ENCODER 0
-%define CONFIG_ASV2_ENCODER 0
-%define CONFIG_AVRP_ENCODER 0
-%define CONFIG_AVUI_ENCODER 0
-%define CONFIG_AYUV_ENCODER 0
-%define CONFIG_BMP_ENCODER 0
-%define CONFIG_CINEPAK_ENCODER 0
-%define CONFIG_CLJR_ENCODER 0
-%define CONFIG_COMFORTNOISE_ENCODER 0
-%define CONFIG_DNXHD_ENCODER 0
-%define CONFIG_DPX_ENCODER 0
-%define CONFIG_DVVIDEO_ENCODER 0
-%define CONFIG_FFV1_ENCODER 0
-%define CONFIG_FFVHUFF_ENCODER 0
-%define CONFIG_FLASHSV_ENCODER 0
-%define CONFIG_FLASHSV2_ENCODER 0
-%define CONFIG_FLV_ENCODER 0
-%define CONFIG_GIF_ENCODER 0
-%define CONFIG_H261_ENCODER 0
-%define CONFIG_H263_ENCODER 0
-%define CONFIG_H263P_ENCODER 0
-%define CONFIG_HAP_ENCODER 0
-%define CONFIG_HUFFYUV_ENCODER 0
-%define CONFIG_JPEG2000_ENCODER 0
-%define CONFIG_JPEGLS_ENCODER 0
-%define CONFIG_LJPEG_ENCODER 0
-%define CONFIG_MJPEG_ENCODER 0
-%define CONFIG_MPEG1VIDEO_ENCODER 0
-%define CONFIG_MPEG2VIDEO_ENCODER 0
-%define CONFIG_MPEG4_ENCODER 0
-%define CONFIG_MSMPEG4V2_ENCODER 0
-%define CONFIG_MSMPEG4V3_ENCODER 0
-%define CONFIG_MSVIDEO1_ENCODER 0
-%define CONFIG_PAM_ENCODER 0
-%define CONFIG_PBM_ENCODER 0
-%define CONFIG_PCX_ENCODER 0
-%define CONFIG_PGM_ENCODER 0
-%define CONFIG_PGMYUV_ENCODER 0
-%define CONFIG_PNG_ENCODER 0
-%define CONFIG_PPM_ENCODER 0
-%define CONFIG_PRORES_ENCODER 0
-%define CONFIG_PRORES_AW_ENCODER 0
-%define CONFIG_PRORES_KS_ENCODER 0
-%define CONFIG_QTRLE_ENCODER 0
-%define CONFIG_R10K_ENCODER 0
-%define CONFIG_R210_ENCODER 0
-%define CONFIG_RAWVIDEO_ENCODER 0
-%define CONFIG_ROQ_ENCODER 0
-%define CONFIG_RV10_ENCODER 0
-%define CONFIG_RV20_ENCODER 0
-%define CONFIG_S302M_ENCODER 0
-%define CONFIG_SGI_ENCODER 0
-%define CONFIG_SNOW_ENCODER 0
-%define CONFIG_SUNRAST_ENCODER 0
-%define CONFIG_SVQ1_ENCODER 0
-%define CONFIG_TARGA_ENCODER 0
-%define CONFIG_TIFF_ENCODER 0
-%define CONFIG_UTVIDEO_ENCODER 0
-%define CONFIG_V210_ENCODER 0
-%define CONFIG_V308_ENCODER 0
-%define CONFIG_V408_ENCODER 0
-%define CONFIG_V410_ENCODER 0
-%define CONFIG_VC2_ENCODER 0
-%define CONFIG_WRAPPED_AVFRAME_ENCODER 0
-%define CONFIG_WMV1_ENCODER 0
-%define CONFIG_WMV2_ENCODER 0
-%define CONFIG_XBM_ENCODER 0
-%define CONFIG_XFACE_ENCODER 0
-%define CONFIG_XWD_ENCODER 0
-%define CONFIG_Y41P_ENCODER 0
-%define CONFIG_YUV4_ENCODER 0
-%define CONFIG_ZLIB_ENCODER 0
-%define CONFIG_ZMBV_ENCODER 0
-%define CONFIG_AAC_ENCODER 0
-%define CONFIG_AC3_ENCODER 0
-%define CONFIG_AC3_FIXED_ENCODER 0
-%define CONFIG_ALAC_ENCODER 0
-%define CONFIG_DCA_ENCODER 0
-%define CONFIG_EAC3_ENCODER 0
-%define CONFIG_FLAC_ENCODER 0
-%define CONFIG_G723_1_ENCODER 0
-%define CONFIG_MLP_ENCODER 0
-%define CONFIG_MP2_ENCODER 0
-%define CONFIG_MP2FIXED_ENCODER 0
-%define CONFIG_NELLYMOSER_ENCODER 0
-%define CONFIG_RA_144_ENCODER 0
-%define CONFIG_SONIC_ENCODER 0
-%define CONFIG_SONIC_LS_ENCODER 0
-%define CONFIG_TRUEHD_ENCODER 0
-%define CONFIG_TTA_ENCODER 0
-%define CONFIG_VORBIS_ENCODER 0
-%define CONFIG_WAVPACK_ENCODER 0
-%define CONFIG_WMAV1_ENCODER 0
-%define CONFIG_WMAV2_ENCODER 0
-%define CONFIG_PCM_ALAW_ENCODER 0
-%define CONFIG_PCM_F32BE_ENCODER 0
-%define CONFIG_PCM_F32LE_ENCODER 0
-%define CONFIG_PCM_F64BE_ENCODER 0
-%define CONFIG_PCM_F64LE_ENCODER 0
-%define CONFIG_PCM_MULAW_ENCODER 0
-%define CONFIG_PCM_S8_ENCODER 0
-%define CONFIG_PCM_S8_PLANAR_ENCODER 0
-%define CONFIG_PCM_S16BE_ENCODER 0
-%define CONFIG_PCM_S16BE_PLANAR_ENCODER 0
-%define CONFIG_PCM_S16LE_ENCODER 0
-%define CONFIG_PCM_S16LE_PLANAR_ENCODER 0
-%define CONFIG_PCM_S24BE_ENCODER 0
-%define CONFIG_PCM_S24DAUD_ENCODER 0
-%define CONFIG_PCM_S24LE_ENCODER 0
-%define CONFIG_PCM_S24LE_PLANAR_ENCODER 0
-%define CONFIG_PCM_S32BE_ENCODER 0
-%define CONFIG_PCM_S32LE_ENCODER 0
-%define CONFIG_PCM_S32LE_PLANAR_ENCODER 0
-%define CONFIG_PCM_S64BE_ENCODER 0
-%define CONFIG_PCM_S64LE_ENCODER 0
-%define CONFIG_PCM_U8_ENCODER 0
-%define CONFIG_PCM_U16BE_ENCODER 0
-%define CONFIG_PCM_U16LE_ENCODER 0
-%define CONFIG_PCM_U24BE_ENCODER 0
-%define CONFIG_PCM_U24LE_ENCODER 0
-%define CONFIG_PCM_U32BE_ENCODER 0
-%define CONFIG_PCM_U32LE_ENCODER 0
-%define CONFIG_ROQ_DPCM_ENCODER 0
-%define CONFIG_ADPCM_ADX_ENCODER 0
-%define CONFIG_ADPCM_G722_ENCODER 0
-%define CONFIG_ADPCM_G726_ENCODER 0
-%define CONFIG_ADPCM_IMA_QT_ENCODER 0
-%define CONFIG_ADPCM_IMA_WAV_ENCODER 0
-%define CONFIG_ADPCM_MS_ENCODER 0
-%define CONFIG_ADPCM_SWF_ENCODER 0
-%define CONFIG_ADPCM_YAMAHA_ENCODER 0
-%define CONFIG_SSA_ENCODER 0
-%define CONFIG_ASS_ENCODER 0
-%define CONFIG_DVBSUB_ENCODER 0
-%define CONFIG_DVDSUB_ENCODER 0
-%define CONFIG_MOVTEXT_ENCODER 0
-%define CONFIG_SRT_ENCODER 0
-%define CONFIG_SUBRIP_ENCODER 0
-%define CONFIG_TEXT_ENCODER 0
-%define CONFIG_WEBVTT_ENCODER 0
-%define CONFIG_XSUB_ENCODER 0
-%define CONFIG_AAC_AT_ENCODER 0
-%define CONFIG_ALAC_AT_ENCODER 0
-%define CONFIG_ILBC_AT_ENCODER 0
-%define CONFIG_PCM_ALAW_AT_ENCODER 0
-%define CONFIG_PCM_MULAW_AT_ENCODER 0
-%define CONFIG_LIBFDK_AAC_ENCODER 0
-%define CONFIG_LIBGSM_ENCODER 0
-%define CONFIG_LIBGSM_MS_ENCODER 0
-%define CONFIG_LIBILBC_ENCODER 0
-%define CONFIG_LIBMP3LAME_ENCODER 0
-%define CONFIG_LIBOPENCORE_AMRNB_ENCODER 0
-%define CONFIG_LIBOPENJPEG_ENCODER 0
-%define CONFIG_LIBOPUS_ENCODER 0
-%define CONFIG_LIBSCHROEDINGER_ENCODER 0
-%define CONFIG_LIBSHINE_ENCODER 0
-%define CONFIG_LIBSPEEX_ENCODER 0
-%define CONFIG_LIBTHEORA_ENCODER 0
-%define CONFIG_LIBTWOLAME_ENCODER 0
-%define CONFIG_LIBVO_AMRWBENC_ENCODER 0
-%define CONFIG_LIBVORBIS_ENCODER 0
-%define CONFIG_LIBVPX_VP8_ENCODER 0
-%define CONFIG_LIBVPX_VP9_ENCODER 0
-%define CONFIG_LIBWAVPACK_ENCODER 0
-%define CONFIG_LIBWEBP_ANIM_ENCODER 0
-%define CONFIG_LIBWEBP_ENCODER 0
-%define CONFIG_LIBX262_ENCODER 0
-%define CONFIG_LIBX264_ENCODER 0
-%define CONFIG_LIBX264RGB_ENCODER 0
-%define CONFIG_LIBX265_ENCODER 0
-%define CONFIG_LIBXAVS_ENCODER 0
-%define CONFIG_LIBXVID_ENCODER 0
-%define CONFIG_LIBOPENH264_ENCODER 0
-%define CONFIG_H264_NVENC_ENCODER 0
-%define CONFIG_H264_OMX_ENCODER 0
-%define CONFIG_H264_QSV_ENCODER 0
-%define CONFIG_H264_VAAPI_ENCODER 0
-%define CONFIG_H264_VIDEOTOOLBOX_ENCODER 0
-%define CONFIG_NVENC_ENCODER 0
-%define CONFIG_NVENC_H264_ENCODER 0
-%define CONFIG_NVENC_HEVC_ENCODER 0
-%define CONFIG_HEVC_NVENC_ENCODER 0
-%define CONFIG_HEVC_QSV_ENCODER 0
-%define CONFIG_HEVC_VAAPI_ENCODER 0
-%define CONFIG_LIBKVAZAAR_ENCODER 0
-%define CONFIG_MJPEG_VAAPI_ENCODER 0
-%define CONFIG_MPEG2_QSV_ENCODER 0
-%define CONFIG_ABENCH_FILTER 0
-%define CONFIG_ACOMPRESSOR_FILTER 0
-%define CONFIG_ACROSSFADE_FILTER 0
-%define CONFIG_ACRUSHER_FILTER 0
-%define CONFIG_ADELAY_FILTER 0
-%define CONFIG_AECHO_FILTER 0
-%define CONFIG_AEMPHASIS_FILTER 0
-%define CONFIG_AEVAL_FILTER 0
-%define CONFIG_AFADE_FILTER 0
-%define CONFIG_AFFTFILT_FILTER 0
-%define CONFIG_AFORMAT_FILTER 0
-%define CONFIG_AGATE_FILTER 0
-%define CONFIG_AINTERLEAVE_FILTER 0
-%define CONFIG_ALIMITER_FILTER 0
-%define CONFIG_ALLPASS_FILTER 0
-%define CONFIG_ALOOP_FILTER 0
-%define CONFIG_AMERGE_FILTER 0
-%define CONFIG_AMETADATA_FILTER 0
-%define CONFIG_AMIX_FILTER 0
-%define CONFIG_ANEQUALIZER_FILTER 0
-%define CONFIG_ANULL_FILTER 0
-%define CONFIG_APAD_FILTER 0
-%define CONFIG_APERMS_FILTER 0
-%define CONFIG_APHASER_FILTER 0
-%define CONFIG_APULSATOR_FILTER 0
-%define CONFIG_AREALTIME_FILTER 0
-%define CONFIG_ARESAMPLE_FILTER 0
-%define CONFIG_AREVERSE_FILTER 0
-%define CONFIG_ASELECT_FILTER 0
-%define CONFIG_ASENDCMD_FILTER 0
-%define CONFIG_ASETNSAMPLES_FILTER 0
-%define CONFIG_ASETPTS_FILTER 0
-%define CONFIG_ASETRATE_FILTER 0
-%define CONFIG_ASETTB_FILTER 0
-%define CONFIG_ASHOWINFO_FILTER 0
-%define CONFIG_ASIDEDATA_FILTER 0
-%define CONFIG_ASPLIT_FILTER 0
-%define CONFIG_ASTATS_FILTER 0
-%define CONFIG_ASTREAMSELECT_FILTER 0
-%define CONFIG_ASYNCTS_FILTER 0
-%define CONFIG_ATEMPO_FILTER 0
-%define CONFIG_ATRIM_FILTER 0
-%define CONFIG_AZMQ_FILTER 0
-%define CONFIG_BANDPASS_FILTER 0
-%define CONFIG_BANDREJECT_FILTER 0
-%define CONFIG_BASS_FILTER 0
-%define CONFIG_BIQUAD_FILTER 0
-%define CONFIG_BS2B_FILTER 0
-%define CONFIG_CHANNELMAP_FILTER 0
-%define CONFIG_CHANNELSPLIT_FILTER 0
-%define CONFIG_CHORUS_FILTER 0
-%define CONFIG_COMPAND_FILTER 0
-%define CONFIG_COMPENSATIONDELAY_FILTER 0
-%define CONFIG_CRYSTALIZER_FILTER 0
-%define CONFIG_DCSHIFT_FILTER 0
-%define CONFIG_DYNAUDNORM_FILTER 0
-%define CONFIG_EARWAX_FILTER 0
-%define CONFIG_EBUR128_FILTER 0
-%define CONFIG_EQUALIZER_FILTER 0
-%define CONFIG_EXTRASTEREO_FILTER 0
-%define CONFIG_FIREQUALIZER_FILTER 0
-%define CONFIG_FLANGER_FILTER 0
-%define CONFIG_HDCD_FILTER 0
-%define CONFIG_HIGHPASS_FILTER 0
-%define CONFIG_JOIN_FILTER 0
-%define CONFIG_LADSPA_FILTER 0
-%define CONFIG_LOUDNORM_FILTER 0
-%define CONFIG_LOWPASS_FILTER 0
-%define CONFIG_PAN_FILTER 0
-%define CONFIG_REPLAYGAIN_FILTER 0
-%define CONFIG_RESAMPLE_FILTER 0
-%define CONFIG_RUBBERBAND_FILTER 0
-%define CONFIG_SIDECHAINCOMPRESS_FILTER 0
-%define CONFIG_SIDECHAINGATE_FILTER 0
-%define CONFIG_SILENCEDETECT_FILTER 0
-%define CONFIG_SILENCEREMOVE_FILTER 0
-%define CONFIG_SOFALIZER_FILTER 0
-%define CONFIG_STEREOTOOLS_FILTER 0
-%define CONFIG_STEREOWIDEN_FILTER 0
-%define CONFIG_TREBLE_FILTER 0
-%define CONFIG_TREMOLO_FILTER 0
-%define CONFIG_VIBRATO_FILTER 0
-%define CONFIG_VOLUME_FILTER 0
-%define CONFIG_VOLUMEDETECT_FILTER 0
-%define CONFIG_AEVALSRC_FILTER 0
-%define CONFIG_ANOISESRC_FILTER 0
-%define CONFIG_ANULLSRC_FILTER 0
-%define CONFIG_FLITE_FILTER 0
-%define CONFIG_SINE_FILTER 0
-%define CONFIG_ANULLSINK_FILTER 0
-%define CONFIG_ALPHAEXTRACT_FILTER 0
-%define CONFIG_ALPHAMERGE_FILTER 0
-%define CONFIG_ASS_FILTER 0
-%define CONFIG_ATADENOISE_FILTER 0
-%define CONFIG_AVGBLUR_FILTER 0
-%define CONFIG_BBOX_FILTER 0
-%define CONFIG_BENCH_FILTER 0
-%define CONFIG_BITPLANENOISE_FILTER 0
-%define CONFIG_BLACKDETECT_FILTER 0
-%define CONFIG_BLACKFRAME_FILTER 0
-%define CONFIG_BLEND_FILTER 0
-%define CONFIG_BOXBLUR_FILTER 0
-%define CONFIG_BWDIF_FILTER 0
-%define CONFIG_CHROMAKEY_FILTER 0
-%define CONFIG_CIESCOPE_FILTER 0
-%define CONFIG_CODECVIEW_FILTER 0
-%define CONFIG_COLORBALANCE_FILTER 0
-%define CONFIG_COLORCHANNELMIXER_FILTER 0
-%define CONFIG_COLORKEY_FILTER 0
-%define CONFIG_COLORLEVELS_FILTER 0
-%define CONFIG_COLORMATRIX_FILTER 0
-%define CONFIG_COLORSPACE_FILTER 0
-%define CONFIG_CONVOLUTION_FILTER 0
-%define CONFIG_COPY_FILTER 0
-%define CONFIG_COREIMAGE_FILTER 0
-%define CONFIG_COVER_RECT_FILTER 0
-%define CONFIG_CROP_FILTER 0
-%define CONFIG_CROPDETECT_FILTER 0
-%define CONFIG_CURVES_FILTER 0
-%define CONFIG_DATASCOPE_FILTER 0
-%define CONFIG_DCTDNOIZ_FILTER 0
-%define CONFIG_DEBAND_FILTER 0
-%define CONFIG_DECIMATE_FILTER 0
-%define CONFIG_DEFLATE_FILTER 0
-%define CONFIG_DEJUDDER_FILTER 0
-%define CONFIG_DELOGO_FILTER 0
-%define CONFIG_DESHAKE_FILTER 0
-%define CONFIG_DETELECINE_FILTER 0
-%define CONFIG_DILATION_FILTER 0
-%define CONFIG_DISPLACE_FILTER 0
-%define CONFIG_DRAWBOX_FILTER 0
-%define CONFIG_DRAWGRAPH_FILTER 0
-%define CONFIG_DRAWGRID_FILTER 0
-%define CONFIG_DRAWTEXT_FILTER 0
-%define CONFIG_EDGEDETECT_FILTER 0
-%define CONFIG_ELBG_FILTER 0
-%define CONFIG_EQ_FILTER 0
-%define CONFIG_EROSION_FILTER 0
-%define CONFIG_EXTRACTPLANES_FILTER 0
-%define CONFIG_FADE_FILTER 0
-%define CONFIG_FFTFILT_FILTER 0
-%define CONFIG_FIELD_FILTER 0
-%define CONFIG_FIELDHINT_FILTER 0
-%define CONFIG_FIELDMATCH_FILTER 0
-%define CONFIG_FIELDORDER_FILTER 0
-%define CONFIG_FIND_RECT_FILTER 0
-%define CONFIG_FORMAT_FILTER 0
-%define CONFIG_FPS_FILTER 0
-%define CONFIG_FRAMEPACK_FILTER 0
-%define CONFIG_FRAMERATE_FILTER 0
-%define CONFIG_FRAMESTEP_FILTER 0
-%define CONFIG_FREI0R_FILTER 0
-%define CONFIG_FSPP_FILTER 0
-%define CONFIG_GBLUR_FILTER 0
-%define CONFIG_GEQ_FILTER 0
-%define CONFIG_GRADFUN_FILTER 0
-%define CONFIG_HALDCLUT_FILTER 0
-%define CONFIG_HFLIP_FILTER 0
-%define CONFIG_HISTEQ_FILTER 0
-%define CONFIG_HISTOGRAM_FILTER 0
-%define CONFIG_HQDN3D_FILTER 0
-%define CONFIG_HQX_FILTER 0
-%define CONFIG_HSTACK_FILTER 0
-%define CONFIG_HUE_FILTER 0
-%define CONFIG_HWDOWNLOAD_FILTER 0
-%define CONFIG_HWUPLOAD_FILTER 0
-%define CONFIG_HWUPLOAD_CUDA_FILTER 0
-%define CONFIG_HYSTERESIS_FILTER 0
-%define CONFIG_IDET_FILTER 0
-%define CONFIG_IL_FILTER 0
-%define CONFIG_INFLATE_FILTER 0
-%define CONFIG_INTERLACE_FILTER 0
-%define CONFIG_INTERLEAVE_FILTER 0
-%define CONFIG_KERNDEINT_FILTER 0
-%define CONFIG_LENSCORRECTION_FILTER 0
-%define CONFIG_LOOP_FILTER 0
-%define CONFIG_LUT_FILTER 0
-%define CONFIG_LUT2_FILTER 0
-%define CONFIG_LUT3D_FILTER 0
-%define CONFIG_LUTRGB_FILTER 0
-%define CONFIG_LUTYUV_FILTER 0
-%define CONFIG_MASKEDCLAMP_FILTER 0
-%define CONFIG_MASKEDMERGE_FILTER 0
-%define CONFIG_MCDEINT_FILTER 0
-%define CONFIG_MERGEPLANES_FILTER 0
-%define CONFIG_MESTIMATE_FILTER 0
-%define CONFIG_METADATA_FILTER 0
-%define CONFIG_MINTERPOLATE_FILTER 0
-%define CONFIG_MPDECIMATE_FILTER 0
-%define CONFIG_NEGATE_FILTER 0
-%define CONFIG_NLMEANS_FILTER 0
-%define CONFIG_NNEDI_FILTER 0
-%define CONFIG_NOFORMAT_FILTER 0
-%define CONFIG_NOISE_FILTER 0
-%define CONFIG_NULL_FILTER 0
-%define CONFIG_OCR_FILTER 0
-%define CONFIG_OCV_FILTER 0
-%define CONFIG_OVERLAY_FILTER 0
-%define CONFIG_OWDENOISE_FILTER 0
-%define CONFIG_PAD_FILTER 0
-%define CONFIG_PALETTEGEN_FILTER 0
-%define CONFIG_PALETTEUSE_FILTER 0
-%define CONFIG_PERMS_FILTER 0
-%define CONFIG_PERSPECTIVE_FILTER 0
-%define CONFIG_PHASE_FILTER 0
-%define CONFIG_PIXDESCTEST_FILTER 0
-%define CONFIG_PP_FILTER 0
-%define CONFIG_PP7_FILTER 0
-%define CONFIG_PREWITT_FILTER 0
-%define CONFIG_PSNR_FILTER 0
-%define CONFIG_PULLUP_FILTER 0
-%define CONFIG_QP_FILTER 0
-%define CONFIG_RANDOM_FILTER 0
-%define CONFIG_READVITC_FILTER 0
-%define CONFIG_REALTIME_FILTER 0
-%define CONFIG_REMAP_FILTER 0
-%define CONFIG_REMOVEGRAIN_FILTER 0
-%define CONFIG_REMOVELOGO_FILTER 0
-%define CONFIG_REPEATFIELDS_FILTER 0
-%define CONFIG_REVERSE_FILTER 0
-%define CONFIG_ROTATE_FILTER 0
-%define CONFIG_SAB_FILTER 0
-%define CONFIG_SCALE_FILTER 0
-%define CONFIG_SCALE_NPP_FILTER 0
-%define CONFIG_SCALE_VAAPI_FILTER 0
-%define CONFIG_SCALE2REF_FILTER 0
-%define CONFIG_SELECT_FILTER 0
-%define CONFIG_SELECTIVECOLOR_FILTER 0
-%define CONFIG_SENDCMD_FILTER 0
-%define CONFIG_SEPARATEFIELDS_FILTER 0
-%define CONFIG_SETDAR_FILTER 0
-%define CONFIG_SETFIELD_FILTER 0
-%define CONFIG_SETPTS_FILTER 0
-%define CONFIG_SETSAR_FILTER 0
-%define CONFIG_SETTB_FILTER 0
-%define CONFIG_SHOWINFO_FILTER 0
-%define CONFIG_SHOWPALETTE_FILTER 0
-%define CONFIG_SHUFFLEFRAMES_FILTER 0
-%define CONFIG_SHUFFLEPLANES_FILTER 0
-%define CONFIG_SIDEDATA_FILTER 0
-%define CONFIG_SIGNALSTATS_FILTER 0
-%define CONFIG_SMARTBLUR_FILTER 0
-%define CONFIG_SOBEL_FILTER 0
-%define CONFIG_SPLIT_FILTER 0
-%define CONFIG_SPP_FILTER 0
-%define CONFIG_SSIM_FILTER 0
-%define CONFIG_STEREO3D_FILTER 0
-%define CONFIG_STREAMSELECT_FILTER 0
-%define CONFIG_SUBTITLES_FILTER 0
-%define CONFIG_SUPER2XSAI_FILTER 0
-%define CONFIG_SWAPRECT_FILTER 0
-%define CONFIG_SWAPUV_FILTER 0
-%define CONFIG_TBLEND_FILTER 0
-%define CONFIG_TELECINE_FILTER 0
-%define CONFIG_THUMBNAIL_FILTER 0
-%define CONFIG_TILE_FILTER 0
-%define CONFIG_TINTERLACE_FILTER 0
-%define CONFIG_TRANSPOSE_FILTER 0
-%define CONFIG_TRIM_FILTER 0
-%define CONFIG_UNSHARP_FILTER 0
-%define CONFIG_USPP_FILTER 0
-%define CONFIG_VAGUEDENOISER_FILTER 0
-%define CONFIG_VECTORSCOPE_FILTER 0
-%define CONFIG_VFLIP_FILTER 0
-%define CONFIG_VIDSTABDETECT_FILTER 0
-%define CONFIG_VIDSTABTRANSFORM_FILTER 0
-%define CONFIG_VIGNETTE_FILTER 0
-%define CONFIG_VSTACK_FILTER 0
-%define CONFIG_W3FDIF_FILTER 0
-%define CONFIG_WAVEFORM_FILTER 0
-%define CONFIG_WEAVE_FILTER 0
-%define CONFIG_XBR_FILTER 0
-%define CONFIG_YADIF_FILTER 0
-%define CONFIG_ZMQ_FILTER 0
-%define CONFIG_ZOOMPAN_FILTER 0
-%define CONFIG_ZSCALE_FILTER 0
-%define CONFIG_ALLRGB_FILTER 0
-%define CONFIG_ALLYUV_FILTER 0
-%define CONFIG_CELLAUTO_FILTER 0
-%define CONFIG_COLOR_FILTER 0
-%define CONFIG_COREIMAGESRC_FILTER 0
-%define CONFIG_FREI0R_SRC_FILTER 0
-%define CONFIG_HALDCLUTSRC_FILTER 0
-%define CONFIG_LIFE_FILTER 0
-%define CONFIG_MANDELBROT_FILTER 0
-%define CONFIG_MPTESTSRC_FILTER 0
-%define CONFIG_NULLSRC_FILTER 0
-%define CONFIG_RGBTESTSRC_FILTER 0
-%define CONFIG_SMPTEBARS_FILTER 0
-%define CONFIG_SMPTEHDBARS_FILTER 0
-%define CONFIG_TESTSRC_FILTER 0
-%define CONFIG_TESTSRC2_FILTER 0
-%define CONFIG_YUVTESTSRC_FILTER 0
-%define CONFIG_NULLSINK_FILTER 0
-%define CONFIG_ADRAWGRAPH_FILTER 0
-%define CONFIG_AHISTOGRAM_FILTER 0
-%define CONFIG_APHASEMETER_FILTER 0
-%define CONFIG_AVECTORSCOPE_FILTER 0
-%define CONFIG_CONCAT_FILTER 0
-%define CONFIG_SHOWCQT_FILTER 0
-%define CONFIG_SHOWFREQS_FILTER 0
-%define CONFIG_SHOWSPECTRUM_FILTER 0
-%define CONFIG_SHOWSPECTRUMPIC_FILTER 0
-%define CONFIG_SHOWVOLUME_FILTER 0
-%define CONFIG_SHOWWAVES_FILTER 0
-%define CONFIG_SHOWWAVESPIC_FILTER 0
-%define CONFIG_SPECTRUMSYNTH_FILTER 0
-%define CONFIG_AMOVIE_FILTER 0
-%define CONFIG_MOVIE_FILTER 0
-%define CONFIG_H263_CUVID_HWACCEL 0
-%define CONFIG_H263_VAAPI_HWACCEL 0
-%define CONFIG_H263_VIDEOTOOLBOX_HWACCEL 0
-%define CONFIG_H264_CUVID_HWACCEL 0
-%define CONFIG_H264_D3D11VA_HWACCEL 0
-%define CONFIG_H264_DXVA2_HWACCEL 0
-%define CONFIG_H264_MEDIACODEC_HWACCEL 0
-%define CONFIG_H264_MMAL_HWACCEL 0
-%define CONFIG_H264_QSV_HWACCEL 0
-%define CONFIG_H264_VAAPI_HWACCEL 0
-%define CONFIG_H264_VDA_HWACCEL 0
-%define CONFIG_H264_VDA_OLD_HWACCEL 0
-%define CONFIG_H264_VDPAU_HWACCEL 0
-%define CONFIG_H264_VIDEOTOOLBOX_HWACCEL 0
-%define CONFIG_HEVC_CUVID_HWACCEL 0
-%define CONFIG_HEVC_D3D11VA_HWACCEL 0
-%define CONFIG_HEVC_DXVA2_HWACCEL 0
-%define CONFIG_HEVC_MEDIACODEC_HWACCEL 0
-%define CONFIG_HEVC_QSV_HWACCEL 0
-%define CONFIG_HEVC_VAAPI_HWACCEL 0
-%define CONFIG_HEVC_VDPAU_HWACCEL 0
-%define CONFIG_MJPEG_CUVID_HWACCEL 0
-%define CONFIG_MPEG1_CUVID_HWACCEL 0
-%define CONFIG_MPEG1_XVMC_HWACCEL 0
-%define CONFIG_MPEG1_VDPAU_HWACCEL 0
-%define CONFIG_MPEG1_VIDEOTOOLBOX_HWACCEL 0
-%define CONFIG_MPEG2_CUVID_HWACCEL 0
-%define CONFIG_MPEG2_XVMC_HWACCEL 0
-%define CONFIG_MPEG2_D3D11VA_HWACCEL 0
-%define CONFIG_MPEG2_DXVA2_HWACCEL 0
-%define CONFIG_MPEG2_MMAL_HWACCEL 0
-%define CONFIG_MPEG2_QSV_HWACCEL 0
-%define CONFIG_MPEG2_VAAPI_HWACCEL 0
-%define CONFIG_MPEG2_VDPAU_HWACCEL 0
-%define CONFIG_MPEG2_VIDEOTOOLBOX_HWACCEL 0
-%define CONFIG_MPEG4_CUVID_HWACCEL 0
-%define CONFIG_MPEG4_MEDIACODEC_HWACCEL 0
-%define CONFIG_MPEG4_MMAL_HWACCEL 0
-%define CONFIG_MPEG4_VAAPI_HWACCEL 0
-%define CONFIG_MPEG4_VDPAU_HWACCEL 0
-%define CONFIG_MPEG4_VIDEOTOOLBOX_HWACCEL 0
-%define CONFIG_VC1_CUVID_HWACCEL 0
-%define CONFIG_VC1_D3D11VA_HWACCEL 0
-%define CONFIG_VC1_DXVA2_HWACCEL 0
-%define CONFIG_VC1_VAAPI_HWACCEL 0
-%define CONFIG_VC1_VDPAU_HWACCEL 0
-%define CONFIG_VC1_MMAL_HWACCEL 0
-%define CONFIG_VC1_QSV_HWACCEL 0
-%define CONFIG_VP8_CUVID_HWACCEL 0
-%define CONFIG_VP8_MEDIACODEC_HWACCEL 0
-%define CONFIG_VP9_CUVID_HWACCEL 0
-%define CONFIG_VP9_D3D11VA_HWACCEL 0
-%define CONFIG_VP9_DXVA2_HWACCEL 0
-%define CONFIG_VP9_MEDIACODEC_HWACCEL 0
-%define CONFIG_VP9_VAAPI_HWACCEL 0
-%define CONFIG_WMV3_D3D11VA_HWACCEL 0
-%define CONFIG_WMV3_DXVA2_HWACCEL 0
-%define CONFIG_WMV3_VAAPI_HWACCEL 0
-%define CONFIG_WMV3_VDPAU_HWACCEL 0
-%define CONFIG_ALSA_INDEV 0
-%define CONFIG_AVFOUNDATION_INDEV 0
-%define CONFIG_BKTR_INDEV 0
-%define CONFIG_DECKLINK_INDEV 0
-%define CONFIG_DSHOW_INDEV 0
-%define CONFIG_DV1394_INDEV 0
-%define CONFIG_FBDEV_INDEV 0
-%define CONFIG_GDIGRAB_INDEV 0
-%define CONFIG_IEC61883_INDEV 0
-%define CONFIG_JACK_INDEV 0
-%define CONFIG_LAVFI_INDEV 0
-%define CONFIG_OPENAL_INDEV 0
-%define CONFIG_OSS_INDEV 0
-%define CONFIG_PULSE_INDEV 0
-%define CONFIG_QTKIT_INDEV 0
-%define CONFIG_SNDIO_INDEV 0
-%define CONFIG_V4L2_INDEV 0
-%define CONFIG_VFWCAP_INDEV 0
-%define CONFIG_X11GRAB_INDEV 0
-%define CONFIG_X11GRAB_XCB_INDEV 0
-%define CONFIG_LIBCDIO_INDEV 0
-%define CONFIG_LIBDC1394_INDEV 0
-%define CONFIG_A64_MUXER 0
-%define CONFIG_AC3_MUXER 0
-%define CONFIG_ADTS_MUXER 0
-%define CONFIG_ADX_MUXER 0
-%define CONFIG_AIFF_MUXER 0
-%define CONFIG_AMR_MUXER 0
-%define CONFIG_APNG_MUXER 0
-%define CONFIG_ASF_MUXER 0
-%define CONFIG_ASS_MUXER 0
-%define CONFIG_AST_MUXER 0
-%define CONFIG_ASF_STREAM_MUXER 0
-%define CONFIG_AU_MUXER 0
-%define CONFIG_AVI_MUXER 0
-%define CONFIG_AVM2_MUXER 0
-%define CONFIG_BIT_MUXER 0
-%define CONFIG_CAF_MUXER 0
-%define CONFIG_CAVSVIDEO_MUXER 0
-%define CONFIG_CRC_MUXER 0
-%define CONFIG_DASH_MUXER 0
-%define CONFIG_DATA_MUXER 0
-%define CONFIG_DAUD_MUXER 0
-%define CONFIG_DIRAC_MUXER 0
-%define CONFIG_DNXHD_MUXER 0
-%define CONFIG_DTS_MUXER 0
-%define CONFIG_DV_MUXER 0
-%define CONFIG_EAC3_MUXER 0
-%define CONFIG_F4V_MUXER 0
-%define CONFIG_FFM_MUXER 0
-%define CONFIG_FFMETADATA_MUXER 0
-%define CONFIG_FIFO_MUXER 0
-%define CONFIG_FILMSTRIP_MUXER 0
-%define CONFIG_FLAC_MUXER 0
-%define CONFIG_FLV_MUXER 0
-%define CONFIG_FRAMECRC_MUXER 0
-%define CONFIG_FRAMEHASH_MUXER 0
-%define CONFIG_FRAMEMD5_MUXER 0
-%define CONFIG_G722_MUXER 0
-%define CONFIG_G723_1_MUXER 0
-%define CONFIG_GIF_MUXER 0
-%define CONFIG_GSM_MUXER 0
-%define CONFIG_GXF_MUXER 0
-%define CONFIG_H261_MUXER 0
-%define CONFIG_H263_MUXER 0
-%define CONFIG_H264_MUXER 0
-%define CONFIG_HASH_MUXER 0
-%define CONFIG_HDS_MUXER 0
-%define CONFIG_HEVC_MUXER 0
-%define CONFIG_HLS_MUXER 0
-%define CONFIG_ICO_MUXER 0
-%define CONFIG_ILBC_MUXER 0
-%define CONFIG_IMAGE2_MUXER 0
-%define CONFIG_IMAGE2PIPE_MUXER 0
-%define CONFIG_IPOD_MUXER 0
-%define CONFIG_IRCAM_MUXER 0
-%define CONFIG_ISMV_MUXER 0
-%define CONFIG_IVF_MUXER 0
-%define CONFIG_JACOSUB_MUXER 0
-%define CONFIG_LATM_MUXER 0
-%define CONFIG_LRC_MUXER 0
-%define CONFIG_M4V_MUXER 0
-%define CONFIG_MD5_MUXER 0
-%define CONFIG_MATROSKA_MUXER 0
-%define CONFIG_MATROSKA_AUDIO_MUXER 0
-%define CONFIG_MICRODVD_MUXER 0
-%define CONFIG_MJPEG_MUXER 0
-%define CONFIG_MLP_MUXER 0
-%define CONFIG_MMF_MUXER 0
-%define CONFIG_MOV_MUXER 0
-%define CONFIG_MP2_MUXER 0
-%define CONFIG_MP3_MUXER 0
-%define CONFIG_MP4_MUXER 0
-%define CONFIG_MPEG1SYSTEM_MUXER 0
-%define CONFIG_MPEG1VCD_MUXER 0
-%define CONFIG_MPEG1VIDEO_MUXER 0
-%define CONFIG_MPEG2DVD_MUXER 0
-%define CONFIG_MPEG2SVCD_MUXER 0
-%define CONFIG_MPEG2VIDEO_MUXER 0
-%define CONFIG_MPEG2VOB_MUXER 0
-%define CONFIG_MPEGTS_MUXER 0
-%define CONFIG_MPJPEG_MUXER 0
-%define CONFIG_MXF_MUXER 0
-%define CONFIG_MXF_D10_MUXER 0
-%define CONFIG_MXF_OPATOM_MUXER 0
-%define CONFIG_NULL_MUXER 0
-%define CONFIG_NUT_MUXER 0
-%define CONFIG_OGA_MUXER 0
-%define CONFIG_OGG_MUXER 0
-%define CONFIG_OGV_MUXER 0
-%define CONFIG_OMA_MUXER 0
-%define CONFIG_OPUS_MUXER 0
-%define CONFIG_PCM_ALAW_MUXER 0
-%define CONFIG_PCM_MULAW_MUXER 0
-%define CONFIG_PCM_F64BE_MUXER 0
-%define CONFIG_PCM_F64LE_MUXER 0
-%define CONFIG_PCM_F32BE_MUXER 0
-%define CONFIG_PCM_F32LE_MUXER 0
-%define CONFIG_PCM_S32BE_MUXER 0
-%define CONFIG_PCM_S32LE_MUXER 0
-%define CONFIG_PCM_S24BE_MUXER 0
-%define CONFIG_PCM_S24LE_MUXER 0
-%define CONFIG_PCM_S16BE_MUXER 0
-%define CONFIG_PCM_S16LE_MUXER 0
-%define CONFIG_PCM_S8_MUXER 0
-%define CONFIG_PCM_U32BE_MUXER 0
-%define CONFIG_PCM_U32LE_MUXER 0
-%define CONFIG_PCM_U24BE_MUXER 0
-%define CONFIG_PCM_U24LE_MUXER 0
-%define CONFIG_PCM_U16BE_MUXER 0
-%define CONFIG_PCM_U16LE_MUXER 0
-%define CONFIG_PCM_U8_MUXER 0
-%define CONFIG_PSP_MUXER 0
-%define CONFIG_RAWVIDEO_MUXER 0
-%define CONFIG_RM_MUXER 0
-%define CONFIG_ROQ_MUXER 0
-%define CONFIG_RSO_MUXER 0
-%define CONFIG_RTP_MUXER 0
-%define CONFIG_RTP_MPEGTS_MUXER 0
-%define CONFIG_RTSP_MUXER 0
-%define CONFIG_SAP_MUXER 0
-%define CONFIG_SEGMENT_MUXER 0
-%define CONFIG_STREAM_SEGMENT_MUXER 0
-%define CONFIG_SINGLEJPEG_MUXER 0
-%define CONFIG_SMJPEG_MUXER 0
-%define CONFIG_SMOOTHSTREAMING_MUXER 0
-%define CONFIG_SOX_MUXER 0
-%define CONFIG_SPX_MUXER 0
-%define CONFIG_SPDIF_MUXER 0
-%define CONFIG_SRT_MUXER 0
-%define CONFIG_SWF_MUXER 0
-%define CONFIG_TEE_MUXER 0
-%define CONFIG_TG2_MUXER 0
-%define CONFIG_TGP_MUXER 0
-%define CONFIG_MKVTIMESTAMP_V2_MUXER 0
-%define CONFIG_TRUEHD_MUXER 0
-%define CONFIG_TTA_MUXER 0
-%define CONFIG_UNCODEDFRAMECRC_MUXER 0
-%define CONFIG_VC1_MUXER 0
-%define CONFIG_VC1T_MUXER 0
-%define CONFIG_VOC_MUXER 0
-%define CONFIG_W64_MUXER 0
-%define CONFIG_WAV_MUXER 0
-%define CONFIG_WEBM_MUXER 0
-%define CONFIG_WEBM_DASH_MANIFEST_MUXER 0
-%define CONFIG_WEBM_CHUNK_MUXER 0
-%define CONFIG_WEBP_MUXER 0
-%define CONFIG_WEBVTT_MUXER 0
-%define CONFIG_WTV_MUXER 0
-%define CONFIG_WV_MUXER 0
-%define CONFIG_YUV4MPEGPIPE_MUXER 0
-%define CONFIG_CHROMAPRINT_MUXER 0
-%define CONFIG_LIBNUT_MUXER 0
-%define CONFIG_ALSA_OUTDEV 0
-%define CONFIG_CACA_OUTDEV 0
-%define CONFIG_DECKLINK_OUTDEV 0
-%define CONFIG_FBDEV_OUTDEV 0
-%define CONFIG_OPENGL_OUTDEV 0
-%define CONFIG_OSS_OUTDEV 0
-%define CONFIG_PULSE_OUTDEV 0
-%define CONFIG_SDL2_OUTDEV 0
-%define CONFIG_SNDIO_OUTDEV 0
-%define CONFIG_V4L2_OUTDEV 0
-%define CONFIG_XV_OUTDEV 0
-%define CONFIG_AAC_PARSER 0
-%define CONFIG_AAC_LATM_PARSER 0
-%define CONFIG_AC3_PARSER 0
-%define CONFIG_ADX_PARSER 0
-%define CONFIG_BMP_PARSER 0
-%define CONFIG_CAVSVIDEO_PARSER 0
-%define CONFIG_COOK_PARSER 0
-%define CONFIG_DCA_PARSER 0
-%define CONFIG_DIRAC_PARSER 0
-%define CONFIG_DNXHD_PARSER 0
-%define CONFIG_DPX_PARSER 0
-%define CONFIG_DVAUDIO_PARSER 0
-%define CONFIG_DVBSUB_PARSER 0
-%define CONFIG_DVDSUB_PARSER 0
-%define CONFIG_DVD_NAV_PARSER 0
-%define CONFIG_FLAC_PARSER 1
-%define CONFIG_G729_PARSER 0
-%define CONFIG_GSM_PARSER 0
-%define CONFIG_H261_PARSER 0
-%define CONFIG_H263_PARSER 0
-%define CONFIG_H264_PARSER 0
-%define CONFIG_HEVC_PARSER 0
-%define CONFIG_MJPEG_PARSER 0
-%define CONFIG_MLP_PARSER 0
-%define CONFIG_MPEG4VIDEO_PARSER 0
-%define CONFIG_MPEGAUDIO_PARSER 0
-%define CONFIG_MPEGVIDEO_PARSER 0
-%define CONFIG_OPUS_PARSER 0
-%define CONFIG_PNG_PARSER 0
-%define CONFIG_PNM_PARSER 0
-%define CONFIG_RV30_PARSER 0
-%define CONFIG_RV40_PARSER 0
-%define CONFIG_TAK_PARSER 0
-%define CONFIG_VC1_PARSER 0
-%define CONFIG_VORBIS_PARSER 0
-%define CONFIG_VP3_PARSER 0
+%define CONFIG_FLAC_PARSER 0
 %define CONFIG_VP8_PARSER 1
 %define CONFIG_VP9_PARSER 1
-%define CONFIG_ASYNC_PROTOCOL 0
-%define CONFIG_BLURAY_PROTOCOL 0
-%define CONFIG_CACHE_PROTOCOL 0
-%define CONFIG_CONCAT_PROTOCOL 0
-%define CONFIG_CRYPTO_PROTOCOL 0
-%define CONFIG_DATA_PROTOCOL 0
-%define CONFIG_FFRTMPCRYPT_PROTOCOL 0
-%define CONFIG_FFRTMPHTTP_PROTOCOL 0
-%define CONFIG_FILE_PROTOCOL 0
-%define CONFIG_FTP_PROTOCOL 0
-%define CONFIG_GOPHER_PROTOCOL 0
-%define CONFIG_HLS_PROTOCOL 0
-%define CONFIG_HTTP_PROTOCOL 0
-%define CONFIG_HTTPPROXY_PROTOCOL 0
-%define CONFIG_HTTPS_PROTOCOL 0
-%define CONFIG_ICECAST_PROTOCOL 0
-%define CONFIG_MMSH_PROTOCOL 0
-%define CONFIG_MMST_PROTOCOL 0
-%define CONFIG_MD5_PROTOCOL 0
-%define CONFIG_PIPE_PROTOCOL 0
-%define CONFIG_RTMP_PROTOCOL 0
-%define CONFIG_RTMPE_PROTOCOL 0
-%define CONFIG_RTMPS_PROTOCOL 0
-%define CONFIG_RTMPT_PROTOCOL 0
-%define CONFIG_RTMPTE_PROTOCOL 0
-%define CONFIG_RTMPTS_PROTOCOL 0
-%define CONFIG_RTP_PROTOCOL 0
-%define CONFIG_SCTP_PROTOCOL 0
-%define CONFIG_SRTP_PROTOCOL 0
-%define CONFIG_SUBFILE_PROTOCOL 0
-%define CONFIG_TEE_PROTOCOL 0
-%define CONFIG_TCP_PROTOCOL 0
-%define CONFIG_TLS_GNUTLS_PROTOCOL 0
-%define CONFIG_TLS_SCHANNEL_PROTOCOL 0
-%define CONFIG_TLS_SECURETRANSPORT_PROTOCOL 0
-%define CONFIG_TLS_OPENSSL_PROTOCOL 0
-%define CONFIG_UDP_PROTOCOL 0
-%define CONFIG_UDPLITE_PROTOCOL 0
-%define CONFIG_UNIX_PROTOCOL 0
-%define CONFIG_LIBRTMP_PROTOCOL 0
-%define CONFIG_LIBRTMPE_PROTOCOL 0
-%define CONFIG_LIBRTMPS_PROTOCOL 0
-%define CONFIG_LIBRTMPT_PROTOCOL 0
-%define CONFIG_LIBRTMPTE_PROTOCOL 0
-%define CONFIG_LIBSSH_PROTOCOL 0
-%define CONFIG_LIBSMBCLIENT_PROTOCOL 0
diff --git a/media/ffvpx/config_unix64.h b/media/ffvpx/config_unix64.h
index 26d6be5d4..97bc765f8 100644
--- a/media/ffvpx/config_unix64.h
+++ b/media/ffvpx/config_unix64.h
@@ -1,12 +1,12 @@
 /* Automatically generated by configure - do not modify! */
 #ifndef FFMPEG_CONFIG_H
 #define FFMPEG_CONFIG_H
-#define FFMPEG_CONFIGURATION "--disable-everything --disable-protocols --disable-demuxers --disable-muxers --disable-filters --disable-programs --disable-doc --disable-parsers --enable-parser=vp8 --enable-parser=vp9 --enable-decoder=vp8 --enable-decoder=vp9 --disable-static --enable-shared --disable-debug --disable-sdl --disable-libxcb --disable-securetransport --disable-iconv --disable-swresample --disable-swscale --disable-avdevice --disable-avfilter --disable-avformat --disable-d3d11va --disable-dxva2 --disable-vaapi --disable-vda --disable-vdpau --disable-videotoolbox --enable-asm --enable-yasm --disable-avx2"
+#define FFMPEG_CONFIGURATION "--disable-everything --disable-protocols --disable-demuxers --disable-muxers --disable-filters --disable-programs --disable-doc --disable-parsers --enable-parser=vp8 --enable-parser=vp9 --enable-decoder=vp8 --enable-decoder=vp9 --disable-static --enable-shared --disable-debug --disable-sdl2 --disable-libxcb --disable-securetransport --disable-iconv --disable-swresample --disable-swscale --disable-avdevice --disable-avfilter --disable-avformat --disable-d3d11va --disable-dxva2 --disable-vaapi --disable-vda --disable-vdpau --disable-videotoolbox --enable-decoder=flac --enable-asm --enable-x86asm"
 #define FFMPEG_LICENSE "LGPL version 2.1 or later"
-#define CONFIG_THIS_YEAR 2016
+#define CONFIG_THIS_YEAR 2017
 #define FFMPEG_DATADIR "/usr/local/share/ffmpeg"
 #define AVCONV_DATADIR "/usr/local/share/ffmpeg"
-#define CC_IDENT "gcc 4.6 (Ubuntu/Linaro 4.6.3-1ubuntu5)"
+#define CC_IDENT "gcc 6.3.0 (Ubuntu 6.3.0-12ubuntu2) 20170406"
 #define av_restrict restrict
 #define EXTERN_PREFIX ""
 #define EXTERN_ASM
@@ -56,7 +56,7 @@
 #define HAVE_AMD3DNOW 1
 #define HAVE_AMD3DNOWEXT 1
 #define HAVE_AVX 1
-#define HAVE_AVX2 0
+#define HAVE_AVX2 1
 #define HAVE_FMA3 1
 #define HAVE_FMA4 1
 #define HAVE_MMX 1
@@ -79,8 +79,8 @@
 #define HAVE_MIPSDSP 0
 #define HAVE_MIPSDSPR2 0
 #define HAVE_MSA 0
-#define HAVE_LOONGSON2 1
-#define HAVE_LOONGSON3 1
+#define HAVE_LOONGSON2 0
+#define HAVE_LOONGSON3 0
 #define HAVE_MMI 0
 #define HAVE_ARMV5TE_EXTERNAL 0
 #define HAVE_ARMV6_EXTERNAL 0
@@ -100,7 +100,7 @@
 #define HAVE_AMD3DNOW_EXTERNAL 1
 #define HAVE_AMD3DNOWEXT_EXTERNAL 1
 #define HAVE_AVX_EXTERNAL 1
-#define HAVE_AVX2_EXTERNAL 0
+#define HAVE_AVX2_EXTERNAL 1
 #define HAVE_FMA3_EXTERNAL 1
 #define HAVE_FMA4_EXTERNAL 1
 #define HAVE_MMX_EXTERNAL 1
@@ -144,7 +144,7 @@
 #define HAVE_AMD3DNOW_INLINE 1
 #define HAVE_AMD3DNOWEXT_INLINE 1
 #define HAVE_AVX_INLINE 1
-#define HAVE_AVX2_INLINE 0
+#define HAVE_AVX2_INLINE 1
 #define HAVE_FMA3_INLINE 1
 #define HAVE_FMA4_INLINE 1
 #define HAVE_MMX_INLINE 1
@@ -178,11 +178,11 @@
 #define HAVE_LOCAL_ALIGNED_16 1
 #define HAVE_LOCAL_ALIGNED_32 1
 #define HAVE_SIMD_ALIGN_16 1
+#define HAVE_SIMD_ALIGN_32 1
 #define HAVE_ATOMICS_GCC 1
 #define HAVE_ATOMICS_SUNCC 0
 #define HAVE_ATOMICS_WIN32 0
 #define HAVE_ATOMIC_CAS_PTR 0
-#define HAVE_ATOMIC_COMPARE_EXCHANGE 0
 #define HAVE_MACHINE_RW_BARRIER 0
 #define HAVE_MEMORYBARRIER 0
 #define HAVE_MM_EMPTY 1
@@ -194,15 +194,16 @@
 #define HAVE_CEXP 1
 #define HAVE_INLINE_ASM 1
 #define HAVE_SYMVER 1
-#define HAVE_YASM 1
+#define HAVE_X86ASM 1
 #define HAVE_BIGENDIAN 0
 #define HAVE_FAST_UNALIGNED 1
-#define HAVE_ALSA_ASOUNDLIB_H 0
 #define HAVE_ALTIVEC_H 0
 #define HAVE_ARPA_INET_H 1
 #define HAVE_ASM_TYPES_H 1
 #define HAVE_CDIO_PARANOIA_H 0
 #define HAVE_CDIO_PARANOIA_PARANOIA_H 0
+#define HAVE_CUDA_H 0
+#define HAVE_D3D11_H 0
 #define HAVE_DISPATCH_DISPATCH_H 0
 #define HAVE_DEV_BKTR_IOCTL_BT848_H 0
 #define HAVE_DEV_BKTR_IOCTL_METEOR_H 0
@@ -212,7 +213,7 @@
 #define HAVE_DIRECT_H 0
 #define HAVE_DIRENT_H 1
 #define HAVE_DLFCN_H 1
-#define HAVE_D3D11_H 0
+#define HAVE_DXGIDEBUG_H 0
 #define HAVE_DXVA_H 0
 #define HAVE_ES2_GL_H 0
 #define HAVE_GSM_H 0
@@ -221,13 +222,15 @@
 #define HAVE_MACHINE_IOCTL_BT848_H 0
 #define HAVE_MACHINE_IOCTL_METEOR_H 0
 #define HAVE_OPENCV2_CORE_CORE_C_H 0
+#define HAVE_OPENJPEG_2_3_OPENJPEG_H 0
+#define HAVE_OPENJPEG_2_2_OPENJPEG_H 0
 #define HAVE_OPENJPEG_2_1_OPENJPEG_H 0
 #define HAVE_OPENJPEG_2_0_OPENJPEG_H 0
 #define HAVE_OPENJPEG_1_5_OPENJPEG_H 0
 #define HAVE_OPENGL_GL3_H 0
 #define HAVE_POLL_H 1
-#define HAVE_SNDIO_H 0
 #define HAVE_SOUNDCARD_H 0
+#define HAVE_STDATOMIC_H 1
 #define HAVE_SYS_MMAN_H 1
 #define HAVE_SYS_PARAM_H 1
 #define HAVE_SYS_RESOURCE_H 1
@@ -279,7 +282,6 @@
 #define HAVE_COMMANDLINETOARGVW 0
 #define HAVE_COTASKMEMFREE 0
 #define HAVE_CRYPTGENRANDOM 0
-#define HAVE_DLOPEN 1
 #define HAVE_FCNTL 1
 #define HAVE_FLT_LIM 1
 #define HAVE_FORK 1
@@ -318,6 +320,7 @@
 #define HAVE_SLEEP 0
 #define HAVE_STRERROR_R 1
 #define HAVE_SYSCONF 1
+#define HAVE_SYSCTL 0
 #define HAVE_USLEEP 1
 #define HAVE_UTGETOSTYPEFROMSTRING 0
 #define HAVE_VIRTUALALLOC 0
@@ -326,11 +329,13 @@
 #define HAVE_OS2THREADS 0
 #define HAVE_W32THREADS 0
 #define HAVE_AS_DN_DIRECTIVE 0
+#define HAVE_AS_FPU_DIRECTIVE 0
 #define HAVE_AS_FUNC 0
 #define HAVE_AS_OBJECT_ARCH 0
 #define HAVE_ASM_MOD_Q 0
 #define HAVE_ATTRIBUTE_MAY_ALIAS 1
 #define HAVE_ATTRIBUTE_PACKED 1
+#define HAVE_BLOCKS_EXTENSION 0
 #define HAVE_EBP_AVAILABLE 1
 #define HAVE_EBX_AVAILABLE 1
 #define HAVE_GNU_AS 0
@@ -347,6 +352,7 @@
 #define HAVE_XFORM_ASM 0
 #define HAVE_XMM_CLOBBERS 1
 #define HAVE_CONDITION_VARIABLE_PTR 0
+#define HAVE_KCMVIDEOCODECTYPE_HEVC 0
 #define HAVE_SOCKLEN_T 1
 #define HAVE_STRUCT_ADDRINFO 1
 #define HAVE_STRUCT_GROUP_SOURCE_REQ 1
@@ -363,36 +369,20 @@
 #define HAVE_STRUCT_V4L2_FRMIVALENUM_DISCRETE 1
 #define HAVE_ATOMICS_NATIVE 1
 #define HAVE_DOS_PATHS 0
-#define HAVE_DXVA2_LIB 0
-#define HAVE_DXVA2API_COBJ 0
 #define HAVE_LIBC_MSVCRT 0
-#define HAVE_LIBDC1394_1 0
-#define HAVE_LIBDC1394_2 0
 #define HAVE_MAKEINFO 0
 #define HAVE_MAKEINFO_HTML 0
 #define HAVE_MMAL_PARAMETER_VIDEO_MAX_NUM_CALLBACKS 0
 #define HAVE_PERL 1
 #define HAVE_POD2MAN 1
-#define HAVE_SDL2 0
 #define HAVE_SECTION_DATA_REL_RO 1
 #define HAVE_TEXI2HTML 0
 #define HAVE_THREADS 1
+#define HAVE_UWP 0
 #define HAVE_VAAPI_DRM 0
 #define HAVE_VAAPI_X11 0
 #define HAVE_VDPAU_X11 0
 #define HAVE_WINRT 0
-#define HAVE_XLIB 0
-#define CONFIG_BSFS 0
-#define CONFIG_DECODERS 1
-#define CONFIG_ENCODERS 0
-#define CONFIG_HWACCELS 0
-#define CONFIG_PARSERS 1
-#define CONFIG_INDEVS 0
-#define CONFIG_OUTDEVS 0
-#define CONFIG_FILTERS 0
-#define CONFIG_DEMUXERS 0
-#define CONFIG_MUXERS 0
-#define CONFIG_PROTOCOLS 0
 #define CONFIG_DOC 0
 #define CONFIG_HTMLPAGES 0
 #define CONFIG_MANPAGES 1
@@ -400,13 +390,17 @@
 #define CONFIG_TXTPAGES 0
 #define CONFIG_AVIO_DIR_CMD_EXAMPLE 1
 #define CONFIG_AVIO_READING_EXAMPLE 1
-#define CONFIG_DECODING_ENCODING_EXAMPLE 0
+#define CONFIG_DECODE_AUDIO_EXAMPLE 1
+#define CONFIG_DECODE_VIDEO_EXAMPLE 1
 #define CONFIG_DEMUXING_DECODING_EXAMPLE 0
+#define CONFIG_ENCODE_AUDIO_EXAMPLE 1
+#define CONFIG_ENCODE_VIDEO_EXAMPLE 1
 #define CONFIG_EXTRACT_MVS_EXAMPLE 0
 #define CONFIG_FILTER_AUDIO_EXAMPLE 0
 #define CONFIG_FILTERING_AUDIO_EXAMPLE 0
 #define CONFIG_FILTERING_VIDEO_EXAMPLE 0
 #define CONFIG_HTTP_MULTICLIENT_EXAMPLE 0
+#define CONFIG_HW_DECODE_EXAMPLE 0
 #define CONFIG_METADATA_EXAMPLE 0
 #define CONFIG_MUXING_EXAMPLE 0
 #define CONFIG_QSVDEC_EXAMPLE 0
@@ -415,27 +409,55 @@
 #define CONFIG_SCALING_VIDEO_EXAMPLE 0
 #define CONFIG_TRANSCODE_AAC_EXAMPLE 0
 #define CONFIG_TRANSCODING_EXAMPLE 0
-#define CONFIG_AVISYNTH 0
+#define CONFIG_ALSA 1
+#define CONFIG_APPKIT 0
+#define CONFIG_AVFOUNDATION 0
 #define CONFIG_BZLIB 0
-#define CONFIG_CHROMAPRINT 0
-#define CONFIG_CRYSTALHD 0
-#define CONFIG_DECKLINK 0
+#define CONFIG_COREIMAGE 0
+#define CONFIG_ICONV 0
+#define CONFIG_JACK 0
+#define CONFIG_LIBXCB 0
+#define CONFIG_LIBXCB_SHM 0
+#define CONFIG_LIBXCB_SHAPE 0
+#define CONFIG_LIBXCB_XFIXES 0
+#define CONFIG_LZMA 1
+#define CONFIG_SCHANNEL 0
+#define CONFIG_SDL2 0
+#define CONFIG_SECURETRANSPORT 0
+#define CONFIG_SNDIO 0
+#define CONFIG_XLIB 1
+#define CONFIG_ZLIB 1
+#define CONFIG_AVISYNTH 0
 #define CONFIG_FREI0R 0
-#define CONFIG_GCRYPT 0
+#define CONFIG_LIBCDIO 0
+#define CONFIG_LIBRUBBERBAND 0
+#define CONFIG_LIBVIDSTAB 0
+#define CONFIG_LIBX264 0
+#define CONFIG_LIBX265 0
+#define CONFIG_LIBXAVS 0
+#define CONFIG_LIBXVID 0
+#define CONFIG_DECKLINK 0
+#define CONFIG_LIBNDI_NEWTEK 0
+#define CONFIG_LIBFDK_AAC 0
+#define CONFIG_OPENSSL 0
 #define CONFIG_GMP 0
+#define CONFIG_LIBOPENCORE_AMRNB 0
+#define CONFIG_LIBOPENCORE_AMRWB 0
+#define CONFIG_LIBVO_AMRWBENC 0
+#define CONFIG_RKMPP 0
+#define CONFIG_LIBSMBCLIENT 0
+#define CONFIG_CHROMAPRINT 0
+#define CONFIG_GCRYPT 0
 #define CONFIG_GNUTLS 0
-#define CONFIG_ICONV 0
 #define CONFIG_JNI 0
 #define CONFIG_LADSPA 0
 #define CONFIG_LIBASS 0
 #define CONFIG_LIBBLURAY 0
 #define CONFIG_LIBBS2B 0
 #define CONFIG_LIBCACA 0
-#define CONFIG_LIBCDIO 0
 #define CONFIG_LIBCELT 0
 #define CONFIG_LIBDC1394 0
-#define CONFIG_LIBEBUR128 0
-#define CONFIG_LIBFDK_AAC 0
+#define CONFIG_LIBDRM 0
 #define CONFIG_LIBFLITE 0
 #define CONFIG_LIBFONTCONFIG 0
 #define CONFIG_LIBFREETYPE 0
@@ -447,18 +469,15 @@
 #define CONFIG_LIBKVAZAAR 0
 #define CONFIG_LIBMODPLUG 0
 #define CONFIG_LIBMP3LAME 0
-#define CONFIG_LIBNUT 0
-#define CONFIG_LIBOPENCORE_AMRNB 0
-#define CONFIG_LIBOPENCORE_AMRWB 0
+#define CONFIG_LIBMYSOFA 0
 #define CONFIG_LIBOPENCV 0
 #define CONFIG_LIBOPENH264 0
 #define CONFIG_LIBOPENJPEG 0
 #define CONFIG_LIBOPENMPT 0
 #define CONFIG_LIBOPUS 0
 #define CONFIG_LIBPULSE 0
+#define CONFIG_LIBRSVG 0
 #define CONFIG_LIBRTMP 0
-#define CONFIG_LIBRUBBERBAND 0
-#define CONFIG_LIBSCHROEDINGER 0
 #define CONFIG_LIBSHINE 0
 #define CONFIG_LIBSMBCLIENT 0
 #define CONFIG_LIBSNAPPY 0
@@ -469,53 +488,37 @@
 #define CONFIG_LIBTHEORA 0
 #define CONFIG_LIBTWOLAME 0
 #define CONFIG_LIBV4L2 0
-#define CONFIG_LIBVIDSTAB 0
-#define CONFIG_LIBVO_AMRWBENC 0
+#define CONFIG_LIBVMAF 0
 #define CONFIG_LIBVORBIS 0
 #define CONFIG_LIBVPX 0
 #define CONFIG_LIBWAVPACK 0
 #define CONFIG_LIBWEBP 0
-#define CONFIG_LIBX264 0
-#define CONFIG_LIBX265 0
-#define CONFIG_LIBXAVS 0
-#define CONFIG_LIBXCB 0
-#define CONFIG_LIBXCB_SHM 0
-#define CONFIG_LIBXCB_SHAPE 0
-#define CONFIG_LIBXCB_XFIXES 0
-#define CONFIG_LIBXVID 0
+#define CONFIG_LIBXML2 0
 #define CONFIG_LIBZIMG 0
 #define CONFIG_LIBZMQ 0
 #define CONFIG_LIBZVBI 0
-#define CONFIG_LZMA 0
 #define CONFIG_MEDIACODEC 0
-#define CONFIG_NETCDF 0
 #define CONFIG_OPENAL 0
 #define CONFIG_OPENCL 0
 #define CONFIG_OPENGL 0
-#define CONFIG_OPENSSL 0
-#define CONFIG_SCHANNEL 0
-#define CONFIG_SDL 0
-#define CONFIG_SDL2 0
-#define CONFIG_SECURETRANSPORT 0
-#define CONFIG_VIDEOTOOLBOX 0
-#define CONFIG_X11GRAB 0
-#define CONFIG_XLIB 0
-#define CONFIG_ZLIB 0
 #define CONFIG_AUDIOTOOLBOX 0
-#define CONFIG_CUDA 0
-#define CONFIG_CUVID 0
+#define CONFIG_CRYSTALHD 0
+#define CONFIG_CUDA 1
+#define CONFIG_CUVID 1
 #define CONFIG_D3D11VA 0
 #define CONFIG_DXVA2 0
-#define CONFIG_LIBMFX 0
-#define CONFIG_LIBNPP 0
-#define CONFIG_MMAL 0
-#define CONFIG_NVENC 0
-#define CONFIG_OMX 0
+#define CONFIG_NVENC 1
 #define CONFIG_VAAPI 0
 #define CONFIG_VDA 0
 #define CONFIG_VDPAU 0
-#define CONFIG_VIDEOTOOLBOX_HWACCEL 0
+#define CONFIG_VIDEOTOOLBOX 0
+#define CONFIG_V4L2_M2M 1
 #define CONFIG_XVMC 0
+#define CONFIG_CUDA_SDK 0
+#define CONFIG_LIBNPP 0
+#define CONFIG_LIBMFX 0
+#define CONFIG_MMAL 0
+#define CONFIG_OMX 0
 #define CONFIG_FTRAPV 0
 #define CONFIG_GRAY 0
 #define CONFIG_HARDCODED_TABLES 0
@@ -554,16 +557,27 @@
 #define CONFIG_PIXELUTILS 0
 #define CONFIG_NETWORK 0
 #define CONFIG_RDFT 0
+#define CONFIG_AUTODETECT 0
 #define CONFIG_FONTCONFIG 0
-#define CONFIG_MEMALIGN_HACK 0
+#define CONFIG_LINUX_PERF 0
 #define CONFIG_MEMORY_POISONING 0
 #define CONFIG_NEON_CLOBBER_TEST 0
+#define CONFIG_OSSFUZZ 0
 #define CONFIG_PIC 1
-#define CONFIG_POD2MAN 1
-#define CONFIG_RAISE_MAJOR 0
 #define CONFIG_THUMB 0
 #define CONFIG_VALGRIND_BACKTRACE 0
 #define CONFIG_XMM_CLOBBER_TEST 0
+#define CONFIG_BSFS 1
+#define CONFIG_DECODERS 1
+#define CONFIG_ENCODERS 0
+#define CONFIG_HWACCELS 0
+#define CONFIG_PARSERS 1
+#define CONFIG_INDEVS 0
+#define CONFIG_OUTDEVS 0
+#define CONFIG_FILTERS 0
+#define CONFIG_DEMUXERS 0
+#define CONFIG_MUXERS 0
+#define CONFIG_PROTOCOLS 0
 #define CONFIG_AANDCTTABLES 0
 #define CONFIG_AC3DSP 0
 #define CONFIG_AUDIO_FRAME_QUEUE 0
@@ -581,20 +595,22 @@
 #define CONFIG_FMTCONVERT 0
 #define CONFIG_FRAME_THREAD_ENCODER 0
 #define CONFIG_G722DSP 0
-#define CONFIG_GOLOMB 1
+#define CONFIG_GOLOMB 0
 #define CONFIG_GPLV3 0
 #define CONFIG_H263DSP 0
 #define CONFIG_H264CHROMA 0
 #define CONFIG_H264DSP 0
+#define CONFIG_H264PARSE 0
 #define CONFIG_H264PRED 1
 #define CONFIG_H264QPEL 0
+#define CONFIG_HEVCPARSE 0
 #define CONFIG_HPELDSP 0
 #define CONFIG_HUFFMAN 0
 #define CONFIG_HUFFYUVDSP 0
 #define CONFIG_HUFFYUVENCDSP 0
 #define CONFIG_IDCTDSP 0
 #define CONFIG_IIRFILTER 0
-#define CONFIG_IMDCT15 0
+#define CONFIG_MDCT15 0
 #define CONFIG_INTRAX8 0
 #define CONFIG_ISO_MEDIA 0
 #define CONFIG_IVIDSP 0
@@ -603,12 +619,14 @@
 #define CONFIG_LIBX262 0
 #define CONFIG_LLAUDDSP 0
 #define CONFIG_LLVIDDSP 0
+#define CONFIG_LLVIDENCDSP 0
 #define CONFIG_LPC 0
 #define CONFIG_LZF 0
 #define CONFIG_ME_CMP 0
 #define CONFIG_MPEG_ER 0
 #define CONFIG_MPEGAUDIO 0
 #define CONFIG_MPEGAUDIODSP 0
+#define CONFIG_MPEGAUDIOHEADER 0
 #define CONFIG_MPEGVIDEO 0
 #define CONFIG_MPEGVIDEOENC 0
 #define CONFIG_MSS34DSP 0
@@ -630,1595 +648,20 @@
 #define CONFIG_TEXTUREDSP 0
 #define CONFIG_TEXTUREDSPENC 0
 #define CONFIG_TPELDSP 0
+#define CONFIG_VAAPI_1 0
 #define CONFIG_VAAPI_ENCODE 0
 #define CONFIG_VC1DSP 0
 #define CONFIG_VIDEODSP 1
 #define CONFIG_VP3DSP 0
 #define CONFIG_VP56DSP 0
 #define CONFIG_VP8DSP 1
-#define CONFIG_VT_BT2020 0
 #define CONFIG_WMA_FREQS 0
 #define CONFIG_WMV2DSP 0
-#define CONFIG_AAC_ADTSTOASC_BSF 0
-#define CONFIG_CHOMP_BSF 0
-#define CONFIG_DUMP_EXTRADATA_BSF 0
-#define CONFIG_DCA_CORE_BSF 0
-#define CONFIG_H264_MP4TOANNEXB_BSF 0
-#define CONFIG_HEVC_MP4TOANNEXB_BSF 0
-#define CONFIG_IMX_DUMP_HEADER_BSF 0
-#define CONFIG_MJPEG2JPEG_BSF 0
-#define CONFIG_MJPEGA_DUMP_HEADER_BSF 0
-#define CONFIG_MP3_HEADER_DECOMPRESS_BSF 0
-#define CONFIG_MPEG4_UNPACK_BFRAMES_BSF 0
-#define CONFIG_MOV2TEXTSUB_BSF 0
-#define CONFIG_NOISE_BSF 0
-#define CONFIG_REMOVE_EXTRADATA_BSF 0
-#define CONFIG_TEXT2MOVSUB_BSF 0
-#define CONFIG_VP9_SUPERFRAME_BSF 0
-#define CONFIG_AASC_DECODER 0
-#define CONFIG_AIC_DECODER 0
-#define CONFIG_ALIAS_PIX_DECODER 0
-#define CONFIG_AMV_DECODER 0
-#define CONFIG_ANM_DECODER 0
-#define CONFIG_ANSI_DECODER 0
-#define CONFIG_APNG_DECODER 0
-#define CONFIG_ASV1_DECODER 0
-#define CONFIG_ASV2_DECODER 0
-#define CONFIG_AURA_DECODER 0
-#define CONFIG_AURA2_DECODER 0
-#define CONFIG_AVRP_DECODER 0
-#define CONFIG_AVRN_DECODER 0
-#define CONFIG_AVS_DECODER 0
-#define CONFIG_AVUI_DECODER 0
-#define CONFIG_AYUV_DECODER 0
-#define CONFIG_BETHSOFTVID_DECODER 0
-#define CONFIG_BFI_DECODER 0
-#define CONFIG_BINK_DECODER 0
-#define CONFIG_BMP_DECODER 0
-#define CONFIG_BMV_VIDEO_DECODER 0
-#define CONFIG_BRENDER_PIX_DECODER 0
-#define CONFIG_C93_DECODER 0
-#define CONFIG_CAVS_DECODER 0
-#define CONFIG_CDGRAPHICS_DECODER 0
-#define CONFIG_CDXL_DECODER 0
-#define CONFIG_CFHD_DECODER 0
-#define CONFIG_CINEPAK_DECODER 0
-#define CONFIG_CLJR_DECODER 0
-#define CONFIG_CLLC_DECODER 0
-#define CONFIG_COMFORTNOISE_DECODER 0
-#define CONFIG_CPIA_DECODER 0
-#define CONFIG_CSCD_DECODER 0
-#define CONFIG_CYUV_DECODER 0
-#define CONFIG_DDS_DECODER 0
-#define CONFIG_DFA_DECODER 0
-#define CONFIG_DIRAC_DECODER 0
-#define CONFIG_DNXHD_DECODER 0
-#define CONFIG_DPX_DECODER 0
-#define CONFIG_DSICINVIDEO_DECODER 0
-#define CONFIG_DVAUDIO_DECODER 0
-#define CONFIG_DVVIDEO_DECODER 0
-#define CONFIG_DXA_DECODER 0
-#define CONFIG_DXTORY_DECODER 0
-#define CONFIG_DXV_DECODER 0
-#define CONFIG_EACMV_DECODER 0
-#define CONFIG_EAMAD_DECODER 0
-#define CONFIG_EATGQ_DECODER 0
-#define CONFIG_EATGV_DECODER 0
-#define CONFIG_EATQI_DECODER 0
-#define CONFIG_EIGHTBPS_DECODER 0
-#define CONFIG_EIGHTSVX_EXP_DECODER 0
-#define CONFIG_EIGHTSVX_FIB_DECODER 0
-#define CONFIG_ESCAPE124_DECODER 0
-#define CONFIG_ESCAPE130_DECODER 0
-#define CONFIG_EXR_DECODER 0
-#define CONFIG_FFV1_DECODER 0
-#define CONFIG_FFVHUFF_DECODER 0
-#define CONFIG_FIC_DECODER 0
-#define CONFIG_FLASHSV_DECODER 0
-#define CONFIG_FLASHSV2_DECODER 0
-#define CONFIG_FLIC_DECODER 0
-#define CONFIG_FLV_DECODER 0
-#define CONFIG_FOURXM_DECODER 0
-#define CONFIG_FRAPS_DECODER 0
-#define CONFIG_FRWU_DECODER 0
-#define CONFIG_G2M_DECODER 0
-#define CONFIG_GIF_DECODER 0
-#define CONFIG_H261_DECODER 0
-#define CONFIG_H263_DECODER 0
-#define CONFIG_H263I_DECODER 0
-#define CONFIG_H263P_DECODER 0
-#define CONFIG_H264_DECODER 0
-#define CONFIG_H264_CRYSTALHD_DECODER 0
-#define CONFIG_H264_MEDIACODEC_DECODER 0
-#define CONFIG_H264_MMAL_DECODER 0
-#define CONFIG_H264_QSV_DECODER 0
-#define CONFIG_H264_VDA_DECODER 0
-#define CONFIG_H264_VDPAU_DECODER 0
-#define CONFIG_HAP_DECODER 0
-#define CONFIG_HEVC_DECODER 0
-#define CONFIG_HEVC_QSV_DECODER 0
-#define CONFIG_HNM4_VIDEO_DECODER 0
-#define CONFIG_HQ_HQA_DECODER 0
-#define CONFIG_HQX_DECODER 0
-#define CONFIG_HUFFYUV_DECODER 0
-#define CONFIG_IDCIN_DECODER 0
-#define CONFIG_IFF_ILBM_DECODER 0
-#define CONFIG_INDEO2_DECODER 0
-#define CONFIG_INDEO3_DECODER 0
-#define CONFIG_INDEO4_DECODER 0
-#define CONFIG_INDEO5_DECODER 0
-#define CONFIG_INTERPLAY_VIDEO_DECODER 0
-#define CONFIG_JPEG2000_DECODER 0
-#define CONFIG_JPEGLS_DECODER 0
-#define CONFIG_JV_DECODER 0
-#define CONFIG_KGV1_DECODER 0
-#define CONFIG_KMVC_DECODER 0
-#define CONFIG_LAGARITH_DECODER 0
-#define CONFIG_LOCO_DECODER 0
-#define CONFIG_M101_DECODER 0
-#define CONFIG_MAGICYUV_DECODER 0
-#define CONFIG_MDEC_DECODER 0
-#define CONFIG_MIMIC_DECODER 0
-#define CONFIG_MJPEG_DECODER 0
-#define CONFIG_MJPEGB_DECODER 0
-#define CONFIG_MMVIDEO_DECODER 0
-#define CONFIG_MOTIONPIXELS_DECODER 0
-#define CONFIG_MPEG_XVMC_DECODER 0
-#define CONFIG_MPEG1VIDEO_DECODER 0
-#define CONFIG_MPEG2VIDEO_DECODER 0
-#define CONFIG_MPEG4_DECODER 0
-#define CONFIG_MPEG4_CRYSTALHD_DECODER 0
-#define CONFIG_MPEG4_MMAL_DECODER 0
-#define CONFIG_MPEG4_VDPAU_DECODER 0
-#define CONFIG_MPEGVIDEO_DECODER 0
-#define CONFIG_MPEG_VDPAU_DECODER 0
-#define CONFIG_MPEG1_VDPAU_DECODER 0
-#define CONFIG_MPEG2_MMAL_DECODER 0
-#define CONFIG_MPEG2_CRYSTALHD_DECODER 0
-#define CONFIG_MPEG2_QSV_DECODER 0
-#define CONFIG_MSA1_DECODER 0
-#define CONFIG_MSMPEG4_CRYSTALHD_DECODER 0
-#define CONFIG_MSMPEG4V1_DECODER 0
-#define CONFIG_MSMPEG4V2_DECODER 0
-#define CONFIG_MSMPEG4V3_DECODER 0
-#define CONFIG_MSRLE_DECODER 0
-#define CONFIG_MSS1_DECODER 0
-#define CONFIG_MSS2_DECODER 0
-#define CONFIG_MSVIDEO1_DECODER 0
-#define CONFIG_MSZH_DECODER 0
-#define CONFIG_MTS2_DECODER 0
-#define CONFIG_MVC1_DECODER 0
-#define CONFIG_MVC2_DECODER 0
-#define CONFIG_MXPEG_DECODER 0
-#define CONFIG_NUV_DECODER 0
-#define CONFIG_PAF_VIDEO_DECODER 0
-#define CONFIG_PAM_DECODER 0
-#define CONFIG_PBM_DECODER 0
-#define CONFIG_PCX_DECODER 0
-#define CONFIG_PGM_DECODER 0
-#define CONFIG_PGMYUV_DECODER 0
-#define CONFIG_PICTOR_DECODER 0
-#define CONFIG_PNG_DECODER 0
-#define CONFIG_PPM_DECODER 0
-#define CONFIG_PRORES_DECODER 0
-#define CONFIG_PRORES_LGPL_DECODER 0
-#define CONFIG_PTX_DECODER 0
-#define CONFIG_QDRAW_DECODER 0
-#define CONFIG_QPEG_DECODER 0
-#define CONFIG_QTRLE_DECODER 0
-#define CONFIG_R10K_DECODER 0
-#define CONFIG_R210_DECODER 0
-#define CONFIG_RAWVIDEO_DECODER 0
-#define CONFIG_RL2_DECODER 0
-#define CONFIG_ROQ_DECODER 0
-#define CONFIG_RPZA_DECODER 0
-#define CONFIG_RSCC_DECODER 0
-#define CONFIG_RV10_DECODER 0
-#define CONFIG_RV20_DECODER 0
-#define CONFIG_RV30_DECODER 0
-#define CONFIG_RV40_DECODER 0
-#define CONFIG_S302M_DECODER 0
-#define CONFIG_SANM_DECODER 0
-#define CONFIG_SCREENPRESSO_DECODER 0
-#define CONFIG_SDX2_DPCM_DECODER 0
-#define CONFIG_SGI_DECODER 0
-#define CONFIG_SGIRLE_DECODER 0
-#define CONFIG_SHEERVIDEO_DECODER 0
-#define CONFIG_SMACKER_DECODER 0
-#define CONFIG_SMC_DECODER 0
-#define CONFIG_SMVJPEG_DECODER 0
-#define CONFIG_SNOW_DECODER 0
-#define CONFIG_SP5X_DECODER 0
-#define CONFIG_SUNRAST_DECODER 0
-#define CONFIG_SVQ1_DECODER 0
-#define CONFIG_SVQ3_DECODER 0
-#define CONFIG_TARGA_DECODER 0
-#define CONFIG_TARGA_Y216_DECODER 0
-#define CONFIG_TDSC_DECODER 0
-#define CONFIG_THEORA_DECODER 0
-#define CONFIG_THP_DECODER 0
-#define CONFIG_TIERTEXSEQVIDEO_DECODER 0
-#define CONFIG_TIFF_DECODER 0
-#define CONFIG_TMV_DECODER 0
-#define CONFIG_TRUEMOTION1_DECODER 0
-#define CONFIG_TRUEMOTION2_DECODER 0
-#define CONFIG_TRUEMOTION2RT_DECODER 0
-#define CONFIG_TSCC_DECODER 0
-#define CONFIG_TSCC2_DECODER 0
-#define CONFIG_TXD_DECODER 0
-#define CONFIG_ULTI_DECODER 0
-#define CONFIG_UTVIDEO_DECODER 0
-#define CONFIG_V210_DECODER 0
-#define CONFIG_V210X_DECODER 0
-#define CONFIG_V308_DECODER 0
-#define CONFIG_V408_DECODER 0
-#define CONFIG_V410_DECODER 0
-#define CONFIG_VB_DECODER 0
-#define CONFIG_VBLE_DECODER 0
-#define CONFIG_VC1_DECODER 0
-#define CONFIG_VC1_CRYSTALHD_DECODER 0
-#define CONFIG_VC1_VDPAU_DECODER 0
-#define CONFIG_VC1IMAGE_DECODER 0
-#define CONFIG_VC1_MMAL_DECODER 0
-#define CONFIG_VC1_QSV_DECODER 0
-#define CONFIG_VCR1_DECODER 0
-#define CONFIG_VMDVIDEO_DECODER 0
-#define CONFIG_VMNC_DECODER 0
-#define CONFIG_VP3_DECODER 0
-#define CONFIG_VP5_DECODER 0
-#define CONFIG_VP6_DECODER 0
-#define CONFIG_VP6A_DECODER 0
-#define CONFIG_VP6F_DECODER 0
-#define CONFIG_VP7_DECODER 0
+#define CONFIG_NULL_BSF 1
 #define CONFIG_VP8_DECODER 1
 #define CONFIG_VP9_DECODER 1
-#define CONFIG_VQA_DECODER 0
-#define CONFIG_WEBP_DECODER 0
-#define CONFIG_WMV1_DECODER 0
-#define CONFIG_WMV2_DECODER 0
-#define CONFIG_WMV3_DECODER 0
-#define CONFIG_WMV3_CRYSTALHD_DECODER 0
-#define CONFIG_WMV3_VDPAU_DECODER 0
-#define CONFIG_WMV3IMAGE_DECODER 0
-#define CONFIG_WNV1_DECODER 0
-#define CONFIG_XAN_WC3_DECODER 0
-#define CONFIG_XAN_WC4_DECODER 0
-#define CONFIG_XBM_DECODER 0
-#define CONFIG_XFACE_DECODER 0
-#define CONFIG_XL_DECODER 0
-#define CONFIG_XWD_DECODER 0
-#define CONFIG_Y41P_DECODER 0
-#define CONFIG_YLC_DECODER 0
-#define CONFIG_YOP_DECODER 0
-#define CONFIG_YUV4_DECODER 0
-#define CONFIG_ZERO12V_DECODER 0
-#define CONFIG_ZEROCODEC_DECODER 0
-#define CONFIG_ZLIB_DECODER 0
-#define CONFIG_ZMBV_DECODER 0
-#define CONFIG_AAC_DECODER 0
-#define CONFIG_AAC_FIXED_DECODER 0
-#define CONFIG_AAC_LATM_DECODER 0
-#define CONFIG_AC3_DECODER 0
-#define CONFIG_AC3_FIXED_DECODER 0
-#define CONFIG_ALAC_DECODER 0
-#define CONFIG_ALS_DECODER 0
-#define CONFIG_AMRNB_DECODER 0
-#define CONFIG_AMRWB_DECODER 0
-#define CONFIG_APE_DECODER 0
-#define CONFIG_ATRAC1_DECODER 0
-#define CONFIG_ATRAC3_DECODER 0
-#define CONFIG_ATRAC3P_DECODER 0
-#define CONFIG_BINKAUDIO_DCT_DECODER 0
-#define CONFIG_BINKAUDIO_RDFT_DECODER 0
-#define CONFIG_BMV_AUDIO_DECODER 0
-#define CONFIG_COOK_DECODER 0
-#define CONFIG_DCA_DECODER 0
-#define CONFIG_DSD_LSBF_DECODER 0
-#define CONFIG_DSD_MSBF_DECODER 0
-#define CONFIG_DSD_LSBF_PLANAR_DECODER 0
-#define CONFIG_DSD_MSBF_PLANAR_DECODER 0
-#define CONFIG_DSICINAUDIO_DECODER 0
-#define CONFIG_DSS_SP_DECODER 0
-#define CONFIG_DST_DECODER 0
-#define CONFIG_EAC3_DECODER 0
-#define CONFIG_EVRC_DECODER 0
-#define CONFIG_FFWAVESYNTH_DECODER 0
 #define CONFIG_FLAC_DECODER 1
-#define CONFIG_G723_1_DECODER 0
-#define CONFIG_G729_DECODER 0
-#define CONFIG_GSM_DECODER 0
-#define CONFIG_GSM_MS_DECODER 0
-#define CONFIG_IAC_DECODER 0
-#define CONFIG_IMC_DECODER 0
-#define CONFIG_INTERPLAY_ACM_DECODER 0
-#define CONFIG_MACE3_DECODER 0
-#define CONFIG_MACE6_DECODER 0
-#define CONFIG_METASOUND_DECODER 0
-#define CONFIG_MLP_DECODER 0
-#define CONFIG_MP1_DECODER 0
-#define CONFIG_MP1FLOAT_DECODER 0
-#define CONFIG_MP2_DECODER 0
-#define CONFIG_MP2FLOAT_DECODER 0
-#define CONFIG_MP3_DECODER 0
-#define CONFIG_MP3FLOAT_DECODER 0
-#define CONFIG_MP3ADU_DECODER 0
-#define CONFIG_MP3ADUFLOAT_DECODER 0
-#define CONFIG_MP3ON4_DECODER 0
-#define CONFIG_MP3ON4FLOAT_DECODER 0
-#define CONFIG_MPC7_DECODER 0
-#define CONFIG_MPC8_DECODER 0
-#define CONFIG_NELLYMOSER_DECODER 0
-#define CONFIG_ON2AVC_DECODER 0
-#define CONFIG_OPUS_DECODER 0
-#define CONFIG_PAF_AUDIO_DECODER 0
-#define CONFIG_QCELP_DECODER 0
-#define CONFIG_QDM2_DECODER 0
-#define CONFIG_RA_144_DECODER 0
-#define CONFIG_RA_288_DECODER 0
-#define CONFIG_RALF_DECODER 0
-#define CONFIG_SHORTEN_DECODER 0
-#define CONFIG_SIPR_DECODER 0
-#define CONFIG_SMACKAUD_DECODER 0
-#define CONFIG_SONIC_DECODER 0
-#define CONFIG_TAK_DECODER 0
-#define CONFIG_TRUEHD_DECODER 0
-#define CONFIG_TRUESPEECH_DECODER 0
-#define CONFIG_TTA_DECODER 0
-#define CONFIG_TWINVQ_DECODER 0
-#define CONFIG_VMDAUDIO_DECODER 0
-#define CONFIG_VORBIS_DECODER 0
-#define CONFIG_WAVPACK_DECODER 0
-#define CONFIG_WMALOSSLESS_DECODER 0
-#define CONFIG_WMAPRO_DECODER 0
-#define CONFIG_WMAV1_DECODER 0
-#define CONFIG_WMAV2_DECODER 0
-#define CONFIG_WMAVOICE_DECODER 0
-#define CONFIG_WS_SND1_DECODER 0
-#define CONFIG_XMA1_DECODER 0
-#define CONFIG_XMA2_DECODER 0
-#define CONFIG_PCM_ALAW_DECODER 0
-#define CONFIG_PCM_BLURAY_DECODER 0
-#define CONFIG_PCM_DVD_DECODER 0
-#define CONFIG_PCM_F32BE_DECODER 0
-#define CONFIG_PCM_F32LE_DECODER 0
-#define CONFIG_PCM_F64BE_DECODER 0
-#define CONFIG_PCM_F64LE_DECODER 0
-#define CONFIG_PCM_LXF_DECODER 0
-#define CONFIG_PCM_MULAW_DECODER 0
-#define CONFIG_PCM_S8_DECODER 0
-#define CONFIG_PCM_S8_PLANAR_DECODER 0
-#define CONFIG_PCM_S16BE_DECODER 0
-#define CONFIG_PCM_S16BE_PLANAR_DECODER 0
-#define CONFIG_PCM_S16LE_DECODER 0
-#define CONFIG_PCM_S16LE_PLANAR_DECODER 0
-#define CONFIG_PCM_S24BE_DECODER 0
-#define CONFIG_PCM_S24DAUD_DECODER 0
-#define CONFIG_PCM_S24LE_DECODER 0
-#define CONFIG_PCM_S24LE_PLANAR_DECODER 0
-#define CONFIG_PCM_S32BE_DECODER 0
-#define CONFIG_PCM_S32LE_DECODER 0
-#define CONFIG_PCM_S32LE_PLANAR_DECODER 0
-#define CONFIG_PCM_S64BE_DECODER 0
-#define CONFIG_PCM_S64LE_DECODER 0
-#define CONFIG_PCM_U8_DECODER 0
-#define CONFIG_PCM_U16BE_DECODER 0
-#define CONFIG_PCM_U16LE_DECODER 0
-#define CONFIG_PCM_U24BE_DECODER 0
-#define CONFIG_PCM_U24LE_DECODER 0
-#define CONFIG_PCM_U32BE_DECODER 0
-#define CONFIG_PCM_U32LE_DECODER 0
-#define CONFIG_PCM_ZORK_DECODER 0
-#define CONFIG_INTERPLAY_DPCM_DECODER 0
-#define CONFIG_ROQ_DPCM_DECODER 0
-#define CONFIG_SOL_DPCM_DECODER 0
-#define CONFIG_XAN_DPCM_DECODER 0
-#define CONFIG_ADPCM_4XM_DECODER 0
-#define CONFIG_ADPCM_ADX_DECODER 0
-#define CONFIG_ADPCM_AFC_DECODER 0
-#define CONFIG_ADPCM_AICA_DECODER 0
-#define CONFIG_ADPCM_CT_DECODER 0
-#define CONFIG_ADPCM_DTK_DECODER 0
-#define CONFIG_ADPCM_EA_DECODER 0
-#define CONFIG_ADPCM_EA_MAXIS_XA_DECODER 0
-#define CONFIG_ADPCM_EA_R1_DECODER 0
-#define CONFIG_ADPCM_EA_R2_DECODER 0
-#define CONFIG_ADPCM_EA_R3_DECODER 0
-#define CONFIG_ADPCM_EA_XAS_DECODER 0
-#define CONFIG_ADPCM_G722_DECODER 0
-#define CONFIG_ADPCM_G726_DECODER 0
-#define CONFIG_ADPCM_G726LE_DECODER 0
-#define CONFIG_ADPCM_IMA_AMV_DECODER 0
-#define CONFIG_ADPCM_IMA_APC_DECODER 0
-#define CONFIG_ADPCM_IMA_DAT4_DECODER 0
-#define CONFIG_ADPCM_IMA_DK3_DECODER 0
-#define CONFIG_ADPCM_IMA_DK4_DECODER 0
-#define CONFIG_ADPCM_IMA_EA_EACS_DECODER 0
-#define CONFIG_ADPCM_IMA_EA_SEAD_DECODER 0
-#define CONFIG_ADPCM_IMA_ISS_DECODER 0
-#define CONFIG_ADPCM_IMA_OKI_DECODER 0
-#define CONFIG_ADPCM_IMA_QT_DECODER 0
-#define CONFIG_ADPCM_IMA_RAD_DECODER 0
-#define CONFIG_ADPCM_IMA_SMJPEG_DECODER 0
-#define CONFIG_ADPCM_IMA_WAV_DECODER 0
-#define CONFIG_ADPCM_IMA_WS_DECODER 0
-#define CONFIG_ADPCM_MS_DECODER 0
-#define CONFIG_ADPCM_MTAF_DECODER 0
-#define CONFIG_ADPCM_PSX_DECODER 0
-#define CONFIG_ADPCM_SBPRO_2_DECODER 0
-#define CONFIG_ADPCM_SBPRO_3_DECODER 0
-#define CONFIG_ADPCM_SBPRO_4_DECODER 0
-#define CONFIG_ADPCM_SWF_DECODER 0
-#define CONFIG_ADPCM_THP_DECODER 0
-#define CONFIG_ADPCM_THP_LE_DECODER 0
-#define CONFIG_ADPCM_VIMA_DECODER 0
-#define CONFIG_ADPCM_XA_DECODER 0
-#define CONFIG_ADPCM_YAMAHA_DECODER 0
-#define CONFIG_SSA_DECODER 0
-#define CONFIG_ASS_DECODER 0
-#define CONFIG_CCAPTION_DECODER 0
-#define CONFIG_DVBSUB_DECODER 0
-#define CONFIG_DVDSUB_DECODER 0
-#define CONFIG_JACOSUB_DECODER 0
-#define CONFIG_MICRODVD_DECODER 0
-#define CONFIG_MOVTEXT_DECODER 0
-#define CONFIG_MPL2_DECODER 0
-#define CONFIG_PGSSUB_DECODER 0
-#define CONFIG_PJS_DECODER 0
-#define CONFIG_REALTEXT_DECODER 0
-#define CONFIG_SAMI_DECODER 0
-#define CONFIG_SRT_DECODER 0
-#define CONFIG_STL_DECODER 0
-#define CONFIG_SUBRIP_DECODER 0
-#define CONFIG_SUBVIEWER_DECODER 0
-#define CONFIG_SUBVIEWER1_DECODER 0
-#define CONFIG_TEXT_DECODER 0
-#define CONFIG_VPLAYER_DECODER 0
-#define CONFIG_WEBVTT_DECODER 0
-#define CONFIG_XSUB_DECODER 0
-#define CONFIG_AAC_AT_DECODER 0
-#define CONFIG_AC3_AT_DECODER 0
-#define CONFIG_ADPCM_IMA_QT_AT_DECODER 0
-#define CONFIG_ALAC_AT_DECODER 0
-#define CONFIG_AMR_NB_AT_DECODER 0
-#define CONFIG_EAC3_AT_DECODER 0
-#define CONFIG_GSM_MS_AT_DECODER 0
-#define CONFIG_ILBC_AT_DECODER 0
-#define CONFIG_MP1_AT_DECODER 0
-#define CONFIG_MP2_AT_DECODER 0
-#define CONFIG_MP3_AT_DECODER 0
-#define CONFIG_PCM_ALAW_AT_DECODER 0
-#define CONFIG_PCM_MULAW_AT_DECODER 0
-#define CONFIG_QDMC_AT_DECODER 0
-#define CONFIG_QDM2_AT_DECODER 0
-#define CONFIG_LIBCELT_DECODER 0
-#define CONFIG_LIBFDK_AAC_DECODER 0
-#define CONFIG_LIBGSM_DECODER 0
-#define CONFIG_LIBGSM_MS_DECODER 0
-#define CONFIG_LIBILBC_DECODER 0
-#define CONFIG_LIBOPENCORE_AMRNB_DECODER 0
-#define CONFIG_LIBOPENCORE_AMRWB_DECODER 0
-#define CONFIG_LIBOPENJPEG_DECODER 0
-#define CONFIG_LIBOPUS_DECODER 0
-#define CONFIG_LIBSCHROEDINGER_DECODER 0
-#define CONFIG_LIBSPEEX_DECODER 0
-#define CONFIG_LIBVORBIS_DECODER 0
-#define CONFIG_LIBVPX_VP8_DECODER 0
-#define CONFIG_LIBVPX_VP9_DECODER 0
-#define CONFIG_LIBZVBI_TELETEXT_DECODER 0
-#define CONFIG_BINTEXT_DECODER 0
-#define CONFIG_XBIN_DECODER 0
-#define CONFIG_IDF_DECODER 0
-#define CONFIG_LIBOPENH264_DECODER 0
-#define CONFIG_H263_CUVID_DECODER 0
-#define CONFIG_H264_CUVID_DECODER 0
-#define CONFIG_HEVC_CUVID_DECODER 0
-#define CONFIG_HEVC_MEDIACODEC_DECODER 0
-#define CONFIG_MJPEG_CUVID_DECODER 0
-#define CONFIG_MPEG1_CUVID_DECODER 0
-#define CONFIG_MPEG2_CUVID_DECODER 0
-#define CONFIG_MPEG4_CUVID_DECODER 0
-#define CONFIG_MPEG4_MEDIACODEC_DECODER 0
-#define CONFIG_VC1_CUVID_DECODER 0
-#define CONFIG_VP8_CUVID_DECODER 0
-#define CONFIG_VP8_MEDIACODEC_DECODER 0
-#define CONFIG_VP9_CUVID_DECODER 0
-#define CONFIG_VP9_MEDIACODEC_DECODER 0
-#define CONFIG_AA_DEMUXER 0
-#define CONFIG_AAC_DEMUXER 0
-#define CONFIG_AC3_DEMUXER 0
-#define CONFIG_ACM_DEMUXER 0
-#define CONFIG_ACT_DEMUXER 0
-#define CONFIG_ADF_DEMUXER 0
-#define CONFIG_ADP_DEMUXER 0
-#define CONFIG_ADS_DEMUXER 0
-#define CONFIG_ADX_DEMUXER 0
-#define CONFIG_AEA_DEMUXER 0
-#define CONFIG_AFC_DEMUXER 0
-#define CONFIG_AIFF_DEMUXER 0
-#define CONFIG_AIX_DEMUXER 0
-#define CONFIG_AMR_DEMUXER 0
-#define CONFIG_ANM_DEMUXER 0
-#define CONFIG_APC_DEMUXER 0
-#define CONFIG_APE_DEMUXER 0
-#define CONFIG_APNG_DEMUXER 0
-#define CONFIG_AQTITLE_DEMUXER 0
-#define CONFIG_ASF_DEMUXER 0
-#define CONFIG_ASF_O_DEMUXER 0
-#define CONFIG_ASS_DEMUXER 0
-#define CONFIG_AST_DEMUXER 0
-#define CONFIG_AU_DEMUXER 0
-#define CONFIG_AVI_DEMUXER 0
-#define CONFIG_AVISYNTH_DEMUXER 0
-#define CONFIG_AVR_DEMUXER 0
-#define CONFIG_AVS_DEMUXER 0
-#define CONFIG_BETHSOFTVID_DEMUXER 0
-#define CONFIG_BFI_DEMUXER 0
-#define CONFIG_BINTEXT_DEMUXER 0
-#define CONFIG_BINK_DEMUXER 0
-#define CONFIG_BIT_DEMUXER 0
-#define CONFIG_BMV_DEMUXER 0
-#define CONFIG_BFSTM_DEMUXER 0
-#define CONFIG_BRSTM_DEMUXER 0
-#define CONFIG_BOA_DEMUXER 0
-#define CONFIG_C93_DEMUXER 0
-#define CONFIG_CAF_DEMUXER 0
-#define CONFIG_CAVSVIDEO_DEMUXER 0
-#define CONFIG_CDG_DEMUXER 0
-#define CONFIG_CDXL_DEMUXER 0
-#define CONFIG_CINE_DEMUXER 0
-#define CONFIG_CONCAT_DEMUXER 0
-#define CONFIG_DATA_DEMUXER 0
-#define CONFIG_DAUD_DEMUXER 0
-#define CONFIG_DCSTR_DEMUXER 0
-#define CONFIG_DFA_DEMUXER 0
-#define CONFIG_DIRAC_DEMUXER 0
-#define CONFIG_DNXHD_DEMUXER 0
-#define CONFIG_DSF_DEMUXER 0
-#define CONFIG_DSICIN_DEMUXER 0
-#define CONFIG_DSS_DEMUXER 0
-#define CONFIG_DTS_DEMUXER 0
-#define CONFIG_DTSHD_DEMUXER 0
-#define CONFIG_DV_DEMUXER 0
-#define CONFIG_DVBSUB_DEMUXER 0
-#define CONFIG_DVBTXT_DEMUXER 0
-#define CONFIG_DXA_DEMUXER 0
-#define CONFIG_EA_DEMUXER 0
-#define CONFIG_EA_CDATA_DEMUXER 0
-#define CONFIG_EAC3_DEMUXER 0
-#define CONFIG_EPAF_DEMUXER 0
-#define CONFIG_FFM_DEMUXER 0
-#define CONFIG_FFMETADATA_DEMUXER 0
-#define CONFIG_FILMSTRIP_DEMUXER 0
-#define CONFIG_FLAC_DEMUXER 0
-#define CONFIG_FLIC_DEMUXER 0
-#define CONFIG_FLV_DEMUXER 0
-#define CONFIG_LIVE_FLV_DEMUXER 0
-#define CONFIG_FOURXM_DEMUXER 0
-#define CONFIG_FRM_DEMUXER 0
-#define CONFIG_FSB_DEMUXER 0
-#define CONFIG_G722_DEMUXER 0
-#define CONFIG_G723_1_DEMUXER 0
-#define CONFIG_G729_DEMUXER 0
-#define CONFIG_GENH_DEMUXER 0
-#define CONFIG_GIF_DEMUXER 0
-#define CONFIG_GSM_DEMUXER 0
-#define CONFIG_GXF_DEMUXER 0
-#define CONFIG_H261_DEMUXER 0
-#define CONFIG_H263_DEMUXER 0
-#define CONFIG_H264_DEMUXER 0
-#define CONFIG_HEVC_DEMUXER 0
-#define CONFIG_HLS_DEMUXER 0
-#define CONFIG_HNM_DEMUXER 0
-#define CONFIG_ICO_DEMUXER 0
-#define CONFIG_IDCIN_DEMUXER 0
-#define CONFIG_IDF_DEMUXER 0
-#define CONFIG_IFF_DEMUXER 0
-#define CONFIG_ILBC_DEMUXER 0
-#define CONFIG_IMAGE2_DEMUXER 0
-#define CONFIG_IMAGE2PIPE_DEMUXER 0
-#define CONFIG_IMAGE2_ALIAS_PIX_DEMUXER 0
-#define CONFIG_IMAGE2_BRENDER_PIX_DEMUXER 0
-#define CONFIG_INGENIENT_DEMUXER 0
-#define CONFIG_IPMOVIE_DEMUXER 0
-#define CONFIG_IRCAM_DEMUXER 0
-#define CONFIG_ISS_DEMUXER 0
-#define CONFIG_IV8_DEMUXER 0
-#define CONFIG_IVF_DEMUXER 0
-#define CONFIG_IVR_DEMUXER 0
-#define CONFIG_JACOSUB_DEMUXER 0
-#define CONFIG_JV_DEMUXER 0
-#define CONFIG_LMLM4_DEMUXER 0
-#define CONFIG_LOAS_DEMUXER 0
-#define CONFIG_LRC_DEMUXER 0
-#define CONFIG_LVF_DEMUXER 0
-#define CONFIG_LXF_DEMUXER 0
-#define CONFIG_M4V_DEMUXER 0
-#define CONFIG_MATROSKA_DEMUXER 0
-#define CONFIG_MGSTS_DEMUXER 0
-#define CONFIG_MICRODVD_DEMUXER 0
-#define CONFIG_MJPEG_DEMUXER 0
-#define CONFIG_MLP_DEMUXER 0
-#define CONFIG_MLV_DEMUXER 0
-#define CONFIG_MM_DEMUXER 0
-#define CONFIG_MMF_DEMUXER 0
-#define CONFIG_MOV_DEMUXER 0
-#define CONFIG_MP3_DEMUXER 0
-#define CONFIG_MPC_DEMUXER 0
-#define CONFIG_MPC8_DEMUXER 0
-#define CONFIG_MPEGPS_DEMUXER 0
-#define CONFIG_MPEGTS_DEMUXER 0
-#define CONFIG_MPEGTSRAW_DEMUXER 0
-#define CONFIG_MPEGVIDEO_DEMUXER 0
-#define CONFIG_MPJPEG_DEMUXER 0
-#define CONFIG_MPL2_DEMUXER 0
-#define CONFIG_MPSUB_DEMUXER 0
-#define CONFIG_MSF_DEMUXER 0
-#define CONFIG_MSNWC_TCP_DEMUXER 0
-#define CONFIG_MTAF_DEMUXER 0
-#define CONFIG_MTV_DEMUXER 0
-#define CONFIG_MUSX_DEMUXER 0
-#define CONFIG_MV_DEMUXER 0
-#define CONFIG_MVI_DEMUXER 0
-#define CONFIG_MXF_DEMUXER 0
-#define CONFIG_MXG_DEMUXER 0
-#define CONFIG_NC_DEMUXER 0
-#define CONFIG_NISTSPHERE_DEMUXER 0
-#define CONFIG_NSV_DEMUXER 0
-#define CONFIG_NUT_DEMUXER 0
-#define CONFIG_NUV_DEMUXER 0
-#define CONFIG_OGG_DEMUXER 0
-#define CONFIG_OMA_DEMUXER 0
-#define CONFIG_PAF_DEMUXER 0
-#define CONFIG_PCM_ALAW_DEMUXER 0
-#define CONFIG_PCM_MULAW_DEMUXER 0
-#define CONFIG_PCM_F64BE_DEMUXER 0
-#define CONFIG_PCM_F64LE_DEMUXER 0
-#define CONFIG_PCM_F32BE_DEMUXER 0
-#define CONFIG_PCM_F32LE_DEMUXER 0
-#define CONFIG_PCM_S32BE_DEMUXER 0
-#define CONFIG_PCM_S32LE_DEMUXER 0
-#define CONFIG_PCM_S24BE_DEMUXER 0
-#define CONFIG_PCM_S24LE_DEMUXER 0
-#define CONFIG_PCM_S16BE_DEMUXER 0
-#define CONFIG_PCM_S16LE_DEMUXER 0
-#define CONFIG_PCM_S8_DEMUXER 0
-#define CONFIG_PCM_U32BE_DEMUXER 0
-#define CONFIG_PCM_U32LE_DEMUXER 0
-#define CONFIG_PCM_U24BE_DEMUXER 0
-#define CONFIG_PCM_U24LE_DEMUXER 0
-#define CONFIG_PCM_U16BE_DEMUXER 0
-#define CONFIG_PCM_U16LE_DEMUXER 0
-#define CONFIG_PCM_U8_DEMUXER 0
-#define CONFIG_PJS_DEMUXER 0
-#define CONFIG_PMP_DEMUXER 0
-#define CONFIG_PVA_DEMUXER 0
-#define CONFIG_PVF_DEMUXER 0
-#define CONFIG_QCP_DEMUXER 0
-#define CONFIG_R3D_DEMUXER 0
-#define CONFIG_RAWVIDEO_DEMUXER 0
-#define CONFIG_REALTEXT_DEMUXER 0
-#define CONFIG_REDSPARK_DEMUXER 0
-#define CONFIG_RL2_DEMUXER 0
-#define CONFIG_RM_DEMUXER 0
-#define CONFIG_ROQ_DEMUXER 0
-#define CONFIG_RPL_DEMUXER 0
-#define CONFIG_RSD_DEMUXER 0
-#define CONFIG_RSO_DEMUXER 0
-#define CONFIG_RTP_DEMUXER 0
-#define CONFIG_RTSP_DEMUXER 0
-#define CONFIG_SAMI_DEMUXER 0
-#define CONFIG_SAP_DEMUXER 0
-#define CONFIG_SBG_DEMUXER 0
-#define CONFIG_SDP_DEMUXER 0
-#define CONFIG_SDR2_DEMUXER 0
-#define CONFIG_SEGAFILM_DEMUXER 0
-#define CONFIG_SHORTEN_DEMUXER 0
-#define CONFIG_SIFF_DEMUXER 0
-#define CONFIG_SLN_DEMUXER 0
-#define CONFIG_SMACKER_DEMUXER 0
-#define CONFIG_SMJPEG_DEMUXER 0
-#define CONFIG_SMUSH_DEMUXER 0
-#define CONFIG_SOL_DEMUXER 0
-#define CONFIG_SOX_DEMUXER 0
-#define CONFIG_SPDIF_DEMUXER 0
-#define CONFIG_SRT_DEMUXER 0
-#define CONFIG_STR_DEMUXER 0
-#define CONFIG_STL_DEMUXER 0
-#define CONFIG_SUBVIEWER1_DEMUXER 0
-#define CONFIG_SUBVIEWER_DEMUXER 0
-#define CONFIG_SUP_DEMUXER 0
-#define CONFIG_SVAG_DEMUXER 0
-#define CONFIG_SWF_DEMUXER 0
-#define CONFIG_TAK_DEMUXER 0
-#define CONFIG_TEDCAPTIONS_DEMUXER 0
-#define CONFIG_THP_DEMUXER 0
-#define CONFIG_THREEDOSTR_DEMUXER 0
-#define CONFIG_TIERTEXSEQ_DEMUXER 0
-#define CONFIG_TMV_DEMUXER 0
-#define CONFIG_TRUEHD_DEMUXER 0
-#define CONFIG_TTA_DEMUXER 0
-#define CONFIG_TXD_DEMUXER 0
-#define CONFIG_TTY_DEMUXER 0
-#define CONFIG_V210_DEMUXER 0
-#define CONFIG_V210X_DEMUXER 0
-#define CONFIG_VAG_DEMUXER 0
-#define CONFIG_VC1_DEMUXER 0
-#define CONFIG_VC1T_DEMUXER 0
-#define CONFIG_VIVO_DEMUXER 0
-#define CONFIG_VMD_DEMUXER 0
-#define CONFIG_VOBSUB_DEMUXER 0
-#define CONFIG_VOC_DEMUXER 0
-#define CONFIG_VPK_DEMUXER 0
-#define CONFIG_VPLAYER_DEMUXER 0
-#define CONFIG_VQF_DEMUXER 0
-#define CONFIG_W64_DEMUXER 0
-#define CONFIG_WAV_DEMUXER 0
-#define CONFIG_WC3_DEMUXER 0
-#define CONFIG_WEBM_DASH_MANIFEST_DEMUXER 0
-#define CONFIG_WEBVTT_DEMUXER 0
-#define CONFIG_WSAUD_DEMUXER 0
-#define CONFIG_WSD_DEMUXER 0
-#define CONFIG_WSVQA_DEMUXER 0
-#define CONFIG_WTV_DEMUXER 0
-#define CONFIG_WVE_DEMUXER 0
-#define CONFIG_WV_DEMUXER 0
-#define CONFIG_XA_DEMUXER 0
-#define CONFIG_XBIN_DEMUXER 0
-#define CONFIG_XMV_DEMUXER 0
-#define CONFIG_XVAG_DEMUXER 0
-#define CONFIG_XWMA_DEMUXER 0
-#define CONFIG_YOP_DEMUXER 0
-#define CONFIG_YUV4MPEGPIPE_DEMUXER 0
-#define CONFIG_IMAGE_BMP_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_DDS_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_DPX_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_EXR_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_J2K_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_JPEG_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_JPEGLS_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_PAM_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_PBM_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_PCX_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_PGMYUV_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_PGM_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_PICTOR_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_PNG_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_PPM_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_QDRAW_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_SGI_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_SUNRAST_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_TIFF_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_WEBP_PIPE_DEMUXER 0
-#define CONFIG_LIBGME_DEMUXER 0
-#define CONFIG_LIBMODPLUG_DEMUXER 0
-#define CONFIG_LIBNUT_DEMUXER 0
-#define CONFIG_LIBOPENMPT_DEMUXER 0
-#define CONFIG_A64MULTI_ENCODER 0
-#define CONFIG_A64MULTI5_ENCODER 0
-#define CONFIG_ALIAS_PIX_ENCODER 0
-#define CONFIG_AMV_ENCODER 0
-#define CONFIG_APNG_ENCODER 0
-#define CONFIG_ASV1_ENCODER 0
-#define CONFIG_ASV2_ENCODER 0
-#define CONFIG_AVRP_ENCODER 0
-#define CONFIG_AVUI_ENCODER 0
-#define CONFIG_AYUV_ENCODER 0
-#define CONFIG_BMP_ENCODER 0
-#define CONFIG_CINEPAK_ENCODER 0
-#define CONFIG_CLJR_ENCODER 0
-#define CONFIG_COMFORTNOISE_ENCODER 0
-#define CONFIG_DNXHD_ENCODER 0
-#define CONFIG_DPX_ENCODER 0
-#define CONFIG_DVVIDEO_ENCODER 0
-#define CONFIG_FFV1_ENCODER 0
-#define CONFIG_FFVHUFF_ENCODER 0
-#define CONFIG_FLASHSV_ENCODER 0
-#define CONFIG_FLASHSV2_ENCODER 0
-#define CONFIG_FLV_ENCODER 0
-#define CONFIG_GIF_ENCODER 0
-#define CONFIG_H261_ENCODER 0
-#define CONFIG_H263_ENCODER 0
-#define CONFIG_H263P_ENCODER 0
-#define CONFIG_HAP_ENCODER 0
-#define CONFIG_HUFFYUV_ENCODER 0
-#define CONFIG_JPEG2000_ENCODER 0
-#define CONFIG_JPEGLS_ENCODER 0
-#define CONFIG_LJPEG_ENCODER 0
-#define CONFIG_MJPEG_ENCODER 0
-#define CONFIG_MPEG1VIDEO_ENCODER 0
-#define CONFIG_MPEG2VIDEO_ENCODER 0
-#define CONFIG_MPEG4_ENCODER 0
-#define CONFIG_MSMPEG4V2_ENCODER 0
-#define CONFIG_MSMPEG4V3_ENCODER 0
-#define CONFIG_MSVIDEO1_ENCODER 0
-#define CONFIG_PAM_ENCODER 0
-#define CONFIG_PBM_ENCODER 0
-#define CONFIG_PCX_ENCODER 0
-#define CONFIG_PGM_ENCODER 0
-#define CONFIG_PGMYUV_ENCODER 0
-#define CONFIG_PNG_ENCODER 0
-#define CONFIG_PPM_ENCODER 0
-#define CONFIG_PRORES_ENCODER 0
-#define CONFIG_PRORES_AW_ENCODER 0
-#define CONFIG_PRORES_KS_ENCODER 0
-#define CONFIG_QTRLE_ENCODER 0
-#define CONFIG_R10K_ENCODER 0
-#define CONFIG_R210_ENCODER 0
-#define CONFIG_RAWVIDEO_ENCODER 0
-#define CONFIG_ROQ_ENCODER 0
-#define CONFIG_RV10_ENCODER 0
-#define CONFIG_RV20_ENCODER 0
-#define CONFIG_S302M_ENCODER 0
-#define CONFIG_SGI_ENCODER 0
-#define CONFIG_SNOW_ENCODER 0
-#define CONFIG_SUNRAST_ENCODER 0
-#define CONFIG_SVQ1_ENCODER 0
-#define CONFIG_TARGA_ENCODER 0
-#define CONFIG_TIFF_ENCODER 0
-#define CONFIG_UTVIDEO_ENCODER 0
-#define CONFIG_V210_ENCODER 0
-#define CONFIG_V308_ENCODER 0
-#define CONFIG_V408_ENCODER 0
-#define CONFIG_V410_ENCODER 0
-#define CONFIG_VC2_ENCODER 0
-#define CONFIG_WRAPPED_AVFRAME_ENCODER 0
-#define CONFIG_WMV1_ENCODER 0
-#define CONFIG_WMV2_ENCODER 0
-#define CONFIG_XBM_ENCODER 0
-#define CONFIG_XFACE_ENCODER 0
-#define CONFIG_XWD_ENCODER 0
-#define CONFIG_Y41P_ENCODER 0
-#define CONFIG_YUV4_ENCODER 0
-#define CONFIG_ZLIB_ENCODER 0
-#define CONFIG_ZMBV_ENCODER 0
-#define CONFIG_AAC_ENCODER 0
-#define CONFIG_AC3_ENCODER 0
-#define CONFIG_AC3_FIXED_ENCODER 0
-#define CONFIG_ALAC_ENCODER 0
-#define CONFIG_DCA_ENCODER 0
-#define CONFIG_EAC3_ENCODER 0
-#define CONFIG_FLAC_ENCODER 0
-#define CONFIG_G723_1_ENCODER 0
-#define CONFIG_MLP_ENCODER 0
-#define CONFIG_MP2_ENCODER 0
-#define CONFIG_MP2FIXED_ENCODER 0
-#define CONFIG_NELLYMOSER_ENCODER 0
-#define CONFIG_RA_144_ENCODER 0
-#define CONFIG_SONIC_ENCODER 0
-#define CONFIG_SONIC_LS_ENCODER 0
-#define CONFIG_TRUEHD_ENCODER 0
-#define CONFIG_TTA_ENCODER 0
-#define CONFIG_VORBIS_ENCODER 0
-#define CONFIG_WAVPACK_ENCODER 0
-#define CONFIG_WMAV1_ENCODER 0
-#define CONFIG_WMAV2_ENCODER 0
-#define CONFIG_PCM_ALAW_ENCODER 0
-#define CONFIG_PCM_F32BE_ENCODER 0
-#define CONFIG_PCM_F32LE_ENCODER 0
-#define CONFIG_PCM_F64BE_ENCODER 0
-#define CONFIG_PCM_F64LE_ENCODER 0
-#define CONFIG_PCM_MULAW_ENCODER 0
-#define CONFIG_PCM_S8_ENCODER 0
-#define CONFIG_PCM_S8_PLANAR_ENCODER 0
-#define CONFIG_PCM_S16BE_ENCODER 0
-#define CONFIG_PCM_S16BE_PLANAR_ENCODER 0
-#define CONFIG_PCM_S16LE_ENCODER 0
-#define CONFIG_PCM_S16LE_PLANAR_ENCODER 0
-#define CONFIG_PCM_S24BE_ENCODER 0
-#define CONFIG_PCM_S24DAUD_ENCODER 0
-#define CONFIG_PCM_S24LE_ENCODER 0
-#define CONFIG_PCM_S24LE_PLANAR_ENCODER 0
-#define CONFIG_PCM_S32BE_ENCODER 0
-#define CONFIG_PCM_S32LE_ENCODER 0
-#define CONFIG_PCM_S32LE_PLANAR_ENCODER 0
-#define CONFIG_PCM_S64BE_ENCODER 0
-#define CONFIG_PCM_S64LE_ENCODER 0
-#define CONFIG_PCM_U8_ENCODER 0
-#define CONFIG_PCM_U16BE_ENCODER 0
-#define CONFIG_PCM_U16LE_ENCODER 0
-#define CONFIG_PCM_U24BE_ENCODER 0
-#define CONFIG_PCM_U24LE_ENCODER 0
-#define CONFIG_PCM_U32BE_ENCODER 0
-#define CONFIG_PCM_U32LE_ENCODER 0
-#define CONFIG_ROQ_DPCM_ENCODER 0
-#define CONFIG_ADPCM_ADX_ENCODER 0
-#define CONFIG_ADPCM_G722_ENCODER 0
-#define CONFIG_ADPCM_G726_ENCODER 0
-#define CONFIG_ADPCM_IMA_QT_ENCODER 0
-#define CONFIG_ADPCM_IMA_WAV_ENCODER 0
-#define CONFIG_ADPCM_MS_ENCODER 0
-#define CONFIG_ADPCM_SWF_ENCODER 0
-#define CONFIG_ADPCM_YAMAHA_ENCODER 0
-#define CONFIG_SSA_ENCODER 0
-#define CONFIG_ASS_ENCODER 0
-#define CONFIG_DVBSUB_ENCODER 0
-#define CONFIG_DVDSUB_ENCODER 0
-#define CONFIG_MOVTEXT_ENCODER 0
-#define CONFIG_SRT_ENCODER 0
-#define CONFIG_SUBRIP_ENCODER 0
-#define CONFIG_TEXT_ENCODER 0
-#define CONFIG_WEBVTT_ENCODER 0
-#define CONFIG_XSUB_ENCODER 0
-#define CONFIG_AAC_AT_ENCODER 0
-#define CONFIG_ALAC_AT_ENCODER 0
-#define CONFIG_ILBC_AT_ENCODER 0
-#define CONFIG_PCM_ALAW_AT_ENCODER 0
-#define CONFIG_PCM_MULAW_AT_ENCODER 0
-#define CONFIG_LIBFDK_AAC_ENCODER 0
-#define CONFIG_LIBGSM_ENCODER 0
-#define CONFIG_LIBGSM_MS_ENCODER 0
-#define CONFIG_LIBILBC_ENCODER 0
-#define CONFIG_LIBMP3LAME_ENCODER 0
-#define CONFIG_LIBOPENCORE_AMRNB_ENCODER 0
-#define CONFIG_LIBOPENJPEG_ENCODER 0
-#define CONFIG_LIBOPUS_ENCODER 0
-#define CONFIG_LIBSCHROEDINGER_ENCODER 0
-#define CONFIG_LIBSHINE_ENCODER 0
-#define CONFIG_LIBSPEEX_ENCODER 0
-#define CONFIG_LIBTHEORA_ENCODER 0
-#define CONFIG_LIBTWOLAME_ENCODER 0
-#define CONFIG_LIBVO_AMRWBENC_ENCODER 0
-#define CONFIG_LIBVORBIS_ENCODER 0
-#define CONFIG_LIBVPX_VP8_ENCODER 0
-#define CONFIG_LIBVPX_VP9_ENCODER 0
-#define CONFIG_LIBWAVPACK_ENCODER 0
-#define CONFIG_LIBWEBP_ANIM_ENCODER 0
-#define CONFIG_LIBWEBP_ENCODER 0
-#define CONFIG_LIBX262_ENCODER 0
-#define CONFIG_LIBX264_ENCODER 0
-#define CONFIG_LIBX264RGB_ENCODER 0
-#define CONFIG_LIBX265_ENCODER 0
-#define CONFIG_LIBXAVS_ENCODER 0
-#define CONFIG_LIBXVID_ENCODER 0
-#define CONFIG_LIBOPENH264_ENCODER 0
-#define CONFIG_H264_NVENC_ENCODER 0
-#define CONFIG_H264_OMX_ENCODER 0
-#define CONFIG_H264_QSV_ENCODER 0
-#define CONFIG_H264_VAAPI_ENCODER 0
-#define CONFIG_H264_VIDEOTOOLBOX_ENCODER 0
-#define CONFIG_NVENC_ENCODER 0
-#define CONFIG_NVENC_H264_ENCODER 0
-#define CONFIG_NVENC_HEVC_ENCODER 0
-#define CONFIG_HEVC_NVENC_ENCODER 0
-#define CONFIG_HEVC_QSV_ENCODER 0
-#define CONFIG_HEVC_VAAPI_ENCODER 0
-#define CONFIG_LIBKVAZAAR_ENCODER 0
-#define CONFIG_MJPEG_VAAPI_ENCODER 0
-#define CONFIG_MPEG2_QSV_ENCODER 0
-#define CONFIG_ABENCH_FILTER 0
-#define CONFIG_ACOMPRESSOR_FILTER 0
-#define CONFIG_ACROSSFADE_FILTER 0
-#define CONFIG_ACRUSHER_FILTER 0
-#define CONFIG_ADELAY_FILTER 0
-#define CONFIG_AECHO_FILTER 0
-#define CONFIG_AEMPHASIS_FILTER 0
-#define CONFIG_AEVAL_FILTER 0
-#define CONFIG_AFADE_FILTER 0
-#define CONFIG_AFFTFILT_FILTER 0
-#define CONFIG_AFORMAT_FILTER 0
-#define CONFIG_AGATE_FILTER 0
-#define CONFIG_AINTERLEAVE_FILTER 0
-#define CONFIG_ALIMITER_FILTER 0
-#define CONFIG_ALLPASS_FILTER 0
-#define CONFIG_ALOOP_FILTER 0
-#define CONFIG_AMERGE_FILTER 0
-#define CONFIG_AMETADATA_FILTER 0
-#define CONFIG_AMIX_FILTER 0
-#define CONFIG_ANEQUALIZER_FILTER 0
-#define CONFIG_ANULL_FILTER 0
-#define CONFIG_APAD_FILTER 0
-#define CONFIG_APERMS_FILTER 0
-#define CONFIG_APHASER_FILTER 0
-#define CONFIG_APULSATOR_FILTER 0
-#define CONFIG_AREALTIME_FILTER 0
-#define CONFIG_ARESAMPLE_FILTER 0
-#define CONFIG_AREVERSE_FILTER 0
-#define CONFIG_ASELECT_FILTER 0
-#define CONFIG_ASENDCMD_FILTER 0
-#define CONFIG_ASETNSAMPLES_FILTER 0
-#define CONFIG_ASETPTS_FILTER 0
-#define CONFIG_ASETRATE_FILTER 0
-#define CONFIG_ASETTB_FILTER 0
-#define CONFIG_ASHOWINFO_FILTER 0
-#define CONFIG_ASIDEDATA_FILTER 0
-#define CONFIG_ASPLIT_FILTER 0
-#define CONFIG_ASTATS_FILTER 0
-#define CONFIG_ASTREAMSELECT_FILTER 0
-#define CONFIG_ASYNCTS_FILTER 0
-#define CONFIG_ATEMPO_FILTER 0
-#define CONFIG_ATRIM_FILTER 0
-#define CONFIG_AZMQ_FILTER 0
-#define CONFIG_BANDPASS_FILTER 0
-#define CONFIG_BANDREJECT_FILTER 0
-#define CONFIG_BASS_FILTER 0
-#define CONFIG_BIQUAD_FILTER 0
-#define CONFIG_BS2B_FILTER 0
-#define CONFIG_CHANNELMAP_FILTER 0
-#define CONFIG_CHANNELSPLIT_FILTER 0
-#define CONFIG_CHORUS_FILTER 0
-#define CONFIG_COMPAND_FILTER 0
-#define CONFIG_COMPENSATIONDELAY_FILTER 0
-#define CONFIG_CRYSTALIZER_FILTER 0
-#define CONFIG_DCSHIFT_FILTER 0
-#define CONFIG_DYNAUDNORM_FILTER 0
-#define CONFIG_EARWAX_FILTER 0
-#define CONFIG_EBUR128_FILTER 0
-#define CONFIG_EQUALIZER_FILTER 0
-#define CONFIG_EXTRASTEREO_FILTER 0
-#define CONFIG_FIREQUALIZER_FILTER 0
-#define CONFIG_FLANGER_FILTER 0
-#define CONFIG_HDCD_FILTER 0
-#define CONFIG_HIGHPASS_FILTER 0
-#define CONFIG_JOIN_FILTER 0
-#define CONFIG_LADSPA_FILTER 0
-#define CONFIG_LOUDNORM_FILTER 0
-#define CONFIG_LOWPASS_FILTER 0
-#define CONFIG_PAN_FILTER 0
-#define CONFIG_REPLAYGAIN_FILTER 0
-#define CONFIG_RESAMPLE_FILTER 0
-#define CONFIG_RUBBERBAND_FILTER 0
-#define CONFIG_SIDECHAINCOMPRESS_FILTER 0
-#define CONFIG_SIDECHAINGATE_FILTER 0
-#define CONFIG_SILENCEDETECT_FILTER 0
-#define CONFIG_SILENCEREMOVE_FILTER 0
-#define CONFIG_SOFALIZER_FILTER 0
-#define CONFIG_STEREOTOOLS_FILTER 0
-#define CONFIG_STEREOWIDEN_FILTER 0
-#define CONFIG_TREBLE_FILTER 0
-#define CONFIG_TREMOLO_FILTER 0
-#define CONFIG_VIBRATO_FILTER 0
-#define CONFIG_VOLUME_FILTER 0
-#define CONFIG_VOLUMEDETECT_FILTER 0
-#define CONFIG_AEVALSRC_FILTER 0
-#define CONFIG_ANOISESRC_FILTER 0
-#define CONFIG_ANULLSRC_FILTER 0
-#define CONFIG_FLITE_FILTER 0
-#define CONFIG_SINE_FILTER 0
-#define CONFIG_ANULLSINK_FILTER 0
-#define CONFIG_ALPHAEXTRACT_FILTER 0
-#define CONFIG_ALPHAMERGE_FILTER 0
-#define CONFIG_ASS_FILTER 0
-#define CONFIG_ATADENOISE_FILTER 0
-#define CONFIG_AVGBLUR_FILTER 0
-#define CONFIG_BBOX_FILTER 0
-#define CONFIG_BENCH_FILTER 0
-#define CONFIG_BITPLANENOISE_FILTER 0
-#define CONFIG_BLACKDETECT_FILTER 0
-#define CONFIG_BLACKFRAME_FILTER 0
-#define CONFIG_BLEND_FILTER 0
-#define CONFIG_BOXBLUR_FILTER 0
-#define CONFIG_BWDIF_FILTER 0
-#define CONFIG_CHROMAKEY_FILTER 0
-#define CONFIG_CIESCOPE_FILTER 0
-#define CONFIG_CODECVIEW_FILTER 0
-#define CONFIG_COLORBALANCE_FILTER 0
-#define CONFIG_COLORCHANNELMIXER_FILTER 0
-#define CONFIG_COLORKEY_FILTER 0
-#define CONFIG_COLORLEVELS_FILTER 0
-#define CONFIG_COLORMATRIX_FILTER 0
-#define CONFIG_COLORSPACE_FILTER 0
-#define CONFIG_CONVOLUTION_FILTER 0
-#define CONFIG_COPY_FILTER 0
-#define CONFIG_COREIMAGE_FILTER 0
-#define CONFIG_COVER_RECT_FILTER 0
-#define CONFIG_CROP_FILTER 0
-#define CONFIG_CROPDETECT_FILTER 0
-#define CONFIG_CURVES_FILTER 0
-#define CONFIG_DATASCOPE_FILTER 0
-#define CONFIG_DCTDNOIZ_FILTER 0
-#define CONFIG_DEBAND_FILTER 0
-#define CONFIG_DECIMATE_FILTER 0
-#define CONFIG_DEFLATE_FILTER 0
-#define CONFIG_DEJUDDER_FILTER 0
-#define CONFIG_DELOGO_FILTER 0
-#define CONFIG_DESHAKE_FILTER 0
-#define CONFIG_DETELECINE_FILTER 0
-#define CONFIG_DILATION_FILTER 0
-#define CONFIG_DISPLACE_FILTER 0
-#define CONFIG_DRAWBOX_FILTER 0
-#define CONFIG_DRAWGRAPH_FILTER 0
-#define CONFIG_DRAWGRID_FILTER 0
-#define CONFIG_DRAWTEXT_FILTER 0
-#define CONFIG_EDGEDETECT_FILTER 0
-#define CONFIG_ELBG_FILTER 0
-#define CONFIG_EQ_FILTER 0
-#define CONFIG_EROSION_FILTER 0
-#define CONFIG_EXTRACTPLANES_FILTER 0
-#define CONFIG_FADE_FILTER 0
-#define CONFIG_FFTFILT_FILTER 0
-#define CONFIG_FIELD_FILTER 0
-#define CONFIG_FIELDHINT_FILTER 0
-#define CONFIG_FIELDMATCH_FILTER 0
-#define CONFIG_FIELDORDER_FILTER 0
-#define CONFIG_FIND_RECT_FILTER 0
-#define CONFIG_FORMAT_FILTER 0
-#define CONFIG_FPS_FILTER 0
-#define CONFIG_FRAMEPACK_FILTER 0
-#define CONFIG_FRAMERATE_FILTER 0
-#define CONFIG_FRAMESTEP_FILTER 0
-#define CONFIG_FREI0R_FILTER 0
-#define CONFIG_FSPP_FILTER 0
-#define CONFIG_GBLUR_FILTER 0
-#define CONFIG_GEQ_FILTER 0
-#define CONFIG_GRADFUN_FILTER 0
-#define CONFIG_HALDCLUT_FILTER 0
-#define CONFIG_HFLIP_FILTER 0
-#define CONFIG_HISTEQ_FILTER 0
-#define CONFIG_HISTOGRAM_FILTER 0
-#define CONFIG_HQDN3D_FILTER 0
-#define CONFIG_HQX_FILTER 0
-#define CONFIG_HSTACK_FILTER 0
-#define CONFIG_HUE_FILTER 0
-#define CONFIG_HWDOWNLOAD_FILTER 0
-#define CONFIG_HWUPLOAD_FILTER 0
-#define CONFIG_HWUPLOAD_CUDA_FILTER 0
-#define CONFIG_HYSTERESIS_FILTER 0
-#define CONFIG_IDET_FILTER 0
-#define CONFIG_IL_FILTER 0
-#define CONFIG_INFLATE_FILTER 0
-#define CONFIG_INTERLACE_FILTER 0
-#define CONFIG_INTERLEAVE_FILTER 0
-#define CONFIG_KERNDEINT_FILTER 0
-#define CONFIG_LENSCORRECTION_FILTER 0
-#define CONFIG_LOOP_FILTER 0
-#define CONFIG_LUT_FILTER 0
-#define CONFIG_LUT2_FILTER 0
-#define CONFIG_LUT3D_FILTER 0
-#define CONFIG_LUTRGB_FILTER 0
-#define CONFIG_LUTYUV_FILTER 0
-#define CONFIG_MASKEDCLAMP_FILTER 0
-#define CONFIG_MASKEDMERGE_FILTER 0
-#define CONFIG_MCDEINT_FILTER 0
-#define CONFIG_MERGEPLANES_FILTER 0
-#define CONFIG_MESTIMATE_FILTER 0
-#define CONFIG_METADATA_FILTER 0
-#define CONFIG_MINTERPOLATE_FILTER 0
-#define CONFIG_MPDECIMATE_FILTER 0
-#define CONFIG_NEGATE_FILTER 0
-#define CONFIG_NLMEANS_FILTER 0
-#define CONFIG_NNEDI_FILTER 0
-#define CONFIG_NOFORMAT_FILTER 0
-#define CONFIG_NOISE_FILTER 0
-#define CONFIG_NULL_FILTER 0
-#define CONFIG_OCR_FILTER 0
-#define CONFIG_OCV_FILTER 0
-#define CONFIG_OVERLAY_FILTER 0
-#define CONFIG_OWDENOISE_FILTER 0
-#define CONFIG_PAD_FILTER 0
-#define CONFIG_PALETTEGEN_FILTER 0
-#define CONFIG_PALETTEUSE_FILTER 0
-#define CONFIG_PERMS_FILTER 0
-#define CONFIG_PERSPECTIVE_FILTER 0
-#define CONFIG_PHASE_FILTER 0
-#define CONFIG_PIXDESCTEST_FILTER 0
-#define CONFIG_PP_FILTER 0
-#define CONFIG_PP7_FILTER 0
-#define CONFIG_PREWITT_FILTER 0
-#define CONFIG_PSNR_FILTER 0
-#define CONFIG_PULLUP_FILTER 0
-#define CONFIG_QP_FILTER 0
-#define CONFIG_RANDOM_FILTER 0
-#define CONFIG_READVITC_FILTER 0
-#define CONFIG_REALTIME_FILTER 0
-#define CONFIG_REMAP_FILTER 0
-#define CONFIG_REMOVEGRAIN_FILTER 0
-#define CONFIG_REMOVELOGO_FILTER 0
-#define CONFIG_REPEATFIELDS_FILTER 0
-#define CONFIG_REVERSE_FILTER 0
-#define CONFIG_ROTATE_FILTER 0
-#define CONFIG_SAB_FILTER 0
-#define CONFIG_SCALE_FILTER 0
-#define CONFIG_SCALE_NPP_FILTER 0
-#define CONFIG_SCALE_VAAPI_FILTER 0
-#define CONFIG_SCALE2REF_FILTER 0
-#define CONFIG_SELECT_FILTER 0
-#define CONFIG_SELECTIVECOLOR_FILTER 0
-#define CONFIG_SENDCMD_FILTER 0
-#define CONFIG_SEPARATEFIELDS_FILTER 0
-#define CONFIG_SETDAR_FILTER 0
-#define CONFIG_SETFIELD_FILTER 0
-#define CONFIG_SETPTS_FILTER 0
-#define CONFIG_SETSAR_FILTER 0
-#define CONFIG_SETTB_FILTER 0
-#define CONFIG_SHOWINFO_FILTER 0
-#define CONFIG_SHOWPALETTE_FILTER 0
-#define CONFIG_SHUFFLEFRAMES_FILTER 0
-#define CONFIG_SHUFFLEPLANES_FILTER 0
-#define CONFIG_SIDEDATA_FILTER 0
-#define CONFIG_SIGNALSTATS_FILTER 0
-#define CONFIG_SMARTBLUR_FILTER 0
-#define CONFIG_SOBEL_FILTER 0
-#define CONFIG_SPLIT_FILTER 0
-#define CONFIG_SPP_FILTER 0
-#define CONFIG_SSIM_FILTER 0
-#define CONFIG_STEREO3D_FILTER 0
-#define CONFIG_STREAMSELECT_FILTER 0
-#define CONFIG_SUBTITLES_FILTER 0
-#define CONFIG_SUPER2XSAI_FILTER 0
-#define CONFIG_SWAPRECT_FILTER 0
-#define CONFIG_SWAPUV_FILTER 0
-#define CONFIG_TBLEND_FILTER 0
-#define CONFIG_TELECINE_FILTER 0
-#define CONFIG_THUMBNAIL_FILTER 0
-#define CONFIG_TILE_FILTER 0
-#define CONFIG_TINTERLACE_FILTER 0
-#define CONFIG_TRANSPOSE_FILTER 0
-#define CONFIG_TRIM_FILTER 0
-#define CONFIG_UNSHARP_FILTER 0
-#define CONFIG_USPP_FILTER 0
-#define CONFIG_VAGUEDENOISER_FILTER 0
-#define CONFIG_VECTORSCOPE_FILTER 0
-#define CONFIG_VFLIP_FILTER 0
-#define CONFIG_VIDSTABDETECT_FILTER 0
-#define CONFIG_VIDSTABTRANSFORM_FILTER 0
-#define CONFIG_VIGNETTE_FILTER 0
-#define CONFIG_VSTACK_FILTER 0
-#define CONFIG_W3FDIF_FILTER 0
-#define CONFIG_WAVEFORM_FILTER 0
-#define CONFIG_WEAVE_FILTER 0
-#define CONFIG_XBR_FILTER 0
-#define CONFIG_YADIF_FILTER 0
-#define CONFIG_ZMQ_FILTER 0
-#define CONFIG_ZOOMPAN_FILTER 0
-#define CONFIG_ZSCALE_FILTER 0
-#define CONFIG_ALLRGB_FILTER 0
-#define CONFIG_ALLYUV_FILTER 0
-#define CONFIG_CELLAUTO_FILTER 0
-#define CONFIG_COLOR_FILTER 0
-#define CONFIG_COREIMAGESRC_FILTER 0
-#define CONFIG_FREI0R_SRC_FILTER 0
-#define CONFIG_HALDCLUTSRC_FILTER 0
-#define CONFIG_LIFE_FILTER 0
-#define CONFIG_MANDELBROT_FILTER 0
-#define CONFIG_MPTESTSRC_FILTER 0
-#define CONFIG_NULLSRC_FILTER 0
-#define CONFIG_RGBTESTSRC_FILTER 0
-#define CONFIG_SMPTEBARS_FILTER 0
-#define CONFIG_SMPTEHDBARS_FILTER 0
-#define CONFIG_TESTSRC_FILTER 0
-#define CONFIG_TESTSRC2_FILTER 0
-#define CONFIG_YUVTESTSRC_FILTER 0
-#define CONFIG_NULLSINK_FILTER 0
-#define CONFIG_ADRAWGRAPH_FILTER 0
-#define CONFIG_AHISTOGRAM_FILTER 0
-#define CONFIG_APHASEMETER_FILTER 0
-#define CONFIG_AVECTORSCOPE_FILTER 0
-#define CONFIG_CONCAT_FILTER 0
-#define CONFIG_SHOWCQT_FILTER 0
-#define CONFIG_SHOWFREQS_FILTER 0
-#define CONFIG_SHOWSPECTRUM_FILTER 0
-#define CONFIG_SHOWSPECTRUMPIC_FILTER 0
-#define CONFIG_SHOWVOLUME_FILTER 0
-#define CONFIG_SHOWWAVES_FILTER 0
-#define CONFIG_SHOWWAVESPIC_FILTER 0
-#define CONFIG_SPECTRUMSYNTH_FILTER 0
-#define CONFIG_AMOVIE_FILTER 0
-#define CONFIG_MOVIE_FILTER 0
-#define CONFIG_H263_CUVID_HWACCEL 0
-#define CONFIG_H263_VAAPI_HWACCEL 0
-#define CONFIG_H263_VIDEOTOOLBOX_HWACCEL 0
-#define CONFIG_H264_CUVID_HWACCEL 0
-#define CONFIG_H264_D3D11VA_HWACCEL 0
-#define CONFIG_H264_DXVA2_HWACCEL 0
-#define CONFIG_H264_MEDIACODEC_HWACCEL 0
-#define CONFIG_H264_MMAL_HWACCEL 0
-#define CONFIG_H264_QSV_HWACCEL 0
-#define CONFIG_H264_VAAPI_HWACCEL 0
-#define CONFIG_H264_VDA_HWACCEL 0
-#define CONFIG_H264_VDA_OLD_HWACCEL 0
-#define CONFIG_H264_VDPAU_HWACCEL 0
-#define CONFIG_H264_VIDEOTOOLBOX_HWACCEL 0
-#define CONFIG_HEVC_CUVID_HWACCEL 0
-#define CONFIG_HEVC_D3D11VA_HWACCEL 0
-#define CONFIG_HEVC_DXVA2_HWACCEL 0
-#define CONFIG_HEVC_MEDIACODEC_HWACCEL 0
-#define CONFIG_HEVC_QSV_HWACCEL 0
-#define CONFIG_HEVC_VAAPI_HWACCEL 0
-#define CONFIG_HEVC_VDPAU_HWACCEL 0
-#define CONFIG_MJPEG_CUVID_HWACCEL 0
-#define CONFIG_MPEG1_CUVID_HWACCEL 0
-#define CONFIG_MPEG1_XVMC_HWACCEL 0
-#define CONFIG_MPEG1_VDPAU_HWACCEL 0
-#define CONFIG_MPEG1_VIDEOTOOLBOX_HWACCEL 0
-#define CONFIG_MPEG2_CUVID_HWACCEL 0
-#define CONFIG_MPEG2_XVMC_HWACCEL 0
-#define CONFIG_MPEG2_D3D11VA_HWACCEL 0
-#define CONFIG_MPEG2_DXVA2_HWACCEL 0
-#define CONFIG_MPEG2_MMAL_HWACCEL 0
-#define CONFIG_MPEG2_QSV_HWACCEL 0
-#define CONFIG_MPEG2_VAAPI_HWACCEL 0
-#define CONFIG_MPEG2_VDPAU_HWACCEL 0
-#define CONFIG_MPEG2_VIDEOTOOLBOX_HWACCEL 0
-#define CONFIG_MPEG4_CUVID_HWACCEL 0
-#define CONFIG_MPEG4_MEDIACODEC_HWACCEL 0
-#define CONFIG_MPEG4_MMAL_HWACCEL 0
-#define CONFIG_MPEG4_VAAPI_HWACCEL 0
-#define CONFIG_MPEG4_VDPAU_HWACCEL 0
-#define CONFIG_MPEG4_VIDEOTOOLBOX_HWACCEL 0
-#define CONFIG_VC1_CUVID_HWACCEL 0
-#define CONFIG_VC1_D3D11VA_HWACCEL 0
-#define CONFIG_VC1_DXVA2_HWACCEL 0
-#define CONFIG_VC1_VAAPI_HWACCEL 0
-#define CONFIG_VC1_VDPAU_HWACCEL 0
-#define CONFIG_VC1_MMAL_HWACCEL 0
-#define CONFIG_VC1_QSV_HWACCEL 0
-#define CONFIG_VP8_CUVID_HWACCEL 0
-#define CONFIG_VP8_MEDIACODEC_HWACCEL 0
-#define CONFIG_VP9_CUVID_HWACCEL 0
-#define CONFIG_VP9_D3D11VA_HWACCEL 0
-#define CONFIG_VP9_DXVA2_HWACCEL 0
-#define CONFIG_VP9_MEDIACODEC_HWACCEL 0
-#define CONFIG_VP9_VAAPI_HWACCEL 0
-#define CONFIG_WMV3_D3D11VA_HWACCEL 0
-#define CONFIG_WMV3_DXVA2_HWACCEL 0
-#define CONFIG_WMV3_VAAPI_HWACCEL 0
-#define CONFIG_WMV3_VDPAU_HWACCEL 0
-#define CONFIG_ALSA_INDEV 0
-#define CONFIG_AVFOUNDATION_INDEV 0
-#define CONFIG_BKTR_INDEV 0
-#define CONFIG_DECKLINK_INDEV 0
-#define CONFIG_DSHOW_INDEV 0
-#define CONFIG_DV1394_INDEV 0
-#define CONFIG_FBDEV_INDEV 0
-#define CONFIG_GDIGRAB_INDEV 0
-#define CONFIG_IEC61883_INDEV 0
-#define CONFIG_JACK_INDEV 0
-#define CONFIG_LAVFI_INDEV 0
-#define CONFIG_OPENAL_INDEV 0
-#define CONFIG_OSS_INDEV 0
-#define CONFIG_PULSE_INDEV 0
-#define CONFIG_QTKIT_INDEV 0
-#define CONFIG_SNDIO_INDEV 0
-#define CONFIG_V4L2_INDEV 0
-#define CONFIG_VFWCAP_INDEV 0
-#define CONFIG_X11GRAB_INDEV 0
-#define CONFIG_X11GRAB_XCB_INDEV 0
-#define CONFIG_LIBCDIO_INDEV 0
-#define CONFIG_LIBDC1394_INDEV 0
-#define CONFIG_A64_MUXER 0
-#define CONFIG_AC3_MUXER 0
-#define CONFIG_ADTS_MUXER 0
-#define CONFIG_ADX_MUXER 0
-#define CONFIG_AIFF_MUXER 0
-#define CONFIG_AMR_MUXER 0
-#define CONFIG_APNG_MUXER 0
-#define CONFIG_ASF_MUXER 0
-#define CONFIG_ASS_MUXER 0
-#define CONFIG_AST_MUXER 0
-#define CONFIG_ASF_STREAM_MUXER 0
-#define CONFIG_AU_MUXER 0
-#define CONFIG_AVI_MUXER 0
-#define CONFIG_AVM2_MUXER 0
-#define CONFIG_BIT_MUXER 0
-#define CONFIG_CAF_MUXER 0
-#define CONFIG_CAVSVIDEO_MUXER 0
-#define CONFIG_CRC_MUXER 0
-#define CONFIG_DASH_MUXER 0
-#define CONFIG_DATA_MUXER 0
-#define CONFIG_DAUD_MUXER 0
-#define CONFIG_DIRAC_MUXER 0
-#define CONFIG_DNXHD_MUXER 0
-#define CONFIG_DTS_MUXER 0
-#define CONFIG_DV_MUXER 0
-#define CONFIG_EAC3_MUXER 0
-#define CONFIG_F4V_MUXER 0
-#define CONFIG_FFM_MUXER 0
-#define CONFIG_FFMETADATA_MUXER 0
-#define CONFIG_FIFO_MUXER 0
-#define CONFIG_FILMSTRIP_MUXER 0
-#define CONFIG_FLAC_MUXER 0
-#define CONFIG_FLV_MUXER 0
-#define CONFIG_FRAMECRC_MUXER 0
-#define CONFIG_FRAMEHASH_MUXER 0
-#define CONFIG_FRAMEMD5_MUXER 0
-#define CONFIG_G722_MUXER 0
-#define CONFIG_G723_1_MUXER 0
-#define CONFIG_GIF_MUXER 0
-#define CONFIG_GSM_MUXER 0
-#define CONFIG_GXF_MUXER 0
-#define CONFIG_H261_MUXER 0
-#define CONFIG_H263_MUXER 0
-#define CONFIG_H264_MUXER 0
-#define CONFIG_HASH_MUXER 0
-#define CONFIG_HDS_MUXER 0
-#define CONFIG_HEVC_MUXER 0
-#define CONFIG_HLS_MUXER 0
-#define CONFIG_ICO_MUXER 0
-#define CONFIG_ILBC_MUXER 0
-#define CONFIG_IMAGE2_MUXER 0
-#define CONFIG_IMAGE2PIPE_MUXER 0
-#define CONFIG_IPOD_MUXER 0
-#define CONFIG_IRCAM_MUXER 0
-#define CONFIG_ISMV_MUXER 0
-#define CONFIG_IVF_MUXER 0
-#define CONFIG_JACOSUB_MUXER 0
-#define CONFIG_LATM_MUXER 0
-#define CONFIG_LRC_MUXER 0
-#define CONFIG_M4V_MUXER 0
-#define CONFIG_MD5_MUXER 0
-#define CONFIG_MATROSKA_MUXER 0
-#define CONFIG_MATROSKA_AUDIO_MUXER 0
-#define CONFIG_MICRODVD_MUXER 0
-#define CONFIG_MJPEG_MUXER 0
-#define CONFIG_MLP_MUXER 0
-#define CONFIG_MMF_MUXER 0
-#define CONFIG_MOV_MUXER 0
-#define CONFIG_MP2_MUXER 0
-#define CONFIG_MP3_MUXER 0
-#define CONFIG_MP4_MUXER 0
-#define CONFIG_MPEG1SYSTEM_MUXER 0
-#define CONFIG_MPEG1VCD_MUXER 0
-#define CONFIG_MPEG1VIDEO_MUXER 0
-#define CONFIG_MPEG2DVD_MUXER 0
-#define CONFIG_MPEG2SVCD_MUXER 0
-#define CONFIG_MPEG2VIDEO_MUXER 0
-#define CONFIG_MPEG2VOB_MUXER 0
-#define CONFIG_MPEGTS_MUXER 0
-#define CONFIG_MPJPEG_MUXER 0
-#define CONFIG_MXF_MUXER 0
-#define CONFIG_MXF_D10_MUXER 0
-#define CONFIG_MXF_OPATOM_MUXER 0
-#define CONFIG_NULL_MUXER 0
-#define CONFIG_NUT_MUXER 0
-#define CONFIG_OGA_MUXER 0
-#define CONFIG_OGG_MUXER 0
-#define CONFIG_OGV_MUXER 0
-#define CONFIG_OMA_MUXER 0
-#define CONFIG_OPUS_MUXER 0
-#define CONFIG_PCM_ALAW_MUXER 0
-#define CONFIG_PCM_MULAW_MUXER 0
-#define CONFIG_PCM_F64BE_MUXER 0
-#define CONFIG_PCM_F64LE_MUXER 0
-#define CONFIG_PCM_F32BE_MUXER 0
-#define CONFIG_PCM_F32LE_MUXER 0
-#define CONFIG_PCM_S32BE_MUXER 0
-#define CONFIG_PCM_S32LE_MUXER 0
-#define CONFIG_PCM_S24BE_MUXER 0
-#define CONFIG_PCM_S24LE_MUXER 0
-#define CONFIG_PCM_S16BE_MUXER 0
-#define CONFIG_PCM_S16LE_MUXER 0
-#define CONFIG_PCM_S8_MUXER 0
-#define CONFIG_PCM_U32BE_MUXER 0
-#define CONFIG_PCM_U32LE_MUXER 0
-#define CONFIG_PCM_U24BE_MUXER 0
-#define CONFIG_PCM_U24LE_MUXER 0
-#define CONFIG_PCM_U16BE_MUXER 0
-#define CONFIG_PCM_U16LE_MUXER 0
-#define CONFIG_PCM_U8_MUXER 0
-#define CONFIG_PSP_MUXER 0
-#define CONFIG_RAWVIDEO_MUXER 0
-#define CONFIG_RM_MUXER 0
-#define CONFIG_ROQ_MUXER 0
-#define CONFIG_RSO_MUXER 0
-#define CONFIG_RTP_MUXER 0
-#define CONFIG_RTP_MPEGTS_MUXER 0
-#define CONFIG_RTSP_MUXER 0
-#define CONFIG_SAP_MUXER 0
-#define CONFIG_SEGMENT_MUXER 0
-#define CONFIG_STREAM_SEGMENT_MUXER 0
-#define CONFIG_SINGLEJPEG_MUXER 0
-#define CONFIG_SMJPEG_MUXER 0
-#define CONFIG_SMOOTHSTREAMING_MUXER 0
-#define CONFIG_SOX_MUXER 0
-#define CONFIG_SPX_MUXER 0
-#define CONFIG_SPDIF_MUXER 0
-#define CONFIG_SRT_MUXER 0
-#define CONFIG_SWF_MUXER 0
-#define CONFIG_TEE_MUXER 0
-#define CONFIG_TG2_MUXER 0
-#define CONFIG_TGP_MUXER 0
-#define CONFIG_MKVTIMESTAMP_V2_MUXER 0
-#define CONFIG_TRUEHD_MUXER 0
-#define CONFIG_TTA_MUXER 0
-#define CONFIG_UNCODEDFRAMECRC_MUXER 0
-#define CONFIG_VC1_MUXER 0
-#define CONFIG_VC1T_MUXER 0
-#define CONFIG_VOC_MUXER 0
-#define CONFIG_W64_MUXER 0
-#define CONFIG_WAV_MUXER 0
-#define CONFIG_WEBM_MUXER 0
-#define CONFIG_WEBM_DASH_MANIFEST_MUXER 0
-#define CONFIG_WEBM_CHUNK_MUXER 0
-#define CONFIG_WEBP_MUXER 0
-#define CONFIG_WEBVTT_MUXER 0
-#define CONFIG_WTV_MUXER 0
-#define CONFIG_WV_MUXER 0
-#define CONFIG_YUV4MPEGPIPE_MUXER 0
-#define CONFIG_CHROMAPRINT_MUXER 0
-#define CONFIG_LIBNUT_MUXER 0
-#define CONFIG_ALSA_OUTDEV 0
-#define CONFIG_CACA_OUTDEV 0
-#define CONFIG_DECKLINK_OUTDEV 0
-#define CONFIG_FBDEV_OUTDEV 0
-#define CONFIG_OPENGL_OUTDEV 0
-#define CONFIG_OSS_OUTDEV 0
-#define CONFIG_PULSE_OUTDEV 0
-#define CONFIG_SDL2_OUTDEV 0
-#define CONFIG_SNDIO_OUTDEV 0
-#define CONFIG_V4L2_OUTDEV 0
-#define CONFIG_XV_OUTDEV 0
-#define CONFIG_AAC_PARSER 0
-#define CONFIG_AAC_LATM_PARSER 0
-#define CONFIG_AC3_PARSER 0
-#define CONFIG_ADX_PARSER 0
-#define CONFIG_BMP_PARSER 0
-#define CONFIG_CAVSVIDEO_PARSER 0
-#define CONFIG_COOK_PARSER 0
-#define CONFIG_DCA_PARSER 0
-#define CONFIG_DIRAC_PARSER 0
-#define CONFIG_DNXHD_PARSER 0
-#define CONFIG_DPX_PARSER 0
-#define CONFIG_DVAUDIO_PARSER 0
-#define CONFIG_DVBSUB_PARSER 0
-#define CONFIG_DVDSUB_PARSER 0
-#define CONFIG_DVD_NAV_PARSER 0
-#define CONFIG_FLAC_PARSER 1
-#define CONFIG_G729_PARSER 0
-#define CONFIG_GSM_PARSER 0
-#define CONFIG_H261_PARSER 0
-#define CONFIG_H263_PARSER 0
-#define CONFIG_H264_PARSER 0
-#define CONFIG_HEVC_PARSER 0
-#define CONFIG_MJPEG_PARSER 0
-#define CONFIG_MLP_PARSER 0
-#define CONFIG_MPEG4VIDEO_PARSER 0
-#define CONFIG_MPEGAUDIO_PARSER 0
-#define CONFIG_MPEGVIDEO_PARSER 0
-#define CONFIG_OPUS_PARSER 0
-#define CONFIG_PNG_PARSER 0
-#define CONFIG_PNM_PARSER 0
-#define CONFIG_RV30_PARSER 0
-#define CONFIG_RV40_PARSER 0
-#define CONFIG_TAK_PARSER 0
-#define CONFIG_VC1_PARSER 0
-#define CONFIG_VORBIS_PARSER 0
-#define CONFIG_VP3_PARSER 0
+#define CONFIG_FLAC_PARSER 0
 #define CONFIG_VP8_PARSER 1
 #define CONFIG_VP9_PARSER 1
-#define CONFIG_ASYNC_PROTOCOL 0
-#define CONFIG_BLURAY_PROTOCOL 0
-#define CONFIG_CACHE_PROTOCOL 0
-#define CONFIG_CONCAT_PROTOCOL 0
-#define CONFIG_CRYPTO_PROTOCOL 0
-#define CONFIG_DATA_PROTOCOL 0
-#define CONFIG_FFRTMPCRYPT_PROTOCOL 0
-#define CONFIG_FFRTMPHTTP_PROTOCOL 0
-#define CONFIG_FILE_PROTOCOL 0
-#define CONFIG_FTP_PROTOCOL 0
-#define CONFIG_GOPHER_PROTOCOL 0
-#define CONFIG_HLS_PROTOCOL 0
-#define CONFIG_HTTP_PROTOCOL 0
-#define CONFIG_HTTPPROXY_PROTOCOL 0
-#define CONFIG_HTTPS_PROTOCOL 0
-#define CONFIG_ICECAST_PROTOCOL 0
-#define CONFIG_MMSH_PROTOCOL 0
-#define CONFIG_MMST_PROTOCOL 0
-#define CONFIG_MD5_PROTOCOL 0
-#define CONFIG_PIPE_PROTOCOL 0
-#define CONFIG_RTMP_PROTOCOL 0
-#define CONFIG_RTMPE_PROTOCOL 0
-#define CONFIG_RTMPS_PROTOCOL 0
-#define CONFIG_RTMPT_PROTOCOL 0
-#define CONFIG_RTMPTE_PROTOCOL 0
-#define CONFIG_RTMPTS_PROTOCOL 0
-#define CONFIG_RTP_PROTOCOL 0
-#define CONFIG_SCTP_PROTOCOL 0
-#define CONFIG_SRTP_PROTOCOL 0
-#define CONFIG_SUBFILE_PROTOCOL 0
-#define CONFIG_TEE_PROTOCOL 0
-#define CONFIG_TCP_PROTOCOL 0
-#define CONFIG_TLS_GNUTLS_PROTOCOL 0
-#define CONFIG_TLS_SCHANNEL_PROTOCOL 0
-#define CONFIG_TLS_SECURETRANSPORT_PROTOCOL 0
-#define CONFIG_TLS_OPENSSL_PROTOCOL 0
-#define CONFIG_UDP_PROTOCOL 0
-#define CONFIG_UDPLITE_PROTOCOL 0
-#define CONFIG_UNIX_PROTOCOL 0
-#define CONFIG_LIBRTMP_PROTOCOL 0
-#define CONFIG_LIBRTMPE_PROTOCOL 0
-#define CONFIG_LIBRTMPS_PROTOCOL 0
-#define CONFIG_LIBRTMPT_PROTOCOL 0
-#define CONFIG_LIBRTMPTE_PROTOCOL 0
-#define CONFIG_LIBSSH_PROTOCOL 0
-#define CONFIG_LIBSMBCLIENT_PROTOCOL 0
 #endif /* FFMPEG_CONFIG_H */
diff --git a/media/ffvpx/config_win32.asm b/media/ffvpx/config_win32.asm
index 85eef2216..c804c0155 100644
--- a/media/ffvpx/config_win32.asm
+++ b/media/ffvpx/config_win32.asm
@@ -63,8 +63,8 @@
 %define HAVE_MIPSDSP 0
 %define HAVE_MIPSDSPR2 0
 %define HAVE_MSA 0
-%define HAVE_LOONGSON2 1
-%define HAVE_LOONGSON3 1
+%define HAVE_LOONGSON2 0
+%define HAVE_LOONGSON3 0
 %define HAVE_MMI 0
 %define HAVE_ARMV5TE_EXTERNAL 0
 %define HAVE_ARMV6_EXTERNAL 0
@@ -162,31 +162,32 @@
 %define HAVE_LOCAL_ALIGNED_16 1
 %define HAVE_LOCAL_ALIGNED_32 1
 %define HAVE_SIMD_ALIGN_16 1
+%define HAVE_SIMD_ALIGN_32 1
 %define HAVE_ATOMICS_GCC 0
 %define HAVE_ATOMICS_SUNCC 0
 %define HAVE_ATOMICS_WIN32 1
 %define HAVE_ATOMIC_CAS_PTR 0
-%define HAVE_ATOMIC_COMPARE_EXCHANGE 0
 %define HAVE_MACHINE_RW_BARRIER 0
 %define HAVE_MEMORYBARRIER 1
 %define HAVE_MM_EMPTY 1
 %define HAVE_RDTSC 1
 %define HAVE_SARESTART 0
-%define HAVE_SEM_TIMEDWAIT 1
+%define HAVE_SEM_TIMEDWAIT 0
 %define HAVE_SYNC_VAL_COMPARE_AND_SWAP 0
 %define HAVE_CABS 0
 %define HAVE_CEXP 0
 %define HAVE_INLINE_ASM 0
 %define HAVE_SYMVER 0
-%define HAVE_YASM 1
+%define HAVE_X86ASM 1
 %define HAVE_BIGENDIAN 0
 %define HAVE_FAST_UNALIGNED 1
-%define HAVE_ALSA_ASOUNDLIB_H 0
 %define HAVE_ALTIVEC_H 0
 %define HAVE_ARPA_INET_H 0
 %define HAVE_ASM_TYPES_H 0
 %define HAVE_CDIO_PARANOIA_H 0
 %define HAVE_CDIO_PARANOIA_PARANOIA_H 0
+%define HAVE_CUDA_H 0
+%define HAVE_D3D11_H 1
 %define HAVE_DISPATCH_DISPATCH_H 0
 %define HAVE_DEV_BKTR_IOCTL_BT848_H 0
 %define HAVE_DEV_BKTR_IOCTL_METEOR_H 0
@@ -196,7 +197,7 @@
 %define HAVE_DIRECT_H 1
 %define HAVE_DIRENT_H 0
 %define HAVE_DLFCN_H 0
-%define HAVE_D3D11_H 1
+%define HAVE_DXGIDEBUG_H 1
 %define HAVE_DXVA_H 1
 %define HAVE_ES2_GL_H 0
 %define HAVE_GSM_H 0
@@ -205,13 +206,15 @@
 %define HAVE_MACHINE_IOCTL_BT848_H 0
 %define HAVE_MACHINE_IOCTL_METEOR_H 0
 %define HAVE_OPENCV2_CORE_CORE_C_H 0
+%define HAVE_OPENJPEG_2_3_OPENJPEG_H 0
+%define HAVE_OPENJPEG_2_2_OPENJPEG_H 0
 %define HAVE_OPENJPEG_2_1_OPENJPEG_H 0
 %define HAVE_OPENJPEG_2_0_OPENJPEG_H 0
 %define HAVE_OPENJPEG_1_5_OPENJPEG_H 0
 %define HAVE_OPENGL_GL3_H 0
 %define HAVE_POLL_H 0
-%define HAVE_SNDIO_H 0
 %define HAVE_SOUNDCARD_H 0
+%define HAVE_STDATOMIC_H 0
 %define HAVE_SYS_MMAN_H 0
 %define HAVE_SYS_PARAM_H 0
 %define HAVE_SYS_RESOURCE_H 0
@@ -263,7 +266,6 @@
 %define HAVE_COMMANDLINETOARGVW 1
 %define HAVE_COTASKMEMFREE 1
 %define HAVE_CRYPTGENRANDOM 1
-%define HAVE_DLOPEN 0
 %define HAVE_FCNTL 0
 %define HAVE_FLT_LIM 1
 %define HAVE_FORK 0
@@ -283,7 +285,7 @@
 %define HAVE_ISATTY 1
 %define HAVE_JACK_PORT_GET_LATENCY_RANGE 0
 %define HAVE_KBHIT 1
-%define HAVE_LOADLIBRARY 0
+%define HAVE_LOADLIBRARY 1
 %define HAVE_LSTAT 0
 %define HAVE_LZO1X_999_COMPRESS 0
 %define HAVE_MACH_ABSOLUTE_TIME 0
@@ -311,11 +313,13 @@
 %define HAVE_OS2THREADS 0
 %define HAVE_W32THREADS 1
 %define HAVE_AS_DN_DIRECTIVE 0
+%define HAVE_AS_FPU_DIRECTIVE 0
 %define HAVE_AS_FUNC 0
 %define HAVE_AS_OBJECT_ARCH 0
 %define HAVE_ASM_MOD_Q 0
 %define HAVE_ATTRIBUTE_MAY_ALIAS 0
 %define HAVE_ATTRIBUTE_PACKED 0
+%define HAVE_BLOCKS_EXTENSION 0
 %define HAVE_EBP_AVAILABLE 0
 %define HAVE_EBX_AVAILABLE 0
 %define HAVE_GNU_AS 0
@@ -332,12 +336,13 @@
 %define HAVE_XFORM_ASM 0
 %define HAVE_XMM_CLOBBERS 0
 %define HAVE_CONDITION_VARIABLE_PTR 1
+%define HAVE_KCMVIDEOCODECTYPE_HEVC 0
 %define HAVE_SOCKLEN_T 1
 %define HAVE_STRUCT_ADDRINFO 1
 %define HAVE_STRUCT_GROUP_SOURCE_REQ 1
 %define HAVE_STRUCT_IP_MREQ_SOURCE 1
 %define HAVE_STRUCT_IPV6_MREQ 1
-%define HAVE_STRUCT_MSGHDR_MSG_FLAGS 1
+%define HAVE_STRUCT_MSGHDR_MSG_FLAGS 0
 %define HAVE_STRUCT_POLLFD 0
 %define HAVE_STRUCT_RUSAGE_RU_MAXRSS 0
 %define HAVE_STRUCT_SCTP_EVENT_SUBSCRIBE 0
@@ -348,36 +353,20 @@
 %define HAVE_STRUCT_V4L2_FRMIVALENUM_DISCRETE 0
 %define HAVE_ATOMICS_NATIVE 1
 %define HAVE_DOS_PATHS 1
-%define HAVE_DXVA2_LIB 0
-%define HAVE_DXVA2API_COBJ 1
 %define HAVE_LIBC_MSVCRT 1
-%define HAVE_LIBDC1394_1 0
-%define HAVE_LIBDC1394_2 0
 %define HAVE_MAKEINFO 1
 %define HAVE_MAKEINFO_HTML 0
 %define HAVE_MMAL_PARAMETER_VIDEO_MAX_NUM_CALLBACKS 0
 %define HAVE_PERL 1
 %define HAVE_POD2MAN 1
-%define HAVE_SDL2 0
 %define HAVE_SECTION_DATA_REL_RO 0
 %define HAVE_TEXI2HTML 0
 %define HAVE_THREADS 1
+%define HAVE_UWP 0
 %define HAVE_VAAPI_DRM 0
 %define HAVE_VAAPI_X11 0
 %define HAVE_VDPAU_X11 0
 %define HAVE_WINRT 0
-%define HAVE_XLIB 0
-%define CONFIG_BSFS 0
-%define CONFIG_DECODERS 1
-%define CONFIG_ENCODERS 0
-%define CONFIG_HWACCELS 0
-%define CONFIG_PARSERS 1
-%define CONFIG_INDEVS 0
-%define CONFIG_OUTDEVS 0
-%define CONFIG_FILTERS 0
-%define CONFIG_DEMUXERS 0
-%define CONFIG_MUXERS 0
-%define CONFIG_PROTOCOLS 0
 %define CONFIG_DOC 0
 %define CONFIG_HTMLPAGES 0
 %define CONFIG_MANPAGES 1
@@ -385,13 +374,17 @@
 %define CONFIG_TXTPAGES 1
 %define CONFIG_AVIO_DIR_CMD_EXAMPLE 1
 %define CONFIG_AVIO_READING_EXAMPLE 1
-%define CONFIG_DECODING_ENCODING_EXAMPLE 0
+%define CONFIG_DECODE_AUDIO_EXAMPLE 1
+%define CONFIG_DECODE_VIDEO_EXAMPLE 1
 %define CONFIG_DEMUXING_DECODING_EXAMPLE 0
+%define CONFIG_ENCODE_AUDIO_EXAMPLE 1
+%define CONFIG_ENCODE_VIDEO_EXAMPLE 1
 %define CONFIG_EXTRACT_MVS_EXAMPLE 0
 %define CONFIG_FILTER_AUDIO_EXAMPLE 0
 %define CONFIG_FILTERING_AUDIO_EXAMPLE 0
 %define CONFIG_FILTERING_VIDEO_EXAMPLE 0
 %define CONFIG_HTTP_MULTICLIENT_EXAMPLE 0
+%define CONFIG_HW_DECODE_EXAMPLE 0
 %define CONFIG_METADATA_EXAMPLE 0
 %define CONFIG_MUXING_EXAMPLE 0
 %define CONFIG_QSVDEC_EXAMPLE 0
@@ -400,27 +393,55 @@
 %define CONFIG_SCALING_VIDEO_EXAMPLE 0
 %define CONFIG_TRANSCODE_AAC_EXAMPLE 0
 %define CONFIG_TRANSCODING_EXAMPLE 0
-%define CONFIG_AVISYNTH 0
+%define CONFIG_ALSA 0
+%define CONFIG_APPKIT 0
+%define CONFIG_AVFOUNDATION 0
 %define CONFIG_BZLIB 0
-%define CONFIG_CHROMAPRINT 0
-%define CONFIG_CRYSTALHD 0
-%define CONFIG_DECKLINK 0
+%define CONFIG_COREIMAGE 0
+%define CONFIG_ICONV 0
+%define CONFIG_JACK 0
+%define CONFIG_LIBXCB 0
+%define CONFIG_LIBXCB_SHM 0
+%define CONFIG_LIBXCB_SHAPE 0
+%define CONFIG_LIBXCB_XFIXES 0
+%define CONFIG_LZMA 0
+%define CONFIG_SCHANNEL 1
+%define CONFIG_SDL2 0
+%define CONFIG_SECURETRANSPORT 0
+%define CONFIG_SNDIO 0
+%define CONFIG_XLIB 1
+%define CONFIG_ZLIB 0
+%define CONFIG_AVISYNTH 0
 %define CONFIG_FREI0R 0
-%define CONFIG_GCRYPT 0
+%define CONFIG_LIBCDIO 0
+%define CONFIG_LIBRUBBERBAND 0
+%define CONFIG_LIBVIDSTAB 0
+%define CONFIG_LIBX264 0
+%define CONFIG_LIBX265 0
+%define CONFIG_LIBXAVS 0
+%define CONFIG_LIBXVID 0
+%define CONFIG_DECKLINK 0
+%define CONFIG_LIBNDI_NEWTEK 0
+%define CONFIG_LIBFDK_AAC 0
+%define CONFIG_OPENSSL 0
 %define CONFIG_GMP 0
+%define CONFIG_LIBOPENCORE_AMRNB 0
+%define CONFIG_LIBOPENCORE_AMRWB 0
+%define CONFIG_LIBVO_AMRWBENC 0
+%define CONFIG_RKMPP 0
+%define CONFIG_LIBSMBCLIENT 0
+%define CONFIG_CHROMAPRINT 0
+%define CONFIG_GCRYPT 0
 %define CONFIG_GNUTLS 0
-%define CONFIG_ICONV 0
 %define CONFIG_JNI 0
 %define CONFIG_LADSPA 0
 %define CONFIG_LIBASS 0
 %define CONFIG_LIBBLURAY 0
 %define CONFIG_LIBBS2B 0
 %define CONFIG_LIBCACA 0
-%define CONFIG_LIBCDIO 0
 %define CONFIG_LIBCELT 0
 %define CONFIG_LIBDC1394 0
-%define CONFIG_LIBEBUR128 0
-%define CONFIG_LIBFDK_AAC 0
+%define CONFIG_LIBDRM 0
 %define CONFIG_LIBFLITE 0
 %define CONFIG_LIBFONTCONFIG 0
 %define CONFIG_LIBFREETYPE 0
@@ -432,18 +453,15 @@
 %define CONFIG_LIBKVAZAAR 0
 %define CONFIG_LIBMODPLUG 0
 %define CONFIG_LIBMP3LAME 0
-%define CONFIG_LIBNUT 0
-%define CONFIG_LIBOPENCORE_AMRNB 0
-%define CONFIG_LIBOPENCORE_AMRWB 0
+%define CONFIG_LIBMYSOFA 0
 %define CONFIG_LIBOPENCV 0
 %define CONFIG_LIBOPENH264 0
 %define CONFIG_LIBOPENJPEG 0
 %define CONFIG_LIBOPENMPT 0
 %define CONFIG_LIBOPUS 0
 %define CONFIG_LIBPULSE 0
+%define CONFIG_LIBRSVG 0
 %define CONFIG_LIBRTMP 0
-%define CONFIG_LIBRUBBERBAND 0
-%define CONFIG_LIBSCHROEDINGER 0
 %define CONFIG_LIBSHINE 0
 %define CONFIG_LIBSMBCLIENT 0
 %define CONFIG_LIBSNAPPY 0
@@ -454,53 +472,37 @@
 %define CONFIG_LIBTHEORA 0
 %define CONFIG_LIBTWOLAME 0
 %define CONFIG_LIBV4L2 0
-%define CONFIG_LIBVIDSTAB 0
-%define CONFIG_LIBVO_AMRWBENC 0
+%define CONFIG_LIBVMAF 0
 %define CONFIG_LIBVORBIS 0
 %define CONFIG_LIBVPX 0
 %define CONFIG_LIBWAVPACK 0
 %define CONFIG_LIBWEBP 0
-%define CONFIG_LIBX264 0
-%define CONFIG_LIBX265 0
-%define CONFIG_LIBXAVS 0
-%define CONFIG_LIBXCB 0
-%define CONFIG_LIBXCB_SHM 0
-%define CONFIG_LIBXCB_SHAPE 0
-%define CONFIG_LIBXCB_XFIXES 0
-%define CONFIG_LIBXVID 0
+%define CONFIG_LIBXML2 0
 %define CONFIG_LIBZIMG 0
 %define CONFIG_LIBZMQ 0
 %define CONFIG_LIBZVBI 0
-%define CONFIG_LZMA 0
 %define CONFIG_MEDIACODEC 0
-%define CONFIG_NETCDF 0
 %define CONFIG_OPENAL 0
 %define CONFIG_OPENCL 0
 %define CONFIG_OPENGL 0
-%define CONFIG_OPENSSL 0
-%define CONFIG_SCHANNEL 1
-%define CONFIG_SDL 0
-%define CONFIG_SDL2 0
-%define CONFIG_SECURETRANSPORT 0
-%define CONFIG_VIDEOTOOLBOX 0
-%define CONFIG_X11GRAB 0
-%define CONFIG_XLIB 0
-%define CONFIG_ZLIB 0
 %define CONFIG_AUDIOTOOLBOX 0
-%define CONFIG_CUDA 0
-%define CONFIG_CUVID 0
+%define CONFIG_CRYSTALHD 0
+%define CONFIG_CUDA 1
+%define CONFIG_CUVID 1
 %define CONFIG_D3D11VA 0
 %define CONFIG_DXVA2 0
-%define CONFIG_LIBMFX 0
-%define CONFIG_LIBNPP 0
-%define CONFIG_MMAL 0
-%define CONFIG_NVENC 0
-%define CONFIG_OMX 0
+%define CONFIG_NVENC 1
 %define CONFIG_VAAPI 0
 %define CONFIG_VDA 0
 %define CONFIG_VDPAU 0
-%define CONFIG_VIDEOTOOLBOX_HWACCEL 0
+%define CONFIG_VIDEOTOOLBOX 0
+%define CONFIG_V4L2_M2M 0
 %define CONFIG_XVMC 0
+%define CONFIG_CUDA_SDK 0
+%define CONFIG_LIBNPP 0
+%define CONFIG_LIBMFX 0
+%define CONFIG_MMAL 0
+%define CONFIG_OMX 0
 %define CONFIG_FTRAPV 0
 %define CONFIG_GRAY 0
 %define CONFIG_HARDCODED_TABLES 0
@@ -539,16 +541,27 @@
 %define CONFIG_PIXELUTILS 0
 %define CONFIG_NETWORK 0
 %define CONFIG_RDFT 0
+%define CONFIG_AUTODETECT 0
 %define CONFIG_FONTCONFIG 0
-%define CONFIG_MEMALIGN_HACK 0
+%define CONFIG_LINUX_PERF 0
 %define CONFIG_MEMORY_POISONING 0
 %define CONFIG_NEON_CLOBBER_TEST 0
+%define CONFIG_OSSFUZZ 0
 %define CONFIG_PIC 0
-%define CONFIG_POD2MAN 1
-%define CONFIG_RAISE_MAJOR 0
 %define CONFIG_THUMB 0
 %define CONFIG_VALGRIND_BACKTRACE 0
 %define CONFIG_XMM_CLOBBER_TEST 0
+%define CONFIG_BSFS 1
+%define CONFIG_DECODERS 1
+%define CONFIG_ENCODERS 0
+%define CONFIG_HWACCELS 0
+%define CONFIG_PARSERS 1
+%define CONFIG_INDEVS 0
+%define CONFIG_OUTDEVS 0
+%define CONFIG_FILTERS 0
+%define CONFIG_DEMUXERS 0
+%define CONFIG_MUXERS 0
+%define CONFIG_PROTOCOLS 0
 %define CONFIG_AANDCTTABLES 0
 %define CONFIG_AC3DSP 0
 %define CONFIG_AUDIO_FRAME_QUEUE 0
@@ -566,20 +579,22 @@
 %define CONFIG_FMTCONVERT 0
 %define CONFIG_FRAME_THREAD_ENCODER 0
 %define CONFIG_G722DSP 0
-%define CONFIG_GOLOMB 1
+%define CONFIG_GOLOMB 0
 %define CONFIG_GPLV3 0
 %define CONFIG_H263DSP 0
 %define CONFIG_H264CHROMA 0
 %define CONFIG_H264DSP 0
+%define CONFIG_H264PARSE 0
 %define CONFIG_H264PRED 1
 %define CONFIG_H264QPEL 0
+%define CONFIG_HEVCPARSE 0
 %define CONFIG_HPELDSP 0
 %define CONFIG_HUFFMAN 0
 %define CONFIG_HUFFYUVDSP 0
 %define CONFIG_HUFFYUVENCDSP 0
 %define CONFIG_IDCTDSP 0
 %define CONFIG_IIRFILTER 0
-%define CONFIG_IMDCT15 0
+%define CONFIG_MDCT15 0
 %define CONFIG_INTRAX8 0
 %define CONFIG_ISO_MEDIA 0
 %define CONFIG_IVIDSP 0
@@ -588,12 +603,14 @@
 %define CONFIG_LIBX262 0
 %define CONFIG_LLAUDDSP 0
 %define CONFIG_LLVIDDSP 0
+%define CONFIG_LLVIDENCDSP 0
 %define CONFIG_LPC 0
 %define CONFIG_LZF 0
 %define CONFIG_ME_CMP 0
 %define CONFIG_MPEG_ER 0
 %define CONFIG_MPEGAUDIO 0
 %define CONFIG_MPEGAUDIODSP 0
+%define CONFIG_MPEGAUDIOHEADER 0
 %define CONFIG_MPEGVIDEO 0
 %define CONFIG_MPEGVIDEOENC 0
 %define CONFIG_MSS34DSP 0
@@ -615,1594 +632,19 @@
 %define CONFIG_TEXTUREDSP 0
 %define CONFIG_TEXTUREDSPENC 0
 %define CONFIG_TPELDSP 0
+%define CONFIG_VAAPI_1 0
 %define CONFIG_VAAPI_ENCODE 0
 %define CONFIG_VC1DSP 0
 %define CONFIG_VIDEODSP 1
 %define CONFIG_VP3DSP 0
 %define CONFIG_VP56DSP 0
 %define CONFIG_VP8DSP 1
-%define CONFIG_VT_BT2020 0
 %define CONFIG_WMA_FREQS 0
 %define CONFIG_WMV2DSP 0
-%define CONFIG_AAC_ADTSTOASC_BSF 0
-%define CONFIG_CHOMP_BSF 0
-%define CONFIG_DUMP_EXTRADATA_BSF 0
-%define CONFIG_DCA_CORE_BSF 0
-%define CONFIG_H264_MP4TOANNEXB_BSF 0
-%define CONFIG_HEVC_MP4TOANNEXB_BSF 0
-%define CONFIG_IMX_DUMP_HEADER_BSF 0
-%define CONFIG_MJPEG2JPEG_BSF 0
-%define CONFIG_MJPEGA_DUMP_HEADER_BSF 0
-%define CONFIG_MP3_HEADER_DECOMPRESS_BSF 0
-%define CONFIG_MPEG4_UNPACK_BFRAMES_BSF 0
-%define CONFIG_MOV2TEXTSUB_BSF 0
-%define CONFIG_NOISE_BSF 0
-%define CONFIG_REMOVE_EXTRADATA_BSF 0
-%define CONFIG_TEXT2MOVSUB_BSF 0
-%define CONFIG_VP9_SUPERFRAME_BSF 0
-%define CONFIG_AASC_DECODER 0
-%define CONFIG_AIC_DECODER 0
-%define CONFIG_ALIAS_PIX_DECODER 0
-%define CONFIG_AMV_DECODER 0
-%define CONFIG_ANM_DECODER 0
-%define CONFIG_ANSI_DECODER 0
-%define CONFIG_APNG_DECODER 0
-%define CONFIG_ASV1_DECODER 0
-%define CONFIG_ASV2_DECODER 0
-%define CONFIG_AURA_DECODER 0
-%define CONFIG_AURA2_DECODER 0
-%define CONFIG_AVRP_DECODER 0
-%define CONFIG_AVRN_DECODER 0
-%define CONFIG_AVS_DECODER 0
-%define CONFIG_AVUI_DECODER 0
-%define CONFIG_AYUV_DECODER 0
-%define CONFIG_BETHSOFTVID_DECODER 0
-%define CONFIG_BFI_DECODER 0
-%define CONFIG_BINK_DECODER 0
-%define CONFIG_BMP_DECODER 0
-%define CONFIG_BMV_VIDEO_DECODER 0
-%define CONFIG_BRENDER_PIX_DECODER 0
-%define CONFIG_C93_DECODER 0
-%define CONFIG_CAVS_DECODER 0
-%define CONFIG_CDGRAPHICS_DECODER 0
-%define CONFIG_CDXL_DECODER 0
-%define CONFIG_CFHD_DECODER 0
-%define CONFIG_CINEPAK_DECODER 0
-%define CONFIG_CLJR_DECODER 0
-%define CONFIG_CLLC_DECODER 0
-%define CONFIG_COMFORTNOISE_DECODER 0
-%define CONFIG_CPIA_DECODER 0
-%define CONFIG_CSCD_DECODER 0
-%define CONFIG_CYUV_DECODER 0
-%define CONFIG_DDS_DECODER 0
-%define CONFIG_DFA_DECODER 0
-%define CONFIG_DIRAC_DECODER 0
-%define CONFIG_DNXHD_DECODER 0
-%define CONFIG_DPX_DECODER 0
-%define CONFIG_DSICINVIDEO_DECODER 0
-%define CONFIG_DVAUDIO_DECODER 0
-%define CONFIG_DVVIDEO_DECODER 0
-%define CONFIG_DXA_DECODER 0
-%define CONFIG_DXTORY_DECODER 0
-%define CONFIG_DXV_DECODER 0
-%define CONFIG_EACMV_DECODER 0
-%define CONFIG_EAMAD_DECODER 0
-%define CONFIG_EATGQ_DECODER 0
-%define CONFIG_EATGV_DECODER 0
-%define CONFIG_EATQI_DECODER 0
-%define CONFIG_EIGHTBPS_DECODER 0
-%define CONFIG_EIGHTSVX_EXP_DECODER 0
-%define CONFIG_EIGHTSVX_FIB_DECODER 0
-%define CONFIG_ESCAPE124_DECODER 0
-%define CONFIG_ESCAPE130_DECODER 0
-%define CONFIG_EXR_DECODER 0
-%define CONFIG_FFV1_DECODER 0
-%define CONFIG_FFVHUFF_DECODER 0
-%define CONFIG_FIC_DECODER 0
-%define CONFIG_FLASHSV_DECODER 0
-%define CONFIG_FLASHSV2_DECODER 0
-%define CONFIG_FLIC_DECODER 0
-%define CONFIG_FLV_DECODER 0
-%define CONFIG_FOURXM_DECODER 0
-%define CONFIG_FRAPS_DECODER 0
-%define CONFIG_FRWU_DECODER 0
-%define CONFIG_G2M_DECODER 0
-%define CONFIG_GIF_DECODER 0
-%define CONFIG_H261_DECODER 0
-%define CONFIG_H263_DECODER 0
-%define CONFIG_H263I_DECODER 0
-%define CONFIG_H263P_DECODER 0
-%define CONFIG_H264_DECODER 0
-%define CONFIG_H264_CRYSTALHD_DECODER 0
-%define CONFIG_H264_MEDIACODEC_DECODER 0
-%define CONFIG_H264_MMAL_DECODER 0
-%define CONFIG_H264_QSV_DECODER 0
-%define CONFIG_H264_VDA_DECODER 0
-%define CONFIG_H264_VDPAU_DECODER 0
-%define CONFIG_HAP_DECODER 0
-%define CONFIG_HEVC_DECODER 0
-%define CONFIG_HEVC_QSV_DECODER 0
-%define CONFIG_HNM4_VIDEO_DECODER 0
-%define CONFIG_HQ_HQA_DECODER 0
-%define CONFIG_HQX_DECODER 0
-%define CONFIG_HUFFYUV_DECODER 0
-%define CONFIG_IDCIN_DECODER 0
-%define CONFIG_IFF_ILBM_DECODER 0
-%define CONFIG_INDEO2_DECODER 0
-%define CONFIG_INDEO3_DECODER 0
-%define CONFIG_INDEO4_DECODER 0
-%define CONFIG_INDEO5_DECODER 0
-%define CONFIG_INTERPLAY_VIDEO_DECODER 0
-%define CONFIG_JPEG2000_DECODER 0
-%define CONFIG_JPEGLS_DECODER 0
-%define CONFIG_JV_DECODER 0
-%define CONFIG_KGV1_DECODER 0
-%define CONFIG_KMVC_DECODER 0
-%define CONFIG_LAGARITH_DECODER 0
-%define CONFIG_LOCO_DECODER 0
-%define CONFIG_M101_DECODER 0
-%define CONFIG_MAGICYUV_DECODER 0
-%define CONFIG_MDEC_DECODER 0
-%define CONFIG_MIMIC_DECODER 0
-%define CONFIG_MJPEG_DECODER 0
-%define CONFIG_MJPEGB_DECODER 0
-%define CONFIG_MMVIDEO_DECODER 0
-%define CONFIG_MOTIONPIXELS_DECODER 0
-%define CONFIG_MPEG_XVMC_DECODER 0
-%define CONFIG_MPEG1VIDEO_DECODER 0
-%define CONFIG_MPEG2VIDEO_DECODER 0
-%define CONFIG_MPEG4_DECODER 0
-%define CONFIG_MPEG4_CRYSTALHD_DECODER 0
-%define CONFIG_MPEG4_MMAL_DECODER 0
-%define CONFIG_MPEG4_VDPAU_DECODER 0
-%define CONFIG_MPEGVIDEO_DECODER 0
-%define CONFIG_MPEG_VDPAU_DECODER 0
-%define CONFIG_MPEG1_VDPAU_DECODER 0
-%define CONFIG_MPEG2_MMAL_DECODER 0
-%define CONFIG_MPEG2_CRYSTALHD_DECODER 0
-%define CONFIG_MPEG2_QSV_DECODER 0
-%define CONFIG_MSA1_DECODER 0
-%define CONFIG_MSMPEG4_CRYSTALHD_DECODER 0
-%define CONFIG_MSMPEG4V1_DECODER 0
-%define CONFIG_MSMPEG4V2_DECODER 0
-%define CONFIG_MSMPEG4V3_DECODER 0
-%define CONFIG_MSRLE_DECODER 0
-%define CONFIG_MSS1_DECODER 0
-%define CONFIG_MSS2_DECODER 0
-%define CONFIG_MSVIDEO1_DECODER 0
-%define CONFIG_MSZH_DECODER 0
-%define CONFIG_MTS2_DECODER 0
-%define CONFIG_MVC1_DECODER 0
-%define CONFIG_MVC2_DECODER 0
-%define CONFIG_MXPEG_DECODER 0
-%define CONFIG_NUV_DECODER 0
-%define CONFIG_PAF_VIDEO_DECODER 0
-%define CONFIG_PAM_DECODER 0
-%define CONFIG_PBM_DECODER 0
-%define CONFIG_PCX_DECODER 0
-%define CONFIG_PGM_DECODER 0
-%define CONFIG_PGMYUV_DECODER 0
-%define CONFIG_PICTOR_DECODER 0
-%define CONFIG_PNG_DECODER 0
-%define CONFIG_PPM_DECODER 0
-%define CONFIG_PRORES_DECODER 0
-%define CONFIG_PRORES_LGPL_DECODER 0
-%define CONFIG_PTX_DECODER 0
-%define CONFIG_QDRAW_DECODER 0
-%define CONFIG_QPEG_DECODER 0
-%define CONFIG_QTRLE_DECODER 0
-%define CONFIG_R10K_DECODER 0
-%define CONFIG_R210_DECODER 0
-%define CONFIG_RAWVIDEO_DECODER 0
-%define CONFIG_RL2_DECODER 0
-%define CONFIG_ROQ_DECODER 0
-%define CONFIG_RPZA_DECODER 0
-%define CONFIG_RSCC_DECODER 0
-%define CONFIG_RV10_DECODER 0
-%define CONFIG_RV20_DECODER 0
-%define CONFIG_RV30_DECODER 0
-%define CONFIG_RV40_DECODER 0
-%define CONFIG_S302M_DECODER 0
-%define CONFIG_SANM_DECODER 0
-%define CONFIG_SCREENPRESSO_DECODER 0
-%define CONFIG_SDX2_DPCM_DECODER 0
-%define CONFIG_SGI_DECODER 0
-%define CONFIG_SGIRLE_DECODER 0
-%define CONFIG_SHEERVIDEO_DECODER 0
-%define CONFIG_SMACKER_DECODER 0
-%define CONFIG_SMC_DECODER 0
-%define CONFIG_SMVJPEG_DECODER 0
-%define CONFIG_SNOW_DECODER 0
-%define CONFIG_SP5X_DECODER 0
-%define CONFIG_SUNRAST_DECODER 0
-%define CONFIG_SVQ1_DECODER 0
-%define CONFIG_SVQ3_DECODER 0
-%define CONFIG_TARGA_DECODER 0
-%define CONFIG_TARGA_Y216_DECODER 0
-%define CONFIG_TDSC_DECODER 0
-%define CONFIG_THEORA_DECODER 0
-%define CONFIG_THP_DECODER 0
-%define CONFIG_TIERTEXSEQVIDEO_DECODER 0
-%define CONFIG_TIFF_DECODER 0
-%define CONFIG_TMV_DECODER 0
-%define CONFIG_TRUEMOTION1_DECODER 0
-%define CONFIG_TRUEMOTION2_DECODER 0
-%define CONFIG_TRUEMOTION2RT_DECODER 0
-%define CONFIG_TSCC_DECODER 0
-%define CONFIG_TSCC2_DECODER 0
-%define CONFIG_TXD_DECODER 0
-%define CONFIG_ULTI_DECODER 0
-%define CONFIG_UTVIDEO_DECODER 0
-%define CONFIG_V210_DECODER 0
-%define CONFIG_V210X_DECODER 0
-%define CONFIG_V308_DECODER 0
-%define CONFIG_V408_DECODER 0
-%define CONFIG_V410_DECODER 0
-%define CONFIG_VB_DECODER 0
-%define CONFIG_VBLE_DECODER 0
-%define CONFIG_VC1_DECODER 0
-%define CONFIG_VC1_CRYSTALHD_DECODER 0
-%define CONFIG_VC1_VDPAU_DECODER 0
-%define CONFIG_VC1IMAGE_DECODER 0
-%define CONFIG_VC1_MMAL_DECODER 0
-%define CONFIG_VC1_QSV_DECODER 0
-%define CONFIG_VCR1_DECODER 0
-%define CONFIG_VMDVIDEO_DECODER 0
-%define CONFIG_VMNC_DECODER 0
-%define CONFIG_VP3_DECODER 0
-%define CONFIG_VP5_DECODER 0
-%define CONFIG_VP6_DECODER 0
-%define CONFIG_VP6A_DECODER 0
-%define CONFIG_VP6F_DECODER 0
-%define CONFIG_VP7_DECODER 0
+%define CONFIG_NULL_BSF 1
 %define CONFIG_VP8_DECODER 1
 %define CONFIG_VP9_DECODER 1
-%define CONFIG_VQA_DECODER 0
-%define CONFIG_WEBP_DECODER 0
-%define CONFIG_WMV1_DECODER 0
-%define CONFIG_WMV2_DECODER 0
-%define CONFIG_WMV3_DECODER 0
-%define CONFIG_WMV3_CRYSTALHD_DECODER 0
-%define CONFIG_WMV3_VDPAU_DECODER 0
-%define CONFIG_WMV3IMAGE_DECODER 0
-%define CONFIG_WNV1_DECODER 0
-%define CONFIG_XAN_WC3_DECODER 0
-%define CONFIG_XAN_WC4_DECODER 0
-%define CONFIG_XBM_DECODER 0
-%define CONFIG_XFACE_DECODER 0
-%define CONFIG_XL_DECODER 0
-%define CONFIG_XWD_DECODER 0
-%define CONFIG_Y41P_DECODER 0
-%define CONFIG_YLC_DECODER 0
-%define CONFIG_YOP_DECODER 0
-%define CONFIG_YUV4_DECODER 0
-%define CONFIG_ZERO12V_DECODER 0
-%define CONFIG_ZEROCODEC_DECODER 0
-%define CONFIG_ZLIB_DECODER 0
-%define CONFIG_ZMBV_DECODER 0
-%define CONFIG_AAC_DECODER 0
-%define CONFIG_AAC_FIXED_DECODER 0
-%define CONFIG_AAC_LATM_DECODER 0
-%define CONFIG_AC3_DECODER 0
-%define CONFIG_AC3_FIXED_DECODER 0
-%define CONFIG_ALAC_DECODER 0
-%define CONFIG_ALS_DECODER 0
-%define CONFIG_AMRNB_DECODER 0
-%define CONFIG_AMRWB_DECODER 0
-%define CONFIG_APE_DECODER 0
-%define CONFIG_ATRAC1_DECODER 0
-%define CONFIG_ATRAC3_DECODER 0
-%define CONFIG_ATRAC3P_DECODER 0
-%define CONFIG_BINKAUDIO_DCT_DECODER 0
-%define CONFIG_BINKAUDIO_RDFT_DECODER 0
-%define CONFIG_BMV_AUDIO_DECODER 0
-%define CONFIG_COOK_DECODER 0
-%define CONFIG_DCA_DECODER 0
-%define CONFIG_DSD_LSBF_DECODER 0
-%define CONFIG_DSD_MSBF_DECODER 0
-%define CONFIG_DSD_LSBF_PLANAR_DECODER 0
-%define CONFIG_DSD_MSBF_PLANAR_DECODER 0
-%define CONFIG_DSICINAUDIO_DECODER 0
-%define CONFIG_DSS_SP_DECODER 0
-%define CONFIG_DST_DECODER 0
-%define CONFIG_EAC3_DECODER 0
-%define CONFIG_EVRC_DECODER 0
-%define CONFIG_FFWAVESYNTH_DECODER 0
 %define CONFIG_FLAC_DECODER 1
-%define CONFIG_G723_1_DECODER 0
-%define CONFIG_G729_DECODER 0
-%define CONFIG_GSM_DECODER 0
-%define CONFIG_GSM_MS_DECODER 0
-%define CONFIG_IAC_DECODER 0
-%define CONFIG_IMC_DECODER 0
-%define CONFIG_INTERPLAY_ACM_DECODER 0
-%define CONFIG_MACE3_DECODER 0
-%define CONFIG_MACE6_DECODER 0
-%define CONFIG_METASOUND_DECODER 0
-%define CONFIG_MLP_DECODER 0
-%define CONFIG_MP1_DECODER 0
-%define CONFIG_MP1FLOAT_DECODER 0
-%define CONFIG_MP2_DECODER 0
-%define CONFIG_MP2FLOAT_DECODER 0
-%define CONFIG_MP3_DECODER 0
-%define CONFIG_MP3FLOAT_DECODER 0
-%define CONFIG_MP3ADU_DECODER 0
-%define CONFIG_MP3ADUFLOAT_DECODER 0
-%define CONFIG_MP3ON4_DECODER 0
-%define CONFIG_MP3ON4FLOAT_DECODER 0
-%define CONFIG_MPC7_DECODER 0
-%define CONFIG_MPC8_DECODER 0
-%define CONFIG_NELLYMOSER_DECODER 0
-%define CONFIG_ON2AVC_DECODER 0
-%define CONFIG_OPUS_DECODER 0
-%define CONFIG_PAF_AUDIO_DECODER 0
-%define CONFIG_QCELP_DECODER 0
-%define CONFIG_QDM2_DECODER 0
-%define CONFIG_RA_144_DECODER 0
-%define CONFIG_RA_288_DECODER 0
-%define CONFIG_RALF_DECODER 0
-%define CONFIG_SHORTEN_DECODER 0
-%define CONFIG_SIPR_DECODER 0
-%define CONFIG_SMACKAUD_DECODER 0
-%define CONFIG_SONIC_DECODER 0
-%define CONFIG_TAK_DECODER 0
-%define CONFIG_TRUEHD_DECODER 0
-%define CONFIG_TRUESPEECH_DECODER 0
-%define CONFIG_TTA_DECODER 0
-%define CONFIG_TWINVQ_DECODER 0
-%define CONFIG_VMDAUDIO_DECODER 0
-%define CONFIG_VORBIS_DECODER 0
-%define CONFIG_WAVPACK_DECODER 0
-%define CONFIG_WMALOSSLESS_DECODER 0
-%define CONFIG_WMAPRO_DECODER 0
-%define CONFIG_WMAV1_DECODER 0
-%define CONFIG_WMAV2_DECODER 0
-%define CONFIG_WMAVOICE_DECODER 0
-%define CONFIG_WS_SND1_DECODER 0
-%define CONFIG_XMA1_DECODER 0
-%define CONFIG_XMA2_DECODER 0
-%define CONFIG_PCM_ALAW_DECODER 0
-%define CONFIG_PCM_BLURAY_DECODER 0
-%define CONFIG_PCM_DVD_DECODER 0
-%define CONFIG_PCM_F32BE_DECODER 0
-%define CONFIG_PCM_F32LE_DECODER 0
-%define CONFIG_PCM_F64BE_DECODER 0
-%define CONFIG_PCM_F64LE_DECODER 0
-%define CONFIG_PCM_LXF_DECODER 0
-%define CONFIG_PCM_MULAW_DECODER 0
-%define CONFIG_PCM_S8_DECODER 0
-%define CONFIG_PCM_S8_PLANAR_DECODER 0
-%define CONFIG_PCM_S16BE_DECODER 0
-%define CONFIG_PCM_S16BE_PLANAR_DECODER 0
-%define CONFIG_PCM_S16LE_DECODER 0
-%define CONFIG_PCM_S16LE_PLANAR_DECODER 0
-%define CONFIG_PCM_S24BE_DECODER 0
-%define CONFIG_PCM_S24DAUD_DECODER 0
-%define CONFIG_PCM_S24LE_DECODER 0
-%define CONFIG_PCM_S24LE_PLANAR_DECODER 0
-%define CONFIG_PCM_S32BE_DECODER 0
-%define CONFIG_PCM_S32LE_DECODER 0
-%define CONFIG_PCM_S32LE_PLANAR_DECODER 0
-%define CONFIG_PCM_S64BE_DECODER 0
-%define CONFIG_PCM_S64LE_DECODER 0
-%define CONFIG_PCM_U8_DECODER 0
-%define CONFIG_PCM_U16BE_DECODER 0
-%define CONFIG_PCM_U16LE_DECODER 0
-%define CONFIG_PCM_U24BE_DECODER 0
-%define CONFIG_PCM_U24LE_DECODER 0
-%define CONFIG_PCM_U32BE_DECODER 0
-%define CONFIG_PCM_U32LE_DECODER 0
-%define CONFIG_PCM_ZORK_DECODER 0
-%define CONFIG_INTERPLAY_DPCM_DECODER 0
-%define CONFIG_ROQ_DPCM_DECODER 0
-%define CONFIG_SOL_DPCM_DECODER 0
-%define CONFIG_XAN_DPCM_DECODER 0
-%define CONFIG_ADPCM_4XM_DECODER 0
-%define CONFIG_ADPCM_ADX_DECODER 0
-%define CONFIG_ADPCM_AFC_DECODER 0
-%define CONFIG_ADPCM_AICA_DECODER 0
-%define CONFIG_ADPCM_CT_DECODER 0
-%define CONFIG_ADPCM_DTK_DECODER 0
-%define CONFIG_ADPCM_EA_DECODER 0
-%define CONFIG_ADPCM_EA_MAXIS_XA_DECODER 0
-%define CONFIG_ADPCM_EA_R1_DECODER 0
-%define CONFIG_ADPCM_EA_R2_DECODER 0
-%define CONFIG_ADPCM_EA_R3_DECODER 0
-%define CONFIG_ADPCM_EA_XAS_DECODER 0
-%define CONFIG_ADPCM_G722_DECODER 0
-%define CONFIG_ADPCM_G726_DECODER 0
-%define CONFIG_ADPCM_G726LE_DECODER 0
-%define CONFIG_ADPCM_IMA_AMV_DECODER 0
-%define CONFIG_ADPCM_IMA_APC_DECODER 0
-%define CONFIG_ADPCM_IMA_DAT4_DECODER 0
-%define CONFIG_ADPCM_IMA_DK3_DECODER 0
-%define CONFIG_ADPCM_IMA_DK4_DECODER 0
-%define CONFIG_ADPCM_IMA_EA_EACS_DECODER 0
-%define CONFIG_ADPCM_IMA_EA_SEAD_DECODER 0
-%define CONFIG_ADPCM_IMA_ISS_DECODER 0
-%define CONFIG_ADPCM_IMA_OKI_DECODER 0
-%define CONFIG_ADPCM_IMA_QT_DECODER 0
-%define CONFIG_ADPCM_IMA_RAD_DECODER 0
-%define CONFIG_ADPCM_IMA_SMJPEG_DECODER 0
-%define CONFIG_ADPCM_IMA_WAV_DECODER 0
-%define CONFIG_ADPCM_IMA_WS_DECODER 0
-%define CONFIG_ADPCM_MS_DECODER 0
-%define CONFIG_ADPCM_MTAF_DECODER 0
-%define CONFIG_ADPCM_PSX_DECODER 0
-%define CONFIG_ADPCM_SBPRO_2_DECODER 0
-%define CONFIG_ADPCM_SBPRO_3_DECODER 0
-%define CONFIG_ADPCM_SBPRO_4_DECODER 0
-%define CONFIG_ADPCM_SWF_DECODER 0
-%define CONFIG_ADPCM_THP_DECODER 0
-%define CONFIG_ADPCM_THP_LE_DECODER 0
-%define CONFIG_ADPCM_VIMA_DECODER 0
-%define CONFIG_ADPCM_XA_DECODER 0
-%define CONFIG_ADPCM_YAMAHA_DECODER 0
-%define CONFIG_SSA_DECODER 0
-%define CONFIG_ASS_DECODER 0
-%define CONFIG_CCAPTION_DECODER 0
-%define CONFIG_DVBSUB_DECODER 0
-%define CONFIG_DVDSUB_DECODER 0
-%define CONFIG_JACOSUB_DECODER 0
-%define CONFIG_MICRODVD_DECODER 0
-%define CONFIG_MOVTEXT_DECODER 0
-%define CONFIG_MPL2_DECODER 0
-%define CONFIG_PGSSUB_DECODER 0
-%define CONFIG_PJS_DECODER 0
-%define CONFIG_REALTEXT_DECODER 0
-%define CONFIG_SAMI_DECODER 0
-%define CONFIG_SRT_DECODER 0
-%define CONFIG_STL_DECODER 0
-%define CONFIG_SUBRIP_DECODER 0
-%define CONFIG_SUBVIEWER_DECODER 0
-%define CONFIG_SUBVIEWER1_DECODER 0
-%define CONFIG_TEXT_DECODER 0
-%define CONFIG_VPLAYER_DECODER 0
-%define CONFIG_WEBVTT_DECODER 0
-%define CONFIG_XSUB_DECODER 0
-%define CONFIG_AAC_AT_DECODER 0
-%define CONFIG_AC3_AT_DECODER 0
-%define CONFIG_ADPCM_IMA_QT_AT_DECODER 0
-%define CONFIG_ALAC_AT_DECODER 0
-%define CONFIG_AMR_NB_AT_DECODER 0
-%define CONFIG_EAC3_AT_DECODER 0
-%define CONFIG_GSM_MS_AT_DECODER 0
-%define CONFIG_ILBC_AT_DECODER 0
-%define CONFIG_MP1_AT_DECODER 0
-%define CONFIG_MP2_AT_DECODER 0
-%define CONFIG_MP3_AT_DECODER 0
-%define CONFIG_PCM_ALAW_AT_DECODER 0
-%define CONFIG_PCM_MULAW_AT_DECODER 0
-%define CONFIG_QDMC_AT_DECODER 0
-%define CONFIG_QDM2_AT_DECODER 0
-%define CONFIG_LIBCELT_DECODER 0
-%define CONFIG_LIBFDK_AAC_DECODER 0
-%define CONFIG_LIBGSM_DECODER 0
-%define CONFIG_LIBGSM_MS_DECODER 0
-%define CONFIG_LIBILBC_DECODER 0
-%define CONFIG_LIBOPENCORE_AMRNB_DECODER 0
-%define CONFIG_LIBOPENCORE_AMRWB_DECODER 0
-%define CONFIG_LIBOPENJPEG_DECODER 0
-%define CONFIG_LIBOPUS_DECODER 0
-%define CONFIG_LIBSCHROEDINGER_DECODER 0
-%define CONFIG_LIBSPEEX_DECODER 0
-%define CONFIG_LIBVORBIS_DECODER 0
-%define CONFIG_LIBVPX_VP8_DECODER 0
-%define CONFIG_LIBVPX_VP9_DECODER 0
-%define CONFIG_LIBZVBI_TELETEXT_DECODER 0
-%define CONFIG_BINTEXT_DECODER 0
-%define CONFIG_XBIN_DECODER 0
-%define CONFIG_IDF_DECODER 0
-%define CONFIG_LIBOPENH264_DECODER 0
-%define CONFIG_H263_CUVID_DECODER 0
-%define CONFIG_H264_CUVID_DECODER 0
-%define CONFIG_HEVC_CUVID_DECODER 0
-%define CONFIG_HEVC_MEDIACODEC_DECODER 0
-%define CONFIG_MJPEG_CUVID_DECODER 0
-%define CONFIG_MPEG1_CUVID_DECODER 0
-%define CONFIG_MPEG2_CUVID_DECODER 0
-%define CONFIG_MPEG4_CUVID_DECODER 0
-%define CONFIG_MPEG4_MEDIACODEC_DECODER 0
-%define CONFIG_VC1_CUVID_DECODER 0
-%define CONFIG_VP8_CUVID_DECODER 0
-%define CONFIG_VP8_MEDIACODEC_DECODER 0
-%define CONFIG_VP9_CUVID_DECODER 0
-%define CONFIG_VP9_MEDIACODEC_DECODER 0
-%define CONFIG_AA_DEMUXER 0
-%define CONFIG_AAC_DEMUXER 0
-%define CONFIG_AC3_DEMUXER 0
-%define CONFIG_ACM_DEMUXER 0
-%define CONFIG_ACT_DEMUXER 0
-%define CONFIG_ADF_DEMUXER 0
-%define CONFIG_ADP_DEMUXER 0
-%define CONFIG_ADS_DEMUXER 0
-%define CONFIG_ADX_DEMUXER 0
-%define CONFIG_AEA_DEMUXER 0
-%define CONFIG_AFC_DEMUXER 0
-%define CONFIG_AIFF_DEMUXER 0
-%define CONFIG_AIX_DEMUXER 0
-%define CONFIG_AMR_DEMUXER 0
-%define CONFIG_ANM_DEMUXER 0
-%define CONFIG_APC_DEMUXER 0
-%define CONFIG_APE_DEMUXER 0
-%define CONFIG_APNG_DEMUXER 0
-%define CONFIG_AQTITLE_DEMUXER 0
-%define CONFIG_ASF_DEMUXER 0
-%define CONFIG_ASF_O_DEMUXER 0
-%define CONFIG_ASS_DEMUXER 0
-%define CONFIG_AST_DEMUXER 0
-%define CONFIG_AU_DEMUXER 0
-%define CONFIG_AVI_DEMUXER 0
-%define CONFIG_AVISYNTH_DEMUXER 0
-%define CONFIG_AVR_DEMUXER 0
-%define CONFIG_AVS_DEMUXER 0
-%define CONFIG_BETHSOFTVID_DEMUXER 0
-%define CONFIG_BFI_DEMUXER 0
-%define CONFIG_BINTEXT_DEMUXER 0
-%define CONFIG_BINK_DEMUXER 0
-%define CONFIG_BIT_DEMUXER 0
-%define CONFIG_BMV_DEMUXER 0
-%define CONFIG_BFSTM_DEMUXER 0
-%define CONFIG_BRSTM_DEMUXER 0
-%define CONFIG_BOA_DEMUXER 0
-%define CONFIG_C93_DEMUXER 0
-%define CONFIG_CAF_DEMUXER 0
-%define CONFIG_CAVSVIDEO_DEMUXER 0
-%define CONFIG_CDG_DEMUXER 0
-%define CONFIG_CDXL_DEMUXER 0
-%define CONFIG_CINE_DEMUXER 0
-%define CONFIG_CONCAT_DEMUXER 0
-%define CONFIG_DATA_DEMUXER 0
-%define CONFIG_DAUD_DEMUXER 0
-%define CONFIG_DCSTR_DEMUXER 0
-%define CONFIG_DFA_DEMUXER 0
-%define CONFIG_DIRAC_DEMUXER 0
-%define CONFIG_DNXHD_DEMUXER 0
-%define CONFIG_DSF_DEMUXER 0
-%define CONFIG_DSICIN_DEMUXER 0
-%define CONFIG_DSS_DEMUXER 0
-%define CONFIG_DTS_DEMUXER 0
-%define CONFIG_DTSHD_DEMUXER 0
-%define CONFIG_DV_DEMUXER 0
-%define CONFIG_DVBSUB_DEMUXER 0
-%define CONFIG_DVBTXT_DEMUXER 0
-%define CONFIG_DXA_DEMUXER 0
-%define CONFIG_EA_DEMUXER 0
-%define CONFIG_EA_CDATA_DEMUXER 0
-%define CONFIG_EAC3_DEMUXER 0
-%define CONFIG_EPAF_DEMUXER 0
-%define CONFIG_FFM_DEMUXER 0
-%define CONFIG_FFMETADATA_DEMUXER 0
-%define CONFIG_FILMSTRIP_DEMUXER 0
-%define CONFIG_FLAC_DEMUXER 0
-%define CONFIG_FLIC_DEMUXER 0
-%define CONFIG_FLV_DEMUXER 0
-%define CONFIG_LIVE_FLV_DEMUXER 0
-%define CONFIG_FOURXM_DEMUXER 0
-%define CONFIG_FRM_DEMUXER 0
-%define CONFIG_FSB_DEMUXER 0
-%define CONFIG_G722_DEMUXER 0
-%define CONFIG_G723_1_DEMUXER 0
-%define CONFIG_G729_DEMUXER 0
-%define CONFIG_GENH_DEMUXER 0
-%define CONFIG_GIF_DEMUXER 0
-%define CONFIG_GSM_DEMUXER 0
-%define CONFIG_GXF_DEMUXER 0
-%define CONFIG_H261_DEMUXER 0
-%define CONFIG_H263_DEMUXER 0
-%define CONFIG_H264_DEMUXER 0
-%define CONFIG_HEVC_DEMUXER 0
-%define CONFIG_HLS_DEMUXER 0
-%define CONFIG_HNM_DEMUXER 0
-%define CONFIG_ICO_DEMUXER 0
-%define CONFIG_IDCIN_DEMUXER 0
-%define CONFIG_IDF_DEMUXER 0
-%define CONFIG_IFF_DEMUXER 0
-%define CONFIG_ILBC_DEMUXER 0
-%define CONFIG_IMAGE2_DEMUXER 0
-%define CONFIG_IMAGE2PIPE_DEMUXER 0
-%define CONFIG_IMAGE2_ALIAS_PIX_DEMUXER 0
-%define CONFIG_IMAGE2_BRENDER_PIX_DEMUXER 0
-%define CONFIG_INGENIENT_DEMUXER 0
-%define CONFIG_IPMOVIE_DEMUXER 0
-%define CONFIG_IRCAM_DEMUXER 0
-%define CONFIG_ISS_DEMUXER 0
-%define CONFIG_IV8_DEMUXER 0
-%define CONFIG_IVF_DEMUXER 0
-%define CONFIG_IVR_DEMUXER 0
-%define CONFIG_JACOSUB_DEMUXER 0
-%define CONFIG_JV_DEMUXER 0
-%define CONFIG_LMLM4_DEMUXER 0
-%define CONFIG_LOAS_DEMUXER 0
-%define CONFIG_LRC_DEMUXER 0
-%define CONFIG_LVF_DEMUXER 0
-%define CONFIG_LXF_DEMUXER 0
-%define CONFIG_M4V_DEMUXER 0
-%define CONFIG_MATROSKA_DEMUXER 0
-%define CONFIG_MGSTS_DEMUXER 0
-%define CONFIG_MICRODVD_DEMUXER 0
-%define CONFIG_MJPEG_DEMUXER 0
-%define CONFIG_MLP_DEMUXER 0
-%define CONFIG_MLV_DEMUXER 0
-%define CONFIG_MM_DEMUXER 0
-%define CONFIG_MMF_DEMUXER 0
-%define CONFIG_MOV_DEMUXER 0
-%define CONFIG_MP3_DEMUXER 0
-%define CONFIG_MPC_DEMUXER 0
-%define CONFIG_MPC8_DEMUXER 0
-%define CONFIG_MPEGPS_DEMUXER 0
-%define CONFIG_MPEGTS_DEMUXER 0
-%define CONFIG_MPEGTSRAW_DEMUXER 0
-%define CONFIG_MPEGVIDEO_DEMUXER 0
-%define CONFIG_MPJPEG_DEMUXER 0
-%define CONFIG_MPL2_DEMUXER 0
-%define CONFIG_MPSUB_DEMUXER 0
-%define CONFIG_MSF_DEMUXER 0
-%define CONFIG_MSNWC_TCP_DEMUXER 0
-%define CONFIG_MTAF_DEMUXER 0
-%define CONFIG_MTV_DEMUXER 0
-%define CONFIG_MUSX_DEMUXER 0
-%define CONFIG_MV_DEMUXER 0
-%define CONFIG_MVI_DEMUXER 0
-%define CONFIG_MXF_DEMUXER 0
-%define CONFIG_MXG_DEMUXER 0
-%define CONFIG_NC_DEMUXER 0
-%define CONFIG_NISTSPHERE_DEMUXER 0
-%define CONFIG_NSV_DEMUXER 0
-%define CONFIG_NUT_DEMUXER 0
-%define CONFIG_NUV_DEMUXER 0
-%define CONFIG_OGG_DEMUXER 0
-%define CONFIG_OMA_DEMUXER 0
-%define CONFIG_PAF_DEMUXER 0
-%define CONFIG_PCM_ALAW_DEMUXER 0
-%define CONFIG_PCM_MULAW_DEMUXER 0
-%define CONFIG_PCM_F64BE_DEMUXER 0
-%define CONFIG_PCM_F64LE_DEMUXER 0
-%define CONFIG_PCM_F32BE_DEMUXER 0
-%define CONFIG_PCM_F32LE_DEMUXER 0
-%define CONFIG_PCM_S32BE_DEMUXER 0
-%define CONFIG_PCM_S32LE_DEMUXER 0
-%define CONFIG_PCM_S24BE_DEMUXER 0
-%define CONFIG_PCM_S24LE_DEMUXER 0
-%define CONFIG_PCM_S16BE_DEMUXER 0
-%define CONFIG_PCM_S16LE_DEMUXER 0
-%define CONFIG_PCM_S8_DEMUXER 0
-%define CONFIG_PCM_U32BE_DEMUXER 0
-%define CONFIG_PCM_U32LE_DEMUXER 0
-%define CONFIG_PCM_U24BE_DEMUXER 0
-%define CONFIG_PCM_U24LE_DEMUXER 0
-%define CONFIG_PCM_U16BE_DEMUXER 0
-%define CONFIG_PCM_U16LE_DEMUXER 0
-%define CONFIG_PCM_U8_DEMUXER 0
-%define CONFIG_PJS_DEMUXER 0
-%define CONFIG_PMP_DEMUXER 0
-%define CONFIG_PVA_DEMUXER 0
-%define CONFIG_PVF_DEMUXER 0
-%define CONFIG_QCP_DEMUXER 0
-%define CONFIG_R3D_DEMUXER 0
-%define CONFIG_RAWVIDEO_DEMUXER 0
-%define CONFIG_REALTEXT_DEMUXER 0
-%define CONFIG_REDSPARK_DEMUXER 0
-%define CONFIG_RL2_DEMUXER 0
-%define CONFIG_RM_DEMUXER 0
-%define CONFIG_ROQ_DEMUXER 0
-%define CONFIG_RPL_DEMUXER 0
-%define CONFIG_RSD_DEMUXER 0
-%define CONFIG_RSO_DEMUXER 0
-%define CONFIG_RTP_DEMUXER 0
-%define CONFIG_RTSP_DEMUXER 0
-%define CONFIG_SAMI_DEMUXER 0
-%define CONFIG_SAP_DEMUXER 0
-%define CONFIG_SBG_DEMUXER 0
-%define CONFIG_SDP_DEMUXER 0
-%define CONFIG_SDR2_DEMUXER 0
-%define CONFIG_SEGAFILM_DEMUXER 0
-%define CONFIG_SHORTEN_DEMUXER 0
-%define CONFIG_SIFF_DEMUXER 0
-%define CONFIG_SLN_DEMUXER 0
-%define CONFIG_SMACKER_DEMUXER 0
-%define CONFIG_SMJPEG_DEMUXER 0
-%define CONFIG_SMUSH_DEMUXER 0
-%define CONFIG_SOL_DEMUXER 0
-%define CONFIG_SOX_DEMUXER 0
-%define CONFIG_SPDIF_DEMUXER 0
-%define CONFIG_SRT_DEMUXER 0
-%define CONFIG_STR_DEMUXER 0
-%define CONFIG_STL_DEMUXER 0
-%define CONFIG_SUBVIEWER1_DEMUXER 0
-%define CONFIG_SUBVIEWER_DEMUXER 0
-%define CONFIG_SUP_DEMUXER 0
-%define CONFIG_SVAG_DEMUXER 0
-%define CONFIG_SWF_DEMUXER 0
-%define CONFIG_TAK_DEMUXER 0
-%define CONFIG_TEDCAPTIONS_DEMUXER 0
-%define CONFIG_THP_DEMUXER 0
-%define CONFIG_THREEDOSTR_DEMUXER 0
-%define CONFIG_TIERTEXSEQ_DEMUXER 0
-%define CONFIG_TMV_DEMUXER 0
-%define CONFIG_TRUEHD_DEMUXER 0
-%define CONFIG_TTA_DEMUXER 0
-%define CONFIG_TXD_DEMUXER 0
-%define CONFIG_TTY_DEMUXER 0
-%define CONFIG_V210_DEMUXER 0
-%define CONFIG_V210X_DEMUXER 0
-%define CONFIG_VAG_DEMUXER 0
-%define CONFIG_VC1_DEMUXER 0
-%define CONFIG_VC1T_DEMUXER 0
-%define CONFIG_VIVO_DEMUXER 0
-%define CONFIG_VMD_DEMUXER 0
-%define CONFIG_VOBSUB_DEMUXER 0
-%define CONFIG_VOC_DEMUXER 0
-%define CONFIG_VPK_DEMUXER 0
-%define CONFIG_VPLAYER_DEMUXER 0
-%define CONFIG_VQF_DEMUXER 0
-%define CONFIG_W64_DEMUXER 0
-%define CONFIG_WAV_DEMUXER 0
-%define CONFIG_WC3_DEMUXER 0
-%define CONFIG_WEBM_DASH_MANIFEST_DEMUXER 0
-%define CONFIG_WEBVTT_DEMUXER 0
-%define CONFIG_WSAUD_DEMUXER 0
-%define CONFIG_WSD_DEMUXER 0
-%define CONFIG_WSVQA_DEMUXER 0
-%define CONFIG_WTV_DEMUXER 0
-%define CONFIG_WVE_DEMUXER 0
-%define CONFIG_WV_DEMUXER 0
-%define CONFIG_XA_DEMUXER 0
-%define CONFIG_XBIN_DEMUXER 0
-%define CONFIG_XMV_DEMUXER 0
-%define CONFIG_XVAG_DEMUXER 0
-%define CONFIG_XWMA_DEMUXER 0
-%define CONFIG_YOP_DEMUXER 0
-%define CONFIG_YUV4MPEGPIPE_DEMUXER 0
-%define CONFIG_IMAGE_BMP_PIPE_DEMUXER 0
-%define CONFIG_IMAGE_DDS_PIPE_DEMUXER 0
-%define CONFIG_IMAGE_DPX_PIPE_DEMUXER 0
-%define CONFIG_IMAGE_EXR_PIPE_DEMUXER 0
-%define CONFIG_IMAGE_J2K_PIPE_DEMUXER 0
-%define CONFIG_IMAGE_JPEG_PIPE_DEMUXER 0
-%define CONFIG_IMAGE_JPEGLS_PIPE_DEMUXER 0
-%define CONFIG_IMAGE_PAM_PIPE_DEMUXER 0
-%define CONFIG_IMAGE_PBM_PIPE_DEMUXER 0
-%define CONFIG_IMAGE_PCX_PIPE_DEMUXER 0
-%define CONFIG_IMAGE_PGMYUV_PIPE_DEMUXER 0
-%define CONFIG_IMAGE_PGM_PIPE_DEMUXER 0
-%define CONFIG_IMAGE_PICTOR_PIPE_DEMUXER 0
-%define CONFIG_IMAGE_PNG_PIPE_DEMUXER 0
-%define CONFIG_IMAGE_PPM_PIPE_DEMUXER 0
-%define CONFIG_IMAGE_QDRAW_PIPE_DEMUXER 0
-%define CONFIG_IMAGE_SGI_PIPE_DEMUXER 0
-%define CONFIG_IMAGE_SUNRAST_PIPE_DEMUXER 0
-%define CONFIG_IMAGE_TIFF_PIPE_DEMUXER 0
-%define CONFIG_IMAGE_WEBP_PIPE_DEMUXER 0
-%define CONFIG_LIBGME_DEMUXER 0
-%define CONFIG_LIBMODPLUG_DEMUXER 0
-%define CONFIG_LIBNUT_DEMUXER 0
-%define CONFIG_LIBOPENMPT_DEMUXER 0
-%define CONFIG_A64MULTI_ENCODER 0
-%define CONFIG_A64MULTI5_ENCODER 0
-%define CONFIG_ALIAS_PIX_ENCODER 0
-%define CONFIG_AMV_ENCODER 0
-%define CONFIG_APNG_ENCODER 0
-%define CONFIG_ASV1_ENCODER 0
-%define CONFIG_ASV2_ENCODER 0
-%define CONFIG_AVRP_ENCODER 0
-%define CONFIG_AVUI_ENCODER 0
-%define CONFIG_AYUV_ENCODER 0
-%define CONFIG_BMP_ENCODER 0
-%define CONFIG_CINEPAK_ENCODER 0
-%define CONFIG_CLJR_ENCODER 0
-%define CONFIG_COMFORTNOISE_ENCODER 0
-%define CONFIG_DNXHD_ENCODER 0
-%define CONFIG_DPX_ENCODER 0
-%define CONFIG_DVVIDEO_ENCODER 0
-%define CONFIG_FFV1_ENCODER 0
-%define CONFIG_FFVHUFF_ENCODER 0
-%define CONFIG_FLASHSV_ENCODER 0
-%define CONFIG_FLASHSV2_ENCODER 0
-%define CONFIG_FLV_ENCODER 0
-%define CONFIG_GIF_ENCODER 0
-%define CONFIG_H261_ENCODER 0
-%define CONFIG_H263_ENCODER 0
-%define CONFIG_H263P_ENCODER 0
-%define CONFIG_HAP_ENCODER 0
-%define CONFIG_HUFFYUV_ENCODER 0
-%define CONFIG_JPEG2000_ENCODER 0
-%define CONFIG_JPEGLS_ENCODER 0
-%define CONFIG_LJPEG_ENCODER 0
-%define CONFIG_MJPEG_ENCODER 0
-%define CONFIG_MPEG1VIDEO_ENCODER 0
-%define CONFIG_MPEG2VIDEO_ENCODER 0
-%define CONFIG_MPEG4_ENCODER 0
-%define CONFIG_MSMPEG4V2_ENCODER 0
-%define CONFIG_MSMPEG4V3_ENCODER 0
-%define CONFIG_MSVIDEO1_ENCODER 0
-%define CONFIG_PAM_ENCODER 0
-%define CONFIG_PBM_ENCODER 0
-%define CONFIG_PCX_ENCODER 0
-%define CONFIG_PGM_ENCODER 0
-%define CONFIG_PGMYUV_ENCODER 0
-%define CONFIG_PNG_ENCODER 0
-%define CONFIG_PPM_ENCODER 0
-%define CONFIG_PRORES_ENCODER 0
-%define CONFIG_PRORES_AW_ENCODER 0
-%define CONFIG_PRORES_KS_ENCODER 0
-%define CONFIG_QTRLE_ENCODER 0
-%define CONFIG_R10K_ENCODER 0
-%define CONFIG_R210_ENCODER 0
-%define CONFIG_RAWVIDEO_ENCODER 0
-%define CONFIG_ROQ_ENCODER 0
-%define CONFIG_RV10_ENCODER 0
-%define CONFIG_RV20_ENCODER 0
-%define CONFIG_S302M_ENCODER 0
-%define CONFIG_SGI_ENCODER 0
-%define CONFIG_SNOW_ENCODER 0
-%define CONFIG_SUNRAST_ENCODER 0
-%define CONFIG_SVQ1_ENCODER 0
-%define CONFIG_TARGA_ENCODER 0
-%define CONFIG_TIFF_ENCODER 0
-%define CONFIG_UTVIDEO_ENCODER 0
-%define CONFIG_V210_ENCODER 0
-%define CONFIG_V308_ENCODER 0
-%define CONFIG_V408_ENCODER 0
-%define CONFIG_V410_ENCODER 0
-%define CONFIG_VC2_ENCODER 0
-%define CONFIG_WRAPPED_AVFRAME_ENCODER 0
-%define CONFIG_WMV1_ENCODER 0
-%define CONFIG_WMV2_ENCODER 0
-%define CONFIG_XBM_ENCODER 0
-%define CONFIG_XFACE_ENCODER 0
-%define CONFIG_XWD_ENCODER 0
-%define CONFIG_Y41P_ENCODER 0
-%define CONFIG_YUV4_ENCODER 0
-%define CONFIG_ZLIB_ENCODER 0
-%define CONFIG_ZMBV_ENCODER 0
-%define CONFIG_AAC_ENCODER 0
-%define CONFIG_AC3_ENCODER 0
-%define CONFIG_AC3_FIXED_ENCODER 0
-%define CONFIG_ALAC_ENCODER 0
-%define CONFIG_DCA_ENCODER 0
-%define CONFIG_EAC3_ENCODER 0
-%define CONFIG_FLAC_ENCODER 0
-%define CONFIG_G723_1_ENCODER 0
-%define CONFIG_MLP_ENCODER 0
-%define CONFIG_MP2_ENCODER 0
-%define CONFIG_MP2FIXED_ENCODER 0
-%define CONFIG_NELLYMOSER_ENCODER 0
-%define CONFIG_RA_144_ENCODER 0
-%define CONFIG_SONIC_ENCODER 0
-%define CONFIG_SONIC_LS_ENCODER 0
-%define CONFIG_TRUEHD_ENCODER 0
-%define CONFIG_TTA_ENCODER 0
-%define CONFIG_VORBIS_ENCODER 0
-%define CONFIG_WAVPACK_ENCODER 0
-%define CONFIG_WMAV1_ENCODER 0
-%define CONFIG_WMAV2_ENCODER 0
-%define CONFIG_PCM_ALAW_ENCODER 0
-%define CONFIG_PCM_F32BE_ENCODER 0
-%define CONFIG_PCM_F32LE_ENCODER 0
-%define CONFIG_PCM_F64BE_ENCODER 0
-%define CONFIG_PCM_F64LE_ENCODER 0
-%define CONFIG_PCM_MULAW_ENCODER 0
-%define CONFIG_PCM_S8_ENCODER 0
-%define CONFIG_PCM_S8_PLANAR_ENCODER 0
-%define CONFIG_PCM_S16BE_ENCODER 0
-%define CONFIG_PCM_S16BE_PLANAR_ENCODER 0
-%define CONFIG_PCM_S16LE_ENCODER 0
-%define CONFIG_PCM_S16LE_PLANAR_ENCODER 0
-%define CONFIG_PCM_S24BE_ENCODER 0
-%define CONFIG_PCM_S24DAUD_ENCODER 0
-%define CONFIG_PCM_S24LE_ENCODER 0
-%define CONFIG_PCM_S24LE_PLANAR_ENCODER 0
-%define CONFIG_PCM_S32BE_ENCODER 0
-%define CONFIG_PCM_S32LE_ENCODER 0
-%define CONFIG_PCM_S32LE_PLANAR_ENCODER 0
-%define CONFIG_PCM_S64BE_ENCODER 0
-%define CONFIG_PCM_S64LE_ENCODER 0
-%define CONFIG_PCM_U8_ENCODER 0
-%define CONFIG_PCM_U16BE_ENCODER 0
-%define CONFIG_PCM_U16LE_ENCODER 0
-%define CONFIG_PCM_U24BE_ENCODER 0
-%define CONFIG_PCM_U24LE_ENCODER 0
-%define CONFIG_PCM_U32BE_ENCODER 0
-%define CONFIG_PCM_U32LE_ENCODER 0
-%define CONFIG_ROQ_DPCM_ENCODER 0
-%define CONFIG_ADPCM_ADX_ENCODER 0
-%define CONFIG_ADPCM_G722_ENCODER 0
-%define CONFIG_ADPCM_G726_ENCODER 0
-%define CONFIG_ADPCM_IMA_QT_ENCODER 0
-%define CONFIG_ADPCM_IMA_WAV_ENCODER 0
-%define CONFIG_ADPCM_MS_ENCODER 0
-%define CONFIG_ADPCM_SWF_ENCODER 0
-%define CONFIG_ADPCM_YAMAHA_ENCODER 0
-%define CONFIG_SSA_ENCODER 0
-%define CONFIG_ASS_ENCODER 0
-%define CONFIG_DVBSUB_ENCODER 0
-%define CONFIG_DVDSUB_ENCODER 0
-%define CONFIG_MOVTEXT_ENCODER 0
-%define CONFIG_SRT_ENCODER 0
-%define CONFIG_SUBRIP_ENCODER 0
-%define CONFIG_TEXT_ENCODER 0
-%define CONFIG_WEBVTT_ENCODER 0
-%define CONFIG_XSUB_ENCODER 0
-%define CONFIG_AAC_AT_ENCODER 0
-%define CONFIG_ALAC_AT_ENCODER 0
-%define CONFIG_ILBC_AT_ENCODER 0
-%define CONFIG_PCM_ALAW_AT_ENCODER 0
-%define CONFIG_PCM_MULAW_AT_ENCODER 0
-%define CONFIG_LIBFDK_AAC_ENCODER 0
-%define CONFIG_LIBGSM_ENCODER 0
-%define CONFIG_LIBGSM_MS_ENCODER 0
-%define CONFIG_LIBILBC_ENCODER 0
-%define CONFIG_LIBMP3LAME_ENCODER 0
-%define CONFIG_LIBOPENCORE_AMRNB_ENCODER 0
-%define CONFIG_LIBOPENJPEG_ENCODER 0
-%define CONFIG_LIBOPUS_ENCODER 0
-%define CONFIG_LIBSCHROEDINGER_ENCODER 0
-%define CONFIG_LIBSHINE_ENCODER 0
-%define CONFIG_LIBSPEEX_ENCODER 0
-%define CONFIG_LIBTHEORA_ENCODER 0
-%define CONFIG_LIBTWOLAME_ENCODER 0
-%define CONFIG_LIBVO_AMRWBENC_ENCODER 0
-%define CONFIG_LIBVORBIS_ENCODER 0
-%define CONFIG_LIBVPX_VP8_ENCODER 0
-%define CONFIG_LIBVPX_VP9_ENCODER 0
-%define CONFIG_LIBWAVPACK_ENCODER 0
-%define CONFIG_LIBWEBP_ANIM_ENCODER 0
-%define CONFIG_LIBWEBP_ENCODER 0
-%define CONFIG_LIBX262_ENCODER 0
-%define CONFIG_LIBX264_ENCODER 0
-%define CONFIG_LIBX264RGB_ENCODER 0
-%define CONFIG_LIBX265_ENCODER 0
-%define CONFIG_LIBXAVS_ENCODER 0
-%define CONFIG_LIBXVID_ENCODER 0
-%define CONFIG_LIBOPENH264_ENCODER 0
-%define CONFIG_H264_NVENC_ENCODER 0
-%define CONFIG_H264_OMX_ENCODER 0
-%define CONFIG_H264_QSV_ENCODER 0
-%define CONFIG_H264_VAAPI_ENCODER 0
-%define CONFIG_H264_VIDEOTOOLBOX_ENCODER 0
-%define CONFIG_NVENC_ENCODER 0
-%define CONFIG_NVENC_H264_ENCODER 0
-%define CONFIG_NVENC_HEVC_ENCODER 0
-%define CONFIG_HEVC_NVENC_ENCODER 0
-%define CONFIG_HEVC_QSV_ENCODER 0
-%define CONFIG_HEVC_VAAPI_ENCODER 0
-%define CONFIG_LIBKVAZAAR_ENCODER 0
-%define CONFIG_MJPEG_VAAPI_ENCODER 0
-%define CONFIG_MPEG2_QSV_ENCODER 0
-%define CONFIG_ABENCH_FILTER 0
-%define CONFIG_ACOMPRESSOR_FILTER 0
-%define CONFIG_ACROSSFADE_FILTER 0
-%define CONFIG_ACRUSHER_FILTER 0
-%define CONFIG_ADELAY_FILTER 0
-%define CONFIG_AECHO_FILTER 0
-%define CONFIG_AEMPHASIS_FILTER 0
-%define CONFIG_AEVAL_FILTER 0
-%define CONFIG_AFADE_FILTER 0
-%define CONFIG_AFFTFILT_FILTER 0
-%define CONFIG_AFORMAT_FILTER 0
-%define CONFIG_AGATE_FILTER 0
-%define CONFIG_AINTERLEAVE_FILTER 0
-%define CONFIG_ALIMITER_FILTER 0
-%define CONFIG_ALLPASS_FILTER 0
-%define CONFIG_ALOOP_FILTER 0
-%define CONFIG_AMERGE_FILTER 0
-%define CONFIG_AMETADATA_FILTER 0
-%define CONFIG_AMIX_FILTER 0
-%define CONFIG_ANEQUALIZER_FILTER 0
-%define CONFIG_ANULL_FILTER 0
-%define CONFIG_APAD_FILTER 0
-%define CONFIG_APERMS_FILTER 0
-%define CONFIG_APHASER_FILTER 0
-%define CONFIG_APULSATOR_FILTER 0
-%define CONFIG_AREALTIME_FILTER 0
-%define CONFIG_ARESAMPLE_FILTER 0
-%define CONFIG_AREVERSE_FILTER 0
-%define CONFIG_ASELECT_FILTER 0
-%define CONFIG_ASENDCMD_FILTER 0
-%define CONFIG_ASETNSAMPLES_FILTER 0
-%define CONFIG_ASETPTS_FILTER 0
-%define CONFIG_ASETRATE_FILTER 0
-%define CONFIG_ASETTB_FILTER 0
-%define CONFIG_ASHOWINFO_FILTER 0
-%define CONFIG_ASIDEDATA_FILTER 0
-%define CONFIG_ASPLIT_FILTER 0
-%define CONFIG_ASTATS_FILTER 0
-%define CONFIG_ASTREAMSELECT_FILTER 0
-%define CONFIG_ASYNCTS_FILTER 0
-%define CONFIG_ATEMPO_FILTER 0
-%define CONFIG_ATRIM_FILTER 0
-%define CONFIG_AZMQ_FILTER 0
-%define CONFIG_BANDPASS_FILTER 0
-%define CONFIG_BANDREJECT_FILTER 0
-%define CONFIG_BASS_FILTER 0
-%define CONFIG_BIQUAD_FILTER 0
-%define CONFIG_BS2B_FILTER 0
-%define CONFIG_CHANNELMAP_FILTER 0
-%define CONFIG_CHANNELSPLIT_FILTER 0
-%define CONFIG_CHORUS_FILTER 0
-%define CONFIG_COMPAND_FILTER 0
-%define CONFIG_COMPENSATIONDELAY_FILTER 0
-%define CONFIG_CRYSTALIZER_FILTER 0
-%define CONFIG_DCSHIFT_FILTER 0
-%define CONFIG_DYNAUDNORM_FILTER 0
-%define CONFIG_EARWAX_FILTER 0
-%define CONFIG_EBUR128_FILTER 0
-%define CONFIG_EQUALIZER_FILTER 0
-%define CONFIG_EXTRASTEREO_FILTER 0
-%define CONFIG_FIREQUALIZER_FILTER 0
-%define CONFIG_FLANGER_FILTER 0
-%define CONFIG_HDCD_FILTER 0
-%define CONFIG_HIGHPASS_FILTER 0
-%define CONFIG_JOIN_FILTER 0
-%define CONFIG_LADSPA_FILTER 0
-%define CONFIG_LOUDNORM_FILTER 0
-%define CONFIG_LOWPASS_FILTER 0
-%define CONFIG_PAN_FILTER 0
-%define CONFIG_REPLAYGAIN_FILTER 0
-%define CONFIG_RESAMPLE_FILTER 0
-%define CONFIG_RUBBERBAND_FILTER 0
-%define CONFIG_SIDECHAINCOMPRESS_FILTER 0
-%define CONFIG_SIDECHAINGATE_FILTER 0
-%define CONFIG_SILENCEDETECT_FILTER 0
-%define CONFIG_SILENCEREMOVE_FILTER 0
-%define CONFIG_SOFALIZER_FILTER 0
-%define CONFIG_STEREOTOOLS_FILTER 0
-%define CONFIG_STEREOWIDEN_FILTER 0
-%define CONFIG_TREBLE_FILTER 0
-%define CONFIG_TREMOLO_FILTER 0
-%define CONFIG_VIBRATO_FILTER 0
-%define CONFIG_VOLUME_FILTER 0
-%define CONFIG_VOLUMEDETECT_FILTER 0
-%define CONFIG_AEVALSRC_FILTER 0
-%define CONFIG_ANOISESRC_FILTER 0
-%define CONFIG_ANULLSRC_FILTER 0
-%define CONFIG_FLITE_FILTER 0
-%define CONFIG_SINE_FILTER 0
-%define CONFIG_ANULLSINK_FILTER 0
-%define CONFIG_ALPHAEXTRACT_FILTER 0
-%define CONFIG_ALPHAMERGE_FILTER 0
-%define CONFIG_ASS_FILTER 0
-%define CONFIG_ATADENOISE_FILTER 0
-%define CONFIG_AVGBLUR_FILTER 0
-%define CONFIG_BBOX_FILTER 0
-%define CONFIG_BENCH_FILTER 0
-%define CONFIG_BITPLANENOISE_FILTER 0
-%define CONFIG_BLACKDETECT_FILTER 0
-%define CONFIG_BLACKFRAME_FILTER 0
-%define CONFIG_BLEND_FILTER 0
-%define CONFIG_BOXBLUR_FILTER 0
-%define CONFIG_BWDIF_FILTER 0
-%define CONFIG_CHROMAKEY_FILTER 0
-%define CONFIG_CIESCOPE_FILTER 0
-%define CONFIG_CODECVIEW_FILTER 0
-%define CONFIG_COLORBALANCE_FILTER 0
-%define CONFIG_COLORCHANNELMIXER_FILTER 0
-%define CONFIG_COLORKEY_FILTER 0
-%define CONFIG_COLORLEVELS_FILTER 0
-%define CONFIG_COLORMATRIX_FILTER 0
-%define CONFIG_COLORSPACE_FILTER 0
-%define CONFIG_CONVOLUTION_FILTER 0
-%define CONFIG_COPY_FILTER 0
-%define CONFIG_COREIMAGE_FILTER 0
-%define CONFIG_COVER_RECT_FILTER 0
-%define CONFIG_CROP_FILTER 0
-%define CONFIG_CROPDETECT_FILTER 0
-%define CONFIG_CURVES_FILTER 0
-%define CONFIG_DATASCOPE_FILTER 0
-%define CONFIG_DCTDNOIZ_FILTER 0
-%define CONFIG_DEBAND_FILTER 0
-%define CONFIG_DECIMATE_FILTER 0
-%define CONFIG_DEFLATE_FILTER 0
-%define CONFIG_DEJUDDER_FILTER 0
-%define CONFIG_DELOGO_FILTER 0
-%define CONFIG_DESHAKE_FILTER 0
-%define CONFIG_DETELECINE_FILTER 0
-%define CONFIG_DILATION_FILTER 0
-%define CONFIG_DISPLACE_FILTER 0
-%define CONFIG_DRAWBOX_FILTER 0
-%define CONFIG_DRAWGRAPH_FILTER 0
-%define CONFIG_DRAWGRID_FILTER 0
-%define CONFIG_DRAWTEXT_FILTER 0
-%define CONFIG_EDGEDETECT_FILTER 0
-%define CONFIG_ELBG_FILTER 0
-%define CONFIG_EQ_FILTER 0
-%define CONFIG_EROSION_FILTER 0
-%define CONFIG_EXTRACTPLANES_FILTER 0
-%define CONFIG_FADE_FILTER 0
-%define CONFIG_FFTFILT_FILTER 0
-%define CONFIG_FIELD_FILTER 0
-%define CONFIG_FIELDHINT_FILTER 0
-%define CONFIG_FIELDMATCH_FILTER 0
-%define CONFIG_FIELDORDER_FILTER 0
-%define CONFIG_FIND_RECT_FILTER 0
-%define CONFIG_FORMAT_FILTER 0
-%define CONFIG_FPS_FILTER 0
-%define CONFIG_FRAMEPACK_FILTER 0
-%define CONFIG_FRAMERATE_FILTER 0
-%define CONFIG_FRAMESTEP_FILTER 0
-%define CONFIG_FREI0R_FILTER 0
-%define CONFIG_FSPP_FILTER 0
-%define CONFIG_GBLUR_FILTER 0
-%define CONFIG_GEQ_FILTER 0
-%define CONFIG_GRADFUN_FILTER 0
-%define CONFIG_HALDCLUT_FILTER 0
-%define CONFIG_HFLIP_FILTER 0
-%define CONFIG_HISTEQ_FILTER 0
-%define CONFIG_HISTOGRAM_FILTER 0
-%define CONFIG_HQDN3D_FILTER 0
-%define CONFIG_HQX_FILTER 0
-%define CONFIG_HSTACK_FILTER 0
-%define CONFIG_HUE_FILTER 0
-%define CONFIG_HWDOWNLOAD_FILTER 0
-%define CONFIG_HWUPLOAD_FILTER 0
-%define CONFIG_HWUPLOAD_CUDA_FILTER 0
-%define CONFIG_HYSTERESIS_FILTER 0
-%define CONFIG_IDET_FILTER 0
-%define CONFIG_IL_FILTER 0
-%define CONFIG_INFLATE_FILTER 0
-%define CONFIG_INTERLACE_FILTER 0
-%define CONFIG_INTERLEAVE_FILTER 0
-%define CONFIG_KERNDEINT_FILTER 0
-%define CONFIG_LENSCORRECTION_FILTER 0
-%define CONFIG_LOOP_FILTER 0
-%define CONFIG_LUT_FILTER 0
-%define CONFIG_LUT2_FILTER 0
-%define CONFIG_LUT3D_FILTER 0
-%define CONFIG_LUTRGB_FILTER 0
-%define CONFIG_LUTYUV_FILTER 0
-%define CONFIG_MASKEDCLAMP_FILTER 0
-%define CONFIG_MASKEDMERGE_FILTER 0
-%define CONFIG_MCDEINT_FILTER 0
-%define CONFIG_MERGEPLANES_FILTER 0
-%define CONFIG_MESTIMATE_FILTER 0
-%define CONFIG_METADATA_FILTER 0
-%define CONFIG_MINTERPOLATE_FILTER 0
-%define CONFIG_MPDECIMATE_FILTER 0
-%define CONFIG_NEGATE_FILTER 0
-%define CONFIG_NLMEANS_FILTER 0
-%define CONFIG_NNEDI_FILTER 0
-%define CONFIG_NOFORMAT_FILTER 0
-%define CONFIG_NOISE_FILTER 0
-%define CONFIG_NULL_FILTER 0
-%define CONFIG_OCR_FILTER 0
-%define CONFIG_OCV_FILTER 0
-%define CONFIG_OVERLAY_FILTER 0
-%define CONFIG_OWDENOISE_FILTER 0
-%define CONFIG_PAD_FILTER 0
-%define CONFIG_PALETTEGEN_FILTER 0
-%define CONFIG_PALETTEUSE_FILTER 0
-%define CONFIG_PERMS_FILTER 0
-%define CONFIG_PERSPECTIVE_FILTER 0
-%define CONFIG_PHASE_FILTER 0
-%define CONFIG_PIXDESCTEST_FILTER 0
-%define CONFIG_PP_FILTER 0
-%define CONFIG_PP7_FILTER 0
-%define CONFIG_PREWITT_FILTER 0
-%define CONFIG_PSNR_FILTER 0
-%define CONFIG_PULLUP_FILTER 0
-%define CONFIG_QP_FILTER 0
-%define CONFIG_RANDOM_FILTER 0
-%define CONFIG_READVITC_FILTER 0
-%define CONFIG_REALTIME_FILTER 0
-%define CONFIG_REMAP_FILTER 0
-%define CONFIG_REMOVEGRAIN_FILTER 0
-%define CONFIG_REMOVELOGO_FILTER 0
-%define CONFIG_REPEATFIELDS_FILTER 0
-%define CONFIG_REVERSE_FILTER 0
-%define CONFIG_ROTATE_FILTER 0
-%define CONFIG_SAB_FILTER 0
-%define CONFIG_SCALE_FILTER 0
-%define CONFIG_SCALE_NPP_FILTER 0
-%define CONFIG_SCALE_VAAPI_FILTER 0
-%define CONFIG_SCALE2REF_FILTER 0
-%define CONFIG_SELECT_FILTER 0
-%define CONFIG_SELECTIVECOLOR_FILTER 0
-%define CONFIG_SENDCMD_FILTER 0
-%define CONFIG_SEPARATEFIELDS_FILTER 0
-%define CONFIG_SETDAR_FILTER 0
-%define CONFIG_SETFIELD_FILTER 0
-%define CONFIG_SETPTS_FILTER 0
-%define CONFIG_SETSAR_FILTER 0
-%define CONFIG_SETTB_FILTER 0
-%define CONFIG_SHOWINFO_FILTER 0
-%define CONFIG_SHOWPALETTE_FILTER 0
-%define CONFIG_SHUFFLEFRAMES_FILTER 0
-%define CONFIG_SHUFFLEPLANES_FILTER 0
-%define CONFIG_SIDEDATA_FILTER 0
-%define CONFIG_SIGNALSTATS_FILTER 0
-%define CONFIG_SMARTBLUR_FILTER 0
-%define CONFIG_SOBEL_FILTER 0
-%define CONFIG_SPLIT_FILTER 0
-%define CONFIG_SPP_FILTER 0
-%define CONFIG_SSIM_FILTER 0
-%define CONFIG_STEREO3D_FILTER 0
-%define CONFIG_STREAMSELECT_FILTER 0
-%define CONFIG_SUBTITLES_FILTER 0
-%define CONFIG_SUPER2XSAI_FILTER 0
-%define CONFIG_SWAPRECT_FILTER 0
-%define CONFIG_SWAPUV_FILTER 0
-%define CONFIG_TBLEND_FILTER 0
-%define CONFIG_TELECINE_FILTER 0
-%define CONFIG_THUMBNAIL_FILTER 0
-%define CONFIG_TILE_FILTER 0
-%define CONFIG_TINTERLACE_FILTER 0
-%define CONFIG_TRANSPOSE_FILTER 0
-%define CONFIG_TRIM_FILTER 0
-%define CONFIG_UNSHARP_FILTER 0
-%define CONFIG_USPP_FILTER 0
-%define CONFIG_VAGUEDENOISER_FILTER 0
-%define CONFIG_VECTORSCOPE_FILTER 0
-%define CONFIG_VFLIP_FILTER 0
-%define CONFIG_VIDSTABDETECT_FILTER 0
-%define CONFIG_VIDSTABTRANSFORM_FILTER 0
-%define CONFIG_VIGNETTE_FILTER 0
-%define CONFIG_VSTACK_FILTER 0
-%define CONFIG_W3FDIF_FILTER 0
-%define CONFIG_WAVEFORM_FILTER 0
-%define CONFIG_WEAVE_FILTER 0
-%define CONFIG_XBR_FILTER 0
-%define CONFIG_YADIF_FILTER 0
-%define CONFIG_ZMQ_FILTER 0
-%define CONFIG_ZOOMPAN_FILTER 0
-%define CONFIG_ZSCALE_FILTER 0
-%define CONFIG_ALLRGB_FILTER 0
-%define CONFIG_ALLYUV_FILTER 0
-%define CONFIG_CELLAUTO_FILTER 0
-%define CONFIG_COLOR_FILTER 0
-%define CONFIG_COREIMAGESRC_FILTER 0
-%define CONFIG_FREI0R_SRC_FILTER 0
-%define CONFIG_HALDCLUTSRC_FILTER 0
-%define CONFIG_LIFE_FILTER 0
-%define CONFIG_MANDELBROT_FILTER 0
-%define CONFIG_MPTESTSRC_FILTER 0
-%define CONFIG_NULLSRC_FILTER 0
-%define CONFIG_RGBTESTSRC_FILTER 0
-%define CONFIG_SMPTEBARS_FILTER 0
-%define CONFIG_SMPTEHDBARS_FILTER 0
-%define CONFIG_TESTSRC_FILTER 0
-%define CONFIG_TESTSRC2_FILTER 0
-%define CONFIG_YUVTESTSRC_FILTER 0
-%define CONFIG_NULLSINK_FILTER 0
-%define CONFIG_ADRAWGRAPH_FILTER 0
-%define CONFIG_AHISTOGRAM_FILTER 0
-%define CONFIG_APHASEMETER_FILTER 0
-%define CONFIG_AVECTORSCOPE_FILTER 0
-%define CONFIG_CONCAT_FILTER 0
-%define CONFIG_SHOWCQT_FILTER 0
-%define CONFIG_SHOWFREQS_FILTER 0
-%define CONFIG_SHOWSPECTRUM_FILTER 0
-%define CONFIG_SHOWSPECTRUMPIC_FILTER 0
-%define CONFIG_SHOWVOLUME_FILTER 0
-%define CONFIG_SHOWWAVES_FILTER 0
-%define CONFIG_SHOWWAVESPIC_FILTER 0
-%define CONFIG_SPECTRUMSYNTH_FILTER 0
-%define CONFIG_AMOVIE_FILTER 0
-%define CONFIG_MOVIE_FILTER 0
-%define CONFIG_H263_CUVID_HWACCEL 0
-%define CONFIG_H263_VAAPI_HWACCEL 0
-%define CONFIG_H263_VIDEOTOOLBOX_HWACCEL 0
-%define CONFIG_H264_CUVID_HWACCEL 0
-%define CONFIG_H264_D3D11VA_HWACCEL 0
-%define CONFIG_H264_DXVA2_HWACCEL 0
-%define CONFIG_H264_MEDIACODEC_HWACCEL 0
-%define CONFIG_H264_MMAL_HWACCEL 0
-%define CONFIG_H264_QSV_HWACCEL 0
-%define CONFIG_H264_VAAPI_HWACCEL 0
-%define CONFIG_H264_VDA_HWACCEL 0
-%define CONFIG_H264_VDA_OLD_HWACCEL 0
-%define CONFIG_H264_VDPAU_HWACCEL 0
-%define CONFIG_H264_VIDEOTOOLBOX_HWACCEL 0
-%define CONFIG_HEVC_CUVID_HWACCEL 0
-%define CONFIG_HEVC_D3D11VA_HWACCEL 0
-%define CONFIG_HEVC_DXVA2_HWACCEL 0
-%define CONFIG_HEVC_MEDIACODEC_HWACCEL 0
-%define CONFIG_HEVC_QSV_HWACCEL 0
-%define CONFIG_HEVC_VAAPI_HWACCEL 0
-%define CONFIG_HEVC_VDPAU_HWACCEL 0
-%define CONFIG_MJPEG_CUVID_HWACCEL 0
-%define CONFIG_MPEG1_CUVID_HWACCEL 0
-%define CONFIG_MPEG1_XVMC_HWACCEL 0
-%define CONFIG_MPEG1_VDPAU_HWACCEL 0
-%define CONFIG_MPEG1_VIDEOTOOLBOX_HWACCEL 0
-%define CONFIG_MPEG2_CUVID_HWACCEL 0
-%define CONFIG_MPEG2_XVMC_HWACCEL 0
-%define CONFIG_MPEG2_D3D11VA_HWACCEL 0
-%define CONFIG_MPEG2_DXVA2_HWACCEL 0
-%define CONFIG_MPEG2_MMAL_HWACCEL 0
-%define CONFIG_MPEG2_QSV_HWACCEL 0
-%define CONFIG_MPEG2_VAAPI_HWACCEL 0
-%define CONFIG_MPEG2_VDPAU_HWACCEL 0
-%define CONFIG_MPEG2_VIDEOTOOLBOX_HWACCEL 0
-%define CONFIG_MPEG4_CUVID_HWACCEL 0
-%define CONFIG_MPEG4_MEDIACODEC_HWACCEL 0
-%define CONFIG_MPEG4_MMAL_HWACCEL 0
-%define CONFIG_MPEG4_VAAPI_HWACCEL 0
-%define CONFIG_MPEG4_VDPAU_HWACCEL 0
-%define CONFIG_MPEG4_VIDEOTOOLBOX_HWACCEL 0
-%define CONFIG_VC1_CUVID_HWACCEL 0
-%define CONFIG_VC1_D3D11VA_HWACCEL 0
-%define CONFIG_VC1_DXVA2_HWACCEL 0
-%define CONFIG_VC1_VAAPI_HWACCEL 0
-%define CONFIG_VC1_VDPAU_HWACCEL 0
-%define CONFIG_VC1_MMAL_HWACCEL 0
-%define CONFIG_VC1_QSV_HWACCEL 0
-%define CONFIG_VP8_CUVID_HWACCEL 0
-%define CONFIG_VP8_MEDIACODEC_HWACCEL 0
-%define CONFIG_VP9_CUVID_HWACCEL 0
-%define CONFIG_VP9_D3D11VA_HWACCEL 0
-%define CONFIG_VP9_DXVA2_HWACCEL 0
-%define CONFIG_VP9_MEDIACODEC_HWACCEL 0
-%define CONFIG_VP9_VAAPI_HWACCEL 0
-%define CONFIG_WMV3_D3D11VA_HWACCEL 0
-%define CONFIG_WMV3_DXVA2_HWACCEL 0
-%define CONFIG_WMV3_VAAPI_HWACCEL 0
-%define CONFIG_WMV3_VDPAU_HWACCEL 0
-%define CONFIG_ALSA_INDEV 0
-%define CONFIG_AVFOUNDATION_INDEV 0
-%define CONFIG_BKTR_INDEV 0
-%define CONFIG_DECKLINK_INDEV 0
-%define CONFIG_DSHOW_INDEV 0
-%define CONFIG_DV1394_INDEV 0
-%define CONFIG_FBDEV_INDEV 0
-%define CONFIG_GDIGRAB_INDEV 0
-%define CONFIG_IEC61883_INDEV 0
-%define CONFIG_JACK_INDEV 0
-%define CONFIG_LAVFI_INDEV 0
-%define CONFIG_OPENAL_INDEV 0
-%define CONFIG_OSS_INDEV 0
-%define CONFIG_PULSE_INDEV 0
-%define CONFIG_QTKIT_INDEV 0
-%define CONFIG_SNDIO_INDEV 0
-%define CONFIG_V4L2_INDEV 0
-%define CONFIG_VFWCAP_INDEV 0
-%define CONFIG_X11GRAB_INDEV 0
-%define CONFIG_X11GRAB_XCB_INDEV 0
-%define CONFIG_LIBCDIO_INDEV 0
-%define CONFIG_LIBDC1394_INDEV 0
-%define CONFIG_A64_MUXER 0
-%define CONFIG_AC3_MUXER 0
-%define CONFIG_ADTS_MUXER 0
-%define CONFIG_ADX_MUXER 0
-%define CONFIG_AIFF_MUXER 0
-%define CONFIG_AMR_MUXER 0
-%define CONFIG_APNG_MUXER 0
-%define CONFIG_ASF_MUXER 0
-%define CONFIG_ASS_MUXER 0
-%define CONFIG_AST_MUXER 0
-%define CONFIG_ASF_STREAM_MUXER 0
-%define CONFIG_AU_MUXER 0
-%define CONFIG_AVI_MUXER 0
-%define CONFIG_AVM2_MUXER 0
-%define CONFIG_BIT_MUXER 0
-%define CONFIG_CAF_MUXER 0
-%define CONFIG_CAVSVIDEO_MUXER 0
-%define CONFIG_CRC_MUXER 0
-%define CONFIG_DASH_MUXER 0
-%define CONFIG_DATA_MUXER 0
-%define CONFIG_DAUD_MUXER 0
-%define CONFIG_DIRAC_MUXER 0
-%define CONFIG_DNXHD_MUXER 0
-%define CONFIG_DTS_MUXER 0
-%define CONFIG_DV_MUXER 0
-%define CONFIG_EAC3_MUXER 0
-%define CONFIG_F4V_MUXER 0
-%define CONFIG_FFM_MUXER 0
-%define CONFIG_FFMETADATA_MUXER 0
-%define CONFIG_FIFO_MUXER 0
-%define CONFIG_FILMSTRIP_MUXER 0
-%define CONFIG_FLAC_MUXER 0
-%define CONFIG_FLV_MUXER 0
-%define CONFIG_FRAMECRC_MUXER 0
-%define CONFIG_FRAMEHASH_MUXER 0
-%define CONFIG_FRAMEMD5_MUXER 0
-%define CONFIG_G722_MUXER 0
-%define CONFIG_G723_1_MUXER 0
-%define CONFIG_GIF_MUXER 0
-%define CONFIG_GSM_MUXER 0
-%define CONFIG_GXF_MUXER 0
-%define CONFIG_H261_MUXER 0
-%define CONFIG_H263_MUXER 0
-%define CONFIG_H264_MUXER 0
-%define CONFIG_HASH_MUXER 0
-%define CONFIG_HDS_MUXER 0
-%define CONFIG_HEVC_MUXER 0
-%define CONFIG_HLS_MUXER 0
-%define CONFIG_ICO_MUXER 0
-%define CONFIG_ILBC_MUXER 0
-%define CONFIG_IMAGE2_MUXER 0
-%define CONFIG_IMAGE2PIPE_MUXER 0
-%define CONFIG_IPOD_MUXER 0
-%define CONFIG_IRCAM_MUXER 0
-%define CONFIG_ISMV_MUXER 0
-%define CONFIG_IVF_MUXER 0
-%define CONFIG_JACOSUB_MUXER 0
-%define CONFIG_LATM_MUXER 0
-%define CONFIG_LRC_MUXER 0
-%define CONFIG_M4V_MUXER 0
-%define CONFIG_MD5_MUXER 0
-%define CONFIG_MATROSKA_MUXER 0
-%define CONFIG_MATROSKA_AUDIO_MUXER 0
-%define CONFIG_MICRODVD_MUXER 0
-%define CONFIG_MJPEG_MUXER 0
-%define CONFIG_MLP_MUXER 0
-%define CONFIG_MMF_MUXER 0
-%define CONFIG_MOV_MUXER 0
-%define CONFIG_MP2_MUXER 0
-%define CONFIG_MP3_MUXER 0
-%define CONFIG_MP4_MUXER 0
-%define CONFIG_MPEG1SYSTEM_MUXER 0
-%define CONFIG_MPEG1VCD_MUXER 0
-%define CONFIG_MPEG1VIDEO_MUXER 0
-%define CONFIG_MPEG2DVD_MUXER 0
-%define CONFIG_MPEG2SVCD_MUXER 0
-%define CONFIG_MPEG2VIDEO_MUXER 0
-%define CONFIG_MPEG2VOB_MUXER 0
-%define CONFIG_MPEGTS_MUXER 0
-%define CONFIG_MPJPEG_MUXER 0
-%define CONFIG_MXF_MUXER 0
-%define CONFIG_MXF_D10_MUXER 0
-%define CONFIG_MXF_OPATOM_MUXER 0
-%define CONFIG_NULL_MUXER 0
-%define CONFIG_NUT_MUXER 0
-%define CONFIG_OGA_MUXER 0
-%define CONFIG_OGG_MUXER 0
-%define CONFIG_OGV_MUXER 0
-%define CONFIG_OMA_MUXER 0
-%define CONFIG_OPUS_MUXER 0
-%define CONFIG_PCM_ALAW_MUXER 0
-%define CONFIG_PCM_MULAW_MUXER 0
-%define CONFIG_PCM_F64BE_MUXER 0
-%define CONFIG_PCM_F64LE_MUXER 0
-%define CONFIG_PCM_F32BE_MUXER 0
-%define CONFIG_PCM_F32LE_MUXER 0
-%define CONFIG_PCM_S32BE_MUXER 0
-%define CONFIG_PCM_S32LE_MUXER 0
-%define CONFIG_PCM_S24BE_MUXER 0
-%define CONFIG_PCM_S24LE_MUXER 0
-%define CONFIG_PCM_S16BE_MUXER 0
-%define CONFIG_PCM_S16LE_MUXER 0
-%define CONFIG_PCM_S8_MUXER 0
-%define CONFIG_PCM_U32BE_MUXER 0
-%define CONFIG_PCM_U32LE_MUXER 0
-%define CONFIG_PCM_U24BE_MUXER 0
-%define CONFIG_PCM_U24LE_MUXER 0
-%define CONFIG_PCM_U16BE_MUXER 0
-%define CONFIG_PCM_U16LE_MUXER 0
-%define CONFIG_PCM_U8_MUXER 0
-%define CONFIG_PSP_MUXER 0
-%define CONFIG_RAWVIDEO_MUXER 0
-%define CONFIG_RM_MUXER 0
-%define CONFIG_ROQ_MUXER 0
-%define CONFIG_RSO_MUXER 0
-%define CONFIG_RTP_MUXER 0
-%define CONFIG_RTP_MPEGTS_MUXER 0
-%define CONFIG_RTSP_MUXER 0
-%define CONFIG_SAP_MUXER 0
-%define CONFIG_SEGMENT_MUXER 0
-%define CONFIG_STREAM_SEGMENT_MUXER 0
-%define CONFIG_SINGLEJPEG_MUXER 0
-%define CONFIG_SMJPEG_MUXER 0
-%define CONFIG_SMOOTHSTREAMING_MUXER 0
-%define CONFIG_SOX_MUXER 0
-%define CONFIG_SPX_MUXER 0
-%define CONFIG_SPDIF_MUXER 0
-%define CONFIG_SRT_MUXER 0
-%define CONFIG_SWF_MUXER 0
-%define CONFIG_TEE_MUXER 0
-%define CONFIG_TG2_MUXER 0
-%define CONFIG_TGP_MUXER 0
-%define CONFIG_MKVTIMESTAMP_V2_MUXER 0
-%define CONFIG_TRUEHD_MUXER 0
-%define CONFIG_TTA_MUXER 0
-%define CONFIG_UNCODEDFRAMECRC_MUXER 0
-%define CONFIG_VC1_MUXER 0
-%define CONFIG_VC1T_MUXER 0
-%define CONFIG_VOC_MUXER 0
-%define CONFIG_W64_MUXER 0
-%define CONFIG_WAV_MUXER 0
-%define CONFIG_WEBM_MUXER 0
-%define CONFIG_WEBM_DASH_MANIFEST_MUXER 0
-%define CONFIG_WEBM_CHUNK_MUXER 0
-%define CONFIG_WEBP_MUXER 0
-%define CONFIG_WEBVTT_MUXER 0
-%define CONFIG_WTV_MUXER 0
-%define CONFIG_WV_MUXER 0
-%define CONFIG_YUV4MPEGPIPE_MUXER 0
-%define CONFIG_CHROMAPRINT_MUXER 0
-%define CONFIG_LIBNUT_MUXER 0
-%define CONFIG_ALSA_OUTDEV 0
-%define CONFIG_CACA_OUTDEV 0
-%define CONFIG_DECKLINK_OUTDEV 0
-%define CONFIG_FBDEV_OUTDEV 0
-%define CONFIG_OPENGL_OUTDEV 0
-%define CONFIG_OSS_OUTDEV 0
-%define CONFIG_PULSE_OUTDEV 0
-%define CONFIG_SDL2_OUTDEV 0
-%define CONFIG_SNDIO_OUTDEV 0
-%define CONFIG_V4L2_OUTDEV 0
-%define CONFIG_XV_OUTDEV 0
-%define CONFIG_AAC_PARSER 0
-%define CONFIG_AAC_LATM_PARSER 0
-%define CONFIG_AC3_PARSER 0
-%define CONFIG_ADX_PARSER 0
-%define CONFIG_BMP_PARSER 0
-%define CONFIG_CAVSVIDEO_PARSER 0
-%define CONFIG_COOK_PARSER 0
-%define CONFIG_DCA_PARSER 0
-%define CONFIG_DIRAC_PARSER 0
-%define CONFIG_DNXHD_PARSER 0
-%define CONFIG_DPX_PARSER 0
-%define CONFIG_DVAUDIO_PARSER 0
-%define CONFIG_DVBSUB_PARSER 0
-%define CONFIG_DVDSUB_PARSER 0
-%define CONFIG_DVD_NAV_PARSER 0
-%define CONFIG_FLAC_PARSER 1
-%define CONFIG_G729_PARSER 0
-%define CONFIG_GSM_PARSER 0
-%define CONFIG_H261_PARSER 0
-%define CONFIG_H263_PARSER 0
-%define CONFIG_H264_PARSER 0
-%define CONFIG_HEVC_PARSER 0
-%define CONFIG_MJPEG_PARSER 0
-%define CONFIG_MLP_PARSER 0
-%define CONFIG_MPEG4VIDEO_PARSER 0
-%define CONFIG_MPEGAUDIO_PARSER 0
-%define CONFIG_MPEGVIDEO_PARSER 0
-%define CONFIG_OPUS_PARSER 0
-%define CONFIG_PNG_PARSER 0
-%define CONFIG_PNM_PARSER 0
-%define CONFIG_RV30_PARSER 0
-%define CONFIG_RV40_PARSER 0
-%define CONFIG_TAK_PARSER 0
-%define CONFIG_VC1_PARSER 0
-%define CONFIG_VORBIS_PARSER 0
-%define CONFIG_VP3_PARSER 0
+%define CONFIG_FLAC_PARSER 0
 %define CONFIG_VP8_PARSER 1
 %define CONFIG_VP9_PARSER 1
-%define CONFIG_ASYNC_PROTOCOL 0
-%define CONFIG_BLURAY_PROTOCOL 0
-%define CONFIG_CACHE_PROTOCOL 0
-%define CONFIG_CONCAT_PROTOCOL 0
-%define CONFIG_CRYPTO_PROTOCOL 0
-%define CONFIG_DATA_PROTOCOL 0
-%define CONFIG_FFRTMPCRYPT_PROTOCOL 0
-%define CONFIG_FFRTMPHTTP_PROTOCOL 0
-%define CONFIG_FILE_PROTOCOL 0
-%define CONFIG_FTP_PROTOCOL 0
-%define CONFIG_GOPHER_PROTOCOL 0
-%define CONFIG_HLS_PROTOCOL 0
-%define CONFIG_HTTP_PROTOCOL 0
-%define CONFIG_HTTPPROXY_PROTOCOL 0
-%define CONFIG_HTTPS_PROTOCOL 0
-%define CONFIG_ICECAST_PROTOCOL 0
-%define CONFIG_MMSH_PROTOCOL 0
-%define CONFIG_MMST_PROTOCOL 0
-%define CONFIG_MD5_PROTOCOL 0
-%define CONFIG_PIPE_PROTOCOL 0
-%define CONFIG_RTMP_PROTOCOL 0
-%define CONFIG_RTMPE_PROTOCOL 0
-%define CONFIG_RTMPS_PROTOCOL 0
-%define CONFIG_RTMPT_PROTOCOL 0
-%define CONFIG_RTMPTE_PROTOCOL 0
-%define CONFIG_RTMPTS_PROTOCOL 0
-%define CONFIG_RTP_PROTOCOL 0
-%define CONFIG_SCTP_PROTOCOL 0
-%define CONFIG_SRTP_PROTOCOL 0
-%define CONFIG_SUBFILE_PROTOCOL 0
-%define CONFIG_TEE_PROTOCOL 0
-%define CONFIG_TCP_PROTOCOL 0
-%define CONFIG_TLS_GNUTLS_PROTOCOL 0
-%define CONFIG_TLS_SCHANNEL_PROTOCOL 0
-%define CONFIG_TLS_SECURETRANSPORT_PROTOCOL 0
-%define CONFIG_TLS_OPENSSL_PROTOCOL 0
-%define CONFIG_UDP_PROTOCOL 0
-%define CONFIG_UDPLITE_PROTOCOL 0
-%define CONFIG_UNIX_PROTOCOL 0
-%define CONFIG_LIBRTMP_PROTOCOL 0
-%define CONFIG_LIBRTMPE_PROTOCOL 0
-%define CONFIG_LIBRTMPS_PROTOCOL 0
-%define CONFIG_LIBRTMPT_PROTOCOL 0
-%define CONFIG_LIBRTMPTE_PROTOCOL 0
-%define CONFIG_LIBSSH_PROTOCOL 0
-%define CONFIG_LIBSMBCLIENT_PROTOCOL 0
diff --git a/media/ffvpx/config_win32.h b/media/ffvpx/config_win32.h
index b23b2ad9f..36bb2d3c3 100644
--- a/media/ffvpx/config_win32.h
+++ b/media/ffvpx/config_win32.h
@@ -1,12 +1,12 @@
 /* Automatically generated by configure - do not modify! */
 #ifndef FFMPEG_CONFIG_H
 #define FFMPEG_CONFIG_H
-#define FFMPEG_CONFIGURATION "--disable-everything --disable-protocols --disable-demuxers --disable-muxers --disable-filters --disable-programs --disable-doc --disable-parsers --enable-parser=vp8 --enable-parser=vp9 --enable-decoder=vp8 --enable-decoder=vp9 --disable-static --enable-shared --disable-debug --disable-sdl --disable-libxcb --disable-securetransport --disable-iconv --disable-swresample --disable-swscale --disable-avdevice --disable-avfilter --disable-avformat --disable-d3d11va --disable-dxva2 --disable-vaapi --disable-vda --disable-vdpau --disable-videotoolbox --enable-asm --enable-yasm --toolchain=msvc"
+#define FFMPEG_CONFIGURATION "--disable-everything --disable-protocols --disable-demuxers --disable-muxers --disable-filters --disable-programs --disable-doc --disable-parsers --enable-parser=vp8 --enable-parser=vp9 --enable-decoder=vp8 --enable-decoder=vp9 --disable-static --enable-shared --disable-debug --disable-sdl2 --disable-libxcb --disable-securetransport --disable-iconv --disable-swresample --disable-swscale --disable-avdevice --disable-avfilter --disable-avformat --disable-d3d11va --disable-dxva2 --disable-vaapi --disable-vdpau --disable-videotoolbox --enable-decoder=flac --enable-asm --enable-x86asm --toolchain=msvc"
 #define FFMPEG_LICENSE "LGPL version 2.1 or later"
-#define CONFIG_THIS_YEAR 2016
+#define CONFIG_THIS_YEAR 2017
 #define FFMPEG_DATADIR "/usr/local/share/ffmpeg"
 #define AVCONV_DATADIR "/usr/local/share/ffmpeg"
-#define CC_IDENT "Microsoft (R) C/C++ Optimizing Compiler Version 19.00.23506 for x86"
+#define CC_IDENT "Microsoft (R) C/C++ Optimizing Compiler Version 19.11.25508.2 for x86"
 #define av_restrict __restrict
 #define EXTERN_PREFIX "_"
 #define EXTERN_ASM _
@@ -79,8 +79,8 @@
 #define HAVE_MIPSDSP 0
 #define HAVE_MIPSDSPR2 0
 #define HAVE_MSA 0
-#define HAVE_LOONGSON2 1
-#define HAVE_LOONGSON3 1
+#define HAVE_LOONGSON2 0
+#define HAVE_LOONGSON3 0
 #define HAVE_MMI 0
 #define HAVE_ARMV5TE_EXTERNAL 0
 #define HAVE_ARMV6_EXTERNAL 0
@@ -172,37 +172,38 @@
 #define HAVE_MMI_INLINE 0
 #define HAVE_ALIGNED_STACK 0
 #define HAVE_FAST_64BIT 0
-#define HAVE_FAST_CLZ 1
+#define HAVE_FAST_CLZ 0
 #define HAVE_FAST_CMOV 0
 #define HAVE_LOCAL_ALIGNED_8 1
 #define HAVE_LOCAL_ALIGNED_16 1
 #define HAVE_LOCAL_ALIGNED_32 1
 #define HAVE_SIMD_ALIGN_16 1
+#define HAVE_SIMD_ALIGN_32 1
 #define HAVE_ATOMICS_GCC 0
 #define HAVE_ATOMICS_SUNCC 0
 #define HAVE_ATOMICS_WIN32 1
 #define HAVE_ATOMIC_CAS_PTR 0
-#define HAVE_ATOMIC_COMPARE_EXCHANGE 0
 #define HAVE_MACHINE_RW_BARRIER 0
 #define HAVE_MEMORYBARRIER 1
 #define HAVE_MM_EMPTY 1
 #define HAVE_RDTSC 1
 #define HAVE_SARESTART 0
-#define HAVE_SEM_TIMEDWAIT 1
+#define HAVE_SEM_TIMEDWAIT 0
 #define HAVE_SYNC_VAL_COMPARE_AND_SWAP 0
 #define HAVE_CABS 0
 #define HAVE_CEXP 0
 #define HAVE_INLINE_ASM 0
 #define HAVE_SYMVER 0
-#define HAVE_YASM 1
+#define HAVE_X86ASM 1
 #define HAVE_BIGENDIAN 0
 #define HAVE_FAST_UNALIGNED 1
-#define HAVE_ALSA_ASOUNDLIB_H 0
 #define HAVE_ALTIVEC_H 0
 #define HAVE_ARPA_INET_H 0
 #define HAVE_ASM_TYPES_H 0
 #define HAVE_CDIO_PARANOIA_H 0
 #define HAVE_CDIO_PARANOIA_PARANOIA_H 0
+#define HAVE_CUDA_H 0
+#define HAVE_D3D11_H 1
 #define HAVE_DISPATCH_DISPATCH_H 0
 #define HAVE_DEV_BKTR_IOCTL_BT848_H 0
 #define HAVE_DEV_BKTR_IOCTL_METEOR_H 0
@@ -212,7 +213,7 @@
 #define HAVE_DIRECT_H 1
 #define HAVE_DIRENT_H 0
 #define HAVE_DLFCN_H 0
-#define HAVE_D3D11_H 1
+#define HAVE_DXGIDEBUG_H 1
 #define HAVE_DXVA_H 1
 #define HAVE_ES2_GL_H 0
 #define HAVE_GSM_H 0
@@ -221,13 +222,15 @@
 #define HAVE_MACHINE_IOCTL_BT848_H 0
 #define HAVE_MACHINE_IOCTL_METEOR_H 0
 #define HAVE_OPENCV2_CORE_CORE_C_H 0
+#define HAVE_OPENJPEG_2_3_OPENJPEG_H 0
+#define HAVE_OPENJPEG_2_2_OPENJPEG_H 0
 #define HAVE_OPENJPEG_2_1_OPENJPEG_H 0
 #define HAVE_OPENJPEG_2_0_OPENJPEG_H 0
 #define HAVE_OPENJPEG_1_5_OPENJPEG_H 0
 #define HAVE_OPENGL_GL3_H 0
 #define HAVE_POLL_H 0
-#define HAVE_SNDIO_H 0
 #define HAVE_SOUNDCARD_H 0
+#define HAVE_STDATOMIC_H 0
 #define HAVE_SYS_MMAN_H 0
 #define HAVE_SYS_PARAM_H 0
 #define HAVE_SYS_RESOURCE_H 0
@@ -279,7 +282,6 @@
 #define HAVE_COMMANDLINETOARGVW 1
 #define HAVE_COTASKMEMFREE 1
 #define HAVE_CRYPTGENRANDOM 1
-#define HAVE_DLOPEN 0
 #define HAVE_FCNTL 0
 #define HAVE_FLT_LIM 1
 #define HAVE_FORK 0
@@ -299,7 +301,7 @@
 #define HAVE_ISATTY 1
 #define HAVE_JACK_PORT_GET_LATENCY_RANGE 0
 #define HAVE_KBHIT 1
-#define HAVE_LOADLIBRARY 0
+#define HAVE_LOADLIBRARY 1
 #define HAVE_LSTAT 0
 #define HAVE_LZO1X_999_COMPRESS 0
 #define HAVE_MACH_ABSOLUTE_TIME 0
@@ -318,6 +320,7 @@
 #define HAVE_SLEEP 1
 #define HAVE_STRERROR_R 0
 #define HAVE_SYSCONF 0
+#define HAVE_SYSCTL 0
 #define HAVE_USLEEP 0
 #define HAVE_UTGETOSTYPEFROMSTRING 0
 #define HAVE_VIRTUALALLOC 1
@@ -326,11 +329,13 @@
 #define HAVE_OS2THREADS 0
 #define HAVE_W32THREADS 1
 #define HAVE_AS_DN_DIRECTIVE 0
+#define HAVE_AS_FPU_DIRECTIVE 0
 #define HAVE_AS_FUNC 0
 #define HAVE_AS_OBJECT_ARCH 0
 #define HAVE_ASM_MOD_Q 0
 #define HAVE_ATTRIBUTE_MAY_ALIAS 0
 #define HAVE_ATTRIBUTE_PACKED 0
+#define HAVE_BLOCKS_EXTENSION 0
 #define HAVE_EBP_AVAILABLE 0
 #define HAVE_EBX_AVAILABLE 0
 #define HAVE_GNU_AS 0
@@ -347,12 +352,13 @@
 #define HAVE_XFORM_ASM 0
 #define HAVE_XMM_CLOBBERS 0
 #define HAVE_CONDITION_VARIABLE_PTR 1
+#define HAVE_KCMVIDEOCODECTYPE_HEVC 0
 #define HAVE_SOCKLEN_T 1
 #define HAVE_STRUCT_ADDRINFO 1
 #define HAVE_STRUCT_GROUP_SOURCE_REQ 1
 #define HAVE_STRUCT_IP_MREQ_SOURCE 1
 #define HAVE_STRUCT_IPV6_MREQ 1
-#define HAVE_STRUCT_MSGHDR_MSG_FLAGS 1
+#define HAVE_STRUCT_MSGHDR_MSG_FLAGS 0
 #define HAVE_STRUCT_POLLFD 0
 #define HAVE_STRUCT_RUSAGE_RU_MAXRSS 0
 #define HAVE_STRUCT_SCTP_EVENT_SUBSCRIBE 0
@@ -363,36 +369,20 @@
 #define HAVE_STRUCT_V4L2_FRMIVALENUM_DISCRETE 0
 #define HAVE_ATOMICS_NATIVE 1
 #define HAVE_DOS_PATHS 1
-#define HAVE_DXVA2_LIB 0
-#define HAVE_DXVA2API_COBJ 1
 #define HAVE_LIBC_MSVCRT 1
-#define HAVE_LIBDC1394_1 0
-#define HAVE_LIBDC1394_2 0
 #define HAVE_MAKEINFO 1
 #define HAVE_MAKEINFO_HTML 0
 #define HAVE_MMAL_PARAMETER_VIDEO_MAX_NUM_CALLBACKS 0
 #define HAVE_PERL 1
 #define HAVE_POD2MAN 1
-#define HAVE_SDL2 0
 #define HAVE_SECTION_DATA_REL_RO 0
 #define HAVE_TEXI2HTML 0
 #define HAVE_THREADS 1
+#define HAVE_UWP 0
 #define HAVE_VAAPI_DRM 0
 #define HAVE_VAAPI_X11 0
 #define HAVE_VDPAU_X11 0
 #define HAVE_WINRT 0
-#define HAVE_XLIB 0
-#define CONFIG_BSFS 0
-#define CONFIG_DECODERS 1
-#define CONFIG_ENCODERS 0
-#define CONFIG_HWACCELS 0
-#define CONFIG_PARSERS 1
-#define CONFIG_INDEVS 0
-#define CONFIG_OUTDEVS 0
-#define CONFIG_FILTERS 0
-#define CONFIG_DEMUXERS 0
-#define CONFIG_MUXERS 0
-#define CONFIG_PROTOCOLS 0
 #define CONFIG_DOC 0
 #define CONFIG_HTMLPAGES 0
 #define CONFIG_MANPAGES 1
@@ -400,13 +390,17 @@
 #define CONFIG_TXTPAGES 1
 #define CONFIG_AVIO_DIR_CMD_EXAMPLE 1
 #define CONFIG_AVIO_READING_EXAMPLE 1
-#define CONFIG_DECODING_ENCODING_EXAMPLE 0
+#define CONFIG_DECODE_AUDIO_EXAMPLE 1
+#define CONFIG_DECODE_VIDEO_EXAMPLE 1
 #define CONFIG_DEMUXING_DECODING_EXAMPLE 0
+#define CONFIG_ENCODE_AUDIO_EXAMPLE 1
+#define CONFIG_ENCODE_VIDEO_EXAMPLE 1
 #define CONFIG_EXTRACT_MVS_EXAMPLE 0
 #define CONFIG_FILTER_AUDIO_EXAMPLE 0
 #define CONFIG_FILTERING_AUDIO_EXAMPLE 0
 #define CONFIG_FILTERING_VIDEO_EXAMPLE 0
 #define CONFIG_HTTP_MULTICLIENT_EXAMPLE 0
+#define CONFIG_HW_DECODE_EXAMPLE 0
 #define CONFIG_METADATA_EXAMPLE 0
 #define CONFIG_MUXING_EXAMPLE 0
 #define CONFIG_QSVDEC_EXAMPLE 0
@@ -415,27 +409,55 @@
 #define CONFIG_SCALING_VIDEO_EXAMPLE 0
 #define CONFIG_TRANSCODE_AAC_EXAMPLE 0
 #define CONFIG_TRANSCODING_EXAMPLE 0
-#define CONFIG_AVISYNTH 0
+#define CONFIG_ALSA 0
+#define CONFIG_APPKIT 0
+#define CONFIG_AVFOUNDATION 0
 #define CONFIG_BZLIB 0
-#define CONFIG_CHROMAPRINT 0
-#define CONFIG_CRYSTALHD 0
-#define CONFIG_DECKLINK 0
+#define CONFIG_COREIMAGE 0
+#define CONFIG_ICONV 0
+#define CONFIG_JACK 0
+#define CONFIG_LIBXCB 0
+#define CONFIG_LIBXCB_SHM 0
+#define CONFIG_LIBXCB_SHAPE 0
+#define CONFIG_LIBXCB_XFIXES 0
+#define CONFIG_LZMA 0
+#define CONFIG_SCHANNEL 1
+#define CONFIG_SDL2 0
+#define CONFIG_SECURETRANSPORT 0
+#define CONFIG_SNDIO 0
+#define CONFIG_XLIB 1
+#define CONFIG_ZLIB 0
+#define CONFIG_AVISYNTH 0
 #define CONFIG_FREI0R 0
-#define CONFIG_GCRYPT 0
+#define CONFIG_LIBCDIO 0
+#define CONFIG_LIBRUBBERBAND 0
+#define CONFIG_LIBVIDSTAB 0
+#define CONFIG_LIBX264 0
+#define CONFIG_LIBX265 0
+#define CONFIG_LIBXAVS 0
+#define CONFIG_LIBXVID 0
+#define CONFIG_DECKLINK 0
+#define CONFIG_LIBNDI_NEWTEK 0
+#define CONFIG_LIBFDK_AAC 0
+#define CONFIG_OPENSSL 0
 #define CONFIG_GMP 0
+#define CONFIG_LIBOPENCORE_AMRNB 0
+#define CONFIG_LIBOPENCORE_AMRWB 0
+#define CONFIG_LIBVO_AMRWBENC 0
+#define CONFIG_RKMPP 0
+#define CONFIG_LIBSMBCLIENT 0
+#define CONFIG_CHROMAPRINT 0
+#define CONFIG_GCRYPT 0
 #define CONFIG_GNUTLS 0
-#define CONFIG_ICONV 0
 #define CONFIG_JNI 0
 #define CONFIG_LADSPA 0
 #define CONFIG_LIBASS 0
 #define CONFIG_LIBBLURAY 0
 #define CONFIG_LIBBS2B 0
 #define CONFIG_LIBCACA 0
-#define CONFIG_LIBCDIO 0
 #define CONFIG_LIBCELT 0
 #define CONFIG_LIBDC1394 0
-#define CONFIG_LIBEBUR128 0
-#define CONFIG_LIBFDK_AAC 0
+#define CONFIG_LIBDRM 0
 #define CONFIG_LIBFLITE 0
 #define CONFIG_LIBFONTCONFIG 0
 #define CONFIG_LIBFREETYPE 0
@@ -447,18 +469,15 @@
 #define CONFIG_LIBKVAZAAR 0
 #define CONFIG_LIBMODPLUG 0
 #define CONFIG_LIBMP3LAME 0
-#define CONFIG_LIBNUT 0
-#define CONFIG_LIBOPENCORE_AMRNB 0
-#define CONFIG_LIBOPENCORE_AMRWB 0
+#define CONFIG_LIBMYSOFA 0
 #define CONFIG_LIBOPENCV 0
 #define CONFIG_LIBOPENH264 0
 #define CONFIG_LIBOPENJPEG 0
 #define CONFIG_LIBOPENMPT 0
 #define CONFIG_LIBOPUS 0
 #define CONFIG_LIBPULSE 0
+#define CONFIG_LIBRSVG 0
 #define CONFIG_LIBRTMP 0
-#define CONFIG_LIBRUBBERBAND 0
-#define CONFIG_LIBSCHROEDINGER 0
 #define CONFIG_LIBSHINE 0
 #define CONFIG_LIBSMBCLIENT 0
 #define CONFIG_LIBSNAPPY 0
@@ -469,53 +488,37 @@
 #define CONFIG_LIBTHEORA 0
 #define CONFIG_LIBTWOLAME 0
 #define CONFIG_LIBV4L2 0
-#define CONFIG_LIBVIDSTAB 0
-#define CONFIG_LIBVO_AMRWBENC 0
+#define CONFIG_LIBVMAF 0
 #define CONFIG_LIBVORBIS 0
 #define CONFIG_LIBVPX 0
 #define CONFIG_LIBWAVPACK 0
 #define CONFIG_LIBWEBP 0
-#define CONFIG_LIBX264 0
-#define CONFIG_LIBX265 0
-#define CONFIG_LIBXAVS 0
-#define CONFIG_LIBXCB 0
-#define CONFIG_LIBXCB_SHM 0
-#define CONFIG_LIBXCB_SHAPE 0
-#define CONFIG_LIBXCB_XFIXES 0
-#define CONFIG_LIBXVID 0
+#define CONFIG_LIBXML2 0
 #define CONFIG_LIBZIMG 0
 #define CONFIG_LIBZMQ 0
 #define CONFIG_LIBZVBI 0
-#define CONFIG_LZMA 0
 #define CONFIG_MEDIACODEC 0
-#define CONFIG_NETCDF 0
 #define CONFIG_OPENAL 0
 #define CONFIG_OPENCL 0
 #define CONFIG_OPENGL 0
-#define CONFIG_OPENSSL 0
-#define CONFIG_SCHANNEL 1
-#define CONFIG_SDL 0
-#define CONFIG_SDL2 0
-#define CONFIG_SECURETRANSPORT 0
-#define CONFIG_VIDEOTOOLBOX 0
-#define CONFIG_X11GRAB 0
-#define CONFIG_XLIB 0
-#define CONFIG_ZLIB 0
 #define CONFIG_AUDIOTOOLBOX 0
-#define CONFIG_CUDA 0
-#define CONFIG_CUVID 0
+#define CONFIG_CRYSTALHD 0
+#define CONFIG_CUDA 1
+#define CONFIG_CUVID 1
 #define CONFIG_D3D11VA 0
 #define CONFIG_DXVA2 0
-#define CONFIG_LIBMFX 0
-#define CONFIG_LIBNPP 0
-#define CONFIG_MMAL 0
-#define CONFIG_NVENC 0
-#define CONFIG_OMX 0
+#define CONFIG_NVENC 1
 #define CONFIG_VAAPI 0
 #define CONFIG_VDA 0
 #define CONFIG_VDPAU 0
-#define CONFIG_VIDEOTOOLBOX_HWACCEL 0
+#define CONFIG_VIDEOTOOLBOX 0
+#define CONFIG_V4L2_M2M 0
 #define CONFIG_XVMC 0
+#define CONFIG_CUDA_SDK 0
+#define CONFIG_LIBNPP 0
+#define CONFIG_LIBMFX 0
+#define CONFIG_MMAL 0
+#define CONFIG_OMX 0
 #define CONFIG_FTRAPV 0
 #define CONFIG_GRAY 0
 #define CONFIG_HARDCODED_TABLES 0
@@ -554,16 +557,27 @@
 #define CONFIG_PIXELUTILS 0
 #define CONFIG_NETWORK 0
 #define CONFIG_RDFT 0
+#define CONFIG_AUTODETECT 0
 #define CONFIG_FONTCONFIG 0
-#define CONFIG_MEMALIGN_HACK 0
+#define CONFIG_LINUX_PERF 0
 #define CONFIG_MEMORY_POISONING 0
 #define CONFIG_NEON_CLOBBER_TEST 0
+#define CONFIG_OSSFUZZ 0
 #define CONFIG_PIC 0
-#define CONFIG_POD2MAN 1
-#define CONFIG_RAISE_MAJOR 0
 #define CONFIG_THUMB 0
 #define CONFIG_VALGRIND_BACKTRACE 0
 #define CONFIG_XMM_CLOBBER_TEST 0
+#define CONFIG_BSFS 1
+#define CONFIG_DECODERS 1
+#define CONFIG_ENCODERS 0
+#define CONFIG_HWACCELS 0
+#define CONFIG_PARSERS 1
+#define CONFIG_INDEVS 0
+#define CONFIG_OUTDEVS 0
+#define CONFIG_FILTERS 0
+#define CONFIG_DEMUXERS 0
+#define CONFIG_MUXERS 0
+#define CONFIG_PROTOCOLS 0
 #define CONFIG_AANDCTTABLES 0
 #define CONFIG_AC3DSP 0
 #define CONFIG_AUDIO_FRAME_QUEUE 0
@@ -581,20 +595,22 @@
 #define CONFIG_FMTCONVERT 0
 #define CONFIG_FRAME_THREAD_ENCODER 0
 #define CONFIG_G722DSP 0
-#define CONFIG_GOLOMB 1
+#define CONFIG_GOLOMB 0
 #define CONFIG_GPLV3 0
 #define CONFIG_H263DSP 0
 #define CONFIG_H264CHROMA 0
 #define CONFIG_H264DSP 0
+#define CONFIG_H264PARSE 0
 #define CONFIG_H264PRED 1
 #define CONFIG_H264QPEL 0
+#define CONFIG_HEVCPARSE 0
 #define CONFIG_HPELDSP 0
 #define CONFIG_HUFFMAN 0
 #define CONFIG_HUFFYUVDSP 0
 #define CONFIG_HUFFYUVENCDSP 0
 #define CONFIG_IDCTDSP 0
 #define CONFIG_IIRFILTER 0
-#define CONFIG_IMDCT15 0
+#define CONFIG_MDCT15 0
 #define CONFIG_INTRAX8 0
 #define CONFIG_ISO_MEDIA 0
 #define CONFIG_IVIDSP 0
@@ -603,12 +619,14 @@
 #define CONFIG_LIBX262 0
 #define CONFIG_LLAUDDSP 0
 #define CONFIG_LLVIDDSP 0
+#define CONFIG_LLVIDENCDSP 0
 #define CONFIG_LPC 0
 #define CONFIG_LZF 0
 #define CONFIG_ME_CMP 0
 #define CONFIG_MPEG_ER 0
 #define CONFIG_MPEGAUDIO 0
 #define CONFIG_MPEGAUDIODSP 0
+#define CONFIG_MPEGAUDIOHEADER 0
 #define CONFIG_MPEGVIDEO 0
 #define CONFIG_MPEGVIDEOENC 0
 #define CONFIG_MSS34DSP 0
@@ -630,1595 +648,20 @@
 #define CONFIG_TEXTUREDSP 0
 #define CONFIG_TEXTUREDSPENC 0
 #define CONFIG_TPELDSP 0
+#define CONFIG_VAAPI_1 0
 #define CONFIG_VAAPI_ENCODE 0
 #define CONFIG_VC1DSP 0
 #define CONFIG_VIDEODSP 1
 #define CONFIG_VP3DSP 0
 #define CONFIG_VP56DSP 0
 #define CONFIG_VP8DSP 1
-#define CONFIG_VT_BT2020 0
 #define CONFIG_WMA_FREQS 0
 #define CONFIG_WMV2DSP 0
-#define CONFIG_AAC_ADTSTOASC_BSF 0
-#define CONFIG_CHOMP_BSF 0
-#define CONFIG_DUMP_EXTRADATA_BSF 0
-#define CONFIG_DCA_CORE_BSF 0
-#define CONFIG_H264_MP4TOANNEXB_BSF 0
-#define CONFIG_HEVC_MP4TOANNEXB_BSF 0
-#define CONFIG_IMX_DUMP_HEADER_BSF 0
-#define CONFIG_MJPEG2JPEG_BSF 0
-#define CONFIG_MJPEGA_DUMP_HEADER_BSF 0
-#define CONFIG_MP3_HEADER_DECOMPRESS_BSF 0
-#define CONFIG_MPEG4_UNPACK_BFRAMES_BSF 0
-#define CONFIG_MOV2TEXTSUB_BSF 0
-#define CONFIG_NOISE_BSF 0
-#define CONFIG_REMOVE_EXTRADATA_BSF 0
-#define CONFIG_TEXT2MOVSUB_BSF 0
-#define CONFIG_VP9_SUPERFRAME_BSF 0
-#define CONFIG_AASC_DECODER 0
-#define CONFIG_AIC_DECODER 0
-#define CONFIG_ALIAS_PIX_DECODER 0
-#define CONFIG_AMV_DECODER 0
-#define CONFIG_ANM_DECODER 0
-#define CONFIG_ANSI_DECODER 0
-#define CONFIG_APNG_DECODER 0
-#define CONFIG_ASV1_DECODER 0
-#define CONFIG_ASV2_DECODER 0
-#define CONFIG_AURA_DECODER 0
-#define CONFIG_AURA2_DECODER 0
-#define CONFIG_AVRP_DECODER 0
-#define CONFIG_AVRN_DECODER 0
-#define CONFIG_AVS_DECODER 0
-#define CONFIG_AVUI_DECODER 0
-#define CONFIG_AYUV_DECODER 0
-#define CONFIG_BETHSOFTVID_DECODER 0
-#define CONFIG_BFI_DECODER 0
-#define CONFIG_BINK_DECODER 0
-#define CONFIG_BMP_DECODER 0
-#define CONFIG_BMV_VIDEO_DECODER 0
-#define CONFIG_BRENDER_PIX_DECODER 0
-#define CONFIG_C93_DECODER 0
-#define CONFIG_CAVS_DECODER 0
-#define CONFIG_CDGRAPHICS_DECODER 0
-#define CONFIG_CDXL_DECODER 0
-#define CONFIG_CFHD_DECODER 0
-#define CONFIG_CINEPAK_DECODER 0
-#define CONFIG_CLJR_DECODER 0
-#define CONFIG_CLLC_DECODER 0
-#define CONFIG_COMFORTNOISE_DECODER 0
-#define CONFIG_CPIA_DECODER 0
-#define CONFIG_CSCD_DECODER 0
-#define CONFIG_CYUV_DECODER 0
-#define CONFIG_DDS_DECODER 0
-#define CONFIG_DFA_DECODER 0
-#define CONFIG_DIRAC_DECODER 0
-#define CONFIG_DNXHD_DECODER 0
-#define CONFIG_DPX_DECODER 0
-#define CONFIG_DSICINVIDEO_DECODER 0
-#define CONFIG_DVAUDIO_DECODER 0
-#define CONFIG_DVVIDEO_DECODER 0
-#define CONFIG_DXA_DECODER 0
-#define CONFIG_DXTORY_DECODER 0
-#define CONFIG_DXV_DECODER 0
-#define CONFIG_EACMV_DECODER 0
-#define CONFIG_EAMAD_DECODER 0
-#define CONFIG_EATGQ_DECODER 0
-#define CONFIG_EATGV_DECODER 0
-#define CONFIG_EATQI_DECODER 0
-#define CONFIG_EIGHTBPS_DECODER 0
-#define CONFIG_EIGHTSVX_EXP_DECODER 0
-#define CONFIG_EIGHTSVX_FIB_DECODER 0
-#define CONFIG_ESCAPE124_DECODER 0
-#define CONFIG_ESCAPE130_DECODER 0
-#define CONFIG_EXR_DECODER 0
-#define CONFIG_FFV1_DECODER 0
-#define CONFIG_FFVHUFF_DECODER 0
-#define CONFIG_FIC_DECODER 0
-#define CONFIG_FLASHSV_DECODER 0
-#define CONFIG_FLASHSV2_DECODER 0
-#define CONFIG_FLIC_DECODER 0
-#define CONFIG_FLV_DECODER 0
-#define CONFIG_FOURXM_DECODER 0
-#define CONFIG_FRAPS_DECODER 0
-#define CONFIG_FRWU_DECODER 0
-#define CONFIG_G2M_DECODER 0
-#define CONFIG_GIF_DECODER 0
-#define CONFIG_H261_DECODER 0
-#define CONFIG_H263_DECODER 0
-#define CONFIG_H263I_DECODER 0
-#define CONFIG_H263P_DECODER 0
-#define CONFIG_H264_DECODER 0
-#define CONFIG_H264_CRYSTALHD_DECODER 0
-#define CONFIG_H264_MEDIACODEC_DECODER 0
-#define CONFIG_H264_MMAL_DECODER 0
-#define CONFIG_H264_QSV_DECODER 0
-#define CONFIG_H264_VDA_DECODER 0
-#define CONFIG_H264_VDPAU_DECODER 0
-#define CONFIG_HAP_DECODER 0
-#define CONFIG_HEVC_DECODER 0
-#define CONFIG_HEVC_QSV_DECODER 0
-#define CONFIG_HNM4_VIDEO_DECODER 0
-#define CONFIG_HQ_HQA_DECODER 0
-#define CONFIG_HQX_DECODER 0
-#define CONFIG_HUFFYUV_DECODER 0
-#define CONFIG_IDCIN_DECODER 0
-#define CONFIG_IFF_ILBM_DECODER 0
-#define CONFIG_INDEO2_DECODER 0
-#define CONFIG_INDEO3_DECODER 0
-#define CONFIG_INDEO4_DECODER 0
-#define CONFIG_INDEO5_DECODER 0
-#define CONFIG_INTERPLAY_VIDEO_DECODER 0
-#define CONFIG_JPEG2000_DECODER 0
-#define CONFIG_JPEGLS_DECODER 0
-#define CONFIG_JV_DECODER 0
-#define CONFIG_KGV1_DECODER 0
-#define CONFIG_KMVC_DECODER 0
-#define CONFIG_LAGARITH_DECODER 0
-#define CONFIG_LOCO_DECODER 0
-#define CONFIG_M101_DECODER 0
-#define CONFIG_MAGICYUV_DECODER 0
-#define CONFIG_MDEC_DECODER 0
-#define CONFIG_MIMIC_DECODER 0
-#define CONFIG_MJPEG_DECODER 0
-#define CONFIG_MJPEGB_DECODER 0
-#define CONFIG_MMVIDEO_DECODER 0
-#define CONFIG_MOTIONPIXELS_DECODER 0
-#define CONFIG_MPEG_XVMC_DECODER 0
-#define CONFIG_MPEG1VIDEO_DECODER 0
-#define CONFIG_MPEG2VIDEO_DECODER 0
-#define CONFIG_MPEG4_DECODER 0
-#define CONFIG_MPEG4_CRYSTALHD_DECODER 0
-#define CONFIG_MPEG4_MMAL_DECODER 0
-#define CONFIG_MPEG4_VDPAU_DECODER 0
-#define CONFIG_MPEGVIDEO_DECODER 0
-#define CONFIG_MPEG_VDPAU_DECODER 0
-#define CONFIG_MPEG1_VDPAU_DECODER 0
-#define CONFIG_MPEG2_MMAL_DECODER 0
-#define CONFIG_MPEG2_CRYSTALHD_DECODER 0
-#define CONFIG_MPEG2_QSV_DECODER 0
-#define CONFIG_MSA1_DECODER 0
-#define CONFIG_MSMPEG4_CRYSTALHD_DECODER 0
-#define CONFIG_MSMPEG4V1_DECODER 0
-#define CONFIG_MSMPEG4V2_DECODER 0
-#define CONFIG_MSMPEG4V3_DECODER 0
-#define CONFIG_MSRLE_DECODER 0
-#define CONFIG_MSS1_DECODER 0
-#define CONFIG_MSS2_DECODER 0
-#define CONFIG_MSVIDEO1_DECODER 0
-#define CONFIG_MSZH_DECODER 0
-#define CONFIG_MTS2_DECODER 0
-#define CONFIG_MVC1_DECODER 0
-#define CONFIG_MVC2_DECODER 0
-#define CONFIG_MXPEG_DECODER 0
-#define CONFIG_NUV_DECODER 0
-#define CONFIG_PAF_VIDEO_DECODER 0
-#define CONFIG_PAM_DECODER 0
-#define CONFIG_PBM_DECODER 0
-#define CONFIG_PCX_DECODER 0
-#define CONFIG_PGM_DECODER 0
-#define CONFIG_PGMYUV_DECODER 0
-#define CONFIG_PICTOR_DECODER 0
-#define CONFIG_PNG_DECODER 0
-#define CONFIG_PPM_DECODER 0
-#define CONFIG_PRORES_DECODER 0
-#define CONFIG_PRORES_LGPL_DECODER 0
-#define CONFIG_PTX_DECODER 0
-#define CONFIG_QDRAW_DECODER 0
-#define CONFIG_QPEG_DECODER 0
-#define CONFIG_QTRLE_DECODER 0
-#define CONFIG_R10K_DECODER 0
-#define CONFIG_R210_DECODER 0
-#define CONFIG_RAWVIDEO_DECODER 0
-#define CONFIG_RL2_DECODER 0
-#define CONFIG_ROQ_DECODER 0
-#define CONFIG_RPZA_DECODER 0
-#define CONFIG_RSCC_DECODER 0
-#define CONFIG_RV10_DECODER 0
-#define CONFIG_RV20_DECODER 0
-#define CONFIG_RV30_DECODER 0
-#define CONFIG_RV40_DECODER 0
-#define CONFIG_S302M_DECODER 0
-#define CONFIG_SANM_DECODER 0
-#define CONFIG_SCREENPRESSO_DECODER 0
-#define CONFIG_SDX2_DPCM_DECODER 0
-#define CONFIG_SGI_DECODER 0
-#define CONFIG_SGIRLE_DECODER 0
-#define CONFIG_SHEERVIDEO_DECODER 0
-#define CONFIG_SMACKER_DECODER 0
-#define CONFIG_SMC_DECODER 0
-#define CONFIG_SMVJPEG_DECODER 0
-#define CONFIG_SNOW_DECODER 0
-#define CONFIG_SP5X_DECODER 0
-#define CONFIG_SUNRAST_DECODER 0
-#define CONFIG_SVQ1_DECODER 0
-#define CONFIG_SVQ3_DECODER 0
-#define CONFIG_TARGA_DECODER 0
-#define CONFIG_TARGA_Y216_DECODER 0
-#define CONFIG_TDSC_DECODER 0
-#define CONFIG_THEORA_DECODER 0
-#define CONFIG_THP_DECODER 0
-#define CONFIG_TIERTEXSEQVIDEO_DECODER 0
-#define CONFIG_TIFF_DECODER 0
-#define CONFIG_TMV_DECODER 0
-#define CONFIG_TRUEMOTION1_DECODER 0
-#define CONFIG_TRUEMOTION2_DECODER 0
-#define CONFIG_TRUEMOTION2RT_DECODER 0
-#define CONFIG_TSCC_DECODER 0
-#define CONFIG_TSCC2_DECODER 0
-#define CONFIG_TXD_DECODER 0
-#define CONFIG_ULTI_DECODER 0
-#define CONFIG_UTVIDEO_DECODER 0
-#define CONFIG_V210_DECODER 0
-#define CONFIG_V210X_DECODER 0
-#define CONFIG_V308_DECODER 0
-#define CONFIG_V408_DECODER 0
-#define CONFIG_V410_DECODER 0
-#define CONFIG_VB_DECODER 0
-#define CONFIG_VBLE_DECODER 0
-#define CONFIG_VC1_DECODER 0
-#define CONFIG_VC1_CRYSTALHD_DECODER 0
-#define CONFIG_VC1_VDPAU_DECODER 0
-#define CONFIG_VC1IMAGE_DECODER 0
-#define CONFIG_VC1_MMAL_DECODER 0
-#define CONFIG_VC1_QSV_DECODER 0
-#define CONFIG_VCR1_DECODER 0
-#define CONFIG_VMDVIDEO_DECODER 0
-#define CONFIG_VMNC_DECODER 0
-#define CONFIG_VP3_DECODER 0
-#define CONFIG_VP5_DECODER 0
-#define CONFIG_VP6_DECODER 0
-#define CONFIG_VP6A_DECODER 0
-#define CONFIG_VP6F_DECODER 0
-#define CONFIG_VP7_DECODER 0
+#define CONFIG_NULL_BSF 1
 #define CONFIG_VP8_DECODER 1
 #define CONFIG_VP9_DECODER 1
-#define CONFIG_VQA_DECODER 0
-#define CONFIG_WEBP_DECODER 0
-#define CONFIG_WMV1_DECODER 0
-#define CONFIG_WMV2_DECODER 0
-#define CONFIG_WMV3_DECODER 0
-#define CONFIG_WMV3_CRYSTALHD_DECODER 0
-#define CONFIG_WMV3_VDPAU_DECODER 0
-#define CONFIG_WMV3IMAGE_DECODER 0
-#define CONFIG_WNV1_DECODER 0
-#define CONFIG_XAN_WC3_DECODER 0
-#define CONFIG_XAN_WC4_DECODER 0
-#define CONFIG_XBM_DECODER 0
-#define CONFIG_XFACE_DECODER 0
-#define CONFIG_XL_DECODER 0
-#define CONFIG_XWD_DECODER 0
-#define CONFIG_Y41P_DECODER 0
-#define CONFIG_YLC_DECODER 0
-#define CONFIG_YOP_DECODER 0
-#define CONFIG_YUV4_DECODER 0
-#define CONFIG_ZERO12V_DECODER 0
-#define CONFIG_ZEROCODEC_DECODER 0
-#define CONFIG_ZLIB_DECODER 0
-#define CONFIG_ZMBV_DECODER 0
-#define CONFIG_AAC_DECODER 0
-#define CONFIG_AAC_FIXED_DECODER 0
-#define CONFIG_AAC_LATM_DECODER 0
-#define CONFIG_AC3_DECODER 0
-#define CONFIG_AC3_FIXED_DECODER 0
-#define CONFIG_ALAC_DECODER 0
-#define CONFIG_ALS_DECODER 0
-#define CONFIG_AMRNB_DECODER 0
-#define CONFIG_AMRWB_DECODER 0
-#define CONFIG_APE_DECODER 0
-#define CONFIG_ATRAC1_DECODER 0
-#define CONFIG_ATRAC3_DECODER 0
-#define CONFIG_ATRAC3P_DECODER 0
-#define CONFIG_BINKAUDIO_DCT_DECODER 0
-#define CONFIG_BINKAUDIO_RDFT_DECODER 0
-#define CONFIG_BMV_AUDIO_DECODER 0
-#define CONFIG_COOK_DECODER 0
-#define CONFIG_DCA_DECODER 0
-#define CONFIG_DSD_LSBF_DECODER 0
-#define CONFIG_DSD_MSBF_DECODER 0
-#define CONFIG_DSD_LSBF_PLANAR_DECODER 0
-#define CONFIG_DSD_MSBF_PLANAR_DECODER 0
-#define CONFIG_DSICINAUDIO_DECODER 0
-#define CONFIG_DSS_SP_DECODER 0
-#define CONFIG_DST_DECODER 0
-#define CONFIG_EAC3_DECODER 0
-#define CONFIG_EVRC_DECODER 0
-#define CONFIG_FFWAVESYNTH_DECODER 0
 #define CONFIG_FLAC_DECODER 1
-#define CONFIG_G723_1_DECODER 0
-#define CONFIG_G729_DECODER 0
-#define CONFIG_GSM_DECODER 0
-#define CONFIG_GSM_MS_DECODER 0
-#define CONFIG_IAC_DECODER 0
-#define CONFIG_IMC_DECODER 0
-#define CONFIG_INTERPLAY_ACM_DECODER 0
-#define CONFIG_MACE3_DECODER 0
-#define CONFIG_MACE6_DECODER 0
-#define CONFIG_METASOUND_DECODER 0
-#define CONFIG_MLP_DECODER 0
-#define CONFIG_MP1_DECODER 0
-#define CONFIG_MP1FLOAT_DECODER 0
-#define CONFIG_MP2_DECODER 0
-#define CONFIG_MP2FLOAT_DECODER 0
-#define CONFIG_MP3_DECODER 0
-#define CONFIG_MP3FLOAT_DECODER 0
-#define CONFIG_MP3ADU_DECODER 0
-#define CONFIG_MP3ADUFLOAT_DECODER 0
-#define CONFIG_MP3ON4_DECODER 0
-#define CONFIG_MP3ON4FLOAT_DECODER 0
-#define CONFIG_MPC7_DECODER 0
-#define CONFIG_MPC8_DECODER 0
-#define CONFIG_NELLYMOSER_DECODER 0
-#define CONFIG_ON2AVC_DECODER 0
-#define CONFIG_OPUS_DECODER 0
-#define CONFIG_PAF_AUDIO_DECODER 0
-#define CONFIG_QCELP_DECODER 0
-#define CONFIG_QDM2_DECODER 0
-#define CONFIG_RA_144_DECODER 0
-#define CONFIG_RA_288_DECODER 0
-#define CONFIG_RALF_DECODER 0
-#define CONFIG_SHORTEN_DECODER 0
-#define CONFIG_SIPR_DECODER 0
-#define CONFIG_SMACKAUD_DECODER 0
-#define CONFIG_SONIC_DECODER 0
-#define CONFIG_TAK_DECODER 0
-#define CONFIG_TRUEHD_DECODER 0
-#define CONFIG_TRUESPEECH_DECODER 0
-#define CONFIG_TTA_DECODER 0
-#define CONFIG_TWINVQ_DECODER 0
-#define CONFIG_VMDAUDIO_DECODER 0
-#define CONFIG_VORBIS_DECODER 0
-#define CONFIG_WAVPACK_DECODER 0
-#define CONFIG_WMALOSSLESS_DECODER 0
-#define CONFIG_WMAPRO_DECODER 0
-#define CONFIG_WMAV1_DECODER 0
-#define CONFIG_WMAV2_DECODER 0
-#define CONFIG_WMAVOICE_DECODER 0
-#define CONFIG_WS_SND1_DECODER 0
-#define CONFIG_XMA1_DECODER 0
-#define CONFIG_XMA2_DECODER 0
-#define CONFIG_PCM_ALAW_DECODER 0
-#define CONFIG_PCM_BLURAY_DECODER 0
-#define CONFIG_PCM_DVD_DECODER 0
-#define CONFIG_PCM_F32BE_DECODER 0
-#define CONFIG_PCM_F32LE_DECODER 0
-#define CONFIG_PCM_F64BE_DECODER 0
-#define CONFIG_PCM_F64LE_DECODER 0
-#define CONFIG_PCM_LXF_DECODER 0
-#define CONFIG_PCM_MULAW_DECODER 0
-#define CONFIG_PCM_S8_DECODER 0
-#define CONFIG_PCM_S8_PLANAR_DECODER 0
-#define CONFIG_PCM_S16BE_DECODER 0
-#define CONFIG_PCM_S16BE_PLANAR_DECODER 0
-#define CONFIG_PCM_S16LE_DECODER 0
-#define CONFIG_PCM_S16LE_PLANAR_DECODER 0
-#define CONFIG_PCM_S24BE_DECODER 0
-#define CONFIG_PCM_S24DAUD_DECODER 0
-#define CONFIG_PCM_S24LE_DECODER 0
-#define CONFIG_PCM_S24LE_PLANAR_DECODER 0
-#define CONFIG_PCM_S32BE_DECODER 0
-#define CONFIG_PCM_S32LE_DECODER 0
-#define CONFIG_PCM_S32LE_PLANAR_DECODER 0
-#define CONFIG_PCM_S64BE_DECODER 0
-#define CONFIG_PCM_S64LE_DECODER 0
-#define CONFIG_PCM_U8_DECODER 0
-#define CONFIG_PCM_U16BE_DECODER 0
-#define CONFIG_PCM_U16LE_DECODER 0
-#define CONFIG_PCM_U24BE_DECODER 0
-#define CONFIG_PCM_U24LE_DECODER 0
-#define CONFIG_PCM_U32BE_DECODER 0
-#define CONFIG_PCM_U32LE_DECODER 0
-#define CONFIG_PCM_ZORK_DECODER 0
-#define CONFIG_INTERPLAY_DPCM_DECODER 0
-#define CONFIG_ROQ_DPCM_DECODER 0
-#define CONFIG_SOL_DPCM_DECODER 0
-#define CONFIG_XAN_DPCM_DECODER 0
-#define CONFIG_ADPCM_4XM_DECODER 0
-#define CONFIG_ADPCM_ADX_DECODER 0
-#define CONFIG_ADPCM_AFC_DECODER 0
-#define CONFIG_ADPCM_AICA_DECODER 0
-#define CONFIG_ADPCM_CT_DECODER 0
-#define CONFIG_ADPCM_DTK_DECODER 0
-#define CONFIG_ADPCM_EA_DECODER 0
-#define CONFIG_ADPCM_EA_MAXIS_XA_DECODER 0
-#define CONFIG_ADPCM_EA_R1_DECODER 0
-#define CONFIG_ADPCM_EA_R2_DECODER 0
-#define CONFIG_ADPCM_EA_R3_DECODER 0
-#define CONFIG_ADPCM_EA_XAS_DECODER 0
-#define CONFIG_ADPCM_G722_DECODER 0
-#define CONFIG_ADPCM_G726_DECODER 0
-#define CONFIG_ADPCM_G726LE_DECODER 0
-#define CONFIG_ADPCM_IMA_AMV_DECODER 0
-#define CONFIG_ADPCM_IMA_APC_DECODER 0
-#define CONFIG_ADPCM_IMA_DAT4_DECODER 0
-#define CONFIG_ADPCM_IMA_DK3_DECODER 0
-#define CONFIG_ADPCM_IMA_DK4_DECODER 0
-#define CONFIG_ADPCM_IMA_EA_EACS_DECODER 0
-#define CONFIG_ADPCM_IMA_EA_SEAD_DECODER 0
-#define CONFIG_ADPCM_IMA_ISS_DECODER 0
-#define CONFIG_ADPCM_IMA_OKI_DECODER 0
-#define CONFIG_ADPCM_IMA_QT_DECODER 0
-#define CONFIG_ADPCM_IMA_RAD_DECODER 0
-#define CONFIG_ADPCM_IMA_SMJPEG_DECODER 0
-#define CONFIG_ADPCM_IMA_WAV_DECODER 0
-#define CONFIG_ADPCM_IMA_WS_DECODER 0
-#define CONFIG_ADPCM_MS_DECODER 0
-#define CONFIG_ADPCM_MTAF_DECODER 0
-#define CONFIG_ADPCM_PSX_DECODER 0
-#define CONFIG_ADPCM_SBPRO_2_DECODER 0
-#define CONFIG_ADPCM_SBPRO_3_DECODER 0
-#define CONFIG_ADPCM_SBPRO_4_DECODER 0
-#define CONFIG_ADPCM_SWF_DECODER 0
-#define CONFIG_ADPCM_THP_DECODER 0
-#define CONFIG_ADPCM_THP_LE_DECODER 0
-#define CONFIG_ADPCM_VIMA_DECODER 0
-#define CONFIG_ADPCM_XA_DECODER 0
-#define CONFIG_ADPCM_YAMAHA_DECODER 0
-#define CONFIG_SSA_DECODER 0
-#define CONFIG_ASS_DECODER 0
-#define CONFIG_CCAPTION_DECODER 0
-#define CONFIG_DVBSUB_DECODER 0
-#define CONFIG_DVDSUB_DECODER 0
-#define CONFIG_JACOSUB_DECODER 0
-#define CONFIG_MICRODVD_DECODER 0
-#define CONFIG_MOVTEXT_DECODER 0
-#define CONFIG_MPL2_DECODER 0
-#define CONFIG_PGSSUB_DECODER 0
-#define CONFIG_PJS_DECODER 0
-#define CONFIG_REALTEXT_DECODER 0
-#define CONFIG_SAMI_DECODER 0
-#define CONFIG_SRT_DECODER 0
-#define CONFIG_STL_DECODER 0
-#define CONFIG_SUBRIP_DECODER 0
-#define CONFIG_SUBVIEWER_DECODER 0
-#define CONFIG_SUBVIEWER1_DECODER 0
-#define CONFIG_TEXT_DECODER 0
-#define CONFIG_VPLAYER_DECODER 0
-#define CONFIG_WEBVTT_DECODER 0
-#define CONFIG_XSUB_DECODER 0
-#define CONFIG_AAC_AT_DECODER 0
-#define CONFIG_AC3_AT_DECODER 0
-#define CONFIG_ADPCM_IMA_QT_AT_DECODER 0
-#define CONFIG_ALAC_AT_DECODER 0
-#define CONFIG_AMR_NB_AT_DECODER 0
-#define CONFIG_EAC3_AT_DECODER 0
-#define CONFIG_GSM_MS_AT_DECODER 0
-#define CONFIG_ILBC_AT_DECODER 0
-#define CONFIG_MP1_AT_DECODER 0
-#define CONFIG_MP2_AT_DECODER 0
-#define CONFIG_MP3_AT_DECODER 0
-#define CONFIG_PCM_ALAW_AT_DECODER 0
-#define CONFIG_PCM_MULAW_AT_DECODER 0
-#define CONFIG_QDMC_AT_DECODER 0
-#define CONFIG_QDM2_AT_DECODER 0
-#define CONFIG_LIBCELT_DECODER 0
-#define CONFIG_LIBFDK_AAC_DECODER 0
-#define CONFIG_LIBGSM_DECODER 0
-#define CONFIG_LIBGSM_MS_DECODER 0
-#define CONFIG_LIBILBC_DECODER 0
-#define CONFIG_LIBOPENCORE_AMRNB_DECODER 0
-#define CONFIG_LIBOPENCORE_AMRWB_DECODER 0
-#define CONFIG_LIBOPENJPEG_DECODER 0
-#define CONFIG_LIBOPUS_DECODER 0
-#define CONFIG_LIBSCHROEDINGER_DECODER 0
-#define CONFIG_LIBSPEEX_DECODER 0
-#define CONFIG_LIBVORBIS_DECODER 0
-#define CONFIG_LIBVPX_VP8_DECODER 0
-#define CONFIG_LIBVPX_VP9_DECODER 0
-#define CONFIG_LIBZVBI_TELETEXT_DECODER 0
-#define CONFIG_BINTEXT_DECODER 0
-#define CONFIG_XBIN_DECODER 0
-#define CONFIG_IDF_DECODER 0
-#define CONFIG_LIBOPENH264_DECODER 0
-#define CONFIG_H263_CUVID_DECODER 0
-#define CONFIG_H264_CUVID_DECODER 0
-#define CONFIG_HEVC_CUVID_DECODER 0
-#define CONFIG_HEVC_MEDIACODEC_DECODER 0
-#define CONFIG_MJPEG_CUVID_DECODER 0
-#define CONFIG_MPEG1_CUVID_DECODER 0
-#define CONFIG_MPEG2_CUVID_DECODER 0
-#define CONFIG_MPEG4_CUVID_DECODER 0
-#define CONFIG_MPEG4_MEDIACODEC_DECODER 0
-#define CONFIG_VC1_CUVID_DECODER 0
-#define CONFIG_VP8_CUVID_DECODER 0
-#define CONFIG_VP8_MEDIACODEC_DECODER 0
-#define CONFIG_VP9_CUVID_DECODER 0
-#define CONFIG_VP9_MEDIACODEC_DECODER 0
-#define CONFIG_AA_DEMUXER 0
-#define CONFIG_AAC_DEMUXER 0
-#define CONFIG_AC3_DEMUXER 0
-#define CONFIG_ACM_DEMUXER 0
-#define CONFIG_ACT_DEMUXER 0
-#define CONFIG_ADF_DEMUXER 0
-#define CONFIG_ADP_DEMUXER 0
-#define CONFIG_ADS_DEMUXER 0
-#define CONFIG_ADX_DEMUXER 0
-#define CONFIG_AEA_DEMUXER 0
-#define CONFIG_AFC_DEMUXER 0
-#define CONFIG_AIFF_DEMUXER 0
-#define CONFIG_AIX_DEMUXER 0
-#define CONFIG_AMR_DEMUXER 0
-#define CONFIG_ANM_DEMUXER 0
-#define CONFIG_APC_DEMUXER 0
-#define CONFIG_APE_DEMUXER 0
-#define CONFIG_APNG_DEMUXER 0
-#define CONFIG_AQTITLE_DEMUXER 0
-#define CONFIG_ASF_DEMUXER 0
-#define CONFIG_ASF_O_DEMUXER 0
-#define CONFIG_ASS_DEMUXER 0
-#define CONFIG_AST_DEMUXER 0
-#define CONFIG_AU_DEMUXER 0
-#define CONFIG_AVI_DEMUXER 0
-#define CONFIG_AVISYNTH_DEMUXER 0
-#define CONFIG_AVR_DEMUXER 0
-#define CONFIG_AVS_DEMUXER 0
-#define CONFIG_BETHSOFTVID_DEMUXER 0
-#define CONFIG_BFI_DEMUXER 0
-#define CONFIG_BINTEXT_DEMUXER 0
-#define CONFIG_BINK_DEMUXER 0
-#define CONFIG_BIT_DEMUXER 0
-#define CONFIG_BMV_DEMUXER 0
-#define CONFIG_BFSTM_DEMUXER 0
-#define CONFIG_BRSTM_DEMUXER 0
-#define CONFIG_BOA_DEMUXER 0
-#define CONFIG_C93_DEMUXER 0
-#define CONFIG_CAF_DEMUXER 0
-#define CONFIG_CAVSVIDEO_DEMUXER 0
-#define CONFIG_CDG_DEMUXER 0
-#define CONFIG_CDXL_DEMUXER 0
-#define CONFIG_CINE_DEMUXER 0
-#define CONFIG_CONCAT_DEMUXER 0
-#define CONFIG_DATA_DEMUXER 0
-#define CONFIG_DAUD_DEMUXER 0
-#define CONFIG_DCSTR_DEMUXER 0
-#define CONFIG_DFA_DEMUXER 0
-#define CONFIG_DIRAC_DEMUXER 0
-#define CONFIG_DNXHD_DEMUXER 0
-#define CONFIG_DSF_DEMUXER 0
-#define CONFIG_DSICIN_DEMUXER 0
-#define CONFIG_DSS_DEMUXER 0
-#define CONFIG_DTS_DEMUXER 0
-#define CONFIG_DTSHD_DEMUXER 0
-#define CONFIG_DV_DEMUXER 0
-#define CONFIG_DVBSUB_DEMUXER 0
-#define CONFIG_DVBTXT_DEMUXER 0
-#define CONFIG_DXA_DEMUXER 0
-#define CONFIG_EA_DEMUXER 0
-#define CONFIG_EA_CDATA_DEMUXER 0
-#define CONFIG_EAC3_DEMUXER 0
-#define CONFIG_EPAF_DEMUXER 0
-#define CONFIG_FFM_DEMUXER 0
-#define CONFIG_FFMETADATA_DEMUXER 0
-#define CONFIG_FILMSTRIP_DEMUXER 0
-#define CONFIG_FLAC_DEMUXER 0
-#define CONFIG_FLIC_DEMUXER 0
-#define CONFIG_FLV_DEMUXER 0
-#define CONFIG_LIVE_FLV_DEMUXER 0
-#define CONFIG_FOURXM_DEMUXER 0
-#define CONFIG_FRM_DEMUXER 0
-#define CONFIG_FSB_DEMUXER 0
-#define CONFIG_G722_DEMUXER 0
-#define CONFIG_G723_1_DEMUXER 0
-#define CONFIG_G729_DEMUXER 0
-#define CONFIG_GENH_DEMUXER 0
-#define CONFIG_GIF_DEMUXER 0
-#define CONFIG_GSM_DEMUXER 0
-#define CONFIG_GXF_DEMUXER 0
-#define CONFIG_H261_DEMUXER 0
-#define CONFIG_H263_DEMUXER 0
-#define CONFIG_H264_DEMUXER 0
-#define CONFIG_HEVC_DEMUXER 0
-#define CONFIG_HLS_DEMUXER 0
-#define CONFIG_HNM_DEMUXER 0
-#define CONFIG_ICO_DEMUXER 0
-#define CONFIG_IDCIN_DEMUXER 0
-#define CONFIG_IDF_DEMUXER 0
-#define CONFIG_IFF_DEMUXER 0
-#define CONFIG_ILBC_DEMUXER 0
-#define CONFIG_IMAGE2_DEMUXER 0
-#define CONFIG_IMAGE2PIPE_DEMUXER 0
-#define CONFIG_IMAGE2_ALIAS_PIX_DEMUXER 0
-#define CONFIG_IMAGE2_BRENDER_PIX_DEMUXER 0
-#define CONFIG_INGENIENT_DEMUXER 0
-#define CONFIG_IPMOVIE_DEMUXER 0
-#define CONFIG_IRCAM_DEMUXER 0
-#define CONFIG_ISS_DEMUXER 0
-#define CONFIG_IV8_DEMUXER 0
-#define CONFIG_IVF_DEMUXER 0
-#define CONFIG_IVR_DEMUXER 0
-#define CONFIG_JACOSUB_DEMUXER 0
-#define CONFIG_JV_DEMUXER 0
-#define CONFIG_LMLM4_DEMUXER 0
-#define CONFIG_LOAS_DEMUXER 0
-#define CONFIG_LRC_DEMUXER 0
-#define CONFIG_LVF_DEMUXER 0
-#define CONFIG_LXF_DEMUXER 0
-#define CONFIG_M4V_DEMUXER 0
-#define CONFIG_MATROSKA_DEMUXER 0
-#define CONFIG_MGSTS_DEMUXER 0
-#define CONFIG_MICRODVD_DEMUXER 0
-#define CONFIG_MJPEG_DEMUXER 0
-#define CONFIG_MLP_DEMUXER 0
-#define CONFIG_MLV_DEMUXER 0
-#define CONFIG_MM_DEMUXER 0
-#define CONFIG_MMF_DEMUXER 0
-#define CONFIG_MOV_DEMUXER 0
-#define CONFIG_MP3_DEMUXER 0
-#define CONFIG_MPC_DEMUXER 0
-#define CONFIG_MPC8_DEMUXER 0
-#define CONFIG_MPEGPS_DEMUXER 0
-#define CONFIG_MPEGTS_DEMUXER 0
-#define CONFIG_MPEGTSRAW_DEMUXER 0
-#define CONFIG_MPEGVIDEO_DEMUXER 0
-#define CONFIG_MPJPEG_DEMUXER 0
-#define CONFIG_MPL2_DEMUXER 0
-#define CONFIG_MPSUB_DEMUXER 0
-#define CONFIG_MSF_DEMUXER 0
-#define CONFIG_MSNWC_TCP_DEMUXER 0
-#define CONFIG_MTAF_DEMUXER 0
-#define CONFIG_MTV_DEMUXER 0
-#define CONFIG_MUSX_DEMUXER 0
-#define CONFIG_MV_DEMUXER 0
-#define CONFIG_MVI_DEMUXER 0
-#define CONFIG_MXF_DEMUXER 0
-#define CONFIG_MXG_DEMUXER 0
-#define CONFIG_NC_DEMUXER 0
-#define CONFIG_NISTSPHERE_DEMUXER 0
-#define CONFIG_NSV_DEMUXER 0
-#define CONFIG_NUT_DEMUXER 0
-#define CONFIG_NUV_DEMUXER 0
-#define CONFIG_OGG_DEMUXER 0
-#define CONFIG_OMA_DEMUXER 0
-#define CONFIG_PAF_DEMUXER 0
-#define CONFIG_PCM_ALAW_DEMUXER 0
-#define CONFIG_PCM_MULAW_DEMUXER 0
-#define CONFIG_PCM_F64BE_DEMUXER 0
-#define CONFIG_PCM_F64LE_DEMUXER 0
-#define CONFIG_PCM_F32BE_DEMUXER 0
-#define CONFIG_PCM_F32LE_DEMUXER 0
-#define CONFIG_PCM_S32BE_DEMUXER 0
-#define CONFIG_PCM_S32LE_DEMUXER 0
-#define CONFIG_PCM_S24BE_DEMUXER 0
-#define CONFIG_PCM_S24LE_DEMUXER 0
-#define CONFIG_PCM_S16BE_DEMUXER 0
-#define CONFIG_PCM_S16LE_DEMUXER 0
-#define CONFIG_PCM_S8_DEMUXER 0
-#define CONFIG_PCM_U32BE_DEMUXER 0
-#define CONFIG_PCM_U32LE_DEMUXER 0
-#define CONFIG_PCM_U24BE_DEMUXER 0
-#define CONFIG_PCM_U24LE_DEMUXER 0
-#define CONFIG_PCM_U16BE_DEMUXER 0
-#define CONFIG_PCM_U16LE_DEMUXER 0
-#define CONFIG_PCM_U8_DEMUXER 0
-#define CONFIG_PJS_DEMUXER 0
-#define CONFIG_PMP_DEMUXER 0
-#define CONFIG_PVA_DEMUXER 0
-#define CONFIG_PVF_DEMUXER 0
-#define CONFIG_QCP_DEMUXER 0
-#define CONFIG_R3D_DEMUXER 0
-#define CONFIG_RAWVIDEO_DEMUXER 0
-#define CONFIG_REALTEXT_DEMUXER 0
-#define CONFIG_REDSPARK_DEMUXER 0
-#define CONFIG_RL2_DEMUXER 0
-#define CONFIG_RM_DEMUXER 0
-#define CONFIG_ROQ_DEMUXER 0
-#define CONFIG_RPL_DEMUXER 0
-#define CONFIG_RSD_DEMUXER 0
-#define CONFIG_RSO_DEMUXER 0
-#define CONFIG_RTP_DEMUXER 0
-#define CONFIG_RTSP_DEMUXER 0
-#define CONFIG_SAMI_DEMUXER 0
-#define CONFIG_SAP_DEMUXER 0
-#define CONFIG_SBG_DEMUXER 0
-#define CONFIG_SDP_DEMUXER 0
-#define CONFIG_SDR2_DEMUXER 0
-#define CONFIG_SEGAFILM_DEMUXER 0
-#define CONFIG_SHORTEN_DEMUXER 0
-#define CONFIG_SIFF_DEMUXER 0
-#define CONFIG_SLN_DEMUXER 0
-#define CONFIG_SMACKER_DEMUXER 0
-#define CONFIG_SMJPEG_DEMUXER 0
-#define CONFIG_SMUSH_DEMUXER 0
-#define CONFIG_SOL_DEMUXER 0
-#define CONFIG_SOX_DEMUXER 0
-#define CONFIG_SPDIF_DEMUXER 0
-#define CONFIG_SRT_DEMUXER 0
-#define CONFIG_STR_DEMUXER 0
-#define CONFIG_STL_DEMUXER 0
-#define CONFIG_SUBVIEWER1_DEMUXER 0
-#define CONFIG_SUBVIEWER_DEMUXER 0
-#define CONFIG_SUP_DEMUXER 0
-#define CONFIG_SVAG_DEMUXER 0
-#define CONFIG_SWF_DEMUXER 0
-#define CONFIG_TAK_DEMUXER 0
-#define CONFIG_TEDCAPTIONS_DEMUXER 0
-#define CONFIG_THP_DEMUXER 0
-#define CONFIG_THREEDOSTR_DEMUXER 0
-#define CONFIG_TIERTEXSEQ_DEMUXER 0
-#define CONFIG_TMV_DEMUXER 0
-#define CONFIG_TRUEHD_DEMUXER 0
-#define CONFIG_TTA_DEMUXER 0
-#define CONFIG_TXD_DEMUXER 0
-#define CONFIG_TTY_DEMUXER 0
-#define CONFIG_V210_DEMUXER 0
-#define CONFIG_V210X_DEMUXER 0
-#define CONFIG_VAG_DEMUXER 0
-#define CONFIG_VC1_DEMUXER 0
-#define CONFIG_VC1T_DEMUXER 0
-#define CONFIG_VIVO_DEMUXER 0
-#define CONFIG_VMD_DEMUXER 0
-#define CONFIG_VOBSUB_DEMUXER 0
-#define CONFIG_VOC_DEMUXER 0
-#define CONFIG_VPK_DEMUXER 0
-#define CONFIG_VPLAYER_DEMUXER 0
-#define CONFIG_VQF_DEMUXER 0
-#define CONFIG_W64_DEMUXER 0
-#define CONFIG_WAV_DEMUXER 0
-#define CONFIG_WC3_DEMUXER 0
-#define CONFIG_WEBM_DASH_MANIFEST_DEMUXER 0
-#define CONFIG_WEBVTT_DEMUXER 0
-#define CONFIG_WSAUD_DEMUXER 0
-#define CONFIG_WSD_DEMUXER 0
-#define CONFIG_WSVQA_DEMUXER 0
-#define CONFIG_WTV_DEMUXER 0
-#define CONFIG_WVE_DEMUXER 0
-#define CONFIG_WV_DEMUXER 0
-#define CONFIG_XA_DEMUXER 0
-#define CONFIG_XBIN_DEMUXER 0
-#define CONFIG_XMV_DEMUXER 0
-#define CONFIG_XVAG_DEMUXER 0
-#define CONFIG_XWMA_DEMUXER 0
-#define CONFIG_YOP_DEMUXER 0
-#define CONFIG_YUV4MPEGPIPE_DEMUXER 0
-#define CONFIG_IMAGE_BMP_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_DDS_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_DPX_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_EXR_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_J2K_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_JPEG_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_JPEGLS_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_PAM_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_PBM_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_PCX_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_PGMYUV_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_PGM_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_PICTOR_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_PNG_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_PPM_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_QDRAW_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_SGI_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_SUNRAST_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_TIFF_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_WEBP_PIPE_DEMUXER 0
-#define CONFIG_LIBGME_DEMUXER 0
-#define CONFIG_LIBMODPLUG_DEMUXER 0
-#define CONFIG_LIBNUT_DEMUXER 0
-#define CONFIG_LIBOPENMPT_DEMUXER 0
-#define CONFIG_A64MULTI_ENCODER 0
-#define CONFIG_A64MULTI5_ENCODER 0
-#define CONFIG_ALIAS_PIX_ENCODER 0
-#define CONFIG_AMV_ENCODER 0
-#define CONFIG_APNG_ENCODER 0
-#define CONFIG_ASV1_ENCODER 0
-#define CONFIG_ASV2_ENCODER 0
-#define CONFIG_AVRP_ENCODER 0
-#define CONFIG_AVUI_ENCODER 0
-#define CONFIG_AYUV_ENCODER 0
-#define CONFIG_BMP_ENCODER 0
-#define CONFIG_CINEPAK_ENCODER 0
-#define CONFIG_CLJR_ENCODER 0
-#define CONFIG_COMFORTNOISE_ENCODER 0
-#define CONFIG_DNXHD_ENCODER 0
-#define CONFIG_DPX_ENCODER 0
-#define CONFIG_DVVIDEO_ENCODER 0
-#define CONFIG_FFV1_ENCODER 0
-#define CONFIG_FFVHUFF_ENCODER 0
-#define CONFIG_FLASHSV_ENCODER 0
-#define CONFIG_FLASHSV2_ENCODER 0
-#define CONFIG_FLV_ENCODER 0
-#define CONFIG_GIF_ENCODER 0
-#define CONFIG_H261_ENCODER 0
-#define CONFIG_H263_ENCODER 0
-#define CONFIG_H263P_ENCODER 0
-#define CONFIG_HAP_ENCODER 0
-#define CONFIG_HUFFYUV_ENCODER 0
-#define CONFIG_JPEG2000_ENCODER 0
-#define CONFIG_JPEGLS_ENCODER 0
-#define CONFIG_LJPEG_ENCODER 0
-#define CONFIG_MJPEG_ENCODER 0
-#define CONFIG_MPEG1VIDEO_ENCODER 0
-#define CONFIG_MPEG2VIDEO_ENCODER 0
-#define CONFIG_MPEG4_ENCODER 0
-#define CONFIG_MSMPEG4V2_ENCODER 0
-#define CONFIG_MSMPEG4V3_ENCODER 0
-#define CONFIG_MSVIDEO1_ENCODER 0
-#define CONFIG_PAM_ENCODER 0
-#define CONFIG_PBM_ENCODER 0
-#define CONFIG_PCX_ENCODER 0
-#define CONFIG_PGM_ENCODER 0
-#define CONFIG_PGMYUV_ENCODER 0
-#define CONFIG_PNG_ENCODER 0
-#define CONFIG_PPM_ENCODER 0
-#define CONFIG_PRORES_ENCODER 0
-#define CONFIG_PRORES_AW_ENCODER 0
-#define CONFIG_PRORES_KS_ENCODER 0
-#define CONFIG_QTRLE_ENCODER 0
-#define CONFIG_R10K_ENCODER 0
-#define CONFIG_R210_ENCODER 0
-#define CONFIG_RAWVIDEO_ENCODER 0
-#define CONFIG_ROQ_ENCODER 0
-#define CONFIG_RV10_ENCODER 0
-#define CONFIG_RV20_ENCODER 0
-#define CONFIG_S302M_ENCODER 0
-#define CONFIG_SGI_ENCODER 0
-#define CONFIG_SNOW_ENCODER 0
-#define CONFIG_SUNRAST_ENCODER 0
-#define CONFIG_SVQ1_ENCODER 0
-#define CONFIG_TARGA_ENCODER 0
-#define CONFIG_TIFF_ENCODER 0
-#define CONFIG_UTVIDEO_ENCODER 0
-#define CONFIG_V210_ENCODER 0
-#define CONFIG_V308_ENCODER 0
-#define CONFIG_V408_ENCODER 0
-#define CONFIG_V410_ENCODER 0
-#define CONFIG_VC2_ENCODER 0
-#define CONFIG_WRAPPED_AVFRAME_ENCODER 0
-#define CONFIG_WMV1_ENCODER 0
-#define CONFIG_WMV2_ENCODER 0
-#define CONFIG_XBM_ENCODER 0
-#define CONFIG_XFACE_ENCODER 0
-#define CONFIG_XWD_ENCODER 0
-#define CONFIG_Y41P_ENCODER 0
-#define CONFIG_YUV4_ENCODER 0
-#define CONFIG_ZLIB_ENCODER 0
-#define CONFIG_ZMBV_ENCODER 0
-#define CONFIG_AAC_ENCODER 0
-#define CONFIG_AC3_ENCODER 0
-#define CONFIG_AC3_FIXED_ENCODER 0
-#define CONFIG_ALAC_ENCODER 0
-#define CONFIG_DCA_ENCODER 0
-#define CONFIG_EAC3_ENCODER 0
-#define CONFIG_FLAC_ENCODER 0
-#define CONFIG_G723_1_ENCODER 0
-#define CONFIG_MLP_ENCODER 0
-#define CONFIG_MP2_ENCODER 0
-#define CONFIG_MP2FIXED_ENCODER 0
-#define CONFIG_NELLYMOSER_ENCODER 0
-#define CONFIG_RA_144_ENCODER 0
-#define CONFIG_SONIC_ENCODER 0
-#define CONFIG_SONIC_LS_ENCODER 0
-#define CONFIG_TRUEHD_ENCODER 0
-#define CONFIG_TTA_ENCODER 0
-#define CONFIG_VORBIS_ENCODER 0
-#define CONFIG_WAVPACK_ENCODER 0
-#define CONFIG_WMAV1_ENCODER 0
-#define CONFIG_WMAV2_ENCODER 0
-#define CONFIG_PCM_ALAW_ENCODER 0
-#define CONFIG_PCM_F32BE_ENCODER 0
-#define CONFIG_PCM_F32LE_ENCODER 0
-#define CONFIG_PCM_F64BE_ENCODER 0
-#define CONFIG_PCM_F64LE_ENCODER 0
-#define CONFIG_PCM_MULAW_ENCODER 0
-#define CONFIG_PCM_S8_ENCODER 0
-#define CONFIG_PCM_S8_PLANAR_ENCODER 0
-#define CONFIG_PCM_S16BE_ENCODER 0
-#define CONFIG_PCM_S16BE_PLANAR_ENCODER 0
-#define CONFIG_PCM_S16LE_ENCODER 0
-#define CONFIG_PCM_S16LE_PLANAR_ENCODER 0
-#define CONFIG_PCM_S24BE_ENCODER 0
-#define CONFIG_PCM_S24DAUD_ENCODER 0
-#define CONFIG_PCM_S24LE_ENCODER 0
-#define CONFIG_PCM_S24LE_PLANAR_ENCODER 0
-#define CONFIG_PCM_S32BE_ENCODER 0
-#define CONFIG_PCM_S32LE_ENCODER 0
-#define CONFIG_PCM_S32LE_PLANAR_ENCODER 0
-#define CONFIG_PCM_S64BE_ENCODER 0
-#define CONFIG_PCM_S64LE_ENCODER 0
-#define CONFIG_PCM_U8_ENCODER 0
-#define CONFIG_PCM_U16BE_ENCODER 0
-#define CONFIG_PCM_U16LE_ENCODER 0
-#define CONFIG_PCM_U24BE_ENCODER 0
-#define CONFIG_PCM_U24LE_ENCODER 0
-#define CONFIG_PCM_U32BE_ENCODER 0
-#define CONFIG_PCM_U32LE_ENCODER 0
-#define CONFIG_ROQ_DPCM_ENCODER 0
-#define CONFIG_ADPCM_ADX_ENCODER 0
-#define CONFIG_ADPCM_G722_ENCODER 0
-#define CONFIG_ADPCM_G726_ENCODER 0
-#define CONFIG_ADPCM_IMA_QT_ENCODER 0
-#define CONFIG_ADPCM_IMA_WAV_ENCODER 0
-#define CONFIG_ADPCM_MS_ENCODER 0
-#define CONFIG_ADPCM_SWF_ENCODER 0
-#define CONFIG_ADPCM_YAMAHA_ENCODER 0
-#define CONFIG_SSA_ENCODER 0
-#define CONFIG_ASS_ENCODER 0
-#define CONFIG_DVBSUB_ENCODER 0
-#define CONFIG_DVDSUB_ENCODER 0
-#define CONFIG_MOVTEXT_ENCODER 0
-#define CONFIG_SRT_ENCODER 0
-#define CONFIG_SUBRIP_ENCODER 0
-#define CONFIG_TEXT_ENCODER 0
-#define CONFIG_WEBVTT_ENCODER 0
-#define CONFIG_XSUB_ENCODER 0
-#define CONFIG_AAC_AT_ENCODER 0
-#define CONFIG_ALAC_AT_ENCODER 0
-#define CONFIG_ILBC_AT_ENCODER 0
-#define CONFIG_PCM_ALAW_AT_ENCODER 0
-#define CONFIG_PCM_MULAW_AT_ENCODER 0
-#define CONFIG_LIBFDK_AAC_ENCODER 0
-#define CONFIG_LIBGSM_ENCODER 0
-#define CONFIG_LIBGSM_MS_ENCODER 0
-#define CONFIG_LIBILBC_ENCODER 0
-#define CONFIG_LIBMP3LAME_ENCODER 0
-#define CONFIG_LIBOPENCORE_AMRNB_ENCODER 0
-#define CONFIG_LIBOPENJPEG_ENCODER 0
-#define CONFIG_LIBOPUS_ENCODER 0
-#define CONFIG_LIBSCHROEDINGER_ENCODER 0
-#define CONFIG_LIBSHINE_ENCODER 0
-#define CONFIG_LIBSPEEX_ENCODER 0
-#define CONFIG_LIBTHEORA_ENCODER 0
-#define CONFIG_LIBTWOLAME_ENCODER 0
-#define CONFIG_LIBVO_AMRWBENC_ENCODER 0
-#define CONFIG_LIBVORBIS_ENCODER 0
-#define CONFIG_LIBVPX_VP8_ENCODER 0
-#define CONFIG_LIBVPX_VP9_ENCODER 0
-#define CONFIG_LIBWAVPACK_ENCODER 0
-#define CONFIG_LIBWEBP_ANIM_ENCODER 0
-#define CONFIG_LIBWEBP_ENCODER 0
-#define CONFIG_LIBX262_ENCODER 0
-#define CONFIG_LIBX264_ENCODER 0
-#define CONFIG_LIBX264RGB_ENCODER 0
-#define CONFIG_LIBX265_ENCODER 0
-#define CONFIG_LIBXAVS_ENCODER 0
-#define CONFIG_LIBXVID_ENCODER 0
-#define CONFIG_LIBOPENH264_ENCODER 0
-#define CONFIG_H264_NVENC_ENCODER 0
-#define CONFIG_H264_OMX_ENCODER 0
-#define CONFIG_H264_QSV_ENCODER 0
-#define CONFIG_H264_VAAPI_ENCODER 0
-#define CONFIG_H264_VIDEOTOOLBOX_ENCODER 0
-#define CONFIG_NVENC_ENCODER 0
-#define CONFIG_NVENC_H264_ENCODER 0
-#define CONFIG_NVENC_HEVC_ENCODER 0
-#define CONFIG_HEVC_NVENC_ENCODER 0
-#define CONFIG_HEVC_QSV_ENCODER 0
-#define CONFIG_HEVC_VAAPI_ENCODER 0
-#define CONFIG_LIBKVAZAAR_ENCODER 0
-#define CONFIG_MJPEG_VAAPI_ENCODER 0
-#define CONFIG_MPEG2_QSV_ENCODER 0
-#define CONFIG_ABENCH_FILTER 0
-#define CONFIG_ACOMPRESSOR_FILTER 0
-#define CONFIG_ACROSSFADE_FILTER 0
-#define CONFIG_ACRUSHER_FILTER 0
-#define CONFIG_ADELAY_FILTER 0
-#define CONFIG_AECHO_FILTER 0
-#define CONFIG_AEMPHASIS_FILTER 0
-#define CONFIG_AEVAL_FILTER 0
-#define CONFIG_AFADE_FILTER 0
-#define CONFIG_AFFTFILT_FILTER 0
-#define CONFIG_AFORMAT_FILTER 0
-#define CONFIG_AGATE_FILTER 0
-#define CONFIG_AINTERLEAVE_FILTER 0
-#define CONFIG_ALIMITER_FILTER 0
-#define CONFIG_ALLPASS_FILTER 0
-#define CONFIG_ALOOP_FILTER 0
-#define CONFIG_AMERGE_FILTER 0
-#define CONFIG_AMETADATA_FILTER 0
-#define CONFIG_AMIX_FILTER 0
-#define CONFIG_ANEQUALIZER_FILTER 0
-#define CONFIG_ANULL_FILTER 0
-#define CONFIG_APAD_FILTER 0
-#define CONFIG_APERMS_FILTER 0
-#define CONFIG_APHASER_FILTER 0
-#define CONFIG_APULSATOR_FILTER 0
-#define CONFIG_AREALTIME_FILTER 0
-#define CONFIG_ARESAMPLE_FILTER 0
-#define CONFIG_AREVERSE_FILTER 0
-#define CONFIG_ASELECT_FILTER 0
-#define CONFIG_ASENDCMD_FILTER 0
-#define CONFIG_ASETNSAMPLES_FILTER 0
-#define CONFIG_ASETPTS_FILTER 0
-#define CONFIG_ASETRATE_FILTER 0
-#define CONFIG_ASETTB_FILTER 0
-#define CONFIG_ASHOWINFO_FILTER 0
-#define CONFIG_ASIDEDATA_FILTER 0
-#define CONFIG_ASPLIT_FILTER 0
-#define CONFIG_ASTATS_FILTER 0
-#define CONFIG_ASTREAMSELECT_FILTER 0
-#define CONFIG_ASYNCTS_FILTER 0
-#define CONFIG_ATEMPO_FILTER 0
-#define CONFIG_ATRIM_FILTER 0
-#define CONFIG_AZMQ_FILTER 0
-#define CONFIG_BANDPASS_FILTER 0
-#define CONFIG_BANDREJECT_FILTER 0
-#define CONFIG_BASS_FILTER 0
-#define CONFIG_BIQUAD_FILTER 0
-#define CONFIG_BS2B_FILTER 0
-#define CONFIG_CHANNELMAP_FILTER 0
-#define CONFIG_CHANNELSPLIT_FILTER 0
-#define CONFIG_CHORUS_FILTER 0
-#define CONFIG_COMPAND_FILTER 0
-#define CONFIG_COMPENSATIONDELAY_FILTER 0
-#define CONFIG_CRYSTALIZER_FILTER 0
-#define CONFIG_DCSHIFT_FILTER 0
-#define CONFIG_DYNAUDNORM_FILTER 0
-#define CONFIG_EARWAX_FILTER 0
-#define CONFIG_EBUR128_FILTER 0
-#define CONFIG_EQUALIZER_FILTER 0
-#define CONFIG_EXTRASTEREO_FILTER 0
-#define CONFIG_FIREQUALIZER_FILTER 0
-#define CONFIG_FLANGER_FILTER 0
-#define CONFIG_HDCD_FILTER 0
-#define CONFIG_HIGHPASS_FILTER 0
-#define CONFIG_JOIN_FILTER 0
-#define CONFIG_LADSPA_FILTER 0
-#define CONFIG_LOUDNORM_FILTER 0
-#define CONFIG_LOWPASS_FILTER 0
-#define CONFIG_PAN_FILTER 0
-#define CONFIG_REPLAYGAIN_FILTER 0
-#define CONFIG_RESAMPLE_FILTER 0
-#define CONFIG_RUBBERBAND_FILTER 0
-#define CONFIG_SIDECHAINCOMPRESS_FILTER 0
-#define CONFIG_SIDECHAINGATE_FILTER 0
-#define CONFIG_SILENCEDETECT_FILTER 0
-#define CONFIG_SILENCEREMOVE_FILTER 0
-#define CONFIG_SOFALIZER_FILTER 0
-#define CONFIG_STEREOTOOLS_FILTER 0
-#define CONFIG_STEREOWIDEN_FILTER 0
-#define CONFIG_TREBLE_FILTER 0
-#define CONFIG_TREMOLO_FILTER 0
-#define CONFIG_VIBRATO_FILTER 0
-#define CONFIG_VOLUME_FILTER 0
-#define CONFIG_VOLUMEDETECT_FILTER 0
-#define CONFIG_AEVALSRC_FILTER 0
-#define CONFIG_ANOISESRC_FILTER 0
-#define CONFIG_ANULLSRC_FILTER 0
-#define CONFIG_FLITE_FILTER 0
-#define CONFIG_SINE_FILTER 0
-#define CONFIG_ANULLSINK_FILTER 0
-#define CONFIG_ALPHAEXTRACT_FILTER 0
-#define CONFIG_ALPHAMERGE_FILTER 0
-#define CONFIG_ASS_FILTER 0
-#define CONFIG_ATADENOISE_FILTER 0
-#define CONFIG_AVGBLUR_FILTER 0
-#define CONFIG_BBOX_FILTER 0
-#define CONFIG_BENCH_FILTER 0
-#define CONFIG_BITPLANENOISE_FILTER 0
-#define CONFIG_BLACKDETECT_FILTER 0
-#define CONFIG_BLACKFRAME_FILTER 0
-#define CONFIG_BLEND_FILTER 0
-#define CONFIG_BOXBLUR_FILTER 0
-#define CONFIG_BWDIF_FILTER 0
-#define CONFIG_CHROMAKEY_FILTER 0
-#define CONFIG_CIESCOPE_FILTER 0
-#define CONFIG_CODECVIEW_FILTER 0
-#define CONFIG_COLORBALANCE_FILTER 0
-#define CONFIG_COLORCHANNELMIXER_FILTER 0
-#define CONFIG_COLORKEY_FILTER 0
-#define CONFIG_COLORLEVELS_FILTER 0
-#define CONFIG_COLORMATRIX_FILTER 0
-#define CONFIG_COLORSPACE_FILTER 0
-#define CONFIG_CONVOLUTION_FILTER 0
-#define CONFIG_COPY_FILTER 0
-#define CONFIG_COREIMAGE_FILTER 0
-#define CONFIG_COVER_RECT_FILTER 0
-#define CONFIG_CROP_FILTER 0
-#define CONFIG_CROPDETECT_FILTER 0
-#define CONFIG_CURVES_FILTER 0
-#define CONFIG_DATASCOPE_FILTER 0
-#define CONFIG_DCTDNOIZ_FILTER 0
-#define CONFIG_DEBAND_FILTER 0
-#define CONFIG_DECIMATE_FILTER 0
-#define CONFIG_DEFLATE_FILTER 0
-#define CONFIG_DEJUDDER_FILTER 0
-#define CONFIG_DELOGO_FILTER 0
-#define CONFIG_DESHAKE_FILTER 0
-#define CONFIG_DETELECINE_FILTER 0
-#define CONFIG_DILATION_FILTER 0
-#define CONFIG_DISPLACE_FILTER 0
-#define CONFIG_DRAWBOX_FILTER 0
-#define CONFIG_DRAWGRAPH_FILTER 0
-#define CONFIG_DRAWGRID_FILTER 0
-#define CONFIG_DRAWTEXT_FILTER 0
-#define CONFIG_EDGEDETECT_FILTER 0
-#define CONFIG_ELBG_FILTER 0
-#define CONFIG_EQ_FILTER 0
-#define CONFIG_EROSION_FILTER 0
-#define CONFIG_EXTRACTPLANES_FILTER 0
-#define CONFIG_FADE_FILTER 0
-#define CONFIG_FFTFILT_FILTER 0
-#define CONFIG_FIELD_FILTER 0
-#define CONFIG_FIELDHINT_FILTER 0
-#define CONFIG_FIELDMATCH_FILTER 0
-#define CONFIG_FIELDORDER_FILTER 0
-#define CONFIG_FIND_RECT_FILTER 0
-#define CONFIG_FORMAT_FILTER 0
-#define CONFIG_FPS_FILTER 0
-#define CONFIG_FRAMEPACK_FILTER 0
-#define CONFIG_FRAMERATE_FILTER 0
-#define CONFIG_FRAMESTEP_FILTER 0
-#define CONFIG_FREI0R_FILTER 0
-#define CONFIG_FSPP_FILTER 0
-#define CONFIG_GBLUR_FILTER 0
-#define CONFIG_GEQ_FILTER 0
-#define CONFIG_GRADFUN_FILTER 0
-#define CONFIG_HALDCLUT_FILTER 0
-#define CONFIG_HFLIP_FILTER 0
-#define CONFIG_HISTEQ_FILTER 0
-#define CONFIG_HISTOGRAM_FILTER 0
-#define CONFIG_HQDN3D_FILTER 0
-#define CONFIG_HQX_FILTER 0
-#define CONFIG_HSTACK_FILTER 0
-#define CONFIG_HUE_FILTER 0
-#define CONFIG_HWDOWNLOAD_FILTER 0
-#define CONFIG_HWUPLOAD_FILTER 0
-#define CONFIG_HWUPLOAD_CUDA_FILTER 0
-#define CONFIG_HYSTERESIS_FILTER 0
-#define CONFIG_IDET_FILTER 0
-#define CONFIG_IL_FILTER 0
-#define CONFIG_INFLATE_FILTER 0
-#define CONFIG_INTERLACE_FILTER 0
-#define CONFIG_INTERLEAVE_FILTER 0
-#define CONFIG_KERNDEINT_FILTER 0
-#define CONFIG_LENSCORRECTION_FILTER 0
-#define CONFIG_LOOP_FILTER 0
-#define CONFIG_LUT_FILTER 0
-#define CONFIG_LUT2_FILTER 0
-#define CONFIG_LUT3D_FILTER 0
-#define CONFIG_LUTRGB_FILTER 0
-#define CONFIG_LUTYUV_FILTER 0
-#define CONFIG_MASKEDCLAMP_FILTER 0
-#define CONFIG_MASKEDMERGE_FILTER 0
-#define CONFIG_MCDEINT_FILTER 0
-#define CONFIG_MERGEPLANES_FILTER 0
-#define CONFIG_MESTIMATE_FILTER 0
-#define CONFIG_METADATA_FILTER 0
-#define CONFIG_MINTERPOLATE_FILTER 0
-#define CONFIG_MPDECIMATE_FILTER 0
-#define CONFIG_NEGATE_FILTER 0
-#define CONFIG_NLMEANS_FILTER 0
-#define CONFIG_NNEDI_FILTER 0
-#define CONFIG_NOFORMAT_FILTER 0
-#define CONFIG_NOISE_FILTER 0
-#define CONFIG_NULL_FILTER 0
-#define CONFIG_OCR_FILTER 0
-#define CONFIG_OCV_FILTER 0
-#define CONFIG_OVERLAY_FILTER 0
-#define CONFIG_OWDENOISE_FILTER 0
-#define CONFIG_PAD_FILTER 0
-#define CONFIG_PALETTEGEN_FILTER 0
-#define CONFIG_PALETTEUSE_FILTER 0
-#define CONFIG_PERMS_FILTER 0
-#define CONFIG_PERSPECTIVE_FILTER 0
-#define CONFIG_PHASE_FILTER 0
-#define CONFIG_PIXDESCTEST_FILTER 0
-#define CONFIG_PP_FILTER 0
-#define CONFIG_PP7_FILTER 0
-#define CONFIG_PREWITT_FILTER 0
-#define CONFIG_PSNR_FILTER 0
-#define CONFIG_PULLUP_FILTER 0
-#define CONFIG_QP_FILTER 0
-#define CONFIG_RANDOM_FILTER 0
-#define CONFIG_READVITC_FILTER 0
-#define CONFIG_REALTIME_FILTER 0
-#define CONFIG_REMAP_FILTER 0
-#define CONFIG_REMOVEGRAIN_FILTER 0
-#define CONFIG_REMOVELOGO_FILTER 0
-#define CONFIG_REPEATFIELDS_FILTER 0
-#define CONFIG_REVERSE_FILTER 0
-#define CONFIG_ROTATE_FILTER 0
-#define CONFIG_SAB_FILTER 0
-#define CONFIG_SCALE_FILTER 0
-#define CONFIG_SCALE_NPP_FILTER 0
-#define CONFIG_SCALE_VAAPI_FILTER 0
-#define CONFIG_SCALE2REF_FILTER 0
-#define CONFIG_SELECT_FILTER 0
-#define CONFIG_SELECTIVECOLOR_FILTER 0
-#define CONFIG_SENDCMD_FILTER 0
-#define CONFIG_SEPARATEFIELDS_FILTER 0
-#define CONFIG_SETDAR_FILTER 0
-#define CONFIG_SETFIELD_FILTER 0
-#define CONFIG_SETPTS_FILTER 0
-#define CONFIG_SETSAR_FILTER 0
-#define CONFIG_SETTB_FILTER 0
-#define CONFIG_SHOWINFO_FILTER 0
-#define CONFIG_SHOWPALETTE_FILTER 0
-#define CONFIG_SHUFFLEFRAMES_FILTER 0
-#define CONFIG_SHUFFLEPLANES_FILTER 0
-#define CONFIG_SIDEDATA_FILTER 0
-#define CONFIG_SIGNALSTATS_FILTER 0
-#define CONFIG_SMARTBLUR_FILTER 0
-#define CONFIG_SOBEL_FILTER 0
-#define CONFIG_SPLIT_FILTER 0
-#define CONFIG_SPP_FILTER 0
-#define CONFIG_SSIM_FILTER 0
-#define CONFIG_STEREO3D_FILTER 0
-#define CONFIG_STREAMSELECT_FILTER 0
-#define CONFIG_SUBTITLES_FILTER 0
-#define CONFIG_SUPER2XSAI_FILTER 0
-#define CONFIG_SWAPRECT_FILTER 0
-#define CONFIG_SWAPUV_FILTER 0
-#define CONFIG_TBLEND_FILTER 0
-#define CONFIG_TELECINE_FILTER 0
-#define CONFIG_THUMBNAIL_FILTER 0
-#define CONFIG_TILE_FILTER 0
-#define CONFIG_TINTERLACE_FILTER 0
-#define CONFIG_TRANSPOSE_FILTER 0
-#define CONFIG_TRIM_FILTER 0
-#define CONFIG_UNSHARP_FILTER 0
-#define CONFIG_USPP_FILTER 0
-#define CONFIG_VAGUEDENOISER_FILTER 0
-#define CONFIG_VECTORSCOPE_FILTER 0
-#define CONFIG_VFLIP_FILTER 0
-#define CONFIG_VIDSTABDETECT_FILTER 0
-#define CONFIG_VIDSTABTRANSFORM_FILTER 0
-#define CONFIG_VIGNETTE_FILTER 0
-#define CONFIG_VSTACK_FILTER 0
-#define CONFIG_W3FDIF_FILTER 0
-#define CONFIG_WAVEFORM_FILTER 0
-#define CONFIG_WEAVE_FILTER 0
-#define CONFIG_XBR_FILTER 0
-#define CONFIG_YADIF_FILTER 0
-#define CONFIG_ZMQ_FILTER 0
-#define CONFIG_ZOOMPAN_FILTER 0
-#define CONFIG_ZSCALE_FILTER 0
-#define CONFIG_ALLRGB_FILTER 0
-#define CONFIG_ALLYUV_FILTER 0
-#define CONFIG_CELLAUTO_FILTER 0
-#define CONFIG_COLOR_FILTER 0
-#define CONFIG_COREIMAGESRC_FILTER 0
-#define CONFIG_FREI0R_SRC_FILTER 0
-#define CONFIG_HALDCLUTSRC_FILTER 0
-#define CONFIG_LIFE_FILTER 0
-#define CONFIG_MANDELBROT_FILTER 0
-#define CONFIG_MPTESTSRC_FILTER 0
-#define CONFIG_NULLSRC_FILTER 0
-#define CONFIG_RGBTESTSRC_FILTER 0
-#define CONFIG_SMPTEBARS_FILTER 0
-#define CONFIG_SMPTEHDBARS_FILTER 0
-#define CONFIG_TESTSRC_FILTER 0
-#define CONFIG_TESTSRC2_FILTER 0
-#define CONFIG_YUVTESTSRC_FILTER 0
-#define CONFIG_NULLSINK_FILTER 0
-#define CONFIG_ADRAWGRAPH_FILTER 0
-#define CONFIG_AHISTOGRAM_FILTER 0
-#define CONFIG_APHASEMETER_FILTER 0
-#define CONFIG_AVECTORSCOPE_FILTER 0
-#define CONFIG_CONCAT_FILTER 0
-#define CONFIG_SHOWCQT_FILTER 0
-#define CONFIG_SHOWFREQS_FILTER 0
-#define CONFIG_SHOWSPECTRUM_FILTER 0
-#define CONFIG_SHOWSPECTRUMPIC_FILTER 0
-#define CONFIG_SHOWVOLUME_FILTER 0
-#define CONFIG_SHOWWAVES_FILTER 0
-#define CONFIG_SHOWWAVESPIC_FILTER 0
-#define CONFIG_SPECTRUMSYNTH_FILTER 0
-#define CONFIG_AMOVIE_FILTER 0
-#define CONFIG_MOVIE_FILTER 0
-#define CONFIG_H263_CUVID_HWACCEL 0
-#define CONFIG_H263_VAAPI_HWACCEL 0
-#define CONFIG_H263_VIDEOTOOLBOX_HWACCEL 0
-#define CONFIG_H264_CUVID_HWACCEL 0
-#define CONFIG_H264_D3D11VA_HWACCEL 0
-#define CONFIG_H264_DXVA2_HWACCEL 0
-#define CONFIG_H264_MEDIACODEC_HWACCEL 0
-#define CONFIG_H264_MMAL_HWACCEL 0
-#define CONFIG_H264_QSV_HWACCEL 0
-#define CONFIG_H264_VAAPI_HWACCEL 0
-#define CONFIG_H264_VDA_HWACCEL 0
-#define CONFIG_H264_VDA_OLD_HWACCEL 0
-#define CONFIG_H264_VDPAU_HWACCEL 0
-#define CONFIG_H264_VIDEOTOOLBOX_HWACCEL 0
-#define CONFIG_HEVC_CUVID_HWACCEL 0
-#define CONFIG_HEVC_D3D11VA_HWACCEL 0
-#define CONFIG_HEVC_DXVA2_HWACCEL 0
-#define CONFIG_HEVC_MEDIACODEC_HWACCEL 0
-#define CONFIG_HEVC_QSV_HWACCEL 0
-#define CONFIG_HEVC_VAAPI_HWACCEL 0
-#define CONFIG_HEVC_VDPAU_HWACCEL 0
-#define CONFIG_MJPEG_CUVID_HWACCEL 0
-#define CONFIG_MPEG1_CUVID_HWACCEL 0
-#define CONFIG_MPEG1_XVMC_HWACCEL 0
-#define CONFIG_MPEG1_VDPAU_HWACCEL 0
-#define CONFIG_MPEG1_VIDEOTOOLBOX_HWACCEL 0
-#define CONFIG_MPEG2_CUVID_HWACCEL 0
-#define CONFIG_MPEG2_XVMC_HWACCEL 0
-#define CONFIG_MPEG2_D3D11VA_HWACCEL 0
-#define CONFIG_MPEG2_DXVA2_HWACCEL 0
-#define CONFIG_MPEG2_MMAL_HWACCEL 0
-#define CONFIG_MPEG2_QSV_HWACCEL 0
-#define CONFIG_MPEG2_VAAPI_HWACCEL 0
-#define CONFIG_MPEG2_VDPAU_HWACCEL 0
-#define CONFIG_MPEG2_VIDEOTOOLBOX_HWACCEL 0
-#define CONFIG_MPEG4_CUVID_HWACCEL 0
-#define CONFIG_MPEG4_MEDIACODEC_HWACCEL 0
-#define CONFIG_MPEG4_MMAL_HWACCEL 0
-#define CONFIG_MPEG4_VAAPI_HWACCEL 0
-#define CONFIG_MPEG4_VDPAU_HWACCEL 0
-#define CONFIG_MPEG4_VIDEOTOOLBOX_HWACCEL 0
-#define CONFIG_VC1_CUVID_HWACCEL 0
-#define CONFIG_VC1_D3D11VA_HWACCEL 0
-#define CONFIG_VC1_DXVA2_HWACCEL 0
-#define CONFIG_VC1_VAAPI_HWACCEL 0
-#define CONFIG_VC1_VDPAU_HWACCEL 0
-#define CONFIG_VC1_MMAL_HWACCEL 0
-#define CONFIG_VC1_QSV_HWACCEL 0
-#define CONFIG_VP8_CUVID_HWACCEL 0
-#define CONFIG_VP8_MEDIACODEC_HWACCEL 0
-#define CONFIG_VP9_CUVID_HWACCEL 0
-#define CONFIG_VP9_D3D11VA_HWACCEL 0
-#define CONFIG_VP9_DXVA2_HWACCEL 0
-#define CONFIG_VP9_MEDIACODEC_HWACCEL 0
-#define CONFIG_VP9_VAAPI_HWACCEL 0
-#define CONFIG_WMV3_D3D11VA_HWACCEL 0
-#define CONFIG_WMV3_DXVA2_HWACCEL 0
-#define CONFIG_WMV3_VAAPI_HWACCEL 0
-#define CONFIG_WMV3_VDPAU_HWACCEL 0
-#define CONFIG_ALSA_INDEV 0
-#define CONFIG_AVFOUNDATION_INDEV 0
-#define CONFIG_BKTR_INDEV 0
-#define CONFIG_DECKLINK_INDEV 0
-#define CONFIG_DSHOW_INDEV 0
-#define CONFIG_DV1394_INDEV 0
-#define CONFIG_FBDEV_INDEV 0
-#define CONFIG_GDIGRAB_INDEV 0
-#define CONFIG_IEC61883_INDEV 0
-#define CONFIG_JACK_INDEV 0
-#define CONFIG_LAVFI_INDEV 0
-#define CONFIG_OPENAL_INDEV 0
-#define CONFIG_OSS_INDEV 0
-#define CONFIG_PULSE_INDEV 0
-#define CONFIG_QTKIT_INDEV 0
-#define CONFIG_SNDIO_INDEV 0
-#define CONFIG_V4L2_INDEV 0
-#define CONFIG_VFWCAP_INDEV 0
-#define CONFIG_X11GRAB_INDEV 0
-#define CONFIG_X11GRAB_XCB_INDEV 0
-#define CONFIG_LIBCDIO_INDEV 0
-#define CONFIG_LIBDC1394_INDEV 0
-#define CONFIG_A64_MUXER 0
-#define CONFIG_AC3_MUXER 0
-#define CONFIG_ADTS_MUXER 0
-#define CONFIG_ADX_MUXER 0
-#define CONFIG_AIFF_MUXER 0
-#define CONFIG_AMR_MUXER 0
-#define CONFIG_APNG_MUXER 0
-#define CONFIG_ASF_MUXER 0
-#define CONFIG_ASS_MUXER 0
-#define CONFIG_AST_MUXER 0
-#define CONFIG_ASF_STREAM_MUXER 0
-#define CONFIG_AU_MUXER 0
-#define CONFIG_AVI_MUXER 0
-#define CONFIG_AVM2_MUXER 0
-#define CONFIG_BIT_MUXER 0
-#define CONFIG_CAF_MUXER 0
-#define CONFIG_CAVSVIDEO_MUXER 0
-#define CONFIG_CRC_MUXER 0
-#define CONFIG_DASH_MUXER 0
-#define CONFIG_DATA_MUXER 0
-#define CONFIG_DAUD_MUXER 0
-#define CONFIG_DIRAC_MUXER 0
-#define CONFIG_DNXHD_MUXER 0
-#define CONFIG_DTS_MUXER 0
-#define CONFIG_DV_MUXER 0
-#define CONFIG_EAC3_MUXER 0
-#define CONFIG_F4V_MUXER 0
-#define CONFIG_FFM_MUXER 0
-#define CONFIG_FFMETADATA_MUXER 0
-#define CONFIG_FIFO_MUXER 0
-#define CONFIG_FILMSTRIP_MUXER 0
-#define CONFIG_FLAC_MUXER 0
-#define CONFIG_FLV_MUXER 0
-#define CONFIG_FRAMECRC_MUXER 0
-#define CONFIG_FRAMEHASH_MUXER 0
-#define CONFIG_FRAMEMD5_MUXER 0
-#define CONFIG_G722_MUXER 0
-#define CONFIG_G723_1_MUXER 0
-#define CONFIG_GIF_MUXER 0
-#define CONFIG_GSM_MUXER 0
-#define CONFIG_GXF_MUXER 0
-#define CONFIG_H261_MUXER 0
-#define CONFIG_H263_MUXER 0
-#define CONFIG_H264_MUXER 0
-#define CONFIG_HASH_MUXER 0
-#define CONFIG_HDS_MUXER 0
-#define CONFIG_HEVC_MUXER 0
-#define CONFIG_HLS_MUXER 0
-#define CONFIG_ICO_MUXER 0
-#define CONFIG_ILBC_MUXER 0
-#define CONFIG_IMAGE2_MUXER 0
-#define CONFIG_IMAGE2PIPE_MUXER 0
-#define CONFIG_IPOD_MUXER 0
-#define CONFIG_IRCAM_MUXER 0
-#define CONFIG_ISMV_MUXER 0
-#define CONFIG_IVF_MUXER 0
-#define CONFIG_JACOSUB_MUXER 0
-#define CONFIG_LATM_MUXER 0
-#define CONFIG_LRC_MUXER 0
-#define CONFIG_M4V_MUXER 0
-#define CONFIG_MD5_MUXER 0
-#define CONFIG_MATROSKA_MUXER 0
-#define CONFIG_MATROSKA_AUDIO_MUXER 0
-#define CONFIG_MICRODVD_MUXER 0
-#define CONFIG_MJPEG_MUXER 0
-#define CONFIG_MLP_MUXER 0
-#define CONFIG_MMF_MUXER 0
-#define CONFIG_MOV_MUXER 0
-#define CONFIG_MP2_MUXER 0
-#define CONFIG_MP3_MUXER 0
-#define CONFIG_MP4_MUXER 0
-#define CONFIG_MPEG1SYSTEM_MUXER 0
-#define CONFIG_MPEG1VCD_MUXER 0
-#define CONFIG_MPEG1VIDEO_MUXER 0
-#define CONFIG_MPEG2DVD_MUXER 0
-#define CONFIG_MPEG2SVCD_MUXER 0
-#define CONFIG_MPEG2VIDEO_MUXER 0
-#define CONFIG_MPEG2VOB_MUXER 0
-#define CONFIG_MPEGTS_MUXER 0
-#define CONFIG_MPJPEG_MUXER 0
-#define CONFIG_MXF_MUXER 0
-#define CONFIG_MXF_D10_MUXER 0
-#define CONFIG_MXF_OPATOM_MUXER 0
-#define CONFIG_NULL_MUXER 0
-#define CONFIG_NUT_MUXER 0
-#define CONFIG_OGA_MUXER 0
-#define CONFIG_OGG_MUXER 0
-#define CONFIG_OGV_MUXER 0
-#define CONFIG_OMA_MUXER 0
-#define CONFIG_OPUS_MUXER 0
-#define CONFIG_PCM_ALAW_MUXER 0
-#define CONFIG_PCM_MULAW_MUXER 0
-#define CONFIG_PCM_F64BE_MUXER 0
-#define CONFIG_PCM_F64LE_MUXER 0
-#define CONFIG_PCM_F32BE_MUXER 0
-#define CONFIG_PCM_F32LE_MUXER 0
-#define CONFIG_PCM_S32BE_MUXER 0
-#define CONFIG_PCM_S32LE_MUXER 0
-#define CONFIG_PCM_S24BE_MUXER 0
-#define CONFIG_PCM_S24LE_MUXER 0
-#define CONFIG_PCM_S16BE_MUXER 0
-#define CONFIG_PCM_S16LE_MUXER 0
-#define CONFIG_PCM_S8_MUXER 0
-#define CONFIG_PCM_U32BE_MUXER 0
-#define CONFIG_PCM_U32LE_MUXER 0
-#define CONFIG_PCM_U24BE_MUXER 0
-#define CONFIG_PCM_U24LE_MUXER 0
-#define CONFIG_PCM_U16BE_MUXER 0
-#define CONFIG_PCM_U16LE_MUXER 0
-#define CONFIG_PCM_U8_MUXER 0
-#define CONFIG_PSP_MUXER 0
-#define CONFIG_RAWVIDEO_MUXER 0
-#define CONFIG_RM_MUXER 0
-#define CONFIG_ROQ_MUXER 0
-#define CONFIG_RSO_MUXER 0
-#define CONFIG_RTP_MUXER 0
-#define CONFIG_RTP_MPEGTS_MUXER 0
-#define CONFIG_RTSP_MUXER 0
-#define CONFIG_SAP_MUXER 0
-#define CONFIG_SEGMENT_MUXER 0
-#define CONFIG_STREAM_SEGMENT_MUXER 0
-#define CONFIG_SINGLEJPEG_MUXER 0
-#define CONFIG_SMJPEG_MUXER 0
-#define CONFIG_SMOOTHSTREAMING_MUXER 0
-#define CONFIG_SOX_MUXER 0
-#define CONFIG_SPX_MUXER 0
-#define CONFIG_SPDIF_MUXER 0
-#define CONFIG_SRT_MUXER 0
-#define CONFIG_SWF_MUXER 0
-#define CONFIG_TEE_MUXER 0
-#define CONFIG_TG2_MUXER 0
-#define CONFIG_TGP_MUXER 0
-#define CONFIG_MKVTIMESTAMP_V2_MUXER 0
-#define CONFIG_TRUEHD_MUXER 0
-#define CONFIG_TTA_MUXER 0
-#define CONFIG_UNCODEDFRAMECRC_MUXER 0
-#define CONFIG_VC1_MUXER 0
-#define CONFIG_VC1T_MUXER 0
-#define CONFIG_VOC_MUXER 0
-#define CONFIG_W64_MUXER 0
-#define CONFIG_WAV_MUXER 0
-#define CONFIG_WEBM_MUXER 0
-#define CONFIG_WEBM_DASH_MANIFEST_MUXER 0
-#define CONFIG_WEBM_CHUNK_MUXER 0
-#define CONFIG_WEBP_MUXER 0
-#define CONFIG_WEBVTT_MUXER 0
-#define CONFIG_WTV_MUXER 0
-#define CONFIG_WV_MUXER 0
-#define CONFIG_YUV4MPEGPIPE_MUXER 0
-#define CONFIG_CHROMAPRINT_MUXER 0
-#define CONFIG_LIBNUT_MUXER 0
-#define CONFIG_ALSA_OUTDEV 0
-#define CONFIG_CACA_OUTDEV 0
-#define CONFIG_DECKLINK_OUTDEV 0
-#define CONFIG_FBDEV_OUTDEV 0
-#define CONFIG_OPENGL_OUTDEV 0
-#define CONFIG_OSS_OUTDEV 0
-#define CONFIG_PULSE_OUTDEV 0
-#define CONFIG_SDL2_OUTDEV 0
-#define CONFIG_SNDIO_OUTDEV 0
-#define CONFIG_V4L2_OUTDEV 0
-#define CONFIG_XV_OUTDEV 0
-#define CONFIG_AAC_PARSER 0
-#define CONFIG_AAC_LATM_PARSER 0
-#define CONFIG_AC3_PARSER 0
-#define CONFIG_ADX_PARSER 0
-#define CONFIG_BMP_PARSER 0
-#define CONFIG_CAVSVIDEO_PARSER 0
-#define CONFIG_COOK_PARSER 0
-#define CONFIG_DCA_PARSER 0
-#define CONFIG_DIRAC_PARSER 0
-#define CONFIG_DNXHD_PARSER 0
-#define CONFIG_DPX_PARSER 0
-#define CONFIG_DVAUDIO_PARSER 0
-#define CONFIG_DVBSUB_PARSER 0
-#define CONFIG_DVDSUB_PARSER 0
-#define CONFIG_DVD_NAV_PARSER 0
-#define CONFIG_FLAC_PARSER 1
-#define CONFIG_G729_PARSER 0
-#define CONFIG_GSM_PARSER 0
-#define CONFIG_H261_PARSER 0
-#define CONFIG_H263_PARSER 0
-#define CONFIG_H264_PARSER 0
-#define CONFIG_HEVC_PARSER 0
-#define CONFIG_MJPEG_PARSER 0
-#define CONFIG_MLP_PARSER 0
-#define CONFIG_MPEG4VIDEO_PARSER 0
-#define CONFIG_MPEGAUDIO_PARSER 0
-#define CONFIG_MPEGVIDEO_PARSER 0
-#define CONFIG_OPUS_PARSER 0
-#define CONFIG_PNG_PARSER 0
-#define CONFIG_PNM_PARSER 0
-#define CONFIG_RV30_PARSER 0
-#define CONFIG_RV40_PARSER 0
-#define CONFIG_TAK_PARSER 0
-#define CONFIG_VC1_PARSER 0
-#define CONFIG_VORBIS_PARSER 0
-#define CONFIG_VP3_PARSER 0
+#define CONFIG_FLAC_PARSER 0
 #define CONFIG_VP8_PARSER 1
 #define CONFIG_VP9_PARSER 1
-#define CONFIG_ASYNC_PROTOCOL 0
-#define CONFIG_BLURAY_PROTOCOL 0
-#define CONFIG_CACHE_PROTOCOL 0
-#define CONFIG_CONCAT_PROTOCOL 0
-#define CONFIG_CRYPTO_PROTOCOL 0
-#define CONFIG_DATA_PROTOCOL 0
-#define CONFIG_FFRTMPCRYPT_PROTOCOL 0
-#define CONFIG_FFRTMPHTTP_PROTOCOL 0
-#define CONFIG_FILE_PROTOCOL 0
-#define CONFIG_FTP_PROTOCOL 0
-#define CONFIG_GOPHER_PROTOCOL 0
-#define CONFIG_HLS_PROTOCOL 0
-#define CONFIG_HTTP_PROTOCOL 0
-#define CONFIG_HTTPPROXY_PROTOCOL 0
-#define CONFIG_HTTPS_PROTOCOL 0
-#define CONFIG_ICECAST_PROTOCOL 0
-#define CONFIG_MMSH_PROTOCOL 0
-#define CONFIG_MMST_PROTOCOL 0
-#define CONFIG_MD5_PROTOCOL 0
-#define CONFIG_PIPE_PROTOCOL 0
-#define CONFIG_RTMP_PROTOCOL 0
-#define CONFIG_RTMPE_PROTOCOL 0
-#define CONFIG_RTMPS_PROTOCOL 0
-#define CONFIG_RTMPT_PROTOCOL 0
-#define CONFIG_RTMPTE_PROTOCOL 0
-#define CONFIG_RTMPTS_PROTOCOL 0
-#define CONFIG_RTP_PROTOCOL 0
-#define CONFIG_SCTP_PROTOCOL 0
-#define CONFIG_SRTP_PROTOCOL 0
-#define CONFIG_SUBFILE_PROTOCOL 0
-#define CONFIG_TEE_PROTOCOL 0
-#define CONFIG_TCP_PROTOCOL 0
-#define CONFIG_TLS_GNUTLS_PROTOCOL 0
-#define CONFIG_TLS_SCHANNEL_PROTOCOL 0
-#define CONFIG_TLS_SECURETRANSPORT_PROTOCOL 0
-#define CONFIG_TLS_OPENSSL_PROTOCOL 0
-#define CONFIG_UDP_PROTOCOL 0
-#define CONFIG_UDPLITE_PROTOCOL 0
-#define CONFIG_UNIX_PROTOCOL 0
-#define CONFIG_LIBRTMP_PROTOCOL 0
-#define CONFIG_LIBRTMPE_PROTOCOL 0
-#define CONFIG_LIBRTMPS_PROTOCOL 0
-#define CONFIG_LIBRTMPT_PROTOCOL 0
-#define CONFIG_LIBRTMPTE_PROTOCOL 0
-#define CONFIG_LIBSSH_PROTOCOL 0
-#define CONFIG_LIBSMBCLIENT_PROTOCOL 0
 #endif /* FFMPEG_CONFIG_H */
diff --git a/media/ffvpx/config_win64.asm b/media/ffvpx/config_win64.asm
index d2ff06486..58c61e970 100644
--- a/media/ffvpx/config_win64.asm
+++ b/media/ffvpx/config_win64.asm
@@ -63,8 +63,8 @@
 %define HAVE_MIPSDSP 0
 %define HAVE_MIPSDSPR2 0
 %define HAVE_MSA 0
-%define HAVE_LOONGSON2 1
-%define HAVE_LOONGSON3 1
+%define HAVE_LOONGSON2 0
+%define HAVE_LOONGSON3 0
 %define HAVE_MMI 0
 %define HAVE_ARMV5TE_EXTERNAL 0
 %define HAVE_ARMV6_EXTERNAL 0
@@ -156,37 +156,38 @@
 %define HAVE_MMI_INLINE 0
 %define HAVE_ALIGNED_STACK 1
 %define HAVE_FAST_64BIT 1
-%define HAVE_FAST_CLZ 1
+%define HAVE_FAST_CLZ 0
 %define HAVE_FAST_CMOV 1
 %define HAVE_LOCAL_ALIGNED_8 1
 %define HAVE_LOCAL_ALIGNED_16 1
 %define HAVE_LOCAL_ALIGNED_32 1
 %define HAVE_SIMD_ALIGN_16 1
+%define HAVE_SIMD_ALIGN_32 1
 %define HAVE_ATOMICS_GCC 0
 %define HAVE_ATOMICS_SUNCC 0
 %define HAVE_ATOMICS_WIN32 1
 %define HAVE_ATOMIC_CAS_PTR 0
-%define HAVE_ATOMIC_COMPARE_EXCHANGE 0
 %define HAVE_MACHINE_RW_BARRIER 0
 %define HAVE_MEMORYBARRIER 1
 %define HAVE_MM_EMPTY 0
 %define HAVE_RDTSC 1
 %define HAVE_SARESTART 0
-%define HAVE_SEM_TIMEDWAIT 1
+%define HAVE_SEM_TIMEDWAIT 0
 %define HAVE_SYNC_VAL_COMPARE_AND_SWAP 0
 %define HAVE_CABS 0
 %define HAVE_CEXP 0
 %define HAVE_INLINE_ASM 0
 %define HAVE_SYMVER 0
-%define HAVE_YASM 1
+%define HAVE_X86ASM 1
 %define HAVE_BIGENDIAN 0
 %define HAVE_FAST_UNALIGNED 1
-%define HAVE_ALSA_ASOUNDLIB_H 0
 %define HAVE_ALTIVEC_H 0
 %define HAVE_ARPA_INET_H 0
 %define HAVE_ASM_TYPES_H 0
 %define HAVE_CDIO_PARANOIA_H 0
 %define HAVE_CDIO_PARANOIA_PARANOIA_H 0
+%define HAVE_CUDA_H 0
+%define HAVE_D3D11_H 1
 %define HAVE_DISPATCH_DISPATCH_H 0
 %define HAVE_DEV_BKTR_IOCTL_BT848_H 0
 %define HAVE_DEV_BKTR_IOCTL_METEOR_H 0
@@ -196,7 +197,7 @@
 %define HAVE_DIRECT_H 1
 %define HAVE_DIRENT_H 0
 %define HAVE_DLFCN_H 0
-%define HAVE_D3D11_H 1
+%define HAVE_DXGIDEBUG_H 1
 %define HAVE_DXVA_H 1
 %define HAVE_ES2_GL_H 0
 %define HAVE_GSM_H 0
@@ -205,13 +206,15 @@
 %define HAVE_MACHINE_IOCTL_BT848_H 0
 %define HAVE_MACHINE_IOCTL_METEOR_H 0
 %define HAVE_OPENCV2_CORE_CORE_C_H 0
+%define HAVE_OPENJPEG_2_3_OPENJPEG_H 0
+%define HAVE_OPENJPEG_2_2_OPENJPEG_H 0
 %define HAVE_OPENJPEG_2_1_OPENJPEG_H 0
 %define HAVE_OPENJPEG_2_0_OPENJPEG_H 0
 %define HAVE_OPENJPEG_1_5_OPENJPEG_H 0
 %define HAVE_OPENGL_GL3_H 0
 %define HAVE_POLL_H 0
-%define HAVE_SNDIO_H 0
 %define HAVE_SOUNDCARD_H 0
+%define HAVE_STDATOMIC_H 0
 %define HAVE_SYS_MMAN_H 0
 %define HAVE_SYS_PARAM_H 0
 %define HAVE_SYS_RESOURCE_H 0
@@ -263,7 +266,6 @@
 %define HAVE_COMMANDLINETOARGVW 1
 %define HAVE_COTASKMEMFREE 1
 %define HAVE_CRYPTGENRANDOM 1
-%define HAVE_DLOPEN 0
 %define HAVE_FCNTL 0
 %define HAVE_FLT_LIM 1
 %define HAVE_FORK 0
@@ -283,7 +285,7 @@
 %define HAVE_ISATTY 1
 %define HAVE_JACK_PORT_GET_LATENCY_RANGE 0
 %define HAVE_KBHIT 1
-%define HAVE_LOADLIBRARY 0
+%define HAVE_LOADLIBRARY 1
 %define HAVE_LSTAT 0
 %define HAVE_LZO1X_999_COMPRESS 0
 %define HAVE_MACH_ABSOLUTE_TIME 0
@@ -311,11 +313,13 @@
 %define HAVE_OS2THREADS 0
 %define HAVE_W32THREADS 1
 %define HAVE_AS_DN_DIRECTIVE 0
+%define HAVE_AS_FPU_DIRECTIVE 0
 %define HAVE_AS_FUNC 0
 %define HAVE_AS_OBJECT_ARCH 0
 %define HAVE_ASM_MOD_Q 0
 %define HAVE_ATTRIBUTE_MAY_ALIAS 0
 %define HAVE_ATTRIBUTE_PACKED 0
+%define HAVE_BLOCKS_EXTENSION 0
 %define HAVE_EBP_AVAILABLE 0
 %define HAVE_EBX_AVAILABLE 0
 %define HAVE_GNU_AS 0
@@ -332,12 +336,13 @@
 %define HAVE_XFORM_ASM 0
 %define HAVE_XMM_CLOBBERS 0
 %define HAVE_CONDITION_VARIABLE_PTR 1
+%define HAVE_KCMVIDEOCODECTYPE_HEVC 0
 %define HAVE_SOCKLEN_T 1
 %define HAVE_STRUCT_ADDRINFO 1
 %define HAVE_STRUCT_GROUP_SOURCE_REQ 1
 %define HAVE_STRUCT_IP_MREQ_SOURCE 1
 %define HAVE_STRUCT_IPV6_MREQ 1
-%define HAVE_STRUCT_MSGHDR_MSG_FLAGS 1
+%define HAVE_STRUCT_MSGHDR_MSG_FLAGS 0
 %define HAVE_STRUCT_POLLFD 0
 %define HAVE_STRUCT_RUSAGE_RU_MAXRSS 0
 %define HAVE_STRUCT_SCTP_EVENT_SUBSCRIBE 0
@@ -348,36 +353,20 @@
 %define HAVE_STRUCT_V4L2_FRMIVALENUM_DISCRETE 0
 %define HAVE_ATOMICS_NATIVE 1
 %define HAVE_DOS_PATHS 1
-%define HAVE_DXVA2_LIB 0
-%define HAVE_DXVA2API_COBJ 1
 %define HAVE_LIBC_MSVCRT 1
-%define HAVE_LIBDC1394_1 0
-%define HAVE_LIBDC1394_2 0
 %define HAVE_MAKEINFO 1
 %define HAVE_MAKEINFO_HTML 0
 %define HAVE_MMAL_PARAMETER_VIDEO_MAX_NUM_CALLBACKS 0
 %define HAVE_PERL 1
 %define HAVE_POD2MAN 1
-%define HAVE_SDL2 0
 %define HAVE_SECTION_DATA_REL_RO 0
 %define HAVE_TEXI2HTML 0
 %define HAVE_THREADS 1
+%define HAVE_UWP 0
 %define HAVE_VAAPI_DRM 0
 %define HAVE_VAAPI_X11 0
 %define HAVE_VDPAU_X11 0
 %define HAVE_WINRT 0
-%define HAVE_XLIB 0
-%define CONFIG_BSFS 0
-%define CONFIG_DECODERS 1
-%define CONFIG_ENCODERS 0
-%define CONFIG_HWACCELS 0
-%define CONFIG_PARSERS 1
-%define CONFIG_INDEVS 0
-%define CONFIG_OUTDEVS 0
-%define CONFIG_FILTERS 0
-%define CONFIG_DEMUXERS 0
-%define CONFIG_MUXERS 0
-%define CONFIG_PROTOCOLS 0
 %define CONFIG_DOC 0
 %define CONFIG_HTMLPAGES 0
 %define CONFIG_MANPAGES 1
@@ -385,13 +374,17 @@
 %define CONFIG_TXTPAGES 1
 %define CONFIG_AVIO_DIR_CMD_EXAMPLE 1
 %define CONFIG_AVIO_READING_EXAMPLE 1
-%define CONFIG_DECODING_ENCODING_EXAMPLE 0
+%define CONFIG_DECODE_AUDIO_EXAMPLE 1
+%define CONFIG_DECODE_VIDEO_EXAMPLE 1
 %define CONFIG_DEMUXING_DECODING_EXAMPLE 0
+%define CONFIG_ENCODE_AUDIO_EXAMPLE 1
+%define CONFIG_ENCODE_VIDEO_EXAMPLE 1
 %define CONFIG_EXTRACT_MVS_EXAMPLE 0
 %define CONFIG_FILTER_AUDIO_EXAMPLE 0
 %define CONFIG_FILTERING_AUDIO_EXAMPLE 0
 %define CONFIG_FILTERING_VIDEO_EXAMPLE 0
 %define CONFIG_HTTP_MULTICLIENT_EXAMPLE 0
+%define CONFIG_HW_DECODE_EXAMPLE 0
 %define CONFIG_METADATA_EXAMPLE 0
 %define CONFIG_MUXING_EXAMPLE 0
 %define CONFIG_QSVDEC_EXAMPLE 0
@@ -400,27 +393,55 @@
 %define CONFIG_SCALING_VIDEO_EXAMPLE 0
 %define CONFIG_TRANSCODE_AAC_EXAMPLE 0
 %define CONFIG_TRANSCODING_EXAMPLE 0
-%define CONFIG_AVISYNTH 0
+%define CONFIG_ALSA 0
+%define CONFIG_APPKIT 0
+%define CONFIG_AVFOUNDATION 0
 %define CONFIG_BZLIB 0
-%define CONFIG_CHROMAPRINT 0
-%define CONFIG_CRYSTALHD 0
-%define CONFIG_DECKLINK 0
+%define CONFIG_COREIMAGE 0
+%define CONFIG_ICONV 0
+%define CONFIG_JACK 0
+%define CONFIG_LIBXCB 0
+%define CONFIG_LIBXCB_SHM 0
+%define CONFIG_LIBXCB_SHAPE 0
+%define CONFIG_LIBXCB_XFIXES 0
+%define CONFIG_LZMA 0
+%define CONFIG_SCHANNEL 1
+%define CONFIG_SDL2 0
+%define CONFIG_SECURETRANSPORT 0
+%define CONFIG_SNDIO 0
+%define CONFIG_XLIB 1
+%define CONFIG_ZLIB 0
+%define CONFIG_AVISYNTH 0
 %define CONFIG_FREI0R 0
-%define CONFIG_GCRYPT 0
+%define CONFIG_LIBCDIO 0
+%define CONFIG_LIBRUBBERBAND 0
+%define CONFIG_LIBVIDSTAB 0
+%define CONFIG_LIBX264 0
+%define CONFIG_LIBX265 0
+%define CONFIG_LIBXAVS 0
+%define CONFIG_LIBXVID 0
+%define CONFIG_DECKLINK 0
+%define CONFIG_LIBNDI_NEWTEK 0
+%define CONFIG_LIBFDK_AAC 0
+%define CONFIG_OPENSSL 0
 %define CONFIG_GMP 0
+%define CONFIG_LIBOPENCORE_AMRNB 0
+%define CONFIG_LIBOPENCORE_AMRWB 0
+%define CONFIG_LIBVO_AMRWBENC 0
+%define CONFIG_RKMPP 0
+%define CONFIG_LIBSMBCLIENT 0
+%define CONFIG_CHROMAPRINT 0
+%define CONFIG_GCRYPT 0
 %define CONFIG_GNUTLS 0
-%define CONFIG_ICONV 0
 %define CONFIG_JNI 0
 %define CONFIG_LADSPA 0
 %define CONFIG_LIBASS 0
 %define CONFIG_LIBBLURAY 0
 %define CONFIG_LIBBS2B 0
 %define CONFIG_LIBCACA 0
-%define CONFIG_LIBCDIO 0
 %define CONFIG_LIBCELT 0
 %define CONFIG_LIBDC1394 0
-%define CONFIG_LIBEBUR128 0
-%define CONFIG_LIBFDK_AAC 0
+%define CONFIG_LIBDRM 0
 %define CONFIG_LIBFLITE 0
 %define CONFIG_LIBFONTCONFIG 0
 %define CONFIG_LIBFREETYPE 0
@@ -432,18 +453,15 @@
 %define CONFIG_LIBKVAZAAR 0
 %define CONFIG_LIBMODPLUG 0
 %define CONFIG_LIBMP3LAME 0
-%define CONFIG_LIBNUT 0
-%define CONFIG_LIBOPENCORE_AMRNB 0
-%define CONFIG_LIBOPENCORE_AMRWB 0
+%define CONFIG_LIBMYSOFA 0
 %define CONFIG_LIBOPENCV 0
 %define CONFIG_LIBOPENH264 0
 %define CONFIG_LIBOPENJPEG 0
 %define CONFIG_LIBOPENMPT 0
 %define CONFIG_LIBOPUS 0
 %define CONFIG_LIBPULSE 0
+%define CONFIG_LIBRSVG 0
 %define CONFIG_LIBRTMP 0
-%define CONFIG_LIBRUBBERBAND 0
-%define CONFIG_LIBSCHROEDINGER 0
 %define CONFIG_LIBSHINE 0
 %define CONFIG_LIBSMBCLIENT 0
 %define CONFIG_LIBSNAPPY 0
@@ -454,53 +472,37 @@
 %define CONFIG_LIBTHEORA 0
 %define CONFIG_LIBTWOLAME 0
 %define CONFIG_LIBV4L2 0
-%define CONFIG_LIBVIDSTAB 0
-%define CONFIG_LIBVO_AMRWBENC 0
+%define CONFIG_LIBVMAF 0
 %define CONFIG_LIBVORBIS 0
 %define CONFIG_LIBVPX 0
 %define CONFIG_LIBWAVPACK 0
 %define CONFIG_LIBWEBP 0
-%define CONFIG_LIBX264 0
-%define CONFIG_LIBX265 0
-%define CONFIG_LIBXAVS 0
-%define CONFIG_LIBXCB 0
-%define CONFIG_LIBXCB_SHM 0
-%define CONFIG_LIBXCB_SHAPE 0
-%define CONFIG_LIBXCB_XFIXES 0
-%define CONFIG_LIBXVID 0
+%define CONFIG_LIBXML2 0
 %define CONFIG_LIBZIMG 0
 %define CONFIG_LIBZMQ 0
 %define CONFIG_LIBZVBI 0
-%define CONFIG_LZMA 0
 %define CONFIG_MEDIACODEC 0
-%define CONFIG_NETCDF 0
 %define CONFIG_OPENAL 0
 %define CONFIG_OPENCL 0
 %define CONFIG_OPENGL 0
-%define CONFIG_OPENSSL 0
-%define CONFIG_SCHANNEL 1
-%define CONFIG_SDL 0
-%define CONFIG_SDL2 0
-%define CONFIG_SECURETRANSPORT 0
-%define CONFIG_VIDEOTOOLBOX 0
-%define CONFIG_X11GRAB 0
-%define CONFIG_XLIB 0
-%define CONFIG_ZLIB 0
 %define CONFIG_AUDIOTOOLBOX 0
-%define CONFIG_CUDA 0
-%define CONFIG_CUVID 0
+%define CONFIG_CRYSTALHD 0
+%define CONFIG_CUDA 1
+%define CONFIG_CUVID 1
 %define CONFIG_D3D11VA 0
 %define CONFIG_DXVA2 0
-%define CONFIG_LIBMFX 0
-%define CONFIG_LIBNPP 0
-%define CONFIG_MMAL 0
-%define CONFIG_NVENC 0
-%define CONFIG_OMX 0
+%define CONFIG_NVENC 1
 %define CONFIG_VAAPI 0
 %define CONFIG_VDA 0
 %define CONFIG_VDPAU 0
-%define CONFIG_VIDEOTOOLBOX_HWACCEL 0
+%define CONFIG_VIDEOTOOLBOX 0
+%define CONFIG_V4L2_M2M 0
 %define CONFIG_XVMC 0
+%define CONFIG_CUDA_SDK 0
+%define CONFIG_LIBNPP 0
+%define CONFIG_LIBMFX 0
+%define CONFIG_MMAL 0
+%define CONFIG_OMX 0
 %define CONFIG_FTRAPV 0
 %define CONFIG_GRAY 0
 %define CONFIG_HARDCODED_TABLES 0
@@ -539,16 +541,27 @@
 %define CONFIG_PIXELUTILS 0
 %define CONFIG_NETWORK 0
 %define CONFIG_RDFT 0
+%define CONFIG_AUTODETECT 0
 %define CONFIG_FONTCONFIG 0
-%define CONFIG_MEMALIGN_HACK 0
+%define CONFIG_LINUX_PERF 0
 %define CONFIG_MEMORY_POISONING 0
 %define CONFIG_NEON_CLOBBER_TEST 0
+%define CONFIG_OSSFUZZ 0
 %define CONFIG_PIC 1
-%define CONFIG_POD2MAN 1
-%define CONFIG_RAISE_MAJOR 0
 %define CONFIG_THUMB 0
 %define CONFIG_VALGRIND_BACKTRACE 0
 %define CONFIG_XMM_CLOBBER_TEST 0
+%define CONFIG_BSFS 1
+%define CONFIG_DECODERS 1
+%define CONFIG_ENCODERS 0
+%define CONFIG_HWACCELS 0
+%define CONFIG_PARSERS 1
+%define CONFIG_INDEVS 0
+%define CONFIG_OUTDEVS 0
+%define CONFIG_FILTERS 0
+%define CONFIG_DEMUXERS 0
+%define CONFIG_MUXERS 0
+%define CONFIG_PROTOCOLS 0
 %define CONFIG_AANDCTTABLES 0
 %define CONFIG_AC3DSP 0
 %define CONFIG_AUDIO_FRAME_QUEUE 0
@@ -566,20 +579,22 @@
 %define CONFIG_FMTCONVERT 0
 %define CONFIG_FRAME_THREAD_ENCODER 0
 %define CONFIG_G722DSP 0
-%define CONFIG_GOLOMB 1
+%define CONFIG_GOLOMB 0
 %define CONFIG_GPLV3 0
 %define CONFIG_H263DSP 0
 %define CONFIG_H264CHROMA 0
 %define CONFIG_H264DSP 0
+%define CONFIG_H264PARSE 0
 %define CONFIG_H264PRED 1
 %define CONFIG_H264QPEL 0
+%define CONFIG_HEVCPARSE 0
 %define CONFIG_HPELDSP 0
 %define CONFIG_HUFFMAN 0
 %define CONFIG_HUFFYUVDSP 0
 %define CONFIG_HUFFYUVENCDSP 0
 %define CONFIG_IDCTDSP 0
 %define CONFIG_IIRFILTER 0
-%define CONFIG_IMDCT15 0
+%define CONFIG_MDCT15 0
 %define CONFIG_INTRAX8 0
 %define CONFIG_ISO_MEDIA 0
 %define CONFIG_IVIDSP 0
@@ -588,12 +603,14 @@
 %define CONFIG_LIBX262 0
 %define CONFIG_LLAUDDSP 0
 %define CONFIG_LLVIDDSP 0
+%define CONFIG_LLVIDENCDSP 0
 %define CONFIG_LPC 0
 %define CONFIG_LZF 0
 %define CONFIG_ME_CMP 0
 %define CONFIG_MPEG_ER 0
 %define CONFIG_MPEGAUDIO 0
 %define CONFIG_MPEGAUDIODSP 0
+%define CONFIG_MPEGAUDIOHEADER 0
 %define CONFIG_MPEGVIDEO 0
 %define CONFIG_MPEGVIDEOENC 0
 %define CONFIG_MSS34DSP 0
@@ -615,1594 +632,19 @@
 %define CONFIG_TEXTUREDSP 0
 %define CONFIG_TEXTUREDSPENC 0
 %define CONFIG_TPELDSP 0
+%define CONFIG_VAAPI_1 0
 %define CONFIG_VAAPI_ENCODE 0
 %define CONFIG_VC1DSP 0
 %define CONFIG_VIDEODSP 1
 %define CONFIG_VP3DSP 0
 %define CONFIG_VP56DSP 0
 %define CONFIG_VP8DSP 1
-%define CONFIG_VT_BT2020 0
 %define CONFIG_WMA_FREQS 0
 %define CONFIG_WMV2DSP 0
-%define CONFIG_AAC_ADTSTOASC_BSF 0
-%define CONFIG_CHOMP_BSF 0
-%define CONFIG_DUMP_EXTRADATA_BSF 0
-%define CONFIG_DCA_CORE_BSF 0
-%define CONFIG_H264_MP4TOANNEXB_BSF 0
-%define CONFIG_HEVC_MP4TOANNEXB_BSF 0
-%define CONFIG_IMX_DUMP_HEADER_BSF 0
-%define CONFIG_MJPEG2JPEG_BSF 0
-%define CONFIG_MJPEGA_DUMP_HEADER_BSF 0
-%define CONFIG_MP3_HEADER_DECOMPRESS_BSF 0
-%define CONFIG_MPEG4_UNPACK_BFRAMES_BSF 0
-%define CONFIG_MOV2TEXTSUB_BSF 0
-%define CONFIG_NOISE_BSF 0
-%define CONFIG_REMOVE_EXTRADATA_BSF 0
-%define CONFIG_TEXT2MOVSUB_BSF 0
-%define CONFIG_VP9_SUPERFRAME_BSF 0
-%define CONFIG_AASC_DECODER 0
-%define CONFIG_AIC_DECODER 0
-%define CONFIG_ALIAS_PIX_DECODER 0
-%define CONFIG_AMV_DECODER 0
-%define CONFIG_ANM_DECODER 0
-%define CONFIG_ANSI_DECODER 0
-%define CONFIG_APNG_DECODER 0
-%define CONFIG_ASV1_DECODER 0
-%define CONFIG_ASV2_DECODER 0
-%define CONFIG_AURA_DECODER 0
-%define CONFIG_AURA2_DECODER 0
-%define CONFIG_AVRP_DECODER 0
-%define CONFIG_AVRN_DECODER 0
-%define CONFIG_AVS_DECODER 0
-%define CONFIG_AVUI_DECODER 0
-%define CONFIG_AYUV_DECODER 0
-%define CONFIG_BETHSOFTVID_DECODER 0
-%define CONFIG_BFI_DECODER 0
-%define CONFIG_BINK_DECODER 0
-%define CONFIG_BMP_DECODER 0
-%define CONFIG_BMV_VIDEO_DECODER 0
-%define CONFIG_BRENDER_PIX_DECODER 0
-%define CONFIG_C93_DECODER 0
-%define CONFIG_CAVS_DECODER 0
-%define CONFIG_CDGRAPHICS_DECODER 0
-%define CONFIG_CDXL_DECODER 0
-%define CONFIG_CFHD_DECODER 0
-%define CONFIG_CINEPAK_DECODER 0
-%define CONFIG_CLJR_DECODER 0
-%define CONFIG_CLLC_DECODER 0
-%define CONFIG_COMFORTNOISE_DECODER 0
-%define CONFIG_CPIA_DECODER 0
-%define CONFIG_CSCD_DECODER 0
-%define CONFIG_CYUV_DECODER 0
-%define CONFIG_DDS_DECODER 0
-%define CONFIG_DFA_DECODER 0
-%define CONFIG_DIRAC_DECODER 0
-%define CONFIG_DNXHD_DECODER 0
-%define CONFIG_DPX_DECODER 0
-%define CONFIG_DSICINVIDEO_DECODER 0
-%define CONFIG_DVAUDIO_DECODER 0
-%define CONFIG_DVVIDEO_DECODER 0
-%define CONFIG_DXA_DECODER 0
-%define CONFIG_DXTORY_DECODER 0
-%define CONFIG_DXV_DECODER 0
-%define CONFIG_EACMV_DECODER 0
-%define CONFIG_EAMAD_DECODER 0
-%define CONFIG_EATGQ_DECODER 0
-%define CONFIG_EATGV_DECODER 0
-%define CONFIG_EATQI_DECODER 0
-%define CONFIG_EIGHTBPS_DECODER 0
-%define CONFIG_EIGHTSVX_EXP_DECODER 0
-%define CONFIG_EIGHTSVX_FIB_DECODER 0
-%define CONFIG_ESCAPE124_DECODER 0
-%define CONFIG_ESCAPE130_DECODER 0
-%define CONFIG_EXR_DECODER 0
-%define CONFIG_FFV1_DECODER 0
-%define CONFIG_FFVHUFF_DECODER 0
-%define CONFIG_FIC_DECODER 0
-%define CONFIG_FLASHSV_DECODER 0
-%define CONFIG_FLASHSV2_DECODER 0
-%define CONFIG_FLIC_DECODER 0
-%define CONFIG_FLV_DECODER 0
-%define CONFIG_FOURXM_DECODER 0
-%define CONFIG_FRAPS_DECODER 0
-%define CONFIG_FRWU_DECODER 0
-%define CONFIG_G2M_DECODER 0
-%define CONFIG_GIF_DECODER 0
-%define CONFIG_H261_DECODER 0
-%define CONFIG_H263_DECODER 0
-%define CONFIG_H263I_DECODER 0
-%define CONFIG_H263P_DECODER 0
-%define CONFIG_H264_DECODER 0
-%define CONFIG_H264_CRYSTALHD_DECODER 0
-%define CONFIG_H264_MEDIACODEC_DECODER 0
-%define CONFIG_H264_MMAL_DECODER 0
-%define CONFIG_H264_QSV_DECODER 0
-%define CONFIG_H264_VDA_DECODER 0
-%define CONFIG_H264_VDPAU_DECODER 0
-%define CONFIG_HAP_DECODER 0
-%define CONFIG_HEVC_DECODER 0
-%define CONFIG_HEVC_QSV_DECODER 0
-%define CONFIG_HNM4_VIDEO_DECODER 0
-%define CONFIG_HQ_HQA_DECODER 0
-%define CONFIG_HQX_DECODER 0
-%define CONFIG_HUFFYUV_DECODER 0
-%define CONFIG_IDCIN_DECODER 0
-%define CONFIG_IFF_ILBM_DECODER 0
-%define CONFIG_INDEO2_DECODER 0
-%define CONFIG_INDEO3_DECODER 0
-%define CONFIG_INDEO4_DECODER 0
-%define CONFIG_INDEO5_DECODER 0
-%define CONFIG_INTERPLAY_VIDEO_DECODER 0
-%define CONFIG_JPEG2000_DECODER 0
-%define CONFIG_JPEGLS_DECODER 0
-%define CONFIG_JV_DECODER 0
-%define CONFIG_KGV1_DECODER 0
-%define CONFIG_KMVC_DECODER 0
-%define CONFIG_LAGARITH_DECODER 0
-%define CONFIG_LOCO_DECODER 0
-%define CONFIG_M101_DECODER 0
-%define CONFIG_MAGICYUV_DECODER 0
-%define CONFIG_MDEC_DECODER 0
-%define CONFIG_MIMIC_DECODER 0
-%define CONFIG_MJPEG_DECODER 0
-%define CONFIG_MJPEGB_DECODER 0
-%define CONFIG_MMVIDEO_DECODER 0
-%define CONFIG_MOTIONPIXELS_DECODER 0
-%define CONFIG_MPEG_XVMC_DECODER 0
-%define CONFIG_MPEG1VIDEO_DECODER 0
-%define CONFIG_MPEG2VIDEO_DECODER 0
-%define CONFIG_MPEG4_DECODER 0
-%define CONFIG_MPEG4_CRYSTALHD_DECODER 0
-%define CONFIG_MPEG4_MMAL_DECODER 0
-%define CONFIG_MPEG4_VDPAU_DECODER 0
-%define CONFIG_MPEGVIDEO_DECODER 0
-%define CONFIG_MPEG_VDPAU_DECODER 0
-%define CONFIG_MPEG1_VDPAU_DECODER 0
-%define CONFIG_MPEG2_MMAL_DECODER 0
-%define CONFIG_MPEG2_CRYSTALHD_DECODER 0
-%define CONFIG_MPEG2_QSV_DECODER 0
-%define CONFIG_MSA1_DECODER 0
-%define CONFIG_MSMPEG4_CRYSTALHD_DECODER 0
-%define CONFIG_MSMPEG4V1_DECODER 0
-%define CONFIG_MSMPEG4V2_DECODER 0
-%define CONFIG_MSMPEG4V3_DECODER 0
-%define CONFIG_MSRLE_DECODER 0
-%define CONFIG_MSS1_DECODER 0
-%define CONFIG_MSS2_DECODER 0
-%define CONFIG_MSVIDEO1_DECODER 0
-%define CONFIG_MSZH_DECODER 0
-%define CONFIG_MTS2_DECODER 0
-%define CONFIG_MVC1_DECODER 0
-%define CONFIG_MVC2_DECODER 0
-%define CONFIG_MXPEG_DECODER 0
-%define CONFIG_NUV_DECODER 0
-%define CONFIG_PAF_VIDEO_DECODER 0
-%define CONFIG_PAM_DECODER 0
-%define CONFIG_PBM_DECODER 0
-%define CONFIG_PCX_DECODER 0
-%define CONFIG_PGM_DECODER 0
-%define CONFIG_PGMYUV_DECODER 0
-%define CONFIG_PICTOR_DECODER 0
-%define CONFIG_PNG_DECODER 0
-%define CONFIG_PPM_DECODER 0
-%define CONFIG_PRORES_DECODER 0
-%define CONFIG_PRORES_LGPL_DECODER 0
-%define CONFIG_PTX_DECODER 0
-%define CONFIG_QDRAW_DECODER 0
-%define CONFIG_QPEG_DECODER 0
-%define CONFIG_QTRLE_DECODER 0
-%define CONFIG_R10K_DECODER 0
-%define CONFIG_R210_DECODER 0
-%define CONFIG_RAWVIDEO_DECODER 0
-%define CONFIG_RL2_DECODER 0
-%define CONFIG_ROQ_DECODER 0
-%define CONFIG_RPZA_DECODER 0
-%define CONFIG_RSCC_DECODER 0
-%define CONFIG_RV10_DECODER 0
-%define CONFIG_RV20_DECODER 0
-%define CONFIG_RV30_DECODER 0
-%define CONFIG_RV40_DECODER 0
-%define CONFIG_S302M_DECODER 0
-%define CONFIG_SANM_DECODER 0
-%define CONFIG_SCREENPRESSO_DECODER 0
-%define CONFIG_SDX2_DPCM_DECODER 0
-%define CONFIG_SGI_DECODER 0
-%define CONFIG_SGIRLE_DECODER 0
-%define CONFIG_SHEERVIDEO_DECODER 0
-%define CONFIG_SMACKER_DECODER 0
-%define CONFIG_SMC_DECODER 0
-%define CONFIG_SMVJPEG_DECODER 0
-%define CONFIG_SNOW_DECODER 0
-%define CONFIG_SP5X_DECODER 0
-%define CONFIG_SUNRAST_DECODER 0
-%define CONFIG_SVQ1_DECODER 0
-%define CONFIG_SVQ3_DECODER 0
-%define CONFIG_TARGA_DECODER 0
-%define CONFIG_TARGA_Y216_DECODER 0
-%define CONFIG_TDSC_DECODER 0
-%define CONFIG_THEORA_DECODER 0
-%define CONFIG_THP_DECODER 0
-%define CONFIG_TIERTEXSEQVIDEO_DECODER 0
-%define CONFIG_TIFF_DECODER 0
-%define CONFIG_TMV_DECODER 0
-%define CONFIG_TRUEMOTION1_DECODER 0
-%define CONFIG_TRUEMOTION2_DECODER 0
-%define CONFIG_TRUEMOTION2RT_DECODER 0
-%define CONFIG_TSCC_DECODER 0
-%define CONFIG_TSCC2_DECODER 0
-%define CONFIG_TXD_DECODER 0
-%define CONFIG_ULTI_DECODER 0
-%define CONFIG_UTVIDEO_DECODER 0
-%define CONFIG_V210_DECODER 0
-%define CONFIG_V210X_DECODER 0
-%define CONFIG_V308_DECODER 0
-%define CONFIG_V408_DECODER 0
-%define CONFIG_V410_DECODER 0
-%define CONFIG_VB_DECODER 0
-%define CONFIG_VBLE_DECODER 0
-%define CONFIG_VC1_DECODER 0
-%define CONFIG_VC1_CRYSTALHD_DECODER 0
-%define CONFIG_VC1_VDPAU_DECODER 0
-%define CONFIG_VC1IMAGE_DECODER 0
-%define CONFIG_VC1_MMAL_DECODER 0
-%define CONFIG_VC1_QSV_DECODER 0
-%define CONFIG_VCR1_DECODER 0
-%define CONFIG_VMDVIDEO_DECODER 0
-%define CONFIG_VMNC_DECODER 0
-%define CONFIG_VP3_DECODER 0
-%define CONFIG_VP5_DECODER 0
-%define CONFIG_VP6_DECODER 0
-%define CONFIG_VP6A_DECODER 0
-%define CONFIG_VP6F_DECODER 0
-%define CONFIG_VP7_DECODER 0
+%define CONFIG_NULL_BSF 1
 %define CONFIG_VP8_DECODER 1
 %define CONFIG_VP9_DECODER 1
-%define CONFIG_VQA_DECODER 0
-%define CONFIG_WEBP_DECODER 0
-%define CONFIG_WMV1_DECODER 0
-%define CONFIG_WMV2_DECODER 0
-%define CONFIG_WMV3_DECODER 0
-%define CONFIG_WMV3_CRYSTALHD_DECODER 0
-%define CONFIG_WMV3_VDPAU_DECODER 0
-%define CONFIG_WMV3IMAGE_DECODER 0
-%define CONFIG_WNV1_DECODER 0
-%define CONFIG_XAN_WC3_DECODER 0
-%define CONFIG_XAN_WC4_DECODER 0
-%define CONFIG_XBM_DECODER 0
-%define CONFIG_XFACE_DECODER 0
-%define CONFIG_XL_DECODER 0
-%define CONFIG_XWD_DECODER 0
-%define CONFIG_Y41P_DECODER 0
-%define CONFIG_YLC_DECODER 0
-%define CONFIG_YOP_DECODER 0
-%define CONFIG_YUV4_DECODER 0
-%define CONFIG_ZERO12V_DECODER 0
-%define CONFIG_ZEROCODEC_DECODER 0
-%define CONFIG_ZLIB_DECODER 0
-%define CONFIG_ZMBV_DECODER 0
-%define CONFIG_AAC_DECODER 0
-%define CONFIG_AAC_FIXED_DECODER 0
-%define CONFIG_AAC_LATM_DECODER 0
-%define CONFIG_AC3_DECODER 0
-%define CONFIG_AC3_FIXED_DECODER 0
-%define CONFIG_ALAC_DECODER 0
-%define CONFIG_ALS_DECODER 0
-%define CONFIG_AMRNB_DECODER 0
-%define CONFIG_AMRWB_DECODER 0
-%define CONFIG_APE_DECODER 0
-%define CONFIG_ATRAC1_DECODER 0
-%define CONFIG_ATRAC3_DECODER 0
-%define CONFIG_ATRAC3P_DECODER 0
-%define CONFIG_BINKAUDIO_DCT_DECODER 0
-%define CONFIG_BINKAUDIO_RDFT_DECODER 0
-%define CONFIG_BMV_AUDIO_DECODER 0
-%define CONFIG_COOK_DECODER 0
-%define CONFIG_DCA_DECODER 0
-%define CONFIG_DSD_LSBF_DECODER 0
-%define CONFIG_DSD_MSBF_DECODER 0
-%define CONFIG_DSD_LSBF_PLANAR_DECODER 0
-%define CONFIG_DSD_MSBF_PLANAR_DECODER 0
-%define CONFIG_DSICINAUDIO_DECODER 0
-%define CONFIG_DSS_SP_DECODER 0
-%define CONFIG_DST_DECODER 0
-%define CONFIG_EAC3_DECODER 0
-%define CONFIG_EVRC_DECODER 0
-%define CONFIG_FFWAVESYNTH_DECODER 0
 %define CONFIG_FLAC_DECODER 1
-%define CONFIG_G723_1_DECODER 0
-%define CONFIG_G729_DECODER 0
-%define CONFIG_GSM_DECODER 0
-%define CONFIG_GSM_MS_DECODER 0
-%define CONFIG_IAC_DECODER 0
-%define CONFIG_IMC_DECODER 0
-%define CONFIG_INTERPLAY_ACM_DECODER 0
-%define CONFIG_MACE3_DECODER 0
-%define CONFIG_MACE6_DECODER 0
-%define CONFIG_METASOUND_DECODER 0
-%define CONFIG_MLP_DECODER 0
-%define CONFIG_MP1_DECODER 0
-%define CONFIG_MP1FLOAT_DECODER 0
-%define CONFIG_MP2_DECODER 0
-%define CONFIG_MP2FLOAT_DECODER 0
-%define CONFIG_MP3_DECODER 0
-%define CONFIG_MP3FLOAT_DECODER 0
-%define CONFIG_MP3ADU_DECODER 0
-%define CONFIG_MP3ADUFLOAT_DECODER 0
-%define CONFIG_MP3ON4_DECODER 0
-%define CONFIG_MP3ON4FLOAT_DECODER 0
-%define CONFIG_MPC7_DECODER 0
-%define CONFIG_MPC8_DECODER 0
-%define CONFIG_NELLYMOSER_DECODER 0
-%define CONFIG_ON2AVC_DECODER 0
-%define CONFIG_OPUS_DECODER 0
-%define CONFIG_PAF_AUDIO_DECODER 0
-%define CONFIG_QCELP_DECODER 0
-%define CONFIG_QDM2_DECODER 0
-%define CONFIG_RA_144_DECODER 0
-%define CONFIG_RA_288_DECODER 0
-%define CONFIG_RALF_DECODER 0
-%define CONFIG_SHORTEN_DECODER 0
-%define CONFIG_SIPR_DECODER 0
-%define CONFIG_SMACKAUD_DECODER 0
-%define CONFIG_SONIC_DECODER 0
-%define CONFIG_TAK_DECODER 0
-%define CONFIG_TRUEHD_DECODER 0
-%define CONFIG_TRUESPEECH_DECODER 0
-%define CONFIG_TTA_DECODER 0
-%define CONFIG_TWINVQ_DECODER 0
-%define CONFIG_VMDAUDIO_DECODER 0
-%define CONFIG_VORBIS_DECODER 0
-%define CONFIG_WAVPACK_DECODER 0
-%define CONFIG_WMALOSSLESS_DECODER 0
-%define CONFIG_WMAPRO_DECODER 0
-%define CONFIG_WMAV1_DECODER 0
-%define CONFIG_WMAV2_DECODER 0
-%define CONFIG_WMAVOICE_DECODER 0
-%define CONFIG_WS_SND1_DECODER 0
-%define CONFIG_XMA1_DECODER 0
-%define CONFIG_XMA2_DECODER 0
-%define CONFIG_PCM_ALAW_DECODER 0
-%define CONFIG_PCM_BLURAY_DECODER 0
-%define CONFIG_PCM_DVD_DECODER 0
-%define CONFIG_PCM_F32BE_DECODER 0
-%define CONFIG_PCM_F32LE_DECODER 0
-%define CONFIG_PCM_F64BE_DECODER 0
-%define CONFIG_PCM_F64LE_DECODER 0
-%define CONFIG_PCM_LXF_DECODER 0
-%define CONFIG_PCM_MULAW_DECODER 0
-%define CONFIG_PCM_S8_DECODER 0
-%define CONFIG_PCM_S8_PLANAR_DECODER 0
-%define CONFIG_PCM_S16BE_DECODER 0
-%define CONFIG_PCM_S16BE_PLANAR_DECODER 0
-%define CONFIG_PCM_S16LE_DECODER 0
-%define CONFIG_PCM_S16LE_PLANAR_DECODER 0
-%define CONFIG_PCM_S24BE_DECODER 0
-%define CONFIG_PCM_S24DAUD_DECODER 0
-%define CONFIG_PCM_S24LE_DECODER 0
-%define CONFIG_PCM_S24LE_PLANAR_DECODER 0
-%define CONFIG_PCM_S32BE_DECODER 0
-%define CONFIG_PCM_S32LE_DECODER 0
-%define CONFIG_PCM_S32LE_PLANAR_DECODER 0
-%define CONFIG_PCM_S64BE_DECODER 0
-%define CONFIG_PCM_S64LE_DECODER 0
-%define CONFIG_PCM_U8_DECODER 0
-%define CONFIG_PCM_U16BE_DECODER 0
-%define CONFIG_PCM_U16LE_DECODER 0
-%define CONFIG_PCM_U24BE_DECODER 0
-%define CONFIG_PCM_U24LE_DECODER 0
-%define CONFIG_PCM_U32BE_DECODER 0
-%define CONFIG_PCM_U32LE_DECODER 0
-%define CONFIG_PCM_ZORK_DECODER 0
-%define CONFIG_INTERPLAY_DPCM_DECODER 0
-%define CONFIG_ROQ_DPCM_DECODER 0
-%define CONFIG_SOL_DPCM_DECODER 0
-%define CONFIG_XAN_DPCM_DECODER 0
-%define CONFIG_ADPCM_4XM_DECODER 0
-%define CONFIG_ADPCM_ADX_DECODER 0
-%define CONFIG_ADPCM_AFC_DECODER 0
-%define CONFIG_ADPCM_AICA_DECODER 0
-%define CONFIG_ADPCM_CT_DECODER 0
-%define CONFIG_ADPCM_DTK_DECODER 0
-%define CONFIG_ADPCM_EA_DECODER 0
-%define CONFIG_ADPCM_EA_MAXIS_XA_DECODER 0
-%define CONFIG_ADPCM_EA_R1_DECODER 0
-%define CONFIG_ADPCM_EA_R2_DECODER 0
-%define CONFIG_ADPCM_EA_R3_DECODER 0
-%define CONFIG_ADPCM_EA_XAS_DECODER 0
-%define CONFIG_ADPCM_G722_DECODER 0
-%define CONFIG_ADPCM_G726_DECODER 0
-%define CONFIG_ADPCM_G726LE_DECODER 0
-%define CONFIG_ADPCM_IMA_AMV_DECODER 0
-%define CONFIG_ADPCM_IMA_APC_DECODER 0
-%define CONFIG_ADPCM_IMA_DAT4_DECODER 0
-%define CONFIG_ADPCM_IMA_DK3_DECODER 0
-%define CONFIG_ADPCM_IMA_DK4_DECODER 0
-%define CONFIG_ADPCM_IMA_EA_EACS_DECODER 0
-%define CONFIG_ADPCM_IMA_EA_SEAD_DECODER 0
-%define CONFIG_ADPCM_IMA_ISS_DECODER 0
-%define CONFIG_ADPCM_IMA_OKI_DECODER 0
-%define CONFIG_ADPCM_IMA_QT_DECODER 0
-%define CONFIG_ADPCM_IMA_RAD_DECODER 0
-%define CONFIG_ADPCM_IMA_SMJPEG_DECODER 0
-%define CONFIG_ADPCM_IMA_WAV_DECODER 0
-%define CONFIG_ADPCM_IMA_WS_DECODER 0
-%define CONFIG_ADPCM_MS_DECODER 0
-%define CONFIG_ADPCM_MTAF_DECODER 0
-%define CONFIG_ADPCM_PSX_DECODER 0
-%define CONFIG_ADPCM_SBPRO_2_DECODER 0
-%define CONFIG_ADPCM_SBPRO_3_DECODER 0
-%define CONFIG_ADPCM_SBPRO_4_DECODER 0
-%define CONFIG_ADPCM_SWF_DECODER 0
-%define CONFIG_ADPCM_THP_DECODER 0
-%define CONFIG_ADPCM_THP_LE_DECODER 0
-%define CONFIG_ADPCM_VIMA_DECODER 0
-%define CONFIG_ADPCM_XA_DECODER 0
-%define CONFIG_ADPCM_YAMAHA_DECODER 0
-%define CONFIG_SSA_DECODER 0
-%define CONFIG_ASS_DECODER 0
-%define CONFIG_CCAPTION_DECODER 0
-%define CONFIG_DVBSUB_DECODER 0
-%define CONFIG_DVDSUB_DECODER 0
-%define CONFIG_JACOSUB_DECODER 0
-%define CONFIG_MICRODVD_DECODER 0
-%define CONFIG_MOVTEXT_DECODER 0
-%define CONFIG_MPL2_DECODER 0
-%define CONFIG_PGSSUB_DECODER 0
-%define CONFIG_PJS_DECODER 0
-%define CONFIG_REALTEXT_DECODER 0
-%define CONFIG_SAMI_DECODER 0
-%define CONFIG_SRT_DECODER 0
-%define CONFIG_STL_DECODER 0
-%define CONFIG_SUBRIP_DECODER 0
-%define CONFIG_SUBVIEWER_DECODER 0
-%define CONFIG_SUBVIEWER1_DECODER 0
-%define CONFIG_TEXT_DECODER 0
-%define CONFIG_VPLAYER_DECODER 0
-%define CONFIG_WEBVTT_DECODER 0
-%define CONFIG_XSUB_DECODER 0
-%define CONFIG_AAC_AT_DECODER 0
-%define CONFIG_AC3_AT_DECODER 0
-%define CONFIG_ADPCM_IMA_QT_AT_DECODER 0
-%define CONFIG_ALAC_AT_DECODER 0
-%define CONFIG_AMR_NB_AT_DECODER 0
-%define CONFIG_EAC3_AT_DECODER 0
-%define CONFIG_GSM_MS_AT_DECODER 0
-%define CONFIG_ILBC_AT_DECODER 0
-%define CONFIG_MP1_AT_DECODER 0
-%define CONFIG_MP2_AT_DECODER 0
-%define CONFIG_MP3_AT_DECODER 0
-%define CONFIG_PCM_ALAW_AT_DECODER 0
-%define CONFIG_PCM_MULAW_AT_DECODER 0
-%define CONFIG_QDMC_AT_DECODER 0
-%define CONFIG_QDM2_AT_DECODER 0
-%define CONFIG_LIBCELT_DECODER 0
-%define CONFIG_LIBFDK_AAC_DECODER 0
-%define CONFIG_LIBGSM_DECODER 0
-%define CONFIG_LIBGSM_MS_DECODER 0
-%define CONFIG_LIBILBC_DECODER 0
-%define CONFIG_LIBOPENCORE_AMRNB_DECODER 0
-%define CONFIG_LIBOPENCORE_AMRWB_DECODER 0
-%define CONFIG_LIBOPENJPEG_DECODER 0
-%define CONFIG_LIBOPUS_DECODER 0
-%define CONFIG_LIBSCHROEDINGER_DECODER 0
-%define CONFIG_LIBSPEEX_DECODER 0
-%define CONFIG_LIBVORBIS_DECODER 0
-%define CONFIG_LIBVPX_VP8_DECODER 0
-%define CONFIG_LIBVPX_VP9_DECODER 0
-%define CONFIG_LIBZVBI_TELETEXT_DECODER 0
-%define CONFIG_BINTEXT_DECODER 0
-%define CONFIG_XBIN_DECODER 0
-%define CONFIG_IDF_DECODER 0
-%define CONFIG_LIBOPENH264_DECODER 0
-%define CONFIG_H263_CUVID_DECODER 0
-%define CONFIG_H264_CUVID_DECODER 0
-%define CONFIG_HEVC_CUVID_DECODER 0
-%define CONFIG_HEVC_MEDIACODEC_DECODER 0
-%define CONFIG_MJPEG_CUVID_DECODER 0
-%define CONFIG_MPEG1_CUVID_DECODER 0
-%define CONFIG_MPEG2_CUVID_DECODER 0
-%define CONFIG_MPEG4_CUVID_DECODER 0
-%define CONFIG_MPEG4_MEDIACODEC_DECODER 0
-%define CONFIG_VC1_CUVID_DECODER 0
-%define CONFIG_VP8_CUVID_DECODER 0
-%define CONFIG_VP8_MEDIACODEC_DECODER 0
-%define CONFIG_VP9_CUVID_DECODER 0
-%define CONFIG_VP9_MEDIACODEC_DECODER 0
-%define CONFIG_AA_DEMUXER 0
-%define CONFIG_AAC_DEMUXER 0
-%define CONFIG_AC3_DEMUXER 0
-%define CONFIG_ACM_DEMUXER 0
-%define CONFIG_ACT_DEMUXER 0
-%define CONFIG_ADF_DEMUXER 0
-%define CONFIG_ADP_DEMUXER 0
-%define CONFIG_ADS_DEMUXER 0
-%define CONFIG_ADX_DEMUXER 0
-%define CONFIG_AEA_DEMUXER 0
-%define CONFIG_AFC_DEMUXER 0
-%define CONFIG_AIFF_DEMUXER 0
-%define CONFIG_AIX_DEMUXER 0
-%define CONFIG_AMR_DEMUXER 0
-%define CONFIG_ANM_DEMUXER 0
-%define CONFIG_APC_DEMUXER 0
-%define CONFIG_APE_DEMUXER 0
-%define CONFIG_APNG_DEMUXER 0
-%define CONFIG_AQTITLE_DEMUXER 0
-%define CONFIG_ASF_DEMUXER 0
-%define CONFIG_ASF_O_DEMUXER 0
-%define CONFIG_ASS_DEMUXER 0
-%define CONFIG_AST_DEMUXER 0
-%define CONFIG_AU_DEMUXER 0
-%define CONFIG_AVI_DEMUXER 0
-%define CONFIG_AVISYNTH_DEMUXER 0
-%define CONFIG_AVR_DEMUXER 0
-%define CONFIG_AVS_DEMUXER 0
-%define CONFIG_BETHSOFTVID_DEMUXER 0
-%define CONFIG_BFI_DEMUXER 0
-%define CONFIG_BINTEXT_DEMUXER 0
-%define CONFIG_BINK_DEMUXER 0
-%define CONFIG_BIT_DEMUXER 0
-%define CONFIG_BMV_DEMUXER 0
-%define CONFIG_BFSTM_DEMUXER 0
-%define CONFIG_BRSTM_DEMUXER 0
-%define CONFIG_BOA_DEMUXER 0
-%define CONFIG_C93_DEMUXER 0
-%define CONFIG_CAF_DEMUXER 0
-%define CONFIG_CAVSVIDEO_DEMUXER 0
-%define CONFIG_CDG_DEMUXER 0
-%define CONFIG_CDXL_DEMUXER 0
-%define CONFIG_CINE_DEMUXER 0
-%define CONFIG_CONCAT_DEMUXER 0
-%define CONFIG_DATA_DEMUXER 0
-%define CONFIG_DAUD_DEMUXER 0
-%define CONFIG_DCSTR_DEMUXER 0
-%define CONFIG_DFA_DEMUXER 0
-%define CONFIG_DIRAC_DEMUXER 0
-%define CONFIG_DNXHD_DEMUXER 0
-%define CONFIG_DSF_DEMUXER 0
-%define CONFIG_DSICIN_DEMUXER 0
-%define CONFIG_DSS_DEMUXER 0
-%define CONFIG_DTS_DEMUXER 0
-%define CONFIG_DTSHD_DEMUXER 0
-%define CONFIG_DV_DEMUXER 0
-%define CONFIG_DVBSUB_DEMUXER 0
-%define CONFIG_DVBTXT_DEMUXER 0
-%define CONFIG_DXA_DEMUXER 0
-%define CONFIG_EA_DEMUXER 0
-%define CONFIG_EA_CDATA_DEMUXER 0
-%define CONFIG_EAC3_DEMUXER 0
-%define CONFIG_EPAF_DEMUXER 0
-%define CONFIG_FFM_DEMUXER 0
-%define CONFIG_FFMETADATA_DEMUXER 0
-%define CONFIG_FILMSTRIP_DEMUXER 0
-%define CONFIG_FLAC_DEMUXER 0
-%define CONFIG_FLIC_DEMUXER 0
-%define CONFIG_FLV_DEMUXER 0
-%define CONFIG_LIVE_FLV_DEMUXER 0
-%define CONFIG_FOURXM_DEMUXER 0
-%define CONFIG_FRM_DEMUXER 0
-%define CONFIG_FSB_DEMUXER 0
-%define CONFIG_G722_DEMUXER 0
-%define CONFIG_G723_1_DEMUXER 0
-%define CONFIG_G729_DEMUXER 0
-%define CONFIG_GENH_DEMUXER 0
-%define CONFIG_GIF_DEMUXER 0
-%define CONFIG_GSM_DEMUXER 0
-%define CONFIG_GXF_DEMUXER 0
-%define CONFIG_H261_DEMUXER 0
-%define CONFIG_H263_DEMUXER 0
-%define CONFIG_H264_DEMUXER 0
-%define CONFIG_HEVC_DEMUXER 0
-%define CONFIG_HLS_DEMUXER 0
-%define CONFIG_HNM_DEMUXER 0
-%define CONFIG_ICO_DEMUXER 0
-%define CONFIG_IDCIN_DEMUXER 0
-%define CONFIG_IDF_DEMUXER 0
-%define CONFIG_IFF_DEMUXER 0
-%define CONFIG_ILBC_DEMUXER 0
-%define CONFIG_IMAGE2_DEMUXER 0
-%define CONFIG_IMAGE2PIPE_DEMUXER 0
-%define CONFIG_IMAGE2_ALIAS_PIX_DEMUXER 0
-%define CONFIG_IMAGE2_BRENDER_PIX_DEMUXER 0
-%define CONFIG_INGENIENT_DEMUXER 0
-%define CONFIG_IPMOVIE_DEMUXER 0
-%define CONFIG_IRCAM_DEMUXER 0
-%define CONFIG_ISS_DEMUXER 0
-%define CONFIG_IV8_DEMUXER 0
-%define CONFIG_IVF_DEMUXER 0
-%define CONFIG_IVR_DEMUXER 0
-%define CONFIG_JACOSUB_DEMUXER 0
-%define CONFIG_JV_DEMUXER 0
-%define CONFIG_LMLM4_DEMUXER 0
-%define CONFIG_LOAS_DEMUXER 0
-%define CONFIG_LRC_DEMUXER 0
-%define CONFIG_LVF_DEMUXER 0
-%define CONFIG_LXF_DEMUXER 0
-%define CONFIG_M4V_DEMUXER 0
-%define CONFIG_MATROSKA_DEMUXER 0
-%define CONFIG_MGSTS_DEMUXER 0
-%define CONFIG_MICRODVD_DEMUXER 0
-%define CONFIG_MJPEG_DEMUXER 0
-%define CONFIG_MLP_DEMUXER 0
-%define CONFIG_MLV_DEMUXER 0
-%define CONFIG_MM_DEMUXER 0
-%define CONFIG_MMF_DEMUXER 0
-%define CONFIG_MOV_DEMUXER 0
-%define CONFIG_MP3_DEMUXER 0
-%define CONFIG_MPC_DEMUXER 0
-%define CONFIG_MPC8_DEMUXER 0
-%define CONFIG_MPEGPS_DEMUXER 0
-%define CONFIG_MPEGTS_DEMUXER 0
-%define CONFIG_MPEGTSRAW_DEMUXER 0
-%define CONFIG_MPEGVIDEO_DEMUXER 0
-%define CONFIG_MPJPEG_DEMUXER 0
-%define CONFIG_MPL2_DEMUXER 0
-%define CONFIG_MPSUB_DEMUXER 0
-%define CONFIG_MSF_DEMUXER 0
-%define CONFIG_MSNWC_TCP_DEMUXER 0
-%define CONFIG_MTAF_DEMUXER 0
-%define CONFIG_MTV_DEMUXER 0
-%define CONFIG_MUSX_DEMUXER 0
-%define CONFIG_MV_DEMUXER 0
-%define CONFIG_MVI_DEMUXER 0
-%define CONFIG_MXF_DEMUXER 0
-%define CONFIG_MXG_DEMUXER 0
-%define CONFIG_NC_DEMUXER 0
-%define CONFIG_NISTSPHERE_DEMUXER 0
-%define CONFIG_NSV_DEMUXER 0
-%define CONFIG_NUT_DEMUXER 0
-%define CONFIG_NUV_DEMUXER 0
-%define CONFIG_OGG_DEMUXER 0
-%define CONFIG_OMA_DEMUXER 0
-%define CONFIG_PAF_DEMUXER 0
-%define CONFIG_PCM_ALAW_DEMUXER 0
-%define CONFIG_PCM_MULAW_DEMUXER 0
-%define CONFIG_PCM_F64BE_DEMUXER 0
-%define CONFIG_PCM_F64LE_DEMUXER 0
-%define CONFIG_PCM_F32BE_DEMUXER 0
-%define CONFIG_PCM_F32LE_DEMUXER 0
-%define CONFIG_PCM_S32BE_DEMUXER 0
-%define CONFIG_PCM_S32LE_DEMUXER 0
-%define CONFIG_PCM_S24BE_DEMUXER 0
-%define CONFIG_PCM_S24LE_DEMUXER 0
-%define CONFIG_PCM_S16BE_DEMUXER 0
-%define CONFIG_PCM_S16LE_DEMUXER 0
-%define CONFIG_PCM_S8_DEMUXER 0
-%define CONFIG_PCM_U32BE_DEMUXER 0
-%define CONFIG_PCM_U32LE_DEMUXER 0
-%define CONFIG_PCM_U24BE_DEMUXER 0
-%define CONFIG_PCM_U24LE_DEMUXER 0
-%define CONFIG_PCM_U16BE_DEMUXER 0
-%define CONFIG_PCM_U16LE_DEMUXER 0
-%define CONFIG_PCM_U8_DEMUXER 0
-%define CONFIG_PJS_DEMUXER 0
-%define CONFIG_PMP_DEMUXER 0
-%define CONFIG_PVA_DEMUXER 0
-%define CONFIG_PVF_DEMUXER 0
-%define CONFIG_QCP_DEMUXER 0
-%define CONFIG_R3D_DEMUXER 0
-%define CONFIG_RAWVIDEO_DEMUXER 0
-%define CONFIG_REALTEXT_DEMUXER 0
-%define CONFIG_REDSPARK_DEMUXER 0
-%define CONFIG_RL2_DEMUXER 0
-%define CONFIG_RM_DEMUXER 0
-%define CONFIG_ROQ_DEMUXER 0
-%define CONFIG_RPL_DEMUXER 0
-%define CONFIG_RSD_DEMUXER 0
-%define CONFIG_RSO_DEMUXER 0
-%define CONFIG_RTP_DEMUXER 0
-%define CONFIG_RTSP_DEMUXER 0
-%define CONFIG_SAMI_DEMUXER 0
-%define CONFIG_SAP_DEMUXER 0
-%define CONFIG_SBG_DEMUXER 0
-%define CONFIG_SDP_DEMUXER 0
-%define CONFIG_SDR2_DEMUXER 0
-%define CONFIG_SEGAFILM_DEMUXER 0
-%define CONFIG_SHORTEN_DEMUXER 0
-%define CONFIG_SIFF_DEMUXER 0
-%define CONFIG_SLN_DEMUXER 0
-%define CONFIG_SMACKER_DEMUXER 0
-%define CONFIG_SMJPEG_DEMUXER 0
-%define CONFIG_SMUSH_DEMUXER 0
-%define CONFIG_SOL_DEMUXER 0
-%define CONFIG_SOX_DEMUXER 0
-%define CONFIG_SPDIF_DEMUXER 0
-%define CONFIG_SRT_DEMUXER 0
-%define CONFIG_STR_DEMUXER 0
-%define CONFIG_STL_DEMUXER 0
-%define CONFIG_SUBVIEWER1_DEMUXER 0
-%define CONFIG_SUBVIEWER_DEMUXER 0
-%define CONFIG_SUP_DEMUXER 0
-%define CONFIG_SVAG_DEMUXER 0
-%define CONFIG_SWF_DEMUXER 0
-%define CONFIG_TAK_DEMUXER 0
-%define CONFIG_TEDCAPTIONS_DEMUXER 0
-%define CONFIG_THP_DEMUXER 0
-%define CONFIG_THREEDOSTR_DEMUXER 0
-%define CONFIG_TIERTEXSEQ_DEMUXER 0
-%define CONFIG_TMV_DEMUXER 0
-%define CONFIG_TRUEHD_DEMUXER 0
-%define CONFIG_TTA_DEMUXER 0
-%define CONFIG_TXD_DEMUXER 0
-%define CONFIG_TTY_DEMUXER 0
-%define CONFIG_V210_DEMUXER 0
-%define CONFIG_V210X_DEMUXER 0
-%define CONFIG_VAG_DEMUXER 0
-%define CONFIG_VC1_DEMUXER 0
-%define CONFIG_VC1T_DEMUXER 0
-%define CONFIG_VIVO_DEMUXER 0
-%define CONFIG_VMD_DEMUXER 0
-%define CONFIG_VOBSUB_DEMUXER 0
-%define CONFIG_VOC_DEMUXER 0
-%define CONFIG_VPK_DEMUXER 0
-%define CONFIG_VPLAYER_DEMUXER 0
-%define CONFIG_VQF_DEMUXER 0
-%define CONFIG_W64_DEMUXER 0
-%define CONFIG_WAV_DEMUXER 0
-%define CONFIG_WC3_DEMUXER 0
-%define CONFIG_WEBM_DASH_MANIFEST_DEMUXER 0
-%define CONFIG_WEBVTT_DEMUXER 0
-%define CONFIG_WSAUD_DEMUXER 0
-%define CONFIG_WSD_DEMUXER 0
-%define CONFIG_WSVQA_DEMUXER 0
-%define CONFIG_WTV_DEMUXER 0
-%define CONFIG_WVE_DEMUXER 0
-%define CONFIG_WV_DEMUXER 0
-%define CONFIG_XA_DEMUXER 0
-%define CONFIG_XBIN_DEMUXER 0
-%define CONFIG_XMV_DEMUXER 0
-%define CONFIG_XVAG_DEMUXER 0
-%define CONFIG_XWMA_DEMUXER 0
-%define CONFIG_YOP_DEMUXER 0
-%define CONFIG_YUV4MPEGPIPE_DEMUXER 0
-%define CONFIG_IMAGE_BMP_PIPE_DEMUXER 0
-%define CONFIG_IMAGE_DDS_PIPE_DEMUXER 0
-%define CONFIG_IMAGE_DPX_PIPE_DEMUXER 0
-%define CONFIG_IMAGE_EXR_PIPE_DEMUXER 0
-%define CONFIG_IMAGE_J2K_PIPE_DEMUXER 0
-%define CONFIG_IMAGE_JPEG_PIPE_DEMUXER 0
-%define CONFIG_IMAGE_JPEGLS_PIPE_DEMUXER 0
-%define CONFIG_IMAGE_PAM_PIPE_DEMUXER 0
-%define CONFIG_IMAGE_PBM_PIPE_DEMUXER 0
-%define CONFIG_IMAGE_PCX_PIPE_DEMUXER 0
-%define CONFIG_IMAGE_PGMYUV_PIPE_DEMUXER 0
-%define CONFIG_IMAGE_PGM_PIPE_DEMUXER 0
-%define CONFIG_IMAGE_PICTOR_PIPE_DEMUXER 0
-%define CONFIG_IMAGE_PNG_PIPE_DEMUXER 0
-%define CONFIG_IMAGE_PPM_PIPE_DEMUXER 0
-%define CONFIG_IMAGE_QDRAW_PIPE_DEMUXER 0
-%define CONFIG_IMAGE_SGI_PIPE_DEMUXER 0
-%define CONFIG_IMAGE_SUNRAST_PIPE_DEMUXER 0
-%define CONFIG_IMAGE_TIFF_PIPE_DEMUXER 0
-%define CONFIG_IMAGE_WEBP_PIPE_DEMUXER 0
-%define CONFIG_LIBGME_DEMUXER 0
-%define CONFIG_LIBMODPLUG_DEMUXER 0
-%define CONFIG_LIBNUT_DEMUXER 0
-%define CONFIG_LIBOPENMPT_DEMUXER 0
-%define CONFIG_A64MULTI_ENCODER 0
-%define CONFIG_A64MULTI5_ENCODER 0
-%define CONFIG_ALIAS_PIX_ENCODER 0
-%define CONFIG_AMV_ENCODER 0
-%define CONFIG_APNG_ENCODER 0
-%define CONFIG_ASV1_ENCODER 0
-%define CONFIG_ASV2_ENCODER 0
-%define CONFIG_AVRP_ENCODER 0
-%define CONFIG_AVUI_ENCODER 0
-%define CONFIG_AYUV_ENCODER 0
-%define CONFIG_BMP_ENCODER 0
-%define CONFIG_CINEPAK_ENCODER 0
-%define CONFIG_CLJR_ENCODER 0
-%define CONFIG_COMFORTNOISE_ENCODER 0
-%define CONFIG_DNXHD_ENCODER 0
-%define CONFIG_DPX_ENCODER 0
-%define CONFIG_DVVIDEO_ENCODER 0
-%define CONFIG_FFV1_ENCODER 0
-%define CONFIG_FFVHUFF_ENCODER 0
-%define CONFIG_FLASHSV_ENCODER 0
-%define CONFIG_FLASHSV2_ENCODER 0
-%define CONFIG_FLV_ENCODER 0
-%define CONFIG_GIF_ENCODER 0
-%define CONFIG_H261_ENCODER 0
-%define CONFIG_H263_ENCODER 0
-%define CONFIG_H263P_ENCODER 0
-%define CONFIG_HAP_ENCODER 0
-%define CONFIG_HUFFYUV_ENCODER 0
-%define CONFIG_JPEG2000_ENCODER 0
-%define CONFIG_JPEGLS_ENCODER 0
-%define CONFIG_LJPEG_ENCODER 0
-%define CONFIG_MJPEG_ENCODER 0
-%define CONFIG_MPEG1VIDEO_ENCODER 0
-%define CONFIG_MPEG2VIDEO_ENCODER 0
-%define CONFIG_MPEG4_ENCODER 0
-%define CONFIG_MSMPEG4V2_ENCODER 0
-%define CONFIG_MSMPEG4V3_ENCODER 0
-%define CONFIG_MSVIDEO1_ENCODER 0
-%define CONFIG_PAM_ENCODER 0
-%define CONFIG_PBM_ENCODER 0
-%define CONFIG_PCX_ENCODER 0
-%define CONFIG_PGM_ENCODER 0
-%define CONFIG_PGMYUV_ENCODER 0
-%define CONFIG_PNG_ENCODER 0
-%define CONFIG_PPM_ENCODER 0
-%define CONFIG_PRORES_ENCODER 0
-%define CONFIG_PRORES_AW_ENCODER 0
-%define CONFIG_PRORES_KS_ENCODER 0
-%define CONFIG_QTRLE_ENCODER 0
-%define CONFIG_R10K_ENCODER 0
-%define CONFIG_R210_ENCODER 0
-%define CONFIG_RAWVIDEO_ENCODER 0
-%define CONFIG_ROQ_ENCODER 0
-%define CONFIG_RV10_ENCODER 0
-%define CONFIG_RV20_ENCODER 0
-%define CONFIG_S302M_ENCODER 0
-%define CONFIG_SGI_ENCODER 0
-%define CONFIG_SNOW_ENCODER 0
-%define CONFIG_SUNRAST_ENCODER 0
-%define CONFIG_SVQ1_ENCODER 0
-%define CONFIG_TARGA_ENCODER 0
-%define CONFIG_TIFF_ENCODER 0
-%define CONFIG_UTVIDEO_ENCODER 0
-%define CONFIG_V210_ENCODER 0
-%define CONFIG_V308_ENCODER 0
-%define CONFIG_V408_ENCODER 0
-%define CONFIG_V410_ENCODER 0
-%define CONFIG_VC2_ENCODER 0
-%define CONFIG_WRAPPED_AVFRAME_ENCODER 0
-%define CONFIG_WMV1_ENCODER 0
-%define CONFIG_WMV2_ENCODER 0
-%define CONFIG_XBM_ENCODER 0
-%define CONFIG_XFACE_ENCODER 0
-%define CONFIG_XWD_ENCODER 0
-%define CONFIG_Y41P_ENCODER 0
-%define CONFIG_YUV4_ENCODER 0
-%define CONFIG_ZLIB_ENCODER 0
-%define CONFIG_ZMBV_ENCODER 0
-%define CONFIG_AAC_ENCODER 0
-%define CONFIG_AC3_ENCODER 0
-%define CONFIG_AC3_FIXED_ENCODER 0
-%define CONFIG_ALAC_ENCODER 0
-%define CONFIG_DCA_ENCODER 0
-%define CONFIG_EAC3_ENCODER 0
-%define CONFIG_FLAC_ENCODER 0
-%define CONFIG_G723_1_ENCODER 0
-%define CONFIG_MLP_ENCODER 0
-%define CONFIG_MP2_ENCODER 0
-%define CONFIG_MP2FIXED_ENCODER 0
-%define CONFIG_NELLYMOSER_ENCODER 0
-%define CONFIG_RA_144_ENCODER 0
-%define CONFIG_SONIC_ENCODER 0
-%define CONFIG_SONIC_LS_ENCODER 0
-%define CONFIG_TRUEHD_ENCODER 0
-%define CONFIG_TTA_ENCODER 0
-%define CONFIG_VORBIS_ENCODER 0
-%define CONFIG_WAVPACK_ENCODER 0
-%define CONFIG_WMAV1_ENCODER 0
-%define CONFIG_WMAV2_ENCODER 0
-%define CONFIG_PCM_ALAW_ENCODER 0
-%define CONFIG_PCM_F32BE_ENCODER 0
-%define CONFIG_PCM_F32LE_ENCODER 0
-%define CONFIG_PCM_F64BE_ENCODER 0
-%define CONFIG_PCM_F64LE_ENCODER 0
-%define CONFIG_PCM_MULAW_ENCODER 0
-%define CONFIG_PCM_S8_ENCODER 0
-%define CONFIG_PCM_S8_PLANAR_ENCODER 0
-%define CONFIG_PCM_S16BE_ENCODER 0
-%define CONFIG_PCM_S16BE_PLANAR_ENCODER 0
-%define CONFIG_PCM_S16LE_ENCODER 0
-%define CONFIG_PCM_S16LE_PLANAR_ENCODER 0
-%define CONFIG_PCM_S24BE_ENCODER 0
-%define CONFIG_PCM_S24DAUD_ENCODER 0
-%define CONFIG_PCM_S24LE_ENCODER 0
-%define CONFIG_PCM_S24LE_PLANAR_ENCODER 0
-%define CONFIG_PCM_S32BE_ENCODER 0
-%define CONFIG_PCM_S32LE_ENCODER 0
-%define CONFIG_PCM_S32LE_PLANAR_ENCODER 0
-%define CONFIG_PCM_S64BE_ENCODER 0
-%define CONFIG_PCM_S64LE_ENCODER 0
-%define CONFIG_PCM_U8_ENCODER 0
-%define CONFIG_PCM_U16BE_ENCODER 0
-%define CONFIG_PCM_U16LE_ENCODER 0
-%define CONFIG_PCM_U24BE_ENCODER 0
-%define CONFIG_PCM_U24LE_ENCODER 0
-%define CONFIG_PCM_U32BE_ENCODER 0
-%define CONFIG_PCM_U32LE_ENCODER 0
-%define CONFIG_ROQ_DPCM_ENCODER 0
-%define CONFIG_ADPCM_ADX_ENCODER 0
-%define CONFIG_ADPCM_G722_ENCODER 0
-%define CONFIG_ADPCM_G726_ENCODER 0
-%define CONFIG_ADPCM_IMA_QT_ENCODER 0
-%define CONFIG_ADPCM_IMA_WAV_ENCODER 0
-%define CONFIG_ADPCM_MS_ENCODER 0
-%define CONFIG_ADPCM_SWF_ENCODER 0
-%define CONFIG_ADPCM_YAMAHA_ENCODER 0
-%define CONFIG_SSA_ENCODER 0
-%define CONFIG_ASS_ENCODER 0
-%define CONFIG_DVBSUB_ENCODER 0
-%define CONFIG_DVDSUB_ENCODER 0
-%define CONFIG_MOVTEXT_ENCODER 0
-%define CONFIG_SRT_ENCODER 0
-%define CONFIG_SUBRIP_ENCODER 0
-%define CONFIG_TEXT_ENCODER 0
-%define CONFIG_WEBVTT_ENCODER 0
-%define CONFIG_XSUB_ENCODER 0
-%define CONFIG_AAC_AT_ENCODER 0
-%define CONFIG_ALAC_AT_ENCODER 0
-%define CONFIG_ILBC_AT_ENCODER 0
-%define CONFIG_PCM_ALAW_AT_ENCODER 0
-%define CONFIG_PCM_MULAW_AT_ENCODER 0
-%define CONFIG_LIBFDK_AAC_ENCODER 0
-%define CONFIG_LIBGSM_ENCODER 0
-%define CONFIG_LIBGSM_MS_ENCODER 0
-%define CONFIG_LIBILBC_ENCODER 0
-%define CONFIG_LIBMP3LAME_ENCODER 0
-%define CONFIG_LIBOPENCORE_AMRNB_ENCODER 0
-%define CONFIG_LIBOPENJPEG_ENCODER 0
-%define CONFIG_LIBOPUS_ENCODER 0
-%define CONFIG_LIBSCHROEDINGER_ENCODER 0
-%define CONFIG_LIBSHINE_ENCODER 0
-%define CONFIG_LIBSPEEX_ENCODER 0
-%define CONFIG_LIBTHEORA_ENCODER 0
-%define CONFIG_LIBTWOLAME_ENCODER 0
-%define CONFIG_LIBVO_AMRWBENC_ENCODER 0
-%define CONFIG_LIBVORBIS_ENCODER 0
-%define CONFIG_LIBVPX_VP8_ENCODER 0
-%define CONFIG_LIBVPX_VP9_ENCODER 0
-%define CONFIG_LIBWAVPACK_ENCODER 0
-%define CONFIG_LIBWEBP_ANIM_ENCODER 0
-%define CONFIG_LIBWEBP_ENCODER 0
-%define CONFIG_LIBX262_ENCODER 0
-%define CONFIG_LIBX264_ENCODER 0
-%define CONFIG_LIBX264RGB_ENCODER 0
-%define CONFIG_LIBX265_ENCODER 0
-%define CONFIG_LIBXAVS_ENCODER 0
-%define CONFIG_LIBXVID_ENCODER 0
-%define CONFIG_LIBOPENH264_ENCODER 0
-%define CONFIG_H264_NVENC_ENCODER 0
-%define CONFIG_H264_OMX_ENCODER 0
-%define CONFIG_H264_QSV_ENCODER 0
-%define CONFIG_H264_VAAPI_ENCODER 0
-%define CONFIG_H264_VIDEOTOOLBOX_ENCODER 0
-%define CONFIG_NVENC_ENCODER 0
-%define CONFIG_NVENC_H264_ENCODER 0
-%define CONFIG_NVENC_HEVC_ENCODER 0
-%define CONFIG_HEVC_NVENC_ENCODER 0
-%define CONFIG_HEVC_QSV_ENCODER 0
-%define CONFIG_HEVC_VAAPI_ENCODER 0
-%define CONFIG_LIBKVAZAAR_ENCODER 0
-%define CONFIG_MJPEG_VAAPI_ENCODER 0
-%define CONFIG_MPEG2_QSV_ENCODER 0
-%define CONFIG_ABENCH_FILTER 0
-%define CONFIG_ACOMPRESSOR_FILTER 0
-%define CONFIG_ACROSSFADE_FILTER 0
-%define CONFIG_ACRUSHER_FILTER 0
-%define CONFIG_ADELAY_FILTER 0
-%define CONFIG_AECHO_FILTER 0
-%define CONFIG_AEMPHASIS_FILTER 0
-%define CONFIG_AEVAL_FILTER 0
-%define CONFIG_AFADE_FILTER 0
-%define CONFIG_AFFTFILT_FILTER 0
-%define CONFIG_AFORMAT_FILTER 0
-%define CONFIG_AGATE_FILTER 0
-%define CONFIG_AINTERLEAVE_FILTER 0
-%define CONFIG_ALIMITER_FILTER 0
-%define CONFIG_ALLPASS_FILTER 0
-%define CONFIG_ALOOP_FILTER 0
-%define CONFIG_AMERGE_FILTER 0
-%define CONFIG_AMETADATA_FILTER 0
-%define CONFIG_AMIX_FILTER 0
-%define CONFIG_ANEQUALIZER_FILTER 0
-%define CONFIG_ANULL_FILTER 0
-%define CONFIG_APAD_FILTER 0
-%define CONFIG_APERMS_FILTER 0
-%define CONFIG_APHASER_FILTER 0
-%define CONFIG_APULSATOR_FILTER 0
-%define CONFIG_AREALTIME_FILTER 0
-%define CONFIG_ARESAMPLE_FILTER 0
-%define CONFIG_AREVERSE_FILTER 0
-%define CONFIG_ASELECT_FILTER 0
-%define CONFIG_ASENDCMD_FILTER 0
-%define CONFIG_ASETNSAMPLES_FILTER 0
-%define CONFIG_ASETPTS_FILTER 0
-%define CONFIG_ASETRATE_FILTER 0
-%define CONFIG_ASETTB_FILTER 0
-%define CONFIG_ASHOWINFO_FILTER 0
-%define CONFIG_ASIDEDATA_FILTER 0
-%define CONFIG_ASPLIT_FILTER 0
-%define CONFIG_ASTATS_FILTER 0
-%define CONFIG_ASTREAMSELECT_FILTER 0
-%define CONFIG_ASYNCTS_FILTER 0
-%define CONFIG_ATEMPO_FILTER 0
-%define CONFIG_ATRIM_FILTER 0
-%define CONFIG_AZMQ_FILTER 0
-%define CONFIG_BANDPASS_FILTER 0
-%define CONFIG_BANDREJECT_FILTER 0
-%define CONFIG_BASS_FILTER 0
-%define CONFIG_BIQUAD_FILTER 0
-%define CONFIG_BS2B_FILTER 0
-%define CONFIG_CHANNELMAP_FILTER 0
-%define CONFIG_CHANNELSPLIT_FILTER 0
-%define CONFIG_CHORUS_FILTER 0
-%define CONFIG_COMPAND_FILTER 0
-%define CONFIG_COMPENSATIONDELAY_FILTER 0
-%define CONFIG_CRYSTALIZER_FILTER 0
-%define CONFIG_DCSHIFT_FILTER 0
-%define CONFIG_DYNAUDNORM_FILTER 0
-%define CONFIG_EARWAX_FILTER 0
-%define CONFIG_EBUR128_FILTER 0
-%define CONFIG_EQUALIZER_FILTER 0
-%define CONFIG_EXTRASTEREO_FILTER 0
-%define CONFIG_FIREQUALIZER_FILTER 0
-%define CONFIG_FLANGER_FILTER 0
-%define CONFIG_HDCD_FILTER 0
-%define CONFIG_HIGHPASS_FILTER 0
-%define CONFIG_JOIN_FILTER 0
-%define CONFIG_LADSPA_FILTER 0
-%define CONFIG_LOUDNORM_FILTER 0
-%define CONFIG_LOWPASS_FILTER 0
-%define CONFIG_PAN_FILTER 0
-%define CONFIG_REPLAYGAIN_FILTER 0
-%define CONFIG_RESAMPLE_FILTER 0
-%define CONFIG_RUBBERBAND_FILTER 0
-%define CONFIG_SIDECHAINCOMPRESS_FILTER 0
-%define CONFIG_SIDECHAINGATE_FILTER 0
-%define CONFIG_SILENCEDETECT_FILTER 0
-%define CONFIG_SILENCEREMOVE_FILTER 0
-%define CONFIG_SOFALIZER_FILTER 0
-%define CONFIG_STEREOTOOLS_FILTER 0
-%define CONFIG_STEREOWIDEN_FILTER 0
-%define CONFIG_TREBLE_FILTER 0
-%define CONFIG_TREMOLO_FILTER 0
-%define CONFIG_VIBRATO_FILTER 0
-%define CONFIG_VOLUME_FILTER 0
-%define CONFIG_VOLUMEDETECT_FILTER 0
-%define CONFIG_AEVALSRC_FILTER 0
-%define CONFIG_ANOISESRC_FILTER 0
-%define CONFIG_ANULLSRC_FILTER 0
-%define CONFIG_FLITE_FILTER 0
-%define CONFIG_SINE_FILTER 0
-%define CONFIG_ANULLSINK_FILTER 0
-%define CONFIG_ALPHAEXTRACT_FILTER 0
-%define CONFIG_ALPHAMERGE_FILTER 0
-%define CONFIG_ASS_FILTER 0
-%define CONFIG_ATADENOISE_FILTER 0
-%define CONFIG_AVGBLUR_FILTER 0
-%define CONFIG_BBOX_FILTER 0
-%define CONFIG_BENCH_FILTER 0
-%define CONFIG_BITPLANENOISE_FILTER 0
-%define CONFIG_BLACKDETECT_FILTER 0
-%define CONFIG_BLACKFRAME_FILTER 0
-%define CONFIG_BLEND_FILTER 0
-%define CONFIG_BOXBLUR_FILTER 0
-%define CONFIG_BWDIF_FILTER 0
-%define CONFIG_CHROMAKEY_FILTER 0
-%define CONFIG_CIESCOPE_FILTER 0
-%define CONFIG_CODECVIEW_FILTER 0
-%define CONFIG_COLORBALANCE_FILTER 0
-%define CONFIG_COLORCHANNELMIXER_FILTER 0
-%define CONFIG_COLORKEY_FILTER 0
-%define CONFIG_COLORLEVELS_FILTER 0
-%define CONFIG_COLORMATRIX_FILTER 0
-%define CONFIG_COLORSPACE_FILTER 0
-%define CONFIG_CONVOLUTION_FILTER 0
-%define CONFIG_COPY_FILTER 0
-%define CONFIG_COREIMAGE_FILTER 0
-%define CONFIG_COVER_RECT_FILTER 0
-%define CONFIG_CROP_FILTER 0
-%define CONFIG_CROPDETECT_FILTER 0
-%define CONFIG_CURVES_FILTER 0
-%define CONFIG_DATASCOPE_FILTER 0
-%define CONFIG_DCTDNOIZ_FILTER 0
-%define CONFIG_DEBAND_FILTER 0
-%define CONFIG_DECIMATE_FILTER 0
-%define CONFIG_DEFLATE_FILTER 0
-%define CONFIG_DEJUDDER_FILTER 0
-%define CONFIG_DELOGO_FILTER 0
-%define CONFIG_DESHAKE_FILTER 0
-%define CONFIG_DETELECINE_FILTER 0
-%define CONFIG_DILATION_FILTER 0
-%define CONFIG_DISPLACE_FILTER 0
-%define CONFIG_DRAWBOX_FILTER 0
-%define CONFIG_DRAWGRAPH_FILTER 0
-%define CONFIG_DRAWGRID_FILTER 0
-%define CONFIG_DRAWTEXT_FILTER 0
-%define CONFIG_EDGEDETECT_FILTER 0
-%define CONFIG_ELBG_FILTER 0
-%define CONFIG_EQ_FILTER 0
-%define CONFIG_EROSION_FILTER 0
-%define CONFIG_EXTRACTPLANES_FILTER 0
-%define CONFIG_FADE_FILTER 0
-%define CONFIG_FFTFILT_FILTER 0
-%define CONFIG_FIELD_FILTER 0
-%define CONFIG_FIELDHINT_FILTER 0
-%define CONFIG_FIELDMATCH_FILTER 0
-%define CONFIG_FIELDORDER_FILTER 0
-%define CONFIG_FIND_RECT_FILTER 0
-%define CONFIG_FORMAT_FILTER 0
-%define CONFIG_FPS_FILTER 0
-%define CONFIG_FRAMEPACK_FILTER 0
-%define CONFIG_FRAMERATE_FILTER 0
-%define CONFIG_FRAMESTEP_FILTER 0
-%define CONFIG_FREI0R_FILTER 0
-%define CONFIG_FSPP_FILTER 0
-%define CONFIG_GBLUR_FILTER 0
-%define CONFIG_GEQ_FILTER 0
-%define CONFIG_GRADFUN_FILTER 0
-%define CONFIG_HALDCLUT_FILTER 0
-%define CONFIG_HFLIP_FILTER 0
-%define CONFIG_HISTEQ_FILTER 0
-%define CONFIG_HISTOGRAM_FILTER 0
-%define CONFIG_HQDN3D_FILTER 0
-%define CONFIG_HQX_FILTER 0
-%define CONFIG_HSTACK_FILTER 0
-%define CONFIG_HUE_FILTER 0
-%define CONFIG_HWDOWNLOAD_FILTER 0
-%define CONFIG_HWUPLOAD_FILTER 0
-%define CONFIG_HWUPLOAD_CUDA_FILTER 0
-%define CONFIG_HYSTERESIS_FILTER 0
-%define CONFIG_IDET_FILTER 0
-%define CONFIG_IL_FILTER 0
-%define CONFIG_INFLATE_FILTER 0
-%define CONFIG_INTERLACE_FILTER 0
-%define CONFIG_INTERLEAVE_FILTER 0
-%define CONFIG_KERNDEINT_FILTER 0
-%define CONFIG_LENSCORRECTION_FILTER 0
-%define CONFIG_LOOP_FILTER 0
-%define CONFIG_LUT_FILTER 0
-%define CONFIG_LUT2_FILTER 0
-%define CONFIG_LUT3D_FILTER 0
-%define CONFIG_LUTRGB_FILTER 0
-%define CONFIG_LUTYUV_FILTER 0
-%define CONFIG_MASKEDCLAMP_FILTER 0
-%define CONFIG_MASKEDMERGE_FILTER 0
-%define CONFIG_MCDEINT_FILTER 0
-%define CONFIG_MERGEPLANES_FILTER 0
-%define CONFIG_MESTIMATE_FILTER 0
-%define CONFIG_METADATA_FILTER 0
-%define CONFIG_MINTERPOLATE_FILTER 0
-%define CONFIG_MPDECIMATE_FILTER 0
-%define CONFIG_NEGATE_FILTER 0
-%define CONFIG_NLMEANS_FILTER 0
-%define CONFIG_NNEDI_FILTER 0
-%define CONFIG_NOFORMAT_FILTER 0
-%define CONFIG_NOISE_FILTER 0
-%define CONFIG_NULL_FILTER 0
-%define CONFIG_OCR_FILTER 0
-%define CONFIG_OCV_FILTER 0
-%define CONFIG_OVERLAY_FILTER 0
-%define CONFIG_OWDENOISE_FILTER 0
-%define CONFIG_PAD_FILTER 0
-%define CONFIG_PALETTEGEN_FILTER 0
-%define CONFIG_PALETTEUSE_FILTER 0
-%define CONFIG_PERMS_FILTER 0
-%define CONFIG_PERSPECTIVE_FILTER 0
-%define CONFIG_PHASE_FILTER 0
-%define CONFIG_PIXDESCTEST_FILTER 0
-%define CONFIG_PP_FILTER 0
-%define CONFIG_PP7_FILTER 0
-%define CONFIG_PREWITT_FILTER 0
-%define CONFIG_PSNR_FILTER 0
-%define CONFIG_PULLUP_FILTER 0
-%define CONFIG_QP_FILTER 0
-%define CONFIG_RANDOM_FILTER 0
-%define CONFIG_READVITC_FILTER 0
-%define CONFIG_REALTIME_FILTER 0
-%define CONFIG_REMAP_FILTER 0
-%define CONFIG_REMOVEGRAIN_FILTER 0
-%define CONFIG_REMOVELOGO_FILTER 0
-%define CONFIG_REPEATFIELDS_FILTER 0
-%define CONFIG_REVERSE_FILTER 0
-%define CONFIG_ROTATE_FILTER 0
-%define CONFIG_SAB_FILTER 0
-%define CONFIG_SCALE_FILTER 0
-%define CONFIG_SCALE_NPP_FILTER 0
-%define CONFIG_SCALE_VAAPI_FILTER 0
-%define CONFIG_SCALE2REF_FILTER 0
-%define CONFIG_SELECT_FILTER 0
-%define CONFIG_SELECTIVECOLOR_FILTER 0
-%define CONFIG_SENDCMD_FILTER 0
-%define CONFIG_SEPARATEFIELDS_FILTER 0
-%define CONFIG_SETDAR_FILTER 0
-%define CONFIG_SETFIELD_FILTER 0
-%define CONFIG_SETPTS_FILTER 0
-%define CONFIG_SETSAR_FILTER 0
-%define CONFIG_SETTB_FILTER 0
-%define CONFIG_SHOWINFO_FILTER 0
-%define CONFIG_SHOWPALETTE_FILTER 0
-%define CONFIG_SHUFFLEFRAMES_FILTER 0
-%define CONFIG_SHUFFLEPLANES_FILTER 0
-%define CONFIG_SIDEDATA_FILTER 0
-%define CONFIG_SIGNALSTATS_FILTER 0
-%define CONFIG_SMARTBLUR_FILTER 0
-%define CONFIG_SOBEL_FILTER 0
-%define CONFIG_SPLIT_FILTER 0
-%define CONFIG_SPP_FILTER 0
-%define CONFIG_SSIM_FILTER 0
-%define CONFIG_STEREO3D_FILTER 0
-%define CONFIG_STREAMSELECT_FILTER 0
-%define CONFIG_SUBTITLES_FILTER 0
-%define CONFIG_SUPER2XSAI_FILTER 0
-%define CONFIG_SWAPRECT_FILTER 0
-%define CONFIG_SWAPUV_FILTER 0
-%define CONFIG_TBLEND_FILTER 0
-%define CONFIG_TELECINE_FILTER 0
-%define CONFIG_THUMBNAIL_FILTER 0
-%define CONFIG_TILE_FILTER 0
-%define CONFIG_TINTERLACE_FILTER 0
-%define CONFIG_TRANSPOSE_FILTER 0
-%define CONFIG_TRIM_FILTER 0
-%define CONFIG_UNSHARP_FILTER 0
-%define CONFIG_USPP_FILTER 0
-%define CONFIG_VAGUEDENOISER_FILTER 0
-%define CONFIG_VECTORSCOPE_FILTER 0
-%define CONFIG_VFLIP_FILTER 0
-%define CONFIG_VIDSTABDETECT_FILTER 0
-%define CONFIG_VIDSTABTRANSFORM_FILTER 0
-%define CONFIG_VIGNETTE_FILTER 0
-%define CONFIG_VSTACK_FILTER 0
-%define CONFIG_W3FDIF_FILTER 0
-%define CONFIG_WAVEFORM_FILTER 0
-%define CONFIG_WEAVE_FILTER 0
-%define CONFIG_XBR_FILTER 0
-%define CONFIG_YADIF_FILTER 0
-%define CONFIG_ZMQ_FILTER 0
-%define CONFIG_ZOOMPAN_FILTER 0
-%define CONFIG_ZSCALE_FILTER 0
-%define CONFIG_ALLRGB_FILTER 0
-%define CONFIG_ALLYUV_FILTER 0
-%define CONFIG_CELLAUTO_FILTER 0
-%define CONFIG_COLOR_FILTER 0
-%define CONFIG_COREIMAGESRC_FILTER 0
-%define CONFIG_FREI0R_SRC_FILTER 0
-%define CONFIG_HALDCLUTSRC_FILTER 0
-%define CONFIG_LIFE_FILTER 0
-%define CONFIG_MANDELBROT_FILTER 0
-%define CONFIG_MPTESTSRC_FILTER 0
-%define CONFIG_NULLSRC_FILTER 0
-%define CONFIG_RGBTESTSRC_FILTER 0
-%define CONFIG_SMPTEBARS_FILTER 0
-%define CONFIG_SMPTEHDBARS_FILTER 0
-%define CONFIG_TESTSRC_FILTER 0
-%define CONFIG_TESTSRC2_FILTER 0
-%define CONFIG_YUVTESTSRC_FILTER 0
-%define CONFIG_NULLSINK_FILTER 0
-%define CONFIG_ADRAWGRAPH_FILTER 0
-%define CONFIG_AHISTOGRAM_FILTER 0
-%define CONFIG_APHASEMETER_FILTER 0
-%define CONFIG_AVECTORSCOPE_FILTER 0
-%define CONFIG_CONCAT_FILTER 0
-%define CONFIG_SHOWCQT_FILTER 0
-%define CONFIG_SHOWFREQS_FILTER 0
-%define CONFIG_SHOWSPECTRUM_FILTER 0
-%define CONFIG_SHOWSPECTRUMPIC_FILTER 0
-%define CONFIG_SHOWVOLUME_FILTER 0
-%define CONFIG_SHOWWAVES_FILTER 0
-%define CONFIG_SHOWWAVESPIC_FILTER 0
-%define CONFIG_SPECTRUMSYNTH_FILTER 0
-%define CONFIG_AMOVIE_FILTER 0
-%define CONFIG_MOVIE_FILTER 0
-%define CONFIG_H263_CUVID_HWACCEL 0
-%define CONFIG_H263_VAAPI_HWACCEL 0
-%define CONFIG_H263_VIDEOTOOLBOX_HWACCEL 0
-%define CONFIG_H264_CUVID_HWACCEL 0
-%define CONFIG_H264_D3D11VA_HWACCEL 0
-%define CONFIG_H264_DXVA2_HWACCEL 0
-%define CONFIG_H264_MEDIACODEC_HWACCEL 0
-%define CONFIG_H264_MMAL_HWACCEL 0
-%define CONFIG_H264_QSV_HWACCEL 0
-%define CONFIG_H264_VAAPI_HWACCEL 0
-%define CONFIG_H264_VDA_HWACCEL 0
-%define CONFIG_H264_VDA_OLD_HWACCEL 0
-%define CONFIG_H264_VDPAU_HWACCEL 0
-%define CONFIG_H264_VIDEOTOOLBOX_HWACCEL 0
-%define CONFIG_HEVC_CUVID_HWACCEL 0
-%define CONFIG_HEVC_D3D11VA_HWACCEL 0
-%define CONFIG_HEVC_DXVA2_HWACCEL 0
-%define CONFIG_HEVC_MEDIACODEC_HWACCEL 0
-%define CONFIG_HEVC_QSV_HWACCEL 0
-%define CONFIG_HEVC_VAAPI_HWACCEL 0
-%define CONFIG_HEVC_VDPAU_HWACCEL 0
-%define CONFIG_MJPEG_CUVID_HWACCEL 0
-%define CONFIG_MPEG1_CUVID_HWACCEL 0
-%define CONFIG_MPEG1_XVMC_HWACCEL 0
-%define CONFIG_MPEG1_VDPAU_HWACCEL 0
-%define CONFIG_MPEG1_VIDEOTOOLBOX_HWACCEL 0
-%define CONFIG_MPEG2_CUVID_HWACCEL 0
-%define CONFIG_MPEG2_XVMC_HWACCEL 0
-%define CONFIG_MPEG2_D3D11VA_HWACCEL 0
-%define CONFIG_MPEG2_DXVA2_HWACCEL 0
-%define CONFIG_MPEG2_MMAL_HWACCEL 0
-%define CONFIG_MPEG2_QSV_HWACCEL 0
-%define CONFIG_MPEG2_VAAPI_HWACCEL 0
-%define CONFIG_MPEG2_VDPAU_HWACCEL 0
-%define CONFIG_MPEG2_VIDEOTOOLBOX_HWACCEL 0
-%define CONFIG_MPEG4_CUVID_HWACCEL 0
-%define CONFIG_MPEG4_MEDIACODEC_HWACCEL 0
-%define CONFIG_MPEG4_MMAL_HWACCEL 0
-%define CONFIG_MPEG4_VAAPI_HWACCEL 0
-%define CONFIG_MPEG4_VDPAU_HWACCEL 0
-%define CONFIG_MPEG4_VIDEOTOOLBOX_HWACCEL 0
-%define CONFIG_VC1_CUVID_HWACCEL 0
-%define CONFIG_VC1_D3D11VA_HWACCEL 0
-%define CONFIG_VC1_DXVA2_HWACCEL 0
-%define CONFIG_VC1_VAAPI_HWACCEL 0
-%define CONFIG_VC1_VDPAU_HWACCEL 0
-%define CONFIG_VC1_MMAL_HWACCEL 0
-%define CONFIG_VC1_QSV_HWACCEL 0
-%define CONFIG_VP8_CUVID_HWACCEL 0
-%define CONFIG_VP8_MEDIACODEC_HWACCEL 0
-%define CONFIG_VP9_CUVID_HWACCEL 0
-%define CONFIG_VP9_D3D11VA_HWACCEL 0
-%define CONFIG_VP9_DXVA2_HWACCEL 0
-%define CONFIG_VP9_MEDIACODEC_HWACCEL 0
-%define CONFIG_VP9_VAAPI_HWACCEL 0
-%define CONFIG_WMV3_D3D11VA_HWACCEL 0
-%define CONFIG_WMV3_DXVA2_HWACCEL 0
-%define CONFIG_WMV3_VAAPI_HWACCEL 0
-%define CONFIG_WMV3_VDPAU_HWACCEL 0
-%define CONFIG_ALSA_INDEV 0
-%define CONFIG_AVFOUNDATION_INDEV 0
-%define CONFIG_BKTR_INDEV 0
-%define CONFIG_DECKLINK_INDEV 0
-%define CONFIG_DSHOW_INDEV 0
-%define CONFIG_DV1394_INDEV 0
-%define CONFIG_FBDEV_INDEV 0
-%define CONFIG_GDIGRAB_INDEV 0
-%define CONFIG_IEC61883_INDEV 0
-%define CONFIG_JACK_INDEV 0
-%define CONFIG_LAVFI_INDEV 0
-%define CONFIG_OPENAL_INDEV 0
-%define CONFIG_OSS_INDEV 0
-%define CONFIG_PULSE_INDEV 0
-%define CONFIG_QTKIT_INDEV 0
-%define CONFIG_SNDIO_INDEV 0
-%define CONFIG_V4L2_INDEV 0
-%define CONFIG_VFWCAP_INDEV 0
-%define CONFIG_X11GRAB_INDEV 0
-%define CONFIG_X11GRAB_XCB_INDEV 0
-%define CONFIG_LIBCDIO_INDEV 0
-%define CONFIG_LIBDC1394_INDEV 0
-%define CONFIG_A64_MUXER 0
-%define CONFIG_AC3_MUXER 0
-%define CONFIG_ADTS_MUXER 0
-%define CONFIG_ADX_MUXER 0
-%define CONFIG_AIFF_MUXER 0
-%define CONFIG_AMR_MUXER 0
-%define CONFIG_APNG_MUXER 0
-%define CONFIG_ASF_MUXER 0
-%define CONFIG_ASS_MUXER 0
-%define CONFIG_AST_MUXER 0
-%define CONFIG_ASF_STREAM_MUXER 0
-%define CONFIG_AU_MUXER 0
-%define CONFIG_AVI_MUXER 0
-%define CONFIG_AVM2_MUXER 0
-%define CONFIG_BIT_MUXER 0
-%define CONFIG_CAF_MUXER 0
-%define CONFIG_CAVSVIDEO_MUXER 0
-%define CONFIG_CRC_MUXER 0
-%define CONFIG_DASH_MUXER 0
-%define CONFIG_DATA_MUXER 0
-%define CONFIG_DAUD_MUXER 0
-%define CONFIG_DIRAC_MUXER 0
-%define CONFIG_DNXHD_MUXER 0
-%define CONFIG_DTS_MUXER 0
-%define CONFIG_DV_MUXER 0
-%define CONFIG_EAC3_MUXER 0
-%define CONFIG_F4V_MUXER 0
-%define CONFIG_FFM_MUXER 0
-%define CONFIG_FFMETADATA_MUXER 0
-%define CONFIG_FIFO_MUXER 0
-%define CONFIG_FILMSTRIP_MUXER 0
-%define CONFIG_FLAC_MUXER 0
-%define CONFIG_FLV_MUXER 0
-%define CONFIG_FRAMECRC_MUXER 0
-%define CONFIG_FRAMEHASH_MUXER 0
-%define CONFIG_FRAMEMD5_MUXER 0
-%define CONFIG_G722_MUXER 0
-%define CONFIG_G723_1_MUXER 0
-%define CONFIG_GIF_MUXER 0
-%define CONFIG_GSM_MUXER 0
-%define CONFIG_GXF_MUXER 0
-%define CONFIG_H261_MUXER 0
-%define CONFIG_H263_MUXER 0
-%define CONFIG_H264_MUXER 0
-%define CONFIG_HASH_MUXER 0
-%define CONFIG_HDS_MUXER 0
-%define CONFIG_HEVC_MUXER 0
-%define CONFIG_HLS_MUXER 0
-%define CONFIG_ICO_MUXER 0
-%define CONFIG_ILBC_MUXER 0
-%define CONFIG_IMAGE2_MUXER 0
-%define CONFIG_IMAGE2PIPE_MUXER 0
-%define CONFIG_IPOD_MUXER 0
-%define CONFIG_IRCAM_MUXER 0
-%define CONFIG_ISMV_MUXER 0
-%define CONFIG_IVF_MUXER 0
-%define CONFIG_JACOSUB_MUXER 0
-%define CONFIG_LATM_MUXER 0
-%define CONFIG_LRC_MUXER 0
-%define CONFIG_M4V_MUXER 0
-%define CONFIG_MD5_MUXER 0
-%define CONFIG_MATROSKA_MUXER 0
-%define CONFIG_MATROSKA_AUDIO_MUXER 0
-%define CONFIG_MICRODVD_MUXER 0
-%define CONFIG_MJPEG_MUXER 0
-%define CONFIG_MLP_MUXER 0
-%define CONFIG_MMF_MUXER 0
-%define CONFIG_MOV_MUXER 0
-%define CONFIG_MP2_MUXER 0
-%define CONFIG_MP3_MUXER 0
-%define CONFIG_MP4_MUXER 0
-%define CONFIG_MPEG1SYSTEM_MUXER 0
-%define CONFIG_MPEG1VCD_MUXER 0
-%define CONFIG_MPEG1VIDEO_MUXER 0
-%define CONFIG_MPEG2DVD_MUXER 0
-%define CONFIG_MPEG2SVCD_MUXER 0
-%define CONFIG_MPEG2VIDEO_MUXER 0
-%define CONFIG_MPEG2VOB_MUXER 0
-%define CONFIG_MPEGTS_MUXER 0
-%define CONFIG_MPJPEG_MUXER 0
-%define CONFIG_MXF_MUXER 0
-%define CONFIG_MXF_D10_MUXER 0
-%define CONFIG_MXF_OPATOM_MUXER 0
-%define CONFIG_NULL_MUXER 0
-%define CONFIG_NUT_MUXER 0
-%define CONFIG_OGA_MUXER 0
-%define CONFIG_OGG_MUXER 0
-%define CONFIG_OGV_MUXER 0
-%define CONFIG_OMA_MUXER 0
-%define CONFIG_OPUS_MUXER 0
-%define CONFIG_PCM_ALAW_MUXER 0
-%define CONFIG_PCM_MULAW_MUXER 0
-%define CONFIG_PCM_F64BE_MUXER 0
-%define CONFIG_PCM_F64LE_MUXER 0
-%define CONFIG_PCM_F32BE_MUXER 0
-%define CONFIG_PCM_F32LE_MUXER 0
-%define CONFIG_PCM_S32BE_MUXER 0
-%define CONFIG_PCM_S32LE_MUXER 0
-%define CONFIG_PCM_S24BE_MUXER 0
-%define CONFIG_PCM_S24LE_MUXER 0
-%define CONFIG_PCM_S16BE_MUXER 0
-%define CONFIG_PCM_S16LE_MUXER 0
-%define CONFIG_PCM_S8_MUXER 0
-%define CONFIG_PCM_U32BE_MUXER 0
-%define CONFIG_PCM_U32LE_MUXER 0
-%define CONFIG_PCM_U24BE_MUXER 0
-%define CONFIG_PCM_U24LE_MUXER 0
-%define CONFIG_PCM_U16BE_MUXER 0
-%define CONFIG_PCM_U16LE_MUXER 0
-%define CONFIG_PCM_U8_MUXER 0
-%define CONFIG_PSP_MUXER 0
-%define CONFIG_RAWVIDEO_MUXER 0
-%define CONFIG_RM_MUXER 0
-%define CONFIG_ROQ_MUXER 0
-%define CONFIG_RSO_MUXER 0
-%define CONFIG_RTP_MUXER 0
-%define CONFIG_RTP_MPEGTS_MUXER 0
-%define CONFIG_RTSP_MUXER 0
-%define CONFIG_SAP_MUXER 0
-%define CONFIG_SEGMENT_MUXER 0
-%define CONFIG_STREAM_SEGMENT_MUXER 0
-%define CONFIG_SINGLEJPEG_MUXER 0
-%define CONFIG_SMJPEG_MUXER 0
-%define CONFIG_SMOOTHSTREAMING_MUXER 0
-%define CONFIG_SOX_MUXER 0
-%define CONFIG_SPX_MUXER 0
-%define CONFIG_SPDIF_MUXER 0
-%define CONFIG_SRT_MUXER 0
-%define CONFIG_SWF_MUXER 0
-%define CONFIG_TEE_MUXER 0
-%define CONFIG_TG2_MUXER 0
-%define CONFIG_TGP_MUXER 0
-%define CONFIG_MKVTIMESTAMP_V2_MUXER 0
-%define CONFIG_TRUEHD_MUXER 0
-%define CONFIG_TTA_MUXER 0
-%define CONFIG_UNCODEDFRAMECRC_MUXER 0
-%define CONFIG_VC1_MUXER 0
-%define CONFIG_VC1T_MUXER 0
-%define CONFIG_VOC_MUXER 0
-%define CONFIG_W64_MUXER 0
-%define CONFIG_WAV_MUXER 0
-%define CONFIG_WEBM_MUXER 0
-%define CONFIG_WEBM_DASH_MANIFEST_MUXER 0
-%define CONFIG_WEBM_CHUNK_MUXER 0
-%define CONFIG_WEBP_MUXER 0
-%define CONFIG_WEBVTT_MUXER 0
-%define CONFIG_WTV_MUXER 0
-%define CONFIG_WV_MUXER 0
-%define CONFIG_YUV4MPEGPIPE_MUXER 0
-%define CONFIG_CHROMAPRINT_MUXER 0
-%define CONFIG_LIBNUT_MUXER 0
-%define CONFIG_ALSA_OUTDEV 0
-%define CONFIG_CACA_OUTDEV 0
-%define CONFIG_DECKLINK_OUTDEV 0
-%define CONFIG_FBDEV_OUTDEV 0
-%define CONFIG_OPENGL_OUTDEV 0
-%define CONFIG_OSS_OUTDEV 0
-%define CONFIG_PULSE_OUTDEV 0
-%define CONFIG_SDL2_OUTDEV 0
-%define CONFIG_SNDIO_OUTDEV 0
-%define CONFIG_V4L2_OUTDEV 0
-%define CONFIG_XV_OUTDEV 0
-%define CONFIG_AAC_PARSER 0
-%define CONFIG_AAC_LATM_PARSER 0
-%define CONFIG_AC3_PARSER 0
-%define CONFIG_ADX_PARSER 0
-%define CONFIG_BMP_PARSER 0
-%define CONFIG_CAVSVIDEO_PARSER 0
-%define CONFIG_COOK_PARSER 0
-%define CONFIG_DCA_PARSER 0
-%define CONFIG_DIRAC_PARSER 0
-%define CONFIG_DNXHD_PARSER 0
-%define CONFIG_DPX_PARSER 0
-%define CONFIG_DVAUDIO_PARSER 0
-%define CONFIG_DVBSUB_PARSER 0
-%define CONFIG_DVDSUB_PARSER 0
-%define CONFIG_DVD_NAV_PARSER 0
-%define CONFIG_FLAC_PARSER 1
-%define CONFIG_G729_PARSER 0
-%define CONFIG_GSM_PARSER 0
-%define CONFIG_H261_PARSER 0
-%define CONFIG_H263_PARSER 0
-%define CONFIG_H264_PARSER 0
-%define CONFIG_HEVC_PARSER 0
-%define CONFIG_MJPEG_PARSER 0
-%define CONFIG_MLP_PARSER 0
-%define CONFIG_MPEG4VIDEO_PARSER 0
-%define CONFIG_MPEGAUDIO_PARSER 0
-%define CONFIG_MPEGVIDEO_PARSER 0
-%define CONFIG_OPUS_PARSER 0
-%define CONFIG_PNG_PARSER 0
-%define CONFIG_PNM_PARSER 0
-%define CONFIG_RV30_PARSER 0
-%define CONFIG_RV40_PARSER 0
-%define CONFIG_TAK_PARSER 0
-%define CONFIG_VC1_PARSER 0
-%define CONFIG_VORBIS_PARSER 0
-%define CONFIG_VP3_PARSER 0
+%define CONFIG_FLAC_PARSER 0
 %define CONFIG_VP8_PARSER 1
 %define CONFIG_VP9_PARSER 1
-%define CONFIG_ASYNC_PROTOCOL 0
-%define CONFIG_BLURAY_PROTOCOL 0
-%define CONFIG_CACHE_PROTOCOL 0
-%define CONFIG_CONCAT_PROTOCOL 0
-%define CONFIG_CRYPTO_PROTOCOL 0
-%define CONFIG_DATA_PROTOCOL 0
-%define CONFIG_FFRTMPCRYPT_PROTOCOL 0
-%define CONFIG_FFRTMPHTTP_PROTOCOL 0
-%define CONFIG_FILE_PROTOCOL 0
-%define CONFIG_FTP_PROTOCOL 0
-%define CONFIG_GOPHER_PROTOCOL 0
-%define CONFIG_HLS_PROTOCOL 0
-%define CONFIG_HTTP_PROTOCOL 0
-%define CONFIG_HTTPPROXY_PROTOCOL 0
-%define CONFIG_HTTPS_PROTOCOL 0
-%define CONFIG_ICECAST_PROTOCOL 0
-%define CONFIG_MMSH_PROTOCOL 0
-%define CONFIG_MMST_PROTOCOL 0
-%define CONFIG_MD5_PROTOCOL 0
-%define CONFIG_PIPE_PROTOCOL 0
-%define CONFIG_RTMP_PROTOCOL 0
-%define CONFIG_RTMPE_PROTOCOL 0
-%define CONFIG_RTMPS_PROTOCOL 0
-%define CONFIG_RTMPT_PROTOCOL 0
-%define CONFIG_RTMPTE_PROTOCOL 0
-%define CONFIG_RTMPTS_PROTOCOL 0
-%define CONFIG_RTP_PROTOCOL 0
-%define CONFIG_SCTP_PROTOCOL 0
-%define CONFIG_SRTP_PROTOCOL 0
-%define CONFIG_SUBFILE_PROTOCOL 0
-%define CONFIG_TEE_PROTOCOL 0
-%define CONFIG_TCP_PROTOCOL 0
-%define CONFIG_TLS_GNUTLS_PROTOCOL 0
-%define CONFIG_TLS_SCHANNEL_PROTOCOL 0
-%define CONFIG_TLS_SECURETRANSPORT_PROTOCOL 0
-%define CONFIG_TLS_OPENSSL_PROTOCOL 0
-%define CONFIG_UDP_PROTOCOL 0
-%define CONFIG_UDPLITE_PROTOCOL 0
-%define CONFIG_UNIX_PROTOCOL 0
-%define CONFIG_LIBRTMP_PROTOCOL 0
-%define CONFIG_LIBRTMPE_PROTOCOL 0
-%define CONFIG_LIBRTMPS_PROTOCOL 0
-%define CONFIG_LIBRTMPT_PROTOCOL 0
-%define CONFIG_LIBRTMPTE_PROTOCOL 0
-%define CONFIG_LIBSSH_PROTOCOL 0
-%define CONFIG_LIBSMBCLIENT_PROTOCOL 0
diff --git a/media/ffvpx/config_win64.h b/media/ffvpx/config_win64.h
index 64d09d226..b74b8d507 100644
--- a/media/ffvpx/config_win64.h
+++ b/media/ffvpx/config_win64.h
@@ -1,12 +1,12 @@
 /* Automatically generated by configure - do not modify! */
 #ifndef FFMPEG_CONFIG_H
 #define FFMPEG_CONFIG_H
-#define FFMPEG_CONFIGURATION "--disable-everything --disable-protocols --disable-demuxers --disable-muxers --disable-filters --disable-programs --disable-doc --disable-parsers --enable-parser=vp8 --enable-parser=vp9 --enable-decoder=vp8 --enable-decoder=vp9 --disable-static --enable-shared --disable-debug --disable-sdl --disable-libxcb --disable-securetransport --disable-iconv --disable-swresample --disable-swscale --disable-avdevice --disable-avfilter --disable-avformat --disable-d3d11va --disable-dxva2 --disable-vaapi --disable-vda --disable-vdpau --disable-videotoolbox --enable-asm --enable-yasm --toolchain=msvc"
+#define FFMPEG_CONFIGURATION "--disable-everything --disable-protocols --disable-demuxers --disable-muxers --disable-filters --disable-programs --disable-doc --disable-parsers --enable-parser=vp8 --enable-parser=vp9 --enable-decoder=vp8 --enable-decoder=vp9 --disable-static --enable-shared --disable-debug --disable-sdl2 --disable-libxcb --disable-securetransport --disable-iconv --disable-swresample --disable-swscale --disable-avdevice --disable-avfilter --disable-avformat --disable-d3d11va --disable-dxva2 --disable-vaapi --disable-vdpau --disable-videotoolbox --enable-decoder=flac --enable-asm --enable-yasm --toolchain=msvc"
 #define FFMPEG_LICENSE "LGPL version 2.1 or later"
-#define CONFIG_THIS_YEAR 2016
+#define CONFIG_THIS_YEAR 2017
 #define FFMPEG_DATADIR "/usr/local/share/ffmpeg"
 #define AVCONV_DATADIR "/usr/local/share/ffmpeg"
-#define CC_IDENT "Microsoft (R) C/C++ Optimizing Compiler Version 19.00.23506 for x64"
+#define CC_IDENT "Microsoft (R) C/C++ Optimizing Compiler Version 19.11.25508.2 for x64"
 #define av_restrict __restrict
 #define EXTERN_PREFIX ""
 #define EXTERN_ASM
@@ -79,8 +79,8 @@
 #define HAVE_MIPSDSP 0
 #define HAVE_MIPSDSPR2 0
 #define HAVE_MSA 0
-#define HAVE_LOONGSON2 1
-#define HAVE_LOONGSON3 1
+#define HAVE_LOONGSON2 0
+#define HAVE_LOONGSON3 0
 #define HAVE_MMI 0
 #define HAVE_ARMV5TE_EXTERNAL 0
 #define HAVE_ARMV6_EXTERNAL 0
@@ -172,37 +172,38 @@
 #define HAVE_MMI_INLINE 0
 #define HAVE_ALIGNED_STACK 1
 #define HAVE_FAST_64BIT 1
-#define HAVE_FAST_CLZ 1
+#define HAVE_FAST_CLZ 0
 #define HAVE_FAST_CMOV 1
 #define HAVE_LOCAL_ALIGNED_8 1
 #define HAVE_LOCAL_ALIGNED_16 1
 #define HAVE_LOCAL_ALIGNED_32 1
 #define HAVE_SIMD_ALIGN_16 1
+#define HAVE_SIMD_ALIGN_32 1
 #define HAVE_ATOMICS_GCC 0
 #define HAVE_ATOMICS_SUNCC 0
 #define HAVE_ATOMICS_WIN32 1
 #define HAVE_ATOMIC_CAS_PTR 0
-#define HAVE_ATOMIC_COMPARE_EXCHANGE 0
 #define HAVE_MACHINE_RW_BARRIER 0
 #define HAVE_MEMORYBARRIER 1
 #define HAVE_MM_EMPTY 0
 #define HAVE_RDTSC 1
 #define HAVE_SARESTART 0
-#define HAVE_SEM_TIMEDWAIT 1
+#define HAVE_SEM_TIMEDWAIT 0
 #define HAVE_SYNC_VAL_COMPARE_AND_SWAP 0
 #define HAVE_CABS 0
 #define HAVE_CEXP 0
 #define HAVE_INLINE_ASM 0
 #define HAVE_SYMVER 0
-#define HAVE_YASM 1
+#define HAVE_X86ASM 1
 #define HAVE_BIGENDIAN 0
 #define HAVE_FAST_UNALIGNED 1
-#define HAVE_ALSA_ASOUNDLIB_H 0
 #define HAVE_ALTIVEC_H 0
 #define HAVE_ARPA_INET_H 0
 #define HAVE_ASM_TYPES_H 0
 #define HAVE_CDIO_PARANOIA_H 0
 #define HAVE_CDIO_PARANOIA_PARANOIA_H 0
+#define HAVE_CUDA_H 0
+#define HAVE_D3D11_H 1
 #define HAVE_DISPATCH_DISPATCH_H 0
 #define HAVE_DEV_BKTR_IOCTL_BT848_H 0
 #define HAVE_DEV_BKTR_IOCTL_METEOR_H 0
@@ -212,7 +213,7 @@
 #define HAVE_DIRECT_H 1
 #define HAVE_DIRENT_H 0
 #define HAVE_DLFCN_H 0
-#define HAVE_D3D11_H 1
+#define HAVE_DXGIDEBUG_H 1
 #define HAVE_DXVA_H 1
 #define HAVE_ES2_GL_H 0
 #define HAVE_GSM_H 0
@@ -221,13 +222,15 @@
 #define HAVE_MACHINE_IOCTL_BT848_H 0
 #define HAVE_MACHINE_IOCTL_METEOR_H 0
 #define HAVE_OPENCV2_CORE_CORE_C_H 0
+#define HAVE_OPENJPEG_2_3_OPENJPEG_H 0
+#define HAVE_OPENJPEG_2_2_OPENJPEG_H 0
 #define HAVE_OPENJPEG_2_1_OPENJPEG_H 0
 #define HAVE_OPENJPEG_2_0_OPENJPEG_H 0
 #define HAVE_OPENJPEG_1_5_OPENJPEG_H 0
 #define HAVE_OPENGL_GL3_H 0
 #define HAVE_POLL_H 0
-#define HAVE_SNDIO_H 0
 #define HAVE_SOUNDCARD_H 0
+#define HAVE_STDATOMIC_H 0
 #define HAVE_SYS_MMAN_H 0
 #define HAVE_SYS_PARAM_H 0
 #define HAVE_SYS_RESOURCE_H 0
@@ -279,7 +282,6 @@
 #define HAVE_COMMANDLINETOARGVW 1
 #define HAVE_COTASKMEMFREE 1
 #define HAVE_CRYPTGENRANDOM 1
-#define HAVE_DLOPEN 0
 #define HAVE_FCNTL 0
 #define HAVE_FLT_LIM 1
 #define HAVE_FORK 0
@@ -299,7 +301,7 @@
 #define HAVE_ISATTY 1
 #define HAVE_JACK_PORT_GET_LATENCY_RANGE 0
 #define HAVE_KBHIT 1
-#define HAVE_LOADLIBRARY 0
+#define HAVE_LOADLIBRARY 1
 #define HAVE_LSTAT 0
 #define HAVE_LZO1X_999_COMPRESS 0
 #define HAVE_MACH_ABSOLUTE_TIME 0
@@ -326,11 +328,13 @@
 #define HAVE_OS2THREADS 0
 #define HAVE_W32THREADS 1
 #define HAVE_AS_DN_DIRECTIVE 0
+#define HAVE_AS_FPU_DIRECTIVE 0
 #define HAVE_AS_FUNC 0
 #define HAVE_AS_OBJECT_ARCH 0
 #define HAVE_ASM_MOD_Q 0
 #define HAVE_ATTRIBUTE_MAY_ALIAS 0
 #define HAVE_ATTRIBUTE_PACKED 0
+#define HAVE_BLOCKS_EXTENSION 0
 #define HAVE_EBP_AVAILABLE 0
 #define HAVE_EBX_AVAILABLE 0
 #define HAVE_GNU_AS 0
@@ -347,12 +351,13 @@
 #define HAVE_XFORM_ASM 0
 #define HAVE_XMM_CLOBBERS 0
 #define HAVE_CONDITION_VARIABLE_PTR 1
+#define HAVE_KCMVIDEOCODECTYPE_HEVC 0
 #define HAVE_SOCKLEN_T 1
 #define HAVE_STRUCT_ADDRINFO 1
 #define HAVE_STRUCT_GROUP_SOURCE_REQ 1
 #define HAVE_STRUCT_IP_MREQ_SOURCE 1
 #define HAVE_STRUCT_IPV6_MREQ 1
-#define HAVE_STRUCT_MSGHDR_MSG_FLAGS 1
+#define HAVE_STRUCT_MSGHDR_MSG_FLAGS 0
 #define HAVE_STRUCT_POLLFD 0
 #define HAVE_STRUCT_RUSAGE_RU_MAXRSS 0
 #define HAVE_STRUCT_SCTP_EVENT_SUBSCRIBE 0
@@ -363,36 +368,20 @@
 #define HAVE_STRUCT_V4L2_FRMIVALENUM_DISCRETE 0
 #define HAVE_ATOMICS_NATIVE 1
 #define HAVE_DOS_PATHS 1
-#define HAVE_DXVA2_LIB 0
-#define HAVE_DXVA2API_COBJ 1
 #define HAVE_LIBC_MSVCRT 1
-#define HAVE_LIBDC1394_1 0
-#define HAVE_LIBDC1394_2 0
 #define HAVE_MAKEINFO 1
 #define HAVE_MAKEINFO_HTML 0
 #define HAVE_MMAL_PARAMETER_VIDEO_MAX_NUM_CALLBACKS 0
 #define HAVE_PERL 1
 #define HAVE_POD2MAN 1
-#define HAVE_SDL2 0
 #define HAVE_SECTION_DATA_REL_RO 0
 #define HAVE_TEXI2HTML 0
 #define HAVE_THREADS 1
+#define HAVE_UWP 0
 #define HAVE_VAAPI_DRM 0
 #define HAVE_VAAPI_X11 0
 #define HAVE_VDPAU_X11 0
 #define HAVE_WINRT 0
-#define HAVE_XLIB 0
-#define CONFIG_BSFS 0
-#define CONFIG_DECODERS 1
-#define CONFIG_ENCODERS 0
-#define CONFIG_HWACCELS 0
-#define CONFIG_PARSERS 1
-#define CONFIG_INDEVS 0
-#define CONFIG_OUTDEVS 0
-#define CONFIG_FILTERS 0
-#define CONFIG_DEMUXERS 0
-#define CONFIG_MUXERS 0
-#define CONFIG_PROTOCOLS 0
 #define CONFIG_DOC 0
 #define CONFIG_HTMLPAGES 0
 #define CONFIG_MANPAGES 1
@@ -400,13 +389,17 @@
 #define CONFIG_TXTPAGES 1
 #define CONFIG_AVIO_DIR_CMD_EXAMPLE 1
 #define CONFIG_AVIO_READING_EXAMPLE 1
-#define CONFIG_DECODING_ENCODING_EXAMPLE 0
+#define CONFIG_DECODE_AUDIO_EXAMPLE 1
+#define CONFIG_DECODE_VIDEO_EXAMPLE 1
 #define CONFIG_DEMUXING_DECODING_EXAMPLE 0
+#define CONFIG_ENCODE_AUDIO_EXAMPLE 1
+#define CONFIG_ENCODE_VIDEO_EXAMPLE 1
 #define CONFIG_EXTRACT_MVS_EXAMPLE 0
 #define CONFIG_FILTER_AUDIO_EXAMPLE 0
 #define CONFIG_FILTERING_AUDIO_EXAMPLE 0
 #define CONFIG_FILTERING_VIDEO_EXAMPLE 0
 #define CONFIG_HTTP_MULTICLIENT_EXAMPLE 0
+#define CONFIG_HW_DECODE_EXAMPLE 0
 #define CONFIG_METADATA_EXAMPLE 0
 #define CONFIG_MUXING_EXAMPLE 0
 #define CONFIG_QSVDEC_EXAMPLE 0
@@ -415,27 +408,55 @@
 #define CONFIG_SCALING_VIDEO_EXAMPLE 0
 #define CONFIG_TRANSCODE_AAC_EXAMPLE 0
 #define CONFIG_TRANSCODING_EXAMPLE 0
-#define CONFIG_AVISYNTH 0
+#define CONFIG_ALSA 0
+#define CONFIG_APPKIT 0
+#define CONFIG_AVFOUNDATION 0
 #define CONFIG_BZLIB 0
-#define CONFIG_CHROMAPRINT 0
-#define CONFIG_CRYSTALHD 0
-#define CONFIG_DECKLINK 0
+#define CONFIG_COREIMAGE 0
+#define CONFIG_ICONV 0
+#define CONFIG_JACK 0
+#define CONFIG_LIBXCB 0
+#define CONFIG_LIBXCB_SHM 0
+#define CONFIG_LIBXCB_SHAPE 0
+#define CONFIG_LIBXCB_XFIXES 0
+#define CONFIG_LZMA 0
+#define CONFIG_SCHANNEL 1
+#define CONFIG_SDL2 0
+#define CONFIG_SECURETRANSPORT 0
+#define CONFIG_SNDIO 0
+#define CONFIG_XLIB 1
+#define CONFIG_ZLIB 0
+#define CONFIG_AVISYNTH 0
 #define CONFIG_FREI0R 0
-#define CONFIG_GCRYPT 0
+#define CONFIG_LIBCDIO 0
+#define CONFIG_LIBRUBBERBAND 0
+#define CONFIG_LIBVIDSTAB 0
+#define CONFIG_LIBX264 0
+#define CONFIG_LIBX265 0
+#define CONFIG_LIBXAVS 0
+#define CONFIG_LIBXVID 0
+#define CONFIG_DECKLINK 0
+#define CONFIG_LIBNDI_NEWTEK 0
+#define CONFIG_LIBFDK_AAC 0
+#define CONFIG_OPENSSL 0
 #define CONFIG_GMP 0
+#define CONFIG_LIBOPENCORE_AMRNB 0
+#define CONFIG_LIBOPENCORE_AMRWB 0
+#define CONFIG_LIBVO_AMRWBENC 0
+#define CONFIG_RKMPP 0
+#define CONFIG_LIBSMBCLIENT 0
+#define CONFIG_CHROMAPRINT 0
+#define CONFIG_GCRYPT 0
 #define CONFIG_GNUTLS 0
-#define CONFIG_ICONV 0
 #define CONFIG_JNI 0
 #define CONFIG_LADSPA 0
 #define CONFIG_LIBASS 0
 #define CONFIG_LIBBLURAY 0
 #define CONFIG_LIBBS2B 0
 #define CONFIG_LIBCACA 0
-#define CONFIG_LIBCDIO 0
 #define CONFIG_LIBCELT 0
 #define CONFIG_LIBDC1394 0
-#define CONFIG_LIBEBUR128 0
-#define CONFIG_LIBFDK_AAC 0
+#define CONFIG_LIBDRM 0
 #define CONFIG_LIBFLITE 0
 #define CONFIG_LIBFONTCONFIG 0
 #define CONFIG_LIBFREETYPE 0
@@ -447,18 +468,15 @@
 #define CONFIG_LIBKVAZAAR 0
 #define CONFIG_LIBMODPLUG 0
 #define CONFIG_LIBMP3LAME 0
-#define CONFIG_LIBNUT 0
-#define CONFIG_LIBOPENCORE_AMRNB 0
-#define CONFIG_LIBOPENCORE_AMRWB 0
+#define CONFIG_LIBMYSOFA 0
 #define CONFIG_LIBOPENCV 0
 #define CONFIG_LIBOPENH264 0
 #define CONFIG_LIBOPENJPEG 0
 #define CONFIG_LIBOPENMPT 0
 #define CONFIG_LIBOPUS 0
 #define CONFIG_LIBPULSE 0
+#define CONFIG_LIBRSVG 0
 #define CONFIG_LIBRTMP 0
-#define CONFIG_LIBRUBBERBAND 0
-#define CONFIG_LIBSCHROEDINGER 0
 #define CONFIG_LIBSHINE 0
 #define CONFIG_LIBSMBCLIENT 0
 #define CONFIG_LIBSNAPPY 0
@@ -469,53 +487,37 @@
 #define CONFIG_LIBTHEORA 0
 #define CONFIG_LIBTWOLAME 0
 #define CONFIG_LIBV4L2 0
-#define CONFIG_LIBVIDSTAB 0
-#define CONFIG_LIBVO_AMRWBENC 0
+#define CONFIG_LIBVMAF 0
 #define CONFIG_LIBVORBIS 0
 #define CONFIG_LIBVPX 0
 #define CONFIG_LIBWAVPACK 0
 #define CONFIG_LIBWEBP 0
-#define CONFIG_LIBX264 0
-#define CONFIG_LIBX265 0
-#define CONFIG_LIBXAVS 0
-#define CONFIG_LIBXCB 0
-#define CONFIG_LIBXCB_SHM 0
-#define CONFIG_LIBXCB_SHAPE 0
-#define CONFIG_LIBXCB_XFIXES 0
-#define CONFIG_LIBXVID 0
+#define CONFIG_LIBXML2 0
 #define CONFIG_LIBZIMG 0
 #define CONFIG_LIBZMQ 0
 #define CONFIG_LIBZVBI 0
-#define CONFIG_LZMA 0
 #define CONFIG_MEDIACODEC 0
-#define CONFIG_NETCDF 0
 #define CONFIG_OPENAL 0
 #define CONFIG_OPENCL 0
 #define CONFIG_OPENGL 0
-#define CONFIG_OPENSSL 0
-#define CONFIG_SCHANNEL 1
-#define CONFIG_SDL 0
-#define CONFIG_SDL2 0
-#define CONFIG_SECURETRANSPORT 0
-#define CONFIG_VIDEOTOOLBOX 0
-#define CONFIG_X11GRAB 0
-#define CONFIG_XLIB 0
-#define CONFIG_ZLIB 0
 #define CONFIG_AUDIOTOOLBOX 0
-#define CONFIG_CUDA 0
-#define CONFIG_CUVID 0
+#define CONFIG_CRYSTALHD 0
+#define CONFIG_CUDA 1
+#define CONFIG_CUVID 1
 #define CONFIG_D3D11VA 0
 #define CONFIG_DXVA2 0
-#define CONFIG_LIBMFX 0
-#define CONFIG_LIBNPP 0
-#define CONFIG_MMAL 0
-#define CONFIG_NVENC 0
-#define CONFIG_OMX 0
+#define CONFIG_NVENC 1
 #define CONFIG_VAAPI 0
 #define CONFIG_VDA 0
 #define CONFIG_VDPAU 0
-#define CONFIG_VIDEOTOOLBOX_HWACCEL 0
+#define CONFIG_VIDEOTOOLBOX 0
+#define CONFIG_V4L2_M2M 0
 #define CONFIG_XVMC 0
+#define CONFIG_CUDA_SDK 0
+#define CONFIG_LIBNPP 0
+#define CONFIG_LIBMFX 0
+#define CONFIG_MMAL 0
+#define CONFIG_OMX 0
 #define CONFIG_FTRAPV 0
 #define CONFIG_GRAY 0
 #define CONFIG_HARDCODED_TABLES 0
@@ -554,16 +556,27 @@
 #define CONFIG_PIXELUTILS 0
 #define CONFIG_NETWORK 0
 #define CONFIG_RDFT 0
+#define CONFIG_AUTODETECT 0
 #define CONFIG_FONTCONFIG 0
-#define CONFIG_MEMALIGN_HACK 0
+#define CONFIG_LINUX_PERF 0
 #define CONFIG_MEMORY_POISONING 0
 #define CONFIG_NEON_CLOBBER_TEST 0
+#define CONFIG_OSSFUZZ 0
 #define CONFIG_PIC 1
-#define CONFIG_POD2MAN 1
-#define CONFIG_RAISE_MAJOR 0
 #define CONFIG_THUMB 0
 #define CONFIG_VALGRIND_BACKTRACE 0
 #define CONFIG_XMM_CLOBBER_TEST 0
+#define CONFIG_BSFS 1
+#define CONFIG_DECODERS 1
+#define CONFIG_ENCODERS 0
+#define CONFIG_HWACCELS 0
+#define CONFIG_PARSERS 1
+#define CONFIG_INDEVS 0
+#define CONFIG_OUTDEVS 0
+#define CONFIG_FILTERS 0
+#define CONFIG_DEMUXERS 0
+#define CONFIG_MUXERS 0
+#define CONFIG_PROTOCOLS 0
 #define CONFIG_AANDCTTABLES 0
 #define CONFIG_AC3DSP 0
 #define CONFIG_AUDIO_FRAME_QUEUE 0
@@ -581,20 +594,22 @@
 #define CONFIG_FMTCONVERT 0
 #define CONFIG_FRAME_THREAD_ENCODER 0
 #define CONFIG_G722DSP 0
-#define CONFIG_GOLOMB 1
+#define CONFIG_GOLOMB 0
 #define CONFIG_GPLV3 0
 #define CONFIG_H263DSP 0
 #define CONFIG_H264CHROMA 0
 #define CONFIG_H264DSP 0
+#define CONFIG_H264PARSE 0
 #define CONFIG_H264PRED 1
 #define CONFIG_H264QPEL 0
+#define CONFIG_HEVCPARSE 0
 #define CONFIG_HPELDSP 0
 #define CONFIG_HUFFMAN 0
 #define CONFIG_HUFFYUVDSP 0
 #define CONFIG_HUFFYUVENCDSP 0
 #define CONFIG_IDCTDSP 0
 #define CONFIG_IIRFILTER 0
-#define CONFIG_IMDCT15 0
+#define CONFIG_MDCT15 0
 #define CONFIG_INTRAX8 0
 #define CONFIG_ISO_MEDIA 0
 #define CONFIG_IVIDSP 0
@@ -603,12 +618,14 @@
 #define CONFIG_LIBX262 0
 #define CONFIG_LLAUDDSP 0
 #define CONFIG_LLVIDDSP 0
+#define CONFIG_LLVIDENCDSP 0
 #define CONFIG_LPC 0
 #define CONFIG_LZF 0
 #define CONFIG_ME_CMP 0
 #define CONFIG_MPEG_ER 0
 #define CONFIG_MPEGAUDIO 0
 #define CONFIG_MPEGAUDIODSP 0
+#define CONFIG_MPEGAUDIOHEADER 0
 #define CONFIG_MPEGVIDEO 0
 #define CONFIG_MPEGVIDEOENC 0
 #define CONFIG_MSS34DSP 0
@@ -630,1595 +647,20 @@
 #define CONFIG_TEXTUREDSP 0
 #define CONFIG_TEXTUREDSPENC 0
 #define CONFIG_TPELDSP 0
+#define CONFIG_VAAPI_1 0
 #define CONFIG_VAAPI_ENCODE 0
 #define CONFIG_VC1DSP 0
 #define CONFIG_VIDEODSP 1
 #define CONFIG_VP3DSP 0
 #define CONFIG_VP56DSP 0
 #define CONFIG_VP8DSP 1
-#define CONFIG_VT_BT2020 0
 #define CONFIG_WMA_FREQS 0
 #define CONFIG_WMV2DSP 0
-#define CONFIG_AAC_ADTSTOASC_BSF 0
-#define CONFIG_CHOMP_BSF 0
-#define CONFIG_DUMP_EXTRADATA_BSF 0
-#define CONFIG_DCA_CORE_BSF 0
-#define CONFIG_H264_MP4TOANNEXB_BSF 0
-#define CONFIG_HEVC_MP4TOANNEXB_BSF 0
-#define CONFIG_IMX_DUMP_HEADER_BSF 0
-#define CONFIG_MJPEG2JPEG_BSF 0
-#define CONFIG_MJPEGA_DUMP_HEADER_BSF 0
-#define CONFIG_MP3_HEADER_DECOMPRESS_BSF 0
-#define CONFIG_MPEG4_UNPACK_BFRAMES_BSF 0
-#define CONFIG_MOV2TEXTSUB_BSF 0
-#define CONFIG_NOISE_BSF 0
-#define CONFIG_REMOVE_EXTRADATA_BSF 0
-#define CONFIG_TEXT2MOVSUB_BSF 0
-#define CONFIG_VP9_SUPERFRAME_BSF 0
-#define CONFIG_AASC_DECODER 0
-#define CONFIG_AIC_DECODER 0
-#define CONFIG_ALIAS_PIX_DECODER 0
-#define CONFIG_AMV_DECODER 0
-#define CONFIG_ANM_DECODER 0
-#define CONFIG_ANSI_DECODER 0
-#define CONFIG_APNG_DECODER 0
-#define CONFIG_ASV1_DECODER 0
-#define CONFIG_ASV2_DECODER 0
-#define CONFIG_AURA_DECODER 0
-#define CONFIG_AURA2_DECODER 0
-#define CONFIG_AVRP_DECODER 0
-#define CONFIG_AVRN_DECODER 0
-#define CONFIG_AVS_DECODER 0
-#define CONFIG_AVUI_DECODER 0
-#define CONFIG_AYUV_DECODER 0
-#define CONFIG_BETHSOFTVID_DECODER 0
-#define CONFIG_BFI_DECODER 0
-#define CONFIG_BINK_DECODER 0
-#define CONFIG_BMP_DECODER 0
-#define CONFIG_BMV_VIDEO_DECODER 0
-#define CONFIG_BRENDER_PIX_DECODER 0
-#define CONFIG_C93_DECODER 0
-#define CONFIG_CAVS_DECODER 0
-#define CONFIG_CDGRAPHICS_DECODER 0
-#define CONFIG_CDXL_DECODER 0
-#define CONFIG_CFHD_DECODER 0
-#define CONFIG_CINEPAK_DECODER 0
-#define CONFIG_CLJR_DECODER 0
-#define CONFIG_CLLC_DECODER 0
-#define CONFIG_COMFORTNOISE_DECODER 0
-#define CONFIG_CPIA_DECODER 0
-#define CONFIG_CSCD_DECODER 0
-#define CONFIG_CYUV_DECODER 0
-#define CONFIG_DDS_DECODER 0
-#define CONFIG_DFA_DECODER 0
-#define CONFIG_DIRAC_DECODER 0
-#define CONFIG_DNXHD_DECODER 0
-#define CONFIG_DPX_DECODER 0
-#define CONFIG_DSICINVIDEO_DECODER 0
-#define CONFIG_DVAUDIO_DECODER 0
-#define CONFIG_DVVIDEO_DECODER 0
-#define CONFIG_DXA_DECODER 0
-#define CONFIG_DXTORY_DECODER 0
-#define CONFIG_DXV_DECODER 0
-#define CONFIG_EACMV_DECODER 0
-#define CONFIG_EAMAD_DECODER 0
-#define CONFIG_EATGQ_DECODER 0
-#define CONFIG_EATGV_DECODER 0
-#define CONFIG_EATQI_DECODER 0
-#define CONFIG_EIGHTBPS_DECODER 0
-#define CONFIG_EIGHTSVX_EXP_DECODER 0
-#define CONFIG_EIGHTSVX_FIB_DECODER 0
-#define CONFIG_ESCAPE124_DECODER 0
-#define CONFIG_ESCAPE130_DECODER 0
-#define CONFIG_EXR_DECODER 0
-#define CONFIG_FFV1_DECODER 0
-#define CONFIG_FFVHUFF_DECODER 0
-#define CONFIG_FIC_DECODER 0
-#define CONFIG_FLASHSV_DECODER 0
-#define CONFIG_FLASHSV2_DECODER 0
-#define CONFIG_FLIC_DECODER 0
-#define CONFIG_FLV_DECODER 0
-#define CONFIG_FOURXM_DECODER 0
-#define CONFIG_FRAPS_DECODER 0
-#define CONFIG_FRWU_DECODER 0
-#define CONFIG_G2M_DECODER 0
-#define CONFIG_GIF_DECODER 0
-#define CONFIG_H261_DECODER 0
-#define CONFIG_H263_DECODER 0
-#define CONFIG_H263I_DECODER 0
-#define CONFIG_H263P_DECODER 0
-#define CONFIG_H264_DECODER 0
-#define CONFIG_H264_CRYSTALHD_DECODER 0
-#define CONFIG_H264_MEDIACODEC_DECODER 0
-#define CONFIG_H264_MMAL_DECODER 0
-#define CONFIG_H264_QSV_DECODER 0
-#define CONFIG_H264_VDA_DECODER 0
-#define CONFIG_H264_VDPAU_DECODER 0
-#define CONFIG_HAP_DECODER 0
-#define CONFIG_HEVC_DECODER 0
-#define CONFIG_HEVC_QSV_DECODER 0
-#define CONFIG_HNM4_VIDEO_DECODER 0
-#define CONFIG_HQ_HQA_DECODER 0
-#define CONFIG_HQX_DECODER 0
-#define CONFIG_HUFFYUV_DECODER 0
-#define CONFIG_IDCIN_DECODER 0
-#define CONFIG_IFF_ILBM_DECODER 0
-#define CONFIG_INDEO2_DECODER 0
-#define CONFIG_INDEO3_DECODER 0
-#define CONFIG_INDEO4_DECODER 0
-#define CONFIG_INDEO5_DECODER 0
-#define CONFIG_INTERPLAY_VIDEO_DECODER 0
-#define CONFIG_JPEG2000_DECODER 0
-#define CONFIG_JPEGLS_DECODER 0
-#define CONFIG_JV_DECODER 0
-#define CONFIG_KGV1_DECODER 0
-#define CONFIG_KMVC_DECODER 0
-#define CONFIG_LAGARITH_DECODER 0
-#define CONFIG_LOCO_DECODER 0
-#define CONFIG_M101_DECODER 0
-#define CONFIG_MAGICYUV_DECODER 0
-#define CONFIG_MDEC_DECODER 0
-#define CONFIG_MIMIC_DECODER 0
-#define CONFIG_MJPEG_DECODER 0
-#define CONFIG_MJPEGB_DECODER 0
-#define CONFIG_MMVIDEO_DECODER 0
-#define CONFIG_MOTIONPIXELS_DECODER 0
-#define CONFIG_MPEG_XVMC_DECODER 0
-#define CONFIG_MPEG1VIDEO_DECODER 0
-#define CONFIG_MPEG2VIDEO_DECODER 0
-#define CONFIG_MPEG4_DECODER 0
-#define CONFIG_MPEG4_CRYSTALHD_DECODER 0
-#define CONFIG_MPEG4_MMAL_DECODER 0
-#define CONFIG_MPEG4_VDPAU_DECODER 0
-#define CONFIG_MPEGVIDEO_DECODER 0
-#define CONFIG_MPEG_VDPAU_DECODER 0
-#define CONFIG_MPEG1_VDPAU_DECODER 0
-#define CONFIG_MPEG2_MMAL_DECODER 0
-#define CONFIG_MPEG2_CRYSTALHD_DECODER 0
-#define CONFIG_MPEG2_QSV_DECODER 0
-#define CONFIG_MSA1_DECODER 0
-#define CONFIG_MSMPEG4_CRYSTALHD_DECODER 0
-#define CONFIG_MSMPEG4V1_DECODER 0
-#define CONFIG_MSMPEG4V2_DECODER 0
-#define CONFIG_MSMPEG4V3_DECODER 0
-#define CONFIG_MSRLE_DECODER 0
-#define CONFIG_MSS1_DECODER 0
-#define CONFIG_MSS2_DECODER 0
-#define CONFIG_MSVIDEO1_DECODER 0
-#define CONFIG_MSZH_DECODER 0
-#define CONFIG_MTS2_DECODER 0
-#define CONFIG_MVC1_DECODER 0
-#define CONFIG_MVC2_DECODER 0
-#define CONFIG_MXPEG_DECODER 0
-#define CONFIG_NUV_DECODER 0
-#define CONFIG_PAF_VIDEO_DECODER 0
-#define CONFIG_PAM_DECODER 0
-#define CONFIG_PBM_DECODER 0
-#define CONFIG_PCX_DECODER 0
-#define CONFIG_PGM_DECODER 0
-#define CONFIG_PGMYUV_DECODER 0
-#define CONFIG_PICTOR_DECODER 0
-#define CONFIG_PNG_DECODER 0
-#define CONFIG_PPM_DECODER 0
-#define CONFIG_PRORES_DECODER 0
-#define CONFIG_PRORES_LGPL_DECODER 0
-#define CONFIG_PTX_DECODER 0
-#define CONFIG_QDRAW_DECODER 0
-#define CONFIG_QPEG_DECODER 0
-#define CONFIG_QTRLE_DECODER 0
-#define CONFIG_R10K_DECODER 0
-#define CONFIG_R210_DECODER 0
-#define CONFIG_RAWVIDEO_DECODER 0
-#define CONFIG_RL2_DECODER 0
-#define CONFIG_ROQ_DECODER 0
-#define CONFIG_RPZA_DECODER 0
-#define CONFIG_RSCC_DECODER 0
-#define CONFIG_RV10_DECODER 0
-#define CONFIG_RV20_DECODER 0
-#define CONFIG_RV30_DECODER 0
-#define CONFIG_RV40_DECODER 0
-#define CONFIG_S302M_DECODER 0
-#define CONFIG_SANM_DECODER 0
-#define CONFIG_SCREENPRESSO_DECODER 0
-#define CONFIG_SDX2_DPCM_DECODER 0
-#define CONFIG_SGI_DECODER 0
-#define CONFIG_SGIRLE_DECODER 0
-#define CONFIG_SHEERVIDEO_DECODER 0
-#define CONFIG_SMACKER_DECODER 0
-#define CONFIG_SMC_DECODER 0
-#define CONFIG_SMVJPEG_DECODER 0
-#define CONFIG_SNOW_DECODER 0
-#define CONFIG_SP5X_DECODER 0
-#define CONFIG_SUNRAST_DECODER 0
-#define CONFIG_SVQ1_DECODER 0
-#define CONFIG_SVQ3_DECODER 0
-#define CONFIG_TARGA_DECODER 0
-#define CONFIG_TARGA_Y216_DECODER 0
-#define CONFIG_TDSC_DECODER 0
-#define CONFIG_THEORA_DECODER 0
-#define CONFIG_THP_DECODER 0
-#define CONFIG_TIERTEXSEQVIDEO_DECODER 0
-#define CONFIG_TIFF_DECODER 0
-#define CONFIG_TMV_DECODER 0
-#define CONFIG_TRUEMOTION1_DECODER 0
-#define CONFIG_TRUEMOTION2_DECODER 0
-#define CONFIG_TRUEMOTION2RT_DECODER 0
-#define CONFIG_TSCC_DECODER 0
-#define CONFIG_TSCC2_DECODER 0
-#define CONFIG_TXD_DECODER 0
-#define CONFIG_ULTI_DECODER 0
-#define CONFIG_UTVIDEO_DECODER 0
-#define CONFIG_V210_DECODER 0
-#define CONFIG_V210X_DECODER 0
-#define CONFIG_V308_DECODER 0
-#define CONFIG_V408_DECODER 0
-#define CONFIG_V410_DECODER 0
-#define CONFIG_VB_DECODER 0
-#define CONFIG_VBLE_DECODER 0
-#define CONFIG_VC1_DECODER 0
-#define CONFIG_VC1_CRYSTALHD_DECODER 0
-#define CONFIG_VC1_VDPAU_DECODER 0
-#define CONFIG_VC1IMAGE_DECODER 0
-#define CONFIG_VC1_MMAL_DECODER 0
-#define CONFIG_VC1_QSV_DECODER 0
-#define CONFIG_VCR1_DECODER 0
-#define CONFIG_VMDVIDEO_DECODER 0
-#define CONFIG_VMNC_DECODER 0
-#define CONFIG_VP3_DECODER 0
-#define CONFIG_VP5_DECODER 0
-#define CONFIG_VP6_DECODER 0
-#define CONFIG_VP6A_DECODER 0
-#define CONFIG_VP6F_DECODER 0
-#define CONFIG_VP7_DECODER 0
+#define CONFIG_NULL_BSF 1
 #define CONFIG_VP8_DECODER 1
 #define CONFIG_VP9_DECODER 1
-#define CONFIG_VQA_DECODER 0
-#define CONFIG_WEBP_DECODER 0
-#define CONFIG_WMV1_DECODER 0
-#define CONFIG_WMV2_DECODER 0
-#define CONFIG_WMV3_DECODER 0
-#define CONFIG_WMV3_CRYSTALHD_DECODER 0
-#define CONFIG_WMV3_VDPAU_DECODER 0
-#define CONFIG_WMV3IMAGE_DECODER 0
-#define CONFIG_WNV1_DECODER 0
-#define CONFIG_XAN_WC3_DECODER 0
-#define CONFIG_XAN_WC4_DECODER 0
-#define CONFIG_XBM_DECODER 0
-#define CONFIG_XFACE_DECODER 0
-#define CONFIG_XL_DECODER 0
-#define CONFIG_XWD_DECODER 0
-#define CONFIG_Y41P_DECODER 0
-#define CONFIG_YLC_DECODER 0
-#define CONFIG_YOP_DECODER 0
-#define CONFIG_YUV4_DECODER 0
-#define CONFIG_ZERO12V_DECODER 0
-#define CONFIG_ZEROCODEC_DECODER 0
-#define CONFIG_ZLIB_DECODER 0
-#define CONFIG_ZMBV_DECODER 0
-#define CONFIG_AAC_DECODER 0
-#define CONFIG_AAC_FIXED_DECODER 0
-#define CONFIG_AAC_LATM_DECODER 0
-#define CONFIG_AC3_DECODER 0
-#define CONFIG_AC3_FIXED_DECODER 0
-#define CONFIG_ALAC_DECODER 0
-#define CONFIG_ALS_DECODER 0
-#define CONFIG_AMRNB_DECODER 0
-#define CONFIG_AMRWB_DECODER 0
-#define CONFIG_APE_DECODER 0
-#define CONFIG_ATRAC1_DECODER 0
-#define CONFIG_ATRAC3_DECODER 0
-#define CONFIG_ATRAC3P_DECODER 0
-#define CONFIG_BINKAUDIO_DCT_DECODER 0
-#define CONFIG_BINKAUDIO_RDFT_DECODER 0
-#define CONFIG_BMV_AUDIO_DECODER 0
-#define CONFIG_COOK_DECODER 0
-#define CONFIG_DCA_DECODER 0
-#define CONFIG_DSD_LSBF_DECODER 0
-#define CONFIG_DSD_MSBF_DECODER 0
-#define CONFIG_DSD_LSBF_PLANAR_DECODER 0
-#define CONFIG_DSD_MSBF_PLANAR_DECODER 0
-#define CONFIG_DSICINAUDIO_DECODER 0
-#define CONFIG_DSS_SP_DECODER 0
-#define CONFIG_DST_DECODER 0
-#define CONFIG_EAC3_DECODER 0
-#define CONFIG_EVRC_DECODER 0
-#define CONFIG_FFWAVESYNTH_DECODER 0
 #define CONFIG_FLAC_DECODER 1
-#define CONFIG_G723_1_DECODER 0
-#define CONFIG_G729_DECODER 0
-#define CONFIG_GSM_DECODER 0
-#define CONFIG_GSM_MS_DECODER 0
-#define CONFIG_IAC_DECODER 0
-#define CONFIG_IMC_DECODER 0
-#define CONFIG_INTERPLAY_ACM_DECODER 0
-#define CONFIG_MACE3_DECODER 0
-#define CONFIG_MACE6_DECODER 0
-#define CONFIG_METASOUND_DECODER 0
-#define CONFIG_MLP_DECODER 0
-#define CONFIG_MP1_DECODER 0
-#define CONFIG_MP1FLOAT_DECODER 0
-#define CONFIG_MP2_DECODER 0
-#define CONFIG_MP2FLOAT_DECODER 0
-#define CONFIG_MP3_DECODER 0
-#define CONFIG_MP3FLOAT_DECODER 0
-#define CONFIG_MP3ADU_DECODER 0
-#define CONFIG_MP3ADUFLOAT_DECODER 0
-#define CONFIG_MP3ON4_DECODER 0
-#define CONFIG_MP3ON4FLOAT_DECODER 0
-#define CONFIG_MPC7_DECODER 0
-#define CONFIG_MPC8_DECODER 0
-#define CONFIG_NELLYMOSER_DECODER 0
-#define CONFIG_ON2AVC_DECODER 0
-#define CONFIG_OPUS_DECODER 0
-#define CONFIG_PAF_AUDIO_DECODER 0
-#define CONFIG_QCELP_DECODER 0
-#define CONFIG_QDM2_DECODER 0
-#define CONFIG_RA_144_DECODER 0
-#define CONFIG_RA_288_DECODER 0
-#define CONFIG_RALF_DECODER 0
-#define CONFIG_SHORTEN_DECODER 0
-#define CONFIG_SIPR_DECODER 0
-#define CONFIG_SMACKAUD_DECODER 0
-#define CONFIG_SONIC_DECODER 0
-#define CONFIG_TAK_DECODER 0
-#define CONFIG_TRUEHD_DECODER 0
-#define CONFIG_TRUESPEECH_DECODER 0
-#define CONFIG_TTA_DECODER 0
-#define CONFIG_TWINVQ_DECODER 0
-#define CONFIG_VMDAUDIO_DECODER 0
-#define CONFIG_VORBIS_DECODER 0
-#define CONFIG_WAVPACK_DECODER 0
-#define CONFIG_WMALOSSLESS_DECODER 0
-#define CONFIG_WMAPRO_DECODER 0
-#define CONFIG_WMAV1_DECODER 0
-#define CONFIG_WMAV2_DECODER 0
-#define CONFIG_WMAVOICE_DECODER 0
-#define CONFIG_WS_SND1_DECODER 0
-#define CONFIG_XMA1_DECODER 0
-#define CONFIG_XMA2_DECODER 0
-#define CONFIG_PCM_ALAW_DECODER 0
-#define CONFIG_PCM_BLURAY_DECODER 0
-#define CONFIG_PCM_DVD_DECODER 0
-#define CONFIG_PCM_F32BE_DECODER 0
-#define CONFIG_PCM_F32LE_DECODER 0
-#define CONFIG_PCM_F64BE_DECODER 0
-#define CONFIG_PCM_F64LE_DECODER 0
-#define CONFIG_PCM_LXF_DECODER 0
-#define CONFIG_PCM_MULAW_DECODER 0
-#define CONFIG_PCM_S8_DECODER 0
-#define CONFIG_PCM_S8_PLANAR_DECODER 0
-#define CONFIG_PCM_S16BE_DECODER 0
-#define CONFIG_PCM_S16BE_PLANAR_DECODER 0
-#define CONFIG_PCM_S16LE_DECODER 0
-#define CONFIG_PCM_S16LE_PLANAR_DECODER 0
-#define CONFIG_PCM_S24BE_DECODER 0
-#define CONFIG_PCM_S24DAUD_DECODER 0
-#define CONFIG_PCM_S24LE_DECODER 0
-#define CONFIG_PCM_S24LE_PLANAR_DECODER 0
-#define CONFIG_PCM_S32BE_DECODER 0
-#define CONFIG_PCM_S32LE_DECODER 0
-#define CONFIG_PCM_S32LE_PLANAR_DECODER 0
-#define CONFIG_PCM_S64BE_DECODER 0
-#define CONFIG_PCM_S64LE_DECODER 0
-#define CONFIG_PCM_U8_DECODER 0
-#define CONFIG_PCM_U16BE_DECODER 0
-#define CONFIG_PCM_U16LE_DECODER 0
-#define CONFIG_PCM_U24BE_DECODER 0
-#define CONFIG_PCM_U24LE_DECODER 0
-#define CONFIG_PCM_U32BE_DECODER 0
-#define CONFIG_PCM_U32LE_DECODER 0
-#define CONFIG_PCM_ZORK_DECODER 0
-#define CONFIG_INTERPLAY_DPCM_DECODER 0
-#define CONFIG_ROQ_DPCM_DECODER 0
-#define CONFIG_SOL_DPCM_DECODER 0
-#define CONFIG_XAN_DPCM_DECODER 0
-#define CONFIG_ADPCM_4XM_DECODER 0
-#define CONFIG_ADPCM_ADX_DECODER 0
-#define CONFIG_ADPCM_AFC_DECODER 0
-#define CONFIG_ADPCM_AICA_DECODER 0
-#define CONFIG_ADPCM_CT_DECODER 0
-#define CONFIG_ADPCM_DTK_DECODER 0
-#define CONFIG_ADPCM_EA_DECODER 0
-#define CONFIG_ADPCM_EA_MAXIS_XA_DECODER 0
-#define CONFIG_ADPCM_EA_R1_DECODER 0
-#define CONFIG_ADPCM_EA_R2_DECODER 0
-#define CONFIG_ADPCM_EA_R3_DECODER 0
-#define CONFIG_ADPCM_EA_XAS_DECODER 0
-#define CONFIG_ADPCM_G722_DECODER 0
-#define CONFIG_ADPCM_G726_DECODER 0
-#define CONFIG_ADPCM_G726LE_DECODER 0
-#define CONFIG_ADPCM_IMA_AMV_DECODER 0
-#define CONFIG_ADPCM_IMA_APC_DECODER 0
-#define CONFIG_ADPCM_IMA_DAT4_DECODER 0
-#define CONFIG_ADPCM_IMA_DK3_DECODER 0
-#define CONFIG_ADPCM_IMA_DK4_DECODER 0
-#define CONFIG_ADPCM_IMA_EA_EACS_DECODER 0
-#define CONFIG_ADPCM_IMA_EA_SEAD_DECODER 0
-#define CONFIG_ADPCM_IMA_ISS_DECODER 0
-#define CONFIG_ADPCM_IMA_OKI_DECODER 0
-#define CONFIG_ADPCM_IMA_QT_DECODER 0
-#define CONFIG_ADPCM_IMA_RAD_DECODER 0
-#define CONFIG_ADPCM_IMA_SMJPEG_DECODER 0
-#define CONFIG_ADPCM_IMA_WAV_DECODER 0
-#define CONFIG_ADPCM_IMA_WS_DECODER 0
-#define CONFIG_ADPCM_MS_DECODER 0
-#define CONFIG_ADPCM_MTAF_DECODER 0
-#define CONFIG_ADPCM_PSX_DECODER 0
-#define CONFIG_ADPCM_SBPRO_2_DECODER 0
-#define CONFIG_ADPCM_SBPRO_3_DECODER 0
-#define CONFIG_ADPCM_SBPRO_4_DECODER 0
-#define CONFIG_ADPCM_SWF_DECODER 0
-#define CONFIG_ADPCM_THP_DECODER 0
-#define CONFIG_ADPCM_THP_LE_DECODER 0
-#define CONFIG_ADPCM_VIMA_DECODER 0
-#define CONFIG_ADPCM_XA_DECODER 0
-#define CONFIG_ADPCM_YAMAHA_DECODER 0
-#define CONFIG_SSA_DECODER 0
-#define CONFIG_ASS_DECODER 0
-#define CONFIG_CCAPTION_DECODER 0
-#define CONFIG_DVBSUB_DECODER 0
-#define CONFIG_DVDSUB_DECODER 0
-#define CONFIG_JACOSUB_DECODER 0
-#define CONFIG_MICRODVD_DECODER 0
-#define CONFIG_MOVTEXT_DECODER 0
-#define CONFIG_MPL2_DECODER 0
-#define CONFIG_PGSSUB_DECODER 0
-#define CONFIG_PJS_DECODER 0
-#define CONFIG_REALTEXT_DECODER 0
-#define CONFIG_SAMI_DECODER 0
-#define CONFIG_SRT_DECODER 0
-#define CONFIG_STL_DECODER 0
-#define CONFIG_SUBRIP_DECODER 0
-#define CONFIG_SUBVIEWER_DECODER 0
-#define CONFIG_SUBVIEWER1_DECODER 0
-#define CONFIG_TEXT_DECODER 0
-#define CONFIG_VPLAYER_DECODER 0
-#define CONFIG_WEBVTT_DECODER 0
-#define CONFIG_XSUB_DECODER 0
-#define CONFIG_AAC_AT_DECODER 0
-#define CONFIG_AC3_AT_DECODER 0
-#define CONFIG_ADPCM_IMA_QT_AT_DECODER 0
-#define CONFIG_ALAC_AT_DECODER 0
-#define CONFIG_AMR_NB_AT_DECODER 0
-#define CONFIG_EAC3_AT_DECODER 0
-#define CONFIG_GSM_MS_AT_DECODER 0
-#define CONFIG_ILBC_AT_DECODER 0
-#define CONFIG_MP1_AT_DECODER 0
-#define CONFIG_MP2_AT_DECODER 0
-#define CONFIG_MP3_AT_DECODER 0
-#define CONFIG_PCM_ALAW_AT_DECODER 0
-#define CONFIG_PCM_MULAW_AT_DECODER 0
-#define CONFIG_QDMC_AT_DECODER 0
-#define CONFIG_QDM2_AT_DECODER 0
-#define CONFIG_LIBCELT_DECODER 0
-#define CONFIG_LIBFDK_AAC_DECODER 0
-#define CONFIG_LIBGSM_DECODER 0
-#define CONFIG_LIBGSM_MS_DECODER 0
-#define CONFIG_LIBILBC_DECODER 0
-#define CONFIG_LIBOPENCORE_AMRNB_DECODER 0
-#define CONFIG_LIBOPENCORE_AMRWB_DECODER 0
-#define CONFIG_LIBOPENJPEG_DECODER 0
-#define CONFIG_LIBOPUS_DECODER 0
-#define CONFIG_LIBSCHROEDINGER_DECODER 0
-#define CONFIG_LIBSPEEX_DECODER 0
-#define CONFIG_LIBVORBIS_DECODER 0
-#define CONFIG_LIBVPX_VP8_DECODER 0
-#define CONFIG_LIBVPX_VP9_DECODER 0
-#define CONFIG_LIBZVBI_TELETEXT_DECODER 0
-#define CONFIG_BINTEXT_DECODER 0
-#define CONFIG_XBIN_DECODER 0
-#define CONFIG_IDF_DECODER 0
-#define CONFIG_LIBOPENH264_DECODER 0
-#define CONFIG_H263_CUVID_DECODER 0
-#define CONFIG_H264_CUVID_DECODER 0
-#define CONFIG_HEVC_CUVID_DECODER 0
-#define CONFIG_HEVC_MEDIACODEC_DECODER 0
-#define CONFIG_MJPEG_CUVID_DECODER 0
-#define CONFIG_MPEG1_CUVID_DECODER 0
-#define CONFIG_MPEG2_CUVID_DECODER 0
-#define CONFIG_MPEG4_CUVID_DECODER 0
-#define CONFIG_MPEG4_MEDIACODEC_DECODER 0
-#define CONFIG_VC1_CUVID_DECODER 0
-#define CONFIG_VP8_CUVID_DECODER 0
-#define CONFIG_VP8_MEDIACODEC_DECODER 0
-#define CONFIG_VP9_CUVID_DECODER 0
-#define CONFIG_VP9_MEDIACODEC_DECODER 0
-#define CONFIG_AA_DEMUXER 0
-#define CONFIG_AAC_DEMUXER 0
-#define CONFIG_AC3_DEMUXER 0
-#define CONFIG_ACM_DEMUXER 0
-#define CONFIG_ACT_DEMUXER 0
-#define CONFIG_ADF_DEMUXER 0
-#define CONFIG_ADP_DEMUXER 0
-#define CONFIG_ADS_DEMUXER 0
-#define CONFIG_ADX_DEMUXER 0
-#define CONFIG_AEA_DEMUXER 0
-#define CONFIG_AFC_DEMUXER 0
-#define CONFIG_AIFF_DEMUXER 0
-#define CONFIG_AIX_DEMUXER 0
-#define CONFIG_AMR_DEMUXER 0
-#define CONFIG_ANM_DEMUXER 0
-#define CONFIG_APC_DEMUXER 0
-#define CONFIG_APE_DEMUXER 0
-#define CONFIG_APNG_DEMUXER 0
-#define CONFIG_AQTITLE_DEMUXER 0
-#define CONFIG_ASF_DEMUXER 0
-#define CONFIG_ASF_O_DEMUXER 0
-#define CONFIG_ASS_DEMUXER 0
-#define CONFIG_AST_DEMUXER 0
-#define CONFIG_AU_DEMUXER 0
-#define CONFIG_AVI_DEMUXER 0
-#define CONFIG_AVISYNTH_DEMUXER 0
-#define CONFIG_AVR_DEMUXER 0
-#define CONFIG_AVS_DEMUXER 0
-#define CONFIG_BETHSOFTVID_DEMUXER 0
-#define CONFIG_BFI_DEMUXER 0
-#define CONFIG_BINTEXT_DEMUXER 0
-#define CONFIG_BINK_DEMUXER 0
-#define CONFIG_BIT_DEMUXER 0
-#define CONFIG_BMV_DEMUXER 0
-#define CONFIG_BFSTM_DEMUXER 0
-#define CONFIG_BRSTM_DEMUXER 0
-#define CONFIG_BOA_DEMUXER 0
-#define CONFIG_C93_DEMUXER 0
-#define CONFIG_CAF_DEMUXER 0
-#define CONFIG_CAVSVIDEO_DEMUXER 0
-#define CONFIG_CDG_DEMUXER 0
-#define CONFIG_CDXL_DEMUXER 0
-#define CONFIG_CINE_DEMUXER 0
-#define CONFIG_CONCAT_DEMUXER 0
-#define CONFIG_DATA_DEMUXER 0
-#define CONFIG_DAUD_DEMUXER 0
-#define CONFIG_DCSTR_DEMUXER 0
-#define CONFIG_DFA_DEMUXER 0
-#define CONFIG_DIRAC_DEMUXER 0
-#define CONFIG_DNXHD_DEMUXER 0
-#define CONFIG_DSF_DEMUXER 0
-#define CONFIG_DSICIN_DEMUXER 0
-#define CONFIG_DSS_DEMUXER 0
-#define CONFIG_DTS_DEMUXER 0
-#define CONFIG_DTSHD_DEMUXER 0
-#define CONFIG_DV_DEMUXER 0
-#define CONFIG_DVBSUB_DEMUXER 0
-#define CONFIG_DVBTXT_DEMUXER 0
-#define CONFIG_DXA_DEMUXER 0
-#define CONFIG_EA_DEMUXER 0
-#define CONFIG_EA_CDATA_DEMUXER 0
-#define CONFIG_EAC3_DEMUXER 0
-#define CONFIG_EPAF_DEMUXER 0
-#define CONFIG_FFM_DEMUXER 0
-#define CONFIG_FFMETADATA_DEMUXER 0
-#define CONFIG_FILMSTRIP_DEMUXER 0
-#define CONFIG_FLAC_DEMUXER 0
-#define CONFIG_FLIC_DEMUXER 0
-#define CONFIG_FLV_DEMUXER 0
-#define CONFIG_LIVE_FLV_DEMUXER 0
-#define CONFIG_FOURXM_DEMUXER 0
-#define CONFIG_FRM_DEMUXER 0
-#define CONFIG_FSB_DEMUXER 0
-#define CONFIG_G722_DEMUXER 0
-#define CONFIG_G723_1_DEMUXER 0
-#define CONFIG_G729_DEMUXER 0
-#define CONFIG_GENH_DEMUXER 0
-#define CONFIG_GIF_DEMUXER 0
-#define CONFIG_GSM_DEMUXER 0
-#define CONFIG_GXF_DEMUXER 0
-#define CONFIG_H261_DEMUXER 0
-#define CONFIG_H263_DEMUXER 0
-#define CONFIG_H264_DEMUXER 0
-#define CONFIG_HEVC_DEMUXER 0
-#define CONFIG_HLS_DEMUXER 0
-#define CONFIG_HNM_DEMUXER 0
-#define CONFIG_ICO_DEMUXER 0
-#define CONFIG_IDCIN_DEMUXER 0
-#define CONFIG_IDF_DEMUXER 0
-#define CONFIG_IFF_DEMUXER 0
-#define CONFIG_ILBC_DEMUXER 0
-#define CONFIG_IMAGE2_DEMUXER 0
-#define CONFIG_IMAGE2PIPE_DEMUXER 0
-#define CONFIG_IMAGE2_ALIAS_PIX_DEMUXER 0
-#define CONFIG_IMAGE2_BRENDER_PIX_DEMUXER 0
-#define CONFIG_INGENIENT_DEMUXER 0
-#define CONFIG_IPMOVIE_DEMUXER 0
-#define CONFIG_IRCAM_DEMUXER 0
-#define CONFIG_ISS_DEMUXER 0
-#define CONFIG_IV8_DEMUXER 0
-#define CONFIG_IVF_DEMUXER 0
-#define CONFIG_IVR_DEMUXER 0
-#define CONFIG_JACOSUB_DEMUXER 0
-#define CONFIG_JV_DEMUXER 0
-#define CONFIG_LMLM4_DEMUXER 0
-#define CONFIG_LOAS_DEMUXER 0
-#define CONFIG_LRC_DEMUXER 0
-#define CONFIG_LVF_DEMUXER 0
-#define CONFIG_LXF_DEMUXER 0
-#define CONFIG_M4V_DEMUXER 0
-#define CONFIG_MATROSKA_DEMUXER 0
-#define CONFIG_MGSTS_DEMUXER 0
-#define CONFIG_MICRODVD_DEMUXER 0
-#define CONFIG_MJPEG_DEMUXER 0
-#define CONFIG_MLP_DEMUXER 0
-#define CONFIG_MLV_DEMUXER 0
-#define CONFIG_MM_DEMUXER 0
-#define CONFIG_MMF_DEMUXER 0
-#define CONFIG_MOV_DEMUXER 0
-#define CONFIG_MP3_DEMUXER 0
-#define CONFIG_MPC_DEMUXER 0
-#define CONFIG_MPC8_DEMUXER 0
-#define CONFIG_MPEGPS_DEMUXER 0
-#define CONFIG_MPEGTS_DEMUXER 0
-#define CONFIG_MPEGTSRAW_DEMUXER 0
-#define CONFIG_MPEGVIDEO_DEMUXER 0
-#define CONFIG_MPJPEG_DEMUXER 0
-#define CONFIG_MPL2_DEMUXER 0
-#define CONFIG_MPSUB_DEMUXER 0
-#define CONFIG_MSF_DEMUXER 0
-#define CONFIG_MSNWC_TCP_DEMUXER 0
-#define CONFIG_MTAF_DEMUXER 0
-#define CONFIG_MTV_DEMUXER 0
-#define CONFIG_MUSX_DEMUXER 0
-#define CONFIG_MV_DEMUXER 0
-#define CONFIG_MVI_DEMUXER 0
-#define CONFIG_MXF_DEMUXER 0
-#define CONFIG_MXG_DEMUXER 0
-#define CONFIG_NC_DEMUXER 0
-#define CONFIG_NISTSPHERE_DEMUXER 0
-#define CONFIG_NSV_DEMUXER 0
-#define CONFIG_NUT_DEMUXER 0
-#define CONFIG_NUV_DEMUXER 0
-#define CONFIG_OGG_DEMUXER 0
-#define CONFIG_OMA_DEMUXER 0
-#define CONFIG_PAF_DEMUXER 0
-#define CONFIG_PCM_ALAW_DEMUXER 0
-#define CONFIG_PCM_MULAW_DEMUXER 0
-#define CONFIG_PCM_F64BE_DEMUXER 0
-#define CONFIG_PCM_F64LE_DEMUXER 0
-#define CONFIG_PCM_F32BE_DEMUXER 0
-#define CONFIG_PCM_F32LE_DEMUXER 0
-#define CONFIG_PCM_S32BE_DEMUXER 0
-#define CONFIG_PCM_S32LE_DEMUXER 0
-#define CONFIG_PCM_S24BE_DEMUXER 0
-#define CONFIG_PCM_S24LE_DEMUXER 0
-#define CONFIG_PCM_S16BE_DEMUXER 0
-#define CONFIG_PCM_S16LE_DEMUXER 0
-#define CONFIG_PCM_S8_DEMUXER 0
-#define CONFIG_PCM_U32BE_DEMUXER 0
-#define CONFIG_PCM_U32LE_DEMUXER 0
-#define CONFIG_PCM_U24BE_DEMUXER 0
-#define CONFIG_PCM_U24LE_DEMUXER 0
-#define CONFIG_PCM_U16BE_DEMUXER 0
-#define CONFIG_PCM_U16LE_DEMUXER 0
-#define CONFIG_PCM_U8_DEMUXER 0
-#define CONFIG_PJS_DEMUXER 0
-#define CONFIG_PMP_DEMUXER 0
-#define CONFIG_PVA_DEMUXER 0
-#define CONFIG_PVF_DEMUXER 0
-#define CONFIG_QCP_DEMUXER 0
-#define CONFIG_R3D_DEMUXER 0
-#define CONFIG_RAWVIDEO_DEMUXER 0
-#define CONFIG_REALTEXT_DEMUXER 0
-#define CONFIG_REDSPARK_DEMUXER 0
-#define CONFIG_RL2_DEMUXER 0
-#define CONFIG_RM_DEMUXER 0
-#define CONFIG_ROQ_DEMUXER 0
-#define CONFIG_RPL_DEMUXER 0
-#define CONFIG_RSD_DEMUXER 0
-#define CONFIG_RSO_DEMUXER 0
-#define CONFIG_RTP_DEMUXER 0
-#define CONFIG_RTSP_DEMUXER 0
-#define CONFIG_SAMI_DEMUXER 0
-#define CONFIG_SAP_DEMUXER 0
-#define CONFIG_SBG_DEMUXER 0
-#define CONFIG_SDP_DEMUXER 0
-#define CONFIG_SDR2_DEMUXER 0
-#define CONFIG_SEGAFILM_DEMUXER 0
-#define CONFIG_SHORTEN_DEMUXER 0
-#define CONFIG_SIFF_DEMUXER 0
-#define CONFIG_SLN_DEMUXER 0
-#define CONFIG_SMACKER_DEMUXER 0
-#define CONFIG_SMJPEG_DEMUXER 0
-#define CONFIG_SMUSH_DEMUXER 0
-#define CONFIG_SOL_DEMUXER 0
-#define CONFIG_SOX_DEMUXER 0
-#define CONFIG_SPDIF_DEMUXER 0
-#define CONFIG_SRT_DEMUXER 0
-#define CONFIG_STR_DEMUXER 0
-#define CONFIG_STL_DEMUXER 0
-#define CONFIG_SUBVIEWER1_DEMUXER 0
-#define CONFIG_SUBVIEWER_DEMUXER 0
-#define CONFIG_SUP_DEMUXER 0
-#define CONFIG_SVAG_DEMUXER 0
-#define CONFIG_SWF_DEMUXER 0
-#define CONFIG_TAK_DEMUXER 0
-#define CONFIG_TEDCAPTIONS_DEMUXER 0
-#define CONFIG_THP_DEMUXER 0
-#define CONFIG_THREEDOSTR_DEMUXER 0
-#define CONFIG_TIERTEXSEQ_DEMUXER 0
-#define CONFIG_TMV_DEMUXER 0
-#define CONFIG_TRUEHD_DEMUXER 0
-#define CONFIG_TTA_DEMUXER 0
-#define CONFIG_TXD_DEMUXER 0
-#define CONFIG_TTY_DEMUXER 0
-#define CONFIG_V210_DEMUXER 0
-#define CONFIG_V210X_DEMUXER 0
-#define CONFIG_VAG_DEMUXER 0
-#define CONFIG_VC1_DEMUXER 0
-#define CONFIG_VC1T_DEMUXER 0
-#define CONFIG_VIVO_DEMUXER 0
-#define CONFIG_VMD_DEMUXER 0
-#define CONFIG_VOBSUB_DEMUXER 0
-#define CONFIG_VOC_DEMUXER 0
-#define CONFIG_VPK_DEMUXER 0
-#define CONFIG_VPLAYER_DEMUXER 0
-#define CONFIG_VQF_DEMUXER 0
-#define CONFIG_W64_DEMUXER 0
-#define CONFIG_WAV_DEMUXER 0
-#define CONFIG_WC3_DEMUXER 0
-#define CONFIG_WEBM_DASH_MANIFEST_DEMUXER 0
-#define CONFIG_WEBVTT_DEMUXER 0
-#define CONFIG_WSAUD_DEMUXER 0
-#define CONFIG_WSD_DEMUXER 0
-#define CONFIG_WSVQA_DEMUXER 0
-#define CONFIG_WTV_DEMUXER 0
-#define CONFIG_WVE_DEMUXER 0
-#define CONFIG_WV_DEMUXER 0
-#define CONFIG_XA_DEMUXER 0
-#define CONFIG_XBIN_DEMUXER 0
-#define CONFIG_XMV_DEMUXER 0
-#define CONFIG_XVAG_DEMUXER 0
-#define CONFIG_XWMA_DEMUXER 0
-#define CONFIG_YOP_DEMUXER 0
-#define CONFIG_YUV4MPEGPIPE_DEMUXER 0
-#define CONFIG_IMAGE_BMP_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_DDS_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_DPX_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_EXR_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_J2K_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_JPEG_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_JPEGLS_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_PAM_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_PBM_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_PCX_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_PGMYUV_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_PGM_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_PICTOR_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_PNG_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_PPM_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_QDRAW_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_SGI_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_SUNRAST_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_TIFF_PIPE_DEMUXER 0
-#define CONFIG_IMAGE_WEBP_PIPE_DEMUXER 0
-#define CONFIG_LIBGME_DEMUXER 0
-#define CONFIG_LIBMODPLUG_DEMUXER 0
-#define CONFIG_LIBNUT_DEMUXER 0
-#define CONFIG_LIBOPENMPT_DEMUXER 0
-#define CONFIG_A64MULTI_ENCODER 0
-#define CONFIG_A64MULTI5_ENCODER 0
-#define CONFIG_ALIAS_PIX_ENCODER 0
-#define CONFIG_AMV_ENCODER 0
-#define CONFIG_APNG_ENCODER 0
-#define CONFIG_ASV1_ENCODER 0
-#define CONFIG_ASV2_ENCODER 0
-#define CONFIG_AVRP_ENCODER 0
-#define CONFIG_AVUI_ENCODER 0
-#define CONFIG_AYUV_ENCODER 0
-#define CONFIG_BMP_ENCODER 0
-#define CONFIG_CINEPAK_ENCODER 0
-#define CONFIG_CLJR_ENCODER 0
-#define CONFIG_COMFORTNOISE_ENCODER 0
-#define CONFIG_DNXHD_ENCODER 0
-#define CONFIG_DPX_ENCODER 0
-#define CONFIG_DVVIDEO_ENCODER 0
-#define CONFIG_FFV1_ENCODER 0
-#define CONFIG_FFVHUFF_ENCODER 0
-#define CONFIG_FLASHSV_ENCODER 0
-#define CONFIG_FLASHSV2_ENCODER 0
-#define CONFIG_FLV_ENCODER 0
-#define CONFIG_GIF_ENCODER 0
-#define CONFIG_H261_ENCODER 0
-#define CONFIG_H263_ENCODER 0
-#define CONFIG_H263P_ENCODER 0
-#define CONFIG_HAP_ENCODER 0
-#define CONFIG_HUFFYUV_ENCODER 0
-#define CONFIG_JPEG2000_ENCODER 0
-#define CONFIG_JPEGLS_ENCODER 0
-#define CONFIG_LJPEG_ENCODER 0
-#define CONFIG_MJPEG_ENCODER 0
-#define CONFIG_MPEG1VIDEO_ENCODER 0
-#define CONFIG_MPEG2VIDEO_ENCODER 0
-#define CONFIG_MPEG4_ENCODER 0
-#define CONFIG_MSMPEG4V2_ENCODER 0
-#define CONFIG_MSMPEG4V3_ENCODER 0
-#define CONFIG_MSVIDEO1_ENCODER 0
-#define CONFIG_PAM_ENCODER 0
-#define CONFIG_PBM_ENCODER 0
-#define CONFIG_PCX_ENCODER 0
-#define CONFIG_PGM_ENCODER 0
-#define CONFIG_PGMYUV_ENCODER 0
-#define CONFIG_PNG_ENCODER 0
-#define CONFIG_PPM_ENCODER 0
-#define CONFIG_PRORES_ENCODER 0
-#define CONFIG_PRORES_AW_ENCODER 0
-#define CONFIG_PRORES_KS_ENCODER 0
-#define CONFIG_QTRLE_ENCODER 0
-#define CONFIG_R10K_ENCODER 0
-#define CONFIG_R210_ENCODER 0
-#define CONFIG_RAWVIDEO_ENCODER 0
-#define CONFIG_ROQ_ENCODER 0
-#define CONFIG_RV10_ENCODER 0
-#define CONFIG_RV20_ENCODER 0
-#define CONFIG_S302M_ENCODER 0
-#define CONFIG_SGI_ENCODER 0
-#define CONFIG_SNOW_ENCODER 0
-#define CONFIG_SUNRAST_ENCODER 0
-#define CONFIG_SVQ1_ENCODER 0
-#define CONFIG_TARGA_ENCODER 0
-#define CONFIG_TIFF_ENCODER 0
-#define CONFIG_UTVIDEO_ENCODER 0
-#define CONFIG_V210_ENCODER 0
-#define CONFIG_V308_ENCODER 0
-#define CONFIG_V408_ENCODER 0
-#define CONFIG_V410_ENCODER 0
-#define CONFIG_VC2_ENCODER 0
-#define CONFIG_WRAPPED_AVFRAME_ENCODER 0
-#define CONFIG_WMV1_ENCODER 0
-#define CONFIG_WMV2_ENCODER 0
-#define CONFIG_XBM_ENCODER 0
-#define CONFIG_XFACE_ENCODER 0
-#define CONFIG_XWD_ENCODER 0
-#define CONFIG_Y41P_ENCODER 0
-#define CONFIG_YUV4_ENCODER 0
-#define CONFIG_ZLIB_ENCODER 0
-#define CONFIG_ZMBV_ENCODER 0
-#define CONFIG_AAC_ENCODER 0
-#define CONFIG_AC3_ENCODER 0
-#define CONFIG_AC3_FIXED_ENCODER 0
-#define CONFIG_ALAC_ENCODER 0
-#define CONFIG_DCA_ENCODER 0
-#define CONFIG_EAC3_ENCODER 0
-#define CONFIG_FLAC_ENCODER 0
-#define CONFIG_G723_1_ENCODER 0
-#define CONFIG_MLP_ENCODER 0
-#define CONFIG_MP2_ENCODER 0
-#define CONFIG_MP2FIXED_ENCODER 0
-#define CONFIG_NELLYMOSER_ENCODER 0
-#define CONFIG_RA_144_ENCODER 0
-#define CONFIG_SONIC_ENCODER 0
-#define CONFIG_SONIC_LS_ENCODER 0
-#define CONFIG_TRUEHD_ENCODER 0
-#define CONFIG_TTA_ENCODER 0
-#define CONFIG_VORBIS_ENCODER 0
-#define CONFIG_WAVPACK_ENCODER 0
-#define CONFIG_WMAV1_ENCODER 0
-#define CONFIG_WMAV2_ENCODER 0
-#define CONFIG_PCM_ALAW_ENCODER 0
-#define CONFIG_PCM_F32BE_ENCODER 0
-#define CONFIG_PCM_F32LE_ENCODER 0
-#define CONFIG_PCM_F64BE_ENCODER 0
-#define CONFIG_PCM_F64LE_ENCODER 0
-#define CONFIG_PCM_MULAW_ENCODER 0
-#define CONFIG_PCM_S8_ENCODER 0
-#define CONFIG_PCM_S8_PLANAR_ENCODER 0
-#define CONFIG_PCM_S16BE_ENCODER 0
-#define CONFIG_PCM_S16BE_PLANAR_ENCODER 0
-#define CONFIG_PCM_S16LE_ENCODER 0
-#define CONFIG_PCM_S16LE_PLANAR_ENCODER 0
-#define CONFIG_PCM_S24BE_ENCODER 0
-#define CONFIG_PCM_S24DAUD_ENCODER 0
-#define CONFIG_PCM_S24LE_ENCODER 0
-#define CONFIG_PCM_S24LE_PLANAR_ENCODER 0
-#define CONFIG_PCM_S32BE_ENCODER 0
-#define CONFIG_PCM_S32LE_ENCODER 0
-#define CONFIG_PCM_S32LE_PLANAR_ENCODER 0
-#define CONFIG_PCM_S64BE_ENCODER 0
-#define CONFIG_PCM_S64LE_ENCODER 0
-#define CONFIG_PCM_U8_ENCODER 0
-#define CONFIG_PCM_U16BE_ENCODER 0
-#define CONFIG_PCM_U16LE_ENCODER 0
-#define CONFIG_PCM_U24BE_ENCODER 0
-#define CONFIG_PCM_U24LE_ENCODER 0
-#define CONFIG_PCM_U32BE_ENCODER 0
-#define CONFIG_PCM_U32LE_ENCODER 0
-#define CONFIG_ROQ_DPCM_ENCODER 0
-#define CONFIG_ADPCM_ADX_ENCODER 0
-#define CONFIG_ADPCM_G722_ENCODER 0
-#define CONFIG_ADPCM_G726_ENCODER 0
-#define CONFIG_ADPCM_IMA_QT_ENCODER 0
-#define CONFIG_ADPCM_IMA_WAV_ENCODER 0
-#define CONFIG_ADPCM_MS_ENCODER 0
-#define CONFIG_ADPCM_SWF_ENCODER 0
-#define CONFIG_ADPCM_YAMAHA_ENCODER 0
-#define CONFIG_SSA_ENCODER 0
-#define CONFIG_ASS_ENCODER 0
-#define CONFIG_DVBSUB_ENCODER 0
-#define CONFIG_DVDSUB_ENCODER 0
-#define CONFIG_MOVTEXT_ENCODER 0
-#define CONFIG_SRT_ENCODER 0
-#define CONFIG_SUBRIP_ENCODER 0
-#define CONFIG_TEXT_ENCODER 0
-#define CONFIG_WEBVTT_ENCODER 0
-#define CONFIG_XSUB_ENCODER 0
-#define CONFIG_AAC_AT_ENCODER 0
-#define CONFIG_ALAC_AT_ENCODER 0
-#define CONFIG_ILBC_AT_ENCODER 0
-#define CONFIG_PCM_ALAW_AT_ENCODER 0
-#define CONFIG_PCM_MULAW_AT_ENCODER 0
-#define CONFIG_LIBFDK_AAC_ENCODER 0
-#define CONFIG_LIBGSM_ENCODER 0
-#define CONFIG_LIBGSM_MS_ENCODER 0
-#define CONFIG_LIBILBC_ENCODER 0
-#define CONFIG_LIBMP3LAME_ENCODER 0
-#define CONFIG_LIBOPENCORE_AMRNB_ENCODER 0
-#define CONFIG_LIBOPENJPEG_ENCODER 0
-#define CONFIG_LIBOPUS_ENCODER 0
-#define CONFIG_LIBSCHROEDINGER_ENCODER 0
-#define CONFIG_LIBSHINE_ENCODER 0
-#define CONFIG_LIBSPEEX_ENCODER 0
-#define CONFIG_LIBTHEORA_ENCODER 0
-#define CONFIG_LIBTWOLAME_ENCODER 0
-#define CONFIG_LIBVO_AMRWBENC_ENCODER 0
-#define CONFIG_LIBVORBIS_ENCODER 0
-#define CONFIG_LIBVPX_VP8_ENCODER 0
-#define CONFIG_LIBVPX_VP9_ENCODER 0
-#define CONFIG_LIBWAVPACK_ENCODER 0
-#define CONFIG_LIBWEBP_ANIM_ENCODER 0
-#define CONFIG_LIBWEBP_ENCODER 0
-#define CONFIG_LIBX262_ENCODER 0
-#define CONFIG_LIBX264_ENCODER 0
-#define CONFIG_LIBX264RGB_ENCODER 0
-#define CONFIG_LIBX265_ENCODER 0
-#define CONFIG_LIBXAVS_ENCODER 0
-#define CONFIG_LIBXVID_ENCODER 0
-#define CONFIG_LIBOPENH264_ENCODER 0
-#define CONFIG_H264_NVENC_ENCODER 0
-#define CONFIG_H264_OMX_ENCODER 0
-#define CONFIG_H264_QSV_ENCODER 0
-#define CONFIG_H264_VAAPI_ENCODER 0
-#define CONFIG_H264_VIDEOTOOLBOX_ENCODER 0
-#define CONFIG_NVENC_ENCODER 0
-#define CONFIG_NVENC_H264_ENCODER 0
-#define CONFIG_NVENC_HEVC_ENCODER 0
-#define CONFIG_HEVC_NVENC_ENCODER 0
-#define CONFIG_HEVC_QSV_ENCODER 0
-#define CONFIG_HEVC_VAAPI_ENCODER 0
-#define CONFIG_LIBKVAZAAR_ENCODER 0
-#define CONFIG_MJPEG_VAAPI_ENCODER 0
-#define CONFIG_MPEG2_QSV_ENCODER 0
-#define CONFIG_ABENCH_FILTER 0
-#define CONFIG_ACOMPRESSOR_FILTER 0
-#define CONFIG_ACROSSFADE_FILTER 0
-#define CONFIG_ACRUSHER_FILTER 0
-#define CONFIG_ADELAY_FILTER 0
-#define CONFIG_AECHO_FILTER 0
-#define CONFIG_AEMPHASIS_FILTER 0
-#define CONFIG_AEVAL_FILTER 0
-#define CONFIG_AFADE_FILTER 0
-#define CONFIG_AFFTFILT_FILTER 0
-#define CONFIG_AFORMAT_FILTER 0
-#define CONFIG_AGATE_FILTER 0
-#define CONFIG_AINTERLEAVE_FILTER 0
-#define CONFIG_ALIMITER_FILTER 0
-#define CONFIG_ALLPASS_FILTER 0
-#define CONFIG_ALOOP_FILTER 0
-#define CONFIG_AMERGE_FILTER 0
-#define CONFIG_AMETADATA_FILTER 0
-#define CONFIG_AMIX_FILTER 0
-#define CONFIG_ANEQUALIZER_FILTER 0
-#define CONFIG_ANULL_FILTER 0
-#define CONFIG_APAD_FILTER 0
-#define CONFIG_APERMS_FILTER 0
-#define CONFIG_APHASER_FILTER 0
-#define CONFIG_APULSATOR_FILTER 0
-#define CONFIG_AREALTIME_FILTER 0
-#define CONFIG_ARESAMPLE_FILTER 0
-#define CONFIG_AREVERSE_FILTER 0
-#define CONFIG_ASELECT_FILTER 0
-#define CONFIG_ASENDCMD_FILTER 0
-#define CONFIG_ASETNSAMPLES_FILTER 0
-#define CONFIG_ASETPTS_FILTER 0
-#define CONFIG_ASETRATE_FILTER 0
-#define CONFIG_ASETTB_FILTER 0
-#define CONFIG_ASHOWINFO_FILTER 0
-#define CONFIG_ASIDEDATA_FILTER 0
-#define CONFIG_ASPLIT_FILTER 0
-#define CONFIG_ASTATS_FILTER 0
-#define CONFIG_ASTREAMSELECT_FILTER 0
-#define CONFIG_ASYNCTS_FILTER 0
-#define CONFIG_ATEMPO_FILTER 0
-#define CONFIG_ATRIM_FILTER 0
-#define CONFIG_AZMQ_FILTER 0
-#define CONFIG_BANDPASS_FILTER 0
-#define CONFIG_BANDREJECT_FILTER 0
-#define CONFIG_BASS_FILTER 0
-#define CONFIG_BIQUAD_FILTER 0
-#define CONFIG_BS2B_FILTER 0
-#define CONFIG_CHANNELMAP_FILTER 0
-#define CONFIG_CHANNELSPLIT_FILTER 0
-#define CONFIG_CHORUS_FILTER 0
-#define CONFIG_COMPAND_FILTER 0
-#define CONFIG_COMPENSATIONDELAY_FILTER 0
-#define CONFIG_CRYSTALIZER_FILTER 0
-#define CONFIG_DCSHIFT_FILTER 0
-#define CONFIG_DYNAUDNORM_FILTER 0
-#define CONFIG_EARWAX_FILTER 0
-#define CONFIG_EBUR128_FILTER 0
-#define CONFIG_EQUALIZER_FILTER 0
-#define CONFIG_EXTRASTEREO_FILTER 0
-#define CONFIG_FIREQUALIZER_FILTER 0
-#define CONFIG_FLANGER_FILTER 0
-#define CONFIG_HDCD_FILTER 0
-#define CONFIG_HIGHPASS_FILTER 0
-#define CONFIG_JOIN_FILTER 0
-#define CONFIG_LADSPA_FILTER 0
-#define CONFIG_LOUDNORM_FILTER 0
-#define CONFIG_LOWPASS_FILTER 0
-#define CONFIG_PAN_FILTER 0
-#define CONFIG_REPLAYGAIN_FILTER 0
-#define CONFIG_RESAMPLE_FILTER 0
-#define CONFIG_RUBBERBAND_FILTER 0
-#define CONFIG_SIDECHAINCOMPRESS_FILTER 0
-#define CONFIG_SIDECHAINGATE_FILTER 0
-#define CONFIG_SILENCEDETECT_FILTER 0
-#define CONFIG_SILENCEREMOVE_FILTER 0
-#define CONFIG_SOFALIZER_FILTER 0
-#define CONFIG_STEREOTOOLS_FILTER 0
-#define CONFIG_STEREOWIDEN_FILTER 0
-#define CONFIG_TREBLE_FILTER 0
-#define CONFIG_TREMOLO_FILTER 0
-#define CONFIG_VIBRATO_FILTER 0
-#define CONFIG_VOLUME_FILTER 0
-#define CONFIG_VOLUMEDETECT_FILTER 0
-#define CONFIG_AEVALSRC_FILTER 0
-#define CONFIG_ANOISESRC_FILTER 0
-#define CONFIG_ANULLSRC_FILTER 0
-#define CONFIG_FLITE_FILTER 0
-#define CONFIG_SINE_FILTER 0
-#define CONFIG_ANULLSINK_FILTER 0
-#define CONFIG_ALPHAEXTRACT_FILTER 0
-#define CONFIG_ALPHAMERGE_FILTER 0
-#define CONFIG_ASS_FILTER 0
-#define CONFIG_ATADENOISE_FILTER 0
-#define CONFIG_AVGBLUR_FILTER 0
-#define CONFIG_BBOX_FILTER 0
-#define CONFIG_BENCH_FILTER 0
-#define CONFIG_BITPLANENOISE_FILTER 0
-#define CONFIG_BLACKDETECT_FILTER 0
-#define CONFIG_BLACKFRAME_FILTER 0
-#define CONFIG_BLEND_FILTER 0
-#define CONFIG_BOXBLUR_FILTER 0
-#define CONFIG_BWDIF_FILTER 0
-#define CONFIG_CHROMAKEY_FILTER 0
-#define CONFIG_CIESCOPE_FILTER 0
-#define CONFIG_CODECVIEW_FILTER 0
-#define CONFIG_COLORBALANCE_FILTER 0
-#define CONFIG_COLORCHANNELMIXER_FILTER 0
-#define CONFIG_COLORKEY_FILTER 0
-#define CONFIG_COLORLEVELS_FILTER 0
-#define CONFIG_COLORMATRIX_FILTER 0
-#define CONFIG_COLORSPACE_FILTER 0
-#define CONFIG_CONVOLUTION_FILTER 0
-#define CONFIG_COPY_FILTER 0
-#define CONFIG_COREIMAGE_FILTER 0
-#define CONFIG_COVER_RECT_FILTER 0
-#define CONFIG_CROP_FILTER 0
-#define CONFIG_CROPDETECT_FILTER 0
-#define CONFIG_CURVES_FILTER 0
-#define CONFIG_DATASCOPE_FILTER 0
-#define CONFIG_DCTDNOIZ_FILTER 0
-#define CONFIG_DEBAND_FILTER 0
-#define CONFIG_DECIMATE_FILTER 0
-#define CONFIG_DEFLATE_FILTER 0
-#define CONFIG_DEJUDDER_FILTER 0
-#define CONFIG_DELOGO_FILTER 0
-#define CONFIG_DESHAKE_FILTER 0
-#define CONFIG_DETELECINE_FILTER 0
-#define CONFIG_DILATION_FILTER 0
-#define CONFIG_DISPLACE_FILTER 0
-#define CONFIG_DRAWBOX_FILTER 0
-#define CONFIG_DRAWGRAPH_FILTER 0
-#define CONFIG_DRAWGRID_FILTER 0
-#define CONFIG_DRAWTEXT_FILTER 0
-#define CONFIG_EDGEDETECT_FILTER 0
-#define CONFIG_ELBG_FILTER 0
-#define CONFIG_EQ_FILTER 0
-#define CONFIG_EROSION_FILTER 0
-#define CONFIG_EXTRACTPLANES_FILTER 0
-#define CONFIG_FADE_FILTER 0
-#define CONFIG_FFTFILT_FILTER 0
-#define CONFIG_FIELD_FILTER 0
-#define CONFIG_FIELDHINT_FILTER 0
-#define CONFIG_FIELDMATCH_FILTER 0
-#define CONFIG_FIELDORDER_FILTER 0
-#define CONFIG_FIND_RECT_FILTER 0
-#define CONFIG_FORMAT_FILTER 0
-#define CONFIG_FPS_FILTER 0
-#define CONFIG_FRAMEPACK_FILTER 0
-#define CONFIG_FRAMERATE_FILTER 0
-#define CONFIG_FRAMESTEP_FILTER 0
-#define CONFIG_FREI0R_FILTER 0
-#define CONFIG_FSPP_FILTER 0
-#define CONFIG_GBLUR_FILTER 0
-#define CONFIG_GEQ_FILTER 0
-#define CONFIG_GRADFUN_FILTER 0
-#define CONFIG_HALDCLUT_FILTER 0
-#define CONFIG_HFLIP_FILTER 0
-#define CONFIG_HISTEQ_FILTER 0
-#define CONFIG_HISTOGRAM_FILTER 0
-#define CONFIG_HQDN3D_FILTER 0
-#define CONFIG_HQX_FILTER 0
-#define CONFIG_HSTACK_FILTER 0
-#define CONFIG_HUE_FILTER 0
-#define CONFIG_HWDOWNLOAD_FILTER 0
-#define CONFIG_HWUPLOAD_FILTER 0
-#define CONFIG_HWUPLOAD_CUDA_FILTER 0
-#define CONFIG_HYSTERESIS_FILTER 0
-#define CONFIG_IDET_FILTER 0
-#define CONFIG_IL_FILTER 0
-#define CONFIG_INFLATE_FILTER 0
-#define CONFIG_INTERLACE_FILTER 0
-#define CONFIG_INTERLEAVE_FILTER 0
-#define CONFIG_KERNDEINT_FILTER 0
-#define CONFIG_LENSCORRECTION_FILTER 0
-#define CONFIG_LOOP_FILTER 0
-#define CONFIG_LUT_FILTER 0
-#define CONFIG_LUT2_FILTER 0
-#define CONFIG_LUT3D_FILTER 0
-#define CONFIG_LUTRGB_FILTER 0
-#define CONFIG_LUTYUV_FILTER 0
-#define CONFIG_MASKEDCLAMP_FILTER 0
-#define CONFIG_MASKEDMERGE_FILTER 0
-#define CONFIG_MCDEINT_FILTER 0
-#define CONFIG_MERGEPLANES_FILTER 0
-#define CONFIG_MESTIMATE_FILTER 0
-#define CONFIG_METADATA_FILTER 0
-#define CONFIG_MINTERPOLATE_FILTER 0
-#define CONFIG_MPDECIMATE_FILTER 0
-#define CONFIG_NEGATE_FILTER 0
-#define CONFIG_NLMEANS_FILTER 0
-#define CONFIG_NNEDI_FILTER 0
-#define CONFIG_NOFORMAT_FILTER 0
-#define CONFIG_NOISE_FILTER 0
-#define CONFIG_NULL_FILTER 0
-#define CONFIG_OCR_FILTER 0
-#define CONFIG_OCV_FILTER 0
-#define CONFIG_OVERLAY_FILTER 0
-#define CONFIG_OWDENOISE_FILTER 0
-#define CONFIG_PAD_FILTER 0
-#define CONFIG_PALETTEGEN_FILTER 0
-#define CONFIG_PALETTEUSE_FILTER 0
-#define CONFIG_PERMS_FILTER 0
-#define CONFIG_PERSPECTIVE_FILTER 0
-#define CONFIG_PHASE_FILTER 0
-#define CONFIG_PIXDESCTEST_FILTER 0
-#define CONFIG_PP_FILTER 0
-#define CONFIG_PP7_FILTER 0
-#define CONFIG_PREWITT_FILTER 0
-#define CONFIG_PSNR_FILTER 0
-#define CONFIG_PULLUP_FILTER 0
-#define CONFIG_QP_FILTER 0
-#define CONFIG_RANDOM_FILTER 0
-#define CONFIG_READVITC_FILTER 0
-#define CONFIG_REALTIME_FILTER 0
-#define CONFIG_REMAP_FILTER 0
-#define CONFIG_REMOVEGRAIN_FILTER 0
-#define CONFIG_REMOVELOGO_FILTER 0
-#define CONFIG_REPEATFIELDS_FILTER 0
-#define CONFIG_REVERSE_FILTER 0
-#define CONFIG_ROTATE_FILTER 0
-#define CONFIG_SAB_FILTER 0
-#define CONFIG_SCALE_FILTER 0
-#define CONFIG_SCALE_NPP_FILTER 0
-#define CONFIG_SCALE_VAAPI_FILTER 0
-#define CONFIG_SCALE2REF_FILTER 0
-#define CONFIG_SELECT_FILTER 0
-#define CONFIG_SELECTIVECOLOR_FILTER 0
-#define CONFIG_SENDCMD_FILTER 0
-#define CONFIG_SEPARATEFIELDS_FILTER 0
-#define CONFIG_SETDAR_FILTER 0
-#define CONFIG_SETFIELD_FILTER 0
-#define CONFIG_SETPTS_FILTER 0
-#define CONFIG_SETSAR_FILTER 0
-#define CONFIG_SETTB_FILTER 0
-#define CONFIG_SHOWINFO_FILTER 0
-#define CONFIG_SHOWPALETTE_FILTER 0
-#define CONFIG_SHUFFLEFRAMES_FILTER 0
-#define CONFIG_SHUFFLEPLANES_FILTER 0
-#define CONFIG_SIDEDATA_FILTER 0
-#define CONFIG_SIGNALSTATS_FILTER 0
-#define CONFIG_SMARTBLUR_FILTER 0
-#define CONFIG_SOBEL_FILTER 0
-#define CONFIG_SPLIT_FILTER 0
-#define CONFIG_SPP_FILTER 0
-#define CONFIG_SSIM_FILTER 0
-#define CONFIG_STEREO3D_FILTER 0
-#define CONFIG_STREAMSELECT_FILTER 0
-#define CONFIG_SUBTITLES_FILTER 0
-#define CONFIG_SUPER2XSAI_FILTER 0
-#define CONFIG_SWAPRECT_FILTER 0
-#define CONFIG_SWAPUV_FILTER 0
-#define CONFIG_TBLEND_FILTER 0
-#define CONFIG_TELECINE_FILTER 0
-#define CONFIG_THUMBNAIL_FILTER 0
-#define CONFIG_TILE_FILTER 0
-#define CONFIG_TINTERLACE_FILTER 0
-#define CONFIG_TRANSPOSE_FILTER 0
-#define CONFIG_TRIM_FILTER 0
-#define CONFIG_UNSHARP_FILTER 0
-#define CONFIG_USPP_FILTER 0
-#define CONFIG_VAGUEDENOISER_FILTER 0
-#define CONFIG_VECTORSCOPE_FILTER 0
-#define CONFIG_VFLIP_FILTER 0
-#define CONFIG_VIDSTABDETECT_FILTER 0
-#define CONFIG_VIDSTABTRANSFORM_FILTER 0
-#define CONFIG_VIGNETTE_FILTER 0
-#define CONFIG_VSTACK_FILTER 0
-#define CONFIG_W3FDIF_FILTER 0
-#define CONFIG_WAVEFORM_FILTER 0
-#define CONFIG_WEAVE_FILTER 0
-#define CONFIG_XBR_FILTER 0
-#define CONFIG_YADIF_FILTER 0
-#define CONFIG_ZMQ_FILTER 0
-#define CONFIG_ZOOMPAN_FILTER 0
-#define CONFIG_ZSCALE_FILTER 0
-#define CONFIG_ALLRGB_FILTER 0
-#define CONFIG_ALLYUV_FILTER 0
-#define CONFIG_CELLAUTO_FILTER 0
-#define CONFIG_COLOR_FILTER 0
-#define CONFIG_COREIMAGESRC_FILTER 0
-#define CONFIG_FREI0R_SRC_FILTER 0
-#define CONFIG_HALDCLUTSRC_FILTER 0
-#define CONFIG_LIFE_FILTER 0
-#define CONFIG_MANDELBROT_FILTER 0
-#define CONFIG_MPTESTSRC_FILTER 0
-#define CONFIG_NULLSRC_FILTER 0
-#define CONFIG_RGBTESTSRC_FILTER 0
-#define CONFIG_SMPTEBARS_FILTER 0
-#define CONFIG_SMPTEHDBARS_FILTER 0
-#define CONFIG_TESTSRC_FILTER 0
-#define CONFIG_TESTSRC2_FILTER 0
-#define CONFIG_YUVTESTSRC_FILTER 0
-#define CONFIG_NULLSINK_FILTER 0
-#define CONFIG_ADRAWGRAPH_FILTER 0
-#define CONFIG_AHISTOGRAM_FILTER 0
-#define CONFIG_APHASEMETER_FILTER 0
-#define CONFIG_AVECTORSCOPE_FILTER 0
-#define CONFIG_CONCAT_FILTER 0
-#define CONFIG_SHOWCQT_FILTER 0
-#define CONFIG_SHOWFREQS_FILTER 0
-#define CONFIG_SHOWSPECTRUM_FILTER 0
-#define CONFIG_SHOWSPECTRUMPIC_FILTER 0
-#define CONFIG_SHOWVOLUME_FILTER 0
-#define CONFIG_SHOWWAVES_FILTER 0
-#define CONFIG_SHOWWAVESPIC_FILTER 0
-#define CONFIG_SPECTRUMSYNTH_FILTER 0
-#define CONFIG_AMOVIE_FILTER 0
-#define CONFIG_MOVIE_FILTER 0
-#define CONFIG_H263_CUVID_HWACCEL 0
-#define CONFIG_H263_VAAPI_HWACCEL 0
-#define CONFIG_H263_VIDEOTOOLBOX_HWACCEL 0
-#define CONFIG_H264_CUVID_HWACCEL 0
-#define CONFIG_H264_D3D11VA_HWACCEL 0
-#define CONFIG_H264_DXVA2_HWACCEL 0
-#define CONFIG_H264_MEDIACODEC_HWACCEL 0
-#define CONFIG_H264_MMAL_HWACCEL 0
-#define CONFIG_H264_QSV_HWACCEL 0
-#define CONFIG_H264_VAAPI_HWACCEL 0
-#define CONFIG_H264_VDA_HWACCEL 0
-#define CONFIG_H264_VDA_OLD_HWACCEL 0
-#define CONFIG_H264_VDPAU_HWACCEL 0
-#define CONFIG_H264_VIDEOTOOLBOX_HWACCEL 0
-#define CONFIG_HEVC_CUVID_HWACCEL 0
-#define CONFIG_HEVC_D3D11VA_HWACCEL 0
-#define CONFIG_HEVC_DXVA2_HWACCEL 0
-#define CONFIG_HEVC_MEDIACODEC_HWACCEL 0
-#define CONFIG_HEVC_QSV_HWACCEL 0
-#define CONFIG_HEVC_VAAPI_HWACCEL 0
-#define CONFIG_HEVC_VDPAU_HWACCEL 0
-#define CONFIG_MJPEG_CUVID_HWACCEL 0
-#define CONFIG_MPEG1_CUVID_HWACCEL 0
-#define CONFIG_MPEG1_XVMC_HWACCEL 0
-#define CONFIG_MPEG1_VDPAU_HWACCEL 0
-#define CONFIG_MPEG1_VIDEOTOOLBOX_HWACCEL 0
-#define CONFIG_MPEG2_CUVID_HWACCEL 0
-#define CONFIG_MPEG2_XVMC_HWACCEL 0
-#define CONFIG_MPEG2_D3D11VA_HWACCEL 0
-#define CONFIG_MPEG2_DXVA2_HWACCEL 0
-#define CONFIG_MPEG2_MMAL_HWACCEL 0
-#define CONFIG_MPEG2_QSV_HWACCEL 0
-#define CONFIG_MPEG2_VAAPI_HWACCEL 0
-#define CONFIG_MPEG2_VDPAU_HWACCEL 0
-#define CONFIG_MPEG2_VIDEOTOOLBOX_HWACCEL 0
-#define CONFIG_MPEG4_CUVID_HWACCEL 0
-#define CONFIG_MPEG4_MEDIACODEC_HWACCEL 0
-#define CONFIG_MPEG4_MMAL_HWACCEL 0
-#define CONFIG_MPEG4_VAAPI_HWACCEL 0
-#define CONFIG_MPEG4_VDPAU_HWACCEL 0
-#define CONFIG_MPEG4_VIDEOTOOLBOX_HWACCEL 0
-#define CONFIG_VC1_CUVID_HWACCEL 0
-#define CONFIG_VC1_D3D11VA_HWACCEL 0
-#define CONFIG_VC1_DXVA2_HWACCEL 0
-#define CONFIG_VC1_VAAPI_HWACCEL 0
-#define CONFIG_VC1_VDPAU_HWACCEL 0
-#define CONFIG_VC1_MMAL_HWACCEL 0
-#define CONFIG_VC1_QSV_HWACCEL 0
-#define CONFIG_VP8_CUVID_HWACCEL 0
-#define CONFIG_VP8_MEDIACODEC_HWACCEL 0
-#define CONFIG_VP9_CUVID_HWACCEL 0
-#define CONFIG_VP9_D3D11VA_HWACCEL 0
-#define CONFIG_VP9_DXVA2_HWACCEL 0
-#define CONFIG_VP9_MEDIACODEC_HWACCEL 0
-#define CONFIG_VP9_VAAPI_HWACCEL 0
-#define CONFIG_WMV3_D3D11VA_HWACCEL 0
-#define CONFIG_WMV3_DXVA2_HWACCEL 0
-#define CONFIG_WMV3_VAAPI_HWACCEL 0
-#define CONFIG_WMV3_VDPAU_HWACCEL 0
-#define CONFIG_ALSA_INDEV 0
-#define CONFIG_AVFOUNDATION_INDEV 0
-#define CONFIG_BKTR_INDEV 0
-#define CONFIG_DECKLINK_INDEV 0
-#define CONFIG_DSHOW_INDEV 0
-#define CONFIG_DV1394_INDEV 0
-#define CONFIG_FBDEV_INDEV 0
-#define CONFIG_GDIGRAB_INDEV 0
-#define CONFIG_IEC61883_INDEV 0
-#define CONFIG_JACK_INDEV 0
-#define CONFIG_LAVFI_INDEV 0
-#define CONFIG_OPENAL_INDEV 0
-#define CONFIG_OSS_INDEV 0
-#define CONFIG_PULSE_INDEV 0
-#define CONFIG_QTKIT_INDEV 0
-#define CONFIG_SNDIO_INDEV 0
-#define CONFIG_V4L2_INDEV 0
-#define CONFIG_VFWCAP_INDEV 0
-#define CONFIG_X11GRAB_INDEV 0
-#define CONFIG_X11GRAB_XCB_INDEV 0
-#define CONFIG_LIBCDIO_INDEV 0
-#define CONFIG_LIBDC1394_INDEV 0
-#define CONFIG_A64_MUXER 0
-#define CONFIG_AC3_MUXER 0
-#define CONFIG_ADTS_MUXER 0
-#define CONFIG_ADX_MUXER 0
-#define CONFIG_AIFF_MUXER 0
-#define CONFIG_AMR_MUXER 0
-#define CONFIG_APNG_MUXER 0
-#define CONFIG_ASF_MUXER 0
-#define CONFIG_ASS_MUXER 0
-#define CONFIG_AST_MUXER 0
-#define CONFIG_ASF_STREAM_MUXER 0
-#define CONFIG_AU_MUXER 0
-#define CONFIG_AVI_MUXER 0
-#define CONFIG_AVM2_MUXER 0
-#define CONFIG_BIT_MUXER 0
-#define CONFIG_CAF_MUXER 0
-#define CONFIG_CAVSVIDEO_MUXER 0
-#define CONFIG_CRC_MUXER 0
-#define CONFIG_DASH_MUXER 0
-#define CONFIG_DATA_MUXER 0
-#define CONFIG_DAUD_MUXER 0
-#define CONFIG_DIRAC_MUXER 0
-#define CONFIG_DNXHD_MUXER 0
-#define CONFIG_DTS_MUXER 0
-#define CONFIG_DV_MUXER 0
-#define CONFIG_EAC3_MUXER 0
-#define CONFIG_F4V_MUXER 0
-#define CONFIG_FFM_MUXER 0
-#define CONFIG_FFMETADATA_MUXER 0
-#define CONFIG_FIFO_MUXER 0
-#define CONFIG_FILMSTRIP_MUXER 0
-#define CONFIG_FLAC_MUXER 0
-#define CONFIG_FLV_MUXER 0
-#define CONFIG_FRAMECRC_MUXER 0
-#define CONFIG_FRAMEHASH_MUXER 0
-#define CONFIG_FRAMEMD5_MUXER 0
-#define CONFIG_G722_MUXER 0
-#define CONFIG_G723_1_MUXER 0
-#define CONFIG_GIF_MUXER 0
-#define CONFIG_GSM_MUXER 0
-#define CONFIG_GXF_MUXER 0
-#define CONFIG_H261_MUXER 0
-#define CONFIG_H263_MUXER 0
-#define CONFIG_H264_MUXER 0
-#define CONFIG_HASH_MUXER 0
-#define CONFIG_HDS_MUXER 0
-#define CONFIG_HEVC_MUXER 0
-#define CONFIG_HLS_MUXER 0
-#define CONFIG_ICO_MUXER 0
-#define CONFIG_ILBC_MUXER 0
-#define CONFIG_IMAGE2_MUXER 0
-#define CONFIG_IMAGE2PIPE_MUXER 0
-#define CONFIG_IPOD_MUXER 0
-#define CONFIG_IRCAM_MUXER 0
-#define CONFIG_ISMV_MUXER 0
-#define CONFIG_IVF_MUXER 0
-#define CONFIG_JACOSUB_MUXER 0
-#define CONFIG_LATM_MUXER 0
-#define CONFIG_LRC_MUXER 0
-#define CONFIG_M4V_MUXER 0
-#define CONFIG_MD5_MUXER 0
-#define CONFIG_MATROSKA_MUXER 0
-#define CONFIG_MATROSKA_AUDIO_MUXER 0
-#define CONFIG_MICRODVD_MUXER 0
-#define CONFIG_MJPEG_MUXER 0
-#define CONFIG_MLP_MUXER 0
-#define CONFIG_MMF_MUXER 0
-#define CONFIG_MOV_MUXER 0
-#define CONFIG_MP2_MUXER 0
-#define CONFIG_MP3_MUXER 0
-#define CONFIG_MP4_MUXER 0
-#define CONFIG_MPEG1SYSTEM_MUXER 0
-#define CONFIG_MPEG1VCD_MUXER 0
-#define CONFIG_MPEG1VIDEO_MUXER 0
-#define CONFIG_MPEG2DVD_MUXER 0
-#define CONFIG_MPEG2SVCD_MUXER 0
-#define CONFIG_MPEG2VIDEO_MUXER 0
-#define CONFIG_MPEG2VOB_MUXER 0
-#define CONFIG_MPEGTS_MUXER 0
-#define CONFIG_MPJPEG_MUXER 0
-#define CONFIG_MXF_MUXER 0
-#define CONFIG_MXF_D10_MUXER 0
-#define CONFIG_MXF_OPATOM_MUXER 0
-#define CONFIG_NULL_MUXER 0
-#define CONFIG_NUT_MUXER 0
-#define CONFIG_OGA_MUXER 0
-#define CONFIG_OGG_MUXER 0
-#define CONFIG_OGV_MUXER 0
-#define CONFIG_OMA_MUXER 0
-#define CONFIG_OPUS_MUXER 0
-#define CONFIG_PCM_ALAW_MUXER 0
-#define CONFIG_PCM_MULAW_MUXER 0
-#define CONFIG_PCM_F64BE_MUXER 0
-#define CONFIG_PCM_F64LE_MUXER 0
-#define CONFIG_PCM_F32BE_MUXER 0
-#define CONFIG_PCM_F32LE_MUXER 0
-#define CONFIG_PCM_S32BE_MUXER 0
-#define CONFIG_PCM_S32LE_MUXER 0
-#define CONFIG_PCM_S24BE_MUXER 0
-#define CONFIG_PCM_S24LE_MUXER 0
-#define CONFIG_PCM_S16BE_MUXER 0
-#define CONFIG_PCM_S16LE_MUXER 0
-#define CONFIG_PCM_S8_MUXER 0
-#define CONFIG_PCM_U32BE_MUXER 0
-#define CONFIG_PCM_U32LE_MUXER 0
-#define CONFIG_PCM_U24BE_MUXER 0
-#define CONFIG_PCM_U24LE_MUXER 0
-#define CONFIG_PCM_U16BE_MUXER 0
-#define CONFIG_PCM_U16LE_MUXER 0
-#define CONFIG_PCM_U8_MUXER 0
-#define CONFIG_PSP_MUXER 0
-#define CONFIG_RAWVIDEO_MUXER 0
-#define CONFIG_RM_MUXER 0
-#define CONFIG_ROQ_MUXER 0
-#define CONFIG_RSO_MUXER 0
-#define CONFIG_RTP_MUXER 0
-#define CONFIG_RTP_MPEGTS_MUXER 0
-#define CONFIG_RTSP_MUXER 0
-#define CONFIG_SAP_MUXER 0
-#define CONFIG_SEGMENT_MUXER 0
-#define CONFIG_STREAM_SEGMENT_MUXER 0
-#define CONFIG_SINGLEJPEG_MUXER 0
-#define CONFIG_SMJPEG_MUXER 0
-#define CONFIG_SMOOTHSTREAMING_MUXER 0
-#define CONFIG_SOX_MUXER 0
-#define CONFIG_SPX_MUXER 0
-#define CONFIG_SPDIF_MUXER 0
-#define CONFIG_SRT_MUXER 0
-#define CONFIG_SWF_MUXER 0
-#define CONFIG_TEE_MUXER 0
-#define CONFIG_TG2_MUXER 0
-#define CONFIG_TGP_MUXER 0
-#define CONFIG_MKVTIMESTAMP_V2_MUXER 0
-#define CONFIG_TRUEHD_MUXER 0
-#define CONFIG_TTA_MUXER 0
-#define CONFIG_UNCODEDFRAMECRC_MUXER 0
-#define CONFIG_VC1_MUXER 0
-#define CONFIG_VC1T_MUXER 0
-#define CONFIG_VOC_MUXER 0
-#define CONFIG_W64_MUXER 0
-#define CONFIG_WAV_MUXER 0
-#define CONFIG_WEBM_MUXER 0
-#define CONFIG_WEBM_DASH_MANIFEST_MUXER 0
-#define CONFIG_WEBM_CHUNK_MUXER 0
-#define CONFIG_WEBP_MUXER 0
-#define CONFIG_WEBVTT_MUXER 0
-#define CONFIG_WTV_MUXER 0
-#define CONFIG_WV_MUXER 0
-#define CONFIG_YUV4MPEGPIPE_MUXER 0
-#define CONFIG_CHROMAPRINT_MUXER 0
-#define CONFIG_LIBNUT_MUXER 0
-#define CONFIG_ALSA_OUTDEV 0
-#define CONFIG_CACA_OUTDEV 0
-#define CONFIG_DECKLINK_OUTDEV 0
-#define CONFIG_FBDEV_OUTDEV 0
-#define CONFIG_OPENGL_OUTDEV 0
-#define CONFIG_OSS_OUTDEV 0
-#define CONFIG_PULSE_OUTDEV 0
-#define CONFIG_SDL2_OUTDEV 0
-#define CONFIG_SNDIO_OUTDEV 0
-#define CONFIG_V4L2_OUTDEV 0
-#define CONFIG_XV_OUTDEV 0
-#define CONFIG_AAC_PARSER 0
-#define CONFIG_AAC_LATM_PARSER 0
-#define CONFIG_AC3_PARSER 0
-#define CONFIG_ADX_PARSER 0
-#define CONFIG_BMP_PARSER 0
-#define CONFIG_CAVSVIDEO_PARSER 0
-#define CONFIG_COOK_PARSER 0
-#define CONFIG_DCA_PARSER 0
-#define CONFIG_DIRAC_PARSER 0
-#define CONFIG_DNXHD_PARSER 0
-#define CONFIG_DPX_PARSER 0
-#define CONFIG_DVAUDIO_PARSER 0
-#define CONFIG_DVBSUB_PARSER 0
-#define CONFIG_DVDSUB_PARSER 0
-#define CONFIG_DVD_NAV_PARSER 0
-#define CONFIG_FLAC_PARSER 1
-#define CONFIG_G729_PARSER 0
-#define CONFIG_GSM_PARSER 0
-#define CONFIG_H261_PARSER 0
-#define CONFIG_H263_PARSER 0
-#define CONFIG_H264_PARSER 0
-#define CONFIG_HEVC_PARSER 0
-#define CONFIG_MJPEG_PARSER 0
-#define CONFIG_MLP_PARSER 0
-#define CONFIG_MPEG4VIDEO_PARSER 0
-#define CONFIG_MPEGAUDIO_PARSER 0
-#define CONFIG_MPEGVIDEO_PARSER 0
-#define CONFIG_OPUS_PARSER 0
-#define CONFIG_PNG_PARSER 0
-#define CONFIG_PNM_PARSER 0
-#define CONFIG_RV30_PARSER 0
-#define CONFIG_RV40_PARSER 0
-#define CONFIG_TAK_PARSER 0
-#define CONFIG_VC1_PARSER 0
-#define CONFIG_VORBIS_PARSER 0
-#define CONFIG_VP3_PARSER 0
+#define CONFIG_FLAC_PARSER 0
 #define CONFIG_VP8_PARSER 1
 #define CONFIG_VP9_PARSER 1
-#define CONFIG_ASYNC_PROTOCOL 0
-#define CONFIG_BLURAY_PROTOCOL 0
-#define CONFIG_CACHE_PROTOCOL 0
-#define CONFIG_CONCAT_PROTOCOL 0
-#define CONFIG_CRYPTO_PROTOCOL 0
-#define CONFIG_DATA_PROTOCOL 0
-#define CONFIG_FFRTMPCRYPT_PROTOCOL 0
-#define CONFIG_FFRTMPHTTP_PROTOCOL 0
-#define CONFIG_FILE_PROTOCOL 0
-#define CONFIG_FTP_PROTOCOL 0
-#define CONFIG_GOPHER_PROTOCOL 0
-#define CONFIG_HLS_PROTOCOL 0
-#define CONFIG_HTTP_PROTOCOL 0
-#define CONFIG_HTTPPROXY_PROTOCOL 0
-#define CONFIG_HTTPS_PROTOCOL 0
-#define CONFIG_ICECAST_PROTOCOL 0
-#define CONFIG_MMSH_PROTOCOL 0
-#define CONFIG_MMST_PROTOCOL 0
-#define CONFIG_MD5_PROTOCOL 0
-#define CONFIG_PIPE_PROTOCOL 0
-#define CONFIG_RTMP_PROTOCOL 0
-#define CONFIG_RTMPE_PROTOCOL 0
-#define CONFIG_RTMPS_PROTOCOL 0
-#define CONFIG_RTMPT_PROTOCOL 0
-#define CONFIG_RTMPTE_PROTOCOL 0
-#define CONFIG_RTMPTS_PROTOCOL 0
-#define CONFIG_RTP_PROTOCOL 0
-#define CONFIG_SCTP_PROTOCOL 0
-#define CONFIG_SRTP_PROTOCOL 0
-#define CONFIG_SUBFILE_PROTOCOL 0
-#define CONFIG_TEE_PROTOCOL 0
-#define CONFIG_TCP_PROTOCOL 0
-#define CONFIG_TLS_GNUTLS_PROTOCOL 0
-#define CONFIG_TLS_SCHANNEL_PROTOCOL 0
-#define CONFIG_TLS_SECURETRANSPORT_PROTOCOL 0
-#define CONFIG_TLS_OPENSSL_PROTOCOL 0
-#define CONFIG_UDP_PROTOCOL 0
-#define CONFIG_UDPLITE_PROTOCOL 0
-#define CONFIG_UNIX_PROTOCOL 0
-#define CONFIG_LIBRTMP_PROTOCOL 0
-#define CONFIG_LIBRTMPE_PROTOCOL 0
-#define CONFIG_LIBRTMPS_PROTOCOL 0
-#define CONFIG_LIBRTMPT_PROTOCOL 0
-#define CONFIG_LIBRTMPTE_PROTOCOL 0
-#define CONFIG_LIBSSH_PROTOCOL 0
-#define CONFIG_LIBSMBCLIENT_PROTOCOL 0
 #endif /* FFMPEG_CONFIG_H */
diff --git a/media/ffvpx/defaults_disabled.asm b/media/ffvpx/defaults_disabled.asm
new file mode 100644
index 000000000..a9fde4c52
--- /dev/null
+++ b/media/ffvpx/defaults_disabled.asm
@@ -0,0 +1,1674 @@
+%define CONFIG_ENCODERS 0
+%define CONFIG_HWACCELS 0
+%define CONFIG_INDEVS 0
+%define CONFIG_OUTDEVS 0
+%define CONFIG_FILTERS 0
+%define CONFIG_DEMUXERS 0
+%define CONFIG_MUXERS 0
+%define CONFIG_PROTOCOLS 0
+%define CONFIG_FRAME_THREAD_ENCODER 0
+%define CONFIG_AASC_DECODER 0
+%define CONFIG_AIC_DECODER 0
+%define CONFIG_ALIAS_PIX_DECODER 0
+%define CONFIG_AMV_DECODER 0
+%define CONFIG_ANM_DECODER 0
+%define CONFIG_ANSI_DECODER 0
+%define CONFIG_APNG_DECODER 0
+%define CONFIG_ASV1_DECODER 0
+%define CONFIG_ASV2_DECODER 0
+%define CONFIG_AURA_DECODER 0
+%define CONFIG_AURA2_DECODER 0
+%define CONFIG_AVRP_DECODER 0
+%define CONFIG_AVRN_DECODER 0
+%define CONFIG_AVS_DECODER 0
+%define CONFIG_AVUI_DECODER 0
+%define CONFIG_AYUV_DECODER 0
+%define CONFIG_BETHSOFTVID_DECODER 0
+%define CONFIG_BFI_DECODER 0
+%define CONFIG_BINK_DECODER 0
+%define CONFIG_BMP_DECODER 0
+%define CONFIG_BMV_VIDEO_DECODER 0
+%define CONFIG_BRENDER_PIX_DECODER 0
+%define CONFIG_C93_DECODER 0
+%define CONFIG_CAVS_DECODER 0
+%define CONFIG_CDGRAPHICS_DECODER 0
+%define CONFIG_CDXL_DECODER 0
+%define CONFIG_CFHD_DECODER 0
+%define CONFIG_CINEPAK_DECODER 0
+%define CONFIG_CLEARVIDEO_DECODER 0
+%define CONFIG_CLJR_DECODER 0
+%define CONFIG_CLLC_DECODER 0
+%define CONFIG_COMFORTNOISE_DECODER 0
+%define CONFIG_CPIA_DECODER 0
+%define CONFIG_CSCD_DECODER 0
+%define CONFIG_CYUV_DECODER 0
+%define CONFIG_DDS_DECODER 0
+%define CONFIG_DFA_DECODER 0
+%define CONFIG_DIRAC_DECODER 0
+%define CONFIG_DNXHD_DECODER 0
+%define CONFIG_DPX_DECODER 0
+%define CONFIG_DSICINVIDEO_DECODER 0
+%define CONFIG_DVAUDIO_DECODER 0
+%define CONFIG_DVVIDEO_DECODER 0
+%define CONFIG_DXA_DECODER 0
+%define CONFIG_DXTORY_DECODER 0
+%define CONFIG_DXV_DECODER 0
+%define CONFIG_EACMV_DECODER 0
+%define CONFIG_EAMAD_DECODER 0
+%define CONFIG_EATGQ_DECODER 0
+%define CONFIG_EATGV_DECODER 0
+%define CONFIG_EATQI_DECODER 0
+%define CONFIG_EIGHTBPS_DECODER 0
+%define CONFIG_EIGHTSVX_EXP_DECODER 0
+%define CONFIG_EIGHTSVX_FIB_DECODER 0
+%define CONFIG_ESCAPE124_DECODER 0
+%define CONFIG_ESCAPE130_DECODER 0
+%define CONFIG_EXR_DECODER 0
+%define CONFIG_FFV1_DECODER 0
+%define CONFIG_FFVHUFF_DECODER 0
+%define CONFIG_FIC_DECODER 0
+%define CONFIG_FITS_DECODER 0
+%define CONFIG_FLASHSV_DECODER 0
+%define CONFIG_FLASHSV2_DECODER 0
+%define CONFIG_FLIC_DECODER 0
+%define CONFIG_FLV_DECODER 0
+%define CONFIG_FMVC_DECODER 0
+%define CONFIG_FOURXM_DECODER 0
+%define CONFIG_FRAPS_DECODER 0
+%define CONFIG_FRWU_DECODER 0
+%define CONFIG_G2M_DECODER 0
+%define CONFIG_GDV_DECODER 0
+%define CONFIG_GIF_DECODER 0
+%define CONFIG_H261_DECODER 0
+%define CONFIG_H263_DECODER 0
+%define CONFIG_H263I_DECODER 0
+%define CONFIG_H263P_DECODER 0
+%define CONFIG_H263_V4L2M2M_DECODER 0
+%define CONFIG_H264_DECODER 0
+%define CONFIG_H264_CRYSTALHD_DECODER 0
+%define CONFIG_H264_V4L2M2M_DECODER 0
+%define CONFIG_H264_MEDIACODEC_DECODER 0
+%define CONFIG_H264_MMAL_DECODER 0
+%define CONFIG_H264_QSV_DECODER 0
+%define CONFIG_H264_RKMPP_DECODER 0
+%define CONFIG_H264_VDA_DECODER 0
+%define CONFIG_H264_VDPAU_DECODER 0
+%define CONFIG_HAP_DECODER 0
+%define CONFIG_HEVC_DECODER 0
+%define CONFIG_HEVC_QSV_DECODER 0
+%define CONFIG_HEVC_RKMPP_DECODER 0
+%define CONFIG_HEVC_V4L2M2M_DECODER 0
+%define CONFIG_HNM4_VIDEO_DECODER 0
+%define CONFIG_HQ_HQA_DECODER 0
+%define CONFIG_HQX_DECODER 0
+%define CONFIG_HUFFYUV_DECODER 0
+%define CONFIG_IDCIN_DECODER 0
+%define CONFIG_IFF_ILBM_DECODER 0
+%define CONFIG_INDEO2_DECODER 0
+%define CONFIG_INDEO3_DECODER 0
+%define CONFIG_INDEO4_DECODER 0
+%define CONFIG_INDEO5_DECODER 0
+%define CONFIG_INTERPLAY_VIDEO_DECODER 0
+%define CONFIG_JPEG2000_DECODER 0
+%define CONFIG_JPEGLS_DECODER 0
+%define CONFIG_JV_DECODER 0
+%define CONFIG_KGV1_DECODER 0
+%define CONFIG_KMVC_DECODER 0
+%define CONFIG_LAGARITH_DECODER 0
+%define CONFIG_LOCO_DECODER 0
+%define CONFIG_M101_DECODER 0
+%define CONFIG_MAGICYUV_DECODER 0
+%define CONFIG_MDEC_DECODER 0
+%define CONFIG_MIMIC_DECODER 0
+%define CONFIG_MJPEG_DECODER 0
+%define CONFIG_MJPEGB_DECODER 0
+%define CONFIG_MMVIDEO_DECODER 0
+%define CONFIG_MOTIONPIXELS_DECODER 0
+%define CONFIG_MPEG_XVMC_DECODER 0
+%define CONFIG_MPEG1VIDEO_DECODER 0
+%define CONFIG_MPEG2VIDEO_DECODER 0
+%define CONFIG_MPEG4_DECODER 0
+%define CONFIG_MPEG4_CRYSTALHD_DECODER 0
+%define CONFIG_MPEG4_V4L2M2M_DECODER 0
+%define CONFIG_MPEG4_MMAL_DECODER 0
+%define CONFIG_MPEG4_VDPAU_DECODER 0
+%define CONFIG_MPEGVIDEO_DECODER 0
+%define CONFIG_MPEG_VDPAU_DECODER 0
+%define CONFIG_MPEG1_VDPAU_DECODER 0
+%define CONFIG_MPEG1_V4L2M2M_DECODER 0
+%define CONFIG_MPEG2_MMAL_DECODER 0
+%define CONFIG_MPEG2_CRYSTALHD_DECODER 0
+%define CONFIG_MPEG2_V4L2M2M_DECODER 0
+%define CONFIG_MPEG2_QSV_DECODER 0
+%define CONFIG_MPEG2_MEDIACODEC_DECODER 0
+%define CONFIG_MSA1_DECODER 0
+%define CONFIG_MSCC_DECODER 0
+%define CONFIG_MSMPEG4V1_DECODER 0
+%define CONFIG_MSMPEG4V2_DECODER 0
+%define CONFIG_MSMPEG4V3_DECODER 0
+%define CONFIG_MSMPEG4_CRYSTALHD_DECODER 0
+%define CONFIG_MSRLE_DECODER 0
+%define CONFIG_MSS1_DECODER 0
+%define CONFIG_MSS2_DECODER 0
+%define CONFIG_MSVIDEO1_DECODER 0
+%define CONFIG_MSZH_DECODER 0
+%define CONFIG_MTS2_DECODER 0
+%define CONFIG_MVC1_DECODER 0
+%define CONFIG_MVC2_DECODER 0
+%define CONFIG_MXPEG_DECODER 0
+%define CONFIG_NUV_DECODER 0
+%define CONFIG_PAF_VIDEO_DECODER 0
+%define CONFIG_PAM_DECODER 0
+%define CONFIG_PBM_DECODER 0
+%define CONFIG_PCX_DECODER 0
+%define CONFIG_PGM_DECODER 0
+%define CONFIG_PGMYUV_DECODER 0
+%define CONFIG_PICTOR_DECODER 0
+%define CONFIG_PIXLET_DECODER 0
+%define CONFIG_PNG_DECODER 0
+%define CONFIG_PPM_DECODER 0
+%define CONFIG_PRORES_DECODER 0
+%define CONFIG_PRORES_LGPL_DECODER 0
+%define CONFIG_PSD_DECODER 0
+%define CONFIG_PTX_DECODER 0
+%define CONFIG_QDRAW_DECODER 0
+%define CONFIG_QPEG_DECODER 0
+%define CONFIG_QTRLE_DECODER 0
+%define CONFIG_R10K_DECODER 0
+%define CONFIG_R210_DECODER 0
+%define CONFIG_RAWVIDEO_DECODER 0
+%define CONFIG_RL2_DECODER 0
+%define CONFIG_ROQ_DECODER 0
+%define CONFIG_RPZA_DECODER 0
+%define CONFIG_RSCC_DECODER 0
+%define CONFIG_RV10_DECODER 0
+%define CONFIG_RV20_DECODER 0
+%define CONFIG_RV30_DECODER 0
+%define CONFIG_RV40_DECODER 0
+%define CONFIG_S302M_DECODER 0
+%define CONFIG_SANM_DECODER 0
+%define CONFIG_SCPR_DECODER 0
+%define CONFIG_SCREENPRESSO_DECODER 0
+%define CONFIG_SDX2_DPCM_DECODER 0
+%define CONFIG_SGI_DECODER 0
+%define CONFIG_SGIRLE_DECODER 0
+%define CONFIG_SHEERVIDEO_DECODER 0
+%define CONFIG_SMACKER_DECODER 0
+%define CONFIG_SMC_DECODER 0
+%define CONFIG_SMVJPEG_DECODER 0
+%define CONFIG_SNOW_DECODER 0
+%define CONFIG_SP5X_DECODER 0
+%define CONFIG_SPEEDHQ_DECODER 0
+%define CONFIG_SRGC_DECODER 0
+%define CONFIG_SUNRAST_DECODER 0
+%define CONFIG_SVQ1_DECODER 0
+%define CONFIG_SVQ3_DECODER 0
+%define CONFIG_TARGA_DECODER 0
+%define CONFIG_TARGA_Y216_DECODER 0
+%define CONFIG_TDSC_DECODER 0
+%define CONFIG_THEORA_DECODER 0
+%define CONFIG_THP_DECODER 0
+%define CONFIG_TIERTEXSEQVIDEO_DECODER 0
+%define CONFIG_TIFF_DECODER 0
+%define CONFIG_TMV_DECODER 0
+%define CONFIG_TRUEMOTION1_DECODER 0
+%define CONFIG_TRUEMOTION2_DECODER 0
+%define CONFIG_TRUEMOTION2RT_DECODER 0
+%define CONFIG_TSCC_DECODER 0
+%define CONFIG_TSCC2_DECODER 0
+%define CONFIG_TXD_DECODER 0
+%define CONFIG_ULTI_DECODER 0
+%define CONFIG_UTVIDEO_DECODER 0
+%define CONFIG_V210_DECODER 0
+%define CONFIG_V210X_DECODER 0
+%define CONFIG_V308_DECODER 0
+%define CONFIG_V408_DECODER 0
+%define CONFIG_V410_DECODER 0
+%define CONFIG_VB_DECODER 0
+%define CONFIG_VBLE_DECODER 0
+%define CONFIG_VC1_DECODER 0
+%define CONFIG_VC1_CRYSTALHD_DECODER 0
+%define CONFIG_VC1_VDPAU_DECODER 0
+%define CONFIG_VC1IMAGE_DECODER 0
+%define CONFIG_VC1_MMAL_DECODER 0
+%define CONFIG_VC1_QSV_DECODER 0
+%define CONFIG_VC1_V4L2M2M_DECODER 0
+%define CONFIG_VCR1_DECODER 0
+%define CONFIG_VMDVIDEO_DECODER 0
+%define CONFIG_VMNC_DECODER 0
+%define CONFIG_VP3_DECODER 0
+%define CONFIG_VP5_DECODER 0
+%define CONFIG_VP6_DECODER 0
+%define CONFIG_VP6A_DECODER 0
+%define CONFIG_VP6F_DECODER 0
+%define CONFIG_VP7_DECODER 0
+%define CONFIG_VP8_RKMPP_DECODER 0
+%define CONFIG_VP8_V4L2M2M_DECODER 0
+%define CONFIG_VP9_RKMPP_DECODER 0
+%define CONFIG_VP9_V4L2M2M_DECODER 0
+%define CONFIG_VQA_DECODER 0
+%define CONFIG_BITPACKED_DECODER 0
+%define CONFIG_WEBP_DECODER 0
+%define CONFIG_WRAPPED_AVFRAME_DECODER 0
+%define CONFIG_WMV1_DECODER 0
+%define CONFIG_WMV2_DECODER 0
+%define CONFIG_WMV3_DECODER 0
+%define CONFIG_WMV3_CRYSTALHD_DECODER 0
+%define CONFIG_WMV3_VDPAU_DECODER 0
+%define CONFIG_WMV3IMAGE_DECODER 0
+%define CONFIG_WNV1_DECODER 0
+%define CONFIG_XAN_WC3_DECODER 0
+%define CONFIG_XAN_WC4_DECODER 0
+%define CONFIG_XBM_DECODER 0
+%define CONFIG_XFACE_DECODER 0
+%define CONFIG_XL_DECODER 0
+%define CONFIG_XPM_DECODER 0
+%define CONFIG_XWD_DECODER 0
+%define CONFIG_Y41P_DECODER 0
+%define CONFIG_YLC_DECODER 0
+%define CONFIG_YOP_DECODER 0
+%define CONFIG_YUV4_DECODER 0
+%define CONFIG_ZERO12V_DECODER 0
+%define CONFIG_ZEROCODEC_DECODER 0
+%define CONFIG_ZLIB_DECODER 0
+%define CONFIG_ZMBV_DECODER 0
+%define CONFIG_AAC_DECODER 0
+%define CONFIG_AAC_FIXED_DECODER 0
+%define CONFIG_AAC_LATM_DECODER 0
+%define CONFIG_AC3_DECODER 0
+%define CONFIG_AC3_FIXED_DECODER 0
+%define CONFIG_ALAC_DECODER 0
+%define CONFIG_ALS_DECODER 0
+%define CONFIG_AMRNB_DECODER 0
+%define CONFIG_AMRWB_DECODER 0
+%define CONFIG_APE_DECODER 0
+%define CONFIG_ATRAC1_DECODER 0
+%define CONFIG_ATRAC3_DECODER 0
+%define CONFIG_ATRAC3AL_DECODER 0
+%define CONFIG_ATRAC3P_DECODER 0
+%define CONFIG_ATRAC3PAL_DECODER 0
+%define CONFIG_BINKAUDIO_DCT_DECODER 0
+%define CONFIG_BINKAUDIO_RDFT_DECODER 0
+%define CONFIG_BMV_AUDIO_DECODER 0
+%define CONFIG_COOK_DECODER 0
+%define CONFIG_DCA_DECODER 0
+%define CONFIG_DOLBY_E_DECODER 0
+%define CONFIG_DSD_LSBF_DECODER 0
+%define CONFIG_DSD_MSBF_DECODER 0
+%define CONFIG_DSD_LSBF_PLANAR_DECODER 0
+%define CONFIG_DSD_MSBF_PLANAR_DECODER 0
+%define CONFIG_DSICINAUDIO_DECODER 0
+%define CONFIG_DSS_SP_DECODER 0
+%define CONFIG_DST_DECODER 0
+%define CONFIG_EAC3_DECODER 0
+%define CONFIG_EVRC_DECODER 0
+%define CONFIG_FFWAVESYNTH_DECODER 0
+%define CONFIG_G723_1_DECODER 0
+%define CONFIG_G729_DECODER 0
+%define CONFIG_GSM_DECODER 0
+%define CONFIG_GSM_MS_DECODER 0
+%define CONFIG_IAC_DECODER 0
+%define CONFIG_IMC_DECODER 0
+%define CONFIG_INTERPLAY_ACM_DECODER 0
+%define CONFIG_MACE3_DECODER 0
+%define CONFIG_MACE6_DECODER 0
+%define CONFIG_METASOUND_DECODER 0
+%define CONFIG_MLP_DECODER 0
+%define CONFIG_MP1_DECODER 0
+%define CONFIG_MP1FLOAT_DECODER 0
+%define CONFIG_MP2_DECODER 0
+%define CONFIG_MP2FLOAT_DECODER 0
+%define CONFIG_MP3_DECODER 0
+%define CONFIG_MP3FLOAT_DECODER 0
+%define CONFIG_MP3ADU_DECODER 0
+%define CONFIG_MP3ADUFLOAT_DECODER 0
+%define CONFIG_MP3ON4_DECODER 0
+%define CONFIG_MP3ON4FLOAT_DECODER 0
+%define CONFIG_MPC7_DECODER 0
+%define CONFIG_MPC8_DECODER 0
+%define CONFIG_NELLYMOSER_DECODER 0
+%define CONFIG_ON2AVC_DECODER 0
+%define CONFIG_OPUS_DECODER 0
+%define CONFIG_PAF_AUDIO_DECODER 0
+%define CONFIG_QCELP_DECODER 0
+%define CONFIG_QDM2_DECODER 0
+%define CONFIG_QDMC_DECODER 0
+%define CONFIG_RA_144_DECODER 0
+%define CONFIG_RA_288_DECODER 0
+%define CONFIG_RALF_DECODER 0
+%define CONFIG_SHORTEN_DECODER 0
+%define CONFIG_SIPR_DECODER 0
+%define CONFIG_SMACKAUD_DECODER 0
+%define CONFIG_SONIC_DECODER 0
+%define CONFIG_TAK_DECODER 0
+%define CONFIG_TRUEHD_DECODER 0
+%define CONFIG_TRUESPEECH_DECODER 0
+%define CONFIG_TTA_DECODER 0
+%define CONFIG_TWINVQ_DECODER 0
+%define CONFIG_VMDAUDIO_DECODER 0
+%define CONFIG_VORBIS_DECODER 0
+%define CONFIG_WAVPACK_DECODER 0
+%define CONFIG_WMALOSSLESS_DECODER 0
+%define CONFIG_WMAPRO_DECODER 0
+%define CONFIG_WMAV1_DECODER 0
+%define CONFIG_WMAV2_DECODER 0
+%define CONFIG_WMAVOICE_DECODER 0
+%define CONFIG_WS_SND1_DECODER 0
+%define CONFIG_XMA1_DECODER 0
+%define CONFIG_XMA2_DECODER 0
+%define CONFIG_PCM_ALAW_DECODER 0
+%define CONFIG_PCM_BLURAY_DECODER 0
+%define CONFIG_PCM_DVD_DECODER 0
+%define CONFIG_PCM_F16LE_DECODER 0
+%define CONFIG_PCM_F24LE_DECODER 0
+%define CONFIG_PCM_F32BE_DECODER 0
+%define CONFIG_PCM_F32LE_DECODER 0
+%define CONFIG_PCM_F64BE_DECODER 0
+%define CONFIG_PCM_F64LE_DECODER 0
+%define CONFIG_PCM_LXF_DECODER 0
+%define CONFIG_PCM_MULAW_DECODER 0
+%define CONFIG_PCM_S8_DECODER 0
+%define CONFIG_PCM_S8_PLANAR_DECODER 0
+%define CONFIG_PCM_S16BE_DECODER 0
+%define CONFIG_PCM_S16BE_PLANAR_DECODER 0
+%define CONFIG_PCM_S16LE_DECODER 0
+%define CONFIG_PCM_S16LE_PLANAR_DECODER 0
+%define CONFIG_PCM_S24BE_DECODER 0
+%define CONFIG_PCM_S24DAUD_DECODER 0
+%define CONFIG_PCM_S24LE_DECODER 0
+%define CONFIG_PCM_S24LE_PLANAR_DECODER 0
+%define CONFIG_PCM_S32BE_DECODER 0
+%define CONFIG_PCM_S32LE_DECODER 0
+%define CONFIG_PCM_S32LE_PLANAR_DECODER 0
+%define CONFIG_PCM_S64BE_DECODER 0
+%define CONFIG_PCM_S64LE_DECODER 0
+%define CONFIG_PCM_U8_DECODER 0
+%define CONFIG_PCM_U16BE_DECODER 0
+%define CONFIG_PCM_U16LE_DECODER 0
+%define CONFIG_PCM_U24BE_DECODER 0
+%define CONFIG_PCM_U24LE_DECODER 0
+%define CONFIG_PCM_U32BE_DECODER 0
+%define CONFIG_PCM_U32LE_DECODER 0
+%define CONFIG_PCM_ZORK_DECODER 0
+%define CONFIG_GREMLIN_DPCM_DECODER 0
+%define CONFIG_INTERPLAY_DPCM_DECODER 0
+%define CONFIG_ROQ_DPCM_DECODER 0
+%define CONFIG_SOL_DPCM_DECODER 0
+%define CONFIG_XAN_DPCM_DECODER 0
+%define CONFIG_ADPCM_4XM_DECODER 0
+%define CONFIG_ADPCM_ADX_DECODER 0
+%define CONFIG_ADPCM_AFC_DECODER 0
+%define CONFIG_ADPCM_AICA_DECODER 0
+%define CONFIG_ADPCM_CT_DECODER 0
+%define CONFIG_ADPCM_DTK_DECODER 0
+%define CONFIG_ADPCM_EA_DECODER 0
+%define CONFIG_ADPCM_EA_MAXIS_XA_DECODER 0
+%define CONFIG_ADPCM_EA_R1_DECODER 0
+%define CONFIG_ADPCM_EA_R2_DECODER 0
+%define CONFIG_ADPCM_EA_R3_DECODER 0
+%define CONFIG_ADPCM_EA_XAS_DECODER 0
+%define CONFIG_ADPCM_G722_DECODER 0
+%define CONFIG_ADPCM_G726_DECODER 0
+%define CONFIG_ADPCM_G726LE_DECODER 0
+%define CONFIG_ADPCM_IMA_AMV_DECODER 0
+%define CONFIG_ADPCM_IMA_APC_DECODER 0
+%define CONFIG_ADPCM_IMA_DAT4_DECODER 0
+%define CONFIG_ADPCM_IMA_DK3_DECODER 0
+%define CONFIG_ADPCM_IMA_DK4_DECODER 0
+%define CONFIG_ADPCM_IMA_EA_EACS_DECODER 0
+%define CONFIG_ADPCM_IMA_EA_SEAD_DECODER 0
+%define CONFIG_ADPCM_IMA_ISS_DECODER 0
+%define CONFIG_ADPCM_IMA_OKI_DECODER 0
+%define CONFIG_ADPCM_IMA_QT_DECODER 0
+%define CONFIG_ADPCM_IMA_RAD_DECODER 0
+%define CONFIG_ADPCM_IMA_SMJPEG_DECODER 0
+%define CONFIG_ADPCM_IMA_WAV_DECODER 0
+%define CONFIG_ADPCM_IMA_WS_DECODER 0
+%define CONFIG_ADPCM_MS_DECODER 0
+%define CONFIG_ADPCM_MTAF_DECODER 0
+%define CONFIG_ADPCM_PSX_DECODER 0
+%define CONFIG_ADPCM_SBPRO_2_DECODER 0
+%define CONFIG_ADPCM_SBPRO_3_DECODER 0
+%define CONFIG_ADPCM_SBPRO_4_DECODER 0
+%define CONFIG_ADPCM_SWF_DECODER 0
+%define CONFIG_ADPCM_THP_DECODER 0
+%define CONFIG_ADPCM_THP_LE_DECODER 0
+%define CONFIG_ADPCM_VIMA_DECODER 0
+%define CONFIG_ADPCM_XA_DECODER 0
+%define CONFIG_ADPCM_YAMAHA_DECODER 0
+%define CONFIG_SSA_DECODER 0
+%define CONFIG_ASS_DECODER 0
+%define CONFIG_CCAPTION_DECODER 0
+%define CONFIG_DVBSUB_DECODER 0
+%define CONFIG_DVDSUB_DECODER 0
+%define CONFIG_JACOSUB_DECODER 0
+%define CONFIG_MICRODVD_DECODER 0
+%define CONFIG_MOVTEXT_DECODER 0
+%define CONFIG_MPL2_DECODER 0
+%define CONFIG_PGSSUB_DECODER 0
+%define CONFIG_PJS_DECODER 0
+%define CONFIG_REALTEXT_DECODER 0
+%define CONFIG_SAMI_DECODER 0
+%define CONFIG_SRT_DECODER 0
+%define CONFIG_STL_DECODER 0
+%define CONFIG_SUBRIP_DECODER 0
+%define CONFIG_SUBVIEWER_DECODER 0
+%define CONFIG_SUBVIEWER1_DECODER 0
+%define CONFIG_TEXT_DECODER 0
+%define CONFIG_VPLAYER_DECODER 0
+%define CONFIG_WEBVTT_DECODER 0
+%define CONFIG_XSUB_DECODER 0
+%define CONFIG_AAC_AT_DECODER 0
+%define CONFIG_AC3_AT_DECODER 0
+%define CONFIG_ADPCM_IMA_QT_AT_DECODER 0
+%define CONFIG_ALAC_AT_DECODER 0
+%define CONFIG_AMR_NB_AT_DECODER 0
+%define CONFIG_EAC3_AT_DECODER 0
+%define CONFIG_GSM_MS_AT_DECODER 0
+%define CONFIG_ILBC_AT_DECODER 0
+%define CONFIG_MP1_AT_DECODER 0
+%define CONFIG_MP2_AT_DECODER 0
+%define CONFIG_MP3_AT_DECODER 0
+%define CONFIG_PCM_ALAW_AT_DECODER 0
+%define CONFIG_PCM_MULAW_AT_DECODER 0
+%define CONFIG_QDMC_AT_DECODER 0
+%define CONFIG_QDM2_AT_DECODER 0
+%define CONFIG_LIBCELT_DECODER 0
+%define CONFIG_LIBFDK_AAC_DECODER 0
+%define CONFIG_LIBGSM_DECODER 0
+%define CONFIG_LIBGSM_MS_DECODER 0
+%define CONFIG_LIBILBC_DECODER 0
+%define CONFIG_LIBOPENCORE_AMRNB_DECODER 0
+%define CONFIG_LIBOPENCORE_AMRWB_DECODER 0
+%define CONFIG_LIBOPENJPEG_DECODER 0
+%define CONFIG_LIBOPUS_DECODER 0
+%define CONFIG_LIBRSVG_DECODER 0
+%define CONFIG_LIBSPEEX_DECODER 0
+%define CONFIG_LIBVORBIS_DECODER 0
+%define CONFIG_LIBVPX_VP8_DECODER 0
+%define CONFIG_LIBVPX_VP9_DECODER 0
+%define CONFIG_LIBZVBI_TELETEXT_DECODER 0
+%define CONFIG_BINTEXT_DECODER 0
+%define CONFIG_XBIN_DECODER 0
+%define CONFIG_IDF_DECODER 0
+%define CONFIG_LIBOPENH264_DECODER 0
+%define CONFIG_H264_CUVID_DECODER 0
+%define CONFIG_HEVC_CUVID_DECODER 0
+%define CONFIG_HEVC_MEDIACODEC_DECODER 0
+%define CONFIG_MJPEG_CUVID_DECODER 0
+%define CONFIG_MPEG1_CUVID_DECODER 0
+%define CONFIG_MPEG2_CUVID_DECODER 0
+%define CONFIG_MPEG4_CUVID_DECODER 0
+%define CONFIG_MPEG4_MEDIACODEC_DECODER 0
+%define CONFIG_VC1_CUVID_DECODER 0
+%define CONFIG_VP8_CUVID_DECODER 0
+%define CONFIG_VP8_MEDIACODEC_DECODER 0
+%define CONFIG_VP8_QSV_DECODER 0
+%define CONFIG_VP9_CUVID_DECODER 0
+%define CONFIG_VP9_MEDIACODEC_DECODER 0
+%define CONFIG_AA_DEMUXER 0
+%define CONFIG_AAC_DEMUXER 0
+%define CONFIG_AC3_DEMUXER 0
+%define CONFIG_ACM_DEMUXER 0
+%define CONFIG_ACT_DEMUXER 0
+%define CONFIG_ADF_DEMUXER 0
+%define CONFIG_ADP_DEMUXER 0
+%define CONFIG_ADS_DEMUXER 0
+%define CONFIG_ADX_DEMUXER 0
+%define CONFIG_AEA_DEMUXER 0
+%define CONFIG_AFC_DEMUXER 0
+%define CONFIG_AIFF_DEMUXER 0
+%define CONFIG_AIX_DEMUXER 0
+%define CONFIG_AMR_DEMUXER 0
+%define CONFIG_ANM_DEMUXER 0
+%define CONFIG_APC_DEMUXER 0
+%define CONFIG_APE_DEMUXER 0
+%define CONFIG_APNG_DEMUXER 0
+%define CONFIG_AQTITLE_DEMUXER 0
+%define CONFIG_ASF_DEMUXER 0
+%define CONFIG_ASF_O_DEMUXER 0
+%define CONFIG_ASS_DEMUXER 0
+%define CONFIG_AST_DEMUXER 0
+%define CONFIG_AU_DEMUXER 0
+%define CONFIG_AVI_DEMUXER 0
+%define CONFIG_AVISYNTH_DEMUXER 0
+%define CONFIG_AVR_DEMUXER 0
+%define CONFIG_AVS_DEMUXER 0
+%define CONFIG_BETHSOFTVID_DEMUXER 0
+%define CONFIG_BFI_DEMUXER 0
+%define CONFIG_BINTEXT_DEMUXER 0
+%define CONFIG_BINK_DEMUXER 0
+%define CONFIG_BIT_DEMUXER 0
+%define CONFIG_BMV_DEMUXER 0
+%define CONFIG_BFSTM_DEMUXER 0
+%define CONFIG_BRSTM_DEMUXER 0
+%define CONFIG_BOA_DEMUXER 0
+%define CONFIG_C93_DEMUXER 0
+%define CONFIG_CAF_DEMUXER 0
+%define CONFIG_CAVSVIDEO_DEMUXER 0
+%define CONFIG_CDG_DEMUXER 0
+%define CONFIG_CDXL_DEMUXER 0
+%define CONFIG_CINE_DEMUXER 0
+%define CONFIG_CONCAT_DEMUXER 0
+%define CONFIG_DASH_DEMUXER 0
+%define CONFIG_DATA_DEMUXER 0
+%define CONFIG_DAUD_DEMUXER 0
+%define CONFIG_DCSTR_DEMUXER 0
+%define CONFIG_DFA_DEMUXER 0
+%define CONFIG_DIRAC_DEMUXER 0
+%define CONFIG_DNXHD_DEMUXER 0
+%define CONFIG_DSF_DEMUXER 0
+%define CONFIG_DSICIN_DEMUXER 0
+%define CONFIG_DSS_DEMUXER 0
+%define CONFIG_DTS_DEMUXER 0
+%define CONFIG_DTSHD_DEMUXER 0
+%define CONFIG_DV_DEMUXER 0
+%define CONFIG_DVBSUB_DEMUXER 0
+%define CONFIG_DVBTXT_DEMUXER 0
+%define CONFIG_DXA_DEMUXER 0
+%define CONFIG_EA_DEMUXER 0
+%define CONFIG_EA_CDATA_DEMUXER 0
+%define CONFIG_EAC3_DEMUXER 0
+%define CONFIG_EPAF_DEMUXER 0
+%define CONFIG_FFM_DEMUXER 0
+%define CONFIG_FFMETADATA_DEMUXER 0
+%define CONFIG_FILMSTRIP_DEMUXER 0
+%define CONFIG_FITS_DEMUXER 0
+%define CONFIG_FLAC_DEMUXER 0
+%define CONFIG_FLIC_DEMUXER 0
+%define CONFIG_FLV_DEMUXER 0
+%define CONFIG_LIVE_FLV_DEMUXER 0
+%define CONFIG_FOURXM_DEMUXER 0
+%define CONFIG_FRM_DEMUXER 0
+%define CONFIG_FSB_DEMUXER 0
+%define CONFIG_G722_DEMUXER 0
+%define CONFIG_G723_1_DEMUXER 0
+%define CONFIG_G726_DEMUXER 0
+%define CONFIG_G726LE_DEMUXER 0
+%define CONFIG_G729_DEMUXER 0
+%define CONFIG_GDV_DEMUXER 0
+%define CONFIG_GENH_DEMUXER 0
+%define CONFIG_GIF_DEMUXER 0
+%define CONFIG_GSM_DEMUXER 0
+%define CONFIG_GXF_DEMUXER 0
+%define CONFIG_H261_DEMUXER 0
+%define CONFIG_H263_DEMUXER 0
+%define CONFIG_H264_DEMUXER 0
+%define CONFIG_HEVC_DEMUXER 0
+%define CONFIG_HLS_DEMUXER 0
+%define CONFIG_HNM_DEMUXER 0
+%define CONFIG_ICO_DEMUXER 0
+%define CONFIG_IDCIN_DEMUXER 0
+%define CONFIG_IDF_DEMUXER 0
+%define CONFIG_IFF_DEMUXER 0
+%define CONFIG_ILBC_DEMUXER 0
+%define CONFIG_IMAGE2_DEMUXER 0
+%define CONFIG_IMAGE2PIPE_DEMUXER 0
+%define CONFIG_IMAGE2_ALIAS_PIX_DEMUXER 0
+%define CONFIG_IMAGE2_BRENDER_PIX_DEMUXER 0
+%define CONFIG_INGENIENT_DEMUXER 0
+%define CONFIG_IPMOVIE_DEMUXER 0
+%define CONFIG_IRCAM_DEMUXER 0
+%define CONFIG_ISS_DEMUXER 0
+%define CONFIG_IV8_DEMUXER 0
+%define CONFIG_IVF_DEMUXER 0
+%define CONFIG_IVR_DEMUXER 0
+%define CONFIG_JACOSUB_DEMUXER 0
+%define CONFIG_JV_DEMUXER 0
+%define CONFIG_LMLM4_DEMUXER 0
+%define CONFIG_LOAS_DEMUXER 0
+%define CONFIG_LRC_DEMUXER 0
+%define CONFIG_LVF_DEMUXER 0
+%define CONFIG_LXF_DEMUXER 0
+%define CONFIG_M4V_DEMUXER 0
+%define CONFIG_MATROSKA_DEMUXER 0
+%define CONFIG_MGSTS_DEMUXER 0
+%define CONFIG_MICRODVD_DEMUXER 0
+%define CONFIG_MJPEG_DEMUXER 0
+%define CONFIG_MJPEG_2000_DEMUXER 0
+%define CONFIG_MLP_DEMUXER 0
+%define CONFIG_MLV_DEMUXER 0
+%define CONFIG_MM_DEMUXER 0
+%define CONFIG_MMF_DEMUXER 0
+%define CONFIG_MOV_DEMUXER 0
+%define CONFIG_MP3_DEMUXER 0
+%define CONFIG_MPC_DEMUXER 0
+%define CONFIG_MPC8_DEMUXER 0
+%define CONFIG_MPEGPS_DEMUXER 0
+%define CONFIG_MPEGTS_DEMUXER 0
+%define CONFIG_MPEGTSRAW_DEMUXER 0
+%define CONFIG_MPEGVIDEO_DEMUXER 0
+%define CONFIG_MPJPEG_DEMUXER 0
+%define CONFIG_MPL2_DEMUXER 0
+%define CONFIG_MPSUB_DEMUXER 0
+%define CONFIG_MSF_DEMUXER 0
+%define CONFIG_MSNWC_TCP_DEMUXER 0
+%define CONFIG_MTAF_DEMUXER 0
+%define CONFIG_MTV_DEMUXER 0
+%define CONFIG_MUSX_DEMUXER 0
+%define CONFIG_MV_DEMUXER 0
+%define CONFIG_MVI_DEMUXER 0
+%define CONFIG_MXF_DEMUXER 0
+%define CONFIG_MXG_DEMUXER 0
+%define CONFIG_NC_DEMUXER 0
+%define CONFIG_NISTSPHERE_DEMUXER 0
+%define CONFIG_NSV_DEMUXER 0
+%define CONFIG_NUT_DEMUXER 0
+%define CONFIG_NUV_DEMUXER 0
+%define CONFIG_OGG_DEMUXER 0
+%define CONFIG_OMA_DEMUXER 0
+%define CONFIG_PAF_DEMUXER 0
+%define CONFIG_PCM_ALAW_DEMUXER 0
+%define CONFIG_PCM_MULAW_DEMUXER 0
+%define CONFIG_PCM_F64BE_DEMUXER 0
+%define CONFIG_PCM_F64LE_DEMUXER 0
+%define CONFIG_PCM_F32BE_DEMUXER 0
+%define CONFIG_PCM_F32LE_DEMUXER 0
+%define CONFIG_PCM_S32BE_DEMUXER 0
+%define CONFIG_PCM_S32LE_DEMUXER 0
+%define CONFIG_PCM_S24BE_DEMUXER 0
+%define CONFIG_PCM_S24LE_DEMUXER 0
+%define CONFIG_PCM_S16BE_DEMUXER 0
+%define CONFIG_PCM_S16LE_DEMUXER 0
+%define CONFIG_PCM_S8_DEMUXER 0
+%define CONFIG_PCM_U32BE_DEMUXER 0
+%define CONFIG_PCM_U32LE_DEMUXER 0
+%define CONFIG_PCM_U24BE_DEMUXER 0
+%define CONFIG_PCM_U24LE_DEMUXER 0
+%define CONFIG_PCM_U16BE_DEMUXER 0
+%define CONFIG_PCM_U16LE_DEMUXER 0
+%define CONFIG_PCM_U8_DEMUXER 0
+%define CONFIG_PJS_DEMUXER 0
+%define CONFIG_PMP_DEMUXER 0
+%define CONFIG_PVA_DEMUXER 0
+%define CONFIG_PVF_DEMUXER 0
+%define CONFIG_QCP_DEMUXER 0
+%define CONFIG_R3D_DEMUXER 0
+%define CONFIG_RAWVIDEO_DEMUXER 0
+%define CONFIG_REALTEXT_DEMUXER 0
+%define CONFIG_REDSPARK_DEMUXER 0
+%define CONFIG_RL2_DEMUXER 0
+%define CONFIG_RM_DEMUXER 0
+%define CONFIG_ROQ_DEMUXER 0
+%define CONFIG_RPL_DEMUXER 0
+%define CONFIG_RSD_DEMUXER 0
+%define CONFIG_RSO_DEMUXER 0
+%define CONFIG_RTP_DEMUXER 0
+%define CONFIG_RTSP_DEMUXER 0
+%define CONFIG_S337M_DEMUXER 0
+%define CONFIG_SAMI_DEMUXER 0
+%define CONFIG_SAP_DEMUXER 0
+%define CONFIG_SBG_DEMUXER 0
+%define CONFIG_SCC_DEMUXER 0
+%define CONFIG_SDP_DEMUXER 0
+%define CONFIG_SDR2_DEMUXER 0
+%define CONFIG_SDS_DEMUXER 0
+%define CONFIG_SDX_DEMUXER 0
+%define CONFIG_SEGAFILM_DEMUXER 0
+%define CONFIG_SHORTEN_DEMUXER 0
+%define CONFIG_SIFF_DEMUXER 0
+%define CONFIG_SLN_DEMUXER 0
+%define CONFIG_SMACKER_DEMUXER 0
+%define CONFIG_SMJPEG_DEMUXER 0
+%define CONFIG_SMUSH_DEMUXER 0
+%define CONFIG_SOL_DEMUXER 0
+%define CONFIG_SOX_DEMUXER 0
+%define CONFIG_SPDIF_DEMUXER 0
+%define CONFIG_SRT_DEMUXER 0
+%define CONFIG_STR_DEMUXER 0
+%define CONFIG_STL_DEMUXER 0
+%define CONFIG_SUBVIEWER1_DEMUXER 0
+%define CONFIG_SUBVIEWER_DEMUXER 0
+%define CONFIG_SUP_DEMUXER 0
+%define CONFIG_SVAG_DEMUXER 0
+%define CONFIG_SWF_DEMUXER 0
+%define CONFIG_TAK_DEMUXER 0
+%define CONFIG_TEDCAPTIONS_DEMUXER 0
+%define CONFIG_THP_DEMUXER 0
+%define CONFIG_THREEDOSTR_DEMUXER 0
+%define CONFIG_TIERTEXSEQ_DEMUXER 0
+%define CONFIG_TMV_DEMUXER 0
+%define CONFIG_TRUEHD_DEMUXER 0
+%define CONFIG_TTA_DEMUXER 0
+%define CONFIG_TXD_DEMUXER 0
+%define CONFIG_TTY_DEMUXER 0
+%define CONFIG_V210_DEMUXER 0
+%define CONFIG_V210X_DEMUXER 0
+%define CONFIG_VAG_DEMUXER 0
+%define CONFIG_VC1_DEMUXER 0
+%define CONFIG_VC1T_DEMUXER 0
+%define CONFIG_VIVO_DEMUXER 0
+%define CONFIG_VMD_DEMUXER 0
+%define CONFIG_VOBSUB_DEMUXER 0
+%define CONFIG_VOC_DEMUXER 0
+%define CONFIG_VPK_DEMUXER 0
+%define CONFIG_VPLAYER_DEMUXER 0
+%define CONFIG_VQF_DEMUXER 0
+%define CONFIG_W64_DEMUXER 0
+%define CONFIG_WAV_DEMUXER 0
+%define CONFIG_WC3_DEMUXER 0
+%define CONFIG_WEBM_DASH_MANIFEST_DEMUXER 0
+%define CONFIG_WEBVTT_DEMUXER 0
+%define CONFIG_WSAUD_DEMUXER 0
+%define CONFIG_WSD_DEMUXER 0
+%define CONFIG_WSVQA_DEMUXER 0
+%define CONFIG_WTV_DEMUXER 0
+%define CONFIG_WVE_DEMUXER 0
+%define CONFIG_WV_DEMUXER 0
+%define CONFIG_XA_DEMUXER 0
+%define CONFIG_XBIN_DEMUXER 0
+%define CONFIG_XMV_DEMUXER 0
+%define CONFIG_XVAG_DEMUXER 0
+%define CONFIG_XWMA_DEMUXER 0
+%define CONFIG_YOP_DEMUXER 0
+%define CONFIG_YUV4MPEGPIPE_DEMUXER 0
+%define CONFIG_IMAGE_BMP_PIPE_DEMUXER 0
+%define CONFIG_IMAGE_DDS_PIPE_DEMUXER 0
+%define CONFIG_IMAGE_DPX_PIPE_DEMUXER 0
+%define CONFIG_IMAGE_EXR_PIPE_DEMUXER 0
+%define CONFIG_IMAGE_J2K_PIPE_DEMUXER 0
+%define CONFIG_IMAGE_JPEG_PIPE_DEMUXER 0
+%define CONFIG_IMAGE_JPEGLS_PIPE_DEMUXER 0
+%define CONFIG_IMAGE_PAM_PIPE_DEMUXER 0
+%define CONFIG_IMAGE_PBM_PIPE_DEMUXER 0
+%define CONFIG_IMAGE_PCX_PIPE_DEMUXER 0
+%define CONFIG_IMAGE_PGMYUV_PIPE_DEMUXER 0
+%define CONFIG_IMAGE_PGM_PIPE_DEMUXER 0
+%define CONFIG_IMAGE_PICTOR_PIPE_DEMUXER 0
+%define CONFIG_IMAGE_PNG_PIPE_DEMUXER 0
+%define CONFIG_IMAGE_PPM_PIPE_DEMUXER 0
+%define CONFIG_IMAGE_PSD_PIPE_DEMUXER 0
+%define CONFIG_IMAGE_QDRAW_PIPE_DEMUXER 0
+%define CONFIG_IMAGE_SGI_PIPE_DEMUXER 0
+%define CONFIG_IMAGE_SVG_PIPE_DEMUXER 0
+%define CONFIG_IMAGE_SUNRAST_PIPE_DEMUXER 0
+%define CONFIG_IMAGE_TIFF_PIPE_DEMUXER 0
+%define CONFIG_IMAGE_WEBP_PIPE_DEMUXER 0
+%define CONFIG_IMAGE_XPM_PIPE_DEMUXER 0
+%define CONFIG_LIBGME_DEMUXER 0
+%define CONFIG_LIBMODPLUG_DEMUXER 0
+%define CONFIG_LIBOPENMPT_DEMUXER 0
+%define CONFIG_A64MULTI_ENCODER 0
+%define CONFIG_A64MULTI5_ENCODER 0
+%define CONFIG_ALIAS_PIX_ENCODER 0
+%define CONFIG_AMV_ENCODER 0
+%define CONFIG_APNG_ENCODER 0
+%define CONFIG_ASV1_ENCODER 0
+%define CONFIG_ASV2_ENCODER 0
+%define CONFIG_AVRP_ENCODER 0
+%define CONFIG_AVUI_ENCODER 0
+%define CONFIG_AYUV_ENCODER 0
+%define CONFIG_BMP_ENCODER 0
+%define CONFIG_CINEPAK_ENCODER 0
+%define CONFIG_CLJR_ENCODER 0
+%define CONFIG_COMFORTNOISE_ENCODER 0
+%define CONFIG_DNXHD_ENCODER 0
+%define CONFIG_DPX_ENCODER 0
+%define CONFIG_DVVIDEO_ENCODER 0
+%define CONFIG_FFV1_ENCODER 0
+%define CONFIG_FFVHUFF_ENCODER 0
+%define CONFIG_FITS_ENCODER 0
+%define CONFIG_FLASHSV_ENCODER 0
+%define CONFIG_FLASHSV2_ENCODER 0
+%define CONFIG_FLV_ENCODER 0
+%define CONFIG_GIF_ENCODER 0
+%define CONFIG_H261_ENCODER 0
+%define CONFIG_H263_ENCODER 0
+%define CONFIG_H263P_ENCODER 0
+%define CONFIG_HAP_ENCODER 0
+%define CONFIG_HUFFYUV_ENCODER 0
+%define CONFIG_JPEG2000_ENCODER 0
+%define CONFIG_JPEGLS_ENCODER 0
+%define CONFIG_LJPEG_ENCODER 0
+%define CONFIG_MJPEG_ENCODER 0
+%define CONFIG_MPEG1VIDEO_ENCODER 0
+%define CONFIG_MPEG2VIDEO_ENCODER 0
+%define CONFIG_MPEG4_ENCODER 0
+%define CONFIG_MSMPEG4V2_ENCODER 0
+%define CONFIG_MSMPEG4V3_ENCODER 0
+%define CONFIG_MSVIDEO1_ENCODER 0
+%define CONFIG_PAM_ENCODER 0
+%define CONFIG_PBM_ENCODER 0
+%define CONFIG_PCX_ENCODER 0
+%define CONFIG_PGM_ENCODER 0
+%define CONFIG_PGMYUV_ENCODER 0
+%define CONFIG_PNG_ENCODER 0
+%define CONFIG_PPM_ENCODER 0
+%define CONFIG_PRORES_ENCODER 0
+%define CONFIG_PRORES_AW_ENCODER 0
+%define CONFIG_PRORES_KS_ENCODER 0
+%define CONFIG_QTRLE_ENCODER 0
+%define CONFIG_R10K_ENCODER 0
+%define CONFIG_R210_ENCODER 0
+%define CONFIG_RAWVIDEO_ENCODER 0
+%define CONFIG_ROQ_ENCODER 0
+%define CONFIG_RV10_ENCODER 0
+%define CONFIG_RV20_ENCODER 0
+%define CONFIG_S302M_ENCODER 0
+%define CONFIG_SGI_ENCODER 0
+%define CONFIG_SNOW_ENCODER 0
+%define CONFIG_SUNRAST_ENCODER 0
+%define CONFIG_SVQ1_ENCODER 0
+%define CONFIG_TARGA_ENCODER 0
+%define CONFIG_TIFF_ENCODER 0
+%define CONFIG_UTVIDEO_ENCODER 0
+%define CONFIG_V210_ENCODER 0
+%define CONFIG_V308_ENCODER 0
+%define CONFIG_V408_ENCODER 0
+%define CONFIG_V410_ENCODER 0
+%define CONFIG_VC2_ENCODER 0
+%define CONFIG_WRAPPED_AVFRAME_ENCODER 0
+%define CONFIG_WMV1_ENCODER 0
+%define CONFIG_WMV2_ENCODER 0
+%define CONFIG_XBM_ENCODER 0
+%define CONFIG_XFACE_ENCODER 0
+%define CONFIG_XWD_ENCODER 0
+%define CONFIG_Y41P_ENCODER 0
+%define CONFIG_YUV4_ENCODER 0
+%define CONFIG_ZLIB_ENCODER 0
+%define CONFIG_ZMBV_ENCODER 0
+%define CONFIG_AAC_ENCODER 0
+%define CONFIG_AC3_ENCODER 0
+%define CONFIG_AC3_FIXED_ENCODER 0
+%define CONFIG_ALAC_ENCODER 0
+%define CONFIG_DCA_ENCODER 0
+%define CONFIG_EAC3_ENCODER 0
+%define CONFIG_FLAC_ENCODER 0
+%define CONFIG_G723_1_ENCODER 0
+%define CONFIG_MLP_ENCODER 0
+%define CONFIG_MP2_ENCODER 0
+%define CONFIG_MP2FIXED_ENCODER 0
+%define CONFIG_NELLYMOSER_ENCODER 0
+%define CONFIG_OPUS_ENCODER 0
+%define CONFIG_RA_144_ENCODER 0
+%define CONFIG_SONIC_ENCODER 0
+%define CONFIG_SONIC_LS_ENCODER 0
+%define CONFIG_TRUEHD_ENCODER 0
+%define CONFIG_TTA_ENCODER 0
+%define CONFIG_VORBIS_ENCODER 0
+%define CONFIG_WAVPACK_ENCODER 0
+%define CONFIG_WMAV1_ENCODER 0
+%define CONFIG_WMAV2_ENCODER 0
+%define CONFIG_PCM_ALAW_ENCODER 0
+%define CONFIG_PCM_F32BE_ENCODER 0
+%define CONFIG_PCM_F32LE_ENCODER 0
+%define CONFIG_PCM_F64BE_ENCODER 0
+%define CONFIG_PCM_F64LE_ENCODER 0
+%define CONFIG_PCM_MULAW_ENCODER 0
+%define CONFIG_PCM_S8_ENCODER 0
+%define CONFIG_PCM_S8_PLANAR_ENCODER 0
+%define CONFIG_PCM_S16BE_ENCODER 0
+%define CONFIG_PCM_S16BE_PLANAR_ENCODER 0
+%define CONFIG_PCM_S16LE_ENCODER 0
+%define CONFIG_PCM_S16LE_PLANAR_ENCODER 0
+%define CONFIG_PCM_S24BE_ENCODER 0
+%define CONFIG_PCM_S24DAUD_ENCODER 0
+%define CONFIG_PCM_S24LE_ENCODER 0
+%define CONFIG_PCM_S24LE_PLANAR_ENCODER 0
+%define CONFIG_PCM_S32BE_ENCODER 0
+%define CONFIG_PCM_S32LE_ENCODER 0
+%define CONFIG_PCM_S32LE_PLANAR_ENCODER 0
+%define CONFIG_PCM_S64BE_ENCODER 0
+%define CONFIG_PCM_S64LE_ENCODER 0
+%define CONFIG_PCM_U8_ENCODER 0
+%define CONFIG_PCM_U16BE_ENCODER 0
+%define CONFIG_PCM_U16LE_ENCODER 0
+%define CONFIG_PCM_U24BE_ENCODER 0
+%define CONFIG_PCM_U24LE_ENCODER 0
+%define CONFIG_PCM_U32BE_ENCODER 0
+%define CONFIG_PCM_U32LE_ENCODER 0
+%define CONFIG_ROQ_DPCM_ENCODER 0
+%define CONFIG_ADPCM_ADX_ENCODER 0
+%define CONFIG_ADPCM_G722_ENCODER 0
+%define CONFIG_ADPCM_G726_ENCODER 0
+%define CONFIG_ADPCM_G726LE_ENCODER 0
+%define CONFIG_ADPCM_IMA_QT_ENCODER 0
+%define CONFIG_ADPCM_IMA_WAV_ENCODER 0
+%define CONFIG_ADPCM_MS_ENCODER 0
+%define CONFIG_ADPCM_SWF_ENCODER 0
+%define CONFIG_ADPCM_YAMAHA_ENCODER 0
+%define CONFIG_SSA_ENCODER 0
+%define CONFIG_ASS_ENCODER 0
+%define CONFIG_DVBSUB_ENCODER 0
+%define CONFIG_DVDSUB_ENCODER 0
+%define CONFIG_MOVTEXT_ENCODER 0
+%define CONFIG_SRT_ENCODER 0
+%define CONFIG_SUBRIP_ENCODER 0
+%define CONFIG_TEXT_ENCODER 0
+%define CONFIG_WEBVTT_ENCODER 0
+%define CONFIG_XSUB_ENCODER 0
+%define CONFIG_AAC_AT_ENCODER 0
+%define CONFIG_ALAC_AT_ENCODER 0
+%define CONFIG_ILBC_AT_ENCODER 0
+%define CONFIG_PCM_ALAW_AT_ENCODER 0
+%define CONFIG_PCM_MULAW_AT_ENCODER 0
+%define CONFIG_LIBFDK_AAC_ENCODER 0
+%define CONFIG_LIBGSM_ENCODER 0
+%define CONFIG_LIBGSM_MS_ENCODER 0
+%define CONFIG_LIBILBC_ENCODER 0
+%define CONFIG_LIBMP3LAME_ENCODER 0
+%define CONFIG_LIBOPENCORE_AMRNB_ENCODER 0
+%define CONFIG_LIBOPENJPEG_ENCODER 0
+%define CONFIG_LIBOPUS_ENCODER 0
+%define CONFIG_LIBSHINE_ENCODER 0
+%define CONFIG_LIBSPEEX_ENCODER 0
+%define CONFIG_LIBTHEORA_ENCODER 0
+%define CONFIG_LIBTWOLAME_ENCODER 0
+%define CONFIG_LIBVO_AMRWBENC_ENCODER 0
+%define CONFIG_LIBVORBIS_ENCODER 0
+%define CONFIG_LIBVPX_VP8_ENCODER 0
+%define CONFIG_LIBVPX_VP9_ENCODER 0
+%define CONFIG_LIBWAVPACK_ENCODER 0
+%define CONFIG_LIBWEBP_ANIM_ENCODER 0
+%define CONFIG_LIBWEBP_ENCODER 0
+%define CONFIG_LIBX262_ENCODER 0
+%define CONFIG_LIBX264_ENCODER 0
+%define CONFIG_LIBX264RGB_ENCODER 0
+%define CONFIG_LIBX265_ENCODER 0
+%define CONFIG_LIBXAVS_ENCODER 0
+%define CONFIG_LIBXVID_ENCODER 0
+%define CONFIG_H263_V4L2M2M_ENCODER 0
+%define CONFIG_LIBOPENH264_ENCODER 0
+%define CONFIG_H264_NVENC_ENCODER 0
+%define CONFIG_H264_OMX_ENCODER 0
+%define CONFIG_H264_QSV_ENCODER 0
+%define CONFIG_H264_V4L2M2M_ENCODER 0
+%define CONFIG_H264_VAAPI_ENCODER 0
+%define CONFIG_H264_VIDEOTOOLBOX_ENCODER 0
+%define CONFIG_NVENC_ENCODER 0
+%define CONFIG_NVENC_H264_ENCODER 0
+%define CONFIG_NVENC_HEVC_ENCODER 0
+%define CONFIG_HEVC_NVENC_ENCODER 0
+%define CONFIG_HEVC_QSV_ENCODER 0
+%define CONFIG_HEVC_V4L2M2M_ENCODER 0
+%define CONFIG_HEVC_VAAPI_ENCODER 0
+%define CONFIG_LIBKVAZAAR_ENCODER 0
+%define CONFIG_MJPEG_VAAPI_ENCODER 0
+%define CONFIG_MPEG2_QSV_ENCODER 0
+%define CONFIG_MPEG2_VAAPI_ENCODER 0
+%define CONFIG_MPEG4_V4L2M2M_ENCODER 0
+%define CONFIG_VP8_V4L2M2M_ENCODER 0
+%define CONFIG_VP8_VAAPI_ENCODER 0
+%define CONFIG_VP9_VAAPI_ENCODER 0
+%define CONFIG_ABENCH_FILTER 0
+%define CONFIG_ACOMPRESSOR_FILTER 0
+%define CONFIG_ACOPY_FILTER 0
+%define CONFIG_ACROSSFADE_FILTER 0
+%define CONFIG_ACRUSHER_FILTER 0
+%define CONFIG_ADELAY_FILTER 0
+%define CONFIG_AECHO_FILTER 0
+%define CONFIG_AEMPHASIS_FILTER 0
+%define CONFIG_AEVAL_FILTER 0
+%define CONFIG_AFADE_FILTER 0
+%define CONFIG_AFFTFILT_FILTER 0
+%define CONFIG_AFIR_FILTER 0
+%define CONFIG_AFORMAT_FILTER 0
+%define CONFIG_AGATE_FILTER 0
+%define CONFIG_AINTERLEAVE_FILTER 0
+%define CONFIG_ALIMITER_FILTER 0
+%define CONFIG_ALLPASS_FILTER 0
+%define CONFIG_ALOOP_FILTER 0
+%define CONFIG_AMERGE_FILTER 0
+%define CONFIG_AMETADATA_FILTER 0
+%define CONFIG_AMIX_FILTER 0
+%define CONFIG_ANEQUALIZER_FILTER 0
+%define CONFIG_ANULL_FILTER 0
+%define CONFIG_APAD_FILTER 0
+%define CONFIG_APERMS_FILTER 0
+%define CONFIG_APHASER_FILTER 0
+%define CONFIG_APULSATOR_FILTER 0
+%define CONFIG_AREALTIME_FILTER 0
+%define CONFIG_ARESAMPLE_FILTER 0
+%define CONFIG_AREVERSE_FILTER 0
+%define CONFIG_ASELECT_FILTER 0
+%define CONFIG_ASENDCMD_FILTER 0
+%define CONFIG_ASETNSAMPLES_FILTER 0
+%define CONFIG_ASETPTS_FILTER 0
+%define CONFIG_ASETRATE_FILTER 0
+%define CONFIG_ASETTB_FILTER 0
+%define CONFIG_ASHOWINFO_FILTER 0
+%define CONFIG_ASIDEDATA_FILTER 0
+%define CONFIG_ASPLIT_FILTER 0
+%define CONFIG_ASTATS_FILTER 0
+%define CONFIG_ASTREAMSELECT_FILTER 0
+%define CONFIG_ATEMPO_FILTER 0
+%define CONFIG_ATRIM_FILTER 0
+%define CONFIG_AZMQ_FILTER 0
+%define CONFIG_BANDPASS_FILTER 0
+%define CONFIG_BANDREJECT_FILTER 0
+%define CONFIG_BASS_FILTER 0
+%define CONFIG_BIQUAD_FILTER 0
+%define CONFIG_BS2B_FILTER 0
+%define CONFIG_CHANNELMAP_FILTER 0
+%define CONFIG_CHANNELSPLIT_FILTER 0
+%define CONFIG_CHORUS_FILTER 0
+%define CONFIG_COMPAND_FILTER 0
+%define CONFIG_COMPENSATIONDELAY_FILTER 0
+%define CONFIG_CROSSFEED_FILTER 0
+%define CONFIG_CRYSTALIZER_FILTER 0
+%define CONFIG_DCSHIFT_FILTER 0
+%define CONFIG_DYNAUDNORM_FILTER 0
+%define CONFIG_EARWAX_FILTER 0
+%define CONFIG_EBUR128_FILTER 0
+%define CONFIG_EQUALIZER_FILTER 0
+%define CONFIG_EXTRASTEREO_FILTER 0
+%define CONFIG_FIREQUALIZER_FILTER 0
+%define CONFIG_FLANGER_FILTER 0
+%define CONFIG_HAAS_FILTER 0
+%define CONFIG_HDCD_FILTER 0
+%define CONFIG_HEADPHONE_FILTER 0
+%define CONFIG_HIGHPASS_FILTER 0
+%define CONFIG_JOIN_FILTER 0
+%define CONFIG_LADSPA_FILTER 0
+%define CONFIG_LOUDNORM_FILTER 0
+%define CONFIG_LOWPASS_FILTER 0
+%define CONFIG_PAN_FILTER 0
+%define CONFIG_REPLAYGAIN_FILTER 0
+%define CONFIG_RESAMPLE_FILTER 0
+%define CONFIG_RUBBERBAND_FILTER 0
+%define CONFIG_SIDECHAINCOMPRESS_FILTER 0
+%define CONFIG_SIDECHAINGATE_FILTER 0
+%define CONFIG_SILENCEDETECT_FILTER 0
+%define CONFIG_SILENCEREMOVE_FILTER 0
+%define CONFIG_SOFALIZER_FILTER 0
+%define CONFIG_STEREOTOOLS_FILTER 0
+%define CONFIG_STEREOWIDEN_FILTER 0
+%define CONFIG_SUPEREQUALIZER_FILTER 0
+%define CONFIG_SURROUND_FILTER 0
+%define CONFIG_TREBLE_FILTER 0
+%define CONFIG_TREMOLO_FILTER 0
+%define CONFIG_VIBRATO_FILTER 0
+%define CONFIG_VOLUME_FILTER 0
+%define CONFIG_VOLUMEDETECT_FILTER 0
+%define CONFIG_AEVALSRC_FILTER 0
+%define CONFIG_ANOISESRC_FILTER 0
+%define CONFIG_ANULLSRC_FILTER 0
+%define CONFIG_FLITE_FILTER 0
+%define CONFIG_SINE_FILTER 0
+%define CONFIG_ANULLSINK_FILTER 0
+%define CONFIG_ALPHAEXTRACT_FILTER 0
+%define CONFIG_ALPHAMERGE_FILTER 0
+%define CONFIG_ASS_FILTER 0
+%define CONFIG_ATADENOISE_FILTER 0
+%define CONFIG_AVGBLUR_FILTER 0
+%define CONFIG_BBOX_FILTER 0
+%define CONFIG_BENCH_FILTER 0
+%define CONFIG_BITPLANENOISE_FILTER 0
+%define CONFIG_BLACKDETECT_FILTER 0
+%define CONFIG_BLACKFRAME_FILTER 0
+%define CONFIG_BLEND_FILTER 0
+%define CONFIG_BOXBLUR_FILTER 0
+%define CONFIG_BWDIF_FILTER 0
+%define CONFIG_CHROMAKEY_FILTER 0
+%define CONFIG_CIESCOPE_FILTER 0
+%define CONFIG_CODECVIEW_FILTER 0
+%define CONFIG_COLORBALANCE_FILTER 0
+%define CONFIG_COLORCHANNELMIXER_FILTER 0
+%define CONFIG_COLORKEY_FILTER 0
+%define CONFIG_COLORLEVELS_FILTER 0
+%define CONFIG_COLORMATRIX_FILTER 0
+%define CONFIG_COLORSPACE_FILTER 0
+%define CONFIG_CONVOLUTION_FILTER 0
+%define CONFIG_CONVOLVE_FILTER 0
+%define CONFIG_COPY_FILTER 0
+%define CONFIG_COREIMAGE_FILTER 0
+%define CONFIG_COVER_RECT_FILTER 0
+%define CONFIG_CROP_FILTER 0
+%define CONFIG_CROPDETECT_FILTER 0
+%define CONFIG_CURVES_FILTER 0
+%define CONFIG_DATASCOPE_FILTER 0
+%define CONFIG_DCTDNOIZ_FILTER 0
+%define CONFIG_DEBAND_FILTER 0
+%define CONFIG_DECIMATE_FILTER 0
+%define CONFIG_DEFLATE_FILTER 0
+%define CONFIG_DEFLICKER_FILTER 0
+%define CONFIG_DEINTERLACE_QSV_FILTER 0
+%define CONFIG_DEINTERLACE_VAAPI_FILTER 0
+%define CONFIG_DEJUDDER_FILTER 0
+%define CONFIG_DELOGO_FILTER 0
+%define CONFIG_DESHAKE_FILTER 0
+%define CONFIG_DESPILL_FILTER 0
+%define CONFIG_DETELECINE_FILTER 0
+%define CONFIG_DILATION_FILTER 0
+%define CONFIG_DISPLACE_FILTER 0
+%define CONFIG_DOUBLEWEAVE_FILTER 0
+%define CONFIG_DRAWBOX_FILTER 0
+%define CONFIG_DRAWGRAPH_FILTER 0
+%define CONFIG_DRAWGRID_FILTER 0
+%define CONFIG_DRAWTEXT_FILTER 0
+%define CONFIG_EDGEDETECT_FILTER 0
+%define CONFIG_ELBG_FILTER 0
+%define CONFIG_EQ_FILTER 0
+%define CONFIG_EROSION_FILTER 0
+%define CONFIG_EXTRACTPLANES_FILTER 0
+%define CONFIG_FADE_FILTER 0
+%define CONFIG_FFTFILT_FILTER 0
+%define CONFIG_FIELD_FILTER 0
+%define CONFIG_FIELDHINT_FILTER 0
+%define CONFIG_FIELDMATCH_FILTER 0
+%define CONFIG_FIELDORDER_FILTER 0
+%define CONFIG_FIND_RECT_FILTER 0
+%define CONFIG_FLOODFILL_FILTER 0
+%define CONFIG_FORMAT_FILTER 0
+%define CONFIG_FPS_FILTER 0
+%define CONFIG_FRAMEPACK_FILTER 0
+%define CONFIG_FRAMERATE_FILTER 0
+%define CONFIG_FRAMESTEP_FILTER 0
+%define CONFIG_FREI0R_FILTER 0
+%define CONFIG_FSPP_FILTER 0
+%define CONFIG_GBLUR_FILTER 0
+%define CONFIG_GEQ_FILTER 0
+%define CONFIG_GRADFUN_FILTER 0
+%define CONFIG_HALDCLUT_FILTER 0
+%define CONFIG_HFLIP_FILTER 0
+%define CONFIG_HISTEQ_FILTER 0
+%define CONFIG_HISTOGRAM_FILTER 0
+%define CONFIG_HQDN3D_FILTER 0
+%define CONFIG_HQX_FILTER 0
+%define CONFIG_HSTACK_FILTER 0
+%define CONFIG_HUE_FILTER 0
+%define CONFIG_HWDOWNLOAD_FILTER 0
+%define CONFIG_HWMAP_FILTER 0
+%define CONFIG_HWUPLOAD_FILTER 0
+%define CONFIG_HWUPLOAD_CUDA_FILTER 0
+%define CONFIG_HYSTERESIS_FILTER 0
+%define CONFIG_IDET_FILTER 0
+%define CONFIG_IL_FILTER 0
+%define CONFIG_INFLATE_FILTER 0
+%define CONFIG_INTERLACE_FILTER 0
+%define CONFIG_INTERLEAVE_FILTER 0
+%define CONFIG_KERNDEINT_FILTER 0
+%define CONFIG_LENSCORRECTION_FILTER 0
+%define CONFIG_LIBVMAF_FILTER 0
+%define CONFIG_LIMITER_FILTER 0
+%define CONFIG_LOOP_FILTER 0
+%define CONFIG_LUMAKEY_FILTER 0
+%define CONFIG_LUT_FILTER 0
+%define CONFIG_LUT2_FILTER 0
+%define CONFIG_LUT3D_FILTER 0
+%define CONFIG_LUTRGB_FILTER 0
+%define CONFIG_LUTYUV_FILTER 0
+%define CONFIG_MASKEDCLAMP_FILTER 0
+%define CONFIG_MASKEDMERGE_FILTER 0
+%define CONFIG_MCDEINT_FILTER 0
+%define CONFIG_MERGEPLANES_FILTER 0
+%define CONFIG_MESTIMATE_FILTER 0
+%define CONFIG_METADATA_FILTER 0
+%define CONFIG_MIDEQUALIZER_FILTER 0
+%define CONFIG_MINTERPOLATE_FILTER 0
+%define CONFIG_MPDECIMATE_FILTER 0
+%define CONFIG_NEGATE_FILTER 0
+%define CONFIG_NLMEANS_FILTER 0
+%define CONFIG_NNEDI_FILTER 0
+%define CONFIG_NOFORMAT_FILTER 0
+%define CONFIG_NOISE_FILTER 0
+%define CONFIG_NULL_FILTER 0
+%define CONFIG_OCR_FILTER 0
+%define CONFIG_OCV_FILTER 0
+%define CONFIG_OSCILLOSCOPE_FILTER 0
+%define CONFIG_OVERLAY_FILTER 0
+%define CONFIG_OWDENOISE_FILTER 0
+%define CONFIG_PAD_FILTER 0
+%define CONFIG_PALETTEGEN_FILTER 0
+%define CONFIG_PALETTEUSE_FILTER 0
+%define CONFIG_PERMS_FILTER 0
+%define CONFIG_PERSPECTIVE_FILTER 0
+%define CONFIG_PHASE_FILTER 0
+%define CONFIG_PIXDESCTEST_FILTER 0
+%define CONFIG_PIXSCOPE_FILTER 0
+%define CONFIG_PP_FILTER 0
+%define CONFIG_PP7_FILTER 0
+%define CONFIG_PREMULTIPLY_FILTER 0
+%define CONFIG_PREWITT_FILTER 0
+%define CONFIG_PSEUDOCOLOR_FILTER 0
+%define CONFIG_PSNR_FILTER 0
+%define CONFIG_PULLUP_FILTER 0
+%define CONFIG_QP_FILTER 0
+%define CONFIG_RANDOM_FILTER 0
+%define CONFIG_READEIA608_FILTER 0
+%define CONFIG_READVITC_FILTER 0
+%define CONFIG_REALTIME_FILTER 0
+%define CONFIG_REMAP_FILTER 0
+%define CONFIG_REMOVEGRAIN_FILTER 0
+%define CONFIG_REMOVELOGO_FILTER 0
+%define CONFIG_REPEATFIELDS_FILTER 0
+%define CONFIG_REVERSE_FILTER 0
+%define CONFIG_ROBERTS_FILTER 0
+%define CONFIG_ROTATE_FILTER 0
+%define CONFIG_SAB_FILTER 0
+%define CONFIG_SCALE_FILTER 0
+%define CONFIG_SCALE_CUDA_FILTER 0
+%define CONFIG_SCALE_NPP_FILTER 0
+%define CONFIG_SCALE_QSV_FILTER 0
+%define CONFIG_SCALE_VAAPI_FILTER 0
+%define CONFIG_SCALE2REF_FILTER 0
+%define CONFIG_SELECT_FILTER 0
+%define CONFIG_SELECTIVECOLOR_FILTER 0
+%define CONFIG_SENDCMD_FILTER 0
+%define CONFIG_SEPARATEFIELDS_FILTER 0
+%define CONFIG_SETDAR_FILTER 0
+%define CONFIG_SETFIELD_FILTER 0
+%define CONFIG_SETPTS_FILTER 0
+%define CONFIG_SETSAR_FILTER 0
+%define CONFIG_SETTB_FILTER 0
+%define CONFIG_SHOWINFO_FILTER 0
+%define CONFIG_SHOWPALETTE_FILTER 0
+%define CONFIG_SHUFFLEFRAMES_FILTER 0
+%define CONFIG_SHUFFLEPLANES_FILTER 0
+%define CONFIG_SIDEDATA_FILTER 0
+%define CONFIG_SIGNALSTATS_FILTER 0
+%define CONFIG_SIGNATURE_FILTER 0
+%define CONFIG_SMARTBLUR_FILTER 0
+%define CONFIG_SOBEL_FILTER 0
+%define CONFIG_SPLIT_FILTER 0
+%define CONFIG_SPP_FILTER 0
+%define CONFIG_SSIM_FILTER 0
+%define CONFIG_STEREO3D_FILTER 0
+%define CONFIG_STREAMSELECT_FILTER 0
+%define CONFIG_SUBTITLES_FILTER 0
+%define CONFIG_SUPER2XSAI_FILTER 0
+%define CONFIG_SWAPRECT_FILTER 0
+%define CONFIG_SWAPUV_FILTER 0
+%define CONFIG_TBLEND_FILTER 0
+%define CONFIG_TELECINE_FILTER 0
+%define CONFIG_THRESHOLD_FILTER 0
+%define CONFIG_THUMBNAIL_FILTER 0
+%define CONFIG_THUMBNAIL_CUDA_FILTER 0
+%define CONFIG_TILE_FILTER 0
+%define CONFIG_TINTERLACE_FILTER 0
+%define CONFIG_TLUT2_FILTER 0
+%define CONFIG_TONEMAP_FILTER 0
+%define CONFIG_TRANSPOSE_FILTER 0
+%define CONFIG_TRIM_FILTER 0
+%define CONFIG_UNPREMULTIPLY_FILTER 0
+%define CONFIG_UNSHARP_FILTER 0
+%define CONFIG_USPP_FILTER 0
+%define CONFIG_VAGUEDENOISER_FILTER 0
+%define CONFIG_VECTORSCOPE_FILTER 0
+%define CONFIG_VFLIP_FILTER 0
+%define CONFIG_VIDSTABDETECT_FILTER 0
+%define CONFIG_VIDSTABTRANSFORM_FILTER 0
+%define CONFIG_VIGNETTE_FILTER 0
+%define CONFIG_VMAFMOTION_FILTER 0
+%define CONFIG_VSTACK_FILTER 0
+%define CONFIG_W3FDIF_FILTER 0
+%define CONFIG_WAVEFORM_FILTER 0
+%define CONFIG_WEAVE_FILTER 0
+%define CONFIG_XBR_FILTER 0
+%define CONFIG_YADIF_FILTER 0
+%define CONFIG_ZMQ_FILTER 0
+%define CONFIG_ZOOMPAN_FILTER 0
+%define CONFIG_ZSCALE_FILTER 0
+%define CONFIG_ALLRGB_FILTER 0
+%define CONFIG_ALLYUV_FILTER 0
+%define CONFIG_CELLAUTO_FILTER 0
+%define CONFIG_COLOR_FILTER 0
+%define CONFIG_COREIMAGESRC_FILTER 0
+%define CONFIG_FREI0R_SRC_FILTER 0
+%define CONFIG_HALDCLUTSRC_FILTER 0
+%define CONFIG_LIFE_FILTER 0
+%define CONFIG_MANDELBROT_FILTER 0
+%define CONFIG_MPTESTSRC_FILTER 0
+%define CONFIG_NULLSRC_FILTER 0
+%define CONFIG_RGBTESTSRC_FILTER 0
+%define CONFIG_SMPTEBARS_FILTER 0
+%define CONFIG_SMPTEHDBARS_FILTER 0
+%define CONFIG_TESTSRC_FILTER 0
+%define CONFIG_TESTSRC2_FILTER 0
+%define CONFIG_YUVTESTSRC_FILTER 0
+%define CONFIG_NULLSINK_FILTER 0
+%define CONFIG_ABITSCOPE_FILTER 0
+%define CONFIG_ADRAWGRAPH_FILTER 0
+%define CONFIG_AHISTOGRAM_FILTER 0
+%define CONFIG_APHASEMETER_FILTER 0
+%define CONFIG_AVECTORSCOPE_FILTER 0
+%define CONFIG_CONCAT_FILTER 0
+%define CONFIG_SHOWCQT_FILTER 0
+%define CONFIG_SHOWFREQS_FILTER 0
+%define CONFIG_SHOWSPECTRUM_FILTER 0
+%define CONFIG_SHOWSPECTRUMPIC_FILTER 0
+%define CONFIG_SHOWVOLUME_FILTER 0
+%define CONFIG_SHOWWAVES_FILTER 0
+%define CONFIG_SHOWWAVESPIC_FILTER 0
+%define CONFIG_SPECTRUMSYNTH_FILTER 0
+%define CONFIG_AMOVIE_FILTER 0
+%define CONFIG_MOVIE_FILTER 0
+%define CONFIG_H263_VAAPI_HWACCEL 0
+%define CONFIG_H263_VIDEOTOOLBOX_HWACCEL 0
+%define CONFIG_H264_CUVID_HWACCEL 0
+%define CONFIG_H264_D3D11VA_HWACCEL 0
+%define CONFIG_H264_D3D11VA2_HWACCEL 0
+%define CONFIG_H264_DXVA2_HWACCEL 0
+%define CONFIG_H264_MEDIACODEC_HWACCEL 0
+%define CONFIG_H264_MMAL_HWACCEL 0
+%define CONFIG_H264_QSV_HWACCEL 0
+%define CONFIG_H264_VAAPI_HWACCEL 0
+%define CONFIG_H264_VDA_HWACCEL 0
+%define CONFIG_H264_VDA_OLD_HWACCEL 0
+%define CONFIG_H264_VDPAU_HWACCEL 0
+%define CONFIG_H264_VIDEOTOOLBOX_HWACCEL 0
+%define CONFIG_HEVC_CUVID_HWACCEL 0
+%define CONFIG_HEVC_D3D11VA_HWACCEL 0
+%define CONFIG_HEVC_D3D11VA2_HWACCEL 0
+%define CONFIG_HEVC_DXVA2_HWACCEL 0
+%define CONFIG_HEVC_MEDIACODEC_HWACCEL 0
+%define CONFIG_HEVC_QSV_HWACCEL 0
+%define CONFIG_HEVC_VAAPI_HWACCEL 0
+%define CONFIG_HEVC_VDPAU_HWACCEL 0
+%define CONFIG_HEVC_VIDEOTOOLBOX_HWACCEL 0
+%define CONFIG_MJPEG_CUVID_HWACCEL 0
+%define CONFIG_MPEG1_CUVID_HWACCEL 0
+%define CONFIG_MPEG1_XVMC_HWACCEL 0
+%define CONFIG_MPEG1_VDPAU_HWACCEL 0
+%define CONFIG_MPEG1_VIDEOTOOLBOX_HWACCEL 0
+%define CONFIG_MPEG2_CUVID_HWACCEL 0
+%define CONFIG_MPEG2_XVMC_HWACCEL 0
+%define CONFIG_MPEG2_D3D11VA_HWACCEL 0
+%define CONFIG_MPEG2_D3D11VA2_HWACCEL 0
+%define CONFIG_MPEG2_DXVA2_HWACCEL 0
+%define CONFIG_MPEG2_MMAL_HWACCEL 0
+%define CONFIG_MPEG2_QSV_HWACCEL 0
+%define CONFIG_MPEG2_VAAPI_HWACCEL 0
+%define CONFIG_MPEG2_VDPAU_HWACCEL 0
+%define CONFIG_MPEG2_VIDEOTOOLBOX_HWACCEL 0
+%define CONFIG_MPEG2_MEDIACODEC_HWACCEL 0
+%define CONFIG_MPEG4_CUVID_HWACCEL 0
+%define CONFIG_MPEG4_MEDIACODEC_HWACCEL 0
+%define CONFIG_MPEG4_MMAL_HWACCEL 0
+%define CONFIG_MPEG4_VAAPI_HWACCEL 0
+%define CONFIG_MPEG4_VDPAU_HWACCEL 0
+%define CONFIG_MPEG4_VIDEOTOOLBOX_HWACCEL 0
+%define CONFIG_VC1_CUVID_HWACCEL 0
+%define CONFIG_VC1_D3D11VA_HWACCEL 0
+%define CONFIG_VC1_D3D11VA2_HWACCEL 0
+%define CONFIG_VC1_DXVA2_HWACCEL 0
+%define CONFIG_VC1_VAAPI_HWACCEL 0
+%define CONFIG_VC1_VDPAU_HWACCEL 0
+%define CONFIG_VC1_MMAL_HWACCEL 0
+%define CONFIG_VC1_QSV_HWACCEL 0
+%define CONFIG_VP8_CUVID_HWACCEL 0
+%define CONFIG_VP8_MEDIACODEC_HWACCEL 0
+%define CONFIG_VP8_QSV_HWACCEL 0
+%define CONFIG_VP9_CUVID_HWACCEL 0
+%define CONFIG_VP9_D3D11VA_HWACCEL 0
+%define CONFIG_VP9_D3D11VA2_HWACCEL 0
+%define CONFIG_VP9_DXVA2_HWACCEL 0
+%define CONFIG_VP9_MEDIACODEC_HWACCEL 0
+%define CONFIG_VP9_VAAPI_HWACCEL 0
+%define CONFIG_WMV3_D3D11VA_HWACCEL 0
+%define CONFIG_WMV3_D3D11VA2_HWACCEL 0
+%define CONFIG_WMV3_DXVA2_HWACCEL 0
+%define CONFIG_WMV3_VAAPI_HWACCEL 0
+%define CONFIG_WMV3_VDPAU_HWACCEL 0
+%define CONFIG_ALSA_INDEV 0
+%define CONFIG_AVFOUNDATION_INDEV 0
+%define CONFIG_BKTR_INDEV 0
+%define CONFIG_DECKLINK_INDEV 0
+%define CONFIG_LIBNDI_NEWTEK_INDEV 0
+%define CONFIG_DSHOW_INDEV 0
+%define CONFIG_FBDEV_INDEV 0
+%define CONFIG_GDIGRAB_INDEV 0
+%define CONFIG_IEC61883_INDEV 0
+%define CONFIG_JACK_INDEV 0
+%define CONFIG_KMSGRAB_INDEV 0
+%define CONFIG_LAVFI_INDEV 0
+%define CONFIG_OPENAL_INDEV 0
+%define CONFIG_OSS_INDEV 0
+%define CONFIG_PULSE_INDEV 0
+%define CONFIG_SNDIO_INDEV 0
+%define CONFIG_V4L2_INDEV 0
+%define CONFIG_VFWCAP_INDEV 0
+%define CONFIG_XCBGRAB_INDEV 0
+%define CONFIG_LIBCDIO_INDEV 0
+%define CONFIG_LIBDC1394_INDEV 0
+%define CONFIG_A64_MUXER 0
+%define CONFIG_AC3_MUXER 0
+%define CONFIG_ADTS_MUXER 0
+%define CONFIG_ADX_MUXER 0
+%define CONFIG_AIFF_MUXER 0
+%define CONFIG_AMR_MUXER 0
+%define CONFIG_APNG_MUXER 0
+%define CONFIG_ASF_MUXER 0
+%define CONFIG_ASS_MUXER 0
+%define CONFIG_AST_MUXER 0
+%define CONFIG_ASF_STREAM_MUXER 0
+%define CONFIG_AU_MUXER 0
+%define CONFIG_AVI_MUXER 0
+%define CONFIG_AVM2_MUXER 0
+%define CONFIG_BIT_MUXER 0
+%define CONFIG_CAF_MUXER 0
+%define CONFIG_CAVSVIDEO_MUXER 0
+%define CONFIG_CRC_MUXER 0
+%define CONFIG_DASH_MUXER 0
+%define CONFIG_DATA_MUXER 0
+%define CONFIG_DAUD_MUXER 0
+%define CONFIG_DIRAC_MUXER 0
+%define CONFIG_DNXHD_MUXER 0
+%define CONFIG_DTS_MUXER 0
+%define CONFIG_DV_MUXER 0
+%define CONFIG_EAC3_MUXER 0
+%define CONFIG_F4V_MUXER 0
+%define CONFIG_FFM_MUXER 0
+%define CONFIG_FFMETADATA_MUXER 0
+%define CONFIG_FIFO_MUXER 0
+%define CONFIG_FILMSTRIP_MUXER 0
+%define CONFIG_FITS_MUXER 0
+%define CONFIG_FLAC_MUXER 0
+%define CONFIG_FLV_MUXER 0
+%define CONFIG_FRAMECRC_MUXER 0
+%define CONFIG_FRAMEHASH_MUXER 0
+%define CONFIG_FRAMEMD5_MUXER 0
+%define CONFIG_G722_MUXER 0
+%define CONFIG_G723_1_MUXER 0
+%define CONFIG_G726_MUXER 0
+%define CONFIG_G726LE_MUXER 0
+%define CONFIG_GIF_MUXER 0
+%define CONFIG_GSM_MUXER 0
+%define CONFIG_GXF_MUXER 0
+%define CONFIG_H261_MUXER 0
+%define CONFIG_H263_MUXER 0
+%define CONFIG_H264_MUXER 0
+%define CONFIG_HASH_MUXER 0
+%define CONFIG_HDS_MUXER 0
+%define CONFIG_HEVC_MUXER 0
+%define CONFIG_HLS_MUXER 0
+%define CONFIG_ICO_MUXER 0
+%define CONFIG_ILBC_MUXER 0
+%define CONFIG_IMAGE2_MUXER 0
+%define CONFIG_IMAGE2PIPE_MUXER 0
+%define CONFIG_IPOD_MUXER 0
+%define CONFIG_IRCAM_MUXER 0
+%define CONFIG_ISMV_MUXER 0
+%define CONFIG_IVF_MUXER 0
+%define CONFIG_JACOSUB_MUXER 0
+%define CONFIG_LATM_MUXER 0
+%define CONFIG_LRC_MUXER 0
+%define CONFIG_M4V_MUXER 0
+%define CONFIG_MD5_MUXER 0
+%define CONFIG_MATROSKA_MUXER 0
+%define CONFIG_MATROSKA_AUDIO_MUXER 0
+%define CONFIG_MICRODVD_MUXER 0
+%define CONFIG_MJPEG_MUXER 0
+%define CONFIG_MLP_MUXER 0
+%define CONFIG_MMF_MUXER 0
+%define CONFIG_MOV_MUXER 0
+%define CONFIG_MP2_MUXER 0
+%define CONFIG_MP3_MUXER 0
+%define CONFIG_MP4_MUXER 0
+%define CONFIG_MPEG1SYSTEM_MUXER 0
+%define CONFIG_MPEG1VCD_MUXER 0
+%define CONFIG_MPEG1VIDEO_MUXER 0
+%define CONFIG_MPEG2DVD_MUXER 0
+%define CONFIG_MPEG2SVCD_MUXER 0
+%define CONFIG_MPEG2VIDEO_MUXER 0
+%define CONFIG_MPEG2VOB_MUXER 0
+%define CONFIG_MPEGTS_MUXER 0
+%define CONFIG_MPJPEG_MUXER 0
+%define CONFIG_MXF_MUXER 0
+%define CONFIG_MXF_D10_MUXER 0
+%define CONFIG_MXF_OPATOM_MUXER 0
+%define CONFIG_NULL_MUXER 0
+%define CONFIG_NUT_MUXER 0
+%define CONFIG_OGA_MUXER 0
+%define CONFIG_OGG_MUXER 0
+%define CONFIG_OGV_MUXER 0
+%define CONFIG_OMA_MUXER 0
+%define CONFIG_OPUS_MUXER 0
+%define CONFIG_PCM_ALAW_MUXER 0
+%define CONFIG_PCM_MULAW_MUXER 0
+%define CONFIG_PCM_F64BE_MUXER 0
+%define CONFIG_PCM_F64LE_MUXER 0
+%define CONFIG_PCM_F32BE_MUXER 0
+%define CONFIG_PCM_F32LE_MUXER 0
+%define CONFIG_PCM_S32BE_MUXER 0
+%define CONFIG_PCM_S32LE_MUXER 0
+%define CONFIG_PCM_S24BE_MUXER 0
+%define CONFIG_PCM_S24LE_MUXER 0
+%define CONFIG_PCM_S16BE_MUXER 0
+%define CONFIG_PCM_S16LE_MUXER 0
+%define CONFIG_PCM_S8_MUXER 0
+%define CONFIG_PCM_U32BE_MUXER 0
+%define CONFIG_PCM_U32LE_MUXER 0
+%define CONFIG_PCM_U24BE_MUXER 0
+%define CONFIG_PCM_U24LE_MUXER 0
+%define CONFIG_PCM_U16BE_MUXER 0
+%define CONFIG_PCM_U16LE_MUXER 0
+%define CONFIG_PCM_U8_MUXER 0
+%define CONFIG_PSP_MUXER 0
+%define CONFIG_RAWVIDEO_MUXER 0
+%define CONFIG_RM_MUXER 0
+%define CONFIG_ROQ_MUXER 0
+%define CONFIG_RSO_MUXER 0
+%define CONFIG_RTP_MUXER 0
+%define CONFIG_RTP_MPEGTS_MUXER 0
+%define CONFIG_RTSP_MUXER 0
+%define CONFIG_SAP_MUXER 0
+%define CONFIG_SCC_MUXER 0
+%define CONFIG_SEGMENT_MUXER 0
+%define CONFIG_STREAM_SEGMENT_MUXER 0
+%define CONFIG_SINGLEJPEG_MUXER 0
+%define CONFIG_SMJPEG_MUXER 0
+%define CONFIG_SMOOTHSTREAMING_MUXER 0
+%define CONFIG_SOX_MUXER 0
+%define CONFIG_SPX_MUXER 0
+%define CONFIG_SPDIF_MUXER 0
+%define CONFIG_SRT_MUXER 0
+%define CONFIG_SUP_MUXER 0
+%define CONFIG_SWF_MUXER 0
+%define CONFIG_TEE_MUXER 0
+%define CONFIG_TG2_MUXER 0
+%define CONFIG_TGP_MUXER 0
+%define CONFIG_MKVTIMESTAMP_V2_MUXER 0
+%define CONFIG_TRUEHD_MUXER 0
+%define CONFIG_TTA_MUXER 0
+%define CONFIG_UNCODEDFRAMECRC_MUXER 0
+%define CONFIG_VC1_MUXER 0
+%define CONFIG_VC1T_MUXER 0
+%define CONFIG_VOC_MUXER 0
+%define CONFIG_W64_MUXER 0
+%define CONFIG_WAV_MUXER 0
+%define CONFIG_WEBM_MUXER 0
+%define CONFIG_WEBM_DASH_MANIFEST_MUXER 0
+%define CONFIG_WEBM_CHUNK_MUXER 0
+%define CONFIG_WEBP_MUXER 0
+%define CONFIG_WEBVTT_MUXER 0
+%define CONFIG_WTV_MUXER 0
+%define CONFIG_WV_MUXER 0
+%define CONFIG_YUV4MPEGPIPE_MUXER 0
+%define CONFIG_CHROMAPRINT_MUXER 0
+%define CONFIG_ALSA_OUTDEV 0
+%define CONFIG_CACA_OUTDEV 0
+%define CONFIG_DECKLINK_OUTDEV 0
+%define CONFIG_LIBNDI_NEWTEK_OUTDEV 0
+%define CONFIG_FBDEV_OUTDEV 0
+%define CONFIG_OPENGL_OUTDEV 0
+%define CONFIG_OSS_OUTDEV 0
+%define CONFIG_PULSE_OUTDEV 0
+%define CONFIG_SDL2_OUTDEV 0
+%define CONFIG_SNDIO_OUTDEV 0
+%define CONFIG_V4L2_OUTDEV 0
+%define CONFIG_XV_OUTDEV 0
+%define CONFIG_AAC_PARSER 0
+%define CONFIG_AAC_LATM_PARSER 0
+%define CONFIG_AC3_PARSER 0
+%define CONFIG_ADX_PARSER 0
+%define CONFIG_BMP_PARSER 0
+%define CONFIG_CAVSVIDEO_PARSER 0
+%define CONFIG_COOK_PARSER 0
+%define CONFIG_DCA_PARSER 0
+%define CONFIG_DIRAC_PARSER 0
+%define CONFIG_DNXHD_PARSER 0
+%define CONFIG_DPX_PARSER 0
+%define CONFIG_DVAUDIO_PARSER 0
+%define CONFIG_DVBSUB_PARSER 0
+%define CONFIG_DVDSUB_PARSER 0
+%define CONFIG_DVD_NAV_PARSER 0
+%define CONFIG_G729_PARSER 0
+%define CONFIG_GSM_PARSER 0
+%define CONFIG_H261_PARSER 0
+%define CONFIG_H263_PARSER 0
+%define CONFIG_H264_PARSER 0
+%define CONFIG_HEVC_PARSER 0
+%define CONFIG_MJPEG_PARSER 0
+%define CONFIG_MLP_PARSER 0
+%define CONFIG_MPEG4VIDEO_PARSER 0
+%define CONFIG_MPEGAUDIO_PARSER 0
+%define CONFIG_MPEGVIDEO_PARSER 0
+%define CONFIG_OPUS_PARSER 0
+%define CONFIG_PNG_PARSER 0
+%define CONFIG_PNM_PARSER 0
+%define CONFIG_RV30_PARSER 0
+%define CONFIG_RV40_PARSER 0
+%define CONFIG_SIPR_PARSER 0
+%define CONFIG_TAK_PARSER 0
+%define CONFIG_VC1_PARSER 0
+%define CONFIG_VORBIS_PARSER 0
+%define CONFIG_VP3_PARSER 0
+%define CONFIG_XMA_PARSER 0
+%define CONFIG_ASYNC_PROTOCOL 0
+%define CONFIG_BLURAY_PROTOCOL 0
+%define CONFIG_CACHE_PROTOCOL 0
+%define CONFIG_CONCAT_PROTOCOL 0
+%define CONFIG_CRYPTO_PROTOCOL 0
+%define CONFIG_DATA_PROTOCOL 0
+%define CONFIG_FFRTMPCRYPT_PROTOCOL 0
+%define CONFIG_FFRTMPHTTP_PROTOCOL 0
+%define CONFIG_FILE_PROTOCOL 0
+%define CONFIG_FTP_PROTOCOL 0
+%define CONFIG_GOPHER_PROTOCOL 0
+%define CONFIG_HLS_PROTOCOL 0
+%define CONFIG_HTTP_PROTOCOL 0
+%define CONFIG_HTTPPROXY_PROTOCOL 0
+%define CONFIG_HTTPS_PROTOCOL 0
+%define CONFIG_ICECAST_PROTOCOL 0
+%define CONFIG_MMSH_PROTOCOL 0
+%define CONFIG_MMST_PROTOCOL 0
+%define CONFIG_MD5_PROTOCOL 0
+%define CONFIG_PIPE_PROTOCOL 0
+%define CONFIG_PROMPEG_PROTOCOL 0
+%define CONFIG_RTMP_PROTOCOL 0
+%define CONFIG_RTMPE_PROTOCOL 0
+%define CONFIG_RTMPS_PROTOCOL 0
+%define CONFIG_RTMPT_PROTOCOL 0
+%define CONFIG_RTMPTE_PROTOCOL 0
+%define CONFIG_RTMPTS_PROTOCOL 0
+%define CONFIG_RTP_PROTOCOL 0
+%define CONFIG_SCTP_PROTOCOL 0
+%define CONFIG_SRTP_PROTOCOL 0
+%define CONFIG_SUBFILE_PROTOCOL 0
+%define CONFIG_TEE_PROTOCOL 0
+%define CONFIG_TCP_PROTOCOL 0
+%define CONFIG_TLS_GNUTLS_PROTOCOL 0
+%define CONFIG_TLS_SCHANNEL_PROTOCOL 0
+%define CONFIG_TLS_SECURETRANSPORT_PROTOCOL 0
+%define CONFIG_TLS_OPENSSL_PROTOCOL 0
+%define CONFIG_UDP_PROTOCOL 0
+%define CONFIG_UDPLITE_PROTOCOL 0
+%define CONFIG_UNIX_PROTOCOL 0
+%define CONFIG_LIBRTMP_PROTOCOL 0
+%define CONFIG_LIBRTMPE_PROTOCOL 0
+%define CONFIG_LIBRTMPS_PROTOCOL 0
+%define CONFIG_LIBRTMPT_PROTOCOL 0
+%define CONFIG_LIBRTMPTE_PROTOCOL 0
+%define CONFIG_LIBSSH_PROTOCOL 0
+%define CONFIG_LIBSMBCLIENT_PROTOCOL 0
diff --git a/media/ffvpx/defaults_disabled.h b/media/ffvpx/defaults_disabled.h
new file mode 100644
index 000000000..e526aa9e7
--- /dev/null
+++ b/media/ffvpx/defaults_disabled.h
@@ -0,0 +1,1674 @@
+#define CONFIG_ENCODERS 0
+#define CONFIG_HWACCELS 0
+#define CONFIG_INDEVS 0
+#define CONFIG_OUTDEVS 0
+#define CONFIG_FILTERS 0
+#define CONFIG_DEMUXERS 0
+#define CONFIG_MUXERS 0
+#define CONFIG_PROTOCOLS 0
+#define CONFIG_FRAME_THREAD_ENCODER 0
+#define CONFIG_AASC_DECODER 0
+#define CONFIG_AIC_DECODER 0
+#define CONFIG_ALIAS_PIX_DECODER 0
+#define CONFIG_AMV_DECODER 0
+#define CONFIG_ANM_DECODER 0
+#define CONFIG_ANSI_DECODER 0
+#define CONFIG_APNG_DECODER 0
+#define CONFIG_ASV1_DECODER 0
+#define CONFIG_ASV2_DECODER 0
+#define CONFIG_AURA_DECODER 0
+#define CONFIG_AURA2_DECODER 0
+#define CONFIG_AVRP_DECODER 0
+#define CONFIG_AVRN_DECODER 0
+#define CONFIG_AVS_DECODER 0
+#define CONFIG_AVUI_DECODER 0
+#define CONFIG_AYUV_DECODER 0
+#define CONFIG_BETHSOFTVID_DECODER 0
+#define CONFIG_BFI_DECODER 0
+#define CONFIG_BINK_DECODER 0
+#define CONFIG_BMP_DECODER 0
+#define CONFIG_BMV_VIDEO_DECODER 0
+#define CONFIG_BRENDER_PIX_DECODER 0
+#define CONFIG_C93_DECODER 0
+#define CONFIG_CAVS_DECODER 0
+#define CONFIG_CDGRAPHICS_DECODER 0
+#define CONFIG_CDXL_DECODER 0
+#define CONFIG_CFHD_DECODER 0
+#define CONFIG_CINEPAK_DECODER 0
+#define CONFIG_CLEARVIDEO_DECODER 0
+#define CONFIG_CLJR_DECODER 0
+#define CONFIG_CLLC_DECODER 0
+#define CONFIG_COMFORTNOISE_DECODER 0
+#define CONFIG_CPIA_DECODER 0
+#define CONFIG_CSCD_DECODER 0
+#define CONFIG_CYUV_DECODER 0
+#define CONFIG_DDS_DECODER 0
+#define CONFIG_DFA_DECODER 0
+#define CONFIG_DIRAC_DECODER 0
+#define CONFIG_DNXHD_DECODER 0
+#define CONFIG_DPX_DECODER 0
+#define CONFIG_DSICINVIDEO_DECODER 0
+#define CONFIG_DVAUDIO_DECODER 0
+#define CONFIG_DVVIDEO_DECODER 0
+#define CONFIG_DXA_DECODER 0
+#define CONFIG_DXTORY_DECODER 0
+#define CONFIG_DXV_DECODER 0
+#define CONFIG_EACMV_DECODER 0
+#define CONFIG_EAMAD_DECODER 0
+#define CONFIG_EATGQ_DECODER 0
+#define CONFIG_EATGV_DECODER 0
+#define CONFIG_EATQI_DECODER 0
+#define CONFIG_EIGHTBPS_DECODER 0
+#define CONFIG_EIGHTSVX_EXP_DECODER 0
+#define CONFIG_EIGHTSVX_FIB_DECODER 0
+#define CONFIG_ESCAPE124_DECODER 0
+#define CONFIG_ESCAPE130_DECODER 0
+#define CONFIG_EXR_DECODER 0
+#define CONFIG_FFV1_DECODER 0
+#define CONFIG_FFVHUFF_DECODER 0
+#define CONFIG_FIC_DECODER 0
+#define CONFIG_FITS_DECODER 0
+#define CONFIG_FLASHSV_DECODER 0
+#define CONFIG_FLASHSV2_DECODER 0
+#define CONFIG_FLIC_DECODER 0
+#define CONFIG_FLV_DECODER 0
+#define CONFIG_FMVC_DECODER 0
+#define CONFIG_FOURXM_DECODER 0
+#define CONFIG_FRAPS_DECODER 0
+#define CONFIG_FRWU_DECODER 0
+#define CONFIG_G2M_DECODER 0
+#define CONFIG_GDV_DECODER 0
+#define CONFIG_GIF_DECODER 0
+#define CONFIG_H261_DECODER 0
+#define CONFIG_H263_DECODER 0
+#define CONFIG_H263I_DECODER 0
+#define CONFIG_H263P_DECODER 0
+#define CONFIG_H263_V4L2M2M_DECODER 0
+#define CONFIG_H264_DECODER 0
+#define CONFIG_H264_CRYSTALHD_DECODER 0
+#define CONFIG_H264_V4L2M2M_DECODER 0
+#define CONFIG_H264_MEDIACODEC_DECODER 0
+#define CONFIG_H264_MMAL_DECODER 0
+#define CONFIG_H264_QSV_DECODER 0
+#define CONFIG_H264_RKMPP_DECODER 0
+#define CONFIG_H264_VDA_DECODER 0
+#define CONFIG_H264_VDPAU_DECODER 0
+#define CONFIG_HAP_DECODER 0
+#define CONFIG_HEVC_DECODER 0
+#define CONFIG_HEVC_QSV_DECODER 0
+#define CONFIG_HEVC_RKMPP_DECODER 0
+#define CONFIG_HEVC_V4L2M2M_DECODER 0
+#define CONFIG_HNM4_VIDEO_DECODER 0
+#define CONFIG_HQ_HQA_DECODER 0
+#define CONFIG_HQX_DECODER 0
+#define CONFIG_HUFFYUV_DECODER 0
+#define CONFIG_IDCIN_DECODER 0
+#define CONFIG_IFF_ILBM_DECODER 0
+#define CONFIG_INDEO2_DECODER 0
+#define CONFIG_INDEO3_DECODER 0
+#define CONFIG_INDEO4_DECODER 0
+#define CONFIG_INDEO5_DECODER 0
+#define CONFIG_INTERPLAY_VIDEO_DECODER 0
+#define CONFIG_JPEG2000_DECODER 0
+#define CONFIG_JPEGLS_DECODER 0
+#define CONFIG_JV_DECODER 0
+#define CONFIG_KGV1_DECODER 0
+#define CONFIG_KMVC_DECODER 0
+#define CONFIG_LAGARITH_DECODER 0
+#define CONFIG_LOCO_DECODER 0
+#define CONFIG_M101_DECODER 0
+#define CONFIG_MAGICYUV_DECODER 0
+#define CONFIG_MDEC_DECODER 0
+#define CONFIG_MIMIC_DECODER 0
+#define CONFIG_MJPEG_DECODER 0
+#define CONFIG_MJPEGB_DECODER 0
+#define CONFIG_MMVIDEO_DECODER 0
+#define CONFIG_MOTIONPIXELS_DECODER 0
+#define CONFIG_MPEG_XVMC_DECODER 0
+#define CONFIG_MPEG1VIDEO_DECODER 0
+#define CONFIG_MPEG2VIDEO_DECODER 0
+#define CONFIG_MPEG4_DECODER 0
+#define CONFIG_MPEG4_CRYSTALHD_DECODER 0
+#define CONFIG_MPEG4_V4L2M2M_DECODER 0
+#define CONFIG_MPEG4_MMAL_DECODER 0
+#define CONFIG_MPEG4_VDPAU_DECODER 0
+#define CONFIG_MPEGVIDEO_DECODER 0
+#define CONFIG_MPEG_VDPAU_DECODER 0
+#define CONFIG_MPEG1_VDPAU_DECODER 0
+#define CONFIG_MPEG1_V4L2M2M_DECODER 0
+#define CONFIG_MPEG2_MMAL_DECODER 0
+#define CONFIG_MPEG2_CRYSTALHD_DECODER 0
+#define CONFIG_MPEG2_V4L2M2M_DECODER 0
+#define CONFIG_MPEG2_QSV_DECODER 0
+#define CONFIG_MPEG2_MEDIACODEC_DECODER 0
+#define CONFIG_MSA1_DECODER 0
+#define CONFIG_MSCC_DECODER 0
+#define CONFIG_MSMPEG4V1_DECODER 0
+#define CONFIG_MSMPEG4V2_DECODER 0
+#define CONFIG_MSMPEG4V3_DECODER 0
+#define CONFIG_MSMPEG4_CRYSTALHD_DECODER 0
+#define CONFIG_MSRLE_DECODER 0
+#define CONFIG_MSS1_DECODER 0
+#define CONFIG_MSS2_DECODER 0
+#define CONFIG_MSVIDEO1_DECODER 0
+#define CONFIG_MSZH_DECODER 0
+#define CONFIG_MTS2_DECODER 0
+#define CONFIG_MVC1_DECODER 0
+#define CONFIG_MVC2_DECODER 0
+#define CONFIG_MXPEG_DECODER 0
+#define CONFIG_NUV_DECODER 0
+#define CONFIG_PAF_VIDEO_DECODER 0
+#define CONFIG_PAM_DECODER 0
+#define CONFIG_PBM_DECODER 0
+#define CONFIG_PCX_DECODER 0
+#define CONFIG_PGM_DECODER 0
+#define CONFIG_PGMYUV_DECODER 0
+#define CONFIG_PICTOR_DECODER 0
+#define CONFIG_PIXLET_DECODER 0
+#define CONFIG_PNG_DECODER 0
+#define CONFIG_PPM_DECODER 0
+#define CONFIG_PRORES_DECODER 0
+#define CONFIG_PRORES_LGPL_DECODER 0
+#define CONFIG_PSD_DECODER 0
+#define CONFIG_PTX_DECODER 0
+#define CONFIG_QDRAW_DECODER 0
+#define CONFIG_QPEG_DECODER 0
+#define CONFIG_QTRLE_DECODER 0
+#define CONFIG_R10K_DECODER 0
+#define CONFIG_R210_DECODER 0
+#define CONFIG_RAWVIDEO_DECODER 0
+#define CONFIG_RL2_DECODER 0
+#define CONFIG_ROQ_DECODER 0
+#define CONFIG_RPZA_DECODER 0
+#define CONFIG_RSCC_DECODER 0
+#define CONFIG_RV10_DECODER 0
+#define CONFIG_RV20_DECODER 0
+#define CONFIG_RV30_DECODER 0
+#define CONFIG_RV40_DECODER 0
+#define CONFIG_S302M_DECODER 0
+#define CONFIG_SANM_DECODER 0
+#define CONFIG_SCPR_DECODER 0
+#define CONFIG_SCREENPRESSO_DECODER 0
+#define CONFIG_SDX2_DPCM_DECODER 0
+#define CONFIG_SGI_DECODER 0
+#define CONFIG_SGIRLE_DECODER 0
+#define CONFIG_SHEERVIDEO_DECODER 0
+#define CONFIG_SMACKER_DECODER 0
+#define CONFIG_SMC_DECODER 0
+#define CONFIG_SMVJPEG_DECODER 0
+#define CONFIG_SNOW_DECODER 0
+#define CONFIG_SP5X_DECODER 0
+#define CONFIG_SPEEDHQ_DECODER 0
+#define CONFIG_SRGC_DECODER 0
+#define CONFIG_SUNRAST_DECODER 0
+#define CONFIG_SVQ1_DECODER 0
+#define CONFIG_SVQ3_DECODER 0
+#define CONFIG_TARGA_DECODER 0
+#define CONFIG_TARGA_Y216_DECODER 0
+#define CONFIG_TDSC_DECODER 0
+#define CONFIG_THEORA_DECODER 0
+#define CONFIG_THP_DECODER 0
+#define CONFIG_TIERTEXSEQVIDEO_DECODER 0
+#define CONFIG_TIFF_DECODER 0
+#define CONFIG_TMV_DECODER 0
+#define CONFIG_TRUEMOTION1_DECODER 0
+#define CONFIG_TRUEMOTION2_DECODER 0
+#define CONFIG_TRUEMOTION2RT_DECODER 0
+#define CONFIG_TSCC_DECODER 0
+#define CONFIG_TSCC2_DECODER 0
+#define CONFIG_TXD_DECODER 0
+#define CONFIG_ULTI_DECODER 0
+#define CONFIG_UTVIDEO_DECODER 0
+#define CONFIG_V210_DECODER 0
+#define CONFIG_V210X_DECODER 0
+#define CONFIG_V308_DECODER 0
+#define CONFIG_V408_DECODER 0
+#define CONFIG_V410_DECODER 0
+#define CONFIG_VB_DECODER 0
+#define CONFIG_VBLE_DECODER 0
+#define CONFIG_VC1_DECODER 0
+#define CONFIG_VC1_CRYSTALHD_DECODER 0
+#define CONFIG_VC1_VDPAU_DECODER 0
+#define CONFIG_VC1IMAGE_DECODER 0
+#define CONFIG_VC1_MMAL_DECODER 0
+#define CONFIG_VC1_QSV_DECODER 0
+#define CONFIG_VC1_V4L2M2M_DECODER 0
+#define CONFIG_VCR1_DECODER 0
+#define CONFIG_VMDVIDEO_DECODER 0
+#define CONFIG_VMNC_DECODER 0
+#define CONFIG_VP3_DECODER 0
+#define CONFIG_VP5_DECODER 0
+#define CONFIG_VP6_DECODER 0
+#define CONFIG_VP6A_DECODER 0
+#define CONFIG_VP6F_DECODER 0
+#define CONFIG_VP7_DECODER 0
+#define CONFIG_VP8_RKMPP_DECODER 0
+#define CONFIG_VP8_V4L2M2M_DECODER 0
+#define CONFIG_VP9_RKMPP_DECODER 0
+#define CONFIG_VP9_V4L2M2M_DECODER 0
+#define CONFIG_VQA_DECODER 0
+#define CONFIG_BITPACKED_DECODER 0
+#define CONFIG_WEBP_DECODER 0
+#define CONFIG_WRAPPED_AVFRAME_DECODER 0
+#define CONFIG_WMV1_DECODER 0
+#define CONFIG_WMV2_DECODER 0
+#define CONFIG_WMV3_DECODER 0
+#define CONFIG_WMV3_CRYSTALHD_DECODER 0
+#define CONFIG_WMV3_VDPAU_DECODER 0
+#define CONFIG_WMV3IMAGE_DECODER 0
+#define CONFIG_WNV1_DECODER 0
+#define CONFIG_XAN_WC3_DECODER 0
+#define CONFIG_XAN_WC4_DECODER 0
+#define CONFIG_XBM_DECODER 0
+#define CONFIG_XFACE_DECODER 0
+#define CONFIG_XL_DECODER 0
+#define CONFIG_XPM_DECODER 0
+#define CONFIG_XWD_DECODER 0
+#define CONFIG_Y41P_DECODER 0
+#define CONFIG_YLC_DECODER 0
+#define CONFIG_YOP_DECODER 0
+#define CONFIG_YUV4_DECODER 0
+#define CONFIG_ZERO12V_DECODER 0
+#define CONFIG_ZEROCODEC_DECODER 0
+#define CONFIG_ZLIB_DECODER 0
+#define CONFIG_ZMBV_DECODER 0
+#define CONFIG_AAC_DECODER 0
+#define CONFIG_AAC_FIXED_DECODER 0
+#define CONFIG_AAC_LATM_DECODER 0
+#define CONFIG_AC3_DECODER 0
+#define CONFIG_AC3_FIXED_DECODER 0
+#define CONFIG_ALAC_DECODER 0
+#define CONFIG_ALS_DECODER 0
+#define CONFIG_AMRNB_DECODER 0
+#define CONFIG_AMRWB_DECODER 0
+#define CONFIG_APE_DECODER 0
+#define CONFIG_ATRAC1_DECODER 0
+#define CONFIG_ATRAC3_DECODER 0
+#define CONFIG_ATRAC3AL_DECODER 0
+#define CONFIG_ATRAC3P_DECODER 0
+#define CONFIG_ATRAC3PAL_DECODER 0
+#define CONFIG_BINKAUDIO_DCT_DECODER 0
+#define CONFIG_BINKAUDIO_RDFT_DECODER 0
+#define CONFIG_BMV_AUDIO_DECODER 0
+#define CONFIG_COOK_DECODER 0
+#define CONFIG_DCA_DECODER 0
+#define CONFIG_DOLBY_E_DECODER 0
+#define CONFIG_DSD_LSBF_DECODER 0
+#define CONFIG_DSD_MSBF_DECODER 0
+#define CONFIG_DSD_LSBF_PLANAR_DECODER 0
+#define CONFIG_DSD_MSBF_PLANAR_DECODER 0
+#define CONFIG_DSICINAUDIO_DECODER 0
+#define CONFIG_DSS_SP_DECODER 0
+#define CONFIG_DST_DECODER 0
+#define CONFIG_EAC3_DECODER 0
+#define CONFIG_EVRC_DECODER 0
+#define CONFIG_FFWAVESYNTH_DECODER 0
+#define CONFIG_G723_1_DECODER 0
+#define CONFIG_G729_DECODER 0
+#define CONFIG_GSM_DECODER 0
+#define CONFIG_GSM_MS_DECODER 0
+#define CONFIG_IAC_DECODER 0
+#define CONFIG_IMC_DECODER 0
+#define CONFIG_INTERPLAY_ACM_DECODER 0
+#define CONFIG_MACE3_DECODER 0
+#define CONFIG_MACE6_DECODER 0
+#define CONFIG_METASOUND_DECODER 0
+#define CONFIG_MLP_DECODER 0
+#define CONFIG_MP1_DECODER 0
+#define CONFIG_MP1FLOAT_DECODER 0
+#define CONFIG_MP2_DECODER 0
+#define CONFIG_MP2FLOAT_DECODER 0
+#define CONFIG_MP3_DECODER 0
+#define CONFIG_MP3FLOAT_DECODER 0
+#define CONFIG_MP3ADU_DECODER 0
+#define CONFIG_MP3ADUFLOAT_DECODER 0
+#define CONFIG_MP3ON4_DECODER 0
+#define CONFIG_MP3ON4FLOAT_DECODER 0
+#define CONFIG_MPC7_DECODER 0
+#define CONFIG_MPC8_DECODER 0
+#define CONFIG_NELLYMOSER_DECODER 0
+#define CONFIG_ON2AVC_DECODER 0
+#define CONFIG_OPUS_DECODER 0
+#define CONFIG_PAF_AUDIO_DECODER 0
+#define CONFIG_QCELP_DECODER 0
+#define CONFIG_QDM2_DECODER 0
+#define CONFIG_QDMC_DECODER 0
+#define CONFIG_RA_144_DECODER 0
+#define CONFIG_RA_288_DECODER 0
+#define CONFIG_RALF_DECODER 0
+#define CONFIG_SHORTEN_DECODER 0
+#define CONFIG_SIPR_DECODER 0
+#define CONFIG_SMACKAUD_DECODER 0
+#define CONFIG_SONIC_DECODER 0
+#define CONFIG_TAK_DECODER 0
+#define CONFIG_TRUEHD_DECODER 0
+#define CONFIG_TRUESPEECH_DECODER 0
+#define CONFIG_TTA_DECODER 0
+#define CONFIG_TWINVQ_DECODER 0
+#define CONFIG_VMDAUDIO_DECODER 0
+#define CONFIG_VORBIS_DECODER 0
+#define CONFIG_WAVPACK_DECODER 0
+#define CONFIG_WMALOSSLESS_DECODER 0
+#define CONFIG_WMAPRO_DECODER 0
+#define CONFIG_WMAV1_DECODER 0
+#define CONFIG_WMAV2_DECODER 0
+#define CONFIG_WMAVOICE_DECODER 0
+#define CONFIG_WS_SND1_DECODER 0
+#define CONFIG_XMA1_DECODER 0
+#define CONFIG_XMA2_DECODER 0
+#define CONFIG_PCM_ALAW_DECODER 0
+#define CONFIG_PCM_BLURAY_DECODER 0
+#define CONFIG_PCM_DVD_DECODER 0
+#define CONFIG_PCM_F16LE_DECODER 0
+#define CONFIG_PCM_F24LE_DECODER 0
+#define CONFIG_PCM_F32BE_DECODER 0
+#define CONFIG_PCM_F32LE_DECODER 0
+#define CONFIG_PCM_F64BE_DECODER 0
+#define CONFIG_PCM_F64LE_DECODER 0
+#define CONFIG_PCM_LXF_DECODER 0
+#define CONFIG_PCM_MULAW_DECODER 0
+#define CONFIG_PCM_S8_DECODER 0
+#define CONFIG_PCM_S8_PLANAR_DECODER 0
+#define CONFIG_PCM_S16BE_DECODER 0
+#define CONFIG_PCM_S16BE_PLANAR_DECODER 0
+#define CONFIG_PCM_S16LE_DECODER 0
+#define CONFIG_PCM_S16LE_PLANAR_DECODER 0
+#define CONFIG_PCM_S24BE_DECODER 0
+#define CONFIG_PCM_S24DAUD_DECODER 0
+#define CONFIG_PCM_S24LE_DECODER 0
+#define CONFIG_PCM_S24LE_PLANAR_DECODER 0
+#define CONFIG_PCM_S32BE_DECODER 0
+#define CONFIG_PCM_S32LE_DECODER 0
+#define CONFIG_PCM_S32LE_PLANAR_DECODER 0
+#define CONFIG_PCM_S64BE_DECODER 0
+#define CONFIG_PCM_S64LE_DECODER 0
+#define CONFIG_PCM_U8_DECODER 0
+#define CONFIG_PCM_U16BE_DECODER 0
+#define CONFIG_PCM_U16LE_DECODER 0
+#define CONFIG_PCM_U24BE_DECODER 0
+#define CONFIG_PCM_U24LE_DECODER 0
+#define CONFIG_PCM_U32BE_DECODER 0
+#define CONFIG_PCM_U32LE_DECODER 0
+#define CONFIG_PCM_ZORK_DECODER 0
+#define CONFIG_GREMLIN_DPCM_DECODER 0
+#define CONFIG_INTERPLAY_DPCM_DECODER 0
+#define CONFIG_ROQ_DPCM_DECODER 0
+#define CONFIG_SOL_DPCM_DECODER 0
+#define CONFIG_XAN_DPCM_DECODER 0
+#define CONFIG_ADPCM_4XM_DECODER 0
+#define CONFIG_ADPCM_ADX_DECODER 0
+#define CONFIG_ADPCM_AFC_DECODER 0
+#define CONFIG_ADPCM_AICA_DECODER 0
+#define CONFIG_ADPCM_CT_DECODER 0
+#define CONFIG_ADPCM_DTK_DECODER 0
+#define CONFIG_ADPCM_EA_DECODER 0
+#define CONFIG_ADPCM_EA_MAXIS_XA_DECODER 0
+#define CONFIG_ADPCM_EA_R1_DECODER 0
+#define CONFIG_ADPCM_EA_R2_DECODER 0
+#define CONFIG_ADPCM_EA_R3_DECODER 0
+#define CONFIG_ADPCM_EA_XAS_DECODER 0
+#define CONFIG_ADPCM_G722_DECODER 0
+#define CONFIG_ADPCM_G726_DECODER 0
+#define CONFIG_ADPCM_G726LE_DECODER 0
+#define CONFIG_ADPCM_IMA_AMV_DECODER 0
+#define CONFIG_ADPCM_IMA_APC_DECODER 0
+#define CONFIG_ADPCM_IMA_DAT4_DECODER 0
+#define CONFIG_ADPCM_IMA_DK3_DECODER 0
+#define CONFIG_ADPCM_IMA_DK4_DECODER 0
+#define CONFIG_ADPCM_IMA_EA_EACS_DECODER 0
+#define CONFIG_ADPCM_IMA_EA_SEAD_DECODER 0
+#define CONFIG_ADPCM_IMA_ISS_DECODER 0
+#define CONFIG_ADPCM_IMA_OKI_DECODER 0
+#define CONFIG_ADPCM_IMA_QT_DECODER 0
+#define CONFIG_ADPCM_IMA_RAD_DECODER 0
+#define CONFIG_ADPCM_IMA_SMJPEG_DECODER 0
+#define CONFIG_ADPCM_IMA_WAV_DECODER 0
+#define CONFIG_ADPCM_IMA_WS_DECODER 0
+#define CONFIG_ADPCM_MS_DECODER 0
+#define CONFIG_ADPCM_MTAF_DECODER 0
+#define CONFIG_ADPCM_PSX_DECODER 0
+#define CONFIG_ADPCM_SBPRO_2_DECODER 0
+#define CONFIG_ADPCM_SBPRO_3_DECODER 0
+#define CONFIG_ADPCM_SBPRO_4_DECODER 0
+#define CONFIG_ADPCM_SWF_DECODER 0
+#define CONFIG_ADPCM_THP_DECODER 0
+#define CONFIG_ADPCM_THP_LE_DECODER 0
+#define CONFIG_ADPCM_VIMA_DECODER 0
+#define CONFIG_ADPCM_XA_DECODER 0
+#define CONFIG_ADPCM_YAMAHA_DECODER 0
+#define CONFIG_SSA_DECODER 0
+#define CONFIG_ASS_DECODER 0
+#define CONFIG_CCAPTION_DECODER 0
+#define CONFIG_DVBSUB_DECODER 0
+#define CONFIG_DVDSUB_DECODER 0
+#define CONFIG_JACOSUB_DECODER 0
+#define CONFIG_MICRODVD_DECODER 0
+#define CONFIG_MOVTEXT_DECODER 0
+#define CONFIG_MPL2_DECODER 0
+#define CONFIG_PGSSUB_DECODER 0
+#define CONFIG_PJS_DECODER 0
+#define CONFIG_REALTEXT_DECODER 0
+#define CONFIG_SAMI_DECODER 0
+#define CONFIG_SRT_DECODER 0
+#define CONFIG_STL_DECODER 0
+#define CONFIG_SUBRIP_DECODER 0
+#define CONFIG_SUBVIEWER_DECODER 0
+#define CONFIG_SUBVIEWER1_DECODER 0
+#define CONFIG_TEXT_DECODER 0
+#define CONFIG_VPLAYER_DECODER 0
+#define CONFIG_WEBVTT_DECODER 0
+#define CONFIG_XSUB_DECODER 0
+#define CONFIG_AAC_AT_DECODER 0
+#define CONFIG_AC3_AT_DECODER 0
+#define CONFIG_ADPCM_IMA_QT_AT_DECODER 0
+#define CONFIG_ALAC_AT_DECODER 0
+#define CONFIG_AMR_NB_AT_DECODER 0
+#define CONFIG_EAC3_AT_DECODER 0
+#define CONFIG_GSM_MS_AT_DECODER 0
+#define CONFIG_ILBC_AT_DECODER 0
+#define CONFIG_MP1_AT_DECODER 0
+#define CONFIG_MP2_AT_DECODER 0
+#define CONFIG_MP3_AT_DECODER 0
+#define CONFIG_PCM_ALAW_AT_DECODER 0
+#define CONFIG_PCM_MULAW_AT_DECODER 0
+#define CONFIG_QDMC_AT_DECODER 0
+#define CONFIG_QDM2_AT_DECODER 0
+#define CONFIG_LIBCELT_DECODER 0
+#define CONFIG_LIBFDK_AAC_DECODER 0
+#define CONFIG_LIBGSM_DECODER 0
+#define CONFIG_LIBGSM_MS_DECODER 0
+#define CONFIG_LIBILBC_DECODER 0
+#define CONFIG_LIBOPENCORE_AMRNB_DECODER 0
+#define CONFIG_LIBOPENCORE_AMRWB_DECODER 0
+#define CONFIG_LIBOPENJPEG_DECODER 0
+#define CONFIG_LIBOPUS_DECODER 0
+#define CONFIG_LIBRSVG_DECODER 0
+#define CONFIG_LIBSPEEX_DECODER 0
+#define CONFIG_LIBVORBIS_DECODER 0
+#define CONFIG_LIBVPX_VP8_DECODER 0
+#define CONFIG_LIBVPX_VP9_DECODER 0
+#define CONFIG_LIBZVBI_TELETEXT_DECODER 0
+#define CONFIG_BINTEXT_DECODER 0
+#define CONFIG_XBIN_DECODER 0
+#define CONFIG_IDF_DECODER 0
+#define CONFIG_LIBOPENH264_DECODER 0
+#define CONFIG_H264_CUVID_DECODER 0
+#define CONFIG_HEVC_CUVID_DECODER 0
+#define CONFIG_HEVC_MEDIACODEC_DECODER 0
+#define CONFIG_MJPEG_CUVID_DECODER 0
+#define CONFIG_MPEG1_CUVID_DECODER 0
+#define CONFIG_MPEG2_CUVID_DECODER 0
+#define CONFIG_MPEG4_CUVID_DECODER 0
+#define CONFIG_MPEG4_MEDIACODEC_DECODER 0
+#define CONFIG_VC1_CUVID_DECODER 0
+#define CONFIG_VP8_CUVID_DECODER 0
+#define CONFIG_VP8_MEDIACODEC_DECODER 0
+#define CONFIG_VP8_QSV_DECODER 0
+#define CONFIG_VP9_CUVID_DECODER 0
+#define CONFIG_VP9_MEDIACODEC_DECODER 0
+#define CONFIG_AA_DEMUXER 0
+#define CONFIG_AAC_DEMUXER 0
+#define CONFIG_AC3_DEMUXER 0
+#define CONFIG_ACM_DEMUXER 0
+#define CONFIG_ACT_DEMUXER 0
+#define CONFIG_ADF_DEMUXER 0
+#define CONFIG_ADP_DEMUXER 0
+#define CONFIG_ADS_DEMUXER 0
+#define CONFIG_ADX_DEMUXER 0
+#define CONFIG_AEA_DEMUXER 0
+#define CONFIG_AFC_DEMUXER 0
+#define CONFIG_AIFF_DEMUXER 0
+#define CONFIG_AIX_DEMUXER 0
+#define CONFIG_AMR_DEMUXER 0
+#define CONFIG_ANM_DEMUXER 0
+#define CONFIG_APC_DEMUXER 0
+#define CONFIG_APE_DEMUXER 0
+#define CONFIG_APNG_DEMUXER 0
+#define CONFIG_AQTITLE_DEMUXER 0
+#define CONFIG_ASF_DEMUXER 0
+#define CONFIG_ASF_O_DEMUXER 0
+#define CONFIG_ASS_DEMUXER 0
+#define CONFIG_AST_DEMUXER 0
+#define CONFIG_AU_DEMUXER 0
+#define CONFIG_AVI_DEMUXER 0
+#define CONFIG_AVISYNTH_DEMUXER 0
+#define CONFIG_AVR_DEMUXER 0
+#define CONFIG_AVS_DEMUXER 0
+#define CONFIG_BETHSOFTVID_DEMUXER 0
+#define CONFIG_BFI_DEMUXER 0
+#define CONFIG_BINTEXT_DEMUXER 0
+#define CONFIG_BINK_DEMUXER 0
+#define CONFIG_BIT_DEMUXER 0
+#define CONFIG_BMV_DEMUXER 0
+#define CONFIG_BFSTM_DEMUXER 0
+#define CONFIG_BRSTM_DEMUXER 0
+#define CONFIG_BOA_DEMUXER 0
+#define CONFIG_C93_DEMUXER 0
+#define CONFIG_CAF_DEMUXER 0
+#define CONFIG_CAVSVIDEO_DEMUXER 0
+#define CONFIG_CDG_DEMUXER 0
+#define CONFIG_CDXL_DEMUXER 0
+#define CONFIG_CINE_DEMUXER 0
+#define CONFIG_CONCAT_DEMUXER 0
+#define CONFIG_DASH_DEMUXER 0
+#define CONFIG_DATA_DEMUXER 0
+#define CONFIG_DAUD_DEMUXER 0
+#define CONFIG_DCSTR_DEMUXER 0
+#define CONFIG_DFA_DEMUXER 0
+#define CONFIG_DIRAC_DEMUXER 0
+#define CONFIG_DNXHD_DEMUXER 0
+#define CONFIG_DSF_DEMUXER 0
+#define CONFIG_DSICIN_DEMUXER 0
+#define CONFIG_DSS_DEMUXER 0
+#define CONFIG_DTS_DEMUXER 0
+#define CONFIG_DTSHD_DEMUXER 0
+#define CONFIG_DV_DEMUXER 0
+#define CONFIG_DVBSUB_DEMUXER 0
+#define CONFIG_DVBTXT_DEMUXER 0
+#define CONFIG_DXA_DEMUXER 0
+#define CONFIG_EA_DEMUXER 0
+#define CONFIG_EA_CDATA_DEMUXER 0
+#define CONFIG_EAC3_DEMUXER 0
+#define CONFIG_EPAF_DEMUXER 0
+#define CONFIG_FFM_DEMUXER 0
+#define CONFIG_FFMETADATA_DEMUXER 0
+#define CONFIG_FILMSTRIP_DEMUXER 0
+#define CONFIG_FITS_DEMUXER 0
+#define CONFIG_FLAC_DEMUXER 0
+#define CONFIG_FLIC_DEMUXER 0
+#define CONFIG_FLV_DEMUXER 0
+#define CONFIG_LIVE_FLV_DEMUXER 0
+#define CONFIG_FOURXM_DEMUXER 0
+#define CONFIG_FRM_DEMUXER 0
+#define CONFIG_FSB_DEMUXER 0
+#define CONFIG_G722_DEMUXER 0
+#define CONFIG_G723_1_DEMUXER 0
+#define CONFIG_G726_DEMUXER 0
+#define CONFIG_G726LE_DEMUXER 0
+#define CONFIG_G729_DEMUXER 0
+#define CONFIG_GDV_DEMUXER 0
+#define CONFIG_GENH_DEMUXER 0
+#define CONFIG_GIF_DEMUXER 0
+#define CONFIG_GSM_DEMUXER 0
+#define CONFIG_GXF_DEMUXER 0
+#define CONFIG_H261_DEMUXER 0
+#define CONFIG_H263_DEMUXER 0
+#define CONFIG_H264_DEMUXER 0
+#define CONFIG_HEVC_DEMUXER 0
+#define CONFIG_HLS_DEMUXER 0
+#define CONFIG_HNM_DEMUXER 0
+#define CONFIG_ICO_DEMUXER 0
+#define CONFIG_IDCIN_DEMUXER 0
+#define CONFIG_IDF_DEMUXER 0
+#define CONFIG_IFF_DEMUXER 0
+#define CONFIG_ILBC_DEMUXER 0
+#define CONFIG_IMAGE2_DEMUXER 0
+#define CONFIG_IMAGE2PIPE_DEMUXER 0
+#define CONFIG_IMAGE2_ALIAS_PIX_DEMUXER 0
+#define CONFIG_IMAGE2_BRENDER_PIX_DEMUXER 0
+#define CONFIG_INGENIENT_DEMUXER 0
+#define CONFIG_IPMOVIE_DEMUXER 0
+#define CONFIG_IRCAM_DEMUXER 0
+#define CONFIG_ISS_DEMUXER 0
+#define CONFIG_IV8_DEMUXER 0
+#define CONFIG_IVF_DEMUXER 0
+#define CONFIG_IVR_DEMUXER 0
+#define CONFIG_JACOSUB_DEMUXER 0
+#define CONFIG_JV_DEMUXER 0
+#define CONFIG_LMLM4_DEMUXER 0
+#define CONFIG_LOAS_DEMUXER 0
+#define CONFIG_LRC_DEMUXER 0
+#define CONFIG_LVF_DEMUXER 0
+#define CONFIG_LXF_DEMUXER 0
+#define CONFIG_M4V_DEMUXER 0
+#define CONFIG_MATROSKA_DEMUXER 0
+#define CONFIG_MGSTS_DEMUXER 0
+#define CONFIG_MICRODVD_DEMUXER 0
+#define CONFIG_MJPEG_DEMUXER 0
+#define CONFIG_MJPEG_2000_DEMUXER 0
+#define CONFIG_MLP_DEMUXER 0
+#define CONFIG_MLV_DEMUXER 0
+#define CONFIG_MM_DEMUXER 0
+#define CONFIG_MMF_DEMUXER 0
+#define CONFIG_MOV_DEMUXER 0
+#define CONFIG_MP3_DEMUXER 0
+#define CONFIG_MPC_DEMUXER 0
+#define CONFIG_MPC8_DEMUXER 0
+#define CONFIG_MPEGPS_DEMUXER 0
+#define CONFIG_MPEGTS_DEMUXER 0
+#define CONFIG_MPEGTSRAW_DEMUXER 0
+#define CONFIG_MPEGVIDEO_DEMUXER 0
+#define CONFIG_MPJPEG_DEMUXER 0
+#define CONFIG_MPL2_DEMUXER 0
+#define CONFIG_MPSUB_DEMUXER 0
+#define CONFIG_MSF_DEMUXER 0
+#define CONFIG_MSNWC_TCP_DEMUXER 0
+#define CONFIG_MTAF_DEMUXER 0
+#define CONFIG_MTV_DEMUXER 0
+#define CONFIG_MUSX_DEMUXER 0
+#define CONFIG_MV_DEMUXER 0
+#define CONFIG_MVI_DEMUXER 0
+#define CONFIG_MXF_DEMUXER 0
+#define CONFIG_MXG_DEMUXER 0
+#define CONFIG_NC_DEMUXER 0
+#define CONFIG_NISTSPHERE_DEMUXER 0
+#define CONFIG_NSV_DEMUXER 0
+#define CONFIG_NUT_DEMUXER 0
+#define CONFIG_NUV_DEMUXER 0
+#define CONFIG_OGG_DEMUXER 0
+#define CONFIG_OMA_DEMUXER 0
+#define CONFIG_PAF_DEMUXER 0
+#define CONFIG_PCM_ALAW_DEMUXER 0
+#define CONFIG_PCM_MULAW_DEMUXER 0
+#define CONFIG_PCM_F64BE_DEMUXER 0
+#define CONFIG_PCM_F64LE_DEMUXER 0
+#define CONFIG_PCM_F32BE_DEMUXER 0
+#define CONFIG_PCM_F32LE_DEMUXER 0
+#define CONFIG_PCM_S32BE_DEMUXER 0
+#define CONFIG_PCM_S32LE_DEMUXER 0
+#define CONFIG_PCM_S24BE_DEMUXER 0
+#define CONFIG_PCM_S24LE_DEMUXER 0
+#define CONFIG_PCM_S16BE_DEMUXER 0
+#define CONFIG_PCM_S16LE_DEMUXER 0
+#define CONFIG_PCM_S8_DEMUXER 0
+#define CONFIG_PCM_U32BE_DEMUXER 0
+#define CONFIG_PCM_U32LE_DEMUXER 0
+#define CONFIG_PCM_U24BE_DEMUXER 0
+#define CONFIG_PCM_U24LE_DEMUXER 0
+#define CONFIG_PCM_U16BE_DEMUXER 0
+#define CONFIG_PCM_U16LE_DEMUXER 0
+#define CONFIG_PCM_U8_DEMUXER 0
+#define CONFIG_PJS_DEMUXER 0
+#define CONFIG_PMP_DEMUXER 0
+#define CONFIG_PVA_DEMUXER 0
+#define CONFIG_PVF_DEMUXER 0
+#define CONFIG_QCP_DEMUXER 0
+#define CONFIG_R3D_DEMUXER 0
+#define CONFIG_RAWVIDEO_DEMUXER 0
+#define CONFIG_REALTEXT_DEMUXER 0
+#define CONFIG_REDSPARK_DEMUXER 0
+#define CONFIG_RL2_DEMUXER 0
+#define CONFIG_RM_DEMUXER 0
+#define CONFIG_ROQ_DEMUXER 0
+#define CONFIG_RPL_DEMUXER 0
+#define CONFIG_RSD_DEMUXER 0
+#define CONFIG_RSO_DEMUXER 0
+#define CONFIG_RTP_DEMUXER 0
+#define CONFIG_RTSP_DEMUXER 0
+#define CONFIG_S337M_DEMUXER 0
+#define CONFIG_SAMI_DEMUXER 0
+#define CONFIG_SAP_DEMUXER 0
+#define CONFIG_SBG_DEMUXER 0
+#define CONFIG_SCC_DEMUXER 0
+#define CONFIG_SDP_DEMUXER 0
+#define CONFIG_SDR2_DEMUXER 0
+#define CONFIG_SDS_DEMUXER 0
+#define CONFIG_SDX_DEMUXER 0
+#define CONFIG_SEGAFILM_DEMUXER 0
+#define CONFIG_SHORTEN_DEMUXER 0
+#define CONFIG_SIFF_DEMUXER 0
+#define CONFIG_SLN_DEMUXER 0
+#define CONFIG_SMACKER_DEMUXER 0
+#define CONFIG_SMJPEG_DEMUXER 0
+#define CONFIG_SMUSH_DEMUXER 0
+#define CONFIG_SOL_DEMUXER 0
+#define CONFIG_SOX_DEMUXER 0
+#define CONFIG_SPDIF_DEMUXER 0
+#define CONFIG_SRT_DEMUXER 0
+#define CONFIG_STR_DEMUXER 0
+#define CONFIG_STL_DEMUXER 0
+#define CONFIG_SUBVIEWER1_DEMUXER 0
+#define CONFIG_SUBVIEWER_DEMUXER 0
+#define CONFIG_SUP_DEMUXER 0
+#define CONFIG_SVAG_DEMUXER 0
+#define CONFIG_SWF_DEMUXER 0
+#define CONFIG_TAK_DEMUXER 0
+#define CONFIG_TEDCAPTIONS_DEMUXER 0
+#define CONFIG_THP_DEMUXER 0
+#define CONFIG_THREEDOSTR_DEMUXER 0
+#define CONFIG_TIERTEXSEQ_DEMUXER 0
+#define CONFIG_TMV_DEMUXER 0
+#define CONFIG_TRUEHD_DEMUXER 0
+#define CONFIG_TTA_DEMUXER 0
+#define CONFIG_TXD_DEMUXER 0
+#define CONFIG_TTY_DEMUXER 0
+#define CONFIG_V210_DEMUXER 0
+#define CONFIG_V210X_DEMUXER 0
+#define CONFIG_VAG_DEMUXER 0
+#define CONFIG_VC1_DEMUXER 0
+#define CONFIG_VC1T_DEMUXER 0
+#define CONFIG_VIVO_DEMUXER 0
+#define CONFIG_VMD_DEMUXER 0
+#define CONFIG_VOBSUB_DEMUXER 0
+#define CONFIG_VOC_DEMUXER 0
+#define CONFIG_VPK_DEMUXER 0
+#define CONFIG_VPLAYER_DEMUXER 0
+#define CONFIG_VQF_DEMUXER 0
+#define CONFIG_W64_DEMUXER 0
+#define CONFIG_WAV_DEMUXER 0
+#define CONFIG_WC3_DEMUXER 0
+#define CONFIG_WEBM_DASH_MANIFEST_DEMUXER 0
+#define CONFIG_WEBVTT_DEMUXER 0
+#define CONFIG_WSAUD_DEMUXER 0
+#define CONFIG_WSD_DEMUXER 0
+#define CONFIG_WSVQA_DEMUXER 0
+#define CONFIG_WTV_DEMUXER 0
+#define CONFIG_WVE_DEMUXER 0
+#define CONFIG_WV_DEMUXER 0
+#define CONFIG_XA_DEMUXER 0
+#define CONFIG_XBIN_DEMUXER 0
+#define CONFIG_XMV_DEMUXER 0
+#define CONFIG_XVAG_DEMUXER 0
+#define CONFIG_XWMA_DEMUXER 0
+#define CONFIG_YOP_DEMUXER 0
+#define CONFIG_YUV4MPEGPIPE_DEMUXER 0
+#define CONFIG_IMAGE_BMP_PIPE_DEMUXER 0
+#define CONFIG_IMAGE_DDS_PIPE_DEMUXER 0
+#define CONFIG_IMAGE_DPX_PIPE_DEMUXER 0
+#define CONFIG_IMAGE_EXR_PIPE_DEMUXER 0
+#define CONFIG_IMAGE_J2K_PIPE_DEMUXER 0
+#define CONFIG_IMAGE_JPEG_PIPE_DEMUXER 0
+#define CONFIG_IMAGE_JPEGLS_PIPE_DEMUXER 0
+#define CONFIG_IMAGE_PAM_PIPE_DEMUXER 0
+#define CONFIG_IMAGE_PBM_PIPE_DEMUXER 0
+#define CONFIG_IMAGE_PCX_PIPE_DEMUXER 0
+#define CONFIG_IMAGE_PGMYUV_PIPE_DEMUXER 0
+#define CONFIG_IMAGE_PGM_PIPE_DEMUXER 0
+#define CONFIG_IMAGE_PICTOR_PIPE_DEMUXER 0
+#define CONFIG_IMAGE_PNG_PIPE_DEMUXER 0
+#define CONFIG_IMAGE_PPM_PIPE_DEMUXER 0
+#define CONFIG_IMAGE_PSD_PIPE_DEMUXER 0
+#define CONFIG_IMAGE_QDRAW_PIPE_DEMUXER 0
+#define CONFIG_IMAGE_SGI_PIPE_DEMUXER 0
+#define CONFIG_IMAGE_SVG_PIPE_DEMUXER 0
+#define CONFIG_IMAGE_SUNRAST_PIPE_DEMUXER 0
+#define CONFIG_IMAGE_TIFF_PIPE_DEMUXER 0
+#define CONFIG_IMAGE_WEBP_PIPE_DEMUXER 0
+#define CONFIG_IMAGE_XPM_PIPE_DEMUXER 0
+#define CONFIG_LIBGME_DEMUXER 0
+#define CONFIG_LIBMODPLUG_DEMUXER 0
+#define CONFIG_LIBOPENMPT_DEMUXER 0
+#define CONFIG_A64MULTI_ENCODER 0
+#define CONFIG_A64MULTI5_ENCODER 0
+#define CONFIG_ALIAS_PIX_ENCODER 0
+#define CONFIG_AMV_ENCODER 0
+#define CONFIG_APNG_ENCODER 0
+#define CONFIG_ASV1_ENCODER 0
+#define CONFIG_ASV2_ENCODER 0
+#define CONFIG_AVRP_ENCODER 0
+#define CONFIG_AVUI_ENCODER 0
+#define CONFIG_AYUV_ENCODER 0
+#define CONFIG_BMP_ENCODER 0
+#define CONFIG_CINEPAK_ENCODER 0
+#define CONFIG_CLJR_ENCODER 0
+#define CONFIG_COMFORTNOISE_ENCODER 0
+#define CONFIG_DNXHD_ENCODER 0
+#define CONFIG_DPX_ENCODER 0
+#define CONFIG_DVVIDEO_ENCODER 0
+#define CONFIG_FFV1_ENCODER 0
+#define CONFIG_FFVHUFF_ENCODER 0
+#define CONFIG_FITS_ENCODER 0
+#define CONFIG_FLASHSV_ENCODER 0
+#define CONFIG_FLASHSV2_ENCODER 0
+#define CONFIG_FLV_ENCODER 0
+#define CONFIG_GIF_ENCODER 0
+#define CONFIG_H261_ENCODER 0
+#define CONFIG_H263_ENCODER 0
+#define CONFIG_H263P_ENCODER 0
+#define CONFIG_HAP_ENCODER 0
+#define CONFIG_HUFFYUV_ENCODER 0
+#define CONFIG_JPEG2000_ENCODER 0
+#define CONFIG_JPEGLS_ENCODER 0
+#define CONFIG_LJPEG_ENCODER 0
+#define CONFIG_MJPEG_ENCODER 0
+#define CONFIG_MPEG1VIDEO_ENCODER 0
+#define CONFIG_MPEG2VIDEO_ENCODER 0
+#define CONFIG_MPEG4_ENCODER 0
+#define CONFIG_MSMPEG4V2_ENCODER 0
+#define CONFIG_MSMPEG4V3_ENCODER 0
+#define CONFIG_MSVIDEO1_ENCODER 0
+#define CONFIG_PAM_ENCODER 0
+#define CONFIG_PBM_ENCODER 0
+#define CONFIG_PCX_ENCODER 0
+#define CONFIG_PGM_ENCODER 0
+#define CONFIG_PGMYUV_ENCODER 0
+#define CONFIG_PNG_ENCODER 0
+#define CONFIG_PPM_ENCODER 0
+#define CONFIG_PRORES_ENCODER 0
+#define CONFIG_PRORES_AW_ENCODER 0
+#define CONFIG_PRORES_KS_ENCODER 0
+#define CONFIG_QTRLE_ENCODER 0
+#define CONFIG_R10K_ENCODER 0
+#define CONFIG_R210_ENCODER 0
+#define CONFIG_RAWVIDEO_ENCODER 0
+#define CONFIG_ROQ_ENCODER 0
+#define CONFIG_RV10_ENCODER 0
+#define CONFIG_RV20_ENCODER 0
+#define CONFIG_S302M_ENCODER 0
+#define CONFIG_SGI_ENCODER 0
+#define CONFIG_SNOW_ENCODER 0
+#define CONFIG_SUNRAST_ENCODER 0
+#define CONFIG_SVQ1_ENCODER 0
+#define CONFIG_TARGA_ENCODER 0
+#define CONFIG_TIFF_ENCODER 0
+#define CONFIG_UTVIDEO_ENCODER 0
+#define CONFIG_V210_ENCODER 0
+#define CONFIG_V308_ENCODER 0
+#define CONFIG_V408_ENCODER 0
+#define CONFIG_V410_ENCODER 0
+#define CONFIG_VC2_ENCODER 0
+#define CONFIG_WRAPPED_AVFRAME_ENCODER 0
+#define CONFIG_WMV1_ENCODER 0
+#define CONFIG_WMV2_ENCODER 0
+#define CONFIG_XBM_ENCODER 0
+#define CONFIG_XFACE_ENCODER 0
+#define CONFIG_XWD_ENCODER 0
+#define CONFIG_Y41P_ENCODER 0
+#define CONFIG_YUV4_ENCODER 0
+#define CONFIG_ZLIB_ENCODER 0
+#define CONFIG_ZMBV_ENCODER 0
+#define CONFIG_AAC_ENCODER 0
+#define CONFIG_AC3_ENCODER 0
+#define CONFIG_AC3_FIXED_ENCODER 0
+#define CONFIG_ALAC_ENCODER 0
+#define CONFIG_DCA_ENCODER 0
+#define CONFIG_EAC3_ENCODER 0
+#define CONFIG_FLAC_ENCODER 0
+#define CONFIG_G723_1_ENCODER 0
+#define CONFIG_MLP_ENCODER 0
+#define CONFIG_MP2_ENCODER 0
+#define CONFIG_MP2FIXED_ENCODER 0
+#define CONFIG_NELLYMOSER_ENCODER 0
+#define CONFIG_OPUS_ENCODER 0
+#define CONFIG_RA_144_ENCODER 0
+#define CONFIG_SONIC_ENCODER 0
+#define CONFIG_SONIC_LS_ENCODER 0
+#define CONFIG_TRUEHD_ENCODER 0
+#define CONFIG_TTA_ENCODER 0
+#define CONFIG_VORBIS_ENCODER 0
+#define CONFIG_WAVPACK_ENCODER 0
+#define CONFIG_WMAV1_ENCODER 0
+#define CONFIG_WMAV2_ENCODER 0
+#define CONFIG_PCM_ALAW_ENCODER 0
+#define CONFIG_PCM_F32BE_ENCODER 0
+#define CONFIG_PCM_F32LE_ENCODER 0
+#define CONFIG_PCM_F64BE_ENCODER 0
+#define CONFIG_PCM_F64LE_ENCODER 0
+#define CONFIG_PCM_MULAW_ENCODER 0
+#define CONFIG_PCM_S8_ENCODER 0
+#define CONFIG_PCM_S8_PLANAR_ENCODER 0
+#define CONFIG_PCM_S16BE_ENCODER 0
+#define CONFIG_PCM_S16BE_PLANAR_ENCODER 0
+#define CONFIG_PCM_S16LE_ENCODER 0
+#define CONFIG_PCM_S16LE_PLANAR_ENCODER 0
+#define CONFIG_PCM_S24BE_ENCODER 0
+#define CONFIG_PCM_S24DAUD_ENCODER 0
+#define CONFIG_PCM_S24LE_ENCODER 0
+#define CONFIG_PCM_S24LE_PLANAR_ENCODER 0
+#define CONFIG_PCM_S32BE_ENCODER 0
+#define CONFIG_PCM_S32LE_ENCODER 0
+#define CONFIG_PCM_S32LE_PLANAR_ENCODER 0
+#define CONFIG_PCM_S64BE_ENCODER 0
+#define CONFIG_PCM_S64LE_ENCODER 0
+#define CONFIG_PCM_U8_ENCODER 0
+#define CONFIG_PCM_U16BE_ENCODER 0
+#define CONFIG_PCM_U16LE_ENCODER 0
+#define CONFIG_PCM_U24BE_ENCODER 0
+#define CONFIG_PCM_U24LE_ENCODER 0
+#define CONFIG_PCM_U32BE_ENCODER 0
+#define CONFIG_PCM_U32LE_ENCODER 0
+#define CONFIG_ROQ_DPCM_ENCODER 0
+#define CONFIG_ADPCM_ADX_ENCODER 0
+#define CONFIG_ADPCM_G722_ENCODER 0
+#define CONFIG_ADPCM_G726_ENCODER 0
+#define CONFIG_ADPCM_G726LE_ENCODER 0
+#define CONFIG_ADPCM_IMA_QT_ENCODER 0
+#define CONFIG_ADPCM_IMA_WAV_ENCODER 0
+#define CONFIG_ADPCM_MS_ENCODER 0
+#define CONFIG_ADPCM_SWF_ENCODER 0
+#define CONFIG_ADPCM_YAMAHA_ENCODER 0
+#define CONFIG_SSA_ENCODER 0
+#define CONFIG_ASS_ENCODER 0
+#define CONFIG_DVBSUB_ENCODER 0
+#define CONFIG_DVDSUB_ENCODER 0
+#define CONFIG_MOVTEXT_ENCODER 0
+#define CONFIG_SRT_ENCODER 0
+#define CONFIG_SUBRIP_ENCODER 0
+#define CONFIG_TEXT_ENCODER 0
+#define CONFIG_WEBVTT_ENCODER 0
+#define CONFIG_XSUB_ENCODER 0
+#define CONFIG_AAC_AT_ENCODER 0
+#define CONFIG_ALAC_AT_ENCODER 0
+#define CONFIG_ILBC_AT_ENCODER 0
+#define CONFIG_PCM_ALAW_AT_ENCODER 0
+#define CONFIG_PCM_MULAW_AT_ENCODER 0
+#define CONFIG_LIBFDK_AAC_ENCODER 0
+#define CONFIG_LIBGSM_ENCODER 0
+#define CONFIG_LIBGSM_MS_ENCODER 0
+#define CONFIG_LIBILBC_ENCODER 0
+#define CONFIG_LIBMP3LAME_ENCODER 0
+#define CONFIG_LIBOPENCORE_AMRNB_ENCODER 0
+#define CONFIG_LIBOPENJPEG_ENCODER 0
+#define CONFIG_LIBOPUS_ENCODER 0
+#define CONFIG_LIBSHINE_ENCODER 0
+#define CONFIG_LIBSPEEX_ENCODER 0
+#define CONFIG_LIBTHEORA_ENCODER 0
+#define CONFIG_LIBTWOLAME_ENCODER 0
+#define CONFIG_LIBVO_AMRWBENC_ENCODER 0
+#define CONFIG_LIBVORBIS_ENCODER 0
+#define CONFIG_LIBVPX_VP8_ENCODER 0
+#define CONFIG_LIBVPX_VP9_ENCODER 0
+#define CONFIG_LIBWAVPACK_ENCODER 0
+#define CONFIG_LIBWEBP_ANIM_ENCODER 0
+#define CONFIG_LIBWEBP_ENCODER 0
+#define CONFIG_LIBX262_ENCODER 0
+#define CONFIG_LIBX264_ENCODER 0
+#define CONFIG_LIBX264RGB_ENCODER 0
+#define CONFIG_LIBX265_ENCODER 0
+#define CONFIG_LIBXAVS_ENCODER 0
+#define CONFIG_LIBXVID_ENCODER 0
+#define CONFIG_H263_V4L2M2M_ENCODER 0
+#define CONFIG_LIBOPENH264_ENCODER 0
+#define CONFIG_H264_NVENC_ENCODER 0
+#define CONFIG_H264_OMX_ENCODER 0
+#define CONFIG_H264_QSV_ENCODER 0
+#define CONFIG_H264_V4L2M2M_ENCODER 0
+#define CONFIG_H264_VAAPI_ENCODER 0
+#define CONFIG_H264_VIDEOTOOLBOX_ENCODER 0
+#define CONFIG_NVENC_ENCODER 0
+#define CONFIG_NVENC_H264_ENCODER 0
+#define CONFIG_NVENC_HEVC_ENCODER 0
+#define CONFIG_HEVC_NVENC_ENCODER 0
+#define CONFIG_HEVC_QSV_ENCODER 0
+#define CONFIG_HEVC_V4L2M2M_ENCODER 0
+#define CONFIG_HEVC_VAAPI_ENCODER 0
+#define CONFIG_LIBKVAZAAR_ENCODER 0
+#define CONFIG_MJPEG_VAAPI_ENCODER 0
+#define CONFIG_MPEG2_QSV_ENCODER 0
+#define CONFIG_MPEG2_VAAPI_ENCODER 0
+#define CONFIG_MPEG4_V4L2M2M_ENCODER 0
+#define CONFIG_VP8_V4L2M2M_ENCODER 0
+#define CONFIG_VP8_VAAPI_ENCODER 0
+#define CONFIG_VP9_VAAPI_ENCODER 0
+#define CONFIG_ABENCH_FILTER 0
+#define CONFIG_ACOMPRESSOR_FILTER 0
+#define CONFIG_ACOPY_FILTER 0
+#define CONFIG_ACROSSFADE_FILTER 0
+#define CONFIG_ACRUSHER_FILTER 0
+#define CONFIG_ADELAY_FILTER 0
+#define CONFIG_AECHO_FILTER 0
+#define CONFIG_AEMPHASIS_FILTER 0
+#define CONFIG_AEVAL_FILTER 0
+#define CONFIG_AFADE_FILTER 0
+#define CONFIG_AFFTFILT_FILTER 0
+#define CONFIG_AFIR_FILTER 0
+#define CONFIG_AFORMAT_FILTER 0
+#define CONFIG_AGATE_FILTER 0
+#define CONFIG_AINTERLEAVE_FILTER 0
+#define CONFIG_ALIMITER_FILTER 0
+#define CONFIG_ALLPASS_FILTER 0
+#define CONFIG_ALOOP_FILTER 0
+#define CONFIG_AMERGE_FILTER 0
+#define CONFIG_AMETADATA_FILTER 0
+#define CONFIG_AMIX_FILTER 0
+#define CONFIG_ANEQUALIZER_FILTER 0
+#define CONFIG_ANULL_FILTER 0
+#define CONFIG_APAD_FILTER 0
+#define CONFIG_APERMS_FILTER 0
+#define CONFIG_APHASER_FILTER 0
+#define CONFIG_APULSATOR_FILTER 0
+#define CONFIG_AREALTIME_FILTER 0
+#define CONFIG_ARESAMPLE_FILTER 0
+#define CONFIG_AREVERSE_FILTER 0
+#define CONFIG_ASELECT_FILTER 0
+#define CONFIG_ASENDCMD_FILTER 0
+#define CONFIG_ASETNSAMPLES_FILTER 0
+#define CONFIG_ASETPTS_FILTER 0
+#define CONFIG_ASETRATE_FILTER 0
+#define CONFIG_ASETTB_FILTER 0
+#define CONFIG_ASHOWINFO_FILTER 0
+#define CONFIG_ASIDEDATA_FILTER 0
+#define CONFIG_ASPLIT_FILTER 0
+#define CONFIG_ASTATS_FILTER 0
+#define CONFIG_ASTREAMSELECT_FILTER 0
+#define CONFIG_ATEMPO_FILTER 0
+#define CONFIG_ATRIM_FILTER 0
+#define CONFIG_AZMQ_FILTER 0
+#define CONFIG_BANDPASS_FILTER 0
+#define CONFIG_BANDREJECT_FILTER 0
+#define CONFIG_BASS_FILTER 0
+#define CONFIG_BIQUAD_FILTER 0
+#define CONFIG_BS2B_FILTER 0
+#define CONFIG_CHANNELMAP_FILTER 0
+#define CONFIG_CHANNELSPLIT_FILTER 0
+#define CONFIG_CHORUS_FILTER 0
+#define CONFIG_COMPAND_FILTER 0
+#define CONFIG_COMPENSATIONDELAY_FILTER 0
+#define CONFIG_CROSSFEED_FILTER 0
+#define CONFIG_CRYSTALIZER_FILTER 0
+#define CONFIG_DCSHIFT_FILTER 0
+#define CONFIG_DYNAUDNORM_FILTER 0
+#define CONFIG_EARWAX_FILTER 0
+#define CONFIG_EBUR128_FILTER 0
+#define CONFIG_EQUALIZER_FILTER 0
+#define CONFIG_EXTRASTEREO_FILTER 0
+#define CONFIG_FIREQUALIZER_FILTER 0
+#define CONFIG_FLANGER_FILTER 0
+#define CONFIG_HAAS_FILTER 0
+#define CONFIG_HDCD_FILTER 0
+#define CONFIG_HEADPHONE_FILTER 0
+#define CONFIG_HIGHPASS_FILTER 0
+#define CONFIG_JOIN_FILTER 0
+#define CONFIG_LADSPA_FILTER 0
+#define CONFIG_LOUDNORM_FILTER 0
+#define CONFIG_LOWPASS_FILTER 0
+#define CONFIG_PAN_FILTER 0
+#define CONFIG_REPLAYGAIN_FILTER 0
+#define CONFIG_RESAMPLE_FILTER 0
+#define CONFIG_RUBBERBAND_FILTER 0
+#define CONFIG_SIDECHAINCOMPRESS_FILTER 0
+#define CONFIG_SIDECHAINGATE_FILTER 0
+#define CONFIG_SILENCEDETECT_FILTER 0
+#define CONFIG_SILENCEREMOVE_FILTER 0
+#define CONFIG_SOFALIZER_FILTER 0
+#define CONFIG_STEREOTOOLS_FILTER 0
+#define CONFIG_STEREOWIDEN_FILTER 0
+#define CONFIG_SUPEREQUALIZER_FILTER 0
+#define CONFIG_SURROUND_FILTER 0
+#define CONFIG_TREBLE_FILTER 0
+#define CONFIG_TREMOLO_FILTER 0
+#define CONFIG_VIBRATO_FILTER 0
+#define CONFIG_VOLUME_FILTER 0
+#define CONFIG_VOLUMEDETECT_FILTER 0
+#define CONFIG_AEVALSRC_FILTER 0
+#define CONFIG_ANOISESRC_FILTER 0
+#define CONFIG_ANULLSRC_FILTER 0
+#define CONFIG_FLITE_FILTER 0
+#define CONFIG_SINE_FILTER 0
+#define CONFIG_ANULLSINK_FILTER 0
+#define CONFIG_ALPHAEXTRACT_FILTER 0
+#define CONFIG_ALPHAMERGE_FILTER 0
+#define CONFIG_ASS_FILTER 0
+#define CONFIG_ATADENOISE_FILTER 0
+#define CONFIG_AVGBLUR_FILTER 0
+#define CONFIG_BBOX_FILTER 0
+#define CONFIG_BENCH_FILTER 0
+#define CONFIG_BITPLANENOISE_FILTER 0
+#define CONFIG_BLACKDETECT_FILTER 0
+#define CONFIG_BLACKFRAME_FILTER 0
+#define CONFIG_BLEND_FILTER 0
+#define CONFIG_BOXBLUR_FILTER 0
+#define CONFIG_BWDIF_FILTER 0
+#define CONFIG_CHROMAKEY_FILTER 0
+#define CONFIG_CIESCOPE_FILTER 0
+#define CONFIG_CODECVIEW_FILTER 0
+#define CONFIG_COLORBALANCE_FILTER 0
+#define CONFIG_COLORCHANNELMIXER_FILTER 0
+#define CONFIG_COLORKEY_FILTER 0
+#define CONFIG_COLORLEVELS_FILTER 0
+#define CONFIG_COLORMATRIX_FILTER 0
+#define CONFIG_COLORSPACE_FILTER 0
+#define CONFIG_CONVOLUTION_FILTER 0
+#define CONFIG_CONVOLVE_FILTER 0
+#define CONFIG_COPY_FILTER 0
+#define CONFIG_COREIMAGE_FILTER 0
+#define CONFIG_COVER_RECT_FILTER 0
+#define CONFIG_CROP_FILTER 0
+#define CONFIG_CROPDETECT_FILTER 0
+#define CONFIG_CURVES_FILTER 0
+#define CONFIG_DATASCOPE_FILTER 0
+#define CONFIG_DCTDNOIZ_FILTER 0
+#define CONFIG_DEBAND_FILTER 0
+#define CONFIG_DECIMATE_FILTER 0
+#define CONFIG_DEFLATE_FILTER 0
+#define CONFIG_DEFLICKER_FILTER 0
+#define CONFIG_DEINTERLACE_QSV_FILTER 0
+#define CONFIG_DEINTERLACE_VAAPI_FILTER 0
+#define CONFIG_DEJUDDER_FILTER 0
+#define CONFIG_DELOGO_FILTER 0
+#define CONFIG_DESHAKE_FILTER 0
+#define CONFIG_DESPILL_FILTER 0
+#define CONFIG_DETELECINE_FILTER 0
+#define CONFIG_DILATION_FILTER 0
+#define CONFIG_DISPLACE_FILTER 0
+#define CONFIG_DOUBLEWEAVE_FILTER 0
+#define CONFIG_DRAWBOX_FILTER 0
+#define CONFIG_DRAWGRAPH_FILTER 0
+#define CONFIG_DRAWGRID_FILTER 0
+#define CONFIG_DRAWTEXT_FILTER 0
+#define CONFIG_EDGEDETECT_FILTER 0
+#define CONFIG_ELBG_FILTER 0
+#define CONFIG_EQ_FILTER 0
+#define CONFIG_EROSION_FILTER 0
+#define CONFIG_EXTRACTPLANES_FILTER 0
+#define CONFIG_FADE_FILTER 0
+#define CONFIG_FFTFILT_FILTER 0
+#define CONFIG_FIELD_FILTER 0
+#define CONFIG_FIELDHINT_FILTER 0
+#define CONFIG_FIELDMATCH_FILTER 0
+#define CONFIG_FIELDORDER_FILTER 0
+#define CONFIG_FIND_RECT_FILTER 0
+#define CONFIG_FLOODFILL_FILTER 0
+#define CONFIG_FORMAT_FILTER 0
+#define CONFIG_FPS_FILTER 0
+#define CONFIG_FRAMEPACK_FILTER 0
+#define CONFIG_FRAMERATE_FILTER 0
+#define CONFIG_FRAMESTEP_FILTER 0
+#define CONFIG_FREI0R_FILTER 0
+#define CONFIG_FSPP_FILTER 0
+#define CONFIG_GBLUR_FILTER 0
+#define CONFIG_GEQ_FILTER 0
+#define CONFIG_GRADFUN_FILTER 0
+#define CONFIG_HALDCLUT_FILTER 0
+#define CONFIG_HFLIP_FILTER 0
+#define CONFIG_HISTEQ_FILTER 0
+#define CONFIG_HISTOGRAM_FILTER 0
+#define CONFIG_HQDN3D_FILTER 0
+#define CONFIG_HQX_FILTER 0
+#define CONFIG_HSTACK_FILTER 0
+#define CONFIG_HUE_FILTER 0
+#define CONFIG_HWDOWNLOAD_FILTER 0
+#define CONFIG_HWMAP_FILTER 0
+#define CONFIG_HWUPLOAD_FILTER 0
+#define CONFIG_HWUPLOAD_CUDA_FILTER 0
+#define CONFIG_HYSTERESIS_FILTER 0
+#define CONFIG_IDET_FILTER 0
+#define CONFIG_IL_FILTER 0
+#define CONFIG_INFLATE_FILTER 0
+#define CONFIG_INTERLACE_FILTER 0
+#define CONFIG_INTERLEAVE_FILTER 0
+#define CONFIG_KERNDEINT_FILTER 0
+#define CONFIG_LENSCORRECTION_FILTER 0
+#define CONFIG_LIBVMAF_FILTER 0
+#define CONFIG_LIMITER_FILTER 0
+#define CONFIG_LOOP_FILTER 0
+#define CONFIG_LUMAKEY_FILTER 0
+#define CONFIG_LUT_FILTER 0
+#define CONFIG_LUT2_FILTER 0
+#define CONFIG_LUT3D_FILTER 0
+#define CONFIG_LUTRGB_FILTER 0
+#define CONFIG_LUTYUV_FILTER 0
+#define CONFIG_MASKEDCLAMP_FILTER 0
+#define CONFIG_MASKEDMERGE_FILTER 0
+#define CONFIG_MCDEINT_FILTER 0
+#define CONFIG_MERGEPLANES_FILTER 0
+#define CONFIG_MESTIMATE_FILTER 0
+#define CONFIG_METADATA_FILTER 0
+#define CONFIG_MIDEQUALIZER_FILTER 0
+#define CONFIG_MINTERPOLATE_FILTER 0
+#define CONFIG_MPDECIMATE_FILTER 0
+#define CONFIG_NEGATE_FILTER 0
+#define CONFIG_NLMEANS_FILTER 0
+#define CONFIG_NNEDI_FILTER 0
+#define CONFIG_NOFORMAT_FILTER 0
+#define CONFIG_NOISE_FILTER 0
+#define CONFIG_NULL_FILTER 0
+#define CONFIG_OCR_FILTER 0
+#define CONFIG_OCV_FILTER 0
+#define CONFIG_OSCILLOSCOPE_FILTER 0
+#define CONFIG_OVERLAY_FILTER 0
+#define CONFIG_OWDENOISE_FILTER 0
+#define CONFIG_PAD_FILTER 0
+#define CONFIG_PALETTEGEN_FILTER 0
+#define CONFIG_PALETTEUSE_FILTER 0
+#define CONFIG_PERMS_FILTER 0
+#define CONFIG_PERSPECTIVE_FILTER 0
+#define CONFIG_PHASE_FILTER 0
+#define CONFIG_PIXDESCTEST_FILTER 0
+#define CONFIG_PIXSCOPE_FILTER 0
+#define CONFIG_PP_FILTER 0
+#define CONFIG_PP7_FILTER 0
+#define CONFIG_PREMULTIPLY_FILTER 0
+#define CONFIG_PREWITT_FILTER 0
+#define CONFIG_PSEUDOCOLOR_FILTER 0
+#define CONFIG_PSNR_FILTER 0
+#define CONFIG_PULLUP_FILTER 0
+#define CONFIG_QP_FILTER 0
+#define CONFIG_RANDOM_FILTER 0
+#define CONFIG_READEIA608_FILTER 0
+#define CONFIG_READVITC_FILTER 0
+#define CONFIG_REALTIME_FILTER 0
+#define CONFIG_REMAP_FILTER 0
+#define CONFIG_REMOVEGRAIN_FILTER 0
+#define CONFIG_REMOVELOGO_FILTER 0
+#define CONFIG_REPEATFIELDS_FILTER 0
+#define CONFIG_REVERSE_FILTER 0
+#define CONFIG_ROBERTS_FILTER 0
+#define CONFIG_ROTATE_FILTER 0
+#define CONFIG_SAB_FILTER 0
+#define CONFIG_SCALE_FILTER 0
+#define CONFIG_SCALE_CUDA_FILTER 0
+#define CONFIG_SCALE_NPP_FILTER 0
+#define CONFIG_SCALE_QSV_FILTER 0
+#define CONFIG_SCALE_VAAPI_FILTER 0
+#define CONFIG_SCALE2REF_FILTER 0
+#define CONFIG_SELECT_FILTER 0
+#define CONFIG_SELECTIVECOLOR_FILTER 0
+#define CONFIG_SENDCMD_FILTER 0
+#define CONFIG_SEPARATEFIELDS_FILTER 0
+#define CONFIG_SETDAR_FILTER 0
+#define CONFIG_SETFIELD_FILTER 0
+#define CONFIG_SETPTS_FILTER 0
+#define CONFIG_SETSAR_FILTER 0
+#define CONFIG_SETTB_FILTER 0
+#define CONFIG_SHOWINFO_FILTER 0
+#define CONFIG_SHOWPALETTE_FILTER 0
+#define CONFIG_SHUFFLEFRAMES_FILTER 0
+#define CONFIG_SHUFFLEPLANES_FILTER 0
+#define CONFIG_SIDEDATA_FILTER 0
+#define CONFIG_SIGNALSTATS_FILTER 0
+#define CONFIG_SIGNATURE_FILTER 0
+#define CONFIG_SMARTBLUR_FILTER 0
+#define CONFIG_SOBEL_FILTER 0
+#define CONFIG_SPLIT_FILTER 0
+#define CONFIG_SPP_FILTER 0
+#define CONFIG_SSIM_FILTER 0
+#define CONFIG_STEREO3D_FILTER 0
+#define CONFIG_STREAMSELECT_FILTER 0
+#define CONFIG_SUBTITLES_FILTER 0
+#define CONFIG_SUPER2XSAI_FILTER 0
+#define CONFIG_SWAPRECT_FILTER 0
+#define CONFIG_SWAPUV_FILTER 0
+#define CONFIG_TBLEND_FILTER 0
+#define CONFIG_TELECINE_FILTER 0
+#define CONFIG_THRESHOLD_FILTER 0
+#define CONFIG_THUMBNAIL_FILTER 0
+#define CONFIG_THUMBNAIL_CUDA_FILTER 0
+#define CONFIG_TILE_FILTER 0
+#define CONFIG_TINTERLACE_FILTER 0
+#define CONFIG_TLUT2_FILTER 0
+#define CONFIG_TONEMAP_FILTER 0
+#define CONFIG_TRANSPOSE_FILTER 0
+#define CONFIG_TRIM_FILTER 0
+#define CONFIG_UNPREMULTIPLY_FILTER 0
+#define CONFIG_UNSHARP_FILTER 0
+#define CONFIG_USPP_FILTER 0
+#define CONFIG_VAGUEDENOISER_FILTER 0
+#define CONFIG_VECTORSCOPE_FILTER 0
+#define CONFIG_VFLIP_FILTER 0
+#define CONFIG_VIDSTABDETECT_FILTER 0
+#define CONFIG_VIDSTABTRANSFORM_FILTER 0
+#define CONFIG_VIGNETTE_FILTER 0
+#define CONFIG_VMAFMOTION_FILTER 0
+#define CONFIG_VSTACK_FILTER 0
+#define CONFIG_W3FDIF_FILTER 0
+#define CONFIG_WAVEFORM_FILTER 0
+#define CONFIG_WEAVE_FILTER 0
+#define CONFIG_XBR_FILTER 0
+#define CONFIG_YADIF_FILTER 0
+#define CONFIG_ZMQ_FILTER 0
+#define CONFIG_ZOOMPAN_FILTER 0
+#define CONFIG_ZSCALE_FILTER 0
+#define CONFIG_ALLRGB_FILTER 0
+#define CONFIG_ALLYUV_FILTER 0
+#define CONFIG_CELLAUTO_FILTER 0
+#define CONFIG_COLOR_FILTER 0
+#define CONFIG_COREIMAGESRC_FILTER 0
+#define CONFIG_FREI0R_SRC_FILTER 0
+#define CONFIG_HALDCLUTSRC_FILTER 0
+#define CONFIG_LIFE_FILTER 0
+#define CONFIG_MANDELBROT_FILTER 0
+#define CONFIG_MPTESTSRC_FILTER 0
+#define CONFIG_NULLSRC_FILTER 0
+#define CONFIG_RGBTESTSRC_FILTER 0
+#define CONFIG_SMPTEBARS_FILTER 0
+#define CONFIG_SMPTEHDBARS_FILTER 0
+#define CONFIG_TESTSRC_FILTER 0
+#define CONFIG_TESTSRC2_FILTER 0
+#define CONFIG_YUVTESTSRC_FILTER 0
+#define CONFIG_NULLSINK_FILTER 0
+#define CONFIG_ABITSCOPE_FILTER 0
+#define CONFIG_ADRAWGRAPH_FILTER 0
+#define CONFIG_AHISTOGRAM_FILTER 0
+#define CONFIG_APHASEMETER_FILTER 0
+#define CONFIG_AVECTORSCOPE_FILTER 0
+#define CONFIG_CONCAT_FILTER 0
+#define CONFIG_SHOWCQT_FILTER 0
+#define CONFIG_SHOWFREQS_FILTER 0
+#define CONFIG_SHOWSPECTRUM_FILTER 0
+#define CONFIG_SHOWSPECTRUMPIC_FILTER 0
+#define CONFIG_SHOWVOLUME_FILTER 0
+#define CONFIG_SHOWWAVES_FILTER 0
+#define CONFIG_SHOWWAVESPIC_FILTER 0
+#define CONFIG_SPECTRUMSYNTH_FILTER 0
+#define CONFIG_AMOVIE_FILTER 0
+#define CONFIG_MOVIE_FILTER 0
+#define CONFIG_H263_VAAPI_HWACCEL 0
+#define CONFIG_H263_VIDEOTOOLBOX_HWACCEL 0
+#define CONFIG_H264_CUVID_HWACCEL 0
+#define CONFIG_H264_D3D11VA_HWACCEL 0
+#define CONFIG_H264_D3D11VA2_HWACCEL 0
+#define CONFIG_H264_DXVA2_HWACCEL 0
+#define CONFIG_H264_MEDIACODEC_HWACCEL 0
+#define CONFIG_H264_MMAL_HWACCEL 0
+#define CONFIG_H264_QSV_HWACCEL 0
+#define CONFIG_H264_VAAPI_HWACCEL 0
+#define CONFIG_H264_VDA_HWACCEL 0
+#define CONFIG_H264_VDA_OLD_HWACCEL 0
+#define CONFIG_H264_VDPAU_HWACCEL 0
+#define CONFIG_H264_VIDEOTOOLBOX_HWACCEL 0
+#define CONFIG_HEVC_CUVID_HWACCEL 0
+#define CONFIG_HEVC_D3D11VA_HWACCEL 0
+#define CONFIG_HEVC_D3D11VA2_HWACCEL 0
+#define CONFIG_HEVC_DXVA2_HWACCEL 0
+#define CONFIG_HEVC_MEDIACODEC_HWACCEL 0
+#define CONFIG_HEVC_QSV_HWACCEL 0
+#define CONFIG_HEVC_VAAPI_HWACCEL 0
+#define CONFIG_HEVC_VDPAU_HWACCEL 0
+#define CONFIG_HEVC_VIDEOTOOLBOX_HWACCEL 0
+#define CONFIG_MJPEG_CUVID_HWACCEL 0
+#define CONFIG_MPEG1_CUVID_HWACCEL 0
+#define CONFIG_MPEG1_XVMC_HWACCEL 0
+#define CONFIG_MPEG1_VDPAU_HWACCEL 0
+#define CONFIG_MPEG1_VIDEOTOOLBOX_HWACCEL 0
+#define CONFIG_MPEG2_CUVID_HWACCEL 0
+#define CONFIG_MPEG2_XVMC_HWACCEL 0
+#define CONFIG_MPEG2_D3D11VA_HWACCEL 0
+#define CONFIG_MPEG2_D3D11VA2_HWACCEL 0
+#define CONFIG_MPEG2_DXVA2_HWACCEL 0
+#define CONFIG_MPEG2_MMAL_HWACCEL 0
+#define CONFIG_MPEG2_QSV_HWACCEL 0
+#define CONFIG_MPEG2_VAAPI_HWACCEL 0
+#define CONFIG_MPEG2_VDPAU_HWACCEL 0
+#define CONFIG_MPEG2_VIDEOTOOLBOX_HWACCEL 0
+#define CONFIG_MPEG2_MEDIACODEC_HWACCEL 0
+#define CONFIG_MPEG4_CUVID_HWACCEL 0
+#define CONFIG_MPEG4_MEDIACODEC_HWACCEL 0
+#define CONFIG_MPEG4_MMAL_HWACCEL 0
+#define CONFIG_MPEG4_VAAPI_HWACCEL 0
+#define CONFIG_MPEG4_VDPAU_HWACCEL 0
+#define CONFIG_MPEG4_VIDEOTOOLBOX_HWACCEL 0
+#define CONFIG_VC1_CUVID_HWACCEL 0
+#define CONFIG_VC1_D3D11VA_HWACCEL 0
+#define CONFIG_VC1_D3D11VA2_HWACCEL 0
+#define CONFIG_VC1_DXVA2_HWACCEL 0
+#define CONFIG_VC1_VAAPI_HWACCEL 0
+#define CONFIG_VC1_VDPAU_HWACCEL 0
+#define CONFIG_VC1_MMAL_HWACCEL 0
+#define CONFIG_VC1_QSV_HWACCEL 0
+#define CONFIG_VP8_CUVID_HWACCEL 0
+#define CONFIG_VP8_MEDIACODEC_HWACCEL 0
+#define CONFIG_VP8_QSV_HWACCEL 0
+#define CONFIG_VP9_CUVID_HWACCEL 0
+#define CONFIG_VP9_D3D11VA_HWACCEL 0
+#define CONFIG_VP9_D3D11VA2_HWACCEL 0
+#define CONFIG_VP9_DXVA2_HWACCEL 0
+#define CONFIG_VP9_MEDIACODEC_HWACCEL 0
+#define CONFIG_VP9_VAAPI_HWACCEL 0
+#define CONFIG_WMV3_D3D11VA_HWACCEL 0
+#define CONFIG_WMV3_D3D11VA2_HWACCEL 0
+#define CONFIG_WMV3_DXVA2_HWACCEL 0
+#define CONFIG_WMV3_VAAPI_HWACCEL 0
+#define CONFIG_WMV3_VDPAU_HWACCEL 0
+#define CONFIG_ALSA_INDEV 0
+#define CONFIG_AVFOUNDATION_INDEV 0
+#define CONFIG_BKTR_INDEV 0
+#define CONFIG_DECKLINK_INDEV 0
+#define CONFIG_LIBNDI_NEWTEK_INDEV 0
+#define CONFIG_DSHOW_INDEV 0
+#define CONFIG_FBDEV_INDEV 0
+#define CONFIG_GDIGRAB_INDEV 0
+#define CONFIG_IEC61883_INDEV 0
+#define CONFIG_JACK_INDEV 0
+#define CONFIG_KMSGRAB_INDEV 0
+#define CONFIG_LAVFI_INDEV 0
+#define CONFIG_OPENAL_INDEV 0
+#define CONFIG_OSS_INDEV 0
+#define CONFIG_PULSE_INDEV 0
+#define CONFIG_SNDIO_INDEV 0
+#define CONFIG_V4L2_INDEV 0
+#define CONFIG_VFWCAP_INDEV 0
+#define CONFIG_XCBGRAB_INDEV 0
+#define CONFIG_LIBCDIO_INDEV 0
+#define CONFIG_LIBDC1394_INDEV 0
+#define CONFIG_A64_MUXER 0
+#define CONFIG_AC3_MUXER 0
+#define CONFIG_ADTS_MUXER 0
+#define CONFIG_ADX_MUXER 0
+#define CONFIG_AIFF_MUXER 0
+#define CONFIG_AMR_MUXER 0
+#define CONFIG_APNG_MUXER 0
+#define CONFIG_ASF_MUXER 0
+#define CONFIG_ASS_MUXER 0
+#define CONFIG_AST_MUXER 0
+#define CONFIG_ASF_STREAM_MUXER 0
+#define CONFIG_AU_MUXER 0
+#define CONFIG_AVI_MUXER 0
+#define CONFIG_AVM2_MUXER 0
+#define CONFIG_BIT_MUXER 0
+#define CONFIG_CAF_MUXER 0
+#define CONFIG_CAVSVIDEO_MUXER 0
+#define CONFIG_CRC_MUXER 0
+#define CONFIG_DASH_MUXER 0
+#define CONFIG_DATA_MUXER 0
+#define CONFIG_DAUD_MUXER 0
+#define CONFIG_DIRAC_MUXER 0
+#define CONFIG_DNXHD_MUXER 0
+#define CONFIG_DTS_MUXER 0
+#define CONFIG_DV_MUXER 0
+#define CONFIG_EAC3_MUXER 0
+#define CONFIG_F4V_MUXER 0
+#define CONFIG_FFM_MUXER 0
+#define CONFIG_FFMETADATA_MUXER 0
+#define CONFIG_FIFO_MUXER 0
+#define CONFIG_FILMSTRIP_MUXER 0
+#define CONFIG_FITS_MUXER 0
+#define CONFIG_FLAC_MUXER 0
+#define CONFIG_FLV_MUXER 0
+#define CONFIG_FRAMECRC_MUXER 0
+#define CONFIG_FRAMEHASH_MUXER 0
+#define CONFIG_FRAMEMD5_MUXER 0
+#define CONFIG_G722_MUXER 0
+#define CONFIG_G723_1_MUXER 0
+#define CONFIG_G726_MUXER 0
+#define CONFIG_G726LE_MUXER 0
+#define CONFIG_GIF_MUXER 0
+#define CONFIG_GSM_MUXER 0
+#define CONFIG_GXF_MUXER 0
+#define CONFIG_H261_MUXER 0
+#define CONFIG_H263_MUXER 0
+#define CONFIG_H264_MUXER 0
+#define CONFIG_HASH_MUXER 0
+#define CONFIG_HDS_MUXER 0
+#define CONFIG_HEVC_MUXER 0
+#define CONFIG_HLS_MUXER 0
+#define CONFIG_ICO_MUXER 0
+#define CONFIG_ILBC_MUXER 0
+#define CONFIG_IMAGE2_MUXER 0
+#define CONFIG_IMAGE2PIPE_MUXER 0
+#define CONFIG_IPOD_MUXER 0
+#define CONFIG_IRCAM_MUXER 0
+#define CONFIG_ISMV_MUXER 0
+#define CONFIG_IVF_MUXER 0
+#define CONFIG_JACOSUB_MUXER 0
+#define CONFIG_LATM_MUXER 0
+#define CONFIG_LRC_MUXER 0
+#define CONFIG_M4V_MUXER 0
+#define CONFIG_MD5_MUXER 0
+#define CONFIG_MATROSKA_MUXER 0
+#define CONFIG_MATROSKA_AUDIO_MUXER 0
+#define CONFIG_MICRODVD_MUXER 0
+#define CONFIG_MJPEG_MUXER 0
+#define CONFIG_MLP_MUXER 0
+#define CONFIG_MMF_MUXER 0
+#define CONFIG_MOV_MUXER 0
+#define CONFIG_MP2_MUXER 0
+#define CONFIG_MP3_MUXER 0
+#define CONFIG_MP4_MUXER 0
+#define CONFIG_MPEG1SYSTEM_MUXER 0
+#define CONFIG_MPEG1VCD_MUXER 0
+#define CONFIG_MPEG1VIDEO_MUXER 0
+#define CONFIG_MPEG2DVD_MUXER 0
+#define CONFIG_MPEG2SVCD_MUXER 0
+#define CONFIG_MPEG2VIDEO_MUXER 0
+#define CONFIG_MPEG2VOB_MUXER 0
+#define CONFIG_MPEGTS_MUXER 0
+#define CONFIG_MPJPEG_MUXER 0
+#define CONFIG_MXF_MUXER 0
+#define CONFIG_MXF_D10_MUXER 0
+#define CONFIG_MXF_OPATOM_MUXER 0
+#define CONFIG_NULL_MUXER 0
+#define CONFIG_NUT_MUXER 0
+#define CONFIG_OGA_MUXER 0
+#define CONFIG_OGG_MUXER 0
+#define CONFIG_OGV_MUXER 0
+#define CONFIG_OMA_MUXER 0
+#define CONFIG_OPUS_MUXER 0
+#define CONFIG_PCM_ALAW_MUXER 0
+#define CONFIG_PCM_MULAW_MUXER 0
+#define CONFIG_PCM_F64BE_MUXER 0
+#define CONFIG_PCM_F64LE_MUXER 0
+#define CONFIG_PCM_F32BE_MUXER 0
+#define CONFIG_PCM_F32LE_MUXER 0
+#define CONFIG_PCM_S32BE_MUXER 0
+#define CONFIG_PCM_S32LE_MUXER 0
+#define CONFIG_PCM_S24BE_MUXER 0
+#define CONFIG_PCM_S24LE_MUXER 0
+#define CONFIG_PCM_S16BE_MUXER 0
+#define CONFIG_PCM_S16LE_MUXER 0
+#define CONFIG_PCM_S8_MUXER 0
+#define CONFIG_PCM_U32BE_MUXER 0
+#define CONFIG_PCM_U32LE_MUXER 0
+#define CONFIG_PCM_U24BE_MUXER 0
+#define CONFIG_PCM_U24LE_MUXER 0
+#define CONFIG_PCM_U16BE_MUXER 0
+#define CONFIG_PCM_U16LE_MUXER 0
+#define CONFIG_PCM_U8_MUXER 0
+#define CONFIG_PSP_MUXER 0
+#define CONFIG_RAWVIDEO_MUXER 0
+#define CONFIG_RM_MUXER 0
+#define CONFIG_ROQ_MUXER 0
+#define CONFIG_RSO_MUXER 0
+#define CONFIG_RTP_MUXER 0
+#define CONFIG_RTP_MPEGTS_MUXER 0
+#define CONFIG_RTSP_MUXER 0
+#define CONFIG_SAP_MUXER 0
+#define CONFIG_SCC_MUXER 0
+#define CONFIG_SEGMENT_MUXER 0
+#define CONFIG_STREAM_SEGMENT_MUXER 0
+#define CONFIG_SINGLEJPEG_MUXER 0
+#define CONFIG_SMJPEG_MUXER 0
+#define CONFIG_SMOOTHSTREAMING_MUXER 0
+#define CONFIG_SOX_MUXER 0
+#define CONFIG_SPX_MUXER 0
+#define CONFIG_SPDIF_MUXER 0
+#define CONFIG_SRT_MUXER 0
+#define CONFIG_SUP_MUXER 0
+#define CONFIG_SWF_MUXER 0
+#define CONFIG_TEE_MUXER 0
+#define CONFIG_TG2_MUXER 0
+#define CONFIG_TGP_MUXER 0
+#define CONFIG_MKVTIMESTAMP_V2_MUXER 0
+#define CONFIG_TRUEHD_MUXER 0
+#define CONFIG_TTA_MUXER 0
+#define CONFIG_UNCODEDFRAMECRC_MUXER 0
+#define CONFIG_VC1_MUXER 0
+#define CONFIG_VC1T_MUXER 0
+#define CONFIG_VOC_MUXER 0
+#define CONFIG_W64_MUXER 0
+#define CONFIG_WAV_MUXER 0
+#define CONFIG_WEBM_MUXER 0
+#define CONFIG_WEBM_DASH_MANIFEST_MUXER 0
+#define CONFIG_WEBM_CHUNK_MUXER 0
+#define CONFIG_WEBP_MUXER 0
+#define CONFIG_WEBVTT_MUXER 0
+#define CONFIG_WTV_MUXER 0
+#define CONFIG_WV_MUXER 0
+#define CONFIG_YUV4MPEGPIPE_MUXER 0
+#define CONFIG_CHROMAPRINT_MUXER 0
+#define CONFIG_ALSA_OUTDEV 0
+#define CONFIG_CACA_OUTDEV 0
+#define CONFIG_DECKLINK_OUTDEV 0
+#define CONFIG_LIBNDI_NEWTEK_OUTDEV 0
+#define CONFIG_FBDEV_OUTDEV 0
+#define CONFIG_OPENGL_OUTDEV 0
+#define CONFIG_OSS_OUTDEV 0
+#define CONFIG_PULSE_OUTDEV 0
+#define CONFIG_SDL2_OUTDEV 0
+#define CONFIG_SNDIO_OUTDEV 0
+#define CONFIG_V4L2_OUTDEV 0
+#define CONFIG_XV_OUTDEV 0
+#define CONFIG_AAC_PARSER 0
+#define CONFIG_AAC_LATM_PARSER 0
+#define CONFIG_AC3_PARSER 0
+#define CONFIG_ADX_PARSER 0
+#define CONFIG_BMP_PARSER 0
+#define CONFIG_CAVSVIDEO_PARSER 0
+#define CONFIG_COOK_PARSER 0
+#define CONFIG_DCA_PARSER 0
+#define CONFIG_DIRAC_PARSER 0
+#define CONFIG_DNXHD_PARSER 0
+#define CONFIG_DPX_PARSER 0
+#define CONFIG_DVAUDIO_PARSER 0
+#define CONFIG_DVBSUB_PARSER 0
+#define CONFIG_DVDSUB_PARSER 0
+#define CONFIG_DVD_NAV_PARSER 0
+#define CONFIG_G729_PARSER 0
+#define CONFIG_GSM_PARSER 0
+#define CONFIG_H261_PARSER 0
+#define CONFIG_H263_PARSER 0
+#define CONFIG_H264_PARSER 0
+#define CONFIG_HEVC_PARSER 0
+#define CONFIG_MJPEG_PARSER 0
+#define CONFIG_MLP_PARSER 0
+#define CONFIG_MPEG4VIDEO_PARSER 0
+#define CONFIG_MPEGAUDIO_PARSER 0
+#define CONFIG_MPEGVIDEO_PARSER 0
+#define CONFIG_OPUS_PARSER 0
+#define CONFIG_PNG_PARSER 0
+#define CONFIG_PNM_PARSER 0
+#define CONFIG_RV30_PARSER 0
+#define CONFIG_RV40_PARSER 0
+#define CONFIG_SIPR_PARSER 0
+#define CONFIG_TAK_PARSER 0
+#define CONFIG_VC1_PARSER 0
+#define CONFIG_VORBIS_PARSER 0
+#define CONFIG_VP3_PARSER 0
+#define CONFIG_XMA_PARSER 0
+#define CONFIG_ASYNC_PROTOCOL 0
+#define CONFIG_BLURAY_PROTOCOL 0
+#define CONFIG_CACHE_PROTOCOL 0
+#define CONFIG_CONCAT_PROTOCOL 0
+#define CONFIG_CRYPTO_PROTOCOL 0
+#define CONFIG_DATA_PROTOCOL 0
+#define CONFIG_FFRTMPCRYPT_PROTOCOL 0
+#define CONFIG_FFRTMPHTTP_PROTOCOL 0
+#define CONFIG_FILE_PROTOCOL 0
+#define CONFIG_FTP_PROTOCOL 0
+#define CONFIG_GOPHER_PROTOCOL 0
+#define CONFIG_HLS_PROTOCOL 0
+#define CONFIG_HTTP_PROTOCOL 0
+#define CONFIG_HTTPPROXY_PROTOCOL 0
+#define CONFIG_HTTPS_PROTOCOL 0
+#define CONFIG_ICECAST_PROTOCOL 0
+#define CONFIG_MMSH_PROTOCOL 0
+#define CONFIG_MMST_PROTOCOL 0
+#define CONFIG_MD5_PROTOCOL 0
+#define CONFIG_PIPE_PROTOCOL 0
+#define CONFIG_PROMPEG_PROTOCOL 0
+#define CONFIG_RTMP_PROTOCOL 0
+#define CONFIG_RTMPE_PROTOCOL 0
+#define CONFIG_RTMPS_PROTOCOL 0
+#define CONFIG_RTMPT_PROTOCOL 0
+#define CONFIG_RTMPTE_PROTOCOL 0
+#define CONFIG_RTMPTS_PROTOCOL 0
+#define CONFIG_RTP_PROTOCOL 0
+#define CONFIG_SCTP_PROTOCOL 0
+#define CONFIG_SRTP_PROTOCOL 0
+#define CONFIG_SUBFILE_PROTOCOL 0
+#define CONFIG_TEE_PROTOCOL 0
+#define CONFIG_TCP_PROTOCOL 0
+#define CONFIG_TLS_GNUTLS_PROTOCOL 0
+#define CONFIG_TLS_SCHANNEL_PROTOCOL 0
+#define CONFIG_TLS_SECURETRANSPORT_PROTOCOL 0
+#define CONFIG_TLS_OPENSSL_PROTOCOL 0
+#define CONFIG_UDP_PROTOCOL 0
+#define CONFIG_UDPLITE_PROTOCOL 0
+#define CONFIG_UNIX_PROTOCOL 0
+#define CONFIG_LIBRTMP_PROTOCOL 0
+#define CONFIG_LIBRTMPE_PROTOCOL 0
+#define CONFIG_LIBRTMPS_PROTOCOL 0
+#define CONFIG_LIBRTMPT_PROTOCOL 0
+#define CONFIG_LIBRTMPTE_PROTOCOL 0
+#define CONFIG_LIBSSH_PROTOCOL 0
+#define CONFIG_LIBSMBCLIENT_PROTOCOL 0
diff --git a/media/ffvpx/ffvpxcommon.mozbuild b/media/ffvpx/ffvpxcommon.mozbuild
index 6d17e8807..620158694 100644
--- a/media/ffvpx/ffvpxcommon.mozbuild
+++ b/media/ffvpx/ffvpxcommon.mozbuild
@@ -29,6 +29,8 @@ if CONFIG['FFVPX_ASFLAGS']:
     else:
         # Default to unix, similar to how ASFLAGS setup works in configure.in
         ASFLAGS += ['-Pconfig_unix64.asm']
+    # default disabled components
+    ASFLAGS += ['-Pdefaults_disabled.asm']
 
 LOCAL_INCLUDES += ['/media/ffvpx']
 
@@ -51,6 +53,8 @@ if CONFIG['GNU_CC']:
             '-Wno-incompatible-pointer-types-discards-qualifiers',
             '-Wno-string-conversion',
             '-Wno-visibility',
+            # Workaround for https://bugs.llvm.org/show_bug.cgi?id=26828#c4 :
+            '-ffreestanding',
         ]
     else:
         CFLAGS += [
@@ -87,6 +91,7 @@ elif CONFIG['_MSC_VER']:
         '-wd4057', '-wd4204', '-wd4706', '-wd4305', '-wd4152', '-wd4324',
         '-we4013', '-wd4100', '-wd4214', '-wd4307', '-wd4273', '-wd4554',
     ]
+    LOCAL_INCLUDES += ['/media/ffvpx/compat/atomics/win32']
 
 DEFINES['HAVE_AV_CONFIG_H'] = True
 
diff --git a/media/ffvpx/libavcodec/allcodecs.c b/media/ffvpx/libavcodec/allcodecs.c
index b592aa3b2..4f34312e6 100644
--- a/media/ffvpx/libavcodec/allcodecs.c
+++ b/media/ffvpx/libavcodec/allcodecs.c
@@ -25,6 +25,7 @@
  */
 
 #include "config.h"
+#include "libavutil/thread.h"
 #include "avcodec.h"
 #include "version.h"
 
@@ -58,20 +59,14 @@
             av_register_codec_parser(&ff_##x##_parser);                 \
     }
 
-void avcodec_register_all(void)
+static void register_all(void)
 {
-    static int initialized;
-
-    if (initialized)
-        return;
-    initialized = 1;
-
     /* hardware accelerators */
-    REGISTER_HWACCEL(H263_CUVID,        h263_cuvid);
     REGISTER_HWACCEL(H263_VAAPI,        h263_vaapi);
     REGISTER_HWACCEL(H263_VIDEOTOOLBOX, h263_videotoolbox);
     REGISTER_HWACCEL(H264_CUVID,        h264_cuvid);
     REGISTER_HWACCEL(H264_D3D11VA,      h264_d3d11va);
+    REGISTER_HWACCEL(H264_D3D11VA2,     h264_d3d11va2);
     REGISTER_HWACCEL(H264_DXVA2,        h264_dxva2);
     REGISTER_HWACCEL(H264_MEDIACODEC,   h264_mediacodec);
     REGISTER_HWACCEL(H264_MMAL,         h264_mmal);
@@ -83,11 +78,13 @@ void avcodec_register_all(void)
     REGISTER_HWACCEL(H264_VIDEOTOOLBOX, h264_videotoolbox);
     REGISTER_HWACCEL(HEVC_CUVID,        hevc_cuvid);
     REGISTER_HWACCEL(HEVC_D3D11VA,      hevc_d3d11va);
+    REGISTER_HWACCEL(HEVC_D3D11VA2,     hevc_d3d11va2);
     REGISTER_HWACCEL(HEVC_DXVA2,        hevc_dxva2);
     REGISTER_HWACCEL(HEVC_MEDIACODEC,   hevc_mediacodec);
     REGISTER_HWACCEL(HEVC_QSV,          hevc_qsv);
     REGISTER_HWACCEL(HEVC_VAAPI,        hevc_vaapi);
     REGISTER_HWACCEL(HEVC_VDPAU,        hevc_vdpau);
+    REGISTER_HWACCEL(HEVC_VIDEOTOOLBOX, hevc_videotoolbox);
     REGISTER_HWACCEL(MJPEG_CUVID,       mjpeg_cuvid);
     REGISTER_HWACCEL(MPEG1_CUVID,       mpeg1_cuvid);
     REGISTER_HWACCEL(MPEG1_XVMC,        mpeg1_xvmc);
@@ -96,12 +93,14 @@ void avcodec_register_all(void)
     REGISTER_HWACCEL(MPEG2_CUVID,       mpeg2_cuvid);
     REGISTER_HWACCEL(MPEG2_XVMC,        mpeg2_xvmc);
     REGISTER_HWACCEL(MPEG2_D3D11VA,     mpeg2_d3d11va);
+    REGISTER_HWACCEL(MPEG2_D3D11VA2,    mpeg2_d3d11va2);
     REGISTER_HWACCEL(MPEG2_DXVA2,       mpeg2_dxva2);
     REGISTER_HWACCEL(MPEG2_MMAL,        mpeg2_mmal);
     REGISTER_HWACCEL(MPEG2_QSV,         mpeg2_qsv);
     REGISTER_HWACCEL(MPEG2_VAAPI,       mpeg2_vaapi);
     REGISTER_HWACCEL(MPEG2_VDPAU,       mpeg2_vdpau);
     REGISTER_HWACCEL(MPEG2_VIDEOTOOLBOX, mpeg2_videotoolbox);
+    REGISTER_HWACCEL(MPEG2_MEDIACODEC,  mpeg2_mediacodec);
     REGISTER_HWACCEL(MPEG4_CUVID,       mpeg4_cuvid);
     REGISTER_HWACCEL(MPEG4_MEDIACODEC,  mpeg4_mediacodec);
     REGISTER_HWACCEL(MPEG4_MMAL,        mpeg4_mmal);
@@ -110,6 +109,7 @@ void avcodec_register_all(void)
     REGISTER_HWACCEL(MPEG4_VIDEOTOOLBOX, mpeg4_videotoolbox);
     REGISTER_HWACCEL(VC1_CUVID,         vc1_cuvid);
     REGISTER_HWACCEL(VC1_D3D11VA,       vc1_d3d11va);
+    REGISTER_HWACCEL(VC1_D3D11VA2,      vc1_d3d11va2);
     REGISTER_HWACCEL(VC1_DXVA2,         vc1_dxva2);
     REGISTER_HWACCEL(VC1_VAAPI,         vc1_vaapi);
     REGISTER_HWACCEL(VC1_VDPAU,         vc1_vdpau);
@@ -117,12 +117,15 @@ void avcodec_register_all(void)
     REGISTER_HWACCEL(VC1_QSV,           vc1_qsv);
     REGISTER_HWACCEL(VP8_CUVID,         vp8_cuvid);
     REGISTER_HWACCEL(VP8_MEDIACODEC,    vp8_mediacodec);
+    REGISTER_HWACCEL(VP8_QSV,           vp8_qsv);
     REGISTER_HWACCEL(VP9_CUVID,         vp9_cuvid);
     REGISTER_HWACCEL(VP9_D3D11VA,       vp9_d3d11va);
+    REGISTER_HWACCEL(VP9_D3D11VA2,      vp9_d3d11va2);
     REGISTER_HWACCEL(VP9_DXVA2,         vp9_dxva2);
     REGISTER_HWACCEL(VP9_MEDIACODEC,    vp9_mediacodec);
     REGISTER_HWACCEL(VP9_VAAPI,         vp9_vaapi);
     REGISTER_HWACCEL(WMV3_D3D11VA,      wmv3_d3d11va);
+    REGISTER_HWACCEL(WMV3_D3D11VA2,     wmv3_d3d11va2);
     REGISTER_HWACCEL(WMV3_DXVA2,        wmv3_dxva2);
     REGISTER_HWACCEL(WMV3_VAAPI,        wmv3_vaapi);
     REGISTER_HWACCEL(WMV3_VDPAU,        wmv3_vdpau);
@@ -158,6 +161,7 @@ void avcodec_register_all(void)
     REGISTER_DECODER(CDXL,              cdxl);
     REGISTER_DECODER(CFHD,              cfhd);
     REGISTER_ENCDEC (CINEPAK,           cinepak);
+    REGISTER_DECODER(CLEARVIDEO,        clearvideo);
     REGISTER_ENCDEC (CLJR,              cljr);
     REGISTER_DECODER(CLLC,              cllc);
     REGISTER_ENCDEC (COMFORTNOISE,      comfortnoise);
@@ -189,24 +193,30 @@ void avcodec_register_all(void)
     REGISTER_ENCDEC (FFV1,              ffv1);
     REGISTER_ENCDEC (FFVHUFF,           ffvhuff);
     REGISTER_DECODER(FIC,               fic);
+    REGISTER_ENCDEC (FITS,              fits);
     REGISTER_ENCDEC (FLASHSV,           flashsv);
     REGISTER_ENCDEC (FLASHSV2,          flashsv2);
     REGISTER_DECODER(FLIC,              flic);
     REGISTER_ENCDEC (FLV,               flv);
+    REGISTER_DECODER(FMVC,              fmvc);
     REGISTER_DECODER(FOURXM,            fourxm);
     REGISTER_DECODER(FRAPS,             fraps);
     REGISTER_DECODER(FRWU,              frwu);
     REGISTER_DECODER(G2M,               g2m);
+    REGISTER_DECODER(GDV,               gdv);
     REGISTER_ENCDEC (GIF,               gif);
     REGISTER_ENCDEC (H261,              h261);
     REGISTER_ENCDEC (H263,              h263);
     REGISTER_DECODER(H263I,             h263i);
     REGISTER_ENCDEC (H263P,             h263p);
+    REGISTER_DECODER(H263_V4L2M2M,      h263_v4l2m2m);
     REGISTER_DECODER(H264,              h264);
     REGISTER_DECODER(H264_CRYSTALHD,    h264_crystalhd);
+    REGISTER_DECODER(H264_V4L2M2M,      h264_v4l2m2m);
     REGISTER_DECODER(H264_MEDIACODEC,   h264_mediacodec);
     REGISTER_DECODER(H264_MMAL,         h264_mmal);
     REGISTER_DECODER(H264_QSV,          h264_qsv);
+    REGISTER_DECODER(H264_RKMPP,        h264_rkmpp);
     REGISTER_DECODER(H264_VDA,          h264_vda);
 #if FF_API_VDPAU
     REGISTER_DECODER(H264_VDPAU,        h264_vdpau);
@@ -214,6 +224,8 @@ void avcodec_register_all(void)
     REGISTER_ENCDEC (HAP,               hap);
     REGISTER_DECODER(HEVC,              hevc);
     REGISTER_DECODER(HEVC_QSV,          hevc_qsv);
+    REGISTER_DECODER(HEVC_RKMPP,        hevc_rkmpp);
+    REGISTER_DECODER(HEVC_V4L2M2M,      hevc_v4l2m2m);
     REGISTER_DECODER(HNM4_VIDEO,        hnm4_video);
     REGISTER_DECODER(HQ_HQA,            hq_hqa);
     REGISTER_DECODER(HQX,               hqx);
@@ -248,6 +260,7 @@ void avcodec_register_all(void)
     REGISTER_ENCDEC (MPEG2VIDEO,        mpeg2video);
     REGISTER_ENCDEC (MPEG4,             mpeg4);
     REGISTER_DECODER(MPEG4_CRYSTALHD,   mpeg4_crystalhd);
+    REGISTER_DECODER(MPEG4_V4L2M2M,     mpeg4_v4l2m2m);
     REGISTER_DECODER(MPEG4_MMAL,        mpeg4_mmal);
 #if FF_API_VDPAU
     REGISTER_DECODER(MPEG4_VDPAU,       mpeg4_vdpau);
@@ -257,14 +270,18 @@ void avcodec_register_all(void)
     REGISTER_DECODER(MPEG_VDPAU,        mpeg_vdpau);
     REGISTER_DECODER(MPEG1_VDPAU,       mpeg1_vdpau);
 #endif
+    REGISTER_DECODER(MPEG1_V4L2M2M,     mpeg1_v4l2m2m);
     REGISTER_DECODER(MPEG2_MMAL,        mpeg2_mmal);
     REGISTER_DECODER(MPEG2_CRYSTALHD,   mpeg2_crystalhd);
+    REGISTER_DECODER(MPEG2_V4L2M2M,     mpeg2_v4l2m2m);
     REGISTER_DECODER(MPEG2_QSV,         mpeg2_qsv);
+    REGISTER_DECODER(MPEG2_MEDIACODEC,  mpeg2_mediacodec);
     REGISTER_DECODER(MSA1,              msa1);
-    REGISTER_DECODER(MSMPEG4_CRYSTALHD, msmpeg4_crystalhd);
+    REGISTER_DECODER(MSCC,              mscc);
     REGISTER_DECODER(MSMPEG4V1,         msmpeg4v1);
     REGISTER_ENCDEC (MSMPEG4V2,         msmpeg4v2);
     REGISTER_ENCDEC (MSMPEG4V3,         msmpeg4v3);
+    REGISTER_DECODER(MSMPEG4_CRYSTALHD, msmpeg4_crystalhd);
     REGISTER_DECODER(MSRLE,             msrle);
     REGISTER_DECODER(MSS1,              mss1);
     REGISTER_DECODER(MSS2,              mss2);
@@ -282,12 +299,14 @@ void avcodec_register_all(void)
     REGISTER_ENCDEC (PGM,               pgm);
     REGISTER_ENCDEC (PGMYUV,            pgmyuv);
     REGISTER_DECODER(PICTOR,            pictor);
+    REGISTER_DECODER(PIXLET,            pixlet);
     REGISTER_ENCDEC (PNG,               png);
     REGISTER_ENCDEC (PPM,               ppm);
     REGISTER_ENCDEC (PRORES,            prores);
     REGISTER_ENCODER(PRORES_AW,         prores_aw);
     REGISTER_ENCODER(PRORES_KS,         prores_ks);
     REGISTER_DECODER(PRORES_LGPL,       prores_lgpl);
+    REGISTER_DECODER(PSD,               psd);
     REGISTER_DECODER(PTX,               ptx);
     REGISTER_DECODER(QDRAW,             qdraw);
     REGISTER_DECODER(QPEG,              qpeg);
@@ -305,6 +324,7 @@ void avcodec_register_all(void)
     REGISTER_DECODER(RV40,              rv40);
     REGISTER_ENCDEC (S302M,             s302m);
     REGISTER_DECODER(SANM,              sanm);
+    REGISTER_DECODER(SCPR,              scpr);
     REGISTER_DECODER(SCREENPRESSO,      screenpresso);
     REGISTER_DECODER(SDX2_DPCM,         sdx2_dpcm);
     REGISTER_ENCDEC (SGI,               sgi);
@@ -315,6 +335,8 @@ void avcodec_register_all(void)
     REGISTER_DECODER(SMVJPEG,           smvjpeg);
     REGISTER_ENCDEC (SNOW,              snow);
     REGISTER_DECODER(SP5X,              sp5x);
+    REGISTER_DECODER(SPEEDHQ,           speedhq);
+    REGISTER_DECODER(SRGC,              srgc);
     REGISTER_ENCDEC (SUNRAST,           sunrast);
     REGISTER_ENCDEC (SVQ1,              svq1);
     REGISTER_DECODER(SVQ3,              svq3);
@@ -349,6 +371,7 @@ void avcodec_register_all(void)
     REGISTER_DECODER(VC1IMAGE,          vc1image);
     REGISTER_DECODER(VC1_MMAL,          vc1_mmal);
     REGISTER_DECODER(VC1_QSV,           vc1_qsv);
+    REGISTER_DECODER(VC1_V4L2M2M,       vc1_v4l2m2m);
     REGISTER_ENCODER(VC2,               vc2);
     REGISTER_DECODER(VCR1,              vcr1);
     REGISTER_DECODER(VMDVIDEO,          vmdvideo);
@@ -360,10 +383,15 @@ void avcodec_register_all(void)
     REGISTER_DECODER(VP6F,              vp6f);
     REGISTER_DECODER(VP7,               vp7);
     REGISTER_DECODER(VP8,               vp8);
+    REGISTER_DECODER(VP8_RKMPP,         vp8_rkmpp);
+    REGISTER_DECODER(VP8_V4L2M2M,       vp8_v4l2m2m);
     REGISTER_DECODER(VP9,               vp9);
+    REGISTER_DECODER(VP9_RKMPP,         vp9_rkmpp);
+    REGISTER_DECODER(VP9_V4L2M2M,       vp9_v4l2m2m);
     REGISTER_DECODER(VQA,               vqa);
+    REGISTER_DECODER(BITPACKED,         bitpacked);
     REGISTER_DECODER(WEBP,              webp);
-    REGISTER_ENCODER(WRAPPED_AVFRAME,   wrapped_avframe);
+    REGISTER_ENCDEC (WRAPPED_AVFRAME,   wrapped_avframe);
     REGISTER_ENCDEC (WMV1,              wmv1);
     REGISTER_ENCDEC (WMV2,              wmv2);
     REGISTER_DECODER(WMV3,              wmv3);
@@ -378,6 +406,7 @@ void avcodec_register_all(void)
     REGISTER_ENCDEC (XBM,               xbm);
     REGISTER_ENCDEC (XFACE,             xface);
     REGISTER_DECODER(XL,                xl);
+    REGISTER_DECODER(XPM,               xpm);
     REGISTER_ENCDEC (XWD,               xwd);
     REGISTER_ENCDEC (Y41P,              y41p);
     REGISTER_DECODER(YLC,               ylc);
@@ -401,12 +430,15 @@ void avcodec_register_all(void)
     REGISTER_DECODER(APE,               ape);
     REGISTER_DECODER(ATRAC1,            atrac1);
     REGISTER_DECODER(ATRAC3,            atrac3);
+    REGISTER_DECODER(ATRAC3AL,          atrac3al);
     REGISTER_DECODER(ATRAC3P,           atrac3p);
+    REGISTER_DECODER(ATRAC3PAL,         atrac3pal);
     REGISTER_DECODER(BINKAUDIO_DCT,     binkaudio_dct);
     REGISTER_DECODER(BINKAUDIO_RDFT,    binkaudio_rdft);
     REGISTER_DECODER(BMV_AUDIO,         bmv_audio);
     REGISTER_DECODER(COOK,              cook);
     REGISTER_ENCDEC (DCA,               dca);
+    REGISTER_DECODER(DOLBY_E,           dolby_e);
     REGISTER_DECODER(DSD_LSBF,          dsd_lsbf);
     REGISTER_DECODER(DSD_MSBF,          dsd_msbf);
     REGISTER_DECODER(DSD_LSBF_PLANAR,   dsd_lsbf_planar);
@@ -444,10 +476,11 @@ void avcodec_register_all(void)
     REGISTER_DECODER(MPC8,              mpc8);
     REGISTER_ENCDEC (NELLYMOSER,        nellymoser);
     REGISTER_DECODER(ON2AVC,            on2avc);
-    REGISTER_DECODER(OPUS,              opus);
+    REGISTER_ENCDEC (OPUS,              opus);
     REGISTER_DECODER(PAF_AUDIO,         paf_audio);
     REGISTER_DECODER(QCELP,             qcelp);
     REGISTER_DECODER(QDM2,              qdm2);
+    REGISTER_DECODER(QDMC,              qdmc);
     REGISTER_ENCDEC (RA_144,            ra_144);
     REGISTER_DECODER(RA_288,            ra_288);
     REGISTER_DECODER(RALF,              ralf);
@@ -477,6 +510,8 @@ void avcodec_register_all(void)
     REGISTER_ENCDEC (PCM_ALAW,          pcm_alaw);
     REGISTER_DECODER(PCM_BLURAY,        pcm_bluray);
     REGISTER_DECODER(PCM_DVD,           pcm_dvd);
+    REGISTER_DECODER(PCM_F16LE,         pcm_f16le);
+    REGISTER_DECODER(PCM_F24LE,         pcm_f24le);
     REGISTER_ENCDEC (PCM_F32BE,         pcm_f32be);
     REGISTER_ENCDEC (PCM_F32LE,         pcm_f32le);
     REGISTER_ENCDEC (PCM_F64BE,         pcm_f64be);
@@ -508,6 +543,7 @@ void avcodec_register_all(void)
     REGISTER_DECODER(PCM_ZORK,          pcm_zork);
 
     /* DPCM codecs */
+    REGISTER_DECODER(GREMLIN_DPCM,      gremlin_dpcm);
     REGISTER_DECODER(INTERPLAY_DPCM,    interplay_dpcm);
     REGISTER_ENCDEC (ROQ_DPCM,          roq_dpcm);
     REGISTER_DECODER(SOL_DPCM,          sol_dpcm);
@@ -528,7 +564,7 @@ void avcodec_register_all(void)
     REGISTER_DECODER(ADPCM_EA_XAS,      adpcm_ea_xas);
     REGISTER_ENCDEC (ADPCM_G722,        adpcm_g722);
     REGISTER_ENCDEC (ADPCM_G726,        adpcm_g726);
-    REGISTER_DECODER(ADPCM_G726LE,      adpcm_g726le);
+    REGISTER_ENCDEC (ADPCM_G726LE,      adpcm_g726le);
     REGISTER_DECODER(ADPCM_IMA_AMV,     adpcm_ima_amv);
     REGISTER_DECODER(ADPCM_IMA_APC,     adpcm_ima_apc);
     REGISTER_DECODER(ADPCM_IMA_DAT4,    adpcm_ima_dat4);
@@ -606,7 +642,7 @@ void avcodec_register_all(void)
     REGISTER_DECODER(LIBOPENCORE_AMRWB, libopencore_amrwb);
     REGISTER_ENCDEC (LIBOPENJPEG,       libopenjpeg);
     REGISTER_ENCDEC (LIBOPUS,           libopus);
-    REGISTER_ENCDEC (LIBSCHROEDINGER,   libschroedinger);
+    REGISTER_DECODER(LIBRSVG,           librsvg);
     REGISTER_ENCODER(LIBSHINE,          libshine);
     REGISTER_ENCDEC (LIBSPEEX,          libspeex);
     REGISTER_ENCODER(LIBTHEORA,         libtheora);
@@ -633,12 +669,13 @@ void avcodec_register_all(void)
 
     /* external libraries, that shouldn't be used by default if one of the
      * above is available */
+    REGISTER_ENCODER(H263_V4L2M2M,      h263_v4l2m2m);
     REGISTER_ENCDEC (LIBOPENH264,       libopenh264);
-    REGISTER_DECODER(H263_CUVID,        h263_cuvid);
     REGISTER_DECODER(H264_CUVID,        h264_cuvid);
     REGISTER_ENCODER(H264_NVENC,        h264_nvenc);
     REGISTER_ENCODER(H264_OMX,          h264_omx);
     REGISTER_ENCODER(H264_QSV,          h264_qsv);
+    REGISTER_ENCODER(H264_V4L2M2M,      h264_v4l2m2m);
     REGISTER_ENCODER(H264_VAAPI,        h264_vaapi);
     REGISTER_ENCODER(H264_VIDEOTOOLBOX, h264_videotoolbox);
 #if FF_API_NVENC_OLD_NAME
@@ -650,6 +687,7 @@ void avcodec_register_all(void)
     REGISTER_DECODER(HEVC_MEDIACODEC,   hevc_mediacodec);
     REGISTER_ENCODER(HEVC_NVENC,        hevc_nvenc);
     REGISTER_ENCODER(HEVC_QSV,          hevc_qsv);
+    REGISTER_ENCODER(HEVC_V4L2M2M,      hevc_v4l2m2m);
     REGISTER_ENCODER(HEVC_VAAPI,        hevc_vaapi);
     REGISTER_ENCODER(LIBKVAZAAR,        libkvazaar);
     REGISTER_DECODER(MJPEG_CUVID,       mjpeg_cuvid);
@@ -657,13 +695,19 @@ void avcodec_register_all(void)
     REGISTER_DECODER(MPEG1_CUVID,       mpeg1_cuvid);
     REGISTER_DECODER(MPEG2_CUVID,       mpeg2_cuvid);
     REGISTER_ENCODER(MPEG2_QSV,         mpeg2_qsv);
+    REGISTER_ENCODER(MPEG2_VAAPI,       mpeg2_vaapi);
     REGISTER_DECODER(MPEG4_CUVID,       mpeg4_cuvid);
     REGISTER_DECODER(MPEG4_MEDIACODEC,  mpeg4_mediacodec);
+    REGISTER_ENCODER(MPEG4_V4L2M2M,     mpeg4_v4l2m2m);
     REGISTER_DECODER(VC1_CUVID,         vc1_cuvid);
     REGISTER_DECODER(VP8_CUVID,         vp8_cuvid);
     REGISTER_DECODER(VP8_MEDIACODEC,    vp8_mediacodec);
+    REGISTER_DECODER(VP8_QSV,           vp8_qsv);
+    REGISTER_ENCODER(VP8_V4L2M2M,       vp8_v4l2m2m);
+    REGISTER_ENCODER(VP8_VAAPI,         vp8_vaapi);
     REGISTER_DECODER(VP9_CUVID,         vp9_cuvid);
     REGISTER_DECODER(VP9_MEDIACODEC,    vp9_mediacodec);
+    REGISTER_ENCODER(VP9_VAAPI,         vp9_vaapi);
 
     /* parsers */
     REGISTER_PARSER(AAC,                aac);
@@ -698,10 +742,19 @@ void avcodec_register_all(void)
     REGISTER_PARSER(PNM,                pnm);
     REGISTER_PARSER(RV30,               rv30);
     REGISTER_PARSER(RV40,               rv40);
+    REGISTER_PARSER(SIPR,               sipr);
     REGISTER_PARSER(TAK,                tak);
     REGISTER_PARSER(VC1,                vc1);
     REGISTER_PARSER(VORBIS,             vorbis);
     REGISTER_PARSER(VP3,                vp3);
     REGISTER_PARSER(VP8,                vp8);
     REGISTER_PARSER(VP9,                vp9);
+    REGISTER_PARSER(XMA,                xma);
+}
+
+void avcodec_register_all(void)
+{
+    static AVOnce control = AV_ONCE_INIT;
+
+    ff_thread_once(&control, register_all);
 }
diff --git a/media/ffvpx/libavcodec/avcodec.h b/media/ffvpx/libavcodec/avcodec.h
index e5e7f4225..18c3e3ea1 100644
--- a/media/ffvpx/libavcodec/avcodec.h
+++ b/media/ffvpx/libavcodec/avcodec.h
@@ -89,7 +89,7 @@
  * - Send valid input:
  *   - For decoding, call avcodec_send_packet() to give the decoder raw
  *     compressed data in an AVPacket.
- *   - For encoding, call avcodec_send_frame() to give the decoder an AVFrame
+ *   - For encoding, call avcodec_send_frame() to give the encoder an AVFrame
  *     containing uncompressed audio or video.
  *   In both cases, it is recommended that AVPackets and AVFrames are
  *   refcounted, or libavcodec might have to copy the input data. (libavformat
@@ -112,6 +112,12 @@
  * are filled. This situation is handled transparently if you follow the steps
  * outlined above.
  *
+ * In theory, sending input can result in EAGAIN - this should happen only if
+ * not all output was received. You can use this to structure alternative decode
+ * or encode loops other than the one suggested above. For example, you could
+ * try sending new input on each iteration, and try to receive output if that
+ * returns EAGAIN.
+ *
  * End of stream situations. These require "flushing" (aka draining) the codec,
  * as the codec might buffer multiple frames or packets internally for
  * performance or out of necessity (consider B-frames).
@@ -136,8 +142,9 @@
  *
  * Not all codecs will follow a rigid and predictable dataflow; the only
  * guarantee is that an AVERROR(EAGAIN) return value on a send/receive call on
- * one end implies that a receive/send call on the other end will succeed. In
- * general, no codec will permit unlimited buffering of input or output.
+ * one end implies that a receive/send call on the other end will succeed, or
+ * at least will not fail with AVERROR(EAGAIN). In general, no codec will
+ * permit unlimited buffering of input or output.
  *
  * This API replaces the following legacy functions:
  * - avcodec_decode_video2() and avcodec_decode_audio4():
@@ -146,7 +153,8 @@
  *   Unlike with the old video decoding API, multiple frames might result from
  *   a packet. For audio, splitting the input packet into frames by partially
  *   decoding packets becomes transparent to the API user. You never need to
- *   feed an AVPacket to the API twice.
+ *   feed an AVPacket to the API twice (unless it is rejected with AVERROR(EAGAIN) - then
+ *   no data was read from the packet).
  *   Additionally, sending a flush/draining packet is required only once.
  * - avcodec_encode_video2()/avcodec_encode_audio2():
  *   Use avcodec_send_frame() to feed input to the encoder, then use
@@ -159,7 +167,22 @@
  * and will result in undefined behavior.
  *
  * Some codecs might require using the new API; using the old API will return
- * an error when calling it.
+ * an error when calling it. All codecs support the new API.
+ *
+ * A codec is not allowed to return AVERROR(EAGAIN) for both sending and receiving. This
+ * would be an invalid state, which could put the codec user into an endless
+ * loop. The API has no concept of time either: it cannot happen that trying to
+ * do avcodec_send_packet() results in AVERROR(EAGAIN), but a repeated call 1 second
+ * later accepts the packet (with no other receive/flush API calls involved).
+ * The API is a strict state machine, and the passage of time is not supposed
+ * to influence it. Some timing-dependent behavior might still be deemed
+ * acceptable in certain cases. But it must never result in both send/receive
+ * returning EAGAIN at the same time at any point. It must also absolutely be
+ * avoided that the current state is "unstable" and can "flip-flop" between
+ * the send/receive APIs allowing progress. For example, it's not allowed that
+ * the codec randomly decides that it actually wants to consume a packet now
+ * instead of returning a frame, after it just returned AVERROR(EAGAIN) on an
+ * avcodec_send_packet() call.
  * @}
  */
 
@@ -411,6 +434,20 @@ enum AVCodecID {
     AV_CODEC_ID_MAGICYUV,
     AV_CODEC_ID_SHEERVIDEO,
     AV_CODEC_ID_YLC,
+    AV_CODEC_ID_PSD,
+    AV_CODEC_ID_PIXLET,
+    AV_CODEC_ID_SPEEDHQ,
+    AV_CODEC_ID_FMVC,
+    AV_CODEC_ID_SCPR,
+    AV_CODEC_ID_CLEARVIDEO,
+    AV_CODEC_ID_XPM,
+    AV_CODEC_ID_AV1,
+    AV_CODEC_ID_BITPACKED,
+    AV_CODEC_ID_MSCC,
+    AV_CODEC_ID_SRGC,
+    AV_CODEC_ID_SVG,
+    AV_CODEC_ID_GDV,
+    AV_CODEC_ID_FITS,
 
     /* various PCM "codecs" */
     AV_CODEC_ID_FIRST_AUDIO = 0x10000,     ///< A dummy id pointing at the start of audio codecs
@@ -448,6 +485,8 @@ enum AVCodecID {
 
     AV_CODEC_ID_PCM_S64LE = 0x10800,
     AV_CODEC_ID_PCM_S64BE,
+    AV_CODEC_ID_PCM_F16LE,
+    AV_CODEC_ID_PCM_F24LE,
 
     /* various ADPCM codecs */
     AV_CODEC_ID_ADPCM_IMA_QT = 0x11000,
@@ -511,6 +550,7 @@ enum AVCodecID {
     AV_CODEC_ID_SOL_DPCM,
 
     AV_CODEC_ID_SDX2_DPCM = 0x14800,
+    AV_CODEC_ID_GREMLIN_DPCM,
 
     /* audio codecs */
     AV_CODEC_ID_MP2 = 0x15000,
@@ -598,6 +638,9 @@ enum AVCodecID {
     AV_CODEC_ID_XMA1,
     AV_CODEC_ID_XMA2,
     AV_CODEC_ID_DST,
+    AV_CODEC_ID_ATRAC3AL,
+    AV_CODEC_ID_ATRAC3PAL,
+    AV_CODEC_ID_DOLBY_E,
 
     /* subtitle codecs */
     AV_CODEC_ID_FIRST_SUBTITLE = 0x17000,          ///< A dummy ID pointing at the start of subtitle codecs.
@@ -689,7 +732,7 @@ typedef struct AVCodecDescriptor {
 
 /**
  * Codec uses only intra compression.
- * Video codecs only.
+ * Video and audio codecs only.
  */
 #define AV_CODEC_PROP_INTRA_ONLY    (1 << 0)
 /**
@@ -1360,6 +1403,11 @@ typedef struct AVCPBProperties {
  * @{
  */
 enum AVPacketSideDataType {
+    /**
+     * An AV_PKT_DATA_PALETTE side data packet contains exactly AVPALETTE_SIZE
+     * bytes worth of palette. This side data signals that a new palette is
+     * present.
+     */
     AV_PKT_DATA_PALETTE,
 
     /**
@@ -1533,10 +1581,40 @@ enum AVPacketSideDataType {
 
     /**
      * Mastering display metadata (based on SMPTE-2086:2014). This metadata
-     * should be associated with a video stream and containts data in the form
+     * should be associated with a video stream and contains data in the form
      * of the AVMasteringDisplayMetadata struct.
      */
-    AV_PKT_DATA_MASTERING_DISPLAY_METADATA
+    AV_PKT_DATA_MASTERING_DISPLAY_METADATA,
+
+    /**
+     * This side data should be associated with a video stream and corresponds
+     * to the AVSphericalMapping structure.
+     */
+    AV_PKT_DATA_SPHERICAL,
+
+    /**
+     * Content light level (based on CTA-861.3). This metadata should be
+     * associated with a video stream and contains data in the form of the
+     * AVContentLightMetadata struct.
+     */
+    AV_PKT_DATA_CONTENT_LIGHT_LEVEL,
+
+    /**
+     * ATSC A53 Part 4 Closed Captions. This metadata should be associated with
+     * a video stream. A53 CC bitstream is stored as uint8_t in AVPacketSideData.data.
+     * The number of bytes of CC data is AVPacketSideData.size.
+     */
+    AV_PKT_DATA_A53_CC,
+
+    /**
+     * The number of side data elements (in fact a bit more than it).
+     * This is not part of the public API/ABI in the sense that it may
+     * change when new side data types are added.
+     * This must stay the last enum value.
+     * If its value becomes huge, some code using it
+     * needs to be updated as it assumes it to be smaller than other limits.
+     */
+    AV_PKT_DATA_NB
 };
 
 #define AV_PKT_DATA_QUALITY_FACTOR AV_PKT_DATA_QUALITY_STATS //DEPRECATED
@@ -1638,6 +1716,13 @@ typedef struct AVPacket {
  * after decoding.
  **/
 #define AV_PKT_FLAG_DISCARD   0x0004
+/**
+ * The packet comes from a trusted source.
+ *
+ * Otherwise-unsafe constructs such as arbitrary pointers to data
+ * outside the packet may be followed.
+ */
+#define AV_PKT_FLAG_TRUSTED   0x0008
 
 enum AVSideDataParamChangeFlags {
     AV_SIDE_DATA_PARAM_CHANGE_CHANNEL_COUNT  = 0x0001,
@@ -1665,7 +1750,7 @@ enum AVFieldOrder {
  * New fields can be added to the end with minor version bumps.
  * Removal, reordering and changes to existing fields require a major
  * version bump.
- * Please use AVOptions (av_opt* / av_set/get*()) to access these fields from user
+ * You can use AVOptions (av_opt* / av_set/get*()) to access these fields from user
  * applications.
  * The name string for AVOptions options matches the associated command line
  * parameter name and can be found in libavcodec/options_table.h
@@ -2605,6 +2690,7 @@ typedef struct AVCodecContext {
      * - encoding: unused
      * - decoding: set by the caller before avcodec_open2().
      */
+    attribute_deprecated
     int refcounted_frames;
 
     /* - encoding parameters */
@@ -2936,8 +3022,8 @@ typedef struct AVCodecContext {
 #define FF_DEBUG_MMCO        0x00000800
 #define FF_DEBUG_BUGS        0x00001000
 #if FF_API_DEBUG_MV
-#define FF_DEBUG_VIS_QP      0x00002000 ///< only access through AVOptions from outside libavcodec
-#define FF_DEBUG_VIS_MB_TYPE 0x00004000 ///< only access through AVOptions from outside libavcodec
+#define FF_DEBUG_VIS_QP      0x00002000
+#define FF_DEBUG_VIS_MB_TYPE 0x00004000
 #endif
 #define FF_DEBUG_BUFFERS     0x00008000
 #define FF_DEBUG_THREADS     0x00010000
@@ -2947,7 +3033,6 @@ typedef struct AVCodecContext {
 #if FF_API_DEBUG_MV
     /**
      * debug
-     * Code outside libavcodec should access this field using AVOptions
      * - encoding: Set by user.
      * - decoding: Set by user.
      */
@@ -3061,6 +3146,7 @@ typedef struct AVCodecContext {
 #if FF_API_ARCH_ALPHA
 #define FF_IDCT_SIMPLEALPHA   23
 #endif
+#define FF_IDCT_NONE          24 /* Used by XvMC to extract IDCT coefficients with FF_IDCT_PERM_NONE */
 #define FF_IDCT_SIMPLEAUTO    128
 
     /**
@@ -3082,8 +3168,6 @@ typedef struct AVCodecContext {
      * low resolution decoding, 1-> 1/2 size, 2->1/4 size
      * - encoding: unused
      * - decoding: Set by user.
-     * Code outside libavcodec should access this field using:
-     * av_codec_{get,set}_lowres(avctx)
      */
      int lowres;
 #endif
@@ -3384,8 +3468,6 @@ typedef struct AVCodecContext {
 
     /**
      * Timebase in which pkt_dts/pts and AVPacket.dts/pts are.
-     * Code outside libavcodec should access this field using:
-     * av_codec_{get,set}_pkt_timebase(avctx)
      * - encoding unused.
      * - decoding set by user.
      */
@@ -3393,8 +3475,6 @@ typedef struct AVCodecContext {
 
     /**
      * AVCodecDescriptor
-     * Code outside libavcodec should access this field using:
-     * av_codec_{get,set}_codec_descriptor(avctx)
      * - encoding: unused.
      * - decoding: set by libavcodec.
      */
@@ -3405,8 +3485,6 @@ typedef struct AVCodecContext {
      * low resolution decoding, 1-> 1/2 size, 2->1/4 size
      * - encoding: unused
      * - decoding: Set by user.
-     * Code outside libavcodec should access this field using:
-     * av_codec_{get,set}_lowres(avctx)
      */
      int lowres;
 #endif
@@ -3447,7 +3525,6 @@ typedef struct AVCodecContext {
      * However for formats that do not use pre-multiplied alpha
      * there might be serious artefacts (though e.g. libswscale currently
      * assumes pre-multiplied alpha anyway).
-     * Code outside libavcodec should access this field using AVOptions
      *
      * - decoding: set by user
      * - encoding: unused
@@ -3464,7 +3541,6 @@ typedef struct AVCodecContext {
 #if !FF_API_DEBUG_MV
     /**
      * debug motion vectors
-     * Code outside libavcodec should access this field using AVOptions
      * - encoding: Set by user.
      * - decoding: Set by user.
      */
@@ -3476,7 +3552,6 @@ typedef struct AVCodecContext {
 
     /**
      * custom intra quantization matrix
-     * Code outside libavcodec should access this field using av_codec_g/set_chroma_intra_matrix()
      * - encoding: Set by user, can be NULL.
      * - decoding: unused.
      */
@@ -3485,8 +3560,6 @@ typedef struct AVCodecContext {
     /**
      * dump format separator.
      * can be ", " or "\n      " or anything else
-     * Code outside libavcodec should access this field using AVOptions
-     * (NO direct access).
      * - encoding: Set by user.
      * - decoding: Set by user.
      */
@@ -3496,13 +3569,12 @@ typedef struct AVCodecContext {
      * ',' separated list of allowed decoders.
      * If NULL then all are allowed
      * - encoding: unused
-     * - decoding: set by user through AVOPtions (NO direct access)
+     * - decoding: set by user
      */
     char *codec_whitelist;
 
-    /*
+    /**
      * Properties of the stream that gets decoded
-     * To be accessed through av_codec_get_properties() (NO direct access)
      * - encoding: unused
      * - decoding: set by libavcodec
      */
@@ -3522,7 +3594,8 @@ typedef struct AVCodecContext {
     /**
      * A reference to the AVHWFramesContext describing the input (for encoding)
      * or output (decoding) frames. The reference is set by the caller and
-     * afterwards owned (and freed) by libavcodec.
+     * afterwards owned (and freed) by libavcodec - it should never be read by
+     * the caller after being set.
      *
      * - decoding: This field should be set by the caller from the get_format()
      *             callback. The previous reference (if any) will always be
@@ -3564,6 +3637,71 @@ typedef struct AVCodecContext {
      */
     int trailing_padding;
 
+    /**
+     * The number of pixels per image to maximally accept.
+     *
+     * - decoding: set by user
+     * - encoding: set by user
+     */
+    int64_t max_pixels;
+
+    /**
+     * A reference to the AVHWDeviceContext describing the device which will
+     * be used by a hardware encoder/decoder.  The reference is set by the
+     * caller and afterwards owned (and freed) by libavcodec.
+     *
+     * This should be used if either the codec device does not require
+     * hardware frames or any that are used are to be allocated internally by
+     * libavcodec.  If the user wishes to supply any of the frames used as
+     * encoder input or decoder output then hw_frames_ctx should be used
+     * instead.  When hw_frames_ctx is set in get_format() for a decoder, this
+     * field will be ignored while decoding the associated stream segment, but
+     * may again be used on a following one after another get_format() call.
+     *
+     * For both encoders and decoders this field should be set before
+     * avcodec_open2() is called and must not be written to thereafter.
+     *
+     * Note that some decoders may require this field to be set initially in
+     * order to support hw_frames_ctx at all - in that case, all frames
+     * contexts used must be created on the same device.
+     */
+    AVBufferRef *hw_device_ctx;
+
+    /**
+     * Bit set of AV_HWACCEL_FLAG_* flags, which affect hardware accelerated
+     * decoding (if active).
+     * - encoding: unused
+     * - decoding: Set by user (either before avcodec_open2(), or in the
+     *             AVCodecContext.get_format callback)
+     */
+    int hwaccel_flags;
+
+    /**
+     * Video decoding only. Certain video codecs support cropping, meaning that
+     * only a sub-rectangle of the decoded frame is intended for display.  This
+     * option controls how cropping is handled by libavcodec.
+     *
+     * When set to 1 (the default), libavcodec will apply cropping internally.
+     * I.e. it will modify the output frame width/height fields and offset the
+     * data pointers (only by as much as possible while preserving alignment, or
+     * by the full amount if the AV_CODEC_FLAG_UNALIGNED flag is set) so that
+     * the frames output by the decoder refer only to the cropped area. The
+     * crop_* fields of the output frames will be zero.
+     *
+     * When set to 0, the width/height fields of the output frames will be set
+     * to the coded dimensions and the crop_* fields will describe the cropping
+     * rectangle. Applying the cropping is left to the caller.
+     *
+     * @warning When hardware acceleration with opaque output frames is used,
+     * libavcodec is unable to apply cropping from the top/left border.
+     *
+     * @note when this option is set to zero, the width/height fields of the
+     * AVCodecContext and output AVFrames have different meanings. The codec
+     * context fields store display dimensions (with the coded dimensions in
+     * coded_width/height), while the frame fields store the coded dimensions
+     * (with the display dimensions being determined by the crop_* fields).
+     */
+    int apply_cropping;
 } AVCodecContext;
 
 AVRational av_codec_get_pkt_timebase         (const AVCodecContext *avctx);
@@ -3623,7 +3761,7 @@ typedef struct AVCodec {
     const int *supported_samplerates;       ///< array of supported audio samplerates, or NULL if unknown, array is terminated by 0
     const enum AVSampleFormat *sample_fmts; ///< array of supported sample formats, or NULL if unknown, array is terminated by -1
     const uint64_t *channel_layouts;         ///< array of support channel layouts, or NULL if unknown. array is terminated by 0
-    uint8_t max_lowres;                     ///< maximum value for lowres supported by the decoder, no direct access, use av_codec_get_max_lowres()
+    uint8_t max_lowres;                     ///< maximum value for lowres supported by the decoder
     const AVClass *priv_class;              ///< AVClass for the private context
     const AVProfile *profiles;              ///< array of recognized profiles, or NULL if unknown, array is terminated by {FF_PROFILE_UNKNOWN}
 
@@ -3684,20 +3822,22 @@ typedef struct AVCodec {
     int (*decode)(AVCodecContext *, void *outdata, int *outdata_size, AVPacket *avpkt);
     int (*close)(AVCodecContext *);
     /**
-     * Decode/encode API with decoupled packet/frame dataflow. The API is the
+     * Encode API with decoupled packet/frame dataflow. The API is the
      * same as the avcodec_ prefixed APIs (avcodec_send_frame() etc.), except
      * that:
      * - never called if the codec is closed or the wrong type,
-     * - AVPacket parameter change side data is applied right before calling
-     *   AVCodec->send_packet,
-     * - if AV_CODEC_CAP_DELAY is not set, drain packets or frames are never sent,
-     * - only one drain packet is ever passed down (until the next flush()),
-     * - a drain AVPacket is always NULL (no need to check for avpkt->size).
+     * - if AV_CODEC_CAP_DELAY is not set, drain frames are never sent,
+     * - only one drain frame is ever passed down,
      */
     int (*send_frame)(AVCodecContext *avctx, const AVFrame *frame);
-    int (*send_packet)(AVCodecContext *avctx, const AVPacket *avpkt);
-    int (*receive_frame)(AVCodecContext *avctx, AVFrame *frame);
     int (*receive_packet)(AVCodecContext *avctx, AVPacket *avpkt);
+
+    /**
+     * Decode API with decoupled packet/frame dataflow. This function is called
+     * to get one output frame. It should call ff_decode_get_packet() to obtain
+     * input data.
+     */
+    int (*receive_frame)(AVCodecContext *avctx, AVFrame *frame);
     /**
      * Flush buffers.
      * Will be called when seeking
@@ -3708,6 +3848,12 @@ typedef struct AVCodec {
      * See FF_CODEC_CAP_* in internal.h
      */
     int caps_internal;
+
+    /**
+     * Decoding only, a comma-separated list of bitstream filters to apply to
+     * packets before decoding.
+     */
+    const char *bsfs;
 } AVCodec;
 
 int av_codec_get_max_lowres(const AVCodec *codec);
@@ -3749,7 +3895,7 @@ typedef struct AVHWAccel {
 
     /**
      * Hardware accelerated codec capabilities.
-     * see HWACCEL_CODEC_CAP_*
+     * see AV_HWACCEL_CODEC_CAP_*
      */
     int capabilities;
 
@@ -3820,7 +3966,7 @@ typedef struct AVHWAccel {
     /**
      * Called for every Macroblock in a slice.
      *
-     * XvMC uses it to replace the ff_mpv_decode_mb().
+     * XvMC uses it to replace the ff_mpv_reconstruct_mb().
      * Instead of decoding to raw picture, MB parameters are
      * stored in an array provided by the video driver.
      *
@@ -3850,9 +3996,20 @@ typedef struct AVHWAccel {
      * AVCodecInternal.hwaccel_priv_data.
      */
     int priv_data_size;
+
+    /**
+     * Internal hwaccel capabilities.
+     */
+    int caps_internal;
 } AVHWAccel;
 
 /**
+ * HWAccel is experimental and is thus avoided in favor of non experimental
+ * codecs
+ */
+#define AV_HWACCEL_CODEC_CAP_EXPERIMENTAL 0x0200
+
+/**
  * Hardware acceleration should be used for decoding even if the codec level
  * used is unknown or higher than the maximum supported level reported by the
  * hardware driver.
@@ -3869,6 +4026,20 @@ typedef struct AVHWAccel {
 #define AV_HWACCEL_FLAG_ALLOW_HIGH_DEPTH (1 << 1)
 
 /**
+ * Hardware acceleration should still be attempted for decoding when the
+ * codec profile does not match the reported capabilities of the hardware.
+ *
+ * For example, this can be used to try to decode baseline profile H.264
+ * streams in hardware - it will often succeed, because many streams marked
+ * as baseline profile actually conform to constrained baseline profile.
+ *
+ * @warning If the stream is actually not supported then the behaviour is
+ *          undefined, and may include returning entirely incorrect output
+ *          while indicating success.
+ */
+#define AV_HWACCEL_FLAG_ALLOW_PROFILE_MISMATCH (1 << 2)
+
+/**
  * @}
  */
 
@@ -4377,13 +4548,13 @@ AVPacket *av_packet_alloc(void);
  * @see av_packet_alloc
  * @see av_packet_ref
  */
-AVPacket *av_packet_clone(AVPacket *src);
+AVPacket *av_packet_clone(const AVPacket *src);
 
 /**
  * Free the packet, if the packet is reference counted, it will be
  * unreferenced first.
  *
- * @param packet packet to be freed. The pointer will be set to NULL.
+ * @param pkt packet to be freed. The pointer will be set to NULL.
  * @note passing NULL is a no-op.
  */
 void av_packet_free(AVPacket **pkt);
@@ -4452,14 +4623,20 @@ int av_dup_packet(AVPacket *pkt);
  * Copy packet, including contents
  *
  * @return 0 on success, negative AVERROR on fail
+ *
+ * @deprecated Use av_packet_ref
  */
+attribute_deprecated
 int av_copy_packet(AVPacket *dst, const AVPacket *src);
 
 /**
  * Copy packet side data
  *
  * @return 0 on success, negative AVERROR on fail
+ *
+ * @deprecated Use av_packet_copy_props
  */
+attribute_deprecated
 int av_copy_packet_side_data(AVPacket *dst, const AVPacket *src);
 
 /**
@@ -4518,12 +4695,16 @@ int av_packet_shrink_side_data(AVPacket *pkt, enum AVPacketSideDataType type,
  * @param size pointer for side information size to store (optional)
  * @return pointer to data if present or NULL otherwise
  */
-uint8_t* av_packet_get_side_data(AVPacket *pkt, enum AVPacketSideDataType type,
+uint8_t* av_packet_get_side_data(const AVPacket *pkt, enum AVPacketSideDataType type,
                                  int *size);
 
+#if FF_API_MERGE_SD_API
+attribute_deprecated
 int av_packet_merge_side_data(AVPacket *pkt);
 
+attribute_deprecated
 int av_packet_split_side_data(AVPacket *pkt);
+#endif
 
 const char *av_packet_side_data_name(enum AVPacketSideDataType type);
 
@@ -4823,13 +5004,13 @@ int avcodec_decode_video2(AVCodecContext *avctx, AVFrame *picture,
  * and reusing a get_buffer written for video codecs would probably perform badly
  * due to a potentially very different allocation pattern.
  *
- * Some decoders (those marked with CODEC_CAP_DELAY) have a delay between input
+ * Some decoders (those marked with AV_CODEC_CAP_DELAY) have a delay between input
  * and output. This means that for some packets they will not immediately
  * produce decoded output and need to be flushed at the end of decoding to get
  * all the decoded data. Flushing is done by calling this function with packets
  * with avpkt->data set to NULL and avpkt->size set to 0 until it stops
  * returning subtitles. It is safe to flush even those decoders that are not
- * marked with CODEC_CAP_DELAY, then no subtitles will be returned.
+ * marked with AV_CODEC_CAP_DELAY, then no subtitles will be returned.
  *
  * @note The AVCodecContext MUST have been opened with @ref avcodec_open2()
  * before packets may be fed to the decoder.
@@ -4883,8 +5064,10 @@ int avcodec_decode_subtitle2(AVCodecContext *avctx, AVSubtitle *sub,
  *                  a flush packet.
  *
  * @return 0 on success, otherwise negative error code:
- *      AVERROR(EAGAIN):   input is not accepted right now - the packet must be
- *                         resent after trying to read output
+ *      AVERROR(EAGAIN):   input is not accepted in the current state - user
+ *                         must read output with avcodec_receive_frame() (once
+ *                         all output is read, the packet should be resent, and
+ *                         the call will not fail with EAGAIN).
  *      AVERROR_EOF:       the decoder has been flushed, and no new packets can
  *                         be sent to it (also returned if more than 1 flush
  *                         packet is sent)
@@ -4905,7 +5088,7 @@ int avcodec_send_packet(AVCodecContext *avctx, const AVPacket *avpkt);
  *
  * @return
  *      0:                 success, a frame was returned
- *      AVERROR(EAGAIN):   output is not available right now - user must try
+ *      AVERROR(EAGAIN):   output is not available in this state - user must try
  *                         to send new input
  *      AVERROR_EOF:       the decoder has been fully flushed, and there will be
  *                         no more output frames
@@ -4938,8 +5121,10 @@ int avcodec_receive_frame(AVCodecContext *avctx, AVFrame *frame);
  *                  avctx->frame_size for all frames except the last.
  *                  The final frame may be smaller than avctx->frame_size.
  * @return 0 on success, otherwise negative error code:
- *      AVERROR(EAGAIN):   input is not accepted right now - the frame must be
- *                         resent after trying to read output packets
+ *      AVERROR(EAGAIN):   input is not accepted in the current state - user
+ *                         must read output with avcodec_receive_packet() (once
+ *                         all output is read, the packet should be resent, and
+ *                         the call will not fail with EAGAIN).
  *      AVERROR_EOF:       the encoder has been flushed, and no new frames can
  *                         be sent to it
  *      AVERROR(EINVAL):   codec not opened, refcounted_frames not set, it is a
@@ -4957,8 +5142,8 @@ int avcodec_send_frame(AVCodecContext *avctx, const AVFrame *frame);
  *              encoder. Note that the function will always call
  *              av_frame_unref(frame) before doing anything else.
  * @return 0 on success, otherwise negative error code:
- *      AVERROR(EAGAIN):   output is not available right now - user must try
- *                         to send input
+ *      AVERROR(EAGAIN):   output is not available in the current state - user
+ *                         must try to send input
  *      AVERROR_EOF:       the encoder has been fully flushed, and there will be
  *                         no more output packets
  *      AVERROR(EINVAL):   codec not opened, or it is an encoder
@@ -5509,22 +5694,14 @@ int av_picture_pad(AVPicture *dst, const AVPicture *src, int height, int width,
  * @{
  */
 
+#if FF_API_GETCHROMA
 /**
- * Utility function to access log2_chroma_w log2_chroma_h from
- * the pixel format AVPixFmtDescriptor.
- *
- * This function asserts that pix_fmt is valid. See av_pix_fmt_get_chroma_sub_sample
- * for one that returns a failure code and continues in case of invalid
- * pix_fmts.
- *
- * @param[in]  pix_fmt the pixel format
- * @param[out] h_shift store log2_chroma_w
- * @param[out] v_shift store log2_chroma_h
- *
- * @see av_pix_fmt_get_chroma_sub_sample
+ * @deprecated Use av_pix_fmt_get_chroma_sub_sample
  */
 
+attribute_deprecated
 void avcodec_get_chroma_sub_sample(enum AVPixelFormat pix_fmt, int *h_shift, int *v_shift);
+#endif
 
 /**
  * Return a value representing the fourCC code associated to the
@@ -5584,6 +5761,7 @@ attribute_deprecated
 void avcodec_set_dimensions(AVCodecContext *s, int width, int height);
 #endif
 
+#if FF_API_TAG_STRING
 /**
  * Put a string representing the codec tag codec_tag in buf.
  *
@@ -5592,8 +5770,12 @@ void avcodec_set_dimensions(AVCodecContext *s, int width, int height);
  * @param codec_tag codec tag to assign
  * @return the length of the string that would have been generated if
  * enough space had been available, excluding the trailing null
+ *
+ * @deprecated see av_fourcc_make_string() and av_fourcc2str().
  */
+attribute_deprecated
 size_t av_get_codec_tag_string(char *buf, size_t buf_size, unsigned int codec_tag);
+#endif
 
 void avcodec_string(char *buf, int buf_size, AVCodecContext *enc, int encode);
 
@@ -5706,7 +5888,7 @@ int av_get_audio_frame_duration2(AVCodecParameters *par, int frame_bytes);
 #if FF_API_OLD_BSF
 typedef struct AVBitStreamFilterContext {
     void *priv_data;
-    struct AVBitStreamFilter *filter;
+    const struct AVBitStreamFilter *filter;
     AVCodecParserContext *parser;
     struct AVBitStreamFilterContext *next;
     /**
@@ -5753,12 +5935,15 @@ typedef struct AVBSFContext {
     void *priv_data;
 
     /**
-     * Parameters of the input stream. Set by the caller before av_bsf_init().
+     * Parameters of the input stream. This field is allocated in
+     * av_bsf_alloc(), it needs to be filled by the caller before
+     * av_bsf_init().
      */
     AVCodecParameters *par_in;
 
     /**
-     * Parameters of the output stream. Set by the filter in av_bsf_init().
+     * Parameters of the output stream. This field is allocated in
+     * av_bsf_alloc(), it is set by the filter in av_bsf_init().
      */
     AVCodecParameters *par_out;
 
@@ -5936,8 +6121,7 @@ int av_bsf_init(AVBSFContext *ctx);
  * av_bsf_receive_packet() repeatedly until it returns AVERROR(EAGAIN) or
  * AVERROR_EOF.
  *
- * @param pkt the packet to filter. pkt must contain some payload (i.e data or
- * side data must be present in pkt). The bitstream filter will take ownership of
+ * @param pkt the packet to filter. The bitstream filter will take ownership of
  * the packet and reset the contents of pkt. pkt is not touched if an error occurs.
  * This parameter may be NULL, which signals the end of the stream (i.e. no more
  * packets will be sent). That will cause the filter to output any packets it
diff --git a/media/ffvpx/libavcodec/avdct.h b/media/ffvpx/libavcodec/avdct.h
deleted file mode 100644
index 272422e44..000000000
--- a/media/ffvpx/libavcodec/avdct.h
+++ /dev/null
@@ -1,84 +0,0 @@
-/*
- * This file is part of FFmpeg.
- *
- * FFmpeg is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * FFmpeg is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with FFmpeg; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
-
-#ifndef AVCODEC_AVDCT_H
-#define AVCODEC_AVDCT_H
-
-#include "libavutil/opt.h"
-
-/**
- * AVDCT context.
- * @note function pointers can be NULL if the specific features have been
- *       disabled at build time.
- */
-typedef struct AVDCT {
-    const AVClass *av_class;
-
-    void (*idct)(int16_t *block /* align 16 */);
-
-    /**
-     * IDCT input permutation.
-     * Several optimized IDCTs need a permutated input (relative to the
-     * normal order of the reference IDCT).
-     * This permutation must be performed before the idct_put/add.
-     * Note, normally this can be merged with the zigzag/alternate scan<br>
-     * An example to avoid confusion:
-     * - (->decode coeffs -> zigzag reorder -> dequant -> reference IDCT -> ...)
-     * - (x -> reference DCT -> reference IDCT -> x)
-     * - (x -> reference DCT -> simple_mmx_perm = idct_permutation
-     *    -> simple_idct_mmx -> x)
-     * - (-> decode coeffs -> zigzag reorder -> simple_mmx_perm -> dequant
-     *    -> simple_idct_mmx -> ...)
-     */
-    uint8_t idct_permutation[64];
-
-    void (*fdct)(int16_t *block /* align 16 */);
-
-
-    /**
-     * DCT algorithm.
-     * must use AVOptions to set this field.
-     */
-    int dct_algo;
-
-    /**
-     * IDCT algorithm.
-     * must use AVOptions to set this field.
-     */
-    int idct_algo;
-
-    void (*get_pixels)(int16_t *block /* align 16 */,
-                       const uint8_t *pixels /* align 8 */,
-                       ptrdiff_t line_size);
-
-    int bits_per_sample;
-} AVDCT;
-
-/**
- * Allocates a AVDCT context.
- * This needs to be initialized with avcodec_dct_init() after optionally
- * configuring it with AVOptions.
- *
- * To free it use av_free()
- */
-AVDCT *avcodec_dct_alloc(void);
-int avcodec_dct_init(AVDCT *);
-
-const AVClass *avcodec_dct_get_class(void);
-
-#endif /* AVCODEC_AVDCT_H */
diff --git a/media/ffvpx/libavcodec/avpacket.c b/media/ffvpx/libavcodec/avpacket.c
index e5a8bdbe4..d1f4ea9eb 100644
--- a/media/ffvpx/libavcodec/avpacket.c
+++ b/media/ffvpx/libavcodec/avpacket.c
@@ -247,8 +247,6 @@ failed_alloc:
     av_packet_unref(pkt);
     return AVERROR(ENOMEM);
 }
-FF_ENABLE_DEPRECATION_WARNINGS
-#endif
 
 int av_dup_packet(AVPacket *pkt)
 {
@@ -266,6 +264,8 @@ int av_copy_packet(AVPacket *dst, const AVPacket *src)
     *dst = *src;
     return copy_packet_data(dst, src, 0);
 }
+FF_ENABLE_DEPRECATION_WARNINGS
+#endif
 
 void av_packet_free_side_data(AVPacket *pkt)
 {
@@ -296,9 +296,20 @@ int av_packet_add_side_data(AVPacket *pkt, enum AVPacketSideDataType type,
                             uint8_t *data, size_t size)
 {
     AVPacketSideData *tmp;
-    int elems = pkt->side_data_elems;
+    int i, elems = pkt->side_data_elems;
+
+    for (i = 0; i < elems; i++) {
+        AVPacketSideData *sd = &pkt->side_data[i];
+
+        if (sd->type == type) {
+            av_free(sd->data);
+            sd->data = data;
+            sd->size = size;
+            return 0;
+        }
+    }
 
-    if ((unsigned)elems + 1 > INT_MAX / sizeof(*pkt->side_data))
+    if ((unsigned)elems + 1 > AV_PKT_DATA_NB)
         return AVERROR(ERANGE);
 
     tmp = av_realloc(pkt->side_data, (elems + 1) * sizeof(*tmp));
@@ -336,7 +347,7 @@ uint8_t *av_packet_new_side_data(AVPacket *pkt, enum AVPacketSideDataType type,
     return data;
 }
 
-uint8_t *av_packet_get_side_data(AVPacket *pkt, enum AVPacketSideDataType type,
+uint8_t *av_packet_get_side_data(const AVPacket *pkt, enum AVPacketSideDataType type,
                                  int *size)
 {
     int i;
@@ -348,6 +359,8 @@ uint8_t *av_packet_get_side_data(AVPacket *pkt, enum AVPacketSideDataType type,
             return pkt->side_data[i].data;
         }
     }
+    if (size)
+        *size = 0;
     return NULL;
 }
 
@@ -372,10 +385,15 @@ const char *av_packet_side_data_name(enum AVPacketSideDataType type)
     case AV_PKT_DATA_METADATA_UPDATE:            return "Metadata Update";
     case AV_PKT_DATA_MPEGTS_STREAM_ID:           return "MPEGTS Stream ID";
     case AV_PKT_DATA_MASTERING_DISPLAY_METADATA: return "Mastering display metadata";
+    case AV_PKT_DATA_CONTENT_LIGHT_LEVEL:        return "Content light level metadata";
+    case AV_PKT_DATA_SPHERICAL:                  return "Spherical Mapping";
+    case AV_PKT_DATA_A53_CC:                     return "A53 Closed Captions";
     }
     return NULL;
 }
 
+#if FF_API_MERGE_SD_API
+
 #define FF_MERGE_MARKER 0x8c4d9d108e25e9feULL
 
 int av_packet_merge_side_data(AVPacket *pkt){
@@ -431,6 +449,9 @@ int av_packet_split_side_data(AVPacket *pkt){
             p-= size+5;
         }
 
+        if (i > AV_PKT_DATA_NB)
+            return AVERROR(ERANGE);
+
         pkt->side_data = av_malloc_array(i, sizeof(*pkt->side_data));
         if (!pkt->side_data)
             return AVERROR(ENOMEM);
@@ -456,6 +477,35 @@ int av_packet_split_side_data(AVPacket *pkt){
     }
     return 0;
 }
+#endif
+
+#if FF_API_MERGE_SD
+int ff_packet_split_and_drop_side_data(AVPacket *pkt){
+    if (!pkt->side_data_elems && pkt->size >12 && AV_RB64(pkt->data + pkt->size - 8) == FF_MERGE_MARKER){
+        int i;
+        unsigned int size;
+        uint8_t *p;
+
+        p = pkt->data + pkt->size - 8 - 5;
+        for (i=1; ; i++){
+            size = AV_RB32(p);
+            if (size>INT_MAX - 5 || p - pkt->data < size)
+                return 0;
+            if (p[4]&128)
+                break;
+            if (p - pkt->data < size + 5)
+                return 0;
+            p-= size+5;
+            if (i > AV_PKT_DATA_NB)
+                return 0;
+        }
+        pkt->size = p - pkt->data - size;
+        av_assert0(pkt->size >= 0);
+        return 1;
+    }
+    return 0;
+}
+#endif
 
 uint8_t *av_packet_pack_dictionary(AVDictionary *dict, int *size)
 {
@@ -505,7 +555,7 @@ int av_packet_unpack_dictionary(const uint8_t *data, int size, AVDictionary **di
         const uint8_t *key = data;
         const uint8_t *val = data + strlen(key) + 1;
 
-        if (val >= end)
+        if (val >= end || !*key)
             return AVERROR_INVALIDDATA;
 
         ret = av_dict_set(dict, key, val, 0);
@@ -607,7 +657,7 @@ fail:
     return ret;
 }
 
-AVPacket *av_packet_clone(AVPacket *src)
+AVPacket *av_packet_clone(const AVPacket *src)
 {
     AVPacket *ret = av_packet_alloc();
 
diff --git a/media/ffvpx/libavcodec/bitstream.c b/media/ffvpx/libavcodec/bitstream.c
index 562ca1cb8..ed528fe4a 100644
--- a/media/ffvpx/libavcodec/bitstream.c
+++ b/media/ffvpx/libavcodec/bitstream.c
@@ -28,7 +28,6 @@
  * bitstream api.
  */
 
-#include "libavutil/atomic.h"
 #include "libavutil/avassert.h"
 #include "libavutil/qsort.h"
 #include "avcodec.h"
@@ -99,9 +98,11 @@ void avpriv_copy_bits(PutBitContext *pb, const uint8_t *src, int length)
     case 2:                                                 \
         v = *(const uint16_t *)ptr;                         \
         break;                                              \
-    default:                                                \
+    case 4:                                                 \
         v = *(const uint32_t *)ptr;                         \
         break;                                              \
+    default:                                                \
+        av_assert1(0);                                      \
     }                                                       \
 }
 
@@ -126,14 +127,6 @@ static int alloc_table(VLC *vlc, int size, int use_static)
     return index;
 }
 
-static av_always_inline uint32_t bitswap_32(uint32_t x)
-{
-    return (uint32_t)ff_reverse[ x        & 0xFF] << 24 |
-           (uint32_t)ff_reverse[(x >> 8)  & 0xFF] << 16 |
-           (uint32_t)ff_reverse[(x >> 16) & 0xFF] << 8  |
-           (uint32_t)ff_reverse[ x >> 24];
-}
-
 typedef struct VLCcode {
     uint8_t bits;
     uint16_t symbol;
@@ -183,7 +176,7 @@ static int build_table(VLC *vlc, int table_nb_bits, int nb_codes,
         n      = codes[i].bits;
         code   = codes[i].code;
         symbol = codes[i].symbol;
-        ff_dlog(NULL, "i=%d n=%d code=0x%x\n", i, n, code);
+        ff_dlog(NULL, "i=%d n=%d code=0x%"PRIx32"\n", i, n, code);
         if (n <= table_nb_bits) {
             /* no need to add another table */
             j = code >> (32 - table_nb_bits);
@@ -264,7 +257,7 @@ static int build_table(VLC *vlc, int table_nb_bits, int nb_codes,
    'bits' or 'codes' tables.
 
    'xxx_size' : gives the number of bytes of each entry of the 'bits'
-   or 'codes' tables.
+   or 'codes' tables. Currently 1,2 and 4 are supported.
 
    'wrap' and 'size' make it possible to use any memory configuration and types
    (byte/word/long) to store the 'bits', 'codes', and 'symbols' tables.
@@ -317,7 +310,8 @@ int ff_init_vlc_sparse(VLC *vlc_arg, int nb_bits, int nb_codes,
         }                                                                   \
         GET_DATA(buf[j].code, codes, i, codes_wrap, codes_size);            \
         if (buf[j].code >= (1LL<<buf[j].bits)) {                            \
-            av_log(NULL, AV_LOG_ERROR, "Invalid code %x for %d in init_vlc\n", buf[j].code, i);\
+            av_log(NULL, AV_LOG_ERROR, "Invalid code %"PRIx32" for %d in "  \
+                   "init_vlc\n", buf[j].code, i);                           \
             if (!(flags & INIT_VLC_USE_NEW_STATIC))                         \
                 av_free(buf);                                               \
             return -1;                                                      \
diff --git a/media/ffvpx/libavcodec/bitstream_filter.c b/media/ffvpx/libavcodec/bitstream_filter.c
new file mode 100644
index 000000000..8599b90d4
--- /dev/null
+++ b/media/ffvpx/libavcodec/bitstream_filter.c
@@ -0,0 +1,185 @@
+/*
+ * copyright (c) 2006 Michael Niedermayer <michaelni@gmx.at>
+ *
+ * This file is part of FFmpeg.
+ *
+ * FFmpeg is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * FFmpeg is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with FFmpeg; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#include <string.h>
+
+#include "avcodec.h"
+#include "libavutil/internal.h"
+#include "libavutil/mem.h"
+#include "libavutil/opt.h"
+
+#if FF_API_OLD_BSF
+FF_DISABLE_DEPRECATION_WARNINGS
+
+AVBitStreamFilter *av_bitstream_filter_next(const AVBitStreamFilter *f)
+{
+    const AVBitStreamFilter *filter = NULL;
+    void *opaque = NULL;
+
+    while (filter != f)
+        filter = av_bsf_next(&opaque);
+
+    return av_bsf_next(&opaque);
+}
+
+void av_register_bitstream_filter(AVBitStreamFilter *bsf)
+{
+}
+
+typedef struct BSFCompatContext {
+    AVBSFContext *ctx;
+    int extradata_updated;
+} BSFCompatContext;
+
+AVBitStreamFilterContext *av_bitstream_filter_init(const char *name)
+{
+    AVBitStreamFilterContext *ctx = NULL;
+    BSFCompatContext         *priv = NULL;
+    const AVBitStreamFilter *bsf;
+
+    bsf = av_bsf_get_by_name(name);
+    if (!bsf)
+        return NULL;
+
+    ctx = av_mallocz(sizeof(*ctx));
+    if (!ctx)
+        return NULL;
+
+    priv = av_mallocz(sizeof(*priv));
+    if (!priv)
+        goto fail;
+
+
+    ctx->filter    = bsf;
+    ctx->priv_data = priv;
+
+    return ctx;
+
+fail:
+    if (priv)
+        av_bsf_free(&priv->ctx);
+    av_freep(&priv);
+    av_freep(&ctx);
+    return NULL;
+}
+
+void av_bitstream_filter_close(AVBitStreamFilterContext *bsfc)
+{
+    BSFCompatContext *priv;
+
+    if (!bsfc)
+        return;
+
+    priv = bsfc->priv_data;
+
+    av_bsf_free(&priv->ctx);
+    av_freep(&bsfc->priv_data);
+    av_free(bsfc);
+}
+
+int av_bitstream_filter_filter(AVBitStreamFilterContext *bsfc,
+                               AVCodecContext *avctx, const char *args,
+                               uint8_t **poutbuf, int *poutbuf_size,
+                               const uint8_t *buf, int buf_size, int keyframe)
+{
+    BSFCompatContext *priv = bsfc->priv_data;
+    AVPacket pkt = { 0 };
+    int ret;
+
+    if (!priv->ctx) {
+        ret = av_bsf_alloc(bsfc->filter, &priv->ctx);
+        if (ret < 0)
+            return ret;
+
+        ret = avcodec_parameters_from_context(priv->ctx->par_in, avctx);
+        if (ret < 0)
+            return ret;
+
+        priv->ctx->time_base_in = avctx->time_base;
+
+        if (bsfc->args && bsfc->filter->priv_class) {
+            const AVOption *opt = av_opt_next(priv->ctx->priv_data, NULL);
+            const char * shorthand[2] = {NULL};
+
+            if (opt)
+                shorthand[0] = opt->name;
+
+            ret = av_opt_set_from_string(priv->ctx->priv_data, bsfc->args, shorthand, "=", ":");
+            if (ret < 0)
+                return ret;
+        }
+
+        ret = av_bsf_init(priv->ctx);
+        if (ret < 0)
+            return ret;
+    }
+
+    pkt.data = buf;
+    pkt.size = buf_size;
+
+    ret = av_bsf_send_packet(priv->ctx, &pkt);
+    if (ret < 0)
+        return ret;
+
+    *poutbuf      = NULL;
+    *poutbuf_size = 0;
+
+    ret = av_bsf_receive_packet(priv->ctx, &pkt);
+    if (ret == AVERROR(EAGAIN) || ret == AVERROR_EOF)
+        return 0;
+    else if (ret < 0)
+        return ret;
+
+    *poutbuf = av_malloc(pkt.size + AV_INPUT_BUFFER_PADDING_SIZE);
+    if (!*poutbuf) {
+        av_packet_unref(&pkt);
+        return AVERROR(ENOMEM);
+    }
+
+    *poutbuf_size = pkt.size;
+    memcpy(*poutbuf, pkt.data, pkt.size);
+
+    av_packet_unref(&pkt);
+
+    /* drain all the remaining packets we cannot return */
+    while (ret >= 0) {
+        ret = av_bsf_receive_packet(priv->ctx, &pkt);
+        av_packet_unref(&pkt);
+    }
+
+    if (!priv->extradata_updated) {
+        /* update extradata in avctx from the output codec parameters */
+        if (priv->ctx->par_out->extradata_size && (!args || !strstr(args, "private_spspps_buf"))) {
+            av_freep(&avctx->extradata);
+            avctx->extradata_size = 0;
+            avctx->extradata = av_mallocz(priv->ctx->par_out->extradata_size + AV_INPUT_BUFFER_PADDING_SIZE);
+            if (!avctx->extradata)
+                return AVERROR(ENOMEM);
+            memcpy(avctx->extradata, priv->ctx->par_out->extradata, priv->ctx->par_out->extradata_size);
+            avctx->extradata_size = priv->ctx->par_out->extradata_size;
+        }
+
+        priv->extradata_updated = 1;
+    }
+
+    return 1;
+}
+FF_ENABLE_DEPRECATION_WARNINGS
+#endif
diff --git a/media/ffvpx/libavcodec/bitstream_filters.c b/media/ffvpx/libavcodec/bitstream_filters.c
new file mode 100644
index 000000000..ce34de640
--- /dev/null
+++ b/media/ffvpx/libavcodec/bitstream_filters.c
@@ -0,0 +1,91 @@
+/*
+ * This file is part of FFmpeg.
+ *
+ * FFmpeg is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * FFmpeg is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with FFmpeg; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#include "config.h"
+
+#include "libavutil/common.h"
+#include "libavutil/log.h"
+
+#include "avcodec.h"
+#include "bsf.h"
+
+extern const AVBitStreamFilter ff_aac_adtstoasc_bsf;
+extern const AVBitStreamFilter ff_chomp_bsf;
+extern const AVBitStreamFilter ff_dump_extradata_bsf;
+extern const AVBitStreamFilter ff_dca_core_bsf;
+extern const AVBitStreamFilter ff_extract_extradata_bsf;
+extern const AVBitStreamFilter ff_h264_mp4toannexb_bsf;
+extern const AVBitStreamFilter ff_hevc_mp4toannexb_bsf;
+extern const AVBitStreamFilter ff_imx_dump_header_bsf;
+extern const AVBitStreamFilter ff_mjpeg2jpeg_bsf;
+extern const AVBitStreamFilter ff_mjpega_dump_header_bsf;
+extern const AVBitStreamFilter ff_mp3_header_decompress_bsf;
+extern const AVBitStreamFilter ff_mpeg4_unpack_bframes_bsf;
+extern const AVBitStreamFilter ff_mov2textsub_bsf;
+extern const AVBitStreamFilter ff_noise_bsf;
+extern const AVBitStreamFilter ff_null_bsf;
+extern const AVBitStreamFilter ff_remove_extradata_bsf;
+extern const AVBitStreamFilter ff_text2movsub_bsf;
+extern const AVBitStreamFilter ff_vp9_raw_reorder_bsf;
+extern const AVBitStreamFilter ff_vp9_superframe_bsf;
+extern const AVBitStreamFilter ff_vp9_superframe_split_bsf;
+
+#include "libavcodec/bsf_list.c"
+
+const AVBitStreamFilter *av_bsf_next(void **opaque)
+{
+    uintptr_t i = (uintptr_t)*opaque;
+    const AVBitStreamFilter *f = bitstream_filters[i];
+
+    if (f)
+        *opaque = (void*)(i + 1);
+
+    return f;
+}
+
+const AVBitStreamFilter *av_bsf_get_by_name(const char *name)
+{
+    int i;
+
+    for (i = 0; bitstream_filters[i]; i++) {
+        const AVBitStreamFilter *f = bitstream_filters[i];
+        if (!strcmp(f->name, name))
+            return f;
+    }
+
+    return NULL;
+}
+
+const AVClass *ff_bsf_child_class_next(const AVClass *prev)
+{
+    int i;
+
+    /* find the filter that corresponds to prev */
+    for (i = 0; prev && bitstream_filters[i]; i++) {
+        if (bitstream_filters[i]->priv_class == prev) {
+            i++;
+            break;
+        }
+    }
+
+    /* find next filter with priv options */
+    for (; bitstream_filters[i]; i++)
+        if (bitstream_filters[i]->priv_class)
+            return bitstream_filters[i]->priv_class;
+    return NULL;
+}
diff --git a/media/ffvpx/libavcodec/blockdsp.h b/media/ffvpx/libavcodec/blockdsp.h
index 95e1d0f32..6e27a02ba 100644
--- a/media/ffvpx/libavcodec/blockdsp.h
+++ b/media/ffvpx/libavcodec/blockdsp.h
@@ -19,6 +19,7 @@
 #ifndef AVCODEC_BLOCKDSP_H
 #define AVCODEC_BLOCKDSP_H
 
+#include <stddef.h>
 #include <stdint.h>
 
 #include "avcodec.h"
@@ -29,7 +30,7 @@
  * h for op_pixels_func is limited to { width / 2, width },
  * but never larger than 16 and never smaller than 4. */
 typedef void (*op_fill_func)(uint8_t *block /* align width (8 or 16) */,
-                             uint8_t value, int line_size, int h);
+                             uint8_t value, ptrdiff_t line_size, int h);
 
 typedef struct BlockDSPContext {
     void (*clear_block)(int16_t *block /* align 16 */);
diff --git a/media/ffvpx/libavcodec/bsf.c b/media/ffvpx/libavcodec/bsf.c
new file mode 100644
index 000000000..38b423101
--- /dev/null
+++ b/media/ffvpx/libavcodec/bsf.c
@@ -0,0 +1,542 @@
+/*
+ * This file is part of FFmpeg.
+ *
+ * FFmpeg is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * FFmpeg is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with FFmpeg; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#include <string.h>
+
+#include "libavutil/log.h"
+#include "libavutil/mem.h"
+#include "libavutil/opt.h"
+#include "libavutil/avstring.h"
+#include "libavutil/bprint.h"
+
+#include "avcodec.h"
+#include "bsf.h"
+
+struct AVBSFInternal {
+    AVPacket *buffer_pkt;
+    int eof;
+};
+
+void av_bsf_free(AVBSFContext **pctx)
+{
+    AVBSFContext *ctx;
+
+    if (!pctx || !*pctx)
+        return;
+    ctx = *pctx;
+
+    if (ctx->filter->close)
+        ctx->filter->close(ctx);
+    if (ctx->filter->priv_class && ctx->priv_data)
+        av_opt_free(ctx->priv_data);
+
+    av_opt_free(ctx);
+
+    av_packet_free(&ctx->internal->buffer_pkt);
+    av_freep(&ctx->internal);
+    av_freep(&ctx->priv_data);
+
+    avcodec_parameters_free(&ctx->par_in);
+    avcodec_parameters_free(&ctx->par_out);
+
+    av_freep(pctx);
+}
+
+static void *bsf_child_next(void *obj, void *prev)
+{
+    AVBSFContext *ctx = obj;
+    if (!prev && ctx->filter->priv_class)
+        return ctx->priv_data;
+    return NULL;
+}
+
+static const AVClass bsf_class = {
+    .class_name       = "AVBSFContext",
+    .item_name        = av_default_item_name,
+    .version          = LIBAVUTIL_VERSION_INT,
+    .child_next       = bsf_child_next,
+    .child_class_next = ff_bsf_child_class_next,
+};
+
+const AVClass *av_bsf_get_class(void)
+{
+    return &bsf_class;
+}
+
+int av_bsf_alloc(const AVBitStreamFilter *filter, AVBSFContext **pctx)
+{
+    AVBSFContext *ctx;
+    int ret;
+
+    ctx = av_mallocz(sizeof(*ctx));
+    if (!ctx)
+        return AVERROR(ENOMEM);
+
+    ctx->av_class = &bsf_class;
+    ctx->filter   = filter;
+
+    ctx->par_in  = avcodec_parameters_alloc();
+    ctx->par_out = avcodec_parameters_alloc();
+    if (!ctx->par_in || !ctx->par_out) {
+        ret = AVERROR(ENOMEM);
+        goto fail;
+    }
+
+    ctx->internal = av_mallocz(sizeof(*ctx->internal));
+    if (!ctx->internal) {
+        ret = AVERROR(ENOMEM);
+        goto fail;
+    }
+
+    ctx->internal->buffer_pkt = av_packet_alloc();
+    if (!ctx->internal->buffer_pkt) {
+        ret = AVERROR(ENOMEM);
+        goto fail;
+    }
+
+    av_opt_set_defaults(ctx);
+
+    /* allocate priv data and init private options */
+    if (filter->priv_data_size) {
+        ctx->priv_data = av_mallocz(filter->priv_data_size);
+        if (!ctx->priv_data) {
+            ret = AVERROR(ENOMEM);
+            goto fail;
+        }
+        if (filter->priv_class) {
+            *(const AVClass **)ctx->priv_data = filter->priv_class;
+            av_opt_set_defaults(ctx->priv_data);
+        }
+    }
+
+    *pctx = ctx;
+    return 0;
+fail:
+    av_bsf_free(&ctx);
+    return ret;
+}
+
+int av_bsf_init(AVBSFContext *ctx)
+{
+    int ret, i;
+
+    /* check that the codec is supported */
+    if (ctx->filter->codec_ids) {
+        for (i = 0; ctx->filter->codec_ids[i] != AV_CODEC_ID_NONE; i++)
+            if (ctx->par_in->codec_id == ctx->filter->codec_ids[i])
+                break;
+        if (ctx->filter->codec_ids[i] == AV_CODEC_ID_NONE) {
+            const AVCodecDescriptor *desc = avcodec_descriptor_get(ctx->par_in->codec_id);
+            av_log(ctx, AV_LOG_ERROR, "Codec '%s' (%d) is not supported by the "
+                   "bitstream filter '%s'. Supported codecs are: ",
+                   desc ? desc->name : "unknown", ctx->par_in->codec_id, ctx->filter->name);
+            for (i = 0; ctx->filter->codec_ids[i] != AV_CODEC_ID_NONE; i++) {
+                desc = avcodec_descriptor_get(ctx->filter->codec_ids[i]);
+                av_log(ctx, AV_LOG_ERROR, "%s (%d) ",
+                       desc ? desc->name : "unknown", ctx->filter->codec_ids[i]);
+            }
+            av_log(ctx, AV_LOG_ERROR, "\n");
+            return AVERROR(EINVAL);
+        }
+    }
+
+    /* initialize output parameters to be the same as input
+     * init below might overwrite that */
+    ret = avcodec_parameters_copy(ctx->par_out, ctx->par_in);
+    if (ret < 0)
+        return ret;
+
+    ctx->time_base_out = ctx->time_base_in;
+
+    if (ctx->filter->init) {
+        ret = ctx->filter->init(ctx);
+        if (ret < 0)
+            return ret;
+    }
+
+    return 0;
+}
+
+int av_bsf_send_packet(AVBSFContext *ctx, AVPacket *pkt)
+{
+    if (!pkt || (!pkt->data && !pkt->side_data_elems)) {
+        ctx->internal->eof = 1;
+        return 0;
+    }
+
+    if (ctx->internal->eof) {
+        av_log(ctx, AV_LOG_ERROR, "A non-NULL packet sent after an EOF.\n");
+        return AVERROR(EINVAL);
+    }
+
+    if (ctx->internal->buffer_pkt->data ||
+        ctx->internal->buffer_pkt->side_data_elems)
+        return AVERROR(EAGAIN);
+
+    av_packet_move_ref(ctx->internal->buffer_pkt, pkt);
+
+    return 0;
+}
+
+int av_bsf_receive_packet(AVBSFContext *ctx, AVPacket *pkt)
+{
+    return ctx->filter->filter(ctx, pkt);
+}
+
+int ff_bsf_get_packet(AVBSFContext *ctx, AVPacket **pkt)
+{
+    AVBSFInternal *in = ctx->internal;
+    AVPacket *tmp_pkt;
+
+    if (in->eof)
+        return AVERROR_EOF;
+
+    if (!ctx->internal->buffer_pkt->data &&
+        !ctx->internal->buffer_pkt->side_data_elems)
+        return AVERROR(EAGAIN);
+
+    tmp_pkt = av_packet_alloc();
+    if (!tmp_pkt)
+        return AVERROR(ENOMEM);
+
+    *pkt = ctx->internal->buffer_pkt;
+    ctx->internal->buffer_pkt = tmp_pkt;
+
+    return 0;
+}
+
+int ff_bsf_get_packet_ref(AVBSFContext *ctx, AVPacket *pkt)
+{
+    AVBSFInternal *in = ctx->internal;
+
+    if (in->eof)
+        return AVERROR_EOF;
+
+    if (!ctx->internal->buffer_pkt->data &&
+        !ctx->internal->buffer_pkt->side_data_elems)
+        return AVERROR(EAGAIN);
+
+    av_packet_move_ref(pkt, ctx->internal->buffer_pkt);
+
+    return 0;
+}
+
+typedef struct BSFListContext {
+    const AVClass *class;
+
+    AVBSFContext **bsfs;
+    int nb_bsfs;
+
+    unsigned idx;           // index of currently processed BSF
+    unsigned flushed_idx;   // index of BSF being flushed
+
+    char * item_name;
+} BSFListContext;
+
+
+static int bsf_list_init(AVBSFContext *bsf)
+{
+    BSFListContext *lst = bsf->priv_data;
+    int ret, i;
+    const AVCodecParameters *cod_par = bsf->par_in;
+    AVRational tb = bsf->time_base_in;
+
+    for (i = 0; i < lst->nb_bsfs; ++i) {
+        ret = avcodec_parameters_copy(lst->bsfs[i]->par_in, cod_par);
+        if (ret < 0)
+            goto fail;
+
+        lst->bsfs[i]->time_base_in = tb;
+
+        ret = av_bsf_init(lst->bsfs[i]);
+        if (ret < 0)
+            goto fail;
+
+        cod_par = lst->bsfs[i]->par_out;
+        tb = lst->bsfs[i]->time_base_out;
+    }
+
+    bsf->time_base_out = tb;
+    ret = avcodec_parameters_copy(bsf->par_out, cod_par);
+
+fail:
+    return ret;
+}
+
+static int bsf_list_filter(AVBSFContext *bsf, AVPacket *out)
+{
+    BSFListContext *lst = bsf->priv_data;
+    int ret;
+
+    if (!lst->nb_bsfs)
+        return ff_bsf_get_packet_ref(bsf, out);
+
+    while (1) {
+        if (lst->idx > lst->flushed_idx) {
+            ret = av_bsf_receive_packet(lst->bsfs[lst->idx-1], out);
+            if (ret == AVERROR(EAGAIN)) {
+                /* no more packets from idx-1, try with previous */
+                ret = 0;
+                lst->idx--;
+                continue;
+            } else if (ret == AVERROR_EOF) {
+                /* filter idx-1 is done, continue with idx...nb_bsfs */
+                lst->flushed_idx = lst->idx;
+                continue;
+            }else if (ret < 0) {
+                /* filtering error */
+                break;
+            }
+        } else {
+            ret = ff_bsf_get_packet_ref(bsf, out);
+            if (ret == AVERROR_EOF) {
+                lst->idx = lst->flushed_idx;
+            } else if (ret < 0)
+                break;
+        }
+
+        if (lst->idx < lst->nb_bsfs) {
+            AVPacket *pkt;
+            if (ret == AVERROR_EOF && lst->idx == lst->flushed_idx) {
+                /* ff_bsf_get_packet_ref returned EOF and idx is first
+                 * filter of yet not flushed filter chain */
+                pkt = NULL;
+            } else {
+                pkt = out;
+            }
+            ret = av_bsf_send_packet(lst->bsfs[lst->idx], pkt);
+            if (ret < 0)
+                break;
+            lst->idx++;
+        } else {
+            /* The end of filter chain, break to return result */
+            break;
+        }
+    }
+
+    if (ret < 0)
+        av_packet_unref(out);
+
+    return ret;
+}
+
+static void bsf_list_close(AVBSFContext *bsf)
+{
+    BSFListContext *lst = bsf->priv_data;
+    int i;
+
+    for (i = 0; i < lst->nb_bsfs; ++i)
+        av_bsf_free(&lst->bsfs[i]);
+    av_freep(&lst->bsfs);
+    av_freep(&lst->item_name);
+}
+
+static const char *bsf_list_item_name(void *ctx)
+{
+    static const char *null_filter_name = "null";
+    AVBSFContext *bsf_ctx = ctx;
+    BSFListContext *lst = bsf_ctx->priv_data;
+
+    if (!lst->nb_bsfs)
+        return null_filter_name;
+
+    if (!lst->item_name) {
+        int i;
+        AVBPrint bp;
+        av_bprint_init(&bp, 16, 128);
+
+        av_bprintf(&bp, "bsf_list(");
+        for (i = 0; i < lst->nb_bsfs; i++)
+            av_bprintf(&bp, i ? ",%s" : "%s", lst->bsfs[i]->filter->name);
+        av_bprintf(&bp, ")");
+
+        av_bprint_finalize(&bp, &lst->item_name);
+    }
+
+    return lst->item_name;
+}
+
+static const AVClass bsf_list_class = {
+        .class_name = "bsf_list",
+        .item_name  = bsf_list_item_name,
+        .version    = LIBAVUTIL_VERSION_INT,
+};
+
+const AVBitStreamFilter ff_list_bsf = {
+        .name           = "bsf_list",
+        .priv_data_size = sizeof(BSFListContext),
+        .priv_class     = &bsf_list_class,
+        .init           = bsf_list_init,
+        .filter         = bsf_list_filter,
+        .close          = bsf_list_close,
+};
+
+struct AVBSFList {
+    AVBSFContext **bsfs;
+    int nb_bsfs;
+};
+
+AVBSFList *av_bsf_list_alloc(void)
+{
+    return av_mallocz(sizeof(AVBSFList));
+}
+
+void av_bsf_list_free(AVBSFList **lst)
+{
+    int i;
+
+    if (!*lst)
+        return;
+
+    for (i = 0; i < (*lst)->nb_bsfs; ++i)
+        av_bsf_free(&(*lst)->bsfs[i]);
+    av_free((*lst)->bsfs);
+    av_freep(lst);
+}
+
+int av_bsf_list_append(AVBSFList *lst, AVBSFContext *bsf)
+{
+    return av_dynarray_add_nofree(&lst->bsfs, &lst->nb_bsfs, bsf);
+}
+
+int av_bsf_list_append2(AVBSFList *lst, const char *bsf_name, AVDictionary ** options)
+{
+    int ret;
+    const AVBitStreamFilter *filter;
+    AVBSFContext *bsf;
+
+    filter = av_bsf_get_by_name(bsf_name);
+    if (!filter)
+        return AVERROR_BSF_NOT_FOUND;
+
+    ret = av_bsf_alloc(filter, &bsf);
+    if (ret < 0)
+        return ret;
+
+    if (options) {
+        ret = av_opt_set_dict2(bsf, options, AV_OPT_SEARCH_CHILDREN);
+        if (ret < 0)
+            goto end;
+    }
+
+    ret = av_bsf_list_append(lst, bsf);
+
+end:
+    if (ret < 0)
+        av_bsf_free(&bsf);
+
+    return ret;
+}
+
+int av_bsf_list_finalize(AVBSFList **lst, AVBSFContext **bsf)
+{
+    int ret = 0;
+    BSFListContext *ctx;
+
+    if ((*lst)->nb_bsfs == 1) {
+        *bsf = (*lst)->bsfs[0];
+        av_freep(&(*lst)->bsfs);
+        (*lst)->nb_bsfs = 0;
+        goto end;
+    }
+
+    ret = av_bsf_alloc(&ff_list_bsf, bsf);
+    if (ret < 0)
+        return ret;
+
+    ctx = (*bsf)->priv_data;
+
+    ctx->bsfs = (*lst)->bsfs;
+    ctx->nb_bsfs = (*lst)->nb_bsfs;
+
+end:
+    av_freep(lst);
+    return ret;
+}
+
+static int bsf_parse_single(const char *str, AVBSFList *bsf_lst)
+{
+    char *bsf_name, *bsf_options_str, *buf;
+    AVDictionary *bsf_options = NULL;
+    int ret = 0;
+
+    if (!(buf = av_strdup(str)))
+        return AVERROR(ENOMEM);
+
+    bsf_name = av_strtok(buf, "=", &bsf_options_str);
+    if (!bsf_name) {
+        ret = AVERROR(EINVAL);
+        goto end;
+    }
+
+    if (bsf_options_str) {
+        ret = av_dict_parse_string(&bsf_options, bsf_options_str, "=", ":", 0);
+        if (ret < 0)
+            goto end;
+    }
+
+    ret = av_bsf_list_append2(bsf_lst, bsf_name, &bsf_options);
+
+    av_dict_free(&bsf_options);
+end:
+    av_free(buf);
+    return ret;
+}
+
+int av_bsf_list_parse_str(const char *str, AVBSFContext **bsf_lst)
+{
+    AVBSFList *lst;
+    char *bsf_str, *buf, *dup, *saveptr;
+    int ret;
+
+    if (!str)
+        return av_bsf_get_null_filter(bsf_lst);
+
+    lst = av_bsf_list_alloc();
+    if (!lst)
+        return AVERROR(ENOMEM);
+
+    if (!(dup = buf = av_strdup(str))) {
+        ret = AVERROR(ENOMEM);
+        goto end;
+    }
+
+    while (1) {
+        bsf_str = av_strtok(buf, ",", &saveptr);
+        if (!bsf_str)
+            break;
+
+        ret = bsf_parse_single(bsf_str, lst);
+        if (ret < 0)
+            goto end;
+
+        buf = NULL;
+    }
+
+    ret = av_bsf_list_finalize(&lst, bsf_lst);
+end:
+    if (ret < 0)
+        av_bsf_list_free(&lst);
+    av_free(dup);
+    return ret;
+}
+
+int av_bsf_get_null_filter(AVBSFContext **bsf)
+{
+    return av_bsf_alloc(&ff_list_bsf, bsf);
+}
diff --git a/media/ffvpx/libavcodec/bsf_list.c b/media/ffvpx/libavcodec/bsf_list.c
new file mode 100644
index 000000000..d31ece942
--- /dev/null
+++ b/media/ffvpx/libavcodec/bsf_list.c
@@ -0,0 +1,3 @@
+static const AVBitStreamFilter * const bitstream_filters[] = {
+    &ff_null_bsf,
+    NULL };
diff --git a/media/ffvpx/libavcodec/bytestream.h b/media/ffvpx/libavcodec/bytestream.h
index 7c05ea6cf..7be7fc22f 100644
--- a/media/ffvpx/libavcodec/bytestream.h
+++ b/media/ffvpx/libavcodec/bytestream.h
@@ -94,7 +94,7 @@ DEF(unsigned int, be24, 3, AV_RB24, AV_WB24)
 DEF(unsigned int, be16, 2, AV_RB16, AV_WB16)
 DEF(unsigned int, byte, 1, AV_RB8 , AV_WB8)
 
-#if HAVE_BIGENDIAN
+#if AV_HAVE_BIGENDIAN
 #   define bytestream2_get_ne16  bytestream2_get_be16
 #   define bytestream2_get_ne24  bytestream2_get_be24
 #   define bytestream2_get_ne32  bytestream2_get_be32
diff --git a/media/ffvpx/libavcodec/codec_desc.c b/media/ffvpx/libavcodec/codec_desc.c
index d862cc8f6..6a13bbbf0 100644
--- a/media/ffvpx/libavcodec/codec_desc.c
+++ b/media/ffvpx/libavcodec/codec_desc.c
@@ -170,6 +170,14 @@ static const AVCodecDescriptor codec_descriptors[] = {
         .props     = AV_CODEC_PROP_LOSSY,
     },
     {
+        .id        = AV_CODEC_ID_SVG,
+        .type      = AVMEDIA_TYPE_VIDEO,
+        .name      = "svg",
+        .long_name = NULL_IF_CONFIG_SMALL("Scalable Vector Graphics"),
+        .props     = AV_CODEC_PROP_LOSSLESS,
+        .mime_types= MT("image/svg+xml"),
+    },
+    {
         .id        = AV_CODEC_ID_SVQ1,
         .type      = AVMEDIA_TYPE_VIDEO,
         .name      = "svq1",
@@ -520,7 +528,7 @@ static const AVCodecDescriptor codec_descriptors[] = {
         .type      = AVMEDIA_TYPE_VIDEO,
         .name      = "fraps",
         .long_name = NULL_IF_CONFIG_SMALL("Fraps"),
-        .props     = AV_CODEC_PROP_LOSSLESS,
+        .props     = AV_CODEC_PROP_INTRA_ONLY | AV_CODEC_PROP_LOSSLESS,
     },
     {
         .id        = AV_CODEC_ID_TRUEMOTION2,
@@ -665,6 +673,7 @@ static const AVCodecDescriptor codec_descriptors[] = {
         .name      = "dnxhd",
         .long_name = NULL_IF_CONFIG_SMALL("VC3/DNxHD"),
         .props     = AV_CODEC_PROP_INTRA_ONLY | AV_CODEC_PROP_LOSSY,
+        .profiles  = NULL_IF_CONFIG_SMALL(ff_dnxhd_profiles),
     },
     {
         .id        = AV_CODEC_ID_THP,
@@ -1106,7 +1115,7 @@ static const AVCodecDescriptor codec_descriptors[] = {
         .type      = AVMEDIA_TYPE_VIDEO,
         .name      = "y41p",
         .long_name = NULL_IF_CONFIG_SMALL("Uncompressed YUV 4:1:1 12-bit"),
-        .props     = AV_CODEC_PROP_INTRA_ONLY,
+        .props     = AV_CODEC_PROP_INTRA_ONLY | AV_CODEC_PROP_LOSSLESS,
     },
     {
         .id        = AV_CODEC_ID_ESCAPE130,
@@ -1120,56 +1129,56 @@ static const AVCodecDescriptor codec_descriptors[] = {
         .type      = AVMEDIA_TYPE_VIDEO,
         .name      = "avrp",
         .long_name = NULL_IF_CONFIG_SMALL("Avid 1:1 10-bit RGB Packer"),
-        .props     = AV_CODEC_PROP_INTRA_ONLY,
+        .props     = AV_CODEC_PROP_INTRA_ONLY | AV_CODEC_PROP_LOSSLESS,
     },
     {
         .id        = AV_CODEC_ID_012V,
         .type      = AVMEDIA_TYPE_VIDEO,
         .name      = "012v",
         .long_name = NULL_IF_CONFIG_SMALL("Uncompressed 4:2:2 10-bit"),
-        .props     = AV_CODEC_PROP_INTRA_ONLY,
+        .props     = AV_CODEC_PROP_INTRA_ONLY | AV_CODEC_PROP_LOSSLESS,
     },
     {
         .id        = AV_CODEC_ID_AVUI,
         .type      = AVMEDIA_TYPE_VIDEO,
         .name      = "avui",
         .long_name = NULL_IF_CONFIG_SMALL("Avid Meridien Uncompressed"),
-        .props     = AV_CODEC_PROP_INTRA_ONLY,
+        .props     = AV_CODEC_PROP_INTRA_ONLY | AV_CODEC_PROP_LOSSLESS,
     },
     {
         .id        = AV_CODEC_ID_AYUV,
         .type      = AVMEDIA_TYPE_VIDEO,
         .name      = "ayuv",
         .long_name = NULL_IF_CONFIG_SMALL("Uncompressed packed MS 4:4:4:4"),
-        .props     = AV_CODEC_PROP_INTRA_ONLY,
+        .props     = AV_CODEC_PROP_INTRA_ONLY | AV_CODEC_PROP_LOSSLESS,
     },
     {
         .id        = AV_CODEC_ID_TARGA_Y216,
         .type      = AVMEDIA_TYPE_VIDEO,
         .name      = "targa_y216",
         .long_name = NULL_IF_CONFIG_SMALL("Pinnacle TARGA CineWave YUV16"),
-        .props     = AV_CODEC_PROP_INTRA_ONLY,
+        .props     = AV_CODEC_PROP_INTRA_ONLY | AV_CODEC_PROP_LOSSLESS,
     },
     {
         .id        = AV_CODEC_ID_V308,
         .type      = AVMEDIA_TYPE_VIDEO,
         .name      = "v308",
         .long_name = NULL_IF_CONFIG_SMALL("Uncompressed packed 4:4:4"),
-        .props     = AV_CODEC_PROP_INTRA_ONLY,
+        .props     = AV_CODEC_PROP_INTRA_ONLY | AV_CODEC_PROP_LOSSLESS,
     },
     {
         .id        = AV_CODEC_ID_V408,
         .type      = AVMEDIA_TYPE_VIDEO,
         .name      = "v408",
         .long_name = NULL_IF_CONFIG_SMALL("Uncompressed packed QT 4:4:4:4"),
-        .props     = AV_CODEC_PROP_INTRA_ONLY,
+        .props     = AV_CODEC_PROP_INTRA_ONLY | AV_CODEC_PROP_LOSSLESS,
     },
     {
         .id        = AV_CODEC_ID_YUV4,
         .type      = AVMEDIA_TYPE_VIDEO,
         .name      = "yuv4",
         .long_name = NULL_IF_CONFIG_SMALL("Uncompressed packed 4:2:0"),
-        .props     = AV_CODEC_PROP_INTRA_ONLY,
+        .props     = AV_CODEC_PROP_INTRA_ONLY | AV_CODEC_PROP_LOSSLESS,
     },
     {
         .id        = AV_CODEC_ID_AVRN,
@@ -1272,7 +1281,7 @@ static const AVCodecDescriptor codec_descriptors[] = {
         .id        = AV_CODEC_ID_HAP,
         .type      = AVMEDIA_TYPE_VIDEO,
         .name      = "hap",
-        .long_name = NULL_IF_CONFIG_SMALL("Vidvox Hap decoder"),
+        .long_name = NULL_IF_CONFIG_SMALL("Vidvox Hap"),
         .props     = AV_CODEC_PROP_INTRA_ONLY | AV_CODEC_PROP_LOSSY,
     },
     {
@@ -1290,6 +1299,13 @@ static const AVCodecDescriptor codec_descriptors[] = {
         .props     = AV_CODEC_PROP_LOSSLESS,
     },
     {
+        .id        = AV_CODEC_ID_SPEEDHQ,
+        .type      = AVMEDIA_TYPE_VIDEO,
+        .name      = "speedhq",
+        .long_name = NULL_IF_CONFIG_SMALL("NewTek SpeedHQ"),
+        .props     = AV_CODEC_PROP_INTRA_ONLY | AV_CODEC_PROP_LOSSY,
+    },
+    {
         .id        = AV_CODEC_ID_WRAPPED_AVFRAME,
         .type      = AVMEDIA_TYPE_VIDEO,
         .name      = "wrapped_avframe",
@@ -1303,6 +1319,104 @@ static const AVCodecDescriptor codec_descriptors[] = {
         .long_name = NULL_IF_CONFIG_SMALL("innoHeim/Rsupport Screen Capture Codec"),
         .props     = AV_CODEC_PROP_LOSSLESS,
     },
+    {
+        .id        = AV_CODEC_ID_MAGICYUV,
+        .type      = AVMEDIA_TYPE_VIDEO,
+        .name      = "magicyuv",
+        .long_name = NULL_IF_CONFIG_SMALL("MagicYUV video"),
+        .props     = AV_CODEC_PROP_INTRA_ONLY | AV_CODEC_PROP_LOSSLESS,
+    },
+    {
+        .id        = AV_CODEC_ID_TRUEMOTION2RT,
+        .type      = AVMEDIA_TYPE_VIDEO,
+        .name      = "truemotion2rt",
+        .long_name = NULL_IF_CONFIG_SMALL("Duck TrueMotion 2.0 Real Time"),
+        .props     = AV_CODEC_PROP_LOSSY,
+    },
+    {
+        .id        = AV_CODEC_ID_CFHD,
+        .type      = AVMEDIA_TYPE_VIDEO,
+        .name      = "cfhd",
+        .long_name = NULL_IF_CONFIG_SMALL("Cineform HD"),
+        .props     = AV_CODEC_PROP_LOSSY,
+    },
+    {
+        .id        = AV_CODEC_ID_SHEERVIDEO,
+        .type      = AVMEDIA_TYPE_VIDEO,
+        .name      = "sheervideo",
+        .long_name = NULL_IF_CONFIG_SMALL("BitJazz SheerVideo"),
+        .props     = AV_CODEC_PROP_INTRA_ONLY | AV_CODEC_PROP_LOSSLESS,
+    },
+    {
+        .id        = AV_CODEC_ID_YLC,
+        .type      = AVMEDIA_TYPE_VIDEO,
+        .name      = "ylc",
+        .long_name = NULL_IF_CONFIG_SMALL("YUY2 Lossless Codec"),
+        .props     = AV_CODEC_PROP_INTRA_ONLY | AV_CODEC_PROP_LOSSLESS,
+    },
+    {
+        .id        = AV_CODEC_ID_PIXLET,
+        .type      = AVMEDIA_TYPE_VIDEO,
+        .name      = "pixlet",
+        .long_name = NULL_IF_CONFIG_SMALL("Apple Pixlet"),
+        .props     = AV_CODEC_PROP_INTRA_ONLY | AV_CODEC_PROP_LOSSY,
+    },
+    {
+        .id        = AV_CODEC_ID_FMVC,
+        .type      = AVMEDIA_TYPE_VIDEO,
+        .name      = "fmvc",
+        .long_name = NULL_IF_CONFIG_SMALL("FM Screen Capture Codec"),
+        .props     = AV_CODEC_PROP_LOSSLESS,
+    },
+    {
+        .id        = AV_CODEC_ID_SCPR,
+        .type      = AVMEDIA_TYPE_VIDEO,
+        .name      = "scpr",
+        .long_name = NULL_IF_CONFIG_SMALL("ScreenPressor"),
+        .props     = AV_CODEC_PROP_LOSSLESS | AV_CODEC_PROP_LOSSY,
+    },
+    {
+        .id        = AV_CODEC_ID_CLEARVIDEO,
+        .type      = AVMEDIA_TYPE_VIDEO,
+        .name      = "clearvideo",
+        .long_name = NULL_IF_CONFIG_SMALL("Iterated Systems ClearVideo"),
+        .props     = AV_CODEC_PROP_LOSSY,
+    },
+    {
+        .id        = AV_CODEC_ID_AV1,
+        .type      = AVMEDIA_TYPE_VIDEO,
+        .name      = "av1",
+        .long_name = NULL_IF_CONFIG_SMALL("Alliance for Open Media AV1"),
+        .props     = AV_CODEC_PROP_LOSSY,
+    },
+    {
+        .id        = AV_CODEC_ID_BITPACKED,
+        .type      = AVMEDIA_TYPE_VIDEO,
+        .name      = "bitpacked",
+        .long_name = NULL_IF_CONFIG_SMALL("Bitpacked"),
+        .props     = AV_CODEC_PROP_INTRA_ONLY | AV_CODEC_PROP_LOSSLESS,
+    },
+    {
+        .id        = AV_CODEC_ID_MSCC,
+        .type      = AVMEDIA_TYPE_VIDEO,
+        .name      = "mscc",
+        .long_name = NULL_IF_CONFIG_SMALL("Mandsoft Screen Capture Codec"),
+        .props     = AV_CODEC_PROP_INTRA_ONLY | AV_CODEC_PROP_LOSSLESS,
+    },
+    {
+        .id        = AV_CODEC_ID_SRGC,
+        .type      = AVMEDIA_TYPE_VIDEO,
+        .name      = "srgc",
+        .long_name = NULL_IF_CONFIG_SMALL("Screen Recorder Gold Codec"),
+        .props     = AV_CODEC_PROP_INTRA_ONLY | AV_CODEC_PROP_LOSSLESS,
+    },
+    {
+        .id        = AV_CODEC_ID_GDV,
+        .type      = AVMEDIA_TYPE_VIDEO,
+        .name      = "gdv",
+        .long_name = NULL_IF_CONFIG_SMALL("Gremlin Digital Video"),
+        .props     = AV_CODEC_PROP_LOSSY,
+    },
 
     /* image codecs */
     {
@@ -1350,6 +1464,13 @@ static const AVCodecDescriptor codec_descriptors[] = {
                      AV_CODEC_PROP_LOSSLESS,
     },
     {
+        .id        = AV_CODEC_ID_FITS,
+        .type      = AVMEDIA_TYPE_VIDEO,
+        .name      = "fits",
+        .long_name = NULL_IF_CONFIG_SMALL("FITS (Flexible Image Transport System)"),
+        .props     = AV_CODEC_PROP_INTRA_ONLY | AV_CODEC_PROP_LOSSLESS,
+    },
+    {
         .id        = AV_CODEC_ID_GIF,
         .type      = AVMEDIA_TYPE_VIDEO,
         .name      = "gif",
@@ -1425,6 +1546,13 @@ static const AVCodecDescriptor codec_descriptors[] = {
         .props     = AV_CODEC_PROP_INTRA_ONLY | AV_CODEC_PROP_LOSSLESS,
     },
     {
+        .id        = AV_CODEC_ID_PSD,
+        .type      = AVMEDIA_TYPE_VIDEO,
+        .name      = "psd",
+        .long_name = NULL_IF_CONFIG_SMALL("Photoshop PSD file"),
+        .props     = AV_CODEC_PROP_INTRA_ONLY | AV_CODEC_PROP_LOSSLESS,
+    },
+    {
         .id        = AV_CODEC_ID_PTX,
         .type      = AVMEDIA_TYPE_VIDEO,
         .name      = "ptx",
@@ -1511,6 +1639,15 @@ static const AVCodecDescriptor codec_descriptors[] = {
         .name      = "xbm",
         .long_name = NULL_IF_CONFIG_SMALL("XBM (X BitMap) image"),
         .props     = AV_CODEC_PROP_INTRA_ONLY | AV_CODEC_PROP_LOSSLESS,
+        .mime_types= MT("image/x-xbitmap"),
+    },
+    {
+        .id        = AV_CODEC_ID_XPM,
+        .type      = AVMEDIA_TYPE_VIDEO,
+        .name      = "xpm",
+        .long_name = NULL_IF_CONFIG_SMALL("XPM (X PixMap) image"),
+        .props     = AV_CODEC_PROP_INTRA_ONLY | AV_CODEC_PROP_LOSSLESS,
+        .mime_types= MT("image/x-xpixmap"),
     },
     {
         .id        = AV_CODEC_ID_XWD,
@@ -1528,41 +1665,6 @@ static const AVCodecDescriptor codec_descriptors[] = {
         .props     = AV_CODEC_PROP_LOSSLESS,
         .mime_types= MT("image/png"),
     },
-    {
-        .id        = AV_CODEC_ID_CFHD,
-        .type      = AVMEDIA_TYPE_VIDEO,
-        .name      = "cfhd",
-        .long_name = NULL_IF_CONFIG_SMALL("Cineform HD"),
-        .props     = AV_CODEC_PROP_LOSSY,
-    },
-    {
-        .id        = AV_CODEC_ID_TRUEMOTION2RT,
-        .type      = AVMEDIA_TYPE_VIDEO,
-        .name      = "truemotion2rt",
-        .long_name = NULL_IF_CONFIG_SMALL("Duck TrueMotion 2.0 Real Time"),
-        .props     = AV_CODEC_PROP_LOSSY,
-    },
-    {
-        .id        = AV_CODEC_ID_MAGICYUV,
-        .type      = AVMEDIA_TYPE_VIDEO,
-        .name      = "magicyuv",
-        .long_name = NULL_IF_CONFIG_SMALL("MagicYUV Lossless Video"),
-        .props     = AV_CODEC_PROP_INTRA_ONLY | AV_CODEC_PROP_LOSSLESS,
-    },
-    {
-        .id        = AV_CODEC_ID_SHEERVIDEO,
-        .type      = AVMEDIA_TYPE_VIDEO,
-        .name      = "sheervideo",
-        .long_name = NULL_IF_CONFIG_SMALL("BitJazz SheerVideo"),
-        .props     = AV_CODEC_PROP_INTRA_ONLY | AV_CODEC_PROP_LOSSLESS,
-    },
-    {
-        .id        = AV_CODEC_ID_YLC,
-        .type      = AVMEDIA_TYPE_VIDEO,
-        .name      = "ylc",
-        .long_name = NULL_IF_CONFIG_SMALL("YUY2 Lossless Codec"),
-        .props     = AV_CODEC_PROP_INTRA_ONLY | AV_CODEC_PROP_LOSSLESS,
-    },
 
     /* various PCM "codecs" */
     {
@@ -1636,6 +1738,20 @@ static const AVCodecDescriptor codec_descriptors[] = {
         .props     = AV_CODEC_PROP_LOSSLESS,
     },
     {
+        .id        = AV_CODEC_ID_PCM_S64LE,
+        .type      = AVMEDIA_TYPE_AUDIO,
+        .name      = "pcm_s64le",
+        .long_name = NULL_IF_CONFIG_SMALL("PCM signed 64-bit little-endian"),
+        .props     = AV_CODEC_PROP_LOSSLESS,
+    },
+    {
+        .id        = AV_CODEC_ID_PCM_S64BE,
+        .type      = AVMEDIA_TYPE_AUDIO,
+        .name      = "pcm_s64be",
+        .long_name = NULL_IF_CONFIG_SMALL("PCM signed 64-bit big-endian"),
+        .props     = AV_CODEC_PROP_LOSSLESS,
+    },
+    {
         .id        = AV_CODEC_ID_PCM_U32LE,
         .type      = AVMEDIA_TYPE_AUDIO,
         .name      = "pcm_u32le",
@@ -1727,6 +1843,20 @@ static const AVCodecDescriptor codec_descriptors[] = {
         .props     = AV_CODEC_PROP_LOSSLESS,
     },
     {
+        .id        = AV_CODEC_ID_PCM_F16LE,
+        .type      = AVMEDIA_TYPE_AUDIO,
+        .name      = "pcm_f16le",
+        .long_name = NULL_IF_CONFIG_SMALL("PCM 16.8 floating point little-endian"),
+        .props     = AV_CODEC_PROP_LOSSLESS,
+    },
+    {
+        .id        = AV_CODEC_ID_PCM_F24LE,
+        .type      = AVMEDIA_TYPE_AUDIO,
+        .name      = "pcm_f24le",
+        .long_name = NULL_IF_CONFIG_SMALL("PCM 24.0 floating point little-endian"),
+        .props     = AV_CODEC_PROP_LOSSLESS,
+    },
+    {
         .id        = AV_CODEC_ID_PCM_F32BE,
         .type      = AVMEDIA_TYPE_AUDIO,
         .name      = "pcm_f32be",
@@ -2133,6 +2263,13 @@ static const AVCodecDescriptor codec_descriptors[] = {
         .long_name = NULL_IF_CONFIG_SMALL("DPCM Squareroot-Delta-Exact"),
         .props     = AV_CODEC_PROP_LOSSY,
     },
+    {
+        .id        = AV_CODEC_ID_GREMLIN_DPCM,
+        .type      = AVMEDIA_TYPE_AUDIO,
+        .name      = "gremlin_dpcm",
+        .long_name = NULL_IF_CONFIG_SMALL("DPCM Gremlin"),
+        .props     = AV_CODEC_PROP_LOSSY,
+    },
 
     /* audio codecs */
     {
@@ -2226,7 +2363,7 @@ static const AVCodecDescriptor codec_descriptors[] = {
         .type      = AVMEDIA_TYPE_AUDIO,
         .name      = "flac",
         .long_name = NULL_IF_CONFIG_SMALL("FLAC (Free Lossless Audio Codec)"),
-        .props     = AV_CODEC_PROP_LOSSLESS,
+        .props     = AV_CODEC_PROP_INTRA_ONLY | AV_CODEC_PROP_LOSSLESS,
     },
     {
         .id        = AV_CODEC_ID_MP3ADU,
@@ -2254,7 +2391,7 @@ static const AVCodecDescriptor codec_descriptors[] = {
         .type      = AVMEDIA_TYPE_AUDIO,
         .name      = "alac",
         .long_name = NULL_IF_CONFIG_SMALL("ALAC (Apple Lossless Audio Codec)"),
-        .props     = AV_CODEC_PROP_LOSSLESS,
+        .props     = AV_CODEC_PROP_INTRA_ONLY | AV_CODEC_PROP_LOSSLESS,
     },
     {
         .id        = AV_CODEC_ID_WESTWOOD_SND1,
@@ -2281,7 +2418,7 @@ static const AVCodecDescriptor codec_descriptors[] = {
         .id        = AV_CODEC_ID_COOK,
         .type      = AVMEDIA_TYPE_AUDIO,
         .name      = "cook",
-        .long_name = NULL_IF_CONFIG_SMALL("Cook / Cooker / Goanna (RealAudio G2)"),
+        .long_name = NULL_IF_CONFIG_SMALL("Cook / Cooker / Gecko (RealAudio G2)"),
         .props     = AV_CODEC_PROP_LOSSY,
     },
     {
@@ -2296,7 +2433,7 @@ static const AVCodecDescriptor codec_descriptors[] = {
         .type      = AVMEDIA_TYPE_AUDIO,
         .name      = "tta",
         .long_name = NULL_IF_CONFIG_SMALL("TTA (True Audio)"),
-        .props     = AV_CODEC_PROP_LOSSLESS,
+        .props     = AV_CODEC_PROP_INTRA_ONLY | AV_CODEC_PROP_LOSSLESS,
     },
     {
         .id        = AV_CODEC_ID_SMACKAUDIO,
@@ -2317,7 +2454,8 @@ static const AVCodecDescriptor codec_descriptors[] = {
         .type      = AVMEDIA_TYPE_AUDIO,
         .name      = "wavpack",
         .long_name = NULL_IF_CONFIG_SMALL("WavPack"),
-        .props     = AV_CODEC_PROP_LOSSY | AV_CODEC_PROP_LOSSLESS,
+        .props     = AV_CODEC_PROP_INTRA_ONLY |
+                     AV_CODEC_PROP_LOSSY | AV_CODEC_PROP_LOSSLESS,
     },
     {
         .id        = AV_CODEC_ID_DSICINAUDIO,
@@ -2427,6 +2565,20 @@ static const AVCodecDescriptor codec_descriptors[] = {
         .props     = AV_CODEC_PROP_LOSSY,
     },
     {
+        .id        = AV_CODEC_ID_ATRAC3PAL,
+        .type      = AVMEDIA_TYPE_AUDIO,
+        .name      = "atrac3pal",
+        .long_name = NULL_IF_CONFIG_SMALL("ATRAC3+ AL (Adaptive TRansform Acoustic Coding 3+ Advanced Lossless)"),
+        .props     = AV_CODEC_PROP_LOSSLESS,
+    },
+    {
+        .id        = AV_CODEC_ID_ATRAC3AL,
+        .type      = AVMEDIA_TYPE_AUDIO,
+        .name      = "atrac3al",
+        .long_name = NULL_IF_CONFIG_SMALL("ATRAC3 AL (Adaptive TRansform Acoustic Coding 3 Advanced Lossless)"),
+        .props     = AV_CODEC_PROP_LOSSLESS,
+    },
+    {
         .id        = AV_CODEC_ID_EAC3,
         .type      = AVMEDIA_TYPE_AUDIO,
         .name      = "eac3",
@@ -2526,6 +2678,13 @@ static const AVCodecDescriptor codec_descriptors[] = {
         .props     = AV_CODEC_PROP_LOSSY,
     },
     {
+        .id        = AV_CODEC_ID_DOLBY_E,
+        .type      = AVMEDIA_TYPE_AUDIO,
+        .name      = "dolby_e",
+        .long_name = NULL_IF_CONFIG_SMALL("Dolby E"),
+        .props     = AV_CODEC_PROP_LOSSY,
+    },
+    {
         .id        = AV_CODEC_ID_G729,
         .type      = AVMEDIA_TYPE_AUDIO,
         .name      = "g729",
@@ -2611,7 +2770,7 @@ static const AVCodecDescriptor codec_descriptors[] = {
         .type      = AVMEDIA_TYPE_AUDIO,
         .name      = "tak",
         .long_name = NULL_IF_CONFIG_SMALL("TAK (Tom's lossless Audio Kompressor)"),
-        .props     = AV_CODEC_PROP_LOSSLESS,
+        .props     = AV_CODEC_PROP_INTRA_ONLY | AV_CODEC_PROP_LOSSLESS,
     },
     {
         .id        = AV_CODEC_ID_METASOUND,
@@ -2949,6 +3108,12 @@ static const AVCodecDescriptor codec_descriptors[] = {
         .long_name = NULL_IF_CONFIG_SMALL("binary data"),
         .mime_types= MT("application/octet-stream"),
     },
+    {
+        .id        = AV_CODEC_ID_SCTE_35,
+        .type      = AVMEDIA_TYPE_DATA,
+        .name      = "scte_35",
+        .long_name = NULL_IF_CONFIG_SMALL("SCTE 35 Message Queue"),
+    },
 
     /* deprecated codec ids */
 };
diff --git a/media/ffvpx/libavcodec/dct.h b/media/ffvpx/libavcodec/dct.h
deleted file mode 100644
index 05297ba9d..000000000
--- a/media/ffvpx/libavcodec/dct.h
+++ /dev/null
@@ -1,68 +0,0 @@
-/*
- * (I)DCT Transforms
- * Copyright (c) 2009 Peter Ross <pross@xvid.org>
- * Copyright (c) 2010 Alex Converse <alex.converse@gmail.com>
- * Copyright (c) 2010 Vitor Sessak
- *
- * This file is part of FFmpeg.
- *
- * FFmpeg is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * FFmpeg is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with FFmpeg; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
- */
-
-#if !defined(AVCODEC_DCT_H) && (!defined(FFT_FLOAT) || FFT_FLOAT)
-#define AVCODEC_DCT_H
-
-#include <stdint.h>
-
-#include "rdft.h"
-
-struct DCTContext {
-    int nbits;
-    int inverse;
-    RDFTContext rdft;
-    const float *costab;
-    FFTSample *csc2;
-    void (*dct_calc)(struct DCTContext *s, FFTSample *data);
-    void (*dct32)(FFTSample *out, const FFTSample *in);
-};
-
-/**
- * Set up DCT.
- * @param nbits           size of the input array:
- *                        (1 << nbits)     for DCT-II, DCT-III and DST-I
- *                        (1 << nbits) + 1 for DCT-I
- *
- * @note the first element of the input of DST-I is ignored
- */
-int  ff_dct_init(DCTContext *s, int nbits, enum DCTTransformType type);
-void ff_dct_end (DCTContext *s);
-
-void ff_dct_init_x86(DCTContext *s);
-
-void ff_fdct_ifast(int16_t *data);
-void ff_fdct_ifast248(int16_t *data);
-void ff_jpeg_fdct_islow_8(int16_t *data);
-void ff_jpeg_fdct_islow_10(int16_t *data);
-void ff_fdct248_islow_8(int16_t *data);
-void ff_fdct248_islow_10(int16_t *data);
-
-void ff_j_rev_dct(int16_t *data);
-void ff_j_rev_dct4(int16_t *data);
-void ff_j_rev_dct2(int16_t *data);
-void ff_j_rev_dct1(int16_t *data);
-void ff_jref_idct_put(uint8_t *dest, int line_size, int16_t *block);
-void ff_jref_idct_add(uint8_t *dest, int line_size, int16_t *block);
-
-#endif /* AVCODEC_DCT_H */
diff --git a/media/ffvpx/libavcodec/decode.c b/media/ffvpx/libavcodec/decode.c
new file mode 100644
index 000000000..fb1824be1
--- /dev/null
+++ b/media/ffvpx/libavcodec/decode.c
@@ -0,0 +1,1761 @@
+/*
+ * generic decoding-related code
+ *
+ * This file is part of FFmpeg.
+ *
+ * FFmpeg is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * FFmpeg is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with FFmpeg; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#include <stdint.h>
+#include <string.h>
+
+#include "config.h"
+
+#if CONFIG_ICONV
+# include <iconv.h>
+#endif
+
+#include "libavutil/avassert.h"
+#include "libavutil/avstring.h"
+#include "libavutil/bprint.h"
+#include "libavutil/common.h"
+#include "libavutil/frame.h"
+#include "libavutil/hwcontext.h"
+#include "libavutil/imgutils.h"
+#include "libavutil/internal.h"
+#include "libavutil/intmath.h"
+
+#include "avcodec.h"
+#include "bytestream.h"
+#include "decode.h"
+#include "internal.h"
+#include "thread.h"
+
+static int apply_param_change(AVCodecContext *avctx, const AVPacket *avpkt)
+{
+    int size = 0, ret;
+    const uint8_t *data;
+    uint32_t flags;
+    int64_t val;
+
+    data = av_packet_get_side_data(avpkt, AV_PKT_DATA_PARAM_CHANGE, &size);
+    if (!data)
+        return 0;
+
+    if (!(avctx->codec->capabilities & AV_CODEC_CAP_PARAM_CHANGE)) {
+        av_log(avctx, AV_LOG_ERROR, "This decoder does not support parameter "
+               "changes, but PARAM_CHANGE side data was sent to it.\n");
+        ret = AVERROR(EINVAL);
+        goto fail2;
+    }
+
+    if (size < 4)
+        goto fail;
+
+    flags = bytestream_get_le32(&data);
+    size -= 4;
+
+    if (flags & AV_SIDE_DATA_PARAM_CHANGE_CHANNEL_COUNT) {
+        if (size < 4)
+            goto fail;
+        val = bytestream_get_le32(&data);
+        if (val <= 0 || val > INT_MAX) {
+            av_log(avctx, AV_LOG_ERROR, "Invalid channel count");
+            ret = AVERROR_INVALIDDATA;
+            goto fail2;
+        }
+        avctx->channels = val;
+        size -= 4;
+    }
+    if (flags & AV_SIDE_DATA_PARAM_CHANGE_CHANNEL_LAYOUT) {
+        if (size < 8)
+            goto fail;
+        avctx->channel_layout = bytestream_get_le64(&data);
+        size -= 8;
+    }
+    if (flags & AV_SIDE_DATA_PARAM_CHANGE_SAMPLE_RATE) {
+        if (size < 4)
+            goto fail;
+        val = bytestream_get_le32(&data);
+        if (val <= 0 || val > INT_MAX) {
+            av_log(avctx, AV_LOG_ERROR, "Invalid sample rate");
+            ret = AVERROR_INVALIDDATA;
+            goto fail2;
+        }
+        avctx->sample_rate = val;
+        size -= 4;
+    }
+    if (flags & AV_SIDE_DATA_PARAM_CHANGE_DIMENSIONS) {
+        if (size < 8)
+            goto fail;
+        avctx->width  = bytestream_get_le32(&data);
+        avctx->height = bytestream_get_le32(&data);
+        size -= 8;
+        ret = ff_set_dimensions(avctx, avctx->width, avctx->height);
+        if (ret < 0)
+            goto fail2;
+    }
+
+    return 0;
+fail:
+    av_log(avctx, AV_LOG_ERROR, "PARAM_CHANGE side data too small.\n");
+    ret = AVERROR_INVALIDDATA;
+fail2:
+    if (ret < 0) {
+        av_log(avctx, AV_LOG_ERROR, "Error applying parameter changes.\n");
+        if (avctx->err_recognition & AV_EF_EXPLODE)
+            return ret;
+    }
+    return 0;
+}
+
+static int extract_packet_props(AVCodecInternal *avci, const AVPacket *pkt)
+{
+    int ret = 0;
+
+    av_packet_unref(avci->last_pkt_props);
+    if (pkt) {
+        ret = av_packet_copy_props(avci->last_pkt_props, pkt);
+        if (!ret)
+            avci->last_pkt_props->size = pkt->size; // HACK: Needed for ff_init_buffer_info().
+    }
+    return ret;
+}
+
+static int unrefcount_frame(AVCodecInternal *avci, AVFrame *frame)
+{
+    int ret;
+
+    /* move the original frame to our backup */
+    av_frame_unref(avci->to_free);
+    av_frame_move_ref(avci->to_free, frame);
+
+    /* now copy everything except the AVBufferRefs back
+     * note that we make a COPY of the side data, so calling av_frame_free() on
+     * the caller's frame will work properly */
+    ret = av_frame_copy_props(frame, avci->to_free);
+    if (ret < 0)
+        return ret;
+
+    memcpy(frame->data,     avci->to_free->data,     sizeof(frame->data));
+    memcpy(frame->linesize, avci->to_free->linesize, sizeof(frame->linesize));
+    if (avci->to_free->extended_data != avci->to_free->data) {
+        int planes = avci->to_free->channels;
+        int size   = planes * sizeof(*frame->extended_data);
+
+        if (!size) {
+            av_frame_unref(frame);
+            return AVERROR_BUG;
+        }
+
+        frame->extended_data = av_malloc(size);
+        if (!frame->extended_data) {
+            av_frame_unref(frame);
+            return AVERROR(ENOMEM);
+        }
+        memcpy(frame->extended_data, avci->to_free->extended_data,
+               size);
+    } else
+        frame->extended_data = frame->data;
+
+    frame->format         = avci->to_free->format;
+    frame->width          = avci->to_free->width;
+    frame->height         = avci->to_free->height;
+    frame->channel_layout = avci->to_free->channel_layout;
+    frame->nb_samples     = avci->to_free->nb_samples;
+    frame->channels       = avci->to_free->channels;
+
+    return 0;
+}
+
+static int bsfs_init(AVCodecContext *avctx)
+{
+    AVCodecInternal *avci = avctx->internal;
+    DecodeFilterContext *s = &avci->filter;
+    const char *bsfs_str;
+    int ret;
+
+    if (s->nb_bsfs)
+        return 0;
+
+    bsfs_str = avctx->codec->bsfs ? avctx->codec->bsfs : "null";
+    while (bsfs_str && *bsfs_str) {
+        AVBSFContext **tmp;
+        const AVBitStreamFilter *filter;
+        char *bsf;
+
+        bsf = av_get_token(&bsfs_str, ",");
+        if (!bsf) {
+            ret = AVERROR(ENOMEM);
+            goto fail;
+        }
+
+        filter = av_bsf_get_by_name(bsf);
+        if (!filter) {
+            av_log(avctx, AV_LOG_ERROR, "A non-existing bitstream filter %s "
+                   "requested by a decoder. This is a bug, please report it.\n",
+                   bsf);
+            ret = AVERROR_BUG;
+            av_freep(&bsf);
+            goto fail;
+        }
+        av_freep(&bsf);
+
+        tmp = av_realloc_array(s->bsfs, s->nb_bsfs + 1, sizeof(*s->bsfs));
+        if (!tmp) {
+            ret = AVERROR(ENOMEM);
+            goto fail;
+        }
+        s->bsfs = tmp;
+        s->nb_bsfs++;
+
+        ret = av_bsf_alloc(filter, &s->bsfs[s->nb_bsfs - 1]);
+        if (ret < 0)
+            goto fail;
+
+        if (s->nb_bsfs == 1) {
+            /* We do not currently have an API for passing the input timebase into decoders,
+             * but no filters used here should actually need it.
+             * So we make up some plausible-looking number (the MPEG 90kHz timebase) */
+            s->bsfs[s->nb_bsfs - 1]->time_base_in = (AVRational){ 1, 90000 };
+            ret = avcodec_parameters_from_context(s->bsfs[s->nb_bsfs - 1]->par_in,
+                                                  avctx);
+        } else {
+            s->bsfs[s->nb_bsfs - 1]->time_base_in = s->bsfs[s->nb_bsfs - 2]->time_base_out;
+            ret = avcodec_parameters_copy(s->bsfs[s->nb_bsfs - 1]->par_in,
+                                          s->bsfs[s->nb_bsfs - 2]->par_out);
+        }
+        if (ret < 0)
+            goto fail;
+
+        ret = av_bsf_init(s->bsfs[s->nb_bsfs - 1]);
+        if (ret < 0)
+            goto fail;
+    }
+
+    return 0;
+fail:
+    ff_decode_bsfs_uninit(avctx);
+    return ret;
+}
+
+/* try to get one output packet from the filter chain */
+static int bsfs_poll(AVCodecContext *avctx, AVPacket *pkt)
+{
+    DecodeFilterContext *s = &avctx->internal->filter;
+    int idx, ret;
+
+    /* start with the last filter in the chain */
+    idx = s->nb_bsfs - 1;
+    while (idx >= 0) {
+        /* request a packet from the currently selected filter */
+        ret = av_bsf_receive_packet(s->bsfs[idx], pkt);
+        if (ret == AVERROR(EAGAIN)) {
+            /* no packets available, try the next filter up the chain */
+            ret = 0;
+            idx--;
+            continue;
+        } else if (ret < 0 && ret != AVERROR_EOF) {
+            return ret;
+        }
+
+        /* got a packet or EOF -- pass it to the caller or to the next filter
+         * down the chain */
+        if (idx == s->nb_bsfs - 1) {
+            return ret;
+        } else {
+            idx++;
+            ret = av_bsf_send_packet(s->bsfs[idx], ret < 0 ? NULL : pkt);
+            if (ret < 0) {
+                av_log(avctx, AV_LOG_ERROR,
+                       "Error pre-processing a packet before decoding\n");
+                av_packet_unref(pkt);
+                return ret;
+            }
+        }
+    }
+
+    return AVERROR(EAGAIN);
+}
+
+int ff_decode_get_packet(AVCodecContext *avctx, AVPacket *pkt)
+{
+    AVCodecInternal *avci = avctx->internal;
+    int ret;
+
+    if (avci->draining)
+        return AVERROR_EOF;
+
+    ret = bsfs_poll(avctx, pkt);
+    if (ret == AVERROR_EOF)
+        avci->draining = 1;
+    if (ret < 0)
+        return ret;
+
+    ret = extract_packet_props(avctx->internal, pkt);
+    if (ret < 0)
+        goto finish;
+
+    ret = apply_param_change(avctx, pkt);
+    if (ret < 0)
+        goto finish;
+
+    if (avctx->codec->receive_frame)
+        avci->compat_decode_consumed += pkt->size;
+
+    return 0;
+finish:
+    av_packet_unref(pkt);
+    return ret;
+}
+
+/**
+ * Attempt to guess proper monotonic timestamps for decoded video frames
+ * which might have incorrect times. Input timestamps may wrap around, in
+ * which case the output will as well.
+ *
+ * @param pts the pts field of the decoded AVPacket, as passed through
+ * AVFrame.pts
+ * @param dts the dts field of the decoded AVPacket
+ * @return one of the input values, may be AV_NOPTS_VALUE
+ */
+static int64_t guess_correct_pts(AVCodecContext *ctx,
+                                 int64_t reordered_pts, int64_t dts)
+{
+    int64_t pts = AV_NOPTS_VALUE;
+
+    if (dts != AV_NOPTS_VALUE) {
+        ctx->pts_correction_num_faulty_dts += dts <= ctx->pts_correction_last_dts;
+        ctx->pts_correction_last_dts = dts;
+    } else if (reordered_pts != AV_NOPTS_VALUE)
+        ctx->pts_correction_last_dts = reordered_pts;
+
+    if (reordered_pts != AV_NOPTS_VALUE) {
+        ctx->pts_correction_num_faulty_pts += reordered_pts <= ctx->pts_correction_last_pts;
+        ctx->pts_correction_last_pts = reordered_pts;
+    } else if(dts != AV_NOPTS_VALUE)
+        ctx->pts_correction_last_pts = dts;
+
+    if ((ctx->pts_correction_num_faulty_pts<=ctx->pts_correction_num_faulty_dts || dts == AV_NOPTS_VALUE)
+       && reordered_pts != AV_NOPTS_VALUE)
+        pts = reordered_pts;
+    else
+        pts = dts;
+
+    return pts;
+}
+
+/*
+ * The core of the receive_frame_wrapper for the decoders implementing
+ * the simple API. Certain decoders might consume partial packets without
+ * returning any output, so this function needs to be called in a loop until it
+ * returns EAGAIN.
+ **/
+static int decode_simple_internal(AVCodecContext *avctx, AVFrame *frame)
+{
+    AVCodecInternal   *avci = avctx->internal;
+    DecodeSimpleContext *ds = &avci->ds;
+    AVPacket           *pkt = ds->in_pkt;
+    // copy to ensure we do not change pkt
+    AVPacket tmp;
+    int got_frame, actual_got_frame, did_split;
+    int ret;
+
+    if (!pkt->data && !avci->draining) {
+        av_packet_unref(pkt);
+        ret = ff_decode_get_packet(avctx, pkt);
+        if (ret < 0 && ret != AVERROR_EOF)
+            return ret;
+    }
+
+    // Some codecs (at least wma lossless) will crash when feeding drain packets
+    // after EOF was signaled.
+    if (avci->draining_done)
+        return AVERROR_EOF;
+
+    if (!pkt->data &&
+        !(avctx->codec->capabilities & AV_CODEC_CAP_DELAY ||
+          avctx->active_thread_type & FF_THREAD_FRAME))
+        return AVERROR_EOF;
+
+    tmp = *pkt;
+#if FF_API_MERGE_SD
+FF_DISABLE_DEPRECATION_WARNINGS
+    did_split = avci->compat_decode_partial_size ?
+                ff_packet_split_and_drop_side_data(&tmp) :
+                av_packet_split_side_data(&tmp);
+
+    if (did_split) {
+        ret = extract_packet_props(avctx->internal, &tmp);
+        if (ret < 0)
+            return ret;
+
+        ret = apply_param_change(avctx, &tmp);
+        if (ret < 0)
+            return ret;
+    }
+FF_ENABLE_DEPRECATION_WARNINGS
+#endif
+
+    got_frame = 0;
+
+    if (HAVE_THREADS && avctx->active_thread_type & FF_THREAD_FRAME) {
+        ret = ff_thread_decode_frame(avctx, frame, &got_frame, &tmp);
+    } else {
+        ret = avctx->codec->decode(avctx, frame, &got_frame, &tmp);
+
+        if (!(avctx->codec->caps_internal & FF_CODEC_CAP_SETS_PKT_DTS))
+            frame->pkt_dts = pkt->dts;
+        if (avctx->codec->type == AVMEDIA_TYPE_VIDEO) {
+            if(!avctx->has_b_frames)
+                frame->pkt_pos = pkt->pos;
+            //FIXME these should be under if(!avctx->has_b_frames)
+            /* get_buffer is supposed to set frame parameters */
+            if (!(avctx->codec->capabilities & AV_CODEC_CAP_DR1)) {
+                if (!frame->sample_aspect_ratio.num)  frame->sample_aspect_ratio = avctx->sample_aspect_ratio;
+                if (!frame->width)                    frame->width               = avctx->width;
+                if (!frame->height)                   frame->height              = avctx->height;
+                if (frame->format == AV_PIX_FMT_NONE) frame->format              = avctx->pix_fmt;
+            }
+        }
+    }
+    emms_c();
+    actual_got_frame = got_frame;
+
+    if (avctx->codec->type == AVMEDIA_TYPE_VIDEO) {
+        if (frame->flags & AV_FRAME_FLAG_DISCARD)
+            got_frame = 0;
+        if (got_frame)
+            frame->best_effort_timestamp = guess_correct_pts(avctx,
+                                                             frame->pts,
+                                                             frame->pkt_dts);
+    } else if (avctx->codec->type == AVMEDIA_TYPE_AUDIO) {
+        uint8_t *side;
+        int side_size;
+        uint32_t discard_padding = 0;
+        uint8_t skip_reason = 0;
+        uint8_t discard_reason = 0;
+
+        if (ret >= 0 && got_frame) {
+            frame->best_effort_timestamp = guess_correct_pts(avctx,
+                                                             frame->pts,
+                                                             frame->pkt_dts);
+            if (frame->format == AV_SAMPLE_FMT_NONE)
+                frame->format = avctx->sample_fmt;
+            if (!frame->channel_layout)
+                frame->channel_layout = avctx->channel_layout;
+            if (!frame->channels)
+                frame->channels = avctx->channels;
+            if (!frame->sample_rate)
+                frame->sample_rate = avctx->sample_rate;
+        }
+
+        side= av_packet_get_side_data(avci->last_pkt_props, AV_PKT_DATA_SKIP_SAMPLES, &side_size);
+        if(side && side_size>=10) {
+            avctx->internal->skip_samples = AV_RL32(side) * avctx->internal->skip_samples_multiplier;
+            discard_padding = AV_RL32(side + 4);
+            av_log(avctx, AV_LOG_DEBUG, "skip %d / discard %d samples due to side data\n",
+                   avctx->internal->skip_samples, (int)discard_padding);
+            skip_reason = AV_RL8(side + 8);
+            discard_reason = AV_RL8(side + 9);
+        }
+
+        if ((frame->flags & AV_FRAME_FLAG_DISCARD) && got_frame &&
+            !(avctx->flags2 & AV_CODEC_FLAG2_SKIP_MANUAL)) {
+            avctx->internal->skip_samples = FFMAX(0, avctx->internal->skip_samples - frame->nb_samples);
+            got_frame = 0;
+        }
+
+        if (avctx->internal->skip_samples > 0 && got_frame &&
+            !(avctx->flags2 & AV_CODEC_FLAG2_SKIP_MANUAL)) {
+            if(frame->nb_samples <= avctx->internal->skip_samples){
+                got_frame = 0;
+                avctx->internal->skip_samples -= frame->nb_samples;
+                av_log(avctx, AV_LOG_DEBUG, "skip whole frame, skip left: %d\n",
+                       avctx->internal->skip_samples);
+            } else {
+                av_samples_copy(frame->extended_data, frame->extended_data, 0, avctx->internal->skip_samples,
+                                frame->nb_samples - avctx->internal->skip_samples, avctx->channels, frame->format);
+                if(avctx->pkt_timebase.num && avctx->sample_rate) {
+                    int64_t diff_ts = av_rescale_q(avctx->internal->skip_samples,
+                                                   (AVRational){1, avctx->sample_rate},
+                                                   avctx->pkt_timebase);
+                    if(frame->pts!=AV_NOPTS_VALUE)
+                        frame->pts += diff_ts;
+#if FF_API_PKT_PTS
+FF_DISABLE_DEPRECATION_WARNINGS
+                    if(frame->pkt_pts!=AV_NOPTS_VALUE)
+                        frame->pkt_pts += diff_ts;
+FF_ENABLE_DEPRECATION_WARNINGS
+#endif
+                    if(frame->pkt_dts!=AV_NOPTS_VALUE)
+                        frame->pkt_dts += diff_ts;
+                    if (frame->pkt_duration >= diff_ts)
+                        frame->pkt_duration -= diff_ts;
+                } else {
+                    av_log(avctx, AV_LOG_WARNING, "Could not update timestamps for skipped samples.\n");
+                }
+                av_log(avctx, AV_LOG_DEBUG, "skip %d/%d samples\n",
+                       avctx->internal->skip_samples, frame->nb_samples);
+                frame->nb_samples -= avctx->internal->skip_samples;
+                avctx->internal->skip_samples = 0;
+            }
+        }
+
+        if (discard_padding > 0 && discard_padding <= frame->nb_samples && got_frame &&
+            !(avctx->flags2 & AV_CODEC_FLAG2_SKIP_MANUAL)) {
+            if (discard_padding == frame->nb_samples) {
+                got_frame = 0;
+            } else {
+                if(avctx->pkt_timebase.num && avctx->sample_rate) {
+                    int64_t diff_ts = av_rescale_q(frame->nb_samples - discard_padding,
+                                                   (AVRational){1, avctx->sample_rate},
+                                                   avctx->pkt_timebase);
+                    frame->pkt_duration = diff_ts;
+                } else {
+                    av_log(avctx, AV_LOG_WARNING, "Could not update timestamps for discarded samples.\n");
+                }
+                av_log(avctx, AV_LOG_DEBUG, "discard %d/%d samples\n",
+                       (int)discard_padding, frame->nb_samples);
+                frame->nb_samples -= discard_padding;
+            }
+        }
+
+        if ((avctx->flags2 & AV_CODEC_FLAG2_SKIP_MANUAL) && got_frame) {
+            AVFrameSideData *fside = av_frame_new_side_data(frame, AV_FRAME_DATA_SKIP_SAMPLES, 10);
+            if (fside) {
+                AV_WL32(fside->data, avctx->internal->skip_samples);
+                AV_WL32(fside->data + 4, discard_padding);
+                AV_WL8(fside->data + 8, skip_reason);
+                AV_WL8(fside->data + 9, discard_reason);
+                avctx->internal->skip_samples = 0;
+            }
+        }
+    }
+#if FF_API_MERGE_SD
+    if (did_split) {
+        av_packet_free_side_data(&tmp);
+        if(ret == tmp.size)
+            ret = pkt->size;
+    }
+#endif
+
+    if (avctx->codec->type == AVMEDIA_TYPE_AUDIO &&
+        !avci->showed_multi_packet_warning &&
+        ret >= 0 && ret != pkt->size && !(avctx->codec->capabilities & AV_CODEC_CAP_SUBFRAMES)) {
+        av_log(avctx, AV_LOG_WARNING, "Multiple frames in a packet.\n");
+        avci->showed_multi_packet_warning = 1;
+    }
+
+    if (!got_frame)
+        av_frame_unref(frame);
+
+    if (ret >= 0 && avctx->codec->type == AVMEDIA_TYPE_VIDEO && !(avctx->flags & AV_CODEC_FLAG_TRUNCATED))
+        ret = pkt->size;
+
+#if FF_API_AVCTX_TIMEBASE
+    if (avctx->framerate.num > 0 && avctx->framerate.den > 0)
+        avctx->time_base = av_inv_q(av_mul_q(avctx->framerate, (AVRational){avctx->ticks_per_frame, 1}));
+#endif
+
+    /* do not stop draining when actual_got_frame != 0 or ret < 0 */
+    /* got_frame == 0 but actual_got_frame != 0 when frame is discarded */
+    if (avctx->internal->draining && !actual_got_frame) {
+        if (ret < 0) {
+            /* prevent infinite loop if a decoder wrongly always return error on draining */
+            /* reasonable nb_errors_max = maximum b frames + thread count */
+            int nb_errors_max = 20 + (HAVE_THREADS && avctx->active_thread_type & FF_THREAD_FRAME ?
+                                avctx->thread_count : 1);
+
+            if (avci->nb_draining_errors++ >= nb_errors_max) {
+                av_log(avctx, AV_LOG_ERROR, "Too many errors when draining, this is a bug. "
+                       "Stop draining and force EOF.\n");
+                avci->draining_done = 1;
+                ret = AVERROR_BUG;
+            }
+        } else {
+            avci->draining_done = 1;
+        }
+    }
+
+    avci->compat_decode_consumed += ret;
+
+    if (ret >= pkt->size || ret < 0) {
+        av_packet_unref(pkt);
+    } else {
+        int consumed = ret;
+
+        pkt->data                += consumed;
+        pkt->size                -= consumed;
+        avci->last_pkt_props->size -= consumed; // See extract_packet_props() comment.
+        pkt->pts                  = AV_NOPTS_VALUE;
+        pkt->dts                  = AV_NOPTS_VALUE;
+        avci->last_pkt_props->pts = AV_NOPTS_VALUE;
+        avci->last_pkt_props->dts = AV_NOPTS_VALUE;
+    }
+
+    if (got_frame)
+        av_assert0(frame->buf[0]);
+
+    return ret < 0 ? ret : 0;
+}
+
+static int decode_simple_receive_frame(AVCodecContext *avctx, AVFrame *frame)
+{
+    int ret;
+
+    while (!frame->buf[0]) {
+        ret = decode_simple_internal(avctx, frame);
+        if (ret < 0)
+            return ret;
+    }
+
+    return 0;
+}
+
+static int decode_receive_frame_internal(AVCodecContext *avctx, AVFrame *frame)
+{
+    AVCodecInternal *avci = avctx->internal;
+    int ret;
+
+    av_assert0(!frame->buf[0]);
+
+    if (avctx->codec->receive_frame)
+        ret = avctx->codec->receive_frame(avctx, frame);
+    else
+        ret = decode_simple_receive_frame(avctx, frame);
+
+    if (ret == AVERROR_EOF)
+        avci->draining_done = 1;
+
+    return ret;
+}
+
+int attribute_align_arg avcodec_send_packet(AVCodecContext *avctx, const AVPacket *avpkt)
+{
+    AVCodecInternal *avci = avctx->internal;
+    int ret;
+
+    if (!avcodec_is_open(avctx) || !av_codec_is_decoder(avctx->codec))
+        return AVERROR(EINVAL);
+
+    if (avctx->internal->draining)
+        return AVERROR_EOF;
+
+    if (avpkt && !avpkt->size && avpkt->data)
+        return AVERROR(EINVAL);
+
+    ret = bsfs_init(avctx);
+    if (ret < 0)
+        return ret;
+
+    av_packet_unref(avci->buffer_pkt);
+    if (avpkt && (avpkt->data || avpkt->side_data_elems)) {
+        ret = av_packet_ref(avci->buffer_pkt, avpkt);
+        if (ret < 0)
+            return ret;
+    }
+
+    ret = av_bsf_send_packet(avci->filter.bsfs[0], avci->buffer_pkt);
+    if (ret < 0) {
+        av_packet_unref(avci->buffer_pkt);
+        return ret;
+    }
+
+    if (!avci->buffer_frame->buf[0]) {
+        ret = decode_receive_frame_internal(avctx, avci->buffer_frame);
+        if (ret < 0 && ret != AVERROR(EAGAIN) && ret != AVERROR_EOF)
+            return ret;
+    }
+
+    return 0;
+}
+
+static int apply_cropping(AVCodecContext *avctx, AVFrame *frame)
+{
+    /* make sure we are noisy about decoders returning invalid cropping data */
+    if (frame->crop_left >= INT_MAX - frame->crop_right        ||
+        frame->crop_top  >= INT_MAX - frame->crop_bottom       ||
+        (frame->crop_left + frame->crop_right) >= frame->width ||
+        (frame->crop_top + frame->crop_bottom) >= frame->height) {
+        av_log(avctx, AV_LOG_WARNING,
+               "Invalid cropping information set by a decoder: "
+               "%"SIZE_SPECIFIER"/%"SIZE_SPECIFIER"/%"SIZE_SPECIFIER"/%"SIZE_SPECIFIER" "
+               "(frame size %dx%d). This is a bug, please report it\n",
+               frame->crop_left, frame->crop_right, frame->crop_top, frame->crop_bottom,
+               frame->width, frame->height);
+        frame->crop_left   = 0;
+        frame->crop_right  = 0;
+        frame->crop_top    = 0;
+        frame->crop_bottom = 0;
+        return 0;
+    }
+
+    if (!avctx->apply_cropping)
+        return 0;
+
+    return av_frame_apply_cropping(frame, avctx->flags & AV_CODEC_FLAG_UNALIGNED ?
+                                          AV_FRAME_CROP_UNALIGNED : 0);
+}
+
+int attribute_align_arg avcodec_receive_frame(AVCodecContext *avctx, AVFrame *frame)
+{
+    AVCodecInternal *avci = avctx->internal;
+    int ret;
+
+    av_frame_unref(frame);
+
+    if (!avcodec_is_open(avctx) || !av_codec_is_decoder(avctx->codec))
+        return AVERROR(EINVAL);
+
+    ret = bsfs_init(avctx);
+    if (ret < 0)
+        return ret;
+
+    if (avci->buffer_frame->buf[0]) {
+        av_frame_move_ref(frame, avci->buffer_frame);
+    } else {
+        ret = decode_receive_frame_internal(avctx, frame);
+        if (ret < 0)
+            return ret;
+    }
+
+    if (avctx->codec_type == AVMEDIA_TYPE_VIDEO) {
+        ret = apply_cropping(avctx, frame);
+        if (ret < 0) {
+            av_frame_unref(frame);
+            return ret;
+        }
+    }
+
+    avctx->frame_number++;
+
+    return 0;
+}
+
+static int compat_decode(AVCodecContext *avctx, AVFrame *frame,
+                         int *got_frame, const AVPacket *pkt)
+{
+    AVCodecInternal *avci = avctx->internal;
+    int ret = 0;
+
+    av_assert0(avci->compat_decode_consumed == 0);
+
+    if (avci->draining_done && pkt && pkt->size != 0) {
+        av_log(avctx, AV_LOG_WARNING, "Got unexpected packet after EOF\n");
+        avcodec_flush_buffers(avctx);
+    }
+
+    *got_frame = 0;
+    avci->compat_decode = 1;
+
+    if (avci->compat_decode_partial_size > 0 &&
+        avci->compat_decode_partial_size != pkt->size) {
+        av_log(avctx, AV_LOG_ERROR,
+               "Got unexpected packet size after a partial decode\n");
+        ret = AVERROR(EINVAL);
+        goto finish;
+    }
+
+    if (!avci->compat_decode_partial_size) {
+        ret = avcodec_send_packet(avctx, pkt);
+        if (ret == AVERROR_EOF)
+            ret = 0;
+        else if (ret == AVERROR(EAGAIN)) {
+            /* we fully drain all the output in each decode call, so this should not
+             * ever happen */
+            ret = AVERROR_BUG;
+            goto finish;
+        } else if (ret < 0)
+            goto finish;
+    }
+
+    while (ret >= 0) {
+        ret = avcodec_receive_frame(avctx, frame);
+        if (ret < 0) {
+            if (ret == AVERROR(EAGAIN) || ret == AVERROR_EOF)
+                ret = 0;
+            goto finish;
+        }
+
+        if (frame != avci->compat_decode_frame) {
+            if (!avctx->refcounted_frames) {
+                ret = unrefcount_frame(avci, frame);
+                if (ret < 0)
+                    goto finish;
+            }
+
+            *got_frame = 1;
+            frame = avci->compat_decode_frame;
+        } else {
+            if (!avci->compat_decode_warned) {
+                av_log(avctx, AV_LOG_WARNING, "The deprecated avcodec_decode_* "
+                       "API cannot return all the frames for this decoder. "
+                       "Some frames will be dropped. Update your code to the "
+                       "new decoding API to fix this.\n");
+                avci->compat_decode_warned = 1;
+            }
+        }
+
+        if (avci->draining || (!avctx->codec->bsfs && avci->compat_decode_consumed < pkt->size))
+            break;
+    }
+
+finish:
+    if (ret == 0) {
+        /* if there are any bsfs then assume full packet is always consumed */
+        if (avctx->codec->bsfs)
+            ret = pkt->size;
+        else
+            ret = FFMIN(avci->compat_decode_consumed, pkt->size);
+    }
+    avci->compat_decode_consumed = 0;
+    avci->compat_decode_partial_size = (ret >= 0) ? pkt->size - ret : 0;
+
+    return ret;
+}
+
+int attribute_align_arg avcodec_decode_video2(AVCodecContext *avctx, AVFrame *picture,
+                                              int *got_picture_ptr,
+                                              const AVPacket *avpkt)
+{
+    return compat_decode(avctx, picture, got_picture_ptr, avpkt);
+}
+
+int attribute_align_arg avcodec_decode_audio4(AVCodecContext *avctx,
+                                              AVFrame *frame,
+                                              int *got_frame_ptr,
+                                              const AVPacket *avpkt)
+{
+    return compat_decode(avctx, frame, got_frame_ptr, avpkt);
+}
+
+static void get_subtitle_defaults(AVSubtitle *sub)
+{
+    memset(sub, 0, sizeof(*sub));
+    sub->pts = AV_NOPTS_VALUE;
+}
+
+#define UTF8_MAX_BYTES 4 /* 5 and 6 bytes sequences should not be used */
+static int recode_subtitle(AVCodecContext *avctx,
+                           AVPacket *outpkt, const AVPacket *inpkt)
+{
+#if CONFIG_ICONV
+    iconv_t cd = (iconv_t)-1;
+    int ret = 0;
+    char *inb, *outb;
+    size_t inl, outl;
+    AVPacket tmp;
+#endif
+
+    if (avctx->sub_charenc_mode != FF_SUB_CHARENC_MODE_PRE_DECODER || inpkt->size == 0)
+        return 0;
+
+#if CONFIG_ICONV
+    cd = iconv_open("UTF-8", avctx->sub_charenc);
+    av_assert0(cd != (iconv_t)-1);
+
+    inb = inpkt->data;
+    inl = inpkt->size;
+
+    if (inl >= INT_MAX / UTF8_MAX_BYTES - AV_INPUT_BUFFER_PADDING_SIZE) {
+        av_log(avctx, AV_LOG_ERROR, "Subtitles packet is too big for recoding\n");
+        ret = AVERROR(ENOMEM);
+        goto end;
+    }
+
+    ret = av_new_packet(&tmp, inl * UTF8_MAX_BYTES);
+    if (ret < 0)
+        goto end;
+    outpkt->buf  = tmp.buf;
+    outpkt->data = tmp.data;
+    outpkt->size = tmp.size;
+    outb = outpkt->data;
+    outl = outpkt->size;
+
+    if (iconv(cd, &inb, &inl, &outb, &outl) == (size_t)-1 ||
+        iconv(cd, NULL, NULL, &outb, &outl) == (size_t)-1 ||
+        outl >= outpkt->size || inl != 0) {
+        ret = FFMIN(AVERROR(errno), -1);
+        av_log(avctx, AV_LOG_ERROR, "Unable to recode subtitle event \"%s\" "
+               "from %s to UTF-8\n", inpkt->data, avctx->sub_charenc);
+        av_packet_unref(&tmp);
+        goto end;
+    }
+    outpkt->size -= outl;
+    memset(outpkt->data + outpkt->size, 0, outl);
+
+end:
+    if (cd != (iconv_t)-1)
+        iconv_close(cd);
+    return ret;
+#else
+    av_log(avctx, AV_LOG_ERROR, "requesting subtitles recoding without iconv");
+    return AVERROR(EINVAL);
+#endif
+}
+
+static int utf8_check(const uint8_t *str)
+{
+    const uint8_t *byte;
+    uint32_t codepoint, min;
+
+    while (*str) {
+        byte = str;
+        GET_UTF8(codepoint, *(byte++), return 0;);
+        min = byte - str == 1 ? 0 : byte - str == 2 ? 0x80 :
+              1 << (5 * (byte - str) - 4);
+        if (codepoint < min || codepoint >= 0x110000 ||
+            codepoint == 0xFFFE /* BOM */ ||
+            codepoint >= 0xD800 && codepoint <= 0xDFFF /* surrogates */)
+            return 0;
+        str = byte;
+    }
+    return 1;
+}
+
+#if FF_API_ASS_TIMING
+static void insert_ts(AVBPrint *buf, int ts)
+{
+    if (ts == -1) {
+        av_bprintf(buf, "9:59:59.99,");
+    } else {
+        int h, m, s;
+
+        h = ts/360000;  ts -= 360000*h;
+        m = ts/  6000;  ts -=   6000*m;
+        s = ts/   100;  ts -=    100*s;
+        av_bprintf(buf, "%d:%02d:%02d.%02d,", h, m, s, ts);
+    }
+}
+
+static int convert_sub_to_old_ass_form(AVSubtitle *sub, const AVPacket *pkt, AVRational tb)
+{
+    int i;
+    AVBPrint buf;
+
+    av_bprint_init(&buf, 0, AV_BPRINT_SIZE_UNLIMITED);
+
+    for (i = 0; i < sub->num_rects; i++) {
+        char *final_dialog;
+        const char *dialog;
+        AVSubtitleRect *rect = sub->rects[i];
+        int ts_start, ts_duration = -1;
+        long int layer;
+
+        if (rect->type != SUBTITLE_ASS || !strncmp(rect->ass, "Dialogue: ", 10))
+            continue;
+
+        av_bprint_clear(&buf);
+
+        /* skip ReadOrder */
+        dialog = strchr(rect->ass, ',');
+        if (!dialog)
+            continue;
+        dialog++;
+
+        /* extract Layer or Marked */
+        layer = strtol(dialog, (char**)&dialog, 10);
+        if (*dialog != ',')
+            continue;
+        dialog++;
+
+        /* rescale timing to ASS time base (ms) */
+        ts_start = av_rescale_q(pkt->pts, tb, av_make_q(1, 100));
+        if (pkt->duration != -1)
+            ts_duration = av_rescale_q(pkt->duration, tb, av_make_q(1, 100));
+        sub->end_display_time = FFMAX(sub->end_display_time, 10 * ts_duration);
+
+        /* construct ASS (standalone file form with timestamps) string */
+        av_bprintf(&buf, "Dialogue: %ld,", layer);
+        insert_ts(&buf, ts_start);
+        insert_ts(&buf, ts_duration == -1 ? -1 : ts_start + ts_duration);
+        av_bprintf(&buf, "%s\r\n", dialog);
+
+        final_dialog = av_strdup(buf.str);
+        if (!av_bprint_is_complete(&buf) || !final_dialog) {
+            av_freep(&final_dialog);
+            av_bprint_finalize(&buf, NULL);
+            return AVERROR(ENOMEM);
+        }
+        av_freep(&rect->ass);
+        rect->ass = final_dialog;
+    }
+
+    av_bprint_finalize(&buf, NULL);
+    return 0;
+}
+#endif
+
+int avcodec_decode_subtitle2(AVCodecContext *avctx, AVSubtitle *sub,
+                             int *got_sub_ptr,
+                             AVPacket *avpkt)
+{
+    int i, ret = 0;
+    AVCodecInternal *avci = avctx->internal;
+
+    if (!avpkt->data && avpkt->size) {
+        av_log(avctx, AV_LOG_ERROR, "invalid packet: NULL data, size != 0\n");
+        return AVERROR(EINVAL);
+    }
+    if (!avctx->codec)
+        return AVERROR(EINVAL);
+    if (avctx->codec->type != AVMEDIA_TYPE_SUBTITLE) {
+        av_log(avctx, AV_LOG_ERROR, "Invalid media type for subtitles\n");
+        return AVERROR(EINVAL);
+    }
+
+    *got_sub_ptr = 0;
+    get_subtitle_defaults(sub);
+
+    if ((avctx->codec->capabilities & AV_CODEC_CAP_DELAY) || avpkt->size) {
+        AVPacket pkt_recoded;
+        AVPacket tmp = *avpkt;
+#if FF_API_MERGE_SD
+FF_DISABLE_DEPRECATION_WARNINGS
+        int did_split = avci->compat_decode_partial_size ?
+                        ff_packet_split_and_drop_side_data(&tmp) :
+                        av_packet_split_side_data(&tmp);
+        //apply_param_change(avctx, &tmp);
+
+        if (did_split) {
+            /* FFMIN() prevents overflow in case the packet wasn't allocated with
+             * proper padding.
+             * If the side data is smaller than the buffer padding size, the
+             * remaining bytes should have already been filled with zeros by the
+             * original packet allocation anyway. */
+            memset(tmp.data + tmp.size, 0,
+                   FFMIN(avpkt->size - tmp.size, AV_INPUT_BUFFER_PADDING_SIZE));
+        }
+FF_ENABLE_DEPRECATION_WARNINGS
+#endif
+
+        pkt_recoded = tmp;
+        ret = recode_subtitle(avctx, &pkt_recoded, &tmp);
+        if (ret < 0) {
+            *got_sub_ptr = 0;
+        } else {
+             ret = extract_packet_props(avctx->internal, &pkt_recoded);
+             if (ret < 0)
+                return ret;
+
+            if (avctx->pkt_timebase.num && avpkt->pts != AV_NOPTS_VALUE)
+                sub->pts = av_rescale_q(avpkt->pts,
+                                        avctx->pkt_timebase, AV_TIME_BASE_Q);
+            ret = avctx->codec->decode(avctx, sub, got_sub_ptr, &pkt_recoded);
+            av_assert1((ret >= 0) >= !!*got_sub_ptr &&
+                       !!*got_sub_ptr >= !!sub->num_rects);
+
+#if FF_API_ASS_TIMING
+            if (avctx->sub_text_format == FF_SUB_TEXT_FMT_ASS_WITH_TIMINGS
+                && *got_sub_ptr && sub->num_rects) {
+                const AVRational tb = avctx->pkt_timebase.num ? avctx->pkt_timebase
+                                                              : avctx->time_base;
+                int err = convert_sub_to_old_ass_form(sub, avpkt, tb);
+                if (err < 0)
+                    ret = err;
+            }
+#endif
+
+            if (sub->num_rects && !sub->end_display_time && avpkt->duration &&
+                avctx->pkt_timebase.num) {
+                AVRational ms = { 1, 1000 };
+                sub->end_display_time = av_rescale_q(avpkt->duration,
+                                                     avctx->pkt_timebase, ms);
+            }
+
+            if (avctx->codec_descriptor->props & AV_CODEC_PROP_BITMAP_SUB)
+                sub->format = 0;
+            else if (avctx->codec_descriptor->props & AV_CODEC_PROP_TEXT_SUB)
+                sub->format = 1;
+
+            for (i = 0; i < sub->num_rects; i++) {
+                if (sub->rects[i]->ass && !utf8_check(sub->rects[i]->ass)) {
+                    av_log(avctx, AV_LOG_ERROR,
+                           "Invalid UTF-8 in decoded subtitles text; "
+                           "maybe missing -sub_charenc option\n");
+                    avsubtitle_free(sub);
+                    ret = AVERROR_INVALIDDATA;
+                    break;
+                }
+            }
+
+            if (tmp.data != pkt_recoded.data) { // did we recode?
+                /* prevent from destroying side data from original packet */
+                pkt_recoded.side_data = NULL;
+                pkt_recoded.side_data_elems = 0;
+
+                av_packet_unref(&pkt_recoded);
+            }
+        }
+
+#if FF_API_MERGE_SD
+        if (did_split) {
+            av_packet_free_side_data(&tmp);
+            if(ret == tmp.size)
+                ret = avpkt->size;
+        }
+#endif
+
+        if (*got_sub_ptr)
+            avctx->frame_number++;
+    }
+
+    return ret;
+}
+
+static int is_hwaccel_pix_fmt(enum AVPixelFormat pix_fmt)
+{
+    const AVPixFmtDescriptor *desc = av_pix_fmt_desc_get(pix_fmt);
+    return desc->flags & AV_PIX_FMT_FLAG_HWACCEL;
+}
+
+enum AVPixelFormat avcodec_default_get_format(struct AVCodecContext *s, const enum AVPixelFormat *fmt)
+{
+    while (*fmt != AV_PIX_FMT_NONE && is_hwaccel_pix_fmt(*fmt))
+        ++fmt;
+    return fmt[0];
+}
+
+static AVHWAccel *find_hwaccel(enum AVCodecID codec_id,
+                               enum AVPixelFormat pix_fmt)
+{
+    AVHWAccel *hwaccel = NULL;
+
+    while ((hwaccel = av_hwaccel_next(hwaccel)))
+        if (hwaccel->id == codec_id
+            && hwaccel->pix_fmt == pix_fmt)
+            return hwaccel;
+    return NULL;
+}
+
+static int setup_hwaccel(AVCodecContext *avctx,
+                         const enum AVPixelFormat fmt,
+                         const char *name)
+{
+    AVHWAccel *hwa = find_hwaccel(avctx->codec_id, fmt);
+    int ret        = 0;
+
+    if (!hwa) {
+        av_log(avctx, AV_LOG_ERROR,
+               "Could not find an AVHWAccel for the pixel format: %s",
+               name);
+        return AVERROR(ENOENT);
+    }
+
+    if (hwa->capabilities & AV_HWACCEL_CODEC_CAP_EXPERIMENTAL &&
+        avctx->strict_std_compliance > FF_COMPLIANCE_EXPERIMENTAL) {
+        av_log(avctx, AV_LOG_WARNING, "Ignoring experimental hwaccel: %s\n",
+               hwa->name);
+        return AVERROR_PATCHWELCOME;
+    }
+
+    if (hwa->priv_data_size) {
+        avctx->internal->hwaccel_priv_data = av_mallocz(hwa->priv_data_size);
+        if (!avctx->internal->hwaccel_priv_data)
+            return AVERROR(ENOMEM);
+    }
+
+    avctx->hwaccel = hwa;
+    if (hwa->init) {
+        ret = hwa->init(avctx);
+        if (ret < 0) {
+            av_freep(&avctx->internal->hwaccel_priv_data);
+            avctx->hwaccel = NULL;
+            return ret;
+        }
+    }
+
+    return 0;
+}
+
+int ff_get_format(AVCodecContext *avctx, const enum AVPixelFormat *fmt)
+{
+    const AVPixFmtDescriptor *desc;
+    enum AVPixelFormat *choices;
+    enum AVPixelFormat ret;
+    unsigned n = 0;
+
+    while (fmt[n] != AV_PIX_FMT_NONE)
+        ++n;
+
+    av_assert0(n >= 1);
+    avctx->sw_pix_fmt = fmt[n - 1];
+    av_assert2(!is_hwaccel_pix_fmt(avctx->sw_pix_fmt));
+
+    choices = av_malloc_array(n + 1, sizeof(*choices));
+    if (!choices)
+        return AV_PIX_FMT_NONE;
+
+    memcpy(choices, fmt, (n + 1) * sizeof(*choices));
+
+    for (;;) {
+        if (avctx->hwaccel && avctx->hwaccel->uninit)
+            avctx->hwaccel->uninit(avctx);
+        av_freep(&avctx->internal->hwaccel_priv_data);
+        avctx->hwaccel = NULL;
+
+        av_buffer_unref(&avctx->hw_frames_ctx);
+
+        ret = avctx->get_format(avctx, choices);
+
+        desc = av_pix_fmt_desc_get(ret);
+        if (!desc) {
+            ret = AV_PIX_FMT_NONE;
+            break;
+        }
+
+        if (!(desc->flags & AV_PIX_FMT_FLAG_HWACCEL))
+            break;
+#if FF_API_CAP_VDPAU
+        if (avctx->codec->capabilities&AV_CODEC_CAP_HWACCEL_VDPAU)
+            break;
+#endif
+
+        if (avctx->hw_frames_ctx) {
+            AVHWFramesContext *hw_frames_ctx = (AVHWFramesContext*)avctx->hw_frames_ctx->data;
+            if (hw_frames_ctx->format != ret) {
+                av_log(avctx, AV_LOG_ERROR, "Format returned from get_buffer() "
+                       "does not match the format of provided AVHWFramesContext\n");
+                ret = AV_PIX_FMT_NONE;
+                break;
+            }
+        }
+
+        if (!setup_hwaccel(avctx, ret, desc->name))
+            break;
+
+        /* Remove failed hwaccel from choices */
+        for (n = 0; choices[n] != ret; n++)
+            av_assert0(choices[n] != AV_PIX_FMT_NONE);
+
+        do
+            choices[n] = choices[n + 1];
+        while (choices[n++] != AV_PIX_FMT_NONE);
+    }
+
+    av_freep(&choices);
+    return ret;
+}
+
+static int update_frame_pool(AVCodecContext *avctx, AVFrame *frame)
+{
+    FramePool *pool = avctx->internal->pool;
+    int i, ret;
+
+    switch (avctx->codec_type) {
+    case AVMEDIA_TYPE_VIDEO: {
+        uint8_t *data[4];
+        int linesize[4];
+        int size[4] = { 0 };
+        int w = frame->width;
+        int h = frame->height;
+        int tmpsize, unaligned;
+
+        if (pool->format == frame->format &&
+            pool->width == frame->width && pool->height == frame->height)
+            return 0;
+
+        avcodec_align_dimensions2(avctx, &w, &h, pool->stride_align);
+
+        do {
+            // NOTE: do not align linesizes individually, this breaks e.g. assumptions
+            // that linesize[0] == 2*linesize[1] in the MPEG-encoder for 4:2:2
+            ret = av_image_fill_linesizes(linesize, avctx->pix_fmt, w);
+            if (ret < 0)
+                return ret;
+            // increase alignment of w for next try (rhs gives the lowest bit set in w)
+            w += w & ~(w - 1);
+
+            unaligned = 0;
+            for (i = 0; i < 4; i++)
+                unaligned |= linesize[i] % pool->stride_align[i];
+        } while (unaligned);
+
+        tmpsize = av_image_fill_pointers(data, avctx->pix_fmt, h,
+                                         NULL, linesize);
+        if (tmpsize < 0)
+            return -1;
+
+        for (i = 0; i < 3 && data[i + 1]; i++)
+            size[i] = data[i + 1] - data[i];
+        size[i] = tmpsize - (data[i] - data[0]);
+
+        for (i = 0; i < 4; i++) {
+            av_buffer_pool_uninit(&pool->pools[i]);
+            pool->linesize[i] = linesize[i];
+            if (size[i]) {
+                pool->pools[i] = av_buffer_pool_init(size[i] + 16 + STRIDE_ALIGN - 1,
+                                                     CONFIG_MEMORY_POISONING ?
+                                                        NULL :
+                                                        av_buffer_allocz);
+                if (!pool->pools[i]) {
+                    ret = AVERROR(ENOMEM);
+                    goto fail;
+                }
+            }
+        }
+        pool->format = frame->format;
+        pool->width  = frame->width;
+        pool->height = frame->height;
+
+        break;
+        }
+    case AVMEDIA_TYPE_AUDIO: {
+        int ch     = frame->channels; //av_get_channel_layout_nb_channels(frame->channel_layout);
+        int planar = av_sample_fmt_is_planar(frame->format);
+        int planes = planar ? ch : 1;
+
+        if (pool->format == frame->format && pool->planes == planes &&
+            pool->channels == ch && frame->nb_samples == pool->samples)
+            return 0;
+
+        av_buffer_pool_uninit(&pool->pools[0]);
+        ret = av_samples_get_buffer_size(&pool->linesize[0], ch,
+                                         frame->nb_samples, frame->format, 0);
+        if (ret < 0)
+            goto fail;
+
+        pool->pools[0] = av_buffer_pool_init(pool->linesize[0], NULL);
+        if (!pool->pools[0]) {
+            ret = AVERROR(ENOMEM);
+            goto fail;
+        }
+
+        pool->format     = frame->format;
+        pool->planes     = planes;
+        pool->channels   = ch;
+        pool->samples = frame->nb_samples;
+        break;
+        }
+    default: av_assert0(0);
+    }
+    return 0;
+fail:
+    for (i = 0; i < 4; i++)
+        av_buffer_pool_uninit(&pool->pools[i]);
+    pool->format = -1;
+    pool->planes = pool->channels = pool->samples = 0;
+    pool->width  = pool->height = 0;
+    return ret;
+}
+
+static int audio_get_buffer(AVCodecContext *avctx, AVFrame *frame)
+{
+    FramePool *pool = avctx->internal->pool;
+    int planes = pool->planes;
+    int i;
+
+    frame->linesize[0] = pool->linesize[0];
+
+    if (planes > AV_NUM_DATA_POINTERS) {
+        frame->extended_data = av_mallocz_array(planes, sizeof(*frame->extended_data));
+        frame->nb_extended_buf = planes - AV_NUM_DATA_POINTERS;
+        frame->extended_buf  = av_mallocz_array(frame->nb_extended_buf,
+                                          sizeof(*frame->extended_buf));
+        if (!frame->extended_data || !frame->extended_buf) {
+            av_freep(&frame->extended_data);
+            av_freep(&frame->extended_buf);
+            return AVERROR(ENOMEM);
+        }
+    } else {
+        frame->extended_data = frame->data;
+        av_assert0(frame->nb_extended_buf == 0);
+    }
+
+    for (i = 0; i < FFMIN(planes, AV_NUM_DATA_POINTERS); i++) {
+        frame->buf[i] = av_buffer_pool_get(pool->pools[0]);
+        if (!frame->buf[i])
+            goto fail;
+        frame->extended_data[i] = frame->data[i] = frame->buf[i]->data;
+    }
+    for (i = 0; i < frame->nb_extended_buf; i++) {
+        frame->extended_buf[i] = av_buffer_pool_get(pool->pools[0]);
+        if (!frame->extended_buf[i])
+            goto fail;
+        frame->extended_data[i + AV_NUM_DATA_POINTERS] = frame->extended_buf[i]->data;
+    }
+
+    if (avctx->debug & FF_DEBUG_BUFFERS)
+        av_log(avctx, AV_LOG_DEBUG, "default_get_buffer called on frame %p", frame);
+
+    return 0;
+fail:
+    av_frame_unref(frame);
+    return AVERROR(ENOMEM);
+}
+
+static int video_get_buffer(AVCodecContext *s, AVFrame *pic)
+{
+    FramePool *pool = s->internal->pool;
+    const AVPixFmtDescriptor *desc = av_pix_fmt_desc_get(pic->format);
+    int i;
+
+    if (pic->data[0] || pic->data[1] || pic->data[2] || pic->data[3]) {
+        av_log(s, AV_LOG_ERROR, "pic->data[*]!=NULL in avcodec_default_get_buffer\n");
+        return -1;
+    }
+
+    if (!desc) {
+        av_log(s, AV_LOG_ERROR,
+            "Unable to get pixel format descriptor for format %s\n",
+            av_get_pix_fmt_name(pic->format));
+        return AVERROR(EINVAL);
+    }
+
+    memset(pic->data, 0, sizeof(pic->data));
+    pic->extended_data = pic->data;
+
+    for (i = 0; i < 4 && pool->pools[i]; i++) {
+        pic->linesize[i] = pool->linesize[i];
+
+        pic->buf[i] = av_buffer_pool_get(pool->pools[i]);
+        if (!pic->buf[i])
+            goto fail;
+
+        pic->data[i] = pic->buf[i]->data;
+    }
+    for (; i < AV_NUM_DATA_POINTERS; i++) {
+        pic->data[i] = NULL;
+        pic->linesize[i] = 0;
+    }
+    if (desc->flags & AV_PIX_FMT_FLAG_PAL ||
+        desc->flags & AV_PIX_FMT_FLAG_PSEUDOPAL)
+        avpriv_set_systematic_pal2((uint32_t *)pic->data[1], pic->format);
+
+    if (s->debug & FF_DEBUG_BUFFERS)
+        av_log(s, AV_LOG_DEBUG, "default_get_buffer called on pic %p\n", pic);
+
+    return 0;
+fail:
+    av_frame_unref(pic);
+    return AVERROR(ENOMEM);
+}
+
+int avcodec_default_get_buffer2(AVCodecContext *avctx, AVFrame *frame, int flags)
+{
+    int ret;
+
+    if (avctx->hw_frames_ctx) {
+        ret = av_hwframe_get_buffer(avctx->hw_frames_ctx, frame, 0);
+        frame->width  = avctx->coded_width;
+        frame->height = avctx->coded_height;
+        return ret;
+    }
+
+    if ((ret = update_frame_pool(avctx, frame)) < 0)
+        return ret;
+
+    switch (avctx->codec_type) {
+    case AVMEDIA_TYPE_VIDEO:
+        return video_get_buffer(avctx, frame);
+    case AVMEDIA_TYPE_AUDIO:
+        return audio_get_buffer(avctx, frame);
+    default:
+        return -1;
+    }
+}
+
+static int add_metadata_from_side_data(const AVPacket *avpkt, AVFrame *frame)
+{
+    int size;
+    const uint8_t *side_metadata;
+
+    AVDictionary **frame_md = &frame->metadata;
+
+    side_metadata = av_packet_get_side_data(avpkt,
+                                            AV_PKT_DATA_STRINGS_METADATA, &size);
+    return av_packet_unpack_dictionary(side_metadata, size, frame_md);
+}
+
+int ff_init_buffer_info(AVCodecContext *avctx, AVFrame *frame)
+{
+    const AVPacket *pkt = avctx->internal->last_pkt_props;
+    int i;
+    static const struct {
+        enum AVPacketSideDataType packet;
+        enum AVFrameSideDataType frame;
+    } sd[] = {
+        { AV_PKT_DATA_REPLAYGAIN ,                AV_FRAME_DATA_REPLAYGAIN },
+        { AV_PKT_DATA_DISPLAYMATRIX,              AV_FRAME_DATA_DISPLAYMATRIX },
+        { AV_PKT_DATA_SPHERICAL,                  AV_FRAME_DATA_SPHERICAL },
+        { AV_PKT_DATA_STEREO3D,                   AV_FRAME_DATA_STEREO3D },
+        { AV_PKT_DATA_AUDIO_SERVICE_TYPE,         AV_FRAME_DATA_AUDIO_SERVICE_TYPE },
+        { AV_PKT_DATA_MASTERING_DISPLAY_METADATA, AV_FRAME_DATA_MASTERING_DISPLAY_METADATA },
+        { AV_PKT_DATA_CONTENT_LIGHT_LEVEL,        AV_FRAME_DATA_CONTENT_LIGHT_LEVEL },
+        { AV_PKT_DATA_A53_CC,                     AV_FRAME_DATA_A53_CC },
+    };
+
+    if (pkt) {
+        frame->pts = pkt->pts;
+#if FF_API_PKT_PTS
+FF_DISABLE_DEPRECATION_WARNINGS
+        frame->pkt_pts = pkt->pts;
+FF_ENABLE_DEPRECATION_WARNINGS
+#endif
+        frame->pkt_pos      = pkt->pos;
+        frame->pkt_duration = pkt->duration;
+        frame->pkt_size     = pkt->size;
+
+        for (i = 0; i < FF_ARRAY_ELEMS(sd); i++) {
+            int size;
+            uint8_t *packet_sd = av_packet_get_side_data(pkt, sd[i].packet, &size);
+            if (packet_sd) {
+                AVFrameSideData *frame_sd = av_frame_new_side_data(frame,
+                                                                   sd[i].frame,
+                                                                   size);
+                if (!frame_sd)
+                    return AVERROR(ENOMEM);
+
+                memcpy(frame_sd->data, packet_sd, size);
+            }
+        }
+        add_metadata_from_side_data(pkt, frame);
+
+        if (pkt->flags & AV_PKT_FLAG_DISCARD) {
+            frame->flags |= AV_FRAME_FLAG_DISCARD;
+        } else {
+            frame->flags = (frame->flags & ~AV_FRAME_FLAG_DISCARD);
+        }
+    }
+    frame->reordered_opaque = avctx->reordered_opaque;
+
+    if (frame->color_primaries == AVCOL_PRI_UNSPECIFIED)
+        frame->color_primaries = avctx->color_primaries;
+    if (frame->color_trc == AVCOL_TRC_UNSPECIFIED)
+        frame->color_trc = avctx->color_trc;
+    if (frame->colorspace == AVCOL_SPC_UNSPECIFIED)
+        frame->colorspace = avctx->colorspace;
+    if (frame->color_range == AVCOL_RANGE_UNSPECIFIED)
+        frame->color_range = avctx->color_range;
+    if (frame->chroma_location == AVCHROMA_LOC_UNSPECIFIED)
+        frame->chroma_location = avctx->chroma_sample_location;
+
+    switch (avctx->codec->type) {
+    case AVMEDIA_TYPE_VIDEO:
+        frame->format              = avctx->pix_fmt;
+        if (!frame->sample_aspect_ratio.num)
+            frame->sample_aspect_ratio = avctx->sample_aspect_ratio;
+
+        if (frame->width && frame->height &&
+            av_image_check_sar(frame->width, frame->height,
+                               frame->sample_aspect_ratio) < 0) {
+            av_log(avctx, AV_LOG_WARNING, "ignoring invalid SAR: %u/%u\n",
+                   frame->sample_aspect_ratio.num,
+                   frame->sample_aspect_ratio.den);
+            frame->sample_aspect_ratio = (AVRational){ 0, 1 };
+        }
+
+        break;
+    case AVMEDIA_TYPE_AUDIO:
+        if (!frame->sample_rate)
+            frame->sample_rate    = avctx->sample_rate;
+        if (frame->format < 0)
+            frame->format         = avctx->sample_fmt;
+        if (!frame->channel_layout) {
+            if (avctx->channel_layout) {
+                 if (av_get_channel_layout_nb_channels(avctx->channel_layout) !=
+                     avctx->channels) {
+                     av_log(avctx, AV_LOG_ERROR, "Inconsistent channel "
+                            "configuration.\n");
+                     return AVERROR(EINVAL);
+                 }
+
+                frame->channel_layout = avctx->channel_layout;
+            } else {
+                if (avctx->channels > FF_SANE_NB_CHANNELS) {
+                    av_log(avctx, AV_LOG_ERROR, "Too many channels: %d.\n",
+                           avctx->channels);
+                    return AVERROR(ENOSYS);
+                }
+            }
+        }
+        frame->channels = avctx->channels;
+        break;
+    }
+    return 0;
+}
+
+int ff_decode_frame_props(AVCodecContext *avctx, AVFrame *frame)
+{
+    return ff_init_buffer_info(avctx, frame);
+}
+
+static void validate_avframe_allocation(AVCodecContext *avctx, AVFrame *frame)
+{
+    if (avctx->codec_type == AVMEDIA_TYPE_VIDEO) {
+        int i;
+        int num_planes = av_pix_fmt_count_planes(frame->format);
+        const AVPixFmtDescriptor *desc = av_pix_fmt_desc_get(frame->format);
+        int flags = desc ? desc->flags : 0;
+        if (num_planes == 1 && (flags & AV_PIX_FMT_FLAG_PAL))
+            num_planes = 2;
+        for (i = 0; i < num_planes; i++) {
+            av_assert0(frame->data[i]);
+        }
+        // For now do not enforce anything for palette of pseudopal formats
+        if (num_planes == 1 && (flags & AV_PIX_FMT_FLAG_PSEUDOPAL))
+            num_planes = 2;
+        // For formats without data like hwaccel allow unused pointers to be non-NULL.
+        for (i = num_planes; num_planes > 0 && i < FF_ARRAY_ELEMS(frame->data); i++) {
+            if (frame->data[i])
+                av_log(avctx, AV_LOG_ERROR, "Buffer returned by get_buffer2() did not zero unused plane pointers\n");
+            frame->data[i] = NULL;
+        }
+    }
+}
+
+static int get_buffer_internal(AVCodecContext *avctx, AVFrame *frame, int flags)
+{
+    const AVHWAccel *hwaccel = avctx->hwaccel;
+    int override_dimensions = 1;
+    int ret;
+
+    if (avctx->codec_type == AVMEDIA_TYPE_VIDEO) {
+        if ((ret = av_image_check_size2(avctx->width, avctx->height, avctx->max_pixels, AV_PIX_FMT_NONE, 0, avctx)) < 0 || avctx->pix_fmt<0) {
+            av_log(avctx, AV_LOG_ERROR, "video_get_buffer: image parameters invalid\n");
+            return AVERROR(EINVAL);
+        }
+
+        if (frame->width <= 0 || frame->height <= 0) {
+            frame->width  = FFMAX(avctx->width,  AV_CEIL_RSHIFT(avctx->coded_width,  avctx->lowres));
+            frame->height = FFMAX(avctx->height, AV_CEIL_RSHIFT(avctx->coded_height, avctx->lowres));
+            override_dimensions = 0;
+        }
+
+        if (frame->data[0] || frame->data[1] || frame->data[2] || frame->data[3]) {
+            av_log(avctx, AV_LOG_ERROR, "pic->data[*]!=NULL in get_buffer_internal\n");
+            return AVERROR(EINVAL);
+        }
+    }
+    ret = ff_decode_frame_props(avctx, frame);
+    if (ret < 0)
+        return ret;
+
+    if (hwaccel) {
+        if (hwaccel->alloc_frame) {
+            ret = hwaccel->alloc_frame(avctx, frame);
+            goto end;
+        }
+    } else
+        avctx->sw_pix_fmt = avctx->pix_fmt;
+
+    ret = avctx->get_buffer2(avctx, frame, flags);
+    if (ret >= 0)
+        validate_avframe_allocation(avctx, frame);
+
+end:
+    if (avctx->codec_type == AVMEDIA_TYPE_VIDEO && !override_dimensions &&
+        !(avctx->codec->caps_internal & FF_CODEC_CAP_EXPORTS_CROPPING)) {
+        frame->width  = avctx->width;
+        frame->height = avctx->height;
+    }
+
+    return ret;
+}
+
+int ff_get_buffer(AVCodecContext *avctx, AVFrame *frame, int flags)
+{
+    int ret = get_buffer_internal(avctx, frame, flags);
+    if (ret < 0) {
+        av_log(avctx, AV_LOG_ERROR, "get_buffer() failed\n");
+        frame->width = frame->height = 0;
+    }
+    return ret;
+}
+
+static int reget_buffer_internal(AVCodecContext *avctx, AVFrame *frame)
+{
+    AVFrame *tmp;
+    int ret;
+
+    av_assert0(avctx->codec_type == AVMEDIA_TYPE_VIDEO);
+
+    if (frame->data[0] && (frame->width != avctx->width || frame->height != avctx->height || frame->format != avctx->pix_fmt)) {
+        av_log(avctx, AV_LOG_WARNING, "Picture changed from size:%dx%d fmt:%s to size:%dx%d fmt:%s in reget buffer()\n",
+               frame->width, frame->height, av_get_pix_fmt_name(frame->format), avctx->width, avctx->height, av_get_pix_fmt_name(avctx->pix_fmt));
+        av_frame_unref(frame);
+    }
+
+    ff_init_buffer_info(avctx, frame);
+
+    if (!frame->data[0])
+        return ff_get_buffer(avctx, frame, AV_GET_BUFFER_FLAG_REF);
+
+    if (av_frame_is_writable(frame))
+        return ff_decode_frame_props(avctx, frame);
+
+    tmp = av_frame_alloc();
+    if (!tmp)
+        return AVERROR(ENOMEM);
+
+    av_frame_move_ref(tmp, frame);
+
+    ret = ff_get_buffer(avctx, frame, AV_GET_BUFFER_FLAG_REF);
+    if (ret < 0) {
+        av_frame_free(&tmp);
+        return ret;
+    }
+
+    av_frame_copy(frame, tmp);
+    av_frame_free(&tmp);
+
+    return 0;
+}
+
+int ff_reget_buffer(AVCodecContext *avctx, AVFrame *frame)
+{
+    int ret = reget_buffer_internal(avctx, frame);
+    if (ret < 0)
+        av_log(avctx, AV_LOG_ERROR, "reget_buffer() failed\n");
+    return ret;
+}
+
+void avcodec_flush_buffers(AVCodecContext *avctx)
+{
+    avctx->internal->draining      = 0;
+    avctx->internal->draining_done = 0;
+    avctx->internal->nb_draining_errors = 0;
+    av_frame_unref(avctx->internal->buffer_frame);
+    av_frame_unref(avctx->internal->compat_decode_frame);
+    av_packet_unref(avctx->internal->buffer_pkt);
+    avctx->internal->buffer_pkt_valid = 0;
+
+    av_packet_unref(avctx->internal->ds.in_pkt);
+
+    if (HAVE_THREADS && avctx->active_thread_type & FF_THREAD_FRAME)
+        ff_thread_flush(avctx);
+    else if (avctx->codec->flush)
+        avctx->codec->flush(avctx);
+
+    avctx->pts_correction_last_pts =
+    avctx->pts_correction_last_dts = INT64_MIN;
+
+    ff_decode_bsfs_uninit(avctx);
+
+    if (!avctx->refcounted_frames)
+        av_frame_unref(avctx->internal->to_free);
+}
+
+void ff_decode_bsfs_uninit(AVCodecContext *avctx)
+{
+    DecodeFilterContext *s = &avctx->internal->filter;
+    int i;
+
+    for (i = 0; i < s->nb_bsfs; i++)
+        av_bsf_free(&s->bsfs[i]);
+    av_freep(&s->bsfs);
+    s->nb_bsfs = 0;
+}
diff --git a/media/ffvpx/libavcodec/decode.h b/media/ffvpx/libavcodec/decode.h
new file mode 100644
index 000000000..c9630228d
--- /dev/null
+++ b/media/ffvpx/libavcodec/decode.h
@@ -0,0 +1,39 @@
+/*
+ * generic decoding-related code
+ *
+ * This file is part of FFmpeg.
+ *
+ * FFmpeg is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * FFmpeg is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with FFmpeg; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#ifndef AVCODEC_DECODE_H
+#define AVCODEC_DECODE_H
+
+#include "avcodec.h"
+
+/**
+ * Called by decoders to get the next packet for decoding.
+ *
+ * @param pkt An empty packet to be filled with data.
+ * @return 0 if a new reference has been successfully written to pkt
+ *         AVERROR(EAGAIN) if no data is currently available
+ *         AVERROR_EOF if and end of stream has been reached, so no more data
+ *                     will be available
+ */
+int ff_decode_get_packet(AVCodecContext *avctx, AVPacket *pkt);
+
+void ff_decode_bsfs_uninit(AVCodecContext *avctx);
+
+#endif /* AVCODEC_DECODE_H */
diff --git a/media/ffvpx/libavcodec/dummy_funcs.c b/media/ffvpx/libavcodec/dummy_funcs.c
index 200e1d266..21b469f7e 100644
--- a/media/ffvpx/libavcodec/dummy_funcs.c
+++ b/media/ffvpx/libavcodec/dummy_funcs.c
@@ -73,6 +73,16 @@ AVHWAccel ff_hevc_mediacodec_hwaccel;
 AVHWAccel ff_mpeg4_mediacodec_hwaccel;
 AVHWAccel ff_vp8_mediacodec_hwaccel;
 AVHWAccel ff_vp9_mediacodec_hwaccel;
+/* Added by FFmpeg 3.4 */
+AVHWAccel ff_h264_d3d11va2_hwaccel;
+AVHWAccel ff_hevc_d3d11va2_hwaccel;
+AVHWAccel ff_hevc_videotoolbox_hwaccel;
+AVHWAccel ff_mpeg2_d3d11va2_hwaccel;
+AVHWAccel ff_mpeg2_mediacodec_hwaccel;
+AVHWAccel ff_vc1_d3d11va2_hwaccel;
+AVHWAccel ff_vp8_qsv_hwaccel;
+AVHWAccel ff_vp9_d3d11va2_hwaccel;
+AVHWAccel ff_wmv3_d3d11va2_hwaccel;
 
 AVCodec ff_a64multi_encoder;
 AVCodec ff_a64multi5_encoder;
@@ -741,6 +751,54 @@ AVCodec ff_pcm_s64be_decoder;
 AVCodec ff_pcm_s64be_encoder;
 AVCodec ff_truehd_encoder;
 AVCodec ff_mlp_encoder;
+/* Added by FFmpeg 3.4 */
+AVCodec ff_clearvideo_decoder;
+AVCodec ff_fits_encoder;
+AVCodec ff_fits_decoder;
+AVCodec ff_fmvc_decoder;
+AVCodec ff_gdv_decoder;
+AVCodec ff_h263_v4l2m2m_decoder;
+AVCodec ff_h264_v4l2m2m_decoder;
+AVCodec ff_h264_rkmpp_decoder;
+AVCodec ff_hevc_rkmpp_decoder;
+AVCodec ff_hevc_v4l2m2m_decoder;
+AVCodec ff_mpeg4_v4l2m2m_decoder;
+AVCodec ff_mpeg1_v4l2m2m_decoder;
+AVCodec ff_mpeg2_v4l2m2m_decoder;
+AVCodec ff_mpeg2_mediacodec_decoder;
+AVCodec ff_mscc_decoder;
+AVCodec ff_pixlet_decoder;
+AVCodec ff_psd_decoder;
+AVCodec ff_scpr_decoder;
+AVCodec ff_speedhq_decoder;
+AVCodec ff_srgc_decoder;
+AVCodec ff_vc1_v4l2m2m_decoder;
+AVCodec ff_vp8_rkmpp_decoder;
+AVCodec ff_vp8_v4l2m2m_decoder;
+AVCodec ff_vp9_rkmpp_decoder;
+AVCodec ff_vp9_v4l2m2m_decoder;
+AVCodec ff_bitpacked_decoder;
+AVCodec ff_wrapped_avframe_decoder;
+AVCodec ff_xpm_decoder;
+AVCodec ff_atrac3al_decoder;
+AVCodec ff_atrac3pal_decoder;
+AVCodec ff_dolby_e_decoder;
+AVCodec ff_opus_encoder;
+AVCodec ff_qdmc_decoder;
+AVCodec ff_pcm_f16le_decoder;
+AVCodec ff_pcm_f24le_decoder;
+AVCodec ff_gremlin_dpcm_decoder;
+AVCodec ff_adpcm_g726le_encoder;
+AVCodec ff_librsvg_decoder;
+AVCodec ff_h263_v4l2m2m_encoder;
+AVCodec ff_h264_v4l2m2m_encoder;
+AVCodec ff_hevc_v4l2m2m_encoder;
+AVCodec ff_mpeg2_vaapi_encoder;
+AVCodec ff_mpeg4_v4l2m2m_encoder;
+AVCodec ff_vp8_qsv_decoder;
+AVCodec ff_vp8_v4l2m2m_encoder;
+AVCodec ff_vp8_vaapi_encoder;
+AVCodec ff_vp9_vaapi_encoder;
 
 AVCodecParser ff_aac_parser;
 AVCodecParser ff_aac_latm_parser;
@@ -777,6 +835,10 @@ AVCodecParser ff_tak_parser;
 AVCodecParser ff_vc1_parser;
 AVCodecParser ff_vorbis_parser;
 AVCodecParser ff_vp3_parser;
+/* Added by FFmpeg 3.4 */
+AVCodecParser ff_sipr_parser;
+AVCodecParser ff_xma_parser;
+
 AVBitStreamFilter ff_aac_adtstoasc_bsf;
 AVBitStreamFilter ff_chomp_bsf;
 AVBitStreamFilter ff_dump_extradata_bsf;
@@ -806,12 +868,15 @@ int ff_thread_video_encode_frame(AVCodecContext *avctx, AVPacket *pkt, const AVF
 void ff_videodsp_init_aarch64(VideoDSPContext *ctx, int bpc) {}
 void ff_videodsp_init_arm(VideoDSPContext *ctx, int bpc) {}
 void ff_videodsp_init_ppc(VideoDSPContext *ctx, int bpc) {}
+void ff_videodsp_init_mips(VideoDSPContext *ctx, int bpc) {}
 void ff_vp7dsp_init(VP8DSPContext *c) {}
 void ff_vp78dsp_init_arm(VP8DSPContext *c) {}
 void ff_vp78dsp_init_ppc(VP8DSPContext *c) {}
 void ff_vp8dsp_init_arm(VP8DSPContext *c) {}
 void ff_vp8dsp_init_mips(VP8DSPContext *c) {}
 void ff_vp9dsp_init_mips(VP9DSPContext *dsp, int bpp) {}
+void ff_vp9dsp_init_aarch64(VP9DSPContext *dsp, int bpp) {}
+void ff_vp9dsp_init_arm(VP9DSPContext *dsp, int bpp) {}
 void ff_flacdsp_init_arm(FLACDSPContext *c, enum AVSampleFormat fmt, int channels, int bps) {}
 #if !defined(HAVE_64BIT_BUILD)
 void ff_flac_decorrelate_indep8_16_sse2(uint8_t **out, int32_t **in, int channels, int len, int shift) {}
@@ -819,11 +884,3 @@ void ff_flac_decorrelate_indep8_32_avx(uint8_t **out, int32_t **in, int channels
 void ff_flac_decorrelate_indep8_16_avx(uint8_t **out, int32_t **in, int channels, int len, int shift) {}
 void ff_flac_decorrelate_indep8_32_sse2(uint8_t **out, int32_t **in, int channels, int len, int shift) {}
 #endif
-void av_bitstream_filter_close(AVBitStreamFilterContext *bsf) {}
-int av_bitstream_filter_filter(AVBitStreamFilterContext *bsfc,
-                               AVCodecContext *avctx, const char *args,
-                               uint8_t **poutbuf, int *poutbuf_size,
-                               const uint8_t *buf, int buf_size, int keyframe) { return 0; }
-AVBitStreamFilterContext *av_bitstream_filter_init(const char *name) { return NULL;}
-AVBitStreamFilter *av_bitstream_filter_next(const AVBitStreamFilter *f) { return NULL; }
-void av_register_bitstream_filter(AVBitStreamFilter *bsf) {}
diff --git a/media/ffvpx/libavcodec/error_resilience.h b/media/ffvpx/libavcodec/error_resilience.h
index d444ec3a3..27c200869 100644
--- a/media/ffvpx/libavcodec/error_resilience.h
+++ b/media/ffvpx/libavcodec/error_resilience.h
@@ -57,8 +57,8 @@ typedef struct ERContext {
     int *mb_index2xy;
     int mb_num;
     int mb_width, mb_height;
-    int mb_stride;
-    int b8_stride;
+    ptrdiff_t mb_stride;
+    ptrdiff_t b8_stride;
 
     volatile int error_count;
     int error_occurred;
diff --git a/media/ffvpx/libavcodec/flac.c b/media/ffvpx/libavcodec/flac.c
index f5154b914..5ffbf9319 100644
--- a/media/ffvpx/libavcodec/flac.c
+++ b/media/ffvpx/libavcodec/flac.c
@@ -201,7 +201,7 @@ void ff_flac_set_channel_layout(AVCodecContext *avctx)
         avctx->channel_layout = 0;
 }
 
-void ff_flac_parse_streaminfo(AVCodecContext *avctx, struct FLACStreaminfo *s,
+int ff_flac_parse_streaminfo(AVCodecContext *avctx, struct FLACStreaminfo *s,
                               const uint8_t *buffer)
 {
     GetBitContext gb;
@@ -213,6 +213,7 @@ void ff_flac_parse_streaminfo(AVCodecContext *avctx, struct FLACStreaminfo *s,
         av_log(avctx, AV_LOG_WARNING, "invalid max blocksize: %d\n",
                s->max_blocksize);
         s->max_blocksize = 16;
+        return AVERROR_INVALIDDATA;
     }
 
     skip_bits(&gb, 24); /* skip min frame size */
@@ -222,6 +223,12 @@ void ff_flac_parse_streaminfo(AVCodecContext *avctx, struct FLACStreaminfo *s,
     s->channels = get_bits(&gb, 3) + 1;
     s->bps = get_bits(&gb, 5) + 1;
 
+    if (s->bps < 4) {
+        av_log(avctx, AV_LOG_ERROR, "invalid bps: %d\n", s->bps);
+        s->bps = 16;
+        return AVERROR_INVALIDDATA;
+    }
+
     avctx->channels = s->channels;
     avctx->sample_rate = s->samplerate;
     avctx->bits_per_raw_sample = s->bps;
@@ -234,4 +241,6 @@ void ff_flac_parse_streaminfo(AVCodecContext *avctx, struct FLACStreaminfo *s,
 
     skip_bits_long(&gb, 64); /* md5 sum */
     skip_bits_long(&gb, 64); /* md5 sum */
+
+    return 0;
 }
diff --git a/media/ffvpx/libavcodec/flac.h b/media/ffvpx/libavcodec/flac.h
index 96d971c9d..991ab43f3 100644
--- a/media/ffvpx/libavcodec/flac.h
+++ b/media/ffvpx/libavcodec/flac.h
@@ -95,8 +95,10 @@ typedef struct FLACFrameInfo {
  * @param[out] avctx   codec context to set basic stream parameters
  * @param[out] s       where parsed information is stored
  * @param[in]  buffer  pointer to start of 34-byte streaminfo data
+ *
+ * @return negative error code on faiure or >= 0 on success
  */
-void ff_flac_parse_streaminfo(AVCodecContext *avctx, struct FLACStreaminfo *s,
+int ff_flac_parse_streaminfo(AVCodecContext *avctx, struct FLACStreaminfo *s,
                               const uint8_t *buffer);
 
 /**
diff --git a/media/ffvpx/libavcodec/flac_parser.c b/media/ffvpx/libavcodec/flac_parser.c
index f5cc35a4f..84da23f32 100644
--- a/media/ffvpx/libavcodec/flac_parser.c
+++ b/media/ffvpx/libavcodec/flac_parser.c
@@ -586,10 +586,12 @@ static int flac_parse(AVCodecParserContext *s, AVCodecContext *avctx,
             temp = curr->next;
             av_freep(&curr->link_penalty);
             av_free(curr);
+            fpc->nb_headers_buffered--;
         }
         fpc->headers = fpc->best_header->next;
         av_freep(&fpc->best_header->link_penalty);
         av_freep(&fpc->best_header);
+        fpc->nb_headers_buffered--;
     }
 
     /* Find and score new headers.                                     */
@@ -638,7 +640,7 @@ static int flac_parse(AVCodecParserContext *s, AVCodecContext *avctx,
                                   read_end - read_start, NULL);
         } else {
             int8_t pad[MAX_FRAME_HEADER_SIZE] = { 0 };
-            av_fifo_generic_write(fpc->fifo_buf, (void*) pad, sizeof(pad), NULL);
+            av_fifo_generic_write(fpc->fifo_buf, pad, sizeof(pad), NULL);
         }
 
         /* Tag headers and update sequences. */
diff --git a/media/ffvpx/libavcodec/flacdec.c b/media/ffvpx/libavcodec/flacdec.c
index b7237e18f..3d41a1af7 100644
--- a/media/ffvpx/libavcodec/flacdec.c
+++ b/media/ffvpx/libavcodec/flacdec.c
@@ -109,7 +109,9 @@ static av_cold int flac_decode_init(AVCodecContext *avctx)
         return AVERROR_INVALIDDATA;
 
     /* initialize based on the demuxer-supplied streamdata header */
-    ff_flac_parse_streaminfo(avctx, &s->flac_stream_info, streaminfo);
+    ret = ff_flac_parse_streaminfo(avctx, &s->flac_stream_info, streaminfo);
+    if (ret < 0)
+        return ret;
     ret = allocate_buffers(s);
     if (ret < 0)
         return ret;
@@ -175,7 +177,9 @@ static int parse_streaminfo(FLACContext *s, const uint8_t *buf, int buf_size)
         metadata_size != FLAC_STREAMINFO_SIZE) {
         return AVERROR_INVALIDDATA;
     }
-    ff_flac_parse_streaminfo(s->avctx, &s->flac_stream_info, &buf[8]);
+    ret = ff_flac_parse_streaminfo(s->avctx, &s->flac_stream_info, &buf[8]);
+    if (ret < 0)
+        return ret;
     ret = allocate_buffers(s);
     if (ret < 0)
         return ret;
@@ -201,12 +205,12 @@ static int get_metadata_size(const uint8_t *buf, int buf_size)
     buf += 4;
     do {
         if (buf_end - buf < 4)
-            return 0;
+            return AVERROR_INVALIDDATA;
         flac_parse_block_header(buf, &metadata_last, NULL, &metadata_size);
         buf += 4;
         if (buf_end - buf < metadata_size) {
             /* need more data in order to read the complete header */
-            return 0;
+            return AVERROR_INVALIDDATA;
         }
         buf += metadata_size;
     } while (!metadata_last);
@@ -254,8 +258,15 @@ static int decode_residuals(FLACContext *s, int32_t *decoded, int pred_order)
             for (; i < samples; i++)
                 *decoded++ = get_sbits_long(&s->gb, tmp);
         } else {
+            int real_limit = tmp ? (INT_MAX >> tmp) + 2 : INT_MAX;
             for (; i < samples; i++) {
-                *decoded++ = get_sr_golomb_flac(&s->gb, tmp, INT_MAX, 0);
+                int v = get_sr_golomb_flac(&s->gb, tmp, real_limit, 0);
+                if (v == 0x80000000){
+                    av_log(s->avctx, AV_LOG_ERROR, "invalid residual\n");
+                    return AVERROR_INVALIDDATA;
+                }
+
+                *decoded++ = v;
             }
         }
         i= 0;
@@ -268,7 +279,8 @@ static int decode_subframe_fixed(FLACContext *s, int32_t *decoded,
                                  int pred_order, int bps)
 {
     const int blocksize = s->blocksize;
-    int av_uninit(a), av_uninit(b), av_uninit(c), av_uninit(d), i;
+    unsigned av_uninit(a), av_uninit(b), av_uninit(c), av_uninit(d);
+    int i;
     int ret;
 
     /* warm up samples */
@@ -286,7 +298,7 @@ static int decode_subframe_fixed(FLACContext *s, int32_t *decoded,
     if (pred_order > 2)
         c = b - decoded[pred_order-2] + decoded[pred_order-3];
     if (pred_order > 3)
-        d = c - decoded[pred_order-2] + 2*decoded[pred_order-3] - decoded[pred_order-4];
+        d = c - decoded[pred_order-2] + 2U*decoded[pred_order-3] - decoded[pred_order-4];
 
     switch (pred_order) {
     case 0:
@@ -315,7 +327,7 @@ static int decode_subframe_fixed(FLACContext *s, int32_t *decoded,
     return 0;
 }
 
-static void lpc_analyze_remodulate(int32_t *decoded, const int coeffs[32],
+static void lpc_analyze_remodulate(SUINT32 *decoded, const int coeffs[32],
                                    int order, int qlevel, int len, int bps)
 {
     int i, j;
@@ -331,7 +343,7 @@ static void lpc_analyze_remodulate(int32_t *decoded, const int coeffs[32],
     for (i = len - 1; i >= order; i--) {
         int64_t p = 0;
         for (j = 0; j < order; j++)
-            p += coeffs[j] * (int64_t)decoded[i-order+j];
+            p += coeffs[j] * (int64_t)(int32_t)decoded[i-order+j];
         decoded[i] -= p >> qlevel;
     }
     for (i = order; i < len; i++, decoded++) {
@@ -444,10 +456,10 @@ static inline int decode_subframe(FLACContext *s, int channel)
         return AVERROR_INVALIDDATA;
     }
 
-    if (wasted) {
+    if (wasted && wasted < 32) {
         int i;
         for (i = 0; i < s->blocksize; i++)
-            decoded[i] <<= wasted;
+            decoded[i] = (unsigned)decoded[i] << wasted;
     }
 
     return 0;
diff --git a/media/ffvpx/libavcodec/flacdsp.c b/media/ffvpx/libavcodec/flacdsp.c
index 30b66484e..bc9a5dbed 100644
--- a/media/ffvpx/libavcodec/flacdsp.c
+++ b/media/ffvpx/libavcodec/flacdsp.c
@@ -49,8 +49,8 @@ static void flac_lpc_16_c(int32_t *decoded, const int coeffs[32],
     int i, j;
 
     for (i = pred_order; i < len - 1; i += 2, decoded += 2) {
-        int c = coeffs[0];
-        int d = decoded[0];
+        SUINT c = coeffs[0];
+        SUINT d = decoded[0];
         int s0 = 0, s1 = 0;
         for (j = 1; j < pred_order; j++) {
             s0 += c*d;
@@ -59,15 +59,15 @@ static void flac_lpc_16_c(int32_t *decoded, const int coeffs[32],
             c = coeffs[j];
         }
         s0 += c*d;
-        d = decoded[j] += s0 >> qlevel;
+        d = decoded[j] += (SUINT)(s0 >> qlevel);
         s1 += c*d;
-        decoded[j + 1] += s1 >> qlevel;
+        decoded[j + 1] += (SUINT)(s1 >> qlevel);
     }
     if (i < len) {
         int sum = 0;
         for (j = 0; j < pred_order; j++)
-            sum += coeffs[j] * decoded[j];
-        decoded[j] += sum >> qlevel;
+            sum += coeffs[j] * (SUINT)decoded[j];
+        decoded[j] = decoded[j] + (unsigned)(sum >> qlevel);
     }
 }
 
diff --git a/media/ffvpx/libavcodec/flacdsp.h b/media/ffvpx/libavcodec/flacdsp.h
index f5cbd9472..7bb0dd0e9 100644
--- a/media/ffvpx/libavcodec/flacdsp.h
+++ b/media/ffvpx/libavcodec/flacdsp.h
@@ -20,6 +20,7 @@
 #define AVCODEC_FLACDSP_H
 
 #include <stdint.h>
+#include "libavutil/internal.h"
 #include "libavutil/samplefmt.h"
 
 typedef struct FLACDSPContext {
diff --git a/media/ffvpx/libavcodec/flacdsp_template.c b/media/ffvpx/libavcodec/flacdsp_template.c
index 62c0a15ff..776c78da7 100644
--- a/media/ffvpx/libavcodec/flacdsp_template.c
+++ b/media/ffvpx/libavcodec/flacdsp_template.c
@@ -56,7 +56,7 @@ static void FUNC(flac_decorrelate_indep_c)(uint8_t **out, int32_t **in,
 
     for (j = 0; j < len; j++)
         for (i = 0; i < channels; i++)
-            S(samples, i, j) = in[i][j] << shift;
+            S(samples, i, j) = (int)((unsigned)in[i][j] << shift);
 }
 
 static void FUNC(flac_decorrelate_ls_c)(uint8_t **out, int32_t **in,
diff --git a/media/ffvpx/libavcodec/get_bits.h b/media/ffvpx/libavcodec/get_bits.h
index 0f183e035..0c7f5ff0c 100644
--- a/media/ffvpx/libavcodec/get_bits.h
+++ b/media/ffvpx/libavcodec/get_bits.h
@@ -229,6 +229,20 @@ static inline int get_xbits(GetBitContext *s, int n)
     return (NEG_USR32(sign ^ cache, n) ^ sign) - sign;
 }
 
+static inline int get_xbits_le(GetBitContext *s, int n)
+{
+    register int sign;
+    register int32_t cache;
+    OPEN_READER(re, s);
+    av_assert2(n>0 && n<=25);
+    UPDATE_CACHE_LE(re, s);
+    cache = GET_CACHE(re, s);
+    sign  = sign_extend(~cache, n) >> 31;
+    LAST_SKIP_BITS(re, s, n);
+    CLOSE_READER(re, s);
+    return (zero_extend(sign ^ cache, n) ^ sign) - sign;
+}
+
 static inline int get_sbits(GetBitContext *s, int n)
 {
     register int tmp;
@@ -331,6 +345,7 @@ static inline void skip_bits1(GetBitContext *s)
  */
 static inline unsigned int get_bits_long(GetBitContext *s, int n)
 {
+    av_assert2(n>=0 && n<=32);
     if (!n) {
         return 0;
     } else if (n <= MIN_CACHE_BITS) {
@@ -369,6 +384,10 @@ static inline uint64_t get_bits64(GetBitContext *s, int n)
  */
 static inline int get_sbits_long(GetBitContext *s, int n)
 {
+    // sign_extend(x, 0) is undefined
+    if (!n)
+        return 0;
+
     return sign_extend(get_bits_long(s, n), n);
 }
 
@@ -531,6 +550,7 @@ static inline const uint8_t *align_get_bits(GetBitContext *s)
  * @param max_depth is the number of times bits bits must be read to completely
  *                  read the longest vlc code
  *                  = (max_vlc_length + bits - 1) / bits
+ * @returns the code parsed or -1 if no vlc matches
  */
 static av_always_inline int get_vlc2(GetBitContext *s, VLC_TYPE (*table)[2],
                                      int bits, int max_depth)
diff --git a/media/ffvpx/libavcodec/golomb.h b/media/ffvpx/libavcodec/golomb.h
index 917ea54e1..efb1eff8a 100644
--- a/media/ffvpx/libavcodec/golomb.h
+++ b/media/ffvpx/libavcodec/golomb.h
@@ -314,6 +314,8 @@ static inline int get_ur_golomb_jpegls(GetBitContext *gb, int k, int limit,
 
     log = av_log2(buf);
 
+    av_assert2(k <= 31);
+
     if (log - k >= 32 - MIN_CACHE_BITS + (MIN_CACHE_BITS == 32) &&
         32 - log < limit) {
         buf >>= log - k;
@@ -325,8 +327,10 @@ static inline int get_ur_golomb_jpegls(GetBitContext *gb, int k, int limit,
     } else {
         int i;
         for (i = 0; i < limit && SHOW_UBITS(re, gb, 1) == 0; i++) {
-            if (gb->size_in_bits <= re_index)
+            if (gb->size_in_bits <= re_index) {
+                CLOSE_READER(re, gb);
                 return -1;
+            }
             LAST_SKIP_BITS(re, gb, 1);
             UPDATE_CACHE(re, gb);
         }
@@ -348,16 +352,17 @@ static inline int get_ur_golomb_jpegls(GetBitContext *gb, int k, int limit,
                 buf = 0;
             }
 
-            CLOSE_READER(re, gb);
-            return buf + (i << k);
+            buf += ((SUINT)i << k);
         } else if (i == limit - 1) {
             buf = SHOW_UBITS(re, gb, esc_len);
             LAST_SKIP_BITS(re, gb, esc_len);
-            CLOSE_READER(re, gb);
 
-            return buf + 1;
-        } else
-            return -1;
+            buf ++;
+        } else {
+            buf = -1;
+        }
+        CLOSE_READER(re, gb);
+        return buf;
     }
 }
 
@@ -445,19 +450,20 @@ static inline int get_te(GetBitContext *s, int r, char *file, const char *func,
     return i;
 }
 
-#define get_ue_golomb(a) get_ue(a, __FILE__, __PRETTY_FUNCTION__, __LINE__)
-#define get_se_golomb(a) get_se(a, __FILE__, __PRETTY_FUNCTION__, __LINE__)
-#define get_te_golomb(a, r)  get_te(a, r, __FILE__, __PRETTY_FUNCTION__, __LINE__)
-#define get_te0_golomb(a, r) get_te(a, r, __FILE__, __PRETTY_FUNCTION__, __LINE__)
+#define get_ue_golomb(a) get_ue(a, __FILE__, __func__, __LINE__)
+#define get_se_golomb(a) get_se(a, __FILE__, __func__, __LINE__)
+#define get_te_golomb(a, r)  get_te(a, r, __FILE__, __func__, __LINE__)
+#define get_te0_golomb(a, r) get_te(a, r, __FILE__, __func__, __LINE__)
 
 #endif /* TRACE */
 
 /**
- * write unsigned exp golomb code.
+ * write unsigned exp golomb code. 2^16 - 2 at most
  */
 static inline void set_ue_golomb(PutBitContext *pb, int i)
 {
     av_assert2(i >= 0);
+    av_assert2(i <= 0xFFFE);
 
     if (i < 256)
         put_bits(pb, ff_ue_golomb_len[i], i + 1);
@@ -468,6 +474,21 @@ static inline void set_ue_golomb(PutBitContext *pb, int i)
 }
 
 /**
+ * write unsigned exp golomb code. 2^32-2 at most.
+ */
+static inline void set_ue_golomb_long(PutBitContext *pb, uint32_t i)
+{
+    av_assert2(i <= (UINT32_MAX - 1));
+
+    if (i < 256)
+        put_bits(pb, ff_ue_golomb_len[i], i + 1);
+    else {
+        int e = av_log2(i + 1);
+        put_bits64(pb, 2 * e + 1, i + 1);
+    }
+}
+
+/**
  * write truncated unsigned exp golomb code.
  */
 static inline void set_te_golomb(PutBitContext *pb, int i, int range)
@@ -486,19 +507,9 @@ static inline void set_te_golomb(PutBitContext *pb, int i, int range)
  */
 static inline void set_se_golomb(PutBitContext *pb, int i)
 {
-#if 0
-    if (i <= 0)
-        i = -2 * i;
-    else
-        i = 2 * i - 1;
-#elif 1
     i = 2 * i - 1;
     if (i < 0)
         i ^= -1;    //FIXME check if gcc does the right thing
-#else
-    i  = 2 * i - 1;
-    i ^= (i >> 31);
-#endif
     set_ue_golomb(pb, i);
 }
 
diff --git a/media/ffvpx/libavcodec/h264chroma.h b/media/ffvpx/libavcodec/h264chroma.h
index e0f45ad13..5c89fd12d 100644
--- a/media/ffvpx/libavcodec/h264chroma.h
+++ b/media/ffvpx/libavcodec/h264chroma.h
@@ -19,9 +19,10 @@
 #ifndef AVCODEC_H264CHROMA_H
 #define AVCODEC_H264CHROMA_H
 
+#include <stddef.h>
 #include <stdint.h>
 
-typedef void (*h264_chroma_mc_func)(uint8_t *dst/*align 8*/, uint8_t *src/*align 1*/, int srcStride, int h, int x, int y);
+typedef void (*h264_chroma_mc_func)(uint8_t *dst /*align 8*/, uint8_t *src /*align 1*/, ptrdiff_t srcStride, int h, int x, int y);
 
 typedef struct H264ChromaContext {
     h264_chroma_mc_func put_h264_chroma_pixels_tab[4];
diff --git a/media/ffvpx/libavcodec/hpeldsp.h b/media/ffvpx/libavcodec/hpeldsp.h
index 1a3cea54b..768139bfc 100644
--- a/media/ffvpx/libavcodec/hpeldsp.h
+++ b/media/ffvpx/libavcodec/hpeldsp.h
@@ -76,6 +76,8 @@ typedef struct HpelDSPContext {
      * @param pixels source
      * @param line_size number of bytes in a horizontal line of block
      * @param h height
+     * @note The size is kept at [4][4] to match the above pixel_tabs and avoid
+     *       out of bounds reads in the motion estimation code.
      */
     op_pixels_func put_no_rnd_pixels_tab[4][4];
 
diff --git a/media/ffvpx/libavcodec/hwaccel.h b/media/ffvpx/libavcodec/hwaccel.h
new file mode 100644
index 000000000..124fbbf1f
--- /dev/null
+++ b/media/ffvpx/libavcodec/hwaccel.h
@@ -0,0 +1,24 @@
+/*
+ * This file is part of FFmpeg.
+ *
+ * FFmpeg is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * FFmpeg is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with FFmpeg; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#ifndef AVCODEC_HWACCEL_H
+#define AVCODEC_HWACCEL_H
+
+#define HWACCEL_CAP_ASYNC_SAFE      (1 << 0)
+
+#endif /* AVCODEC_HWACCEL_H */
diff --git a/media/ffvpx/libavcodec/idctdsp.h b/media/ffvpx/libavcodec/idctdsp.h
index b180a6762..26221f6a9 100644
--- a/media/ffvpx/libavcodec/idctdsp.h
+++ b/media/ffvpx/libavcodec/idctdsp.h
@@ -21,6 +21,8 @@
 
 #include <stdint.h>
 
+#include "config.h"
+
 #include "avcodec.h"
 
 /**
@@ -51,13 +53,13 @@ int ff_init_scantable_permutation_x86(uint8_t *idct_permutation,
 typedef struct IDCTDSPContext {
     /* pixel ops : interface with DCT */
     void (*put_pixels_clamped)(const int16_t *block /* align 16 */,
-                               uint8_t *pixels /* align 8 */,
+                               uint8_t *av_restrict pixels /* align 8 */,
                                ptrdiff_t line_size);
     void (*put_signed_pixels_clamped)(const int16_t *block /* align 16 */,
-                                      uint8_t *pixels /* align 8 */,
+                                      uint8_t *av_restrict pixels /* align 8 */,
                                       ptrdiff_t line_size);
     void (*add_pixels_clamped)(const int16_t *block /* align 16 */,
-                               uint8_t *pixels /* align 8 */,
+                               uint8_t *av_restrict pixels /* align 8 */,
                                ptrdiff_t line_size);
 
     void (*idct)(int16_t *block /* align 16 */);
@@ -68,14 +70,14 @@ typedef struct IDCTDSPContext {
      * @param line_size size in bytes of a horizontal line of dest
      */
     void (*idct_put)(uint8_t *dest /* align 8 */,
-                     int line_size, int16_t *block /* align 16 */);
+                     ptrdiff_t line_size, int16_t *block /* align 16 */);
 
     /**
      * block -> idct -> add dest -> clip to unsigned 8 bit -> dest.
      * @param line_size size in bytes of a horizontal line of dest
      */
     void (*idct_add)(uint8_t *dest /* align 8 */,
-                     int line_size, int16_t *block /* align 16 */);
+                     ptrdiff_t line_size, int16_t *block /* align 16 */);
 
     /**
      * IDCT input permutation.
@@ -95,11 +97,15 @@ typedef struct IDCTDSPContext {
     enum idct_permutation_type perm_type;
 } IDCTDSPContext;
 
-extern void (*ff_put_pixels_clamped)(const int16_t *block, uint8_t *pixels, ptrdiff_t line_size);
-extern void (*ff_add_pixels_clamped)(const int16_t *block, uint8_t *pixels, ptrdiff_t line_size);
+void ff_put_pixels_clamped_c(const int16_t *block, uint8_t *av_restrict pixels,
+                             ptrdiff_t line_size);
+void ff_add_pixels_clamped_c(const int16_t *block, uint8_t *av_restrict pixels,
+                             ptrdiff_t line_size);
 
 void ff_idctdsp_init(IDCTDSPContext *c, AVCodecContext *avctx);
 
+void ff_idctdsp_init_aarch64(IDCTDSPContext *c, AVCodecContext *avctx,
+                             unsigned high_bit_depth);
 void ff_idctdsp_init_alpha(IDCTDSPContext *c, AVCodecContext *avctx,
                            unsigned high_bit_depth);
 void ff_idctdsp_init_arm(IDCTDSPContext *c, AVCodecContext *avctx,
diff --git a/media/ffvpx/libavcodec/internal.h b/media/ffvpx/libavcodec/internal.h
index 35b9630b5..faa923c11 100644
--- a/media/ffvpx/libavcodec/internal.h
+++ b/media/ffvpx/libavcodec/internal.h
@@ -48,8 +48,8 @@
 #define FF_CODEC_CAP_INIT_CLEANUP           (1 << 1)
 /**
  * Decoders marked with FF_CODEC_CAP_SETS_PKT_DTS want to set
- * AVFrame.pkt_dts manually. If the flag is set, utils.c won't overwrite
- * this field. If it's unset, utils.c tries to guess the pkt_dts field
+ * AVFrame.pkt_dts manually. If the flag is set, decode.c won't overwrite
+ * this field. If it's unset, decode.c tries to guess the pkt_dts field
  * from the input AVPacket.
  */
 #define FF_CODEC_CAP_SETS_PKT_DTS           (1 << 2)
@@ -58,6 +58,16 @@
  * skipped due to the skip_frame setting.
  */
 #define FF_CODEC_CAP_SKIP_FRAME_FILL_PARAM  (1 << 3)
+/**
+ * The decoder sets the cropping fields in the output frames manually.
+ * If this cap is set, the generic code will initialize output frame
+ * dimensions to coded rather than display values.
+ */
+#define FF_CODEC_CAP_EXPORTS_CROPPING       (1 << 4)
+/**
+ * Codec initializes slice-based threading with a main function
+ */
+#define FF_CODEC_CAP_SLICE_THREAD_HAS_MF    (1 << 5)
 
 #ifdef TRACE
 #   define ff_tlog(ctx, ...) av_log(ctx, AV_LOG_TRACE, __VA_ARGS__)
@@ -70,11 +80,18 @@
 #define FF_DEFAULT_QUANT_BIAS 999999
 #endif
 
+#if !FF_API_QSCALE_TYPE
+#define FF_QSCALE_TYPE_MPEG1 0
+#define FF_QSCALE_TYPE_MPEG2 1
+#define FF_QSCALE_TYPE_H264  2
+#define FF_QSCALE_TYPE_VP56  3
+#endif
+
 #define FF_SANE_NB_CHANNELS 64U
 
 #define FF_SIGNBIT(x) ((x) >> CHAR_BIT * sizeof(x) - 1)
 
-#if HAVE_AVX
+#if HAVE_SIMD_ALIGN_32
 #   define STRIDE_ALIGN 32
 #elif HAVE_SIMD_ALIGN_16
 #   define STRIDE_ALIGN 16
@@ -101,6 +118,16 @@ typedef struct FramePool {
     int samples;
 } FramePool;
 
+typedef struct DecodeSimpleContext {
+    AVPacket *in_pkt;
+    AVFrame  *out_frame;
+} DecodeSimpleContext;
+
+typedef struct DecodeFilterContext {
+    AVBSFContext **bsfs;
+    int         nb_bsfs;
+} DecodeFilterContext;
+
 typedef struct AVCodecInternal {
     /**
      * Whether the parent AVCodecContext is a copy of the context which had
@@ -137,11 +164,14 @@ typedef struct AVCodecInternal {
 
     void *thread_ctx;
 
+    DecodeSimpleContext ds;
+    DecodeFilterContext filter;
+
     /**
-     * Current packet as passed into the decoder, to avoid having to pass the
-     * packet into every function.
+     * Properties (timestamps+side data) extracted from the last packet passed
+     * for decoding.
      */
-    AVPacket *pkt;
+    AVPacket *last_pkt_props;
 
     /**
      * temporary buffer used for encoders to store their bitstream
@@ -173,7 +203,23 @@ typedef struct AVCodecInternal {
     int buffer_pkt_valid; // encoding: packet without data can be valid
     AVFrame *buffer_frame;
     int draining_done;
+    /* set to 1 when the caller is using the old decoding API */
+    int compat_decode;
+    int compat_decode_warned;
+    /* this variable is set by the decoder internals to signal to the old
+     * API compat wrappers the amount of data consumed from the last packet */
+    size_t compat_decode_consumed;
+    /* when a partial packet has been consumed, this stores the remaining size
+     * of the packet (that should be submitted in the next decode call */
+    size_t compat_decode_partial_size;
+    AVFrame *compat_decode_frame;
+
     int showed_multi_packet_warning;
+
+    int skip_samples_multiplier;
+
+    /* to prevent infinite loop on errors when draining */
+    int nb_draining_errors;
 } AVCodecInternal;
 
 struct AVCodecDefault {
@@ -262,7 +308,7 @@ static av_always_inline int64_t ff_samples_to_time_base(AVCodecContext *avctx,
 static av_always_inline float ff_exp2fi(int x) {
     /* Normal range */
     if (-126 <= x && x <= 128)
-        return av_int2float(x+127 << 23);
+        return av_int2float((x+127) << 23);
     /* Too large */
     else if (x > 128)
         return INFINITY;
@@ -327,6 +373,10 @@ int ff_set_sar(AVCodecContext *avctx, AVRational sar);
 int ff_side_data_update_matrix_encoding(AVFrame *frame,
                                         enum AVMatrixEncoding matrix_encoding);
 
+#if FF_API_MERGE_SD
+int ff_packet_split_and_drop_side_data(AVPacket *pkt);
+#endif
+
 /**
  * Select the (possibly hardware accelerated) pixel format.
  * This is a wrapper around AVCodecContext.get_format() and should be used
@@ -361,4 +411,10 @@ int ff_side_data_set_encoder_stats(AVPacket *pkt, int quality, int64_t *error, i
 int ff_alloc_a53_sei(const AVFrame *frame, size_t prefix_len,
                      void **data, size_t *sei_size);
 
+/**
+ * Get an estimated video bitrate based on frame size, frame rate and coded
+ * bits per pixel.
+ */
+int64_t ff_guess_coded_bitrate(AVCodecContext *avctx);
+
 #endif /* AVCODEC_INTERNAL_H */
diff --git a/media/ffvpx/libavcodec/mathops.h b/media/ffvpx/libavcodec/mathops.h
index 5168dc2ce..1c3566431 100644
--- a/media/ffvpx/libavcodec/mathops.h
+++ b/media/ffvpx/libavcodec/mathops.h
@@ -25,6 +25,7 @@
 #include <stdint.h>
 
 #include "libavutil/common.h"
+#include "libavutil/reverse.h"
 #include "config.h"
 
 #define MAX_NEG_CROP 1024
@@ -96,15 +97,6 @@ static av_always_inline unsigned UMULH(unsigned a, unsigned b){
 #define mid_pred mid_pred
 static inline av_const int mid_pred(int a, int b, int c)
 {
-#if 0
-    int t= (a-b)&((a-b)>>31);
-    a-=t;
-    b+=t;
-    b-= (b-c)&((b-c)>>31);
-    b+= (a-b)&((a-b)>>31);
-
-    return b;
-#else
     if(a>b){
         if(c>b){
             if(c>a) b=a;
@@ -117,7 +109,6 @@ static inline av_const int mid_pred(int a, int b, int c)
         }
     }
     return b;
-#endif
 }
 #endif
 
@@ -249,4 +240,12 @@ static inline int8_t ff_u8_to_s8(uint8_t a)
     return b.s8;
 }
 
+static av_always_inline uint32_t bitswap_32(uint32_t x)
+{
+    return (uint32_t)ff_reverse[ x        & 0xFF] << 24 |
+           (uint32_t)ff_reverse[(x >> 8)  & 0xFF] << 16 |
+           (uint32_t)ff_reverse[(x >> 16) & 0xFF] << 8  |
+           (uint32_t)ff_reverse[ x >> 24];
+}
+
 #endif /* AVCODEC_MATHOPS_H */
diff --git a/media/ffvpx/libavcodec/me_cmp.h b/media/ffvpx/libavcodec/me_cmp.h
index 5666f59ad..0dbbcbb1d 100644
--- a/media/ffvpx/libavcodec/me_cmp.h
+++ b/media/ffvpx/libavcodec/me_cmp.h
@@ -76,7 +76,7 @@ typedef struct MECmpContext {
     me_cmp_func frame_skip_cmp[6]; // only width 8 used
 
     me_cmp_func pix_abs[2][4];
-    me_cmp_func median_sad[2];
+    me_cmp_func median_sad[6];
 } MECmpContext;
 
 void ff_me_cmp_init_static(void);
diff --git a/media/ffvpx/libavcodec/moz.build b/media/ffvpx/libavcodec/moz.build
index 443bbe978..9980e1556 100644
--- a/media/ffvpx/libavcodec/moz.build
+++ b/media/ffvpx/libavcodec/moz.build
@@ -16,7 +16,11 @@ SOURCES += [
     'avpacket.c',
     'avpicture.c',
     'bitstream.c',
+    'bitstream_filter.c',
+    'bitstream_filters.c',
+    'bsf.c',
     'codec_desc.c',
+    'decode.c',
     'dummy_funcs.c',
     'flac.c',
     'flac_parser.c',
@@ -28,6 +32,7 @@ SOURCES += [
     'imgconvert.c',
     'log2_tab.c',
     'mathtables.c',
+    'null_bsf.c',
     'options.c',
     'parser.c',
     'profiles.c',
@@ -48,10 +53,16 @@ SOURCES += [
     'vp8dsp.c',
     'vp9.c',
     'vp9_parser.c',
+    'vp9block.c',
+    'vp9data.c',
     'vp9dsp.c',
     'vp9dsp_10bpp.c',
     'vp9dsp_12bpp.c',
     'vp9dsp_8bpp.c',
+    'vp9lpf.c',
+    'vp9mvs.c',
+    'vp9prob.c',
+    'vp9recon.c',
     'xiph.c'
 ]
 
diff --git a/media/ffvpx/libavcodec/mpegvideo.h b/media/ffvpx/libavcodec/mpegvideo.h
index c82fa3e1a..e9eb633d1 100644
--- a/media/ffvpx/libavcodec/mpegvideo.h
+++ b/media/ffvpx/libavcodec/mpegvideo.h
@@ -422,6 +422,7 @@ typedef struct MpegEncContext {
     struct MJpegContext *mjpeg_ctx;
     int esc_pos;
     int pred;
+    int huffman;
 
     /* MSMPEG4 specific */
     int mv_table_index;
@@ -679,7 +680,7 @@ void ff_mpv_common_end(MpegEncContext *s);
 
 void ff_mpv_decode_defaults(MpegEncContext *s);
 void ff_mpv_decode_init(MpegEncContext *s, AVCodecContext *avctx);
-void ff_mpv_decode_mb(MpegEncContext *s, int16_t block[12][64]);
+void ff_mpv_reconstruct_mb(MpegEncContext *s, int16_t block[12][64]);
 void ff_mpv_report_decode_progress(MpegEncContext *s);
 
 int ff_mpv_frame_start(MpegEncContext *s, AVCodecContext *avctx);
diff --git a/media/ffvpx/libavutil/wchar_filename.h b/media/ffvpx/libavcodec/null_bsf.c
index 2ade321be..feb71248a 100644
--- a/media/ffvpx/libavutil/wchar_filename.h
+++ b/media/ffvpx/libavcodec/null_bsf.c
@@ -16,30 +16,28 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
  */
 
-#ifndef AVUTIL_WCHAR_FILENAME_H
-#define AVUTIL_WCHAR_FILENAME_H
+/**
+ * @file
+ * Null bitstream filter -- pass the input through unchanged.
+ */
 
-#if defined(_WIN32) && !defined(__MINGW32CE__)
-#include <windows.h>
-#include "mem.h"
+#include "avcodec.h"
+#include "bsf.h"
 
-av_warn_unused_result
-static inline int utf8towchar(const char *filename_utf8, wchar_t **filename_w)
+static int null_filter(AVBSFContext *ctx, AVPacket *out)
 {
-    int num_chars;
-    num_chars = MultiByteToWideChar(CP_UTF8, MB_ERR_INVALID_CHARS, filename_utf8, -1, NULL, 0);
-    if (num_chars <= 0) {
-        *filename_w = NULL;
-        return 0;
-    }
-    *filename_w = (wchar_t *)av_mallocz_array(num_chars, sizeof(wchar_t));
-    if (!*filename_w) {
-        errno = ENOMEM;
-        return -1;
-    }
-    MultiByteToWideChar(CP_UTF8, 0, filename_utf8, -1, *filename_w, num_chars);
+    AVPacket *in;
+    int ret;
+
+    ret = ff_bsf_get_packet(ctx, &in);
+    if (ret < 0)
+        return ret;
+    av_packet_move_ref(out, in);
+    av_packet_free(&in);
     return 0;
 }
-#endif
 
-#endif /* AVUTIL_WCHAR_FILENAME_H */
+const AVBitStreamFilter ff_null_bsf = {
+    .name           = "null",
+    .filter         = null_filter,
+};
diff --git a/media/ffvpx/libavcodec/options.c b/media/ffvpx/libavcodec/options.c
index f25df2ab3..82e12179a 100644
--- a/media/ffvpx/libavcodec/options.c
+++ b/media/ffvpx/libavcodec/options.c
@@ -34,7 +34,7 @@
 #include <string.h>
 
 FF_DISABLE_DEPRECATION_WARNINGS
-#include "ff_options_table.h"
+#include "options_table.h"
 FF_ENABLE_DEPRECATION_WARNINGS
 
 static const char* context_to_name(void* ptr) {
@@ -119,6 +119,7 @@ static int init_context_defaults(AVCodecContext *s, const AVCodec *codec)
     s->execute2            = avcodec_default_execute2;
     s->sample_aspect_ratio = (AVRational){0,1};
     s->pix_fmt             = AV_PIX_FMT_NONE;
+    s->sw_pix_fmt          = AV_PIX_FMT_NONE;
     s->sample_fmt          = AV_SAMPLE_FMT_NONE;
 
     s->reordered_opaque    = AV_NOPTS_VALUE;
@@ -187,6 +188,31 @@ void avcodec_free_context(AVCodecContext **pavctx)
 }
 
 #if FF_API_COPY_CONTEXT
+static void copy_context_reset(AVCodecContext *avctx)
+{
+    int i;
+
+    av_opt_free(avctx);
+#if FF_API_CODED_FRAME
+FF_DISABLE_DEPRECATION_WARNINGS
+    av_frame_free(&avctx->coded_frame);
+FF_ENABLE_DEPRECATION_WARNINGS
+#endif
+    av_freep(&avctx->rc_override);
+    av_freep(&avctx->intra_matrix);
+    av_freep(&avctx->inter_matrix);
+    av_freep(&avctx->extradata);
+    av_freep(&avctx->subtitle_header);
+    av_buffer_unref(&avctx->hw_frames_ctx);
+    av_buffer_unref(&avctx->hw_device_ctx);
+    for (i = 0; i < avctx->nb_coded_side_data; i++)
+        av_freep(&avctx->coded_side_data[i].data);
+    av_freep(&avctx->coded_side_data);
+    avctx->subtitle_header_size = 0;
+    avctx->nb_coded_side_data = 0;
+    avctx->extradata_size = 0;
+}
+
 int avcodec_copy_context(AVCodecContext *dest, const AVCodecContext *src)
 {
     const AVCodec *orig_codec = dest->codec;
@@ -199,12 +225,7 @@ int avcodec_copy_context(AVCodecContext *dest, const AVCodecContext *src)
         return AVERROR(EINVAL);
     }
 
-    av_opt_free(dest);
-    av_freep(&dest->rc_override);
-    av_freep(&dest->intra_matrix);
-    av_freep(&dest->inter_matrix);
-    av_freep(&dest->extradata);
-    av_freep(&dest->subtitle_header);
+    copy_context_reset(dest);
 
     memcpy(dest, src, sizeof(*dest));
     av_opt_copy(dest, src);
@@ -229,11 +250,14 @@ FF_ENABLE_DEPRECATION_WARNINGS
 
     /* reallocate values that should be allocated separately */
     dest->extradata       = NULL;
+    dest->coded_side_data = NULL;
     dest->intra_matrix    = NULL;
     dest->inter_matrix    = NULL;
     dest->rc_override     = NULL;
     dest->subtitle_header = NULL;
     dest->hw_frames_ctx   = NULL;
+    dest->hw_device_ctx   = NULL;
+    dest->nb_coded_side_data = 0;
 
 #define alloc_and_copy_or_fail(obj, size, pad) \
     if (src->obj && size > 0) { \
@@ -263,15 +287,7 @@ FF_ENABLE_DEPRECATION_WARNINGS
     return 0;
 
 fail:
-    av_freep(&dest->subtitle_header);
-    av_freep(&dest->rc_override);
-    av_freep(&dest->intra_matrix);
-    av_freep(&dest->inter_matrix);
-    av_freep(&dest->extradata);
-    av_buffer_unref(&dest->hw_frames_ctx);
-    dest->subtitle_header_size = 0;
-    dest->extradata_size = 0;
-    av_opt_free(dest);
+    copy_context_reset(dest);
     return AVERROR(ENOMEM);
 }
 #endif
diff --git a/media/ffvpx/libavcodec/options_table.h b/media/ffvpx/libavcodec/options_table.h
new file mode 100644
index 000000000..2ac37c3ff
--- /dev/null
+++ b/media/ffvpx/libavcodec/options_table.h
@@ -0,0 +1,594 @@
+/*
+ * Copyright (c) 2001 Fabrice Bellard
+ * Copyright (c) 2002-2004 Michael Niedermayer <michaelni@gmx.at>
+ *
+ * This file is part of FFmpeg.
+ *
+ * FFmpeg is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * FFmpeg is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with FFmpeg; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#ifndef AVCODEC_OPTIONS_TABLE_H
+#define AVCODEC_OPTIONS_TABLE_H
+
+#include <float.h>
+#include <limits.h>
+#include <stdint.h>
+
+#include "libavutil/opt.h"
+#include "avcodec.h"
+#include "version.h"
+
+#define OFFSET(x) offsetof(AVCodecContext,x)
+#define DEFAULT 0 //should be NAN but it does not work as it is not a constant in glibc as required by ANSI/ISO C
+//these names are too long to be readable
+#define V AV_OPT_FLAG_VIDEO_PARAM
+#define A AV_OPT_FLAG_AUDIO_PARAM
+#define S AV_OPT_FLAG_SUBTITLE_PARAM
+#define E AV_OPT_FLAG_ENCODING_PARAM
+#define D AV_OPT_FLAG_DECODING_PARAM
+
+#define AV_CODEC_DEFAULT_BITRATE 200*1000
+
+static const AVOption avcodec_options[] = {
+{"b", "set bitrate (in bits/s)", OFFSET(bit_rate), AV_OPT_TYPE_INT64, {.i64 = AV_CODEC_DEFAULT_BITRATE }, 0, INT64_MAX, A|V|E},
+{"ab", "set bitrate (in bits/s)", OFFSET(bit_rate), AV_OPT_TYPE_INT64, {.i64 = 128*1000 }, 0, INT_MAX, A|E},
+{"bt", "Set video bitrate tolerance (in bits/s). In 1-pass mode, bitrate tolerance specifies how far "
+       "ratecontrol is willing to deviate from the target average bitrate value. This is not related "
+       "to minimum/maximum bitrate. Lowering tolerance too much has an adverse effect on quality.",
+       OFFSET(bit_rate_tolerance), AV_OPT_TYPE_INT, {.i64 = AV_CODEC_DEFAULT_BITRATE*20 }, 1, INT_MAX, V|E},
+{"flags", NULL, OFFSET(flags), AV_OPT_TYPE_FLAGS, {.i64 = DEFAULT }, 0, UINT_MAX, V|A|S|E|D, "flags"},
+{"unaligned", "allow decoders to produce unaligned output", 0, AV_OPT_TYPE_CONST, { .i64 = AV_CODEC_FLAG_UNALIGNED }, INT_MIN, INT_MAX, V | D, "flags" },
+{"mv4", "use four motion vectors per macroblock (MPEG-4)", 0, AV_OPT_TYPE_CONST, {.i64 = AV_CODEC_FLAG_4MV }, INT_MIN, INT_MAX, V|E, "flags"},
+{"qpel", "use 1/4-pel motion compensation", 0, AV_OPT_TYPE_CONST, {.i64 = AV_CODEC_FLAG_QPEL }, INT_MIN, INT_MAX, V|E, "flags"},
+{"loop", "use loop filter", 0, AV_OPT_TYPE_CONST, {.i64 = AV_CODEC_FLAG_LOOP_FILTER }, INT_MIN, INT_MAX, V|E, "flags"},
+{"qscale", "use fixed qscale", 0, AV_OPT_TYPE_CONST, {.i64 = AV_CODEC_FLAG_QSCALE }, INT_MIN, INT_MAX, 0, "flags"},
+#if FF_API_GMC
+{"gmc", "use gmc", 0, AV_OPT_TYPE_CONST, {.i64 = CODEC_FLAG_GMC }, INT_MIN, INT_MAX, V|E, "flags"},
+#endif
+#if FF_API_MV0
+{"mv0", "always try a mb with mv=<0,0>", 0, AV_OPT_TYPE_CONST, {.i64 = CODEC_FLAG_MV0 }, INT_MIN, INT_MAX, V|E, "flags"},
+#endif
+#if FF_API_INPUT_PRESERVED
+{"input_preserved", NULL, 0, AV_OPT_TYPE_CONST, {.i64 = CODEC_FLAG_INPUT_PRESERVED }, INT_MIN, INT_MAX, 0, "flags"},
+#endif
+{"pass1", "use internal 2-pass ratecontrol in first  pass mode", 0, AV_OPT_TYPE_CONST, {.i64 = AV_CODEC_FLAG_PASS1 }, INT_MIN, INT_MAX, 0, "flags"},
+{"pass2", "use internal 2-pass ratecontrol in second pass mode", 0, AV_OPT_TYPE_CONST, {.i64 = AV_CODEC_FLAG_PASS2 }, INT_MIN, INT_MAX, 0, "flags"},
+{"gray", "only decode/encode grayscale", 0, AV_OPT_TYPE_CONST, {.i64 = AV_CODEC_FLAG_GRAY }, INT_MIN, INT_MAX, V|E|D, "flags"},
+#if FF_API_EMU_EDGE
+{"emu_edge", "do not draw edges", 0, AV_OPT_TYPE_CONST, {.i64 = CODEC_FLAG_EMU_EDGE }, INT_MIN, INT_MAX, 0, "flags"},
+#endif
+{"psnr", "error[?] variables will be set during encoding", 0, AV_OPT_TYPE_CONST, {.i64 = AV_CODEC_FLAG_PSNR }, INT_MIN, INT_MAX, V|E, "flags"},
+{"truncated", "Input bitstream might be randomly truncated", 0, AV_OPT_TYPE_CONST, {.i64 = AV_CODEC_FLAG_TRUNCATED }, INT_MIN, INT_MAX, V|D, "flags"},
+#if FF_API_NORMALIZE_AQP
+{"naq", "normalize adaptive quantization", 0, AV_OPT_TYPE_CONST, {.i64 = CODEC_FLAG_NORMALIZE_AQP }, INT_MIN, INT_MAX, V|E, "flags"},
+#endif
+{"ildct", "use interlaced DCT", 0, AV_OPT_TYPE_CONST, {.i64 = AV_CODEC_FLAG_INTERLACED_DCT }, INT_MIN, INT_MAX, V|E, "flags"},
+{"low_delay", "force low delay", 0, AV_OPT_TYPE_CONST, {.i64 = AV_CODEC_FLAG_LOW_DELAY }, INT_MIN, INT_MAX, V|D|E, "flags"},
+{"global_header", "place global headers in extradata instead of every keyframe", 0, AV_OPT_TYPE_CONST, {.i64 = AV_CODEC_FLAG_GLOBAL_HEADER }, INT_MIN, INT_MAX, V|A|E, "flags"},
+{"bitexact", "use only bitexact functions (except (I)DCT)", 0, AV_OPT_TYPE_CONST, {.i64 = AV_CODEC_FLAG_BITEXACT }, INT_MIN, INT_MAX, A|V|S|D|E, "flags"},
+{"aic", "H.263 advanced intra coding / MPEG-4 AC prediction", 0, AV_OPT_TYPE_CONST, {.i64 = AV_CODEC_FLAG_AC_PRED }, INT_MIN, INT_MAX, V|E, "flags"},
+{"ilme", "interlaced motion estimation", 0, AV_OPT_TYPE_CONST, {.i64 = AV_CODEC_FLAG_INTERLACED_ME }, INT_MIN, INT_MAX, V|E, "flags"},
+{"cgop", "closed GOP", 0, AV_OPT_TYPE_CONST, {.i64 = AV_CODEC_FLAG_CLOSED_GOP }, INT_MIN, INT_MAX, V|E, "flags"},
+{"output_corrupt", "Output even potentially corrupted frames", 0, AV_OPT_TYPE_CONST, {.i64 = AV_CODEC_FLAG_OUTPUT_CORRUPT }, INT_MIN, INT_MAX, V|D, "flags"},
+{"fast", "allow non-spec-compliant speedup tricks", 0, AV_OPT_TYPE_CONST, {.i64 = AV_CODEC_FLAG2_FAST }, INT_MIN, INT_MAX, V|E, "flags2"},
+{"noout", "skip bitstream encoding", 0, AV_OPT_TYPE_CONST, {.i64 = AV_CODEC_FLAG2_NO_OUTPUT }, INT_MIN, INT_MAX, V|E, "flags2"},
+{"ignorecrop", "ignore cropping information from sps", 0, AV_OPT_TYPE_CONST, {.i64 = AV_CODEC_FLAG2_IGNORE_CROP }, INT_MIN, INT_MAX, V|D, "flags2"},
+{"local_header", "place global headers at every keyframe instead of in extradata", 0, AV_OPT_TYPE_CONST, {.i64 = AV_CODEC_FLAG2_LOCAL_HEADER }, INT_MIN, INT_MAX, V|E, "flags2"},
+{"chunks", "Frame data might be split into multiple chunks", 0, AV_OPT_TYPE_CONST, {.i64 = AV_CODEC_FLAG2_CHUNKS }, INT_MIN, INT_MAX, V|D, "flags2"},
+{"showall", "Show all frames before the first keyframe", 0, AV_OPT_TYPE_CONST, {.i64 = AV_CODEC_FLAG2_SHOW_ALL }, INT_MIN, INT_MAX, V|D, "flags2"},
+{"export_mvs", "export motion vectors through frame side data", 0, AV_OPT_TYPE_CONST, {.i64 = AV_CODEC_FLAG2_EXPORT_MVS}, INT_MIN, INT_MAX, V|D, "flags2"},
+{"skip_manual", "do not skip samples and export skip information as frame side data", 0, AV_OPT_TYPE_CONST, {.i64 = AV_CODEC_FLAG2_SKIP_MANUAL}, INT_MIN, INT_MAX, V|D, "flags2"},
+{"ass_ro_flush_noop", "do not reset ASS ReadOrder field on flush", 0, AV_OPT_TYPE_CONST, {.i64 = AV_CODEC_FLAG2_RO_FLUSH_NOOP}, INT_MIN, INT_MAX, S|D, "flags2"},
+#if FF_API_MOTION_EST
+{"me_method", "set motion estimation method", OFFSET(me_method), AV_OPT_TYPE_INT, {.i64 = ME_EPZS }, INT_MIN, INT_MAX, V|E, "me_method"},
+{"zero", "zero motion estimation (fastest)", 0, AV_OPT_TYPE_CONST, {.i64 = ME_ZERO }, INT_MIN, INT_MAX, V|E, "me_method" },
+{"full", "full motion estimation (slowest)", 0, AV_OPT_TYPE_CONST, {.i64 = ME_FULL }, INT_MIN, INT_MAX, V|E, "me_method" },
+{"epzs", "EPZS motion estimation", 0, AV_OPT_TYPE_CONST, {.i64 = ME_EPZS }, INT_MIN, INT_MAX, V|E, "me_method" },
+{"esa", "esa motion estimation (alias for full)", 0, AV_OPT_TYPE_CONST, {.i64 = ME_FULL }, INT_MIN, INT_MAX, V|E, "me_method" },
+{"tesa", "tesa motion estimation", 0, AV_OPT_TYPE_CONST, {.i64 = ME_TESA }, INT_MIN, INT_MAX, V|E, "me_method" },
+{"dia", "diamond motion estimation (alias for EPZS)", 0, AV_OPT_TYPE_CONST, {.i64 = ME_EPZS }, INT_MIN, INT_MAX, V|E, "me_method" },
+{"log", "log motion estimation", 0, AV_OPT_TYPE_CONST, {.i64 = ME_LOG }, INT_MIN, INT_MAX, V|E, "me_method" },
+{"phods", "phods motion estimation", 0, AV_OPT_TYPE_CONST, {.i64 = ME_PHODS }, INT_MIN, INT_MAX, V|E, "me_method" },
+{"x1", "X1 motion estimation", 0, AV_OPT_TYPE_CONST, {.i64 = ME_X1 }, INT_MIN, INT_MAX, V|E, "me_method" },
+{"hex", "hex motion estimation", 0, AV_OPT_TYPE_CONST, {.i64 = ME_HEX }, INT_MIN, INT_MAX, V|E, "me_method" },
+{"umh", "umh motion estimation", 0, AV_OPT_TYPE_CONST, {.i64 = ME_UMH }, INT_MIN, INT_MAX, V|E, "me_method" },
+{"iter", "iter motion estimation", 0, AV_OPT_TYPE_CONST, {.i64 = ME_ITER }, INT_MIN, INT_MAX, V|E, "me_method" },
+#endif
+{"time_base", NULL, OFFSET(time_base), AV_OPT_TYPE_RATIONAL, {.dbl = 0}, 0, INT_MAX},
+{"g", "set the group of picture (GOP) size", OFFSET(gop_size), AV_OPT_TYPE_INT, {.i64 = 12 }, INT_MIN, INT_MAX, V|E},
+{"ar", "set audio sampling rate (in Hz)", OFFSET(sample_rate), AV_OPT_TYPE_INT, {.i64 = DEFAULT }, 0, INT_MAX, A|D|E},
+{"ac", "set number of audio channels", OFFSET(channels), AV_OPT_TYPE_INT, {.i64 = DEFAULT }, 0, INT_MAX, A|D|E},
+{"cutoff", "set cutoff bandwidth", OFFSET(cutoff), AV_OPT_TYPE_INT, {.i64 = DEFAULT }, INT_MIN, INT_MAX, A|E},
+{"frame_size", NULL, OFFSET(frame_size), AV_OPT_TYPE_INT, {.i64 = DEFAULT }, 0, INT_MAX, A|E},
+{"frame_number", NULL, OFFSET(frame_number), AV_OPT_TYPE_INT, {.i64 = DEFAULT }, INT_MIN, INT_MAX},
+{"delay", NULL, OFFSET(delay), AV_OPT_TYPE_INT, {.i64 = DEFAULT }, INT_MIN, INT_MAX},
+{"qcomp", "video quantizer scale compression (VBR). Constant of ratecontrol equation. "
+          "Recommended range for default rc_eq: 0.0-1.0",
+          OFFSET(qcompress), AV_OPT_TYPE_FLOAT, {.dbl = 0.5 }, -FLT_MAX, FLT_MAX, V|E},
+{"qblur", "video quantizer scale blur (VBR)", OFFSET(qblur), AV_OPT_TYPE_FLOAT, {.dbl = 0.5 }, -1, FLT_MAX, V|E},
+{"qmin", "minimum video quantizer scale (VBR)", OFFSET(qmin), AV_OPT_TYPE_INT, {.i64 = 2 }, -1, 69, V|E},
+{"qmax", "maximum video quantizer scale (VBR)", OFFSET(qmax), AV_OPT_TYPE_INT, {.i64 = 31 }, -1, 1024, V|E},
+{"qdiff", "maximum difference between the quantizer scales (VBR)", OFFSET(max_qdiff), AV_OPT_TYPE_INT, {.i64 = 3 }, INT_MIN, INT_MAX, V|E},
+{"bf", "set maximum number of B-frames between non-B-frames", OFFSET(max_b_frames), AV_OPT_TYPE_INT, {.i64 = DEFAULT }, -1, INT_MAX, V|E},
+{"b_qfactor", "QP factor between P- and B-frames", OFFSET(b_quant_factor), AV_OPT_TYPE_FLOAT, {.dbl = 1.25 }, -FLT_MAX, FLT_MAX, V|E},
+#if FF_API_RC_STRATEGY
+{"rc_strategy", "ratecontrol method", OFFSET(rc_strategy), AV_OPT_TYPE_INT, {.i64 = DEFAULT }, INT_MIN, INT_MAX, V|E},
+#endif
+#if FF_API_PRIVATE_OPT
+{"b_strategy", "strategy to choose between I/P/B-frames", OFFSET(b_frame_strategy), AV_OPT_TYPE_INT, {.i64 = 0 }, INT_MIN, INT_MAX, V|E},
+{"ps", "RTP payload size in bytes", OFFSET(rtp_payload_size), AV_OPT_TYPE_INT, {.i64 = DEFAULT }, INT_MIN, INT_MAX, V|E},
+#endif
+#if FF_API_STAT_BITS
+{"mv_bits", NULL, OFFSET(mv_bits), AV_OPT_TYPE_INT, {.i64 = DEFAULT }, INT_MIN, INT_MAX},
+{"header_bits", NULL, OFFSET(header_bits), AV_OPT_TYPE_INT, {.i64 = DEFAULT }, INT_MIN, INT_MAX},
+{"i_tex_bits", NULL, OFFSET(i_tex_bits), AV_OPT_TYPE_INT, {.i64 = DEFAULT }, INT_MIN, INT_MAX},
+{"p_tex_bits", NULL, OFFSET(p_tex_bits), AV_OPT_TYPE_INT, {.i64 = DEFAULT }, INT_MIN, INT_MAX},
+{"i_count", NULL, OFFSET(i_count), AV_OPT_TYPE_INT, {.i64 = DEFAULT }, INT_MIN, INT_MAX},
+{"p_count", NULL, OFFSET(p_count), AV_OPT_TYPE_INT, {.i64 = DEFAULT }, INT_MIN, INT_MAX},
+{"skip_count", NULL, OFFSET(skip_count), AV_OPT_TYPE_INT, {.i64 = DEFAULT }, INT_MIN, INT_MAX},
+{"misc_bits", NULL, OFFSET(misc_bits), AV_OPT_TYPE_INT, {.i64 = DEFAULT }, INT_MIN, INT_MAX},
+{"frame_bits", NULL, OFFSET(frame_bits), AV_OPT_TYPE_INT, {.i64 = DEFAULT }, INT_MIN, INT_MAX},
+#endif
+{"codec_tag", NULL, OFFSET(codec_tag), AV_OPT_TYPE_INT, {.i64 = DEFAULT }, INT_MIN, INT_MAX},
+{"bug", "work around not autodetected encoder bugs", OFFSET(workaround_bugs), AV_OPT_TYPE_FLAGS, {.i64 = FF_BUG_AUTODETECT }, INT_MIN, INT_MAX, V|D, "bug"},
+{"autodetect", NULL, 0, AV_OPT_TYPE_CONST, {.i64 = FF_BUG_AUTODETECT }, INT_MIN, INT_MAX, V|D, "bug"},
+#if FF_API_OLD_MSMPEG4
+{"old_msmpeg4", "some old lavc-generated MSMPEG4v3 files (no autodetection)", 0, AV_OPT_TYPE_CONST, {.i64 = FF_BUG_OLD_MSMPEG4 }, INT_MIN, INT_MAX, V|D, "bug"},
+#endif
+{"xvid_ilace", "Xvid interlacing bug (autodetected if FOURCC == XVIX)", 0, AV_OPT_TYPE_CONST, {.i64 = FF_BUG_XVID_ILACE }, INT_MIN, INT_MAX, V|D, "bug"},
+{"ump4", "(autodetected if FOURCC == UMP4)", 0, AV_OPT_TYPE_CONST, {.i64 = FF_BUG_UMP4 }, INT_MIN, INT_MAX, V|D, "bug"},
+{"no_padding", "padding bug (autodetected)", 0, AV_OPT_TYPE_CONST, {.i64 = FF_BUG_NO_PADDING }, INT_MIN, INT_MAX, V|D, "bug"},
+{"amv", NULL, 0, AV_OPT_TYPE_CONST, {.i64 = FF_BUG_AMV }, INT_MIN, INT_MAX, V|D, "bug"},
+#if FF_API_AC_VLC
+{"ac_vlc", "illegal VLC bug (autodetected per FOURCC)", 0, AV_OPT_TYPE_CONST, {.i64 = FF_BUG_AC_VLC }, INT_MIN, INT_MAX, V|D, "bug"},
+#endif
+{"qpel_chroma", NULL, 0, AV_OPT_TYPE_CONST, {.i64 = FF_BUG_QPEL_CHROMA }, INT_MIN, INT_MAX, V|D, "bug"},
+{"std_qpel", "old standard qpel (autodetected per FOURCC/version)", 0, AV_OPT_TYPE_CONST, {.i64 = FF_BUG_STD_QPEL }, INT_MIN, INT_MAX, V|D, "bug"},
+{"qpel_chroma2", NULL, 0, AV_OPT_TYPE_CONST, {.i64 = FF_BUG_QPEL_CHROMA2 }, INT_MIN, INT_MAX, V|D, "bug"},
+{"direct_blocksize", "direct-qpel-blocksize bug (autodetected per FOURCC/version)", 0, AV_OPT_TYPE_CONST, {.i64 = FF_BUG_DIRECT_BLOCKSIZE }, INT_MIN, INT_MAX, V|D, "bug"},
+{"edge", "edge padding bug (autodetected per FOURCC/version)", 0, AV_OPT_TYPE_CONST, {.i64 = FF_BUG_EDGE }, INT_MIN, INT_MAX, V|D, "bug"},
+{"hpel_chroma", NULL, 0, AV_OPT_TYPE_CONST, {.i64 = FF_BUG_HPEL_CHROMA }, INT_MIN, INT_MAX, V|D, "bug"},
+{"dc_clip", NULL, 0, AV_OPT_TYPE_CONST, {.i64 = FF_BUG_DC_CLIP }, INT_MIN, INT_MAX, V|D, "bug"},
+{"ms", "work around various bugs in Microsoft's broken decoders", 0, AV_OPT_TYPE_CONST, {.i64 = FF_BUG_MS }, INT_MIN, INT_MAX, V|D, "bug"},
+{"trunc", "truncated frames", 0, AV_OPT_TYPE_CONST, {.i64 = FF_BUG_TRUNCATED}, INT_MIN, INT_MAX, V|D, "bug"},
+{"iedge", NULL, 0, AV_OPT_TYPE_CONST, {.i64 = FF_BUG_IEDGE }, INT_MIN, INT_MAX, V|D, "bug"},
+{"strict", "how strictly to follow the standards", OFFSET(strict_std_compliance), AV_OPT_TYPE_INT, {.i64 = DEFAULT }, INT_MIN, INT_MAX, A|V|D|E, "strict"},
+{"very", "strictly conform to a older more strict version of the spec or reference software", 0, AV_OPT_TYPE_CONST, {.i64 = FF_COMPLIANCE_VERY_STRICT }, INT_MIN, INT_MAX, A|V|D|E, "strict"},
+{"strict", "strictly conform to all the things in the spec no matter what the consequences", 0, AV_OPT_TYPE_CONST, {.i64 = FF_COMPLIANCE_STRICT }, INT_MIN, INT_MAX, A|V|D|E, "strict"},
+{"normal", NULL, 0, AV_OPT_TYPE_CONST, {.i64 = FF_COMPLIANCE_NORMAL }, INT_MIN, INT_MAX, A|V|D|E, "strict"},
+{"unofficial", "allow unofficial extensions", 0, AV_OPT_TYPE_CONST, {.i64 = FF_COMPLIANCE_UNOFFICIAL }, INT_MIN, INT_MAX, A|V|D|E, "strict"},
+{"experimental", "allow non-standardized experimental things", 0, AV_OPT_TYPE_CONST, {.i64 = FF_COMPLIANCE_EXPERIMENTAL }, INT_MIN, INT_MAX, A|V|D|E, "strict"},
+{"b_qoffset", "QP offset between P- and B-frames", OFFSET(b_quant_offset), AV_OPT_TYPE_FLOAT, {.dbl = 1.25 }, -FLT_MAX, FLT_MAX, V|E},
+{"err_detect", "set error detection flags", OFFSET(err_recognition), AV_OPT_TYPE_FLAGS, {.i64 = 0 }, INT_MIN, INT_MAX, A|V|D, "err_detect"},
+{"crccheck", "verify embedded CRCs", 0, AV_OPT_TYPE_CONST, {.i64 = AV_EF_CRCCHECK }, INT_MIN, INT_MAX, A|V|D, "err_detect"},
+{"bitstream", "detect bitstream specification deviations", 0, AV_OPT_TYPE_CONST, {.i64 = AV_EF_BITSTREAM }, INT_MIN, INT_MAX, A|V|D, "err_detect"},
+{"buffer", "detect improper bitstream length", 0, AV_OPT_TYPE_CONST, {.i64 = AV_EF_BUFFER }, INT_MIN, INT_MAX, A|V|D, "err_detect"},
+{"explode", "abort decoding on minor error detection", 0, AV_OPT_TYPE_CONST, {.i64 = AV_EF_EXPLODE }, INT_MIN, INT_MAX, A|V|D, "err_detect"},
+{"ignore_err", "ignore errors", 0, AV_OPT_TYPE_CONST, {.i64 = AV_EF_IGNORE_ERR }, INT_MIN, INT_MAX, A|V|D, "err_detect"},
+{"careful",    "consider things that violate the spec, are fast to check and have not been seen in the wild as errors", 0, AV_OPT_TYPE_CONST, {.i64 = AV_EF_CAREFUL }, INT_MIN, INT_MAX, A|V|D, "err_detect"},
+{"compliant",  "consider all spec non compliancies as errors", 0, AV_OPT_TYPE_CONST, {.i64 = AV_EF_COMPLIANT }, INT_MIN, INT_MAX, A|V|D, "err_detect"},
+{"aggressive", "consider things that a sane encoder should not do as an error", 0, AV_OPT_TYPE_CONST, {.i64 = AV_EF_AGGRESSIVE }, INT_MIN, INT_MAX, A|V|D, "err_detect"},
+{"has_b_frames", NULL, OFFSET(has_b_frames), AV_OPT_TYPE_INT, {.i64 = DEFAULT }, 0, INT_MAX},
+{"block_align", NULL, OFFSET(block_align), AV_OPT_TYPE_INT, {.i64 = DEFAULT }, 0, INT_MAX},
+#if FF_API_PRIVATE_OPT
+{"mpeg_quant", "use MPEG quantizers instead of H.263", OFFSET(mpeg_quant), AV_OPT_TYPE_INT, {.i64 = DEFAULT }, INT_MIN, INT_MAX, V|E},
+#endif
+#if FF_API_MPV_OPT
+{"qsquish", "deprecated, use encoder private options instead", OFFSET(rc_qsquish), AV_OPT_TYPE_FLOAT, {.dbl = DEFAULT }, 0, 99, V|E},
+{"rc_qmod_amp",  "deprecated, use encoder private options instead", OFFSET(rc_qmod_amp), AV_OPT_TYPE_FLOAT, {.dbl = DEFAULT }, -FLT_MAX, FLT_MAX, V|E},
+{"rc_qmod_freq", "deprecated, use encoder private options instead", OFFSET(rc_qmod_freq), AV_OPT_TYPE_INT, {.i64 = DEFAULT }, INT_MIN, INT_MAX, V|E},
+#endif
+{"rc_override_count", NULL, OFFSET(rc_override_count), AV_OPT_TYPE_INT, {.i64 = DEFAULT }, INT_MIN, INT_MAX},
+#if FF_API_MPV_OPT
+{"rc_eq", "deprecated, use encoder private options instead", OFFSET(rc_eq), AV_OPT_TYPE_STRING, {.str = NULL}, CHAR_MIN, CHAR_MAX, V|E},
+#endif
+{"maxrate", "maximum bitrate (in bits/s). Used for VBV together with bufsize.", OFFSET(rc_max_rate), AV_OPT_TYPE_INT64, {.i64 = DEFAULT }, 0, INT_MAX, V|A|E},
+{"minrate", "minimum bitrate (in bits/s). Most useful in setting up a CBR encode. It is of little use otherwise.",
+            OFFSET(rc_min_rate), AV_OPT_TYPE_INT64, {.i64 = DEFAULT }, INT_MIN, INT_MAX, V|A|E},
+{"bufsize", "set ratecontrol buffer size (in bits)", OFFSET(rc_buffer_size), AV_OPT_TYPE_INT, {.i64 = DEFAULT }, INT_MIN, INT_MAX, A|V|E},
+#if FF_API_MPV_OPT
+{"rc_buf_aggressivity", "deprecated, use encoder private options instead", OFFSET(rc_buffer_aggressivity), AV_OPT_TYPE_FLOAT, {.dbl = 1.0 }, -FLT_MAX, FLT_MAX, V|E},
+#endif
+{"i_qfactor", "QP factor between P- and I-frames", OFFSET(i_quant_factor), AV_OPT_TYPE_FLOAT, {.dbl = -0.8 }, -FLT_MAX, FLT_MAX, V|E},
+{"i_qoffset", "QP offset between P- and I-frames", OFFSET(i_quant_offset), AV_OPT_TYPE_FLOAT, {.dbl = 0.0 }, -FLT_MAX, FLT_MAX, V|E},
+#if FF_API_MPV_OPT
+{"rc_init_cplx", "deprecated, use encoder private options instead", OFFSET(rc_initial_cplx), AV_OPT_TYPE_FLOAT, {.dbl = DEFAULT }, -FLT_MAX, FLT_MAX, V|E},
+#endif
+{"dct", "DCT algorithm", OFFSET(dct_algo), AV_OPT_TYPE_INT, {.i64 = DEFAULT }, 0, INT_MAX, V|E, "dct"},
+{"auto", "autoselect a good one", 0, AV_OPT_TYPE_CONST, {.i64 = FF_DCT_AUTO }, INT_MIN, INT_MAX, V|E, "dct"},
+{"fastint", "fast integer", 0, AV_OPT_TYPE_CONST, {.i64 = FF_DCT_FASTINT }, INT_MIN, INT_MAX, V|E, "dct"},
+{"int", "accurate integer", 0, AV_OPT_TYPE_CONST, {.i64 = FF_DCT_INT }, INT_MIN, INT_MAX, V|E, "dct"},
+{"mmx", NULL, 0, AV_OPT_TYPE_CONST, {.i64 = FF_DCT_MMX }, INT_MIN, INT_MAX, V|E, "dct"},
+{"altivec", NULL, 0, AV_OPT_TYPE_CONST, {.i64 = FF_DCT_ALTIVEC }, INT_MIN, INT_MAX, V|E, "dct"},
+{"faan", "floating point AAN DCT", 0, AV_OPT_TYPE_CONST, {.i64 = FF_DCT_FAAN }, INT_MIN, INT_MAX, V|E, "dct"},
+{"lumi_mask", "compresses bright areas stronger than medium ones", OFFSET(lumi_masking), AV_OPT_TYPE_FLOAT, {.dbl = 0 }, -FLT_MAX, FLT_MAX, V|E},
+{"tcplx_mask", "temporal complexity masking", OFFSET(temporal_cplx_masking), AV_OPT_TYPE_FLOAT, {.dbl = 0 }, -FLT_MAX, FLT_MAX, V|E},
+{"scplx_mask", "spatial complexity masking", OFFSET(spatial_cplx_masking), AV_OPT_TYPE_FLOAT, {.dbl = 0 }, -FLT_MAX, FLT_MAX, V|E},
+{"p_mask", "inter masking", OFFSET(p_masking), AV_OPT_TYPE_FLOAT, {.dbl = 0 }, -FLT_MAX, FLT_MAX, V|E},
+{"dark_mask", "compresses dark areas stronger than medium ones", OFFSET(dark_masking), AV_OPT_TYPE_FLOAT, {.dbl = 0 }, -FLT_MAX, FLT_MAX, V|E},
+{"idct", "select IDCT implementation", OFFSET(idct_algo), AV_OPT_TYPE_INT, {.i64 = DEFAULT }, 0, INT_MAX, V|E|D, "idct"},
+{"auto", NULL, 0, AV_OPT_TYPE_CONST, {.i64 = FF_IDCT_AUTO }, INT_MIN, INT_MAX, V|E|D, "idct"},
+{"int", NULL, 0, AV_OPT_TYPE_CONST, {.i64 = FF_IDCT_INT }, INT_MIN, INT_MAX, V|E|D, "idct"},
+{"simple", NULL, 0, AV_OPT_TYPE_CONST, {.i64 = FF_IDCT_SIMPLE }, INT_MIN, INT_MAX, V|E|D, "idct"},
+{"simplemmx", NULL, 0, AV_OPT_TYPE_CONST, {.i64 = FF_IDCT_SIMPLEMMX }, INT_MIN, INT_MAX, V|E|D, "idct"},
+{"arm", NULL, 0, AV_OPT_TYPE_CONST, {.i64 = FF_IDCT_ARM }, INT_MIN, INT_MAX, V|E|D, "idct"},
+{"altivec", NULL, 0, AV_OPT_TYPE_CONST, {.i64 = FF_IDCT_ALTIVEC }, INT_MIN, INT_MAX, V|E|D, "idct"},
+#if FF_API_ARCH_SH4
+{"sh4", NULL, 0, AV_OPT_TYPE_CONST, {.i64 = FF_IDCT_SH4 }, INT_MIN, INT_MAX, V|E|D, "idct"},
+#endif
+{"simplearm", NULL, 0, AV_OPT_TYPE_CONST, {.i64 = FF_IDCT_SIMPLEARM }, INT_MIN, INT_MAX, V|E|D, "idct"},
+{"simplearmv5te", NULL, 0, AV_OPT_TYPE_CONST, {.i64 = FF_IDCT_SIMPLEARMV5TE }, INT_MIN, INT_MAX, V|E|D, "idct"},
+{"simplearmv6", NULL, 0, AV_OPT_TYPE_CONST, {.i64 = FF_IDCT_SIMPLEARMV6 }, INT_MIN, INT_MAX, V|E|D, "idct"},
+{"simpleneon", NULL, 0, AV_OPT_TYPE_CONST, {.i64 = FF_IDCT_SIMPLENEON }, INT_MIN, INT_MAX, V|E|D, "idct"},
+#if FF_API_ARCH_ALPHA
+{"simplealpha", NULL, 0, AV_OPT_TYPE_CONST, {.i64 = FF_IDCT_SIMPLEALPHA }, INT_MIN, INT_MAX, V|E|D, "idct"},
+#endif
+#if FF_API_UNUSED_MEMBERS
+{"ipp", NULL, 0, AV_OPT_TYPE_CONST, {.i64 = FF_IDCT_IPP }, INT_MIN, INT_MAX, V|E|D, "idct"},
+#endif /* FF_API_UNUSED_MEMBERS */
+{"xvid", NULL, 0, AV_OPT_TYPE_CONST, {.i64 = FF_IDCT_XVID }, INT_MIN, INT_MAX, V|E|D, "idct"},
+{"xvidmmx", "deprecated, for compatibility only", 0, AV_OPT_TYPE_CONST, {.i64 = FF_IDCT_XVID }, INT_MIN, INT_MAX, V|E|D, "idct"},
+{"faani", "floating point AAN IDCT", 0, AV_OPT_TYPE_CONST, {.i64 = FF_IDCT_FAAN }, INT_MIN, INT_MAX, V|D|E, "idct"},
+{"simpleauto", NULL, 0, AV_OPT_TYPE_CONST, {.i64 = FF_IDCT_SIMPLEAUTO }, INT_MIN, INT_MAX, V|E|D, "idct"},
+{"slice_count", NULL, OFFSET(slice_count), AV_OPT_TYPE_INT, {.i64 = DEFAULT }, INT_MIN, INT_MAX},
+{"ec", "set error concealment strategy", OFFSET(error_concealment), AV_OPT_TYPE_FLAGS, {.i64 = 3 }, INT_MIN, INT_MAX, V|D, "ec"},
+{"guess_mvs", "iterative motion vector (MV) search (slow)", 0, AV_OPT_TYPE_CONST, {.i64 = FF_EC_GUESS_MVS }, INT_MIN, INT_MAX, V|D, "ec"},
+{"deblock", "use strong deblock filter for damaged MBs", 0, AV_OPT_TYPE_CONST, {.i64 = FF_EC_DEBLOCK }, INT_MIN, INT_MAX, V|D, "ec"},
+{"favor_inter", "favor predicting from the previous frame", 0, AV_OPT_TYPE_CONST, {.i64 = FF_EC_FAVOR_INTER }, INT_MIN, INT_MAX, V|D, "ec"},
+{"bits_per_coded_sample", NULL, OFFSET(bits_per_coded_sample), AV_OPT_TYPE_INT, {.i64 = DEFAULT }, 0, INT_MAX},
+#if FF_API_PRIVATE_OPT
+{"pred", "prediction method", OFFSET(prediction_method), AV_OPT_TYPE_INT, {.i64 = DEFAULT }, INT_MIN, INT_MAX, V|E, "pred"},
+{"left", NULL, 0, AV_OPT_TYPE_CONST, {.i64 = FF_PRED_LEFT }, INT_MIN, INT_MAX, V|E, "pred"},
+{"plane", NULL, 0, AV_OPT_TYPE_CONST, {.i64 = FF_PRED_PLANE }, INT_MIN, INT_MAX, V|E, "pred"},
+{"median", NULL, 0, AV_OPT_TYPE_CONST, {.i64 = FF_PRED_MEDIAN }, INT_MIN, INT_MAX, V|E, "pred"},
+#endif
+{"aspect", "sample aspect ratio", OFFSET(sample_aspect_ratio), AV_OPT_TYPE_RATIONAL, {.dbl = 0}, 0, 10, V|E},
+{"sar",    "sample aspect ratio", OFFSET(sample_aspect_ratio), AV_OPT_TYPE_RATIONAL, {.dbl = 0}, 0, 10, V|E},
+{"debug", "print specific debug info", OFFSET(debug), AV_OPT_TYPE_FLAGS, {.i64 = DEFAULT }, 0, INT_MAX, V|A|S|E|D, "debug"},
+{"pict", "picture info", 0, AV_OPT_TYPE_CONST, {.i64 = FF_DEBUG_PICT_INFO }, INT_MIN, INT_MAX, V|D, "debug"},
+{"rc", "rate control", 0, AV_OPT_TYPE_CONST, {.i64 = FF_DEBUG_RC }, INT_MIN, INT_MAX, V|E, "debug"},
+{"bitstream", NULL, 0, AV_OPT_TYPE_CONST, {.i64 = FF_DEBUG_BITSTREAM }, INT_MIN, INT_MAX, V|D, "debug"},
+{"mb_type", "macroblock (MB) type", 0, AV_OPT_TYPE_CONST, {.i64 = FF_DEBUG_MB_TYPE }, INT_MIN, INT_MAX, V|D, "debug"},
+{"qp", "per-block quantization parameter (QP)", 0, AV_OPT_TYPE_CONST, {.i64 = FF_DEBUG_QP }, INT_MIN, INT_MAX, V|D, "debug"},
+#if FF_API_DEBUG_MV
+{"mv", "motion vector", 0, AV_OPT_TYPE_CONST, {.i64 = FF_DEBUG_MV }, INT_MIN, INT_MAX, V|D, "debug"},
+#endif
+{"dct_coeff", NULL, 0, AV_OPT_TYPE_CONST, {.i64 = FF_DEBUG_DCT_COEFF }, INT_MIN, INT_MAX, V|D, "debug"},
+{"green_metadata", NULL, 0, AV_OPT_TYPE_CONST, {.i64 = FF_DEBUG_GREEN_MD }, INT_MIN, INT_MAX, V|D, "debug"},
+{"skip", NULL, 0, AV_OPT_TYPE_CONST, {.i64 = FF_DEBUG_SKIP }, INT_MIN, INT_MAX, V|D, "debug"},
+{"startcode", NULL, 0, AV_OPT_TYPE_CONST, {.i64 = FF_DEBUG_STARTCODE }, INT_MIN, INT_MAX, V|D, "debug"},
+#if FF_API_UNUSED_MEMBERS
+{"pts", NULL, 0, AV_OPT_TYPE_CONST, {.i64 = FF_DEBUG_PTS }, INT_MIN, INT_MAX, V|D, "debug"},
+#endif /* FF_API_UNUSED_MEMBERS */
+{"er", "error recognition", 0, AV_OPT_TYPE_CONST, {.i64 = FF_DEBUG_ER }, INT_MIN, INT_MAX, V|D, "debug"},
+{"mmco", "memory management control operations (H.264)", 0, AV_OPT_TYPE_CONST, {.i64 = FF_DEBUG_MMCO }, INT_MIN, INT_MAX, V|D, "debug"},
+{"bugs", NULL, 0, AV_OPT_TYPE_CONST, {.i64 = FF_DEBUG_BUGS }, INT_MIN, INT_MAX, V|D, "debug"},
+#if FF_API_DEBUG_MV
+{"vis_qp", "visualize quantization parameter (QP), lower QP are tinted greener", 0, AV_OPT_TYPE_CONST, {.i64 = FF_DEBUG_VIS_QP }, INT_MIN, INT_MAX, V|D, "debug"},
+{"vis_mb_type", "visualize block types", 0, AV_OPT_TYPE_CONST, {.i64 = FF_DEBUG_VIS_MB_TYPE }, INT_MIN, INT_MAX, V|D, "debug"},
+#endif
+{"buffers", "picture buffer allocations", 0, AV_OPT_TYPE_CONST, {.i64 = FF_DEBUG_BUFFERS }, INT_MIN, INT_MAX, V|D, "debug"},
+{"thread_ops", "threading operations", 0, AV_OPT_TYPE_CONST, {.i64 = FF_DEBUG_THREADS }, INT_MIN, INT_MAX, V|A|D, "debug"},
+{"nomc", "skip motion compensation", 0, AV_OPT_TYPE_CONST, {.i64 = FF_DEBUG_NOMC }, INT_MIN, INT_MAX, V|A|D, "debug"},
+#if FF_API_VISMV
+{"vismv", "visualize motion vectors (MVs) (deprecated)", OFFSET(debug_mv), AV_OPT_TYPE_FLAGS, {.i64 = DEFAULT }, 0, INT_MAX, V|D, "debug_mv"},
+{"pf", "forward predicted MVs of P-frames", 0, AV_OPT_TYPE_CONST, {.i64 = FF_DEBUG_VIS_MV_P_FOR }, INT_MIN, INT_MAX, V|D, "debug_mv"},
+{"bf", "forward predicted MVs of B-frames", 0, AV_OPT_TYPE_CONST, {.i64 = FF_DEBUG_VIS_MV_B_FOR }, INT_MIN, INT_MAX, V|D, "debug_mv"},
+{"bb", "backward predicted MVs of B-frames", 0, AV_OPT_TYPE_CONST, {.i64 = FF_DEBUG_VIS_MV_B_BACK }, INT_MIN, INT_MAX, V|D, "debug_mv"},
+#endif
+{"cmp", "full-pel ME compare function", OFFSET(me_cmp), AV_OPT_TYPE_INT, {.i64 = DEFAULT }, INT_MIN, INT_MAX, V|E, "cmp_func"},
+{"subcmp", "sub-pel ME compare function", OFFSET(me_sub_cmp), AV_OPT_TYPE_INT, {.i64 = DEFAULT }, INT_MIN, INT_MAX, V|E, "cmp_func"},
+{"mbcmp", "macroblock compare function", OFFSET(mb_cmp), AV_OPT_TYPE_INT, {.i64 = DEFAULT }, INT_MIN, INT_MAX, V|E, "cmp_func"},
+{"ildctcmp", "interlaced DCT compare function", OFFSET(ildct_cmp), AV_OPT_TYPE_INT, {.i64 = FF_CMP_VSAD }, INT_MIN, INT_MAX, V|E, "cmp_func"},
+{"dia_size", "diamond type & size for motion estimation", OFFSET(dia_size), AV_OPT_TYPE_INT, {.i64 = DEFAULT }, INT_MIN, INT_MAX, V|E},
+{"last_pred", "amount of motion predictors from the previous frame", OFFSET(last_predictor_count), AV_OPT_TYPE_INT, {.i64 = DEFAULT }, INT_MIN, INT_MAX, V|E},
+#if FF_API_PRIVATE_OPT
+{"preme", "pre motion estimation", OFFSET(pre_me), AV_OPT_TYPE_INT, {.i64 = DEFAULT }, INT_MIN, INT_MAX, V|E},
+#endif
+{"precmp", "pre motion estimation compare function", OFFSET(me_pre_cmp), AV_OPT_TYPE_INT, {.i64 = DEFAULT }, INT_MIN, INT_MAX, V|E, "cmp_func"},
+{"sad", "sum of absolute differences, fast", 0, AV_OPT_TYPE_CONST, {.i64 = FF_CMP_SAD }, INT_MIN, INT_MAX, V|E, "cmp_func"},
+{"sse", "sum of squared errors", 0, AV_OPT_TYPE_CONST, {.i64 = FF_CMP_SSE }, INT_MIN, INT_MAX, V|E, "cmp_func"},
+{"satd", "sum of absolute Hadamard transformed differences", 0, AV_OPT_TYPE_CONST, {.i64 = FF_CMP_SATD }, INT_MIN, INT_MAX, V|E, "cmp_func"},
+{"dct", "sum of absolute DCT transformed differences", 0, AV_OPT_TYPE_CONST, {.i64 = FF_CMP_DCT }, INT_MIN, INT_MAX, V|E, "cmp_func"},
+{"psnr", "sum of squared quantization errors (avoid, low quality)", 0, AV_OPT_TYPE_CONST, {.i64 = FF_CMP_PSNR }, INT_MIN, INT_MAX, V|E, "cmp_func"},
+{"bit", "number of bits needed for the block", 0, AV_OPT_TYPE_CONST, {.i64 = FF_CMP_BIT }, INT_MIN, INT_MAX, V|E, "cmp_func"},
+{"rd", "rate distortion optimal, slow", 0, AV_OPT_TYPE_CONST, {.i64 = FF_CMP_RD }, INT_MIN, INT_MAX, V|E, "cmp_func"},
+{"zero", "0", 0, AV_OPT_TYPE_CONST, {.i64 = FF_CMP_ZERO }, INT_MIN, INT_MAX, V|E, "cmp_func"},
+{"vsad", "sum of absolute vertical differences", 0, AV_OPT_TYPE_CONST, {.i64 = FF_CMP_VSAD }, INT_MIN, INT_MAX, V|E, "cmp_func"},
+{"vsse", "sum of squared vertical differences", 0, AV_OPT_TYPE_CONST, {.i64 = FF_CMP_VSSE }, INT_MIN, INT_MAX, V|E, "cmp_func"},
+{"nsse", "noise preserving sum of squared differences", 0, AV_OPT_TYPE_CONST, {.i64 = FF_CMP_NSSE }, INT_MIN, INT_MAX, V|E, "cmp_func"},
+#if CONFIG_SNOW_ENCODER
+{"w53", "5/3 wavelet, only used in snow", 0, AV_OPT_TYPE_CONST, {.i64 = FF_CMP_W53 }, INT_MIN, INT_MAX, V|E, "cmp_func"},
+{"w97", "9/7 wavelet, only used in snow", 0, AV_OPT_TYPE_CONST, {.i64 = FF_CMP_W97 }, INT_MIN, INT_MAX, V|E, "cmp_func"},
+#endif
+{"dctmax", NULL, 0, AV_OPT_TYPE_CONST, {.i64 = FF_CMP_DCTMAX }, INT_MIN, INT_MAX, V|E, "cmp_func"},
+{"chroma", NULL, 0, AV_OPT_TYPE_CONST, {.i64 = FF_CMP_CHROMA }, INT_MIN, INT_MAX, V|E, "cmp_func"},
+{"msad", "sum of absolute differences, median predicted", 0, AV_OPT_TYPE_CONST, {.i64 = FF_CMP_MEDIAN_SAD }, INT_MIN, INT_MAX, V|E, "cmp_func"},
+{"pre_dia_size", "diamond type & size for motion estimation pre-pass", OFFSET(pre_dia_size), AV_OPT_TYPE_INT, {.i64 = DEFAULT }, INT_MIN, INT_MAX, V|E},
+{"subq", "sub-pel motion estimation quality", OFFSET(me_subpel_quality), AV_OPT_TYPE_INT, {.i64 = 8 }, INT_MIN, INT_MAX, V|E},
+#if FF_API_AFD
+{"dtg_active_format", NULL, OFFSET(dtg_active_format), AV_OPT_TYPE_INT, {.i64 = DEFAULT }, INT_MIN, INT_MAX},
+#endif
+{"me_range", "limit motion vectors range (1023 for DivX player)", OFFSET(me_range), AV_OPT_TYPE_INT, {.i64 = DEFAULT }, INT_MIN, INT_MAX, V|E},
+#if FF_API_QUANT_BIAS
+{"ibias", "intra quant bias", OFFSET(intra_quant_bias), AV_OPT_TYPE_INT, {.i64 = FF_DEFAULT_QUANT_BIAS }, INT_MIN, INT_MAX, V|E},
+{"pbias", "inter quant bias", OFFSET(inter_quant_bias), AV_OPT_TYPE_INT, {.i64 = FF_DEFAULT_QUANT_BIAS }, INT_MIN, INT_MAX, V|E},
+#endif
+{"global_quality", NULL, OFFSET(global_quality), AV_OPT_TYPE_INT, {.i64 = DEFAULT }, INT_MIN, INT_MAX, V|A|E},
+#if FF_API_CODER_TYPE
+{"coder", NULL, OFFSET(coder_type), AV_OPT_TYPE_INT, {.i64 = DEFAULT }, INT_MIN, INT_MAX, V|E, "coder"},
+{"vlc", "variable length coder / Huffman coder", 0, AV_OPT_TYPE_CONST, {.i64 = FF_CODER_TYPE_VLC }, INT_MIN, INT_MAX, V|E, "coder"},
+{"ac", "arithmetic coder", 0, AV_OPT_TYPE_CONST, {.i64 = FF_CODER_TYPE_AC }, INT_MIN, INT_MAX, V|E, "coder"},
+{"raw", "raw (no encoding)", 0, AV_OPT_TYPE_CONST, {.i64 = FF_CODER_TYPE_RAW }, INT_MIN, INT_MAX, V|E, "coder"},
+{"rle", "run-length coder", 0, AV_OPT_TYPE_CONST, {.i64 = FF_CODER_TYPE_RLE }, INT_MIN, INT_MAX, V|E, "coder"},
+#if FF_API_UNUSED_MEMBERS
+{"deflate", "deflate-based coder", 0, AV_OPT_TYPE_CONST, {.i64 = FF_CODER_TYPE_DEFLATE }, INT_MIN, INT_MAX, V|E, "coder"},
+#endif /* FF_API_UNUSED_MEMBERS */
+#endif /* FF_API_CODER_TYPE */
+#if FF_API_PRIVATE_OPT
+{"context", "context model", OFFSET(context_model), AV_OPT_TYPE_INT, {.i64 = DEFAULT }, INT_MIN, INT_MAX, V|E},
+#endif
+{"slice_flags", NULL, OFFSET(slice_flags), AV_OPT_TYPE_INT, {.i64 = DEFAULT }, INT_MIN, INT_MAX},
+#if FF_API_XVMC
+{"xvmc_acceleration", NULL, OFFSET(xvmc_acceleration), AV_OPT_TYPE_INT, {.i64 = DEFAULT }, INT_MIN, INT_MAX},
+#endif /* FF_API_XVMC */
+{"mbd", "macroblock decision algorithm (high quality mode)", OFFSET(mb_decision), AV_OPT_TYPE_INT, {.i64 = DEFAULT }, 0, 2, V|E, "mbd"},
+{"simple", "use mbcmp", 0, AV_OPT_TYPE_CONST, {.i64 = FF_MB_DECISION_SIMPLE }, INT_MIN, INT_MAX, V|E, "mbd"},
+{"bits", "use fewest bits", 0, AV_OPT_TYPE_CONST, {.i64 = FF_MB_DECISION_BITS }, INT_MIN, INT_MAX, V|E, "mbd"},
+{"rd", "use best rate distortion", 0, AV_OPT_TYPE_CONST, {.i64 = FF_MB_DECISION_RD }, INT_MIN, INT_MAX, V|E, "mbd"},
+#if FF_API_STREAM_CODEC_TAG
+{"stream_codec_tag", NULL, OFFSET(stream_codec_tag), AV_OPT_TYPE_INT, {.i64 = DEFAULT }, INT_MIN, INT_MAX},
+#endif
+#if FF_API_PRIVATE_OPT
+{"sc_threshold", "scene change threshold", OFFSET(scenechange_threshold), AV_OPT_TYPE_INT, {.i64 = DEFAULT }, INT_MIN, INT_MAX, V|E},
+#endif
+#if FF_API_MPV_OPT
+{"lmin", "deprecated, use encoder private options instead", OFFSET(lmin), AV_OPT_TYPE_INT, {.i64 =  0 }, 0, INT_MAX, V|E},
+{"lmax", "deprecated, use encoder private options instead", OFFSET(lmax), AV_OPT_TYPE_INT, {.i64 =  0 }, 0, INT_MAX, V|E},
+#endif
+#if FF_API_PRIVATE_OPT
+{"nr", "noise reduction", OFFSET(noise_reduction), AV_OPT_TYPE_INT, {.i64 = DEFAULT }, INT_MIN, INT_MAX, V|E},
+#endif
+{"rc_init_occupancy", "number of bits which should be loaded into the rc buffer before decoding starts", OFFSET(rc_initial_buffer_occupancy), AV_OPT_TYPE_INT, {.i64 = DEFAULT }, INT_MIN, INT_MAX, V|E},
+{"flags2", NULL, OFFSET(flags2), AV_OPT_TYPE_FLAGS, {.i64 = DEFAULT}, 0, UINT_MAX, V|A|E|D, "flags2"},
+#if FF_API_ERROR_RATE
+{"error", NULL, OFFSET(error_rate), AV_OPT_TYPE_INT, {.i64 = DEFAULT }, INT_MIN, INT_MAX, V|E},
+#endif
+{"threads", "set the number of threads", OFFSET(thread_count), AV_OPT_TYPE_INT, {.i64 = 1 }, 0, INT_MAX, V|A|E|D, "threads"},
+{"auto", "autodetect a suitable number of threads to use", 0, AV_OPT_TYPE_CONST, {.i64 = 0 }, INT_MIN, INT_MAX, V|E|D, "threads"},
+#if FF_API_MPV_OPT
+{"me_threshold", "motion estimation threshold", OFFSET(me_threshold), AV_OPT_TYPE_INT, {.i64 = DEFAULT }, INT_MIN, INT_MAX, V|E},
+{"mb_threshold", "macroblock threshold", OFFSET(mb_threshold), AV_OPT_TYPE_INT, {.i64 = DEFAULT }, INT_MIN, INT_MAX, V|E},
+#endif
+{"dc", "intra_dc_precision", OFFSET(intra_dc_precision), AV_OPT_TYPE_INT, {.i64 = 0 }, -8, 16, V|E},
+{"nssew", "nsse weight", OFFSET(nsse_weight), AV_OPT_TYPE_INT, {.i64 = 8 }, INT_MIN, INT_MAX, V|E},
+{"skip_top", "number of macroblock rows at the top which are skipped", OFFSET(skip_top), AV_OPT_TYPE_INT, {.i64 = DEFAULT }, INT_MIN, INT_MAX, V|D},
+{"skip_bottom", "number of macroblock rows at the bottom which are skipped", OFFSET(skip_bottom), AV_OPT_TYPE_INT, {.i64 = DEFAULT }, INT_MIN, INT_MAX, V|D},
+{"profile", NULL, OFFSET(profile), AV_OPT_TYPE_INT, {.i64 = FF_PROFILE_UNKNOWN }, INT_MIN, INT_MAX, V|A|E, "profile"},
+{"unknown", NULL, 0, AV_OPT_TYPE_CONST, {.i64 = FF_PROFILE_UNKNOWN }, INT_MIN, INT_MAX, V|A|E, "profile"},
+{"aac_main", NULL, 0, AV_OPT_TYPE_CONST, {.i64 = FF_PROFILE_AAC_MAIN }, INT_MIN, INT_MAX, A|E, "profile"},
+{"aac_low", NULL, 0, AV_OPT_TYPE_CONST, {.i64 = FF_PROFILE_AAC_LOW }, INT_MIN, INT_MAX, A|E, "profile"},
+{"aac_ssr", NULL, 0, AV_OPT_TYPE_CONST, {.i64 = FF_PROFILE_AAC_SSR }, INT_MIN, INT_MAX, A|E, "profile"},
+{"aac_ltp", NULL, 0, AV_OPT_TYPE_CONST, {.i64 = FF_PROFILE_AAC_LTP }, INT_MIN, INT_MAX, A|E, "profile"},
+{"aac_he", NULL, 0, AV_OPT_TYPE_CONST, {.i64 = FF_PROFILE_AAC_HE }, INT_MIN, INT_MAX, A|E, "profile"},
+{"aac_he_v2", NULL, 0, AV_OPT_TYPE_CONST, {.i64 = FF_PROFILE_AAC_HE_V2 }, INT_MIN, INT_MAX, A|E, "profile"},
+{"aac_ld", NULL, 0, AV_OPT_TYPE_CONST, {.i64 = FF_PROFILE_AAC_LD }, INT_MIN, INT_MAX, A|E, "profile"},
+{"aac_eld", NULL, 0, AV_OPT_TYPE_CONST, {.i64 = FF_PROFILE_AAC_ELD }, INT_MIN, INT_MAX, A|E, "profile"},
+{"mpeg2_aac_low", NULL, 0, AV_OPT_TYPE_CONST, {.i64 = FF_PROFILE_MPEG2_AAC_LOW }, INT_MIN, INT_MAX, A|E, "profile"},
+{"mpeg2_aac_he", NULL, 0, AV_OPT_TYPE_CONST, {.i64 = FF_PROFILE_MPEG2_AAC_HE }, INT_MIN, INT_MAX, A|E, "profile"},
+{"dts", NULL, 0, AV_OPT_TYPE_CONST, {.i64 = FF_PROFILE_DTS }, INT_MIN, INT_MAX, A|E, "profile"},
+{"dts_es", NULL, 0, AV_OPT_TYPE_CONST, {.i64 = FF_PROFILE_DTS_ES }, INT_MIN, INT_MAX, A|E, "profile"},
+{"dts_96_24", NULL, 0, AV_OPT_TYPE_CONST, {.i64 = FF_PROFILE_DTS_96_24 }, INT_MIN, INT_MAX, A|E, "profile"},
+{"dts_hd_hra", NULL, 0, AV_OPT_TYPE_CONST, {.i64 = FF_PROFILE_DTS_HD_HRA }, INT_MIN, INT_MAX, A|E, "profile"},
+{"dts_hd_ma", NULL, 0, AV_OPT_TYPE_CONST, {.i64 = FF_PROFILE_DTS_HD_MA }, INT_MIN, INT_MAX, A|E, "profile"},
+{"mpeg4_sp",   NULL, 0, AV_OPT_TYPE_CONST, {.i64 = FF_PROFILE_MPEG4_SIMPLE }, INT_MIN, INT_MAX, V|E, "profile"},
+{"mpeg4_core", NULL, 0, AV_OPT_TYPE_CONST, {.i64 = FF_PROFILE_MPEG4_CORE }, INT_MIN, INT_MAX, V|E, "profile"},
+{"mpeg4_main", NULL, 0, AV_OPT_TYPE_CONST, {.i64 = FF_PROFILE_MPEG4_MAIN }, INT_MIN, INT_MAX, V|E, "profile"},
+{"mpeg4_asp",  NULL, 0, AV_OPT_TYPE_CONST, {.i64 = FF_PROFILE_MPEG4_ADVANCED_SIMPLE }, INT_MIN, INT_MAX, V|E, "profile"},
+{"main10",  NULL, 0, AV_OPT_TYPE_CONST, {.i64 = FF_PROFILE_HEVC_MAIN_10 }, INT_MIN, INT_MAX, V|E, "profile"},
+{"level", NULL, OFFSET(level), AV_OPT_TYPE_INT, {.i64 = FF_LEVEL_UNKNOWN }, INT_MIN, INT_MAX, V|A|E, "level"},
+{"unknown", NULL, 0, AV_OPT_TYPE_CONST, {.i64 = FF_LEVEL_UNKNOWN }, INT_MIN, INT_MAX, V|A|E, "level"},
+{"lowres", "decode at 1= 1/2, 2=1/4, 3=1/8 resolutions", OFFSET(lowres), AV_OPT_TYPE_INT, {.i64 = 0 }, 0, INT_MAX, V|A|D},
+#if FF_API_PRIVATE_OPT
+{"skip_threshold", "frame skip threshold", OFFSET(frame_skip_threshold), AV_OPT_TYPE_INT, {.i64 = DEFAULT }, INT_MIN, INT_MAX, V|E},
+{"skip_factor", "frame skip factor", OFFSET(frame_skip_factor), AV_OPT_TYPE_INT, {.i64 = DEFAULT }, INT_MIN, INT_MAX, V|E},
+{"skip_exp", "frame skip exponent", OFFSET(frame_skip_exp), AV_OPT_TYPE_INT, {.i64 = DEFAULT }, INT_MIN, INT_MAX, V|E},
+{"skipcmp", "frame skip compare function", OFFSET(frame_skip_cmp), AV_OPT_TYPE_INT, {.i64 = FF_CMP_DCTMAX }, INT_MIN, INT_MAX, V|E, "cmp_func"},
+#endif
+#if FF_API_MPV_OPT
+{"border_mask", "deprecated, use encoder private options instead", OFFSET(border_masking), AV_OPT_TYPE_FLOAT, {.dbl = DEFAULT }, -FLT_MAX, FLT_MAX, V|E},
+#endif
+{"mblmin", "minimum macroblock Lagrange factor (VBR)", OFFSET(mb_lmin), AV_OPT_TYPE_INT, {.i64 = FF_QP2LAMBDA * 2 }, 1, FF_LAMBDA_MAX, V|E},
+{"mblmax", "maximum macroblock Lagrange factor (VBR)", OFFSET(mb_lmax), AV_OPT_TYPE_INT, {.i64 = FF_QP2LAMBDA * 31 }, 1, FF_LAMBDA_MAX, V|E},
+#if FF_API_PRIVATE_OPT
+{"mepc", "motion estimation bitrate penalty compensation (1.0 = 256)", OFFSET(me_penalty_compensation), AV_OPT_TYPE_INT, {.i64 = 256 }, INT_MIN, INT_MAX, V|E},
+#endif
+{"skip_loop_filter", "skip loop filtering process for the selected frames", OFFSET(skip_loop_filter), AV_OPT_TYPE_INT, {.i64 = AVDISCARD_DEFAULT }, INT_MIN, INT_MAX, V|D, "avdiscard"},
+{"skip_idct"       , "skip IDCT/dequantization for the selected frames",    OFFSET(skip_idct),        AV_OPT_TYPE_INT, {.i64 = AVDISCARD_DEFAULT }, INT_MIN, INT_MAX, V|D, "avdiscard"},
+{"skip_frame"      , "skip decoding for the selected frames",               OFFSET(skip_frame),       AV_OPT_TYPE_INT, {.i64 = AVDISCARD_DEFAULT }, INT_MIN, INT_MAX, V|D, "avdiscard"},
+{"none"            , "discard no frame",                    0, AV_OPT_TYPE_CONST, {.i64 = AVDISCARD_NONE    }, INT_MIN, INT_MAX, V|D, "avdiscard"},
+{"default"         , "discard useless frames",              0, AV_OPT_TYPE_CONST, {.i64 = AVDISCARD_DEFAULT }, INT_MIN, INT_MAX, V|D, "avdiscard"},
+{"noref"           , "discard all non-reference frames",    0, AV_OPT_TYPE_CONST, {.i64 = AVDISCARD_NONREF  }, INT_MIN, INT_MAX, V|D, "avdiscard"},
+{"bidir"           , "discard all bidirectional frames",    0, AV_OPT_TYPE_CONST, {.i64 = AVDISCARD_BIDIR   }, INT_MIN, INT_MAX, V|D, "avdiscard"},
+{"nokey"           , "discard all frames except keyframes", 0, AV_OPT_TYPE_CONST, {.i64 = AVDISCARD_NONKEY  }, INT_MIN, INT_MAX, V|D, "avdiscard"},
+{"nointra"         , "discard all frames except I frames",  0, AV_OPT_TYPE_CONST, {.i64 = AVDISCARD_NONINTRA}, INT_MIN, INT_MAX, V|D, "avdiscard"},
+{"all"             , "discard all frames",                  0, AV_OPT_TYPE_CONST, {.i64 = AVDISCARD_ALL     }, INT_MIN, INT_MAX, V|D, "avdiscard"},
+{"bidir_refine", "refine the two motion vectors used in bidirectional macroblocks", OFFSET(bidir_refine), AV_OPT_TYPE_INT, {.i64 = 1 }, 0, 4, V|E},
+#if FF_API_PRIVATE_OPT
+{"brd_scale", "downscale frames for dynamic B-frame decision", OFFSET(brd_scale), AV_OPT_TYPE_INT, {.i64 = DEFAULT }, 0, 10, V|E},
+#endif
+{"keyint_min", "minimum interval between IDR-frames", OFFSET(keyint_min), AV_OPT_TYPE_INT, {.i64 = 25 }, INT_MIN, INT_MAX, V|E},
+{"refs", "reference frames to consider for motion compensation", OFFSET(refs), AV_OPT_TYPE_INT, {.i64 = 1 }, INT_MIN, INT_MAX, V|E},
+#if FF_API_PRIVATE_OPT
+{"chromaoffset", "chroma QP offset from luma", OFFSET(chromaoffset), AV_OPT_TYPE_INT, {.i64 = DEFAULT }, INT_MIN, INT_MAX, V|E},
+#endif
+{"trellis", "rate-distortion optimal quantization", OFFSET(trellis), AV_OPT_TYPE_INT, {.i64 = DEFAULT }, INT_MIN, INT_MAX, V|A|E},
+#if FF_API_UNUSED_MEMBERS
+{"sc_factor", "multiplied by qscale for each frame and added to scene_change_score", OFFSET(scenechange_factor), AV_OPT_TYPE_INT, {.i64 = 6 }, 0, INT_MAX, V|E},
+#endif /* FF_API_UNUSED_MEMBERS */
+{"mv0_threshold", NULL, OFFSET(mv0_threshold), AV_OPT_TYPE_INT, {.i64 = 256 }, 0, INT_MAX, V|E},
+#if FF_API_PRIVATE_OPT
+{"b_sensitivity", "adjust sensitivity of b_frame_strategy 1", OFFSET(b_sensitivity), AV_OPT_TYPE_INT, {.i64 = 40 }, 1, INT_MAX, V|E},
+#endif
+{"compression_level", NULL, OFFSET(compression_level), AV_OPT_TYPE_INT, {.i64 = FF_COMPRESSION_DEFAULT }, INT_MIN, INT_MAX, V|A|E},
+#if FF_API_PRIVATE_OPT
+{"min_prediction_order", NULL, OFFSET(min_prediction_order), AV_OPT_TYPE_INT, {.i64 = -1 }, INT_MIN, INT_MAX, A|E},
+{"max_prediction_order", NULL, OFFSET(max_prediction_order), AV_OPT_TYPE_INT, {.i64 = -1 }, INT_MIN, INT_MAX, A|E},
+{"timecode_frame_start", "GOP timecode frame start number, in non-drop-frame format", OFFSET(timecode_frame_start), AV_OPT_TYPE_INT64, {.i64 = -1 }, -1, INT64_MAX, V|E},
+#endif
+{"bits_per_raw_sample", NULL, OFFSET(bits_per_raw_sample), AV_OPT_TYPE_INT, {.i64 = DEFAULT }, 0, INT_MAX},
+{"channel_layout", NULL, OFFSET(channel_layout), AV_OPT_TYPE_UINT64, {.i64 = DEFAULT }, 0, UINT64_MAX, A|E|D, "channel_layout"},
+{"request_channel_layout", NULL, OFFSET(request_channel_layout), AV_OPT_TYPE_UINT64, {.i64 = DEFAULT }, 0, UINT64_MAX, A|D, "request_channel_layout"},
+{"rc_max_vbv_use", NULL, OFFSET(rc_max_available_vbv_use), AV_OPT_TYPE_FLOAT, {.dbl = 0 }, 0.0, FLT_MAX, V|E},
+{"rc_min_vbv_use", NULL, OFFSET(rc_min_vbv_overflow_use),  AV_OPT_TYPE_FLOAT, {.dbl = 3 },     0.0, FLT_MAX, V|E},
+{"ticks_per_frame", NULL, OFFSET(ticks_per_frame), AV_OPT_TYPE_INT, {.i64 = 1 }, 1, INT_MAX, A|V|E|D},
+{"color_primaries", "color primaries", OFFSET(color_primaries), AV_OPT_TYPE_INT, {.i64 = AVCOL_PRI_UNSPECIFIED }, 1, INT_MAX, V|E|D, "color_primaries_type"},
+{"bt709",       "BT.709",         0, AV_OPT_TYPE_CONST, {.i64 = AVCOL_PRI_BT709 },        INT_MIN, INT_MAX, V|E|D, "color_primaries_type"},
+{"unknown",     "Unspecified",    0, AV_OPT_TYPE_CONST, {.i64 = AVCOL_PRI_UNSPECIFIED },  INT_MIN, INT_MAX, V|E|D, "color_primaries_type"},
+{"bt470m",      "BT.470 M",       0, AV_OPT_TYPE_CONST, {.i64 = AVCOL_PRI_BT470M },       INT_MIN, INT_MAX, V|E|D, "color_primaries_type"},
+{"bt470bg",     "BT.470 BG",      0, AV_OPT_TYPE_CONST, {.i64 = AVCOL_PRI_BT470BG },      INT_MIN, INT_MAX, V|E|D, "color_primaries_type"},
+{"smpte170m",   "SMPTE 170 M",    0, AV_OPT_TYPE_CONST, {.i64 = AVCOL_PRI_SMPTE170M },    INT_MIN, INT_MAX, V|E|D, "color_primaries_type"},
+{"smpte240m",   "SMPTE 240 M",    0, AV_OPT_TYPE_CONST, {.i64 = AVCOL_PRI_SMPTE240M },    INT_MIN, INT_MAX, V|E|D, "color_primaries_type"},
+{"film",        "Film",           0, AV_OPT_TYPE_CONST, {.i64 = AVCOL_PRI_FILM },         INT_MIN, INT_MAX, V|E|D, "color_primaries_type"},
+{"bt2020",      "BT.2020",        0, AV_OPT_TYPE_CONST, {.i64 = AVCOL_PRI_BT2020 },       INT_MIN, INT_MAX, V|E|D, "color_primaries_type"},
+{"smpte428",    "SMPTE 428-1",    0, AV_OPT_TYPE_CONST, {.i64 = AVCOL_PRI_SMPTE428 },     INT_MIN, INT_MAX, V|E|D, "color_primaries_type"},
+{"smpte428_1",  "SMPTE 428-1",    0, AV_OPT_TYPE_CONST, {.i64 = AVCOL_PRI_SMPTE428 },     INT_MIN, INT_MAX, V|E|D, "color_primaries_type"},
+{"smpte431",    "SMPTE 431-2",    0, AV_OPT_TYPE_CONST, {.i64 = AVCOL_PRI_SMPTE431 },     INT_MIN, INT_MAX, V|E|D, "color_primaries_type"},
+{"smpte432",    "SMPTE 422-1",    0, AV_OPT_TYPE_CONST, {.i64 = AVCOL_PRI_SMPTE432 },     INT_MIN, INT_MAX, V|E|D, "color_primaries_type"},
+{"jedec-p22",   "JEDEC P22",      0, AV_OPT_TYPE_CONST, {.i64 = AVCOL_PRI_JEDEC_P22 },    INT_MIN, INT_MAX, V|E|D, "color_primaries_type"},
+{"unspecified", "Unspecified",    0, AV_OPT_TYPE_CONST, {.i64 = AVCOL_PRI_UNSPECIFIED },  INT_MIN, INT_MAX, V|E|D, "color_primaries_type"},
+{"color_trc", "color transfer characteristics", OFFSET(color_trc), AV_OPT_TYPE_INT, {.i64 = AVCOL_TRC_UNSPECIFIED }, 1, INT_MAX, V|E|D, "color_trc_type"},
+{"bt709",        "BT.709",           0, AV_OPT_TYPE_CONST, {.i64 = AVCOL_TRC_BT709 },        INT_MIN, INT_MAX, V|E|D, "color_trc_type"},
+{"unknown",      "Unspecified",      0, AV_OPT_TYPE_CONST, {.i64 = AVCOL_TRC_UNSPECIFIED },  INT_MIN, INT_MAX, V|E|D, "color_trc_type"},
+{"gamma22",      "BT.470 M",         0, AV_OPT_TYPE_CONST, {.i64 = AVCOL_TRC_GAMMA22 },      INT_MIN, INT_MAX, V|E|D, "color_trc_type"},
+{"gamma28",      "BT.470 BG",        0, AV_OPT_TYPE_CONST, {.i64 = AVCOL_TRC_GAMMA28 },      INT_MIN, INT_MAX, V|E|D, "color_trc_type"},
+{"smpte170m",    "SMPTE 170 M",      0, AV_OPT_TYPE_CONST, {.i64 = AVCOL_TRC_SMPTE170M },    INT_MIN, INT_MAX, V|E|D, "color_trc_type"},
+{"smpte240m",    "SMPTE 240 M",      0, AV_OPT_TYPE_CONST, {.i64 = AVCOL_TRC_SMPTE240M },    INT_MIN, INT_MAX, V|E|D, "color_trc_type"},
+{"linear",       "Linear",           0, AV_OPT_TYPE_CONST, {.i64 = AVCOL_TRC_LINEAR },       INT_MIN, INT_MAX, V|E|D, "color_trc_type"},
+{"log100",       "Log",              0, AV_OPT_TYPE_CONST, {.i64 = AVCOL_TRC_LOG },          INT_MIN, INT_MAX, V|E|D, "color_trc_type"},
+{"log316",       "Log square root",  0, AV_OPT_TYPE_CONST, {.i64 = AVCOL_TRC_LOG_SQRT },     INT_MIN, INT_MAX, V|E|D, "color_trc_type"},
+{"iec61966-2-4", "IEC 61966-2-4",    0, AV_OPT_TYPE_CONST, {.i64 = AVCOL_TRC_IEC61966_2_4 }, INT_MIN, INT_MAX, V|E|D, "color_trc_type"},
+{"bt1361e",      "BT.1361",          0, AV_OPT_TYPE_CONST, {.i64 = AVCOL_TRC_BT1361_ECG },   INT_MIN, INT_MAX, V|E|D, "color_trc_type"},
+{"iec61966-2-1", "IEC 61966-2-1",    0, AV_OPT_TYPE_CONST, {.i64 = AVCOL_TRC_IEC61966_2_1 }, INT_MIN, INT_MAX, V|E|D, "color_trc_type"},
+{"bt2020-10",    "BT.2020 - 10 bit", 0, AV_OPT_TYPE_CONST, {.i64 = AVCOL_TRC_BT2020_10 },    INT_MIN, INT_MAX, V|E|D, "color_trc_type"},
+{"bt2020-12",    "BT.2020 - 12 bit", 0, AV_OPT_TYPE_CONST, {.i64 = AVCOL_TRC_BT2020_12 },    INT_MIN, INT_MAX, V|E|D, "color_trc_type"},
+{"smpte2084",    "SMPTE 2084",       0, AV_OPT_TYPE_CONST, {.i64 = AVCOL_TRC_SMPTE2084 },    INT_MIN, INT_MAX, V|E|D, "color_trc_type"},
+{"smpte428",     "SMPTE 428-1",      0, AV_OPT_TYPE_CONST, {.i64 = AVCOL_TRC_SMPTE428 },     INT_MIN, INT_MAX, V|E|D, "color_trc_type"},
+{"arib-std-b67", "ARIB STD-B67",     0, AV_OPT_TYPE_CONST, {.i64 = AVCOL_TRC_ARIB_STD_B67 }, INT_MIN, INT_MAX, V|E|D, "color_trc_type"},
+{"unspecified",  "Unspecified",      0, AV_OPT_TYPE_CONST, {.i64 = AVCOL_TRC_UNSPECIFIED },  INT_MIN, INT_MAX, V|E|D, "color_trc_type"},
+{"log",          "Log",              0, AV_OPT_TYPE_CONST, {.i64 = AVCOL_TRC_LOG },          INT_MIN, INT_MAX, V|E|D, "color_trc_type"},
+{"log_sqrt",     "Log square root",  0, AV_OPT_TYPE_CONST, {.i64 = AVCOL_TRC_LOG_SQRT },     INT_MIN, INT_MAX, V|E|D, "color_trc_type"},
+{"iec61966_2_4", "IEC 61966-2-4",    0, AV_OPT_TYPE_CONST, {.i64 = AVCOL_TRC_IEC61966_2_4 }, INT_MIN, INT_MAX, V|E|D, "color_trc_type"},
+{"bt1361",       "BT.1361",          0, AV_OPT_TYPE_CONST, {.i64 = AVCOL_TRC_BT1361_ECG },   INT_MIN, INT_MAX, V|E|D, "color_trc_type"},
+{"iec61966_2_1", "IEC 61966-2-1",    0, AV_OPT_TYPE_CONST, {.i64 = AVCOL_TRC_IEC61966_2_1 }, INT_MIN, INT_MAX, V|E|D, "color_trc_type"},
+{"bt2020_10bit", "BT.2020 - 10 bit", 0, AV_OPT_TYPE_CONST, {.i64 = AVCOL_TRC_BT2020_10 },    INT_MIN, INT_MAX, V|E|D, "color_trc_type"},
+{"bt2020_12bit", "BT.2020 - 12 bit", 0, AV_OPT_TYPE_CONST, {.i64 = AVCOL_TRC_BT2020_12 },    INT_MIN, INT_MAX, V|E|D, "color_trc_type"},
+{"smpte428_1",   "SMPTE 428-1",      0, AV_OPT_TYPE_CONST, {.i64 = AVCOL_TRC_SMPTE428 },     INT_MIN, INT_MAX, V|E|D, "color_trc_type"},
+{"colorspace", "color space", OFFSET(colorspace), AV_OPT_TYPE_INT, {.i64 = AVCOL_SPC_UNSPECIFIED }, 0, INT_MAX, V|E|D, "colorspace_type"},
+{"rgb",         "RGB",         0, AV_OPT_TYPE_CONST, {.i64 = AVCOL_SPC_RGB },         INT_MIN, INT_MAX, V|E|D, "colorspace_type"},
+{"bt709",       "BT.709",      0, AV_OPT_TYPE_CONST, {.i64 = AVCOL_SPC_BT709 },       INT_MIN, INT_MAX, V|E|D, "colorspace_type"},
+{"unknown",     "Unspecified", 0, AV_OPT_TYPE_CONST, {.i64 = AVCOL_SPC_UNSPECIFIED }, INT_MIN, INT_MAX, V|E|D, "colorspace_type"},
+{"fcc",         "FCC",         0, AV_OPT_TYPE_CONST, {.i64 = AVCOL_SPC_FCC },         INT_MIN, INT_MAX, V|E|D, "colorspace_type"},
+{"bt470bg",     "BT.470 BG",   0, AV_OPT_TYPE_CONST, {.i64 = AVCOL_SPC_BT470BG },     INT_MIN, INT_MAX, V|E|D, "colorspace_type"},
+{"smpte170m",   "SMPTE 170 M", 0, AV_OPT_TYPE_CONST, {.i64 = AVCOL_SPC_SMPTE170M },   INT_MIN, INT_MAX, V|E|D, "colorspace_type"},
+{"smpte240m",   "SMPTE 240 M", 0, AV_OPT_TYPE_CONST, {.i64 = AVCOL_SPC_SMPTE240M },   INT_MIN, INT_MAX, V|E|D, "colorspace_type"},
+{"ycgco",       "YCGCO",       0, AV_OPT_TYPE_CONST, {.i64 = AVCOL_SPC_YCGCO },       INT_MIN, INT_MAX, V|E|D, "colorspace_type"},
+{"bt2020nc",    "BT.2020 NCL", 0, AV_OPT_TYPE_CONST, {.i64 = AVCOL_SPC_BT2020_NCL },  INT_MIN, INT_MAX, V|E|D, "colorspace_type"},
+{"bt2020c",     "BT.2020 CL",  0, AV_OPT_TYPE_CONST, {.i64 = AVCOL_SPC_BT2020_CL },   INT_MIN, INT_MAX, V|E|D, "colorspace_type"},
+{"smpte2085",   "SMPTE 2085",  0, AV_OPT_TYPE_CONST, {.i64 = AVCOL_SPC_SMPTE2085 },   INT_MIN, INT_MAX, V|E|D, "colorspace_type"},
+{"unspecified", "Unspecified", 0, AV_OPT_TYPE_CONST, {.i64 = AVCOL_SPC_UNSPECIFIED }, INT_MIN, INT_MAX, V|E|D, "colorspace_type"},
+{"ycocg",       "YCGCO",       0, AV_OPT_TYPE_CONST, {.i64 = AVCOL_SPC_YCGCO },       INT_MIN, INT_MAX, V|E|D, "colorspace_type"},
+{"bt2020_ncl",  "BT.2020 NCL", 0, AV_OPT_TYPE_CONST, {.i64 = AVCOL_SPC_BT2020_NCL },  INT_MIN, INT_MAX, V|E|D, "colorspace_type"},
+{"bt2020_cl",   "BT.2020 CL",  0, AV_OPT_TYPE_CONST, {.i64 = AVCOL_SPC_BT2020_CL },   INT_MIN, INT_MAX, V|E|D, "colorspace_type"},
+{"color_range", "color range", OFFSET(color_range), AV_OPT_TYPE_INT, {.i64 = AVCOL_RANGE_UNSPECIFIED }, 0, INT_MAX, V|E|D, "color_range_type"},
+{"unknown", "Unspecified",     0, AV_OPT_TYPE_CONST, {.i64 = AVCOL_RANGE_UNSPECIFIED }, INT_MIN, INT_MAX, V|E|D, "color_range_type"},
+{"tv", "MPEG (219*2^(n-8))",   0, AV_OPT_TYPE_CONST, {.i64 = AVCOL_RANGE_MPEG },        INT_MIN, INT_MAX, V|E|D, "color_range_type"},
+{"pc", "JPEG (2^n-1)",         0, AV_OPT_TYPE_CONST, {.i64 = AVCOL_RANGE_JPEG },        INT_MIN, INT_MAX, V|E|D, "color_range_type"},
+{"unspecified", "Unspecified", 0, AV_OPT_TYPE_CONST, {.i64 = AVCOL_RANGE_UNSPECIFIED }, INT_MIN, INT_MAX, V|E|D, "color_range_type"},
+{"mpeg", "MPEG (219*2^(n-8))", 0, AV_OPT_TYPE_CONST, {.i64 = AVCOL_RANGE_MPEG },        INT_MIN, INT_MAX, V|E|D, "color_range_type"},
+{"jpeg", "JPEG (2^n-1)",       0, AV_OPT_TYPE_CONST, {.i64 = AVCOL_RANGE_JPEG },        INT_MIN, INT_MAX, V|E|D, "color_range_type"},
+{"chroma_sample_location", "chroma sample location", OFFSET(chroma_sample_location), AV_OPT_TYPE_INT, {.i64 = AVCHROMA_LOC_UNSPECIFIED }, 0, INT_MAX, V|E|D, "chroma_sample_location_type"},
+{"unknown",     "Unspecified", 0, AV_OPT_TYPE_CONST, {.i64 = AVCHROMA_LOC_UNSPECIFIED }, INT_MIN, INT_MAX, V|E|D, "chroma_sample_location_type"},
+{"left",        "Left",        0, AV_OPT_TYPE_CONST, {.i64 = AVCHROMA_LOC_LEFT },        INT_MIN, INT_MAX, V|E|D, "chroma_sample_location_type"},
+{"center",      "Center",      0, AV_OPT_TYPE_CONST, {.i64 = AVCHROMA_LOC_CENTER },      INT_MIN, INT_MAX, V|E|D, "chroma_sample_location_type"},
+{"topleft",     "Top-left",    0, AV_OPT_TYPE_CONST, {.i64 = AVCHROMA_LOC_TOPLEFT },     INT_MIN, INT_MAX, V|E|D, "chroma_sample_location_type"},
+{"top",         "Top",         0, AV_OPT_TYPE_CONST, {.i64 = AVCHROMA_LOC_TOP },         INT_MIN, INT_MAX, V|E|D, "chroma_sample_location_type"},
+{"bottomleft",  "Bottom-left", 0, AV_OPT_TYPE_CONST, {.i64 = AVCHROMA_LOC_BOTTOMLEFT },  INT_MIN, INT_MAX, V|E|D, "chroma_sample_location_type"},
+{"bottom",      "Bottom",      0, AV_OPT_TYPE_CONST, {.i64 = AVCHROMA_LOC_BOTTOM },      INT_MIN, INT_MAX, V|E|D, "chroma_sample_location_type"},
+{"unspecified", "Unspecified", 0, AV_OPT_TYPE_CONST, {.i64 = AVCHROMA_LOC_UNSPECIFIED }, INT_MIN, INT_MAX, V|E|D, "chroma_sample_location_type"},
+{"log_level_offset", "set the log level offset", OFFSET(log_level_offset), AV_OPT_TYPE_INT, {.i64 = 0 }, INT_MIN, INT_MAX },
+{"slices", "set the number of slices, used in parallelized encoding", OFFSET(slices), AV_OPT_TYPE_INT, {.i64 = 0 }, 0, INT_MAX, V|E},
+{"thread_type", "select multithreading type", OFFSET(thread_type), AV_OPT_TYPE_FLAGS, {.i64 = FF_THREAD_SLICE|FF_THREAD_FRAME }, 0, INT_MAX, V|A|E|D, "thread_type"},
+{"slice", NULL, 0, AV_OPT_TYPE_CONST, {.i64 = FF_THREAD_SLICE }, INT_MIN, INT_MAX, V|E|D, "thread_type"},
+{"frame", NULL, 0, AV_OPT_TYPE_CONST, {.i64 = FF_THREAD_FRAME }, INT_MIN, INT_MAX, V|E|D, "thread_type"},
+{"audio_service_type", "audio service type", OFFSET(audio_service_type), AV_OPT_TYPE_INT, {.i64 = AV_AUDIO_SERVICE_TYPE_MAIN }, 0, AV_AUDIO_SERVICE_TYPE_NB-1, A|E, "audio_service_type"},
+{"ma", "Main Audio Service", 0, AV_OPT_TYPE_CONST, {.i64 = AV_AUDIO_SERVICE_TYPE_MAIN },              INT_MIN, INT_MAX, A|E, "audio_service_type"},
+{"ef", "Effects",            0, AV_OPT_TYPE_CONST, {.i64 = AV_AUDIO_SERVICE_TYPE_EFFECTS },           INT_MIN, INT_MAX, A|E, "audio_service_type"},
+{"vi", "Visually Impaired",  0, AV_OPT_TYPE_CONST, {.i64 = AV_AUDIO_SERVICE_TYPE_VISUALLY_IMPAIRED }, INT_MIN, INT_MAX, A|E, "audio_service_type"},
+{"hi", "Hearing Impaired",   0, AV_OPT_TYPE_CONST, {.i64 = AV_AUDIO_SERVICE_TYPE_HEARING_IMPAIRED },  INT_MIN, INT_MAX, A|E, "audio_service_type"},
+{"di", "Dialogue",           0, AV_OPT_TYPE_CONST, {.i64 = AV_AUDIO_SERVICE_TYPE_DIALOGUE },          INT_MIN, INT_MAX, A|E, "audio_service_type"},
+{"co", "Commentary",         0, AV_OPT_TYPE_CONST, {.i64 = AV_AUDIO_SERVICE_TYPE_COMMENTARY },        INT_MIN, INT_MAX, A|E, "audio_service_type"},
+{"em", "Emergency",          0, AV_OPT_TYPE_CONST, {.i64 = AV_AUDIO_SERVICE_TYPE_EMERGENCY },         INT_MIN, INT_MAX, A|E, "audio_service_type"},
+{"vo", "Voice Over",         0, AV_OPT_TYPE_CONST, {.i64 = AV_AUDIO_SERVICE_TYPE_VOICE_OVER },        INT_MIN, INT_MAX, A|E, "audio_service_type"},
+{"ka", "Karaoke",            0, AV_OPT_TYPE_CONST, {.i64 = AV_AUDIO_SERVICE_TYPE_KARAOKE },           INT_MIN, INT_MAX, A|E, "audio_service_type"},
+{"request_sample_fmt", "sample format audio decoders should prefer", OFFSET(request_sample_fmt), AV_OPT_TYPE_SAMPLE_FMT, {.i64=AV_SAMPLE_FMT_NONE}, -1, INT_MAX, A|D, "request_sample_fmt"},
+{"pkt_timebase", NULL, OFFSET(pkt_timebase), AV_OPT_TYPE_RATIONAL, {.dbl = 0 }, 0, INT_MAX, 0},
+{"sub_charenc", "set input text subtitles character encoding", OFFSET(sub_charenc), AV_OPT_TYPE_STRING, {.str = NULL}, CHAR_MIN, CHAR_MAX, S|D},
+{"sub_charenc_mode", "set input text subtitles character encoding mode", OFFSET(sub_charenc_mode), AV_OPT_TYPE_FLAGS, {.i64 = FF_SUB_CHARENC_MODE_AUTOMATIC}, -1, INT_MAX, S|D, "sub_charenc_mode"},
+{"do_nothing",  NULL, 0, AV_OPT_TYPE_CONST, {.i64 = FF_SUB_CHARENC_MODE_DO_NOTHING},  INT_MIN, INT_MAX, S|D, "sub_charenc_mode"},
+{"auto",        NULL, 0, AV_OPT_TYPE_CONST, {.i64 = FF_SUB_CHARENC_MODE_AUTOMATIC},   INT_MIN, INT_MAX, S|D, "sub_charenc_mode"},
+{"pre_decoder", NULL, 0, AV_OPT_TYPE_CONST, {.i64 = FF_SUB_CHARENC_MODE_PRE_DECODER}, INT_MIN, INT_MAX, S|D, "sub_charenc_mode"},
+#if FF_API_ASS_TIMING
+{"sub_text_format", "set decoded text subtitle format", OFFSET(sub_text_format), AV_OPT_TYPE_INT, {.i64 = FF_SUB_TEXT_FMT_ASS_WITH_TIMINGS}, 0, 1, S|D, "sub_text_format"},
+#else
+{"sub_text_format", "set decoded text subtitle format", OFFSET(sub_text_format), AV_OPT_TYPE_INT, {.i64 = FF_SUB_TEXT_FMT_ASS}, 0, 1, S|D, "sub_text_format"},
+#endif
+{"ass",              NULL, 0, AV_OPT_TYPE_CONST, {.i64 = FF_SUB_TEXT_FMT_ASS},              INT_MIN, INT_MAX, S|D, "sub_text_format"},
+#if FF_API_ASS_TIMING
+{"ass_with_timings", NULL, 0, AV_OPT_TYPE_CONST, {.i64 = FF_SUB_TEXT_FMT_ASS_WITH_TIMINGS}, INT_MIN, INT_MAX, S|D, "sub_text_format"},
+#endif
+{"refcounted_frames", NULL, OFFSET(refcounted_frames), AV_OPT_TYPE_BOOL, {.i64 = 0}, 0, 1, A|V|D },
+#if FF_API_SIDEDATA_ONLY_PKT
+{"side_data_only_packets", NULL, OFFSET(side_data_only_packets), AV_OPT_TYPE_BOOL, { .i64 = 1 }, 0, 1, A|V|E },
+#endif
+{"apply_cropping", NULL, OFFSET(apply_cropping), AV_OPT_TYPE_BOOL, { .i64 = 1 }, 0, 1, V | D },
+{"skip_alpha", "Skip processing alpha", OFFSET(skip_alpha), AV_OPT_TYPE_BOOL, {.i64 = 0 }, 0, 1, V|D },
+{"field_order", "Field order", OFFSET(field_order), AV_OPT_TYPE_INT, {.i64 = AV_FIELD_UNKNOWN }, 0, 5, V|D|E, "field_order" },
+{"progressive", NULL, 0, AV_OPT_TYPE_CONST, {.i64 = AV_FIELD_PROGRESSIVE }, 0, 0, V|D|E, "field_order" },
+{"tt", NULL, 0, AV_OPT_TYPE_CONST, {.i64 = AV_FIELD_TT }, 0, 0, V|D|E, "field_order" },
+{"bb", NULL, 0, AV_OPT_TYPE_CONST, {.i64 = AV_FIELD_BB }, 0, 0, V|D|E, "field_order" },
+{"tb", NULL, 0, AV_OPT_TYPE_CONST, {.i64 = AV_FIELD_TB }, 0, 0, V|D|E, "field_order" },
+{"bt", NULL, 0, AV_OPT_TYPE_CONST, {.i64 = AV_FIELD_BT }, 0, 0, V|D|E, "field_order" },
+{"dump_separator", "set information dump field separator", OFFSET(dump_separator), AV_OPT_TYPE_STRING, {.str = NULL}, CHAR_MIN, CHAR_MAX, A|V|S|D|E},
+{"codec_whitelist", "List of decoders that are allowed to be used", OFFSET(codec_whitelist), AV_OPT_TYPE_STRING, { .str = NULL },  CHAR_MIN, CHAR_MAX, A|V|S|D },
+{"pixel_format", "set pixel format", OFFSET(pix_fmt), AV_OPT_TYPE_PIXEL_FMT, {.i64=AV_PIX_FMT_NONE}, -1, INT_MAX, 0 },
+{"video_size", "set video size", OFFSET(width), AV_OPT_TYPE_IMAGE_SIZE, {.str=NULL}, 0, INT_MAX, 0 },
+{"max_pixels", "Maximum number of pixels", OFFSET(max_pixels), AV_OPT_TYPE_INT64, {.i64 = INT_MAX }, 0, INT_MAX, A|V|S|D|E },
+{"hwaccel_flags", NULL, OFFSET(hwaccel_flags), AV_OPT_TYPE_FLAGS, {.i64 = AV_HWACCEL_FLAG_IGNORE_LEVEL }, 0, UINT_MAX, V|D, "hwaccel_flags"},
+{"ignore_level", "ignore level even if the codec level used is unknown or higher than the maximum supported level reported by the hardware driver", 0, AV_OPT_TYPE_CONST, { .i64 = AV_HWACCEL_FLAG_IGNORE_LEVEL }, INT_MIN, INT_MAX, V | D, "hwaccel_flags" },
+{"allow_high_depth", "allow to output YUV pixel formats with a different chroma sampling than 4:2:0 and/or other than 8 bits per component", 0, AV_OPT_TYPE_CONST, {.i64 = AV_HWACCEL_FLAG_ALLOW_HIGH_DEPTH }, INT_MIN, INT_MAX, V | D, "hwaccel_flags"},
+{"allow_profile_mismatch", "attempt to decode anyway if HW accelerated decoder's supported profiles do not exactly match the stream", 0, AV_OPT_TYPE_CONST, {.i64 = AV_HWACCEL_FLAG_ALLOW_PROFILE_MISMATCH }, INT_MIN, INT_MAX, V | D, "hwaccel_flags"},
+{NULL},
+};
+
+#undef A
+#undef V
+#undef S
+#undef E
+#undef D
+#undef DEFAULT
+#undef OFFSET
+
+#endif /* AVCODEC_OPTIONS_TABLE_H */
diff --git a/media/ffvpx/libavcodec/parser.c b/media/ffvpx/libavcodec/parser.c
index 30cfc55cb..670680ea7 100644
--- a/media/ffvpx/libavcodec/parser.c
+++ b/media/ffvpx/libavcodec/parser.c
@@ -20,6 +20,7 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
  */
 
+#include <inttypes.h>
 #include <stdint.h>
 #include <string.h>
 
@@ -251,7 +252,7 @@ int ff_combine_frame(ParseContext *pc, int next,
                      const uint8_t **buf, int *buf_size)
 {
     if (pc->overread) {
-        ff_dlog(NULL, "overread %d, state:%X next:%d index:%d o_index:%d\n",
+        ff_dlog(NULL, "overread %d, state:%"PRIX32" next:%d index:%d o_index:%d\n",
                 pc->overread, pc->state, next, pc->index, pc->overread_index);
         ff_dlog(NULL, "%X %X %X %X\n",
                 (*buf)[0], (*buf)[1], (*buf)[2], (*buf)[3]);
@@ -284,6 +285,8 @@ int ff_combine_frame(ParseContext *pc, int next,
         return -1;
     }
 
+    av_assert0(next >= 0 || pc->buffer);
+
     *buf_size          =
     pc->overread_index = pc->index + next;
 
@@ -314,7 +317,7 @@ int ff_combine_frame(ParseContext *pc, int next,
     }
 
     if (pc->overread) {
-        ff_dlog(NULL, "overread %d, state:%X next:%d index:%d o_index:%d\n",
+        ff_dlog(NULL, "overread %d, state:%"PRIX32" next:%d index:%d o_index:%d\n",
                 pc->overread, pc->state, next, pc->index, pc->overread_index);
         ff_dlog(NULL, "%X %X %X %X\n",
                 (*buf)[0], (*buf)[1], (*buf)[2], (*buf)[3]);
diff --git a/media/ffvpx/libavcodec/pixblockdsp.h b/media/ffvpx/libavcodec/pixblockdsp.h
index 79ed86c3a..e036700ff 100644
--- a/media/ffvpx/libavcodec/pixblockdsp.h
+++ b/media/ffvpx/libavcodec/pixblockdsp.h
@@ -21,16 +21,23 @@
 
 #include <stdint.h>
 
+#include "config.h"
+
 #include "avcodec.h"
 
 typedef struct PixblockDSPContext {
-    void (*get_pixels)(int16_t *block /* align 16 */,
+    void (*get_pixels)(int16_t *av_restrict block /* align 16 */,
                        const uint8_t *pixels /* align 8 */,
-                       ptrdiff_t line_size);
-    void (*diff_pixels)(int16_t *block /* align 16 */,
+                       ptrdiff_t stride);
+    void (*diff_pixels)(int16_t *av_restrict block /* align 16 */,
                         const uint8_t *s1 /* align 8 */,
                         const uint8_t *s2 /* align 8 */,
-                        int stride);
+                        ptrdiff_t stride);
+    void (*diff_pixels_unaligned)(int16_t *av_restrict block /* align 16 */,
+                        const uint8_t *s1,
+                        const uint8_t *s2,
+                        ptrdiff_t stride);
+
 } PixblockDSPContext;
 
 void ff_pixblockdsp_init(PixblockDSPContext *c, AVCodecContext *avctx);
diff --git a/media/ffvpx/libavcodec/profiles.c b/media/ffvpx/libavcodec/profiles.c
index da745e139..30498efed 100644
--- a/media/ffvpx/libavcodec/profiles.c
+++ b/media/ffvpx/libavcodec/profiles.c
@@ -46,6 +46,16 @@ const AVProfile ff_dca_profiles[] = {
     { FF_PROFILE_UNKNOWN },
 };
 
+const AVProfile ff_dnxhd_profiles[] = {
+  { FF_PROFILE_DNXHD,      "DNXHD"},
+  { FF_PROFILE_DNXHR_LB,   "DNXHR LB"},
+  { FF_PROFILE_DNXHR_SQ,   "DNXHR SQ"},
+  { FF_PROFILE_DNXHR_HQ,   "DNXHR HQ" },
+  { FF_PROFILE_DNXHR_HQX,  "DNXHR HQX"},
+  { FF_PROFILE_DNXHR_444,  "DNXHR 444"},
+  { FF_PROFILE_UNKNOWN },
+};
+
 const AVProfile ff_h264_profiles[] = {
     { FF_PROFILE_H264_BASELINE,             "Baseline"              },
     { FF_PROFILE_H264_CONSTRAINED_BASELINE, "Constrained Baseline"  },
@@ -60,6 +70,8 @@ const AVProfile ff_h264_profiles[] = {
     { FF_PROFILE_H264_HIGH_444_PREDICTIVE,  "High 4:4:4 Predictive" },
     { FF_PROFILE_H264_HIGH_444_INTRA,       "High 4:4:4 Intra"      },
     { FF_PROFILE_H264_CAVLC_444,            "CAVLC 4:4:4"           },
+    { FF_PROFILE_H264_MULTIVIEW_HIGH,       "Multiview High"        },
+    { FF_PROFILE_H264_STEREO_HIGH,          "Stereo High"           },
     { FF_PROFILE_UNKNOWN },
 };
 
diff --git a/media/ffvpx/libavcodec/profiles.h b/media/ffvpx/libavcodec/profiles.h
index c86c683ab..eb18b406a 100644
--- a/media/ffvpx/libavcodec/profiles.h
+++ b/media/ffvpx/libavcodec/profiles.h
@@ -23,6 +23,7 @@
 
 extern const AVProfile ff_aac_profiles[];
 extern const AVProfile ff_dca_profiles[];
+extern const AVProfile ff_dnxhd_profiles[];
 extern const AVProfile ff_h264_profiles[];
 extern const AVProfile ff_hevc_profiles[];
 extern const AVProfile ff_jpeg2000_profiles[];
diff --git a/media/ffvpx/libavcodec/pthread_frame.c b/media/ffvpx/libavcodec/pthread_frame.c
index a10fcbfe7..2c702c737 100644
--- a/media/ffvpx/libavcodec/pthread_frame.c
+++ b/media/ffvpx/libavcodec/pthread_frame.c
@@ -24,9 +24,11 @@
 
 #include "config.h"
 
+#include <stdatomic.h>
 #include <stdint.h>
 
 #include "avcodec.h"
+#include "hwaccel.h"
 #include "internal.h"
 #include "pthread_internal.h"
 #include "thread.h"
@@ -43,29 +45,28 @@
 #include "libavutil/opt.h"
 #include "libavutil/thread.h"
 
-#if defined(MOZ_TSAN)
-typedef  _Atomic(int)  atomic_int;
-#else
-typedef  volatile int  atomic_int;
-#endif
+enum {
+    ///< Set when the thread is awaiting a packet.
+    STATE_INPUT_READY,
+    ///< Set before the codec has called ff_thread_finish_setup().
+    STATE_SETTING_UP,
+    /**
+     * Set when the codec calls get_buffer().
+     * State is returned to STATE_SETTING_UP afterwards.
+     */
+    STATE_GET_BUFFER,
+     /**
+      * Set when the codec calls get_format().
+      * State is returned to STATE_SETTING_UP afterwards.
+      */
+    STATE_GET_FORMAT,
+    ///< Set after the codec has called ff_thread_finish_setup().
+    STATE_SETUP_FINISHED,
+};
 
 /**
  * Context used by codec threads and stored in their AVCodecInternal thread_ctx.
  */
-typedef enum {
-    STATE_INPUT_READY,          ///< Set when the thread is awaiting a packet.
-    STATE_SETTING_UP,           ///< Set before the codec has called ff_thread_finish_setup().
-    STATE_GET_BUFFER,           /**<
-                                 * Set when the codec calls get_buffer().
-                                 * State is returned to STATE_SETTING_UP afterwards.
-                                 */
-    STATE_GET_FORMAT,           /**<
-                                 * Set when the codec calls get_format().
-                                 * State is returned to STATE_SETTING_UP afterwards.
-                                 */
-    STATE_SETUP_FINISHED        ///< Set after the codec has called ff_thread_finish_setup().
-} State;
-
 typedef struct PerThreadContext {
     struct FrameThreadContext *parent;
 
@@ -103,6 +104,11 @@ typedef struct PerThreadContext {
     enum AVPixelFormat result_format;            ///< get_format() result
 
     int die;                        ///< Set when the thread should exit.
+
+    int hwaccel_serializing;
+    int async_serializing;
+
+    atomic_int debug_threads;       ///< Set if the FF_DEBUG_THREADS option is set.
 } PerThreadContext;
 
 /**
@@ -113,6 +119,14 @@ typedef struct FrameThreadContext {
     PerThreadContext *prev_thread; ///< The last thread submit_packet() was called on.
 
     pthread_mutex_t buffer_mutex;  ///< Mutex used to protect get/release_buffer().
+    /**
+     * This lock is used for ensuring threads run in serial when hwaccel
+     * is used.
+     */
+    pthread_mutex_t hwaccel_mutex;
+    pthread_mutex_t async_mutex;
+    pthread_cond_t async_cond;
+    int async_lock;
 
     int next_decoding;             ///< The next context to submit a packet to.
     int next_finished;             ///< The next context to return output from.
@@ -126,6 +140,24 @@ typedef struct FrameThreadContext {
 #define THREAD_SAFE_CALLBACKS(avctx) \
 ((avctx)->thread_safe_callbacks || (avctx)->get_buffer2 == avcodec_default_get_buffer2)
 
+static void async_lock(FrameThreadContext *fctx)
+{
+    pthread_mutex_lock(&fctx->async_mutex);
+    while (fctx->async_lock)
+        pthread_cond_wait(&fctx->async_cond, &fctx->async_mutex);
+    fctx->async_lock = 1;
+    pthread_mutex_unlock(&fctx->async_mutex);
+}
+
+static void async_unlock(FrameThreadContext *fctx)
+{
+    pthread_mutex_lock(&fctx->async_mutex);
+    av_assert0(fctx->async_lock);
+    fctx->async_lock = 0;
+    pthread_cond_broadcast(&fctx->async_cond);
+    pthread_mutex_unlock(&fctx->async_mutex);
+}
+
 /**
  * Codec worker thread.
  *
@@ -141,14 +173,29 @@ static attribute_align_arg void *frame_worker_thread(void *arg)
 
     pthread_mutex_lock(&p->mutex);
     while (1) {
-            while (p->state == STATE_INPUT_READY && !p->die)
-                pthread_cond_wait(&p->input_cond, &p->mutex);
+        while (atomic_load(&p->state) == STATE_INPUT_READY && !p->die)
+            pthread_cond_wait(&p->input_cond, &p->mutex);
 
         if (p->die) break;
 
         if (!codec->update_thread_context && THREAD_SAFE_CALLBACKS(avctx))
             ff_thread_finish_setup(avctx);
 
+        /* If a decoder supports hwaccel, then it must call ff_get_format().
+         * Since that call must happen before ff_thread_finish_setup(), the
+         * decoder is required to implement update_thread_context() and call
+         * ff_thread_finish_setup() manually. Therefore the above
+         * ff_thread_finish_setup() call did not happen and hwaccel_serializing
+         * cannot be true here. */
+        av_assert0(!p->hwaccel_serializing);
+
+        /* if the previous thread uses hwaccel then we take the lock to ensure
+         * the threads don't run concurrently */
+        if (avctx->hwaccel) {
+            pthread_mutex_lock(&p->parent->hwaccel_mutex);
+            p->hwaccel_serializing = 1;
+        }
+
         av_frame_unref(p->frame);
         p->got_frame = 0;
         p->result = codec->decode(avctx, p->frame, &p->got_frame, &p->avpkt);
@@ -160,17 +207,23 @@ static attribute_align_arg void *frame_worker_thread(void *arg)
             av_frame_unref(p->frame);
         }
 
-        if (p->state == STATE_SETTING_UP) ff_thread_finish_setup(avctx);
+        if (atomic_load(&p->state) == STATE_SETTING_UP)
+            ff_thread_finish_setup(avctx);
+
+        if (p->hwaccel_serializing) {
+            p->hwaccel_serializing = 0;
+            pthread_mutex_unlock(&p->parent->hwaccel_mutex);
+        }
+
+        if (p->async_serializing) {
+            p->async_serializing = 0;
+
+            async_unlock(p->parent);
+        }
 
         pthread_mutex_lock(&p->progress_mutex);
-#if 0 //BUFREF-FIXME
-        for (i = 0; i < MAX_BUFFERS; i++)
-            if (p->progress_used[i] && (p->got_frame || p->result<0 || avctx->codec_id != AV_CODEC_ID_H264)) {
-                p->progress[i][0] = INT_MAX;
-                p->progress[i][1] = INT_MAX;
-            }
-#endif
-        p->state = STATE_INPUT_READY;
+
+        atomic_store(&p->state, STATE_INPUT_READY);
 
         pthread_cond_broadcast(&p->progress_cond);
         pthread_cond_signal(&p->output_cond);
@@ -193,12 +246,13 @@ static int update_context_from_thread(AVCodecContext *dst, AVCodecContext *src,
 {
     int err = 0;
 
-    if (dst != src) {
+    if (dst != src && (for_user || !(av_codec_get_codec_descriptor(src)->props & AV_CODEC_PROP_INTRA_ONLY))) {
         dst->time_base = src->time_base;
         dst->framerate = src->framerate;
         dst->width     = src->width;
         dst->height    = src->height;
         dst->pix_fmt   = src->pix_fmt;
+        dst->sw_pix_fmt = src->sw_pix_fmt;
 
         dst->coded_width  = src->coded_width;
         dst->coded_height = src->coded_height;
@@ -234,6 +288,19 @@ FF_ENABLE_DEPRECATION_WARNINGS
         dst->sample_fmt     = src->sample_fmt;
         dst->channel_layout = src->channel_layout;
         dst->internal->hwaccel_priv_data = src->internal->hwaccel_priv_data;
+
+        if (!!dst->hw_frames_ctx != !!src->hw_frames_ctx ||
+            (dst->hw_frames_ctx && dst->hw_frames_ctx->data != src->hw_frames_ctx->data)) {
+            av_buffer_unref(&dst->hw_frames_ctx);
+
+            if (src->hw_frames_ctx) {
+                dst->hw_frames_ctx = av_buffer_ref(src->hw_frames_ctx);
+                if (!dst->hw_frames_ctx)
+                    return AVERROR(ENOMEM);
+            }
+        }
+
+        dst->hwaccel_flags = src->hwaccel_flags;
     }
 
     if (for_user) {
@@ -315,24 +382,35 @@ static void release_delayed_buffers(PerThreadContext *p)
     }
 }
 
-static int submit_packet(PerThreadContext *p, AVPacket *avpkt)
+static int submit_packet(PerThreadContext *p, AVCodecContext *user_avctx,
+                         AVPacket *avpkt)
 {
     FrameThreadContext *fctx = p->parent;
     PerThreadContext *prev_thread = fctx->prev_thread;
     const AVCodec *codec = p->avctx->codec;
+    int ret;
 
     if (!avpkt->size && !(codec->capabilities & AV_CODEC_CAP_DELAY))
         return 0;
 
     pthread_mutex_lock(&p->mutex);
 
+    ret = update_context_from_user(p->avctx, user_avctx);
+    if (ret) {
+        pthread_mutex_unlock(&p->mutex);
+        return ret;
+    }
+    atomic_store_explicit(&p->debug_threads,
+                          (p->avctx->debug & FF_DEBUG_THREADS) != 0,
+                          memory_order_relaxed);
+
     release_delayed_buffers(p);
 
     if (prev_thread) {
         int err;
-        if (prev_thread->state == STATE_SETTING_UP) {
+        if (atomic_load(&prev_thread->state) == STATE_SETTING_UP) {
             pthread_mutex_lock(&prev_thread->progress_mutex);
-            while (prev_thread->state == STATE_SETTING_UP)
+            while (atomic_load(&prev_thread->state) == STATE_SETTING_UP)
                 pthread_cond_wait(&prev_thread->progress_cond, &prev_thread->progress_mutex);
             pthread_mutex_unlock(&prev_thread->progress_mutex);
         }
@@ -345,9 +423,14 @@ static int submit_packet(PerThreadContext *p, AVPacket *avpkt)
     }
 
     av_packet_unref(&p->avpkt);
-    av_packet_ref(&p->avpkt, avpkt);
+    ret = av_packet_ref(&p->avpkt, avpkt);
+    if (ret < 0) {
+        pthread_mutex_unlock(&p->mutex);
+        av_log(p->avctx, AV_LOG_ERROR, "av_packet_ref() failed in submit_packet()\n");
+        return ret;
+    }
 
-    p->state = STATE_SETTING_UP;
+    atomic_store(&p->state, STATE_SETTING_UP);
     pthread_cond_signal(&p->input_cond);
     pthread_mutex_unlock(&p->mutex);
 
@@ -360,14 +443,13 @@ static int submit_packet(PerThreadContext *p, AVPacket *avpkt)
     if (!p->avctx->thread_safe_callbacks && (
          p->avctx->get_format != avcodec_default_get_format ||
          p->avctx->get_buffer2 != avcodec_default_get_buffer2)) {
-        while (p->state != STATE_SETUP_FINISHED && p->state != STATE_INPUT_READY) {
+        while (atomic_load(&p->state) != STATE_SETUP_FINISHED && atomic_load(&p->state) != STATE_INPUT_READY) {
             int call_done = 1;
             pthread_mutex_lock(&p->progress_mutex);
-            while (p->state == STATE_SETTING_UP)
+            while (atomic_load(&p->state) == STATE_SETTING_UP)
                 pthread_cond_wait(&p->progress_cond, &p->progress_mutex);
 
-            State p_state = (State)p->state;
-            switch (p_state) {
+            switch (atomic_load_explicit(&p->state, memory_order_acquire)) {
             case STATE_GET_BUFFER:
                 p->result = ff_get_buffer(p->avctx, p->requested_frame, p->requested_flags);
                 break;
@@ -379,7 +461,7 @@ static int submit_packet(PerThreadContext *p, AVPacket *avpkt)
                 break;
             }
             if (call_done) {
-                p->state  = STATE_SETTING_UP;
+                atomic_store(&p->state, STATE_SETTING_UP);
                 pthread_cond_signal(&p->progress_cond);
             }
             pthread_mutex_unlock(&p->progress_mutex);
@@ -401,15 +483,18 @@ int ff_thread_decode_frame(AVCodecContext *avctx,
     PerThreadContext *p;
     int err;
 
+    /* release the async lock, permitting blocked hwaccel threads to
+     * go forward while we are in this function */
+    async_unlock(fctx);
+
     /*
      * Submit a packet to the next decoding thread.
      */
 
     p = &fctx->threads[fctx->next_decoding];
-    err = update_context_from_user(p->avctx, avctx);
-    if (err) return err;
-    err = submit_packet(p, avpkt);
-    if (err) return err;
+    err = submit_packet(p, avctx, avpkt);
+    if (err)
+        goto finish;
 
     /*
      * If we're still receiving the initial packets, don't return a frame.
@@ -420,23 +505,25 @@ int ff_thread_decode_frame(AVCodecContext *avctx,
 
     if (fctx->delaying) {
         *got_picture_ptr=0;
-        if (avpkt->size)
-            return avpkt->size;
+        if (avpkt->size) {
+            err = avpkt->size;
+            goto finish;
+        }
     }
 
     /*
      * Return the next available frame from the oldest thread.
      * If we're at the end of the stream, then we have to skip threads that
-     * didn't output a frame, because we don't want to accidentally signal
-     * EOF (avpkt->size == 0 && *got_picture_ptr == 0).
+     * didn't output a frame/error, because we don't want to accidentally signal
+     * EOF (avpkt->size == 0 && *got_picture_ptr == 0 && err >= 0).
      */
 
     do {
         p = &fctx->threads[finished++];
 
-        if (p->state != STATE_INPUT_READY) {
+        if (atomic_load(&p->state) != STATE_INPUT_READY) {
             pthread_mutex_lock(&p->progress_mutex);
-            while (p->state != STATE_INPUT_READY)
+            while (atomic_load_explicit(&p->state, memory_order_relaxed) != STATE_INPUT_READY)
                 pthread_cond_wait(&p->output_cond, &p->progress_mutex);
             pthread_mutex_unlock(&p->progress_mutex);
         }
@@ -444,20 +531,19 @@ int ff_thread_decode_frame(AVCodecContext *avctx,
         av_frame_move_ref(picture, p->frame);
         *got_picture_ptr = p->got_frame;
         picture->pkt_dts = p->avpkt.dts;
-
-        if (p->result < 0)
-            err = p->result;
+        err = p->result;
 
         /*
          * A later call with avkpt->size == 0 may loop over all threads,
-         * including this one, searching for a frame to return before being
+         * including this one, searching for a frame/error to return before being
          * stopped by the "finished != fctx->next_finished" condition.
-         * Make sure we don't mistakenly return the same frame again.
+         * Make sure we don't mistakenly return the same frame/error again.
          */
         p->got_frame = 0;
+        p->result = 0;
 
         if (finished >= avctx->thread_count) finished = 0;
-    } while (!avpkt->size && !*got_picture_ptr && finished != fctx->next_finished);
+    } while (!avpkt->size && !*got_picture_ptr && err >= 0 && finished != fctx->next_finished);
 
     update_context_from_thread(avctx, p->avctx, 1);
 
@@ -465,16 +551,12 @@ int ff_thread_decode_frame(AVCodecContext *avctx,
 
     fctx->next_finished = finished;
 
-    /*
-     * When no frame was found while flushing, but an error occurred in
-     * any thread, return it instead of 0.
-     * Otherwise the error can get lost.
-     */
-    if (!avpkt->size && !*got_picture_ptr)
-        return err;
-
     /* return the size of the consumed packet if no error occurred */
-    return (p->result >= 0) ? avpkt->size : p->result;
+    if (err >= 0)
+        err = avpkt->size;
+finish:
+    async_lock(fctx);
+    return err;
 }
 
 void ff_thread_report_progress(ThreadFrame *f, int n, int field)
@@ -482,15 +564,20 @@ void ff_thread_report_progress(ThreadFrame *f, int n, int field)
     PerThreadContext *p;
     atomic_int *progress = f->progress ? (atomic_int*)f->progress->data : NULL;
 
-    if (!progress || progress[field] >= n) return;
+    if (!progress ||
+        atomic_load_explicit(&progress[field], memory_order_relaxed) >= n)
+        return;
 
-    p = f->owner->internal->thread_ctx;
+    p = f->owner[field]->internal->thread_ctx;
 
-    if (f->owner->debug&FF_DEBUG_THREADS)
-        av_log(f->owner, AV_LOG_DEBUG, "%p finished %d field %d\n", progress, n, field);
+    if (atomic_load_explicit(&p->debug_threads, memory_order_relaxed))
+        av_log(f->owner[field], AV_LOG_DEBUG,
+               "%p finished %d field %d\n", progress, n, field);
 
     pthread_mutex_lock(&p->progress_mutex);
-    progress[field] = n;
+
+    atomic_store_explicit(&progress[field], n, memory_order_release);
+
     pthread_cond_broadcast(&p->progress_cond);
     pthread_mutex_unlock(&p->progress_mutex);
 }
@@ -500,15 +587,18 @@ void ff_thread_await_progress(ThreadFrame *f, int n, int field)
     PerThreadContext *p;
     atomic_int *progress = f->progress ? (atomic_int*)f->progress->data : NULL;
 
-    if (!progress || progress[field] >= n) return;
+    if (!progress ||
+        atomic_load_explicit(&progress[field], memory_order_acquire) >= n)
+        return;
 
-    p = f->owner->internal->thread_ctx;
+    p = f->owner[field]->internal->thread_ctx;
 
-    if (f->owner->debug&FF_DEBUG_THREADS)
-        av_log(f->owner, AV_LOG_DEBUG, "thread awaiting %d field %d from %p\n", n, field, progress);
+    if (atomic_load_explicit(&p->debug_threads, memory_order_relaxed))
+        av_log(f->owner[field], AV_LOG_DEBUG,
+               "thread awaiting %d field %d from %p\n", n, field, progress);
 
     pthread_mutex_lock(&p->progress_mutex);
-    while (progress[field] < n)
+    while (atomic_load_explicit(&progress[field], memory_order_relaxed) < n)
         pthread_cond_wait(&p->progress_cond, &p->progress_mutex);
     pthread_mutex_unlock(&p->progress_mutex);
 }
@@ -518,12 +608,26 @@ void ff_thread_finish_setup(AVCodecContext *avctx) {
 
     if (!(avctx->active_thread_type&FF_THREAD_FRAME)) return;
 
-    if(p->state == STATE_SETUP_FINISHED){
-        av_log(avctx, AV_LOG_WARNING, "Multiple ff_thread_finish_setup() calls\n");
+    if (avctx->hwaccel && !p->hwaccel_serializing) {
+        pthread_mutex_lock(&p->parent->hwaccel_mutex);
+        p->hwaccel_serializing = 1;
+    }
+
+    /* this assumes that no hwaccel calls happen before ff_thread_finish_setup() */
+    if (avctx->hwaccel &&
+        !(avctx->hwaccel->caps_internal & HWACCEL_CAP_ASYNC_SAFE)) {
+        p->async_serializing = 1;
+
+        async_lock(p->parent);
     }
 
     pthread_mutex_lock(&p->progress_mutex);
-    p->state = STATE_SETUP_FINISHED;
+    if(atomic_load(&p->state) == STATE_SETUP_FINISHED){
+        av_log(avctx, AV_LOG_WARNING, "Multiple ff_thread_finish_setup() calls\n");
+    }
+
+    atomic_store(&p->state, STATE_SETUP_FINISHED);
+
     pthread_cond_broadcast(&p->progress_cond);
     pthread_mutex_unlock(&p->progress_mutex);
 }
@@ -533,17 +637,21 @@ static void park_frame_worker_threads(FrameThreadContext *fctx, int thread_count
 {
     int i;
 
+    async_unlock(fctx);
+
     for (i = 0; i < thread_count; i++) {
         PerThreadContext *p = &fctx->threads[i];
 
-        if (p->state != STATE_INPUT_READY) {
+        if (atomic_load(&p->state) != STATE_INPUT_READY) {
             pthread_mutex_lock(&p->progress_mutex);
-            while (p->state != STATE_INPUT_READY)
+            while (atomic_load(&p->state) != STATE_INPUT_READY)
                 pthread_cond_wait(&p->output_cond, &p->progress_mutex);
             pthread_mutex_unlock(&p->progress_mutex);
         }
         p->got_frame = 0;
     }
+
+    async_lock(fctx);
 }
 
 void ff_frame_thread_free(AVCodecContext *avctx, int thread_count)
@@ -596,13 +704,20 @@ void ff_frame_thread_free(AVCodecContext *avctx, int thread_count)
             av_freep(&p->avctx->slice_offset);
         }
 
-        if (p->avctx)
+        if (p->avctx) {
             av_freep(&p->avctx->internal);
+            av_buffer_unref(&p->avctx->hw_frames_ctx);
+        }
+
         av_freep(&p->avctx);
     }
 
     av_freep(&fctx->threads);
     pthread_mutex_destroy(&fctx->buffer_mutex);
+    pthread_mutex_destroy(&fctx->hwaccel_mutex);
+    pthread_mutex_destroy(&fctx->async_mutex);
+    pthread_cond_destroy(&fctx->async_cond);
+
     av_freep(&avctx->internal->thread_ctx);
 
     if (avctx->priv_data && avctx->codec && avctx->codec->priv_class)
@@ -624,8 +739,10 @@ int ff_frame_thread_init(AVCodecContext *avctx)
 
     if (!thread_count) {
         int nb_cpus = av_cpu_count();
+#if FF_API_DEBUG_MV
         if ((avctx->debug & (FF_DEBUG_VIS_QP | FF_DEBUG_VIS_MB_TYPE)) || avctx->debug_mv)
             nb_cpus = 1;
+#endif
         // use number of cores + 1 as thread count if there is more than one
         if (nb_cpus > 1)
             thread_count = avctx->thread_count = FFMIN(nb_cpus + 1, MAX_AUTO_THREADS);
@@ -649,6 +766,11 @@ int ff_frame_thread_init(AVCodecContext *avctx)
     }
 
     pthread_mutex_init(&fctx->buffer_mutex, NULL);
+    pthread_mutex_init(&fctx->hwaccel_mutex, NULL);
+    pthread_mutex_init(&fctx->async_mutex, NULL);
+    pthread_cond_init(&fctx->async_cond, NULL);
+
+    fctx->async_lock = 1;
     fctx->delaying = 1;
 
     for (i = 0; i < thread_count; i++) {
@@ -686,7 +808,7 @@ int ff_frame_thread_init(AVCodecContext *avctx)
         }
         *copy->internal = *src->internal;
         copy->internal->thread_ctx = p;
-        copy->internal->pkt = &p->avpkt;
+        copy->internal->last_pkt_props = &p->avpkt;
 
         if (!i) {
             src = copy;
@@ -710,6 +832,8 @@ int ff_frame_thread_init(AVCodecContext *avctx)
 
         if (err) goto error;
 
+        atomic_init(&p->debug_threads, (copy->debug & FF_DEBUG_THREADS) != 0);
+
         err = AVERROR(pthread_create(&p->thread, NULL, frame_worker_thread, p));
         p->thread_init= !err;
         if(!p->thread_init)
@@ -745,6 +869,7 @@ void ff_thread_flush(AVCodecContext *avctx)
         // Make sure decode flush calls with size=0 won't return old frames
         p->got_frame = 0;
         av_frame_unref(p->frame);
+        p->result = 0;
 
         release_delayed_buffers(p);
 
@@ -756,7 +881,7 @@ void ff_thread_flush(AVCodecContext *avctx)
 int ff_thread_can_start_frame(AVCodecContext *avctx)
 {
     PerThreadContext *p = avctx->internal->thread_ctx;
-    if ((avctx->active_thread_type&FF_THREAD_FRAME) && p->state != STATE_SETTING_UP &&
+    if ((avctx->active_thread_type&FF_THREAD_FRAME) && atomic_load(&p->state) != STATE_SETTING_UP &&
         (avctx->codec->update_thread_context || !THREAD_SAFE_CALLBACKS(avctx))) {
         return 0;
     }
@@ -768,28 +893,29 @@ static int thread_get_buffer_internal(AVCodecContext *avctx, ThreadFrame *f, int
     PerThreadContext *p = avctx->internal->thread_ctx;
     int err;
 
-    f->owner = avctx;
+    f->owner[0] = f->owner[1] = avctx;
 
     ff_init_buffer_info(avctx, f->f);
 
     if (!(avctx->active_thread_type & FF_THREAD_FRAME))
         return ff_get_buffer(avctx, f->f, flags);
 
-    if (p->state != STATE_SETTING_UP &&
+    if (atomic_load(&p->state) != STATE_SETTING_UP &&
         (avctx->codec->update_thread_context || !THREAD_SAFE_CALLBACKS(avctx))) {
         av_log(avctx, AV_LOG_ERROR, "get_buffer() cannot be called after ff_thread_finish_setup()\n");
         return -1;
     }
 
     if (avctx->internal->allocate_progress) {
-        int *progress;
-        f->progress = av_buffer_alloc(2 * sizeof(int));
+        atomic_int *progress;
+        f->progress = av_buffer_alloc(2 * sizeof(*progress));
         if (!f->progress) {
             return AVERROR(ENOMEM);
         }
-        progress = (int*)f->progress->data;
+        progress = (atomic_int*)f->progress->data;
 
-        progress[0] = progress[1] = -1;
+        atomic_init(&progress[0], -1);
+        atomic_init(&progress[1], -1);
     }
 
     pthread_mutex_lock(&p->parent->buffer_mutex);
@@ -800,10 +926,10 @@ static int thread_get_buffer_internal(AVCodecContext *avctx, ThreadFrame *f, int
         pthread_mutex_lock(&p->progress_mutex);
         p->requested_frame = f->f;
         p->requested_flags = flags;
-        p->state = STATE_GET_BUFFER;
+        atomic_store_explicit(&p->state, STATE_GET_BUFFER, memory_order_release);
         pthread_cond_broadcast(&p->progress_cond);
 
-        while (p->state != STATE_SETTING_UP)
+        while (atomic_load(&p->state) != STATE_SETTING_UP)
             pthread_cond_wait(&p->progress_cond, &p->progress_mutex);
 
         err = p->result;
@@ -828,16 +954,16 @@ enum AVPixelFormat ff_thread_get_format(AVCodecContext *avctx, const enum AVPixe
     if (!(avctx->active_thread_type & FF_THREAD_FRAME) || avctx->thread_safe_callbacks ||
         avctx->get_format == avcodec_default_get_format)
         return ff_get_format(avctx, fmt);
-    if (p->state != STATE_SETTING_UP) {
+    if (atomic_load(&p->state) != STATE_SETTING_UP) {
         av_log(avctx, AV_LOG_ERROR, "get_format() cannot be called after ff_thread_finish_setup()\n");
         return -1;
     }
     pthread_mutex_lock(&p->progress_mutex);
     p->available_formats = fmt;
-    p->state = STATE_GET_FORMAT;
+    atomic_store(&p->state, STATE_GET_FORMAT);
     pthread_cond_broadcast(&p->progress_cond);
 
-    while (p->state != STATE_SETTING_UP)
+    while (atomic_load(&p->state) != STATE_SETTING_UP)
         pthread_cond_wait(&p->progress_cond, &p->progress_mutex);
 
     res = p->result_format;
@@ -871,7 +997,7 @@ void ff_thread_release_buffer(AVCodecContext *avctx, ThreadFrame *f)
         av_log(avctx, AV_LOG_DEBUG, "thread_release_buffer called on pic %p\n", f);
 
     av_buffer_unref(&f->progress);
-    f->owner    = NULL;
+    f->owner[0] = f->owner[1] = NULL;
 
     if (can_direct_free) {
         av_frame_unref(f->f);
diff --git a/media/ffvpx/libavcodec/pthread_slice.c b/media/ffvpx/libavcodec/pthread_slice.c
index 96a7643f6..d659f9b0b 100644
--- a/media/ffvpx/libavcodec/pthread_slice.c
+++ b/media/ffvpx/libavcodec/pthread_slice.c
@@ -34,26 +34,21 @@
 #include "libavutil/cpu.h"
 #include "libavutil/mem.h"
 #include "libavutil/thread.h"
+#include "libavutil/slicethread.h"
 
 typedef int (action_func)(AVCodecContext *c, void *arg);
 typedef int (action_func2)(AVCodecContext *c, void *arg, int jobnr, int threadnr);
+typedef int (main_func)(AVCodecContext *c);
 
 typedef struct SliceThreadContext {
-    pthread_t *workers;
+    AVSliceThread *thread;
     action_func *func;
     action_func2 *func2;
+    main_func *mainfunc;
     void *args;
     int *rets;
-    int job_count;
     int job_size;
 
-    pthread_cond_t last_job_cond;
-    pthread_cond_t current_job_cond;
-    pthread_mutex_t current_job_lock;
-    unsigned current_execute;
-    int current_job;
-    int done;
-
     int *entries;
     int entries_count;
     int thread_count;
@@ -61,43 +56,22 @@ typedef struct SliceThreadContext {
     pthread_mutex_t *progress_mutex;
 } SliceThreadContext;
 
-static void* attribute_align_arg worker(void *v)
-{
-    AVCodecContext *avctx = v;
+static void main_function(void *priv) {
+    AVCodecContext *avctx = priv;
     SliceThreadContext *c = avctx->internal->thread_ctx;
-    unsigned last_execute = 0;
-    int our_job = c->job_count;
-    int thread_count = avctx->thread_count;
-    int self_id;
-
-    pthread_mutex_lock(&c->current_job_lock);
-    self_id = c->current_job++;
-    for (;;){
-        int ret;
-        while (our_job >= c->job_count) {
-            if (c->current_job == thread_count + c->job_count)
-                pthread_cond_signal(&c->last_job_cond);
-
-            while (last_execute == c->current_execute && !c->done)
-                pthread_cond_wait(&c->current_job_cond, &c->current_job_lock);
-            last_execute = c->current_execute;
-            our_job = self_id;
-
-            if (c->done) {
-                pthread_mutex_unlock(&c->current_job_lock);
-                return NULL;
-            }
-        }
-        pthread_mutex_unlock(&c->current_job_lock);
+    c->mainfunc(avctx);
+}
 
-        ret = c->func ? c->func(avctx, (char*)c->args + our_job*c->job_size):
-                                c->func2(avctx, c->args, our_job, self_id);
-        if (c->rets)
-            c->rets[our_job%c->job_count] = ret;
+static void worker_func(void *priv, int jobnr, int threadnr, int nb_jobs, int nb_threads)
+{
+    AVCodecContext *avctx = priv;
+    SliceThreadContext *c = avctx->internal->thread_ctx;
+    int ret;
 
-        pthread_mutex_lock(&c->current_job_lock);
-        our_job = c->current_job++;
-    }
+    ret = c->func ? c->func(avctx, (char *)c->args + c->job_size * jobnr)
+                  : c->func2(avctx, c->args, jobnr, threadnr);
+    if (c->rets)
+        c->rets[jobnr] = ret;
 }
 
 void ff_slice_thread_free(AVCodecContext *avctx)
@@ -105,40 +79,19 @@ void ff_slice_thread_free(AVCodecContext *avctx)
     SliceThreadContext *c = avctx->internal->thread_ctx;
     int i;
 
-    pthread_mutex_lock(&c->current_job_lock);
-    c->done = 1;
-    pthread_cond_broadcast(&c->current_job_cond);
-    for (i = 0; i < c->thread_count; i++)
-        pthread_cond_broadcast(&c->progress_cond[i]);
-    pthread_mutex_unlock(&c->current_job_lock);
-
-    for (i=0; i<avctx->thread_count; i++)
-         pthread_join(c->workers[i], NULL);
+    avpriv_slicethread_free(&c->thread);
 
     for (i = 0; i < c->thread_count; i++) {
         pthread_mutex_destroy(&c->progress_mutex[i]);
         pthread_cond_destroy(&c->progress_cond[i]);
     }
 
-    pthread_mutex_destroy(&c->current_job_lock);
-    pthread_cond_destroy(&c->current_job_cond);
-    pthread_cond_destroy(&c->last_job_cond);
-
     av_freep(&c->entries);
     av_freep(&c->progress_mutex);
     av_freep(&c->progress_cond);
-
-    av_freep(&c->workers);
     av_freep(&avctx->internal->thread_ctx);
 }
 
-static av_always_inline void thread_park_workers(SliceThreadContext *c, int thread_count)
-{
-    while (c->current_job != thread_count + c->job_count)
-        pthread_cond_wait(&c->last_job_cond, &c->current_job_lock);
-    pthread_mutex_unlock(&c->current_job_lock);
-}
-
 static int thread_execute(AVCodecContext *avctx, action_func* func, void *arg, int *ret, int job_count, int job_size)
 {
     SliceThreadContext *c = avctx->internal->thread_ctx;
@@ -149,23 +102,12 @@ static int thread_execute(AVCodecContext *avctx, action_func* func, void *arg, i
     if (job_count <= 0)
         return 0;
 
-    pthread_mutex_lock(&c->current_job_lock);
-
-    c->current_job = avctx->thread_count;
-    c->job_count = job_count;
     c->job_size = job_size;
     c->args = arg;
     c->func = func;
-    if (ret) {
-        c->rets = ret;
-    } else {
-        c->rets = NULL;
-    }
-    c->current_execute++;
-    pthread_cond_broadcast(&c->current_job_cond);
-
-    thread_park_workers(c, avctx->thread_count);
+    c->rets = ret;
 
+    avpriv_slicethread_execute(c->thread, job_count, !!c->mainfunc  );
     return 0;
 }
 
@@ -176,11 +118,19 @@ static int thread_execute2(AVCodecContext *avctx, action_func2* func2, void *arg
     return thread_execute(avctx, NULL, arg, ret, job_count, 0);
 }
 
+int ff_slice_thread_execute_with_mainfunc(AVCodecContext *avctx, action_func2* func2, main_func *mainfunc, void *arg, int *ret, int job_count)
+{
+    SliceThreadContext *c = avctx->internal->thread_ctx;
+    c->func2 = func2;
+    c->mainfunc = mainfunc;
+    return thread_execute(avctx, NULL, arg, ret, job_count, 0);
+}
+
 int ff_slice_thread_init(AVCodecContext *avctx)
 {
-    int i;
     SliceThreadContext *c;
     int thread_count = avctx->thread_count;
+    static void (*mainfunc)(void *);
 
 #if HAVE_W32THREADS
     w32thread_init();
@@ -208,35 +158,17 @@ int ff_slice_thread_init(AVCodecContext *avctx)
         return 0;
     }
 
-    c = av_mallocz(sizeof(SliceThreadContext));
-    if (!c)
-        return -1;
-
-    c->workers = av_mallocz_array(thread_count, sizeof(pthread_t));
-    if (!c->workers) {
-        av_free(c);
-        return -1;
-    }
-
-    avctx->internal->thread_ctx = c;
-    c->current_job = 0;
-    c->job_count = 0;
-    c->job_size = 0;
-    c->done = 0;
-    pthread_cond_init(&c->current_job_cond, NULL);
-    pthread_cond_init(&c->last_job_cond, NULL);
-    pthread_mutex_init(&c->current_job_lock, NULL);
-    pthread_mutex_lock(&c->current_job_lock);
-    for (i=0; i<thread_count; i++) {
-        if(pthread_create(&c->workers[i], NULL, worker, avctx)) {
-           avctx->thread_count = i;
-           pthread_mutex_unlock(&c->current_job_lock);
-           ff_thread_free(avctx);
-           return -1;
-        }
+    avctx->internal->thread_ctx = c = av_mallocz(sizeof(*c));
+    mainfunc = avctx->codec->caps_internal & FF_CODEC_CAP_SLICE_THREAD_HAS_MF ? &main_function : NULL;
+    if (!c || (thread_count = avpriv_slicethread_create(&c->thread, avctx, worker_func, mainfunc, thread_count)) <= 1) {
+        if (c)
+            avpriv_slicethread_free(&c->thread);
+        av_freep(&avctx->internal->thread_ctx);
+        avctx->thread_count = 1;
+        avctx->active_thread_type = 0;
+        return 0;
     }
-
-    thread_park_workers(c, thread_count);
+    avctx->thread_count = thread_count;
 
     avctx->execute = thread_execute;
     avctx->execute2 = thread_execute2;
diff --git a/media/ffvpx/libavcodec/put_bits.h b/media/ffvpx/libavcodec/put_bits.h
index 68ed39119..1ceb1cc76 100644
--- a/media/ffvpx/libavcodec/put_bits.h
+++ b/media/ffvpx/libavcodec/put_bits.h
@@ -119,6 +119,18 @@ static inline void flush_put_bits(PutBitContext *s)
     s->bit_buf  = 0;
 }
 
+static inline void flush_put_bits_le(PutBitContext *s)
+{
+    while (s->bit_left < 32) {
+        av_assert0(s->buf_ptr < s->buf_end);
+        *s->buf_ptr++ = s->bit_buf;
+        s->bit_buf  >>= 8;
+        s->bit_left  += 8;
+    }
+    s->bit_left = 32;
+    s->bit_buf  = 0;
+}
+
 #ifdef BITSTREAM_WRITER_LE
 #define avpriv_align_put_bits align_put_bits_unsupported_here
 #define avpriv_put_string ff_put_string_unsupported_here
@@ -197,6 +209,34 @@ static inline void put_bits(PutBitContext *s, int n, unsigned int value)
     s->bit_left = bit_left;
 }
 
+static inline void put_bits_le(PutBitContext *s, int n, unsigned int value)
+{
+    unsigned int bit_buf;
+    int bit_left;
+
+    av_assert2(n <= 31 && value < (1U << n));
+
+    bit_buf  = s->bit_buf;
+    bit_left = s->bit_left;
+
+    bit_buf |= value << (32 - bit_left);
+    if (n >= bit_left) {
+        if (3 < s->buf_end - s->buf_ptr) {
+            AV_WL32(s->buf_ptr, bit_buf);
+            s->buf_ptr += 4;
+        } else {
+            av_log(NULL, AV_LOG_ERROR, "Internal error, put_bits buffer too small\n");
+            av_assert2(0);
+        }
+        bit_buf     = value >> bit_left;
+        bit_left   += 32;
+    }
+    bit_left -= n;
+
+    s->bit_buf  = bit_buf;
+    s->bit_left = bit_left;
+}
+
 static inline void put_sbits(PutBitContext *pb, int n, int32_t value)
 {
     av_assert2(n >= 0 && n <= 31);
@@ -209,15 +249,72 @@ static inline void put_sbits(PutBitContext *pb, int n, int32_t value)
  */
 static void av_unused put_bits32(PutBitContext *s, uint32_t value)
 {
-    int lo = value & 0xffff;
-    int hi = value >> 16;
+    unsigned int bit_buf;
+    int bit_left;
+
+    bit_buf  = s->bit_buf;
+    bit_left = s->bit_left;
+
 #ifdef BITSTREAM_WRITER_LE
-    put_bits(s, 16, lo);
-    put_bits(s, 16, hi);
+    bit_buf |= value << (32 - bit_left);
+    if (3 < s->buf_end - s->buf_ptr) {
+        AV_WL32(s->buf_ptr, bit_buf);
+        s->buf_ptr += 4;
+    } else {
+        av_log(NULL, AV_LOG_ERROR, "Internal error, put_bits buffer too small\n");
+        av_assert2(0);
+    }
+    bit_buf     = (uint64_t)value >> bit_left;
 #else
-    put_bits(s, 16, hi);
-    put_bits(s, 16, lo);
+    bit_buf     = (uint64_t)bit_buf << bit_left;
+    bit_buf    |= value >> (32 - bit_left);
+    if (3 < s->buf_end - s->buf_ptr) {
+        AV_WB32(s->buf_ptr, bit_buf);
+        s->buf_ptr += 4;
+    } else {
+        av_log(NULL, AV_LOG_ERROR, "Internal error, put_bits buffer too small\n");
+        av_assert2(0);
+    }
+    bit_buf     = value;
 #endif
+
+    s->bit_buf  = bit_buf;
+    s->bit_left = bit_left;
+}
+
+/**
+ * Write up to 64 bits into a bitstream.
+ */
+static inline void put_bits64(PutBitContext *s, int n, uint64_t value)
+{
+    av_assert2((n == 64) || (n < 64 && value < (UINT64_C(1) << n)));
+
+    if (n < 32)
+        put_bits(s, n, value);
+    else if (n == 32)
+        put_bits32(s, value);
+    else if (n < 64) {
+        uint32_t lo = value & 0xffffffff;
+        uint32_t hi = value >> 32;
+#ifdef BITSTREAM_WRITER_LE
+        put_bits32(s, lo);
+        put_bits(s, n - 32, hi);
+#else
+        put_bits(s, n - 32, hi);
+        put_bits32(s, lo);
+#endif
+    } else {
+        uint32_t lo = value & 0xffffffff;
+        uint32_t hi = value >> 32;
+#ifdef BITSTREAM_WRITER_LE
+        put_bits32(s, lo);
+        put_bits32(s, hi);
+#else
+        put_bits32(s, hi);
+        put_bits32(s, lo);
+#endif
+
+    }
 }
 
 /**
diff --git a/media/ffvpx/libavcodec/ratecontrol.h b/media/ffvpx/libavcodec/ratecontrol.h
index c15f9e258..2a7aaec64 100644
--- a/media/ffvpx/libavcodec/ratecontrol.h
+++ b/media/ffvpx/libavcodec/ratecontrol.h
@@ -96,8 +96,4 @@ void ff_rate_control_uninit(struct MpegEncContext *s);
 int ff_vbv_update(struct MpegEncContext *s, int frame_size);
 void ff_get_2pass_fcode(struct MpegEncContext *s);
 
-int ff_xvid_rate_control_init(struct MpegEncContext *s);
-void ff_xvid_rate_control_uninit(struct MpegEncContext *s);
-float ff_xvid_rate_estimate_qscale(struct MpegEncContext *s, int dry_run);
-
 #endif /* AVCODEC_RATECONTROL_H */
diff --git a/media/ffvpx/libavcodec/raw.c b/media/ffvpx/libavcodec/raw.c
index f73a134a9..8da2a9735 100644
--- a/media/ffvpx/libavcodec/raw.c
+++ b/media/ffvpx/libavcodec/raw.c
@@ -119,6 +119,12 @@ const PixelFormatTag ff_raw_pix_fmt_tags[] = {
     { AV_PIX_FMT_RGB48BE,  MKTAG( 48, 'R', 'G', 'B') },
     { AV_PIX_FMT_BGR48LE,  MKTAG('B', 'G', 'R', 48 ) },
     { AV_PIX_FMT_BGR48BE,  MKTAG( 48, 'B', 'G', 'R') },
+    { AV_PIX_FMT_GRAY9LE,     MKTAG('Y', '1',  0 ,  9 ) },
+    { AV_PIX_FMT_GRAY9BE,     MKTAG( 9 ,  0 , '1', 'Y') },
+    { AV_PIX_FMT_GRAY10LE,    MKTAG('Y', '1',  0 , 10 ) },
+    { AV_PIX_FMT_GRAY10BE,    MKTAG(10 ,  0 , '1', 'Y') },
+    { AV_PIX_FMT_GRAY12LE,    MKTAG('Y', '1',  0 , 12 ) },
+    { AV_PIX_FMT_GRAY12BE,    MKTAG(12 ,  0 , '1', 'Y') },
     { AV_PIX_FMT_GRAY16LE,    MKTAG('Y', '1',  0 , 16 ) },
     { AV_PIX_FMT_GRAY16BE,    MKTAG(16 ,  0 , '1', 'Y') },
     { AV_PIX_FMT_YUV420P9LE,  MKTAG('Y', '3', 11 ,  9 ) },
@@ -266,6 +272,14 @@ const PixelFormatTag ff_raw_pix_fmt_tags[] = {
     { AV_PIX_FMT_YUV422P10BE, MKTAG('I', '2', 'A', 'B') },
     { AV_PIX_FMT_YUV444P10LE, MKTAG('I', '4', 'A', 'L') },
     { AV_PIX_FMT_YUV444P10BE, MKTAG('I', '4', 'A', 'B') },
+    { AV_PIX_FMT_YUV420P12LE, MKTAG('I', '0', 'C', 'L') },
+    { AV_PIX_FMT_YUV420P12BE, MKTAG('I', '0', 'C', 'B') },
+    { AV_PIX_FMT_YUV422P12LE, MKTAG('I', '2', 'C', 'L') },
+    { AV_PIX_FMT_YUV422P12BE, MKTAG('I', '2', 'C', 'B') },
+    { AV_PIX_FMT_YUV444P12LE, MKTAG('I', '4', 'C', 'L') },
+    { AV_PIX_FMT_YUV444P12BE, MKTAG('I', '4', 'C', 'B') },
+    { AV_PIX_FMT_YUV420P16LE, MKTAG('I', '0', 'F', 'L') },
+    { AV_PIX_FMT_YUV420P16BE, MKTAG('I', '0', 'F', 'B') },
     { AV_PIX_FMT_YUV444P16LE, MKTAG('I', '4', 'F', 'L') },
     { AV_PIX_FMT_YUV444P16BE, MKTAG('I', '4', 'F', 'B') },
 
diff --git a/media/ffvpx/libavcodec/thread.h b/media/ffvpx/libavcodec/thread.h
index c848d7ae8..318619316 100644
--- a/media/ffvpx/libavcodec/thread.h
+++ b/media/ffvpx/libavcodec/thread.h
@@ -34,7 +34,7 @@
 
 typedef struct ThreadFrame {
     AVFrame *f;
-    AVCodecContext *owner;
+    AVCodecContext *owner[2];
     // progress->data is an array of 2 ints holding progress for top/bottom
     // fields
     AVBufferRef *progress;
@@ -133,8 +133,10 @@ void ff_thread_release_buffer(AVCodecContext *avctx, ThreadFrame *f);
 int ff_thread_ref_frame(ThreadFrame *dst, ThreadFrame *src);
 
 int ff_thread_init(AVCodecContext *s);
+int ff_slice_thread_execute_with_mainfunc(AVCodecContext *avctx,
+        int (*action_func2)(AVCodecContext *c, void *arg, int jobnr, int threadnr),
+        int (*main_func)(AVCodecContext *c), void *arg, int *ret, int job_count);
 void ff_thread_free(AVCodecContext *s);
-
 int ff_alloc_entries(AVCodecContext *avctx, int count);
 void ff_reset_entries(AVCodecContext *avctx);
 void ff_thread_report_progress2(AVCodecContext *avctx, int field, int thread, int n);
diff --git a/media/ffvpx/libavcodec/utils.c b/media/ffvpx/libavcodec/utils.c
index 87de15fc6..0c47e761f 100644
--- a/media/ffvpx/libavcodec/utils.c
+++ b/media/ffvpx/libavcodec/utils.c
@@ -44,6 +44,7 @@
 #include "libavutil/dict.h"
 #include "libavutil/thread.h"
 #include "avcodec.h"
+#include "decode.h"
 #include "libavutil/opt.h"
 #include "me_cmp.h"
 #include "mpegvideo.h"
@@ -172,7 +173,7 @@ int av_codec_is_encoder(const AVCodec *codec)
 
 int av_codec_is_decoder(const AVCodec *codec)
 {
-    return codec && (codec->decode || codec->send_packet);
+    return codec && (codec->decode || codec->receive_frame);
 }
 
 av_cold void avcodec_register(AVCodec *codec)
@@ -209,7 +210,7 @@ void avcodec_set_dimensions(AVCodecContext *s, int width, int height)
 
 int ff_set_dimensions(AVCodecContext *s, int width, int height)
 {
-    int ret = av_image_check_size(width, height, 0, s);
+    int ret = av_image_check_size2(width, height, s->max_pixels, AV_PIX_FMT_NONE, 0, s);
 
     if (ret < 0)
         width = height = 0;
@@ -376,6 +377,10 @@ void avcodec_align_dimensions2(AVCodecContext *s, int *width, int *height,
             w_align = 4;
             h_align = 4;
         }
+        if (s->codec_id == AV_CODEC_ID_INTERPLAY_VIDEO) {
+            w_align = 8;
+            h_align = 8;
+        }
         break;
     case AV_PIX_FMT_PAL8:
     case AV_PIX_FMT_BGR8:
@@ -385,7 +390,8 @@ void avcodec_align_dimensions2(AVCodecContext *s, int *width, int *height,
             w_align = 4;
             h_align = 4;
         }
-        if (s->codec_id == AV_CODEC_ID_JV) {
+        if (s->codec_id == AV_CODEC_ID_JV ||
+            s->codec_id == AV_CODEC_ID_INTERPLAY_VIDEO) {
             w_align = 8;
             h_align = 8;
         }
@@ -503,200 +509,6 @@ int avcodec_fill_audio_frame(AVFrame *frame, int nb_channels,
     return ret;
 }
 
-static int update_frame_pool(AVCodecContext *avctx, AVFrame *frame)
-{
-    FramePool *pool = avctx->internal->pool;
-    int i, ret;
-
-    switch (avctx->codec_type) {
-    case AVMEDIA_TYPE_VIDEO: {
-        uint8_t *data[4];
-        int linesize[4];
-        int size[4] = { 0 };
-        int w = frame->width;
-        int h = frame->height;
-        int tmpsize, unaligned;
-
-        if (pool->format == frame->format &&
-            pool->width == frame->width && pool->height == frame->height)
-            return 0;
-
-        avcodec_align_dimensions2(avctx, &w, &h, pool->stride_align);
-
-        do {
-            // NOTE: do not align linesizes individually, this breaks e.g. assumptions
-            // that linesize[0] == 2*linesize[1] in the MPEG-encoder for 4:2:2
-            ret = av_image_fill_linesizes(linesize, avctx->pix_fmt, w);
-            if (ret < 0)
-                return ret;
-            // increase alignment of w for next try (rhs gives the lowest bit set in w)
-            w += w & ~(w - 1);
-
-            unaligned = 0;
-            for (i = 0; i < 4; i++)
-                unaligned |= linesize[i] % pool->stride_align[i];
-        } while (unaligned);
-
-        tmpsize = av_image_fill_pointers(data, avctx->pix_fmt, h,
-                                         NULL, linesize);
-        if (tmpsize < 0)
-            return -1;
-
-        for (i = 0; i < 3 && data[i + 1]; i++)
-            size[i] = data[i + 1] - data[i];
-        size[i] = tmpsize - (data[i] - data[0]);
-
-        for (i = 0; i < 4; i++) {
-            av_buffer_pool_uninit(&pool->pools[i]);
-            pool->linesize[i] = linesize[i];
-            if (size[i]) {
-                pool->pools[i] = av_buffer_pool_init(size[i] + 16 + STRIDE_ALIGN - 1,
-                                                     CONFIG_MEMORY_POISONING ?
-                                                        NULL :
-                                                        av_buffer_allocz);
-                if (!pool->pools[i]) {
-                    ret = AVERROR(ENOMEM);
-                    goto fail;
-                }
-            }
-        }
-        pool->format = frame->format;
-        pool->width  = frame->width;
-        pool->height = frame->height;
-
-        break;
-        }
-    case AVMEDIA_TYPE_AUDIO: {
-        int ch     = av_frame_get_channels(frame); //av_get_channel_layout_nb_channels(frame->channel_layout);
-        int planar = av_sample_fmt_is_planar(frame->format);
-        int planes = planar ? ch : 1;
-
-        if (pool->format == frame->format && pool->planes == planes &&
-            pool->channels == ch && frame->nb_samples == pool->samples)
-            return 0;
-
-        av_buffer_pool_uninit(&pool->pools[0]);
-        ret = av_samples_get_buffer_size(&pool->linesize[0], ch,
-                                         frame->nb_samples, frame->format, 0);
-        if (ret < 0)
-            goto fail;
-
-        pool->pools[0] = av_buffer_pool_init(pool->linesize[0], NULL);
-        if (!pool->pools[0]) {
-            ret = AVERROR(ENOMEM);
-            goto fail;
-        }
-
-        pool->format     = frame->format;
-        pool->planes     = planes;
-        pool->channels   = ch;
-        pool->samples = frame->nb_samples;
-        break;
-        }
-    default: av_assert0(0);
-    }
-    return 0;
-fail:
-    for (i = 0; i < 4; i++)
-        av_buffer_pool_uninit(&pool->pools[i]);
-    pool->format = -1;
-    pool->planes = pool->channels = pool->samples = 0;
-    pool->width  = pool->height = 0;
-    return ret;
-}
-
-static int audio_get_buffer(AVCodecContext *avctx, AVFrame *frame)
-{
-    FramePool *pool = avctx->internal->pool;
-    int planes = pool->planes;
-    int i;
-
-    frame->linesize[0] = pool->linesize[0];
-
-    if (planes > AV_NUM_DATA_POINTERS) {
-        frame->extended_data = av_mallocz_array(planes, sizeof(*frame->extended_data));
-        frame->nb_extended_buf = planes - AV_NUM_DATA_POINTERS;
-        frame->extended_buf  = av_mallocz_array(frame->nb_extended_buf,
-                                          sizeof(*frame->extended_buf));
-        if (!frame->extended_data || !frame->extended_buf) {
-            av_freep(&frame->extended_data);
-            av_freep(&frame->extended_buf);
-            return AVERROR(ENOMEM);
-        }
-    } else {
-        frame->extended_data = frame->data;
-        av_assert0(frame->nb_extended_buf == 0);
-    }
-
-    for (i = 0; i < FFMIN(planes, AV_NUM_DATA_POINTERS); i++) {
-        frame->buf[i] = av_buffer_pool_get(pool->pools[0]);
-        if (!frame->buf[i])
-            goto fail;
-        frame->extended_data[i] = frame->data[i] = frame->buf[i]->data;
-    }
-    for (i = 0; i < frame->nb_extended_buf; i++) {
-        frame->extended_buf[i] = av_buffer_pool_get(pool->pools[0]);
-        if (!frame->extended_buf[i])
-            goto fail;
-        frame->extended_data[i + AV_NUM_DATA_POINTERS] = frame->extended_buf[i]->data;
-    }
-
-    if (avctx->debug & FF_DEBUG_BUFFERS)
-        av_log(avctx, AV_LOG_DEBUG, "default_get_buffer called on frame %p", frame);
-
-    return 0;
-fail:
-    av_frame_unref(frame);
-    return AVERROR(ENOMEM);
-}
-
-static int video_get_buffer(AVCodecContext *s, AVFrame *pic)
-{
-    FramePool *pool = s->internal->pool;
-    const AVPixFmtDescriptor *desc = av_pix_fmt_desc_get(pic->format);
-    int i;
-
-    if (pic->data[0] || pic->data[1] || pic->data[2] || pic->data[3]) {
-        av_log(s, AV_LOG_ERROR, "pic->data[*]!=NULL in avcodec_default_get_buffer\n");
-        return -1;
-    }
-
-    if (!desc) {
-        av_log(s, AV_LOG_ERROR,
-            "Unable to get pixel format descriptor for format %s\n",
-            av_get_pix_fmt_name(pic->format));
-        return AVERROR(EINVAL);
-    }
-
-    memset(pic->data, 0, sizeof(pic->data));
-    pic->extended_data = pic->data;
-
-    for (i = 0; i < 4 && pool->pools[i]; i++) {
-        pic->linesize[i] = pool->linesize[i];
-
-        pic->buf[i] = av_buffer_pool_get(pool->pools[i]);
-        if (!pic->buf[i])
-            goto fail;
-
-        pic->data[i] = pic->buf[i]->data;
-    }
-    for (; i < AV_NUM_DATA_POINTERS; i++) {
-        pic->data[i] = NULL;
-        pic->linesize[i] = 0;
-    }
-    if (desc->flags & AV_PIX_FMT_FLAG_PAL ||
-        desc->flags & AV_PIX_FMT_FLAG_PSEUDOPAL)
-        avpriv_set_systematic_pal2((uint32_t *)pic->data[1], pic->format);
-
-    if (s->debug & FF_DEBUG_BUFFERS)
-        av_log(s, AV_LOG_DEBUG, "default_get_buffer called on pic %p\n", pic);
-
-    return 0;
-fail:
-    av_frame_unref(pic);
-    return AVERROR(ENOMEM);
-}
-
 void ff_color_frame(AVFrame *frame, const int c[4])
 {
     const AVPixFmtDescriptor *desc = av_pix_fmt_desc_get(frame->format);
@@ -720,287 +532,6 @@ void ff_color_frame(AVFrame *frame, const int c[4])
     }
 }
 
-int avcodec_default_get_buffer2(AVCodecContext *avctx, AVFrame *frame, int flags)
-{
-    int ret;
-
-    if (avctx->hw_frames_ctx)
-        return av_hwframe_get_buffer(avctx->hw_frames_ctx, frame, 0);
-
-    if ((ret = update_frame_pool(avctx, frame)) < 0)
-        return ret;
-
-    switch (avctx->codec_type) {
-    case AVMEDIA_TYPE_VIDEO:
-        return video_get_buffer(avctx, frame);
-    case AVMEDIA_TYPE_AUDIO:
-        return audio_get_buffer(avctx, frame);
-    default:
-        return -1;
-    }
-}
-
-static int add_metadata_from_side_data(AVPacket *avpkt, AVFrame *frame)
-{
-    int size;
-    const uint8_t *side_metadata;
-
-    AVDictionary **frame_md = avpriv_frame_get_metadatap(frame);
-
-    side_metadata = av_packet_get_side_data(avpkt,
-                                            AV_PKT_DATA_STRINGS_METADATA, &size);
-    return av_packet_unpack_dictionary(side_metadata, size, frame_md);
-}
-
-int ff_init_buffer_info(AVCodecContext *avctx, AVFrame *frame)
-{
-    AVPacket *pkt = avctx->internal->pkt;
-    int i;
-    static const struct {
-        enum AVPacketSideDataType packet;
-        enum AVFrameSideDataType frame;
-    } sd[] = {
-        { AV_PKT_DATA_REPLAYGAIN ,                AV_FRAME_DATA_REPLAYGAIN },
-        { AV_PKT_DATA_DISPLAYMATRIX,              AV_FRAME_DATA_DISPLAYMATRIX },
-        { AV_PKT_DATA_STEREO3D,                   AV_FRAME_DATA_STEREO3D },
-        { AV_PKT_DATA_AUDIO_SERVICE_TYPE,         AV_FRAME_DATA_AUDIO_SERVICE_TYPE },
-        { AV_PKT_DATA_MASTERING_DISPLAY_METADATA, AV_FRAME_DATA_MASTERING_DISPLAY_METADATA },
-    };
-
-    if (pkt) {
-        frame->pts = pkt->pts;
-#if FF_API_PKT_PTS
-FF_DISABLE_DEPRECATION_WARNINGS
-        frame->pkt_pts = pkt->pts;
-FF_ENABLE_DEPRECATION_WARNINGS
-#endif
-        av_frame_set_pkt_pos     (frame, pkt->pos);
-        av_frame_set_pkt_duration(frame, pkt->duration);
-        av_frame_set_pkt_size    (frame, pkt->size);
-
-        for (i = 0; i < FF_ARRAY_ELEMS(sd); i++) {
-            int size;
-            uint8_t *packet_sd = av_packet_get_side_data(pkt, sd[i].packet, &size);
-            if (packet_sd) {
-                AVFrameSideData *frame_sd = av_frame_new_side_data(frame,
-                                                                   sd[i].frame,
-                                                                   size);
-                if (!frame_sd)
-                    return AVERROR(ENOMEM);
-
-                memcpy(frame_sd->data, packet_sd, size);
-            }
-        }
-        add_metadata_from_side_data(pkt, frame);
-
-        if (pkt->flags & AV_PKT_FLAG_DISCARD) {
-            frame->flags |= AV_FRAME_FLAG_DISCARD;
-        } else {
-            frame->flags = (frame->flags & ~AV_FRAME_FLAG_DISCARD);
-        }
-    } else {
-        frame->pts = AV_NOPTS_VALUE;
-#if FF_API_PKT_PTS
-FF_DISABLE_DEPRECATION_WARNINGS
-        frame->pkt_pts = AV_NOPTS_VALUE;
-FF_ENABLE_DEPRECATION_WARNINGS
-#endif
-        av_frame_set_pkt_pos     (frame, -1);
-        av_frame_set_pkt_duration(frame, 0);
-        av_frame_set_pkt_size    (frame, -1);
-    }
-    frame->reordered_opaque = avctx->reordered_opaque;
-
-    if (frame->color_primaries == AVCOL_PRI_UNSPECIFIED)
-        frame->color_primaries = avctx->color_primaries;
-    if (frame->color_trc == AVCOL_TRC_UNSPECIFIED)
-        frame->color_trc = avctx->color_trc;
-    if (av_frame_get_colorspace(frame) == AVCOL_SPC_UNSPECIFIED)
-        av_frame_set_colorspace(frame, avctx->colorspace);
-    if (av_frame_get_color_range(frame) == AVCOL_RANGE_UNSPECIFIED)
-        av_frame_set_color_range(frame, avctx->color_range);
-    if (frame->chroma_location == AVCHROMA_LOC_UNSPECIFIED)
-        frame->chroma_location = avctx->chroma_sample_location;
-
-    switch (avctx->codec->type) {
-    case AVMEDIA_TYPE_VIDEO:
-        frame->format              = avctx->pix_fmt;
-        if (!frame->sample_aspect_ratio.num)
-            frame->sample_aspect_ratio = avctx->sample_aspect_ratio;
-
-        if (frame->width && frame->height &&
-            av_image_check_sar(frame->width, frame->height,
-                               frame->sample_aspect_ratio) < 0) {
-            av_log(avctx, AV_LOG_WARNING, "ignoring invalid SAR: %u/%u\n",
-                   frame->sample_aspect_ratio.num,
-                   frame->sample_aspect_ratio.den);
-            frame->sample_aspect_ratio = (AVRational){ 0, 1 };
-        }
-
-        break;
-    case AVMEDIA_TYPE_AUDIO:
-        if (!frame->sample_rate)
-            frame->sample_rate    = avctx->sample_rate;
-        if (frame->format < 0)
-            frame->format         = avctx->sample_fmt;
-        if (!frame->channel_layout) {
-            if (avctx->channel_layout) {
-                 if (av_get_channel_layout_nb_channels(avctx->channel_layout) !=
-                     avctx->channels) {
-                     av_log(avctx, AV_LOG_ERROR, "Inconsistent channel "
-                            "configuration.\n");
-                     return AVERROR(EINVAL);
-                 }
-
-                frame->channel_layout = avctx->channel_layout;
-            } else {
-                if (avctx->channels > FF_SANE_NB_CHANNELS) {
-                    av_log(avctx, AV_LOG_ERROR, "Too many channels: %d.\n",
-                           avctx->channels);
-                    return AVERROR(ENOSYS);
-                }
-            }
-        }
-        av_frame_set_channels(frame, avctx->channels);
-        break;
-    }
-    return 0;
-}
-
-int ff_decode_frame_props(AVCodecContext *avctx, AVFrame *frame)
-{
-    return ff_init_buffer_info(avctx, frame);
-}
-
-static void validate_avframe_allocation(AVCodecContext *avctx, AVFrame *frame)
-{
-    if (avctx->codec_type == AVMEDIA_TYPE_VIDEO) {
-        int i;
-        int num_planes = av_pix_fmt_count_planes(frame->format);
-        const AVPixFmtDescriptor *desc = av_pix_fmt_desc_get(frame->format);
-        int flags = desc ? desc->flags : 0;
-        if (num_planes == 1 && (flags & AV_PIX_FMT_FLAG_PAL))
-            num_planes = 2;
-        for (i = 0; i < num_planes; i++) {
-            av_assert0(frame->data[i]);
-        }
-        // For now do not enforce anything for palette of pseudopal formats
-        if (num_planes == 1 && (flags & AV_PIX_FMT_FLAG_PSEUDOPAL))
-            num_planes = 2;
-        // For formats without data like hwaccel allow unused pointers to be non-NULL.
-        for (i = num_planes; num_planes > 0 && i < FF_ARRAY_ELEMS(frame->data); i++) {
-            if (frame->data[i])
-                av_log(avctx, AV_LOG_ERROR, "Buffer returned by get_buffer2() did not zero unused plane pointers\n");
-            frame->data[i] = NULL;
-        }
-    }
-}
-
-static int get_buffer_internal(AVCodecContext *avctx, AVFrame *frame, int flags)
-{
-    const AVHWAccel *hwaccel = avctx->hwaccel;
-    int override_dimensions = 1;
-    int ret;
-
-    if (avctx->codec_type == AVMEDIA_TYPE_VIDEO) {
-        if ((ret = av_image_check_size(avctx->width, avctx->height, 0, avctx)) < 0 || avctx->pix_fmt<0) {
-            av_log(avctx, AV_LOG_ERROR, "video_get_buffer: image parameters invalid\n");
-            return AVERROR(EINVAL);
-        }
-
-        if (frame->width <= 0 || frame->height <= 0) {
-            frame->width  = FFMAX(avctx->width,  AV_CEIL_RSHIFT(avctx->coded_width,  avctx->lowres));
-            frame->height = FFMAX(avctx->height, AV_CEIL_RSHIFT(avctx->coded_height, avctx->lowres));
-            override_dimensions = 0;
-        }
-
-        if (frame->data[0] || frame->data[1] || frame->data[2] || frame->data[3]) {
-            av_log(avctx, AV_LOG_ERROR, "pic->data[*]!=NULL in get_buffer_internal\n");
-            return AVERROR(EINVAL);
-        }
-    }
-    ret = ff_decode_frame_props(avctx, frame);
-    if (ret < 0)
-        return ret;
-
-    if (hwaccel) {
-        if (hwaccel->alloc_frame) {
-            ret = hwaccel->alloc_frame(avctx, frame);
-            goto end;
-        }
-    } else
-        avctx->sw_pix_fmt = avctx->pix_fmt;
-
-    ret = avctx->get_buffer2(avctx, frame, flags);
-    if (ret >= 0)
-        validate_avframe_allocation(avctx, frame);
-
-end:
-    if (avctx->codec_type == AVMEDIA_TYPE_VIDEO && !override_dimensions) {
-        frame->width  = avctx->width;
-        frame->height = avctx->height;
-    }
-
-    return ret;
-}
-
-int ff_get_buffer(AVCodecContext *avctx, AVFrame *frame, int flags)
-{
-    int ret = get_buffer_internal(avctx, frame, flags);
-    if (ret < 0) {
-        av_log(avctx, AV_LOG_ERROR, "get_buffer() failed\n");
-        frame->width = frame->height = 0;
-    }
-    return ret;
-}
-
-static int reget_buffer_internal(AVCodecContext *avctx, AVFrame *frame)
-{
-    AVFrame *tmp;
-    int ret;
-
-    av_assert0(avctx->codec_type == AVMEDIA_TYPE_VIDEO);
-
-    if (frame->data[0] && (frame->width != avctx->width || frame->height != avctx->height || frame->format != avctx->pix_fmt)) {
-        av_log(avctx, AV_LOG_WARNING, "Picture changed from size:%dx%d fmt:%s to size:%dx%d fmt:%s in reget buffer()\n",
-               frame->width, frame->height, av_get_pix_fmt_name(frame->format), avctx->width, avctx->height, av_get_pix_fmt_name(avctx->pix_fmt));
-        av_frame_unref(frame);
-    }
-
-    ff_init_buffer_info(avctx, frame);
-
-    if (!frame->data[0])
-        return ff_get_buffer(avctx, frame, AV_GET_BUFFER_FLAG_REF);
-
-    if (av_frame_is_writable(frame))
-        return ff_decode_frame_props(avctx, frame);
-
-    tmp = av_frame_alloc();
-    if (!tmp)
-        return AVERROR(ENOMEM);
-
-    av_frame_move_ref(tmp, frame);
-
-    ret = ff_get_buffer(avctx, frame, AV_GET_BUFFER_FLAG_REF);
-    if (ret < 0) {
-        av_frame_free(&tmp);
-        return ret;
-    }
-
-    av_frame_copy(frame, tmp);
-    av_frame_free(&tmp);
-
-    return 0;
-}
-
-int ff_reget_buffer(AVCodecContext *avctx, AVFrame *frame)
-{
-    int ret = reget_buffer_internal(avctx, frame);
-    if (ret < 0)
-        av_log(avctx, AV_LOG_ERROR, "reget_buffer() failed\n");
-    return ret;
-}
-
 int avcodec_default_execute(AVCodecContext *c, int (*func)(AVCodecContext *c2, void *arg2), void *arg, int *ret, int count, int size)
 {
     int i;
@@ -1038,145 +569,6 @@ enum AVPixelFormat avpriv_find_pix_fmt(const PixelFormatTag *tags,
     return AV_PIX_FMT_NONE;
 }
 
-static int is_hwaccel_pix_fmt(enum AVPixelFormat pix_fmt)
-{
-    const AVPixFmtDescriptor *desc = av_pix_fmt_desc_get(pix_fmt);
-    return desc->flags & AV_PIX_FMT_FLAG_HWACCEL;
-}
-
-enum AVPixelFormat avcodec_default_get_format(struct AVCodecContext *s, const enum AVPixelFormat *fmt)
-{
-    while (*fmt != AV_PIX_FMT_NONE && is_hwaccel_pix_fmt(*fmt))
-        ++fmt;
-    return fmt[0];
-}
-
-static AVHWAccel *find_hwaccel(enum AVCodecID codec_id,
-                               enum AVPixelFormat pix_fmt)
-{
-    AVHWAccel *hwaccel = NULL;
-
-    while ((hwaccel = av_hwaccel_next(hwaccel)))
-        if (hwaccel->id == codec_id
-            && hwaccel->pix_fmt == pix_fmt)
-            return hwaccel;
-    return NULL;
-}
-
-static int setup_hwaccel(AVCodecContext *avctx,
-                         const enum AVPixelFormat fmt,
-                         const char *name)
-{
-    AVHWAccel *hwa = find_hwaccel(avctx->codec_id, fmt);
-    int ret        = 0;
-
-    if (avctx->active_thread_type & FF_THREAD_FRAME) {
-        av_log(avctx, AV_LOG_WARNING,
-               "Hardware accelerated decoding with frame threading is known to be unstable and its use is discouraged.\n");
-    }
-
-    if (!hwa) {
-        av_log(avctx, AV_LOG_ERROR,
-               "Could not find an AVHWAccel for the pixel format: %s",
-               name);
-        return AVERROR(ENOENT);
-    }
-
-    if (hwa->capabilities & HWACCEL_CODEC_CAP_EXPERIMENTAL &&
-        avctx->strict_std_compliance > FF_COMPLIANCE_EXPERIMENTAL) {
-        av_log(avctx, AV_LOG_WARNING, "Ignoring experimental hwaccel: %s\n",
-               hwa->name);
-        return AVERROR_PATCHWELCOME;
-    }
-
-    if (hwa->priv_data_size) {
-        avctx->internal->hwaccel_priv_data = av_mallocz(hwa->priv_data_size);
-        if (!avctx->internal->hwaccel_priv_data)
-            return AVERROR(ENOMEM);
-    }
-
-    if (hwa->init) {
-        ret = hwa->init(avctx);
-        if (ret < 0) {
-            av_freep(&avctx->internal->hwaccel_priv_data);
-            return ret;
-        }
-    }
-
-    avctx->hwaccel = hwa;
-
-    return 0;
-}
-
-int ff_get_format(AVCodecContext *avctx, const enum AVPixelFormat *fmt)
-{
-    const AVPixFmtDescriptor *desc;
-    enum AVPixelFormat *choices;
-    enum AVPixelFormat ret;
-    unsigned n = 0;
-
-    while (fmt[n] != AV_PIX_FMT_NONE)
-        ++n;
-
-    av_assert0(n >= 1);
-    avctx->sw_pix_fmt = fmt[n - 1];
-    av_assert2(!is_hwaccel_pix_fmt(avctx->sw_pix_fmt));
-
-    choices = av_malloc_array(n + 1, sizeof(*choices));
-    if (!choices)
-        return AV_PIX_FMT_NONE;
-
-    memcpy(choices, fmt, (n + 1) * sizeof(*choices));
-
-    for (;;) {
-        if (avctx->hwaccel && avctx->hwaccel->uninit)
-            avctx->hwaccel->uninit(avctx);
-        av_freep(&avctx->internal->hwaccel_priv_data);
-        avctx->hwaccel = NULL;
-
-        av_buffer_unref(&avctx->hw_frames_ctx);
-
-        ret = avctx->get_format(avctx, choices);
-
-        desc = av_pix_fmt_desc_get(ret);
-        if (!desc) {
-            ret = AV_PIX_FMT_NONE;
-            break;
-        }
-
-        if (!(desc->flags & AV_PIX_FMT_FLAG_HWACCEL))
-            break;
-#if FF_API_CAP_VDPAU
-        if (avctx->codec->capabilities&AV_CODEC_CAP_HWACCEL_VDPAU)
-            break;
-#endif
-
-        if (avctx->hw_frames_ctx) {
-            AVHWFramesContext *hw_frames_ctx = (AVHWFramesContext*)avctx->hw_frames_ctx->data;
-            if (hw_frames_ctx->format != ret) {
-                av_log(avctx, AV_LOG_ERROR, "Format returned from get_buffer() "
-                       "does not match the format of provided AVHWFramesContext\n");
-                ret = AV_PIX_FMT_NONE;
-                break;
-            }
-        }
-
-        if (!setup_hwaccel(avctx, ret, desc->name))
-            break;
-
-        /* Remove failed hwaccel from choices */
-        for (n = 0; choices[n] != ret; n++)
-            av_assert0(choices[n] != AV_PIX_FMT_NONE);
-
-        do
-            choices[n] = choices[n + 1];
-        while (choices[n++] != AV_PIX_FMT_NONE);
-    }
-
-    av_freep(&choices);
-    return ret;
-}
-
 MAKE_ACCESSORS(AVCodecContext, codec, AVRational, pkt_timebase)
 MAKE_ACCESSORS(AVCodecContext, codec, const AVCodecDescriptor *, codec_descriptor)
 MAKE_ACCESSORS(AVCodecContext, codec, int, lowres)
@@ -1197,12 +589,6 @@ int avpriv_codec_get_cap_skip_frame_fill_param(const AVCodec *codec){
     return !!(codec->caps_internal & FF_CODEC_CAP_SKIP_FRAME_FILL_PARAM);
 }
 
-static void get_subtitle_defaults(AVSubtitle *sub)
-{
-    memset(sub, 0, sizeof(*sub));
-    sub->pts = AV_NOPTS_VALUE;
-}
-
 static int64_t get_bit_rate(AVCodecContext *ctx)
 {
     int64_t bit_rate;
@@ -1269,7 +655,7 @@ int attribute_align_arg avcodec_open2(AVCodecContext *avctx, const AVCodec *code
     if (ret < 0)
         return ret;
 
-    avctx->internal = av_mallocz(sizeof(AVCodecInternal));
+    avctx->internal = av_mallocz(sizeof(*avctx->internal));
     if (!avctx->internal) {
         ret = AVERROR(ENOMEM);
         goto end;
@@ -1287,6 +673,12 @@ int attribute_align_arg avcodec_open2(AVCodecContext *avctx, const AVCodec *code
         goto free_and_end;
     }
 
+    avctx->internal->compat_decode_frame = av_frame_alloc();
+    if (!avctx->internal->compat_decode_frame) {
+        ret = AVERROR(ENOMEM);
+        goto free_and_end;
+    }
+
     avctx->internal->buffer_frame = av_frame_alloc();
     if (!avctx->internal->buffer_frame) {
         ret = AVERROR(ENOMEM);
@@ -1299,6 +691,20 @@ int attribute_align_arg avcodec_open2(AVCodecContext *avctx, const AVCodec *code
         goto free_and_end;
     }
 
+    avctx->internal->ds.in_pkt = av_packet_alloc();
+    if (!avctx->internal->ds.in_pkt) {
+        ret = AVERROR(ENOMEM);
+        goto free_and_end;
+    }
+
+    avctx->internal->last_pkt_props = av_packet_alloc();
+    if (!avctx->internal->last_pkt_props) {
+        ret = AVERROR(ENOMEM);
+        goto free_and_end;
+    }
+
+    avctx->internal->skip_samples_multiplier = 1;
+
     if (codec->priv_data_size > 0) {
         if (!avctx->priv_data) {
             avctx->priv_data = av_mallocz(codec->priv_data_size);
@@ -1337,8 +743,8 @@ int attribute_align_arg avcodec_open2(AVCodecContext *avctx, const AVCodec *code
     }
 
     if ((avctx->coded_width || avctx->coded_height || avctx->width || avctx->height)
-        && (  av_image_check_size(avctx->coded_width, avctx->coded_height, 0, avctx) < 0
-           || av_image_check_size(avctx->width,       avctx->height,       0, avctx) < 0)) {
+        && (  av_image_check_size2(avctx->coded_width, avctx->coded_height, avctx->max_pixels, AV_PIX_FMT_NONE, 0, avctx) < 0
+           || av_image_check_size2(avctx->width,       avctx->height,       avctx->max_pixels, AV_PIX_FMT_NONE, 0, avctx) < 0)) {
         av_log(avctx, AV_LOG_WARNING, "Ignoring invalid width/height values\n");
         ff_set_dimensions(avctx, 0, 0);
     }
@@ -1561,11 +967,11 @@ FF_ENABLE_DEPRECATION_WARNINGS
         }
         if (   (avctx->codec_type == AVMEDIA_TYPE_VIDEO || avctx->codec_type == AVMEDIA_TYPE_AUDIO)
             && avctx->bit_rate>0 && avctx->bit_rate<1000) {
-            av_log(avctx, AV_LOG_WARNING, "Bitrate %"PRId64" is extremely low, maybe you mean %"PRId64"k\n", (int64_t)avctx->bit_rate, (int64_t)avctx->bit_rate);
+            av_log(avctx, AV_LOG_WARNING, "Bitrate %"PRId64" is extremely low, maybe you mean %"PRId64"k\n", avctx->bit_rate, avctx->bit_rate);
         }
 
         if (!avctx->rc_initial_buffer_occupancy)
-            avctx->rc_initial_buffer_occupancy = avctx->rc_buffer_size * 3 / 4;
+            avctx->rc_initial_buffer_occupancy = avctx->rc_buffer_size * 3LL / 4;
 
         if (avctx->ticks_per_frame && avctx->time_base.num &&
             avctx->ticks_per_frame > INT_MAX / avctx->time_base.num) {
@@ -1585,6 +991,17 @@ FF_ENABLE_DEPRECATION_WARNINGS
                 ret = AVERROR(EINVAL);
                 goto free_and_end;
             }
+            if (avctx->sw_pix_fmt != AV_PIX_FMT_NONE &&
+                avctx->sw_pix_fmt != frames_ctx->sw_format) {
+                av_log(avctx, AV_LOG_ERROR,
+                       "Mismatching AVCodecContext.sw_pix_fmt (%s) "
+                       "and AVHWFramesContext.sw_format (%s)\n",
+                       av_get_pix_fmt_name(avctx->sw_pix_fmt),
+                       av_get_pix_fmt_name(frames_ctx->sw_format));
+                ret = AVERROR(EINVAL);
+                goto free_and_end;
+            }
+            avctx->sw_pix_fmt = frames_ctx->sw_format;
         }
     }
 
@@ -1709,9 +1126,14 @@ FF_ENABLE_DEPRECATION_WARNINGS
     av_dict_free(&tmp);
     av_freep(&avctx->priv_data);
     if (avctx->internal) {
-        av_packet_free(&avctx->internal->buffer_pkt);
-        av_frame_free(&avctx->internal->buffer_frame);
         av_frame_free(&avctx->internal->to_free);
+        av_frame_free(&avctx->internal->compat_decode_frame);
+        av_frame_free(&avctx->internal->buffer_frame);
+        av_packet_free(&avctx->internal->buffer_pkt);
+        av_packet_free(&avctx->internal->last_pkt_props);
+
+        av_packet_free(&avctx->internal->ds.in_pkt);
+
         av_freep(&avctx->internal->pool);
     }
     av_freep(&avctx->internal);
@@ -1719,1032 +1141,6 @@ FF_ENABLE_DEPRECATION_WARNINGS
     goto end;
 }
 
-int ff_alloc_packet2(AVCodecContext *avctx, AVPacket *avpkt, int64_t size, int64_t min_size)
-{
-    if (avpkt->size < 0) {
-        av_log(avctx, AV_LOG_ERROR, "Invalid negative user packet size %d\n", avpkt->size);
-        return AVERROR(EINVAL);
-    }
-    if (size < 0 || size > INT_MAX - AV_INPUT_BUFFER_PADDING_SIZE) {
-        av_log(avctx, AV_LOG_ERROR, "Invalid minimum required packet size %"PRId64" (max allowed is %d)\n",
-               size, INT_MAX - AV_INPUT_BUFFER_PADDING_SIZE);
-        return AVERROR(EINVAL);
-    }
-
-    if (avctx && 2*min_size < size) { // FIXME The factor needs to be finetuned
-        av_assert0(!avpkt->data || avpkt->data != avctx->internal->byte_buffer);
-        if (!avpkt->data || avpkt->size < size) {
-            av_fast_padded_malloc(&avctx->internal->byte_buffer, &avctx->internal->byte_buffer_size, size);
-            avpkt->data = avctx->internal->byte_buffer;
-            avpkt->size = avctx->internal->byte_buffer_size;
-        }
-    }
-
-    if (avpkt->data) {
-        AVBufferRef *buf = avpkt->buf;
-
-        if (avpkt->size < size) {
-            av_log(avctx, AV_LOG_ERROR, "User packet is too small (%d < %"PRId64")\n", avpkt->size, size);
-            return AVERROR(EINVAL);
-        }
-
-        av_init_packet(avpkt);
-        avpkt->buf      = buf;
-        avpkt->size     = size;
-        return 0;
-    } else {
-        int ret = av_new_packet(avpkt, size);
-        if (ret < 0)
-            av_log(avctx, AV_LOG_ERROR, "Failed to allocate packet of size %"PRId64"\n", size);
-        return ret;
-    }
-}
-
-int ff_alloc_packet(AVPacket *avpkt, int size)
-{
-    return ff_alloc_packet2(NULL, avpkt, size, 0);
-}
-
-/**
- * Pad last frame with silence.
- */
-static int pad_last_frame(AVCodecContext *s, AVFrame **dst, const AVFrame *src)
-{
-    AVFrame *frame = NULL;
-    int ret;
-
-    if (!(frame = av_frame_alloc()))
-        return AVERROR(ENOMEM);
-
-    frame->format         = src->format;
-    frame->channel_layout = src->channel_layout;
-    av_frame_set_channels(frame, av_frame_get_channels(src));
-    frame->nb_samples     = s->frame_size;
-    ret = av_frame_get_buffer(frame, 32);
-    if (ret < 0)
-        goto fail;
-
-    ret = av_frame_copy_props(frame, src);
-    if (ret < 0)
-        goto fail;
-
-    if ((ret = av_samples_copy(frame->extended_data, src->extended_data, 0, 0,
-                               src->nb_samples, s->channels, s->sample_fmt)) < 0)
-        goto fail;
-    if ((ret = av_samples_set_silence(frame->extended_data, src->nb_samples,
-                                      frame->nb_samples - src->nb_samples,
-                                      s->channels, s->sample_fmt)) < 0)
-        goto fail;
-
-    *dst = frame;
-
-    return 0;
-
-fail:
-    av_frame_free(&frame);
-    return ret;
-}
-
-int attribute_align_arg avcodec_encode_audio2(AVCodecContext *avctx,
-                                              AVPacket *avpkt,
-                                              const AVFrame *frame,
-                                              int *got_packet_ptr)
-{
-    AVFrame *extended_frame = NULL;
-    AVFrame *padded_frame = NULL;
-    int ret;
-    AVPacket user_pkt = *avpkt;
-    int needs_realloc = !user_pkt.data;
-
-    *got_packet_ptr = 0;
-
-    if (!avctx->codec->encode2) {
-        av_log(avctx, AV_LOG_ERROR, "This encoder requires using the avcodec_send_frame() API.\n");
-        return AVERROR(ENOSYS);
-    }
-
-    if (!(avctx->codec->capabilities & AV_CODEC_CAP_DELAY) && !frame) {
-        av_packet_unref(avpkt);
-        av_init_packet(avpkt);
-        return 0;
-    }
-
-    /* ensure that extended_data is properly set */
-    if (frame && !frame->extended_data) {
-        if (av_sample_fmt_is_planar(avctx->sample_fmt) &&
-            avctx->channels > AV_NUM_DATA_POINTERS) {
-            av_log(avctx, AV_LOG_ERROR, "Encoding to a planar sample format, "
-                                        "with more than %d channels, but extended_data is not set.\n",
-                   AV_NUM_DATA_POINTERS);
-            return AVERROR(EINVAL);
-        }
-        av_log(avctx, AV_LOG_WARNING, "extended_data is not set.\n");
-
-        extended_frame = av_frame_alloc();
-        if (!extended_frame)
-            return AVERROR(ENOMEM);
-
-        memcpy(extended_frame, frame, sizeof(AVFrame));
-        extended_frame->extended_data = extended_frame->data;
-        frame = extended_frame;
-    }
-
-    /* extract audio service type metadata */
-    if (frame) {
-        AVFrameSideData *sd = av_frame_get_side_data(frame, AV_FRAME_DATA_AUDIO_SERVICE_TYPE);
-        if (sd && sd->size >= sizeof(enum AVAudioServiceType))
-            avctx->audio_service_type = *(enum AVAudioServiceType*)sd->data;
-    }
-
-    /* check for valid frame size */
-    if (frame) {
-        if (avctx->codec->capabilities & AV_CODEC_CAP_SMALL_LAST_FRAME) {
-            if (frame->nb_samples > avctx->frame_size) {
-                av_log(avctx, AV_LOG_ERROR, "more samples than frame size (avcodec_encode_audio2)\n");
-                ret = AVERROR(EINVAL);
-                goto end;
-            }
-        } else if (!(avctx->codec->capabilities & AV_CODEC_CAP_VARIABLE_FRAME_SIZE)) {
-            if (frame->nb_samples < avctx->frame_size &&
-                !avctx->internal->last_audio_frame) {
-                ret = pad_last_frame(avctx, &padded_frame, frame);
-                if (ret < 0)
-                    goto end;
-
-                frame = padded_frame;
-                avctx->internal->last_audio_frame = 1;
-            }
-
-            if (frame->nb_samples != avctx->frame_size) {
-                av_log(avctx, AV_LOG_ERROR, "nb_samples (%d) != frame_size (%d) (avcodec_encode_audio2)\n", frame->nb_samples, avctx->frame_size);
-                ret = AVERROR(EINVAL);
-                goto end;
-            }
-        }
-    }
-
-    av_assert0(avctx->codec->encode2);
-
-    ret = avctx->codec->encode2(avctx, avpkt, frame, got_packet_ptr);
-    if (!ret) {
-        if (*got_packet_ptr) {
-            if (!(avctx->codec->capabilities & AV_CODEC_CAP_DELAY)) {
-                if (avpkt->pts == AV_NOPTS_VALUE)
-                    avpkt->pts = frame->pts;
-                if (!avpkt->duration)
-                    avpkt->duration = ff_samples_to_time_base(avctx,
-                                                              frame->nb_samples);
-            }
-            avpkt->dts = avpkt->pts;
-        } else {
-            avpkt->size = 0;
-        }
-    }
-    if (avpkt->data && avpkt->data == avctx->internal->byte_buffer) {
-        needs_realloc = 0;
-        if (user_pkt.data) {
-            if (user_pkt.size >= avpkt->size) {
-                memcpy(user_pkt.data, avpkt->data, avpkt->size);
-            } else {
-                av_log(avctx, AV_LOG_ERROR, "Provided packet is too small, needs to be %d\n", avpkt->size);
-                avpkt->size = user_pkt.size;
-                ret = -1;
-            }
-            avpkt->buf      = user_pkt.buf;
-            avpkt->data     = user_pkt.data;
-        } else {
-            if (av_dup_packet(avpkt) < 0) {
-                ret = AVERROR(ENOMEM);
-            }
-        }
-    }
-
-    if (!ret) {
-        if (needs_realloc && avpkt->data) {
-            ret = av_buffer_realloc(&avpkt->buf, avpkt->size + AV_INPUT_BUFFER_PADDING_SIZE);
-            if (ret >= 0)
-                avpkt->data = avpkt->buf->data;
-        }
-
-        avctx->frame_number++;
-    }
-
-    if (ret < 0 || !*got_packet_ptr) {
-        av_packet_unref(avpkt);
-        av_init_packet(avpkt);
-        goto end;
-    }
-
-    /* NOTE: if we add any audio encoders which output non-keyframe packets,
-     *       this needs to be moved to the encoders, but for now we can do it
-     *       here to simplify things */
-    avpkt->flags |= AV_PKT_FLAG_KEY;
-
-end:
-    av_frame_free(&padded_frame);
-    av_free(extended_frame);
-
-#if FF_API_AUDIOENC_DELAY
-    avctx->delay = avctx->initial_padding;
-#endif
-
-    return ret;
-}
-
-int attribute_align_arg avcodec_encode_video2(AVCodecContext *avctx,
-                                              AVPacket *avpkt,
-                                              const AVFrame *frame,
-                                              int *got_packet_ptr)
-{
-    int ret;
-    AVPacket user_pkt = *avpkt;
-    int needs_realloc = !user_pkt.data;
-
-    *got_packet_ptr = 0;
-
-    if (!avctx->codec->encode2) {
-        av_log(avctx, AV_LOG_ERROR, "This encoder requires using the avcodec_send_frame() API.\n");
-        return AVERROR(ENOSYS);
-    }
-
-    if(CONFIG_FRAME_THREAD_ENCODER &&
-       avctx->internal->frame_thread_encoder && (avctx->active_thread_type&FF_THREAD_FRAME))
-        return ff_thread_video_encode_frame(avctx, avpkt, frame, got_packet_ptr);
-
-    if ((avctx->flags&AV_CODEC_FLAG_PASS1) && avctx->stats_out)
-        avctx->stats_out[0] = '\0';
-
-    if (!(avctx->codec->capabilities & AV_CODEC_CAP_DELAY) && !frame) {
-        av_packet_unref(avpkt);
-        av_init_packet(avpkt);
-        avpkt->size = 0;
-        return 0;
-    }
-
-    if (av_image_check_size(avctx->width, avctx->height, 0, avctx))
-        return AVERROR(EINVAL);
-
-    if (frame && frame->format == AV_PIX_FMT_NONE)
-        av_log(avctx, AV_LOG_WARNING, "AVFrame.format is not set\n");
-    if (frame && (frame->width == 0 || frame->height == 0))
-        av_log(avctx, AV_LOG_WARNING, "AVFrame.width or height is not set\n");
-
-    av_assert0(avctx->codec->encode2);
-
-    ret = avctx->codec->encode2(avctx, avpkt, frame, got_packet_ptr);
-    av_assert0(ret <= 0);
-
-    emms_c();
-
-    if (avpkt->data && avpkt->data == avctx->internal->byte_buffer) {
-        needs_realloc = 0;
-        if (user_pkt.data) {
-            if (user_pkt.size >= avpkt->size) {
-                memcpy(user_pkt.data, avpkt->data, avpkt->size);
-            } else {
-                av_log(avctx, AV_LOG_ERROR, "Provided packet is too small, needs to be %d\n", avpkt->size);
-                avpkt->size = user_pkt.size;
-                ret = -1;
-            }
-            avpkt->buf      = user_pkt.buf;
-            avpkt->data     = user_pkt.data;
-        } else {
-            if (av_dup_packet(avpkt) < 0) {
-                ret = AVERROR(ENOMEM);
-            }
-        }
-    }
-
-    if (!ret) {
-        if (!*got_packet_ptr)
-            avpkt->size = 0;
-        else if (!(avctx->codec->capabilities & AV_CODEC_CAP_DELAY))
-            avpkt->pts = avpkt->dts = frame->pts;
-
-        if (needs_realloc && avpkt->data) {
-            ret = av_buffer_realloc(&avpkt->buf, avpkt->size + AV_INPUT_BUFFER_PADDING_SIZE);
-            if (ret >= 0)
-                avpkt->data = avpkt->buf->data;
-        }
-
-        avctx->frame_number++;
-    }
-
-    if (ret < 0 || !*got_packet_ptr)
-        av_packet_unref(avpkt);
-
-    return ret;
-}
-
-int avcodec_encode_subtitle(AVCodecContext *avctx, uint8_t *buf, int buf_size,
-                            const AVSubtitle *sub)
-{
-    int ret;
-    if (sub->start_display_time) {
-        av_log(avctx, AV_LOG_ERROR, "start_display_time must be 0.\n");
-        return -1;
-    }
-
-    ret = avctx->codec->encode_sub(avctx, buf, buf_size, sub);
-    avctx->frame_number++;
-    return ret;
-}
-
-/**
- * Attempt to guess proper monotonic timestamps for decoded video frames
- * which might have incorrect times. Input timestamps may wrap around, in
- * which case the output will as well.
- *
- * @param pts the pts field of the decoded AVPacket, as passed through
- * AVFrame.pts
- * @param dts the dts field of the decoded AVPacket
- * @return one of the input values, may be AV_NOPTS_VALUE
- */
-static int64_t guess_correct_pts(AVCodecContext *ctx,
-                                 int64_t reordered_pts, int64_t dts)
-{
-    int64_t pts = AV_NOPTS_VALUE;
-
-    if (dts != AV_NOPTS_VALUE) {
-        ctx->pts_correction_num_faulty_dts += dts <= ctx->pts_correction_last_dts;
-        ctx->pts_correction_last_dts = dts;
-    } else if (reordered_pts != AV_NOPTS_VALUE)
-        ctx->pts_correction_last_dts = reordered_pts;
-
-    if (reordered_pts != AV_NOPTS_VALUE) {
-        ctx->pts_correction_num_faulty_pts += reordered_pts <= ctx->pts_correction_last_pts;
-        ctx->pts_correction_last_pts = reordered_pts;
-    } else if(dts != AV_NOPTS_VALUE)
-        ctx->pts_correction_last_pts = dts;
-
-    if ((ctx->pts_correction_num_faulty_pts<=ctx->pts_correction_num_faulty_dts || dts == AV_NOPTS_VALUE)
-       && reordered_pts != AV_NOPTS_VALUE)
-        pts = reordered_pts;
-    else
-        pts = dts;
-
-    return pts;
-}
-
-static int apply_param_change(AVCodecContext *avctx, AVPacket *avpkt)
-{
-    int size = 0, ret;
-    const uint8_t *data;
-    uint32_t flags;
-    int64_t val;
-
-    data = av_packet_get_side_data(avpkt, AV_PKT_DATA_PARAM_CHANGE, &size);
-    if (!data)
-        return 0;
-
-    if (!(avctx->codec->capabilities & AV_CODEC_CAP_PARAM_CHANGE)) {
-        av_log(avctx, AV_LOG_ERROR, "This decoder does not support parameter "
-               "changes, but PARAM_CHANGE side data was sent to it.\n");
-        ret = AVERROR(EINVAL);
-        goto fail2;
-    }
-
-    if (size < 4)
-        goto fail;
-
-    flags = bytestream_get_le32(&data);
-    size -= 4;
-
-    if (flags & AV_SIDE_DATA_PARAM_CHANGE_CHANNEL_COUNT) {
-        if (size < 4)
-            goto fail;
-        val = bytestream_get_le32(&data);
-        if (val <= 0 || val > INT_MAX) {
-            av_log(avctx, AV_LOG_ERROR, "Invalid channel count");
-            ret = AVERROR_INVALIDDATA;
-            goto fail2;
-        }
-        avctx->channels = val;
-        size -= 4;
-    }
-    if (flags & AV_SIDE_DATA_PARAM_CHANGE_CHANNEL_LAYOUT) {
-        if (size < 8)
-            goto fail;
-        avctx->channel_layout = bytestream_get_le64(&data);
-        size -= 8;
-    }
-    if (flags & AV_SIDE_DATA_PARAM_CHANGE_SAMPLE_RATE) {
-        if (size < 4)
-            goto fail;
-        val = bytestream_get_le32(&data);
-        if (val <= 0 || val > INT_MAX) {
-            av_log(avctx, AV_LOG_ERROR, "Invalid sample rate");
-            ret = AVERROR_INVALIDDATA;
-            goto fail2;
-        }
-        avctx->sample_rate = val;
-        size -= 4;
-    }
-    if (flags & AV_SIDE_DATA_PARAM_CHANGE_DIMENSIONS) {
-        if (size < 8)
-            goto fail;
-        avctx->width  = bytestream_get_le32(&data);
-        avctx->height = bytestream_get_le32(&data);
-        size -= 8;
-        ret = ff_set_dimensions(avctx, avctx->width, avctx->height);
-        if (ret < 0)
-            goto fail2;
-    }
-
-    return 0;
-fail:
-    av_log(avctx, AV_LOG_ERROR, "PARAM_CHANGE side data too small.\n");
-    ret = AVERROR_INVALIDDATA;
-fail2:
-    if (ret < 0) {
-        av_log(avctx, AV_LOG_ERROR, "Error applying parameter changes.\n");
-        if (avctx->err_recognition & AV_EF_EXPLODE)
-            return ret;
-    }
-    return 0;
-}
-
-static int unrefcount_frame(AVCodecInternal *avci, AVFrame *frame)
-{
-    int ret;
-
-    /* move the original frame to our backup */
-    av_frame_unref(avci->to_free);
-    av_frame_move_ref(avci->to_free, frame);
-
-    /* now copy everything except the AVBufferRefs back
-     * note that we make a COPY of the side data, so calling av_frame_free() on
-     * the caller's frame will work properly */
-    ret = av_frame_copy_props(frame, avci->to_free);
-    if (ret < 0)
-        return ret;
-
-    memcpy(frame->data,     avci->to_free->data,     sizeof(frame->data));
-    memcpy(frame->linesize, avci->to_free->linesize, sizeof(frame->linesize));
-    if (avci->to_free->extended_data != avci->to_free->data) {
-        int planes = av_frame_get_channels(avci->to_free);
-        int size   = planes * sizeof(*frame->extended_data);
-
-        if (!size) {
-            av_frame_unref(frame);
-            return AVERROR_BUG;
-        }
-
-        frame->extended_data = av_malloc(size);
-        if (!frame->extended_data) {
-            av_frame_unref(frame);
-            return AVERROR(ENOMEM);
-        }
-        memcpy(frame->extended_data, avci->to_free->extended_data,
-               size);
-    } else
-        frame->extended_data = frame->data;
-
-    frame->format         = avci->to_free->format;
-    frame->width          = avci->to_free->width;
-    frame->height         = avci->to_free->height;
-    frame->channel_layout = avci->to_free->channel_layout;
-    frame->nb_samples     = avci->to_free->nb_samples;
-    av_frame_set_channels(frame, av_frame_get_channels(avci->to_free));
-
-    return 0;
-}
-
-int attribute_align_arg avcodec_decode_video2(AVCodecContext *avctx, AVFrame *picture,
-                                              int *got_picture_ptr,
-                                              const AVPacket *avpkt)
-{
-    AVCodecInternal *avci = avctx->internal;
-    int ret;
-    // copy to ensure we do not change avpkt
-    AVPacket tmp = *avpkt;
-
-    if (!avctx->codec)
-        return AVERROR(EINVAL);
-    if (avctx->codec->type != AVMEDIA_TYPE_VIDEO) {
-        av_log(avctx, AV_LOG_ERROR, "Invalid media type for video\n");
-        return AVERROR(EINVAL);
-    }
-
-    if (!avctx->codec->decode) {
-        av_log(avctx, AV_LOG_ERROR, "This decoder requires using the avcodec_send_packet() API.\n");
-        return AVERROR(ENOSYS);
-    }
-
-    *got_picture_ptr = 0;
-    if ((avctx->coded_width || avctx->coded_height) && av_image_check_size(avctx->coded_width, avctx->coded_height, 0, avctx))
-        return AVERROR(EINVAL);
-
-    avctx->internal->pkt = avpkt;
-    ret = apply_param_change(avctx, avpkt);
-    if (ret < 0)
-        return ret;
-
-    av_frame_unref(picture);
-
-    if ((avctx->codec->capabilities & AV_CODEC_CAP_DELAY) || avpkt->size ||
-        (avctx->active_thread_type & FF_THREAD_FRAME)) {
-        int did_split = av_packet_split_side_data(&tmp);
-        ret = apply_param_change(avctx, &tmp);
-        if (ret < 0)
-            goto fail;
-
-        avctx->internal->pkt = &tmp;
-        if (HAVE_THREADS && avctx->active_thread_type & FF_THREAD_FRAME)
-            ret = ff_thread_decode_frame(avctx, picture, got_picture_ptr,
-                                         &tmp);
-        else {
-            ret = avctx->codec->decode(avctx, picture, got_picture_ptr,
-                                       &tmp);
-            if (!(avctx->codec->caps_internal & FF_CODEC_CAP_SETS_PKT_DTS))
-                picture->pkt_dts = avpkt->dts;
-
-            if(!avctx->has_b_frames){
-                av_frame_set_pkt_pos(picture, avpkt->pos);
-            }
-            //FIXME these should be under if(!avctx->has_b_frames)
-            /* get_buffer is supposed to set frame parameters */
-            if (!(avctx->codec->capabilities & AV_CODEC_CAP_DR1)) {
-                if (!picture->sample_aspect_ratio.num)    picture->sample_aspect_ratio = avctx->sample_aspect_ratio;
-                if (!picture->width)                      picture->width               = avctx->width;
-                if (!picture->height)                     picture->height              = avctx->height;
-                if (picture->format == AV_PIX_FMT_NONE)   picture->format              = avctx->pix_fmt;
-            }
-        }
-
-fail:
-        emms_c(); //needed to avoid an emms_c() call before every return;
-
-        avctx->internal->pkt = NULL;
-        if (did_split) {
-            av_packet_free_side_data(&tmp);
-            if(ret == tmp.size)
-                ret = avpkt->size;
-        }
-        if (picture->flags & AV_FRAME_FLAG_DISCARD) {
-            *got_picture_ptr = 0;
-        }
-        if (*got_picture_ptr) {
-            if (!avctx->refcounted_frames) {
-                int err = unrefcount_frame(avci, picture);
-                if (err < 0)
-                    return err;
-            }
-
-            avctx->frame_number++;
-            av_frame_set_best_effort_timestamp(picture,
-                                               guess_correct_pts(avctx,
-                                                                 picture->pts,
-                                                                 picture->pkt_dts));
-        } else
-            av_frame_unref(picture);
-    } else
-        ret = 0;
-
-    /* many decoders assign whole AVFrames, thus overwriting extended_data;
-     * make sure it's set correctly */
-    av_assert0(!picture->extended_data || picture->extended_data == picture->data);
-
-#if FF_API_AVCTX_TIMEBASE
-    if (avctx->framerate.num > 0 && avctx->framerate.den > 0)
-        avctx->time_base = av_inv_q(av_mul_q(avctx->framerate, (AVRational){avctx->ticks_per_frame, 1}));
-#endif
-
-    return ret;
-}
-
-int attribute_align_arg avcodec_decode_audio4(AVCodecContext *avctx,
-                                              AVFrame *frame,
-                                              int *got_frame_ptr,
-                                              const AVPacket *avpkt)
-{
-    AVCodecInternal *avci = avctx->internal;
-    int ret = 0;
-
-    *got_frame_ptr = 0;
-
-    if (!avctx->codec)
-        return AVERROR(EINVAL);
-
-    if (!avctx->codec->decode) {
-        av_log(avctx, AV_LOG_ERROR, "This decoder requires using the avcodec_send_packet() API.\n");
-        return AVERROR(ENOSYS);
-    }
-
-    if (!avpkt->data && avpkt->size) {
-        av_log(avctx, AV_LOG_ERROR, "invalid packet: NULL data, size != 0\n");
-        return AVERROR(EINVAL);
-    }
-    if (avctx->codec->type != AVMEDIA_TYPE_AUDIO) {
-        av_log(avctx, AV_LOG_ERROR, "Invalid media type for audio\n");
-        return AVERROR(EINVAL);
-    }
-
-    av_frame_unref(frame);
-
-    if ((avctx->codec->capabilities & AV_CODEC_CAP_DELAY) || avpkt->size || (avctx->active_thread_type & FF_THREAD_FRAME)) {
-        uint8_t *side;
-        int side_size;
-        uint32_t discard_padding = 0;
-        uint8_t skip_reason = 0;
-        uint8_t discard_reason = 0;
-        // copy to ensure we do not change avpkt
-        AVPacket tmp = *avpkt;
-        int did_split = av_packet_split_side_data(&tmp);
-        ret = apply_param_change(avctx, &tmp);
-        if (ret < 0)
-            goto fail;
-
-        avctx->internal->pkt = &tmp;
-        if (HAVE_THREADS && avctx->active_thread_type & FF_THREAD_FRAME)
-            ret = ff_thread_decode_frame(avctx, frame, got_frame_ptr, &tmp);
-        else {
-            ret = avctx->codec->decode(avctx, frame, got_frame_ptr, &tmp);
-            av_assert0(ret <= tmp.size);
-            frame->pkt_dts = avpkt->dts;
-        }
-        if (ret >= 0 && *got_frame_ptr) {
-            avctx->frame_number++;
-            av_frame_set_best_effort_timestamp(frame,
-                                               guess_correct_pts(avctx,
-                                                                 frame->pts,
-                                                                 frame->pkt_dts));
-            if (frame->format == AV_SAMPLE_FMT_NONE)
-                frame->format = avctx->sample_fmt;
-            if (!frame->channel_layout)
-                frame->channel_layout = avctx->channel_layout;
-            if (!av_frame_get_channels(frame))
-                av_frame_set_channels(frame, avctx->channels);
-            if (!frame->sample_rate)
-                frame->sample_rate = avctx->sample_rate;
-        }
-
-        side= av_packet_get_side_data(avctx->internal->pkt, AV_PKT_DATA_SKIP_SAMPLES, &side_size);
-        if(side && side_size>=10) {
-            avctx->internal->skip_samples = AV_RL32(side);
-            discard_padding = AV_RL32(side + 4);
-            av_log(avctx, AV_LOG_DEBUG, "skip %d / discard %d samples due to side data\n",
-                   avctx->internal->skip_samples, (int)discard_padding);
-            skip_reason = AV_RL8(side + 8);
-            discard_reason = AV_RL8(side + 9);
-        }
-
-        if ((frame->flags & AV_FRAME_FLAG_DISCARD) && *got_frame_ptr &&
-            !(avctx->flags2 & AV_CODEC_FLAG2_SKIP_MANUAL)) {
-            avctx->internal->skip_samples -= frame->nb_samples;
-            *got_frame_ptr = 0;
-        }
-
-        if (avctx->internal->skip_samples > 0 && *got_frame_ptr &&
-            !(avctx->flags2 & AV_CODEC_FLAG2_SKIP_MANUAL)) {
-            if(frame->nb_samples <= avctx->internal->skip_samples){
-                *got_frame_ptr = 0;
-                avctx->internal->skip_samples -= frame->nb_samples;
-                av_log(avctx, AV_LOG_DEBUG, "skip whole frame, skip left: %d\n",
-                       avctx->internal->skip_samples);
-            } else {
-                av_samples_copy(frame->extended_data, frame->extended_data, 0, avctx->internal->skip_samples,
-                                frame->nb_samples - avctx->internal->skip_samples, avctx->channels, frame->format);
-                if(avctx->pkt_timebase.num && avctx->sample_rate) {
-                    int64_t diff_ts = av_rescale_q(avctx->internal->skip_samples,
-                                                   (AVRational){1, avctx->sample_rate},
-                                                   avctx->pkt_timebase);
-                    if(frame->pts!=AV_NOPTS_VALUE)
-                        frame->pts += diff_ts;
-#if FF_API_PKT_PTS
-FF_DISABLE_DEPRECATION_WARNINGS
-                    if(frame->pkt_pts!=AV_NOPTS_VALUE)
-                        frame->pkt_pts += diff_ts;
-FF_ENABLE_DEPRECATION_WARNINGS
-#endif
-                    if(frame->pkt_dts!=AV_NOPTS_VALUE)
-                        frame->pkt_dts += diff_ts;
-                    if (av_frame_get_pkt_duration(frame) >= diff_ts)
-                        av_frame_set_pkt_duration(frame, av_frame_get_pkt_duration(frame) - diff_ts);
-                } else {
-                    av_log(avctx, AV_LOG_WARNING, "Could not update timestamps for skipped samples.\n");
-                }
-                av_log(avctx, AV_LOG_DEBUG, "skip %d/%d samples\n",
-                       avctx->internal->skip_samples, frame->nb_samples);
-                frame->nb_samples -= avctx->internal->skip_samples;
-                avctx->internal->skip_samples = 0;
-            }
-        }
-
-        if (discard_padding > 0 && discard_padding <= frame->nb_samples && *got_frame_ptr &&
-            !(avctx->flags2 & AV_CODEC_FLAG2_SKIP_MANUAL)) {
-            if (discard_padding == frame->nb_samples) {
-                *got_frame_ptr = 0;
-            } else {
-                if(avctx->pkt_timebase.num && avctx->sample_rate) {
-                    int64_t diff_ts = av_rescale_q(frame->nb_samples - discard_padding,
-                                                   (AVRational){1, avctx->sample_rate},
-                                                   avctx->pkt_timebase);
-                    av_frame_set_pkt_duration(frame, diff_ts);
-                } else {
-                    av_log(avctx, AV_LOG_WARNING, "Could not update timestamps for discarded samples.\n");
-                }
-                av_log(avctx, AV_LOG_DEBUG, "discard %d/%d samples\n",
-                       (int)discard_padding, frame->nb_samples);
-                frame->nb_samples -= discard_padding;
-            }
-        }
-
-        if ((avctx->flags2 & AV_CODEC_FLAG2_SKIP_MANUAL) && *got_frame_ptr) {
-            AVFrameSideData *fside = av_frame_new_side_data(frame, AV_FRAME_DATA_SKIP_SAMPLES, 10);
-            if (fside) {
-                AV_WL32(fside->data, avctx->internal->skip_samples);
-                AV_WL32(fside->data + 4, discard_padding);
-                AV_WL8(fside->data + 8, skip_reason);
-                AV_WL8(fside->data + 9, discard_reason);
-                avctx->internal->skip_samples = 0;
-            }
-        }
-fail:
-        avctx->internal->pkt = NULL;
-        if (did_split) {
-            av_packet_free_side_data(&tmp);
-            if(ret == tmp.size)
-                ret = avpkt->size;
-        }
-
-        if (ret >= 0 && *got_frame_ptr) {
-            if (!avctx->refcounted_frames) {
-                int err = unrefcount_frame(avci, frame);
-                if (err < 0)
-                    return err;
-            }
-        } else
-            av_frame_unref(frame);
-    }
-
-    av_assert0(ret <= avpkt->size);
-
-    if (!avci->showed_multi_packet_warning &&
-        ret >= 0 && ret != avpkt->size && !(avctx->codec->capabilities & AV_CODEC_CAP_SUBFRAMES)) {
-            av_log(avctx, AV_LOG_WARNING, "Multiple frames in a packet.\n");
-        avci->showed_multi_packet_warning = 1;
-    }
-
-    return ret;
-}
-
-#define UTF8_MAX_BYTES 4 /* 5 and 6 bytes sequences should not be used */
-static int recode_subtitle(AVCodecContext *avctx,
-                           AVPacket *outpkt, const AVPacket *inpkt)
-{
-#if CONFIG_ICONV
-    iconv_t cd = (iconv_t)-1;
-    int ret = 0;
-    char *inb, *outb;
-    size_t inl, outl;
-    AVPacket tmp;
-#endif
-
-    if (avctx->sub_charenc_mode != FF_SUB_CHARENC_MODE_PRE_DECODER || inpkt->size == 0)
-        return 0;
-
-#if CONFIG_ICONV
-    cd = iconv_open("UTF-8", avctx->sub_charenc);
-    av_assert0(cd != (iconv_t)-1);
-
-    inb = inpkt->data;
-    inl = inpkt->size;
-
-    if (inl >= INT_MAX / UTF8_MAX_BYTES - AV_INPUT_BUFFER_PADDING_SIZE) {
-        av_log(avctx, AV_LOG_ERROR, "Subtitles packet is too big for recoding\n");
-        ret = AVERROR(ENOMEM);
-        goto end;
-    }
-
-    ret = av_new_packet(&tmp, inl * UTF8_MAX_BYTES);
-    if (ret < 0)
-        goto end;
-    outpkt->buf  = tmp.buf;
-    outpkt->data = tmp.data;
-    outpkt->size = tmp.size;
-    outb = outpkt->data;
-    outl = outpkt->size;
-
-    if (iconv(cd, &inb, &inl, &outb, &outl) == (size_t)-1 ||
-        iconv(cd, NULL, NULL, &outb, &outl) == (size_t)-1 ||
-        outl >= outpkt->size || inl != 0) {
-        ret = FFMIN(AVERROR(errno), -1);
-        av_log(avctx, AV_LOG_ERROR, "Unable to recode subtitle event \"%s\" "
-               "from %s to UTF-8\n", inpkt->data, avctx->sub_charenc);
-        av_packet_unref(&tmp);
-        goto end;
-    }
-    outpkt->size -= outl;
-    memset(outpkt->data + outpkt->size, 0, outl);
-
-end:
-    if (cd != (iconv_t)-1)
-        iconv_close(cd);
-    return ret;
-#else
-    av_log(avctx, AV_LOG_ERROR, "requesting subtitles recoding without iconv");
-    return AVERROR(EINVAL);
-#endif
-}
-
-static int utf8_check(const uint8_t *str)
-{
-    const uint8_t *byte;
-    uint32_t codepoint, min;
-
-    while (*str) {
-        byte = str;
-        GET_UTF8(codepoint, *(byte++), return 0;);
-        min = byte - str == 1 ? 0 : byte - str == 2 ? 0x80 :
-              1 << (5 * (byte - str) - 4);
-        if (codepoint < min || codepoint >= 0x110000 ||
-            codepoint == 0xFFFE /* BOM */ ||
-            codepoint >= 0xD800 && codepoint <= 0xDFFF /* surrogates */)
-            return 0;
-        str = byte;
-    }
-    return 1;
-}
-
-#if FF_API_ASS_TIMING
-static void insert_ts(AVBPrint *buf, int ts)
-{
-    if (ts == -1) {
-        av_bprintf(buf, "9:59:59.99,");
-    } else {
-        int h, m, s;
-
-        h = ts/360000;  ts -= 360000*h;
-        m = ts/  6000;  ts -=   6000*m;
-        s = ts/   100;  ts -=    100*s;
-        av_bprintf(buf, "%d:%02d:%02d.%02d,", h, m, s, ts);
-    }
-}
-
-static int convert_sub_to_old_ass_form(AVSubtitle *sub, const AVPacket *pkt, AVRational tb)
-{
-    int i;
-    AVBPrint buf;
-
-    av_bprint_init(&buf, 0, AV_BPRINT_SIZE_UNLIMITED);
-
-    for (i = 0; i < sub->num_rects; i++) {
-        char *final_dialog;
-        const char *dialog;
-        AVSubtitleRect *rect = sub->rects[i];
-        int ts_start, ts_duration = -1;
-        long int layer;
-
-        if (rect->type != SUBTITLE_ASS || !strncmp(rect->ass, "Dialogue: ", 10))
-            continue;
-
-        av_bprint_clear(&buf);
-
-        /* skip ReadOrder */
-        dialog = strchr(rect->ass, ',');
-        if (!dialog)
-            continue;
-        dialog++;
-
-        /* extract Layer or Marked */
-        layer = strtol(dialog, (char**)&dialog, 10);
-        if (*dialog != ',')
-            continue;
-        dialog++;
-
-        /* rescale timing to ASS time base (ms) */
-        ts_start = av_rescale_q(pkt->pts, tb, av_make_q(1, 100));
-        if (pkt->duration != -1)
-            ts_duration = av_rescale_q(pkt->duration, tb, av_make_q(1, 100));
-        sub->end_display_time = FFMAX(sub->end_display_time, 10 * ts_duration);
-
-        /* construct ASS (standalone file form with timestamps) string */
-        av_bprintf(&buf, "Dialogue: %ld,", layer);
-        insert_ts(&buf, ts_start);
-        insert_ts(&buf, ts_duration == -1 ? -1 : ts_start + ts_duration);
-        av_bprintf(&buf, "%s\r\n", dialog);
-
-        final_dialog = av_strdup(buf.str);
-        if (!av_bprint_is_complete(&buf) || !final_dialog) {
-            av_freep(&final_dialog);
-            av_bprint_finalize(&buf, NULL);
-            return AVERROR(ENOMEM);
-        }
-        av_freep(&rect->ass);
-        rect->ass = final_dialog;
-    }
-
-    av_bprint_finalize(&buf, NULL);
-    return 0;
-}
-#endif
-
-int avcodec_decode_subtitle2(AVCodecContext *avctx, AVSubtitle *sub,
-                             int *got_sub_ptr,
-                             AVPacket *avpkt)
-{
-    int i, ret = 0;
-
-    if (!avpkt->data && avpkt->size) {
-        av_log(avctx, AV_LOG_ERROR, "invalid packet: NULL data, size != 0\n");
-        return AVERROR(EINVAL);
-    }
-    if (!avctx->codec)
-        return AVERROR(EINVAL);
-    if (avctx->codec->type != AVMEDIA_TYPE_SUBTITLE) {
-        av_log(avctx, AV_LOG_ERROR, "Invalid media type for subtitles\n");
-        return AVERROR(EINVAL);
-    }
-
-    *got_sub_ptr = 0;
-    get_subtitle_defaults(sub);
-
-    if ((avctx->codec->capabilities & AV_CODEC_CAP_DELAY) || avpkt->size) {
-        AVPacket pkt_recoded;
-        AVPacket tmp = *avpkt;
-        int did_split = av_packet_split_side_data(&tmp);
-        //apply_param_change(avctx, &tmp);
-
-        if (did_split) {
-            /* FFMIN() prevents overflow in case the packet wasn't allocated with
-             * proper padding.
-             * If the side data is smaller than the buffer padding size, the
-             * remaining bytes should have already been filled with zeros by the
-             * original packet allocation anyway. */
-            memset(tmp.data + tmp.size, 0,
-                   FFMIN(avpkt->size - tmp.size, AV_INPUT_BUFFER_PADDING_SIZE));
-        }
-
-        pkt_recoded = tmp;
-        ret = recode_subtitle(avctx, &pkt_recoded, &tmp);
-        if (ret < 0) {
-            *got_sub_ptr = 0;
-        } else {
-            avctx->internal->pkt = &pkt_recoded;
-
-            if (avctx->pkt_timebase.num && avpkt->pts != AV_NOPTS_VALUE)
-                sub->pts = av_rescale_q(avpkt->pts,
-                                        avctx->pkt_timebase, AV_TIME_BASE_Q);
-            ret = avctx->codec->decode(avctx, sub, got_sub_ptr, &pkt_recoded);
-            av_assert1((ret >= 0) >= !!*got_sub_ptr &&
-                       !!*got_sub_ptr >= !!sub->num_rects);
-
-#if FF_API_ASS_TIMING
-            if (avctx->sub_text_format == FF_SUB_TEXT_FMT_ASS_WITH_TIMINGS
-                && *got_sub_ptr && sub->num_rects) {
-                const AVRational tb = avctx->pkt_timebase.num ? avctx->pkt_timebase
-                                                              : avctx->time_base;
-                int err = convert_sub_to_old_ass_form(sub, avpkt, tb);
-                if (err < 0)
-                    ret = err;
-            }
-#endif
-
-            if (sub->num_rects && !sub->end_display_time && avpkt->duration &&
-                avctx->pkt_timebase.num) {
-                AVRational ms = { 1, 1000 };
-                sub->end_display_time = av_rescale_q(avpkt->duration,
-                                                     avctx->pkt_timebase, ms);
-            }
-
-            for (i = 0; i < sub->num_rects; i++) {
-                if (sub->rects[i]->ass && !utf8_check(sub->rects[i]->ass)) {
-                    av_log(avctx, AV_LOG_ERROR,
-                           "Invalid UTF-8 in decoded subtitles text; "
-                           "maybe missing -sub_charenc option\n");
-                    avsubtitle_free(sub);
-                    return AVERROR_INVALIDDATA;
-                }
-            }
-
-            if (tmp.data != pkt_recoded.data) { // did we recode?
-                /* prevent from destroying side data from original packet */
-                pkt_recoded.side_data = NULL;
-                pkt_recoded.side_data_elems = 0;
-
-                av_packet_unref(&pkt_recoded);
-            }
-            if (avctx->codec_descriptor->props & AV_CODEC_PROP_BITMAP_SUB)
-                sub->format = 0;
-            else if (avctx->codec_descriptor->props & AV_CODEC_PROP_TEXT_SUB)
-                sub->format = 1;
-            avctx->internal->pkt = NULL;
-        }
-
-        if (did_split) {
-            av_packet_free_side_data(&tmp);
-            if(ret == tmp.size)
-                ret = avpkt->size;
-        }
-
-        if (*got_sub_ptr)
-            avctx->frame_number++;
-    }
-
-    return ret;
-}
-
 void avsubtitle_free(AVSubtitle *sub)
 {
     int i;
@@ -2761,263 +1157,7 @@ void avsubtitle_free(AVSubtitle *sub)
 
     av_freep(&sub->rects);
 
-    memset(sub, 0, sizeof(AVSubtitle));
-}
-
-static int do_decode(AVCodecContext *avctx, AVPacket *pkt)
-{
-    int got_frame;
-    int ret;
-
-    av_assert0(!avctx->internal->buffer_frame->buf[0]);
-
-    if (!pkt)
-        pkt = avctx->internal->buffer_pkt;
-
-    // This is the lesser evil. The field is for compatibility with legacy users
-    // of the legacy API, and users using the new API should not be forced to
-    // even know about this field.
-    avctx->refcounted_frames = 1;
-
-    // Some codecs (at least wma lossless) will crash when feeding drain packets
-    // after EOF was signaled.
-    if (avctx->internal->draining_done)
-        return AVERROR_EOF;
-
-    if (avctx->codec_type == AVMEDIA_TYPE_VIDEO) {
-        ret = avcodec_decode_video2(avctx, avctx->internal->buffer_frame,
-                                    &got_frame, pkt);
-        if (ret >= 0)
-            ret = pkt->size;
-    } else if (avctx->codec_type == AVMEDIA_TYPE_AUDIO) {
-        ret = avcodec_decode_audio4(avctx, avctx->internal->buffer_frame,
-                                    &got_frame, pkt);
-    } else {
-        ret = AVERROR(EINVAL);
-    }
-
-    if (ret == AVERROR(EAGAIN))
-        ret = pkt->size;
-
-    if (ret < 0)
-        return ret;
-
-    if (avctx->internal->draining && !got_frame)
-        avctx->internal->draining_done = 1;
-
-    if (ret >= pkt->size) {
-        av_packet_unref(avctx->internal->buffer_pkt);
-    } else {
-        int consumed = ret;
-
-        if (pkt != avctx->internal->buffer_pkt) {
-            av_packet_unref(avctx->internal->buffer_pkt);
-            if ((ret = av_packet_ref(avctx->internal->buffer_pkt, pkt)) < 0)
-                return ret;
-        }
-
-        avctx->internal->buffer_pkt->data += consumed;
-        avctx->internal->buffer_pkt->size -= consumed;
-        avctx->internal->buffer_pkt->pts   = AV_NOPTS_VALUE;
-        avctx->internal->buffer_pkt->dts   = AV_NOPTS_VALUE;
-    }
-
-    if (got_frame)
-        av_assert0(avctx->internal->buffer_frame->buf[0]);
-
-    return 0;
-}
-
-int attribute_align_arg avcodec_send_packet(AVCodecContext *avctx, const AVPacket *avpkt)
-{
-    int ret;
-
-    if (!avcodec_is_open(avctx) || !av_codec_is_decoder(avctx->codec))
-        return AVERROR(EINVAL);
-
-    if (avctx->internal->draining)
-        return AVERROR_EOF;
-
-    if (avpkt && !avpkt->size && avpkt->data)
-        return AVERROR(EINVAL);
-
-    if (!avpkt || !avpkt->size) {
-        avctx->internal->draining = 1;
-        avpkt = NULL;
-
-        if (!(avctx->codec->capabilities & AV_CODEC_CAP_DELAY))
-            return 0;
-    }
-
-    if (avctx->codec->send_packet) {
-        if (avpkt) {
-            AVPacket tmp = *avpkt;
-            int did_split = av_packet_split_side_data(&tmp);
-            ret = apply_param_change(avctx, &tmp);
-            if (ret >= 0)
-                ret = avctx->codec->send_packet(avctx, &tmp);
-            if (did_split)
-                av_packet_free_side_data(&tmp);
-            return ret;
-        } else {
-            return avctx->codec->send_packet(avctx, NULL);
-        }
-    }
-
-    // Emulation via old API. Assume avpkt is likely not refcounted, while
-    // decoder output is always refcounted, and avoid copying.
-
-    if (avctx->internal->buffer_pkt->size || avctx->internal->buffer_frame->buf[0])
-        return AVERROR(EAGAIN);
-
-    // The goal is decoding the first frame of the packet without using memcpy,
-    // because the common case is having only 1 frame per packet (especially
-    // with video, but audio too). In other cases, it can't be avoided, unless
-    // the user is feeding refcounted packets.
-    return do_decode(avctx, (AVPacket *)avpkt);
-}
-
-int attribute_align_arg avcodec_receive_frame(AVCodecContext *avctx, AVFrame *frame)
-{
-    int ret;
-
-    av_frame_unref(frame);
-
-    if (!avcodec_is_open(avctx) || !av_codec_is_decoder(avctx->codec))
-        return AVERROR(EINVAL);
-
-    if (avctx->codec->receive_frame) {
-        if (avctx->internal->draining && !(avctx->codec->capabilities & AV_CODEC_CAP_DELAY))
-            return AVERROR_EOF;
-        ret = avctx->codec->receive_frame(avctx, frame);
-        if (ret >= 0) {
-            if (av_frame_get_best_effort_timestamp(frame) == AV_NOPTS_VALUE) {
-                av_frame_set_best_effort_timestamp(frame,
-                    guess_correct_pts(avctx, frame->pts, frame->pkt_dts));
-            }
-        }
-        return ret;
-    }
-
-    // Emulation via old API.
-
-    if (!avctx->internal->buffer_frame->buf[0]) {
-        if (!avctx->internal->buffer_pkt->size && !avctx->internal->draining)
-            return AVERROR(EAGAIN);
-
-        while (1) {
-            if ((ret = do_decode(avctx, avctx->internal->buffer_pkt)) < 0) {
-                av_packet_unref(avctx->internal->buffer_pkt);
-                return ret;
-            }
-            // Some audio decoders may consume partial data without returning
-            // a frame (fate-wmapro-2ch). There is no way to make the caller
-            // call avcodec_receive_frame() again without returning a frame,
-            // so try to decode more in these cases.
-            if (avctx->internal->buffer_frame->buf[0] ||
-                !avctx->internal->buffer_pkt->size)
-                break;
-        }
-    }
-
-    if (!avctx->internal->buffer_frame->buf[0])
-        return avctx->internal->draining ? AVERROR_EOF : AVERROR(EAGAIN);
-
-    av_frame_move_ref(frame, avctx->internal->buffer_frame);
-    return 0;
-}
-
-static int do_encode(AVCodecContext *avctx, const AVFrame *frame, int *got_packet)
-{
-    int ret;
-    *got_packet = 0;
-
-    av_packet_unref(avctx->internal->buffer_pkt);
-    avctx->internal->buffer_pkt_valid = 0;
-
-    if (avctx->codec_type == AVMEDIA_TYPE_VIDEO) {
-        ret = avcodec_encode_video2(avctx, avctx->internal->buffer_pkt,
-                                    frame, got_packet);
-    } else if (avctx->codec_type == AVMEDIA_TYPE_AUDIO) {
-        ret = avcodec_encode_audio2(avctx, avctx->internal->buffer_pkt,
-                                    frame, got_packet);
-    } else {
-        ret = AVERROR(EINVAL);
-    }
-
-    if (ret >= 0 && *got_packet) {
-        // Encoders must always return ref-counted buffers.
-        // Side-data only packets have no data and can be not ref-counted.
-        av_assert0(!avctx->internal->buffer_pkt->data || avctx->internal->buffer_pkt->buf);
-        avctx->internal->buffer_pkt_valid = 1;
-        ret = 0;
-    } else {
-        av_packet_unref(avctx->internal->buffer_pkt);
-    }
-
-    return ret;
-}
-
-int attribute_align_arg avcodec_send_frame(AVCodecContext *avctx, const AVFrame *frame)
-{
-    if (!avcodec_is_open(avctx) || !av_codec_is_encoder(avctx->codec))
-        return AVERROR(EINVAL);
-
-    if (avctx->internal->draining)
-        return AVERROR_EOF;
-
-    if (!frame) {
-        avctx->internal->draining = 1;
-
-        if (!(avctx->codec->capabilities & AV_CODEC_CAP_DELAY))
-            return 0;
-    }
-
-    if (avctx->codec->send_frame)
-        return avctx->codec->send_frame(avctx, frame);
-
-    // Emulation via old API. Do it here instead of avcodec_receive_packet, because:
-    // 1. if the AVFrame is not refcounted, the copying will be much more
-    //    expensive than copying the packet data
-    // 2. assume few users use non-refcounted AVPackets, so usually no copy is
-    //    needed
-
-    if (avctx->internal->buffer_pkt_valid)
-        return AVERROR(EAGAIN);
-
-    return do_encode(avctx, frame, &(int){0});
-}
-
-int attribute_align_arg avcodec_receive_packet(AVCodecContext *avctx, AVPacket *avpkt)
-{
-    av_packet_unref(avpkt);
-
-    if (!avcodec_is_open(avctx) || !av_codec_is_encoder(avctx->codec))
-        return AVERROR(EINVAL);
-
-    if (avctx->codec->receive_packet) {
-        if (avctx->internal->draining && !(avctx->codec->capabilities & AV_CODEC_CAP_DELAY))
-            return AVERROR_EOF;
-        return avctx->codec->receive_packet(avctx, avpkt);
-    }
-
-    // Emulation via old API.
-
-    if (!avctx->internal->buffer_pkt_valid) {
-        int got_packet;
-        int ret;
-        if (!avctx->internal->draining)
-            return AVERROR(EAGAIN);
-        ret = do_encode(avctx, NULL, &got_packet);
-        if (ret < 0)
-            return ret;
-        if (ret >= 0 && !got_packet)
-            return AVERROR_EOF;
-    }
-
-    av_packet_move_ref(avpkt, avctx->internal->buffer_pkt);
-    avctx->internal->buffer_pkt_valid = 0;
-    return 0;
+    memset(sub, 0, sizeof(*sub));
 }
 
 av_cold int avcodec_close(AVCodecContext *avctx)
@@ -3040,8 +1180,13 @@ av_cold int avcodec_close(AVCodecContext *avctx)
         avctx->internal->byte_buffer_size = 0;
         av_freep(&avctx->internal->byte_buffer);
         av_frame_free(&avctx->internal->to_free);
+        av_frame_free(&avctx->internal->compat_decode_frame);
         av_frame_free(&avctx->internal->buffer_frame);
         av_packet_free(&avctx->internal->buffer_pkt);
+        av_packet_free(&avctx->internal->last_pkt_props);
+
+        av_packet_free(&avctx->internal->ds.in_pkt);
+
         for (i = 0; i < FF_ARRAY_ELEMS(pool->pools); i++)
             av_buffer_pool_uninit(&pool->pools[i]);
         av_freep(&avctx->internal->pool);
@@ -3050,6 +1195,8 @@ av_cold int avcodec_close(AVCodecContext *avctx)
             avctx->hwaccel->uninit(avctx);
         av_freep(&avctx->internal->hwaccel_priv_data);
 
+        ff_decode_bsfs_uninit(avctx);
+
         av_freep(&avctx->internal);
     }
 
@@ -3059,6 +1206,7 @@ av_cold int avcodec_close(AVCodecContext *avctx)
     avctx->nb_coded_side_data = 0;
 
     av_buffer_unref(&avctx->hw_frames_ctx);
+    av_buffer_unref(&avctx->hw_device_ctx);
 
     if (avctx->priv_data && avctx->codec && avctx->codec->priv_class)
         av_opt_free(avctx->priv_data);
@@ -3215,12 +1363,9 @@ void avcodec_string(char *buf, int buf_size, AVCodecContext *enc, int encode)
                  ", %d reference frame%s",
                  enc->refs, enc->refs > 1 ? "s" : "");
 
-    if (enc->codec_tag) {
-        char tag_buf[32];
-        av_get_codec_tag_string(tag_buf, sizeof(tag_buf), enc->codec_tag);
-        snprintf(buf + strlen(buf), buf_size - strlen(buf),
-                 " (%s / 0x%04X)", tag_buf, enc->codec_tag);
-    }
+    if (enc->codec_tag)
+        snprintf(buf + strlen(buf), buf_size - strlen(buf), " (%s / 0x%04X)",
+                 av_fourcc2str(enc->codec_tag), enc->codec_tag);
 
     switch (enc->codec_type) {
     case AVMEDIA_TYPE_VIDEO:
@@ -3377,7 +1522,7 @@ void avcodec_string(char *buf, int buf_size, AVCodecContext *enc, int encode)
                  ", %"PRId64" kb/s", bitrate / 1000);
     } else if (enc->rc_max_rate > 0) {
         snprintf(buf + strlen(buf), buf_size - strlen(buf),
-                 ", max. %"PRId64" kb/s", (int64_t)enc->rc_max_rate / 1000);
+                 ", max. %"PRId64" kb/s", enc->rc_max_rate / 1000);
     }
 }
 
@@ -3432,26 +1577,6 @@ const char *avcodec_license(void)
     return LICENSE_PREFIX FFMPEG_LICENSE + sizeof(LICENSE_PREFIX) - 1;
 }
 
-void avcodec_flush_buffers(AVCodecContext *avctx)
-{
-    avctx->internal->draining      = 0;
-    avctx->internal->draining_done = 0;
-    av_frame_unref(avctx->internal->buffer_frame);
-    av_packet_unref(avctx->internal->buffer_pkt);
-    avctx->internal->buffer_pkt_valid = 0;
-
-    if (HAVE_THREADS && avctx->active_thread_type & FF_THREAD_FRAME)
-        ff_thread_flush(avctx);
-    else if (avctx->codec->flush)
-        avctx->codec->flush(avctx);
-
-    avctx->pts_correction_last_pts =
-    avctx->pts_correction_last_dts = INT64_MIN;
-
-    if (!avctx->refcounted_frames)
-        av_frame_unref(avctx->internal->to_free);
-}
-
 int av_get_exact_bits_per_sample(enum AVCodecID codec_id)
 {
     switch (codec_id) {
@@ -3499,6 +1624,8 @@ int av_get_exact_bits_per_sample(enum AVCodecID codec_id)
     case AV_CODEC_ID_PCM_U32LE:
     case AV_CODEC_ID_PCM_F32BE:
     case AV_CODEC_ID_PCM_F32LE:
+    case AV_CODEC_ID_PCM_F24LE:
+    case AV_CODEC_ID_PCM_F16LE:
         return 32;
     case AV_CODEC_ID_PCM_F64BE:
     case AV_CODEC_ID_PCM_F64LE:
@@ -3595,6 +1722,9 @@ static int get_audio_frame_duration(enum AVCodecID id, int sr, int ch, int ba,
             if (id == AV_CODEC_ID_BINKAUDIO_DCT)
                 return (480 << (sr / 22050)) / ch;
         }
+
+        if (id == AV_CODEC_ID_MP3)
+            return sr <= 24000 ? 576 : 1152;
     }
 
     if (ba > 0) {
@@ -3627,7 +1757,7 @@ static int get_audio_frame_duration(enum AVCodecID id, int sr, int ch, int ba,
 
         if (bps > 0) {
             /* calc from frame_bytes and bits_per_coded_sample */
-            if (id == AV_CODEC_ID_ADPCM_G726)
+            if (id == AV_CODEC_ID_ADPCM_G726 || id == AV_CODEC_ID_ADPCM_G726LE)
                 return frame_bytes * 8 / bps;
         }
 
@@ -3931,7 +2061,8 @@ int ff_thread_ref_frame(ThreadFrame *dst, ThreadFrame *src)
 {
     int ret;
 
-    dst->owner = src->owner;
+    dst->owner[0] = src->owner[0];
+    dst->owner[1] = src->owner[1];
 
     ret = av_frame_ref(dst->f, src->f);
     if (ret < 0)
@@ -3941,7 +2072,7 @@ int ff_thread_ref_frame(ThreadFrame *dst, ThreadFrame *src)
 
     if (src->progress &&
         !(dst->progress = av_buffer_ref(src->progress))) {
-        ff_thread_release_buffer(dst->owner, dst);
+        ff_thread_release_buffer(dst->owner[0], dst);
         return AVERROR(ENOMEM);
     }
 
@@ -3957,7 +2088,7 @@ enum AVPixelFormat ff_thread_get_format(AVCodecContext *avctx, const enum AVPixe
 
 int ff_thread_get_buffer(AVCodecContext *avctx, ThreadFrame *f, int flags)
 {
-    f->owner = avctx;
+    f->owner[0] = f->owner[1] = avctx;
     return ff_get_buffer(avctx, f->f, flags);
 }
 
@@ -4319,3 +2450,24 @@ int ff_alloc_a53_sei(const AVFrame *frame, size_t prefix_len,
 
     return 0;
 }
+
+int64_t ff_guess_coded_bitrate(AVCodecContext *avctx)
+{
+    AVRational framerate = avctx->framerate;
+    int bits_per_coded_sample = avctx->bits_per_coded_sample;
+    int64_t bitrate;
+
+    if (!(framerate.num && framerate.den))
+        framerate = av_inv_q(avctx->time_base);
+    if (!(framerate.num && framerate.den))
+        return 0;
+
+    if (!bits_per_coded_sample) {
+        const AVPixFmtDescriptor *desc = av_pix_fmt_desc_get(avctx->pix_fmt);
+        bits_per_coded_sample = av_get_bits_per_pixel(desc);
+    }
+    bitrate = (int64_t)bits_per_coded_sample * avctx->width * avctx->height *
+              framerate.num / framerate.den;
+
+    return bitrate;
+}
diff --git a/media/ffvpx/libavcodec/version.h b/media/ffvpx/libavcodec/version.h
index ec8837a4e..10d9ac4eb 100644
--- a/media/ffvpx/libavcodec/version.h
+++ b/media/ffvpx/libavcodec/version.h
@@ -28,8 +28,8 @@
 #include "libavutil/version.h"
 
 #define LIBAVCODEC_VERSION_MAJOR  57
-#define LIBAVCODEC_VERSION_MINOR  64
-#define LIBAVCODEC_VERSION_MICRO 101
+#define LIBAVCODEC_VERSION_MINOR 107
+#define LIBAVCODEC_VERSION_MICRO 100
 
 #define LIBAVCODEC_VERSION_INT  AV_VERSION_INT(LIBAVCODEC_VERSION_MAJOR, \
                                                LIBAVCODEC_VERSION_MINOR, \
@@ -60,9 +60,6 @@
 #ifndef FF_API_AVCODEC_RESAMPLE
 #define FF_API_AVCODEC_RESAMPLE  FF_API_AUDIO_CONVERT
 #endif
-#ifndef FF_API_GETCHROMA
-#define FF_API_GETCHROMA         (LIBAVCODEC_VERSION_MAJOR < 58)
-#endif
 #ifndef FF_API_MISSING_SAMPLE
 #define FF_API_MISSING_SAMPLE    (LIBAVCODEC_VERSION_MAJOR < 58)
 #endif
@@ -157,6 +154,9 @@
 #ifndef FF_API_VAAPI_CONTEXT
 #define FF_API_VAAPI_CONTEXT     (LIBAVCODEC_VERSION_MAJOR < 58)
 #endif
+#ifndef FF_API_MERGE_SD
+#define FF_API_MERGE_SD          (LIBAVCODEC_VERSION_MAJOR < 58)
+#endif
 #ifndef FF_API_AVCTX_TIMEBASE
 #define FF_API_AVCTX_TIMEBASE    (LIBAVCODEC_VERSION_MAJOR < 59)
 #endif
@@ -226,5 +226,18 @@
 #ifndef FF_API_NVENC_OLD_NAME
 #define FF_API_NVENC_OLD_NAME    (LIBAVCODEC_VERSION_MAJOR < 59)
 #endif
+#ifndef FF_API_STRUCT_VAAPI_CONTEXT
+#define FF_API_STRUCT_VAAPI_CONTEXT (LIBAVCODEC_VERSION_MAJOR < 59)
+#endif
+#ifndef FF_API_MERGE_SD_API
+#define FF_API_MERGE_SD_API      (LIBAVCODEC_VERSION_MAJOR < 59)
+#endif
+#ifndef FF_API_TAG_STRING
+#define FF_API_TAG_STRING        (LIBAVCODEC_VERSION_MAJOR < 59)
+#endif
+#ifndef FF_API_GETCHROMA
+#define FF_API_GETCHROMA         (LIBAVCODEC_VERSION_MAJOR < 59)
+#endif
+
 
 #endif /* AVCODEC_VERSION_H */
diff --git a/media/ffvpx/libavcodec/videodsp.c b/media/ffvpx/libavcodec/videodsp.c
index ba618a7bb..ce9e9eb14 100644
--- a/media/ffvpx/libavcodec/videodsp.c
+++ b/media/ffvpx/libavcodec/videodsp.c
@@ -52,4 +52,6 @@ av_cold void ff_videodsp_init(VideoDSPContext *ctx, int bpc)
         ff_videodsp_init_ppc(ctx, bpc);
     if (ARCH_X86)
         ff_videodsp_init_x86(ctx, bpc);
+    if (ARCH_MIPS)
+        ff_videodsp_init_mips(ctx, bpc);
 }
diff --git a/media/ffvpx/libavcodec/videodsp.h b/media/ffvpx/libavcodec/videodsp.h
index fc01a31dc..c0545f22b 100644
--- a/media/ffvpx/libavcodec/videodsp.h
+++ b/media/ffvpx/libavcodec/videodsp.h
@@ -83,5 +83,6 @@ void ff_videodsp_init_aarch64(VideoDSPContext *ctx, int bpc);
 void ff_videodsp_init_arm(VideoDSPContext *ctx, int bpc);
 void ff_videodsp_init_ppc(VideoDSPContext *ctx, int bpc);
 void ff_videodsp_init_x86(VideoDSPContext *ctx, int bpc);
+void ff_videodsp_init_mips(VideoDSPContext *ctx, int bpc);
 
 #endif /* AVCODEC_VIDEODSP_H */
diff --git a/media/ffvpx/libavcodec/vlc.h b/media/ffvpx/libavcodec/vlc.h
index 9e38f8c6b..42ccddf3f 100644
--- a/media/ffvpx/libavcodec/vlc.h
+++ b/media/ffvpx/libavcodec/vlc.h
@@ -54,12 +54,28 @@ void ff_free_vlc(VLC *vlc);
 #define INIT_VLC_LE             2
 #define INIT_VLC_USE_NEW_STATIC 4
 
-#define INIT_VLC_STATIC(vlc, bits, a, b, c, d, e, f, g, static_size)       \
+#define INIT_VLC_SPARSE_STATIC(vlc, bits, a, b, c, d, e, f, g, h, i, j, static_size) \
+    do {                                                                   \
+        static VLC_TYPE table[static_size][2];                             \
+        (vlc)->table           = table;                                    \
+        (vlc)->table_allocated = static_size;                              \
+        ff_init_vlc_sparse(vlc, bits, a, b, c, d, e, f, g, h, i, j,        \
+            INIT_VLC_USE_NEW_STATIC);                                      \
+    } while (0)
+
+#define INIT_LE_VLC_SPARSE_STATIC(vlc, bits, a, b, c, d, e, f, g, h, i, j, static_size) \
     do {                                                                   \
         static VLC_TYPE table[static_size][2];                             \
         (vlc)->table           = table;                                    \
         (vlc)->table_allocated = static_size;                              \
-        init_vlc(vlc, bits, a, b, c, d, e, f, g, INIT_VLC_USE_NEW_STATIC); \
+        ff_init_vlc_sparse(vlc, bits, a, b, c, d, e, f, g, h, i, j,        \
+            INIT_VLC_USE_NEW_STATIC | INIT_VLC_LE);                        \
     } while (0)
 
+#define INIT_VLC_STATIC(vlc, bits, a, b, c, d, e, f, g, static_size)       \
+    INIT_VLC_SPARSE_STATIC(vlc, bits, a, b, c, d, e, f, g, NULL, 0, 0, static_size)
+
+#define INIT_LE_VLC_STATIC(vlc, bits, a, b, c, d, e, f, g, static_size) \
+    INIT_LE_VLC_SPARSE_STATIC(vlc, bits, a, b, c, d, e, f, g, NULL, 0, 0, static_size)
+
 #endif /* AVCODEC_VLC_H */
diff --git a/media/ffvpx/libavcodec/vorbis_parser.h b/media/ffvpx/libavcodec/vorbis_parser.h
index 92050277e..789932ac4 100644
--- a/media/ffvpx/libavcodec/vorbis_parser.h
+++ b/media/ffvpx/libavcodec/vorbis_parser.h
@@ -32,9 +32,6 @@ typedef struct AVVorbisParseContext AVVorbisParseContext;
 
 /**
  * Allocate and initialize the Vorbis parser using headers in the extradata.
- *
- * @param avctx codec context
- * @param s     Vorbis parser context
  */
 AVVorbisParseContext *av_vorbis_parse_init(const uint8_t *extradata,
                                            int extradata_size);
diff --git a/media/ffvpx/libavcodec/vp3dsp.h b/media/ffvpx/libavcodec/vp3dsp.h
index b95adae79..2fdad162c 100644
--- a/media/ffvpx/libavcodec/vp3dsp.h
+++ b/media/ffvpx/libavcodec/vp3dsp.h
@@ -38,11 +38,11 @@ typedef struct VP3DSPContext {
                                  const uint8_t *b,
                                  ptrdiff_t stride, int h);
 
-    void (*idct_put)(uint8_t *dest, int line_size, int16_t *block);
-    void (*idct_add)(uint8_t *dest, int line_size, int16_t *block);
-    void (*idct_dc_add)(uint8_t *dest, int line_size, int16_t *block);
-    void (*v_loop_filter)(uint8_t *src, int stride, int *bounding_values);
-    void (*h_loop_filter)(uint8_t *src, int stride, int *bounding_values);
+    void (*idct_put)(uint8_t *dest, ptrdiff_t stride, int16_t *block);
+    void (*idct_add)(uint8_t *dest, ptrdiff_t stride, int16_t *block);
+    void (*idct_dc_add)(uint8_t *dest, ptrdiff_t stride, int16_t *block);
+    void (*v_loop_filter)(uint8_t *src, ptrdiff_t stride, int *bounding_values);
+    void (*h_loop_filter)(uint8_t *src, ptrdiff_t stride, int *bounding_values);
 } VP3DSPContext;
 
 void ff_vp3dsp_init(VP3DSPContext *c, int flags);
diff --git a/media/ffvpx/libavcodec/vp56.h b/media/ffvpx/libavcodec/vp56.h
index 56c30919b..b8dda9e73 100644
--- a/media/ffvpx/libavcodec/vp56.h
+++ b/media/ffvpx/libavcodec/vp56.h
@@ -26,6 +26,7 @@
 #ifndef AVCODEC_VP56_H
 #define AVCODEC_VP56_H
 
+#include "avcodec.h"
 #include "get_bits.h"
 #include "hpeldsp.h"
 #include "bytestream.h"
@@ -72,9 +73,9 @@ typedef struct VP56mv {
 typedef void (*VP56ParseVectorAdjustment)(VP56Context *s,
                                           VP56mv *vect);
 typedef void (*VP56Filter)(VP56Context *s, uint8_t *dst, uint8_t *src,
-                           int offset1, int offset2, int stride,
+                           int offset1, int offset2, ptrdiff_t stride,
                            VP56mv mv, int mask, int select, int luma);
-typedef void (*VP56ParseCoeff)(VP56Context *s);
+typedef int  (*VP56ParseCoeff)(VP56Context *s);
 typedef void (*VP56DefaultModelsInit)(VP56Context *s);
 typedef void (*VP56ParseVectorModels)(VP56Context *s);
 typedef int  (*VP56ParseCoeffModels)(VP56Context *s);
@@ -179,7 +180,7 @@ struct vp56_context {
     int flip;  /* are we flipping ? */
     int frbi;  /* first row block index in MB */
     int srbi;  /* second row block index in MB */
-    int stride[4];  /* stride for each plan */
+    ptrdiff_t stride[4];  /* stride for each plan */
 
     const uint8_t *vp56_coord_div;
     VP56ParseVectorAdjustment parse_vector_adjustment;
@@ -203,6 +204,9 @@ struct vp56_context {
     VLC runv_vlc[2];
     VLC ract_vlc[2][3][6];
     unsigned int nb_null[2][2];       /* number of consecutive NULL DC/AC */
+
+    int have_undamaged_frame;
+    int discard_frame;
 };
 
 
@@ -221,7 +225,7 @@ int ff_vp56_decode_frame(AVCodecContext *avctx, void *data, int *got_frame,
  */
 
 extern const uint8_t ff_vp56_norm_shift[256];
-void ff_vp56_init_range_decoder(VP56RangeCoder *c, const uint8_t *buf, int buf_size);
+int ff_vp56_init_range_decoder(VP56RangeCoder *c, const uint8_t *buf, int buf_size);
 
 static av_always_inline unsigned int vp56_rac_renorm(VP56RangeCoder *c)
 {
diff --git a/media/ffvpx/libavcodec/vp56dsp.h b/media/ffvpx/libavcodec/vp56dsp.h
index 7807baa4b..e35e232ea 100644
--- a/media/ffvpx/libavcodec/vp56dsp.h
+++ b/media/ffvpx/libavcodec/vp56dsp.h
@@ -21,22 +21,24 @@
 #ifndef AVCODEC_VP56DSP_H
 #define AVCODEC_VP56DSP_H
 
+#include <stddef.h>
 #include <stdint.h>
-#include "avcodec.h"
 
 typedef struct VP56DSPContext {
-    void (*edge_filter_hor)(uint8_t *yuv, int stride, int t);
-    void (*edge_filter_ver)(uint8_t *yuv, int stride, int t);
+    void (*edge_filter_hor)(uint8_t *yuv, ptrdiff_t stride, int t);
+    void (*edge_filter_ver)(uint8_t *yuv, ptrdiff_t stride, int t);
 
-    void (*vp6_filter_diag4)(uint8_t *dst, uint8_t *src, int stride,
+    void (*vp6_filter_diag4)(uint8_t *dst, uint8_t *src, ptrdiff_t stride,
                              const int16_t *h_weights,const int16_t *v_weights);
 } VP56DSPContext;
 
-void ff_vp6_filter_diag4_c(uint8_t *dst, uint8_t *src, int stride,
+void ff_vp6_filter_diag4_c(uint8_t *dst, uint8_t *src, ptrdiff_t stride,
                            const int16_t *h_weights, const int16_t *v_weights);
 
-void ff_vp56dsp_init(VP56DSPContext *s, enum AVCodecID codec);
-void ff_vp6dsp_init_arm(VP56DSPContext *s, enum AVCodecID codec);
-void ff_vp6dsp_init_x86(VP56DSPContext* c, enum AVCodecID codec);
+void ff_vp5dsp_init(VP56DSPContext *s);
+void ff_vp6dsp_init(VP56DSPContext *s);
+
+void ff_vp6dsp_init_arm(VP56DSPContext *s);
+void ff_vp6dsp_init_x86(VP56DSPContext *s);
 
 #endif /* AVCODEC_VP56DSP_H */
diff --git a/media/ffvpx/libavcodec/vp56rac.c b/media/ffvpx/libavcodec/vp56rac.c
index 6061b7ee7..e70302bf8 100644
--- a/media/ffvpx/libavcodec/vp56rac.c
+++ b/media/ffvpx/libavcodec/vp56rac.c
@@ -37,11 +37,14 @@ const uint8_t ff_vp56_norm_shift[256]= {
  0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
 };
 
-void ff_vp56_init_range_decoder(VP56RangeCoder *c, const uint8_t *buf, int buf_size)
+int ff_vp56_init_range_decoder(VP56RangeCoder *c, const uint8_t *buf, int buf_size)
 {
     c->high = 255;
     c->bits = -16;
     c->buffer = buf;
     c->end = buf + buf_size;
+    if (buf_size < 1)
+        return AVERROR_INVALIDDATA;
     c->code_word = bytestream_get_be24(&c->buffer);
+    return 0;
 }
diff --git a/media/ffvpx/libavcodec/vp8.c b/media/ffvpx/libavcodec/vp8.c
index c1c3eb707..7841a9d96 100644
--- a/media/ffvpx/libavcodec/vp8.c
+++ b/media/ffvpx/libavcodec/vp8.c
@@ -261,6 +261,7 @@ static int setup_partitions(VP8Context *s, const uint8_t *buf, int buf_size)
 {
     const uint8_t *sizes = buf;
     int i;
+    int ret;
 
     s->num_coeff_partitions = 1 << vp8_rac_get_uint(&s->c, 2);
 
@@ -274,13 +275,13 @@ static int setup_partitions(VP8Context *s, const uint8_t *buf, int buf_size)
         if (buf_size - size < 0)
             return -1;
 
-        ff_vp56_init_range_decoder(&s->coeff_partition[i], buf, size);
+        ret = ff_vp56_init_range_decoder(&s->coeff_partition[i], buf, size);
+        if (ret < 0)
+            return ret;
         buf      += size;
         buf_size -= size;
     }
-    ff_vp56_init_range_decoder(&s->coeff_partition[i], buf, buf_size);
-
-    return 0;
+    return ff_vp56_init_range_decoder(&s->coeff_partition[i], buf, buf_size);
 }
 
 static void vp7_get_quants(VP8Context *s)
@@ -434,8 +435,8 @@ static void copy_chroma(AVFrame *dst, AVFrame *src, int width, int height)
     }
 }
 
-static void fade(uint8_t *dst, int dst_linesize,
-                 const uint8_t *src, int src_linesize,
+static void fade(uint8_t *dst, ptrdiff_t dst_linesize,
+                 const uint8_t *src, ptrdiff_t src_linesize,
                  int width, int height,
                  int alpha, int beta)
 {
@@ -518,7 +519,9 @@ static int vp7_decode_frame_header(VP8Context *s, const uint8_t *buf, int buf_si
 
     memcpy(s->put_pixels_tab, s->vp8dsp.put_vp8_epel_pixels_tab, sizeof(s->put_pixels_tab));
 
-    ff_vp56_init_range_decoder(c, buf, part1_size);
+    ret = ff_vp56_init_range_decoder(c, buf, part1_size);
+    if (ret < 0)
+        return ret;
     buf      += part1_size;
     buf_size -= part1_size;
 
@@ -570,7 +573,9 @@ static int vp7_decode_frame_header(VP8Context *s, const uint8_t *buf, int buf_si
     s->lf_delta.enabled        = 0;
 
     s->num_coeff_partitions = 1;
-    ff_vp56_init_range_decoder(&s->coeff_partition[0], buf, buf_size);
+    ret = ff_vp56_init_range_decoder(&s->coeff_partition[0], buf, buf_size);
+    if (ret < 0)
+        return ret;
 
     if (!s->macroblocks_base || /* first frame */
         width != s->avctx->width || height != s->avctx->height ||
@@ -699,7 +704,9 @@ static int vp8_decode_frame_header(VP8Context *s, const uint8_t *buf, int buf_si
         memset(&s->lf_delta, 0, sizeof(s->lf_delta));
     }
 
-    ff_vp56_init_range_decoder(c, buf, header_size);
+    ret = ff_vp56_init_range_decoder(c, buf, header_size);
+    if (ret < 0)
+        return ret;
     buf      += header_size;
     buf_size -= header_size;
 
@@ -765,7 +772,7 @@ static int vp8_decode_frame_header(VP8Context *s, const uint8_t *buf, int buf_si
 }
 
 static av_always_inline
-void clamp_mv(VP8Context *s, VP56mv *dst, const VP56mv *src)
+void clamp_mv(VP8mvbounds *s, VP56mv *dst, const VP56mv *src)
 {
     dst->x = av_clip(src->x, av_clip(s->mv_min.x, INT16_MIN, INT16_MAX),
                              av_clip(s->mv_max.x, INT16_MIN, INT16_MAX));
@@ -1024,7 +1031,7 @@ void vp7_decode_mvs(VP8Context *s, VP8Macroblock *mb,
 }
 
 static av_always_inline
-void vp8_decode_mvs(VP8Context *s, VP8Macroblock *mb,
+void vp8_decode_mvs(VP8Context *s, VP8mvbounds *mv_bounds, VP8Macroblock *mb,
                     int mb_x, int mb_y, int layout)
 {
     VP8Macroblock *mb_edge[3] = { 0      /* top */,
@@ -1095,7 +1102,7 @@ void vp8_decode_mvs(VP8Context *s, VP8Macroblock *mb,
         if (vp56_rac_get_prob_branchy(c, vp8_mode_contexts[cnt[CNT_NEAREST]][1])) {
             if (vp56_rac_get_prob_branchy(c, vp8_mode_contexts[cnt[CNT_NEAR]][2])) {
                 /* Choose the best mv out of 0,0 and the nearest mv */
-                clamp_mv(s, &mb->mv, &near_mv[CNT_ZERO + (cnt[CNT_NEAREST] >= cnt[CNT_ZERO])]);
+                clamp_mv(mv_bounds, &mb->mv, &near_mv[CNT_ZERO + (cnt[CNT_NEAREST] >= cnt[CNT_ZERO])]);
                 cnt[CNT_SPLITMV] = ((mb_edge[VP8_EDGE_LEFT]->mode    == VP8_MVMODE_SPLIT) +
                                     (mb_edge[VP8_EDGE_TOP]->mode     == VP8_MVMODE_SPLIT)) * 2 +
                                     (mb_edge[VP8_EDGE_TOPLEFT]->mode == VP8_MVMODE_SPLIT);
@@ -1109,11 +1116,11 @@ void vp8_decode_mvs(VP8Context *s, VP8Macroblock *mb,
                     mb->bmv[0] = mb->mv;
                 }
             } else {
-                clamp_mv(s, &mb->mv, &near_mv[CNT_NEAR]);
+                clamp_mv(mv_bounds, &mb->mv, &near_mv[CNT_NEAR]);
                 mb->bmv[0] = mb->mv;
             }
         } else {
-            clamp_mv(s, &mb->mv, &near_mv[CNT_NEAREST]);
+            clamp_mv(mv_bounds, &mb->mv, &near_mv[CNT_NEAREST]);
             mb->bmv[0] = mb->mv;
         }
     } else {
@@ -1159,14 +1166,15 @@ void decode_intra4x4_modes(VP8Context *s, VP56RangeCoder *c, VP8Macroblock *mb,
 }
 
 static av_always_inline
-void decode_mb_mode(VP8Context *s, VP8Macroblock *mb, int mb_x, int mb_y,
+void decode_mb_mode(VP8Context *s, VP8mvbounds *mv_bounds,
+                    VP8Macroblock *mb, int mb_x, int mb_y,
                     uint8_t *segment, uint8_t *ref, int layout, int is_vp7)
 {
     VP56RangeCoder *c = &s->c;
-    static const char *vp7_feature_name[] = { "q-index",
-                                              "lf-delta",
-                                              "partial-golden-update",
-                                              "blit-pitch" };
+    static const char * const vp7_feature_name[] = { "q-index",
+                                                     "lf-delta",
+                                                     "partial-golden-update",
+                                                     "blit-pitch" };
     if (is_vp7) {
         int i;
         *segment = 0;
@@ -1223,7 +1231,7 @@ void decode_mb_mode(VP8Context *s, VP8Macroblock *mb, int mb_x, int mb_y,
         if (is_vp7)
             vp7_decode_mvs(s, mb, mb_x, mb_y, layout);
         else
-            vp8_decode_mvs(s, mb, mb_x, mb_y, layout);
+            vp8_decode_mvs(s, mv_bounds, mb, mb_x, mb_y, layout);
     } else {
         // intra MB, 16.1
         mb->mode = vp8_rac_get_tree(c, vp8_pred16x16_tree_inter, s->prob->pred16x16);
@@ -1461,7 +1469,7 @@ void decode_mb_coeffs(VP8Context *s, VP8ThreadData *td, VP56RangeCoder *c,
 static av_always_inline
 void backup_mb_border(uint8_t *top_border, uint8_t *src_y,
                       uint8_t *src_cb, uint8_t *src_cr,
-                      int linesize, int uvlinesize, int simple)
+                      ptrdiff_t linesize, ptrdiff_t uvlinesize, int simple)
 {
     AV_COPY128(top_border, src_y + 15 * linesize);
     if (!simple) {
@@ -1472,7 +1480,7 @@ void backup_mb_border(uint8_t *top_border, uint8_t *src_y,
 
 static av_always_inline
 void xchg_mb_border(uint8_t *top_border, uint8_t *src_y, uint8_t *src_cb,
-                    uint8_t *src_cr, int linesize, int uvlinesize, int mb_x,
+                    uint8_t *src_cr, ptrdiff_t linesize, ptrdiff_t uvlinesize, int mb_x,
                     int mb_y, int mb_width, int simple, int xchg)
 {
     uint8_t *top_border_m1 = top_border - 32;     // for TL prediction
@@ -1625,7 +1633,8 @@ void intra_predict(VP8Context *s, VP8ThreadData *td, uint8_t *dst[3],
         for (y = 0; y < 4; y++) {
             uint8_t *topright = ptr + 4 - s->linesize;
             for (x = 0; x < 4; x++) {
-                int copy = 0, linesize = s->linesize;
+                int copy = 0;
+                ptrdiff_t linesize = s->linesize;
                 uint8_t *dst = ptr + 4 * x;
                 LOCAL_ALIGNED(4, uint8_t, copy_dst, [5 * 8]);
 
@@ -1731,7 +1740,7 @@ void vp8_mc_luma(VP8Context *s, VP8ThreadData *td, uint8_t *dst,
     uint8_t *src = ref->f->data[0];
 
     if (AV_RN32A(mv)) {
-        int src_linesize = linesize;
+        ptrdiff_t src_linesize = linesize;
 
         int mx = (mv->x * 2) & 7, mx_idx = subpel_idx[0][mx];
         int my = (mv->y * 2) & 7, my_idx = subpel_idx[0][my];
@@ -2077,8 +2086,8 @@ void filter_mb(VP8Context *s, uint8_t *dst[3], VP8FilterStrength *f,
     int filter_level = f->filter_level;
     int inner_limit = f->inner_limit;
     int inner_filter = f->inner_filter;
-    int linesize = s->linesize;
-    int uvlinesize = s->uvlinesize;
+    ptrdiff_t linesize   = s->linesize;
+    ptrdiff_t uvlinesize = s->uvlinesize;
     static const uint8_t hev_thresh_lut[2][64] = {
         { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1,
           2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
@@ -2164,7 +2173,7 @@ void filter_mb_simple(VP8Context *s, uint8_t *dst, VP8FilterStrength *f,
     int filter_level = f->filter_level;
     int inner_limit  = f->inner_limit;
     int inner_filter = f->inner_filter;
-    int linesize     = s->linesize;
+    ptrdiff_t linesize = s->linesize;
 
     if (!filter_level)
         return;
@@ -2197,8 +2206,8 @@ void vp78_decode_mv_mb_modes(AVCodecContext *avctx, VP8Frame *curframe,
     VP8Context *s = avctx->priv_data;
     int mb_x, mb_y;
 
-    s->mv_min.y = -MARGIN;
-    s->mv_max.y = ((s->mb_height - 1) << 6) + MARGIN;
+    s->mv_bounds.mv_min.y = -MARGIN;
+    s->mv_bounds.mv_max.y = ((s->mb_height - 1) << 6) + MARGIN;
     for (mb_y = 0; mb_y < s->mb_height; mb_y++) {
         VP8Macroblock *mb = s->macroblocks_base +
                             ((s->mb_width + 1) * (mb_y + 1) + 1);
@@ -2206,20 +2215,20 @@ void vp78_decode_mv_mb_modes(AVCodecContext *avctx, VP8Frame *curframe,
 
         AV_WN32A(s->intra4x4_pred_mode_left, DC_PRED * 0x01010101);
 
-        s->mv_min.x = -MARGIN;
-        s->mv_max.x = ((s->mb_width - 1) << 6) + MARGIN;
+        s->mv_bounds.mv_min.x = -MARGIN;
+        s->mv_bounds.mv_max.x = ((s->mb_width - 1) << 6) + MARGIN;
         for (mb_x = 0; mb_x < s->mb_width; mb_x++, mb_xy++, mb++) {
             if (mb_y == 0)
                 AV_WN32A((mb - s->mb_width - 1)->intra4x4_pred_mode_top,
                          DC_PRED * 0x01010101);
-            decode_mb_mode(s, mb, mb_x, mb_y, curframe->seg_map->data + mb_xy,
+            decode_mb_mode(s, &s->mv_bounds, mb, mb_x, mb_y, curframe->seg_map->data + mb_xy,
                            prev_frame && prev_frame->seg_map ?
                            prev_frame->seg_map->data + mb_xy : NULL, 1, is_vp7);
-            s->mv_min.x -= 64;
-            s->mv_max.x -= 64;
+            s->mv_bounds.mv_min.x -= 64;
+            s->mv_bounds.mv_max.x -= 64;
         }
-        s->mv_min.y -= 64;
-        s->mv_max.y -= 64;
+        s->mv_bounds.mv_min.y -= 64;
+        s->mv_bounds.mv_max.y -= 64;
     }
 }
 
@@ -2239,15 +2248,15 @@ static void vp8_decode_mv_mb_modes(AVCodecContext *avctx, VP8Frame *cur_frame,
 #define check_thread_pos(td, otd, mb_x_check, mb_y_check)                     \
     do {                                                                      \
         int tmp = (mb_y_check << 16) | (mb_x_check & 0xFFFF);                 \
-        if (otd->thread_mb_pos < tmp) {                                       \
+        if (atomic_load(&otd->thread_mb_pos) < tmp) {                         \
             pthread_mutex_lock(&otd->lock);                                   \
-            td->wait_mb_pos = tmp;                                            \
+            atomic_store(&td->wait_mb_pos, tmp);                              \
             do {                                                              \
-                if (otd->thread_mb_pos >= tmp)                                \
+                if (atomic_load(&otd->thread_mb_pos) >= tmp)                  \
                     break;                                                    \
                 pthread_cond_wait(&otd->cond, &otd->lock);                    \
             } while (1);                                                      \
-            td->wait_mb_pos = INT_MAX;                                        \
+            atomic_store(&td->wait_mb_pos, INT_MAX);                          \
             pthread_mutex_unlock(&otd->lock);                                 \
         }                                                                     \
     } while (0)
@@ -2258,12 +2267,10 @@ static void vp8_decode_mv_mb_modes(AVCodecContext *avctx, VP8Frame *cur_frame,
         int sliced_threading = (avctx->active_thread_type == FF_THREAD_SLICE) && \
                                (num_jobs > 1);                                \
         int is_null          = !next_td || !prev_td;                          \
-        int pos_check        = (is_null) ? 1                                  \
-                                         : (next_td != td &&                  \
-                                            pos >= next_td->wait_mb_pos) ||   \
-                                           (prev_td != td &&                  \
-                                            pos >= prev_td->wait_mb_pos);     \
-        td->thread_mb_pos = pos;                                              \
+        int pos_check        = (is_null) ? 1 :                                \
+            (next_td != td && pos >= atomic_load(&next_td->wait_mb_pos)) ||   \
+            (prev_td != td && pos >= atomic_load(&prev_td->wait_mb_pos));     \
+        atomic_store(&td->thread_mb_pos, pos);                                \
         if (sliced_threading && pos_check) {                                  \
             pthread_mutex_lock(&td->lock);                                    \
             pthread_cond_broadcast(&td->cond);                                \
@@ -2275,12 +2282,12 @@ static void vp8_decode_mv_mb_modes(AVCodecContext *avctx, VP8Frame *cur_frame,
 #define update_pos(td, mb_y, mb_x) while(0)
 #endif
 
-static av_always_inline void decode_mb_row_no_filter(AVCodecContext *avctx, void *tdata,
+static av_always_inline int decode_mb_row_no_filter(AVCodecContext *avctx, void *tdata,
                                         int jobnr, int threadnr, int is_vp7)
 {
     VP8Context *s = avctx->priv_data;
     VP8ThreadData *prev_td, *next_td, *td = &s->thread_data[threadnr];
-    int mb_y = td->thread_mb_pos >> 16;
+    int mb_y = atomic_load(&td->thread_mb_pos) >> 16;
     int mb_x, mb_xy = mb_y * s->mb_width;
     int num_jobs = s->num_jobs;
     VP8Frame *curframe = s->curframe, *prev_frame = s->prev_frame;
@@ -2291,6 +2298,10 @@ static av_always_inline void decode_mb_row_no_filter(AVCodecContext *avctx, void
         curframe->tf.f->data[1] +  8 * mb_y * s->uvlinesize,
         curframe->tf.f->data[2] +  8 * mb_y * s->uvlinesize
     };
+
+    if (c->end <= c->buffer && c->bits >= 0)
+         return AVERROR_INVALIDDATA;
+
     if (mb_y == 0)
         prev_td = td;
     else
@@ -2315,10 +2326,12 @@ static av_always_inline void decode_mb_row_no_filter(AVCodecContext *avctx, void
     if (!is_vp7 || mb_y == 0)
         memset(td->left_nnz, 0, sizeof(td->left_nnz));
 
-    s->mv_min.x = -MARGIN;
-    s->mv_max.x = ((s->mb_width - 1) << 6) + MARGIN;
+    td->mv_bounds.mv_min.x = -MARGIN;
+    td->mv_bounds.mv_max.x = ((s->mb_width - 1) << 6) + MARGIN;
 
     for (mb_x = 0; mb_x < s->mb_width; mb_x++, mb_xy++, mb++) {
+        if (c->end <= c->buffer && c->bits >= 0)
+            return AVERROR_INVALIDDATA;
         // Wait for previous thread to read mb_x+2, and reach mb_y-1.
         if (prev_td != td) {
             if (threadnr != 0) {
@@ -2338,7 +2351,7 @@ static av_always_inline void decode_mb_row_no_filter(AVCodecContext *avctx, void
                          dst[2] - dst[1], 2);
 
         if (!s->mb_layout)
-            decode_mb_mode(s, mb, mb_x, mb_y, curframe->seg_map->data + mb_xy,
+            decode_mb_mode(s, &td->mv_bounds, mb, mb_x, mb_y, curframe->seg_map->data + mb_xy,
                            prev_frame && prev_frame->seg_map ?
                            prev_frame->seg_map->data + mb_xy : NULL, 0, is_vp7);
 
@@ -2385,8 +2398,8 @@ static av_always_inline void decode_mb_row_no_filter(AVCodecContext *avctx, void
         dst[0]      += 16;
         dst[1]      += 8;
         dst[2]      += 8;
-        s->mv_min.x -= 64;
-        s->mv_max.x -= 64;
+        td->mv_bounds.mv_min.x -= 64;
+        td->mv_bounds.mv_max.x -= 64;
 
         if (mb_x == s->mb_width + 1) {
             update_pos(td, mb_y, s->mb_width + 3);
@@ -2394,18 +2407,19 @@ static av_always_inline void decode_mb_row_no_filter(AVCodecContext *avctx, void
             update_pos(td, mb_y, mb_x);
         }
     }
+    return 0;
 }
 
-static void vp7_decode_mb_row_no_filter(AVCodecContext *avctx, void *tdata,
+static int vp7_decode_mb_row_no_filter(AVCodecContext *avctx, void *tdata,
                                         int jobnr, int threadnr)
 {
-    decode_mb_row_no_filter(avctx, tdata, jobnr, threadnr, 1);
+    return decode_mb_row_no_filter(avctx, tdata, jobnr, threadnr, 1);
 }
 
-static void vp8_decode_mb_row_no_filter(AVCodecContext *avctx, void *tdata,
+static int vp8_decode_mb_row_no_filter(AVCodecContext *avctx, void *tdata,
                                         int jobnr, int threadnr)
 {
-    decode_mb_row_no_filter(avctx, tdata, jobnr, threadnr, 0);
+    return decode_mb_row_no_filter(avctx, tdata, jobnr, threadnr, 0);
 }
 
 static av_always_inline void filter_mb_row(AVCodecContext *avctx, void *tdata,
@@ -2413,7 +2427,7 @@ static av_always_inline void filter_mb_row(AVCodecContext *avctx, void *tdata,
 {
     VP8Context *s = avctx->priv_data;
     VP8ThreadData *td = &s->thread_data[threadnr];
-    int mb_x, mb_y = td->thread_mb_pos >> 16, num_jobs = s->num_jobs;
+    int mb_x, mb_y = atomic_load(&td->thread_mb_pos) >> 16, num_jobs = s->num_jobs;
     AVFrame *curframe = s->curframe->tf.f;
     VP8Macroblock *mb;
     VP8ThreadData *prev_td, *next_td;
@@ -2488,19 +2502,24 @@ int vp78_decode_mb_row_sliced(AVCodecContext *avctx, void *tdata, int jobnr,
     VP8ThreadData *next_td = NULL, *prev_td = NULL;
     VP8Frame *curframe = s->curframe;
     int mb_y, num_jobs = s->num_jobs;
+    int ret;
 
     td->thread_nr = threadnr;
+    td->mv_bounds.mv_min.y   = -MARGIN - 64 * threadnr;
+    td->mv_bounds.mv_max.y   = ((s->mb_height - 1) << 6) + MARGIN - 64 * threadnr;
     for (mb_y = jobnr; mb_y < s->mb_height; mb_y += num_jobs) {
-        if (mb_y >= s->mb_height)
-            break;
-        td->thread_mb_pos = mb_y << 16;
-        s->decode_mb_row_no_filter(avctx, tdata, jobnr, threadnr);
+        atomic_store(&td->thread_mb_pos, mb_y << 16);
+        ret = s->decode_mb_row_no_filter(avctx, tdata, jobnr, threadnr);
+        if (ret < 0) {
+            update_pos(td, s->mb_height, INT_MAX & 0xFFFF);
+            return ret;
+        }
         if (s->deblock_filter)
             s->filter_mb_row(avctx, tdata, jobnr, threadnr);
         update_pos(td, mb_y, INT_MAX & 0xFFFF);
 
-        s->mv_min.y -= 64;
-        s->mv_max.y -= 64;
+        td->mv_bounds.mv_min.y -= 64 * num_jobs;
+        td->mv_bounds.mv_max.y -= 64 * num_jobs;
 
         if (avctx->active_thread_type == FF_THREAD_FRAME)
             ff_thread_report_progress(&curframe->tf, mb_y, 0);
@@ -2531,6 +2550,8 @@ int vp78_decode_frame(AVCodecContext *avctx, void *data, int *got_frame,
     enum AVDiscard skip_thresh;
     VP8Frame *av_uninit(curframe), *prev_frame;
 
+    av_assert0(avctx->pix_fmt == AV_PIX_FMT_YUVA420P || avctx->pix_fmt == AV_PIX_FMT_YUV420P);
+
     if (is_vp7)
         ret = vp7_decode_frame_header(s, avpkt->data, avpkt->size);
     else
@@ -2646,11 +2667,12 @@ int vp78_decode_frame(AVCodecContext *avctx, void *data, int *got_frame,
     s->num_jobs   = num_jobs;
     s->curframe   = curframe;
     s->prev_frame = prev_frame;
-    s->mv_min.y   = -MARGIN;
-    s->mv_max.y   = ((s->mb_height - 1) << 6) + MARGIN;
+    s->mv_bounds.mv_min.y   = -MARGIN;
+    s->mv_bounds.mv_max.y   = ((s->mb_height - 1) << 6) + MARGIN;
     for (i = 0; i < MAX_THREADS; i++) {
-        s->thread_data[i].thread_mb_pos = 0;
-        s->thread_data[i].wait_mb_pos   = INT_MAX;
+        VP8ThreadData *td = &s->thread_data[i];
+        atomic_init(&td->thread_mb_pos, 0);
+        atomic_init(&td->wait_mb_pos, INT_MAX);
     }
     if (is_vp7)
         avctx->execute2(avctx, vp7_decode_mb_row_sliced, s->thread_data, NULL,
diff --git a/media/ffvpx/libavcodec/vp8.h b/media/ffvpx/libavcodec/vp8.h
index 374e1388e..8263997e3 100644
--- a/media/ffvpx/libavcodec/vp8.h
+++ b/media/ffvpx/libavcodec/vp8.h
@@ -26,6 +26,8 @@
 #ifndef AVCODEC_VP8_H
 #define AVCODEC_VP8_H
 
+#include <stdatomic.h>
+
 #include "libavutil/buffer.h"
 #include "libavutil/thread.h"
 
@@ -91,6 +93,16 @@ typedef struct VP8Macroblock {
     VP56mv bmv[16];
 } VP8Macroblock;
 
+typedef struct VP8intmv {
+    int x;
+    int y;
+} VP8intmv;
+
+typedef struct VP8mvbounds {
+    VP8intmv mv_min;
+    VP8intmv mv_max;
+} VP8mvbounds;
+
 typedef struct VP8ThreadData {
     DECLARE_ALIGNED(16, int16_t, block)[6][4][16];
     DECLARE_ALIGNED(16, int16_t, block_dc)[16];
@@ -114,12 +126,13 @@ typedef struct VP8ThreadData {
     pthread_mutex_t lock;
     pthread_cond_t cond;
 #endif
-    int thread_mb_pos; // (mb_y << 16) | (mb_x & 0xFFFF)
-    int wait_mb_pos; // What the current thread is waiting on.
+    atomic_int thread_mb_pos; // (mb_y << 16) | (mb_x & 0xFFFF)
+    atomic_int wait_mb_pos; // What the current thread is waiting on.
 
 #define EDGE_EMU_LINESIZE 32
     DECLARE_ALIGNED(16, uint8_t, edge_emu_buffer)[21 * EDGE_EMU_LINESIZE];
     VP8FilterStrength *filter_strength;
+    VP8mvbounds mv_bounds;
 } VP8ThreadData;
 
 typedef struct VP8Frame {
@@ -127,11 +140,6 @@ typedef struct VP8Frame {
     AVBufferRef *seg_map;
 } VP8Frame;
 
-typedef struct VP8intmv {
-    int x;
-    int y;
-} VP8intmv;
-
 #define MAX_THREADS 8
 typedef struct VP8Context {
     VP8ThreadData *thread_data;
@@ -143,15 +151,14 @@ typedef struct VP8Context {
 
     uint16_t mb_width;   /* number of horizontal MB */
     uint16_t mb_height;  /* number of vertical MB */
-    int linesize;
-    int uvlinesize;
+    ptrdiff_t linesize;
+    ptrdiff_t uvlinesize;
 
     uint8_t keyframe;
     uint8_t deblock_filter;
     uint8_t mbskip_enabled;
     uint8_t profile;
-    VP8intmv mv_min;
-    VP8intmv mv_max;
+    VP8mvbounds mv_bounds;
 
     int8_t sign_bias[4]; ///< one state [0, 1] per ref frame type
     int ref_count[3];
@@ -275,7 +282,7 @@ typedef struct VP8Context {
      */
     int mb_layout;
 
-    void (*decode_mb_row_no_filter)(AVCodecContext *avctx, void *tdata, int jobnr, int threadnr);
+    int (*decode_mb_row_no_filter)(AVCodecContext *avctx, void *tdata, int jobnr, int threadnr);
     void (*filter_mb_row)(AVCodecContext *avctx, void *tdata, int jobnr, int threadnr);
 
     int vp7;
diff --git a/media/ffvpx/libavcodec/vp8_parser.c b/media/ffvpx/libavcodec/vp8_parser.c
index afc7f991e..609f5077d 100644
--- a/media/ffvpx/libavcodec/vp8_parser.c
+++ b/media/ffvpx/libavcodec/vp8_parser.c
@@ -1,6 +1,4 @@
 /*
- * Copyright (C) 2008 Michael Niedermayer
- *
  * This file is part of FFmpeg.
  *
  * FFmpeg is free software; you can redistribute it and/or
@@ -18,15 +16,56 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
  */
 
-#include "parser.h"
+#include "libavutil/intreadwrite.h"
+
+#include "avcodec.h"
 
 static int parse(AVCodecParserContext *s,
                  AVCodecContext *avctx,
                  const uint8_t **poutbuf, int *poutbuf_size,
                  const uint8_t *buf, int buf_size)
 {
-    s->pict_type = (buf[0] & 0x01) ? AV_PICTURE_TYPE_P
-                                   : AV_PICTURE_TYPE_I;
+    unsigned int frame_type;
+    unsigned int profile;
+
+    if (buf_size < 3)
+        return buf_size;
+
+    frame_type = buf[0] & 1;
+    profile    = (buf[0] >> 1) & 7;
+    if (profile > 3) {
+        av_log(avctx, AV_LOG_ERROR, "Invalid profile %u.\n", profile);
+        return buf_size;
+    }
+
+    avctx->profile = profile;
+    s->key_frame   = frame_type == 0;
+    s->pict_type   = frame_type ? AV_PICTURE_TYPE_P : AV_PICTURE_TYPE_I;
+    s->format      = AV_PIX_FMT_YUV420P;
+    s->field_order = AV_FIELD_PROGRESSIVE;
+    s->picture_structure = AV_PICTURE_STRUCTURE_FRAME;
+
+    if (frame_type == 0) {
+        unsigned int sync_code;
+        unsigned int width, height;
+
+        if (buf_size < 10)
+            return buf_size;
+
+        sync_code = AV_RL24(buf + 3);
+        if (sync_code != 0x2a019d) {
+            av_log(avctx, AV_LOG_ERROR, "Invalid sync code %06x.\n", sync_code);
+            return buf_size;
+        }
+
+        width  = AV_RL16(buf + 6) & 0x3fff;
+        height = AV_RL16(buf + 8) & 0x3fff;
+
+        s->width        = width;
+        s->height       = height;
+        s->coded_width  = FFALIGN(width,  16);
+        s->coded_height = FFALIGN(height, 16);
+    }
 
     *poutbuf      = buf;
     *poutbuf_size = buf_size;
diff --git a/media/ffvpx/libavcodec/vp8dsp.c b/media/ffvpx/libavcodec/vp8dsp.c
index 07bea69c7..fed5c67a9 100644
--- a/media/ffvpx/libavcodec/vp8dsp.c
+++ b/media/ffvpx/libavcodec/vp8dsp.c
@@ -53,7 +53,8 @@ static void name ## _idct_dc_add4y_c(uint8_t *dst, int16_t block[4][16],      \
 #if CONFIG_VP7_DECODER
 static void vp7_luma_dc_wht_c(int16_t block[4][4][16], int16_t dc[16])
 {
-    int i, a1, b1, c1, d1;
+    int i;
+    unsigned a1, b1, c1, d1;
     int16_t tmp[16];
 
     for (i = 0; i < 4; i++) {
@@ -61,10 +62,10 @@ static void vp7_luma_dc_wht_c(int16_t block[4][4][16], int16_t dc[16])
         b1 = (dc[i * 4 + 0] - dc[i * 4 + 2]) * 23170;
         c1 = dc[i * 4 + 1] * 12540 - dc[i * 4 + 3] * 30274;
         d1 = dc[i * 4 + 1] * 30274 + dc[i * 4 + 3] * 12540;
-        tmp[i * 4 + 0] = (a1 + d1) >> 14;
-        tmp[i * 4 + 3] = (a1 - d1) >> 14;
-        tmp[i * 4 + 1] = (b1 + c1) >> 14;
-        tmp[i * 4 + 2] = (b1 - c1) >> 14;
+        tmp[i * 4 + 0] = (int)(a1 + d1) >> 14;
+        tmp[i * 4 + 3] = (int)(a1 - d1) >> 14;
+        tmp[i * 4 + 1] = (int)(b1 + c1) >> 14;
+        tmp[i * 4 + 2] = (int)(b1 - c1) >> 14;
     }
 
     for (i = 0; i < 4; i++) {
@@ -73,10 +74,10 @@ static void vp7_luma_dc_wht_c(int16_t block[4][4][16], int16_t dc[16])
         c1 = tmp[i + 4] * 12540 - tmp[i + 12] * 30274;
         d1 = tmp[i + 4] * 30274 + tmp[i + 12] * 12540;
         AV_ZERO64(dc + i * 4);
-        block[0][i][0] = (a1 + d1 + 0x20000) >> 18;
-        block[3][i][0] = (a1 - d1 + 0x20000) >> 18;
-        block[1][i][0] = (b1 + c1 + 0x20000) >> 18;
-        block[2][i][0] = (b1 - c1 + 0x20000) >> 18;
+        block[0][i][0] = (int)(a1 + d1 + 0x20000) >> 18;
+        block[3][i][0] = (int)(a1 - d1 + 0x20000) >> 18;
+        block[1][i][0] = (int)(b1 + c1 + 0x20000) >> 18;
+        block[2][i][0] = (int)(b1 - c1 + 0x20000) >> 18;
     }
 }
 
@@ -95,7 +96,8 @@ static void vp7_luma_dc_wht_dc_c(int16_t block[4][4][16], int16_t dc[16])
 
 static void vp7_idct_add_c(uint8_t *dst, int16_t block[16], ptrdiff_t stride)
 {
-    int i, a1, b1, c1, d1;
+    int i;
+    unsigned a1, b1, c1, d1;
     int16_t tmp[16];
 
     for (i = 0; i < 4; i++) {
@@ -104,10 +106,10 @@ static void vp7_idct_add_c(uint8_t *dst, int16_t block[16], ptrdiff_t stride)
         c1 = block[i * 4 + 1] * 12540 - block[i * 4 + 3] * 30274;
         d1 = block[i * 4 + 1] * 30274 + block[i * 4 + 3] * 12540;
         AV_ZERO64(block + i * 4);
-        tmp[i * 4 + 0] = (a1 + d1) >> 14;
-        tmp[i * 4 + 3] = (a1 - d1) >> 14;
-        tmp[i * 4 + 1] = (b1 + c1) >> 14;
-        tmp[i * 4 + 2] = (b1 - c1) >> 14;
+        tmp[i * 4 + 0] = (int)(a1 + d1) >> 14;
+        tmp[i * 4 + 3] = (int)(a1 - d1) >> 14;
+        tmp[i * 4 + 1] = (int)(b1 + c1) >> 14;
+        tmp[i * 4 + 2] = (int)(b1 - c1) >> 14;
     }
 
     for (i = 0; i < 4; i++) {
@@ -116,13 +118,13 @@ static void vp7_idct_add_c(uint8_t *dst, int16_t block[16], ptrdiff_t stride)
         c1 = tmp[i + 4] * 12540 - tmp[i + 12] * 30274;
         d1 = tmp[i + 4] * 30274 + tmp[i + 12] * 12540;
         dst[0 * stride + i] = av_clip_uint8(dst[0 * stride + i] +
-                                            ((a1 + d1 + 0x20000) >> 18));
+                                            ((int)(a1 + d1 + 0x20000) >> 18));
         dst[3 * stride + i] = av_clip_uint8(dst[3 * stride + i] +
-                                            ((a1 - d1 + 0x20000) >> 18));
+                                            ((int)(a1 - d1 + 0x20000) >> 18));
         dst[1 * stride + i] = av_clip_uint8(dst[1 * stride + i] +
-                                            ((b1 + c1 + 0x20000) >> 18));
+                                            ((int)(b1 + c1 + 0x20000) >> 18));
         dst[2 * stride + i] = av_clip_uint8(dst[2 * stride + i] +
-                                            ((b1 - c1 + 0x20000) >> 18));
+                                            ((int)(b1 - c1 + 0x20000) >> 18));
     }
 }
 
diff --git a/media/ffvpx/libavcodec/vp8dsp.h b/media/ffvpx/libavcodec/vp8dsp.h
index 0401c9221..eaae4aed6 100644
--- a/media/ffvpx/libavcodec/vp8dsp.h
+++ b/media/ffvpx/libavcodec/vp8dsp.h
@@ -70,12 +70,12 @@ typedef struct VP8DSPContext {
     void (*vp8_h_loop_filter_simple)(uint8_t *dst, ptrdiff_t stride, int flim);
 
     /**
-     * first dimension: width>>3, height is assumed equal to width
+     * first dimension: 4-log2(width)
      * second dimension: 0 if no vertical interpolation is needed;
      *                   1 4-tap vertical interpolation filter (my & 1)
      *                   2 6-tap vertical interpolation filter (!(my & 1))
      * third dimension: same as second dimension, for horizontal interpolation
-     * so something like put_vp8_epel_pixels_tab[width>>3][2*!!my-(my&1)][2*!!mx-(mx&1)](..., mx, my)
+     * so something like put_vp8_epel_pixels_tab[4-log2(width)][2*!!my-(my&1)][2*!!mx-(mx&1)](..., mx, my)
      */
     vp8_mc_func put_vp8_epel_pixels_tab[3][3][3];
     vp8_mc_func put_vp8_bilinear_pixels_tab[3][3][3];
diff --git a/media/ffvpx/libavcodec/vp9.c b/media/ffvpx/libavcodec/vp9.c
index 1aab6ba03..f2cf19424 100644
--- a/media/ffvpx/libavcodec/vp9.c
+++ b/media/ffvpx/libavcodec/vp9.c
@@ -30,176 +30,97 @@
 #include "vp56.h"
 #include "vp9.h"
 #include "vp9data.h"
-#include "vp9dsp.h"
+#include "vp9dec.h"
 #include "libavutil/avassert.h"
 #include "libavutil/pixdesc.h"
 
 #define VP9_SYNCCODE 0x498342
 
-struct VP9Filter {
-    uint8_t level[8 * 8];
-    uint8_t /* bit=col */ mask[2 /* 0=y, 1=uv */][2 /* 0=col, 1=row */]
-                              [8 /* rows */][4 /* 0=16, 1=8, 2=4, 3=inner4 */];
-};
+#if HAVE_THREADS
+static void vp9_free_entries(AVCodecContext *avctx) {
+    VP9Context *s = avctx->priv_data;
 
-typedef struct VP9Block {
-    uint8_t seg_id, intra, comp, ref[2], mode[4], uvmode, skip;
-    enum FilterMode filter;
-    VP56mv mv[4 /* b_idx */][2 /* ref */];
-    enum BlockSize bs;
-    enum TxfmMode tx, uvtx;
-    enum BlockLevel bl;
-    enum BlockPartition bp;
-} VP9Block;
-
-typedef struct VP9Context {
-    VP9SharedContext s;
-
-    VP9DSPContext dsp;
-    VideoDSPContext vdsp;
-    GetBitContext gb;
-    VP56RangeCoder c;
-    VP56RangeCoder *c_b;
-    unsigned c_b_size;
-    VP9Block *b_base, *b;
-    int pass;
-    int row, row7, col, col7;
-    uint8_t *dst[3];
-    ptrdiff_t y_stride, uv_stride;
-
-    uint8_t ss_h, ss_v;
-    uint8_t last_bpp, bpp, bpp_index, bytesperpixel;
-    uint8_t last_keyframe;
-    // sb_cols/rows, rows/cols and last_fmt are used for allocating all internal
-    // arrays, and are thus per-thread. w/h and gf_fmt are synced between threads
-    // and are therefore per-stream. pix_fmt represents the value in the header
-    // of the currently processed frame.
-    int w, h;
-    enum AVPixelFormat pix_fmt, last_fmt, gf_fmt;
-    unsigned sb_cols, sb_rows, rows, cols;
-    ThreadFrame next_refs[8];
-
-    struct {
-        uint8_t lim_lut[64];
-        uint8_t mblim_lut[64];
-    } filter_lut;
-    unsigned tile_row_start, tile_row_end, tile_col_start, tile_col_end;
-    struct {
-        prob_context p;
-        uint8_t coef[4][2][2][6][6][3];
-    } prob_ctx[4];
-    struct {
-        prob_context p;
-        uint8_t coef[4][2][2][6][6][11];
-    } prob;
-    struct {
-        unsigned y_mode[4][10];
-        unsigned uv_mode[10][10];
-        unsigned filter[4][3];
-        unsigned mv_mode[7][4];
-        unsigned intra[4][2];
-        unsigned comp[5][2];
-        unsigned single_ref[5][2][2];
-        unsigned comp_ref[5][2];
-        unsigned tx32p[2][4];
-        unsigned tx16p[2][3];
-        unsigned tx8p[2][2];
-        unsigned skip[3][2];
-        unsigned mv_joint[4];
-        struct {
-            unsigned sign[2];
-            unsigned classes[11];
-            unsigned class0[2];
-            unsigned bits[10][2];
-            unsigned class0_fp[2][4];
-            unsigned fp[4];
-            unsigned class0_hp[2];
-            unsigned hp[2];
-        } mv_comp[2];
-        unsigned partition[4][4][4];
-        unsigned coef[4][2][2][6][6][3];
-        unsigned eob[4][2][2][6][6][2];
-    } counts;
-
-    // contextual (left/above) cache
-    DECLARE_ALIGNED(16, uint8_t, left_y_nnz_ctx)[16];
-    DECLARE_ALIGNED(16, uint8_t, left_mode_ctx)[16];
-    DECLARE_ALIGNED(16, VP56mv, left_mv_ctx)[16][2];
-    DECLARE_ALIGNED(16, uint8_t, left_uv_nnz_ctx)[2][16];
-    DECLARE_ALIGNED(8, uint8_t, left_partition_ctx)[8];
-    DECLARE_ALIGNED(8, uint8_t, left_skip_ctx)[8];
-    DECLARE_ALIGNED(8, uint8_t, left_txfm_ctx)[8];
-    DECLARE_ALIGNED(8, uint8_t, left_segpred_ctx)[8];
-    DECLARE_ALIGNED(8, uint8_t, left_intra_ctx)[8];
-    DECLARE_ALIGNED(8, uint8_t, left_comp_ctx)[8];
-    DECLARE_ALIGNED(8, uint8_t, left_ref_ctx)[8];
-    DECLARE_ALIGNED(8, uint8_t, left_filter_ctx)[8];
-    uint8_t *above_partition_ctx;
-    uint8_t *above_mode_ctx;
-    // FIXME maybe merge some of the below in a flags field?
-    uint8_t *above_y_nnz_ctx;
-    uint8_t *above_uv_nnz_ctx[2];
-    uint8_t *above_skip_ctx; // 1bit
-    uint8_t *above_txfm_ctx; // 2bit
-    uint8_t *above_segpred_ctx; // 1bit
-    uint8_t *above_intra_ctx; // 1bit
-    uint8_t *above_comp_ctx; // 1bit
-    uint8_t *above_ref_ctx; // 2bit
-    uint8_t *above_filter_ctx;
-    VP56mv (*above_mv_ctx)[2];
-
-    // whole-frame cache
-    uint8_t *intra_pred_data[3];
-    struct VP9Filter *lflvl;
-    DECLARE_ALIGNED(32, uint8_t, edge_emu_buffer)[135 * 144 * 2];
-
-    // block reconstruction intermediates
-    int block_alloc_using_2pass;
-    int16_t *block_base, *block, *uvblock_base[2], *uvblock[2];
-    uint8_t *eob_base, *uveob_base[2], *eob, *uveob[2];
-    struct { int x, y; } min_mv, max_mv;
-    DECLARE_ALIGNED(32, uint8_t, tmp_y)[64 * 64 * 2];
-    DECLARE_ALIGNED(32, uint8_t, tmp_uv)[2][64 * 64 * 2];
-    uint16_t mvscale[3][2];
-    uint8_t mvstep[3][2];
-} VP9Context;
-
-static const uint8_t bwh_tab[2][N_BS_SIZES][2] = {
-    {
-        { 16, 16 }, { 16, 8 }, { 8, 16 }, { 8, 8 }, { 8, 4 }, { 4, 8 },
-        { 4, 4 }, { 4, 2 }, { 2, 4 }, { 2, 2 }, { 2, 1 }, { 1, 2 }, { 1, 1 },
-    }, {
-        { 8, 8 }, { 8, 4 }, { 4, 8 }, { 4, 4 }, { 4, 2 }, { 2, 4 },
-        { 2, 2 }, { 2, 1 }, { 1, 2 }, { 1, 1 }, { 1, 1 }, { 1, 1 }, { 1, 1 },
+    if (avctx->active_thread_type & FF_THREAD_SLICE)  {
+        pthread_mutex_destroy(&s->progress_mutex);
+        pthread_cond_destroy(&s->progress_cond);
+        av_freep(&s->entries);
     }
-};
+}
+
+static int vp9_alloc_entries(AVCodecContext *avctx, int n) {
+    VP9Context *s = avctx->priv_data;
+    int i;
+
+    if (avctx->active_thread_type & FF_THREAD_SLICE)  {
+        if (s->entries)
+            av_freep(&s->entries);
+
+        s->entries = av_malloc_array(n, sizeof(atomic_int));
+
+        if (!s->entries) {
+            av_freep(&s->entries);
+            return AVERROR(ENOMEM);
+        }
 
-static void vp9_unref_frame(AVCodecContext *ctx, VP9Frame *f)
+        for (i  = 0; i < n; i++)
+            atomic_init(&s->entries[i], 0);
+
+        pthread_mutex_init(&s->progress_mutex, NULL);
+        pthread_cond_init(&s->progress_cond, NULL);
+    }
+    return 0;
+}
+
+static void vp9_report_tile_progress(VP9Context *s, int field, int n) {
+    pthread_mutex_lock(&s->progress_mutex);
+    atomic_fetch_add_explicit(&s->entries[field], n, memory_order_release);
+    pthread_cond_signal(&s->progress_cond);
+    pthread_mutex_unlock(&s->progress_mutex);
+}
+
+static void vp9_await_tile_progress(VP9Context *s, int field, int n) {
+    if (atomic_load_explicit(&s->entries[field], memory_order_acquire) >= n)
+        return;
+
+    pthread_mutex_lock(&s->progress_mutex);
+    while (atomic_load_explicit(&s->entries[field], memory_order_relaxed) != n)
+        pthread_cond_wait(&s->progress_cond, &s->progress_mutex);
+    pthread_mutex_unlock(&s->progress_mutex);
+}
+#else
+static void vp9_free_entries(AVCodecContext *avctx) {}
+static int vp9_alloc_entries(AVCodecContext *avctx, int n) { return 0; }
+#endif
+
+static void vp9_frame_unref(AVCodecContext *avctx, VP9Frame *f)
 {
-    ff_thread_release_buffer(ctx, &f->tf);
+    ff_thread_release_buffer(avctx, &f->tf);
     av_buffer_unref(&f->extradata);
     av_buffer_unref(&f->hwaccel_priv_buf);
     f->segmentation_map = NULL;
     f->hwaccel_picture_private = NULL;
 }
 
-static int vp9_alloc_frame(AVCodecContext *ctx, VP9Frame *f)
+static int vp9_frame_alloc(AVCodecContext *avctx, VP9Frame *f)
 {
-    VP9Context *s = ctx->priv_data;
+    VP9Context *s = avctx->priv_data;
     int ret, sz;
 
-    if ((ret = ff_thread_get_buffer(ctx, &f->tf, AV_GET_BUFFER_FLAG_REF)) < 0)
+    ret = ff_thread_get_buffer(avctx, &f->tf, AV_GET_BUFFER_FLAG_REF);
+    if (ret < 0)
         return ret;
+
     sz = 64 * s->sb_cols * s->sb_rows;
-    if (!(f->extradata = av_buffer_allocz(sz * (1 + sizeof(struct VP9mvrefPair))))) {
+    f->extradata = av_buffer_allocz(sz * (1 + sizeof(VP9mvrefPair)));
+    if (!f->extradata) {
         goto fail;
     }
 
     f->segmentation_map = f->extradata->data;
-    f->mv = (struct VP9mvrefPair *) (f->extradata->data + sz);
+    f->mv = (VP9mvrefPair *) (f->extradata->data + sz);
 
-    if (ctx->hwaccel) {
-        const AVHWAccel *hwaccel = ctx->hwaccel;
+    if (avctx->hwaccel) {
+        const AVHWAccel *hwaccel = avctx->hwaccel;
         av_assert0(!f->hwaccel_picture_private);
         if (hwaccel->frame_priv_data_size) {
             f->hwaccel_priv_buf = av_buffer_allocz(hwaccel->frame_priv_data_size);
@@ -212,19 +133,21 @@ static int vp9_alloc_frame(AVCodecContext *ctx, VP9Frame *f)
     return 0;
 
 fail:
-    vp9_unref_frame(ctx, f);
+    vp9_frame_unref(avctx, f);
     return AVERROR(ENOMEM);
 }
 
-static int vp9_ref_frame(AVCodecContext *ctx, VP9Frame *dst, VP9Frame *src)
+static int vp9_frame_ref(AVCodecContext *avctx, VP9Frame *dst, VP9Frame *src)
 {
-    int res;
+    int ret;
 
-    if ((res = ff_thread_ref_frame(&dst->tf, &src->tf)) < 0) {
-        return res;
-    } else if (!(dst->extradata = av_buffer_ref(src->extradata))) {
+    ret = ff_thread_ref_frame(&dst->tf, &src->tf);
+    if (ret < 0)
+        return ret;
+
+    dst->extradata = av_buffer_ref(src->extradata);
+    if (!dst->extradata)
         goto fail;
-    }
 
     dst->segmentation_map = src->segmentation_map;
     dst->mv = src->mv;
@@ -240,44 +163,54 @@ static int vp9_ref_frame(AVCodecContext *ctx, VP9Frame *dst, VP9Frame *src)
     return 0;
 
 fail:
-    vp9_unref_frame(ctx, dst);
+    vp9_frame_unref(avctx, dst);
     return AVERROR(ENOMEM);
 }
 
-static int update_size(AVCodecContext *ctx, int w, int h)
+static int update_size(AVCodecContext *avctx, int w, int h)
 {
-#define HWACCEL_MAX (CONFIG_VP9_DXVA2_HWACCEL + CONFIG_VP9_D3D11VA_HWACCEL + CONFIG_VP9_VAAPI_HWACCEL)
+#define HWACCEL_MAX (CONFIG_VP9_DXVA2_HWACCEL + CONFIG_VP9_D3D11VA_HWACCEL * 2 + CONFIG_VP9_VAAPI_HWACCEL)
     enum AVPixelFormat pix_fmts[HWACCEL_MAX + 2], *fmtp = pix_fmts;
-    VP9Context *s = ctx->priv_data;
+    VP9Context *s = avctx->priv_data;
     uint8_t *p;
-    int bytesperpixel = s->bytesperpixel, res, cols, rows;
+    int bytesperpixel = s->bytesperpixel, ret, cols, rows;
+    int lflvl_len, i;
 
     av_assert0(w > 0 && h > 0);
 
     if (!(s->pix_fmt == s->gf_fmt && w == s->w && h == s->h)) {
-        if ((res = ff_set_dimensions(ctx, w, h)) < 0)
-            return res;
+        if ((ret = ff_set_dimensions(avctx, w, h)) < 0)
+            return ret;
 
-        if (s->pix_fmt == AV_PIX_FMT_YUV420P) {
+        switch (s->pix_fmt) {
+        case AV_PIX_FMT_YUV420P:
 #if CONFIG_VP9_DXVA2_HWACCEL
             *fmtp++ = AV_PIX_FMT_DXVA2_VLD;
 #endif
 #if CONFIG_VP9_D3D11VA_HWACCEL
             *fmtp++ = AV_PIX_FMT_D3D11VA_VLD;
+            *fmtp++ = AV_PIX_FMT_D3D11;
 #endif
 #if CONFIG_VP9_VAAPI_HWACCEL
             *fmtp++ = AV_PIX_FMT_VAAPI;
 #endif
+            break;
+        case AV_PIX_FMT_YUV420P10:
+        case AV_PIX_FMT_YUV420P12:
+#if CONFIG_VP9_VAAPI_HWACCEL
+            *fmtp++ = AV_PIX_FMT_VAAPI;
+#endif
+            break;
         }
 
         *fmtp++ = s->pix_fmt;
         *fmtp = AV_PIX_FMT_NONE;
 
-        res = ff_thread_get_format(ctx, pix_fmts);
-        if (res < 0)
-            return res;
+        ret = ff_thread_get_format(avctx, pix_fmts);
+        if (ret < 0)
+            return ret;
 
-        ctx->pix_fmt = res;
+        avctx->pix_fmt = ret;
         s->gf_fmt  = s->pix_fmt;
         s->w = w;
         s->h = h;
@@ -294,13 +227,14 @@ static int update_size(AVCodecContext *ctx, int w, int h)
     s->sb_rows   = (h + 63) >> 6;
     s->cols      = (w + 7) >> 3;
     s->rows      = (h + 7) >> 3;
+    lflvl_len    = avctx->active_thread_type == FF_THREAD_SLICE ? s->sb_rows : 1;
 
 #define assign(var, type, n) var = (type) p; p += s->sb_cols * (n) * sizeof(*var)
     av_freep(&s->intra_pred_data[0]);
     // FIXME we slightly over-allocate here for subsampled chroma, but a little
     // bit of padding shouldn't affect performance...
     p = av_malloc(s->sb_cols * (128 + 192 * bytesperpixel +
-                                sizeof(*s->lflvl) + 16 * sizeof(*s->above_mv_ctx)));
+                                lflvl_len * sizeof(*s->lflvl) + 16 * sizeof(*s->above_mv_ctx)));
     if (!p)
         return AVERROR(ENOMEM);
     assign(s->intra_pred_data[0],  uint8_t *,             64 * bytesperpixel);
@@ -319,65 +253,78 @@ static int update_size(AVCodecContext *ctx, int w, int h)
     assign(s->above_comp_ctx,      uint8_t *,              8);
     assign(s->above_ref_ctx,       uint8_t *,              8);
     assign(s->above_filter_ctx,    uint8_t *,              8);
-    assign(s->lflvl,               struct VP9Filter *,     1);
+    assign(s->lflvl,               VP9Filter *,            lflvl_len);
 #undef assign
 
-    // these will be re-allocated a little later
-    av_freep(&s->b_base);
-    av_freep(&s->block_base);
+    if (s->td) {
+        for (i = 0; i < s->active_tile_cols; i++) {
+            av_freep(&s->td[i].b_base);
+            av_freep(&s->td[i].block_base);
+        }
+    }
 
-    if (s->bpp != s->last_bpp) {
-        ff_vp9dsp_init(&s->dsp, s->bpp, ctx->flags & AV_CODEC_FLAG_BITEXACT);
-        ff_videodsp_init(&s->vdsp, s->bpp);
-        s->last_bpp = s->bpp;
+    if (s->s.h.bpp != s->last_bpp) {
+        ff_vp9dsp_init(&s->dsp, s->s.h.bpp, avctx->flags & AV_CODEC_FLAG_BITEXACT);
+        ff_videodsp_init(&s->vdsp, s->s.h.bpp);
+        s->last_bpp = s->s.h.bpp;
     }
 
     return 0;
 }
 
-static int update_block_buffers(AVCodecContext *ctx)
+static int update_block_buffers(AVCodecContext *avctx)
 {
-    VP9Context *s = ctx->priv_data;
+    int i;
+    VP9Context *s = avctx->priv_data;
     int chroma_blocks, chroma_eobs, bytesperpixel = s->bytesperpixel;
+    VP9TileData *td = &s->td[0];
 
-    if (s->b_base && s->block_base && s->block_alloc_using_2pass == s->s.frames[CUR_FRAME].uses_2pass)
+    if (td->b_base && td->block_base && s->block_alloc_using_2pass == s->s.frames[CUR_FRAME].uses_2pass)
         return 0;
 
-    av_free(s->b_base);
-    av_free(s->block_base);
+    av_free(td->b_base);
+    av_free(td->block_base);
     chroma_blocks = 64 * 64 >> (s->ss_h + s->ss_v);
     chroma_eobs   = 16 * 16 >> (s->ss_h + s->ss_v);
     if (s->s.frames[CUR_FRAME].uses_2pass) {
         int sbs = s->sb_cols * s->sb_rows;
 
-        s->b_base = av_malloc_array(s->cols * s->rows, sizeof(VP9Block));
-        s->block_base = av_mallocz(((64 * 64 + 2 * chroma_blocks) * bytesperpixel * sizeof(int16_t) +
+        td->b_base = av_malloc_array(s->cols * s->rows, sizeof(VP9Block));
+        td->block_base = av_mallocz(((64 * 64 + 2 * chroma_blocks) * bytesperpixel * sizeof(int16_t) +
                                     16 * 16 + 2 * chroma_eobs) * sbs);
-        if (!s->b_base || !s->block_base)
+        if (!td->b_base || !td->block_base)
             return AVERROR(ENOMEM);
-        s->uvblock_base[0] = s->block_base + sbs * 64 * 64 * bytesperpixel;
-        s->uvblock_base[1] = s->uvblock_base[0] + sbs * chroma_blocks * bytesperpixel;
-        s->eob_base = (uint8_t *) (s->uvblock_base[1] + sbs * chroma_blocks * bytesperpixel);
-        s->uveob_base[0] = s->eob_base + 16 * 16 * sbs;
-        s->uveob_base[1] = s->uveob_base[0] + chroma_eobs * sbs;
+        td->uvblock_base[0] = td->block_base + sbs * 64 * 64 * bytesperpixel;
+        td->uvblock_base[1] = td->uvblock_base[0] + sbs * chroma_blocks * bytesperpixel;
+        td->eob_base = (uint8_t *) (td->uvblock_base[1] + sbs * chroma_blocks * bytesperpixel);
+        td->uveob_base[0] = td->eob_base + 16 * 16 * sbs;
+        td->uveob_base[1] = td->uveob_base[0] + chroma_eobs * sbs;
     } else {
-        s->b_base = av_malloc(sizeof(VP9Block));
-        s->block_base = av_mallocz((64 * 64 + 2 * chroma_blocks) * bytesperpixel * sizeof(int16_t) +
-                                   16 * 16 + 2 * chroma_eobs);
-        if (!s->b_base || !s->block_base)
-            return AVERROR(ENOMEM);
-        s->uvblock_base[0] = s->block_base + 64 * 64 * bytesperpixel;
-        s->uvblock_base[1] = s->uvblock_base[0] + chroma_blocks * bytesperpixel;
-        s->eob_base = (uint8_t *) (s->uvblock_base[1] + chroma_blocks * bytesperpixel);
-        s->uveob_base[0] = s->eob_base + 16 * 16;
-        s->uveob_base[1] = s->uveob_base[0] + chroma_eobs;
+        for (i = 1; i < s->active_tile_cols; i++) {
+            if (s->td[i].b_base && s->td[i].block_base) {
+                av_free(s->td[i].b_base);
+                av_free(s->td[i].block_base);
+            }
+        }
+        for (i = 0; i < s->active_tile_cols; i++) {
+            s->td[i].b_base = av_malloc(sizeof(VP9Block));
+            s->td[i].block_base = av_mallocz((64 * 64 + 2 * chroma_blocks) * bytesperpixel * sizeof(int16_t) +
+                                       16 * 16 + 2 * chroma_eobs);
+            if (!s->td[i].b_base || !s->td[i].block_base)
+                return AVERROR(ENOMEM);
+            s->td[i].uvblock_base[0] = s->td[i].block_base + 64 * 64 * bytesperpixel;
+            s->td[i].uvblock_base[1] = s->td[i].uvblock_base[0] + chroma_blocks * bytesperpixel;
+            s->td[i].eob_base = (uint8_t *) (s->td[i].uvblock_base[1] + chroma_blocks * bytesperpixel);
+            s->td[i].uveob_base[0] = s->td[i].eob_base + 16 * 16;
+            s->td[i].uveob_base[1] = s->td[i].uveob_base[0] + chroma_eobs;
+        }
     }
     s->block_alloc_using_2pass = s->s.frames[CUR_FRAME].uses_2pass;
 
     return 0;
 }
 
-// for some reason the sign bit is at the end, not the start, of a bit sequence
+// The sign bit is at the end, not the start, of a bit sequence
 static av_always_inline int get_sbits_inv(GetBitContext *gb, int n)
 {
     int v = get_bits(gb, n);
@@ -386,7 +333,11 @@ static av_always_inline int get_sbits_inv(GetBitContext *gb, int n)
 
 static av_always_inline int inv_recenter_nonneg(int v, int m)
 {
-    return v > 2 * m ? v : v & 1 ? m - ((v + 1) >> 1) : m + (v >> 1);
+    if (v > 2 * m)
+        return v;
+    if (v & 1)
+        return m - ((v + 1) >> 1);
+    return m + (v >> 1);
 }
 
 // differential forward probability updates
@@ -417,13 +368,13 @@ static int update_prob(VP56RangeCoder *c, int p)
 
     /* This code is trying to do a differential probability update. For a
      * current probability A in the range [1, 255], the difference to a new
-     * probability of any value can be expressed differentially as 1-A,255-A
+     * probability of any value can be expressed differentially as 1-A, 255-A
      * where some part of this (absolute range) exists both in positive as
      * well as the negative part, whereas another part only exists in one
      * half. We're trying to code this shared part differentially, i.e.
      * times two where the value of the lowest bit specifies the sign, and
      * the single part is then coded on top of this. This absolute difference
-     * then again has a value of [0,254], but a bigger value in this range
+     * then again has a value of [0, 254], but a bigger value in this range
      * indicates that we're further away from the original value A, so we
      * can code this as a VLC code, since higher values are increasingly
      * unlikely. The first 20 values in inv_map_table[] allow 'cheap, rough'
@@ -448,34 +399,34 @@ static int update_prob(VP56RangeCoder *c, int p)
                     255 - inv_recenter_nonneg(inv_map_table[d], 255 - p);
 }
 
-static int read_colorspace_details(AVCodecContext *ctx)
+static int read_colorspace_details(AVCodecContext *avctx)
 {
     static const enum AVColorSpace colorspaces[8] = {
         AVCOL_SPC_UNSPECIFIED, AVCOL_SPC_BT470BG, AVCOL_SPC_BT709, AVCOL_SPC_SMPTE170M,
         AVCOL_SPC_SMPTE240M, AVCOL_SPC_BT2020_NCL, AVCOL_SPC_RESERVED, AVCOL_SPC_RGB,
     };
-    VP9Context *s = ctx->priv_data;
-    int bits = ctx->profile <= 1 ? 0 : 1 + get_bits1(&s->gb); // 0:8, 1:10, 2:12
+    VP9Context *s = avctx->priv_data;
+    int bits = avctx->profile <= 1 ? 0 : 1 + get_bits1(&s->gb); // 0:8, 1:10, 2:12
 
     s->bpp_index = bits;
-    s->bpp = 8 + bits * 2;
-    s->bytesperpixel = (7 + s->bpp) >> 3;
-    ctx->colorspace = colorspaces[get_bits(&s->gb, 3)];
-    if (ctx->colorspace == AVCOL_SPC_RGB) { // RGB = profile 1
+    s->s.h.bpp = 8 + bits * 2;
+    s->bytesperpixel = (7 + s->s.h.bpp) >> 3;
+    avctx->colorspace = colorspaces[get_bits(&s->gb, 3)];
+    if (avctx->colorspace == AVCOL_SPC_RGB) { // RGB = profile 1
         static const enum AVPixelFormat pix_fmt_rgb[3] = {
             AV_PIX_FMT_GBRP, AV_PIX_FMT_GBRP10, AV_PIX_FMT_GBRP12
         };
         s->ss_h = s->ss_v = 0;
-        ctx->color_range = AVCOL_RANGE_JPEG;
+        avctx->color_range = AVCOL_RANGE_JPEG;
         s->pix_fmt = pix_fmt_rgb[bits];
-        if (ctx->profile & 1) {
+        if (avctx->profile & 1) {
             if (get_bits1(&s->gb)) {
-                av_log(ctx, AV_LOG_ERROR, "Reserved bit set in RGB\n");
+                av_log(avctx, AV_LOG_ERROR, "Reserved bit set in RGB\n");
                 return AVERROR_INVALIDDATA;
             }
         } else {
-            av_log(ctx, AV_LOG_ERROR, "RGB not supported in profile %d\n",
-                   ctx->profile);
+            av_log(avctx, AV_LOG_ERROR, "RGB not supported in profile %d\n",
+                   avctx->profile);
             return AVERROR_INVALIDDATA;
         }
     } else {
@@ -487,18 +438,18 @@ static int read_colorspace_details(AVCodecContext *ctx)
             { { AV_PIX_FMT_YUV444P12, AV_PIX_FMT_YUV422P12 },
               { AV_PIX_FMT_YUV440P12, AV_PIX_FMT_YUV420P12 } }
         };
-        ctx->color_range = get_bits1(&s->gb) ? AVCOL_RANGE_JPEG : AVCOL_RANGE_MPEG;
-        if (ctx->profile & 1) {
+        avctx->color_range = get_bits1(&s->gb) ? AVCOL_RANGE_JPEG : AVCOL_RANGE_MPEG;
+        if (avctx->profile & 1) {
             s->ss_h = get_bits1(&s->gb);
             s->ss_v = get_bits1(&s->gb);
             s->pix_fmt = pix_fmt_for_ss[bits][s->ss_v][s->ss_h];
             if (s->pix_fmt == AV_PIX_FMT_YUV420P) {
-                av_log(ctx, AV_LOG_ERROR, "YUV 4:2:0 not supported in profile %d\n",
-                       ctx->profile);
+                av_log(avctx, AV_LOG_ERROR, "YUV 4:2:0 not supported in profile %d\n",
+                       avctx->profile);
                 return AVERROR_INVALIDDATA;
             } else if (get_bits1(&s->gb)) {
-                av_log(ctx, AV_LOG_ERROR, "Profile %d color details reserved bit set\n",
-                       ctx->profile);
+                av_log(avctx, AV_LOG_ERROR, "Profile %d color details reserved bit set\n",
+                       avctx->profile);
                 return AVERROR_INVALIDDATA;
             }
         } else {
@@ -510,48 +461,51 @@ static int read_colorspace_details(AVCodecContext *ctx)
     return 0;
 }
 
-static int decode_frame_header(AVCodecContext *ctx,
+static int decode_frame_header(AVCodecContext *avctx,
                                const uint8_t *data, int size, int *ref)
 {
-    VP9Context *s = ctx->priv_data;
-    int c, i, j, k, l, m, n, w, h, max, size2, res, sharp;
+    VP9Context *s = avctx->priv_data;
+    int c, i, j, k, l, m, n, w, h, max, size2, ret, sharp;
     int last_invisible;
     const uint8_t *data2;
 
     /* general header */
-    if ((res = init_get_bits8(&s->gb, data, size)) < 0) {
-        av_log(ctx, AV_LOG_ERROR, "Failed to initialize bitstream reader\n");
-        return res;
+    if ((ret = init_get_bits8(&s->gb, data, size)) < 0) {
+        av_log(avctx, AV_LOG_ERROR, "Failed to initialize bitstream reader\n");
+        return ret;
     }
     if (get_bits(&s->gb, 2) != 0x2) { // frame marker
-        av_log(ctx, AV_LOG_ERROR, "Invalid frame marker\n");
+        av_log(avctx, AV_LOG_ERROR, "Invalid frame marker\n");
         return AVERROR_INVALIDDATA;
     }
-    ctx->profile  = get_bits1(&s->gb);
-    ctx->profile |= get_bits1(&s->gb) << 1;
-    if (ctx->profile == 3) ctx->profile += get_bits1(&s->gb);
-    if (ctx->profile > 3) {
-        av_log(ctx, AV_LOG_ERROR, "Profile %d is not yet supported\n", ctx->profile);
+    avctx->profile  = get_bits1(&s->gb);
+    avctx->profile |= get_bits1(&s->gb) << 1;
+    if (avctx->profile == 3) avctx->profile += get_bits1(&s->gb);
+    if (avctx->profile > 3) {
+        av_log(avctx, AV_LOG_ERROR, "Profile %d is not yet supported\n", avctx->profile);
         return AVERROR_INVALIDDATA;
     }
-    s->s.h.profile = ctx->profile;
+    s->s.h.profile = avctx->profile;
     if (get_bits1(&s->gb)) {
         *ref = get_bits(&s->gb, 3);
         return 0;
     }
+
     s->last_keyframe  = s->s.h.keyframe;
-    s->s.h.keyframe     = !get_bits1(&s->gb);
-    last_invisible    = s->s.h.invisible;
-    s->s.h.invisible    = !get_bits1(&s->gb);
-    s->s.h.errorres     = get_bits1(&s->gb);
+    s->s.h.keyframe   = !get_bits1(&s->gb);
+
+    last_invisible   = s->s.h.invisible;
+    s->s.h.invisible = !get_bits1(&s->gb);
+    s->s.h.errorres  = get_bits1(&s->gb);
     s->s.h.use_last_frame_mvs = !s->s.h.errorres && !last_invisible;
+
     if (s->s.h.keyframe) {
         if (get_bits_long(&s->gb, 24) != VP9_SYNCCODE) { // synccode
-            av_log(ctx, AV_LOG_ERROR, "Invalid sync code\n");
+            av_log(avctx, AV_LOG_ERROR, "Invalid sync code\n");
             return AVERROR_INVALIDDATA;
         }
-        if ((res = read_colorspace_details(ctx)) < 0)
-            return res;
+        if ((ret = read_colorspace_details(avctx)) < 0)
+            return ret;
         // for profile 1, here follows the subsampling bits
         s->s.h.refreshrefmask = 0xff;
         w = get_bits(&s->gb, 16) + 1;
@@ -559,24 +513,24 @@ static int decode_frame_header(AVCodecContext *ctx,
         if (get_bits1(&s->gb)) // display size
             skip_bits(&s->gb, 32);
     } else {
-        s->s.h.intraonly  = s->s.h.invisible ? get_bits1(&s->gb) : 0;
-        s->s.h.resetctx   = s->s.h.errorres ? 0 : get_bits(&s->gb, 2);
+        s->s.h.intraonly = s->s.h.invisible ? get_bits1(&s->gb) : 0;
+        s->s.h.resetctx  = s->s.h.errorres ? 0 : get_bits(&s->gb, 2);
         if (s->s.h.intraonly) {
             if (get_bits_long(&s->gb, 24) != VP9_SYNCCODE) { // synccode
-                av_log(ctx, AV_LOG_ERROR, "Invalid sync code\n");
+                av_log(avctx, AV_LOG_ERROR, "Invalid sync code\n");
                 return AVERROR_INVALIDDATA;
             }
-            if (ctx->profile >= 1) {
-                if ((res = read_colorspace_details(ctx)) < 0)
-                    return res;
+            if (avctx->profile >= 1) {
+                if ((ret = read_colorspace_details(avctx)) < 0)
+                    return ret;
             } else {
                 s->ss_h = s->ss_v = 1;
-                s->bpp = 8;
+                s->s.h.bpp = 8;
                 s->bpp_index = 0;
                 s->bytesperpixel = 1;
                 s->pix_fmt = AV_PIX_FMT_YUV420P;
-                ctx->colorspace = AVCOL_SPC_BT470BG;
-                ctx->color_range = AVCOL_RANGE_JPEG;
+                avctx->colorspace = AVCOL_SPC_BT470BG;
+                avctx->color_range = AVCOL_RANGE_MPEG;
             }
             s->s.h.refreshrefmask = get_bits(&s->gb, 8);
             w = get_bits(&s->gb, 16) + 1;
@@ -594,7 +548,7 @@ static int decode_frame_header(AVCodecContext *ctx,
             if (!s->s.refs[s->s.h.refidx[0]].f->buf[0] ||
                 !s->s.refs[s->s.h.refidx[1]].f->buf[0] ||
                 !s->s.refs[s->s.h.refidx[2]].f->buf[0]) {
-                av_log(ctx, AV_LOG_ERROR, "Not all references are available\n");
+                av_log(avctx, AV_LOG_ERROR, "Not all references are available\n");
                 return AVERROR_INVALIDDATA;
             }
             if (get_bits1(&s->gb)) {
@@ -660,8 +614,20 @@ static int decode_frame_header(AVCodecContext *ctx,
     sharp = get_bits(&s->gb, 3);
     // if sharpness changed, reinit lim/mblim LUTs. if it didn't change, keep
     // the old cache values since they are still valid
-    if (s->s.h.filter.sharpness != sharp)
-        memset(s->filter_lut.lim_lut, 0, sizeof(s->filter_lut.lim_lut));
+    if (s->s.h.filter.sharpness != sharp) {
+        for (i = 1; i <= 63; i++) {
+            int limit = i;
+
+            if (sharp > 0) {
+                limit >>= (sharp + 3) >> 2;
+                limit = FFMIN(limit, 9 - sharp);
+            }
+            limit = FFMAX(limit, 1);
+
+            s->filter_lut.lim_lut[i] = limit;
+            s->filter_lut.mblim_lut[i] = 2 * (i + 2) + limit;
+        }
+    }
     s->s.h.filter.sharpness = sharp;
     if ((s->s.h.lf_delta.enabled = get_bits1(&s->gb))) {
         if ((s->s.h.lf_delta.updated = get_bits1(&s->gb))) {
@@ -682,7 +648,7 @@ static int decode_frame_header(AVCodecContext *ctx,
     s->s.h.lossless    = s->s.h.yac_qi == 0 && s->s.h.ydc_qdelta == 0 &&
                        s->s.h.uvdc_qdelta == 0 && s->s.h.uvac_qdelta == 0;
     if (s->s.h.lossless)
-        ctx->properties |= FF_CODEC_PROPERTY_LOSSLESS;
+        avctx->properties |= FF_CODEC_PROPERTY_LOSSLESS;
 
     /* segmentation header info */
     if ((s->s.h.segmentation.enabled = get_bits1(&s->gb))) {
@@ -690,11 +656,10 @@ static int decode_frame_header(AVCodecContext *ctx,
             for (i = 0; i < 7; i++)
                 s->s.h.segmentation.prob[i] = get_bits1(&s->gb) ?
                                  get_bits(&s->gb, 8) : 255;
-            if ((s->s.h.segmentation.temporal = get_bits1(&s->gb))) {
+            if ((s->s.h.segmentation.temporal = get_bits1(&s->gb)))
                 for (i = 0; i < 3; i++)
                     s->s.h.segmentation.pred_prob[i] = get_bits1(&s->gb) ?
                                          get_bits(&s->gb, 8) : 255;
-            }
         }
 
         if (get_bits1(&s->gb)) {
@@ -728,10 +693,10 @@ static int decode_frame_header(AVCodecContext *ctx,
         quvac = av_clip_uintp2(qyac + s->s.h.uvac_qdelta, 8);
         qyac  = av_clip_uintp2(qyac, 8);
 
-        s->s.h.segmentation.feat[i].qmul[0][0] = vp9_dc_qlookup[s->bpp_index][qydc];
-        s->s.h.segmentation.feat[i].qmul[0][1] = vp9_ac_qlookup[s->bpp_index][qyac];
-        s->s.h.segmentation.feat[i].qmul[1][0] = vp9_dc_qlookup[s->bpp_index][quvdc];
-        s->s.h.segmentation.feat[i].qmul[1][1] = vp9_ac_qlookup[s->bpp_index][quvac];
+        s->s.h.segmentation.feat[i].qmul[0][0] = ff_vp9_dc_qlookup[s->bpp_index][qydc];
+        s->s.h.segmentation.feat[i].qmul[0][1] = ff_vp9_ac_qlookup[s->bpp_index][qyac];
+        s->s.h.segmentation.feat[i].qmul[1][0] = ff_vp9_dc_qlookup[s->bpp_index][quvdc];
+        s->s.h.segmentation.feat[i].qmul[1][1] = ff_vp9_ac_qlookup[s->bpp_index][quvac];
 
         sh = s->s.h.filter.level >= 32;
         if (s->s.h.segmentation.enabled && s->s.h.segmentation.feat[i].lf_enabled) {
@@ -761,10 +726,10 @@ static int decode_frame_header(AVCodecContext *ctx,
     }
 
     /* tiling info */
-    if ((res = update_size(ctx, w, h)) < 0) {
-        av_log(ctx, AV_LOG_ERROR, "Failed to initialize decoder for %dx%d @ %d\n",
+    if ((ret = update_size(avctx, w, h)) < 0) {
+        av_log(avctx, AV_LOG_ERROR, "Failed to initialize decoder for %dx%d @ %d\n",
                w, h, s->pix_fmt);
-        return res;
+        return ret;
     }
     for (s->s.h.tiling.log2_tile_cols = 0;
          s->sb_cols > (64 << s->s.h.tiling.log2_tile_cols);
@@ -780,12 +745,36 @@ static int decode_frame_header(AVCodecContext *ctx,
     s->s.h.tiling.log2_tile_rows = decode012(&s->gb);
     s->s.h.tiling.tile_rows = 1 << s->s.h.tiling.log2_tile_rows;
     if (s->s.h.tiling.tile_cols != (1 << s->s.h.tiling.log2_tile_cols)) {
+        int n_range_coders;
+        VP56RangeCoder *rc;
+
+        if (s->td) {
+            for (i = 0; i < s->active_tile_cols; i++) {
+                av_free(s->td[i].b_base);
+                av_free(s->td[i].block_base);
+            }
+            av_free(s->td);
+        }
+
         s->s.h.tiling.tile_cols = 1 << s->s.h.tiling.log2_tile_cols;
-        s->c_b = av_fast_realloc(s->c_b, &s->c_b_size,
-                                 sizeof(VP56RangeCoder) * s->s.h.tiling.tile_cols);
-        if (!s->c_b) {
-            av_log(ctx, AV_LOG_ERROR, "Ran out of memory during range coder init\n");
+        vp9_free_entries(avctx);
+        s->active_tile_cols = avctx->active_thread_type == FF_THREAD_SLICE ?
+                              s->s.h.tiling.tile_cols : 1;
+        vp9_alloc_entries(avctx, s->sb_rows);
+        if (avctx->active_thread_type == FF_THREAD_SLICE) {
+            n_range_coders = 4; // max_tile_rows
+        } else {
+            n_range_coders = s->s.h.tiling.tile_cols;
+        }
+        s->td = av_mallocz_array(s->active_tile_cols, sizeof(VP9TileData) +
+                                 n_range_coders * sizeof(VP56RangeCoder));
+        if (!s->td)
             return AVERROR(ENOMEM);
+        rc = (VP56RangeCoder *) &s->td[s->active_tile_cols];
+        for (i = 0; i < s->active_tile_cols; i++) {
+            s->td[i].s = s;
+            s->td[i].c_b = rc;
+            rc += n_range_coders;
         }
     }
 
@@ -795,17 +784,17 @@ static int decode_frame_header(AVCodecContext *ctx,
             AVFrame *ref = s->s.refs[s->s.h.refidx[i]].f;
             int refw = ref->width, refh = ref->height;
 
-            if (ref->format != ctx->pix_fmt) {
-                av_log(ctx, AV_LOG_ERROR,
+            if (ref->format != avctx->pix_fmt) {
+                av_log(avctx, AV_LOG_ERROR,
                        "Ref pixfmt (%s) did not match current frame (%s)",
                        av_get_pix_fmt_name(ref->format),
-                       av_get_pix_fmt_name(ctx->pix_fmt));
+                       av_get_pix_fmt_name(avctx->pix_fmt));
                 return AVERROR_INVALIDDATA;
             } else if (refw == w && refh == h) {
                 s->mvscale[i][0] = s->mvscale[i][1] = 0;
             } else {
                 if (w * 2 < refw || h * 2 < refh || w > 16 * refw || h > 16 * refh) {
-                    av_log(ctx, AV_LOG_ERROR,
+                    av_log(avctx, AV_LOG_ERROR,
                            "Invalid ref frame dimensions %dx%d for frame size %dx%d\n",
                            refw, refh, w, h);
                     return AVERROR_INVALIDDATA;
@@ -820,19 +809,19 @@ static int decode_frame_header(AVCodecContext *ctx,
 
     if (s->s.h.keyframe || s->s.h.errorres || (s->s.h.intraonly && s->s.h.resetctx == 3)) {
         s->prob_ctx[0].p = s->prob_ctx[1].p = s->prob_ctx[2].p =
-                           s->prob_ctx[3].p = vp9_default_probs;
-        memcpy(s->prob_ctx[0].coef, vp9_default_coef_probs,
-               sizeof(vp9_default_coef_probs));
-        memcpy(s->prob_ctx[1].coef, vp9_default_coef_probs,
-               sizeof(vp9_default_coef_probs));
-        memcpy(s->prob_ctx[2].coef, vp9_default_coef_probs,
-               sizeof(vp9_default_coef_probs));
-        memcpy(s->prob_ctx[3].coef, vp9_default_coef_probs,
-               sizeof(vp9_default_coef_probs));
+                           s->prob_ctx[3].p = ff_vp9_default_probs;
+        memcpy(s->prob_ctx[0].coef, ff_vp9_default_coef_probs,
+               sizeof(ff_vp9_default_coef_probs));
+        memcpy(s->prob_ctx[1].coef, ff_vp9_default_coef_probs,
+               sizeof(ff_vp9_default_coef_probs));
+        memcpy(s->prob_ctx[2].coef, ff_vp9_default_coef_probs,
+               sizeof(ff_vp9_default_coef_probs));
+        memcpy(s->prob_ctx[3].coef, ff_vp9_default_coef_probs,
+               sizeof(ff_vp9_default_coef_probs));
     } else if (s->s.h.intraonly && s->s.h.resetctx == 2) {
-        s->prob_ctx[c].p = vp9_default_probs;
-        memcpy(s->prob_ctx[c].coef, vp9_default_coef_probs,
-               sizeof(vp9_default_coef_probs));
+        s->prob_ctx[c].p = ff_vp9_default_probs;
+        memcpy(s->prob_ctx[c].coef, ff_vp9_default_coef_probs,
+               sizeof(ff_vp9_default_coef_probs));
     }
 
     // next 16 bits is size of the rest of the header (arith-coded)
@@ -841,24 +830,30 @@ static int decode_frame_header(AVCodecContext *ctx,
 
     data2 = align_get_bits(&s->gb);
     if (size2 > size - (data2 - data)) {
-        av_log(ctx, AV_LOG_ERROR, "Invalid compressed header size\n");
+        av_log(avctx, AV_LOG_ERROR, "Invalid compressed header size\n");
         return AVERROR_INVALIDDATA;
     }
-    ff_vp56_init_range_decoder(&s->c, data2, size2);
+    ret = ff_vp56_init_range_decoder(&s->c, data2, size2);
+    if (ret < 0)
+        return ret;
+
     if (vp56_rac_get_prob_branchy(&s->c, 128)) { // marker bit
-        av_log(ctx, AV_LOG_ERROR, "Marker bit was set\n");
+        av_log(avctx, AV_LOG_ERROR, "Marker bit was set\n");
         return AVERROR_INVALIDDATA;
     }
 
-    if (s->s.h.keyframe || s->s.h.intraonly) {
-        memset(s->counts.coef, 0, sizeof(s->counts.coef));
-        memset(s->counts.eob,  0, sizeof(s->counts.eob));
-    } else {
-        memset(&s->counts, 0, sizeof(s->counts));
+    for (i = 0; i < s->active_tile_cols; i++) {
+        if (s->s.h.keyframe || s->s.h.intraonly) {
+            memset(s->td[i].counts.coef, 0, sizeof(s->td[0].counts.coef));
+            memset(s->td[i].counts.eob,  0, sizeof(s->td[0].counts.eob));
+        } else {
+            memset(&s->td[i].counts, 0, sizeof(s->td[0].counts));
+        }
     }
-    // FIXME is it faster to not copy here, but do it down in the fw updates
-    // as explicit copies if the fw update is missing (and skip the copy upon
-    // fw update)?
+
+    /* FIXME is it faster to not copy here, but do it down in the fw updates
+     * as explicit copies if the fw update is missing (and skip the copy upon
+     * fw update)? */
     s->prob.p = s->prob_ctx[c].p;
 
     // txfm updates
@@ -899,13 +894,12 @@ static int decode_frame_header(AVCodecContext *ctx,
                             if (m >= 3 && l == 0) // dc only has 3 pt
                                 break;
                             for (n = 0; n < 3; n++) {
-                                if (vp56_rac_get_prob_branchy(&s->c, 252)) {
+                                if (vp56_rac_get_prob_branchy(&s->c, 252))
                                     p[n] = update_prob(&s->c, r[n]);
-                                } else {
+                                else
                                     p[n] = r[n];
-                                }
                             }
-                            p[3] = 0;
+                            memcpy(&p[3], ff_vp9_model_pareto8[p[2]], 8);
                         }
         } else {
             for (j = 0; j < 2; j++)
@@ -917,7 +911,7 @@ static int decode_frame_header(AVCodecContext *ctx,
                             if (m > 3 && l == 0) // dc only has 3 pt
                                 break;
                             memcpy(p, r, 3);
-                            p[3] = 0;
+                            memcpy(&p[3], ff_vp9_model_pareto8[p[2]], 8);
                         }
         }
         if (s->s.h.txfmmode == i)
@@ -988,7 +982,8 @@ static int decode_frame_header(AVCodecContext *ctx,
                 for (k = 0; k < 3; k++)
                     if (vp56_rac_get_prob_branchy(&s->c, 252))
                         s->prob.p.partition[3 - i][j][k] =
-                            update_prob(&s->c, s->prob.p.partition[3 - i][j][k]);
+                            update_prob(&s->c,
+                                        s->prob.p.partition[3 - i][j][k]);
 
         // mv fields don't use the update_prob subexp model for some reason
         for (i = 0; i < 3; i++)
@@ -997,7 +992,8 @@ static int decode_frame_header(AVCodecContext *ctx,
 
         for (i = 0; i < 2; i++) {
             if (vp56_rac_get_prob_branchy(&s->c, 252))
-                s->prob.p.mv_comp[i].sign = (vp8_rac_get_uint(&s->c, 7) << 1) | 1;
+                s->prob.p.mv_comp[i].sign =
+                    (vp8_rac_get_uint(&s->c, 7) << 1) | 1;
 
             for (j = 0; j < 10; j++)
                 if (vp56_rac_get_prob_branchy(&s->c, 252))
@@ -1005,7 +1001,8 @@ static int decode_frame_header(AVCodecContext *ctx,
                         (vp8_rac_get_uint(&s->c, 7) << 1) | 1;
 
             if (vp56_rac_get_prob_branchy(&s->c, 252))
-                s->prob.p.mv_comp[i].class0 = (vp8_rac_get_uint(&s->c, 7) << 1) | 1;
+                s->prob.p.mv_comp[i].class0 =
+                    (vp8_rac_get_uint(&s->c, 7) << 1) | 1;
 
             for (j = 0; j < 10; j++)
                 if (vp56_rac_get_prob_branchy(&s->c, 252))
@@ -1042,2354 +1039,13 @@ static int decode_frame_header(AVCodecContext *ctx,
     return (data2 - data) + size2;
 }
 
-static av_always_inline void clamp_mv(VP56mv *dst, const VP56mv *src,
-                                      VP9Context *s)
-{
-    dst->x = av_clip(src->x, s->min_mv.x, s->max_mv.x);
-    dst->y = av_clip(src->y, s->min_mv.y, s->max_mv.y);
-}
-
-static void find_ref_mvs(VP9Context *s,
-                         VP56mv *pmv, int ref, int z, int idx, int sb)
-{
-    static const int8_t mv_ref_blk_off[N_BS_SIZES][8][2] = {
-        [BS_64x64] = {{  3, -1 }, { -1,  3 }, {  4, -1 }, { -1,  4 },
-                      { -1, -1 }, {  0, -1 }, { -1,  0 }, {  6, -1 }},
-        [BS_64x32] = {{  0, -1 }, { -1,  0 }, {  4, -1 }, { -1,  2 },
-                      { -1, -1 }, {  0, -3 }, { -3,  0 }, {  2, -1 }},
-        [BS_32x64] = {{ -1,  0 }, {  0, -1 }, { -1,  4 }, {  2, -1 },
-                      { -1, -1 }, { -3,  0 }, {  0, -3 }, { -1,  2 }},
-        [BS_32x32] = {{  1, -1 }, { -1,  1 }, {  2, -1 }, { -1,  2 },
-                      { -1, -1 }, {  0, -3 }, { -3,  0 }, { -3, -3 }},
-        [BS_32x16] = {{  0, -1 }, { -1,  0 }, {  2, -1 }, { -1, -1 },
-                      { -1,  1 }, {  0, -3 }, { -3,  0 }, { -3, -3 }},
-        [BS_16x32] = {{ -1,  0 }, {  0, -1 }, { -1,  2 }, { -1, -1 },
-                      {  1, -1 }, { -3,  0 }, {  0, -3 }, { -3, -3 }},
-        [BS_16x16] = {{  0, -1 }, { -1,  0 }, {  1, -1 }, { -1,  1 },
-                      { -1, -1 }, {  0, -3 }, { -3,  0 }, { -3, -3 }},
-        [BS_16x8]  = {{  0, -1 }, { -1,  0 }, {  1, -1 }, { -1, -1 },
-                      {  0, -2 }, { -2,  0 }, { -2, -1 }, { -1, -2 }},
-        [BS_8x16]  = {{ -1,  0 }, {  0, -1 }, { -1,  1 }, { -1, -1 },
-                      { -2,  0 }, {  0, -2 }, { -1, -2 }, { -2, -1 }},
-        [BS_8x8]   = {{  0, -1 }, { -1,  0 }, { -1, -1 }, {  0, -2 },
-                      { -2,  0 }, { -1, -2 }, { -2, -1 }, { -2, -2 }},
-        [BS_8x4]   = {{  0, -1 }, { -1,  0 }, { -1, -1 }, {  0, -2 },
-                      { -2,  0 }, { -1, -2 }, { -2, -1 }, { -2, -2 }},
-        [BS_4x8]   = {{  0, -1 }, { -1,  0 }, { -1, -1 }, {  0, -2 },
-                      { -2,  0 }, { -1, -2 }, { -2, -1 }, { -2, -2 }},
-        [BS_4x4]   = {{  0, -1 }, { -1,  0 }, { -1, -1 }, {  0, -2 },
-                      { -2,  0 }, { -1, -2 }, { -2, -1 }, { -2, -2 }},
-    };
-    VP9Block *b = s->b;
-    int row = s->row, col = s->col, row7 = s->row7;
-    const int8_t (*p)[2] = mv_ref_blk_off[b->bs];
-#define INVALID_MV 0x80008000U
-    uint32_t mem = INVALID_MV, mem_sub8x8 = INVALID_MV;
-    int i;
-
-#define RETURN_DIRECT_MV(mv) \
-    do { \
-        uint32_t m = AV_RN32A(&mv); \
-        if (!idx) { \
-            AV_WN32A(pmv, m); \
-            return; \
-        } else if (mem == INVALID_MV) { \
-            mem = m; \
-        } else if (m != mem) { \
-            AV_WN32A(pmv, m); \
-            return; \
-        } \
-    } while (0)
-
-    if (sb >= 0) {
-        if (sb == 2 || sb == 1) {
-            RETURN_DIRECT_MV(b->mv[0][z]);
-        } else if (sb == 3) {
-            RETURN_DIRECT_MV(b->mv[2][z]);
-            RETURN_DIRECT_MV(b->mv[1][z]);
-            RETURN_DIRECT_MV(b->mv[0][z]);
-        }
-
-#define RETURN_MV(mv) \
-    do { \
-        if (sb > 0) { \
-            VP56mv tmp; \
-            uint32_t m; \
-            av_assert2(idx == 1); \
-            av_assert2(mem != INVALID_MV); \
-            if (mem_sub8x8 == INVALID_MV) { \
-                clamp_mv(&tmp, &mv, s); \
-                m = AV_RN32A(&tmp); \
-                if (m != mem) { \
-                    AV_WN32A(pmv, m); \
-                    return; \
-                } \
-                mem_sub8x8 = AV_RN32A(&mv); \
-            } else if (mem_sub8x8 != AV_RN32A(&mv)) { \
-                clamp_mv(&tmp, &mv, s); \
-                m = AV_RN32A(&tmp); \
-                if (m != mem) { \
-                    AV_WN32A(pmv, m); \
-                } else { \
-                    /* BUG I'm pretty sure this isn't the intention */ \
-                    AV_WN32A(pmv, 0); \
-                } \
-                return; \
-            } \
-        } else { \
-            uint32_t m = AV_RN32A(&mv); \
-            if (!idx) { \
-                clamp_mv(pmv, &mv, s); \
-                return; \
-            } else if (mem == INVALID_MV) { \
-                mem = m; \
-            } else if (m != mem) { \
-                clamp_mv(pmv, &mv, s); \
-                return; \
-            } \
-        } \
-    } while (0)
-
-        if (row > 0) {
-            struct VP9mvrefPair *mv = &s->s.frames[CUR_FRAME].mv[(row - 1) * s->sb_cols * 8 + col];
-            if (mv->ref[0] == ref) {
-                RETURN_MV(s->above_mv_ctx[2 * col + (sb & 1)][0]);
-            } else if (mv->ref[1] == ref) {
-                RETURN_MV(s->above_mv_ctx[2 * col + (sb & 1)][1]);
-            }
-        }
-        if (col > s->tile_col_start) {
-            struct VP9mvrefPair *mv = &s->s.frames[CUR_FRAME].mv[row * s->sb_cols * 8 + col - 1];
-            if (mv->ref[0] == ref) {
-                RETURN_MV(s->left_mv_ctx[2 * row7 + (sb >> 1)][0]);
-            } else if (mv->ref[1] == ref) {
-                RETURN_MV(s->left_mv_ctx[2 * row7 + (sb >> 1)][1]);
-            }
-        }
-        i = 2;
-    } else {
-        i = 0;
-    }
-
-    // previously coded MVs in this neighbourhood, using same reference frame
-    for (; i < 8; i++) {
-        int c = p[i][0] + col, r = p[i][1] + row;
-
-        if (c >= s->tile_col_start && c < s->cols && r >= 0 && r < s->rows) {
-            struct VP9mvrefPair *mv = &s->s.frames[CUR_FRAME].mv[r * s->sb_cols * 8 + c];
-
-            if (mv->ref[0] == ref) {
-                RETURN_MV(mv->mv[0]);
-            } else if (mv->ref[1] == ref) {
-                RETURN_MV(mv->mv[1]);
-            }
-        }
-    }
-
-    // MV at this position in previous frame, using same reference frame
-    if (s->s.h.use_last_frame_mvs) {
-        struct VP9mvrefPair *mv = &s->s.frames[REF_FRAME_MVPAIR].mv[row * s->sb_cols * 8 + col];
-
-        if (!s->s.frames[REF_FRAME_MVPAIR].uses_2pass)
-            ff_thread_await_progress(&s->s.frames[REF_FRAME_MVPAIR].tf, row >> 3, 0);
-        if (mv->ref[0] == ref) {
-            RETURN_MV(mv->mv[0]);
-        } else if (mv->ref[1] == ref) {
-            RETURN_MV(mv->mv[1]);
-        }
-    }
-
-#define RETURN_SCALE_MV(mv, scale) \
-    do { \
-        if (scale) { \
-            VP56mv mv_temp = { -mv.x, -mv.y }; \
-            RETURN_MV(mv_temp); \
-        } else { \
-            RETURN_MV(mv); \
-        } \
-    } while (0)
-
-    // previously coded MVs in this neighbourhood, using different reference frame
-    for (i = 0; i < 8; i++) {
-        int c = p[i][0] + col, r = p[i][1] + row;
-
-        if (c >= s->tile_col_start && c < s->cols && r >= 0 && r < s->rows) {
-            struct VP9mvrefPair *mv = &s->s.frames[CUR_FRAME].mv[r * s->sb_cols * 8 + c];
-
-            if (mv->ref[0] != ref && mv->ref[0] >= 0) {
-                RETURN_SCALE_MV(mv->mv[0], s->s.h.signbias[mv->ref[0]] != s->s.h.signbias[ref]);
-            }
-            if (mv->ref[1] != ref && mv->ref[1] >= 0 &&
-                // BUG - libvpx has this condition regardless of whether
-                // we used the first ref MV and pre-scaling
-                AV_RN32A(&mv->mv[0]) != AV_RN32A(&mv->mv[1])) {
-                RETURN_SCALE_MV(mv->mv[1], s->s.h.signbias[mv->ref[1]] != s->s.h.signbias[ref]);
-            }
-        }
-    }
-
-    // MV at this position in previous frame, using different reference frame
-    if (s->s.h.use_last_frame_mvs) {
-        struct VP9mvrefPair *mv = &s->s.frames[REF_FRAME_MVPAIR].mv[row * s->sb_cols * 8 + col];
-
-        // no need to await_progress, because we already did that above
-        if (mv->ref[0] != ref && mv->ref[0] >= 0) {
-            RETURN_SCALE_MV(mv->mv[0], s->s.h.signbias[mv->ref[0]] != s->s.h.signbias[ref]);
-        }
-        if (mv->ref[1] != ref && mv->ref[1] >= 0 &&
-            // BUG - libvpx has this condition regardless of whether
-            // we used the first ref MV and pre-scaling
-            AV_RN32A(&mv->mv[0]) != AV_RN32A(&mv->mv[1])) {
-            RETURN_SCALE_MV(mv->mv[1], s->s.h.signbias[mv->ref[1]] != s->s.h.signbias[ref]);
-        }
-    }
-
-    AV_ZERO32(pmv);
-    clamp_mv(pmv, pmv, s);
-#undef INVALID_MV
-#undef RETURN_MV
-#undef RETURN_SCALE_MV
-}
-
-static av_always_inline int read_mv_component(VP9Context *s, int idx, int hp)
-{
-    int bit, sign = vp56_rac_get_prob(&s->c, s->prob.p.mv_comp[idx].sign);
-    int n, c = vp8_rac_get_tree(&s->c, vp9_mv_class_tree,
-                                s->prob.p.mv_comp[idx].classes);
-
-    s->counts.mv_comp[idx].sign[sign]++;
-    s->counts.mv_comp[idx].classes[c]++;
-    if (c) {
-        int m;
-
-        for (n = 0, m = 0; m < c; m++) {
-            bit = vp56_rac_get_prob(&s->c, s->prob.p.mv_comp[idx].bits[m]);
-            n |= bit << m;
-            s->counts.mv_comp[idx].bits[m][bit]++;
-        }
-        n <<= 3;
-        bit = vp8_rac_get_tree(&s->c, vp9_mv_fp_tree, s->prob.p.mv_comp[idx].fp);
-        n |= bit << 1;
-        s->counts.mv_comp[idx].fp[bit]++;
-        if (hp) {
-            bit = vp56_rac_get_prob(&s->c, s->prob.p.mv_comp[idx].hp);
-            s->counts.mv_comp[idx].hp[bit]++;
-            n |= bit;
-        } else {
-            n |= 1;
-            // bug in libvpx - we count for bw entropy purposes even if the
-            // bit wasn't coded
-            s->counts.mv_comp[idx].hp[1]++;
-        }
-        n += 8 << c;
-    } else {
-        n = vp56_rac_get_prob(&s->c, s->prob.p.mv_comp[idx].class0);
-        s->counts.mv_comp[idx].class0[n]++;
-        bit = vp8_rac_get_tree(&s->c, vp9_mv_fp_tree,
-                               s->prob.p.mv_comp[idx].class0_fp[n]);
-        s->counts.mv_comp[idx].class0_fp[n][bit]++;
-        n = (n << 3) | (bit << 1);
-        if (hp) {
-            bit = vp56_rac_get_prob(&s->c, s->prob.p.mv_comp[idx].class0_hp);
-            s->counts.mv_comp[idx].class0_hp[bit]++;
-            n |= bit;
-        } else {
-            n |= 1;
-            // bug in libvpx - we count for bw entropy purposes even if the
-            // bit wasn't coded
-            s->counts.mv_comp[idx].class0_hp[1]++;
-        }
-    }
-
-    return sign ? -(n + 1) : (n + 1);
-}
-
-static void fill_mv(VP9Context *s,
-                    VP56mv *mv, int mode, int sb)
-{
-    VP9Block *b = s->b;
-
-    if (mode == ZEROMV) {
-        AV_ZERO64(mv);
-    } else {
-        int hp;
-
-        // FIXME cache this value and reuse for other subblocks
-        find_ref_mvs(s, &mv[0], b->ref[0], 0, mode == NEARMV,
-                     mode == NEWMV ? -1 : sb);
-        // FIXME maybe move this code into find_ref_mvs()
-        if ((mode == NEWMV || sb == -1) &&
-            !(hp = s->s.h.highprecisionmvs && abs(mv[0].x) < 64 && abs(mv[0].y) < 64)) {
-            if (mv[0].y & 1) {
-                if (mv[0].y < 0)
-                    mv[0].y++;
-                else
-                    mv[0].y--;
-            }
-            if (mv[0].x & 1) {
-                if (mv[0].x < 0)
-                    mv[0].x++;
-                else
-                    mv[0].x--;
-            }
-        }
-        if (mode == NEWMV) {
-            enum MVJoint j = vp8_rac_get_tree(&s->c, vp9_mv_joint_tree,
-                                              s->prob.p.mv_joint);
-
-            s->counts.mv_joint[j]++;
-            if (j >= MV_JOINT_V)
-                mv[0].y += read_mv_component(s, 0, hp);
-            if (j & 1)
-                mv[0].x += read_mv_component(s, 1, hp);
-        }
-
-        if (b->comp) {
-            // FIXME cache this value and reuse for other subblocks
-            find_ref_mvs(s, &mv[1], b->ref[1], 1, mode == NEARMV,
-                         mode == NEWMV ? -1 : sb);
-            if ((mode == NEWMV || sb == -1) &&
-                !(hp = s->s.h.highprecisionmvs && abs(mv[1].x) < 64 && abs(mv[1].y) < 64)) {
-                if (mv[1].y & 1) {
-                    if (mv[1].y < 0)
-                        mv[1].y++;
-                    else
-                        mv[1].y--;
-                }
-                if (mv[1].x & 1) {
-                    if (mv[1].x < 0)
-                        mv[1].x++;
-                    else
-                        mv[1].x--;
-                }
-            }
-            if (mode == NEWMV) {
-                enum MVJoint j = vp8_rac_get_tree(&s->c, vp9_mv_joint_tree,
-                                                  s->prob.p.mv_joint);
-
-                s->counts.mv_joint[j]++;
-                if (j >= MV_JOINT_V)
-                    mv[1].y += read_mv_component(s, 0, hp);
-                if (j & 1)
-                    mv[1].x += read_mv_component(s, 1, hp);
-            }
-        }
-    }
-}
-
-static av_always_inline void setctx_2d(uint8_t *ptr, int w, int h,
-                                       ptrdiff_t stride, int v)
-{
-    switch (w) {
-    case 1:
-        do {
-            *ptr = v;
-            ptr += stride;
-        } while (--h);
-        break;
-    case 2: {
-        int v16 = v * 0x0101;
-        do {
-            AV_WN16A(ptr, v16);
-            ptr += stride;
-        } while (--h);
-        break;
-    }
-    case 4: {
-        uint32_t v32 = v * 0x01010101;
-        do {
-            AV_WN32A(ptr, v32);
-            ptr += stride;
-        } while (--h);
-        break;
-    }
-    case 8: {
-#if HAVE_FAST_64BIT
-        uint64_t v64 = v * 0x0101010101010101ULL;
-        do {
-            AV_WN64A(ptr, v64);
-            ptr += stride;
-        } while (--h);
-#else
-        uint32_t v32 = v * 0x01010101;
-        do {
-            AV_WN32A(ptr,     v32);
-            AV_WN32A(ptr + 4, v32);
-            ptr += stride;
-        } while (--h);
-#endif
-        break;
-    }
-    }
-}
-
-static void decode_mode(AVCodecContext *ctx)
-{
-    static const uint8_t left_ctx[N_BS_SIZES] = {
-        0x0, 0x8, 0x0, 0x8, 0xc, 0x8, 0xc, 0xe, 0xc, 0xe, 0xf, 0xe, 0xf
-    };
-    static const uint8_t above_ctx[N_BS_SIZES] = {
-        0x0, 0x0, 0x8, 0x8, 0x8, 0xc, 0xc, 0xc, 0xe, 0xe, 0xe, 0xf, 0xf
-    };
-    static const uint8_t max_tx_for_bl_bp[N_BS_SIZES] = {
-        TX_32X32, TX_32X32, TX_32X32, TX_32X32, TX_16X16, TX_16X16,
-        TX_16X16, TX_8X8, TX_8X8, TX_8X8, TX_4X4, TX_4X4, TX_4X4
-    };
-    VP9Context *s = ctx->priv_data;
-    VP9Block *b = s->b;
-    int row = s->row, col = s->col, row7 = s->row7;
-    enum TxfmMode max_tx = max_tx_for_bl_bp[b->bs];
-    int bw4 = bwh_tab[1][b->bs][0], w4 = FFMIN(s->cols - col, bw4);
-    int bh4 = bwh_tab[1][b->bs][1], h4 = FFMIN(s->rows - row, bh4), y;
-    int have_a = row > 0, have_l = col > s->tile_col_start;
-    int vref, filter_id;
-
-    if (!s->s.h.segmentation.enabled) {
-        b->seg_id = 0;
-    } else if (s->s.h.keyframe || s->s.h.intraonly) {
-        b->seg_id = !s->s.h.segmentation.update_map ? 0 :
-                    vp8_rac_get_tree(&s->c, vp9_segmentation_tree, s->s.h.segmentation.prob);
-    } else if (!s->s.h.segmentation.update_map ||
-               (s->s.h.segmentation.temporal &&
-                vp56_rac_get_prob_branchy(&s->c,
-                    s->s.h.segmentation.pred_prob[s->above_segpred_ctx[col] +
-                                    s->left_segpred_ctx[row7]]))) {
-        if (!s->s.h.errorres && s->s.frames[REF_FRAME_SEGMAP].segmentation_map) {
-            int pred = 8, x;
-            uint8_t *refsegmap = s->s.frames[REF_FRAME_SEGMAP].segmentation_map;
-
-            if (!s->s.frames[REF_FRAME_SEGMAP].uses_2pass)
-                ff_thread_await_progress(&s->s.frames[REF_FRAME_SEGMAP].tf, row >> 3, 0);
-            for (y = 0; y < h4; y++) {
-                int idx_base = (y + row) * 8 * s->sb_cols + col;
-                for (x = 0; x < w4; x++)
-                    pred = FFMIN(pred, refsegmap[idx_base + x]);
-            }
-            av_assert1(pred < 8);
-            b->seg_id = pred;
-        } else {
-            b->seg_id = 0;
-        }
-
-        memset(&s->above_segpred_ctx[col], 1, w4);
-        memset(&s->left_segpred_ctx[row7], 1, h4);
-    } else {
-        b->seg_id = vp8_rac_get_tree(&s->c, vp9_segmentation_tree,
-                                     s->s.h.segmentation.prob);
-
-        memset(&s->above_segpred_ctx[col], 0, w4);
-        memset(&s->left_segpred_ctx[row7], 0, h4);
-    }
-    if (s->s.h.segmentation.enabled &&
-        (s->s.h.segmentation.update_map || s->s.h.keyframe || s->s.h.intraonly)) {
-        setctx_2d(&s->s.frames[CUR_FRAME].segmentation_map[row * 8 * s->sb_cols + col],
-                  bw4, bh4, 8 * s->sb_cols, b->seg_id);
-    }
-
-    b->skip = s->s.h.segmentation.enabled &&
-        s->s.h.segmentation.feat[b->seg_id].skip_enabled;
-    if (!b->skip) {
-        int c = s->left_skip_ctx[row7] + s->above_skip_ctx[col];
-        b->skip = vp56_rac_get_prob(&s->c, s->prob.p.skip[c]);
-        s->counts.skip[c][b->skip]++;
-    }
-
-    if (s->s.h.keyframe || s->s.h.intraonly) {
-        b->intra = 1;
-    } else if (s->s.h.segmentation.enabled && s->s.h.segmentation.feat[b->seg_id].ref_enabled) {
-        b->intra = !s->s.h.segmentation.feat[b->seg_id].ref_val;
-    } else {
-        int c, bit;
-
-        if (have_a && have_l) {
-            c = s->above_intra_ctx[col] + s->left_intra_ctx[row7];
-            c += (c == 2);
-        } else {
-            c = have_a ? 2 * s->above_intra_ctx[col] :
-                have_l ? 2 * s->left_intra_ctx[row7] : 0;
-        }
-        bit = vp56_rac_get_prob(&s->c, s->prob.p.intra[c]);
-        s->counts.intra[c][bit]++;
-        b->intra = !bit;
-    }
-
-    if ((b->intra || !b->skip) && s->s.h.txfmmode == TX_SWITCHABLE) {
-        int c;
-        if (have_a) {
-            if (have_l) {
-                c = (s->above_skip_ctx[col] ? max_tx :
-                     s->above_txfm_ctx[col]) +
-                    (s->left_skip_ctx[row7] ? max_tx :
-                     s->left_txfm_ctx[row7]) > max_tx;
-            } else {
-                c = s->above_skip_ctx[col] ? 1 :
-                    (s->above_txfm_ctx[col] * 2 > max_tx);
-            }
-        } else if (have_l) {
-            c = s->left_skip_ctx[row7] ? 1 :
-                (s->left_txfm_ctx[row7] * 2 > max_tx);
-        } else {
-            c = 1;
-        }
-        switch (max_tx) {
-        case TX_32X32:
-            b->tx = vp56_rac_get_prob(&s->c, s->prob.p.tx32p[c][0]);
-            if (b->tx) {
-                b->tx += vp56_rac_get_prob(&s->c, s->prob.p.tx32p[c][1]);
-                if (b->tx == 2)
-                    b->tx += vp56_rac_get_prob(&s->c, s->prob.p.tx32p[c][2]);
-            }
-            s->counts.tx32p[c][b->tx]++;
-            break;
-        case TX_16X16:
-            b->tx = vp56_rac_get_prob(&s->c, s->prob.p.tx16p[c][0]);
-            if (b->tx)
-                b->tx += vp56_rac_get_prob(&s->c, s->prob.p.tx16p[c][1]);
-            s->counts.tx16p[c][b->tx]++;
-            break;
-        case TX_8X8:
-            b->tx = vp56_rac_get_prob(&s->c, s->prob.p.tx8p[c]);
-            s->counts.tx8p[c][b->tx]++;
-            break;
-        case TX_4X4:
-            b->tx = TX_4X4;
-            break;
-        }
-    } else {
-        b->tx = FFMIN(max_tx, s->s.h.txfmmode);
-    }
-
-    if (s->s.h.keyframe || s->s.h.intraonly) {
-        uint8_t *a = &s->above_mode_ctx[col * 2];
-        uint8_t *l = &s->left_mode_ctx[(row7) << 1];
-
-        b->comp = 0;
-        if (b->bs > BS_8x8) {
-            // FIXME the memory storage intermediates here aren't really
-            // necessary, they're just there to make the code slightly
-            // simpler for now
-            b->mode[0] = a[0] = vp8_rac_get_tree(&s->c, vp9_intramode_tree,
-                                    vp9_default_kf_ymode_probs[a[0]][l[0]]);
-            if (b->bs != BS_8x4) {
-                b->mode[1] = vp8_rac_get_tree(&s->c, vp9_intramode_tree,
-                                 vp9_default_kf_ymode_probs[a[1]][b->mode[0]]);
-                l[0] = a[1] = b->mode[1];
-            } else {
-                l[0] = a[1] = b->mode[1] = b->mode[0];
-            }
-            if (b->bs != BS_4x8) {
-                b->mode[2] = a[0] = vp8_rac_get_tree(&s->c, vp9_intramode_tree,
-                                        vp9_default_kf_ymode_probs[a[0]][l[1]]);
-                if (b->bs != BS_8x4) {
-                    b->mode[3] = vp8_rac_get_tree(&s->c, vp9_intramode_tree,
-                                  vp9_default_kf_ymode_probs[a[1]][b->mode[2]]);
-                    l[1] = a[1] = b->mode[3];
-                } else {
-                    l[1] = a[1] = b->mode[3] = b->mode[2];
-                }
-            } else {
-                b->mode[2] = b->mode[0];
-                l[1] = a[1] = b->mode[3] = b->mode[1];
-            }
-        } else {
-            b->mode[0] = vp8_rac_get_tree(&s->c, vp9_intramode_tree,
-                                          vp9_default_kf_ymode_probs[*a][*l]);
-            b->mode[3] = b->mode[2] = b->mode[1] = b->mode[0];
-            // FIXME this can probably be optimized
-            memset(a, b->mode[0], bwh_tab[0][b->bs][0]);
-            memset(l, b->mode[0], bwh_tab[0][b->bs][1]);
-        }
-        b->uvmode = vp8_rac_get_tree(&s->c, vp9_intramode_tree,
-                                     vp9_default_kf_uvmode_probs[b->mode[3]]);
-    } else if (b->intra) {
-        b->comp = 0;
-        if (b->bs > BS_8x8) {
-            b->mode[0] = vp8_rac_get_tree(&s->c, vp9_intramode_tree,
-                                          s->prob.p.y_mode[0]);
-            s->counts.y_mode[0][b->mode[0]]++;
-            if (b->bs != BS_8x4) {
-                b->mode[1] = vp8_rac_get_tree(&s->c, vp9_intramode_tree,
-                                              s->prob.p.y_mode[0]);
-                s->counts.y_mode[0][b->mode[1]]++;
-            } else {
-                b->mode[1] = b->mode[0];
-            }
-            if (b->bs != BS_4x8) {
-                b->mode[2] = vp8_rac_get_tree(&s->c, vp9_intramode_tree,
-                                              s->prob.p.y_mode[0]);
-                s->counts.y_mode[0][b->mode[2]]++;
-                if (b->bs != BS_8x4) {
-                    b->mode[3] = vp8_rac_get_tree(&s->c, vp9_intramode_tree,
-                                                  s->prob.p.y_mode[0]);
-                    s->counts.y_mode[0][b->mode[3]]++;
-                } else {
-                    b->mode[3] = b->mode[2];
-                }
-            } else {
-                b->mode[2] = b->mode[0];
-                b->mode[3] = b->mode[1];
-            }
-        } else {
-            static const uint8_t size_group[10] = {
-                3, 3, 3, 3, 2, 2, 2, 1, 1, 1
-            };
-            int sz = size_group[b->bs];
-
-            b->mode[0] = vp8_rac_get_tree(&s->c, vp9_intramode_tree,
-                                          s->prob.p.y_mode[sz]);
-            b->mode[1] = b->mode[2] = b->mode[3] = b->mode[0];
-            s->counts.y_mode[sz][b->mode[3]]++;
-        }
-        b->uvmode = vp8_rac_get_tree(&s->c, vp9_intramode_tree,
-                                     s->prob.p.uv_mode[b->mode[3]]);
-        s->counts.uv_mode[b->mode[3]][b->uvmode]++;
-    } else {
-        static const uint8_t inter_mode_ctx_lut[14][14] = {
-            { 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 5, 5, 5, 5 },
-            { 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 5, 5, 5, 5 },
-            { 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 5, 5, 5, 5 },
-            { 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 5, 5, 5, 5 },
-            { 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 5, 5, 5, 5 },
-            { 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 5, 5, 5, 5 },
-            { 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 5, 5, 5, 5 },
-            { 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 5, 5, 5, 5 },
-            { 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 5, 5, 5, 5 },
-            { 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 5, 5, 5, 5 },
-            { 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 2, 2, 1, 3 },
-            { 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 2, 2, 1, 3 },
-            { 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 1, 1, 0, 3 },
-            { 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 3, 3, 3, 4 },
-        };
-
-        if (s->s.h.segmentation.enabled && s->s.h.segmentation.feat[b->seg_id].ref_enabled) {
-            av_assert2(s->s.h.segmentation.feat[b->seg_id].ref_val != 0);
-            b->comp = 0;
-            b->ref[0] = s->s.h.segmentation.feat[b->seg_id].ref_val - 1;
-        } else {
-            // read comp_pred flag
-            if (s->s.h.comppredmode != PRED_SWITCHABLE) {
-                b->comp = s->s.h.comppredmode == PRED_COMPREF;
-            } else {
-                int c;
-
-                // FIXME add intra as ref=0xff (or -1) to make these easier?
-                if (have_a) {
-                    if (have_l) {
-                        if (s->above_comp_ctx[col] && s->left_comp_ctx[row7]) {
-                            c = 4;
-                        } else if (s->above_comp_ctx[col]) {
-                            c = 2 + (s->left_intra_ctx[row7] ||
-                                     s->left_ref_ctx[row7] == s->s.h.fixcompref);
-                        } else if (s->left_comp_ctx[row7]) {
-                            c = 2 + (s->above_intra_ctx[col] ||
-                                     s->above_ref_ctx[col] == s->s.h.fixcompref);
-                        } else {
-                            c = (!s->above_intra_ctx[col] &&
-                                 s->above_ref_ctx[col] == s->s.h.fixcompref) ^
-                            (!s->left_intra_ctx[row7] &&
-                             s->left_ref_ctx[row & 7] == s->s.h.fixcompref);
-                        }
-                    } else {
-                        c = s->above_comp_ctx[col] ? 3 :
-                        (!s->above_intra_ctx[col] && s->above_ref_ctx[col] == s->s.h.fixcompref);
-                    }
-                } else if (have_l) {
-                    c = s->left_comp_ctx[row7] ? 3 :
-                    (!s->left_intra_ctx[row7] && s->left_ref_ctx[row7] == s->s.h.fixcompref);
-                } else {
-                    c = 1;
-                }
-                b->comp = vp56_rac_get_prob(&s->c, s->prob.p.comp[c]);
-                s->counts.comp[c][b->comp]++;
-            }
-
-            // read actual references
-            // FIXME probably cache a few variables here to prevent repetitive
-            // memory accesses below
-            if (b->comp) /* two references */ {
-                int fix_idx = s->s.h.signbias[s->s.h.fixcompref], var_idx = !fix_idx, c, bit;
-
-                b->ref[fix_idx] = s->s.h.fixcompref;
-                // FIXME can this codeblob be replaced by some sort of LUT?
-                if (have_a) {
-                    if (have_l) {
-                        if (s->above_intra_ctx[col]) {
-                            if (s->left_intra_ctx[row7]) {
-                                c = 2;
-                            } else {
-                                c = 1 + 2 * (s->left_ref_ctx[row7] != s->s.h.varcompref[1]);
-                            }
-                        } else if (s->left_intra_ctx[row7]) {
-                            c = 1 + 2 * (s->above_ref_ctx[col] != s->s.h.varcompref[1]);
-                        } else {
-                            int refl = s->left_ref_ctx[row7], refa = s->above_ref_ctx[col];
-
-                            if (refl == refa && refa == s->s.h.varcompref[1]) {
-                                c = 0;
-                            } else if (!s->left_comp_ctx[row7] && !s->above_comp_ctx[col]) {
-                                if ((refa == s->s.h.fixcompref && refl == s->s.h.varcompref[0]) ||
-                                    (refl == s->s.h.fixcompref && refa == s->s.h.varcompref[0])) {
-                                    c = 4;
-                                } else {
-                                    c = (refa == refl) ? 3 : 1;
-                                }
-                            } else if (!s->left_comp_ctx[row7]) {
-                                if (refa == s->s.h.varcompref[1] && refl != s->s.h.varcompref[1]) {
-                                    c = 1;
-                                } else {
-                                    c = (refl == s->s.h.varcompref[1] &&
-                                         refa != s->s.h.varcompref[1]) ? 2 : 4;
-                                }
-                            } else if (!s->above_comp_ctx[col]) {
-                                if (refl == s->s.h.varcompref[1] && refa != s->s.h.varcompref[1]) {
-                                    c = 1;
-                                } else {
-                                    c = (refa == s->s.h.varcompref[1] &&
-                                         refl != s->s.h.varcompref[1]) ? 2 : 4;
-                                }
-                            } else {
-                                c = (refl == refa) ? 4 : 2;
-                            }
-                        }
-                    } else {
-                        if (s->above_intra_ctx[col]) {
-                            c = 2;
-                        } else if (s->above_comp_ctx[col]) {
-                            c = 4 * (s->above_ref_ctx[col] != s->s.h.varcompref[1]);
-                        } else {
-                            c = 3 * (s->above_ref_ctx[col] != s->s.h.varcompref[1]);
-                        }
-                    }
-                } else if (have_l) {
-                    if (s->left_intra_ctx[row7]) {
-                        c = 2;
-                    } else if (s->left_comp_ctx[row7]) {
-                        c = 4 * (s->left_ref_ctx[row7] != s->s.h.varcompref[1]);
-                    } else {
-                        c = 3 * (s->left_ref_ctx[row7] != s->s.h.varcompref[1]);
-                    }
-                } else {
-                    c = 2;
-                }
-                bit = vp56_rac_get_prob(&s->c, s->prob.p.comp_ref[c]);
-                b->ref[var_idx] = s->s.h.varcompref[bit];
-                s->counts.comp_ref[c][bit]++;
-            } else /* single reference */ {
-                int bit, c;
-
-                if (have_a && !s->above_intra_ctx[col]) {
-                    if (have_l && !s->left_intra_ctx[row7]) {
-                        if (s->left_comp_ctx[row7]) {
-                            if (s->above_comp_ctx[col]) {
-                                c = 1 + (!s->s.h.fixcompref || !s->left_ref_ctx[row7] ||
-                                         !s->above_ref_ctx[col]);
-                            } else {
-                                c = (3 * !s->above_ref_ctx[col]) +
-                                    (!s->s.h.fixcompref || !s->left_ref_ctx[row7]);
-                            }
-                        } else if (s->above_comp_ctx[col]) {
-                            c = (3 * !s->left_ref_ctx[row7]) +
-                                (!s->s.h.fixcompref || !s->above_ref_ctx[col]);
-                        } else {
-                            c = 2 * !s->left_ref_ctx[row7] + 2 * !s->above_ref_ctx[col];
-                        }
-                    } else if (s->above_intra_ctx[col]) {
-                        c = 2;
-                    } else if (s->above_comp_ctx[col]) {
-                        c = 1 + (!s->s.h.fixcompref || !s->above_ref_ctx[col]);
-                    } else {
-                        c = 4 * (!s->above_ref_ctx[col]);
-                    }
-                } else if (have_l && !s->left_intra_ctx[row7]) {
-                    if (s->left_intra_ctx[row7]) {
-                        c = 2;
-                    } else if (s->left_comp_ctx[row7]) {
-                        c = 1 + (!s->s.h.fixcompref || !s->left_ref_ctx[row7]);
-                    } else {
-                        c = 4 * (!s->left_ref_ctx[row7]);
-                    }
-                } else {
-                    c = 2;
-                }
-                bit = vp56_rac_get_prob(&s->c, s->prob.p.single_ref[c][0]);
-                s->counts.single_ref[c][0][bit]++;
-                if (!bit) {
-                    b->ref[0] = 0;
-                } else {
-                    // FIXME can this codeblob be replaced by some sort of LUT?
-                    if (have_a) {
-                        if (have_l) {
-                            if (s->left_intra_ctx[row7]) {
-                                if (s->above_intra_ctx[col]) {
-                                    c = 2;
-                                } else if (s->above_comp_ctx[col]) {
-                                    c = 1 + 2 * (s->s.h.fixcompref == 1 ||
-                                                 s->above_ref_ctx[col] == 1);
-                                } else if (!s->above_ref_ctx[col]) {
-                                    c = 3;
-                                } else {
-                                    c = 4 * (s->above_ref_ctx[col] == 1);
-                                }
-                            } else if (s->above_intra_ctx[col]) {
-                                if (s->left_intra_ctx[row7]) {
-                                    c = 2;
-                                } else if (s->left_comp_ctx[row7]) {
-                                    c = 1 + 2 * (s->s.h.fixcompref == 1 ||
-                                                 s->left_ref_ctx[row7] == 1);
-                                } else if (!s->left_ref_ctx[row7]) {
-                                    c = 3;
-                                } else {
-                                    c = 4 * (s->left_ref_ctx[row7] == 1);
-                                }
-                            } else if (s->above_comp_ctx[col]) {
-                                if (s->left_comp_ctx[row7]) {
-                                    if (s->left_ref_ctx[row7] == s->above_ref_ctx[col]) {
-                                        c = 3 * (s->s.h.fixcompref == 1 ||
-                                                 s->left_ref_ctx[row7] == 1);
-                                    } else {
-                                        c = 2;
-                                    }
-                                } else if (!s->left_ref_ctx[row7]) {
-                                    c = 1 + 2 * (s->s.h.fixcompref == 1 ||
-                                                 s->above_ref_ctx[col] == 1);
-                                } else {
-                                    c = 3 * (s->left_ref_ctx[row7] == 1) +
-                                    (s->s.h.fixcompref == 1 || s->above_ref_ctx[col] == 1);
-                                }
-                            } else if (s->left_comp_ctx[row7]) {
-                                if (!s->above_ref_ctx[col]) {
-                                    c = 1 + 2 * (s->s.h.fixcompref == 1 ||
-                                                 s->left_ref_ctx[row7] == 1);
-                                } else {
-                                    c = 3 * (s->above_ref_ctx[col] == 1) +
-                                    (s->s.h.fixcompref == 1 || s->left_ref_ctx[row7] == 1);
-                                }
-                            } else if (!s->above_ref_ctx[col]) {
-                                if (!s->left_ref_ctx[row7]) {
-                                    c = 3;
-                                } else {
-                                    c = 4 * (s->left_ref_ctx[row7] == 1);
-                                }
-                            } else if (!s->left_ref_ctx[row7]) {
-                                c = 4 * (s->above_ref_ctx[col] == 1);
-                            } else {
-                                c = 2 * (s->left_ref_ctx[row7] == 1) +
-                                2 * (s->above_ref_ctx[col] == 1);
-                            }
-                        } else {
-                            if (s->above_intra_ctx[col] ||
-                                (!s->above_comp_ctx[col] && !s->above_ref_ctx[col])) {
-                                c = 2;
-                            } else if (s->above_comp_ctx[col]) {
-                                c = 3 * (s->s.h.fixcompref == 1 || s->above_ref_ctx[col] == 1);
-                            } else {
-                                c = 4 * (s->above_ref_ctx[col] == 1);
-                            }
-                        }
-                    } else if (have_l) {
-                        if (s->left_intra_ctx[row7] ||
-                            (!s->left_comp_ctx[row7] && !s->left_ref_ctx[row7])) {
-                            c = 2;
-                        } else if (s->left_comp_ctx[row7]) {
-                            c = 3 * (s->s.h.fixcompref == 1 || s->left_ref_ctx[row7] == 1);
-                        } else {
-                            c = 4 * (s->left_ref_ctx[row7] == 1);
-                        }
-                    } else {
-                        c = 2;
-                    }
-                    bit = vp56_rac_get_prob(&s->c, s->prob.p.single_ref[c][1]);
-                    s->counts.single_ref[c][1][bit]++;
-                    b->ref[0] = 1 + bit;
-                }
-            }
-        }
-
-        if (b->bs <= BS_8x8) {
-            if (s->s.h.segmentation.enabled && s->s.h.segmentation.feat[b->seg_id].skip_enabled) {
-                b->mode[0] = b->mode[1] = b->mode[2] = b->mode[3] = ZEROMV;
-            } else {
-                static const uint8_t off[10] = {
-                    3, 0, 0, 1, 0, 0, 0, 0, 0, 0
-                };
-
-                // FIXME this needs to use the LUT tables from find_ref_mvs
-                // because not all are -1,0/0,-1
-                int c = inter_mode_ctx_lut[s->above_mode_ctx[col + off[b->bs]]]
-                                          [s->left_mode_ctx[row7 + off[b->bs]]];
-
-                b->mode[0] = vp8_rac_get_tree(&s->c, vp9_inter_mode_tree,
-                                              s->prob.p.mv_mode[c]);
-                b->mode[1] = b->mode[2] = b->mode[3] = b->mode[0];
-                s->counts.mv_mode[c][b->mode[0] - 10]++;
-            }
-        }
-
-        if (s->s.h.filtermode == FILTER_SWITCHABLE) {
-            int c;
-
-            if (have_a && s->above_mode_ctx[col] >= NEARESTMV) {
-                if (have_l && s->left_mode_ctx[row7] >= NEARESTMV) {
-                    c = s->above_filter_ctx[col] == s->left_filter_ctx[row7] ?
-                        s->left_filter_ctx[row7] : 3;
-                } else {
-                    c = s->above_filter_ctx[col];
-                }
-            } else if (have_l && s->left_mode_ctx[row7] >= NEARESTMV) {
-                c = s->left_filter_ctx[row7];
-            } else {
-                c = 3;
-            }
-
-            filter_id = vp8_rac_get_tree(&s->c, vp9_filter_tree,
-                                         s->prob.p.filter[c]);
-            s->counts.filter[c][filter_id]++;
-            b->filter = vp9_filter_lut[filter_id];
-        } else {
-            b->filter = s->s.h.filtermode;
-        }
-
-        if (b->bs > BS_8x8) {
-            int c = inter_mode_ctx_lut[s->above_mode_ctx[col]][s->left_mode_ctx[row7]];
-
-            b->mode[0] = vp8_rac_get_tree(&s->c, vp9_inter_mode_tree,
-                                          s->prob.p.mv_mode[c]);
-            s->counts.mv_mode[c][b->mode[0] - 10]++;
-            fill_mv(s, b->mv[0], b->mode[0], 0);
-
-            if (b->bs != BS_8x4) {
-                b->mode[1] = vp8_rac_get_tree(&s->c, vp9_inter_mode_tree,
-                                              s->prob.p.mv_mode[c]);
-                s->counts.mv_mode[c][b->mode[1] - 10]++;
-                fill_mv(s, b->mv[1], b->mode[1], 1);
-            } else {
-                b->mode[1] = b->mode[0];
-                AV_COPY32(&b->mv[1][0], &b->mv[0][0]);
-                AV_COPY32(&b->mv[1][1], &b->mv[0][1]);
-            }
-
-            if (b->bs != BS_4x8) {
-                b->mode[2] = vp8_rac_get_tree(&s->c, vp9_inter_mode_tree,
-                                              s->prob.p.mv_mode[c]);
-                s->counts.mv_mode[c][b->mode[2] - 10]++;
-                fill_mv(s, b->mv[2], b->mode[2], 2);
-
-                if (b->bs != BS_8x4) {
-                    b->mode[3] = vp8_rac_get_tree(&s->c, vp9_inter_mode_tree,
-                                                  s->prob.p.mv_mode[c]);
-                    s->counts.mv_mode[c][b->mode[3] - 10]++;
-                    fill_mv(s, b->mv[3], b->mode[3], 3);
-                } else {
-                    b->mode[3] = b->mode[2];
-                    AV_COPY32(&b->mv[3][0], &b->mv[2][0]);
-                    AV_COPY32(&b->mv[3][1], &b->mv[2][1]);
-                }
-            } else {
-                b->mode[2] = b->mode[0];
-                AV_COPY32(&b->mv[2][0], &b->mv[0][0]);
-                AV_COPY32(&b->mv[2][1], &b->mv[0][1]);
-                b->mode[3] = b->mode[1];
-                AV_COPY32(&b->mv[3][0], &b->mv[1][0]);
-                AV_COPY32(&b->mv[3][1], &b->mv[1][1]);
-            }
-        } else {
-            fill_mv(s, b->mv[0], b->mode[0], -1);
-            AV_COPY32(&b->mv[1][0], &b->mv[0][0]);
-            AV_COPY32(&b->mv[2][0], &b->mv[0][0]);
-            AV_COPY32(&b->mv[3][0], &b->mv[0][0]);
-            AV_COPY32(&b->mv[1][1], &b->mv[0][1]);
-            AV_COPY32(&b->mv[2][1], &b->mv[0][1]);
-            AV_COPY32(&b->mv[3][1], &b->mv[0][1]);
-        }
-
-        vref = b->ref[b->comp ? s->s.h.signbias[s->s.h.varcompref[0]] : 0];
-    }
-
-#if HAVE_FAST_64BIT
-#define SPLAT_CTX(var, val, n) \
-    switch (n) { \
-    case 1:  var = val;                                    break; \
-    case 2:  AV_WN16A(&var, val *             0x0101);     break; \
-    case 4:  AV_WN32A(&var, val *         0x01010101);     break; \
-    case 8:  AV_WN64A(&var, val * 0x0101010101010101ULL);  break; \
-    case 16: { \
-        uint64_t v64 = val * 0x0101010101010101ULL; \
-        AV_WN64A(              &var,     v64); \
-        AV_WN64A(&((uint8_t *) &var)[8], v64); \
-        break; \
-    } \
-    }
-#else
-#define SPLAT_CTX(var, val, n) \
-    switch (n) { \
-    case 1:  var = val;                         break; \
-    case 2:  AV_WN16A(&var, val *     0x0101);  break; \
-    case 4:  AV_WN32A(&var, val * 0x01010101);  break; \
-    case 8: { \
-        uint32_t v32 = val * 0x01010101; \
-        AV_WN32A(              &var,     v32); \
-        AV_WN32A(&((uint8_t *) &var)[4], v32); \
-        break; \
-    } \
-    case 16: { \
-        uint32_t v32 = val * 0x01010101; \
-        AV_WN32A(              &var,      v32); \
-        AV_WN32A(&((uint8_t *) &var)[4],  v32); \
-        AV_WN32A(&((uint8_t *) &var)[8],  v32); \
-        AV_WN32A(&((uint8_t *) &var)[12], v32); \
-        break; \
-    } \
-    }
-#endif
-
-    switch (bwh_tab[1][b->bs][0]) {
-#define SET_CTXS(dir, off, n) \
-    do { \
-        SPLAT_CTX(s->dir##_skip_ctx[off],      b->skip,          n); \
-        SPLAT_CTX(s->dir##_txfm_ctx[off],      b->tx,            n); \
-        SPLAT_CTX(s->dir##_partition_ctx[off], dir##_ctx[b->bs], n); \
-        if (!s->s.h.keyframe && !s->s.h.intraonly) { \
-            SPLAT_CTX(s->dir##_intra_ctx[off], b->intra,   n); \
-            SPLAT_CTX(s->dir##_comp_ctx[off],  b->comp,    n); \
-            SPLAT_CTX(s->dir##_mode_ctx[off],  b->mode[3], n); \
-            if (!b->intra) { \
-                SPLAT_CTX(s->dir##_ref_ctx[off], vref, n); \
-                if (s->s.h.filtermode == FILTER_SWITCHABLE) { \
-                    SPLAT_CTX(s->dir##_filter_ctx[off], filter_id, n); \
-                } \
-            } \
-        } \
-    } while (0)
-    case 1: SET_CTXS(above, col, 1); break;
-    case 2: SET_CTXS(above, col, 2); break;
-    case 4: SET_CTXS(above, col, 4); break;
-    case 8: SET_CTXS(above, col, 8); break;
-    }
-    switch (bwh_tab[1][b->bs][1]) {
-    case 1: SET_CTXS(left, row7, 1); break;
-    case 2: SET_CTXS(left, row7, 2); break;
-    case 4: SET_CTXS(left, row7, 4); break;
-    case 8: SET_CTXS(left, row7, 8); break;
-    }
-#undef SPLAT_CTX
-#undef SET_CTXS
-
-    if (!s->s.h.keyframe && !s->s.h.intraonly) {
-        if (b->bs > BS_8x8) {
-            int mv0 = AV_RN32A(&b->mv[3][0]), mv1 = AV_RN32A(&b->mv[3][1]);
-
-            AV_COPY32(&s->left_mv_ctx[row7 * 2 + 0][0], &b->mv[1][0]);
-            AV_COPY32(&s->left_mv_ctx[row7 * 2 + 0][1], &b->mv[1][1]);
-            AV_WN32A(&s->left_mv_ctx[row7 * 2 + 1][0], mv0);
-            AV_WN32A(&s->left_mv_ctx[row7 * 2 + 1][1], mv1);
-            AV_COPY32(&s->above_mv_ctx[col * 2 + 0][0], &b->mv[2][0]);
-            AV_COPY32(&s->above_mv_ctx[col * 2 + 0][1], &b->mv[2][1]);
-            AV_WN32A(&s->above_mv_ctx[col * 2 + 1][0], mv0);
-            AV_WN32A(&s->above_mv_ctx[col * 2 + 1][1], mv1);
-        } else {
-            int n, mv0 = AV_RN32A(&b->mv[3][0]), mv1 = AV_RN32A(&b->mv[3][1]);
-
-            for (n = 0; n < w4 * 2; n++) {
-                AV_WN32A(&s->above_mv_ctx[col * 2 + n][0], mv0);
-                AV_WN32A(&s->above_mv_ctx[col * 2 + n][1], mv1);
-            }
-            for (n = 0; n < h4 * 2; n++) {
-                AV_WN32A(&s->left_mv_ctx[row7 * 2 + n][0], mv0);
-                AV_WN32A(&s->left_mv_ctx[row7 * 2 + n][1], mv1);
-            }
-        }
-    }
-
-    // FIXME kinda ugly
-    for (y = 0; y < h4; y++) {
-        int x, o = (row + y) * s->sb_cols * 8 + col;
-        struct VP9mvrefPair *mv = &s->s.frames[CUR_FRAME].mv[o];
-
-        if (b->intra) {
-            for (x = 0; x < w4; x++) {
-                mv[x].ref[0] =
-                mv[x].ref[1] = -1;
-            }
-        } else if (b->comp) {
-            for (x = 0; x < w4; x++) {
-                mv[x].ref[0] = b->ref[0];
-                mv[x].ref[1] = b->ref[1];
-                AV_COPY32(&mv[x].mv[0], &b->mv[3][0]);
-                AV_COPY32(&mv[x].mv[1], &b->mv[3][1]);
-            }
-        } else {
-            for (x = 0; x < w4; x++) {
-                mv[x].ref[0] = b->ref[0];
-                mv[x].ref[1] = -1;
-                AV_COPY32(&mv[x].mv[0], &b->mv[3][0]);
-            }
-        }
-    }
-}
-
-// FIXME merge cnt/eob arguments?
-static av_always_inline int
-decode_coeffs_b_generic(VP56RangeCoder *c, int16_t *coef, int n_coeffs,
-                        int is_tx32x32, int is8bitsperpixel, int bpp, unsigned (*cnt)[6][3],
-                        unsigned (*eob)[6][2], uint8_t (*p)[6][11],
-                        int nnz, const int16_t *scan, const int16_t (*nb)[2],
-                        const int16_t *band_counts, const int16_t *qmul)
-{
-    int i = 0, band = 0, band_left = band_counts[band];
-    uint8_t *tp = p[0][nnz];
-    uint8_t cache[1024];
-
-    do {
-        int val, rc;
-
-        val = vp56_rac_get_prob_branchy(c, tp[0]); // eob
-        eob[band][nnz][val]++;
-        if (!val)
-            break;
-
-    skip_eob:
-        if (!vp56_rac_get_prob_branchy(c, tp[1])) { // zero
-            cnt[band][nnz][0]++;
-            if (!--band_left)
-                band_left = band_counts[++band];
-            cache[scan[i]] = 0;
-            nnz = (1 + cache[nb[i][0]] + cache[nb[i][1]]) >> 1;
-            tp = p[band][nnz];
-            if (++i == n_coeffs)
-                break; //invalid input; blocks should end with EOB
-            goto skip_eob;
-        }
-
-        rc = scan[i];
-        if (!vp56_rac_get_prob_branchy(c, tp[2])) { // one
-            cnt[band][nnz][1]++;
-            val = 1;
-            cache[rc] = 1;
-        } else {
-            // fill in p[3-10] (model fill) - only once per frame for each pos
-            if (!tp[3])
-                memcpy(&tp[3], vp9_model_pareto8[tp[2]], 8);
-
-            cnt[band][nnz][2]++;
-            if (!vp56_rac_get_prob_branchy(c, tp[3])) { // 2, 3, 4
-                if (!vp56_rac_get_prob_branchy(c, tp[4])) {
-                    cache[rc] = val = 2;
-                } else {
-                    val = 3 + vp56_rac_get_prob(c, tp[5]);
-                    cache[rc] = 3;
-                }
-            } else if (!vp56_rac_get_prob_branchy(c, tp[6])) { // cat1/2
-                cache[rc] = 4;
-                if (!vp56_rac_get_prob_branchy(c, tp[7])) {
-                    val = 5 + vp56_rac_get_prob(c, 159);
-                } else {
-                    val  = 7 + (vp56_rac_get_prob(c, 165) << 1);
-                    val +=      vp56_rac_get_prob(c, 145);
-                }
-            } else { // cat 3-6
-                cache[rc] = 5;
-                if (!vp56_rac_get_prob_branchy(c, tp[8])) {
-                    if (!vp56_rac_get_prob_branchy(c, tp[9])) {
-                        val  = 11 + (vp56_rac_get_prob(c, 173) << 2);
-                        val +=      (vp56_rac_get_prob(c, 148) << 1);
-                        val +=       vp56_rac_get_prob(c, 140);
-                    } else {
-                        val  = 19 + (vp56_rac_get_prob(c, 176) << 3);
-                        val +=      (vp56_rac_get_prob(c, 155) << 2);
-                        val +=      (vp56_rac_get_prob(c, 140) << 1);
-                        val +=       vp56_rac_get_prob(c, 135);
-                    }
-                } else if (!vp56_rac_get_prob_branchy(c, tp[10])) {
-                    val  = 35 + (vp56_rac_get_prob(c, 180) << 4);
-                    val +=      (vp56_rac_get_prob(c, 157) << 3);
-                    val +=      (vp56_rac_get_prob(c, 141) << 2);
-                    val +=      (vp56_rac_get_prob(c, 134) << 1);
-                    val +=       vp56_rac_get_prob(c, 130);
-                } else {
-                    val = 67;
-                    if (!is8bitsperpixel) {
-                        if (bpp == 12) {
-                            val += vp56_rac_get_prob(c, 255) << 17;
-                            val += vp56_rac_get_prob(c, 255) << 16;
-                        }
-                        val +=  (vp56_rac_get_prob(c, 255) << 15);
-                        val +=  (vp56_rac_get_prob(c, 255) << 14);
-                    }
-                    val +=      (vp56_rac_get_prob(c, 254) << 13);
-                    val +=      (vp56_rac_get_prob(c, 254) << 12);
-                    val +=      (vp56_rac_get_prob(c, 254) << 11);
-                    val +=      (vp56_rac_get_prob(c, 252) << 10);
-                    val +=      (vp56_rac_get_prob(c, 249) << 9);
-                    val +=      (vp56_rac_get_prob(c, 243) << 8);
-                    val +=      (vp56_rac_get_prob(c, 230) << 7);
-                    val +=      (vp56_rac_get_prob(c, 196) << 6);
-                    val +=      (vp56_rac_get_prob(c, 177) << 5);
-                    val +=      (vp56_rac_get_prob(c, 153) << 4);
-                    val +=      (vp56_rac_get_prob(c, 140) << 3);
-                    val +=      (vp56_rac_get_prob(c, 133) << 2);
-                    val +=      (vp56_rac_get_prob(c, 130) << 1);
-                    val +=       vp56_rac_get_prob(c, 129);
-                }
-            }
-        }
-#define STORE_COEF(c, i, v) do { \
-    if (is8bitsperpixel) { \
-        c[i] = v; \
-    } else { \
-        AV_WN32A(&c[i * 2], v); \
-    } \
-} while (0)
-        if (!--band_left)
-            band_left = band_counts[++band];
-        if (is_tx32x32)
-            STORE_COEF(coef, rc, ((vp8_rac_get(c) ? -val : val) * qmul[!!i]) / 2);
-        else
-            STORE_COEF(coef, rc, (vp8_rac_get(c) ? -val : val) * qmul[!!i]);
-        nnz = (1 + cache[nb[i][0]] + cache[nb[i][1]]) >> 1;
-        tp = p[band][nnz];
-    } while (++i < n_coeffs);
-
-    return i;
-}
-
-static int decode_coeffs_b_8bpp(VP9Context *s, int16_t *coef, int n_coeffs,
-                                unsigned (*cnt)[6][3], unsigned (*eob)[6][2],
-                                uint8_t (*p)[6][11], int nnz, const int16_t *scan,
-                                const int16_t (*nb)[2], const int16_t *band_counts,
-                                const int16_t *qmul)
-{
-    return decode_coeffs_b_generic(&s->c, coef, n_coeffs, 0, 1, 8, cnt, eob, p,
-                                   nnz, scan, nb, band_counts, qmul);
-}
-
-static int decode_coeffs_b32_8bpp(VP9Context *s, int16_t *coef, int n_coeffs,
-                                  unsigned (*cnt)[6][3], unsigned (*eob)[6][2],
-                                  uint8_t (*p)[6][11], int nnz, const int16_t *scan,
-                                  const int16_t (*nb)[2], const int16_t *band_counts,
-                                  const int16_t *qmul)
-{
-    return decode_coeffs_b_generic(&s->c, coef, n_coeffs, 1, 1, 8, cnt, eob, p,
-                                   nnz, scan, nb, band_counts, qmul);
-}
-
-static int decode_coeffs_b_16bpp(VP9Context *s, int16_t *coef, int n_coeffs,
-                                 unsigned (*cnt)[6][3], unsigned (*eob)[6][2],
-                                 uint8_t (*p)[6][11], int nnz, const int16_t *scan,
-                                 const int16_t (*nb)[2], const int16_t *band_counts,
-                                 const int16_t *qmul)
-{
-    return decode_coeffs_b_generic(&s->c, coef, n_coeffs, 0, 0, s->bpp, cnt, eob, p,
-                                   nnz, scan, nb, band_counts, qmul);
-}
-
-static int decode_coeffs_b32_16bpp(VP9Context *s, int16_t *coef, int n_coeffs,
-                                   unsigned (*cnt)[6][3], unsigned (*eob)[6][2],
-                                   uint8_t (*p)[6][11], int nnz, const int16_t *scan,
-                                   const int16_t (*nb)[2], const int16_t *band_counts,
-                                   const int16_t *qmul)
-{
-    return decode_coeffs_b_generic(&s->c, coef, n_coeffs, 1, 0, s->bpp, cnt, eob, p,
-                                   nnz, scan, nb, band_counts, qmul);
-}
-
-static av_always_inline int decode_coeffs(AVCodecContext *ctx, int is8bitsperpixel)
-{
-    VP9Context *s = ctx->priv_data;
-    VP9Block *b = s->b;
-    int row = s->row, col = s->col;
-    uint8_t (*p)[6][11] = s->prob.coef[b->tx][0 /* y */][!b->intra];
-    unsigned (*c)[6][3] = s->counts.coef[b->tx][0 /* y */][!b->intra];
-    unsigned (*e)[6][2] = s->counts.eob[b->tx][0 /* y */][!b->intra];
-    int w4 = bwh_tab[1][b->bs][0] << 1, h4 = bwh_tab[1][b->bs][1] << 1;
-    int end_x = FFMIN(2 * (s->cols - col), w4);
-    int end_y = FFMIN(2 * (s->rows - row), h4);
-    int n, pl, x, y, res;
-    int16_t (*qmul)[2] = s->s.h.segmentation.feat[b->seg_id].qmul;
-    int tx = 4 * s->s.h.lossless + b->tx;
-    const int16_t * const *yscans = vp9_scans[tx];
-    const int16_t (* const *ynbs)[2] = vp9_scans_nb[tx];
-    const int16_t *uvscan = vp9_scans[b->uvtx][DCT_DCT];
-    const int16_t (*uvnb)[2] = vp9_scans_nb[b->uvtx][DCT_DCT];
-    uint8_t *a = &s->above_y_nnz_ctx[col * 2];
-    uint8_t *l = &s->left_y_nnz_ctx[(row & 7) << 1];
-    static const int16_t band_counts[4][8] = {
-        { 1, 2, 3, 4,  3,   16 - 13 },
-        { 1, 2, 3, 4, 11,   64 - 21 },
-        { 1, 2, 3, 4, 11,  256 - 21 },
-        { 1, 2, 3, 4, 11, 1024 - 21 },
-    };
-    const int16_t *y_band_counts = band_counts[b->tx];
-    const int16_t *uv_band_counts = band_counts[b->uvtx];
-    int bytesperpixel = is8bitsperpixel ? 1 : 2;
-    int total_coeff = 0;
-
-#define MERGE(la, end, step, rd) \
-    for (n = 0; n < end; n += step) \
-        la[n] = !!rd(&la[n])
-#define MERGE_CTX(step, rd) \
-    do { \
-        MERGE(l, end_y, step, rd); \
-        MERGE(a, end_x, step, rd); \
-    } while (0)
-
-#define DECODE_Y_COEF_LOOP(step, mode_index, v) \
-    for (n = 0, y = 0; y < end_y; y += step) { \
-        for (x = 0; x < end_x; x += step, n += step * step) { \
-            enum TxfmType txtp = vp9_intra_txfm_type[b->mode[mode_index]]; \
-            res = (is8bitsperpixel ? decode_coeffs_b##v##_8bpp : decode_coeffs_b##v##_16bpp) \
-                                    (s, s->block + 16 * n * bytesperpixel, 16 * step * step, \
-                                     c, e, p, a[x] + l[y], yscans[txtp], \
-                                     ynbs[txtp], y_band_counts, qmul[0]); \
-            a[x] = l[y] = !!res; \
-            total_coeff |= !!res; \
-            if (step >= 4) { \
-                AV_WN16A(&s->eob[n], res); \
-            } else { \
-                s->eob[n] = res; \
-            } \
-        } \
-    }
-
-#define SPLAT(la, end, step, cond) \
-    if (step == 2) { \
-        for (n = 1; n < end; n += step) \
-            la[n] = la[n - 1]; \
-    } else if (step == 4) { \
-        if (cond) { \
-            for (n = 0; n < end; n += step) \
-                AV_WN32A(&la[n], la[n] * 0x01010101); \
-        } else { \
-            for (n = 0; n < end; n += step) \
-                memset(&la[n + 1], la[n], FFMIN(end - n - 1, 3)); \
-        } \
-    } else /* step == 8 */ { \
-        if (cond) { \
-            if (HAVE_FAST_64BIT) { \
-                for (n = 0; n < end; n += step) \
-                    AV_WN64A(&la[n], la[n] * 0x0101010101010101ULL); \
-            } else { \
-                for (n = 0; n < end; n += step) { \
-                    uint32_t v32 = la[n] * 0x01010101; \
-                    AV_WN32A(&la[n],     v32); \
-                    AV_WN32A(&la[n + 4], v32); \
-                } \
-            } \
-        } else { \
-            for (n = 0; n < end; n += step) \
-                memset(&la[n + 1], la[n], FFMIN(end - n - 1, 7)); \
-        } \
-    }
-#define SPLAT_CTX(step) \
-    do { \
-        SPLAT(a, end_x, step, end_x == w4); \
-        SPLAT(l, end_y, step, end_y == h4); \
-    } while (0)
-
-    /* y tokens */
-    switch (b->tx) {
-    case TX_4X4:
-        DECODE_Y_COEF_LOOP(1, b->bs > BS_8x8 ? n : 0,);
-        break;
-    case TX_8X8:
-        MERGE_CTX(2, AV_RN16A);
-        DECODE_Y_COEF_LOOP(2, 0,);
-        SPLAT_CTX(2);
-        break;
-    case TX_16X16:
-        MERGE_CTX(4, AV_RN32A);
-        DECODE_Y_COEF_LOOP(4, 0,);
-        SPLAT_CTX(4);
-        break;
-    case TX_32X32:
-        MERGE_CTX(8, AV_RN64A);
-        DECODE_Y_COEF_LOOP(8, 0, 32);
-        SPLAT_CTX(8);
-        break;
-    }
-
-#define DECODE_UV_COEF_LOOP(step, v) \
-    for (n = 0, y = 0; y < end_y; y += step) { \
-        for (x = 0; x < end_x; x += step, n += step * step) { \
-            res = (is8bitsperpixel ? decode_coeffs_b##v##_8bpp : decode_coeffs_b##v##_16bpp) \
-                                    (s, s->uvblock[pl] + 16 * n * bytesperpixel, \
-                                     16 * step * step, c, e, p, a[x] + l[y], \
-                                     uvscan, uvnb, uv_band_counts, qmul[1]); \
-            a[x] = l[y] = !!res; \
-            total_coeff |= !!res; \
-            if (step >= 4) { \
-                AV_WN16A(&s->uveob[pl][n], res); \
-            } else { \
-                s->uveob[pl][n] = res; \
-            } \
-        } \
-    }
-
-    p = s->prob.coef[b->uvtx][1 /* uv */][!b->intra];
-    c = s->counts.coef[b->uvtx][1 /* uv */][!b->intra];
-    e = s->counts.eob[b->uvtx][1 /* uv */][!b->intra];
-    w4 >>= s->ss_h;
-    end_x >>= s->ss_h;
-    h4 >>= s->ss_v;
-    end_y >>= s->ss_v;
-    for (pl = 0; pl < 2; pl++) {
-        a = &s->above_uv_nnz_ctx[pl][col << !s->ss_h];
-        l = &s->left_uv_nnz_ctx[pl][(row & 7) << !s->ss_v];
-        switch (b->uvtx) {
-        case TX_4X4:
-            DECODE_UV_COEF_LOOP(1,);
-            break;
-        case TX_8X8:
-            MERGE_CTX(2, AV_RN16A);
-            DECODE_UV_COEF_LOOP(2,);
-            SPLAT_CTX(2);
-            break;
-        case TX_16X16:
-            MERGE_CTX(4, AV_RN32A);
-            DECODE_UV_COEF_LOOP(4,);
-            SPLAT_CTX(4);
-            break;
-        case TX_32X32:
-            MERGE_CTX(8, AV_RN64A);
-            DECODE_UV_COEF_LOOP(8, 32);
-            SPLAT_CTX(8);
-            break;
-        }
-    }
-
-    return total_coeff;
-}
-
-static int decode_coeffs_8bpp(AVCodecContext *ctx)
-{
-    return decode_coeffs(ctx, 1);
-}
-
-static int decode_coeffs_16bpp(AVCodecContext *ctx)
-{
-    return decode_coeffs(ctx, 0);
-}
-
-static av_always_inline int check_intra_mode(VP9Context *s, int mode, uint8_t **a,
-                                             uint8_t *dst_edge, ptrdiff_t stride_edge,
-                                             uint8_t *dst_inner, ptrdiff_t stride_inner,
-                                             uint8_t *l, int col, int x, int w,
-                                             int row, int y, enum TxfmMode tx,
-                                             int p, int ss_h, int ss_v, int bytesperpixel)
-{
-    int have_top = row > 0 || y > 0;
-    int have_left = col > s->tile_col_start || x > 0;
-    int have_right = x < w - 1;
-    int bpp = s->bpp;
-    static const uint8_t mode_conv[10][2 /* have_left */][2 /* have_top */] = {
-        [VERT_PRED]            = { { DC_127_PRED,          VERT_PRED },
-                                   { DC_127_PRED,          VERT_PRED } },
-        [HOR_PRED]             = { { DC_129_PRED,          DC_129_PRED },
-                                   { HOR_PRED,             HOR_PRED } },
-        [DC_PRED]              = { { DC_128_PRED,          TOP_DC_PRED },
-                                   { LEFT_DC_PRED,         DC_PRED } },
-        [DIAG_DOWN_LEFT_PRED]  = { { DC_127_PRED,          DIAG_DOWN_LEFT_PRED },
-                                   { DC_127_PRED,          DIAG_DOWN_LEFT_PRED } },
-        [DIAG_DOWN_RIGHT_PRED] = { { DIAG_DOWN_RIGHT_PRED, DIAG_DOWN_RIGHT_PRED },
-                                   { DIAG_DOWN_RIGHT_PRED, DIAG_DOWN_RIGHT_PRED } },
-        [VERT_RIGHT_PRED]      = { { VERT_RIGHT_PRED,      VERT_RIGHT_PRED },
-                                   { VERT_RIGHT_PRED,      VERT_RIGHT_PRED } },
-        [HOR_DOWN_PRED]        = { { HOR_DOWN_PRED,        HOR_DOWN_PRED },
-                                   { HOR_DOWN_PRED,        HOR_DOWN_PRED } },
-        [VERT_LEFT_PRED]       = { { DC_127_PRED,          VERT_LEFT_PRED },
-                                   { DC_127_PRED,          VERT_LEFT_PRED } },
-        [HOR_UP_PRED]          = { { DC_129_PRED,          DC_129_PRED },
-                                   { HOR_UP_PRED,          HOR_UP_PRED } },
-        [TM_VP8_PRED]          = { { DC_129_PRED,          VERT_PRED },
-                                   { HOR_PRED,             TM_VP8_PRED } },
-    };
-    static const struct {
-        uint8_t needs_left:1;
-        uint8_t needs_top:1;
-        uint8_t needs_topleft:1;
-        uint8_t needs_topright:1;
-        uint8_t invert_left:1;
-    } edges[N_INTRA_PRED_MODES] = {
-        [VERT_PRED]            = { .needs_top  = 1 },
-        [HOR_PRED]             = { .needs_left = 1 },
-        [DC_PRED]              = { .needs_top  = 1, .needs_left = 1 },
-        [DIAG_DOWN_LEFT_PRED]  = { .needs_top  = 1, .needs_topright = 1 },
-        [DIAG_DOWN_RIGHT_PRED] = { .needs_left = 1, .needs_top = 1, .needs_topleft = 1 },
-        [VERT_RIGHT_PRED]      = { .needs_left = 1, .needs_top = 1, .needs_topleft = 1 },
-        [HOR_DOWN_PRED]        = { .needs_left = 1, .needs_top = 1, .needs_topleft = 1 },
-        [VERT_LEFT_PRED]       = { .needs_top  = 1, .needs_topright = 1 },
-        [HOR_UP_PRED]          = { .needs_left = 1, .invert_left = 1 },
-        [TM_VP8_PRED]          = { .needs_left = 1, .needs_top = 1, .needs_topleft = 1 },
-        [LEFT_DC_PRED]         = { .needs_left = 1 },
-        [TOP_DC_PRED]          = { .needs_top  = 1 },
-        [DC_128_PRED]          = { 0 },
-        [DC_127_PRED]          = { 0 },
-        [DC_129_PRED]          = { 0 }
-    };
-
-    av_assert2(mode >= 0 && mode < 10);
-    mode = mode_conv[mode][have_left][have_top];
-    if (edges[mode].needs_top) {
-        uint8_t *top, *topleft;
-        int n_px_need = 4 << tx, n_px_have = (((s->cols - col) << !ss_h) - x) * 4;
-        int n_px_need_tr = 0;
-
-        if (tx == TX_4X4 && edges[mode].needs_topright && have_right)
-            n_px_need_tr = 4;
-
-        // if top of sb64-row, use s->intra_pred_data[] instead of
-        // dst[-stride] for intra prediction (it contains pre- instead of
-        // post-loopfilter data)
-        if (have_top) {
-            top = !(row & 7) && !y ?
-                s->intra_pred_data[p] + (col * (8 >> ss_h) + x * 4) * bytesperpixel :
-                y == 0 ? &dst_edge[-stride_edge] : &dst_inner[-stride_inner];
-            if (have_left)
-                topleft = !(row & 7) && !y ?
-                    s->intra_pred_data[p] + (col * (8 >> ss_h) + x * 4) * bytesperpixel :
-                    y == 0 || x == 0 ? &dst_edge[-stride_edge] :
-                    &dst_inner[-stride_inner];
-        }
-
-        if (have_top &&
-            (!edges[mode].needs_topleft || (have_left && top == topleft)) &&
-            (tx != TX_4X4 || !edges[mode].needs_topright || have_right) &&
-            n_px_need + n_px_need_tr <= n_px_have) {
-            *a = top;
-        } else {
-            if (have_top) {
-                if (n_px_need <= n_px_have) {
-                    memcpy(*a, top, n_px_need * bytesperpixel);
-                } else {
-#define memset_bpp(c, i1, v, i2, num) do { \
-    if (bytesperpixel == 1) { \
-        memset(&(c)[(i1)], (v)[(i2)], (num)); \
-    } else { \
-        int n, val = AV_RN16A(&(v)[(i2) * 2]); \
-        for (n = 0; n < (num); n++) { \
-            AV_WN16A(&(c)[((i1) + n) * 2], val); \
-        } \
-    } \
-} while (0)
-                    memcpy(*a, top, n_px_have * bytesperpixel);
-                    memset_bpp(*a, n_px_have, (*a), n_px_have - 1, n_px_need - n_px_have);
-                }
-            } else {
-#define memset_val(c, val, num) do { \
-    if (bytesperpixel == 1) { \
-        memset((c), (val), (num)); \
-    } else { \
-        int n; \
-        for (n = 0; n < (num); n++) { \
-            AV_WN16A(&(c)[n * 2], (val)); \
-        } \
-    } \
-} while (0)
-                memset_val(*a, (128 << (bpp - 8)) - 1, n_px_need);
-            }
-            if (edges[mode].needs_topleft) {
-                if (have_left && have_top) {
-#define assign_bpp(c, i1, v, i2) do { \
-    if (bytesperpixel == 1) { \
-        (c)[(i1)] = (v)[(i2)]; \
-    } else { \
-        AV_COPY16(&(c)[(i1) * 2], &(v)[(i2) * 2]); \
-    } \
-} while (0)
-                    assign_bpp(*a, -1, topleft, -1);
-                } else {
-#define assign_val(c, i, v) do { \
-    if (bytesperpixel == 1) { \
-        (c)[(i)] = (v); \
-    } else { \
-        AV_WN16A(&(c)[(i) * 2], (v)); \
-    } \
-} while (0)
-                    assign_val((*a), -1, (128 << (bpp - 8)) + (have_top ? +1 : -1));
-                }
-            }
-            if (tx == TX_4X4 && edges[mode].needs_topright) {
-                if (have_top && have_right &&
-                    n_px_need + n_px_need_tr <= n_px_have) {
-                    memcpy(&(*a)[4 * bytesperpixel], &top[4 * bytesperpixel], 4 * bytesperpixel);
-                } else {
-                    memset_bpp(*a, 4, *a, 3, 4);
-                }
-            }
-        }
-    }
-    if (edges[mode].needs_left) {
-        if (have_left) {
-            int n_px_need = 4 << tx, i, n_px_have = (((s->rows - row) << !ss_v) - y) * 4;
-            uint8_t *dst = x == 0 ? dst_edge : dst_inner;
-            ptrdiff_t stride = x == 0 ? stride_edge : stride_inner;
-
-            if (edges[mode].invert_left) {
-                if (n_px_need <= n_px_have) {
-                    for (i = 0; i < n_px_need; i++)
-                        assign_bpp(l, i, &dst[i * stride], -1);
-                } else {
-                    for (i = 0; i < n_px_have; i++)
-                        assign_bpp(l, i, &dst[i * stride], -1);
-                    memset_bpp(l, n_px_have, l, n_px_have - 1, n_px_need - n_px_have);
-                }
-            } else {
-                if (n_px_need <= n_px_have) {
-                    for (i = 0; i < n_px_need; i++)
-                        assign_bpp(l, n_px_need - 1 - i, &dst[i * stride], -1);
-                } else {
-                    for (i = 0; i < n_px_have; i++)
-                        assign_bpp(l, n_px_need - 1 - i, &dst[i * stride], -1);
-                    memset_bpp(l, 0, l, n_px_need - n_px_have, n_px_need - n_px_have);
-                }
-            }
-        } else {
-            memset_val(l, (128 << (bpp - 8)) + 1, 4 << tx);
-        }
-    }
-
-    return mode;
-}
-
-static av_always_inline void intra_recon(AVCodecContext *ctx, ptrdiff_t y_off,
-                                         ptrdiff_t uv_off, int bytesperpixel)
-{
-    VP9Context *s = ctx->priv_data;
-    VP9Block *b = s->b;
-    int row = s->row, col = s->col;
-    int w4 = bwh_tab[1][b->bs][0] << 1, step1d = 1 << b->tx, n;
-    int h4 = bwh_tab[1][b->bs][1] << 1, x, y, step = 1 << (b->tx * 2);
-    int end_x = FFMIN(2 * (s->cols - col), w4);
-    int end_y = FFMIN(2 * (s->rows - row), h4);
-    int tx = 4 * s->s.h.lossless + b->tx, uvtx = b->uvtx + 4 * s->s.h.lossless;
-    int uvstep1d = 1 << b->uvtx, p;
-    uint8_t *dst = s->dst[0], *dst_r = s->s.frames[CUR_FRAME].tf.f->data[0] + y_off;
-    LOCAL_ALIGNED_32(uint8_t, a_buf, [96]);
-    LOCAL_ALIGNED_32(uint8_t, l, [64]);
-
-    for (n = 0, y = 0; y < end_y; y += step1d) {
-        uint8_t *ptr = dst, *ptr_r = dst_r;
-        for (x = 0; x < end_x; x += step1d, ptr += 4 * step1d * bytesperpixel,
-                               ptr_r += 4 * step1d * bytesperpixel, n += step) {
-            int mode = b->mode[b->bs > BS_8x8 && b->tx == TX_4X4 ?
-                               y * 2 + x : 0];
-            uint8_t *a = &a_buf[32];
-            enum TxfmType txtp = vp9_intra_txfm_type[mode];
-            int eob = b->skip ? 0 : b->tx > TX_8X8 ? AV_RN16A(&s->eob[n]) : s->eob[n];
-
-            mode = check_intra_mode(s, mode, &a, ptr_r,
-                                    s->s.frames[CUR_FRAME].tf.f->linesize[0],
-                                    ptr, s->y_stride, l,
-                                    col, x, w4, row, y, b->tx, 0, 0, 0, bytesperpixel);
-            s->dsp.intra_pred[b->tx][mode](ptr, s->y_stride, l, a);
-            if (eob)
-                s->dsp.itxfm_add[tx][txtp](ptr, s->y_stride,
-                                           s->block + 16 * n * bytesperpixel, eob);
-        }
-        dst_r += 4 * step1d * s->s.frames[CUR_FRAME].tf.f->linesize[0];
-        dst   += 4 * step1d * s->y_stride;
-    }
-
-    // U/V
-    w4 >>= s->ss_h;
-    end_x >>= s->ss_h;
-    end_y >>= s->ss_v;
-    step = 1 << (b->uvtx * 2);
-    for (p = 0; p < 2; p++) {
-        dst   = s->dst[1 + p];
-        dst_r = s->s.frames[CUR_FRAME].tf.f->data[1 + p] + uv_off;
-        for (n = 0, y = 0; y < end_y; y += uvstep1d) {
-            uint8_t *ptr = dst, *ptr_r = dst_r;
-            for (x = 0; x < end_x; x += uvstep1d, ptr += 4 * uvstep1d * bytesperpixel,
-                                   ptr_r += 4 * uvstep1d * bytesperpixel, n += step) {
-                int mode = b->uvmode;
-                uint8_t *a = &a_buf[32];
-                int eob = b->skip ? 0 : b->uvtx > TX_8X8 ? AV_RN16A(&s->uveob[p][n]) : s->uveob[p][n];
-
-                mode = check_intra_mode(s, mode, &a, ptr_r,
-                                        s->s.frames[CUR_FRAME].tf.f->linesize[1],
-                                        ptr, s->uv_stride, l, col, x, w4, row, y,
-                                        b->uvtx, p + 1, s->ss_h, s->ss_v, bytesperpixel);
-                s->dsp.intra_pred[b->uvtx][mode](ptr, s->uv_stride, l, a);
-                if (eob)
-                    s->dsp.itxfm_add[uvtx][DCT_DCT](ptr, s->uv_stride,
-                                                    s->uvblock[p] + 16 * n * bytesperpixel, eob);
-            }
-            dst_r += 4 * uvstep1d * s->s.frames[CUR_FRAME].tf.f->linesize[1];
-            dst   += 4 * uvstep1d * s->uv_stride;
-        }
-    }
-}
-
-static void intra_recon_8bpp(AVCodecContext *ctx, ptrdiff_t y_off, ptrdiff_t uv_off)
-{
-    intra_recon(ctx, y_off, uv_off, 1);
-}
-
-static void intra_recon_16bpp(AVCodecContext *ctx, ptrdiff_t y_off, ptrdiff_t uv_off)
-{
-    intra_recon(ctx, y_off, uv_off, 2);
-}
-
-static av_always_inline void mc_luma_unscaled(VP9Context *s, vp9_mc_func (*mc)[2],
-                                              uint8_t *dst, ptrdiff_t dst_stride,
-                                              const uint8_t *ref, ptrdiff_t ref_stride,
-                                              ThreadFrame *ref_frame,
-                                              ptrdiff_t y, ptrdiff_t x, const VP56mv *mv,
-                                              int bw, int bh, int w, int h, int bytesperpixel)
-{
-    int mx = mv->x, my = mv->y, th;
-
-    y += my >> 3;
-    x += mx >> 3;
-    ref += y * ref_stride + x * bytesperpixel;
-    mx &= 7;
-    my &= 7;
-    // FIXME bilinear filter only needs 0/1 pixels, not 3/4
-    // we use +7 because the last 7 pixels of each sbrow can be changed in
-    // the longest loopfilter of the next sbrow
-    th = (y + bh + 4 * !!my + 7) >> 6;
-    ff_thread_await_progress(ref_frame, FFMAX(th, 0), 0);
-    if (x < !!mx * 3 || y < !!my * 3 ||
-        x + !!mx * 4 > w - bw || y + !!my * 4 > h - bh) {
-        s->vdsp.emulated_edge_mc(s->edge_emu_buffer,
-                                 ref - !!my * 3 * ref_stride - !!mx * 3 * bytesperpixel,
-                                 160, ref_stride,
-                                 bw + !!mx * 7, bh + !!my * 7,
-                                 x - !!mx * 3, y - !!my * 3, w, h);
-        ref = s->edge_emu_buffer + !!my * 3 * 160 + !!mx * 3 * bytesperpixel;
-        ref_stride = 160;
-    }
-    mc[!!mx][!!my](dst, dst_stride, ref, ref_stride, bh, mx << 1, my << 1);
-}
-
-static av_always_inline void mc_chroma_unscaled(VP9Context *s, vp9_mc_func (*mc)[2],
-                                                uint8_t *dst_u, uint8_t *dst_v,
-                                                ptrdiff_t dst_stride,
-                                                const uint8_t *ref_u, ptrdiff_t src_stride_u,
-                                                const uint8_t *ref_v, ptrdiff_t src_stride_v,
-                                                ThreadFrame *ref_frame,
-                                                ptrdiff_t y, ptrdiff_t x, const VP56mv *mv,
-                                                int bw, int bh, int w, int h, int bytesperpixel)
-{
-    int mx = mv->x * (1 << !s->ss_h), my = mv->y * (1 << !s->ss_v), th;
-
-    y += my >> 4;
-    x += mx >> 4;
-    ref_u += y * src_stride_u + x * bytesperpixel;
-    ref_v += y * src_stride_v + x * bytesperpixel;
-    mx &= 15;
-    my &= 15;
-    // FIXME bilinear filter only needs 0/1 pixels, not 3/4
-    // we use +7 because the last 7 pixels of each sbrow can be changed in
-    // the longest loopfilter of the next sbrow
-    th = (y + bh + 4 * !!my + 7) >> (6 - s->ss_v);
-    ff_thread_await_progress(ref_frame, FFMAX(th, 0), 0);
-    if (x < !!mx * 3 || y < !!my * 3 ||
-        x + !!mx * 4 > w - bw || y + !!my * 4 > h - bh) {
-        s->vdsp.emulated_edge_mc(s->edge_emu_buffer,
-                                 ref_u - !!my * 3 * src_stride_u - !!mx * 3 * bytesperpixel,
-                                 160, src_stride_u,
-                                 bw + !!mx * 7, bh + !!my * 7,
-                                 x - !!mx * 3, y - !!my * 3, w, h);
-        ref_u = s->edge_emu_buffer + !!my * 3 * 160 + !!mx * 3 * bytesperpixel;
-        mc[!!mx][!!my](dst_u, dst_stride, ref_u, 160, bh, mx, my);
-
-        s->vdsp.emulated_edge_mc(s->edge_emu_buffer,
-                                 ref_v - !!my * 3 * src_stride_v - !!mx * 3 * bytesperpixel,
-                                 160, src_stride_v,
-                                 bw + !!mx * 7, bh + !!my * 7,
-                                 x - !!mx * 3, y - !!my * 3, w, h);
-        ref_v = s->edge_emu_buffer + !!my * 3 * 160 + !!mx * 3 * bytesperpixel;
-        mc[!!mx][!!my](dst_v, dst_stride, ref_v, 160, bh, mx, my);
-    } else {
-        mc[!!mx][!!my](dst_u, dst_stride, ref_u, src_stride_u, bh, mx, my);
-        mc[!!mx][!!my](dst_v, dst_stride, ref_v, src_stride_v, bh, mx, my);
-    }
-}
-
-#define mc_luma_dir(s, mc, dst, dst_ls, src, src_ls, tref, row, col, mv, \
-                    px, py, pw, ph, bw, bh, w, h, i) \
-    mc_luma_unscaled(s, s->dsp.mc, dst, dst_ls, src, src_ls, tref, row, col, \
-                     mv, bw, bh, w, h, bytesperpixel)
-#define mc_chroma_dir(s, mc, dstu, dstv, dst_ls, srcu, srcu_ls, srcv, srcv_ls, tref, \
-                      row, col, mv, px, py, pw, ph, bw, bh, w, h, i) \
-    mc_chroma_unscaled(s, s->dsp.mc, dstu, dstv, dst_ls, srcu, srcu_ls, srcv, srcv_ls, tref, \
-                       row, col, mv, bw, bh, w, h, bytesperpixel)
-#define SCALED 0
-#define FN(x) x##_8bpp
-#define BYTES_PER_PIXEL 1
-#include "vp9_mc_template.c"
-#undef FN
-#undef BYTES_PER_PIXEL
-#define FN(x) x##_16bpp
-#define BYTES_PER_PIXEL 2
-#include "vp9_mc_template.c"
-#undef mc_luma_dir
-#undef mc_chroma_dir
-#undef FN
-#undef BYTES_PER_PIXEL
-#undef SCALED
-
-static av_always_inline void mc_luma_scaled(VP9Context *s, vp9_scaled_mc_func smc,
-                                            vp9_mc_func (*mc)[2],
-                                            uint8_t *dst, ptrdiff_t dst_stride,
-                                            const uint8_t *ref, ptrdiff_t ref_stride,
-                                            ThreadFrame *ref_frame,
-                                            ptrdiff_t y, ptrdiff_t x, const VP56mv *in_mv,
-                                            int px, int py, int pw, int ph,
-                                            int bw, int bh, int w, int h, int bytesperpixel,
-                                            const uint16_t *scale, const uint8_t *step)
-{
-    if (s->s.frames[CUR_FRAME].tf.f->width == ref_frame->f->width &&
-        s->s.frames[CUR_FRAME].tf.f->height == ref_frame->f->height) {
-        mc_luma_unscaled(s, mc, dst, dst_stride, ref, ref_stride, ref_frame,
-                         y, x, in_mv, bw, bh, w, h, bytesperpixel);
-    } else {
-#define scale_mv(n, dim) (((int64_t)(n) * scale[dim]) >> 14)
-    int mx, my;
-    int refbw_m1, refbh_m1;
-    int th;
-    VP56mv mv;
-
-    mv.x = av_clip(in_mv->x, -(x + pw - px + 4) * 8, (s->cols * 8 - x + px + 3) * 8);
-    mv.y = av_clip(in_mv->y, -(y + ph - py + 4) * 8, (s->rows * 8 - y + py + 3) * 8);
-    // BUG libvpx seems to scale the two components separately. This introduces
-    // rounding errors but we have to reproduce them to be exactly compatible
-    // with the output from libvpx...
-    mx = scale_mv(mv.x * 2, 0) + scale_mv(x * 16, 0);
-    my = scale_mv(mv.y * 2, 1) + scale_mv(y * 16, 1);
-
-    y = my >> 4;
-    x = mx >> 4;
-    ref += y * ref_stride + x * bytesperpixel;
-    mx &= 15;
-    my &= 15;
-    refbw_m1 = ((bw - 1) * step[0] + mx) >> 4;
-    refbh_m1 = ((bh - 1) * step[1] + my) >> 4;
-    // FIXME bilinear filter only needs 0/1 pixels, not 3/4
-    // we use +7 because the last 7 pixels of each sbrow can be changed in
-    // the longest loopfilter of the next sbrow
-    th = (y + refbh_m1 + 4 + 7) >> 6;
-    ff_thread_await_progress(ref_frame, FFMAX(th, 0), 0);
-    if (x < 3 || y < 3 || x + 4 >= w - refbw_m1 || y + 4 >= h - refbh_m1) {
-        s->vdsp.emulated_edge_mc(s->edge_emu_buffer,
-                                 ref - 3 * ref_stride - 3 * bytesperpixel,
-                                 288, ref_stride,
-                                 refbw_m1 + 8, refbh_m1 + 8,
-                                 x - 3, y - 3, w, h);
-        ref = s->edge_emu_buffer + 3 * 288 + 3 * bytesperpixel;
-        ref_stride = 288;
-    }
-    smc(dst, dst_stride, ref, ref_stride, bh, mx, my, step[0], step[1]);
-    }
-}
-
-static av_always_inline void mc_chroma_scaled(VP9Context *s, vp9_scaled_mc_func smc,
-                                              vp9_mc_func (*mc)[2],
-                                              uint8_t *dst_u, uint8_t *dst_v,
-                                              ptrdiff_t dst_stride,
-                                              const uint8_t *ref_u, ptrdiff_t src_stride_u,
-                                              const uint8_t *ref_v, ptrdiff_t src_stride_v,
-                                              ThreadFrame *ref_frame,
-                                              ptrdiff_t y, ptrdiff_t x, const VP56mv *in_mv,
-                                              int px, int py, int pw, int ph,
-                                              int bw, int bh, int w, int h, int bytesperpixel,
-                                              const uint16_t *scale, const uint8_t *step)
-{
-    if (s->s.frames[CUR_FRAME].tf.f->width == ref_frame->f->width &&
-        s->s.frames[CUR_FRAME].tf.f->height == ref_frame->f->height) {
-        mc_chroma_unscaled(s, mc, dst_u, dst_v, dst_stride, ref_u, src_stride_u,
-                           ref_v, src_stride_v, ref_frame,
-                           y, x, in_mv, bw, bh, w, h, bytesperpixel);
-    } else {
-    int mx, my;
-    int refbw_m1, refbh_m1;
-    int th;
-    VP56mv mv;
-
-    if (s->ss_h) {
-        // BUG https://code.google.com/p/webm/issues/detail?id=820
-        mv.x = av_clip(in_mv->x, -(x + pw - px + 4) * 16, (s->cols * 4 - x + px + 3) * 16);
-        mx = scale_mv(mv.x, 0) + (scale_mv(x * 16, 0) & ~15) + (scale_mv(x * 32, 0) & 15);
-    } else {
-        mv.x = av_clip(in_mv->x, -(x + pw - px + 4) * 8, (s->cols * 8 - x + px + 3) * 8);
-        mx = scale_mv(mv.x * 2, 0) + scale_mv(x * 16, 0);
-    }
-    if (s->ss_v) {
-        // BUG https://code.google.com/p/webm/issues/detail?id=820
-        mv.y = av_clip(in_mv->y, -(y + ph - py + 4) * 16, (s->rows * 4 - y + py + 3) * 16);
-        my = scale_mv(mv.y, 1) + (scale_mv(y * 16, 1) & ~15) + (scale_mv(y * 32, 1) & 15);
-    } else {
-        mv.y = av_clip(in_mv->y, -(y + ph - py + 4) * 8, (s->rows * 8 - y + py + 3) * 8);
-        my = scale_mv(mv.y * 2, 1) + scale_mv(y * 16, 1);
-    }
-#undef scale_mv
-    y = my >> 4;
-    x = mx >> 4;
-    ref_u += y * src_stride_u + x * bytesperpixel;
-    ref_v += y * src_stride_v + x * bytesperpixel;
-    mx &= 15;
-    my &= 15;
-    refbw_m1 = ((bw - 1) * step[0] + mx) >> 4;
-    refbh_m1 = ((bh - 1) * step[1] + my) >> 4;
-    // FIXME bilinear filter only needs 0/1 pixels, not 3/4
-    // we use +7 because the last 7 pixels of each sbrow can be changed in
-    // the longest loopfilter of the next sbrow
-    th = (y + refbh_m1 + 4 + 7) >> (6 - s->ss_v);
-    ff_thread_await_progress(ref_frame, FFMAX(th, 0), 0);
-    if (x < 3 || y < 3 || x + 4 >= w - refbw_m1 || y + 4 >= h - refbh_m1) {
-        s->vdsp.emulated_edge_mc(s->edge_emu_buffer,
-                                 ref_u - 3 * src_stride_u - 3 * bytesperpixel,
-                                 288, src_stride_u,
-                                 refbw_m1 + 8, refbh_m1 + 8,
-                                 x - 3, y - 3, w, h);
-        ref_u = s->edge_emu_buffer + 3 * 288 + 3 * bytesperpixel;
-        smc(dst_u, dst_stride, ref_u, 288, bh, mx, my, step[0], step[1]);
-
-        s->vdsp.emulated_edge_mc(s->edge_emu_buffer,
-                                 ref_v - 3 * src_stride_v - 3 * bytesperpixel,
-                                 288, src_stride_v,
-                                 refbw_m1 + 8, refbh_m1 + 8,
-                                 x - 3, y - 3, w, h);
-        ref_v = s->edge_emu_buffer + 3 * 288 + 3 * bytesperpixel;
-        smc(dst_v, dst_stride, ref_v, 288, bh, mx, my, step[0], step[1]);
-    } else {
-        smc(dst_u, dst_stride, ref_u, src_stride_u, bh, mx, my, step[0], step[1]);
-        smc(dst_v, dst_stride, ref_v, src_stride_v, bh, mx, my, step[0], step[1]);
-    }
-    }
-}
-
-#define mc_luma_dir(s, mc, dst, dst_ls, src, src_ls, tref, row, col, mv, \
-                    px, py, pw, ph, bw, bh, w, h, i) \
-    mc_luma_scaled(s, s->dsp.s##mc, s->dsp.mc, dst, dst_ls, src, src_ls, tref, row, col, \
-                   mv, px, py, pw, ph, bw, bh, w, h, bytesperpixel, \
-                   s->mvscale[b->ref[i]], s->mvstep[b->ref[i]])
-#define mc_chroma_dir(s, mc, dstu, dstv, dst_ls, srcu, srcu_ls, srcv, srcv_ls, tref, \
-                      row, col, mv, px, py, pw, ph, bw, bh, w, h, i) \
-    mc_chroma_scaled(s, s->dsp.s##mc, s->dsp.mc, dstu, dstv, dst_ls, srcu, srcu_ls, srcv, srcv_ls, tref, \
-                     row, col, mv, px, py, pw, ph, bw, bh, w, h, bytesperpixel, \
-                     s->mvscale[b->ref[i]], s->mvstep[b->ref[i]])
-#define SCALED 1
-#define FN(x) x##_scaled_8bpp
-#define BYTES_PER_PIXEL 1
-#include "vp9_mc_template.c"
-#undef FN
-#undef BYTES_PER_PIXEL
-#define FN(x) x##_scaled_16bpp
-#define BYTES_PER_PIXEL 2
-#include "vp9_mc_template.c"
-#undef mc_luma_dir
-#undef mc_chroma_dir
-#undef FN
-#undef BYTES_PER_PIXEL
-#undef SCALED
-
-static av_always_inline void inter_recon(AVCodecContext *ctx, int bytesperpixel)
-{
-    VP9Context *s = ctx->priv_data;
-    VP9Block *b = s->b;
-    int row = s->row, col = s->col;
-
-    if (s->mvscale[b->ref[0]][0] || (b->comp && s->mvscale[b->ref[1]][0])) {
-        if (bytesperpixel == 1) {
-            inter_pred_scaled_8bpp(ctx);
-        } else {
-            inter_pred_scaled_16bpp(ctx);
-        }
-    } else {
-        if (bytesperpixel == 1) {
-            inter_pred_8bpp(ctx);
-        } else {
-            inter_pred_16bpp(ctx);
-        }
-    }
-    if (!b->skip) {
-        /* mostly copied intra_recon() */
-
-        int w4 = bwh_tab[1][b->bs][0] << 1, step1d = 1 << b->tx, n;
-        int h4 = bwh_tab[1][b->bs][1] << 1, x, y, step = 1 << (b->tx * 2);
-        int end_x = FFMIN(2 * (s->cols - col), w4);
-        int end_y = FFMIN(2 * (s->rows - row), h4);
-        int tx = 4 * s->s.h.lossless + b->tx, uvtx = b->uvtx + 4 * s->s.h.lossless;
-        int uvstep1d = 1 << b->uvtx, p;
-        uint8_t *dst = s->dst[0];
-
-        // y itxfm add
-        for (n = 0, y = 0; y < end_y; y += step1d) {
-            uint8_t *ptr = dst;
-            for (x = 0; x < end_x; x += step1d,
-                 ptr += 4 * step1d * bytesperpixel, n += step) {
-                int eob = b->tx > TX_8X8 ? AV_RN16A(&s->eob[n]) : s->eob[n];
-
-                if (eob)
-                    s->dsp.itxfm_add[tx][DCT_DCT](ptr, s->y_stride,
-                                                  s->block + 16 * n * bytesperpixel, eob);
-            }
-            dst += 4 * s->y_stride * step1d;
-        }
-
-        // uv itxfm add
-        end_x >>= s->ss_h;
-        end_y >>= s->ss_v;
-        step = 1 << (b->uvtx * 2);
-        for (p = 0; p < 2; p++) {
-            dst = s->dst[p + 1];
-            for (n = 0, y = 0; y < end_y; y += uvstep1d) {
-                uint8_t *ptr = dst;
-                for (x = 0; x < end_x; x += uvstep1d,
-                     ptr += 4 * uvstep1d * bytesperpixel, n += step) {
-                    int eob = b->uvtx > TX_8X8 ? AV_RN16A(&s->uveob[p][n]) : s->uveob[p][n];
-
-                    if (eob)
-                        s->dsp.itxfm_add[uvtx][DCT_DCT](ptr, s->uv_stride,
-                                                        s->uvblock[p] + 16 * n * bytesperpixel, eob);
-                }
-                dst += 4 * uvstep1d * s->uv_stride;
-            }
-        }
-    }
-}
-
-static void inter_recon_8bpp(AVCodecContext *ctx)
-{
-    inter_recon(ctx, 1);
-}
-
-static void inter_recon_16bpp(AVCodecContext *ctx)
-{
-    inter_recon(ctx, 2);
-}
-
-static av_always_inline void mask_edges(uint8_t (*mask)[8][4], int ss_h, int ss_v,
-                                        int row_and_7, int col_and_7,
-                                        int w, int h, int col_end, int row_end,
-                                        enum TxfmMode tx, int skip_inter)
-{
-    static const unsigned wide_filter_col_mask[2] = { 0x11, 0x01 };
-    static const unsigned wide_filter_row_mask[2] = { 0x03, 0x07 };
-
-    // FIXME I'm pretty sure all loops can be replaced by a single LUT if
-    // we make VP9Filter.mask uint64_t (i.e. row/col all single variable)
-    // and make the LUT 5-indexed (bl, bp, is_uv, tx and row/col), and then
-    // use row_and_7/col_and_7 as shifts (1*col_and_7+8*row_and_7)
-
-    // the intended behaviour of the vp9 loopfilter is to work on 8-pixel
-    // edges. This means that for UV, we work on two subsampled blocks at
-    // a time, and we only use the topleft block's mode information to set
-    // things like block strength. Thus, for any block size smaller than
-    // 16x16, ignore the odd portion of the block.
-    if (tx == TX_4X4 && (ss_v | ss_h)) {
-        if (h == ss_v) {
-            if (row_and_7 & 1)
-                return;
-            if (!row_end)
-                h += 1;
-        }
-        if (w == ss_h) {
-            if (col_and_7 & 1)
-                return;
-            if (!col_end)
-                w += 1;
-        }
-    }
-
-    if (tx == TX_4X4 && !skip_inter) {
-        int t = 1 << col_and_7, m_col = (t << w) - t, y;
-        // on 32-px edges, use the 8-px wide loopfilter; else, use 4-px wide
-        int m_row_8 = m_col & wide_filter_col_mask[ss_h], m_row_4 = m_col - m_row_8;
-
-        for (y = row_and_7; y < h + row_and_7; y++) {
-            int col_mask_id = 2 - !(y & wide_filter_row_mask[ss_v]);
-
-            mask[0][y][1] |= m_row_8;
-            mask[0][y][2] |= m_row_4;
-            // for odd lines, if the odd col is not being filtered,
-            // skip odd row also:
-            // .---. <-- a
-            // |   |
-            // |___| <-- b
-            // ^   ^
-            // c   d
-            //
-            // if a/c are even row/col and b/d are odd, and d is skipped,
-            // e.g. right edge of size-66x66.webm, then skip b also (bug)
-            if ((ss_h & ss_v) && (col_end & 1) && (y & 1)) {
-                mask[1][y][col_mask_id] |= (t << (w - 1)) - t;
-            } else {
-                mask[1][y][col_mask_id] |= m_col;
-            }
-            if (!ss_h)
-                mask[0][y][3] |= m_col;
-            if (!ss_v) {
-                if (ss_h && (col_end & 1))
-                    mask[1][y][3] |= (t << (w - 1)) - t;
-                else
-                    mask[1][y][3] |= m_col;
-            }
-        }
-    } else {
-        int y, t = 1 << col_and_7, m_col = (t << w) - t;
-
-        if (!skip_inter) {
-            int mask_id = (tx == TX_8X8);
-            static const unsigned masks[4] = { 0xff, 0x55, 0x11, 0x01 };
-            int l2 = tx + ss_h - 1, step1d;
-            int m_row = m_col & masks[l2];
-
-            // at odd UV col/row edges tx16/tx32 loopfilter edges, force
-            // 8wd loopfilter to prevent going off the visible edge.
-            if (ss_h && tx > TX_8X8 && (w ^ (w - 1)) == 1) {
-                int m_row_16 = ((t << (w - 1)) - t) & masks[l2];
-                int m_row_8 = m_row - m_row_16;
-
-                for (y = row_and_7; y < h + row_and_7; y++) {
-                    mask[0][y][0] |= m_row_16;
-                    mask[0][y][1] |= m_row_8;
-                }
-            } else {
-                for (y = row_and_7; y < h + row_and_7; y++)
-                    mask[0][y][mask_id] |= m_row;
-            }
-
-            l2 = tx + ss_v - 1;
-            step1d = 1 << l2;
-            if (ss_v && tx > TX_8X8 && (h ^ (h - 1)) == 1) {
-                for (y = row_and_7; y < h + row_and_7 - 1; y += step1d)
-                    mask[1][y][0] |= m_col;
-                if (y - row_and_7 == h - 1)
-                    mask[1][y][1] |= m_col;
-            } else {
-                for (y = row_and_7; y < h + row_and_7; y += step1d)
-                    mask[1][y][mask_id] |= m_col;
-            }
-        } else if (tx != TX_4X4) {
-            int mask_id;
-
-            mask_id = (tx == TX_8X8) || (h == ss_v);
-            mask[1][row_and_7][mask_id] |= m_col;
-            mask_id = (tx == TX_8X8) || (w == ss_h);
-            for (y = row_and_7; y < h + row_and_7; y++)
-                mask[0][y][mask_id] |= t;
-        } else {
-            int t8 = t & wide_filter_col_mask[ss_h], t4 = t - t8;
-
-            for (y = row_and_7; y < h + row_and_7; y++) {
-                mask[0][y][2] |= t4;
-                mask[0][y][1] |= t8;
-            }
-            mask[1][row_and_7][2 - !(row_and_7 & wide_filter_row_mask[ss_v])] |= m_col;
-        }
-    }
-}
-
-static void decode_b(AVCodecContext *ctx, int row, int col,
-                     struct VP9Filter *lflvl, ptrdiff_t yoff, ptrdiff_t uvoff,
-                     enum BlockLevel bl, enum BlockPartition bp)
-{
-    VP9Context *s = ctx->priv_data;
-    VP9Block *b = s->b;
-    enum BlockSize bs = bl * 3 + bp;
-    int bytesperpixel = s->bytesperpixel;
-    int w4 = bwh_tab[1][bs][0], h4 = bwh_tab[1][bs][1], lvl;
-    int emu[2];
-    AVFrame *f = s->s.frames[CUR_FRAME].tf.f;
-
-    s->row = row;
-    s->row7 = row & 7;
-    s->col = col;
-    s->col7 = col & 7;
-    s->min_mv.x = -(128 + col * 64);
-    s->min_mv.y = -(128 + row * 64);
-    s->max_mv.x = 128 + (s->cols - col - w4) * 64;
-    s->max_mv.y = 128 + (s->rows - row - h4) * 64;
-    if (s->pass < 2) {
-        b->bs = bs;
-        b->bl = bl;
-        b->bp = bp;
-        decode_mode(ctx);
-        b->uvtx = b->tx - ((s->ss_h && w4 * 2 == (1 << b->tx)) ||
-                           (s->ss_v && h4 * 2 == (1 << b->tx)));
-
-        if (!b->skip) {
-            int has_coeffs;
-
-            if (bytesperpixel == 1) {
-                has_coeffs = decode_coeffs_8bpp(ctx);
-            } else {
-                has_coeffs = decode_coeffs_16bpp(ctx);
-            }
-            if (!has_coeffs && b->bs <= BS_8x8 && !b->intra) {
-                b->skip = 1;
-                memset(&s->above_skip_ctx[col], 1, w4);
-                memset(&s->left_skip_ctx[s->row7], 1, h4);
-            }
-        } else {
-            int row7 = s->row7;
-
-#define SPLAT_ZERO_CTX(v, n) \
-    switch (n) { \
-    case 1:  v = 0;          break; \
-    case 2:  AV_ZERO16(&v);  break; \
-    case 4:  AV_ZERO32(&v);  break; \
-    case 8:  AV_ZERO64(&v);  break; \
-    case 16: AV_ZERO128(&v); break; \
-    }
-#define SPLAT_ZERO_YUV(dir, var, off, n, dir2) \
-    do { \
-        SPLAT_ZERO_CTX(s->dir##_y_##var[off * 2], n * 2); \
-        if (s->ss_##dir2) { \
-            SPLAT_ZERO_CTX(s->dir##_uv_##var[0][off], n); \
-            SPLAT_ZERO_CTX(s->dir##_uv_##var[1][off], n); \
-        } else { \
-            SPLAT_ZERO_CTX(s->dir##_uv_##var[0][off * 2], n * 2); \
-            SPLAT_ZERO_CTX(s->dir##_uv_##var[1][off * 2], n * 2); \
-        } \
-    } while (0)
-
-            switch (w4) {
-            case 1: SPLAT_ZERO_YUV(above, nnz_ctx, col, 1, h); break;
-            case 2: SPLAT_ZERO_YUV(above, nnz_ctx, col, 2, h); break;
-            case 4: SPLAT_ZERO_YUV(above, nnz_ctx, col, 4, h); break;
-            case 8: SPLAT_ZERO_YUV(above, nnz_ctx, col, 8, h); break;
-            }
-            switch (h4) {
-            case 1: SPLAT_ZERO_YUV(left, nnz_ctx, row7, 1, v); break;
-            case 2: SPLAT_ZERO_YUV(left, nnz_ctx, row7, 2, v); break;
-            case 4: SPLAT_ZERO_YUV(left, nnz_ctx, row7, 4, v); break;
-            case 8: SPLAT_ZERO_YUV(left, nnz_ctx, row7, 8, v); break;
-            }
-        }
-
-        if (s->pass == 1) {
-            s->b++;
-            s->block += w4 * h4 * 64 * bytesperpixel;
-            s->uvblock[0] += w4 * h4 * 64 * bytesperpixel >> (s->ss_h + s->ss_v);
-            s->uvblock[1] += w4 * h4 * 64 * bytesperpixel >> (s->ss_h + s->ss_v);
-            s->eob += 4 * w4 * h4;
-            s->uveob[0] += 4 * w4 * h4 >> (s->ss_h + s->ss_v);
-            s->uveob[1] += 4 * w4 * h4 >> (s->ss_h + s->ss_v);
-
-            return;
-        }
-    }
-
-    // emulated overhangs if the stride of the target buffer can't hold. This
-    // makes it possible to support emu-edge and so on even if we have large block
-    // overhangs
-    emu[0] = (col + w4) * 8 * bytesperpixel > f->linesize[0] ||
-             (row + h4) > s->rows;
-    emu[1] = ((col + w4) * 8 >> s->ss_h) * bytesperpixel > f->linesize[1] ||
-             (row + h4) > s->rows;
-    if (emu[0]) {
-        s->dst[0] = s->tmp_y;
-        s->y_stride = 128;
-    } else {
-        s->dst[0] = f->data[0] + yoff;
-        s->y_stride = f->linesize[0];
-    }
-    if (emu[1]) {
-        s->dst[1] = s->tmp_uv[0];
-        s->dst[2] = s->tmp_uv[1];
-        s->uv_stride = 128;
-    } else {
-        s->dst[1] = f->data[1] + uvoff;
-        s->dst[2] = f->data[2] + uvoff;
-        s->uv_stride = f->linesize[1];
-    }
-    if (b->intra) {
-        if (s->bpp > 8) {
-            intra_recon_16bpp(ctx, yoff, uvoff);
-        } else {
-            intra_recon_8bpp(ctx, yoff, uvoff);
-        }
-    } else {
-        if (s->bpp > 8) {
-            inter_recon_16bpp(ctx);
-        } else {
-            inter_recon_8bpp(ctx);
-        }
-    }
-    if (emu[0]) {
-        int w = FFMIN(s->cols - col, w4) * 8, h = FFMIN(s->rows - row, h4) * 8, n, o = 0;
-
-        for (n = 0; o < w; n++) {
-            int bw = 64 >> n;
-
-            av_assert2(n <= 4);
-            if (w & bw) {
-                s->dsp.mc[n][0][0][0][0](f->data[0] + yoff + o * bytesperpixel, f->linesize[0],
-                                         s->tmp_y + o * bytesperpixel, 128, h, 0, 0);
-                o += bw;
-            }
-        }
-    }
-    if (emu[1]) {
-        int w = FFMIN(s->cols - col, w4) * 8 >> s->ss_h;
-        int h = FFMIN(s->rows - row, h4) * 8 >> s->ss_v, n, o = 0;
-
-        for (n = s->ss_h; o < w; n++) {
-            int bw = 64 >> n;
-
-            av_assert2(n <= 4);
-            if (w & bw) {
-                s->dsp.mc[n][0][0][0][0](f->data[1] + uvoff + o * bytesperpixel, f->linesize[1],
-                                         s->tmp_uv[0] + o * bytesperpixel, 128, h, 0, 0);
-                s->dsp.mc[n][0][0][0][0](f->data[2] + uvoff + o * bytesperpixel, f->linesize[2],
-                                         s->tmp_uv[1] + o * bytesperpixel, 128, h, 0, 0);
-                o += bw;
-            }
-        }
-    }
-
-    // pick filter level and find edges to apply filter to
-    if (s->s.h.filter.level &&
-        (lvl = s->s.h.segmentation.feat[b->seg_id].lflvl[b->intra ? 0 : b->ref[0] + 1]
-                                                      [b->mode[3] != ZEROMV]) > 0) {
-        int x_end = FFMIN(s->cols - col, w4), y_end = FFMIN(s->rows - row, h4);
-        int skip_inter = !b->intra && b->skip, col7 = s->col7, row7 = s->row7;
-
-        setctx_2d(&lflvl->level[row7 * 8 + col7], w4, h4, 8, lvl);
-        mask_edges(lflvl->mask[0], 0, 0, row7, col7, x_end, y_end, 0, 0, b->tx, skip_inter);
-        if (s->ss_h || s->ss_v)
-            mask_edges(lflvl->mask[1], s->ss_h, s->ss_v, row7, col7, x_end, y_end,
-                       s->cols & 1 && col + w4 >= s->cols ? s->cols & 7 : 0,
-                       s->rows & 1 && row + h4 >= s->rows ? s->rows & 7 : 0,
-                       b->uvtx, skip_inter);
-
-        if (!s->filter_lut.lim_lut[lvl]) {
-            int sharp = s->s.h.filter.sharpness;
-            int limit = lvl;
-
-            if (sharp > 0) {
-                limit >>= (sharp + 3) >> 2;
-                limit = FFMIN(limit, 9 - sharp);
-            }
-            limit = FFMAX(limit, 1);
-
-            s->filter_lut.lim_lut[lvl] = limit;
-            s->filter_lut.mblim_lut[lvl] = 2 * (lvl + 2) + limit;
-        }
-    }
-
-    if (s->pass == 2) {
-        s->b++;
-        s->block += w4 * h4 * 64 * bytesperpixel;
-        s->uvblock[0] += w4 * h4 * 64 * bytesperpixel >> (s->ss_v + s->ss_h);
-        s->uvblock[1] += w4 * h4 * 64 * bytesperpixel >> (s->ss_v + s->ss_h);
-        s->eob += 4 * w4 * h4;
-        s->uveob[0] += 4 * w4 * h4 >> (s->ss_v + s->ss_h);
-        s->uveob[1] += 4 * w4 * h4 >> (s->ss_v + s->ss_h);
-    }
-}
-
-static void decode_sb(AVCodecContext *ctx, int row, int col, struct VP9Filter *lflvl,
+static void decode_sb(VP9TileData *td, int row, int col, VP9Filter *lflvl,
                       ptrdiff_t yoff, ptrdiff_t uvoff, enum BlockLevel bl)
 {
-    VP9Context *s = ctx->priv_data;
+    const VP9Context *s = td->s;
     int c = ((s->above_partition_ctx[col] >> (3 - bl)) & 1) |
-            (((s->left_partition_ctx[row & 0x7] >> (3 - bl)) & 1) << 1);
-    const uint8_t *p = s->s.h.keyframe || s->s.h.intraonly ? vp9_default_kf_partition_probs[bl][c] :
+            (((td->left_partition_ctx[row & 0x7] >> (3 - bl)) & 1) << 1);
+    const uint8_t *p = s->s.h.keyframe || s->s.h.intraonly ? ff_vp9_default_kf_partition_probs[bl][c] :
                                                      s->prob.p.partition[bl][c];
     enum BlockPartition bp;
     ptrdiff_t hbs = 4 >> bl;
@@ -3398,75 +1054,75 @@ static void decode_sb(AVCodecContext *ctx, int row, int col, struct VP9Filter *l
     int bytesperpixel = s->bytesperpixel;
 
     if (bl == BL_8X8) {
-        bp = vp8_rac_get_tree(&s->c, vp9_partition_tree, p);
-        decode_b(ctx, row, col, lflvl, yoff, uvoff, bl, bp);
+        bp = vp8_rac_get_tree(td->c, ff_vp9_partition_tree, p);
+        ff_vp9_decode_block(td, row, col, lflvl, yoff, uvoff, bl, bp);
     } else if (col + hbs < s->cols) { // FIXME why not <=?
         if (row + hbs < s->rows) { // FIXME why not <=?
-            bp = vp8_rac_get_tree(&s->c, vp9_partition_tree, p);
+            bp = vp8_rac_get_tree(td->c, ff_vp9_partition_tree, p);
             switch (bp) {
             case PARTITION_NONE:
-                decode_b(ctx, row, col, lflvl, yoff, uvoff, bl, bp);
+                ff_vp9_decode_block(td, row, col, lflvl, yoff, uvoff, bl, bp);
                 break;
             case PARTITION_H:
-                decode_b(ctx, row, col, lflvl, yoff, uvoff, bl, bp);
+                ff_vp9_decode_block(td, row, col, lflvl, yoff, uvoff, bl, bp);
                 yoff  += hbs * 8 * y_stride;
                 uvoff += hbs * 8 * uv_stride >> s->ss_v;
-                decode_b(ctx, row + hbs, col, lflvl, yoff, uvoff, bl, bp);
+                ff_vp9_decode_block(td, row + hbs, col, lflvl, yoff, uvoff, bl, bp);
                 break;
             case PARTITION_V:
-                decode_b(ctx, row, col, lflvl, yoff, uvoff, bl, bp);
+                ff_vp9_decode_block(td, row, col, lflvl, yoff, uvoff, bl, bp);
                 yoff  += hbs * 8 * bytesperpixel;
                 uvoff += hbs * 8 * bytesperpixel >> s->ss_h;
-                decode_b(ctx, row, col + hbs, lflvl, yoff, uvoff, bl, bp);
+                ff_vp9_decode_block(td, row, col + hbs, lflvl, yoff, uvoff, bl, bp);
                 break;
             case PARTITION_SPLIT:
-                decode_sb(ctx, row, col, lflvl, yoff, uvoff, bl + 1);
-                decode_sb(ctx, row, col + hbs, lflvl,
+                decode_sb(td, row, col, lflvl, yoff, uvoff, bl + 1);
+                decode_sb(td, row, col + hbs, lflvl,
                           yoff + 8 * hbs * bytesperpixel,
                           uvoff + (8 * hbs * bytesperpixel >> s->ss_h), bl + 1);
                 yoff  += hbs * 8 * y_stride;
                 uvoff += hbs * 8 * uv_stride >> s->ss_v;
-                decode_sb(ctx, row + hbs, col, lflvl, yoff, uvoff, bl + 1);
-                decode_sb(ctx, row + hbs, col + hbs, lflvl,
+                decode_sb(td, row + hbs, col, lflvl, yoff, uvoff, bl + 1);
+                decode_sb(td, row + hbs, col + hbs, lflvl,
                           yoff + 8 * hbs * bytesperpixel,
                           uvoff + (8 * hbs * bytesperpixel >> s->ss_h), bl + 1);
                 break;
             default:
                 av_assert0(0);
             }
-        } else if (vp56_rac_get_prob_branchy(&s->c, p[1])) {
+        } else if (vp56_rac_get_prob_branchy(td->c, p[1])) {
             bp = PARTITION_SPLIT;
-            decode_sb(ctx, row, col, lflvl, yoff, uvoff, bl + 1);
-            decode_sb(ctx, row, col + hbs, lflvl,
+            decode_sb(td, row, col, lflvl, yoff, uvoff, bl + 1);
+            decode_sb(td, row, col + hbs, lflvl,
                       yoff + 8 * hbs * bytesperpixel,
                       uvoff + (8 * hbs * bytesperpixel >> s->ss_h), bl + 1);
         } else {
             bp = PARTITION_H;
-            decode_b(ctx, row, col, lflvl, yoff, uvoff, bl, bp);
+            ff_vp9_decode_block(td, row, col, lflvl, yoff, uvoff, bl, bp);
         }
     } else if (row + hbs < s->rows) { // FIXME why not <=?
-        if (vp56_rac_get_prob_branchy(&s->c, p[2])) {
+        if (vp56_rac_get_prob_branchy(td->c, p[2])) {
             bp = PARTITION_SPLIT;
-            decode_sb(ctx, row, col, lflvl, yoff, uvoff, bl + 1);
+            decode_sb(td, row, col, lflvl, yoff, uvoff, bl + 1);
             yoff  += hbs * 8 * y_stride;
             uvoff += hbs * 8 * uv_stride >> s->ss_v;
-            decode_sb(ctx, row + hbs, col, lflvl, yoff, uvoff, bl + 1);
+            decode_sb(td, row + hbs, col, lflvl, yoff, uvoff, bl + 1);
         } else {
             bp = PARTITION_V;
-            decode_b(ctx, row, col, lflvl, yoff, uvoff, bl, bp);
+            ff_vp9_decode_block(td, row, col, lflvl, yoff, uvoff, bl, bp);
         }
     } else {
         bp = PARTITION_SPLIT;
-        decode_sb(ctx, row, col, lflvl, yoff, uvoff, bl + 1);
+        decode_sb(td, row, col, lflvl, yoff, uvoff, bl + 1);
     }
-    s->counts.partition[bl][c][bp]++;
+    td->counts.partition[bl][c][bp]++;
 }
 
-static void decode_sb_mem(AVCodecContext *ctx, int row, int col, struct VP9Filter *lflvl,
+static void decode_sb_mem(VP9TileData *td, int row, int col, VP9Filter *lflvl,
                           ptrdiff_t yoff, ptrdiff_t uvoff, enum BlockLevel bl)
 {
-    VP9Context *s = ctx->priv_data;
-    VP9Block *b = s->b;
+    const VP9Context *s = td->s;
+    VP9Block *b = td->b;
     ptrdiff_t hbs = 4 >> bl;
     AVFrame *f = s->s.frames[CUR_FRAME].tf.f;
     ptrdiff_t y_stride = f->linesize[0], uv_stride = f->linesize[1];
@@ -3474,221 +1130,43 @@ static void decode_sb_mem(AVCodecContext *ctx, int row, int col, struct VP9Filte
 
     if (bl == BL_8X8) {
         av_assert2(b->bl == BL_8X8);
-        decode_b(ctx, row, col, lflvl, yoff, uvoff, b->bl, b->bp);
-    } else if (s->b->bl == bl) {
-        decode_b(ctx, row, col, lflvl, yoff, uvoff, b->bl, b->bp);
+        ff_vp9_decode_block(td, row, col, lflvl, yoff, uvoff, b->bl, b->bp);
+    } else if (td->b->bl == bl) {
+        ff_vp9_decode_block(td, row, col, lflvl, yoff, uvoff, b->bl, b->bp);
         if (b->bp == PARTITION_H && row + hbs < s->rows) {
             yoff  += hbs * 8 * y_stride;
             uvoff += hbs * 8 * uv_stride >> s->ss_v;
-            decode_b(ctx, row + hbs, col, lflvl, yoff, uvoff, b->bl, b->bp);
+            ff_vp9_decode_block(td, row + hbs, col, lflvl, yoff, uvoff, b->bl, b->bp);
         } else if (b->bp == PARTITION_V && col + hbs < s->cols) {
             yoff  += hbs * 8 * bytesperpixel;
             uvoff += hbs * 8 * bytesperpixel >> s->ss_h;
-            decode_b(ctx, row, col + hbs, lflvl, yoff, uvoff, b->bl, b->bp);
+            ff_vp9_decode_block(td, row, col + hbs, lflvl, yoff, uvoff, b->bl, b->bp);
         }
     } else {
-        decode_sb_mem(ctx, row, col, lflvl, yoff, uvoff, bl + 1);
+        decode_sb_mem(td, row, col, lflvl, yoff, uvoff, bl + 1);
         if (col + hbs < s->cols) { // FIXME why not <=?
             if (row + hbs < s->rows) {
-                decode_sb_mem(ctx, row, col + hbs, lflvl, yoff + 8 * hbs * bytesperpixel,
+                decode_sb_mem(td, row, col + hbs, lflvl, yoff + 8 * hbs * bytesperpixel,
                               uvoff + (8 * hbs * bytesperpixel >> s->ss_h), bl + 1);
                 yoff  += hbs * 8 * y_stride;
                 uvoff += hbs * 8 * uv_stride >> s->ss_v;
-                decode_sb_mem(ctx, row + hbs, col, lflvl, yoff, uvoff, bl + 1);
-                decode_sb_mem(ctx, row + hbs, col + hbs, lflvl,
+                decode_sb_mem(td, row + hbs, col, lflvl, yoff, uvoff, bl + 1);
+                decode_sb_mem(td, row + hbs, col + hbs, lflvl,
                               yoff + 8 * hbs * bytesperpixel,
                               uvoff + (8 * hbs * bytesperpixel >> s->ss_h), bl + 1);
             } else {
                 yoff  += hbs * 8 * bytesperpixel;
                 uvoff += hbs * 8 * bytesperpixel >> s->ss_h;
-                decode_sb_mem(ctx, row, col + hbs, lflvl, yoff, uvoff, bl + 1);
+                decode_sb_mem(td, row, col + hbs, lflvl, yoff, uvoff, bl + 1);
             }
         } else if (row + hbs < s->rows) {
             yoff  += hbs * 8 * y_stride;
             uvoff += hbs * 8 * uv_stride >> s->ss_v;
-            decode_sb_mem(ctx, row + hbs, col, lflvl, yoff, uvoff, bl + 1);
+            decode_sb_mem(td, row + hbs, col, lflvl, yoff, uvoff, bl + 1);
         }
     }
 }
 
-static av_always_inline void filter_plane_cols(VP9Context *s, int col, int ss_h, int ss_v,
-                                               uint8_t *lvl, uint8_t (*mask)[4],
-                                               uint8_t *dst, ptrdiff_t ls)
-{
-    int y, x, bytesperpixel = s->bytesperpixel;
-
-    // filter edges between columns (e.g. block1 | block2)
-    for (y = 0; y < 8; y += 2 << ss_v, dst += 16 * ls, lvl += 16 << ss_v) {
-        uint8_t *ptr = dst, *l = lvl, *hmask1 = mask[y], *hmask2 = mask[y + 1 + ss_v];
-        unsigned hm1 = hmask1[0] | hmask1[1] | hmask1[2], hm13 = hmask1[3];
-        unsigned hm2 = hmask2[1] | hmask2[2], hm23 = hmask2[3];
-        unsigned hm = hm1 | hm2 | hm13 | hm23;
-
-        for (x = 1; hm & ~(x - 1); x <<= 1, ptr += 8 * bytesperpixel >> ss_h) {
-            if (col || x > 1) {
-                if (hm1 & x) {
-                    int L = *l, H = L >> 4;
-                    int E = s->filter_lut.mblim_lut[L], I = s->filter_lut.lim_lut[L];
-
-                    if (hmask1[0] & x) {
-                        if (hmask2[0] & x) {
-                            av_assert2(l[8 << ss_v] == L);
-                            s->dsp.loop_filter_16[0](ptr, ls, E, I, H);
-                        } else {
-                            s->dsp.loop_filter_8[2][0](ptr, ls, E, I, H);
-                        }
-                    } else if (hm2 & x) {
-                        L = l[8 << ss_v];
-                        H |= (L >> 4) << 8;
-                        E |= s->filter_lut.mblim_lut[L] << 8;
-                        I |= s->filter_lut.lim_lut[L] << 8;
-                        s->dsp.loop_filter_mix2[!!(hmask1[1] & x)]
-                                               [!!(hmask2[1] & x)]
-                                               [0](ptr, ls, E, I, H);
-                    } else {
-                        s->dsp.loop_filter_8[!!(hmask1[1] & x)]
-                                            [0](ptr, ls, E, I, H);
-                    }
-                } else if (hm2 & x) {
-                    int L = l[8 << ss_v], H = L >> 4;
-                    int E = s->filter_lut.mblim_lut[L], I = s->filter_lut.lim_lut[L];
-
-                    s->dsp.loop_filter_8[!!(hmask2[1] & x)]
-                                        [0](ptr + 8 * ls, ls, E, I, H);
-                }
-            }
-            if (ss_h) {
-                if (x & 0xAA)
-                    l += 2;
-            } else {
-                if (hm13 & x) {
-                    int L = *l, H = L >> 4;
-                    int E = s->filter_lut.mblim_lut[L], I = s->filter_lut.lim_lut[L];
-
-                    if (hm23 & x) {
-                        L = l[8 << ss_v];
-                        H |= (L >> 4) << 8;
-                        E |= s->filter_lut.mblim_lut[L] << 8;
-                        I |= s->filter_lut.lim_lut[L] << 8;
-                        s->dsp.loop_filter_mix2[0][0][0](ptr + 4 * bytesperpixel, ls, E, I, H);
-                    } else {
-                        s->dsp.loop_filter_8[0][0](ptr + 4 * bytesperpixel, ls, E, I, H);
-                    }
-                } else if (hm23 & x) {
-                    int L = l[8 << ss_v], H = L >> 4;
-                    int E = s->filter_lut.mblim_lut[L], I = s->filter_lut.lim_lut[L];
-
-                    s->dsp.loop_filter_8[0][0](ptr + 8 * ls + 4 * bytesperpixel, ls, E, I, H);
-                }
-                l++;
-            }
-        }
-    }
-}
-
-static av_always_inline void filter_plane_rows(VP9Context *s, int row, int ss_h, int ss_v,
-                                               uint8_t *lvl, uint8_t (*mask)[4],
-                                               uint8_t *dst, ptrdiff_t ls)
-{
-    int y, x, bytesperpixel = s->bytesperpixel;
-
-    //                                 block1
-    // filter edges between rows (e.g. ------)
-    //                                 block2
-    for (y = 0; y < 8; y++, dst += 8 * ls >> ss_v) {
-        uint8_t *ptr = dst, *l = lvl, *vmask = mask[y];
-        unsigned vm = vmask[0] | vmask[1] | vmask[2], vm3 = vmask[3];
-
-        for (x = 1; vm & ~(x - 1); x <<= (2 << ss_h), ptr += 16 * bytesperpixel, l += 2 << ss_h) {
-            if (row || y) {
-                if (vm & x) {
-                    int L = *l, H = L >> 4;
-                    int E = s->filter_lut.mblim_lut[L], I = s->filter_lut.lim_lut[L];
-
-                    if (vmask[0] & x) {
-                        if (vmask[0] & (x << (1 + ss_h))) {
-                            av_assert2(l[1 + ss_h] == L);
-                            s->dsp.loop_filter_16[1](ptr, ls, E, I, H);
-                        } else {
-                            s->dsp.loop_filter_8[2][1](ptr, ls, E, I, H);
-                        }
-                    } else if (vm & (x << (1 + ss_h))) {
-                        L = l[1 + ss_h];
-                        H |= (L >> 4) << 8;
-                        E |= s->filter_lut.mblim_lut[L] << 8;
-                        I |= s->filter_lut.lim_lut[L] << 8;
-                        s->dsp.loop_filter_mix2[!!(vmask[1] &  x)]
-                                               [!!(vmask[1] & (x << (1 + ss_h)))]
-                                               [1](ptr, ls, E, I, H);
-                    } else {
-                        s->dsp.loop_filter_8[!!(vmask[1] & x)]
-                                            [1](ptr, ls, E, I, H);
-                    }
-                } else if (vm & (x << (1 + ss_h))) {
-                    int L = l[1 + ss_h], H = L >> 4;
-                    int E = s->filter_lut.mblim_lut[L], I = s->filter_lut.lim_lut[L];
-
-                    s->dsp.loop_filter_8[!!(vmask[1] & (x << (1 + ss_h)))]
-                                        [1](ptr + 8 * bytesperpixel, ls, E, I, H);
-                }
-            }
-            if (!ss_v) {
-                if (vm3 & x) {
-                    int L = *l, H = L >> 4;
-                    int E = s->filter_lut.mblim_lut[L], I = s->filter_lut.lim_lut[L];
-
-                    if (vm3 & (x << (1 + ss_h))) {
-                        L = l[1 + ss_h];
-                        H |= (L >> 4) << 8;
-                        E |= s->filter_lut.mblim_lut[L] << 8;
-                        I |= s->filter_lut.lim_lut[L] << 8;
-                        s->dsp.loop_filter_mix2[0][0][1](ptr + ls * 4, ls, E, I, H);
-                    } else {
-                        s->dsp.loop_filter_8[0][1](ptr + ls * 4, ls, E, I, H);
-                    }
-                } else if (vm3 & (x << (1 + ss_h))) {
-                    int L = l[1 + ss_h], H = L >> 4;
-                    int E = s->filter_lut.mblim_lut[L], I = s->filter_lut.lim_lut[L];
-
-                    s->dsp.loop_filter_8[0][1](ptr + ls * 4 + 8 * bytesperpixel, ls, E, I, H);
-                }
-            }
-        }
-        if (ss_v) {
-            if (y & 1)
-                lvl += 16;
-        } else {
-            lvl += 8;
-        }
-    }
-}
-
-static void loopfilter_sb(AVCodecContext *ctx, struct VP9Filter *lflvl,
-                          int row, int col, ptrdiff_t yoff, ptrdiff_t uvoff)
-{
-    VP9Context *s = ctx->priv_data;
-    AVFrame *f = s->s.frames[CUR_FRAME].tf.f;
-    uint8_t *dst = f->data[0] + yoff;
-    ptrdiff_t ls_y = f->linesize[0], ls_uv = f->linesize[1];
-    uint8_t (*uv_masks)[8][4] = lflvl->mask[s->ss_h | s->ss_v];
-    int p;
-
-    // FIXME in how far can we interleave the v/h loopfilter calls? E.g.
-    // if you think of them as acting on a 8x8 block max, we can interleave
-    // each v/h within the single x loop, but that only works if we work on
-    // 8 pixel blocks, and we won't always do that (we want at least 16px
-    // to use SSE2 optimizations, perhaps 32 for AVX2)
-
-    filter_plane_cols(s, col, 0, 0, lflvl->level, lflvl->mask[0][0], dst, ls_y);
-    filter_plane_rows(s, row, 0, 0, lflvl->level, lflvl->mask[0][1], dst, ls_y);
-
-    for (p = 0; p < 2; p++) {
-        dst = f->data[1 + p] + uvoff;
-        filter_plane_cols(s, col, s->ss_h, s->ss_v, lflvl->level, uv_masks[0], dst, ls_uv);
-        filter_plane_rows(s, row, s->ss_h, s->ss_v, lflvl->level, uv_masks[1], dst, ls_uv);
-    }
-}
-
 static void set_tile_offset(int *start, int *end, int idx, int log2_n, int n)
 {
     int sb_start = ( idx      * n) >> log2_n;
@@ -3697,300 +1175,302 @@ static void set_tile_offset(int *start, int *end, int idx, int log2_n, int n)
     *end   = FFMIN(sb_end,   n) << 3;
 }
 
-static av_always_inline void adapt_prob(uint8_t *p, unsigned ct0, unsigned ct1,
-                                        int max_count, int update_factor)
+static void free_buffers(VP9Context *s)
 {
-    unsigned ct = ct0 + ct1, p2, p1;
-
-    if (!ct)
-        return;
-
-    update_factor = FASTDIV(update_factor * FFMIN(ct, max_count), max_count);
-    p1 = *p;
-    p2 = ((((int64_t) ct0) << 8) + (ct >> 1)) / ct;
-    p2 = av_clip(p2, 1, 255);
+    int i;
 
-    // (p1 * (256 - update_factor) + p2 * update_factor + 128) >> 8
-    *p = p1 + (((p2 - p1) * update_factor + 128) >> 8);
+    av_freep(&s->intra_pred_data[0]);
+    for (i = 0; i < s->active_tile_cols; i++) {
+        av_freep(&s->td[i].b_base);
+        av_freep(&s->td[i].block_base);
+    }
 }
 
-static void adapt_probs(VP9Context *s)
+static av_cold int vp9_decode_free(AVCodecContext *avctx)
 {
-    int i, j, k, l, m;
-    prob_context *p = &s->prob_ctx[s->s.h.framectxid].p;
-    int uf = (s->s.h.keyframe || s->s.h.intraonly || !s->last_keyframe) ? 112 : 128;
-
-    // coefficients
-    for (i = 0; i < 4; i++)
-        for (j = 0; j < 2; j++)
-            for (k = 0; k < 2; k++)
-                for (l = 0; l < 6; l++)
-                    for (m = 0; m < 6; m++) {
-                        uint8_t *pp = s->prob_ctx[s->s.h.framectxid].coef[i][j][k][l][m];
-                        unsigned *e = s->counts.eob[i][j][k][l][m];
-                        unsigned *c = s->counts.coef[i][j][k][l][m];
-
-                        if (l == 0 && m >= 3) // dc only has 3 pt
-                            break;
-
-                        adapt_prob(&pp[0], e[0], e[1], 24, uf);
-                        adapt_prob(&pp[1], c[0], c[1] + c[2], 24, uf);
-                        adapt_prob(&pp[2], c[1], c[2], 24, uf);
-                    }
+    VP9Context *s = avctx->priv_data;
+    int i;
 
-    if (s->s.h.keyframe || s->s.h.intraonly) {
-        memcpy(p->skip,  s->prob.p.skip,  sizeof(p->skip));
-        memcpy(p->tx32p, s->prob.p.tx32p, sizeof(p->tx32p));
-        memcpy(p->tx16p, s->prob.p.tx16p, sizeof(p->tx16p));
-        memcpy(p->tx8p,  s->prob.p.tx8p,  sizeof(p->tx8p));
-        return;
+    for (i = 0; i < 3; i++) {
+        if (s->s.frames[i].tf.f->buf[0])
+            vp9_frame_unref(avctx, &s->s.frames[i]);
+        av_frame_free(&s->s.frames[i].tf.f);
+    }
+    for (i = 0; i < 8; i++) {
+        if (s->s.refs[i].f->buf[0])
+            ff_thread_release_buffer(avctx, &s->s.refs[i]);
+        av_frame_free(&s->s.refs[i].f);
+        if (s->next_refs[i].f->buf[0])
+            ff_thread_release_buffer(avctx, &s->next_refs[i]);
+        av_frame_free(&s->next_refs[i].f);
     }
 
-    // skip flag
-    for (i = 0; i < 3; i++)
-        adapt_prob(&p->skip[i], s->counts.skip[i][0], s->counts.skip[i][1], 20, 128);
+    free_buffers(s);
+    vp9_free_entries(avctx);
+    av_freep(&s->td);
+    return 0;
+}
 
-    // intra/inter flag
-    for (i = 0; i < 4; i++)
-        adapt_prob(&p->intra[i], s->counts.intra[i][0], s->counts.intra[i][1], 20, 128);
+static int decode_tiles(AVCodecContext *avctx,
+                        const uint8_t *data, int size)
+{
+    VP9Context *s = avctx->priv_data;
+    VP9TileData *td = &s->td[0];
+    int row, col, tile_row, tile_col, ret;
+    int bytesperpixel;
+    int tile_row_start, tile_row_end, tile_col_start, tile_col_end;
+    AVFrame *f;
+    ptrdiff_t yoff, uvoff, ls_y, ls_uv;
 
-    // comppred flag
-    if (s->s.h.comppredmode == PRED_SWITCHABLE) {
-      for (i = 0; i < 5; i++)
-          adapt_prob(&p->comp[i], s->counts.comp[i][0], s->counts.comp[i][1], 20, 128);
-    }
+    f = s->s.frames[CUR_FRAME].tf.f;
+    ls_y = f->linesize[0];
+    ls_uv =f->linesize[1];
+    bytesperpixel = s->bytesperpixel;
 
-    // reference frames
-    if (s->s.h.comppredmode != PRED_SINGLEREF) {
-      for (i = 0; i < 5; i++)
-          adapt_prob(&p->comp_ref[i], s->counts.comp_ref[i][0],
-                     s->counts.comp_ref[i][1], 20, 128);
-    }
+    yoff = uvoff = 0;
+    for (tile_row = 0; tile_row < s->s.h.tiling.tile_rows; tile_row++) {
+        set_tile_offset(&tile_row_start, &tile_row_end,
+                        tile_row, s->s.h.tiling.log2_tile_rows, s->sb_rows);
 
-    if (s->s.h.comppredmode != PRED_COMPREF) {
-      for (i = 0; i < 5; i++) {
-          uint8_t *pp = p->single_ref[i];
-          unsigned (*c)[2] = s->counts.single_ref[i];
+        for (tile_col = 0; tile_col < s->s.h.tiling.tile_cols; tile_col++) {
+            int64_t tile_size;
 
-          adapt_prob(&pp[0], c[0][0], c[0][1], 20, 128);
-          adapt_prob(&pp[1], c[1][0], c[1][1], 20, 128);
-      }
-    }
+            if (tile_col == s->s.h.tiling.tile_cols - 1 &&
+                tile_row == s->s.h.tiling.tile_rows - 1) {
+                tile_size = size;
+            } else {
+                tile_size = AV_RB32(data);
+                data += 4;
+                size -= 4;
+            }
+            if (tile_size > size) {
+                ff_thread_report_progress(&s->s.frames[CUR_FRAME].tf, INT_MAX, 0);
+                return AVERROR_INVALIDDATA;
+            }
+            ret = ff_vp56_init_range_decoder(&td->c_b[tile_col], data, tile_size);
+            if (ret < 0)
+                return ret;
+            if (vp56_rac_get_prob_branchy(&td->c_b[tile_col], 128)) { // marker bit
+                ff_thread_report_progress(&s->s.frames[CUR_FRAME].tf, INT_MAX, 0);
+                return AVERROR_INVALIDDATA;
+            }
+            data += tile_size;
+            size -= tile_size;
+        }
 
-    // block partitioning
-    for (i = 0; i < 4; i++)
-        for (j = 0; j < 4; j++) {
-            uint8_t *pp = p->partition[i][j];
-            unsigned *c = s->counts.partition[i][j];
+        for (row = tile_row_start; row < tile_row_end;
+             row += 8, yoff += ls_y * 64, uvoff += ls_uv * 64 >> s->ss_v) {
+            VP9Filter *lflvl_ptr = s->lflvl;
+            ptrdiff_t yoff2 = yoff, uvoff2 = uvoff;
 
-            adapt_prob(&pp[0], c[0], c[1] + c[2] + c[3], 20, 128);
-            adapt_prob(&pp[1], c[1], c[2] + c[3], 20, 128);
-            adapt_prob(&pp[2], c[2], c[3], 20, 128);
-        }
+            for (tile_col = 0; tile_col < s->s.h.tiling.tile_cols; tile_col++) {
+                set_tile_offset(&tile_col_start, &tile_col_end,
+                                tile_col, s->s.h.tiling.log2_tile_cols, s->sb_cols);
+                td->tile_col_start = tile_col_start;
+                if (s->pass != 2) {
+                    memset(td->left_partition_ctx, 0, 8);
+                    memset(td->left_skip_ctx, 0, 8);
+                    if (s->s.h.keyframe || s->s.h.intraonly) {
+                        memset(td->left_mode_ctx, DC_PRED, 16);
+                    } else {
+                        memset(td->left_mode_ctx, NEARESTMV, 8);
+                    }
+                    memset(td->left_y_nnz_ctx, 0, 16);
+                    memset(td->left_uv_nnz_ctx, 0, 32);
+                    memset(td->left_segpred_ctx, 0, 8);
 
-    // tx size
-    if (s->s.h.txfmmode == TX_SWITCHABLE) {
-      for (i = 0; i < 2; i++) {
-          unsigned *c16 = s->counts.tx16p[i], *c32 = s->counts.tx32p[i];
-
-          adapt_prob(&p->tx8p[i], s->counts.tx8p[i][0], s->counts.tx8p[i][1], 20, 128);
-          adapt_prob(&p->tx16p[i][0], c16[0], c16[1] + c16[2], 20, 128);
-          adapt_prob(&p->tx16p[i][1], c16[1], c16[2], 20, 128);
-          adapt_prob(&p->tx32p[i][0], c32[0], c32[1] + c32[2] + c32[3], 20, 128);
-          adapt_prob(&p->tx32p[i][1], c32[1], c32[2] + c32[3], 20, 128);
-          adapt_prob(&p->tx32p[i][2], c32[2], c32[3], 20, 128);
-      }
-    }
+                    td->c = &td->c_b[tile_col];
+                }
 
-    // interpolation filter
-    if (s->s.h.filtermode == FILTER_SWITCHABLE) {
-        for (i = 0; i < 4; i++) {
-            uint8_t *pp = p->filter[i];
-            unsigned *c = s->counts.filter[i];
+                for (col = tile_col_start;
+                     col < tile_col_end;
+                     col += 8, yoff2 += 64 * bytesperpixel,
+                     uvoff2 += 64 * bytesperpixel >> s->ss_h, lflvl_ptr++) {
+                    // FIXME integrate with lf code (i.e. zero after each
+                    // use, similar to invtxfm coefficients, or similar)
+                    if (s->pass != 1) {
+                        memset(lflvl_ptr->mask, 0, sizeof(lflvl_ptr->mask));
+                    }
 
-            adapt_prob(&pp[0], c[0], c[1] + c[2], 20, 128);
-            adapt_prob(&pp[1], c[1], c[2], 20, 128);
-        }
-    }
+                    if (s->pass == 2) {
+                        decode_sb_mem(td, row, col, lflvl_ptr,
+                                      yoff2, uvoff2, BL_64X64);
+                    } else {
+                        decode_sb(td, row, col, lflvl_ptr,
+                                  yoff2, uvoff2, BL_64X64);
+                    }
+                }
+            }
 
-    // inter modes
-    for (i = 0; i < 7; i++) {
-        uint8_t *pp = p->mv_mode[i];
-        unsigned *c = s->counts.mv_mode[i];
+            if (s->pass == 1)
+                continue;
+
+            // backup pre-loopfilter reconstruction data for intra
+            // prediction of next row of sb64s
+            if (row + 8 < s->rows) {
+                memcpy(s->intra_pred_data[0],
+                       f->data[0] + yoff + 63 * ls_y,
+                       8 * s->cols * bytesperpixel);
+                memcpy(s->intra_pred_data[1],
+                       f->data[1] + uvoff + ((64 >> s->ss_v) - 1) * ls_uv,
+                       8 * s->cols * bytesperpixel >> s->ss_h);
+                memcpy(s->intra_pred_data[2],
+                       f->data[2] + uvoff + ((64 >> s->ss_v) - 1) * ls_uv,
+                       8 * s->cols * bytesperpixel >> s->ss_h);
+            }
+
+            // loopfilter one row
+            if (s->s.h.filter.level) {
+                yoff2 = yoff;
+                uvoff2 = uvoff;
+                lflvl_ptr = s->lflvl;
+                for (col = 0; col < s->cols;
+                     col += 8, yoff2 += 64 * bytesperpixel,
+                     uvoff2 += 64 * bytesperpixel >> s->ss_h, lflvl_ptr++) {
+                    ff_vp9_loopfilter_sb(avctx, lflvl_ptr, row, col,
+                                         yoff2, uvoff2);
+                }
+            }
 
-        adapt_prob(&pp[0], c[2], c[1] + c[0] + c[3], 20, 128);
-        adapt_prob(&pp[1], c[0], c[1] + c[3], 20, 128);
-        adapt_prob(&pp[2], c[1], c[3], 20, 128);
+            // FIXME maybe we can make this more finegrained by running the
+            // loopfilter per-block instead of after each sbrow
+            // In fact that would also make intra pred left preparation easier?
+            ff_thread_report_progress(&s->s.frames[CUR_FRAME].tf, row >> 3, 0);
+        }
     }
+    return 0;
+}
 
-    // mv joints
-    {
-        uint8_t *pp = p->mv_joint;
-        unsigned *c = s->counts.mv_joint;
+#if HAVE_THREADS
+static av_always_inline
+int decode_tiles_mt(AVCodecContext *avctx, void *tdata, int jobnr,
+                              int threadnr)
+{
+    VP9Context *s = avctx->priv_data;
+    VP9TileData *td = &s->td[jobnr];
+    ptrdiff_t uvoff, yoff, ls_y, ls_uv;
+    int bytesperpixel = s->bytesperpixel, row, col, tile_row;
+    unsigned tile_cols_len;
+    int tile_row_start, tile_row_end, tile_col_start, tile_col_end;
+    VP9Filter *lflvl_ptr_base;
+    AVFrame *f;
 
-        adapt_prob(&pp[0], c[0], c[1] + c[2] + c[3], 20, 128);
-        adapt_prob(&pp[1], c[1], c[2] + c[3], 20, 128);
-        adapt_prob(&pp[2], c[2], c[3], 20, 128);
-    }
+    f = s->s.frames[CUR_FRAME].tf.f;
+    ls_y = f->linesize[0];
+    ls_uv =f->linesize[1];
 
-    // mv components
-    for (i = 0; i < 2; i++) {
-        uint8_t *pp;
-        unsigned *c, (*c2)[2], sum;
-
-        adapt_prob(&p->mv_comp[i].sign, s->counts.mv_comp[i].sign[0],
-                   s->counts.mv_comp[i].sign[1], 20, 128);
-
-        pp = p->mv_comp[i].classes;
-        c = s->counts.mv_comp[i].classes;
-        sum = c[1] + c[2] + c[3] + c[4] + c[5] + c[6] + c[7] + c[8] + c[9] + c[10];
-        adapt_prob(&pp[0], c[0], sum, 20, 128);
-        sum -= c[1];
-        adapt_prob(&pp[1], c[1], sum, 20, 128);
-        sum -= c[2] + c[3];
-        adapt_prob(&pp[2], c[2] + c[3], sum, 20, 128);
-        adapt_prob(&pp[3], c[2], c[3], 20, 128);
-        sum -= c[4] + c[5];
-        adapt_prob(&pp[4], c[4] + c[5], sum, 20, 128);
-        adapt_prob(&pp[5], c[4], c[5], 20, 128);
-        sum -= c[6];
-        adapt_prob(&pp[6], c[6], sum, 20, 128);
-        adapt_prob(&pp[7], c[7] + c[8], c[9] + c[10], 20, 128);
-        adapt_prob(&pp[8], c[7], c[8], 20, 128);
-        adapt_prob(&pp[9], c[9], c[10], 20, 128);
-
-        adapt_prob(&p->mv_comp[i].class0, s->counts.mv_comp[i].class0[0],
-                   s->counts.mv_comp[i].class0[1], 20, 128);
-        pp = p->mv_comp[i].bits;
-        c2 = s->counts.mv_comp[i].bits;
-        for (j = 0; j < 10; j++)
-            adapt_prob(&pp[j], c2[j][0], c2[j][1], 20, 128);
-
-        for (j = 0; j < 2; j++) {
-            pp = p->mv_comp[i].class0_fp[j];
-            c = s->counts.mv_comp[i].class0_fp[j];
-            adapt_prob(&pp[0], c[0], c[1] + c[2] + c[3], 20, 128);
-            adapt_prob(&pp[1], c[1], c[2] + c[3], 20, 128);
-            adapt_prob(&pp[2], c[2], c[3], 20, 128);
-        }
-        pp = p->mv_comp[i].fp;
-        c = s->counts.mv_comp[i].fp;
-        adapt_prob(&pp[0], c[0], c[1] + c[2] + c[3], 20, 128);
-        adapt_prob(&pp[1], c[1], c[2] + c[3], 20, 128);
-        adapt_prob(&pp[2], c[2], c[3], 20, 128);
+    set_tile_offset(&tile_col_start, &tile_col_end,
+                    jobnr, s->s.h.tiling.log2_tile_cols, s->sb_cols);
+    td->tile_col_start  = tile_col_start;
+    uvoff = (64 * bytesperpixel >> s->ss_h)*(tile_col_start >> 3);
+    yoff = (64 * bytesperpixel)*(tile_col_start >> 3);
+    lflvl_ptr_base = s->lflvl+(tile_col_start >> 3);
+
+    for (tile_row = 0; tile_row < s->s.h.tiling.tile_rows; tile_row++) {
+        set_tile_offset(&tile_row_start, &tile_row_end,
+                        tile_row, s->s.h.tiling.log2_tile_rows, s->sb_rows);
+
+        td->c = &td->c_b[tile_row];
+        for (row = tile_row_start; row < tile_row_end;
+             row += 8, yoff += ls_y * 64, uvoff += ls_uv * 64 >> s->ss_v) {
+            ptrdiff_t yoff2 = yoff, uvoff2 = uvoff;
+            VP9Filter *lflvl_ptr = lflvl_ptr_base+s->sb_cols*(row >> 3);
+
+            memset(td->left_partition_ctx, 0, 8);
+            memset(td->left_skip_ctx, 0, 8);
+            if (s->s.h.keyframe || s->s.h.intraonly) {
+                memset(td->left_mode_ctx, DC_PRED, 16);
+            } else {
+                memset(td->left_mode_ctx, NEARESTMV, 8);
+            }
+            memset(td->left_y_nnz_ctx, 0, 16);
+            memset(td->left_uv_nnz_ctx, 0, 32);
+            memset(td->left_segpred_ctx, 0, 8);
 
-        if (s->s.h.highprecisionmvs) {
-            adapt_prob(&p->mv_comp[i].class0_hp, s->counts.mv_comp[i].class0_hp[0],
-                       s->counts.mv_comp[i].class0_hp[1], 20, 128);
-            adapt_prob(&p->mv_comp[i].hp, s->counts.mv_comp[i].hp[0],
-                       s->counts.mv_comp[i].hp[1], 20, 128);
-        }
-    }
+            for (col = tile_col_start;
+                 col < tile_col_end;
+                 col += 8, yoff2 += 64 * bytesperpixel,
+                 uvoff2 += 64 * bytesperpixel >> s->ss_h, lflvl_ptr++) {
+                // FIXME integrate with lf code (i.e. zero after each
+                // use, similar to invtxfm coefficients, or similar)
+                memset(lflvl_ptr->mask, 0, sizeof(lflvl_ptr->mask));
+                decode_sb(td, row, col, lflvl_ptr,
+                            yoff2, uvoff2, BL_64X64);
+            }
 
-    // y intra modes
-    for (i = 0; i < 4; i++) {
-        uint8_t *pp = p->y_mode[i];
-        unsigned *c = s->counts.y_mode[i], sum, s2;
-
-        sum = c[0] + c[1] + c[3] + c[4] + c[5] + c[6] + c[7] + c[8] + c[9];
-        adapt_prob(&pp[0], c[DC_PRED], sum, 20, 128);
-        sum -= c[TM_VP8_PRED];
-        adapt_prob(&pp[1], c[TM_VP8_PRED], sum, 20, 128);
-        sum -= c[VERT_PRED];
-        adapt_prob(&pp[2], c[VERT_PRED], sum, 20, 128);
-        s2 = c[HOR_PRED] + c[DIAG_DOWN_RIGHT_PRED] + c[VERT_RIGHT_PRED];
-        sum -= s2;
-        adapt_prob(&pp[3], s2, sum, 20, 128);
-        s2 -= c[HOR_PRED];
-        adapt_prob(&pp[4], c[HOR_PRED], s2, 20, 128);
-        adapt_prob(&pp[5], c[DIAG_DOWN_RIGHT_PRED], c[VERT_RIGHT_PRED], 20, 128);
-        sum -= c[DIAG_DOWN_LEFT_PRED];
-        adapt_prob(&pp[6], c[DIAG_DOWN_LEFT_PRED], sum, 20, 128);
-        sum -= c[VERT_LEFT_PRED];
-        adapt_prob(&pp[7], c[VERT_LEFT_PRED], sum, 20, 128);
-        adapt_prob(&pp[8], c[HOR_DOWN_PRED], c[HOR_UP_PRED], 20, 128);
-    }
+            // backup pre-loopfilter reconstruction data for intra
+            // prediction of next row of sb64s
+            tile_cols_len = tile_col_end - tile_col_start;
+            if (row + 8 < s->rows) {
+                memcpy(s->intra_pred_data[0] + (tile_col_start * 8 * bytesperpixel),
+                       f->data[0] + yoff + 63 * ls_y,
+                       8 * tile_cols_len * bytesperpixel);
+                memcpy(s->intra_pred_data[1] + (tile_col_start * 8 * bytesperpixel >> s->ss_h),
+                       f->data[1] + uvoff + ((64 >> s->ss_v) - 1) * ls_uv,
+                       8 * tile_cols_len * bytesperpixel >> s->ss_h);
+                memcpy(s->intra_pred_data[2] + (tile_col_start * 8 * bytesperpixel >> s->ss_h),
+                       f->data[2] + uvoff + ((64 >> s->ss_v) - 1) * ls_uv,
+                       8 * tile_cols_len * bytesperpixel >> s->ss_h);
+            }
 
-    // uv intra modes
-    for (i = 0; i < 10; i++) {
-        uint8_t *pp = p->uv_mode[i];
-        unsigned *c = s->counts.uv_mode[i], sum, s2;
-
-        sum = c[0] + c[1] + c[3] + c[4] + c[5] + c[6] + c[7] + c[8] + c[9];
-        adapt_prob(&pp[0], c[DC_PRED], sum, 20, 128);
-        sum -= c[TM_VP8_PRED];
-        adapt_prob(&pp[1], c[TM_VP8_PRED], sum, 20, 128);
-        sum -= c[VERT_PRED];
-        adapt_prob(&pp[2], c[VERT_PRED], sum, 20, 128);
-        s2 = c[HOR_PRED] + c[DIAG_DOWN_RIGHT_PRED] + c[VERT_RIGHT_PRED];
-        sum -= s2;
-        adapt_prob(&pp[3], s2, sum, 20, 128);
-        s2 -= c[HOR_PRED];
-        adapt_prob(&pp[4], c[HOR_PRED], s2, 20, 128);
-        adapt_prob(&pp[5], c[DIAG_DOWN_RIGHT_PRED], c[VERT_RIGHT_PRED], 20, 128);
-        sum -= c[DIAG_DOWN_LEFT_PRED];
-        adapt_prob(&pp[6], c[DIAG_DOWN_LEFT_PRED], sum, 20, 128);
-        sum -= c[VERT_LEFT_PRED];
-        adapt_prob(&pp[7], c[VERT_LEFT_PRED], sum, 20, 128);
-        adapt_prob(&pp[8], c[HOR_DOWN_PRED], c[HOR_UP_PRED], 20, 128);
+            vp9_report_tile_progress(s, row >> 3, 1);
+        }
     }
+    return 0;
 }
 
-static void free_buffers(VP9Context *s)
+static av_always_inline
+int loopfilter_proc(AVCodecContext *avctx)
 {
-    av_freep(&s->intra_pred_data[0]);
-    av_freep(&s->b_base);
-    av_freep(&s->block_base);
-}
+    VP9Context *s = avctx->priv_data;
+    ptrdiff_t uvoff, yoff, ls_y, ls_uv;
+    VP9Filter *lflvl_ptr;
+    int bytesperpixel = s->bytesperpixel, col, i;
+    AVFrame *f;
 
-static av_cold int vp9_decode_free(AVCodecContext *ctx)
-{
-    VP9Context *s = ctx->priv_data;
-    int i;
+    f = s->s.frames[CUR_FRAME].tf.f;
+    ls_y = f->linesize[0];
+    ls_uv =f->linesize[1];
 
-    for (i = 0; i < 3; i++) {
-        if (s->s.frames[i].tf.f->buf[0])
-            vp9_unref_frame(ctx, &s->s.frames[i]);
-        av_frame_free(&s->s.frames[i].tf.f);
-    }
-    for (i = 0; i < 8; i++) {
-        if (s->s.refs[i].f->buf[0])
-            ff_thread_release_buffer(ctx, &s->s.refs[i]);
-        av_frame_free(&s->s.refs[i].f);
-        if (s->next_refs[i].f->buf[0])
-            ff_thread_release_buffer(ctx, &s->next_refs[i]);
-        av_frame_free(&s->next_refs[i].f);
-    }
-    free_buffers(s);
-    av_freep(&s->c_b);
-    s->c_b_size = 0;
+    for (i = 0; i < s->sb_rows; i++) {
+        vp9_await_tile_progress(s, i, s->s.h.tiling.tile_cols);
 
+        if (s->s.h.filter.level) {
+            yoff = (ls_y * 64)*i;
+            uvoff =  (ls_uv * 64 >> s->ss_v)*i;
+            lflvl_ptr = s->lflvl+s->sb_cols*i;
+            for (col = 0; col < s->cols;
+                 col += 8, yoff += 64 * bytesperpixel,
+                 uvoff += 64 * bytesperpixel >> s->ss_h, lflvl_ptr++) {
+                ff_vp9_loopfilter_sb(avctx, lflvl_ptr, i << 3, col,
+                                     yoff, uvoff);
+            }
+        }
+    }
     return 0;
 }
+#endif
 
-
-static int vp9_decode_frame(AVCodecContext *ctx, void *frame,
+static int vp9_decode_frame(AVCodecContext *avctx, void *frame,
                             int *got_frame, AVPacket *pkt)
 {
     const uint8_t *data = pkt->data;
     int size = pkt->size;
-    VP9Context *s = ctx->priv_data;
-    int res, tile_row, tile_col, i, ref, row, col;
+    VP9Context *s = avctx->priv_data;
+    int ret, i, j, ref;
     int retain_segmap_ref = s->s.frames[REF_FRAME_SEGMAP].segmentation_map &&
                             (!s->s.h.segmentation.enabled || !s->s.h.segmentation.update_map);
-    ptrdiff_t yoff, uvoff, ls_y, ls_uv;
     AVFrame *f;
-    int bytesperpixel;
 
-    if ((res = decode_frame_header(ctx, data, size, &ref)) < 0) {
-        return res;
-    } else if (res == 0) {
+    if ((ret = decode_frame_header(avctx, data, size, &ref)) < 0) {
+        return ret;
+    } else if (ret == 0) {
         if (!s->s.refs[ref].f->buf[0]) {
-            av_log(ctx, AV_LOG_ERROR, "Requested reference %d not available\n", ref);
+            av_log(avctx, AV_LOG_ERROR, "Requested reference %d not available\n", ref);
             return AVERROR_INVALIDDATA;
         }
-        if ((res = av_frame_ref(frame, s->s.refs[ref].f)) < 0)
-            return res;
+        if ((ret = av_frame_ref(frame, s->s.refs[ref].f)) < 0)
+            return ret;
         ((AVFrame *)frame)->pts = pkt->pts;
 #if FF_API_PKT_PTS
 FF_DISABLE_DEPRECATION_WARNINGS
@@ -4000,73 +1480,70 @@ FF_ENABLE_DEPRECATION_WARNINGS
         ((AVFrame *)frame)->pkt_dts = pkt->dts;
         for (i = 0; i < 8; i++) {
             if (s->next_refs[i].f->buf[0])
-                ff_thread_release_buffer(ctx, &s->next_refs[i]);
+                ff_thread_release_buffer(avctx, &s->next_refs[i]);
             if (s->s.refs[i].f->buf[0] &&
-                (res = ff_thread_ref_frame(&s->next_refs[i], &s->s.refs[i])) < 0)
-                return res;
+                (ret = ff_thread_ref_frame(&s->next_refs[i], &s->s.refs[i])) < 0)
+                return ret;
         }
         *got_frame = 1;
         return pkt->size;
     }
-    data += res;
-    size -= res;
+    data += ret;
+    size -= ret;
 
     if (!retain_segmap_ref || s->s.h.keyframe || s->s.h.intraonly) {
         if (s->s.frames[REF_FRAME_SEGMAP].tf.f->buf[0])
-            vp9_unref_frame(ctx, &s->s.frames[REF_FRAME_SEGMAP]);
+            vp9_frame_unref(avctx, &s->s.frames[REF_FRAME_SEGMAP]);
         if (!s->s.h.keyframe && !s->s.h.intraonly && !s->s.h.errorres && s->s.frames[CUR_FRAME].tf.f->buf[0] &&
-            (res = vp9_ref_frame(ctx, &s->s.frames[REF_FRAME_SEGMAP], &s->s.frames[CUR_FRAME])) < 0)
-            return res;
+            (ret = vp9_frame_ref(avctx, &s->s.frames[REF_FRAME_SEGMAP], &s->s.frames[CUR_FRAME])) < 0)
+            return ret;
     }
     if (s->s.frames[REF_FRAME_MVPAIR].tf.f->buf[0])
-        vp9_unref_frame(ctx, &s->s.frames[REF_FRAME_MVPAIR]);
+        vp9_frame_unref(avctx, &s->s.frames[REF_FRAME_MVPAIR]);
     if (!s->s.h.intraonly && !s->s.h.keyframe && !s->s.h.errorres && s->s.frames[CUR_FRAME].tf.f->buf[0] &&
-        (res = vp9_ref_frame(ctx, &s->s.frames[REF_FRAME_MVPAIR], &s->s.frames[CUR_FRAME])) < 0)
-        return res;
+        (ret = vp9_frame_ref(avctx, &s->s.frames[REF_FRAME_MVPAIR], &s->s.frames[CUR_FRAME])) < 0)
+        return ret;
     if (s->s.frames[CUR_FRAME].tf.f->buf[0])
-        vp9_unref_frame(ctx, &s->s.frames[CUR_FRAME]);
-    if ((res = vp9_alloc_frame(ctx, &s->s.frames[CUR_FRAME])) < 0)
-        return res;
+        vp9_frame_unref(avctx, &s->s.frames[CUR_FRAME]);
+    if ((ret = vp9_frame_alloc(avctx, &s->s.frames[CUR_FRAME])) < 0)
+        return ret;
     f = s->s.frames[CUR_FRAME].tf.f;
     f->key_frame = s->s.h.keyframe;
     f->pict_type = (s->s.h.keyframe || s->s.h.intraonly) ? AV_PICTURE_TYPE_I : AV_PICTURE_TYPE_P;
-    ls_y = f->linesize[0];
-    ls_uv =f->linesize[1];
 
     if (s->s.frames[REF_FRAME_SEGMAP].tf.f->buf[0] &&
         (s->s.frames[REF_FRAME_MVPAIR].tf.f->width  != s->s.frames[CUR_FRAME].tf.f->width ||
          s->s.frames[REF_FRAME_MVPAIR].tf.f->height != s->s.frames[CUR_FRAME].tf.f->height)) {
-        vp9_unref_frame(ctx, &s->s.frames[REF_FRAME_SEGMAP]);
+        vp9_frame_unref(avctx, &s->s.frames[REF_FRAME_SEGMAP]);
     }
 
     // ref frame setup
     for (i = 0; i < 8; i++) {
         if (s->next_refs[i].f->buf[0])
-            ff_thread_release_buffer(ctx, &s->next_refs[i]);
+            ff_thread_release_buffer(avctx, &s->next_refs[i]);
         if (s->s.h.refreshrefmask & (1 << i)) {
-            res = ff_thread_ref_frame(&s->next_refs[i], &s->s.frames[CUR_FRAME].tf);
+            ret = ff_thread_ref_frame(&s->next_refs[i], &s->s.frames[CUR_FRAME].tf);
         } else if (s->s.refs[i].f->buf[0]) {
-            res = ff_thread_ref_frame(&s->next_refs[i], &s->s.refs[i]);
-        }
-        if (res < 0)
-            return res;
-    }
-
-    if (ctx->hwaccel) {
-        res = ctx->hwaccel->start_frame(ctx, NULL, 0);
-        if (res < 0)
-            return res;
-        res = ctx->hwaccel->decode_slice(ctx, pkt->data, pkt->size);
-        if (res < 0)
-            return res;
-        res = ctx->hwaccel->end_frame(ctx);
-        if (res < 0)
-            return res;
+            ret = ff_thread_ref_frame(&s->next_refs[i], &s->s.refs[i]);
+        }
+        if (ret < 0)
+            return ret;
+    }
+
+    if (avctx->hwaccel) {
+        ret = avctx->hwaccel->start_frame(avctx, NULL, 0);
+        if (ret < 0)
+            return ret;
+        ret = avctx->hwaccel->decode_slice(avctx, pkt->data, pkt->size);
+        if (ret < 0)
+            return ret;
+        ret = avctx->hwaccel->end_frame(avctx);
+        if (ret < 0)
+            return ret;
         goto finish;
     }
 
     // main tile decode loop
-    bytesperpixel = s->bytesperpixel;
     memset(s->above_partition_ctx, 0, s->cols);
     memset(s->above_skip_ctx, 0, s->cols);
     if (s->s.h.keyframe || s->s.h.intraonly) {
@@ -4079,11 +1556,11 @@ FF_ENABLE_DEPRECATION_WARNINGS
     memset(s->above_uv_nnz_ctx[1], 0, s->sb_cols * 16 >> s->ss_h);
     memset(s->above_segpred_ctx, 0, s->cols);
     s->pass = s->s.frames[CUR_FRAME].uses_2pass =
-        ctx->active_thread_type == FF_THREAD_FRAME && s->s.h.refreshctx && !s->s.h.parallelmode;
-    if ((res = update_block_buffers(ctx)) < 0) {
-        av_log(ctx, AV_LOG_ERROR,
+        avctx->active_thread_type == FF_THREAD_FRAME && s->s.h.refreshctx && !s->s.h.parallelmode;
+    if ((ret = update_block_buffers(avctx)) < 0) {
+        av_log(avctx, AV_LOG_ERROR,
                "Failed to allocate block buffers\n");
-        return res;
+        return ret;
     }
     if (s->s.h.refreshctx && s->s.h.parallelmode) {
         int j, k, l, m;
@@ -4099,25 +1576,36 @@ FF_ENABLE_DEPRECATION_WARNINGS
                 break;
         }
         s->prob_ctx[s->s.h.framectxid].p = s->prob.p;
-        ff_thread_finish_setup(ctx);
+        ff_thread_finish_setup(avctx);
     } else if (!s->s.h.refreshctx) {
-        ff_thread_finish_setup(ctx);
+        ff_thread_finish_setup(avctx);
+    }
+
+#if HAVE_THREADS
+    if (avctx->active_thread_type & FF_THREAD_SLICE) {
+        for (i = 0; i < s->sb_rows; i++)
+            atomic_store(&s->entries[i], 0);
     }
+#endif
 
     do {
-        yoff = uvoff = 0;
-        s->b = s->b_base;
-        s->block = s->block_base;
-        s->uvblock[0] = s->uvblock_base[0];
-        s->uvblock[1] = s->uvblock_base[1];
-        s->eob = s->eob_base;
-        s->uveob[0] = s->uveob_base[0];
-        s->uveob[1] = s->uveob_base[1];
-
-        for (tile_row = 0; tile_row < s->s.h.tiling.tile_rows; tile_row++) {
-            set_tile_offset(&s->tile_row_start, &s->tile_row_end,
-                            tile_row, s->s.h.tiling.log2_tile_rows, s->sb_rows);
-            if (s->pass != 2) {
+        for (i = 0; i < s->active_tile_cols; i++) {
+            s->td[i].b = s->td[i].b_base;
+            s->td[i].block = s->td[i].block_base;
+            s->td[i].uvblock[0] = s->td[i].uvblock_base[0];
+            s->td[i].uvblock[1] = s->td[i].uvblock_base[1];
+            s->td[i].eob = s->td[i].eob_base;
+            s->td[i].uveob[0] = s->td[i].uveob_base[0];
+            s->td[i].uveob[1] = s->td[i].uveob_base[1];
+        }
+
+#if HAVE_THREADS
+        if (avctx->active_thread_type == FF_THREAD_SLICE) {
+            int tile_row, tile_col;
+
+            av_assert1(!s->pass);
+
+            for (tile_row = 0; tile_row < s->s.h.tiling.tile_rows; tile_row++) {
                 for (tile_col = 0; tile_col < s->s.h.tiling.tile_cols; tile_col++) {
                     int64_t tile_size;
 
@@ -4129,107 +1617,38 @@ FF_ENABLE_DEPRECATION_WARNINGS
                         data += 4;
                         size -= 4;
                     }
-                    if (tile_size > size) {
-                        ff_thread_report_progress(&s->s.frames[CUR_FRAME].tf, INT_MAX, 0);
+                    if (tile_size > size)
                         return AVERROR_INVALIDDATA;
-                    }
-                    ff_vp56_init_range_decoder(&s->c_b[tile_col], data, tile_size);
-                    if (vp56_rac_get_prob_branchy(&s->c_b[tile_col], 128)) { // marker bit
-                        ff_thread_report_progress(&s->s.frames[CUR_FRAME].tf, INT_MAX, 0);
+                    ret = ff_vp56_init_range_decoder(&s->td[tile_col].c_b[tile_row], data, tile_size);
+                    if (ret < 0)
+                        return ret;
+                    if (vp56_rac_get_prob_branchy(&s->td[tile_col].c_b[tile_row], 128)) // marker bit
                         return AVERROR_INVALIDDATA;
-                    }
                     data += tile_size;
                     size -= tile_size;
                 }
             }
 
-            for (row = s->tile_row_start; row < s->tile_row_end;
-                 row += 8, yoff += ls_y * 64, uvoff += ls_uv * 64 >> s->ss_v) {
-                struct VP9Filter *lflvl_ptr = s->lflvl;
-                ptrdiff_t yoff2 = yoff, uvoff2 = uvoff;
-
-                for (tile_col = 0; tile_col < s->s.h.tiling.tile_cols; tile_col++) {
-                    set_tile_offset(&s->tile_col_start, &s->tile_col_end,
-                                    tile_col, s->s.h.tiling.log2_tile_cols, s->sb_cols);
-
-                    if (s->pass != 2) {
-                        memset(s->left_partition_ctx, 0, 8);
-                        memset(s->left_skip_ctx, 0, 8);
-                        if (s->s.h.keyframe || s->s.h.intraonly) {
-                            memset(s->left_mode_ctx, DC_PRED, 16);
-                        } else {
-                            memset(s->left_mode_ctx, NEARESTMV, 8);
-                        }
-                        memset(s->left_y_nnz_ctx, 0, 16);
-                        memset(s->left_uv_nnz_ctx, 0, 32);
-                        memset(s->left_segpred_ctx, 0, 8);
-
-                        memcpy(&s->c, &s->c_b[tile_col], sizeof(s->c));
-                    }
-
-                    for (col = s->tile_col_start;
-                         col < s->tile_col_end;
-                         col += 8, yoff2 += 64 * bytesperpixel,
-                         uvoff2 += 64 * bytesperpixel >> s->ss_h, lflvl_ptr++) {
-                        // FIXME integrate with lf code (i.e. zero after each
-                        // use, similar to invtxfm coefficients, or similar)
-                        if (s->pass != 1) {
-                            memset(lflvl_ptr->mask, 0, sizeof(lflvl_ptr->mask));
-                        }
-
-                        if (s->pass == 2) {
-                            decode_sb_mem(ctx, row, col, lflvl_ptr,
-                                          yoff2, uvoff2, BL_64X64);
-                        } else {
-                            decode_sb(ctx, row, col, lflvl_ptr,
-                                      yoff2, uvoff2, BL_64X64);
-                        }
-                    }
-                    if (s->pass != 2) {
-                        memcpy(&s->c_b[tile_col], &s->c, sizeof(s->c));
-                    }
-                }
-
-                if (s->pass == 1) {
-                    continue;
-                }
-
-                // backup pre-loopfilter reconstruction data for intra
-                // prediction of next row of sb64s
-                if (row + 8 < s->rows) {
-                    memcpy(s->intra_pred_data[0],
-                           f->data[0] + yoff + 63 * ls_y,
-                           8 * s->cols * bytesperpixel);
-                    memcpy(s->intra_pred_data[1],
-                           f->data[1] + uvoff + ((64 >> s->ss_v) - 1) * ls_uv,
-                           8 * s->cols * bytesperpixel >> s->ss_h);
-                    memcpy(s->intra_pred_data[2],
-                           f->data[2] + uvoff + ((64 >> s->ss_v) - 1) * ls_uv,
-                           8 * s->cols * bytesperpixel >> s->ss_h);
-                }
-
-                // loopfilter one row
-                if (s->s.h.filter.level) {
-                    yoff2 = yoff;
-                    uvoff2 = uvoff;
-                    lflvl_ptr = s->lflvl;
-                    for (col = 0; col < s->cols;
-                         col += 8, yoff2 += 64 * bytesperpixel,
-                         uvoff2 += 64 * bytesperpixel >> s->ss_h, lflvl_ptr++) {
-                        loopfilter_sb(ctx, lflvl_ptr, row, col, yoff2, uvoff2);
-                    }
-                }
-
-                // FIXME maybe we can make this more finegrained by running the
-                // loopfilter per-block instead of after each sbrow
-                // In fact that would also make intra pred left preparation easier?
-                ff_thread_report_progress(&s->s.frames[CUR_FRAME].tf, row >> 3, 0);
+            ff_slice_thread_execute_with_mainfunc(avctx, decode_tiles_mt, loopfilter_proc, s->td, NULL, s->s.h.tiling.tile_cols);
+        } else
+#endif
+        {
+            ret = decode_tiles(avctx, data, size);
+            if (ret < 0) {
+                ff_thread_report_progress(&s->s.frames[CUR_FRAME].tf, INT_MAX, 0);
+                return ret;
             }
         }
 
+        // Sum all counts fields into td[0].counts for tile threading
+        if (avctx->active_thread_type == FF_THREAD_SLICE)
+            for (i = 1; i < s->s.h.tiling.tile_cols; i++)
+                for (j = 0; j < sizeof(s->td[i].counts) / sizeof(unsigned); j++)
+                    ((unsigned *)&s->td[0].counts)[j] += ((unsigned *)&s->td[i].counts)[j];
+
         if (s->pass < 2 && s->s.h.refreshctx && !s->s.h.parallelmode) {
-            adapt_probs(s);
-            ff_thread_finish_setup(ctx);
+            ff_vp9_adapt_probs(s);
+            ff_thread_finish_setup(avctx);
         }
     } while (s->pass++ == 1);
     ff_thread_report_progress(&s->s.frames[CUR_FRAME].tf, INT_MAX, 0);
@@ -4238,42 +1657,42 @@ finish:
     // ref frame setup
     for (i = 0; i < 8; i++) {
         if (s->s.refs[i].f->buf[0])
-            ff_thread_release_buffer(ctx, &s->s.refs[i]);
+            ff_thread_release_buffer(avctx, &s->s.refs[i]);
         if (s->next_refs[i].f->buf[0] &&
-            (res = ff_thread_ref_frame(&s->s.refs[i], &s->next_refs[i])) < 0)
-            return res;
+            (ret = ff_thread_ref_frame(&s->s.refs[i], &s->next_refs[i])) < 0)
+            return ret;
     }
 
     if (!s->s.h.invisible) {
-        if ((res = av_frame_ref(frame, s->s.frames[CUR_FRAME].tf.f)) < 0)
-            return res;
+        if ((ret = av_frame_ref(frame, s->s.frames[CUR_FRAME].tf.f)) < 0)
+            return ret;
         *got_frame = 1;
     }
 
     return pkt->size;
 }
 
-static void vp9_decode_flush(AVCodecContext *ctx)
+static void vp9_decode_flush(AVCodecContext *avctx)
 {
-    VP9Context *s = ctx->priv_data;
+    VP9Context *s = avctx->priv_data;
     int i;
 
     for (i = 0; i < 3; i++)
-        vp9_unref_frame(ctx, &s->s.frames[i]);
+        vp9_frame_unref(avctx, &s->s.frames[i]);
     for (i = 0; i < 8; i++)
-        ff_thread_release_buffer(ctx, &s->s.refs[i]);
+        ff_thread_release_buffer(avctx, &s->s.refs[i]);
 }
 
-static int init_frames(AVCodecContext *ctx)
+static int init_frames(AVCodecContext *avctx)
 {
-    VP9Context *s = ctx->priv_data;
+    VP9Context *s = avctx->priv_data;
     int i;
 
     for (i = 0; i < 3; i++) {
         s->s.frames[i].tf.f = av_frame_alloc();
         if (!s->s.frames[i].tf.f) {
-            vp9_decode_free(ctx);
-            av_log(ctx, AV_LOG_ERROR, "Failed to allocate frame buffer %d\n", i);
+            vp9_decode_free(avctx);
+            av_log(avctx, AV_LOG_ERROR, "Failed to allocate frame buffer %d\n", i);
             return AVERROR(ENOMEM);
         }
     }
@@ -4281,8 +1700,8 @@ static int init_frames(AVCodecContext *ctx)
         s->s.refs[i].f = av_frame_alloc();
         s->next_refs[i].f = av_frame_alloc();
         if (!s->s.refs[i].f || !s->next_refs[i].f) {
-            vp9_decode_free(ctx);
-            av_log(ctx, AV_LOG_ERROR, "Failed to allocate frame buffer %d\n", i);
+            vp9_decode_free(avctx);
+            av_log(avctx, AV_LOG_ERROR, "Failed to allocate frame buffer %d\n", i);
             return AVERROR(ENOMEM);
         }
     }
@@ -4290,15 +1709,15 @@ static int init_frames(AVCodecContext *ctx)
     return 0;
 }
 
-static av_cold int vp9_decode_init(AVCodecContext *ctx)
+static av_cold int vp9_decode_init(AVCodecContext *avctx)
 {
-    VP9Context *s = ctx->priv_data;
+    VP9Context *s = avctx->priv_data;
 
-    ctx->internal->allocate_progress = 1;
+    avctx->internal->allocate_progress = 1;
     s->last_bpp = 0;
     s->s.h.filter.sharpness = -1;
 
-    return init_frames(ctx);
+    return init_frames(avctx);
 }
 
 #if HAVE_THREADS
@@ -4309,23 +1728,23 @@ static av_cold int vp9_decode_init_thread_copy(AVCodecContext *avctx)
 
 static int vp9_decode_update_thread_context(AVCodecContext *dst, const AVCodecContext *src)
 {
-    int i, res;
+    int i, ret;
     VP9Context *s = dst->priv_data, *ssrc = src->priv_data;
 
     for (i = 0; i < 3; i++) {
         if (s->s.frames[i].tf.f->buf[0])
-            vp9_unref_frame(dst, &s->s.frames[i]);
+            vp9_frame_unref(dst, &s->s.frames[i]);
         if (ssrc->s.frames[i].tf.f->buf[0]) {
-            if ((res = vp9_ref_frame(dst, &s->s.frames[i], &ssrc->s.frames[i])) < 0)
-                return res;
+            if ((ret = vp9_frame_ref(dst, &s->s.frames[i], &ssrc->s.frames[i])) < 0)
+                return ret;
         }
     }
     for (i = 0; i < 8; i++) {
         if (s->s.refs[i].f->buf[0])
             ff_thread_release_buffer(dst, &s->s.refs[i]);
         if (ssrc->next_refs[i].f->buf[0]) {
-            if ((res = ff_thread_ref_frame(&s->s.refs[i], &ssrc->next_refs[i])) < 0)
-                return res;
+            if ((ret = ff_thread_ref_frame(&s->s.refs[i], &ssrc->next_refs[i])) < 0)
+                return ret;
         }
     }
 
@@ -4341,7 +1760,7 @@ static int vp9_decode_update_thread_context(AVCodecContext *dst, const AVCodecCo
     s->gf_fmt = ssrc->gf_fmt;
     s->w = ssrc->w;
     s->h = ssrc->h;
-    s->bpp = ssrc->bpp;
+    s->s.h.bpp = ssrc->s.h.bpp;
     s->bpp_index = ssrc->bpp_index;
     s->pix_fmt = ssrc->pix_fmt;
     memcpy(&s->prob_ctx, &ssrc->prob_ctx, sizeof(s->prob_ctx));
@@ -4362,7 +1781,8 @@ AVCodec ff_vp9_decoder = {
     .init                  = vp9_decode_init,
     .close                 = vp9_decode_free,
     .decode                = vp9_decode_frame,
-    .capabilities          = AV_CODEC_CAP_DR1 | AV_CODEC_CAP_FRAME_THREADS,
+    .capabilities          = AV_CODEC_CAP_DR1 | AV_CODEC_CAP_FRAME_THREADS | AV_CODEC_CAP_SLICE_THREADS,
+    .caps_internal         = FF_CODEC_CAP_SLICE_THREAD_HAS_MF,
     .flush                 = vp9_decode_flush,
     .init_thread_copy      = ONLY_IF_THREADS_ENABLED(vp9_decode_init_thread_copy),
     .update_thread_context = ONLY_IF_THREADS_ENABLED(vp9_decode_update_thread_context),
diff --git a/media/ffvpx/libavcodec/vp9.h b/media/ffvpx/libavcodec/vp9.h
index df5bd4d85..c8d07ad98 100644
--- a/media/ffvpx/libavcodec/vp9.h
+++ b/media/ffvpx/libavcodec/vp9.h
@@ -24,42 +24,6 @@
 #ifndef AVCODEC_VP9_H
 #define AVCODEC_VP9_H
 
-#include <stdint.h>
-
-#include "thread.h"
-#include "vp56.h"
-
-enum BlockLevel {
-    BL_64X64,
-    BL_32X32,
-    BL_16X16,
-    BL_8X8,
-};
-
-enum BlockPartition {
-    PARTITION_NONE,    // [ ] <-.
-    PARTITION_H,       // [-]   |
-    PARTITION_V,       // [|]   |
-    PARTITION_SPLIT,   // [+] --'
-};
-
-enum BlockSize {
-    BS_64x64,
-    BS_64x32,
-    BS_32x64,
-    BS_32x32,
-    BS_32x16,
-    BS_16x32,
-    BS_16x16,
-    BS_16x8,
-    BS_8x16,
-    BS_8x8,
-    BS_8x4,
-    BS_4x8,
-    BS_4x4,
-    N_BS_SIZES,
-};
-
 enum TxfmMode {
     TX_4X4,
     TX_8X8,
@@ -97,115 +61,13 @@ enum IntraPredMode {
     N_INTRA_PRED_MODES
 };
 
-enum InterPredMode {
-    NEARESTMV = 10,
-    NEARMV = 11,
-    ZEROMV = 12,
-    NEWMV = 13,
-};
-
 enum FilterMode {
     FILTER_8TAP_SMOOTH,
     FILTER_8TAP_REGULAR,
     FILTER_8TAP_SHARP,
     FILTER_BILINEAR,
-    FILTER_SWITCHABLE,
+    N_FILTERS,
+    FILTER_SWITCHABLE = N_FILTERS,
 };
 
-enum CompPredMode {
-    PRED_SINGLEREF,
-    PRED_COMPREF,
-    PRED_SWITCHABLE,
-};
-
-struct VP9mvrefPair {
-    VP56mv mv[2];
-    int8_t ref[2];
-};
-
-typedef struct VP9Frame {
-    ThreadFrame tf;
-    AVBufferRef *extradata;
-    uint8_t *segmentation_map;
-    struct VP9mvrefPair *mv;
-    int uses_2pass;
-
-    AVBufferRef *hwaccel_priv_buf;
-    void *hwaccel_picture_private;
-} VP9Frame;
-
-typedef struct VP9BitstreamHeader {
-    // bitstream header
-    uint8_t profile;
-    uint8_t keyframe;
-    uint8_t invisible;
-    uint8_t errorres;
-    uint8_t intraonly;
-    uint8_t resetctx;
-    uint8_t refreshrefmask;
-    uint8_t highprecisionmvs;
-    enum FilterMode filtermode;
-    uint8_t allowcompinter;
-    uint8_t refreshctx;
-    uint8_t parallelmode;
-    uint8_t framectxid;
-    uint8_t use_last_frame_mvs;
-    uint8_t refidx[3];
-    uint8_t signbias[3];
-    uint8_t fixcompref;
-    uint8_t varcompref[2];
-    struct {
-        uint8_t level;
-        int8_t sharpness;
-    } filter;
-    struct {
-        uint8_t enabled;
-        uint8_t updated;
-        int8_t mode[2];
-        int8_t ref[4];
-    } lf_delta;
-    uint8_t yac_qi;
-    int8_t ydc_qdelta, uvdc_qdelta, uvac_qdelta;
-    uint8_t lossless;
-#define MAX_SEGMENT 8
-    struct {
-        uint8_t enabled;
-        uint8_t temporal;
-        uint8_t absolute_vals;
-        uint8_t update_map;
-        uint8_t prob[7];
-        uint8_t pred_prob[3];
-        struct {
-            uint8_t q_enabled;
-            uint8_t lf_enabled;
-            uint8_t ref_enabled;
-            uint8_t skip_enabled;
-            uint8_t ref_val;
-            int16_t q_val;
-            int8_t lf_val;
-            int16_t qmul[2][2];
-            uint8_t lflvl[4][2];
-        } feat[MAX_SEGMENT];
-    } segmentation;
-    enum TxfmMode txfmmode;
-    enum CompPredMode comppredmode;
-    struct {
-        unsigned log2_tile_cols, log2_tile_rows;
-        unsigned tile_cols, tile_rows;
-    } tiling;
-
-    int uncompressed_header_size;
-    int compressed_header_size;
-} VP9BitstreamHeader;
-
-typedef struct VP9SharedContext {
-    VP9BitstreamHeader h;
-
-    ThreadFrame refs[8];
-#define CUR_FRAME 0
-#define REF_FRAME_MVPAIR 1
-#define REF_FRAME_SEGMAP 2
-    VP9Frame frames[3];
-} VP9SharedContext;
-
 #endif /* AVCODEC_VP9_H */
diff --git a/media/ffvpx/libavcodec/vp9_mc_template.c b/media/ffvpx/libavcodec/vp9_mc_template.c
index 38d9a6da9..31e692f36 100644
--- a/media/ffvpx/libavcodec/vp9_mc_template.c
+++ b/media/ffvpx/libavcodec/vp9_mc_template.c
@@ -27,19 +27,19 @@
     (VP56mv) { .x = ROUNDED_DIV(a.x + b.x + c.x + d.x, 4), \
                .y = ROUNDED_DIV(a.y + b.y + c.y + d.y, 4) }
 
-static void FN(inter_pred)(AVCodecContext *ctx)
+static void FN(inter_pred)(VP9TileData *td)
 {
     static const uint8_t bwlog_tab[2][N_BS_SIZES] = {
         { 0, 0, 1, 1, 1, 2, 2, 2, 3, 3, 3, 4, 4 },
         { 1, 1, 2, 2, 2, 3, 3, 3, 4, 4, 4, 4, 4 },
     };
-    VP9Context *s = ctx->priv_data;
-    VP9Block *b = s->b;
-    int row = s->row, col = s->col;
+    VP9Context *s = td->s;
+    VP9Block *b = td->b;
+    int row = td->row, col = td->col;
     ThreadFrame *tref1 = &s->s.refs[s->s.h.refidx[b->ref[0]]], *tref2;
     AVFrame *ref1 = tref1->f, *ref2;
     int w1 = ref1->width, h1 = ref1->height, w2, h2;
-    ptrdiff_t ls_y = s->y_stride, ls_uv = s->uv_stride;
+    ptrdiff_t ls_y = td->y_stride, ls_uv = td->uv_stride;
     int bytesperpixel = BYTES_PER_PIXEL;
 
     if (b->comp) {
@@ -55,26 +55,26 @@ static void FN(inter_pred)(AVCodecContext *ctx)
 
 #if SCALED == 0
         if (b->bs == BS_8x4) {
-            mc_luma_dir(s, mc[3][b->filter][0], s->dst[0], ls_y,
+            mc_luma_dir(td, mc[3][b->filter][0], td->dst[0], ls_y,
                         ref1->data[0], ref1->linesize[0], tref1,
                         row << 3, col << 3, &b->mv[0][0],,,,, 8, 4, w1, h1, 0);
-            mc_luma_dir(s, mc[3][b->filter][0],
-                        s->dst[0] + 4 * ls_y, ls_y,
+            mc_luma_dir(td, mc[3][b->filter][0],
+                        td->dst[0] + 4 * ls_y, ls_y,
                         ref1->data[0], ref1->linesize[0], tref1,
                         (row << 3) + 4, col << 3, &b->mv[2][0],,,,, 8, 4, w1, h1, 0);
             w1 = (w1 + s->ss_h) >> s->ss_h;
             if (s->ss_v) {
                 h1 = (h1 + 1) >> 1;
                 uvmv = ROUNDED_DIV_MVx2(b->mv[0][0], b->mv[2][0]);
-                mc_chroma_dir(s, mc[3 + s->ss_h][b->filter][0],
-                              s->dst[1], s->dst[2], ls_uv,
+                mc_chroma_dir(td, mc[3 + s->ss_h][b->filter][0],
+                              td->dst[1], td->dst[2], ls_uv,
                               ref1->data[1], ref1->linesize[1],
                               ref1->data[2], ref1->linesize[2], tref1,
                               row << 2, col << (3 - s->ss_h),
                               &uvmv,,,,, 8 >> s->ss_h, 4, w1, h1, 0);
             } else {
-                mc_chroma_dir(s, mc[3 + s->ss_h][b->filter][0],
-                              s->dst[1], s->dst[2], ls_uv,
+                mc_chroma_dir(td, mc[3 + s->ss_h][b->filter][0],
+                              td->dst[1], td->dst[2], ls_uv,
                               ref1->data[1], ref1->linesize[1],
                               ref1->data[2], ref1->linesize[2], tref1,
                               row << 3, col << (3 - s->ss_h),
@@ -87,8 +87,8 @@ static void FN(inter_pred)(AVCodecContext *ctx)
                 } else {
                     uvmv = ROUNDED_DIV_MVx2(b->mv[0][0], b->mv[2][0]);
                 }
-                mc_chroma_dir(s, mc[3 + s->ss_h][b->filter][0],
-                              s->dst[1] + 4 * ls_uv, s->dst[2] + 4 * ls_uv, ls_uv,
+                mc_chroma_dir(td, mc[3 + s->ss_h][b->filter][0],
+                              td->dst[1] + 4 * ls_uv, td->dst[2] + 4 * ls_uv, ls_uv,
                               ref1->data[1], ref1->linesize[1],
                               ref1->data[2], ref1->linesize[2], tref1,
                               (row << 3) + 4, col << (3 - s->ss_h),
@@ -96,26 +96,26 @@ static void FN(inter_pred)(AVCodecContext *ctx)
             }
 
             if (b->comp) {
-                mc_luma_dir(s, mc[3][b->filter][1], s->dst[0], ls_y,
+                mc_luma_dir(td, mc[3][b->filter][1], td->dst[0], ls_y,
                             ref2->data[0], ref2->linesize[0], tref2,
                             row << 3, col << 3, &b->mv[0][1],,,,, 8, 4, w2, h2, 1);
-                mc_luma_dir(s, mc[3][b->filter][1],
-                            s->dst[0] + 4 * ls_y, ls_y,
+                mc_luma_dir(td, mc[3][b->filter][1],
+                            td->dst[0] + 4 * ls_y, ls_y,
                             ref2->data[0], ref2->linesize[0], tref2,
                             (row << 3) + 4, col << 3, &b->mv[2][1],,,,, 8, 4, w2, h2, 1);
                 w2 = (w2 + s->ss_h) >> s->ss_h;
                 if (s->ss_v) {
                     h2 = (h2 + 1) >> 1;
                     uvmv = ROUNDED_DIV_MVx2(b->mv[0][1], b->mv[2][1]);
-                    mc_chroma_dir(s, mc[3 + s->ss_h][b->filter][1],
-                                  s->dst[1], s->dst[2], ls_uv,
+                    mc_chroma_dir(td, mc[3 + s->ss_h][b->filter][1],
+                                  td->dst[1], td->dst[2], ls_uv,
                                   ref2->data[1], ref2->linesize[1],
                                   ref2->data[2], ref2->linesize[2], tref2,
                                   row << 2, col << (3 - s->ss_h),
                                   &uvmv,,,,, 8 >> s->ss_h, 4, w2, h2, 1);
                 } else {
-                    mc_chroma_dir(s, mc[3 + s->ss_h][b->filter][1],
-                                  s->dst[1], s->dst[2], ls_uv,
+                    mc_chroma_dir(td, mc[3 + s->ss_h][b->filter][1],
+                                  td->dst[1], td->dst[2], ls_uv,
                                   ref2->data[1], ref2->linesize[1],
                                   ref2->data[2], ref2->linesize[2], tref2,
                                   row << 3, col << (3 - s->ss_h),
@@ -128,8 +128,8 @@ static void FN(inter_pred)(AVCodecContext *ctx)
                     } else {
                         uvmv = ROUNDED_DIV_MVx2(b->mv[0][1], b->mv[2][1]);
                     }
-                    mc_chroma_dir(s, mc[3 + s->ss_h][b->filter][1],
-                                  s->dst[1] + 4 * ls_uv, s->dst[2] + 4 * ls_uv, ls_uv,
+                    mc_chroma_dir(td, mc[3 + s->ss_h][b->filter][1],
+                                  td->dst[1] + 4 * ls_uv, td->dst[2] + 4 * ls_uv, ls_uv,
                                   ref2->data[1], ref2->linesize[1],
                                   ref2->data[2], ref2->linesize[2], tref2,
                                   (row << 3) + 4, col << (3 - s->ss_h),
@@ -137,32 +137,32 @@ static void FN(inter_pred)(AVCodecContext *ctx)
                 }
             }
         } else if (b->bs == BS_4x8) {
-            mc_luma_dir(s, mc[4][b->filter][0], s->dst[0], ls_y,
+            mc_luma_dir(td, mc[4][b->filter][0], td->dst[0], ls_y,
                         ref1->data[0], ref1->linesize[0], tref1,
                         row << 3, col << 3, &b->mv[0][0],,,,, 4, 8, w1, h1, 0);
-            mc_luma_dir(s, mc[4][b->filter][0], s->dst[0] + 4 * bytesperpixel, ls_y,
+            mc_luma_dir(td, mc[4][b->filter][0], td->dst[0] + 4 * bytesperpixel, ls_y,
                         ref1->data[0], ref1->linesize[0], tref1,
                         row << 3, (col << 3) + 4, &b->mv[1][0],,,,, 4, 8, w1, h1, 0);
             h1 = (h1 + s->ss_v) >> s->ss_v;
             if (s->ss_h) {
                 w1 = (w1 + 1) >> 1;
                 uvmv = ROUNDED_DIV_MVx2(b->mv[0][0], b->mv[1][0]);
-                mc_chroma_dir(s, mc[4][b->filter][0],
-                              s->dst[1], s->dst[2], ls_uv,
+                mc_chroma_dir(td, mc[4][b->filter][0],
+                              td->dst[1], td->dst[2], ls_uv,
                               ref1->data[1], ref1->linesize[1],
                               ref1->data[2], ref1->linesize[2], tref1,
                               row << (3 - s->ss_v), col << 2,
                               &uvmv,,,,, 4, 8 >> s->ss_v, w1, h1, 0);
             } else {
-                mc_chroma_dir(s, mc[4][b->filter][0],
-                              s->dst[1], s->dst[2], ls_uv,
+                mc_chroma_dir(td, mc[4][b->filter][0],
+                              td->dst[1], td->dst[2], ls_uv,
                               ref1->data[1], ref1->linesize[1],
                               ref1->data[2], ref1->linesize[2], tref1,
                               row << (3 - s->ss_v), col << 3,
                               &b->mv[0][0],,,,, 4, 8 >> s->ss_v, w1, h1, 0);
-                mc_chroma_dir(s, mc[4][b->filter][0],
-                              s->dst[1] + 4 * bytesperpixel,
-                              s->dst[2] + 4 * bytesperpixel, ls_uv,
+                mc_chroma_dir(td, mc[4][b->filter][0],
+                              td->dst[1] + 4 * bytesperpixel,
+                              td->dst[2] + 4 * bytesperpixel, ls_uv,
                               ref1->data[1], ref1->linesize[1],
                               ref1->data[2], ref1->linesize[2], tref1,
                               row << (3 - s->ss_v), (col << 3) + 4,
@@ -170,32 +170,32 @@ static void FN(inter_pred)(AVCodecContext *ctx)
             }
 
             if (b->comp) {
-                mc_luma_dir(s, mc[4][b->filter][1], s->dst[0], ls_y,
+                mc_luma_dir(td, mc[4][b->filter][1], td->dst[0], ls_y,
                             ref2->data[0], ref2->linesize[0], tref2,
                             row << 3, col << 3, &b->mv[0][1],,,,, 4, 8, w2, h2, 1);
-                mc_luma_dir(s, mc[4][b->filter][1], s->dst[0] + 4 * bytesperpixel, ls_y,
+                mc_luma_dir(td, mc[4][b->filter][1], td->dst[0] + 4 * bytesperpixel, ls_y,
                             ref2->data[0], ref2->linesize[0], tref2,
                             row << 3, (col << 3) + 4, &b->mv[1][1],,,,, 4, 8, w2, h2, 1);
                 h2 = (h2 + s->ss_v) >> s->ss_v;
                 if (s->ss_h) {
                     w2 = (w2 + 1) >> 1;
                     uvmv = ROUNDED_DIV_MVx2(b->mv[0][1], b->mv[1][1]);
-                    mc_chroma_dir(s, mc[4][b->filter][1],
-                                  s->dst[1], s->dst[2], ls_uv,
+                    mc_chroma_dir(td, mc[4][b->filter][1],
+                                  td->dst[1], td->dst[2], ls_uv,
                                   ref2->data[1], ref2->linesize[1],
                                   ref2->data[2], ref2->linesize[2], tref2,
                                   row << (3 - s->ss_v), col << 2,
                                   &uvmv,,,,, 4, 8 >> s->ss_v, w2, h2, 1);
                 } else {
-                    mc_chroma_dir(s, mc[4][b->filter][1],
-                                  s->dst[1], s->dst[2], ls_uv,
+                    mc_chroma_dir(td, mc[4][b->filter][1],
+                                  td->dst[1], td->dst[2], ls_uv,
                                   ref2->data[1], ref2->linesize[1],
                                   ref2->data[2], ref2->linesize[2], tref2,
                                   row << (3 - s->ss_v), col << 3,
                                   &b->mv[0][1],,,,, 4, 8 >> s->ss_v, w2, h2, 1);
-                    mc_chroma_dir(s, mc[4][b->filter][1],
-                                  s->dst[1] + 4 * bytesperpixel,
-                                  s->dst[2] + 4 * bytesperpixel, ls_uv,
+                    mc_chroma_dir(td, mc[4][b->filter][1],
+                                  td->dst[1] + 4 * bytesperpixel,
+                                  td->dst[2] + 4 * bytesperpixel, ls_uv,
                                   ref2->data[1], ref2->linesize[1],
                                   ref2->data[2], ref2->linesize[2], tref2,
                                   row << (3 - s->ss_v), (col << 3) + 4,
@@ -205,25 +205,27 @@ static void FN(inter_pred)(AVCodecContext *ctx)
         } else
 #endif
         {
+#if SCALED == 0
             av_assert2(b->bs == BS_4x4);
+#endif
 
             // FIXME if two horizontally adjacent blocks have the same MV,
             // do a w8 instead of a w4 call
-            mc_luma_dir(s, mc[4][b->filter][0], s->dst[0], ls_y,
+            mc_luma_dir(td, mc[4][b->filter][0], td->dst[0], ls_y,
                         ref1->data[0], ref1->linesize[0], tref1,
                         row << 3, col << 3, &b->mv[0][0],
                         0, 0, 8, 8, 4, 4, w1, h1, 0);
-            mc_luma_dir(s, mc[4][b->filter][0], s->dst[0] + 4 * bytesperpixel, ls_y,
+            mc_luma_dir(td, mc[4][b->filter][0], td->dst[0] + 4 * bytesperpixel, ls_y,
                         ref1->data[0], ref1->linesize[0], tref1,
                         row << 3, (col << 3) + 4, &b->mv[1][0],
                         4, 0, 8, 8, 4, 4, w1, h1, 0);
-            mc_luma_dir(s, mc[4][b->filter][0],
-                        s->dst[0] + 4 * ls_y, ls_y,
+            mc_luma_dir(td, mc[4][b->filter][0],
+                        td->dst[0] + 4 * ls_y, ls_y,
                         ref1->data[0], ref1->linesize[0], tref1,
                         (row << 3) + 4, col << 3, &b->mv[2][0],
                         0, 4, 8, 8, 4, 4, w1, h1, 0);
-            mc_luma_dir(s, mc[4][b->filter][0],
-                        s->dst[0] + 4 * ls_y + 4 * bytesperpixel, ls_y,
+            mc_luma_dir(td, mc[4][b->filter][0],
+                        td->dst[0] + 4 * ls_y + 4 * bytesperpixel, ls_y,
                         ref1->data[0], ref1->linesize[0], tref1,
                         (row << 3) + 4, (col << 3) + 4, &b->mv[3][0],
                         4, 4, 8, 8, 4, 4, w1, h1, 0);
@@ -233,24 +235,24 @@ static void FN(inter_pred)(AVCodecContext *ctx)
                     w1 = (w1 + 1) >> 1;
                     uvmv = ROUNDED_DIV_MVx4(b->mv[0][0], b->mv[1][0],
                                             b->mv[2][0], b->mv[3][0]);
-                    mc_chroma_dir(s, mc[4][b->filter][0],
-                                  s->dst[1], s->dst[2], ls_uv,
+                    mc_chroma_dir(td, mc[4][b->filter][0],
+                                  td->dst[1], td->dst[2], ls_uv,
                                   ref1->data[1], ref1->linesize[1],
                                   ref1->data[2], ref1->linesize[2], tref1,
                                   row << 2, col << 2,
                                   &uvmv, 0, 0, 4, 4, 4, 4, w1, h1, 0);
                 } else {
                     uvmv = ROUNDED_DIV_MVx2(b->mv[0][0], b->mv[2][0]);
-                    mc_chroma_dir(s, mc[4][b->filter][0],
-                                  s->dst[1], s->dst[2], ls_uv,
+                    mc_chroma_dir(td, mc[4][b->filter][0],
+                                  td->dst[1], td->dst[2], ls_uv,
                                   ref1->data[1], ref1->linesize[1],
                                   ref1->data[2], ref1->linesize[2], tref1,
                                   row << 2, col << 3,
                                   &uvmv, 0, 0, 8, 4, 4, 4, w1, h1, 0);
                     uvmv = ROUNDED_DIV_MVx2(b->mv[1][0], b->mv[3][0]);
-                    mc_chroma_dir(s, mc[4][b->filter][0],
-                                  s->dst[1] + 4 * bytesperpixel,
-                                  s->dst[2] + 4 * bytesperpixel, ls_uv,
+                    mc_chroma_dir(td, mc[4][b->filter][0],
+                                  td->dst[1] + 4 * bytesperpixel,
+                                  td->dst[2] + 4 * bytesperpixel, ls_uv,
                                   ref1->data[1], ref1->linesize[1],
                                   ref1->data[2], ref1->linesize[2], tref1,
                                   row << 2, (col << 3) + 4,
@@ -260,8 +262,8 @@ static void FN(inter_pred)(AVCodecContext *ctx)
                 if (s->ss_h) {
                     w1 = (w1 + 1) >> 1;
                     uvmv = ROUNDED_DIV_MVx2(b->mv[0][0], b->mv[1][0]);
-                    mc_chroma_dir(s, mc[4][b->filter][0],
-                                  s->dst[1], s->dst[2], ls_uv,
+                    mc_chroma_dir(td, mc[4][b->filter][0],
+                                  td->dst[1], td->dst[2], ls_uv,
                                   ref1->data[1], ref1->linesize[1],
                                   ref1->data[2], ref1->linesize[2], tref1,
                                   row << 3, col << 2,
@@ -270,35 +272,35 @@ static void FN(inter_pred)(AVCodecContext *ctx)
                     // bottom block
                     // https://code.google.com/p/webm/issues/detail?id=993
                     uvmv = ROUNDED_DIV_MVx2(b->mv[1][0], b->mv[2][0]);
-                    mc_chroma_dir(s, mc[4][b->filter][0],
-                                  s->dst[1] + 4 * ls_uv, s->dst[2] + 4 * ls_uv, ls_uv,
+                    mc_chroma_dir(td, mc[4][b->filter][0],
+                                  td->dst[1] + 4 * ls_uv, td->dst[2] + 4 * ls_uv, ls_uv,
                                   ref1->data[1], ref1->linesize[1],
                                   ref1->data[2], ref1->linesize[2], tref1,
                                   (row << 3) + 4, col << 2,
                                   &uvmv, 0, 4, 4, 8, 4, 4, w1, h1, 0);
                 } else {
-                    mc_chroma_dir(s, mc[4][b->filter][0],
-                                  s->dst[1], s->dst[2], ls_uv,
+                    mc_chroma_dir(td, mc[4][b->filter][0],
+                                  td->dst[1], td->dst[2], ls_uv,
                                   ref1->data[1], ref1->linesize[1],
                                   ref1->data[2], ref1->linesize[2], tref1,
                                   row << 3, col << 3,
                                   &b->mv[0][0], 0, 0, 8, 8, 4, 4, w1, h1, 0);
-                    mc_chroma_dir(s, mc[4][b->filter][0],
-                                  s->dst[1] + 4 * bytesperpixel,
-                                  s->dst[2] + 4 * bytesperpixel, ls_uv,
+                    mc_chroma_dir(td, mc[4][b->filter][0],
+                                  td->dst[1] + 4 * bytesperpixel,
+                                  td->dst[2] + 4 * bytesperpixel, ls_uv,
                                   ref1->data[1], ref1->linesize[1],
                                   ref1->data[2], ref1->linesize[2], tref1,
                                   row << 3, (col << 3) + 4,
                                   &b->mv[1][0], 4, 0, 8, 8, 4, 4, w1, h1, 0);
-                    mc_chroma_dir(s, mc[4][b->filter][0],
-                                  s->dst[1] + 4 * ls_uv, s->dst[2] + 4 * ls_uv, ls_uv,
+                    mc_chroma_dir(td, mc[4][b->filter][0],
+                                  td->dst[1] + 4 * ls_uv, td->dst[2] + 4 * ls_uv, ls_uv,
                                   ref1->data[1], ref1->linesize[1],
                                   ref1->data[2], ref1->linesize[2], tref1,
                                   (row << 3) + 4, col << 3,
                                   &b->mv[2][0], 0, 4, 8, 8, 4, 4, w1, h1, 0);
-                    mc_chroma_dir(s, mc[4][b->filter][0],
-                                  s->dst[1] + 4 * ls_uv + 4 * bytesperpixel,
-                                  s->dst[2] + 4 * ls_uv + 4 * bytesperpixel, ls_uv,
+                    mc_chroma_dir(td, mc[4][b->filter][0],
+                                  td->dst[1] + 4 * ls_uv + 4 * bytesperpixel,
+                                  td->dst[2] + 4 * ls_uv + 4 * bytesperpixel, ls_uv,
                                   ref1->data[1], ref1->linesize[1],
                                   ref1->data[2], ref1->linesize[2], tref1,
                                   (row << 3) + 4, (col << 3) + 4,
@@ -307,18 +309,18 @@ static void FN(inter_pred)(AVCodecContext *ctx)
             }
 
             if (b->comp) {
-                mc_luma_dir(s, mc[4][b->filter][1], s->dst[0], ls_y,
+                mc_luma_dir(td, mc[4][b->filter][1], td->dst[0], ls_y,
                             ref2->data[0], ref2->linesize[0], tref2,
                             row << 3, col << 3, &b->mv[0][1], 0, 0, 8, 8, 4, 4, w2, h2, 1);
-                mc_luma_dir(s, mc[4][b->filter][1], s->dst[0] + 4 * bytesperpixel, ls_y,
+                mc_luma_dir(td, mc[4][b->filter][1], td->dst[0] + 4 * bytesperpixel, ls_y,
                             ref2->data[0], ref2->linesize[0], tref2,
                             row << 3, (col << 3) + 4, &b->mv[1][1], 4, 0, 8, 8, 4, 4, w2, h2, 1);
-                mc_luma_dir(s, mc[4][b->filter][1],
-                            s->dst[0] + 4 * ls_y, ls_y,
+                mc_luma_dir(td, mc[4][b->filter][1],
+                            td->dst[0] + 4 * ls_y, ls_y,
                             ref2->data[0], ref2->linesize[0], tref2,
                             (row << 3) + 4, col << 3, &b->mv[2][1], 0, 4, 8, 8, 4, 4, w2, h2, 1);
-                mc_luma_dir(s, mc[4][b->filter][1],
-                            s->dst[0] + 4 * ls_y + 4 * bytesperpixel, ls_y,
+                mc_luma_dir(td, mc[4][b->filter][1],
+                            td->dst[0] + 4 * ls_y + 4 * bytesperpixel, ls_y,
                             ref2->data[0], ref2->linesize[0], tref2,
                             (row << 3) + 4, (col << 3) + 4, &b->mv[3][1], 4, 4, 8, 8, 4, 4, w2, h2, 1);
                 if (s->ss_v) {
@@ -327,24 +329,24 @@ static void FN(inter_pred)(AVCodecContext *ctx)
                         w2 = (w2 + 1) >> 1;
                         uvmv = ROUNDED_DIV_MVx4(b->mv[0][1], b->mv[1][1],
                                                 b->mv[2][1], b->mv[3][1]);
-                        mc_chroma_dir(s, mc[4][b->filter][1],
-                                      s->dst[1], s->dst[2], ls_uv,
+                        mc_chroma_dir(td, mc[4][b->filter][1],
+                                      td->dst[1], td->dst[2], ls_uv,
                                       ref2->data[1], ref2->linesize[1],
                                       ref2->data[2], ref2->linesize[2], tref2,
                                       row << 2, col << 2,
                                       &uvmv, 0, 0, 4, 4, 4, 4, w2, h2, 1);
                     } else {
                         uvmv = ROUNDED_DIV_MVx2(b->mv[0][1], b->mv[2][1]);
-                        mc_chroma_dir(s, mc[4][b->filter][1],
-                                      s->dst[1], s->dst[2], ls_uv,
+                        mc_chroma_dir(td, mc[4][b->filter][1],
+                                      td->dst[1], td->dst[2], ls_uv,
                                       ref2->data[1], ref2->linesize[1],
                                       ref2->data[2], ref2->linesize[2], tref2,
                                       row << 2, col << 3,
                                       &uvmv, 0, 0, 8, 4, 4, 4, w2, h2, 1);
                         uvmv = ROUNDED_DIV_MVx2(b->mv[1][1], b->mv[3][1]);
-                        mc_chroma_dir(s, mc[4][b->filter][1],
-                                      s->dst[1] + 4 * bytesperpixel,
-                                      s->dst[2] + 4 * bytesperpixel, ls_uv,
+                        mc_chroma_dir(td, mc[4][b->filter][1],
+                                      td->dst[1] + 4 * bytesperpixel,
+                                      td->dst[2] + 4 * bytesperpixel, ls_uv,
                                       ref2->data[1], ref2->linesize[1],
                                       ref2->data[2], ref2->linesize[2], tref2,
                                       row << 2, (col << 3) + 4,
@@ -354,8 +356,8 @@ static void FN(inter_pred)(AVCodecContext *ctx)
                     if (s->ss_h) {
                         w2 = (w2 + 1) >> 1;
                         uvmv = ROUNDED_DIV_MVx2(b->mv[0][1], b->mv[1][1]);
-                        mc_chroma_dir(s, mc[4][b->filter][1],
-                                      s->dst[1], s->dst[2], ls_uv,
+                        mc_chroma_dir(td, mc[4][b->filter][1],
+                                      td->dst[1], td->dst[2], ls_uv,
                                       ref2->data[1], ref2->linesize[1],
                                       ref2->data[2], ref2->linesize[2], tref2,
                                       row << 3, col << 2,
@@ -364,35 +366,35 @@ static void FN(inter_pred)(AVCodecContext *ctx)
                         // bottom block
                         // https://code.google.com/p/webm/issues/detail?id=993
                         uvmv = ROUNDED_DIV_MVx2(b->mv[1][1], b->mv[2][1]);
-                        mc_chroma_dir(s, mc[4][b->filter][1],
-                                      s->dst[1] + 4 * ls_uv, s->dst[2] + 4 * ls_uv, ls_uv,
+                        mc_chroma_dir(td, mc[4][b->filter][1],
+                                      td->dst[1] + 4 * ls_uv, td->dst[2] + 4 * ls_uv, ls_uv,
                                       ref2->data[1], ref2->linesize[1],
                                       ref2->data[2], ref2->linesize[2], tref2,
                                       (row << 3) + 4, col << 2,
                                       &uvmv, 0, 4, 4, 8, 4, 4, w2, h2, 1);
                     } else {
-                        mc_chroma_dir(s, mc[4][b->filter][1],
-                                      s->dst[1], s->dst[2], ls_uv,
+                        mc_chroma_dir(td, mc[4][b->filter][1],
+                                      td->dst[1], td->dst[2], ls_uv,
                                       ref2->data[1], ref2->linesize[1],
                                       ref2->data[2], ref2->linesize[2], tref2,
                                       row << 3, col << 3,
                                       &b->mv[0][1], 0, 0, 8, 8, 4, 4, w2, h2, 1);
-                        mc_chroma_dir(s, mc[4][b->filter][1],
-                                      s->dst[1] + 4 * bytesperpixel,
-                                      s->dst[2] + 4 * bytesperpixel, ls_uv,
+                        mc_chroma_dir(td, mc[4][b->filter][1],
+                                      td->dst[1] + 4 * bytesperpixel,
+                                      td->dst[2] + 4 * bytesperpixel, ls_uv,
                                       ref2->data[1], ref2->linesize[1],
                                       ref2->data[2], ref2->linesize[2], tref2,
                                       row << 3, (col << 3) + 4,
                                       &b->mv[1][1], 4, 0, 8, 8, 4, 4, w2, h2, 1);
-                        mc_chroma_dir(s, mc[4][b->filter][1],
-                                      s->dst[1] + 4 * ls_uv, s->dst[2] + 4 * ls_uv, ls_uv,
+                        mc_chroma_dir(td, mc[4][b->filter][1],
+                                      td->dst[1] + 4 * ls_uv, td->dst[2] + 4 * ls_uv, ls_uv,
                                       ref2->data[1], ref2->linesize[1],
                                       ref2->data[2], ref2->linesize[2], tref2,
                                       (row << 3) + 4, col << 3,
                                       &b->mv[2][1], 0, 4, 8, 8, 4, 4, w2, h2, 1);
-                        mc_chroma_dir(s, mc[4][b->filter][1],
-                                      s->dst[1] + 4 * ls_uv + 4 * bytesperpixel,
-                                      s->dst[2] + 4 * ls_uv + 4 * bytesperpixel, ls_uv,
+                        mc_chroma_dir(td, mc[4][b->filter][1],
+                                      td->dst[1] + 4 * ls_uv + 4 * bytesperpixel,
+                                      td->dst[2] + 4 * ls_uv + 4 * bytesperpixel, ls_uv,
                                       ref2->data[1], ref2->linesize[1],
                                       ref2->data[2], ref2->linesize[2], tref2,
                                       (row << 3) + 4, (col << 3) + 4,
@@ -403,29 +405,31 @@ static void FN(inter_pred)(AVCodecContext *ctx)
         }
     } else {
         int bwl = bwlog_tab[0][b->bs];
-        int bw = bwh_tab[0][b->bs][0] * 4, bh = bwh_tab[0][b->bs][1] * 4;
-        int uvbw = bwh_tab[s->ss_h][b->bs][0] * 4, uvbh = bwh_tab[s->ss_v][b->bs][1] * 4;
+        int bw = ff_vp9_bwh_tab[0][b->bs][0] * 4;
+        int bh = ff_vp9_bwh_tab[0][b->bs][1] * 4;
+        int uvbw = ff_vp9_bwh_tab[s->ss_h][b->bs][0] * 4;
+        int uvbh = ff_vp9_bwh_tab[s->ss_v][b->bs][1] * 4;
 
-        mc_luma_dir(s, mc[bwl][b->filter][0], s->dst[0], ls_y,
+        mc_luma_dir(td, mc[bwl][b->filter][0], td->dst[0], ls_y,
                     ref1->data[0], ref1->linesize[0], tref1,
                     row << 3, col << 3, &b->mv[0][0], 0, 0, bw, bh, bw, bh, w1, h1, 0);
         w1 = (w1 + s->ss_h) >> s->ss_h;
         h1 = (h1 + s->ss_v) >> s->ss_v;
-        mc_chroma_dir(s, mc[bwl + s->ss_h][b->filter][0],
-                      s->dst[1], s->dst[2], ls_uv,
+        mc_chroma_dir(td, mc[bwl + s->ss_h][b->filter][0],
+                      td->dst[1], td->dst[2], ls_uv,
                       ref1->data[1], ref1->linesize[1],
                       ref1->data[2], ref1->linesize[2], tref1,
                       row << (3 - s->ss_v), col << (3 - s->ss_h),
                       &b->mv[0][0], 0, 0, uvbw, uvbh, uvbw, uvbh, w1, h1, 0);
 
         if (b->comp) {
-            mc_luma_dir(s, mc[bwl][b->filter][1], s->dst[0], ls_y,
+            mc_luma_dir(td, mc[bwl][b->filter][1], td->dst[0], ls_y,
                         ref2->data[0], ref2->linesize[0], tref2,
                         row << 3, col << 3, &b->mv[0][1], 0, 0, bw, bh, bw, bh, w2, h2, 1);
             w2 = (w2 + s->ss_h) >> s->ss_h;
             h2 = (h2 + s->ss_v) >> s->ss_v;
-            mc_chroma_dir(s, mc[bwl + s->ss_h][b->filter][1],
-                          s->dst[1], s->dst[2], ls_uv,
+            mc_chroma_dir(td, mc[bwl + s->ss_h][b->filter][1],
+                          td->dst[1], td->dst[2], ls_uv,
                           ref2->data[1], ref2->linesize[1],
                           ref2->data[2], ref2->linesize[2], tref2,
                           row << (3 - s->ss_v), col << (3 - s->ss_h),
diff --git a/media/ffvpx/libavcodec/vp9block.c b/media/ffvpx/libavcodec/vp9block.c
new file mode 100644
index 000000000..1c3f7a722
--- /dev/null
+++ b/media/ffvpx/libavcodec/vp9block.c
@@ -0,0 +1,1449 @@
+/*
+ * VP9 compatible video decoder
+ *
+ * Copyright (C) 2013 Ronald S. Bultje <rsbultje gmail com>
+ * Copyright (C) 2013 Clément Bœsch <u pkh me>
+ *
+ * This file is part of FFmpeg.
+ *
+ * FFmpeg is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * FFmpeg is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with FFmpeg; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#include "libavutil/avassert.h"
+
+#include "avcodec.h"
+#include "internal.h"
+#include "videodsp.h"
+#include "vp56.h"
+#include "vp9.h"
+#include "vp9data.h"
+#include "vp9dec.h"
+
+static av_always_inline void setctx_2d(uint8_t *ptr, int w, int h,
+                                       ptrdiff_t stride, int v)
+{
+    switch (w) {
+    case 1:
+        do {
+            *ptr = v;
+            ptr += stride;
+        } while (--h);
+        break;
+    case 2: {
+        int v16 = v * 0x0101;
+        do {
+            AV_WN16A(ptr, v16);
+            ptr += stride;
+        } while (--h);
+        break;
+    }
+    case 4: {
+        uint32_t v32 = v * 0x01010101;
+        do {
+            AV_WN32A(ptr, v32);
+            ptr += stride;
+        } while (--h);
+        break;
+    }
+    case 8: {
+#if HAVE_FAST_64BIT
+        uint64_t v64 = v * 0x0101010101010101ULL;
+        do {
+            AV_WN64A(ptr, v64);
+            ptr += stride;
+        } while (--h);
+#else
+        uint32_t v32 = v * 0x01010101;
+        do {
+            AV_WN32A(ptr,     v32);
+            AV_WN32A(ptr + 4, v32);
+            ptr += stride;
+        } while (--h);
+#endif
+        break;
+    }
+    }
+}
+
+static void decode_mode(VP9TileData *td)
+{
+    static const uint8_t left_ctx[N_BS_SIZES] = {
+        0x0, 0x8, 0x0, 0x8, 0xc, 0x8, 0xc, 0xe, 0xc, 0xe, 0xf, 0xe, 0xf
+    };
+    static const uint8_t above_ctx[N_BS_SIZES] = {
+        0x0, 0x0, 0x8, 0x8, 0x8, 0xc, 0xc, 0xc, 0xe, 0xe, 0xe, 0xf, 0xf
+    };
+    static const uint8_t max_tx_for_bl_bp[N_BS_SIZES] = {
+        TX_32X32, TX_32X32, TX_32X32, TX_32X32, TX_16X16, TX_16X16,
+        TX_16X16, TX_8X8,   TX_8X8,   TX_8X8,   TX_4X4,   TX_4X4,  TX_4X4
+    };
+    VP9Context *s = td->s;
+    VP9Block *b = td->b;
+    int row = td->row, col = td->col, row7 = td->row7;
+    enum TxfmMode max_tx = max_tx_for_bl_bp[b->bs];
+    int bw4 = ff_vp9_bwh_tab[1][b->bs][0], w4 = FFMIN(s->cols - col, bw4);
+    int bh4 = ff_vp9_bwh_tab[1][b->bs][1], h4 = FFMIN(s->rows - row, bh4), y;
+    int have_a = row > 0, have_l = col > td->tile_col_start;
+    int vref, filter_id;
+
+    if (!s->s.h.segmentation.enabled) {
+        b->seg_id = 0;
+    } else if (s->s.h.keyframe || s->s.h.intraonly) {
+        b->seg_id = !s->s.h.segmentation.update_map ? 0 :
+                    vp8_rac_get_tree(td->c, ff_vp9_segmentation_tree, s->s.h.segmentation.prob);
+    } else if (!s->s.h.segmentation.update_map ||
+               (s->s.h.segmentation.temporal &&
+                vp56_rac_get_prob_branchy(td->c,
+                    s->s.h.segmentation.pred_prob[s->above_segpred_ctx[col] +
+                                    td->left_segpred_ctx[row7]]))) {
+        if (!s->s.h.errorres && s->s.frames[REF_FRAME_SEGMAP].segmentation_map) {
+            int pred = 8, x;
+            uint8_t *refsegmap = s->s.frames[REF_FRAME_SEGMAP].segmentation_map;
+
+            if (!s->s.frames[REF_FRAME_SEGMAP].uses_2pass)
+                ff_thread_await_progress(&s->s.frames[REF_FRAME_SEGMAP].tf, row >> 3, 0);
+            for (y = 0; y < h4; y++) {
+                int idx_base = (y + row) * 8 * s->sb_cols + col;
+                for (x = 0; x < w4; x++)
+                    pred = FFMIN(pred, refsegmap[idx_base + x]);
+            }
+            av_assert1(pred < 8);
+            b->seg_id = pred;
+        } else {
+            b->seg_id = 0;
+        }
+
+        memset(&s->above_segpred_ctx[col], 1, w4);
+        memset(&td->left_segpred_ctx[row7], 1, h4);
+    } else {
+        b->seg_id = vp8_rac_get_tree(td->c, ff_vp9_segmentation_tree,
+                                     s->s.h.segmentation.prob);
+
+        memset(&s->above_segpred_ctx[col], 0, w4);
+        memset(&td->left_segpred_ctx[row7], 0, h4);
+    }
+    if (s->s.h.segmentation.enabled &&
+        (s->s.h.segmentation.update_map || s->s.h.keyframe || s->s.h.intraonly)) {
+        setctx_2d(&s->s.frames[CUR_FRAME].segmentation_map[row * 8 * s->sb_cols + col],
+                  bw4, bh4, 8 * s->sb_cols, b->seg_id);
+    }
+
+    b->skip = s->s.h.segmentation.enabled &&
+        s->s.h.segmentation.feat[b->seg_id].skip_enabled;
+    if (!b->skip) {
+        int c = td->left_skip_ctx[row7] + s->above_skip_ctx[col];
+        b->skip = vp56_rac_get_prob(td->c, s->prob.p.skip[c]);
+        td->counts.skip[c][b->skip]++;
+    }
+
+    if (s->s.h.keyframe || s->s.h.intraonly) {
+        b->intra = 1;
+    } else if (s->s.h.segmentation.enabled && s->s.h.segmentation.feat[b->seg_id].ref_enabled) {
+        b->intra = !s->s.h.segmentation.feat[b->seg_id].ref_val;
+    } else {
+        int c, bit;
+
+        if (have_a && have_l) {
+            c = s->above_intra_ctx[col] + td->left_intra_ctx[row7];
+            c += (c == 2);
+        } else {
+            c = have_a ? 2 * s->above_intra_ctx[col] :
+                have_l ? 2 * td->left_intra_ctx[row7] : 0;
+        }
+        bit = vp56_rac_get_prob(td->c, s->prob.p.intra[c]);
+        td->counts.intra[c][bit]++;
+        b->intra = !bit;
+    }
+
+    if ((b->intra || !b->skip) && s->s.h.txfmmode == TX_SWITCHABLE) {
+        int c;
+        if (have_a) {
+            if (have_l) {
+                c = (s->above_skip_ctx[col] ? max_tx :
+                     s->above_txfm_ctx[col]) +
+                    (td->left_skip_ctx[row7] ? max_tx :
+                     td->left_txfm_ctx[row7]) > max_tx;
+            } else {
+                c = s->above_skip_ctx[col] ? 1 :
+                    (s->above_txfm_ctx[col] * 2 > max_tx);
+            }
+        } else if (have_l) {
+            c = td->left_skip_ctx[row7] ? 1 :
+                (td->left_txfm_ctx[row7] * 2 > max_tx);
+        } else {
+            c = 1;
+        }
+        switch (max_tx) {
+        case TX_32X32:
+            b->tx = vp56_rac_get_prob(td->c, s->prob.p.tx32p[c][0]);
+            if (b->tx) {
+                b->tx += vp56_rac_get_prob(td->c, s->prob.p.tx32p[c][1]);
+                if (b->tx == 2)
+                    b->tx += vp56_rac_get_prob(td->c, s->prob.p.tx32p[c][2]);
+            }
+            td->counts.tx32p[c][b->tx]++;
+            break;
+        case TX_16X16:
+            b->tx = vp56_rac_get_prob(td->c, s->prob.p.tx16p[c][0]);
+            if (b->tx)
+                b->tx += vp56_rac_get_prob(td->c, s->prob.p.tx16p[c][1]);
+            td->counts.tx16p[c][b->tx]++;
+            break;
+        case TX_8X8:
+            b->tx = vp56_rac_get_prob(td->c, s->prob.p.tx8p[c]);
+            td->counts.tx8p[c][b->tx]++;
+            break;
+        case TX_4X4:
+            b->tx = TX_4X4;
+            break;
+        }
+    } else {
+        b->tx = FFMIN(max_tx, s->s.h.txfmmode);
+    }
+
+    if (s->s.h.keyframe || s->s.h.intraonly) {
+        uint8_t *a = &s->above_mode_ctx[col * 2];
+        uint8_t *l = &td->left_mode_ctx[(row7) << 1];
+
+        b->comp = 0;
+        if (b->bs > BS_8x8) {
+            // FIXME the memory storage intermediates here aren't really
+            // necessary, they're just there to make the code slightly
+            // simpler for now
+            b->mode[0] =
+            a[0]       = vp8_rac_get_tree(td->c, ff_vp9_intramode_tree,
+                                          ff_vp9_default_kf_ymode_probs[a[0]][l[0]]);
+            if (b->bs != BS_8x4) {
+                b->mode[1] = vp8_rac_get_tree(td->c, ff_vp9_intramode_tree,
+                                              ff_vp9_default_kf_ymode_probs[a[1]][b->mode[0]]);
+                l[0]       =
+                a[1]       = b->mode[1];
+            } else {
+                l[0]       =
+                a[1]       =
+                b->mode[1] = b->mode[0];
+            }
+            if (b->bs != BS_4x8) {
+                b->mode[2] =
+                a[0]       = vp8_rac_get_tree(td->c, ff_vp9_intramode_tree,
+                                              ff_vp9_default_kf_ymode_probs[a[0]][l[1]]);
+                if (b->bs != BS_8x4) {
+                    b->mode[3] = vp8_rac_get_tree(td->c, ff_vp9_intramode_tree,
+                                                  ff_vp9_default_kf_ymode_probs[a[1]][b->mode[2]]);
+                    l[1]       =
+                    a[1]       = b->mode[3];
+                } else {
+                    l[1]       =
+                    a[1]       =
+                    b->mode[3] = b->mode[2];
+                }
+            } else {
+                b->mode[2] = b->mode[0];
+                l[1]       =
+                a[1]       =
+                b->mode[3] = b->mode[1];
+            }
+        } else {
+            b->mode[0] = vp8_rac_get_tree(td->c, ff_vp9_intramode_tree,
+                                          ff_vp9_default_kf_ymode_probs[*a][*l]);
+            b->mode[3] =
+            b->mode[2] =
+            b->mode[1] = b->mode[0];
+            // FIXME this can probably be optimized
+            memset(a, b->mode[0], ff_vp9_bwh_tab[0][b->bs][0]);
+            memset(l, b->mode[0], ff_vp9_bwh_tab[0][b->bs][1]);
+        }
+        b->uvmode = vp8_rac_get_tree(td->c, ff_vp9_intramode_tree,
+                                     ff_vp9_default_kf_uvmode_probs[b->mode[3]]);
+    } else if (b->intra) {
+        b->comp = 0;
+        if (b->bs > BS_8x8) {
+            b->mode[0] = vp8_rac_get_tree(td->c, ff_vp9_intramode_tree,
+                                          s->prob.p.y_mode[0]);
+            td->counts.y_mode[0][b->mode[0]]++;
+            if (b->bs != BS_8x4) {
+                b->mode[1] = vp8_rac_get_tree(td->c, ff_vp9_intramode_tree,
+                                              s->prob.p.y_mode[0]);
+                td->counts.y_mode[0][b->mode[1]]++;
+            } else {
+                b->mode[1] = b->mode[0];
+            }
+            if (b->bs != BS_4x8) {
+                b->mode[2] = vp8_rac_get_tree(td->c, ff_vp9_intramode_tree,
+                                              s->prob.p.y_mode[0]);
+                td->counts.y_mode[0][b->mode[2]]++;
+                if (b->bs != BS_8x4) {
+                    b->mode[3] = vp8_rac_get_tree(td->c, ff_vp9_intramode_tree,
+                                                  s->prob.p.y_mode[0]);
+                    td->counts.y_mode[0][b->mode[3]]++;
+                } else {
+                    b->mode[3] = b->mode[2];
+                }
+            } else {
+                b->mode[2] = b->mode[0];
+                b->mode[3] = b->mode[1];
+            }
+        } else {
+            static const uint8_t size_group[10] = {
+                3, 3, 3, 3, 2, 2, 2, 1, 1, 1
+            };
+            int sz = size_group[b->bs];
+
+            b->mode[0] = vp8_rac_get_tree(td->c, ff_vp9_intramode_tree,
+                                          s->prob.p.y_mode[sz]);
+            b->mode[1] =
+            b->mode[2] =
+            b->mode[3] = b->mode[0];
+            td->counts.y_mode[sz][b->mode[3]]++;
+        }
+        b->uvmode = vp8_rac_get_tree(td->c, ff_vp9_intramode_tree,
+                                     s->prob.p.uv_mode[b->mode[3]]);
+        td->counts.uv_mode[b->mode[3]][b->uvmode]++;
+    } else {
+        static const uint8_t inter_mode_ctx_lut[14][14] = {
+            { 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 5, 5, 5, 5 },
+            { 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 5, 5, 5, 5 },
+            { 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 5, 5, 5, 5 },
+            { 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 5, 5, 5, 5 },
+            { 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 5, 5, 5, 5 },
+            { 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 5, 5, 5, 5 },
+            { 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 5, 5, 5, 5 },
+            { 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 5, 5, 5, 5 },
+            { 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 5, 5, 5, 5 },
+            { 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 5, 5, 5, 5 },
+            { 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 2, 2, 1, 3 },
+            { 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 2, 2, 1, 3 },
+            { 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 1, 1, 0, 3 },
+            { 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 3, 3, 3, 4 },
+        };
+
+        if (s->s.h.segmentation.enabled && s->s.h.segmentation.feat[b->seg_id].ref_enabled) {
+            av_assert2(s->s.h.segmentation.feat[b->seg_id].ref_val != 0);
+            b->comp = 0;
+            b->ref[0] = s->s.h.segmentation.feat[b->seg_id].ref_val - 1;
+        } else {
+            // read comp_pred flag
+            if (s->s.h.comppredmode != PRED_SWITCHABLE) {
+                b->comp = s->s.h.comppredmode == PRED_COMPREF;
+            } else {
+                int c;
+
+                // FIXME add intra as ref=0xff (or -1) to make these easier?
+                if (have_a) {
+                    if (have_l) {
+                        if (s->above_comp_ctx[col] && td->left_comp_ctx[row7]) {
+                            c = 4;
+                        } else if (s->above_comp_ctx[col]) {
+                            c = 2 + (td->left_intra_ctx[row7] ||
+                                     td->left_ref_ctx[row7] == s->s.h.fixcompref);
+                        } else if (td->left_comp_ctx[row7]) {
+                            c = 2 + (s->above_intra_ctx[col] ||
+                                     s->above_ref_ctx[col] == s->s.h.fixcompref);
+                        } else {
+                            c = (!s->above_intra_ctx[col] &&
+                                 s->above_ref_ctx[col] == s->s.h.fixcompref) ^
+                                (!td->left_intra_ctx[row7] &&
+                                 td->left_ref_ctx[row & 7] == s->s.h.fixcompref);
+                        }
+                    } else {
+                        c = s->above_comp_ctx[col] ? 3 :
+                        (!s->above_intra_ctx[col] && s->above_ref_ctx[col] == s->s.h.fixcompref);
+                    }
+                } else if (have_l) {
+                    c = td->left_comp_ctx[row7] ? 3 :
+                    (!td->left_intra_ctx[row7] && td->left_ref_ctx[row7] == s->s.h.fixcompref);
+                } else {
+                    c = 1;
+                }
+                b->comp = vp56_rac_get_prob(td->c, s->prob.p.comp[c]);
+                td->counts.comp[c][b->comp]++;
+            }
+
+            // read actual references
+            // FIXME probably cache a few variables here to prevent repetitive
+            // memory accesses below
+            if (b->comp) { /* two references */
+                int fix_idx = s->s.h.signbias[s->s.h.fixcompref], var_idx = !fix_idx, c, bit;
+
+                b->ref[fix_idx] = s->s.h.fixcompref;
+                // FIXME can this codeblob be replaced by some sort of LUT?
+                if (have_a) {
+                    if (have_l) {
+                        if (s->above_intra_ctx[col]) {
+                            if (td->left_intra_ctx[row7]) {
+                                c = 2;
+                            } else {
+                                c = 1 + 2 * (td->left_ref_ctx[row7] != s->s.h.varcompref[1]);
+                            }
+                        } else if (td->left_intra_ctx[row7]) {
+                            c = 1 + 2 * (s->above_ref_ctx[col] != s->s.h.varcompref[1]);
+                        } else {
+                            int refl = td->left_ref_ctx[row7], refa = s->above_ref_ctx[col];
+
+                            if (refl == refa && refa == s->s.h.varcompref[1]) {
+                                c = 0;
+                            } else if (!td->left_comp_ctx[row7] && !s->above_comp_ctx[col]) {
+                                if ((refa == s->s.h.fixcompref && refl == s->s.h.varcompref[0]) ||
+                                    (refl == s->s.h.fixcompref && refa == s->s.h.varcompref[0])) {
+                                    c = 4;
+                                } else {
+                                    c = (refa == refl) ? 3 : 1;
+                                }
+                            } else if (!td->left_comp_ctx[row7]) {
+                                if (refa == s->s.h.varcompref[1] && refl != s->s.h.varcompref[1]) {
+                                    c = 1;
+                                } else {
+                                    c = (refl == s->s.h.varcompref[1] &&
+                                         refa != s->s.h.varcompref[1]) ? 2 : 4;
+                                }
+                            } else if (!s->above_comp_ctx[col]) {
+                                if (refl == s->s.h.varcompref[1] && refa != s->s.h.varcompref[1]) {
+                                    c = 1;
+                                } else {
+                                    c = (refa == s->s.h.varcompref[1] &&
+                                         refl != s->s.h.varcompref[1]) ? 2 : 4;
+                                }
+                            } else {
+                                c = (refl == refa) ? 4 : 2;
+                            }
+                        }
+                    } else {
+                        if (s->above_intra_ctx[col]) {
+                            c = 2;
+                        } else if (s->above_comp_ctx[col]) {
+                            c = 4 * (s->above_ref_ctx[col] != s->s.h.varcompref[1]);
+                        } else {
+                            c = 3 * (s->above_ref_ctx[col] != s->s.h.varcompref[1]);
+                        }
+                    }
+                } else if (have_l) {
+                    if (td->left_intra_ctx[row7]) {
+                        c = 2;
+                    } else if (td->left_comp_ctx[row7]) {
+                        c = 4 * (td->left_ref_ctx[row7] != s->s.h.varcompref[1]);
+                    } else {
+                        c = 3 * (td->left_ref_ctx[row7] != s->s.h.varcompref[1]);
+                    }
+                } else {
+                    c = 2;
+                }
+                bit = vp56_rac_get_prob(td->c, s->prob.p.comp_ref[c]);
+                b->ref[var_idx] = s->s.h.varcompref[bit];
+                td->counts.comp_ref[c][bit]++;
+            } else /* single reference */ {
+                int bit, c;
+
+                if (have_a && !s->above_intra_ctx[col]) {
+                    if (have_l && !td->left_intra_ctx[row7]) {
+                        if (td->left_comp_ctx[row7]) {
+                            if (s->above_comp_ctx[col]) {
+                                c = 1 + (!s->s.h.fixcompref || !td->left_ref_ctx[row7] ||
+                                         !s->above_ref_ctx[col]);
+                            } else {
+                                c = (3 * !s->above_ref_ctx[col]) +
+                                    (!s->s.h.fixcompref || !td->left_ref_ctx[row7]);
+                            }
+                        } else if (s->above_comp_ctx[col]) {
+                            c = (3 * !td->left_ref_ctx[row7]) +
+                                (!s->s.h.fixcompref || !s->above_ref_ctx[col]);
+                        } else {
+                            c = 2 * !td->left_ref_ctx[row7] + 2 * !s->above_ref_ctx[col];
+                        }
+                    } else if (s->above_intra_ctx[col]) {
+                        c = 2;
+                    } else if (s->above_comp_ctx[col]) {
+                        c = 1 + (!s->s.h.fixcompref || !s->above_ref_ctx[col]);
+                    } else {
+                        c = 4 * (!s->above_ref_ctx[col]);
+                    }
+                } else if (have_l && !td->left_intra_ctx[row7]) {
+                    if (td->left_intra_ctx[row7]) {
+                        c = 2;
+                    } else if (td->left_comp_ctx[row7]) {
+                        c = 1 + (!s->s.h.fixcompref || !td->left_ref_ctx[row7]);
+                    } else {
+                        c = 4 * (!td->left_ref_ctx[row7]);
+                    }
+                } else {
+                    c = 2;
+                }
+                bit = vp56_rac_get_prob(td->c, s->prob.p.single_ref[c][0]);
+                td->counts.single_ref[c][0][bit]++;
+                if (!bit) {
+                    b->ref[0] = 0;
+                } else {
+                    // FIXME can this codeblob be replaced by some sort of LUT?
+                    if (have_a) {
+                        if (have_l) {
+                            if (td->left_intra_ctx[row7]) {
+                                if (s->above_intra_ctx[col]) {
+                                    c = 2;
+                                } else if (s->above_comp_ctx[col]) {
+                                    c = 1 + 2 * (s->s.h.fixcompref == 1 ||
+                                                 s->above_ref_ctx[col] == 1);
+                                } else if (!s->above_ref_ctx[col]) {
+                                    c = 3;
+                                } else {
+                                    c = 4 * (s->above_ref_ctx[col] == 1);
+                                }
+                            } else if (s->above_intra_ctx[col]) {
+                                if (td->left_intra_ctx[row7]) {
+                                    c = 2;
+                                } else if (td->left_comp_ctx[row7]) {
+                                    c = 1 + 2 * (s->s.h.fixcompref == 1 ||
+                                                 td->left_ref_ctx[row7] == 1);
+                                } else if (!td->left_ref_ctx[row7]) {
+                                    c = 3;
+                                } else {
+                                    c = 4 * (td->left_ref_ctx[row7] == 1);
+                                }
+                            } else if (s->above_comp_ctx[col]) {
+                                if (td->left_comp_ctx[row7]) {
+                                    if (td->left_ref_ctx[row7] == s->above_ref_ctx[col]) {
+                                        c = 3 * (s->s.h.fixcompref == 1 ||
+                                                 td->left_ref_ctx[row7] == 1);
+                                    } else {
+                                        c = 2;
+                                    }
+                                } else if (!td->left_ref_ctx[row7]) {
+                                    c = 1 + 2 * (s->s.h.fixcompref == 1 ||
+                                                 s->above_ref_ctx[col] == 1);
+                                } else {
+                                    c = 3 * (td->left_ref_ctx[row7] == 1) +
+                                    (s->s.h.fixcompref == 1 || s->above_ref_ctx[col] == 1);
+                                }
+                            } else if (td->left_comp_ctx[row7]) {
+                                if (!s->above_ref_ctx[col]) {
+                                    c = 1 + 2 * (s->s.h.fixcompref == 1 ||
+                                                 td->left_ref_ctx[row7] == 1);
+                                } else {
+                                    c = 3 * (s->above_ref_ctx[col] == 1) +
+                                    (s->s.h.fixcompref == 1 || td->left_ref_ctx[row7] == 1);
+                                }
+                            } else if (!s->above_ref_ctx[col]) {
+                                if (!td->left_ref_ctx[row7]) {
+                                    c = 3;
+                                } else {
+                                    c = 4 * (td->left_ref_ctx[row7] == 1);
+                                }
+                            } else if (!td->left_ref_ctx[row7]) {
+                                c = 4 * (s->above_ref_ctx[col] == 1);
+                            } else {
+                                c = 2 * (td->left_ref_ctx[row7] == 1) +
+                                    2 * (s->above_ref_ctx[col] == 1);
+                            }
+                        } else {
+                            if (s->above_intra_ctx[col] ||
+                                (!s->above_comp_ctx[col] && !s->above_ref_ctx[col])) {
+                                c = 2;
+                            } else if (s->above_comp_ctx[col]) {
+                                c = 3 * (s->s.h.fixcompref == 1 || s->above_ref_ctx[col] == 1);
+                            } else {
+                                c = 4 * (s->above_ref_ctx[col] == 1);
+                            }
+                        }
+                    } else if (have_l) {
+                        if (td->left_intra_ctx[row7] ||
+                            (!td->left_comp_ctx[row7] && !td->left_ref_ctx[row7])) {
+                            c = 2;
+                        } else if (td->left_comp_ctx[row7]) {
+                            c = 3 * (s->s.h.fixcompref == 1 || td->left_ref_ctx[row7] == 1);
+                        } else {
+                            c = 4 * (td->left_ref_ctx[row7] == 1);
+                        }
+                    } else {
+                        c = 2;
+                    }
+                    bit = vp56_rac_get_prob(td->c, s->prob.p.single_ref[c][1]);
+                    td->counts.single_ref[c][1][bit]++;
+                    b->ref[0] = 1 + bit;
+                }
+            }
+        }
+
+        if (b->bs <= BS_8x8) {
+            if (s->s.h.segmentation.enabled && s->s.h.segmentation.feat[b->seg_id].skip_enabled) {
+                b->mode[0] =
+                b->mode[1] =
+                b->mode[2] =
+                b->mode[3] = ZEROMV;
+            } else {
+                static const uint8_t off[10] = {
+                    3, 0, 0, 1, 0, 0, 0, 0, 0, 0
+                };
+
+                // FIXME this needs to use the LUT tables from find_ref_mvs
+                // because not all are -1,0/0,-1
+                int c = inter_mode_ctx_lut[s->above_mode_ctx[col + off[b->bs]]]
+                                          [td->left_mode_ctx[row7 + off[b->bs]]];
+
+                b->mode[0] = vp8_rac_get_tree(td->c, ff_vp9_inter_mode_tree,
+                                              s->prob.p.mv_mode[c]);
+                b->mode[1] =
+                b->mode[2] =
+                b->mode[3] = b->mode[0];
+                td->counts.mv_mode[c][b->mode[0] - 10]++;
+            }
+        }
+
+        if (s->s.h.filtermode == FILTER_SWITCHABLE) {
+            int c;
+
+            if (have_a && s->above_mode_ctx[col] >= NEARESTMV) {
+                if (have_l && td->left_mode_ctx[row7] >= NEARESTMV) {
+                    c = s->above_filter_ctx[col] == td->left_filter_ctx[row7] ?
+                        td->left_filter_ctx[row7] : 3;
+                } else {
+                    c = s->above_filter_ctx[col];
+                }
+            } else if (have_l && td->left_mode_ctx[row7] >= NEARESTMV) {
+                c = td->left_filter_ctx[row7];
+            } else {
+                c = 3;
+            }
+
+            filter_id = vp8_rac_get_tree(td->c, ff_vp9_filter_tree,
+                                         s->prob.p.filter[c]);
+            td->counts.filter[c][filter_id]++;
+            b->filter = ff_vp9_filter_lut[filter_id];
+        } else {
+            b->filter = s->s.h.filtermode;
+        }
+
+        if (b->bs > BS_8x8) {
+            int c = inter_mode_ctx_lut[s->above_mode_ctx[col]][td->left_mode_ctx[row7]];
+
+            b->mode[0] = vp8_rac_get_tree(td->c, ff_vp9_inter_mode_tree,
+                                          s->prob.p.mv_mode[c]);
+            td->counts.mv_mode[c][b->mode[0] - 10]++;
+            ff_vp9_fill_mv(td, b->mv[0], b->mode[0], 0);
+
+            if (b->bs != BS_8x4) {
+                b->mode[1] = vp8_rac_get_tree(td->c, ff_vp9_inter_mode_tree,
+                                              s->prob.p.mv_mode[c]);
+                td->counts.mv_mode[c][b->mode[1] - 10]++;
+                ff_vp9_fill_mv(td, b->mv[1], b->mode[1], 1);
+            } else {
+                b->mode[1] = b->mode[0];
+                AV_COPY32(&b->mv[1][0], &b->mv[0][0]);
+                AV_COPY32(&b->mv[1][1], &b->mv[0][1]);
+            }
+
+            if (b->bs != BS_4x8) {
+                b->mode[2] = vp8_rac_get_tree(td->c, ff_vp9_inter_mode_tree,
+                                              s->prob.p.mv_mode[c]);
+                td->counts.mv_mode[c][b->mode[2] - 10]++;
+                ff_vp9_fill_mv(td, b->mv[2], b->mode[2], 2);
+
+                if (b->bs != BS_8x4) {
+                    b->mode[3] = vp8_rac_get_tree(td->c, ff_vp9_inter_mode_tree,
+                                                  s->prob.p.mv_mode[c]);
+                    td->counts.mv_mode[c][b->mode[3] - 10]++;
+                    ff_vp9_fill_mv(td, b->mv[3], b->mode[3], 3);
+                } else {
+                    b->mode[3] = b->mode[2];
+                    AV_COPY32(&b->mv[3][0], &b->mv[2][0]);
+                    AV_COPY32(&b->mv[3][1], &b->mv[2][1]);
+                }
+            } else {
+                b->mode[2] = b->mode[0];
+                AV_COPY32(&b->mv[2][0], &b->mv[0][0]);
+                AV_COPY32(&b->mv[2][1], &b->mv[0][1]);
+                b->mode[3] = b->mode[1];
+                AV_COPY32(&b->mv[3][0], &b->mv[1][0]);
+                AV_COPY32(&b->mv[3][1], &b->mv[1][1]);
+            }
+        } else {
+            ff_vp9_fill_mv(td, b->mv[0], b->mode[0], -1);
+            AV_COPY32(&b->mv[1][0], &b->mv[0][0]);
+            AV_COPY32(&b->mv[2][0], &b->mv[0][0]);
+            AV_COPY32(&b->mv[3][0], &b->mv[0][0]);
+            AV_COPY32(&b->mv[1][1], &b->mv[0][1]);
+            AV_COPY32(&b->mv[2][1], &b->mv[0][1]);
+            AV_COPY32(&b->mv[3][1], &b->mv[0][1]);
+        }
+
+        vref = b->ref[b->comp ? s->s.h.signbias[s->s.h.varcompref[0]] : 0];
+    }
+
+#if HAVE_FAST_64BIT
+#define SPLAT_CTX(var, val, n) \
+    switch (n) { \
+    case 1:  var = val;                                    break; \
+    case 2:  AV_WN16A(&var, val *             0x0101);     break; \
+    case 4:  AV_WN32A(&var, val *         0x01010101);     break; \
+    case 8:  AV_WN64A(&var, val * 0x0101010101010101ULL);  break; \
+    case 16: { \
+        uint64_t v64 = val * 0x0101010101010101ULL; \
+        AV_WN64A(              &var,     v64); \
+        AV_WN64A(&((uint8_t *) &var)[8], v64); \
+        break; \
+    } \
+    }
+#else
+#define SPLAT_CTX(var, val, n) \
+    switch (n) { \
+    case 1:  var = val;                         break; \
+    case 2:  AV_WN16A(&var, val *     0x0101);  break; \
+    case 4:  AV_WN32A(&var, val * 0x01010101);  break; \
+    case 8: { \
+        uint32_t v32 = val * 0x01010101; \
+        AV_WN32A(              &var,     v32); \
+        AV_WN32A(&((uint8_t *) &var)[4], v32); \
+        break; \
+    } \
+    case 16: { \
+        uint32_t v32 = val * 0x01010101; \
+        AV_WN32A(              &var,      v32); \
+        AV_WN32A(&((uint8_t *) &var)[4],  v32); \
+        AV_WN32A(&((uint8_t *) &var)[8],  v32); \
+        AV_WN32A(&((uint8_t *) &var)[12], v32); \
+        break; \
+    } \
+    }
+#endif
+
+    switch (ff_vp9_bwh_tab[1][b->bs][0]) {
+#define SET_CTXS(perf, dir, off, n) \
+    do { \
+        SPLAT_CTX(perf->dir##_skip_ctx[off],      b->skip,          n); \
+        SPLAT_CTX(perf->dir##_txfm_ctx[off],      b->tx,            n); \
+        SPLAT_CTX(perf->dir##_partition_ctx[off], dir##_ctx[b->bs], n); \
+        if (!s->s.h.keyframe && !s->s.h.intraonly) { \
+            SPLAT_CTX(perf->dir##_intra_ctx[off], b->intra,   n); \
+            SPLAT_CTX(perf->dir##_comp_ctx[off],  b->comp,    n); \
+            SPLAT_CTX(perf->dir##_mode_ctx[off],  b->mode[3], n); \
+            if (!b->intra) { \
+                SPLAT_CTX(perf->dir##_ref_ctx[off], vref, n); \
+                if (s->s.h.filtermode == FILTER_SWITCHABLE) { \
+                    SPLAT_CTX(perf->dir##_filter_ctx[off], filter_id, n); \
+                } \
+            } \
+        } \
+    } while (0)
+    case 1: SET_CTXS(s, above, col, 1); break;
+    case 2: SET_CTXS(s, above, col, 2); break;
+    case 4: SET_CTXS(s, above, col, 4); break;
+    case 8: SET_CTXS(s, above, col, 8); break;
+    }
+    switch (ff_vp9_bwh_tab[1][b->bs][1]) {
+    case 1: SET_CTXS(td, left, row7, 1); break;
+    case 2: SET_CTXS(td, left, row7, 2); break;
+    case 4: SET_CTXS(td, left, row7, 4); break;
+    case 8: SET_CTXS(td, left, row7, 8); break;
+    }
+#undef SPLAT_CTX
+#undef SET_CTXS
+
+    if (!s->s.h.keyframe && !s->s.h.intraonly) {
+        if (b->bs > BS_8x8) {
+            int mv0 = AV_RN32A(&b->mv[3][0]), mv1 = AV_RN32A(&b->mv[3][1]);
+
+            AV_COPY32(&td->left_mv_ctx[row7 * 2 + 0][0], &b->mv[1][0]);
+            AV_COPY32(&td->left_mv_ctx[row7 * 2 + 0][1], &b->mv[1][1]);
+            AV_WN32A(&td->left_mv_ctx[row7 * 2 + 1][0], mv0);
+            AV_WN32A(&td->left_mv_ctx[row7 * 2 + 1][1], mv1);
+            AV_COPY32(&s->above_mv_ctx[col * 2 + 0][0], &b->mv[2][0]);
+            AV_COPY32(&s->above_mv_ctx[col * 2 + 0][1], &b->mv[2][1]);
+            AV_WN32A(&s->above_mv_ctx[col * 2 + 1][0], mv0);
+            AV_WN32A(&s->above_mv_ctx[col * 2 + 1][1], mv1);
+        } else {
+            int n, mv0 = AV_RN32A(&b->mv[3][0]), mv1 = AV_RN32A(&b->mv[3][1]);
+
+            for (n = 0; n < w4 * 2; n++) {
+                AV_WN32A(&s->above_mv_ctx[col * 2 + n][0], mv0);
+                AV_WN32A(&s->above_mv_ctx[col * 2 + n][1], mv1);
+            }
+            for (n = 0; n < h4 * 2; n++) {
+                AV_WN32A(&td->left_mv_ctx[row7 * 2 + n][0], mv0);
+                AV_WN32A(&td->left_mv_ctx[row7 * 2 + n][1], mv1);
+            }
+        }
+    }
+
+    // FIXME kinda ugly
+    for (y = 0; y < h4; y++) {
+        int x, o = (row + y) * s->sb_cols * 8 + col;
+        VP9mvrefPair *mv = &s->s.frames[CUR_FRAME].mv[o];
+
+        if (b->intra) {
+            for (x = 0; x < w4; x++) {
+                mv[x].ref[0] =
+                mv[x].ref[1] = -1;
+            }
+        } else if (b->comp) {
+            for (x = 0; x < w4; x++) {
+                mv[x].ref[0] = b->ref[0];
+                mv[x].ref[1] = b->ref[1];
+                AV_COPY32(&mv[x].mv[0], &b->mv[3][0]);
+                AV_COPY32(&mv[x].mv[1], &b->mv[3][1]);
+            }
+        } else {
+            for (x = 0; x < w4; x++) {
+                mv[x].ref[0] = b->ref[0];
+                mv[x].ref[1] = -1;
+                AV_COPY32(&mv[x].mv[0], &b->mv[3][0]);
+            }
+        }
+    }
+}
+
+// FIXME merge cnt/eob arguments?
+static av_always_inline int
+decode_coeffs_b_generic(VP56RangeCoder *c, int16_t *coef, int n_coeffs,
+                        int is_tx32x32, int is8bitsperpixel, int bpp, unsigned (*cnt)[6][3],
+                        unsigned (*eob)[6][2], uint8_t (*p)[6][11],
+                        int nnz, const int16_t *scan, const int16_t (*nb)[2],
+                        const int16_t *band_counts, int16_t *qmul)
+{
+    int i = 0, band = 0, band_left = band_counts[band];
+    const uint8_t *tp = p[0][nnz];
+    uint8_t cache[1024];
+
+    do {
+        int val, rc;
+
+        val = vp56_rac_get_prob_branchy(c, tp[0]); // eob
+        eob[band][nnz][val]++;
+        if (!val)
+            break;
+
+skip_eob:
+        if (!vp56_rac_get_prob_branchy(c, tp[1])) { // zero
+            cnt[band][nnz][0]++;
+            if (!--band_left)
+                band_left = band_counts[++band];
+            cache[scan[i]] = 0;
+            nnz            = (1 + cache[nb[i][0]] + cache[nb[i][1]]) >> 1;
+            tp             = p[band][nnz];
+            if (++i == n_coeffs)
+                break;  //invalid input; blocks should end with EOB
+            goto skip_eob;
+        }
+
+        rc = scan[i];
+        if (!vp56_rac_get_prob_branchy(c, tp[2])) { // one
+            cnt[band][nnz][1]++;
+            val       = 1;
+            cache[rc] = 1;
+        } else {
+            cnt[band][nnz][2]++;
+            if (!vp56_rac_get_prob_branchy(c, tp[3])) { // 2, 3, 4
+                if (!vp56_rac_get_prob_branchy(c, tp[4])) {
+                    cache[rc] = val = 2;
+                } else {
+                    val       = 3 + vp56_rac_get_prob(c, tp[5]);
+                    cache[rc] = 3;
+                }
+            } else if (!vp56_rac_get_prob_branchy(c, tp[6])) { // cat1/2
+                cache[rc] = 4;
+                if (!vp56_rac_get_prob_branchy(c, tp[7])) {
+                    val  =  vp56_rac_get_prob(c, 159) + 5;
+                } else {
+                    val  = (vp56_rac_get_prob(c, 165) << 1) + 7;
+                    val +=  vp56_rac_get_prob(c, 145);
+                }
+            } else { // cat 3-6
+                cache[rc] = 5;
+                if (!vp56_rac_get_prob_branchy(c, tp[8])) {
+                    if (!vp56_rac_get_prob_branchy(c, tp[9])) {
+                        val  = 11 + (vp56_rac_get_prob(c, 173) << 2);
+                        val +=      (vp56_rac_get_prob(c, 148) << 1);
+                        val +=       vp56_rac_get_prob(c, 140);
+                    } else {
+                        val  = 19 + (vp56_rac_get_prob(c, 176) << 3);
+                        val +=      (vp56_rac_get_prob(c, 155) << 2);
+                        val +=      (vp56_rac_get_prob(c, 140) << 1);
+                        val +=       vp56_rac_get_prob(c, 135);
+                    }
+                } else if (!vp56_rac_get_prob_branchy(c, tp[10])) {
+                    val  = (vp56_rac_get_prob(c, 180) << 4) + 35;
+                    val += (vp56_rac_get_prob(c, 157) << 3);
+                    val += (vp56_rac_get_prob(c, 141) << 2);
+                    val += (vp56_rac_get_prob(c, 134) << 1);
+                    val +=  vp56_rac_get_prob(c, 130);
+                } else {
+                    val = 67;
+                    if (!is8bitsperpixel) {
+                        if (bpp == 12) {
+                            val += vp56_rac_get_prob(c, 255) << 17;
+                            val += vp56_rac_get_prob(c, 255) << 16;
+                        }
+                        val +=  (vp56_rac_get_prob(c, 255) << 15);
+                        val +=  (vp56_rac_get_prob(c, 255) << 14);
+                    }
+                    val += (vp56_rac_get_prob(c, 254) << 13);
+                    val += (vp56_rac_get_prob(c, 254) << 12);
+                    val += (vp56_rac_get_prob(c, 254) << 11);
+                    val += (vp56_rac_get_prob(c, 252) << 10);
+                    val += (vp56_rac_get_prob(c, 249) << 9);
+                    val += (vp56_rac_get_prob(c, 243) << 8);
+                    val += (vp56_rac_get_prob(c, 230) << 7);
+                    val += (vp56_rac_get_prob(c, 196) << 6);
+                    val += (vp56_rac_get_prob(c, 177) << 5);
+                    val += (vp56_rac_get_prob(c, 153) << 4);
+                    val += (vp56_rac_get_prob(c, 140) << 3);
+                    val += (vp56_rac_get_prob(c, 133) << 2);
+                    val += (vp56_rac_get_prob(c, 130) << 1);
+                    val +=  vp56_rac_get_prob(c, 129);
+                }
+            }
+        }
+#define STORE_COEF(c, i, v) do { \
+    if (is8bitsperpixel) { \
+        c[i] = v; \
+    } else { \
+        AV_WN32A(&c[i * 2], v); \
+    } \
+} while (0)
+        if (!--band_left)
+            band_left = band_counts[++band];
+        if (is_tx32x32)
+            STORE_COEF(coef, rc, (int)((vp8_rac_get(c) ? -val : val) * (unsigned)qmul[!!i]) / 2);
+        else
+            STORE_COEF(coef, rc, (vp8_rac_get(c) ? -val : val) * (unsigned)qmul[!!i]);
+        nnz = (1 + cache[nb[i][0]] + cache[nb[i][1]]) >> 1;
+        tp = p[band][nnz];
+    } while (++i < n_coeffs);
+
+    return i;
+}
+
+static int decode_coeffs_b_8bpp(VP9TileData *td, int16_t *coef, int n_coeffs,
+                                unsigned (*cnt)[6][3], unsigned (*eob)[6][2],
+                                uint8_t (*p)[6][11], int nnz, const int16_t *scan,
+                                const int16_t (*nb)[2], const int16_t *band_counts,
+                                int16_t *qmul)
+{
+    return decode_coeffs_b_generic(td->c, coef, n_coeffs, 0, 1, 8, cnt, eob, p,
+                                   nnz, scan, nb, band_counts, qmul);
+}
+
+static int decode_coeffs_b32_8bpp(VP9TileData *td, int16_t *coef, int n_coeffs,
+                                  unsigned (*cnt)[6][3], unsigned (*eob)[6][2],
+                                  uint8_t (*p)[6][11], int nnz, const int16_t *scan,
+                                  const int16_t (*nb)[2], const int16_t *band_counts,
+                                  int16_t *qmul)
+{
+    return decode_coeffs_b_generic(td->c, coef, n_coeffs, 1, 1, 8, cnt, eob, p,
+                                   nnz, scan, nb, band_counts, qmul);
+}
+
+static int decode_coeffs_b_16bpp(VP9TileData *td, int16_t *coef, int n_coeffs,
+                                 unsigned (*cnt)[6][3], unsigned (*eob)[6][2],
+                                 uint8_t (*p)[6][11], int nnz, const int16_t *scan,
+                                 const int16_t (*nb)[2], const int16_t *band_counts,
+                                 int16_t *qmul)
+{
+    return decode_coeffs_b_generic(td->c, coef, n_coeffs, 0, 0, td->s->s.h.bpp, cnt, eob, p,
+                                   nnz, scan, nb, band_counts, qmul);
+}
+
+static int decode_coeffs_b32_16bpp(VP9TileData *td, int16_t *coef, int n_coeffs,
+                                   unsigned (*cnt)[6][3], unsigned (*eob)[6][2],
+                                   uint8_t (*p)[6][11], int nnz, const int16_t *scan,
+                                   const int16_t (*nb)[2], const int16_t *band_counts,
+                                   int16_t *qmul)
+{
+    return decode_coeffs_b_generic(td->c, coef, n_coeffs, 1, 0, td->s->s.h.bpp, cnt, eob, p,
+                                   nnz, scan, nb, band_counts, qmul);
+}
+
+static av_always_inline int decode_coeffs(VP9TileData *td, int is8bitsperpixel)
+{
+    VP9Context *s = td->s;
+    VP9Block *b = td->b;
+    int row = td->row, col = td->col;
+    uint8_t (*p)[6][11] = s->prob.coef[b->tx][0 /* y */][!b->intra];
+    unsigned (*c)[6][3] = td->counts.coef[b->tx][0 /* y */][!b->intra];
+    unsigned (*e)[6][2] = td->counts.eob[b->tx][0 /* y */][!b->intra];
+    int w4 = ff_vp9_bwh_tab[1][b->bs][0] << 1, h4 = ff_vp9_bwh_tab[1][b->bs][1] << 1;
+    int end_x = FFMIN(2 * (s->cols - col), w4);
+    int end_y = FFMIN(2 * (s->rows - row), h4);
+    int n, pl, x, y, ret;
+    int16_t (*qmul)[2] = s->s.h.segmentation.feat[b->seg_id].qmul;
+    int tx = 4 * s->s.h.lossless + b->tx;
+    const int16_t * const *yscans = ff_vp9_scans[tx];
+    const int16_t (* const * ynbs)[2] = ff_vp9_scans_nb[tx];
+    const int16_t *uvscan = ff_vp9_scans[b->uvtx][DCT_DCT];
+    const int16_t (*uvnb)[2] = ff_vp9_scans_nb[b->uvtx][DCT_DCT];
+    uint8_t *a = &s->above_y_nnz_ctx[col * 2];
+    uint8_t *l = &td->left_y_nnz_ctx[(row & 7) << 1];
+    static const int16_t band_counts[4][8] = {
+        { 1, 2, 3, 4,  3,   16 - 13 },
+        { 1, 2, 3, 4, 11,   64 - 21 },
+        { 1, 2, 3, 4, 11,  256 - 21 },
+        { 1, 2, 3, 4, 11, 1024 - 21 },
+    };
+    const int16_t *y_band_counts = band_counts[b->tx];
+    const int16_t *uv_band_counts = band_counts[b->uvtx];
+    int bytesperpixel = is8bitsperpixel ? 1 : 2;
+    int total_coeff = 0;
+
+#define MERGE(la, end, step, rd) \
+    for (n = 0; n < end; n += step) \
+        la[n] = !!rd(&la[n])
+#define MERGE_CTX(step, rd) \
+    do { \
+        MERGE(l, end_y, step, rd); \
+        MERGE(a, end_x, step, rd); \
+    } while (0)
+
+#define DECODE_Y_COEF_LOOP(step, mode_index, v) \
+    for (n = 0, y = 0; y < end_y; y += step) { \
+        for (x = 0; x < end_x; x += step, n += step * step) { \
+            enum TxfmType txtp = ff_vp9_intra_txfm_type[b->mode[mode_index]]; \
+            ret = (is8bitsperpixel ? decode_coeffs_b##v##_8bpp : decode_coeffs_b##v##_16bpp) \
+                                    (td, td->block + 16 * n * bytesperpixel, 16 * step * step, \
+                                     c, e, p, a[x] + l[y], yscans[txtp], \
+                                     ynbs[txtp], y_band_counts, qmul[0]); \
+            a[x] = l[y] = !!ret; \
+            total_coeff |= !!ret; \
+            if (step >= 4) { \
+                AV_WN16A(&td->eob[n], ret); \
+            } else { \
+                td->eob[n] = ret; \
+            } \
+        } \
+    }
+
+#define SPLAT(la, end, step, cond) \
+    if (step == 2) { \
+        for (n = 1; n < end; n += step) \
+            la[n] = la[n - 1]; \
+    } else if (step == 4) { \
+        if (cond) { \
+            for (n = 0; n < end; n += step) \
+                AV_WN32A(&la[n], la[n] * 0x01010101); \
+        } else { \
+            for (n = 0; n < end; n += step) \
+                memset(&la[n + 1], la[n], FFMIN(end - n - 1, 3)); \
+        } \
+    } else /* step == 8 */ { \
+        if (cond) { \
+            if (HAVE_FAST_64BIT) { \
+                for (n = 0; n < end; n += step) \
+                    AV_WN64A(&la[n], la[n] * 0x0101010101010101ULL); \
+            } else { \
+                for (n = 0; n < end; n += step) { \
+                    uint32_t v32 = la[n] * 0x01010101; \
+                    AV_WN32A(&la[n],     v32); \
+                    AV_WN32A(&la[n + 4], v32); \
+                } \
+            } \
+        } else { \
+            for (n = 0; n < end; n += step) \
+                memset(&la[n + 1], la[n], FFMIN(end - n - 1, 7)); \
+        } \
+    }
+#define SPLAT_CTX(step) \
+    do { \
+        SPLAT(a, end_x, step, end_x == w4); \
+        SPLAT(l, end_y, step, end_y == h4); \
+    } while (0)
+
+    /* y tokens */
+    switch (b->tx) {
+    case TX_4X4:
+        DECODE_Y_COEF_LOOP(1, b->bs > BS_8x8 ? n : 0,);
+        break;
+    case TX_8X8:
+        MERGE_CTX(2, AV_RN16A);
+        DECODE_Y_COEF_LOOP(2, 0,);
+        SPLAT_CTX(2);
+        break;
+    case TX_16X16:
+        MERGE_CTX(4, AV_RN32A);
+        DECODE_Y_COEF_LOOP(4, 0,);
+        SPLAT_CTX(4);
+        break;
+    case TX_32X32:
+        MERGE_CTX(8, AV_RN64A);
+        DECODE_Y_COEF_LOOP(8, 0, 32);
+        SPLAT_CTX(8);
+        break;
+    }
+
+#define DECODE_UV_COEF_LOOP(step, v) \
+    for (n = 0, y = 0; y < end_y; y += step) { \
+        for (x = 0; x < end_x; x += step, n += step * step) { \
+            ret = (is8bitsperpixel ? decode_coeffs_b##v##_8bpp : decode_coeffs_b##v##_16bpp) \
+                                    (td, td->uvblock[pl] + 16 * n * bytesperpixel, \
+                                     16 * step * step, c, e, p, a[x] + l[y], \
+                                     uvscan, uvnb, uv_band_counts, qmul[1]); \
+            a[x] = l[y] = !!ret; \
+            total_coeff |= !!ret; \
+            if (step >= 4) { \
+                AV_WN16A(&td->uveob[pl][n], ret); \
+            } else { \
+                td->uveob[pl][n] = ret; \
+            } \
+        } \
+    }
+
+    p = s->prob.coef[b->uvtx][1 /* uv */][!b->intra];
+    c = td->counts.coef[b->uvtx][1 /* uv */][!b->intra];
+    e = td->counts.eob[b->uvtx][1 /* uv */][!b->intra];
+    w4 >>= s->ss_h;
+    end_x >>= s->ss_h;
+    h4 >>= s->ss_v;
+    end_y >>= s->ss_v;
+    for (pl = 0; pl < 2; pl++) {
+        a = &s->above_uv_nnz_ctx[pl][col << !s->ss_h];
+        l = &td->left_uv_nnz_ctx[pl][(row & 7) << !s->ss_v];
+        switch (b->uvtx) {
+        case TX_4X4:
+            DECODE_UV_COEF_LOOP(1,);
+            break;
+        case TX_8X8:
+            MERGE_CTX(2, AV_RN16A);
+            DECODE_UV_COEF_LOOP(2,);
+            SPLAT_CTX(2);
+            break;
+        case TX_16X16:
+            MERGE_CTX(4, AV_RN32A);
+            DECODE_UV_COEF_LOOP(4,);
+            SPLAT_CTX(4);
+            break;
+        case TX_32X32:
+            MERGE_CTX(8, AV_RN64A);
+            DECODE_UV_COEF_LOOP(8, 32);
+            SPLAT_CTX(8);
+            break;
+        }
+    }
+
+    return total_coeff;
+}
+
+static int decode_coeffs_8bpp(VP9TileData *td)
+{
+    return decode_coeffs(td, 1);
+}
+
+static int decode_coeffs_16bpp(VP9TileData *td)
+{
+    return decode_coeffs(td, 0);
+}
+
+static av_always_inline void mask_edges(uint8_t (*mask)[8][4], int ss_h, int ss_v,
+                                        int row_and_7, int col_and_7,
+                                        int w, int h, int col_end, int row_end,
+                                        enum TxfmMode tx, int skip_inter)
+{
+    static const unsigned wide_filter_col_mask[2] = { 0x11, 0x01 };
+    static const unsigned wide_filter_row_mask[2] = { 0x03, 0x07 };
+
+    // FIXME I'm pretty sure all loops can be replaced by a single LUT if
+    // we make VP9Filter.mask uint64_t (i.e. row/col all single variable)
+    // and make the LUT 5-indexed (bl, bp, is_uv, tx and row/col), and then
+    // use row_and_7/col_and_7 as shifts (1*col_and_7+8*row_and_7)
+
+    // the intended behaviour of the vp9 loopfilter is to work on 8-pixel
+    // edges. This means that for UV, we work on two subsampled blocks at
+    // a time, and we only use the topleft block's mode information to set
+    // things like block strength. Thus, for any block size smaller than
+    // 16x16, ignore the odd portion of the block.
+    if (tx == TX_4X4 && (ss_v | ss_h)) {
+        if (h == ss_v) {
+            if (row_and_7 & 1)
+                return;
+            if (!row_end)
+                h += 1;
+        }
+        if (w == ss_h) {
+            if (col_and_7 & 1)
+                return;
+            if (!col_end)
+                w += 1;
+        }
+    }
+
+    if (tx == TX_4X4 && !skip_inter) {
+        int t = 1 << col_and_7, m_col = (t << w) - t, y;
+        // on 32-px edges, use the 8-px wide loopfilter; else, use 4-px wide
+        int m_row_8 = m_col & wide_filter_col_mask[ss_h], m_row_4 = m_col - m_row_8;
+
+        for (y = row_and_7; y < h + row_and_7; y++) {
+            int col_mask_id = 2 - !(y & wide_filter_row_mask[ss_v]);
+
+            mask[0][y][1] |= m_row_8;
+            mask[0][y][2] |= m_row_4;
+            // for odd lines, if the odd col is not being filtered,
+            // skip odd row also:
+            // .---. <-- a
+            // |   |
+            // |___| <-- b
+            // ^   ^
+            // c   d
+            //
+            // if a/c are even row/col and b/d are odd, and d is skipped,
+            // e.g. right edge of size-66x66.webm, then skip b also (bug)
+            if ((ss_h & ss_v) && (col_end & 1) && (y & 1)) {
+                mask[1][y][col_mask_id] |= (t << (w - 1)) - t;
+            } else {
+                mask[1][y][col_mask_id] |= m_col;
+            }
+            if (!ss_h)
+                mask[0][y][3] |= m_col;
+            if (!ss_v) {
+                if (ss_h && (col_end & 1))
+                    mask[1][y][3] |= (t << (w - 1)) - t;
+                else
+                    mask[1][y][3] |= m_col;
+            }
+        }
+    } else {
+        int y, t = 1 << col_and_7, m_col = (t << w) - t;
+
+        if (!skip_inter) {
+            int mask_id = (tx == TX_8X8);
+            int l2 = tx + ss_h - 1, step1d;
+            static const unsigned masks[4] = { 0xff, 0x55, 0x11, 0x01 };
+            int m_row = m_col & masks[l2];
+
+            // at odd UV col/row edges tx16/tx32 loopfilter edges, force
+            // 8wd loopfilter to prevent going off the visible edge.
+            if (ss_h && tx > TX_8X8 && (w ^ (w - 1)) == 1) {
+                int m_row_16 = ((t << (w - 1)) - t) & masks[l2];
+                int m_row_8 = m_row - m_row_16;
+
+                for (y = row_and_7; y < h + row_and_7; y++) {
+                    mask[0][y][0] |= m_row_16;
+                    mask[0][y][1] |= m_row_8;
+                }
+            } else {
+                for (y = row_and_7; y < h + row_and_7; y++)
+                    mask[0][y][mask_id] |= m_row;
+            }
+
+            l2 = tx + ss_v - 1;
+            step1d = 1 << l2;
+            if (ss_v && tx > TX_8X8 && (h ^ (h - 1)) == 1) {
+                for (y = row_and_7; y < h + row_and_7 - 1; y += step1d)
+                    mask[1][y][0] |= m_col;
+                if (y - row_and_7 == h - 1)
+                    mask[1][y][1] |= m_col;
+            } else {
+                for (y = row_and_7; y < h + row_and_7; y += step1d)
+                    mask[1][y][mask_id] |= m_col;
+            }
+        } else if (tx != TX_4X4) {
+            int mask_id;
+
+            mask_id = (tx == TX_8X8) || (h == ss_v);
+            mask[1][row_and_7][mask_id] |= m_col;
+            mask_id = (tx == TX_8X8) || (w == ss_h);
+            for (y = row_and_7; y < h + row_and_7; y++)
+                mask[0][y][mask_id] |= t;
+        } else {
+            int t8 = t & wide_filter_col_mask[ss_h], t4 = t - t8;
+
+            for (y = row_and_7; y < h + row_and_7; y++) {
+                mask[0][y][2] |= t4;
+                mask[0][y][1] |= t8;
+            }
+            mask[1][row_and_7][2 - !(row_and_7 & wide_filter_row_mask[ss_v])] |= m_col;
+        }
+    }
+}
+
+void ff_vp9_decode_block(VP9TileData *td, int row, int col,
+                         VP9Filter *lflvl, ptrdiff_t yoff, ptrdiff_t uvoff,
+                         enum BlockLevel bl, enum BlockPartition bp)
+{
+    VP9Context *s = td->s;
+    VP9Block *b = td->b;
+    enum BlockSize bs = bl * 3 + bp;
+    int bytesperpixel = s->bytesperpixel;
+    int w4 = ff_vp9_bwh_tab[1][bs][0], h4 = ff_vp9_bwh_tab[1][bs][1], lvl;
+    int emu[2];
+    AVFrame *f = s->s.frames[CUR_FRAME].tf.f;
+
+    td->row = row;
+    td->row7 = row & 7;
+    td->col = col;
+    td->col7 = col & 7;
+
+    td->min_mv.x = -(128 + col * 64);
+    td->min_mv.y = -(128 + row * 64);
+    td->max_mv.x = 128 + (s->cols - col - w4) * 64;
+    td->max_mv.y = 128 + (s->rows - row - h4) * 64;
+
+    if (s->pass < 2) {
+        b->bs = bs;
+        b->bl = bl;
+        b->bp = bp;
+        decode_mode(td);
+        b->uvtx = b->tx - ((s->ss_h && w4 * 2 == (1 << b->tx)) ||
+                           (s->ss_v && h4 * 2 == (1 << b->tx)));
+
+        if (!b->skip) {
+            int has_coeffs;
+
+            if (bytesperpixel == 1) {
+                has_coeffs = decode_coeffs_8bpp(td);
+            } else {
+                has_coeffs = decode_coeffs_16bpp(td);
+            }
+            if (!has_coeffs && b->bs <= BS_8x8 && !b->intra) {
+                b->skip = 1;
+                memset(&s->above_skip_ctx[col], 1, w4);
+                memset(&td->left_skip_ctx[td->row7], 1, h4);
+            }
+        } else {
+            int row7 = td->row7;
+
+#define SPLAT_ZERO_CTX(v, n) \
+    switch (n) { \
+    case 1:  v = 0;          break; \
+    case 2:  AV_ZERO16(&v);  break; \
+    case 4:  AV_ZERO32(&v);  break; \
+    case 8:  AV_ZERO64(&v);  break; \
+    case 16: AV_ZERO128(&v); break; \
+    }
+#define SPLAT_ZERO_YUV(dir, var, off, n, dir2) \
+    do { \
+        SPLAT_ZERO_CTX(dir##_y_##var[off * 2], n * 2); \
+        if (s->ss_##dir2) { \
+            SPLAT_ZERO_CTX(dir##_uv_##var[0][off], n); \
+            SPLAT_ZERO_CTX(dir##_uv_##var[1][off], n); \
+        } else { \
+            SPLAT_ZERO_CTX(dir##_uv_##var[0][off * 2], n * 2); \
+            SPLAT_ZERO_CTX(dir##_uv_##var[1][off * 2], n * 2); \
+        } \
+    } while (0)
+
+            switch (w4) {
+            case 1: SPLAT_ZERO_YUV(s->above, nnz_ctx, col, 1, h); break;
+            case 2: SPLAT_ZERO_YUV(s->above, nnz_ctx, col, 2, h); break;
+            case 4: SPLAT_ZERO_YUV(s->above, nnz_ctx, col, 4, h); break;
+            case 8: SPLAT_ZERO_YUV(s->above, nnz_ctx, col, 8, h); break;
+            }
+            switch (h4) {
+            case 1: SPLAT_ZERO_YUV(td->left, nnz_ctx, row7, 1, v); break;
+            case 2: SPLAT_ZERO_YUV(td->left, nnz_ctx, row7, 2, v); break;
+            case 4: SPLAT_ZERO_YUV(td->left, nnz_ctx, row7, 4, v); break;
+            case 8: SPLAT_ZERO_YUV(td->left, nnz_ctx, row7, 8, v); break;
+            }
+        }
+
+        if (s->pass == 1) {
+            s->td[0].b++;
+            s->td[0].block += w4 * h4 * 64 * bytesperpixel;
+            s->td[0].uvblock[0] += w4 * h4 * 64 * bytesperpixel >> (s->ss_h + s->ss_v);
+            s->td[0].uvblock[1] += w4 * h4 * 64 * bytesperpixel >> (s->ss_h + s->ss_v);
+            s->td[0].eob += 4 * w4 * h4;
+            s->td[0].uveob[0] += 4 * w4 * h4 >> (s->ss_h + s->ss_v);
+            s->td[0].uveob[1] += 4 * w4 * h4 >> (s->ss_h + s->ss_v);
+
+            return;
+        }
+    }
+
+    // emulated overhangs if the stride of the target buffer can't hold. This
+    // makes it possible to support emu-edge and so on even if we have large block
+    // overhangs
+    emu[0] = (col + w4) * 8 * bytesperpixel > f->linesize[0] ||
+             (row + h4) > s->rows;
+    emu[1] = ((col + w4) * 8 >> s->ss_h) * bytesperpixel > f->linesize[1] ||
+             (row + h4) > s->rows;
+    if (emu[0]) {
+        td->dst[0] = td->tmp_y;
+        td->y_stride = 128;
+    } else {
+        td->dst[0] = f->data[0] + yoff;
+        td->y_stride = f->linesize[0];
+    }
+    if (emu[1]) {
+        td->dst[1] = td->tmp_uv[0];
+        td->dst[2] = td->tmp_uv[1];
+        td->uv_stride = 128;
+    } else {
+        td->dst[1] = f->data[1] + uvoff;
+        td->dst[2] = f->data[2] + uvoff;
+        td->uv_stride = f->linesize[1];
+    }
+    if (b->intra) {
+        if (s->s.h.bpp > 8) {
+            ff_vp9_intra_recon_16bpp(td, yoff, uvoff);
+        } else {
+            ff_vp9_intra_recon_8bpp(td, yoff, uvoff);
+        }
+    } else {
+        if (s->s.h.bpp > 8) {
+            ff_vp9_inter_recon_16bpp(td);
+        } else {
+            ff_vp9_inter_recon_8bpp(td);
+        }
+    }
+    if (emu[0]) {
+        int w = FFMIN(s->cols - col, w4) * 8, h = FFMIN(s->rows - row, h4) * 8, n, o = 0;
+
+        for (n = 0; o < w; n++) {
+            int bw = 64 >> n;
+
+            av_assert2(n <= 4);
+            if (w & bw) {
+                s->dsp.mc[n][0][0][0][0](f->data[0] + yoff + o * bytesperpixel, f->linesize[0],
+                                         td->tmp_y + o * bytesperpixel, 128, h, 0, 0);
+                o += bw;
+            }
+        }
+    }
+    if (emu[1]) {
+        int w = FFMIN(s->cols - col, w4) * 8 >> s->ss_h;
+        int h = FFMIN(s->rows - row, h4) * 8 >> s->ss_v, n, o = 0;
+
+        for (n = s->ss_h; o < w; n++) {
+            int bw = 64 >> n;
+
+            av_assert2(n <= 4);
+            if (w & bw) {
+                s->dsp.mc[n][0][0][0][0](f->data[1] + uvoff + o * bytesperpixel, f->linesize[1],
+                                         td->tmp_uv[0] + o * bytesperpixel, 128, h, 0, 0);
+                s->dsp.mc[n][0][0][0][0](f->data[2] + uvoff + o * bytesperpixel, f->linesize[2],
+                                         td->tmp_uv[1] + o * bytesperpixel, 128, h, 0, 0);
+                o += bw;
+            }
+        }
+    }
+
+    // pick filter level and find edges to apply filter to
+    if (s->s.h.filter.level &&
+        (lvl = s->s.h.segmentation.feat[b->seg_id].lflvl[b->intra ? 0 : b->ref[0] + 1]
+                                                      [b->mode[3] != ZEROMV]) > 0) {
+        int x_end = FFMIN(s->cols - col, w4), y_end = FFMIN(s->rows - row, h4);
+        int skip_inter = !b->intra && b->skip, col7 = td->col7, row7 = td->row7;
+
+        setctx_2d(&lflvl->level[row7 * 8 + col7], w4, h4, 8, lvl);
+        mask_edges(lflvl->mask[0], 0, 0, row7, col7, x_end, y_end, 0, 0, b->tx, skip_inter);
+        if (s->ss_h || s->ss_v)
+            mask_edges(lflvl->mask[1], s->ss_h, s->ss_v, row7, col7, x_end, y_end,
+                       s->cols & 1 && col + w4 >= s->cols ? s->cols & 7 : 0,
+                       s->rows & 1 && row + h4 >= s->rows ? s->rows & 7 : 0,
+                       b->uvtx, skip_inter);
+    }
+
+    if (s->pass == 2) {
+        s->td[0].b++;
+        s->td[0].block += w4 * h4 * 64 * bytesperpixel;
+        s->td[0].uvblock[0] += w4 * h4 * 64 * bytesperpixel >> (s->ss_v + s->ss_h);
+        s->td[0].uvblock[1] += w4 * h4 * 64 * bytesperpixel >> (s->ss_v + s->ss_h);
+        s->td[0].eob += 4 * w4 * h4;
+        s->td[0].uveob[0] += 4 * w4 * h4 >> (s->ss_v + s->ss_h);
+        s->td[0].uveob[1] += 4 * w4 * h4 >> (s->ss_v + s->ss_h);
+    }
+}
diff --git a/media/ffvpx/libavcodec/vp9data.c b/media/ffvpx/libavcodec/vp9data.c
new file mode 100644
index 000000000..7af8a97b1
--- /dev/null
+++ b/media/ffvpx/libavcodec/vp9data.c
@@ -0,0 +1,2247 @@
+/*
+ * Copyright (C) 2013 Ronald S. Bultje <rsbultje gmail com>
+ * Copyright (C) 2013 Clément Bœsch <u pkh me>
+ *
+ * This file is part of FFmpeg.
+ *
+ * FFmpeg is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * FFmpeg is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with FFmpeg; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#include "vp9.h"
+#include "vp9data.h"
+
+const uint8_t ff_vp9_bwh_tab[2][N_BS_SIZES][2] = {
+    {
+        { 16, 16 }, { 16, 8 }, { 8, 16 }, { 8, 8 }, { 8, 4 }, { 4, 8 },
+        {  4,  4 }, {  4, 2 }, { 2,  4 }, { 2, 2 }, { 2, 1 }, { 1, 2 }, { 1, 1 },
+    }, {
+        {  8,  8 }, {  8, 4 }, { 4,  8 }, { 4, 4 }, { 4, 2 }, { 2, 4 },
+        {  2,  2 }, {  2, 1 }, { 1,  2 }, { 1, 1 }, { 1, 1 }, { 1, 1 }, { 1, 1 },
+    }
+};
+
+const int8_t ff_vp9_partition_tree[3][2] = {
+    { -PARTITION_NONE, 1 },                      // '0'
+        { -PARTITION_H, 2 },                     // '10'
+            { -PARTITION_V, -PARTITION_SPLIT },  // '110', '111'
+};
+
+const uint8_t ff_vp9_default_kf_partition_probs[4][4][3] = {
+    { /* 64x64 -> 32x32 */
+        { 174,  35,  49 } /* a/l both not split */,
+        {  68,  11,  27 } /* a split, l not split */,
+        {  57,  15,   9 } /* l split, a not split */,
+        {  12,   3,   3 } /* a/l both split */
+    }, { /* 32x32 -> 16x16 */
+        { 150,  40,  39 } /* a/l both not split */,
+        {  78,  12,  26 } /* a split, l not split */,
+        {  67,  33,  11 } /* l split, a not split */,
+        {  24,   7,   5 } /* a/l both split */,
+    }, { /* 16x16 -> 8x8 */
+        { 149,  53,  53 } /* a/l both not split */,
+        {  94,  20,  48 } /* a split, l not split */,
+        {  83,  53,  24 } /* l split, a not split */,
+        {  52,  18,  18 } /* a/l both split */,
+    }, { /* 8x8 -> 4x4 */
+        { 158,  97,  94 } /* a/l both not split */,
+        {  93,  24,  99 } /* a split, l not split */,
+        {  85, 119,  44 } /* l split, a not split */,
+        {  62,  59,  67 } /* a/l both split */,
+    },
+};
+
+const int8_t ff_vp9_segmentation_tree[7][2] = {
+    { 1, 2 },
+        { 3, 4 },
+        { 5, 6 },
+            { -0, -1 },  // '00x'
+            { -2, -3 },  // '01x'
+            { -4, -5 },  // '10x'
+            { -6, -7 },  // '11x'
+};
+
+const int8_t ff_vp9_intramode_tree[9][2] = {
+    { -DC_PRED, 1 },                                                  // '0'
+        { -TM_VP8_PRED, 2 },                                          // '10'
+            { -VERT_PRED, 3 },                                        // '110'
+                { 4, 6 },
+                    { -HOR_PRED, 5 },                                 // '11100'
+                        { -DIAG_DOWN_RIGHT_PRED, -VERT_RIGHT_PRED },  // '11101x'
+                    { -DIAG_DOWN_LEFT_PRED, 7 },                      // '11110'
+                        { -VERT_LEFT_PRED, 8 },                       // '111110'
+                            { -HOR_DOWN_PRED, -HOR_UP_PRED },         // '111111x'
+};
+
+const uint8_t ff_vp9_default_kf_ymode_probs[10][10][9] = {
+    { /* above = v */
+        {  43,  46, 168, 134, 107, 128,  69, 142,  92 } /* left = v */,
+        {  44,  29,  68, 159, 201, 177,  50,  57,  77 } /* left = h */,
+        {  63,  36, 126, 146, 123, 158,  60,  90,  96 } /* left = dc */,
+        {  58,  38,  76, 114,  97, 172,  78, 133,  92 } /* left = d45 */,
+        {  46,  41,  76, 140,  63, 184,  69, 112,  57 } /* left = d135 */,
+        {  38,  32,  85, 140,  46, 112,  54, 151, 133 } /* left = d117 */,
+        {  39,  27,  61, 131, 110, 175,  44,  75, 136 } /* left = d153 */,
+        {  47,  35,  80, 100,  74, 143,  64, 163,  74 } /* left = d63 */,
+        {  52,  30,  74, 113, 130, 175,  51,  64,  58 } /* left = d27 */,
+        {  36,  61, 116, 114, 128, 162,  80, 125,  82 } /* left = tm */
+    }, { /* above = h */
+        {  55,  44,  68, 166, 179, 192,  57,  57, 108 } /* left = v */,
+        {  42,  26,  11, 199, 241, 228,  23,  15,  85 } /* left = h */,
+        {  82,  26,  26, 171, 208, 204,  44,  32, 105 } /* left = dc */,
+        {  68,  42,  19, 131, 160, 199,  55,  52,  83 } /* left = d45 */,
+        {  58,  50,  25, 139, 115, 232,  39,  52, 118 } /* left = d135 */,
+        {  50,  35,  33, 153, 104, 162,  64,  59, 131 } /* left = d117 */,
+        {  44,  24,  16, 150, 177, 202,  33,  19, 156 } /* left = d153 */,
+        {  53,  49,  21, 110, 116, 168,  59,  80,  76 } /* left = d63 */,
+        {  55,  27,  12, 153, 203, 218,  26,  27,  49 } /* left = d27 */,
+        {  38,  72,  19, 168, 203, 212,  50,  50, 107 } /* left = tm */
+    }, { /* above = dc */
+        {  92,  45, 102, 136, 116, 180,  74,  90, 100 } /* left = v */,
+        {  73,  32,  19, 187, 222, 215,  46,  34, 100 } /* left = h */,
+        { 137,  30,  42, 148, 151, 207,  70,  52,  91 } /* left = dc */,
+        {  91,  30,  32, 116, 121, 186,  93,  86,  94 } /* left = d45 */,
+        {  72,  35,  36, 149,  68, 206,  68,  63, 105 } /* left = d135 */,
+        {  73,  31,  28, 138,  57, 124,  55, 122, 151 } /* left = d117 */,
+        {  67,  23,  21, 140, 126, 197,  40,  37, 171 } /* left = d153 */,
+        {  74,  32,  27, 107,  86, 160,  63, 134, 102 } /* left = d63 */,
+        {  86,  27,  28, 128, 154, 212,  45,  43,  53 } /* left = d27 */,
+        {  59,  67,  44, 140, 161, 202,  78,  67, 119 } /* left = tm */
+    }, { /* above = d45 */
+        {  59,  38,  83, 112, 103, 162,  98, 136,  90 } /* left = v */,
+        {  62,  30,  23, 158, 200, 207,  59,  57,  50 } /* left = h */,
+        { 103,  26,  36, 129, 132, 201,  83,  80,  93 } /* left = dc */,
+        {  67,  30,  29,  84,  86, 191, 102,  91,  59 } /* left = d45 */,
+        {  60,  32,  33, 112,  71, 220,  64,  89, 104 } /* left = d135 */,
+        {  53,  26,  34, 130,  56, 149,  84, 120, 103 } /* left = d117 */,
+        {  53,  21,  23, 133, 109, 210,  56,  77, 172 } /* left = d153 */,
+        {  61,  29,  29,  93,  97, 165,  83, 175, 162 } /* left = d63 */,
+        {  77,  19,  29, 112, 142, 228,  55,  66,  36 } /* left = d27 */,
+        {  47,  47,  43, 114, 137, 181, 100,  99,  95 } /* left = tm */
+    }, { /* above = d135 */
+        {  53,  40,  55, 139,  69, 183,  61,  80, 110 } /* left = v */,
+        {  40,  29,  19, 161, 180, 207,  43,  24,  91 } /* left = h */,
+        {  69,  23,  29, 128,  83, 199,  46,  44, 101 } /* left = dc */,
+        {  60,  34,  19, 105,  61, 198,  53,  64,  89 } /* left = d45 */,
+        {  52,  31,  22, 158,  40, 209,  58,  62,  89 } /* left = d135 */,
+        {  44,  31,  29, 147,  46, 158,  56, 102, 198 } /* left = d117 */,
+        {  35,  19,  12, 135,  87, 209,  41,  45, 167 } /* left = d153 */,
+        {  51,  38,  25, 113,  58, 164,  70,  93,  97 } /* left = d63 */,
+        {  55,  25,  21, 118,  95, 215,  38,  39,  66 } /* left = d27 */,
+        {  47,  54,  34, 146, 108, 203,  72, 103, 151 } /* left = tm */
+    }, { /* above = d117 */
+        {  46,  27,  80, 150,  55, 124,  55, 121, 135 } /* left = v */,
+        {  36,  23,  27, 165, 149, 166,  54,  64, 118 } /* left = h */,
+        {  64,  19,  37, 156,  66, 138,  49,  95, 133 } /* left = dc */,
+        {  53,  21,  36, 131,  63, 163,  60, 109,  81 } /* left = d45 */,
+        {  40,  26,  35, 154,  40, 185,  51,  97, 123 } /* left = d135 */,
+        {  35,  19,  34, 179,  19,  97,  48, 129, 124 } /* left = d117 */,
+        {  36,  20,  26, 136,  62, 164,  33,  77, 154 } /* left = d153 */,
+        {  45,  26,  28, 129,  45, 129,  49, 147, 123 } /* left = d63 */,
+        {  45,  18,  32, 130,  90, 157,  40,  79,  91 } /* left = d27 */,
+        {  38,  44,  51, 136,  74, 162,  57,  97, 121 } /* left = tm */
+    }, { /* above = d153 */
+        {  56,  39,  58, 133, 117, 173,  48,  53, 187 } /* left = v */,
+        {  35,  21,  12, 161, 212, 207,  20,  23, 145 } /* left = h */,
+        {  75,  17,  22, 136, 138, 185,  32,  34, 166 } /* left = dc */,
+        {  56,  29,  19, 117, 109, 181,  55,  68, 112 } /* left = d45 */,
+        {  47,  29,  17, 153,  64, 220,  59,  51, 114 } /* left = d135 */,
+        {  46,  16,  24, 136,  76, 147,  41,  64, 172 } /* left = d117 */,
+        {  34,  17,  11, 108, 152, 187,  13,  15, 209 } /* left = d153 */,
+        {  55,  30,  18, 122,  79, 179,  44,  88, 116 } /* left = d63 */,
+        {  51,  24,  14, 115, 133, 209,  32,  26, 104 } /* left = d27 */,
+        {  37,  49,  25, 129, 168, 164,  41,  54, 148 } /* left = tm */
+    }, { /* above = d63 */
+        {  48,  34,  86, 101,  92, 146,  78, 179, 134 } /* left = v */,
+        {  47,  22,  24, 138, 187, 178,  68,  69,  59 } /* left = h */,
+        {  78,  23,  39, 111, 117, 170,  74, 124,  94 } /* left = dc */,
+        {  56,  25,  33, 105, 112, 187,  95, 177, 129 } /* left = d45 */,
+        {  48,  31,  27, 114,  63, 183,  82, 116,  56 } /* left = d135 */,
+        {  43,  28,  37, 121,  63, 123,  61, 192, 169 } /* left = d117 */,
+        {  42,  17,  24, 109,  97, 177,  56,  76, 122 } /* left = d153 */,
+        {  46,  23,  32,  74,  86, 150,  67, 183,  88 } /* left = d63 */,
+        {  58,  18,  28, 105, 139, 182,  70,  92,  63 } /* left = d27 */,
+        {  36,  38,  48,  92, 122, 165,  88, 137,  91 } /* left = tm */
+    }, { /* above = d27 */
+        {  62,  44,  61, 123, 105, 189,  48,  57,  64 } /* left = v */,
+        {  47,  25,  17, 175, 222, 220,  24,  30,  86 } /* left = h */,
+        {  82,  22,  32, 127, 143, 213,  39,  41,  70 } /* left = dc */,
+        {  68,  36,  17, 106, 102, 206,  59,  74,  74 } /* left = d45 */,
+        {  57,  39,  23, 151,  68, 216,  55,  63,  58 } /* left = d135 */,
+        {  49,  30,  35, 141,  70, 168,  82,  40, 115 } /* left = d117 */,
+        {  51,  25,  15, 136, 129, 202,  38,  35, 139 } /* left = d153 */,
+        {  59,  39,  19, 114,  75, 180,  77, 104,  42 } /* left = d63 */,
+        {  68,  26,  16, 111, 141, 215,  29,  28,  28 } /* left = d27 */,
+        {  40,  61,  26, 126, 152, 206,  61,  59,  93 } /* left = tm */
+    }, { /* above = tm */
+        {  44,  78, 115, 132, 119, 173,  71, 112,  93 } /* left = v */,
+        {  39,  38,  21, 184, 227, 206,  42,  32,  64 } /* left = h */,
+        {  65,  70,  60, 155, 159, 199,  61,  60,  81 } /* left = dc */,
+        {  58,  47,  36, 124, 137, 193,  80,  82,  78 } /* left = d45 */,
+        {  49,  50,  35, 144,  95, 205,  63,  78,  59 } /* left = d135 */,
+        {  41,  53,  52, 148,  71, 142,  65, 128,  51 } /* left = d117 */,
+        {  40,  36,  28, 143, 143, 202,  40,  55, 137 } /* left = d153 */,
+        {  42,  44,  44, 104, 105, 164,  64, 130,  80 } /* left = d63 */,
+        {  52,  34,  29, 129, 183, 227,  42,  35,  43 } /* left = d27 */,
+        {  43,  81,  53, 140, 169, 204,  68,  84,  72 } /* left = tm */
+    }
+};
+
+const uint8_t ff_vp9_default_kf_uvmode_probs[10][9] = {
+    { 118,  15, 123, 148, 131, 101,  44,  93, 131 } /* y = v */,
+    { 113,  12,  23, 188, 226, 142,  26,  32, 125 } /* y = h */,
+    { 144,  11,  54, 157, 195, 130,  46,  58, 108 } /* y = dc */,
+    { 120,  11,  50, 123, 163, 135,  64,  77, 103 } /* y = d45 */,
+    { 113,   9,  36, 155, 111, 157,  32,  44, 161 } /* y = d135 */,
+    { 116,   9,  55, 176,  76,  96,  37,  61, 149 } /* y = d117 */,
+    { 115,   9,  28, 141, 161, 167,  21,  25, 193 } /* y = d153 */,
+    { 116,  12,  64, 120, 140, 125,  49, 115, 121 } /* y = d63 */,
+    { 120,  12,  32, 145, 195, 142,  32,  38,  86 } /* y = d27 */,
+    { 102,  19,  66, 162, 182, 122,  35,  59, 128 } /* y = tm */
+};
+
+const int8_t ff_vp9_inter_mode_tree[3][2] = {
+    { -ZEROMV, 1 },               // '0'
+        { -NEARESTMV, 2 },        // '10'
+            { -NEARMV, -NEWMV },  // '11x'
+};
+
+const int8_t ff_vp9_filter_tree[2][2] = {
+    { -0,  1 },     // '0'
+        { -1, -2 }, // '1x'
+};
+
+const enum FilterMode ff_vp9_filter_lut[3] = {
+    FILTER_8TAP_REGULAR,
+    FILTER_8TAP_SMOOTH,
+    FILTER_8TAP_SHARP,
+};
+
+const int16_t ff_vp9_dc_qlookup[3][256] = {
+    {
+            4,     8,     8,     9,    10,    11,    12,    12,
+           13,    14,    15,    16,    17,    18,    19,    19,
+           20,    21,    22,    23,    24,    25,    26,    26,
+           27,    28,    29,    30,    31,    32,    32,    33,
+           34,    35,    36,    37,    38,    38,    39,    40,
+           41,    42,    43,    43,    44,    45,    46,    47,
+           48,    48,    49,    50,    51,    52,    53,    53,
+           54,    55,    56,    57,    57,    58,    59,    60,
+           61,    62,    62,    63,    64,    65,    66,    66,
+           67,    68,    69,    70,    70,    71,    72,    73,
+           74,    74,    75,    76,    77,    78,    78,    79,
+           80,    81,    81,    82,    83,    84,    85,    85,
+           87,    88,    90,    92,    93,    95,    96,    98,
+           99,   101,   102,   104,   105,   107,   108,   110,
+          111,   113,   114,   116,   117,   118,   120,   121,
+          123,   125,   127,   129,   131,   134,   136,   138,
+          140,   142,   144,   146,   148,   150,   152,   154,
+          156,   158,   161,   164,   166,   169,   172,   174,
+          177,   180,   182,   185,   187,   190,   192,   195,
+          199,   202,   205,   208,   211,   214,   217,   220,
+          223,   226,   230,   233,   237,   240,   243,   247,
+          250,   253,   257,   261,   265,   269,   272,   276,
+          280,   284,   288,   292,   296,   300,   304,   309,
+          313,   317,   322,   326,   330,   335,   340,   344,
+          349,   354,   359,   364,   369,   374,   379,   384,
+          389,   395,   400,   406,   411,   417,   423,   429,
+          435,   441,   447,   454,   461,   467,   475,   482,
+          489,   497,   505,   513,   522,   530,   539,   549,
+          559,   569,   579,   590,   602,   614,   626,   640,
+          654,   668,   684,   700,   717,   736,   755,   775,
+          796,   819,   843,   869,   896,   925,   955,   988,
+         1022,  1058,  1098,  1139,  1184,  1232,  1282,  1336,
+    }, {
+            4,     9,    10,    13,    15,    17,    20,    22,
+           25,    28,    31,    34,    37,    40,    43,    47,
+           50,    53,    57,    60,    64,    68,    71,    75,
+           78,    82,    86,    90,    93,    97,   101,   105,
+          109,   113,   116,   120,   124,   128,   132,   136,
+          140,   143,   147,   151,   155,   159,   163,   166,
+          170,   174,   178,   182,   185,   189,   193,   197,
+          200,   204,   208,   212,   215,   219,   223,   226,
+          230,   233,   237,   241,   244,   248,   251,   255,
+          259,   262,   266,   269,   273,   276,   280,   283,
+          287,   290,   293,   297,   300,   304,   307,   310,
+          314,   317,   321,   324,   327,   331,   334,   337,
+          343,   350,   356,   362,   369,   375,   381,   387,
+          394,   400,   406,   412,   418,   424,   430,   436,
+          442,   448,   454,   460,   466,   472,   478,   484,
+          490,   499,   507,   516,   525,   533,   542,   550,
+          559,   567,   576,   584,   592,   601,   609,   617,
+          625,   634,   644,   655,   666,   676,   687,   698,
+          708,   718,   729,   739,   749,   759,   770,   782,
+          795,   807,   819,   831,   844,   856,   868,   880,
+          891,   906,   920,   933,   947,   961,   975,   988,
+         1001,  1015,  1030,  1045,  1061,  1076,  1090,  1105,
+         1120,  1137,  1153,  1170,  1186,  1202,  1218,  1236,
+         1253,  1271,  1288,  1306,  1323,  1342,  1361,  1379,
+         1398,  1416,  1436,  1456,  1476,  1496,  1516,  1537,
+         1559,  1580,  1601,  1624,  1647,  1670,  1692,  1717,
+         1741,  1766,  1791,  1817,  1844,  1871,  1900,  1929,
+         1958,  1990,  2021,  2054,  2088,  2123,  2159,  2197,
+         2236,  2276,  2319,  2363,  2410,  2458,  2508,  2561,
+         2616,  2675,  2737,  2802,  2871,  2944,  3020,  3102,
+         3188,  3280,  3375,  3478,  3586,  3702,  3823,  3953,
+         4089,  4236,  4394,  4559,  4737,  4929,  5130,  5347,
+    }, {
+            4,    12,    18,    25,    33,    41,    50,    60,
+           70,    80,    91,   103,   115,   127,   140,   153,
+          166,   180,   194,   208,   222,   237,   251,   266,
+          281,   296,   312,   327,   343,   358,   374,   390,
+          405,   421,   437,   453,   469,   484,   500,   516,
+          532,   548,   564,   580,   596,   611,   627,   643,
+          659,   674,   690,   706,   721,   737,   752,   768,
+          783,   798,   814,   829,   844,   859,   874,   889,
+          904,   919,   934,   949,   964,   978,   993,  1008,
+         1022,  1037,  1051,  1065,  1080,  1094,  1108,  1122,
+         1136,  1151,  1165,  1179,  1192,  1206,  1220,  1234,
+         1248,  1261,  1275,  1288,  1302,  1315,  1329,  1342,
+         1368,  1393,  1419,  1444,  1469,  1494,  1519,  1544,
+         1569,  1594,  1618,  1643,  1668,  1692,  1717,  1741,
+         1765,  1789,  1814,  1838,  1862,  1885,  1909,  1933,
+         1957,  1992,  2027,  2061,  2096,  2130,  2165,  2199,
+         2233,  2267,  2300,  2334,  2367,  2400,  2434,  2467,
+         2499,  2532,  2575,  2618,  2661,  2704,  2746,  2788,
+         2830,  2872,  2913,  2954,  2995,  3036,  3076,  3127,
+         3177,  3226,  3275,  3324,  3373,  3421,  3469,  3517,
+         3565,  3621,  3677,  3733,  3788,  3843,  3897,  3951,
+         4005,  4058,  4119,  4181,  4241,  4301,  4361,  4420,
+         4479,  4546,  4612,  4677,  4742,  4807,  4871,  4942,
+         5013,  5083,  5153,  5222,  5291,  5367,  5442,  5517,
+         5591,  5665,  5745,  5825,  5905,  5984,  6063,  6149,
+         6234,  6319,  6404,  6495,  6587,  6678,  6769,  6867,
+         6966,  7064,  7163,  7269,  7376,  7483,  7599,  7715,
+         7832,  7958,  8085,  8214,  8352,  8492,  8635,  8788,
+         8945,  9104,  9275,  9450,  9639,  9832, 10031, 10245,
+        10465, 10702, 10946, 11210, 11482, 11776, 12081, 12409,
+        12750, 13118, 13501, 13913, 14343, 14807, 15290, 15812,
+        16356, 16943, 17575, 18237, 18949, 19718, 20521, 21387,
+    }
+};
+
+const int16_t ff_vp9_ac_qlookup[3][256] = {
+    {
+            4,     8,     9,    10,    11,    12,    13,    14,
+           15,    16,    17,    18,    19,    20,    21,    22,
+           23,    24,    25,    26,    27,    28,    29,    30,
+           31,    32,    33,    34,    35,    36,    37,    38,
+           39,    40,    41,    42,    43,    44,    45,    46,
+           47,    48,    49,    50,    51,    52,    53,    54,
+           55,    56,    57,    58,    59,    60,    61,    62,
+           63,    64,    65,    66,    67,    68,    69,    70,
+           71,    72,    73,    74,    75,    76,    77,    78,
+           79,    80,    81,    82,    83,    84,    85,    86,
+           87,    88,    89,    90,    91,    92,    93,    94,
+           95,    96,    97,    98,    99,   100,   101,   102,
+          104,   106,   108,   110,   112,   114,   116,   118,
+          120,   122,   124,   126,   128,   130,   132,   134,
+          136,   138,   140,   142,   144,   146,   148,   150,
+          152,   155,   158,   161,   164,   167,   170,   173,
+          176,   179,   182,   185,   188,   191,   194,   197,
+          200,   203,   207,   211,   215,   219,   223,   227,
+          231,   235,   239,   243,   247,   251,   255,   260,
+          265,   270,   275,   280,   285,   290,   295,   300,
+          305,   311,   317,   323,   329,   335,   341,   347,
+          353,   359,   366,   373,   380,   387,   394,   401,
+          408,   416,   424,   432,   440,   448,   456,   465,
+          474,   483,   492,   501,   510,   520,   530,   540,
+          550,   560,   571,   582,   593,   604,   615,   627,
+          639,   651,   663,   676,   689,   702,   715,   729,
+          743,   757,   771,   786,   801,   816,   832,   848,
+          864,   881,   898,   915,   933,   951,   969,   988,
+         1007,  1026,  1046,  1066,  1087,  1108,  1129,  1151,
+         1173,  1196,  1219,  1243,  1267,  1292,  1317,  1343,
+         1369,  1396,  1423,  1451,  1479,  1508,  1537,  1567,
+         1597,  1628,  1660,  1692,  1725,  1759,  1793,  1828,
+    }, {
+            4,     9,    11,    13,    16,    18,    21,    24,
+           27,    30,    33,    37,    40,    44,    48,    51,
+           55,    59,    63,    67,    71,    75,    79,    83,
+           88,    92,    96,   100,   105,   109,   114,   118,
+          122,   127,   131,   136,   140,   145,   149,   154,
+          158,   163,   168,   172,   177,   181,   186,   190,
+          195,   199,   204,   208,   213,   217,   222,   226,
+          231,   235,   240,   244,   249,   253,   258,   262,
+          267,   271,   275,   280,   284,   289,   293,   297,
+          302,   306,   311,   315,   319,   324,   328,   332,
+          337,   341,   345,   349,   354,   358,   362,   367,
+          371,   375,   379,   384,   388,   392,   396,   401,
+          409,   417,   425,   433,   441,   449,   458,   466,
+          474,   482,   490,   498,   506,   514,   523,   531,
+          539,   547,   555,   563,   571,   579,   588,   596,
+          604,   616,   628,   640,   652,   664,   676,   688,
+          700,   713,   725,   737,   749,   761,   773,   785,
+          797,   809,   825,   841,   857,   873,   889,   905,
+          922,   938,   954,   970,   986,  1002,  1018,  1038,
+         1058,  1078,  1098,  1118,  1138,  1158,  1178,  1198,
+         1218,  1242,  1266,  1290,  1314,  1338,  1362,  1386,
+         1411,  1435,  1463,  1491,  1519,  1547,  1575,  1603,
+         1631,  1663,  1695,  1727,  1759,  1791,  1823,  1859,
+         1895,  1931,  1967,  2003,  2039,  2079,  2119,  2159,
+         2199,  2239,  2283,  2327,  2371,  2415,  2459,  2507,
+         2555,  2603,  2651,  2703,  2755,  2807,  2859,  2915,
+         2971,  3027,  3083,  3143,  3203,  3263,  3327,  3391,
+         3455,  3523,  3591,  3659,  3731,  3803,  3876,  3952,
+         4028,  4104,  4184,  4264,  4348,  4432,  4516,  4604,
+         4692,  4784,  4876,  4972,  5068,  5168,  5268,  5372,
+         5476,  5584,  5692,  5804,  5916,  6032,  6148,  6268,
+         6388,  6512,  6640,  6768,  6900,  7036,  7172,  7312,
+    }, {
+            4,    13,    19,    27,    35,    44,    54,    64,
+           75,    87,    99,   112,   126,   139,   154,   168,
+          183,   199,   214,   230,   247,   263,   280,   297,
+          314,   331,   349,   366,   384,   402,   420,   438,
+          456,   475,   493,   511,   530,   548,   567,   586,
+          604,   623,   642,   660,   679,   698,   716,   735,
+          753,   772,   791,   809,   828,   846,   865,   884,
+          902,   920,   939,   957,   976,   994,  1012,  1030,
+         1049,  1067,  1085,  1103,  1121,  1139,  1157,  1175,
+         1193,  1211,  1229,  1246,  1264,  1282,  1299,  1317,
+         1335,  1352,  1370,  1387,  1405,  1422,  1440,  1457,
+         1474,  1491,  1509,  1526,  1543,  1560,  1577,  1595,
+         1627,  1660,  1693,  1725,  1758,  1791,  1824,  1856,
+         1889,  1922,  1954,  1987,  2020,  2052,  2085,  2118,
+         2150,  2183,  2216,  2248,  2281,  2313,  2346,  2378,
+         2411,  2459,  2508,  2556,  2605,  2653,  2701,  2750,
+         2798,  2847,  2895,  2943,  2992,  3040,  3088,  3137,
+         3185,  3234,  3298,  3362,  3426,  3491,  3555,  3619,
+         3684,  3748,  3812,  3876,  3941,  4005,  4069,  4149,
+         4230,  4310,  4390,  4470,  4550,  4631,  4711,  4791,
+         4871,  4967,  5064,  5160,  5256,  5352,  5448,  5544,
+         5641,  5737,  5849,  5961,  6073,  6185,  6297,  6410,
+         6522,  6650,  6778,  6906,  7034,  7162,  7290,  7435,
+         7579,  7723,  7867,  8011,  8155,  8315,  8475,  8635,
+         8795,  8956,  9132,  9308,  9484,  9660,  9836, 10028,
+        10220, 10412, 10604, 10812, 11020, 11228, 11437, 11661,
+        11885, 12109, 12333, 12573, 12813, 13053, 13309, 13565,
+        13821, 14093, 14365, 14637, 14925, 15213, 15502, 15806,
+        16110, 16414, 16734, 17054, 17390, 17726, 18062, 18414,
+        18766, 19134, 19502, 19886, 20270, 20670, 21070, 21486,
+        21902, 22334, 22766, 23214, 23662, 24126, 24590, 25070,
+        25551, 26047, 26559, 27071, 27599, 28143, 28687, 29247,
+    }
+};
+
+const enum TxfmType ff_vp9_intra_txfm_type[14] = {
+    [VERT_PRED]            = ADST_DCT,
+    [HOR_PRED]             = DCT_ADST,
+    [DC_PRED]              = DCT_DCT,
+    [DIAG_DOWN_LEFT_PRED]  = DCT_DCT,
+    [DIAG_DOWN_RIGHT_PRED] = ADST_ADST,
+    [VERT_RIGHT_PRED]      = ADST_DCT,
+    [HOR_DOWN_PRED]        = DCT_ADST,
+    [VERT_LEFT_PRED]       = ADST_DCT,
+    [HOR_UP_PRED]          = DCT_ADST,
+    [TM_VP8_PRED]          = ADST_ADST,
+    [NEARESTMV]            = DCT_DCT,
+    [NEARMV]               = DCT_DCT,
+    [ZEROMV]               = DCT_DCT,
+    [NEWMV]                = DCT_DCT,
+};
+
+const int16_t ff_vp9_default_scan_4x4[16] = {
+     0,  1,  4,  5,
+     2,  8,  3,  6,
+    12,  9,  7, 10,
+    13, 11, 14, 15,
+};
+
+const int16_t ff_vp9_col_scan_4x4[16] = {
+     0,  1,  2,  4,
+     3,  5,  6,  8,
+     7,  9, 10, 12,
+    13, 11, 14, 15,
+};
+
+const int16_t ff_vp9_row_scan_4x4[16] = {
+     0,  4,  1,  8,
+     5, 12,  9,  2,
+     6, 13,  3, 10,
+     7, 14, 11, 15,
+};
+
+const int16_t ff_vp9_default_scan_8x8[64] = {
+     0,  1,  8,  2,  9, 16, 10,  3,
+    17, 24, 18, 11,  4, 25, 32, 19,
+    12, 26,  5, 33, 20, 27, 40, 13,
+    34,  6, 41, 28, 21, 35, 42, 48,
+    14,  7, 36, 29, 43, 56, 49, 22,
+    15, 37, 50, 44, 57, 30, 23, 51,
+    45, 58, 38, 31, 52, 59, 39, 46,
+    53, 60, 47, 54, 61, 55, 62, 63,
+};
+
+const int16_t ff_vp9_col_scan_8x8[64] = {
+     0,  1,  2,  8,  3,  9,  4, 10,
+    16,  5, 11, 17, 12, 18,  6, 24,
+    19, 13, 25,  7, 26, 20, 32, 14,
+    27, 21, 33, 28, 34, 15, 22, 35,
+    40, 29, 41, 36, 23, 30, 42, 37,
+    48, 43, 31, 44, 49, 38, 50, 56,
+    45, 39, 51, 57, 52, 46, 58, 53,
+    59, 47, 60, 54, 61, 55, 62, 63,
+};
+
+const int16_t ff_vp9_row_scan_8x8[64] = {
+     0,  8, 16,  1,  9, 24,  2, 17,
+    32, 10, 25,  3, 40, 18, 11, 33,
+    26, 19,  4, 48, 41, 34, 12, 27,
+    56, 20,  5, 42, 35, 13, 49, 28,
+     6, 21, 43, 36, 14, 50, 29, 57,
+     7, 44, 22, 37, 51, 15, 58, 30,
+    23, 45, 52, 38, 59, 31, 46, 53,
+    39, 60, 47, 61, 54, 62, 55, 63,
+};
+
+const int16_t ff_vp9_default_scan_16x16[256] = {
+      0,   1,  16,   2,  17,  32,   3,  18,  33,  48,   4,  34,  19,  49,  20,   5,
+     35,  64,  50,  36,  65,  21,   6,  51,  80,  66,  37,  22,  52,   7,  81,  67,
+     38,  82,  53,  23,  96,  68,   8,  83,  97,  54,  39,  69, 112,  24,  98,  84,
+     70,  55,   9,  40,  85,  99, 113, 128,  25, 114, 100,  71,  86,  56,  10,  41,
+    115, 101, 129, 116,  72,  87,  26, 130, 144, 102,  57,  11,  42, 117, 131, 145,
+     88, 103,  27,  73, 132, 118, 146,  58, 160,  12,  43, 133, 147, 104,  89, 119,
+    161,  74, 148, 134,  28, 162,  59,  13, 176, 120, 149,  90, 135, 105, 163,  44,
+     75, 177, 164,  29, 150, 121, 136, 178, 165,  14, 106,  60,  91, 151,  45, 179,
+    192, 137, 166, 122,  76, 180, 152,  30,  61,  15, 107, 167, 181, 193,  92, 208,
+     46, 138, 123, 153, 194,  77, 168, 182,  31, 195, 209, 183, 108, 139,  62, 154,
+     47, 196,  93, 169, 210, 197, 224, 124, 184, 211,  78, 109, 170, 155,  63, 198,
+    212, 185, 225, 240, 140,  94, 199, 125,  79, 213, 226, 171, 186, 156, 214, 200,
+    110, 227, 141,  95, 241, 215, 228, 201, 126, 242, 187, 172, 157, 229, 111, 216,
+    243, 142, 202, 230, 127, 217, 244, 173, 188, 231, 158, 203, 143, 245, 218, 232,
+    189, 246, 159, 174, 233, 247, 219, 204, 175, 190, 248, 234, 205, 220, 249, 191,
+    235, 221, 250, 206, 222, 251, 236, 207, 237, 223, 252, 238, 253, 239, 254, 255,
+};
+
+const int16_t ff_vp9_col_scan_16x16[256] = {
+      0,   1,   2,   3,  16,   4,  17,   5,  18,   6,  19,  32,  20,   7,  33,  21,
+     34,   8,  35,  22,  48,  36,   9,  49,  23,  50,  37,  10,  38,  51,  24,  64,
+     52,  11,  65,  39,  25,  53,  66,  54,  40,  67,  12,  80,  26,  68,  55,  81,
+     41,  69,  13,  27,  82,  56,  70,  83,  42,  14,  84,  96,  71,  28,  57,  85,
+     97,  15,  72,  98,  43,  86,  58,  99,  29,  87, 100, 112,  73,  44, 101,  59,
+     30, 113,  88, 114,  74, 128, 102,  45,  31, 115,  60, 103,  89, 116,  75, 129,
+    117,  46, 104,  90,  61, 130, 118, 131, 132, 105,  76,  47, 119, 144,  91,  62,
+    133, 106, 145, 120, 146, 134,  77, 147, 121,  92, 135, 148,  63, 107, 136, 122,
+     93, 149, 160,  78, 150, 137, 108, 161, 162, 151, 123,  79, 138, 163, 152,  94,
+    164, 109, 165, 153, 124, 139, 176, 166,  95, 177, 167, 110, 154, 178, 125, 179,
+    140, 168, 155, 111, 180, 192, 181, 169, 141, 126, 182, 193, 194, 156, 183, 170,
+    195, 127, 142, 196, 184, 208, 197, 157, 171, 143, 185, 198, 209, 199, 210, 172,
+    158, 186, 211, 224, 212, 200, 240, 159, 213, 225, 187, 201, 173, 226, 214, 215,
+    227, 202, 228, 188, 241, 216, 174, 229, 242, 203, 243, 217, 230, 175, 189, 244,
+    231, 204, 218, 232, 245, 219, 246, 190, 233, 205, 191, 247, 234, 248, 220, 206,
+    249, 235, 221, 207, 250, 236, 222, 251, 223, 237, 238, 252, 239, 253, 254, 255,
+};
+
+const int16_t ff_vp9_row_scan_16x16[256] = {
+      0,  16,  32,   1,  48,  17,  64,  33,   2,  80,  18,  49,  96,  34,   3,  65,
+     19, 112,  50,  81,  35,   4, 128,  66,  20,  97,  51,  82,   5, 144,  36,  67,
+    113,  98,  21,  52, 160,  83, 129,  37,  68,   6, 114, 176,  99,  53,  22,  84,
+    145,  38,  69, 130,   7, 115, 192, 100,  54,  23,  85, 161, 146, 131,  39,  70,
+    208, 116,   8, 101, 177,  55,  86,  24, 162, 147, 132,  71, 224, 117,  40, 102,
+      9, 148,  56,  87, 193, 163, 240, 133, 178,  25, 118,  72,  41, 103, 164,  10,
+    149,  88, 134, 209, 179,  57, 119, 194,  26,  73, 165, 150, 104,  42, 135,  11,
+    180, 120,  89, 225, 195,  58,  27, 210, 151, 181, 166,  74,  43, 105,  12, 136,
+     90,  59, 241, 121,  28, 196, 167, 211, 152,  44, 182, 137,  75,  13, 226, 106,
+    122,  60, 197,  91, 168,  29, 183, 153,  14,  76, 212, 138,  45, 107,  15, 198,
+     92, 227, 169,  30, 123, 154,  61, 242, 184, 213, 139,  46,  77,  31, 108, 170,
+    199, 185, 124, 228,  93, 155, 214,  62, 140, 243,  78,  47, 200, 109, 186, 171,
+    201,  94,  63, 215, 229, 156,  79, 125, 141, 110, 216, 187, 172, 244, 202, 230,
+    217,  95, 157, 126, 245, 111, 142, 231, 188, 127, 158, 218, 173, 232, 246, 233,
+    203, 143, 247, 174, 189, 159, 219, 204, 248, 234, 249, 175, 190, 220, 205, 250,
+    235, 191, 221, 251, 236, 206, 252, 222, 207, 237, 223, 253, 238, 254, 239, 255,
+};
+
+const int16_t ff_vp9_default_scan_32x32[1024] = {
+       0,    1,   32,    2,   33,   64,    3,   34,   65,    4,   96,   35,   66,    5,   36,   97,   67,  128,   98,   68,   37,    6,  129,   99,    7,  160,   69,   38,  130,  100,  161,  131,
+      39,   70,    8,  101,  162,  132,  192,   71,   40,    9,  102,  163,  133,  193,   72,  224,  103,   41,  164,   10,  194,  134,  165,   73,  104,  135,  225,   42,  195,   11,  256,  166,
+     226,  196,   74,  105,  136,   43,   12,  167,  197,  227,  257,   75,  106,  137,  228,   44,  198,  168,  258,  288,   13,  229,   76,  107,  199,  138,  259,  169,  289,   45,  230,  260,
+     200,  108,   14,  170,  139,  320,  290,   77,  231,  261,   46,  201,  140,  291,  109,  232,  321,  262,  171,   78,  292,   15,  322,  202,  263,  352,  172,  293,  233,  141,  323,  110,
+      47,  203,  264,  234,  294,  353,  324,   16,   79,  204,  265,  295,  325,  173,  354,  142,  235,  384,   48,  296,  111,  266,  355,  326,   80,   17,  205,  236,  174,  356,  385,  327,
+     143,  297,  267,  357,  386,  112,   49,  328,  298,  206,  416,  237,  358,  387,   81,  175,   18,  329,  359,  388,  299,  330,  389,  113,  417,  238,  360,   50,  207,  418,  390,  331,
+      19,  448,  361,   82,  419,  391,  239,   51,  362,  420,  114,  449,  480,  421,   83,  363,  450,  422,  512,  451,  423,  115,  452,  481,  453,  482,  454,  544,  483,  455,  513,  484,
+     514,  485,  515,  486,  545,  576,  487,  546,  547,  608,  577,  578,  579,  609,  610,  611,   20,  144,  268,  392,  516,  640,   21,   52,  145,  176,  269,  300,  393,  424,  517,  548,
+     641,  672,   22,   53,   84,  146,  177,  208,  270,  301,  332,  394,  425,  456,  518,  549,  580,  642,  673,  704,   23,   54,   85,  116,  147,  178,  209,  240,  271,  302,  333,  364,
+     395,  426,  457,  488,  519,  550,  581,  612,  643,  674,  705,  736,   55,   86,  117,  179,  210,  241,  303,  334,  365,  427,  458,  489,  551,  582,  613,  675,  706,  737,   87,  118,
+     211,  242,  335,  366,  459,  490,  583,  614,  707,  738,  119,  243,  367,  491,  615,  739,   24,  148,  272,  396,  520,  644,  768,   25,   56,  149,  180,  273,  304,  397,  428,  521,
+     552,  645,  676,  769,  800,   26,   57,   88,  150,  181,  212,  274,  305,  336,  398,  429,  460,  522,  553,  584,  646,  677,  708,  770,  801,  832,   27,   58,   89,  120,  151,  182,
+     213,  244,  275,  306,  337,  368,  399,  430,  461,  492,  523,  554,  585,  616,  647,  678,  709,  740,  771,  802,  833,  864,   59,   90,  121,  183,  214,  245,  307,  338,  369,  431,
+     462,  493,  555,  586,  617,  679,  710,  741,  803,  834,  865,   91,  122,  215,  246,  339,  370,  463,  494,  587,  618,  711,  742,  835,  866,  123,  247,  371,  495,  619,  743,  867,
+      28,  152,  276,  400,  524,  648,  772,  896,   29,   60,  153,  184,  277,  308,  401,  432,  525,  556,  649,  680,  773,  804,  897,  928,   30,   61,   92,  154,  185,  216,  278,  309,
+     340,  402,  433,  464,  526,  557,  588,  650,  681,  712,  774,  805,  836,  898,  929,  960,   31,   62,   93,  124,  155,  186,  217,  248,  279,  310,  341,  372,  403,  434,  465,  496,
+     527,  558,  589,  620,  651,  682,  713,  744,  775,  806,  837,  868,  899,  930,  961,  992,   63,   94,  125,  187,  218,  249,  311,  342,  373,  435,  466,  497,  559,  590,  621,  683,
+     714,  745,  807,  838,  869,  931,  962,  993,   95,  126,  219,  250,  343,  374,  467,  498,  591,  622,  715,  746,  839,  870,  963,  994,  127,  251,  375,  499,  623,  747,  871,  995,
+     156,  280,  404,  528,  652,  776,  900,  157,  188,  281,  312,  405,  436,  529,  560,  653,  684,  777,  808,  901,  932,  158,  189,  220,  282,  313,  344,  406,  437,  468,  530,  561,
+     592,  654,  685,  716,  778,  809,  840,  902,  933,  964,  159,  190,  221,  252,  283,  314,  345,  376,  407,  438,  469,  500,  531,  562,  593,  624,  655,  686,  717,  748,  779,  810,
+     841,  872,  903,  934,  965,  996,  191,  222,  253,  315,  346,  377,  439,  470,  501,  563,  594,  625,  687,  718,  749,  811,  842,  873,  935,  966,  997,  223,  254,  347,  378,  471,
+     502,  595,  626,  719,  750,  843,  874,  967,  998,  255,  379,  503,  627,  751,  875,  999,  284,  408,  532,  656,  780,  904,  285,  316,  409,  440,  533,  564,  657,  688,  781,  812,
+     905,  936,  286,  317,  348,  410,  441,  472,  534,  565,  596,  658,  689,  720,  782,  813,  844,  906,  937,  968,  287,  318,  349,  380,  411,  442,  473,  504,  535,  566,  597,  628,
+     659,  690,  721,  752,  783,  814,  845,  876,  907,  938,  969, 1000,  319,  350,  381,  443,  474,  505,  567,  598,  629,  691,  722,  753,  815,  846,  877,  939,  970, 1001,  351,  382,
+     475,  506,  599,  630,  723,  754,  847,  878,  971, 1002,  383,  507,  631,  755,  879, 1003,  412,  536,  660,  784,  908,  413,  444,  537,  568,  661,  692,  785,  816,  909,  940,  414,
+     445,  476,  538,  569,  600,  662,  693,  724,  786,  817,  848,  910,  941,  972,  415,  446,  477,  508,  539,  570,  601,  632,  663,  694,  725,  756,  787,  818,  849,  880,  911,  942,
+     973, 1004,  447,  478,  509,  571,  602,  633,  695,  726,  757,  819,  850,  881,  943,  974, 1005,  479,  510,  603,  634,  727,  758,  851,  882,  975, 1006,  511,  635,  759,  883, 1007,
+     540,  664,  788,  912,  541,  572,  665,  696,  789,  820,  913,  944,  542,  573,  604,  666,  697,  728,  790,  821,  852,  914,  945,  976,  543,  574,  605,  636,  667,  698,  729,  760,
+     791,  822,  853,  884,  915,  946,  977, 1008,  575,  606,  637,  699,  730,  761,  823,  854,  885,  947,  978, 1009,  607,  638,  731,  762,  855,  886,  979, 1010,  639,  763,  887, 1011,
+     668,  792,  916,  669,  700,  793,  824,  917,  948,  670,  701,  732,  794,  825,  856,  918,  949,  980,  671,  702,  733,  764,  795,  826,  857,  888,  919,  950,  981, 1012,  703,  734,
+     765,  827,  858,  889,  951,  982, 1013,  735,  766,  859,  890,  983, 1014,  767,  891, 1015,  796,  920,  797,  828,  921,  952,  798,  829,  860,  922,  953,  984,  799,  830,  861,  892,
+     923,  954,  985, 1016,  831,  862,  893,  955,  986, 1017,  863,  894,  987, 1018,  895, 1019,  924,  925,  956,  926,  957,  988,  927,  958,  989, 1020,  959,  990, 1021,  991, 1022, 1023,
+};
+
+const int16_t * const ff_vp9_scans[5][4] = {
+    {
+        ff_vp9_default_scan_4x4, ff_vp9_col_scan_4x4,
+        ff_vp9_row_scan_4x4, ff_vp9_default_scan_4x4
+    }, {
+        ff_vp9_default_scan_8x8, ff_vp9_col_scan_8x8,
+        ff_vp9_row_scan_8x8, ff_vp9_default_scan_8x8
+    }, {
+        ff_vp9_default_scan_16x16, ff_vp9_col_scan_16x16,
+        ff_vp9_row_scan_16x16, ff_vp9_default_scan_16x16
+    }, {
+        ff_vp9_default_scan_32x32, ff_vp9_default_scan_32x32,
+        ff_vp9_default_scan_32x32, ff_vp9_default_scan_32x32
+    }, { // lossless
+        ff_vp9_default_scan_4x4, ff_vp9_default_scan_4x4,
+        ff_vp9_default_scan_4x4, ff_vp9_default_scan_4x4
+    }
+};
+
+const int16_t ff_vp9_default_scan_4x4_nb[16][2] = {
+    {  0,  0 }, {  0,  0 }, {  4,  1 }, {  1,  1 },
+    {  4,  4 }, {  2,  2 }, {  5,  2 }, {  8,  8 },
+    {  8,  5 }, {  6,  3 }, {  9,  6 }, { 12,  9 },
+    { 10,  7 }, { 13, 10 }, { 14, 11 }, {  0,  0 },
+};
+
+const int16_t ff_vp9_col_scan_4x4_nb[16][2] = {
+    {  0,  0 }, {  1,  1 }, {  0,  0 }, {  2,  2 },
+    {  4,  4 }, {  5,  5 }, {  4,  4 }, {  6,  6 },
+    {  8,  8 }, {  9,  9 }, {  8,  8 }, { 12, 12 },
+    { 10, 10 }, { 13, 13 }, { 14, 14 }, {  0,  0 },
+};
+
+const int16_t ff_vp9_row_scan_4x4_nb[16][2] = {
+    {  0,  0 }, {  0,  0 }, {  4,  4 }, {  1,  1 },
+    {  8,  8 }, {  5,  5 }, {  1,  1 }, {  2,  2 },
+    {  9,  9 }, {  2,  2 }, {  6,  6 }, {  3,  3 },
+    { 10, 10 }, {  7,  7 }, { 11, 11 }, {  0,  0 },
+};
+
+const int16_t ff_vp9_default_scan_8x8_nb[64][2] = {
+    {  0,  0 }, {  0,  0 }, {  1,  1 }, {  8,  1 },
+    {  8,  8 }, {  9,  2 }, {  2,  2 }, { 16,  9 },
+    { 16, 16 }, { 17, 10 }, { 10,  3 }, {  3,  3 },
+    { 24, 17 }, { 24, 24 }, { 18, 11 }, { 11,  4 },
+    { 25, 18 }, {  4,  4 }, { 32, 25 }, { 19, 12 },
+    { 26, 19 }, { 32, 32 }, { 12,  5 }, { 33, 26 },
+    {  5,  5 }, { 40, 33 }, { 27, 20 }, { 20, 13 },
+    { 34, 27 }, { 41, 34 }, { 40, 40 }, { 13,  6 },
+    {  6,  6 }, { 35, 28 }, { 28, 21 }, { 42, 35 },
+    { 48, 48 }, { 48, 41 }, { 21, 14 }, { 14,  7 },
+    { 36, 29 }, { 49, 42 }, { 43, 36 }, { 56, 49 },
+    { 29, 22 }, { 22, 15 }, { 50, 43 }, { 44, 37 },
+    { 57, 50 }, { 37, 30 }, { 30, 23 }, { 51, 44 },
+    { 58, 51 }, { 38, 31 }, { 45, 38 }, { 52, 45 },
+    { 59, 52 }, { 46, 39 }, { 53, 46 }, { 60, 53 },
+    { 54, 47 }, { 61, 54 }, { 62, 55 }, {  0,  0 },
+};
+
+const int16_t ff_vp9_col_scan_8x8_nb[64][2] = {
+    {  0,  0 }, {  1,  1 }, {  0,  0 }, {  2,  2 },
+    {  8,  8 }, {  3,  3 }, {  9,  9 }, {  8,  8 },
+    {  4,  4 }, { 10, 10 }, { 16, 16 }, { 11, 11 },
+    { 17, 17 }, {  5,  5 }, { 16, 16 }, { 18, 18 },
+    { 12, 12 }, { 24, 24 }, {  6,  6 }, { 25, 25 },
+    { 19, 19 }, { 24, 24 }, { 13, 13 }, { 26, 26 },
+    { 20, 20 }, { 32, 32 }, { 27, 27 }, { 33, 33 },
+    { 14, 14 }, { 21, 21 }, { 34, 34 }, { 32, 32 },
+    { 28, 28 }, { 40, 40 }, { 35, 35 }, { 22, 22 },
+    { 29, 29 }, { 41, 41 }, { 36, 36 }, { 40, 40 },
+    { 42, 42 }, { 30, 30 }, { 43, 43 }, { 48, 48 },
+    { 37, 37 }, { 49, 49 }, { 48, 48 }, { 44, 44 },
+    { 38, 38 }, { 50, 50 }, { 56, 56 }, { 51, 51 },
+    { 45, 45 }, { 57, 57 }, { 52, 52 }, { 58, 58 },
+    { 46, 46 }, { 59, 59 }, { 53, 53 }, { 60, 60 },
+    { 54, 54 }, { 61, 61 }, { 62, 62 }, {  0,  0 },
+};
+
+const int16_t ff_vp9_row_scan_8x8_nb[64][2] = {
+    {  0,  0 }, {  8,  8 }, {  0,  0 }, {  1,  1 },
+    { 16, 16 }, {  1,  1 }, {  9,  9 }, { 24, 24 },
+    {  2,  2 }, { 17, 17 }, {  2,  2 }, { 32, 32 },
+    { 10, 10 }, {  3,  3 }, { 25, 25 }, { 18, 18 },
+    { 11, 11 }, {  3,  3 }, { 40, 40 }, { 33, 33 },
+    { 26, 26 }, {  4,  4 }, { 19, 19 }, { 48, 48 },
+    { 12, 12 }, {  4,  4 }, { 34, 34 }, { 27, 27 },
+    {  5,  5 }, { 41, 41 }, { 20, 20 }, {  5,  5 },
+    { 13, 13 }, { 35, 35 }, { 28, 28 }, {  6,  6 },
+    { 42, 42 }, { 21, 21 }, { 49, 49 }, {  6,  6 },
+    { 36, 36 }, { 14, 14 }, { 29, 29 }, { 43, 43 },
+    {  7,  7 }, { 50, 50 }, { 22, 22 }, { 15, 15 },
+    { 37, 37 }, { 44, 44 }, { 30, 30 }, { 51, 51 },
+    { 23, 23 }, { 38, 38 }, { 45, 45 }, { 31, 31 },
+    { 52, 52 }, { 39, 39 }, { 53, 53 }, { 46, 46 },
+    { 54, 54 }, { 47, 47 }, { 55, 55 }, {  0,  0 },
+};
+
+const int16_t ff_vp9_default_scan_16x16_nb[256][2] = {
+    {   0,   0 }, {   0,   0 }, {   1,   1 }, {  16,   1 },
+    {  16,  16 }, {   2,   2 }, {  17,   2 }, {  32,  17 },
+    {  32,  32 }, {   3,   3 }, {  33,  18 }, {  18,   3 },
+    {  48,  33 }, {  19,   4 }, {   4,   4 }, {  34,  19 },
+    {  48,  48 }, {  49,  34 }, {  35,  20 }, {  64,  49 },
+    {  20,   5 }, {   5,   5 }, {  50,  35 }, {  64,  64 },
+    {  65,  50 }, {  36,  21 }, {  21,   6 }, {  51,  36 },
+    {   6,   6 }, {  80,  65 }, {  66,  51 }, {  37,  22 },
+    {  81,  66 }, {  52,  37 }, {  22,   7 }, {  80,  80 },
+    {  67,  52 }, {   7,   7 }, {  82,  67 }, {  96,  81 },
+    {  53,  38 }, {  38,  23 }, {  68,  53 }, {  96,  96 },
+    {  23,   8 }, {  97,  82 }, {  83,  68 }, {  69,  54 },
+    {  54,  39 }, {   8,   8 }, {  39,  24 }, {  84,  69 },
+    {  98,  83 }, { 112,  97 }, { 112, 112 }, {  24,   9 },
+    { 113,  98 }, {  99,  84 }, {  70,  55 }, {  85,  70 },
+    {  55,  40 }, {   9,   9 }, {  40,  25 }, { 114,  99 },
+    { 100,  85 }, { 128, 113 }, { 115, 100 }, {  71,  56 },
+    {  86,  71 }, {  25,  10 }, { 129, 114 }, { 128, 128 },
+    { 101,  86 }, {  56,  41 }, {  10,  10 }, {  41,  26 },
+    { 116, 101 }, { 130, 115 }, { 144, 129 }, {  87,  72 },
+    { 102,  87 }, {  26,  11 }, {  72,  57 }, { 131, 116 },
+    { 117, 102 }, { 145, 130 }, {  57,  42 }, { 144, 144 },
+    {  11,  11 }, {  42,  27 }, { 132, 117 }, { 146, 131 },
+    { 103,  88 }, {  88,  73 }, { 118, 103 }, { 160, 145 },
+    {  73,  58 }, { 147, 132 }, { 133, 118 }, {  27,  12 },
+    { 161, 146 }, {  58,  43 }, {  12,  12 }, { 160, 160 },
+    { 119, 104 }, { 148, 133 }, {  89,  74 }, { 134, 119 },
+    { 104,  89 }, { 162, 147 }, {  43,  28 }, {  74,  59 },
+    { 176, 161 }, { 163, 148 }, {  28,  13 }, { 149, 134 },
+    { 120, 105 }, { 135, 120 }, { 177, 162 }, { 164, 149 },
+    {  13,  13 }, { 105,  90 }, {  59,  44 }, {  90,  75 },
+    { 150, 135 }, {  44,  29 }, { 178, 163 }, { 176, 176 },
+    { 136, 121 }, { 165, 150 }, { 121, 106 }, {  75,  60 },
+    { 179, 164 }, { 151, 136 }, {  29,  14 }, {  60,  45 },
+    {  14,  14 }, { 106,  91 }, { 166, 151 }, { 180, 165 },
+    { 192, 177 }, {  91,  76 }, { 192, 192 }, {  45,  30 },
+    { 137, 122 }, { 122, 107 }, { 152, 137 }, { 193, 178 },
+    {  76,  61 }, { 167, 152 }, { 181, 166 }, {  30,  15 },
+    { 194, 179 }, { 208, 193 }, { 182, 167 }, { 107,  92 },
+    { 138, 123 }, {  61,  46 }, { 153, 138 }, {  46,  31 },
+    { 195, 180 }, {  92,  77 }, { 168, 153 }, { 209, 194 },
+    { 196, 181 }, { 208, 208 }, { 123, 108 }, { 183, 168 },
+    { 210, 195 }, {  77,  62 }, { 108,  93 }, { 169, 154 },
+    { 154, 139 }, {  62,  47 }, { 197, 182 }, { 211, 196 },
+    { 184, 169 }, { 224, 209 }, { 224, 224 }, { 139, 124 },
+    {  93,  78 }, { 198, 183 }, { 124, 109 }, {  78,  63 },
+    { 212, 197 }, { 225, 210 }, { 170, 155 }, { 185, 170 },
+    { 155, 140 }, { 213, 198 }, { 199, 184 }, { 109,  94 },
+    { 226, 211 }, { 140, 125 }, {  94,  79 }, { 240, 225 },
+    { 214, 199 }, { 227, 212 }, { 200, 185 }, { 125, 110 },
+    { 241, 226 }, { 186, 171 }, { 171, 156 }, { 156, 141 },
+    { 228, 213 }, { 110,  95 }, { 215, 200 }, { 242, 227 },
+    { 141, 126 }, { 201, 186 }, { 229, 214 }, { 126, 111 },
+    { 216, 201 }, { 243, 228 }, { 172, 157 }, { 187, 172 },
+    { 230, 215 }, { 157, 142 }, { 202, 187 }, { 142, 127 },
+    { 244, 229 }, { 217, 202 }, { 231, 216 }, { 188, 173 },
+    { 245, 230 }, { 158, 143 }, { 173, 158 }, { 232, 217 },
+    { 246, 231 }, { 218, 203 }, { 203, 188 }, { 174, 159 },
+    { 189, 174 }, { 247, 232 }, { 233, 218 }, { 204, 189 },
+    { 219, 204 }, { 248, 233 }, { 190, 175 }, { 234, 219 },
+    { 220, 205 }, { 249, 234 }, { 205, 190 }, { 221, 206 },
+    { 250, 235 }, { 235, 220 }, { 206, 191 }, { 236, 221 },
+    { 222, 207 }, { 251, 236 }, { 237, 222 }, { 252, 237 },
+    { 238, 223 }, { 253, 238 }, { 254, 239 }, {   0,   0 },
+};
+
+const int16_t ff_vp9_col_scan_16x16_nb[256][2] = {
+    {   0,   0 }, {   1,   1 }, {   2,   2 }, {   0,   0 },
+    {   3,   3 }, {  16,  16 }, {   4,   4 }, {  17,  17 },
+    {   5,   5 }, {  18,  18 }, {  16,  16 }, {  19,  19 },
+    {   6,   6 }, {  32,  32 }, {  20,  20 }, {  33,  33 },
+    {   7,   7 }, {  34,  34 }, {  21,  21 }, {  32,  32 },
+    {  35,  35 }, {   8,   8 }, {  48,  48 }, {  22,  22 },
+    {  49,  49 }, {  36,  36 }, {   9,   9 }, {  37,  37 },
+    {  50,  50 }, {  23,  23 }, {  48,  48 }, {  51,  51 },
+    {  10,  10 }, {  64,  64 }, {  38,  38 }, {  24,  24 },
+    {  52,  52 }, {  65,  65 }, {  53,  53 }, {  39,  39 },
+    {  66,  66 }, {  11,  11 }, {  64,  64 }, {  25,  25 },
+    {  67,  67 }, {  54,  54 }, {  80,  80 }, {  40,  40 },
+    {  68,  68 }, {  12,  12 }, {  26,  26 }, {  81,  81 },
+    {  55,  55 }, {  69,  69 }, {  82,  82 }, {  41,  41 },
+    {  13,  13 }, {  83,  83 }, {  80,  80 }, {  70,  70 },
+    {  27,  27 }, {  56,  56 }, {  84,  84 }, {  96,  96 },
+    {  14,  14 }, {  71,  71 }, {  97,  97 }, {  42,  42 },
+    {  85,  85 }, {  57,  57 }, {  98,  98 }, {  28,  28 },
+    {  86,  86 }, {  99,  99 }, {  96,  96 }, {  72,  72 },
+    {  43,  43 }, { 100, 100 }, {  58,  58 }, {  29,  29 },
+    { 112, 112 }, {  87,  87 }, { 113, 113 }, {  73,  73 },
+    { 112, 112 }, { 101, 101 }, {  44,  44 }, {  30,  30 },
+    { 114, 114 }, {  59,  59 }, { 102, 102 }, {  88,  88 },
+    { 115, 115 }, {  74,  74 }, { 128, 128 }, { 116, 116 },
+    {  45,  45 }, { 103, 103 }, {  89,  89 }, {  60,  60 },
+    { 129, 129 }, { 117, 117 }, { 130, 130 }, { 131, 131 },
+    { 104, 104 }, {  75,  75 }, {  46,  46 }, { 118, 118 },
+    { 128, 128 }, {  90,  90 }, {  61,  61 }, { 132, 132 },
+    { 105, 105 }, { 144, 144 }, { 119, 119 }, { 145, 145 },
+    { 133, 133 }, {  76,  76 }, { 146, 146 }, { 120, 120 },
+    {  91,  91 }, { 134, 134 }, { 147, 147 }, {  62,  62 },
+    { 106, 106 }, { 135, 135 }, { 121, 121 }, {  92,  92 },
+    { 148, 148 }, { 144, 144 }, {  77,  77 }, { 149, 149 },
+    { 136, 136 }, { 107, 107 }, { 160, 160 }, { 161, 161 },
+    { 150, 150 }, { 122, 122 }, {  78,  78 }, { 137, 137 },
+    { 162, 162 }, { 151, 151 }, {  93,  93 }, { 163, 163 },
+    { 108, 108 }, { 164, 164 }, { 152, 152 }, { 123, 123 },
+    { 138, 138 }, { 160, 160 }, { 165, 165 }, {  94,  94 },
+    { 176, 176 }, { 166, 166 }, { 109, 109 }, { 153, 153 },
+    { 177, 177 }, { 124, 124 }, { 178, 178 }, { 139, 139 },
+    { 167, 167 }, { 154, 154 }, { 110, 110 }, { 179, 179 },
+    { 176, 176 }, { 180, 180 }, { 168, 168 }, { 140, 140 },
+    { 125, 125 }, { 181, 181 }, { 192, 192 }, { 193, 193 },
+    { 155, 155 }, { 182, 182 }, { 169, 169 }, { 194, 194 },
+    { 126, 126 }, { 141, 141 }, { 195, 195 }, { 183, 183 },
+    { 192, 192 }, { 196, 196 }, { 156, 156 }, { 170, 170 },
+    { 142, 142 }, { 184, 184 }, { 197, 197 }, { 208, 208 },
+    { 198, 198 }, { 209, 209 }, { 171, 171 }, { 157, 157 },
+    { 185, 185 }, { 210, 210 }, { 208, 208 }, { 211, 211 },
+    { 199, 199 }, { 224, 224 }, { 158, 158 }, { 212, 212 },
+    { 224, 224 }, { 186, 186 }, { 200, 200 }, { 172, 172 },
+    { 225, 225 }, { 213, 213 }, { 214, 214 }, { 226, 226 },
+    { 201, 201 }, { 227, 227 }, { 187, 187 }, { 240, 240 },
+    { 215, 215 }, { 173, 173 }, { 228, 228 }, { 241, 241 },
+    { 202, 202 }, { 242, 242 }, { 216, 216 }, { 229, 229 },
+    { 174, 174 }, { 188, 188 }, { 243, 243 }, { 230, 230 },
+    { 203, 203 }, { 217, 217 }, { 231, 231 }, { 244, 244 },
+    { 218, 218 }, { 245, 245 }, { 189, 189 }, { 232, 232 },
+    { 204, 204 }, { 190, 190 }, { 246, 246 }, { 233, 233 },
+    { 247, 247 }, { 219, 219 }, { 205, 205 }, { 248, 248 },
+    { 234, 234 }, { 220, 220 }, { 206, 206 }, { 249, 249 },
+    { 235, 235 }, { 221, 221 }, { 250, 250 }, { 222, 222 },
+    { 236, 236 }, { 237, 237 }, { 251, 251 }, { 238, 238 },
+    { 252, 252 }, { 253, 253 }, { 254, 254 }, {   0,   0 },
+};
+
+const int16_t ff_vp9_row_scan_16x16_nb[256][2] = {
+    {   0,   0 }, {  16,  16 }, {   0,   0 }, {  32,  32 },
+    {   1,   1 }, {  48,  48 }, {  17,  17 }, {   1,   1 },
+    {  64,  64 }, {   2,   2 }, {  33,  33 }, {  80,  80 },
+    {  18,  18 }, {   2,   2 }, {  49,  49 }, {   3,   3 },
+    {  96,  96 }, {  34,  34 }, {  65,  65 }, {  19,  19 },
+    {   3,   3 }, { 112, 112 }, {  50,  50 }, {   4,   4 },
+    {  81,  81 }, {  35,  35 }, {  66,  66 }, {   4,   4 },
+    { 128, 128 }, {  20,  20 }, {  51,  51 }, {  97,  97 },
+    {  82,  82 }, {   5,   5 }, {  36,  36 }, { 144, 144 },
+    {  67,  67 }, { 113, 113 }, {  21,  21 }, {  52,  52 },
+    {   5,   5 }, {  98,  98 }, { 160, 160 }, {  83,  83 },
+    {  37,  37 }, {   6,   6 }, {  68,  68 }, { 129, 129 },
+    {  22,  22 }, {  53,  53 }, { 114, 114 }, {   6,   6 },
+    {  99,  99 }, { 176, 176 }, {  84,  84 }, {  38,  38 },
+    {   7,   7 }, {  69,  69 }, { 145, 145 }, { 130, 130 },
+    { 115, 115 }, {  23,  23 }, {  54,  54 }, { 192, 192 },
+    { 100, 100 }, {   7,   7 }, {  85,  85 }, { 161, 161 },
+    {  39,  39 }, {  70,  70 }, {   8,   8 }, { 146, 146 },
+    { 131, 131 }, { 116, 116 }, {  55,  55 }, { 208, 208 },
+    { 101, 101 }, {  24,  24 }, {  86,  86 }, {   8,   8 },
+    { 132, 132 }, {  40,  40 }, {  71,  71 }, { 177, 177 },
+    { 147, 147 }, { 224, 224 }, { 117, 117 }, { 162, 162 },
+    {   9,   9 }, { 102, 102 }, {  56,  56 }, {  25,  25 },
+    {  87,  87 }, { 148, 148 }, {   9,   9 }, { 133, 133 },
+    {  72,  72 }, { 118, 118 }, { 193, 193 }, { 163, 163 },
+    {  41,  41 }, { 103, 103 }, { 178, 178 }, {  10,  10 },
+    {  57,  57 }, { 149, 149 }, { 134, 134 }, {  88,  88 },
+    {  26,  26 }, { 119, 119 }, {  10,  10 }, { 164, 164 },
+    { 104, 104 }, {  73,  73 }, { 209, 209 }, { 179, 179 },
+    {  42,  42 }, {  11,  11 }, { 194, 194 }, { 135, 135 },
+    { 165, 165 }, { 150, 150 }, {  58,  58 }, {  27,  27 },
+    {  89,  89 }, {  11,  11 }, { 120, 120 }, {  74,  74 },
+    {  43,  43 }, { 225, 225 }, { 105, 105 }, {  12,  12 },
+    { 180, 180 }, { 151, 151 }, { 195, 195 }, { 136, 136 },
+    {  28,  28 }, { 166, 166 }, { 121, 121 }, {  59,  59 },
+    {  12,  12 }, { 210, 210 }, {  90,  90 }, { 106, 106 },
+    {  44,  44 }, { 181, 181 }, {  75,  75 }, { 152, 152 },
+    {  13,  13 }, { 167, 167 }, { 137, 137 }, {  13,  13 },
+    {  60,  60 }, { 196, 196 }, { 122, 122 }, {  29,  29 },
+    {  91,  91 }, {  14,  14 }, { 182, 182 }, {  76,  76 },
+    { 211, 211 }, { 153, 153 }, {  14,  14 }, { 107, 107 },
+    { 138, 138 }, {  45,  45 }, { 226, 226 }, { 168, 168 },
+    { 197, 197 }, { 123, 123 }, {  30,  30 }, {  61,  61 },
+    {  15,  15 }, {  92,  92 }, { 154, 154 }, { 183, 183 },
+    { 169, 169 }, { 108, 108 }, { 212, 212 }, {  77,  77 },
+    { 139, 139 }, { 198, 198 }, {  46,  46 }, { 124, 124 },
+    { 227, 227 }, {  62,  62 }, {  31,  31 }, { 184, 184 },
+    {  93,  93 }, { 170, 170 }, { 155, 155 }, { 185, 185 },
+    {  78,  78 }, {  47,  47 }, { 199, 199 }, { 213, 213 },
+    { 140, 140 }, {  63,  63 }, { 109, 109 }, { 125, 125 },
+    {  94,  94 }, { 200, 200 }, { 171, 171 }, { 156, 156 },
+    { 228, 228 }, { 186, 186 }, { 214, 214 }, { 201, 201 },
+    {  79,  79 }, { 141, 141 }, { 110, 110 }, { 229, 229 },
+    {  95,  95 }, { 126, 126 }, { 215, 215 }, { 172, 172 },
+    { 111, 111 }, { 142, 142 }, { 202, 202 }, { 157, 157 },
+    { 216, 216 }, { 230, 230 }, { 217, 217 }, { 187, 187 },
+    { 127, 127 }, { 231, 231 }, { 158, 158 }, { 173, 173 },
+    { 143, 143 }, { 203, 203 }, { 188, 188 }, { 232, 232 },
+    { 218, 218 }, { 233, 233 }, { 159, 159 }, { 174, 174 },
+    { 204, 204 }, { 189, 189 }, { 234, 234 }, { 219, 219 },
+    { 175, 175 }, { 205, 205 }, { 235, 235 }, { 220, 220 },
+    { 190, 190 }, { 236, 236 }, { 206, 206 }, { 191, 191 },
+    { 221, 221 }, { 207, 207 }, { 237, 237 }, { 222, 222 },
+    { 238, 238 }, { 223, 223 }, { 239, 239 }, {   0,   0 },
+};
+
+const int16_t ff_vp9_default_scan_32x32_nb[1024][2] = {
+    {    0,    0 }, {    0,    0 }, {    1,    1 }, {   32,    1 },
+    {   32,   32 }, {    2,    2 }, {   33,    2 }, {   64,   33 },
+    {    3,    3 }, {   64,   64 }, {   34,    3 }, {   65,   34 },
+    {    4,    4 }, {   35,    4 }, {   96,   65 }, {   66,   35 },
+    {   96,   96 }, {   97,   66 }, {   67,   36 }, {   36,    5 },
+    {    5,    5 }, {  128,   97 }, {   98,   67 }, {    6,    6 },
+    {  128,  128 }, {   68,   37 }, {   37,    6 }, {  129,   98 },
+    {   99,   68 }, {  160,  129 }, {  130,   99 }, {   38,    7 },
+    {   69,   38 }, {    7,    7 }, {  100,   69 }, {  161,  130 },
+    {  131,  100 }, {  160,  160 }, {   70,   39 }, {   39,    8 },
+    {    8,    8 }, {  101,   70 }, {  162,  131 }, {  132,  101 },
+    {  192,  161 }, {   71,   40 }, {  192,  192 }, {  102,   71 },
+    {   40,    9 }, {  163,  132 }, {    9,    9 }, {  193,  162 },
+    {  133,  102 }, {  164,  133 }, {   72,   41 }, {  103,   72 },
+    {  134,  103 }, {  224,  193 }, {   41,   10 }, {  194,  163 },
+    {   10,   10 }, {  224,  224 }, {  165,  134 }, {  225,  194 },
+    {  195,  164 }, {   73,   42 }, {  104,   73 }, {  135,  104 },
+    {   42,   11 }, {   11,   11 }, {  166,  135 }, {  196,  165 },
+    {  226,  195 }, {  256,  225 }, {   74,   43 }, {  105,   74 },
+    {  136,  105 }, {  227,  196 }, {   43,   12 }, {  197,  166 },
+    {  167,  136 }, {  257,  226 }, {  256,  256 }, {   12,   12 },
+    {  228,  197 }, {   75,   44 }, {  106,   75 }, {  198,  167 },
+    {  137,  106 }, {  258,  227 }, {  168,  137 }, {  288,  257 },
+    {   44,   13 }, {  229,  198 }, {  259,  228 }, {  199,  168 },
+    {  107,   76 }, {   13,   13 }, {  169,  138 }, {  138,  107 },
+    {  288,  288 }, {  289,  258 }, {   76,   45 }, {  230,  199 },
+    {  260,  229 }, {   45,   14 }, {  200,  169 }, {  139,  108 },
+    {  290,  259 }, {  108,   77 }, {  231,  200 }, {  320,  289 },
+    {  261,  230 }, {  170,  139 }, {   77,   46 }, {  291,  260 },
+    {   14,   14 }, {  321,  290 }, {  201,  170 }, {  262,  231 },
+    {  320,  320 }, {  171,  140 }, {  292,  261 }, {  232,  201 },
+    {  140,  109 }, {  322,  291 }, {  109,   78 }, {   46,   15 },
+    {  202,  171 }, {  263,  232 }, {  233,  202 }, {  293,  262 },
+    {  352,  321 }, {  323,  292 }, {   15,   15 }, {   78,   47 },
+    {  203,  172 }, {  264,  233 }, {  294,  263 }, {  324,  293 },
+    {  172,  141 }, {  353,  322 }, {  141,  110 }, {  234,  203 },
+    {  352,  352 }, {   47,   16 }, {  295,  264 }, {  110,   79 },
+    {  265,  234 }, {  354,  323 }, {  325,  294 }, {   79,   48 },
+    {   16,   16 }, {  204,  173 }, {  235,  204 }, {  173,  142 },
+    {  355,  324 }, {  384,  353 }, {  326,  295 }, {  142,  111 },
+    {  296,  265 }, {  266,  235 }, {  356,  325 }, {  385,  354 },
+    {  111,   80 }, {   48,   17 }, {  327,  296 }, {  297,  266 },
+    {  205,  174 }, {  384,  384 }, {  236,  205 }, {  357,  326 },
+    {  386,  355 }, {   80,   49 }, {  174,  143 }, {   17,   17 },
+    {  328,  297 }, {  358,  327 }, {  387,  356 }, {  298,  267 },
+    {  329,  298 }, {  388,  357 }, {  112,   81 }, {  416,  385 },
+    {  237,  206 }, {  359,  328 }, {   49,   18 }, {  206,  175 },
+    {  417,  386 }, {  389,  358 }, {  330,  299 }, {   18,   18 },
+    {  416,  416 }, {  360,  329 }, {   81,   50 }, {  418,  387 },
+    {  390,  359 }, {  238,  207 }, {   50,   19 }, {  361,  330 },
+    {  419,  388 }, {  113,   82 }, {  448,  417 }, {  448,  448 },
+    {  420,  389 }, {   82,   51 }, {  362,  331 }, {  449,  418 },
+    {  421,  390 }, {  480,  480 }, {  450,  419 }, {  422,  391 },
+    {  114,   83 }, {  451,  420 }, {  480,  449 }, {  452,  421 },
+    {  481,  450 }, {  453,  422 }, {  512,  512 }, {  482,  451 },
+    {  454,  423 }, {  512,  481 }, {  483,  452 }, {  513,  482 },
+    {  484,  453 }, {  514,  483 }, {  485,  454 }, {  544,  513 },
+    {  544,  544 }, {  486,  455 }, {  545,  514 }, {  546,  515 },
+    {  576,  576 }, {  576,  545 }, {  577,  546 }, {  578,  547 },
+    {  608,  577 }, {  609,  578 }, {  610,  579 }, {   19,   19 },
+    {  143,  112 }, {  267,  236 }, {  391,  360 }, {  515,  484 },
+    {  608,  608 }, {   20,   20 }, {   51,   20 }, {  144,  113 },
+    {  175,  144 }, {  268,  237 }, {  299,  268 }, {  392,  361 },
+    {  423,  392 }, {  516,  485 }, {  547,  516 }, {  640,  609 },
+    {  640,  640 }, {   21,   21 }, {   52,   21 }, {   83,   52 },
+    {  145,  114 }, {  176,  145 }, {  207,  176 }, {  269,  238 },
+    {  300,  269 }, {  331,  300 }, {  393,  362 }, {  424,  393 },
+    {  455,  424 }, {  517,  486 }, {  548,  517 }, {  579,  548 },
+    {  641,  610 }, {  672,  641 }, {  672,  672 }, {   22,   22 },
+    {   53,   22 }, {   84,   53 }, {  115,   84 }, {  146,  115 },
+    {  177,  146 }, {  208,  177 }, {  239,  208 }, {  270,  239 },
+    {  301,  270 }, {  332,  301 }, {  363,  332 }, {  394,  363 },
+    {  425,  394 }, {  456,  425 }, {  487,  456 }, {  518,  487 },
+    {  549,  518 }, {  580,  549 }, {  611,  580 }, {  642,  611 },
+    {  673,  642 }, {  704,  673 }, {  704,  704 }, {   54,   23 },
+    {   85,   54 }, {  116,   85 }, {  178,  147 }, {  209,  178 },
+    {  240,  209 }, {  302,  271 }, {  333,  302 }, {  364,  333 },
+    {  426,  395 }, {  457,  426 }, {  488,  457 }, {  550,  519 },
+    {  581,  550 }, {  612,  581 }, {  674,  643 }, {  705,  674 },
+    {  736,  705 }, {   86,   55 }, {  117,   86 }, {  210,  179 },
+    {  241,  210 }, {  334,  303 }, {  365,  334 }, {  458,  427 },
+    {  489,  458 }, {  582,  551 }, {  613,  582 }, {  706,  675 },
+    {  737,  706 }, {  118,   87 }, {  242,  211 }, {  366,  335 },
+    {  490,  459 }, {  614,  583 }, {  738,  707 }, {   23,   23 },
+    {  147,  116 }, {  271,  240 }, {  395,  364 }, {  519,  488 },
+    {  643,  612 }, {  736,  736 }, {   24,   24 }, {   55,   24 },
+    {  148,  117 }, {  179,  148 }, {  272,  241 }, {  303,  272 },
+    {  396,  365 }, {  427,  396 }, {  520,  489 }, {  551,  520 },
+    {  644,  613 }, {  675,  644 }, {  768,  737 }, {  768,  768 },
+    {   25,   25 }, {   56,   25 }, {   87,   56 }, {  149,  118 },
+    {  180,  149 }, {  211,  180 }, {  273,  242 }, {  304,  273 },
+    {  335,  304 }, {  397,  366 }, {  428,  397 }, {  459,  428 },
+    {  521,  490 }, {  552,  521 }, {  583,  552 }, {  645,  614 },
+    {  676,  645 }, {  707,  676 }, {  769,  738 }, {  800,  769 },
+    {  800,  800 }, {   26,   26 }, {   57,   26 }, {   88,   57 },
+    {  119,   88 }, {  150,  119 }, {  181,  150 }, {  212,  181 },
+    {  243,  212 }, {  274,  243 }, {  305,  274 }, {  336,  305 },
+    {  367,  336 }, {  398,  367 }, {  429,  398 }, {  460,  429 },
+    {  491,  460 }, {  522,  491 }, {  553,  522 }, {  584,  553 },
+    {  615,  584 }, {  646,  615 }, {  677,  646 }, {  708,  677 },
+    {  739,  708 }, {  770,  739 }, {  801,  770 }, {  832,  801 },
+    {  832,  832 }, {   58,   27 }, {   89,   58 }, {  120,   89 },
+    {  182,  151 }, {  213,  182 }, {  244,  213 }, {  306,  275 },
+    {  337,  306 }, {  368,  337 }, {  430,  399 }, {  461,  430 },
+    {  492,  461 }, {  554,  523 }, {  585,  554 }, {  616,  585 },
+    {  678,  647 }, {  709,  678 }, {  740,  709 }, {  802,  771 },
+    {  833,  802 }, {  864,  833 }, {   90,   59 }, {  121,   90 },
+    {  214,  183 }, {  245,  214 }, {  338,  307 }, {  369,  338 },
+    {  462,  431 }, {  493,  462 }, {  586,  555 }, {  617,  586 },
+    {  710,  679 }, {  741,  710 }, {  834,  803 }, {  865,  834 },
+    {  122,   91 }, {  246,  215 }, {  370,  339 }, {  494,  463 },
+    {  618,  587 }, {  742,  711 }, {  866,  835 }, {   27,   27 },
+    {  151,  120 }, {  275,  244 }, {  399,  368 }, {  523,  492 },
+    {  647,  616 }, {  771,  740 }, {  864,  864 }, {   28,   28 },
+    {   59,   28 }, {  152,  121 }, {  183,  152 }, {  276,  245 },
+    {  307,  276 }, {  400,  369 }, {  431,  400 }, {  524,  493 },
+    {  555,  524 }, {  648,  617 }, {  679,  648 }, {  772,  741 },
+    {  803,  772 }, {  896,  865 }, {  896,  896 }, {   29,   29 },
+    {   60,   29 }, {   91,   60 }, {  153,  122 }, {  184,  153 },
+    {  215,  184 }, {  277,  246 }, {  308,  277 }, {  339,  308 },
+    {  401,  370 }, {  432,  401 }, {  463,  432 }, {  525,  494 },
+    {  556,  525 }, {  587,  556 }, {  649,  618 }, {  680,  649 },
+    {  711,  680 }, {  773,  742 }, {  804,  773 }, {  835,  804 },
+    {  897,  866 }, {  928,  897 }, {  928,  928 }, {   30,   30 },
+    {   61,   30 }, {   92,   61 }, {  123,   92 }, {  154,  123 },
+    {  185,  154 }, {  216,  185 }, {  247,  216 }, {  278,  247 },
+    {  309,  278 }, {  340,  309 }, {  371,  340 }, {  402,  371 },
+    {  433,  402 }, {  464,  433 }, {  495,  464 }, {  526,  495 },
+    {  557,  526 }, {  588,  557 }, {  619,  588 }, {  650,  619 },
+    {  681,  650 }, {  712,  681 }, {  743,  712 }, {  774,  743 },
+    {  805,  774 }, {  836,  805 }, {  867,  836 }, {  898,  867 },
+    {  929,  898 }, {  960,  929 }, {  960,  960 }, {   62,   31 },
+    {   93,   62 }, {  124,   93 }, {  186,  155 }, {  217,  186 },
+    {  248,  217 }, {  310,  279 }, {  341,  310 }, {  372,  341 },
+    {  434,  403 }, {  465,  434 }, {  496,  465 }, {  558,  527 },
+    {  589,  558 }, {  620,  589 }, {  682,  651 }, {  713,  682 },
+    {  744,  713 }, {  806,  775 }, {  837,  806 }, {  868,  837 },
+    {  930,  899 }, {  961,  930 }, {  992,  961 }, {   94,   63 },
+    {  125,   94 }, {  218,  187 }, {  249,  218 }, {  342,  311 },
+    {  373,  342 }, {  466,  435 }, {  497,  466 }, {  590,  559 },
+    {  621,  590 }, {  714,  683 }, {  745,  714 }, {  838,  807 },
+    {  869,  838 }, {  962,  931 }, {  993,  962 }, {  126,   95 },
+    {  250,  219 }, {  374,  343 }, {  498,  467 }, {  622,  591 },
+    {  746,  715 }, {  870,  839 }, {  994,  963 }, {  155,  124 },
+    {  279,  248 }, {  403,  372 }, {  527,  496 }, {  651,  620 },
+    {  775,  744 }, {  899,  868 }, {  156,  125 }, {  187,  156 },
+    {  280,  249 }, {  311,  280 }, {  404,  373 }, {  435,  404 },
+    {  528,  497 }, {  559,  528 }, {  652,  621 }, {  683,  652 },
+    {  776,  745 }, {  807,  776 }, {  900,  869 }, {  931,  900 },
+    {  157,  126 }, {  188,  157 }, {  219,  188 }, {  281,  250 },
+    {  312,  281 }, {  343,  312 }, {  405,  374 }, {  436,  405 },
+    {  467,  436 }, {  529,  498 }, {  560,  529 }, {  591,  560 },
+    {  653,  622 }, {  684,  653 }, {  715,  684 }, {  777,  746 },
+    {  808,  777 }, {  839,  808 }, {  901,  870 }, {  932,  901 },
+    {  963,  932 }, {  158,  127 }, {  189,  158 }, {  220,  189 },
+    {  251,  220 }, {  282,  251 }, {  313,  282 }, {  344,  313 },
+    {  375,  344 }, {  406,  375 }, {  437,  406 }, {  468,  437 },
+    {  499,  468 }, {  530,  499 }, {  561,  530 }, {  592,  561 },
+    {  623,  592 }, {  654,  623 }, {  685,  654 }, {  716,  685 },
+    {  747,  716 }, {  778,  747 }, {  809,  778 }, {  840,  809 },
+    {  871,  840 }, {  902,  871 }, {  933,  902 }, {  964,  933 },
+    {  995,  964 }, {  190,  159 }, {  221,  190 }, {  252,  221 },
+    {  314,  283 }, {  345,  314 }, {  376,  345 }, {  438,  407 },
+    {  469,  438 }, {  500,  469 }, {  562,  531 }, {  593,  562 },
+    {  624,  593 }, {  686,  655 }, {  717,  686 }, {  748,  717 },
+    {  810,  779 }, {  841,  810 }, {  872,  841 }, {  934,  903 },
+    {  965,  934 }, {  996,  965 }, {  222,  191 }, {  253,  222 },
+    {  346,  315 }, {  377,  346 }, {  470,  439 }, {  501,  470 },
+    {  594,  563 }, {  625,  594 }, {  718,  687 }, {  749,  718 },
+    {  842,  811 }, {  873,  842 }, {  966,  935 }, {  997,  966 },
+    {  254,  223 }, {  378,  347 }, {  502,  471 }, {  626,  595 },
+    {  750,  719 }, {  874,  843 }, {  998,  967 }, {  283,  252 },
+    {  407,  376 }, {  531,  500 }, {  655,  624 }, {  779,  748 },
+    {  903,  872 }, {  284,  253 }, {  315,  284 }, {  408,  377 },
+    {  439,  408 }, {  532,  501 }, {  563,  532 }, {  656,  625 },
+    {  687,  656 }, {  780,  749 }, {  811,  780 }, {  904,  873 },
+    {  935,  904 }, {  285,  254 }, {  316,  285 }, {  347,  316 },
+    {  409,  378 }, {  440,  409 }, {  471,  440 }, {  533,  502 },
+    {  564,  533 }, {  595,  564 }, {  657,  626 }, {  688,  657 },
+    {  719,  688 }, {  781,  750 }, {  812,  781 }, {  843,  812 },
+    {  905,  874 }, {  936,  905 }, {  967,  936 }, {  286,  255 },
+    {  317,  286 }, {  348,  317 }, {  379,  348 }, {  410,  379 },
+    {  441,  410 }, {  472,  441 }, {  503,  472 }, {  534,  503 },
+    {  565,  534 }, {  596,  565 }, {  627,  596 }, {  658,  627 },
+    {  689,  658 }, {  720,  689 }, {  751,  720 }, {  782,  751 },
+    {  813,  782 }, {  844,  813 }, {  875,  844 }, {  906,  875 },
+    {  937,  906 }, {  968,  937 }, {  999,  968 }, {  318,  287 },
+    {  349,  318 }, {  380,  349 }, {  442,  411 }, {  473,  442 },
+    {  504,  473 }, {  566,  535 }, {  597,  566 }, {  628,  597 },
+    {  690,  659 }, {  721,  690 }, {  752,  721 }, {  814,  783 },
+    {  845,  814 }, {  876,  845 }, {  938,  907 }, {  969,  938 },
+    { 1000,  969 }, {  350,  319 }, {  381,  350 }, {  474,  443 },
+    {  505,  474 }, {  598,  567 }, {  629,  598 }, {  722,  691 },
+    {  753,  722 }, {  846,  815 }, {  877,  846 }, {  970,  939 },
+    { 1001,  970 }, {  382,  351 }, {  506,  475 }, {  630,  599 },
+    {  754,  723 }, {  878,  847 }, { 1002,  971 }, {  411,  380 },
+    {  535,  504 }, {  659,  628 }, {  783,  752 }, {  907,  876 },
+    {  412,  381 }, {  443,  412 }, {  536,  505 }, {  567,  536 },
+    {  660,  629 }, {  691,  660 }, {  784,  753 }, {  815,  784 },
+    {  908,  877 }, {  939,  908 }, {  413,  382 }, {  444,  413 },
+    {  475,  444 }, {  537,  506 }, {  568,  537 }, {  599,  568 },
+    {  661,  630 }, {  692,  661 }, {  723,  692 }, {  785,  754 },
+    {  816,  785 }, {  847,  816 }, {  909,  878 }, {  940,  909 },
+    {  971,  940 }, {  414,  383 }, {  445,  414 }, {  476,  445 },
+    {  507,  476 }, {  538,  507 }, {  569,  538 }, {  600,  569 },
+    {  631,  600 }, {  662,  631 }, {  693,  662 }, {  724,  693 },
+    {  755,  724 }, {  786,  755 }, {  817,  786 }, {  848,  817 },
+    {  879,  848 }, {  910,  879 }, {  941,  910 }, {  972,  941 },
+    { 1003,  972 }, {  446,  415 }, {  477,  446 }, {  508,  477 },
+    {  570,  539 }, {  601,  570 }, {  632,  601 }, {  694,  663 },
+    {  725,  694 }, {  756,  725 }, {  818,  787 }, {  849,  818 },
+    {  880,  849 }, {  942,  911 }, {  973,  942 }, { 1004,  973 },
+    {  478,  447 }, {  509,  478 }, {  602,  571 }, {  633,  602 },
+    {  726,  695 }, {  757,  726 }, {  850,  819 }, {  881,  850 },
+    {  974,  943 }, { 1005,  974 }, {  510,  479 }, {  634,  603 },
+    {  758,  727 }, {  882,  851 }, { 1006,  975 }, {  539,  508 },
+    {  663,  632 }, {  787,  756 }, {  911,  880 }, {  540,  509 },
+    {  571,  540 }, {  664,  633 }, {  695,  664 }, {  788,  757 },
+    {  819,  788 }, {  912,  881 }, {  943,  912 }, {  541,  510 },
+    {  572,  541 }, {  603,  572 }, {  665,  634 }, {  696,  665 },
+    {  727,  696 }, {  789,  758 }, {  820,  789 }, {  851,  820 },
+    {  913,  882 }, {  944,  913 }, {  975,  944 }, {  542,  511 },
+    {  573,  542 }, {  604,  573 }, {  635,  604 }, {  666,  635 },
+    {  697,  666 }, {  728,  697 }, {  759,  728 }, {  790,  759 },
+    {  821,  790 }, {  852,  821 }, {  883,  852 }, {  914,  883 },
+    {  945,  914 }, {  976,  945 }, { 1007,  976 }, {  574,  543 },
+    {  605,  574 }, {  636,  605 }, {  698,  667 }, {  729,  698 },
+    {  760,  729 }, {  822,  791 }, {  853,  822 }, {  884,  853 },
+    {  946,  915 }, {  977,  946 }, { 1008,  977 }, {  606,  575 },
+    {  637,  606 }, {  730,  699 }, {  761,  730 }, {  854,  823 },
+    {  885,  854 }, {  978,  947 }, { 1009,  978 }, {  638,  607 },
+    {  762,  731 }, {  886,  855 }, { 1010,  979 }, {  667,  636 },
+    {  791,  760 }, {  915,  884 }, {  668,  637 }, {  699,  668 },
+    {  792,  761 }, {  823,  792 }, {  916,  885 }, {  947,  916 },
+    {  669,  638 }, {  700,  669 }, {  731,  700 }, {  793,  762 },
+    {  824,  793 }, {  855,  824 }, {  917,  886 }, {  948,  917 },
+    {  979,  948 }, {  670,  639 }, {  701,  670 }, {  732,  701 },
+    {  763,  732 }, {  794,  763 }, {  825,  794 }, {  856,  825 },
+    {  887,  856 }, {  918,  887 }, {  949,  918 }, {  980,  949 },
+    { 1011,  980 }, {  702,  671 }, {  733,  702 }, {  764,  733 },
+    {  826,  795 }, {  857,  826 }, {  888,  857 }, {  950,  919 },
+    {  981,  950 }, { 1012,  981 }, {  734,  703 }, {  765,  734 },
+    {  858,  827 }, {  889,  858 }, {  982,  951 }, { 1013,  982 },
+    {  766,  735 }, {  890,  859 }, { 1014,  983 }, {  795,  764 },
+    {  919,  888 }, {  796,  765 }, {  827,  796 }, {  920,  889 },
+    {  951,  920 }, {  797,  766 }, {  828,  797 }, {  859,  828 },
+    {  921,  890 }, {  952,  921 }, {  983,  952 }, {  798,  767 },
+    {  829,  798 }, {  860,  829 }, {  891,  860 }, {  922,  891 },
+    {  953,  922 }, {  984,  953 }, { 1015,  984 }, {  830,  799 },
+    {  861,  830 }, {  892,  861 }, {  954,  923 }, {  985,  954 },
+    { 1016,  985 }, {  862,  831 }, {  893,  862 }, {  986,  955 },
+    { 1017,  986 }, {  894,  863 }, { 1018,  987 }, {  923,  892 },
+    {  924,  893 }, {  955,  924 }, {  925,  894 }, {  956,  925 },
+    {  987,  956 }, {  926,  895 }, {  957,  926 }, {  988,  957 },
+    { 1019,  988 }, {  958,  927 }, {  989,  958 }, { 1020,  989 },
+    {  990,  959 }, { 1021,  990 }, { 1022,  991 }, {    0,    0 },
+};
+
+const int16_t (* const ff_vp9_scans_nb[5][4])[2] = {
+    {
+        ff_vp9_default_scan_4x4_nb, ff_vp9_col_scan_4x4_nb,
+        ff_vp9_row_scan_4x4_nb, ff_vp9_default_scan_4x4_nb
+    }, {
+        ff_vp9_default_scan_8x8_nb, ff_vp9_col_scan_8x8_nb,
+        ff_vp9_row_scan_8x8_nb, ff_vp9_default_scan_8x8_nb
+    }, {
+        ff_vp9_default_scan_16x16_nb, ff_vp9_col_scan_16x16_nb,
+        ff_vp9_row_scan_16x16_nb, ff_vp9_default_scan_16x16_nb
+    }, {
+        ff_vp9_default_scan_32x32_nb, ff_vp9_default_scan_32x32_nb,
+        ff_vp9_default_scan_32x32_nb, ff_vp9_default_scan_32x32_nb
+    }, { // lossless
+        ff_vp9_default_scan_4x4_nb, ff_vp9_default_scan_4x4_nb,
+        ff_vp9_default_scan_4x4_nb, ff_vp9_default_scan_4x4_nb
+    }
+};
+
+const uint8_t ff_vp9_model_pareto8[256][8] = {
+    {   6,  86, 128,  11,  87,  42,  91,  52 },
+    {   3,  86, 128,   6,  86,  23,  88,  29 },
+    {   6,  86, 128,  11,  87,  42,  91,  52 },
+    {   9,  86, 129,  17,  88,  61,  94,  76 },
+    {  12,  86, 129,  22,  88,  77,  97,  93 },
+    {  15,  87, 129,  28,  89,  93, 100, 110 },
+    {  17,  87, 129,  33,  90, 105, 103, 123 },
+    {  20,  88, 130,  38,  91, 118, 106, 136 },
+    {  23,  88, 130,  43,  91, 128, 108, 146 },
+    {  26,  89, 131,  48,  92, 139, 111, 156 },
+    {  28,  89, 131,  53,  93, 147, 114, 163 },
+    {  31,  90, 131,  58,  94, 156, 117, 171 },
+    {  34,  90, 131,  62,  94, 163, 119, 177 },
+    {  37,  90, 132,  66,  95, 171, 122, 184 },
+    {  39,  90, 132,  70,  96, 177, 124, 189 },
+    {  42,  91, 132,  75,  97, 183, 127, 194 },
+    {  44,  91, 132,  79,  97, 188, 129, 198 },
+    {  47,  92, 133,  83,  98, 193, 132, 202 },
+    {  49,  92, 133,  86,  99, 197, 134, 205 },
+    {  52,  93, 133,  90, 100, 201, 137, 208 },
+    {  54,  93, 133,  94, 100, 204, 139, 211 },
+    {  57,  94, 134,  98, 101, 208, 142, 214 },
+    {  59,  94, 134, 101, 102, 211, 144, 216 },
+    {  62,  94, 135, 105, 103, 214, 146, 218 },
+    {  64,  94, 135, 108, 103, 216, 148, 220 },
+    {  66,  95, 135, 111, 104, 219, 151, 222 },
+    {  68,  95, 135, 114, 105, 221, 153, 223 },
+    {  71,  96, 136, 117, 106, 224, 155, 225 },
+    {  73,  96, 136, 120, 106, 225, 157, 226 },
+    {  76,  97, 136, 123, 107, 227, 159, 228 },
+    {  78,  97, 136, 126, 108, 229, 160, 229 },
+    {  80,  98, 137, 129, 109, 231, 162, 231 },
+    {  82,  98, 137, 131, 109, 232, 164, 232 },
+    {  84,  98, 138, 134, 110, 234, 166, 233 },
+    {  86,  98, 138, 137, 111, 235, 168, 234 },
+    {  89,  99, 138, 140, 112, 236, 170, 235 },
+    {  91,  99, 138, 142, 112, 237, 171, 235 },
+    {  93, 100, 139, 145, 113, 238, 173, 236 },
+    {  95, 100, 139, 147, 114, 239, 174, 237 },
+    {  97, 101, 140, 149, 115, 240, 176, 238 },
+    {  99, 101, 140, 151, 115, 241, 177, 238 },
+    { 101, 102, 140, 154, 116, 242, 179, 239 },
+    { 103, 102, 140, 156, 117, 242, 180, 239 },
+    { 105, 103, 141, 158, 118, 243, 182, 240 },
+    { 107, 103, 141, 160, 118, 243, 183, 240 },
+    { 109, 104, 141, 162, 119, 244, 185, 241 },
+    { 111, 104, 141, 164, 119, 244, 186, 241 },
+    { 113, 104, 142, 166, 120, 245, 187, 242 },
+    { 114, 104, 142, 168, 121, 245, 188, 242 },
+    { 116, 105, 143, 170, 122, 246, 190, 243 },
+    { 118, 105, 143, 171, 122, 246, 191, 243 },
+    { 120, 106, 143, 173, 123, 247, 192, 244 },
+    { 121, 106, 143, 175, 124, 247, 193, 244 },
+    { 123, 107, 144, 177, 125, 248, 195, 244 },
+    { 125, 107, 144, 178, 125, 248, 196, 244 },
+    { 127, 108, 145, 180, 126, 249, 197, 245 },
+    { 128, 108, 145, 181, 127, 249, 198, 245 },
+    { 130, 109, 145, 183, 128, 249, 199, 245 },
+    { 132, 109, 145, 184, 128, 249, 200, 245 },
+    { 134, 110, 146, 186, 129, 250, 201, 246 },
+    { 135, 110, 146, 187, 130, 250, 202, 246 },
+    { 137, 111, 147, 189, 131, 251, 203, 246 },
+    { 138, 111, 147, 190, 131, 251, 204, 246 },
+    { 140, 112, 147, 192, 132, 251, 205, 247 },
+    { 141, 112, 147, 193, 132, 251, 206, 247 },
+    { 143, 113, 148, 194, 133, 251, 207, 247 },
+    { 144, 113, 148, 195, 134, 251, 207, 247 },
+    { 146, 114, 149, 197, 135, 252, 208, 248 },
+    { 147, 114, 149, 198, 135, 252, 209, 248 },
+    { 149, 115, 149, 199, 136, 252, 210, 248 },
+    { 150, 115, 149, 200, 137, 252, 210, 248 },
+    { 152, 115, 150, 201, 138, 252, 211, 248 },
+    { 153, 115, 150, 202, 138, 252, 212, 248 },
+    { 155, 116, 151, 204, 139, 253, 213, 249 },
+    { 156, 116, 151, 205, 139, 253, 213, 249 },
+    { 158, 117, 151, 206, 140, 253, 214, 249 },
+    { 159, 117, 151, 207, 141, 253, 215, 249 },
+    { 161, 118, 152, 208, 142, 253, 216, 249 },
+    { 162, 118, 152, 209, 142, 253, 216, 249 },
+    { 163, 119, 153, 210, 143, 253, 217, 249 },
+    { 164, 119, 153, 211, 143, 253, 217, 249 },
+    { 166, 120, 153, 212, 144, 254, 218, 250 },
+    { 167, 120, 153, 212, 145, 254, 219, 250 },
+    { 168, 121, 154, 213, 146, 254, 220, 250 },
+    { 169, 121, 154, 214, 146, 254, 220, 250 },
+    { 171, 122, 155, 215, 147, 254, 221, 250 },
+    { 172, 122, 155, 216, 147, 254, 221, 250 },
+    { 173, 123, 155, 217, 148, 254, 222, 250 },
+    { 174, 123, 155, 217, 149, 254, 222, 250 },
+    { 176, 124, 156, 218, 150, 254, 223, 250 },
+    { 177, 124, 156, 219, 150, 254, 223, 250 },
+    { 178, 125, 157, 220, 151, 254, 224, 251 },
+    { 179, 125, 157, 220, 151, 254, 224, 251 },
+    { 180, 126, 157, 221, 152, 254, 225, 251 },
+    { 181, 126, 157, 221, 152, 254, 225, 251 },
+    { 183, 127, 158, 222, 153, 254, 226, 251 },
+    { 184, 127, 158, 223, 154, 254, 226, 251 },
+    { 185, 128, 159, 224, 155, 255, 227, 251 },
+    { 186, 128, 159, 224, 155, 255, 227, 251 },
+    { 187, 129, 160, 225, 156, 255, 228, 251 },
+    { 188, 130, 160, 225, 156, 255, 228, 251 },
+    { 189, 131, 160, 226, 157, 255, 228, 251 },
+    { 190, 131, 160, 226, 158, 255, 228, 251 },
+    { 191, 132, 161, 227, 159, 255, 229, 251 },
+    { 192, 132, 161, 227, 159, 255, 229, 251 },
+    { 193, 133, 162, 228, 160, 255, 230, 252 },
+    { 194, 133, 162, 229, 160, 255, 230, 252 },
+    { 195, 134, 163, 230, 161, 255, 231, 252 },
+    { 196, 134, 163, 230, 161, 255, 231, 252 },
+    { 197, 135, 163, 231, 162, 255, 231, 252 },
+    { 198, 135, 163, 231, 162, 255, 231, 252 },
+    { 199, 136, 164, 232, 163, 255, 232, 252 },
+    { 200, 136, 164, 232, 164, 255, 232, 252 },
+    { 201, 137, 165, 233, 165, 255, 233, 252 },
+    { 201, 137, 165, 233, 165, 255, 233, 252 },
+    { 202, 138, 166, 233, 166, 255, 233, 252 },
+    { 203, 138, 166, 233, 166, 255, 233, 252 },
+    { 204, 139, 166, 234, 167, 255, 234, 252 },
+    { 205, 139, 166, 234, 167, 255, 234, 252 },
+    { 206, 140, 167, 235, 168, 255, 235, 252 },
+    { 206, 140, 167, 235, 168, 255, 235, 252 },
+    { 207, 141, 168, 236, 169, 255, 235, 252 },
+    { 208, 141, 168, 236, 170, 255, 235, 252 },
+    { 209, 142, 169, 237, 171, 255, 236, 252 },
+    { 209, 143, 169, 237, 171, 255, 236, 252 },
+    { 210, 144, 169, 237, 172, 255, 236, 252 },
+    { 211, 144, 169, 237, 172, 255, 236, 252 },
+    { 212, 145, 170, 238, 173, 255, 237, 252 },
+    { 213, 145, 170, 238, 173, 255, 237, 252 },
+    { 214, 146, 171, 239, 174, 255, 237, 253 },
+    { 214, 146, 171, 239, 174, 255, 237, 253 },
+    { 215, 147, 172, 240, 175, 255, 238, 253 },
+    { 215, 147, 172, 240, 175, 255, 238, 253 },
+    { 216, 148, 173, 240, 176, 255, 238, 253 },
+    { 217, 148, 173, 240, 176, 255, 238, 253 },
+    { 218, 149, 173, 241, 177, 255, 239, 253 },
+    { 218, 149, 173, 241, 178, 255, 239, 253 },
+    { 219, 150, 174, 241, 179, 255, 239, 253 },
+    { 219, 151, 174, 241, 179, 255, 239, 253 },
+    { 220, 152, 175, 242, 180, 255, 240, 253 },
+    { 221, 152, 175, 242, 180, 255, 240, 253 },
+    { 222, 153, 176, 242, 181, 255, 240, 253 },
+    { 222, 153, 176, 242, 181, 255, 240, 253 },
+    { 223, 154, 177, 243, 182, 255, 240, 253 },
+    { 223, 154, 177, 243, 182, 255, 240, 253 },
+    { 224, 155, 178, 244, 183, 255, 241, 253 },
+    { 224, 155, 178, 244, 183, 255, 241, 253 },
+    { 225, 156, 178, 244, 184, 255, 241, 253 },
+    { 225, 157, 178, 244, 184, 255, 241, 253 },
+    { 226, 158, 179, 244, 185, 255, 242, 253 },
+    { 227, 158, 179, 244, 185, 255, 242, 253 },
+    { 228, 159, 180, 245, 186, 255, 242, 253 },
+    { 228, 159, 180, 245, 186, 255, 242, 253 },
+    { 229, 160, 181, 245, 187, 255, 242, 253 },
+    { 229, 160, 181, 245, 187, 255, 242, 253 },
+    { 230, 161, 182, 246, 188, 255, 243, 253 },
+    { 230, 162, 182, 246, 188, 255, 243, 253 },
+    { 231, 163, 183, 246, 189, 255, 243, 253 },
+    { 231, 163, 183, 246, 189, 255, 243, 253 },
+    { 232, 164, 184, 247, 190, 255, 243, 253 },
+    { 232, 164, 184, 247, 190, 255, 243, 253 },
+    { 233, 165, 185, 247, 191, 255, 244, 253 },
+    { 233, 165, 185, 247, 191, 255, 244, 253 },
+    { 234, 166, 185, 247, 192, 255, 244, 253 },
+    { 234, 167, 185, 247, 192, 255, 244, 253 },
+    { 235, 168, 186, 248, 193, 255, 244, 253 },
+    { 235, 168, 186, 248, 193, 255, 244, 253 },
+    { 236, 169, 187, 248, 194, 255, 244, 253 },
+    { 236, 169, 187, 248, 194, 255, 244, 253 },
+    { 236, 170, 188, 248, 195, 255, 245, 253 },
+    { 236, 170, 188, 248, 195, 255, 245, 253 },
+    { 237, 171, 189, 249, 196, 255, 245, 254 },
+    { 237, 172, 189, 249, 196, 255, 245, 254 },
+    { 238, 173, 190, 249, 197, 255, 245, 254 },
+    { 238, 173, 190, 249, 197, 255, 245, 254 },
+    { 239, 174, 191, 249, 198, 255, 245, 254 },
+    { 239, 174, 191, 249, 198, 255, 245, 254 },
+    { 240, 175, 192, 249, 199, 255, 246, 254 },
+    { 240, 176, 192, 249, 199, 255, 246, 254 },
+    { 240, 177, 193, 250, 200, 255, 246, 254 },
+    { 240, 177, 193, 250, 200, 255, 246, 254 },
+    { 241, 178, 194, 250, 201, 255, 246, 254 },
+    { 241, 178, 194, 250, 201, 255, 246, 254 },
+    { 242, 179, 195, 250, 202, 255, 246, 254 },
+    { 242, 180, 195, 250, 202, 255, 246, 254 },
+    { 242, 181, 196, 250, 203, 255, 247, 254 },
+    { 242, 181, 196, 250, 203, 255, 247, 254 },
+    { 243, 182, 197, 251, 204, 255, 247, 254 },
+    { 243, 183, 197, 251, 204, 255, 247, 254 },
+    { 244, 184, 198, 251, 205, 255, 247, 254 },
+    { 244, 184, 198, 251, 205, 255, 247, 254 },
+    { 244, 185, 199, 251, 206, 255, 247, 254 },
+    { 244, 185, 199, 251, 206, 255, 247, 254 },
+    { 245, 186, 200, 251, 207, 255, 247, 254 },
+    { 245, 187, 200, 251, 207, 255, 247, 254 },
+    { 246, 188, 201, 252, 207, 255, 248, 254 },
+    { 246, 188, 201, 252, 207, 255, 248, 254 },
+    { 246, 189, 202, 252, 208, 255, 248, 254 },
+    { 246, 190, 202, 252, 208, 255, 248, 254 },
+    { 247, 191, 203, 252, 209, 255, 248, 254 },
+    { 247, 191, 203, 252, 209, 255, 248, 254 },
+    { 247, 192, 204, 252, 210, 255, 248, 254 },
+    { 247, 193, 204, 252, 210, 255, 248, 254 },
+    { 248, 194, 205, 252, 211, 255, 248, 254 },
+    { 248, 194, 205, 252, 211, 255, 248, 254 },
+    { 248, 195, 206, 252, 212, 255, 249, 254 },
+    { 248, 196, 206, 252, 212, 255, 249, 254 },
+    { 249, 197, 207, 253, 213, 255, 249, 254 },
+    { 249, 197, 207, 253, 213, 255, 249, 254 },
+    { 249, 198, 208, 253, 214, 255, 249, 254 },
+    { 249, 199, 209, 253, 214, 255, 249, 254 },
+    { 250, 200, 210, 253, 215, 255, 249, 254 },
+    { 250, 200, 210, 253, 215, 255, 249, 254 },
+    { 250, 201, 211, 253, 215, 255, 249, 254 },
+    { 250, 202, 211, 253, 215, 255, 249, 254 },
+    { 250, 203, 212, 253, 216, 255, 249, 254 },
+    { 250, 203, 212, 253, 216, 255, 249, 254 },
+    { 251, 204, 213, 253, 217, 255, 250, 254 },
+    { 251, 205, 213, 253, 217, 255, 250, 254 },
+    { 251, 206, 214, 254, 218, 255, 250, 254 },
+    { 251, 206, 215, 254, 218, 255, 250, 254 },
+    { 252, 207, 216, 254, 219, 255, 250, 254 },
+    { 252, 208, 216, 254, 219, 255, 250, 254 },
+    { 252, 209, 217, 254, 220, 255, 250, 254 },
+    { 252, 210, 217, 254, 220, 255, 250, 254 },
+    { 252, 211, 218, 254, 221, 255, 250, 254 },
+    { 252, 212, 218, 254, 221, 255, 250, 254 },
+    { 253, 213, 219, 254, 222, 255, 250, 254 },
+    { 253, 213, 220, 254, 222, 255, 250, 254 },
+    { 253, 214, 221, 254, 223, 255, 250, 254 },
+    { 253, 215, 221, 254, 223, 255, 250, 254 },
+    { 253, 216, 222, 254, 224, 255, 251, 254 },
+    { 253, 217, 223, 254, 224, 255, 251, 254 },
+    { 253, 218, 224, 254, 225, 255, 251, 254 },
+    { 253, 219, 224, 254, 225, 255, 251, 254 },
+    { 254, 220, 225, 254, 225, 255, 251, 254 },
+    { 254, 221, 226, 254, 225, 255, 251, 254 },
+    { 254, 222, 227, 255, 226, 255, 251, 254 },
+    { 254, 223, 227, 255, 226, 255, 251, 254 },
+    { 254, 224, 228, 255, 227, 255, 251, 254 },
+    { 254, 225, 229, 255, 227, 255, 251, 254 },
+    { 254, 226, 230, 255, 228, 255, 251, 254 },
+    { 254, 227, 230, 255, 229, 255, 251, 254 },
+    { 255, 228, 231, 255, 230, 255, 251, 254 },
+    { 255, 229, 232, 255, 230, 255, 251, 254 },
+    { 255, 230, 233, 255, 231, 255, 252, 254 },
+    { 255, 231, 234, 255, 231, 255, 252, 254 },
+    { 255, 232, 235, 255, 232, 255, 252, 254 },
+    { 255, 233, 236, 255, 232, 255, 252, 254 },
+    { 255, 235, 237, 255, 233, 255, 252, 254 },
+    { 255, 236, 238, 255, 234, 255, 252, 254 },
+    { 255, 238, 240, 255, 235, 255, 252, 255 },
+    { 255, 239, 241, 255, 235, 255, 252, 254 },
+    { 255, 241, 243, 255, 236, 255, 252, 254 },
+    { 255, 243, 245, 255, 237, 255, 252, 254 },
+    { 255, 246, 247, 255, 239, 255, 253, 255 },
+};
+
+const ProbContext ff_vp9_default_probs = {
+    { /* y_mode */
+        {  65,  32,  18, 144, 162, 194,  41,  51,  98 } /* bsize < 8x8 */,
+        { 132,  68,  18, 165, 217, 196,  45,  40,  78 } /* bsize < 16x16 */,
+        { 173,  80,  19, 176, 240, 193,  64,  35,  46 } /* bsize < 32x32 */,
+        { 221, 135,  38, 194, 248, 121,  96,  85,  29 } /* bsize >= 32x32 */
+    }, { /* uv_mode */
+        {  48,  12, 154, 155, 139,  90,  34, 117, 119 } /* y = v */,
+        {  67,   6,  25, 204, 243, 158,  13,  21,  96 } /* y = h */,
+        { 120,   7,  76, 176, 208, 126,  28,  54, 103 } /* y = dc */,
+        {  97,   5,  44, 131, 176, 139,  48,  68,  97 } /* y = d45 */,
+        {  83,   5,  42, 156, 111, 152,  26,  49, 152 } /* y = d135 */,
+        {  80,   5,  58, 178,  74,  83,  33,  62, 145 } /* y = d117 */,
+        {  86,   5,  32, 154, 192, 168,  14,  22, 163 } /* y = d153 */,
+        {  77,   7,  64, 116, 132, 122,  37, 126, 120 } /* y = d63 */,
+        {  85,   5,  32, 156, 216, 148,  19,  29,  73 } /* y = d27 */,
+        { 101,  21, 107, 181, 192, 103,  19,  67, 125 } /* y = tm */
+    }, { /* filter */
+        { 235, 162, },
+        {  36, 255, },
+        {  34,   3, },
+        { 149, 144, },
+    }, { /* mv_mode */
+        {  2, 173,  34 },  // 0 = both zero mv
+        {  7, 145,  85 },  // 1 = one zero mv + one a predicted mv
+        {  7, 166,  63 },  // 2 = two predicted mvs
+        {  7,  94,  66 },  // 3 = one predicted/zero and one new mv
+        {  8,  64,  46 },  // 4 = two new mvs
+        { 17,  81,  31 },  // 5 = one intra neighbor + x
+        { 25,  29,  30 },  // 6 = two intra neighbors
+    }, { /* intra */
+        9, 102, 187, 225
+    }, { /* comp */
+        239, 183, 119,  96,  41
+    }, { /* single_ref */
+        {  33,  16 },
+        {  77,  74 },
+        { 142, 142 },
+        { 172, 170 },
+        { 238, 247 }
+    }, { /* comp_ref */
+        50, 126, 123, 221, 226
+    }, { /* tx32p */
+        { 3, 136, 37, },
+        { 5,  52, 13, },
+    }, { /* tx16p */
+        { 20, 152, },
+        { 15, 101, },
+    }, { /* tx8p */
+        100, 66
+    }, { /* skip */
+        192, 128, 64
+    }, { /* mv_joint */
+        32, 64, 96
+    }, {
+        { /* mv vertical component */
+            128, /* sign */
+            { 224, 144, 192, 168, 192, 176, 192, 198, 198, 245 }, /* class */
+            216, /* class0 */
+            { 136, 140, 148, 160, 176, 192, 224, 234, 234, 240 }, /* bits */
+            { /* class0_fp */
+                { 128, 128, 64 },
+                {  96, 112, 64 }
+            },
+            { 64, 96, 64 }, /* fp */
+            160, /* class0_hp bit */
+            128, /* hp */
+        }, { /* mv horizontal component */
+            128, /* sign */
+            { 216, 128, 176, 160, 176, 176, 192, 198, 198, 208 }, /* class */
+            208, /* class0 */
+            { 136, 140, 148, 160, 176, 192, 224, 234, 234, 240 }, /* bits */
+            { /* class0_fp */
+                { 128, 128, 64 },
+                {  96, 112, 64 }
+            },
+            { 64, 96, 64 }, /* fp */
+            160, /* class0_hp bit */
+            128, /* hp */
+        }
+    }, { /* partition */
+        { /* 64x64 -> 32x32 */
+            { 222,  34,  30 } /* a/l both not split */,
+            {  72,  16,  44 } /* a split, l not split */,
+            {  58,  32,  12 } /* l split, a not split */,
+            {  10,   7,   6 } /* a/l both split */,
+        }, { /* 32x32 -> 16x16 */
+            { 177,  58,  59 } /* a/l both not split */,
+            {  68,  26,  63 } /* a split, l not split */,
+            {  52,  79,  25 } /* l split, a not split */,
+            {  17,  14,  12 } /* a/l both split */,
+        }, { /* 16x16 -> 8x8 */
+            { 174,  73,  87 } /* a/l both not split */,
+            {  92,  41,  83 } /* a split, l not split */,
+            {  82,  99,  50 } /* l split, a not split */,
+            {  53,  39,  39 } /* a/l both split */,
+        }, { /* 8x8 -> 4x4 */
+            { 199, 122, 141 } /* a/l both not split */,
+            { 147,  63, 159 } /* a split, l not split */,
+            { 148, 133, 118 } /* l split, a not split */,
+            { 121, 104, 114 } /* a/l both split */,
+        }
+    },
+};
+
+const uint8_t ff_vp9_default_coef_probs[4][2][2][6][6][3] = {
+    { /* tx = 4x4 */
+        { /* block Type 0 */
+            { /* Intra */
+                { /* Coeff Band 0 */
+                    { 195,  29, 183 },
+                    {  84,  49, 136 },
+                    {   8,  42,  71 }
+                }, { /* Coeff Band 1 */
+                    {  31, 107, 169 },
+                    {  35,  99, 159 },
+                    {  17,  82, 140 },
+                    {   8,  66, 114 },
+                    {   2,  44,  76 },
+                    {   1,  19,  32 }
+                }, { /* Coeff Band 2 */
+                    {  40, 132, 201 },
+                    {  29, 114, 187 },
+                    {  13,  91, 157 },
+                    {   7,  75, 127 },
+                    {   3,  58,  95 },
+                    {   1,  28,  47 }
+                }, { /* Coeff Band 3 */
+                    {  69, 142, 221 },
+                    {  42, 122, 201 },
+                    {  15,  91, 159 },
+                    {   6,  67, 121 },
+                    {   1,  42,  77 },
+                    {   1,  17,  31 }
+                }, { /* Coeff Band 4 */
+                    { 102, 148, 228 },
+                    {  67, 117, 204 },
+                    {  17,  82, 154 },
+                    {   6,  59, 114 },
+                    {   2,  39,  75 },
+                    {   1,  15,  29 }
+                }, { /* Coeff Band 5 */
+                    { 156,  57, 233 },
+                    { 119,  57, 212 },
+                    {  58,  48, 163 },
+                    {  29,  40, 124 },
+                    {  12,  30,  81 },
+                    {   3,  12,  31 }
+                }
+            }, { /* Inter */
+                { /* Coeff Band 0 */
+                    { 191, 107, 226 },
+                    { 124, 117, 204 },
+                    {  25,  99, 155 }
+                }, { /* Coeff Band 1 */
+                    {  29, 148, 210 },
+                    {  37, 126, 194 },
+                    {   8,  93, 157 },
+                    {   2,  68, 118 },
+                    {   1,  39,  69 },
+                    {   1,  17,  33 }
+                }, { /* Coeff Band 2 */
+                    {  41, 151, 213 },
+                    {  27, 123, 193 },
+                    {   3,  82, 144 },
+                    {   1,  58, 105 },
+                    {   1,  32,  60 },
+                    {   1,  13,  26 }
+                }, { /* Coeff Band 3 */
+                    {  59, 159, 220 },
+                    {  23, 126, 198 },
+                    {   4,  88, 151 },
+                    {   1,  66, 114 },
+                    {   1,  38,  71 },
+                    {   1,  18,  34 }
+                }, { /* Coeff Band 4 */
+                    { 114, 136, 232 },
+                    {  51, 114, 207 },
+                    {  11,  83, 155 },
+                    {   3,  56, 105 },
+                    {   1,  33,  65 },
+                    {   1,  17,  34 }
+                }, { /* Coeff Band 5 */
+                    { 149,  65, 234 },
+                    { 121,  57, 215 },
+                    {  61,  49, 166 },
+                    {  28,  36, 114 },
+                    {  12,  25,  76 },
+                    {   3,  16,  42 }
+                }
+            }
+        }, { /* block Type 1 */
+            { /* Intra */
+                { /* Coeff Band 0 */
+                    { 214,  49, 220 },
+                    { 132,  63, 188 },
+                    {  42,  65, 137 }
+                }, { /* Coeff Band 1 */
+                    {  85, 137, 221 },
+                    { 104, 131, 216 },
+                    {  49, 111, 192 },
+                    {  21,  87, 155 },
+                    {   2,  49,  87 },
+                    {   1,  16,  28 }
+                }, { /* Coeff Band 2 */
+                    {  89, 163, 230 },
+                    {  90, 137, 220 },
+                    {  29, 100, 183 },
+                    {  10,  70, 135 },
+                    {   2,  42,  81 },
+                    {   1,  17,  33 }
+                }, { /* Coeff Band 3 */
+                    { 108, 167, 237 },
+                    {  55, 133, 222 },
+                    {  15,  97, 179 },
+                    {   4,  72, 135 },
+                    {   1,  45,  85 },
+                    {   1,  19,  38 }
+                }, { /* Coeff Band 4 */
+                    { 124, 146, 240 },
+                    {  66, 124, 224 },
+                    {  17,  88, 175 },
+                    {   4,  58, 122 },
+                    {   1,  36,  75 },
+                    {   1,  18,  37 }
+                }, { /* Coeff Band 5 */
+                    { 141,  79, 241 },
+                    { 126,  70, 227 },
+                    {  66,  58, 182 },
+                    {  30,  44, 136 },
+                    {  12,  34,  96 },
+                    {   2,  20,  47 }
+                }
+            }, { /* Inter */
+                { /* Coeff Band 0 */
+                    { 229,  99, 249 },
+                    { 143, 111, 235 },
+                    {  46, 109, 192 }
+                }, { /* Coeff Band 1 */
+                    {  82, 158, 236 },
+                    {  94, 146, 224 },
+                    {  25, 117, 191 },
+                    {   9,  87, 149 },
+                    {   3,  56,  99 },
+                    {   1,  33,  57 }
+                }, { /* Coeff Band 2 */
+                    {  83, 167, 237 },
+                    {  68, 145, 222 },
+                    {  10, 103, 177 },
+                    {   2,  72, 131 },
+                    {   1,  41,  79 },
+                    {   1,  20,  39 }
+                }, { /* Coeff Band 3 */
+                    {  99, 167, 239 },
+                    {  47, 141, 224 },
+                    {  10, 104, 178 },
+                    {   2,  73, 133 },
+                    {   1,  44,  85 },
+                    {   1,  22,  47 }
+                }, { /* Coeff Band 4 */
+                    { 127, 145, 243 },
+                    {  71, 129, 228 },
+                    {  17,  93, 177 },
+                    {   3,  61, 124 },
+                    {   1,  41,  84 },
+                    {   1,  21,  52 }
+                }, { /* Coeff Band 5 */
+                    { 157,  78, 244 },
+                    { 140,  72, 231 },
+                    {  69,  58, 184 },
+                    {  31,  44, 137 },
+                    {  14,  38, 105 },
+                    {   8,  23,  61 }
+                }
+            }
+        }
+    }, { /* tx = 8x8 */
+        { /* block Type 0 */
+            { /* Intra */
+                { /* Coeff Band 0 */
+                    { 125,  34, 187 },
+                    {  52,  41, 133 },
+                    {   6,  31,  56 }
+                }, { /* Coeff Band 1 */
+                    {  37, 109, 153 },
+                    {  51, 102, 147 },
+                    {  23,  87, 128 },
+                    {   8,  67, 101 },
+                    {   1,  41,  63 },
+                    {   1,  19,  29 }
+                }, { /* Coeff Band 2 */
+                    {  31, 154, 185 },
+                    {  17, 127, 175 },
+                    {   6,  96, 145 },
+                    {   2,  73, 114 },
+                    {   1,  51,  82 },
+                    {   1,  28,  45 }
+                }, { /* Coeff Band 3 */
+                    {  23, 163, 200 },
+                    {  10, 131, 185 },
+                    {   2,  93, 148 },
+                    {   1,  67, 111 },
+                    {   1,  41,  69 },
+                    {   1,  14,  24 }
+                }, { /* Coeff Band 4 */
+                    {  29, 176, 217 },
+                    {  12, 145, 201 },
+                    {   3, 101, 156 },
+                    {   1,  69, 111 },
+                    {   1,  39,  63 },
+                    {   1,  14,  23 }
+                }, { /* Coeff Band 5 */
+                    {  57, 192, 233 },
+                    {  25, 154, 215 },
+                    {   6, 109, 167 },
+                    {   3,  78, 118 },
+                    {   1,  48,  69 },
+                    {   1,  21,  29 }
+                }
+            }, { /* Inter */
+                { /* Coeff Band 0 */
+                    { 202, 105, 245 },
+                    { 108, 106, 216 },
+                    {  18,  90, 144 }
+                }, { /* Coeff Band 1 */
+                    {  33, 172, 219 },
+                    {  64, 149, 206 },
+                    {  14, 117, 177 },
+                    {   5,  90, 141 },
+                    {   2,  61,  95 },
+                    {   1,  37,  57 }
+                }, { /* Coeff Band 2 */
+                    {  33, 179, 220 },
+                    {  11, 140, 198 },
+                    {   1,  89, 148 },
+                    {   1,  60, 104 },
+                    {   1,  33,  57 },
+                    {   1,  12,  21 }
+                }, { /* Coeff Band 3 */
+                    {  30, 181, 221 },
+                    {   8, 141, 198 },
+                    {   1,  87, 145 },
+                    {   1,  58, 100 },
+                    {   1,  31,  55 },
+                    {   1,  12,  20 }
+                }, { /* Coeff Band 4 */
+                    {  32, 186, 224 },
+                    {   7, 142, 198 },
+                    {   1,  86, 143 },
+                    {   1,  58, 100 },
+                    {   1,  31,  55 },
+                    {   1,  12,  22 }
+                }, { /* Coeff Band 5 */
+                    {  57, 192, 227 },
+                    {  20, 143, 204 },
+                    {   3,  96, 154 },
+                    {   1,  68, 112 },
+                    {   1,  42,  69 },
+                    {   1,  19,  32 }
+                }
+            }
+        }, { /* block Type 1 */
+            { /* Intra */
+                { /* Coeff Band 0 */
+                    { 212,  35, 215 },
+                    { 113,  47, 169 },
+                    {  29,  48, 105 }
+                }, { /* Coeff Band 1 */
+                    {  74, 129, 203 },
+                    { 106, 120, 203 },
+                    {  49, 107, 178 },
+                    {  19,  84, 144 },
+                    {   4,  50,  84 },
+                    {   1,  15,  25 }
+                }, { /* Coeff Band 2 */
+                    {  71, 172, 217 },
+                    {  44, 141, 209 },
+                    {  15, 102, 173 },
+                    {   6,  76, 133 },
+                    {   2,  51,  89 },
+                    {   1,  24,  42 }
+                }, { /* Coeff Band 3 */
+                    {  64, 185, 231 },
+                    {  31, 148, 216 },
+                    {   8, 103, 175 },
+                    {   3,  74, 131 },
+                    {   1,  46,  81 },
+                    {   1,  18,  30 }
+                }, { /* Coeff Band 4 */
+                    {  65, 196, 235 },
+                    {  25, 157, 221 },
+                    {   5, 105, 174 },
+                    {   1,  67, 120 },
+                    {   1,  38,  69 },
+                    {   1,  15,  30 }
+                }, { /* Coeff Band 5 */
+                    {  65, 204, 238 },
+                    {  30, 156, 224 },
+                    {   7, 107, 177 },
+                    {   2,  70, 124 },
+                    {   1,  42,  73 },
+                    {   1,  18,  34 }
+                }
+            }, { /* Inter */
+                { /* Coeff Band 0 */
+                    { 225,  86, 251 },
+                    { 144, 104, 235 },
+                    {  42,  99, 181 }
+                }, { /* Coeff Band 1 */
+                    {  85, 175, 239 },
+                    { 112, 165, 229 },
+                    {  29, 136, 200 },
+                    {  12, 103, 162 },
+                    {   6,  77, 123 },
+                    {   2,  53,  84 }
+                }, { /* Coeff Band 2 */
+                    {  75, 183, 239 },
+                    {  30, 155, 221 },
+                    {   3, 106, 171 },
+                    {   1,  74, 128 },
+                    {   1,  44,  76 },
+                    {   1,  17,  28 }
+                }, { /* Coeff Band 3 */
+                    {  73, 185, 240 },
+                    {  27, 159, 222 },
+                    {   2, 107, 172 },
+                    {   1,  75, 127 },
+                    {   1,  42,  73 },
+                    {   1,  17,  29 }
+                }, { /* Coeff Band 4 */
+                    {  62, 190, 238 },
+                    {  21, 159, 222 },
+                    {   2, 107, 172 },
+                    {   1,  72, 122 },
+                    {   1,  40,  71 },
+                    {   1,  18,  32 }
+                }, { /* Coeff Band 5 */
+                    {  61, 199, 240 },
+                    {  27, 161, 226 },
+                    {   4, 113, 180 },
+                    {   1,  76, 129 },
+                    {   1,  46,  80 },
+                    {   1,  23,  41 }
+                }
+            }
+        }
+    }, { /* tx = 16x16 */
+        { /* block Type 0 */
+            { /* Intra */
+                { /* Coeff Band 0 */
+                    {   7,  27, 153 },
+                    {   5,  30,  95 },
+                    {   1,  16,  30 }
+                }, { /* Coeff Band 1 */
+                    {  50,  75, 127 },
+                    {  57,  75, 124 },
+                    {  27,  67, 108 },
+                    {  10,  54,  86 },
+                    {   1,  33,  52 },
+                    {   1,  12,  18 }
+                }, { /* Coeff Band 2 */
+                    {  43, 125, 151 },
+                    {  26, 108, 148 },
+                    {   7,  83, 122 },
+                    {   2,  59,  89 },
+                    {   1,  38,  60 },
+                    {   1,  17,  27 }
+                }, { /* Coeff Band 3 */
+                    {  23, 144, 163 },
+                    {  13, 112, 154 },
+                    {   2,  75, 117 },
+                    {   1,  50,  81 },
+                    {   1,  31,  51 },
+                    {   1,  14,  23 }
+                }, { /* Coeff Band 4 */
+                    {  18, 162, 185 },
+                    {   6, 123, 171 },
+                    {   1,  78, 125 },
+                    {   1,  51,  86 },
+                    {   1,  31,  54 },
+                    {   1,  14,  23 }
+                }, { /* Coeff Band 5 */
+                    {  15, 199, 227 },
+                    {   3, 150, 204 },
+                    {   1,  91, 146 },
+                    {   1,  55,  95 },
+                    {   1,  30,  53 },
+                    {   1,  11,  20 }
+                }
+            }, { /* Inter */
+                { /* Coeff Band 0 */
+                    {  19,  55, 240 },
+                    {  19,  59, 196 },
+                    {   3,  52, 105 }
+                }, { /* Coeff Band 1 */
+                    {  41, 166, 207 },
+                    { 104, 153, 199 },
+                    {  31, 123, 181 },
+                    {  14, 101, 152 },
+                    {   5,  72, 106 },
+                    {   1,  36,  52 }
+                }, { /* Coeff Band 2 */
+                    {  35, 176, 211 },
+                    {  12, 131, 190 },
+                    {   2,  88, 144 },
+                    {   1,  60, 101 },
+                    {   1,  36,  60 },
+                    {   1,  16,  28 }
+                }, { /* Coeff Band 3 */
+                    {  28, 183, 213 },
+                    {   8, 134, 191 },
+                    {   1,  86, 142 },
+                    {   1,  56,  96 },
+                    {   1,  30,  53 },
+                    {   1,  12,  20 }
+                }, { /* Coeff Band 4 */
+                    {  20, 190, 215 },
+                    {   4, 135, 192 },
+                    {   1,  84, 139 },
+                    {   1,  53,  91 },
+                    {   1,  28,  49 },
+                    {   1,  11,  20 }
+                }, { /* Coeff Band 5 */
+                    {  13, 196, 216 },
+                    {   2, 137, 192 },
+                    {   1,  86, 143 },
+                    {   1,  57,  99 },
+                    {   1,  32,  56 },
+                    {   1,  13,  24 }
+                }
+            }
+        }, { /* block Type 1 */
+            { /* Intra */
+                { /* Coeff Band 0 */
+                    { 211,  29, 217 },
+                    {  96,  47, 156 },
+                    {  22,  43,  87 }
+                }, { /* Coeff Band 1 */
+                    {  78, 120, 193 },
+                    { 111, 116, 186 },
+                    {  46, 102, 164 },
+                    {  15,  80, 128 },
+                    {   2,  49,  76 },
+                    {   1,  18,  28 }
+                }, { /* Coeff Band 2 */
+                    {  71, 161, 203 },
+                    {  42, 132, 192 },
+                    {  10,  98, 150 },
+                    {   3,  69, 109 },
+                    {   1,  44,  70 },
+                    {   1,  18,  29 }
+                }, { /* Coeff Band 3 */
+                    {  57, 186, 211 },
+                    {  30, 140, 196 },
+                    {   4,  93, 146 },
+                    {   1,  62, 102 },
+                    {   1,  38,  65 },
+                    {   1,  16,  27 }
+                }, { /* Coeff Band 4 */
+                    {  47, 199, 217 },
+                    {  14, 145, 196 },
+                    {   1,  88, 142 },
+                    {   1,  57,  98 },
+                    {   1,  36,  62 },
+                    {   1,  15,  26 }
+                }, { /* Coeff Band 5 */
+                    {  26, 219, 229 },
+                    {   5, 155, 207 },
+                    {   1,  94, 151 },
+                    {   1,  60, 104 },
+                    {   1,  36,  62 },
+                    {   1,  16,  28 }
+                }
+            }, { /* Inter */
+                { /* Coeff Band 0 */
+                    { 233,  29, 248 },
+                    { 146,  47, 220 },
+                    {  43,  52, 140 }
+                }, { /* Coeff Band 1 */
+                    { 100, 163, 232 },
+                    { 179, 161, 222 },
+                    {  63, 142, 204 },
+                    {  37, 113, 174 },
+                    {  26,  89, 137 },
+                    {  18,  68,  97 }
+                }, { /* Coeff Band 2 */
+                    {  85, 181, 230 },
+                    {  32, 146, 209 },
+                    {   7, 100, 164 },
+                    {   3,  71, 121 },
+                    {   1,  45,  77 },
+                    {   1,  18,  30 }
+                }, { /* Coeff Band 3 */
+                    {  65, 187, 230 },
+                    {  20, 148, 207 },
+                    {   2,  97, 159 },
+                    {   1,  68, 116 },
+                    {   1,  40,  70 },
+                    {   1,  14,  29 }
+                }, { /* Coeff Band 4 */
+                    {  40, 194, 227 },
+                    {   8, 147, 204 },
+                    {   1,  94, 155 },
+                    {   1,  65, 112 },
+                    {   1,  39,  66 },
+                    {   1,  14,  26 }
+                }, { /* Coeff Band 5 */
+                    {  16, 208, 228 },
+                    {   3, 151, 207 },
+                    {   1,  98, 160 },
+                    {   1,  67, 117 },
+                    {   1,  41,  74 },
+                    {   1,  17,  31 }
+                }
+            }
+        }
+    }, { /* tx = 32x32 */
+        { /* block Type 0 */
+            { /* Intra */
+                { /* Coeff Band 0 */
+                    {  17,  38, 140 },
+                    {   7,  34,  80 },
+                    {   1,  17,  29 }
+                }, { /* Coeff Band 1 */
+                    {  37,  75, 128 },
+                    {  41,  76, 128 },
+                    {  26,  66, 116 },
+                    {  12,  52,  94 },
+                    {   2,  32,  55 },
+                    {   1,  10,  16 }
+                }, { /* Coeff Band 2 */
+                    {  50, 127, 154 },
+                    {  37, 109, 152 },
+                    {  16,  82, 121 },
+                    {   5,  59,  85 },
+                    {   1,  35,  54 },
+                    {   1,  13,  20 }
+                }, { /* Coeff Band 3 */
+                    {  40, 142, 167 },
+                    {  17, 110, 157 },
+                    {   2,  71, 112 },
+                    {   1,  44,  72 },
+                    {   1,  27,  45 },
+                    {   1,  11,  17 }
+                }, { /* Coeff Band 4 */
+                    {  30, 175, 188 },
+                    {   9, 124, 169 },
+                    {   1,  74, 116 },
+                    {   1,  48,  78 },
+                    {   1,  30,  49 },
+                    {   1,  11,  18 }
+                }, { /* Coeff Band 5 */
+                    {  10, 222, 223 },
+                    {   2, 150, 194 },
+                    {   1,  83, 128 },
+                    {   1,  48,  79 },
+                    {   1,  27,  45 },
+                    {   1,  11,  17 }
+                }
+            }, { /* Inter */
+                { /* Coeff Band 0 */
+                    {  36,  41, 235 },
+                    {  29,  36, 193 },
+                    {  10,  27, 111 }
+                }, { /* Coeff Band 1 */
+                    {  85, 165, 222 },
+                    { 177, 162, 215 },
+                    { 110, 135, 195 },
+                    {  57, 113, 168 },
+                    {  23,  83, 120 },
+                    {  10,  49,  61 }
+                }, { /* Coeff Band 2 */
+                    {  85, 190, 223 },
+                    {  36, 139, 200 },
+                    {   5,  90, 146 },
+                    {   1,  60, 103 },
+                    {   1,  38,  65 },
+                    {   1,  18,  30 }
+                }, { /* Coeff Band 3 */
+                    {  72, 202, 223 },
+                    {  23, 141, 199 },
+                    {   2,  86, 140 },
+                    {   1,  56,  97 },
+                    {   1,  36,  61 },
+                    {   1,  16,  27 }
+                }, { /* Coeff Band 4 */
+                    {  55, 218, 225 },
+                    {  13, 145, 200 },
+                    {   1,  86, 141 },
+                    {   1,  57,  99 },
+                    {   1,  35,  61 },
+                    {   1,  13,  22 }
+                }, { /* Coeff Band 5 */
+                    {  15, 235, 212 },
+                    {   1, 132, 184 },
+                    {   1,  84, 139 },
+                    {   1,  57,  97 },
+                    {   1,  34,  56 },
+                    {   1,  14,  23 }
+                }
+            }
+        }, { /* block Type 1 */
+            { /* Intra */
+                { /* Coeff Band 0 */
+                    { 181,  21, 201 },
+                    {  61,  37, 123 },
+                    {  10,  38,  71 }
+                }, { /* Coeff Band 1 */
+                    {  47, 106, 172 },
+                    {  95, 104, 173 },
+                    {  42,  93, 159 },
+                    {  18,  77, 131 },
+                    {   4,  50,  81 },
+                    {   1,  17,  23 }
+                }, { /* Coeff Band 2 */
+                    {  62, 147, 199 },
+                    {  44, 130, 189 },
+                    {  28, 102, 154 },
+                    {  18,  75, 115 },
+                    {   2,  44,  65 },
+                    {   1,  12,  19 }
+                }, { /* Coeff Band 3 */
+                    {  55, 153, 210 },
+                    {  24, 130, 194 },
+                    {   3,  93, 146 },
+                    {   1,  61,  97 },
+                    {   1,  31,  50 },
+                    {   1,  10,  16 }
+                }, { /* Coeff Band 4 */
+                    {  49, 186, 223 },
+                    {  17, 148, 204 },
+                    {   1,  96, 142 },
+                    {   1,  53,  83 },
+                    {   1,  26,  44 },
+                    {   1,  11,  17 }
+                }, { /* Coeff Band 5 */
+                    {  13, 217, 212 },
+                    {   2, 136, 180 },
+                    {   1,  78, 124 },
+                    {   1,  50,  83 },
+                    {   1,  29,  49 },
+                    {   1,  14,  23 }
+                }
+            }, { /* Inter */
+                { /* Coeff Band 0 */
+                    { 197,  13, 247 },
+                    {  82,  17, 222 },
+                    {  25,  17, 162 }
+                }, { /* Coeff Band 1 */
+                    { 126, 186, 247 },
+                    { 234, 191, 243 },
+                    { 176, 177, 234 },
+                    { 104, 158, 220 },
+                    {  66, 128, 186 },
+                    {  55,  90, 137 }
+                }, { /* Coeff Band 2 */
+                    { 111, 197, 242 },
+                    {  46, 158, 219 },
+                    {   9, 104, 171 },
+                    {   2,  65, 125 },
+                    {   1,  44,  80 },
+                    {   1,  17,  91 }
+                }, { /* Coeff Band 3 */
+                    { 104, 208, 245 },
+                    {  39, 168, 224 },
+                    {   3, 109, 162 },
+                    {   1,  79, 124 },
+                    {   1,  50, 102 },
+                    {   1,  43, 102 }
+                }, { /* Coeff Band 4 */
+                    {  84, 220, 246 },
+                    {  31, 177, 231 },
+                    {   2, 115, 180 },
+                    {   1,  79, 134 },
+                    {   1,  55,  77 },
+                    {   1,  60,  79 }
+                }, { /* Coeff Band 5 */
+                    {  43, 243, 240 },
+                    {   8, 180, 217 },
+                    {   1, 115, 166 },
+                    {   1,  84, 121 },
+                    {   1,  51,  67 },
+                    {   1,  16,   6 }
+                }
+            }
+        }
+    }
+};
+
+const int8_t ff_vp9_mv_joint_tree[3][2] = {
+    { -MV_JOINT_ZERO, 1 },                  // '0'
+        { -MV_JOINT_H, 2 },                 // '10'
+            { -MV_JOINT_V, -MV_JOINT_HV },  // '11x'
+};
+
+const int8_t ff_vp9_mv_class_tree[10][2] = {
+    { -0,   1 },                          // '0'
+        { -1,   2 },                      // '10'
+            {  3,   4 },
+                { -2,  -3 },              // '110x'
+                {  5,   6 },
+                    { -4,  -5 },          // '1110x'
+                    { -6,   7 },          // '11110'
+                        {  8,   9 },
+                            { -7,  -8 },  // '111110x'
+                            { -9, -10 },  // '111111x'
+};
+
+const int8_t ff_vp9_mv_fp_tree[3][2] = {
+    { -0,  1 },          // '0'
+        { -1,  2 },      // '10'
+            { -2, -3 },  // '11x'
+};
diff --git a/media/ffvpx/libavcodec/vp9data.h b/media/ffvpx/libavcodec/vp9data.h
index cb12e7e94..086dbdec0 100644
--- a/media/ffvpx/libavcodec/vp9data.h
+++ b/media/ffvpx/libavcodec/vp9data.h
@@ -24,2254 +24,48 @@
 
 #include <stdint.h>
 
-#include "vp9.h"
-
-static const int8_t vp9_partition_tree[3][2] = {
-    { -PARTITION_NONE, 1 },               // '0'
-     { -PARTITION_H, 2 },                 // '10'
-      { -PARTITION_V, -PARTITION_SPLIT }, // '110', '111'
-};
-
-static const uint8_t vp9_default_kf_partition_probs[4][4][3] = {
-    { /* 64x64 -> 32x32 */
-        { 174,  35,  49 } /* a/l both not split */,
-        {  68,  11,  27 } /* a split, l not split */,
-        {  57,  15,   9 } /* l split, a not split */,
-        {  12,   3,   3 } /* a/l both split */
-    }, { /* 32x32 -> 16x16 */
-        { 150,  40,  39 } /* a/l both not split */,
-        {  78,  12,  26 } /* a split, l not split */,
-        {  67,  33,  11 } /* l split, a not split */,
-        {  24,   7,   5 } /* a/l both split */,
-    }, { /* 16x16 -> 8x8 */
-        { 149,  53,  53 } /* a/l both not split */,
-        {  94,  20,  48 } /* a split, l not split */,
-        {  83,  53,  24 } /* l split, a not split */,
-        {  52,  18,  18 } /* a/l both split */,
-    }, { /* 8x8 -> 4x4 */
-        { 158,  97,  94 } /* a/l both not split */,
-        {  93,  24,  99 } /* a split, l not split */,
-        {  85, 119,  44 } /* l split, a not split */,
-        {  62,  59,  67 } /* a/l both split */,
-    },
-};
-
-static const int8_t vp9_segmentation_tree[7][2] = {
-    { 1, 2 },
-     { 3, 4 },
-     { 5, 6 },
-      { -0, -1 }, // '00x'
-      { -2, -3 }, // '01x'
-      { -4, -5 }, // '10x'
-      { -6, -7 }, // '11x'
-};
-
-static const int8_t vp9_intramode_tree[9][2] = {
-    { -DC_PRED, 1 },                                  // '0'
-     { -TM_VP8_PRED, 2 },                             // '10'
-      { -VERT_PRED, 3 },                              // '110'
-       { 4, 6 },
-        { -HOR_PRED, 5 },                             // '11100'
-         { -DIAG_DOWN_RIGHT_PRED, -VERT_RIGHT_PRED }, // '11101x'
-        { -DIAG_DOWN_LEFT_PRED, 7 },                  // '11110'
-         { -VERT_LEFT_PRED, 8 },                      // '111110'
-          { -HOR_DOWN_PRED, -HOR_UP_PRED },           // '111111x'
-};
-
-static const uint8_t vp9_default_kf_ymode_probs[10][10][9] = {
-    { /* above = v */
-        {  43,  46, 168, 134, 107, 128,  69, 142,  92 } /* left = v */,
-        {  44,  29,  68, 159, 201, 177,  50,  57,  77 } /* left = h */,
-        {  63,  36, 126, 146, 123, 158,  60,  90,  96 } /* left = dc */,
-        {  58,  38,  76, 114,  97, 172,  78, 133,  92 } /* left = d45 */,
-        {  46,  41,  76, 140,  63, 184,  69, 112,  57 } /* left = d135 */,
-        {  38,  32,  85, 140,  46, 112,  54, 151, 133 } /* left = d117 */,
-        {  39,  27,  61, 131, 110, 175,  44,  75, 136 } /* left = d153 */,
-        {  47,  35,  80, 100,  74, 143,  64, 163,  74 } /* left = d63 */,
-        {  52,  30,  74, 113, 130, 175,  51,  64,  58 } /* left = d27 */,
-        {  36,  61, 116, 114, 128, 162,  80, 125,  82 } /* left = tm */
-    }, { /* above = h */
-        {  55,  44,  68, 166, 179, 192,  57,  57, 108 } /* left = v */,
-        {  42,  26,  11, 199, 241, 228,  23,  15,  85 } /* left = h */,
-        {  82,  26,  26, 171, 208, 204,  44,  32, 105 } /* left = dc */,
-        {  68,  42,  19, 131, 160, 199,  55,  52,  83 } /* left = d45 */,
-        {  58,  50,  25, 139, 115, 232,  39,  52, 118 } /* left = d135 */,
-        {  50,  35,  33, 153, 104, 162,  64,  59, 131 } /* left = d117 */,
-        {  44,  24,  16, 150, 177, 202,  33,  19, 156 } /* left = d153 */,
-        {  53,  49,  21, 110, 116, 168,  59,  80,  76 } /* left = d63 */,
-        {  55,  27,  12, 153, 203, 218,  26,  27,  49 } /* left = d27 */,
-        {  38,  72,  19, 168, 203, 212,  50,  50, 107 } /* left = tm */
-    }, { /* above = dc */
-        {  92,  45, 102, 136, 116, 180,  74,  90, 100 } /* left = v */,
-        {  73,  32,  19, 187, 222, 215,  46,  34, 100 } /* left = h */,
-        { 137,  30,  42, 148, 151, 207,  70,  52,  91 } /* left = dc */,
-        {  91,  30,  32, 116, 121, 186,  93,  86,  94 } /* left = d45 */,
-        {  72,  35,  36, 149,  68, 206,  68,  63, 105 } /* left = d135 */,
-        {  73,  31,  28, 138,  57, 124,  55, 122, 151 } /* left = d117 */,
-        {  67,  23,  21, 140, 126, 197,  40,  37, 171 } /* left = d153 */,
-        {  74,  32,  27, 107,  86, 160,  63, 134, 102 } /* left = d63 */,
-        {  86,  27,  28, 128, 154, 212,  45,  43,  53 } /* left = d27 */,
-        {  59,  67,  44, 140, 161, 202,  78,  67, 119 } /* left = tm */
-    }, { /* above = d45 */
-        {  59,  38,  83, 112, 103, 162,  98, 136,  90 } /* left = v */,
-        {  62,  30,  23, 158, 200, 207,  59,  57,  50 } /* left = h */,
-        { 103,  26,  36, 129, 132, 201,  83,  80,  93 } /* left = dc */,
-        {  67,  30,  29,  84,  86, 191, 102,  91,  59 } /* left = d45 */,
-        {  60,  32,  33, 112,  71, 220,  64,  89, 104 } /* left = d135 */,
-        {  53,  26,  34, 130,  56, 149,  84, 120, 103 } /* left = d117 */,
-        {  53,  21,  23, 133, 109, 210,  56,  77, 172 } /* left = d153 */,
-        {  61,  29,  29,  93,  97, 165,  83, 175, 162 } /* left = d63 */,
-        {  77,  19,  29, 112, 142, 228,  55,  66,  36 } /* left = d27 */,
-        {  47,  47,  43, 114, 137, 181, 100,  99,  95 } /* left = tm */
-    }, { /* above = d135 */
-        {  53,  40,  55, 139,  69, 183,  61,  80, 110 } /* left = v */,
-        {  40,  29,  19, 161, 180, 207,  43,  24,  91 } /* left = h */,
-        {  69,  23,  29, 128,  83, 199,  46,  44, 101 } /* left = dc */,
-        {  60,  34,  19, 105,  61, 198,  53,  64,  89 } /* left = d45 */,
-        {  52,  31,  22, 158,  40, 209,  58,  62,  89 } /* left = d135 */,
-        {  44,  31,  29, 147,  46, 158,  56, 102, 198 } /* left = d117 */,
-        {  35,  19,  12, 135,  87, 209,  41,  45, 167 } /* left = d153 */,
-        {  51,  38,  25, 113,  58, 164,  70,  93,  97 } /* left = d63 */,
-        {  55,  25,  21, 118,  95, 215,  38,  39,  66 } /* left = d27 */,
-        {  47,  54,  34, 146, 108, 203,  72, 103, 151 } /* left = tm */
-    }, { /* above = d117 */
-        {  46,  27,  80, 150,  55, 124,  55, 121, 135 } /* left = v */,
-        {  36,  23,  27, 165, 149, 166,  54,  64, 118 } /* left = h */,
-        {  64,  19,  37, 156,  66, 138,  49,  95, 133 } /* left = dc */,
-        {  53,  21,  36, 131,  63, 163,  60, 109,  81 } /* left = d45 */,
-        {  40,  26,  35, 154,  40, 185,  51,  97, 123 } /* left = d135 */,
-        {  35,  19,  34, 179,  19,  97,  48, 129, 124 } /* left = d117 */,
-        {  36,  20,  26, 136,  62, 164,  33,  77, 154 } /* left = d153 */,
-        {  45,  26,  28, 129,  45, 129,  49, 147, 123 } /* left = d63 */,
-        {  45,  18,  32, 130,  90, 157,  40,  79,  91 } /* left = d27 */,
-        {  38,  44,  51, 136,  74, 162,  57,  97, 121 } /* left = tm */
-    }, { /* above = d153 */
-        {  56,  39,  58, 133, 117, 173,  48,  53, 187 } /* left = v */,
-        {  35,  21,  12, 161, 212, 207,  20,  23, 145 } /* left = h */,
-        {  75,  17,  22, 136, 138, 185,  32,  34, 166 } /* left = dc */,
-        {  56,  29,  19, 117, 109, 181,  55,  68, 112 } /* left = d45 */,
-        {  47,  29,  17, 153,  64, 220,  59,  51, 114 } /* left = d135 */,
-        {  46,  16,  24, 136,  76, 147,  41,  64, 172 } /* left = d117 */,
-        {  34,  17,  11, 108, 152, 187,  13,  15, 209 } /* left = d153 */,
-        {  55,  30,  18, 122,  79, 179,  44,  88, 116 } /* left = d63 */,
-        {  51,  24,  14, 115, 133, 209,  32,  26, 104 } /* left = d27 */,
-        {  37,  49,  25, 129, 168, 164,  41,  54, 148 } /* left = tm */
-    }, { /* above = d63 */
-        {  48,  34,  86, 101,  92, 146,  78, 179, 134 } /* left = v */,
-        {  47,  22,  24, 138, 187, 178,  68,  69,  59 } /* left = h */,
-        {  78,  23,  39, 111, 117, 170,  74, 124,  94 } /* left = dc */,
-        {  56,  25,  33, 105, 112, 187,  95, 177, 129 } /* left = d45 */,
-        {  48,  31,  27, 114,  63, 183,  82, 116,  56 } /* left = d135 */,
-        {  43,  28,  37, 121,  63, 123,  61, 192, 169 } /* left = d117 */,
-        {  42,  17,  24, 109,  97, 177,  56,  76, 122 } /* left = d153 */,
-        {  46,  23,  32,  74,  86, 150,  67, 183,  88 } /* left = d63 */,
-        {  58,  18,  28, 105, 139, 182,  70,  92,  63 } /* left = d27 */,
-        {  36,  38,  48,  92, 122, 165,  88, 137,  91 } /* left = tm */
-    }, { /* above = d27 */
-        {  62,  44,  61, 123, 105, 189,  48,  57,  64 } /* left = v */,
-        {  47,  25,  17, 175, 222, 220,  24,  30,  86 } /* left = h */,
-        {  82,  22,  32, 127, 143, 213,  39,  41,  70 } /* left = dc */,
-        {  68,  36,  17, 106, 102, 206,  59,  74,  74 } /* left = d45 */,
-        {  57,  39,  23, 151,  68, 216,  55,  63,  58 } /* left = d135 */,
-        {  49,  30,  35, 141,  70, 168,  82,  40, 115 } /* left = d117 */,
-        {  51,  25,  15, 136, 129, 202,  38,  35, 139 } /* left = d153 */,
-        {  59,  39,  19, 114,  75, 180,  77, 104,  42 } /* left = d63 */,
-        {  68,  26,  16, 111, 141, 215,  29,  28,  28 } /* left = d27 */,
-        {  40,  61,  26, 126, 152, 206,  61,  59,  93 } /* left = tm */
-    }, { /* above = tm */
-        {  44,  78, 115, 132, 119, 173,  71, 112,  93 } /* left = v */,
-        {  39,  38,  21, 184, 227, 206,  42,  32,  64 } /* left = h */,
-        {  65,  70,  60, 155, 159, 199,  61,  60,  81 } /* left = dc */,
-        {  58,  47,  36, 124, 137, 193,  80,  82,  78 } /* left = d45 */,
-        {  49,  50,  35, 144,  95, 205,  63,  78,  59 } /* left = d135 */,
-        {  41,  53,  52, 148,  71, 142,  65, 128,  51 } /* left = d117 */,
-        {  40,  36,  28, 143, 143, 202,  40,  55, 137 } /* left = d153 */,
-        {  42,  44,  44, 104, 105, 164,  64, 130,  80 } /* left = d63 */,
-        {  52,  34,  29, 129, 183, 227,  42,  35,  43 } /* left = d27 */,
-        {  43,  81,  53, 140, 169, 204,  68,  84,  72 } /* left = tm */
-    }
-};
-
-static const uint8_t vp9_default_kf_uvmode_probs[10][9] = {
-    { 118,  15, 123, 148, 131, 101,  44,  93, 131 } /* y = v */,
-    { 113,  12,  23, 188, 226, 142,  26,  32, 125 } /* y = h */,
-    { 144,  11,  54, 157, 195, 130,  46,  58, 108 } /* y = dc */,
-    { 120,  11,  50, 123, 163, 135,  64,  77, 103 } /* y = d45 */,
-    { 113,   9,  36, 155, 111, 157,  32,  44, 161 } /* y = d135 */,
-    { 116,   9,  55, 176,  76,  96,  37,  61, 149 } /* y = d117 */,
-    { 115,   9,  28, 141, 161, 167,  21,  25, 193 } /* y = d153 */,
-    { 116,  12,  64, 120, 140, 125,  49, 115, 121 } /* y = d63 */,
-    { 120,  12,  32, 145, 195, 142,  32,  38,  86 } /* y = d27 */,
-    { 102,  19,  66, 162, 182, 122,  35,  59, 128 } /* y = tm */
-};
-
-static const int8_t vp9_inter_mode_tree[3][2] = {
-    { -ZEROMV, 1 },        // '0'
-     { -NEARESTMV, 2 },    // '10'
-      { -NEARMV, -NEWMV }, // '11x'
-};
-
-static const int8_t vp9_filter_tree[2][2] = {
-    { -0, 1 },   // '0'
-     { -1, -2 }, // '1x'
-};
-
-static const enum FilterMode vp9_filter_lut[3] = {
-    FILTER_8TAP_REGULAR,
-    FILTER_8TAP_SMOOTH,
-    FILTER_8TAP_SHARP,
-};
-
-static const int16_t vp9_dc_qlookup[3][256] = {
-    {
-            4,     8,     8,     9,    10,    11,    12,    12,
-           13,    14,    15,    16,    17,    18,    19,    19,
-           20,    21,    22,    23,    24,    25,    26,    26,
-           27,    28,    29,    30,    31,    32,    32,    33,
-           34,    35,    36,    37,    38,    38,    39,    40,
-           41,    42,    43,    43,    44,    45,    46,    47,
-           48,    48,    49,    50,    51,    52,    53,    53,
-           54,    55,    56,    57,    57,    58,    59,    60,
-           61,    62,    62,    63,    64,    65,    66,    66,
-           67,    68,    69,    70,    70,    71,    72,    73,
-           74,    74,    75,    76,    77,    78,    78,    79,
-           80,    81,    81,    82,    83,    84,    85,    85,
-           87,    88,    90,    92,    93,    95,    96,    98,
-           99,   101,   102,   104,   105,   107,   108,   110,
-          111,   113,   114,   116,   117,   118,   120,   121,
-          123,   125,   127,   129,   131,   134,   136,   138,
-          140,   142,   144,   146,   148,   150,   152,   154,
-          156,   158,   161,   164,   166,   169,   172,   174,
-          177,   180,   182,   185,   187,   190,   192,   195,
-          199,   202,   205,   208,   211,   214,   217,   220,
-          223,   226,   230,   233,   237,   240,   243,   247,
-          250,   253,   257,   261,   265,   269,   272,   276,
-          280,   284,   288,   292,   296,   300,   304,   309,
-          313,   317,   322,   326,   330,   335,   340,   344,
-          349,   354,   359,   364,   369,   374,   379,   384,
-          389,   395,   400,   406,   411,   417,   423,   429,
-          435,   441,   447,   454,   461,   467,   475,   482,
-          489,   497,   505,   513,   522,   530,   539,   549,
-          559,   569,   579,   590,   602,   614,   626,   640,
-          654,   668,   684,   700,   717,   736,   755,   775,
-          796,   819,   843,   869,   896,   925,   955,   988,
-         1022,  1058,  1098,  1139,  1184,  1232,  1282,  1336,
-    }, {
-            4,     9,    10,    13,    15,    17,    20,    22,
-           25,    28,    31,    34,    37,    40,    43,    47,
-           50,    53,    57,    60,    64,    68,    71,    75,
-           78,    82,    86,    90,    93,    97,   101,   105,
-          109,   113,   116,   120,   124,   128,   132,   136,
-          140,   143,   147,   151,   155,   159,   163,   166,
-          170,   174,   178,   182,   185,   189,   193,   197,
-          200,   204,   208,   212,   215,   219,   223,   226,
-          230,   233,   237,   241,   244,   248,   251,   255,
-          259,   262,   266,   269,   273,   276,   280,   283,
-          287,   290,   293,   297,   300,   304,   307,   310,
-          314,   317,   321,   324,   327,   331,   334,   337,
-          343,   350,   356,   362,   369,   375,   381,   387,
-          394,   400,   406,   412,   418,   424,   430,   436,
-          442,   448,   454,   460,   466,   472,   478,   484,
-          490,   499,   507,   516,   525,   533,   542,   550,
-          559,   567,   576,   584,   592,   601,   609,   617,
-          625,   634,   644,   655,   666,   676,   687,   698,
-          708,   718,   729,   739,   749,   759,   770,   782,
-          795,   807,   819,   831,   844,   856,   868,   880,
-          891,   906,   920,   933,   947,   961,   975,   988,
-         1001,  1015,  1030,  1045,  1061,  1076,  1090,  1105,
-         1120,  1137,  1153,  1170,  1186,  1202,  1218,  1236,
-         1253,  1271,  1288,  1306,  1323,  1342,  1361,  1379,
-         1398,  1416,  1436,  1456,  1476,  1496,  1516,  1537,
-         1559,  1580,  1601,  1624,  1647,  1670,  1692,  1717,
-         1741,  1766,  1791,  1817,  1844,  1871,  1900,  1929,
-         1958,  1990,  2021,  2054,  2088,  2123,  2159,  2197,
-         2236,  2276,  2319,  2363,  2410,  2458,  2508,  2561,
-         2616,  2675,  2737,  2802,  2871,  2944,  3020,  3102,
-         3188,  3280,  3375,  3478,  3586,  3702,  3823,  3953,
-         4089,  4236,  4394,  4559,  4737,  4929,  5130,  5347,
-    }, {
-            4,    12,    18,    25,    33,    41,    50,    60,
-           70,    80,    91,   103,   115,   127,   140,   153,
-          166,   180,   194,   208,   222,   237,   251,   266,
-          281,   296,   312,   327,   343,   358,   374,   390,
-          405,   421,   437,   453,   469,   484,   500,   516,
-          532,   548,   564,   580,   596,   611,   627,   643,
-          659,   674,   690,   706,   721,   737,   752,   768,
-          783,   798,   814,   829,   844,   859,   874,   889,
-          904,   919,   934,   949,   964,   978,   993,  1008,
-         1022,  1037,  1051,  1065,  1080,  1094,  1108,  1122,
-         1136,  1151,  1165,  1179,  1192,  1206,  1220,  1234,
-         1248,  1261,  1275,  1288,  1302,  1315,  1329,  1342,
-         1368,  1393,  1419,  1444,  1469,  1494,  1519,  1544,
-         1569,  1594,  1618,  1643,  1668,  1692,  1717,  1741,
-         1765,  1789,  1814,  1838,  1862,  1885,  1909,  1933,
-         1957,  1992,  2027,  2061,  2096,  2130,  2165,  2199,
-         2233,  2267,  2300,  2334,  2367,  2400,  2434,  2467,
-         2499,  2532,  2575,  2618,  2661,  2704,  2746,  2788,
-         2830,  2872,  2913,  2954,  2995,  3036,  3076,  3127,
-         3177,  3226,  3275,  3324,  3373,  3421,  3469,  3517,
-         3565,  3621,  3677,  3733,  3788,  3843,  3897,  3951,
-         4005,  4058,  4119,  4181,  4241,  4301,  4361,  4420,
-         4479,  4546,  4612,  4677,  4742,  4807,  4871,  4942,
-         5013,  5083,  5153,  5222,  5291,  5367,  5442,  5517,
-         5591,  5665,  5745,  5825,  5905,  5984,  6063,  6149,
-         6234,  6319,  6404,  6495,  6587,  6678,  6769,  6867,
-         6966,  7064,  7163,  7269,  7376,  7483,  7599,  7715,
-         7832,  7958,  8085,  8214,  8352,  8492,  8635,  8788,
-         8945,  9104,  9275,  9450,  9639,  9832, 10031, 10245,
-        10465, 10702, 10946, 11210, 11482, 11776, 12081, 12409,
-        12750, 13118, 13501, 13913, 14343, 14807, 15290, 15812,
-        16356, 16943, 17575, 18237, 18949, 19718, 20521, 21387,
-    }
-};
-
-static const int16_t vp9_ac_qlookup[3][256] = {
-    {
-            4,     8,     9,    10,    11,    12,    13,    14,
-           15,    16,    17,    18,    19,    20,    21,    22,
-           23,    24,    25,    26,    27,    28,    29,    30,
-           31,    32,    33,    34,    35,    36,    37,    38,
-           39,    40,    41,    42,    43,    44,    45,    46,
-           47,    48,    49,    50,    51,    52,    53,    54,
-           55,    56,    57,    58,    59,    60,    61,    62,
-           63,    64,    65,    66,    67,    68,    69,    70,
-           71,    72,    73,    74,    75,    76,    77,    78,
-           79,    80,    81,    82,    83,    84,    85,    86,
-           87,    88,    89,    90,    91,    92,    93,    94,
-           95,    96,    97,    98,    99,   100,   101,   102,
-          104,   106,   108,   110,   112,   114,   116,   118,
-          120,   122,   124,   126,   128,   130,   132,   134,
-          136,   138,   140,   142,   144,   146,   148,   150,
-          152,   155,   158,   161,   164,   167,   170,   173,
-          176,   179,   182,   185,   188,   191,   194,   197,
-          200,   203,   207,   211,   215,   219,   223,   227,
-          231,   235,   239,   243,   247,   251,   255,   260,
-          265,   270,   275,   280,   285,   290,   295,   300,
-          305,   311,   317,   323,   329,   335,   341,   347,
-          353,   359,   366,   373,   380,   387,   394,   401,
-          408,   416,   424,   432,   440,   448,   456,   465,
-          474,   483,   492,   501,   510,   520,   530,   540,
-          550,   560,   571,   582,   593,   604,   615,   627,
-          639,   651,   663,   676,   689,   702,   715,   729,
-          743,   757,   771,   786,   801,   816,   832,   848,
-          864,   881,   898,   915,   933,   951,   969,   988,
-         1007,  1026,  1046,  1066,  1087,  1108,  1129,  1151,
-         1173,  1196,  1219,  1243,  1267,  1292,  1317,  1343,
-         1369,  1396,  1423,  1451,  1479,  1508,  1537,  1567,
-         1597,  1628,  1660,  1692,  1725,  1759,  1793,  1828,
-    }, {
-            4,     9,    11,    13,    16,    18,    21,    24,
-           27,    30,    33,    37,    40,    44,    48,    51,
-           55,    59,    63,    67,    71,    75,    79,    83,
-           88,    92,    96,   100,   105,   109,   114,   118,
-          122,   127,   131,   136,   140,   145,   149,   154,
-          158,   163,   168,   172,   177,   181,   186,   190,
-          195,   199,   204,   208,   213,   217,   222,   226,
-          231,   235,   240,   244,   249,   253,   258,   262,
-          267,   271,   275,   280,   284,   289,   293,   297,
-          302,   306,   311,   315,   319,   324,   328,   332,
-          337,   341,   345,   349,   354,   358,   362,   367,
-          371,   375,   379,   384,   388,   392,   396,   401,
-          409,   417,   425,   433,   441,   449,   458,   466,
-          474,   482,   490,   498,   506,   514,   523,   531,
-          539,   547,   555,   563,   571,   579,   588,   596,
-          604,   616,   628,   640,   652,   664,   676,   688,
-          700,   713,   725,   737,   749,   761,   773,   785,
-          797,   809,   825,   841,   857,   873,   889,   905,
-          922,   938,   954,   970,   986,  1002,  1018,  1038,
-         1058,  1078,  1098,  1118,  1138,  1158,  1178,  1198,
-         1218,  1242,  1266,  1290,  1314,  1338,  1362,  1386,
-         1411,  1435,  1463,  1491,  1519,  1547,  1575,  1603,
-         1631,  1663,  1695,  1727,  1759,  1791,  1823,  1859,
-         1895,  1931,  1967,  2003,  2039,  2079,  2119,  2159,
-         2199,  2239,  2283,  2327,  2371,  2415,  2459,  2507,
-         2555,  2603,  2651,  2703,  2755,  2807,  2859,  2915,
-         2971,  3027,  3083,  3143,  3203,  3263,  3327,  3391,
-         3455,  3523,  3591,  3659,  3731,  3803,  3876,  3952,
-         4028,  4104,  4184,  4264,  4348,  4432,  4516,  4604,
-         4692,  4784,  4876,  4972,  5068,  5168,  5268,  5372,
-         5476,  5584,  5692,  5804,  5916,  6032,  6148,  6268,
-         6388,  6512,  6640,  6768,  6900,  7036,  7172,  7312,
-    }, {
-            4,    13,    19,    27,    35,    44,    54,    64,
-           75,    87,    99,   112,   126,   139,   154,   168,
-          183,   199,   214,   230,   247,   263,   280,   297,
-          314,   331,   349,   366,   384,   402,   420,   438,
-          456,   475,   493,   511,   530,   548,   567,   586,
-          604,   623,   642,   660,   679,   698,   716,   735,
-          753,   772,   791,   809,   828,   846,   865,   884,
-          902,   920,   939,   957,   976,   994,  1012,  1030,
-         1049,  1067,  1085,  1103,  1121,  1139,  1157,  1175,
-         1193,  1211,  1229,  1246,  1264,  1282,  1299,  1317,
-         1335,  1352,  1370,  1387,  1405,  1422,  1440,  1457,
-         1474,  1491,  1509,  1526,  1543,  1560,  1577,  1595,
-         1627,  1660,  1693,  1725,  1758,  1791,  1824,  1856,
-         1889,  1922,  1954,  1987,  2020,  2052,  2085,  2118,
-         2150,  2183,  2216,  2248,  2281,  2313,  2346,  2378,
-         2411,  2459,  2508,  2556,  2605,  2653,  2701,  2750,
-         2798,  2847,  2895,  2943,  2992,  3040,  3088,  3137,
-         3185,  3234,  3298,  3362,  3426,  3491,  3555,  3619,
-         3684,  3748,  3812,  3876,  3941,  4005,  4069,  4149,
-         4230,  4310,  4390,  4470,  4550,  4631,  4711,  4791,
-         4871,  4967,  5064,  5160,  5256,  5352,  5448,  5544,
-         5641,  5737,  5849,  5961,  6073,  6185,  6297,  6410,
-         6522,  6650,  6778,  6906,  7034,  7162,  7290,  7435,
-         7579,  7723,  7867,  8011,  8155,  8315,  8475,  8635,
-         8795,  8956,  9132,  9308,  9484,  9660,  9836, 10028,
-        10220, 10412, 10604, 10812, 11020, 11228, 11437, 11661,
-        11885, 12109, 12333, 12573, 12813, 13053, 13309, 13565,
-        13821, 14093, 14365, 14637, 14925, 15213, 15502, 15806,
-        16110, 16414, 16734, 17054, 17390, 17726, 18062, 18414,
-        18766, 19134, 19502, 19886, 20270, 20670, 21070, 21486,
-        21902, 22334, 22766, 23214, 23662, 24126, 24590, 25070,
-        25551, 26047, 26559, 27071, 27599, 28143, 28687, 29247,
-    }
-};
-
-static const enum TxfmType vp9_intra_txfm_type[14] = {
-    [VERT_PRED]            = ADST_DCT,
-    [HOR_PRED]             = DCT_ADST,
-    [DC_PRED]              = DCT_DCT,
-    [DIAG_DOWN_LEFT_PRED]  = DCT_DCT,
-    [DIAG_DOWN_RIGHT_PRED] = ADST_ADST,
-    [VERT_RIGHT_PRED]      = ADST_DCT,
-    [HOR_DOWN_PRED]        = DCT_ADST,
-    [VERT_LEFT_PRED]       = ADST_DCT,
-    [HOR_UP_PRED]          = DCT_ADST,
-    [TM_VP8_PRED]          = ADST_ADST,
-    [NEARESTMV]            = DCT_DCT,
-    [NEARMV]               = DCT_DCT,
-    [ZEROMV]               = DCT_DCT,
-    [NEWMV]                = DCT_DCT,
-};
-
-static const int16_t vp9_default_scan_4x4[16] = {
-     0,  1,  4,  5,
-     2,  8,  3,  6,
-    12,  9,  7, 10,
-    13, 11, 14, 15,
-};
-
-static const int16_t vp9_col_scan_4x4[16] = {
-     0,  1,  2,  4,
-     3,  5,  6,  8,
-     7,  9, 10, 12,
-    13, 11, 14, 15,
-};
-
-static const int16_t vp9_row_scan_4x4[16] = {
-     0,  4,  1,  8,
-     5, 12,  9,  2,
-     6, 13,  3, 10,
-     7, 14, 11, 15,
-};
-
-static const int16_t vp9_default_scan_8x8[64] = {
-     0,  1,  8,  2,  9, 16, 10,  3,
-    17, 24, 18, 11,  4, 25, 32, 19,
-    12, 26,  5, 33, 20, 27, 40, 13,
-    34,  6, 41, 28, 21, 35, 42, 48,
-    14,  7, 36, 29, 43, 56, 49, 22,
-    15, 37, 50, 44, 57, 30, 23, 51,
-    45, 58, 38, 31, 52, 59, 39, 46,
-    53, 60, 47, 54, 61, 55, 62, 63,
-};
-
-static const int16_t vp9_col_scan_8x8[64] = {
-     0,  1,  2,  8,  3,  9,  4, 10,
-    16,  5, 11, 17, 12, 18,  6, 24,
-    19, 13, 25,  7, 26, 20, 32, 14,
-    27, 21, 33, 28, 34, 15, 22, 35,
-    40, 29, 41, 36, 23, 30, 42, 37,
-    48, 43, 31, 44, 49, 38, 50, 56,
-    45, 39, 51, 57, 52, 46, 58, 53,
-    59, 47, 60, 54, 61, 55, 62, 63,
-};
-
-static const int16_t vp9_row_scan_8x8[64] = {
-     0,  8, 16,  1,  9, 24,  2, 17,
-    32, 10, 25,  3, 40, 18, 11, 33,
-    26, 19,  4, 48, 41, 34, 12, 27,
-    56, 20,  5, 42, 35, 13, 49, 28,
-     6, 21, 43, 36, 14, 50, 29, 57,
-     7, 44, 22, 37, 51, 15, 58, 30,
-    23, 45, 52, 38, 59, 31, 46, 53,
-    39, 60, 47, 61, 54, 62, 55, 63,
-};
-
-static const int16_t vp9_default_scan_16x16[256] = {
-      0,   1,  16,   2,  17,  32,   3,  18,  33,  48,   4,  34,  19,  49,  20,   5,
-     35,  64,  50,  36,  65,  21,   6,  51,  80,  66,  37,  22,  52,   7,  81,  67,
-     38,  82,  53,  23,  96,  68,   8,  83,  97,  54,  39,  69, 112,  24,  98,  84,
-     70,  55,   9,  40,  85,  99, 113, 128,  25, 114, 100,  71,  86,  56,  10,  41,
-    115, 101, 129, 116,  72,  87,  26, 130, 144, 102,  57,  11,  42, 117, 131, 145,
-     88, 103,  27,  73, 132, 118, 146,  58, 160,  12,  43, 133, 147, 104,  89, 119,
-    161,  74, 148, 134,  28, 162,  59,  13, 176, 120, 149,  90, 135, 105, 163,  44,
-     75, 177, 164,  29, 150, 121, 136, 178, 165,  14, 106,  60,  91, 151,  45, 179,
-    192, 137, 166, 122,  76, 180, 152,  30,  61,  15, 107, 167, 181, 193,  92, 208,
-     46, 138, 123, 153, 194,  77, 168, 182,  31, 195, 209, 183, 108, 139,  62, 154,
-     47, 196,  93, 169, 210, 197, 224, 124, 184, 211,  78, 109, 170, 155,  63, 198,
-    212, 185, 225, 240, 140,  94, 199, 125,  79, 213, 226, 171, 186, 156, 214, 200,
-    110, 227, 141,  95, 241, 215, 228, 201, 126, 242, 187, 172, 157, 229, 111, 216,
-    243, 142, 202, 230, 127, 217, 244, 173, 188, 231, 158, 203, 143, 245, 218, 232,
-    189, 246, 159, 174, 233, 247, 219, 204, 175, 190, 248, 234, 205, 220, 249, 191,
-    235, 221, 250, 206, 222, 251, 236, 207, 237, 223, 252, 238, 253, 239, 254, 255,
-};
-
-static const int16_t vp9_col_scan_16x16[256] = {
-      0,   1,   2,   3,  16,   4,  17,   5,  18,   6,  19,  32,  20,   7,  33,  21,
-     34,   8,  35,  22,  48,  36,   9,  49,  23,  50,  37,  10,  38,  51,  24,  64,
-     52,  11,  65,  39,  25,  53,  66,  54,  40,  67,  12,  80,  26,  68,  55,  81,
-     41,  69,  13,  27,  82,  56,  70,  83,  42,  14,  84,  96,  71,  28,  57,  85,
-     97,  15,  72,  98,  43,  86,  58,  99,  29,  87, 100, 112,  73,  44, 101,  59,
-     30, 113,  88, 114,  74, 128, 102,  45,  31, 115,  60, 103,  89, 116,  75, 129,
-    117,  46, 104,  90,  61, 130, 118, 131, 132, 105,  76,  47, 119, 144,  91,  62,
-    133, 106, 145, 120, 146, 134,  77, 147, 121,  92, 135, 148,  63, 107, 136, 122,
-     93, 149, 160,  78, 150, 137, 108, 161, 162, 151, 123,  79, 138, 163, 152,  94,
-    164, 109, 165, 153, 124, 139, 176, 166,  95, 177, 167, 110, 154, 178, 125, 179,
-    140, 168, 155, 111, 180, 192, 181, 169, 141, 126, 182, 193, 194, 156, 183, 170,
-    195, 127, 142, 196, 184, 208, 197, 157, 171, 143, 185, 198, 209, 199, 210, 172,
-    158, 186, 211, 224, 212, 200, 240, 159, 213, 225, 187, 201, 173, 226, 214, 215,
-    227, 202, 228, 188, 241, 216, 174, 229, 242, 203, 243, 217, 230, 175, 189, 244,
-    231, 204, 218, 232, 245, 219, 246, 190, 233, 205, 191, 247, 234, 248, 220, 206,
-    249, 235, 221, 207, 250, 236, 222, 251, 223, 237, 238, 252, 239, 253, 254, 255,
-};
-
-static const int16_t vp9_row_scan_16x16[256] = {
-      0,  16,  32,   1,  48,  17,  64,  33,   2,  80,  18,  49,  96,  34,   3,  65,
-     19, 112,  50,  81,  35,   4, 128,  66,  20,  97,  51,  82,   5, 144,  36,  67,
-    113,  98,  21,  52, 160,  83, 129,  37,  68,   6, 114, 176,  99,  53,  22,  84,
-    145,  38,  69, 130,   7, 115, 192, 100,  54,  23,  85, 161, 146, 131,  39,  70,
-    208, 116,   8, 101, 177,  55,  86,  24, 162, 147, 132,  71, 224, 117,  40, 102,
-      9, 148,  56,  87, 193, 163, 240, 133, 178,  25, 118,  72,  41, 103, 164,  10,
-    149,  88, 134, 209, 179,  57, 119, 194,  26,  73, 165, 150, 104,  42, 135,  11,
-    180, 120,  89, 225, 195,  58,  27, 210, 151, 181, 166,  74,  43, 105,  12, 136,
-     90,  59, 241, 121,  28, 196, 167, 211, 152,  44, 182, 137,  75,  13, 226, 106,
-    122,  60, 197,  91, 168,  29, 183, 153,  14,  76, 212, 138,  45, 107,  15, 198,
-     92, 227, 169,  30, 123, 154,  61, 242, 184, 213, 139,  46,  77,  31, 108, 170,
-    199, 185, 124, 228,  93, 155, 214,  62, 140, 243,  78,  47, 200, 109, 186, 171,
-    201,  94,  63, 215, 229, 156,  79, 125, 141, 110, 216, 187, 172, 244, 202, 230,
-    217,  95, 157, 126, 245, 111, 142, 231, 188, 127, 158, 218, 173, 232, 246, 233,
-    203, 143, 247, 174, 189, 159, 219, 204, 248, 234, 249, 175, 190, 220, 205, 250,
-    235, 191, 221, 251, 236, 206, 252, 222, 207, 237, 223, 253, 238, 254, 239, 255,
-};
-
-static const int16_t vp9_default_scan_32x32[1024] = {
-       0,    1,   32,    2,   33,   64,    3,   34,   65,    4,   96,   35,   66,    5,   36,   97,   67,  128,   98,   68,   37,    6,  129,   99,    7,  160,   69,   38,  130,  100,  161,  131,
-      39,   70,    8,  101,  162,  132,  192,   71,   40,    9,  102,  163,  133,  193,   72,  224,  103,   41,  164,   10,  194,  134,  165,   73,  104,  135,  225,   42,  195,   11,  256,  166,
-     226,  196,   74,  105,  136,   43,   12,  167,  197,  227,  257,   75,  106,  137,  228,   44,  198,  168,  258,  288,   13,  229,   76,  107,  199,  138,  259,  169,  289,   45,  230,  260,
-     200,  108,   14,  170,  139,  320,  290,   77,  231,  261,   46,  201,  140,  291,  109,  232,  321,  262,  171,   78,  292,   15,  322,  202,  263,  352,  172,  293,  233,  141,  323,  110,
-      47,  203,  264,  234,  294,  353,  324,   16,   79,  204,  265,  295,  325,  173,  354,  142,  235,  384,   48,  296,  111,  266,  355,  326,   80,   17,  205,  236,  174,  356,  385,  327,
-     143,  297,  267,  357,  386,  112,   49,  328,  298,  206,  416,  237,  358,  387,   81,  175,   18,  329,  359,  388,  299,  330,  389,  113,  417,  238,  360,   50,  207,  418,  390,  331,
-      19,  448,  361,   82,  419,  391,  239,   51,  362,  420,  114,  449,  480,  421,   83,  363,  450,  422,  512,  451,  423,  115,  452,  481,  453,  482,  454,  544,  483,  455,  513,  484,
-     514,  485,  515,  486,  545,  576,  487,  546,  547,  608,  577,  578,  579,  609,  610,  611,   20,  144,  268,  392,  516,  640,   21,   52,  145,  176,  269,  300,  393,  424,  517,  548,
-     641,  672,   22,   53,   84,  146,  177,  208,  270,  301,  332,  394,  425,  456,  518,  549,  580,  642,  673,  704,   23,   54,   85,  116,  147,  178,  209,  240,  271,  302,  333,  364,
-     395,  426,  457,  488,  519,  550,  581,  612,  643,  674,  705,  736,   55,   86,  117,  179,  210,  241,  303,  334,  365,  427,  458,  489,  551,  582,  613,  675,  706,  737,   87,  118,
-     211,  242,  335,  366,  459,  490,  583,  614,  707,  738,  119,  243,  367,  491,  615,  739,   24,  148,  272,  396,  520,  644,  768,   25,   56,  149,  180,  273,  304,  397,  428,  521,
-     552,  645,  676,  769,  800,   26,   57,   88,  150,  181,  212,  274,  305,  336,  398,  429,  460,  522,  553,  584,  646,  677,  708,  770,  801,  832,   27,   58,   89,  120,  151,  182,
-     213,  244,  275,  306,  337,  368,  399,  430,  461,  492,  523,  554,  585,  616,  647,  678,  709,  740,  771,  802,  833,  864,   59,   90,  121,  183,  214,  245,  307,  338,  369,  431,
-     462,  493,  555,  586,  617,  679,  710,  741,  803,  834,  865,   91,  122,  215,  246,  339,  370,  463,  494,  587,  618,  711,  742,  835,  866,  123,  247,  371,  495,  619,  743,  867,
-      28,  152,  276,  400,  524,  648,  772,  896,   29,   60,  153,  184,  277,  308,  401,  432,  525,  556,  649,  680,  773,  804,  897,  928,   30,   61,   92,  154,  185,  216,  278,  309,
-     340,  402,  433,  464,  526,  557,  588,  650,  681,  712,  774,  805,  836,  898,  929,  960,   31,   62,   93,  124,  155,  186,  217,  248,  279,  310,  341,  372,  403,  434,  465,  496,
-     527,  558,  589,  620,  651,  682,  713,  744,  775,  806,  837,  868,  899,  930,  961,  992,   63,   94,  125,  187,  218,  249,  311,  342,  373,  435,  466,  497,  559,  590,  621,  683,
-     714,  745,  807,  838,  869,  931,  962,  993,   95,  126,  219,  250,  343,  374,  467,  498,  591,  622,  715,  746,  839,  870,  963,  994,  127,  251,  375,  499,  623,  747,  871,  995,
-     156,  280,  404,  528,  652,  776,  900,  157,  188,  281,  312,  405,  436,  529,  560,  653,  684,  777,  808,  901,  932,  158,  189,  220,  282,  313,  344,  406,  437,  468,  530,  561,
-     592,  654,  685,  716,  778,  809,  840,  902,  933,  964,  159,  190,  221,  252,  283,  314,  345,  376,  407,  438,  469,  500,  531,  562,  593,  624,  655,  686,  717,  748,  779,  810,
-     841,  872,  903,  934,  965,  996,  191,  222,  253,  315,  346,  377,  439,  470,  501,  563,  594,  625,  687,  718,  749,  811,  842,  873,  935,  966,  997,  223,  254,  347,  378,  471,
-     502,  595,  626,  719,  750,  843,  874,  967,  998,  255,  379,  503,  627,  751,  875,  999,  284,  408,  532,  656,  780,  904,  285,  316,  409,  440,  533,  564,  657,  688,  781,  812,
-     905,  936,  286,  317,  348,  410,  441,  472,  534,  565,  596,  658,  689,  720,  782,  813,  844,  906,  937,  968,  287,  318,  349,  380,  411,  442,  473,  504,  535,  566,  597,  628,
-     659,  690,  721,  752,  783,  814,  845,  876,  907,  938,  969, 1000,  319,  350,  381,  443,  474,  505,  567,  598,  629,  691,  722,  753,  815,  846,  877,  939,  970, 1001,  351,  382,
-     475,  506,  599,  630,  723,  754,  847,  878,  971, 1002,  383,  507,  631,  755,  879, 1003,  412,  536,  660,  784,  908,  413,  444,  537,  568,  661,  692,  785,  816,  909,  940,  414,
-     445,  476,  538,  569,  600,  662,  693,  724,  786,  817,  848,  910,  941,  972,  415,  446,  477,  508,  539,  570,  601,  632,  663,  694,  725,  756,  787,  818,  849,  880,  911,  942,
-     973, 1004,  447,  478,  509,  571,  602,  633,  695,  726,  757,  819,  850,  881,  943,  974, 1005,  479,  510,  603,  634,  727,  758,  851,  882,  975, 1006,  511,  635,  759,  883, 1007,
-     540,  664,  788,  912,  541,  572,  665,  696,  789,  820,  913,  944,  542,  573,  604,  666,  697,  728,  790,  821,  852,  914,  945,  976,  543,  574,  605,  636,  667,  698,  729,  760,
-     791,  822,  853,  884,  915,  946,  977, 1008,  575,  606,  637,  699,  730,  761,  823,  854,  885,  947,  978, 1009,  607,  638,  731,  762,  855,  886,  979, 1010,  639,  763,  887, 1011,
-     668,  792,  916,  669,  700,  793,  824,  917,  948,  670,  701,  732,  794,  825,  856,  918,  949,  980,  671,  702,  733,  764,  795,  826,  857,  888,  919,  950,  981, 1012,  703,  734,
-     765,  827,  858,  889,  951,  982, 1013,  735,  766,  859,  890,  983, 1014,  767,  891, 1015,  796,  920,  797,  828,  921,  952,  798,  829,  860,  922,  953,  984,  799,  830,  861,  892,
-     923,  954,  985, 1016,  831,  862,  893,  955,  986, 1017,  863,  894,  987, 1018,  895, 1019,  924,  925,  956,  926,  957,  988,  927,  958,  989, 1020,  959,  990, 1021,  991, 1022, 1023,
-};
-
-static const int16_t * const vp9_scans[5][4] = {
-    {
-        vp9_default_scan_4x4, vp9_col_scan_4x4,
-        vp9_row_scan_4x4, vp9_default_scan_4x4
-    }, {
-        vp9_default_scan_8x8, vp9_col_scan_8x8,
-        vp9_row_scan_8x8, vp9_default_scan_8x8
-    }, {
-        vp9_default_scan_16x16, vp9_col_scan_16x16,
-        vp9_row_scan_16x16, vp9_default_scan_16x16
-    }, {
-        vp9_default_scan_32x32, vp9_default_scan_32x32,
-        vp9_default_scan_32x32, vp9_default_scan_32x32
-    }, { // lossless
-        vp9_default_scan_4x4, vp9_default_scan_4x4,
-        vp9_default_scan_4x4, vp9_default_scan_4x4
-    }
-};
-
-static const int16_t vp9_default_scan_4x4_nb[16][2] = {
-    {  0,  0 }, {  0,  0 }, {  4,  1 }, {  1,  1 },
-    {  4,  4 }, {  2,  2 }, {  5,  2 }, {  8,  8 },
-    {  8,  5 }, {  6,  3 }, {  9,  6 }, { 12,  9 },
-    { 10,  7 }, { 13, 10 }, { 14, 11 }, {  0,  0 },
-};
-
-static const int16_t vp9_col_scan_4x4_nb[16][2] = {
-    {  0,  0 }, {  1,  1 }, {  0,  0 }, {  2,  2 },
-    {  4,  4 }, {  5,  5 }, {  4,  4 }, {  6,  6 },
-    {  8,  8 }, {  9,  9 }, {  8,  8 }, { 12, 12 },
-    { 10, 10 }, { 13, 13 }, { 14, 14 }, {  0,  0 },
-};
-
-static const int16_t vp9_row_scan_4x4_nb[16][2] = {
-    {  0,  0 }, {  0,  0 }, {  4,  4 }, {  1,  1 },
-    {  8,  8 }, {  5,  5 }, {  1,  1 }, {  2,  2 },
-    {  9,  9 }, {  2,  2 }, {  6,  6 }, {  3,  3 },
-    { 10, 10 }, {  7,  7 }, { 11, 11 }, {  0,  0 },
-};
-
-static const int16_t vp9_default_scan_8x8_nb[64][2] = {
-    {  0,  0 }, {  0,  0 }, {  1,  1 }, {  8,  1 },
-    {  8,  8 }, {  9,  2 }, {  2,  2 }, { 16,  9 },
-    { 16, 16 }, { 17, 10 }, { 10,  3 }, {  3,  3 },
-    { 24, 17 }, { 24, 24 }, { 18, 11 }, { 11,  4 },
-    { 25, 18 }, {  4,  4 }, { 32, 25 }, { 19, 12 },
-    { 26, 19 }, { 32, 32 }, { 12,  5 }, { 33, 26 },
-    {  5,  5 }, { 40, 33 }, { 27, 20 }, { 20, 13 },
-    { 34, 27 }, { 41, 34 }, { 40, 40 }, { 13,  6 },
-    {  6,  6 }, { 35, 28 }, { 28, 21 }, { 42, 35 },
-    { 48, 48 }, { 48, 41 }, { 21, 14 }, { 14,  7 },
-    { 36, 29 }, { 49, 42 }, { 43, 36 }, { 56, 49 },
-    { 29, 22 }, { 22, 15 }, { 50, 43 }, { 44, 37 },
-    { 57, 50 }, { 37, 30 }, { 30, 23 }, { 51, 44 },
-    { 58, 51 }, { 38, 31 }, { 45, 38 }, { 52, 45 },
-    { 59, 52 }, { 46, 39 }, { 53, 46 }, { 60, 53 },
-    { 54, 47 }, { 61, 54 }, { 62, 55 }, {  0,  0 },
-};
-
-static const int16_t vp9_col_scan_8x8_nb[64][2] = {
-    {  0,  0 }, {  1,  1 }, {  0,  0 }, {  2,  2 },
-    {  8,  8 }, {  3,  3 }, {  9,  9 }, {  8,  8 },
-    {  4,  4 }, { 10, 10 }, { 16, 16 }, { 11, 11 },
-    { 17, 17 }, {  5,  5 }, { 16, 16 }, { 18, 18 },
-    { 12, 12 }, { 24, 24 }, {  6,  6 }, { 25, 25 },
-    { 19, 19 }, { 24, 24 }, { 13, 13 }, { 26, 26 },
-    { 20, 20 }, { 32, 32 }, { 27, 27 }, { 33, 33 },
-    { 14, 14 }, { 21, 21 }, { 34, 34 }, { 32, 32 },
-    { 28, 28 }, { 40, 40 }, { 35, 35 }, { 22, 22 },
-    { 29, 29 }, { 41, 41 }, { 36, 36 }, { 40, 40 },
-    { 42, 42 }, { 30, 30 }, { 43, 43 }, { 48, 48 },
-    { 37, 37 }, { 49, 49 }, { 48, 48 }, { 44, 44 },
-    { 38, 38 }, { 50, 50 }, { 56, 56 }, { 51, 51 },
-    { 45, 45 }, { 57, 57 }, { 52, 52 }, { 58, 58 },
-    { 46, 46 }, { 59, 59 }, { 53, 53 }, { 60, 60 },
-    { 54, 54 }, { 61, 61 }, { 62, 62 }, {  0,  0 },
-};
-
-static const int16_t vp9_row_scan_8x8_nb[64][2] = {
-    {  0,  0 }, {  8,  8 }, {  0,  0 }, {  1,  1 },
-    { 16, 16 }, {  1,  1 }, {  9,  9 }, { 24, 24 },
-    {  2,  2 }, { 17, 17 }, {  2,  2 }, { 32, 32 },
-    { 10, 10 }, {  3,  3 }, { 25, 25 }, { 18, 18 },
-    { 11, 11 }, {  3,  3 }, { 40, 40 }, { 33, 33 },
-    { 26, 26 }, {  4,  4 }, { 19, 19 }, { 48, 48 },
-    { 12, 12 }, {  4,  4 }, { 34, 34 }, { 27, 27 },
-    {  5,  5 }, { 41, 41 }, { 20, 20 }, {  5,  5 },
-    { 13, 13 }, { 35, 35 }, { 28, 28 }, {  6,  6 },
-    { 42, 42 }, { 21, 21 }, { 49, 49 }, {  6,  6 },
-    { 36, 36 }, { 14, 14 }, { 29, 29 }, { 43, 43 },
-    {  7,  7 }, { 50, 50 }, { 22, 22 }, { 15, 15 },
-    { 37, 37 }, { 44, 44 }, { 30, 30 }, { 51, 51 },
-    { 23, 23 }, { 38, 38 }, { 45, 45 }, { 31, 31 },
-    { 52, 52 }, { 39, 39 }, { 53, 53 }, { 46, 46 },
-    { 54, 54 }, { 47, 47 }, { 55, 55 }, {  0,  0 },
-};
-
-static const int16_t vp9_default_scan_16x16_nb[256][2] = {
-    {   0,   0 }, {   0,   0 }, {   1,   1 }, {  16,   1 },
-    {  16,  16 }, {   2,   2 }, {  17,   2 }, {  32,  17 },
-    {  32,  32 }, {   3,   3 }, {  33,  18 }, {  18,   3 },
-    {  48,  33 }, {  19,   4 }, {   4,   4 }, {  34,  19 },
-    {  48,  48 }, {  49,  34 }, {  35,  20 }, {  64,  49 },
-    {  20,   5 }, {   5,   5 }, {  50,  35 }, {  64,  64 },
-    {  65,  50 }, {  36,  21 }, {  21,   6 }, {  51,  36 },
-    {   6,   6 }, {  80,  65 }, {  66,  51 }, {  37,  22 },
-    {  81,  66 }, {  52,  37 }, {  22,   7 }, {  80,  80 },
-    {  67,  52 }, {   7,   7 }, {  82,  67 }, {  96,  81 },
-    {  53,  38 }, {  38,  23 }, {  68,  53 }, {  96,  96 },
-    {  23,   8 }, {  97,  82 }, {  83,  68 }, {  69,  54 },
-    {  54,  39 }, {   8,   8 }, {  39,  24 }, {  84,  69 },
-    {  98,  83 }, { 112,  97 }, { 112, 112 }, {  24,   9 },
-    { 113,  98 }, {  99,  84 }, {  70,  55 }, {  85,  70 },
-    {  55,  40 }, {   9,   9 }, {  40,  25 }, { 114,  99 },
-    { 100,  85 }, { 128, 113 }, { 115, 100 }, {  71,  56 },
-    {  86,  71 }, {  25,  10 }, { 129, 114 }, { 128, 128 },
-    { 101,  86 }, {  56,  41 }, {  10,  10 }, {  41,  26 },
-    { 116, 101 }, { 130, 115 }, { 144, 129 }, {  87,  72 },
-    { 102,  87 }, {  26,  11 }, {  72,  57 }, { 131, 116 },
-    { 117, 102 }, { 145, 130 }, {  57,  42 }, { 144, 144 },
-    {  11,  11 }, {  42,  27 }, { 132, 117 }, { 146, 131 },
-    { 103,  88 }, {  88,  73 }, { 118, 103 }, { 160, 145 },
-    {  73,  58 }, { 147, 132 }, { 133, 118 }, {  27,  12 },
-    { 161, 146 }, {  58,  43 }, {  12,  12 }, { 160, 160 },
-    { 119, 104 }, { 148, 133 }, {  89,  74 }, { 134, 119 },
-    { 104,  89 }, { 162, 147 }, {  43,  28 }, {  74,  59 },
-    { 176, 161 }, { 163, 148 }, {  28,  13 }, { 149, 134 },
-    { 120, 105 }, { 135, 120 }, { 177, 162 }, { 164, 149 },
-    {  13,  13 }, { 105,  90 }, {  59,  44 }, {  90,  75 },
-    { 150, 135 }, {  44,  29 }, { 178, 163 }, { 176, 176 },
-    { 136, 121 }, { 165, 150 }, { 121, 106 }, {  75,  60 },
-    { 179, 164 }, { 151, 136 }, {  29,  14 }, {  60,  45 },
-    {  14,  14 }, { 106,  91 }, { 166, 151 }, { 180, 165 },
-    { 192, 177 }, {  91,  76 }, { 192, 192 }, {  45,  30 },
-    { 137, 122 }, { 122, 107 }, { 152, 137 }, { 193, 178 },
-    {  76,  61 }, { 167, 152 }, { 181, 166 }, {  30,  15 },
-    { 194, 179 }, { 208, 193 }, { 182, 167 }, { 107,  92 },
-    { 138, 123 }, {  61,  46 }, { 153, 138 }, {  46,  31 },
-    { 195, 180 }, {  92,  77 }, { 168, 153 }, { 209, 194 },
-    { 196, 181 }, { 208, 208 }, { 123, 108 }, { 183, 168 },
-    { 210, 195 }, {  77,  62 }, { 108,  93 }, { 169, 154 },
-    { 154, 139 }, {  62,  47 }, { 197, 182 }, { 211, 196 },
-    { 184, 169 }, { 224, 209 }, { 224, 224 }, { 139, 124 },
-    {  93,  78 }, { 198, 183 }, { 124, 109 }, {  78,  63 },
-    { 212, 197 }, { 225, 210 }, { 170, 155 }, { 185, 170 },
-    { 155, 140 }, { 213, 198 }, { 199, 184 }, { 109,  94 },
-    { 226, 211 }, { 140, 125 }, {  94,  79 }, { 240, 225 },
-    { 214, 199 }, { 227, 212 }, { 200, 185 }, { 125, 110 },
-    { 241, 226 }, { 186, 171 }, { 171, 156 }, { 156, 141 },
-    { 228, 213 }, { 110,  95 }, { 215, 200 }, { 242, 227 },
-    { 141, 126 }, { 201, 186 }, { 229, 214 }, { 126, 111 },
-    { 216, 201 }, { 243, 228 }, { 172, 157 }, { 187, 172 },
-    { 230, 215 }, { 157, 142 }, { 202, 187 }, { 142, 127 },
-    { 244, 229 }, { 217, 202 }, { 231, 216 }, { 188, 173 },
-    { 245, 230 }, { 158, 143 }, { 173, 158 }, { 232, 217 },
-    { 246, 231 }, { 218, 203 }, { 203, 188 }, { 174, 159 },
-    { 189, 174 }, { 247, 232 }, { 233, 218 }, { 204, 189 },
-    { 219, 204 }, { 248, 233 }, { 190, 175 }, { 234, 219 },
-    { 220, 205 }, { 249, 234 }, { 205, 190 }, { 221, 206 },
-    { 250, 235 }, { 235, 220 }, { 206, 191 }, { 236, 221 },
-    { 222, 207 }, { 251, 236 }, { 237, 222 }, { 252, 237 },
-    { 238, 223 }, { 253, 238 }, { 254, 239 }, {   0,   0 },
-};
-
-static const int16_t vp9_col_scan_16x16_nb[256][2] = {
-    {   0,   0 }, {   1,   1 }, {   2,   2 }, {   0,   0 },
-    {   3,   3 }, {  16,  16 }, {   4,   4 }, {  17,  17 },
-    {   5,   5 }, {  18,  18 }, {  16,  16 }, {  19,  19 },
-    {   6,   6 }, {  32,  32 }, {  20,  20 }, {  33,  33 },
-    {   7,   7 }, {  34,  34 }, {  21,  21 }, {  32,  32 },
-    {  35,  35 }, {   8,   8 }, {  48,  48 }, {  22,  22 },
-    {  49,  49 }, {  36,  36 }, {   9,   9 }, {  37,  37 },
-    {  50,  50 }, {  23,  23 }, {  48,  48 }, {  51,  51 },
-    {  10,  10 }, {  64,  64 }, {  38,  38 }, {  24,  24 },
-    {  52,  52 }, {  65,  65 }, {  53,  53 }, {  39,  39 },
-    {  66,  66 }, {  11,  11 }, {  64,  64 }, {  25,  25 },
-    {  67,  67 }, {  54,  54 }, {  80,  80 }, {  40,  40 },
-    {  68,  68 }, {  12,  12 }, {  26,  26 }, {  81,  81 },
-    {  55,  55 }, {  69,  69 }, {  82,  82 }, {  41,  41 },
-    {  13,  13 }, {  83,  83 }, {  80,  80 }, {  70,  70 },
-    {  27,  27 }, {  56,  56 }, {  84,  84 }, {  96,  96 },
-    {  14,  14 }, {  71,  71 }, {  97,  97 }, {  42,  42 },
-    {  85,  85 }, {  57,  57 }, {  98,  98 }, {  28,  28 },
-    {  86,  86 }, {  99,  99 }, {  96,  96 }, {  72,  72 },
-    {  43,  43 }, { 100, 100 }, {  58,  58 }, {  29,  29 },
-    { 112, 112 }, {  87,  87 }, { 113, 113 }, {  73,  73 },
-    { 112, 112 }, { 101, 101 }, {  44,  44 }, {  30,  30 },
-    { 114, 114 }, {  59,  59 }, { 102, 102 }, {  88,  88 },
-    { 115, 115 }, {  74,  74 }, { 128, 128 }, { 116, 116 },
-    {  45,  45 }, { 103, 103 }, {  89,  89 }, {  60,  60 },
-    { 129, 129 }, { 117, 117 }, { 130, 130 }, { 131, 131 },
-    { 104, 104 }, {  75,  75 }, {  46,  46 }, { 118, 118 },
-    { 128, 128 }, {  90,  90 }, {  61,  61 }, { 132, 132 },
-    { 105, 105 }, { 144, 144 }, { 119, 119 }, { 145, 145 },
-    { 133, 133 }, {  76,  76 }, { 146, 146 }, { 120, 120 },
-    {  91,  91 }, { 134, 134 }, { 147, 147 }, {  62,  62 },
-    { 106, 106 }, { 135, 135 }, { 121, 121 }, {  92,  92 },
-    { 148, 148 }, { 144, 144 }, {  77,  77 }, { 149, 149 },
-    { 136, 136 }, { 107, 107 }, { 160, 160 }, { 161, 161 },
-    { 150, 150 }, { 122, 122 }, {  78,  78 }, { 137, 137 },
-    { 162, 162 }, { 151, 151 }, {  93,  93 }, { 163, 163 },
-    { 108, 108 }, { 164, 164 }, { 152, 152 }, { 123, 123 },
-    { 138, 138 }, { 160, 160 }, { 165, 165 }, {  94,  94 },
-    { 176, 176 }, { 166, 166 }, { 109, 109 }, { 153, 153 },
-    { 177, 177 }, { 124, 124 }, { 178, 178 }, { 139, 139 },
-    { 167, 167 }, { 154, 154 }, { 110, 110 }, { 179, 179 },
-    { 176, 176 }, { 180, 180 }, { 168, 168 }, { 140, 140 },
-    { 125, 125 }, { 181, 181 }, { 192, 192 }, { 193, 193 },
-    { 155, 155 }, { 182, 182 }, { 169, 169 }, { 194, 194 },
-    { 126, 126 }, { 141, 141 }, { 195, 195 }, { 183, 183 },
-    { 192, 192 }, { 196, 196 }, { 156, 156 }, { 170, 170 },
-    { 142, 142 }, { 184, 184 }, { 197, 197 }, { 208, 208 },
-    { 198, 198 }, { 209, 209 }, { 171, 171 }, { 157, 157 },
-    { 185, 185 }, { 210, 210 }, { 208, 208 }, { 211, 211 },
-    { 199, 199 }, { 224, 224 }, { 158, 158 }, { 212, 212 },
-    { 224, 224 }, { 186, 186 }, { 200, 200 }, { 172, 172 },
-    { 225, 225 }, { 213, 213 }, { 214, 214 }, { 226, 226 },
-    { 201, 201 }, { 227, 227 }, { 187, 187 }, { 240, 240 },
-    { 215, 215 }, { 173, 173 }, { 228, 228 }, { 241, 241 },
-    { 202, 202 }, { 242, 242 }, { 216, 216 }, { 229, 229 },
-    { 174, 174 }, { 188, 188 }, { 243, 243 }, { 230, 230 },
-    { 203, 203 }, { 217, 217 }, { 231, 231 }, { 244, 244 },
-    { 218, 218 }, { 245, 245 }, { 189, 189 }, { 232, 232 },
-    { 204, 204 }, { 190, 190 }, { 246, 246 }, { 233, 233 },
-    { 247, 247 }, { 219, 219 }, { 205, 205 }, { 248, 248 },
-    { 234, 234 }, { 220, 220 }, { 206, 206 }, { 249, 249 },
-    { 235, 235 }, { 221, 221 }, { 250, 250 }, { 222, 222 },
-    { 236, 236 }, { 237, 237 }, { 251, 251 }, { 238, 238 },
-    { 252, 252 }, { 253, 253 }, { 254, 254 }, {   0,   0 },
-};
-
-static const int16_t vp9_row_scan_16x16_nb[256][2] = {
-    {   0,   0 }, {  16,  16 }, {   0,   0 }, {  32,  32 },
-    {   1,   1 }, {  48,  48 }, {  17,  17 }, {   1,   1 },
-    {  64,  64 }, {   2,   2 }, {  33,  33 }, {  80,  80 },
-    {  18,  18 }, {   2,   2 }, {  49,  49 }, {   3,   3 },
-    {  96,  96 }, {  34,  34 }, {  65,  65 }, {  19,  19 },
-    {   3,   3 }, { 112, 112 }, {  50,  50 }, {   4,   4 },
-    {  81,  81 }, {  35,  35 }, {  66,  66 }, {   4,   4 },
-    { 128, 128 }, {  20,  20 }, {  51,  51 }, {  97,  97 },
-    {  82,  82 }, {   5,   5 }, {  36,  36 }, { 144, 144 },
-    {  67,  67 }, { 113, 113 }, {  21,  21 }, {  52,  52 },
-    {   5,   5 }, {  98,  98 }, { 160, 160 }, {  83,  83 },
-    {  37,  37 }, {   6,   6 }, {  68,  68 }, { 129, 129 },
-    {  22,  22 }, {  53,  53 }, { 114, 114 }, {   6,   6 },
-    {  99,  99 }, { 176, 176 }, {  84,  84 }, {  38,  38 },
-    {   7,   7 }, {  69,  69 }, { 145, 145 }, { 130, 130 },
-    { 115, 115 }, {  23,  23 }, {  54,  54 }, { 192, 192 },
-    { 100, 100 }, {   7,   7 }, {  85,  85 }, { 161, 161 },
-    {  39,  39 }, {  70,  70 }, {   8,   8 }, { 146, 146 },
-    { 131, 131 }, { 116, 116 }, {  55,  55 }, { 208, 208 },
-    { 101, 101 }, {  24,  24 }, {  86,  86 }, {   8,   8 },
-    { 132, 132 }, {  40,  40 }, {  71,  71 }, { 177, 177 },
-    { 147, 147 }, { 224, 224 }, { 117, 117 }, { 162, 162 },
-    {   9,   9 }, { 102, 102 }, {  56,  56 }, {  25,  25 },
-    {  87,  87 }, { 148, 148 }, {   9,   9 }, { 133, 133 },
-    {  72,  72 }, { 118, 118 }, { 193, 193 }, { 163, 163 },
-    {  41,  41 }, { 103, 103 }, { 178, 178 }, {  10,  10 },
-    {  57,  57 }, { 149, 149 }, { 134, 134 }, {  88,  88 },
-    {  26,  26 }, { 119, 119 }, {  10,  10 }, { 164, 164 },
-    { 104, 104 }, {  73,  73 }, { 209, 209 }, { 179, 179 },
-    {  42,  42 }, {  11,  11 }, { 194, 194 }, { 135, 135 },
-    { 165, 165 }, { 150, 150 }, {  58,  58 }, {  27,  27 },
-    {  89,  89 }, {  11,  11 }, { 120, 120 }, {  74,  74 },
-    {  43,  43 }, { 225, 225 }, { 105, 105 }, {  12,  12 },
-    { 180, 180 }, { 151, 151 }, { 195, 195 }, { 136, 136 },
-    {  28,  28 }, { 166, 166 }, { 121, 121 }, {  59,  59 },
-    {  12,  12 }, { 210, 210 }, {  90,  90 }, { 106, 106 },
-    {  44,  44 }, { 181, 181 }, {  75,  75 }, { 152, 152 },
-    {  13,  13 }, { 167, 167 }, { 137, 137 }, {  13,  13 },
-    {  60,  60 }, { 196, 196 }, { 122, 122 }, {  29,  29 },
-    {  91,  91 }, {  14,  14 }, { 182, 182 }, {  76,  76 },
-    { 211, 211 }, { 153, 153 }, {  14,  14 }, { 107, 107 },
-    { 138, 138 }, {  45,  45 }, { 226, 226 }, { 168, 168 },
-    { 197, 197 }, { 123, 123 }, {  30,  30 }, {  61,  61 },
-    {  15,  15 }, {  92,  92 }, { 154, 154 }, { 183, 183 },
-    { 169, 169 }, { 108, 108 }, { 212, 212 }, {  77,  77 },
-    { 139, 139 }, { 198, 198 }, {  46,  46 }, { 124, 124 },
-    { 227, 227 }, {  62,  62 }, {  31,  31 }, { 184, 184 },
-    {  93,  93 }, { 170, 170 }, { 155, 155 }, { 185, 185 },
-    {  78,  78 }, {  47,  47 }, { 199, 199 }, { 213, 213 },
-    { 140, 140 }, {  63,  63 }, { 109, 109 }, { 125, 125 },
-    {  94,  94 }, { 200, 200 }, { 171, 171 }, { 156, 156 },
-    { 228, 228 }, { 186, 186 }, { 214, 214 }, { 201, 201 },
-    {  79,  79 }, { 141, 141 }, { 110, 110 }, { 229, 229 },
-    {  95,  95 }, { 126, 126 }, { 215, 215 }, { 172, 172 },
-    { 111, 111 }, { 142, 142 }, { 202, 202 }, { 157, 157 },
-    { 216, 216 }, { 230, 230 }, { 217, 217 }, { 187, 187 },
-    { 127, 127 }, { 231, 231 }, { 158, 158 }, { 173, 173 },
-    { 143, 143 }, { 203, 203 }, { 188, 188 }, { 232, 232 },
-    { 218, 218 }, { 233, 233 }, { 159, 159 }, { 174, 174 },
-    { 204, 204 }, { 189, 189 }, { 234, 234 }, { 219, 219 },
-    { 175, 175 }, { 205, 205 }, { 235, 235 }, { 220, 220 },
-    { 190, 190 }, { 236, 236 }, { 206, 206 }, { 191, 191 },
-    { 221, 221 }, { 207, 207 }, { 237, 237 }, { 222, 222 },
-    { 238, 238 }, { 223, 223 }, { 239, 239 }, {   0,   0 },
-};
-
-static const int16_t vp9_default_scan_32x32_nb[1024][2] = {
-    {    0,    0 }, {    0,    0 }, {    1,    1 }, {   32,    1 },
-    {   32,   32 }, {    2,    2 }, {   33,    2 }, {   64,   33 },
-    {    3,    3 }, {   64,   64 }, {   34,    3 }, {   65,   34 },
-    {    4,    4 }, {   35,    4 }, {   96,   65 }, {   66,   35 },
-    {   96,   96 }, {   97,   66 }, {   67,   36 }, {   36,    5 },
-    {    5,    5 }, {  128,   97 }, {   98,   67 }, {    6,    6 },
-    {  128,  128 }, {   68,   37 }, {   37,    6 }, {  129,   98 },
-    {   99,   68 }, {  160,  129 }, {  130,   99 }, {   38,    7 },
-    {   69,   38 }, {    7,    7 }, {  100,   69 }, {  161,  130 },
-    {  131,  100 }, {  160,  160 }, {   70,   39 }, {   39,    8 },
-    {    8,    8 }, {  101,   70 }, {  162,  131 }, {  132,  101 },
-    {  192,  161 }, {   71,   40 }, {  192,  192 }, {  102,   71 },
-    {   40,    9 }, {  163,  132 }, {    9,    9 }, {  193,  162 },
-    {  133,  102 }, {  164,  133 }, {   72,   41 }, {  103,   72 },
-    {  134,  103 }, {  224,  193 }, {   41,   10 }, {  194,  163 },
-    {   10,   10 }, {  224,  224 }, {  165,  134 }, {  225,  194 },
-    {  195,  164 }, {   73,   42 }, {  104,   73 }, {  135,  104 },
-    {   42,   11 }, {   11,   11 }, {  166,  135 }, {  196,  165 },
-    {  226,  195 }, {  256,  225 }, {   74,   43 }, {  105,   74 },
-    {  136,  105 }, {  227,  196 }, {   43,   12 }, {  197,  166 },
-    {  167,  136 }, {  257,  226 }, {  256,  256 }, {   12,   12 },
-    {  228,  197 }, {   75,   44 }, {  106,   75 }, {  198,  167 },
-    {  137,  106 }, {  258,  227 }, {  168,  137 }, {  288,  257 },
-    {   44,   13 }, {  229,  198 }, {  259,  228 }, {  199,  168 },
-    {  107,   76 }, {   13,   13 }, {  169,  138 }, {  138,  107 },
-    {  288,  288 }, {  289,  258 }, {   76,   45 }, {  230,  199 },
-    {  260,  229 }, {   45,   14 }, {  200,  169 }, {  139,  108 },
-    {  290,  259 }, {  108,   77 }, {  231,  200 }, {  320,  289 },
-    {  261,  230 }, {  170,  139 }, {   77,   46 }, {  291,  260 },
-    {   14,   14 }, {  321,  290 }, {  201,  170 }, {  262,  231 },
-    {  320,  320 }, {  171,  140 }, {  292,  261 }, {  232,  201 },
-    {  140,  109 }, {  322,  291 }, {  109,   78 }, {   46,   15 },
-    {  202,  171 }, {  263,  232 }, {  233,  202 }, {  293,  262 },
-    {  352,  321 }, {  323,  292 }, {   15,   15 }, {   78,   47 },
-    {  203,  172 }, {  264,  233 }, {  294,  263 }, {  324,  293 },
-    {  172,  141 }, {  353,  322 }, {  141,  110 }, {  234,  203 },
-    {  352,  352 }, {   47,   16 }, {  295,  264 }, {  110,   79 },
-    {  265,  234 }, {  354,  323 }, {  325,  294 }, {   79,   48 },
-    {   16,   16 }, {  204,  173 }, {  235,  204 }, {  173,  142 },
-    {  355,  324 }, {  384,  353 }, {  326,  295 }, {  142,  111 },
-    {  296,  265 }, {  266,  235 }, {  356,  325 }, {  385,  354 },
-    {  111,   80 }, {   48,   17 }, {  327,  296 }, {  297,  266 },
-    {  205,  174 }, {  384,  384 }, {  236,  205 }, {  357,  326 },
-    {  386,  355 }, {   80,   49 }, {  174,  143 }, {   17,   17 },
-    {  328,  297 }, {  358,  327 }, {  387,  356 }, {  298,  267 },
-    {  329,  298 }, {  388,  357 }, {  112,   81 }, {  416,  385 },
-    {  237,  206 }, {  359,  328 }, {   49,   18 }, {  206,  175 },
-    {  417,  386 }, {  389,  358 }, {  330,  299 }, {   18,   18 },
-    {  416,  416 }, {  360,  329 }, {   81,   50 }, {  418,  387 },
-    {  390,  359 }, {  238,  207 }, {   50,   19 }, {  361,  330 },
-    {  419,  388 }, {  113,   82 }, {  448,  417 }, {  448,  448 },
-    {  420,  389 }, {   82,   51 }, {  362,  331 }, {  449,  418 },
-    {  421,  390 }, {  480,  480 }, {  450,  419 }, {  422,  391 },
-    {  114,   83 }, {  451,  420 }, {  480,  449 }, {  452,  421 },
-    {  481,  450 }, {  453,  422 }, {  512,  512 }, {  482,  451 },
-    {  454,  423 }, {  512,  481 }, {  483,  452 }, {  513,  482 },
-    {  484,  453 }, {  514,  483 }, {  485,  454 }, {  544,  513 },
-    {  544,  544 }, {  486,  455 }, {  545,  514 }, {  546,  515 },
-    {  576,  576 }, {  576,  545 }, {  577,  546 }, {  578,  547 },
-    {  608,  577 }, {  609,  578 }, {  610,  579 }, {   19,   19 },
-    {  143,  112 }, {  267,  236 }, {  391,  360 }, {  515,  484 },
-    {  608,  608 }, {   20,   20 }, {   51,   20 }, {  144,  113 },
-    {  175,  144 }, {  268,  237 }, {  299,  268 }, {  392,  361 },
-    {  423,  392 }, {  516,  485 }, {  547,  516 }, {  640,  609 },
-    {  640,  640 }, {   21,   21 }, {   52,   21 }, {   83,   52 },
-    {  145,  114 }, {  176,  145 }, {  207,  176 }, {  269,  238 },
-    {  300,  269 }, {  331,  300 }, {  393,  362 }, {  424,  393 },
-    {  455,  424 }, {  517,  486 }, {  548,  517 }, {  579,  548 },
-    {  641,  610 }, {  672,  641 }, {  672,  672 }, {   22,   22 },
-    {   53,   22 }, {   84,   53 }, {  115,   84 }, {  146,  115 },
-    {  177,  146 }, {  208,  177 }, {  239,  208 }, {  270,  239 },
-    {  301,  270 }, {  332,  301 }, {  363,  332 }, {  394,  363 },
-    {  425,  394 }, {  456,  425 }, {  487,  456 }, {  518,  487 },
-    {  549,  518 }, {  580,  549 }, {  611,  580 }, {  642,  611 },
-    {  673,  642 }, {  704,  673 }, {  704,  704 }, {   54,   23 },
-    {   85,   54 }, {  116,   85 }, {  178,  147 }, {  209,  178 },
-    {  240,  209 }, {  302,  271 }, {  333,  302 }, {  364,  333 },
-    {  426,  395 }, {  457,  426 }, {  488,  457 }, {  550,  519 },
-    {  581,  550 }, {  612,  581 }, {  674,  643 }, {  705,  674 },
-    {  736,  705 }, {   86,   55 }, {  117,   86 }, {  210,  179 },
-    {  241,  210 }, {  334,  303 }, {  365,  334 }, {  458,  427 },
-    {  489,  458 }, {  582,  551 }, {  613,  582 }, {  706,  675 },
-    {  737,  706 }, {  118,   87 }, {  242,  211 }, {  366,  335 },
-    {  490,  459 }, {  614,  583 }, {  738,  707 }, {   23,   23 },
-    {  147,  116 }, {  271,  240 }, {  395,  364 }, {  519,  488 },
-    {  643,  612 }, {  736,  736 }, {   24,   24 }, {   55,   24 },
-    {  148,  117 }, {  179,  148 }, {  272,  241 }, {  303,  272 },
-    {  396,  365 }, {  427,  396 }, {  520,  489 }, {  551,  520 },
-    {  644,  613 }, {  675,  644 }, {  768,  737 }, {  768,  768 },
-    {   25,   25 }, {   56,   25 }, {   87,   56 }, {  149,  118 },
-    {  180,  149 }, {  211,  180 }, {  273,  242 }, {  304,  273 },
-    {  335,  304 }, {  397,  366 }, {  428,  397 }, {  459,  428 },
-    {  521,  490 }, {  552,  521 }, {  583,  552 }, {  645,  614 },
-    {  676,  645 }, {  707,  676 }, {  769,  738 }, {  800,  769 },
-    {  800,  800 }, {   26,   26 }, {   57,   26 }, {   88,   57 },
-    {  119,   88 }, {  150,  119 }, {  181,  150 }, {  212,  181 },
-    {  243,  212 }, {  274,  243 }, {  305,  274 }, {  336,  305 },
-    {  367,  336 }, {  398,  367 }, {  429,  398 }, {  460,  429 },
-    {  491,  460 }, {  522,  491 }, {  553,  522 }, {  584,  553 },
-    {  615,  584 }, {  646,  615 }, {  677,  646 }, {  708,  677 },
-    {  739,  708 }, {  770,  739 }, {  801,  770 }, {  832,  801 },
-    {  832,  832 }, {   58,   27 }, {   89,   58 }, {  120,   89 },
-    {  182,  151 }, {  213,  182 }, {  244,  213 }, {  306,  275 },
-    {  337,  306 }, {  368,  337 }, {  430,  399 }, {  461,  430 },
-    {  492,  461 }, {  554,  523 }, {  585,  554 }, {  616,  585 },
-    {  678,  647 }, {  709,  678 }, {  740,  709 }, {  802,  771 },
-    {  833,  802 }, {  864,  833 }, {   90,   59 }, {  121,   90 },
-    {  214,  183 }, {  245,  214 }, {  338,  307 }, {  369,  338 },
-    {  462,  431 }, {  493,  462 }, {  586,  555 }, {  617,  586 },
-    {  710,  679 }, {  741,  710 }, {  834,  803 }, {  865,  834 },
-    {  122,   91 }, {  246,  215 }, {  370,  339 }, {  494,  463 },
-    {  618,  587 }, {  742,  711 }, {  866,  835 }, {   27,   27 },
-    {  151,  120 }, {  275,  244 }, {  399,  368 }, {  523,  492 },
-    {  647,  616 }, {  771,  740 }, {  864,  864 }, {   28,   28 },
-    {   59,   28 }, {  152,  121 }, {  183,  152 }, {  276,  245 },
-    {  307,  276 }, {  400,  369 }, {  431,  400 }, {  524,  493 },
-    {  555,  524 }, {  648,  617 }, {  679,  648 }, {  772,  741 },
-    {  803,  772 }, {  896,  865 }, {  896,  896 }, {   29,   29 },
-    {   60,   29 }, {   91,   60 }, {  153,  122 }, {  184,  153 },
-    {  215,  184 }, {  277,  246 }, {  308,  277 }, {  339,  308 },
-    {  401,  370 }, {  432,  401 }, {  463,  432 }, {  525,  494 },
-    {  556,  525 }, {  587,  556 }, {  649,  618 }, {  680,  649 },
-    {  711,  680 }, {  773,  742 }, {  804,  773 }, {  835,  804 },
-    {  897,  866 }, {  928,  897 }, {  928,  928 }, {   30,   30 },
-    {   61,   30 }, {   92,   61 }, {  123,   92 }, {  154,  123 },
-    {  185,  154 }, {  216,  185 }, {  247,  216 }, {  278,  247 },
-    {  309,  278 }, {  340,  309 }, {  371,  340 }, {  402,  371 },
-    {  433,  402 }, {  464,  433 }, {  495,  464 }, {  526,  495 },
-    {  557,  526 }, {  588,  557 }, {  619,  588 }, {  650,  619 },
-    {  681,  650 }, {  712,  681 }, {  743,  712 }, {  774,  743 },
-    {  805,  774 }, {  836,  805 }, {  867,  836 }, {  898,  867 },
-    {  929,  898 }, {  960,  929 }, {  960,  960 }, {   62,   31 },
-    {   93,   62 }, {  124,   93 }, {  186,  155 }, {  217,  186 },
-    {  248,  217 }, {  310,  279 }, {  341,  310 }, {  372,  341 },
-    {  434,  403 }, {  465,  434 }, {  496,  465 }, {  558,  527 },
-    {  589,  558 }, {  620,  589 }, {  682,  651 }, {  713,  682 },
-    {  744,  713 }, {  806,  775 }, {  837,  806 }, {  868,  837 },
-    {  930,  899 }, {  961,  930 }, {  992,  961 }, {   94,   63 },
-    {  125,   94 }, {  218,  187 }, {  249,  218 }, {  342,  311 },
-    {  373,  342 }, {  466,  435 }, {  497,  466 }, {  590,  559 },
-    {  621,  590 }, {  714,  683 }, {  745,  714 }, {  838,  807 },
-    {  869,  838 }, {  962,  931 }, {  993,  962 }, {  126,   95 },
-    {  250,  219 }, {  374,  343 }, {  498,  467 }, {  622,  591 },
-    {  746,  715 }, {  870,  839 }, {  994,  963 }, {  155,  124 },
-    {  279,  248 }, {  403,  372 }, {  527,  496 }, {  651,  620 },
-    {  775,  744 }, {  899,  868 }, {  156,  125 }, {  187,  156 },
-    {  280,  249 }, {  311,  280 }, {  404,  373 }, {  435,  404 },
-    {  528,  497 }, {  559,  528 }, {  652,  621 }, {  683,  652 },
-    {  776,  745 }, {  807,  776 }, {  900,  869 }, {  931,  900 },
-    {  157,  126 }, {  188,  157 }, {  219,  188 }, {  281,  250 },
-    {  312,  281 }, {  343,  312 }, {  405,  374 }, {  436,  405 },
-    {  467,  436 }, {  529,  498 }, {  560,  529 }, {  591,  560 },
-    {  653,  622 }, {  684,  653 }, {  715,  684 }, {  777,  746 },
-    {  808,  777 }, {  839,  808 }, {  901,  870 }, {  932,  901 },
-    {  963,  932 }, {  158,  127 }, {  189,  158 }, {  220,  189 },
-    {  251,  220 }, {  282,  251 }, {  313,  282 }, {  344,  313 },
-    {  375,  344 }, {  406,  375 }, {  437,  406 }, {  468,  437 },
-    {  499,  468 }, {  530,  499 }, {  561,  530 }, {  592,  561 },
-    {  623,  592 }, {  654,  623 }, {  685,  654 }, {  716,  685 },
-    {  747,  716 }, {  778,  747 }, {  809,  778 }, {  840,  809 },
-    {  871,  840 }, {  902,  871 }, {  933,  902 }, {  964,  933 },
-    {  995,  964 }, {  190,  159 }, {  221,  190 }, {  252,  221 },
-    {  314,  283 }, {  345,  314 }, {  376,  345 }, {  438,  407 },
-    {  469,  438 }, {  500,  469 }, {  562,  531 }, {  593,  562 },
-    {  624,  593 }, {  686,  655 }, {  717,  686 }, {  748,  717 },
-    {  810,  779 }, {  841,  810 }, {  872,  841 }, {  934,  903 },
-    {  965,  934 }, {  996,  965 }, {  222,  191 }, {  253,  222 },
-    {  346,  315 }, {  377,  346 }, {  470,  439 }, {  501,  470 },
-    {  594,  563 }, {  625,  594 }, {  718,  687 }, {  749,  718 },
-    {  842,  811 }, {  873,  842 }, {  966,  935 }, {  997,  966 },
-    {  254,  223 }, {  378,  347 }, {  502,  471 }, {  626,  595 },
-    {  750,  719 }, {  874,  843 }, {  998,  967 }, {  283,  252 },
-    {  407,  376 }, {  531,  500 }, {  655,  624 }, {  779,  748 },
-    {  903,  872 }, {  284,  253 }, {  315,  284 }, {  408,  377 },
-    {  439,  408 }, {  532,  501 }, {  563,  532 }, {  656,  625 },
-    {  687,  656 }, {  780,  749 }, {  811,  780 }, {  904,  873 },
-    {  935,  904 }, {  285,  254 }, {  316,  285 }, {  347,  316 },
-    {  409,  378 }, {  440,  409 }, {  471,  440 }, {  533,  502 },
-    {  564,  533 }, {  595,  564 }, {  657,  626 }, {  688,  657 },
-    {  719,  688 }, {  781,  750 }, {  812,  781 }, {  843,  812 },
-    {  905,  874 }, {  936,  905 }, {  967,  936 }, {  286,  255 },
-    {  317,  286 }, {  348,  317 }, {  379,  348 }, {  410,  379 },
-    {  441,  410 }, {  472,  441 }, {  503,  472 }, {  534,  503 },
-    {  565,  534 }, {  596,  565 }, {  627,  596 }, {  658,  627 },
-    {  689,  658 }, {  720,  689 }, {  751,  720 }, {  782,  751 },
-    {  813,  782 }, {  844,  813 }, {  875,  844 }, {  906,  875 },
-    {  937,  906 }, {  968,  937 }, {  999,  968 }, {  318,  287 },
-    {  349,  318 }, {  380,  349 }, {  442,  411 }, {  473,  442 },
-    {  504,  473 }, {  566,  535 }, {  597,  566 }, {  628,  597 },
-    {  690,  659 }, {  721,  690 }, {  752,  721 }, {  814,  783 },
-    {  845,  814 }, {  876,  845 }, {  938,  907 }, {  969,  938 },
-    { 1000,  969 }, {  350,  319 }, {  381,  350 }, {  474,  443 },
-    {  505,  474 }, {  598,  567 }, {  629,  598 }, {  722,  691 },
-    {  753,  722 }, {  846,  815 }, {  877,  846 }, {  970,  939 },
-    { 1001,  970 }, {  382,  351 }, {  506,  475 }, {  630,  599 },
-    {  754,  723 }, {  878,  847 }, { 1002,  971 }, {  411,  380 },
-    {  535,  504 }, {  659,  628 }, {  783,  752 }, {  907,  876 },
-    {  412,  381 }, {  443,  412 }, {  536,  505 }, {  567,  536 },
-    {  660,  629 }, {  691,  660 }, {  784,  753 }, {  815,  784 },
-    {  908,  877 }, {  939,  908 }, {  413,  382 }, {  444,  413 },
-    {  475,  444 }, {  537,  506 }, {  568,  537 }, {  599,  568 },
-    {  661,  630 }, {  692,  661 }, {  723,  692 }, {  785,  754 },
-    {  816,  785 }, {  847,  816 }, {  909,  878 }, {  940,  909 },
-    {  971,  940 }, {  414,  383 }, {  445,  414 }, {  476,  445 },
-    {  507,  476 }, {  538,  507 }, {  569,  538 }, {  600,  569 },
-    {  631,  600 }, {  662,  631 }, {  693,  662 }, {  724,  693 },
-    {  755,  724 }, {  786,  755 }, {  817,  786 }, {  848,  817 },
-    {  879,  848 }, {  910,  879 }, {  941,  910 }, {  972,  941 },
-    { 1003,  972 }, {  446,  415 }, {  477,  446 }, {  508,  477 },
-    {  570,  539 }, {  601,  570 }, {  632,  601 }, {  694,  663 },
-    {  725,  694 }, {  756,  725 }, {  818,  787 }, {  849,  818 },
-    {  880,  849 }, {  942,  911 }, {  973,  942 }, { 1004,  973 },
-    {  478,  447 }, {  509,  478 }, {  602,  571 }, {  633,  602 },
-    {  726,  695 }, {  757,  726 }, {  850,  819 }, {  881,  850 },
-    {  974,  943 }, { 1005,  974 }, {  510,  479 }, {  634,  603 },
-    {  758,  727 }, {  882,  851 }, { 1006,  975 }, {  539,  508 },
-    {  663,  632 }, {  787,  756 }, {  911,  880 }, {  540,  509 },
-    {  571,  540 }, {  664,  633 }, {  695,  664 }, {  788,  757 },
-    {  819,  788 }, {  912,  881 }, {  943,  912 }, {  541,  510 },
-    {  572,  541 }, {  603,  572 }, {  665,  634 }, {  696,  665 },
-    {  727,  696 }, {  789,  758 }, {  820,  789 }, {  851,  820 },
-    {  913,  882 }, {  944,  913 }, {  975,  944 }, {  542,  511 },
-    {  573,  542 }, {  604,  573 }, {  635,  604 }, {  666,  635 },
-    {  697,  666 }, {  728,  697 }, {  759,  728 }, {  790,  759 },
-    {  821,  790 }, {  852,  821 }, {  883,  852 }, {  914,  883 },
-    {  945,  914 }, {  976,  945 }, { 1007,  976 }, {  574,  543 },
-    {  605,  574 }, {  636,  605 }, {  698,  667 }, {  729,  698 },
-    {  760,  729 }, {  822,  791 }, {  853,  822 }, {  884,  853 },
-    {  946,  915 }, {  977,  946 }, { 1008,  977 }, {  606,  575 },
-    {  637,  606 }, {  730,  699 }, {  761,  730 }, {  854,  823 },
-    {  885,  854 }, {  978,  947 }, { 1009,  978 }, {  638,  607 },
-    {  762,  731 }, {  886,  855 }, { 1010,  979 }, {  667,  636 },
-    {  791,  760 }, {  915,  884 }, {  668,  637 }, {  699,  668 },
-    {  792,  761 }, {  823,  792 }, {  916,  885 }, {  947,  916 },
-    {  669,  638 }, {  700,  669 }, {  731,  700 }, {  793,  762 },
-    {  824,  793 }, {  855,  824 }, {  917,  886 }, {  948,  917 },
-    {  979,  948 }, {  670,  639 }, {  701,  670 }, {  732,  701 },
-    {  763,  732 }, {  794,  763 }, {  825,  794 }, {  856,  825 },
-    {  887,  856 }, {  918,  887 }, {  949,  918 }, {  980,  949 },
-    { 1011,  980 }, {  702,  671 }, {  733,  702 }, {  764,  733 },
-    {  826,  795 }, {  857,  826 }, {  888,  857 }, {  950,  919 },
-    {  981,  950 }, { 1012,  981 }, {  734,  703 }, {  765,  734 },
-    {  858,  827 }, {  889,  858 }, {  982,  951 }, { 1013,  982 },
-    {  766,  735 }, {  890,  859 }, { 1014,  983 }, {  795,  764 },
-    {  919,  888 }, {  796,  765 }, {  827,  796 }, {  920,  889 },
-    {  951,  920 }, {  797,  766 }, {  828,  797 }, {  859,  828 },
-    {  921,  890 }, {  952,  921 }, {  983,  952 }, {  798,  767 },
-    {  829,  798 }, {  860,  829 }, {  891,  860 }, {  922,  891 },
-    {  953,  922 }, {  984,  953 }, { 1015,  984 }, {  830,  799 },
-    {  861,  830 }, {  892,  861 }, {  954,  923 }, {  985,  954 },
-    { 1016,  985 }, {  862,  831 }, {  893,  862 }, {  986,  955 },
-    { 1017,  986 }, {  894,  863 }, { 1018,  987 }, {  923,  892 },
-    {  924,  893 }, {  955,  924 }, {  925,  894 }, {  956,  925 },
-    {  987,  956 }, {  926,  895 }, {  957,  926 }, {  988,  957 },
-    { 1019,  988 }, {  958,  927 }, {  989,  958 }, { 1020,  989 },
-    {  990,  959 }, { 1021,  990 }, { 1022,  991 }, {    0,    0 },
-};
-
-static const int16_t (* const vp9_scans_nb[5][4])[2] = {
-    {
-        vp9_default_scan_4x4_nb, vp9_col_scan_4x4_nb,
-        vp9_row_scan_4x4_nb, vp9_default_scan_4x4_nb
-    }, {
-        vp9_default_scan_8x8_nb, vp9_col_scan_8x8_nb,
-        vp9_row_scan_8x8_nb, vp9_default_scan_8x8_nb
-    }, {
-        vp9_default_scan_16x16_nb, vp9_col_scan_16x16_nb,
-        vp9_row_scan_16x16_nb, vp9_default_scan_16x16_nb
-    }, {
-        vp9_default_scan_32x32_nb, vp9_default_scan_32x32_nb,
-        vp9_default_scan_32x32_nb, vp9_default_scan_32x32_nb
-    }, { // lossless
-        vp9_default_scan_4x4_nb, vp9_default_scan_4x4_nb,
-        vp9_default_scan_4x4_nb, vp9_default_scan_4x4_nb
-    }
-};
-
-static const uint8_t vp9_model_pareto8[256][8] = {
-    {   6,  86, 128,  11,  87,  42,  91,  52 },
-    {   3,  86, 128,   6,  86,  23,  88,  29 },
-    {   6,  86, 128,  11,  87,  42,  91,  52 },
-    {   9,  86, 129,  17,  88,  61,  94,  76 },
-    {  12,  86, 129,  22,  88,  77,  97,  93 },
-    {  15,  87, 129,  28,  89,  93, 100, 110 },
-    {  17,  87, 129,  33,  90, 105, 103, 123 },
-    {  20,  88, 130,  38,  91, 118, 106, 136 },
-    {  23,  88, 130,  43,  91, 128, 108, 146 },
-    {  26,  89, 131,  48,  92, 139, 111, 156 },
-    {  28,  89, 131,  53,  93, 147, 114, 163 },
-    {  31,  90, 131,  58,  94, 156, 117, 171 },
-    {  34,  90, 131,  62,  94, 163, 119, 177 },
-    {  37,  90, 132,  66,  95, 171, 122, 184 },
-    {  39,  90, 132,  70,  96, 177, 124, 189 },
-    {  42,  91, 132,  75,  97, 183, 127, 194 },
-    {  44,  91, 132,  79,  97, 188, 129, 198 },
-    {  47,  92, 133,  83,  98, 193, 132, 202 },
-    {  49,  92, 133,  86,  99, 197, 134, 205 },
-    {  52,  93, 133,  90, 100, 201, 137, 208 },
-    {  54,  93, 133,  94, 100, 204, 139, 211 },
-    {  57,  94, 134,  98, 101, 208, 142, 214 },
-    {  59,  94, 134, 101, 102, 211, 144, 216 },
-    {  62,  94, 135, 105, 103, 214, 146, 218 },
-    {  64,  94, 135, 108, 103, 216, 148, 220 },
-    {  66,  95, 135, 111, 104, 219, 151, 222 },
-    {  68,  95, 135, 114, 105, 221, 153, 223 },
-    {  71,  96, 136, 117, 106, 224, 155, 225 },
-    {  73,  96, 136, 120, 106, 225, 157, 226 },
-    {  76,  97, 136, 123, 107, 227, 159, 228 },
-    {  78,  97, 136, 126, 108, 229, 160, 229 },
-    {  80,  98, 137, 129, 109, 231, 162, 231 },
-    {  82,  98, 137, 131, 109, 232, 164, 232 },
-    {  84,  98, 138, 134, 110, 234, 166, 233 },
-    {  86,  98, 138, 137, 111, 235, 168, 234 },
-    {  89,  99, 138, 140, 112, 236, 170, 235 },
-    {  91,  99, 138, 142, 112, 237, 171, 235 },
-    {  93, 100, 139, 145, 113, 238, 173, 236 },
-    {  95, 100, 139, 147, 114, 239, 174, 237 },
-    {  97, 101, 140, 149, 115, 240, 176, 238 },
-    {  99, 101, 140, 151, 115, 241, 177, 238 },
-    { 101, 102, 140, 154, 116, 242, 179, 239 },
-    { 103, 102, 140, 156, 117, 242, 180, 239 },
-    { 105, 103, 141, 158, 118, 243, 182, 240 },
-    { 107, 103, 141, 160, 118, 243, 183, 240 },
-    { 109, 104, 141, 162, 119, 244, 185, 241 },
-    { 111, 104, 141, 164, 119, 244, 186, 241 },
-    { 113, 104, 142, 166, 120, 245, 187, 242 },
-    { 114, 104, 142, 168, 121, 245, 188, 242 },
-    { 116, 105, 143, 170, 122, 246, 190, 243 },
-    { 118, 105, 143, 171, 122, 246, 191, 243 },
-    { 120, 106, 143, 173, 123, 247, 192, 244 },
-    { 121, 106, 143, 175, 124, 247, 193, 244 },
-    { 123, 107, 144, 177, 125, 248, 195, 244 },
-    { 125, 107, 144, 178, 125, 248, 196, 244 },
-    { 127, 108, 145, 180, 126, 249, 197, 245 },
-    { 128, 108, 145, 181, 127, 249, 198, 245 },
-    { 130, 109, 145, 183, 128, 249, 199, 245 },
-    { 132, 109, 145, 184, 128, 249, 200, 245 },
-    { 134, 110, 146, 186, 129, 250, 201, 246 },
-    { 135, 110, 146, 187, 130, 250, 202, 246 },
-    { 137, 111, 147, 189, 131, 251, 203, 246 },
-    { 138, 111, 147, 190, 131, 251, 204, 246 },
-    { 140, 112, 147, 192, 132, 251, 205, 247 },
-    { 141, 112, 147, 193, 132, 251, 206, 247 },
-    { 143, 113, 148, 194, 133, 251, 207, 247 },
-    { 144, 113, 148, 195, 134, 251, 207, 247 },
-    { 146, 114, 149, 197, 135, 252, 208, 248 },
-    { 147, 114, 149, 198, 135, 252, 209, 248 },
-    { 149, 115, 149, 199, 136, 252, 210, 248 },
-    { 150, 115, 149, 200, 137, 252, 210, 248 },
-    { 152, 115, 150, 201, 138, 252, 211, 248 },
-    { 153, 115, 150, 202, 138, 252, 212, 248 },
-    { 155, 116, 151, 204, 139, 253, 213, 249 },
-    { 156, 116, 151, 205, 139, 253, 213, 249 },
-    { 158, 117, 151, 206, 140, 253, 214, 249 },
-    { 159, 117, 151, 207, 141, 253, 215, 249 },
-    { 161, 118, 152, 208, 142, 253, 216, 249 },
-    { 162, 118, 152, 209, 142, 253, 216, 249 },
-    { 163, 119, 153, 210, 143, 253, 217, 249 },
-    { 164, 119, 153, 211, 143, 253, 217, 249 },
-    { 166, 120, 153, 212, 144, 254, 218, 250 },
-    { 167, 120, 153, 212, 145, 254, 219, 250 },
-    { 168, 121, 154, 213, 146, 254, 220, 250 },
-    { 169, 121, 154, 214, 146, 254, 220, 250 },
-    { 171, 122, 155, 215, 147, 254, 221, 250 },
-    { 172, 122, 155, 216, 147, 254, 221, 250 },
-    { 173, 123, 155, 217, 148, 254, 222, 250 },
-    { 174, 123, 155, 217, 149, 254, 222, 250 },
-    { 176, 124, 156, 218, 150, 254, 223, 250 },
-    { 177, 124, 156, 219, 150, 254, 223, 250 },
-    { 178, 125, 157, 220, 151, 254, 224, 251 },
-    { 179, 125, 157, 220, 151, 254, 224, 251 },
-    { 180, 126, 157, 221, 152, 254, 225, 251 },
-    { 181, 126, 157, 221, 152, 254, 225, 251 },
-    { 183, 127, 158, 222, 153, 254, 226, 251 },
-    { 184, 127, 158, 223, 154, 254, 226, 251 },
-    { 185, 128, 159, 224, 155, 255, 227, 251 },
-    { 186, 128, 159, 224, 155, 255, 227, 251 },
-    { 187, 129, 160, 225, 156, 255, 228, 251 },
-    { 188, 130, 160, 225, 156, 255, 228, 251 },
-    { 189, 131, 160, 226, 157, 255, 228, 251 },
-    { 190, 131, 160, 226, 158, 255, 228, 251 },
-    { 191, 132, 161, 227, 159, 255, 229, 251 },
-    { 192, 132, 161, 227, 159, 255, 229, 251 },
-    { 193, 133, 162, 228, 160, 255, 230, 252 },
-    { 194, 133, 162, 229, 160, 255, 230, 252 },
-    { 195, 134, 163, 230, 161, 255, 231, 252 },
-    { 196, 134, 163, 230, 161, 255, 231, 252 },
-    { 197, 135, 163, 231, 162, 255, 231, 252 },
-    { 198, 135, 163, 231, 162, 255, 231, 252 },
-    { 199, 136, 164, 232, 163, 255, 232, 252 },
-    { 200, 136, 164, 232, 164, 255, 232, 252 },
-    { 201, 137, 165, 233, 165, 255, 233, 252 },
-    { 201, 137, 165, 233, 165, 255, 233, 252 },
-    { 202, 138, 166, 233, 166, 255, 233, 252 },
-    { 203, 138, 166, 233, 166, 255, 233, 252 },
-    { 204, 139, 166, 234, 167, 255, 234, 252 },
-    { 205, 139, 166, 234, 167, 255, 234, 252 },
-    { 206, 140, 167, 235, 168, 255, 235, 252 },
-    { 206, 140, 167, 235, 168, 255, 235, 252 },
-    { 207, 141, 168, 236, 169, 255, 235, 252 },
-    { 208, 141, 168, 236, 170, 255, 235, 252 },
-    { 209, 142, 169, 237, 171, 255, 236, 252 },
-    { 209, 143, 169, 237, 171, 255, 236, 252 },
-    { 210, 144, 169, 237, 172, 255, 236, 252 },
-    { 211, 144, 169, 237, 172, 255, 236, 252 },
-    { 212, 145, 170, 238, 173, 255, 237, 252 },
-    { 213, 145, 170, 238, 173, 255, 237, 252 },
-    { 214, 146, 171, 239, 174, 255, 237, 253 },
-    { 214, 146, 171, 239, 174, 255, 237, 253 },
-    { 215, 147, 172, 240, 175, 255, 238, 253 },
-    { 215, 147, 172, 240, 175, 255, 238, 253 },
-    { 216, 148, 173, 240, 176, 255, 238, 253 },
-    { 217, 148, 173, 240, 176, 255, 238, 253 },
-    { 218, 149, 173, 241, 177, 255, 239, 253 },
-    { 218, 149, 173, 241, 178, 255, 239, 253 },
-    { 219, 150, 174, 241, 179, 255, 239, 253 },
-    { 219, 151, 174, 241, 179, 255, 239, 253 },
-    { 220, 152, 175, 242, 180, 255, 240, 253 },
-    { 221, 152, 175, 242, 180, 255, 240, 253 },
-    { 222, 153, 176, 242, 181, 255, 240, 253 },
-    { 222, 153, 176, 242, 181, 255, 240, 253 },
-    { 223, 154, 177, 243, 182, 255, 240, 253 },
-    { 223, 154, 177, 243, 182, 255, 240, 253 },
-    { 224, 155, 178, 244, 183, 255, 241, 253 },
-    { 224, 155, 178, 244, 183, 255, 241, 253 },
-    { 225, 156, 178, 244, 184, 255, 241, 253 },
-    { 225, 157, 178, 244, 184, 255, 241, 253 },
-    { 226, 158, 179, 244, 185, 255, 242, 253 },
-    { 227, 158, 179, 244, 185, 255, 242, 253 },
-    { 228, 159, 180, 245, 186, 255, 242, 253 },
-    { 228, 159, 180, 245, 186, 255, 242, 253 },
-    { 229, 160, 181, 245, 187, 255, 242, 253 },
-    { 229, 160, 181, 245, 187, 255, 242, 253 },
-    { 230, 161, 182, 246, 188, 255, 243, 253 },
-    { 230, 162, 182, 246, 188, 255, 243, 253 },
-    { 231, 163, 183, 246, 189, 255, 243, 253 },
-    { 231, 163, 183, 246, 189, 255, 243, 253 },
-    { 232, 164, 184, 247, 190, 255, 243, 253 },
-    { 232, 164, 184, 247, 190, 255, 243, 253 },
-    { 233, 165, 185, 247, 191, 255, 244, 253 },
-    { 233, 165, 185, 247, 191, 255, 244, 253 },
-    { 234, 166, 185, 247, 192, 255, 244, 253 },
-    { 234, 167, 185, 247, 192, 255, 244, 253 },
-    { 235, 168, 186, 248, 193, 255, 244, 253 },
-    { 235, 168, 186, 248, 193, 255, 244, 253 },
-    { 236, 169, 187, 248, 194, 255, 244, 253 },
-    { 236, 169, 187, 248, 194, 255, 244, 253 },
-    { 236, 170, 188, 248, 195, 255, 245, 253 },
-    { 236, 170, 188, 248, 195, 255, 245, 253 },
-    { 237, 171, 189, 249, 196, 255, 245, 254 },
-    { 237, 172, 189, 249, 196, 255, 245, 254 },
-    { 238, 173, 190, 249, 197, 255, 245, 254 },
-    { 238, 173, 190, 249, 197, 255, 245, 254 },
-    { 239, 174, 191, 249, 198, 255, 245, 254 },
-    { 239, 174, 191, 249, 198, 255, 245, 254 },
-    { 240, 175, 192, 249, 199, 255, 246, 254 },
-    { 240, 176, 192, 249, 199, 255, 246, 254 },
-    { 240, 177, 193, 250, 200, 255, 246, 254 },
-    { 240, 177, 193, 250, 200, 255, 246, 254 },
-    { 241, 178, 194, 250, 201, 255, 246, 254 },
-    { 241, 178, 194, 250, 201, 255, 246, 254 },
-    { 242, 179, 195, 250, 202, 255, 246, 254 },
-    { 242, 180, 195, 250, 202, 255, 246, 254 },
-    { 242, 181, 196, 250, 203, 255, 247, 254 },
-    { 242, 181, 196, 250, 203, 255, 247, 254 },
-    { 243, 182, 197, 251, 204, 255, 247, 254 },
-    { 243, 183, 197, 251, 204, 255, 247, 254 },
-    { 244, 184, 198, 251, 205, 255, 247, 254 },
-    { 244, 184, 198, 251, 205, 255, 247, 254 },
-    { 244, 185, 199, 251, 206, 255, 247, 254 },
-    { 244, 185, 199, 251, 206, 255, 247, 254 },
-    { 245, 186, 200, 251, 207, 255, 247, 254 },
-    { 245, 187, 200, 251, 207, 255, 247, 254 },
-    { 246, 188, 201, 252, 207, 255, 248, 254 },
-    { 246, 188, 201, 252, 207, 255, 248, 254 },
-    { 246, 189, 202, 252, 208, 255, 248, 254 },
-    { 246, 190, 202, 252, 208, 255, 248, 254 },
-    { 247, 191, 203, 252, 209, 255, 248, 254 },
-    { 247, 191, 203, 252, 209, 255, 248, 254 },
-    { 247, 192, 204, 252, 210, 255, 248, 254 },
-    { 247, 193, 204, 252, 210, 255, 248, 254 },
-    { 248, 194, 205, 252, 211, 255, 248, 254 },
-    { 248, 194, 205, 252, 211, 255, 248, 254 },
-    { 248, 195, 206, 252, 212, 255, 249, 254 },
-    { 248, 196, 206, 252, 212, 255, 249, 254 },
-    { 249, 197, 207, 253, 213, 255, 249, 254 },
-    { 249, 197, 207, 253, 213, 255, 249, 254 },
-    { 249, 198, 208, 253, 214, 255, 249, 254 },
-    { 249, 199, 209, 253, 214, 255, 249, 254 },
-    { 250, 200, 210, 253, 215, 255, 249, 254 },
-    { 250, 200, 210, 253, 215, 255, 249, 254 },
-    { 250, 201, 211, 253, 215, 255, 249, 254 },
-    { 250, 202, 211, 253, 215, 255, 249, 254 },
-    { 250, 203, 212, 253, 216, 255, 249, 254 },
-    { 250, 203, 212, 253, 216, 255, 249, 254 },
-    { 251, 204, 213, 253, 217, 255, 250, 254 },
-    { 251, 205, 213, 253, 217, 255, 250, 254 },
-    { 251, 206, 214, 254, 218, 255, 250, 254 },
-    { 251, 206, 215, 254, 218, 255, 250, 254 },
-    { 252, 207, 216, 254, 219, 255, 250, 254 },
-    { 252, 208, 216, 254, 219, 255, 250, 254 },
-    { 252, 209, 217, 254, 220, 255, 250, 254 },
-    { 252, 210, 217, 254, 220, 255, 250, 254 },
-    { 252, 211, 218, 254, 221, 255, 250, 254 },
-    { 252, 212, 218, 254, 221, 255, 250, 254 },
-    { 253, 213, 219, 254, 222, 255, 250, 254 },
-    { 253, 213, 220, 254, 222, 255, 250, 254 },
-    { 253, 214, 221, 254, 223, 255, 250, 254 },
-    { 253, 215, 221, 254, 223, 255, 250, 254 },
-    { 253, 216, 222, 254, 224, 255, 251, 254 },
-    { 253, 217, 223, 254, 224, 255, 251, 254 },
-    { 253, 218, 224, 254, 225, 255, 251, 254 },
-    { 253, 219, 224, 254, 225, 255, 251, 254 },
-    { 254, 220, 225, 254, 225, 255, 251, 254 },
-    { 254, 221, 226, 254, 225, 255, 251, 254 },
-    { 254, 222, 227, 255, 226, 255, 251, 254 },
-    { 254, 223, 227, 255, 226, 255, 251, 254 },
-    { 254, 224, 228, 255, 227, 255, 251, 254 },
-    { 254, 225, 229, 255, 227, 255, 251, 254 },
-    { 254, 226, 230, 255, 228, 255, 251, 254 },
-    { 254, 227, 230, 255, 229, 255, 251, 254 },
-    { 255, 228, 231, 255, 230, 255, 251, 254 },
-    { 255, 229, 232, 255, 230, 255, 251, 254 },
-    { 255, 230, 233, 255, 231, 255, 252, 254 },
-    { 255, 231, 234, 255, 231, 255, 252, 254 },
-    { 255, 232, 235, 255, 232, 255, 252, 254 },
-    { 255, 233, 236, 255, 232, 255, 252, 254 },
-    { 255, 235, 237, 255, 233, 255, 252, 254 },
-    { 255, 236, 238, 255, 234, 255, 252, 254 },
-    { 255, 238, 240, 255, 235, 255, 252, 255 },
-    { 255, 239, 241, 255, 235, 255, 252, 254 },
-    { 255, 241, 243, 255, 236, 255, 252, 254 },
-    { 255, 243, 245, 255, 237, 255, 252, 254 },
-    { 255, 246, 247, 255, 239, 255, 253, 255 },
-};
-
-typedef struct {
-    uint8_t y_mode[4][9];
-    uint8_t uv_mode[10][9];
-    uint8_t filter[4][2];
-    uint8_t mv_mode[7][3];
-    uint8_t intra[4];
-    uint8_t comp[5];
-    uint8_t single_ref[5][2];
-    uint8_t comp_ref[5];
-    uint8_t tx32p[2][3];
-    uint8_t tx16p[2][2];
-    uint8_t tx8p[2];
-    uint8_t skip[3];
-    uint8_t mv_joint[3];
-    struct {
-        uint8_t sign;
-        uint8_t classes[10];
-        uint8_t class0;
-        uint8_t bits[10];
-        uint8_t class0_fp[2][3];
-        uint8_t fp[3];
-        uint8_t class0_hp;
-        uint8_t hp;
-    } mv_comp[2];
-    uint8_t partition[4][4][3];
-} prob_context;
-
-static const prob_context vp9_default_probs = {
-    { /* y_mode */
-        {  65,  32,  18, 144, 162, 194,  41,  51,  98 } /* bsize < 8x8 */,
-        { 132,  68,  18, 165, 217, 196,  45,  40,  78 } /* bsize < 16x16 */,
-        { 173,  80,  19, 176, 240, 193,  64,  35,  46 } /* bsize < 32x32 */,
-        { 221, 135,  38, 194, 248, 121,  96,  85,  29 } /* bsize >= 32x32 */
-    }, { /* uv_mode */
-        {  48,  12, 154, 155, 139,  90,  34, 117, 119 } /* y = v */,
-        {  67,   6,  25, 204, 243, 158,  13,  21,  96 } /* y = h */,
-        { 120,   7,  76, 176, 208, 126,  28,  54, 103 } /* y = dc */,
-        {  97,   5,  44, 131, 176, 139,  48,  68,  97 } /* y = d45 */,
-        {  83,   5,  42, 156, 111, 152,  26,  49, 152 } /* y = d135 */,
-        {  80,   5,  58, 178,  74,  83,  33,  62, 145 } /* y = d117 */,
-        {  86,   5,  32, 154, 192, 168,  14,  22, 163 } /* y = d153 */,
-        {  77,   7,  64, 116, 132, 122,  37, 126, 120 } /* y = d63 */,
-        {  85,   5,  32, 156, 216, 148,  19,  29,  73 } /* y = d27 */,
-        { 101,  21, 107, 181, 192, 103,  19,  67, 125 } /* y = tm */
-    }, { /* filter */
-        { 235, 162, },
-        {  36, 255, },
-        {  34,   3, },
-        { 149, 144, },
-    }, { /* mv_mode */
-        {  2, 173,  34},  // 0 = both zero mv
-        {  7, 145,  85},  // 1 = one zero mv + one a predicted mv
-        {  7, 166,  63},  // 2 = two predicted mvs
-        {  7,  94,  66},  // 3 = one predicted/zero and one new mv
-        {  8,  64,  46},  // 4 = two new mvs
-        { 17,  81,  31},  // 5 = one intra neighbour + x
-        { 25,  29,  30},  // 6 = two intra neighbours
-    }, { /* intra */
-        9, 102, 187, 225
-    }, { /* comp */
-        239, 183, 119,  96,  41
-    }, { /* single_ref */
-        {  33,  16 },
-        {  77,  74 },
-        { 142, 142 },
-        { 172, 170 },
-        { 238, 247 }
-    }, { /* comp_ref */
-        50, 126, 123, 221, 226
-    }, { /* tx32p */
-        { 3, 136, 37, },
-        { 5,  52, 13, },
-    }, { /* tx16p */
-        { 20, 152, },
-        { 15, 101, },
-    }, { /* tx8p */
-        100, 66
-    }, { /* skip */
-        192, 128, 64
-    }, { /* mv_joint */
-        32, 64, 96
-    }, {
-        { /* mv vertical component */
-            128, /* sign */
-            { 224, 144, 192, 168, 192, 176, 192, 198, 198, 245 }, /* class */
-            216, /* class0 */
-            { 136, 140, 148, 160, 176, 192, 224, 234, 234, 240}, /* bits */
-            { /* class0_fp */
-                { 128, 128, 64 },
-                {  96, 112, 64 }
-            },
-            { 64, 96, 64 }, /* fp */
-            160, /* class0_hp bit */
-            128, /* hp */
-        }, { /* mv horizontal component */
-            128, /* sign */
-            { 216, 128, 176, 160, 176, 176, 192, 198, 198, 208 }, /* class */
-            208, /* class0 */
-            { 136, 140, 148, 160, 176, 192, 224, 234, 234, 240 }, /* bits */
-            { /* class0_fp */
-                { 128, 128, 64 },
-                {  96, 112, 64 }
-            },
-            { 64, 96, 64 }, /* fp */
-            160, /* class0_hp bit */
-            128, /* hp */
-        }
-    }, { /* partition */
-        { /* 64x64 -> 32x32 */
-            { 222,  34,  30 } /* a/l both not split */,
-            {  72,  16,  44 } /* a split, l not split */,
-            {  58,  32,  12 } /* l split, a not split */,
-            {  10,   7,   6 } /* a/l both split */,
-        }, { /* 32x32 -> 16x16 */
-            { 177,  58,  59 } /* a/l both not split */,
-            {  68,  26,  63 } /* a split, l not split */,
-            {  52,  79,  25 } /* l split, a not split */,
-            {  17,  14,  12 } /* a/l both split */,
-        }, { /* 16x16 -> 8x8 */
-            { 174,  73,  87 } /* a/l both not split */,
-            {  92,  41,  83 } /* a split, l not split */,
-            {  82,  99,  50 } /* l split, a not split */,
-            {  53,  39,  39 } /* a/l both split */,
-        }, { /* 8x8 -> 4x4 */
-            { 199, 122, 141 } /* a/l both not split */,
-            { 147,  63, 159 } /* a split, l not split */,
-            { 148, 133, 118 } /* l split, a not split */,
-            { 121, 104, 114 } /* a/l both split */,
-        }
-    },
-};
-
-static const uint8_t vp9_default_coef_probs[4][2][2][6][6][3] = {
-    { /* tx = 4x4 */
-        { /* block Type 0 */
-            { /* Intra */
-                { /* Coeff Band 0 */
-                    { 195,  29, 183 },
-                    {  84,  49, 136 },
-                    {   8,  42,  71 }
-                }, { /* Coeff Band 1 */
-                    {  31, 107, 169 },
-                    {  35,  99, 159 },
-                    {  17,  82, 140 },
-                    {   8,  66, 114 },
-                    {   2,  44,  76 },
-                    {   1,  19,  32 }
-                }, { /* Coeff Band 2 */
-                    {  40, 132, 201 },
-                    {  29, 114, 187 },
-                    {  13,  91, 157 },
-                    {   7,  75, 127 },
-                    {   3,  58,  95 },
-                    {   1,  28,  47 }
-                }, { /* Coeff Band 3 */
-                    {  69, 142, 221 },
-                    {  42, 122, 201 },
-                    {  15,  91, 159 },
-                    {   6,  67, 121 },
-                    {   1,  42,  77 },
-                    {   1,  17,  31 }
-                }, { /* Coeff Band 4 */
-                    { 102, 148, 228 },
-                    {  67, 117, 204 },
-                    {  17,  82, 154 },
-                    {   6,  59, 114 },
-                    {   2,  39,  75 },
-                    {   1,  15,  29 }
-                }, { /* Coeff Band 5 */
-                    { 156,  57, 233 },
-                    { 119,  57, 212 },
-                    {  58,  48, 163 },
-                    {  29,  40, 124 },
-                    {  12,  30,  81 },
-                    {   3,  12,  31 }
-                }
-            }, { /* Inter */
-                { /* Coeff Band 0 */
-                    { 191, 107, 226 },
-                    { 124, 117, 204 },
-                    {  25,  99, 155 }
-                }, { /* Coeff Band 1 */
-                    {  29, 148, 210 },
-                    {  37, 126, 194 },
-                    {   8,  93, 157 },
-                    {   2,  68, 118 },
-                    {   1,  39,  69 },
-                    {   1,  17,  33 }
-                }, { /* Coeff Band 2 */
-                    {  41, 151, 213 },
-                    {  27, 123, 193 },
-                    {   3,  82, 144 },
-                    {   1,  58, 105 },
-                    {   1,  32,  60 },
-                    {   1,  13,  26 }
-                }, { /* Coeff Band 3 */
-                    {  59, 159, 220 },
-                    {  23, 126, 198 },
-                    {   4,  88, 151 },
-                    {   1,  66, 114 },
-                    {   1,  38,  71 },
-                    {   1,  18,  34 }
-                }, { /* Coeff Band 4 */
-                    { 114, 136, 232 },
-                    {  51, 114, 207 },
-                    {  11,  83, 155 },
-                    {   3,  56, 105 },
-                    {   1,  33,  65 },
-                    {   1,  17,  34 }
-                }, { /* Coeff Band 5 */
-                    { 149,  65, 234 },
-                    { 121,  57, 215 },
-                    {  61,  49, 166 },
-                    {  28,  36, 114 },
-                    {  12,  25,  76 },
-                    {   3,  16,  42 }
-                }
-            }
-        }, { /* block Type 1 */
-            { /* Intra */
-                { /* Coeff Band 0 */
-                    { 214,  49, 220 },
-                    { 132,  63, 188 },
-                    {  42,  65, 137 }
-                }, { /* Coeff Band 1 */
-                    {  85, 137, 221 },
-                    { 104, 131, 216 },
-                    {  49, 111, 192 },
-                    {  21,  87, 155 },
-                    {   2,  49,  87 },
-                    {   1,  16,  28 }
-                }, { /* Coeff Band 2 */
-                    {  89, 163, 230 },
-                    {  90, 137, 220 },
-                    {  29, 100, 183 },
-                    {  10,  70, 135 },
-                    {   2,  42,  81 },
-                    {   1,  17,  33 }
-                }, { /* Coeff Band 3 */
-                    { 108, 167, 237 },
-                    {  55, 133, 222 },
-                    {  15,  97, 179 },
-                    {   4,  72, 135 },
-                    {   1,  45,  85 },
-                    {   1,  19,  38 }
-                }, { /* Coeff Band 4 */
-                    { 124, 146, 240 },
-                    {  66, 124, 224 },
-                    {  17,  88, 175 },
-                    {   4,  58, 122 },
-                    {   1,  36,  75 },
-                    {   1,  18,  37 }
-                }, { /* Coeff Band 5 */
-                    { 141,  79, 241 },
-                    { 126,  70, 227 },
-                    {  66,  58, 182 },
-                    {  30,  44, 136 },
-                    {  12,  34,  96 },
-                    {   2,  20,  47 }
-                }
-            }, { /* Inter */
-                { /* Coeff Band 0 */
-                    { 229,  99, 249 },
-                    { 143, 111, 235 },
-                    {  46, 109, 192 }
-                }, { /* Coeff Band 1 */
-                    {  82, 158, 236 },
-                    {  94, 146, 224 },
-                    {  25, 117, 191 },
-                    {   9,  87, 149 },
-                    {   3,  56,  99 },
-                    {   1,  33,  57 }
-                }, { /* Coeff Band 2 */
-                    {  83, 167, 237 },
-                    {  68, 145, 222 },
-                    {  10, 103, 177 },
-                    {   2,  72, 131 },
-                    {   1,  41,  79 },
-                    {   1,  20,  39 }
-                }, { /* Coeff Band 3 */
-                    {  99, 167, 239 },
-                    {  47, 141, 224 },
-                    {  10, 104, 178 },
-                    {   2,  73, 133 },
-                    {   1,  44,  85 },
-                    {   1,  22,  47 }
-                }, { /* Coeff Band 4 */
-                    { 127, 145, 243 },
-                    {  71, 129, 228 },
-                    {  17,  93, 177 },
-                    {   3,  61, 124 },
-                    {   1,  41,  84 },
-                    {   1,  21,  52 }
-                }, { /* Coeff Band 5 */
-                    { 157,  78, 244 },
-                    { 140,  72, 231 },
-                    {  69,  58, 184 },
-                    {  31,  44, 137 },
-                    {  14,  38, 105 },
-                    {   8,  23,  61 }
-                }
-            }
-        }
-    }, { /* tx = 8x8 */
-        { /* block Type 0 */
-            { /* Intra */
-                { /* Coeff Band 0 */
-                    { 125,  34, 187 },
-                    {  52,  41, 133 },
-                    {   6,  31,  56 }
-                }, { /* Coeff Band 1 */
-                    {  37, 109, 153 },
-                    {  51, 102, 147 },
-                    {  23,  87, 128 },
-                    {   8,  67, 101 },
-                    {   1,  41,  63 },
-                    {   1,  19,  29 }
-                }, { /* Coeff Band 2 */
-                    {  31, 154, 185 },
-                    {  17, 127, 175 },
-                    {   6,  96, 145 },
-                    {   2,  73, 114 },
-                    {   1,  51,  82 },
-                    {   1,  28,  45 }
-                }, { /* Coeff Band 3 */
-                    {  23, 163, 200 },
-                    {  10, 131, 185 },
-                    {   2,  93, 148 },
-                    {   1,  67, 111 },
-                    {   1,  41,  69 },
-                    {   1,  14,  24 }
-                }, { /* Coeff Band 4 */
-                    {  29, 176, 217 },
-                    {  12, 145, 201 },
-                    {   3, 101, 156 },
-                    {   1,  69, 111 },
-                    {   1,  39,  63 },
-                    {   1,  14,  23 }
-                }, { /* Coeff Band 5 */
-                    {  57, 192, 233 },
-                    {  25, 154, 215 },
-                    {   6, 109, 167 },
-                    {   3,  78, 118 },
-                    {   1,  48,  69 },
-                    {   1,  21,  29 }
-                }
-            }, { /* Inter */
-                { /* Coeff Band 0 */
-                    { 202, 105, 245 },
-                    { 108, 106, 216 },
-                    {  18,  90, 144 }
-                }, { /* Coeff Band 1 */
-                    {  33, 172, 219 },
-                    {  64, 149, 206 },
-                    {  14, 117, 177 },
-                    {   5,  90, 141 },
-                    {   2,  61,  95 },
-                    {   1,  37,  57 }
-                }, { /* Coeff Band 2 */
-                    {  33, 179, 220 },
-                    {  11, 140, 198 },
-                    {   1,  89, 148 },
-                    {   1,  60, 104 },
-                    {   1,  33,  57 },
-                    {   1,  12,  21 }
-                }, { /* Coeff Band 3 */
-                    {  30, 181, 221 },
-                    {   8, 141, 198 },
-                    {   1,  87, 145 },
-                    {   1,  58, 100 },
-                    {   1,  31,  55 },
-                    {   1,  12,  20 }
-                }, { /* Coeff Band 4 */
-                    {  32, 186, 224 },
-                    {   7, 142, 198 },
-                    {   1,  86, 143 },
-                    {   1,  58, 100 },
-                    {   1,  31,  55 },
-                    {   1,  12,  22 }
-                }, { /* Coeff Band 5 */
-                    {  57, 192, 227 },
-                    {  20, 143, 204 },
-                    {   3,  96, 154 },
-                    {   1,  68, 112 },
-                    {   1,  42,  69 },
-                    {   1,  19,  32 }
-                }
-            }
-        }, { /* block Type 1 */
-            { /* Intra */
-                { /* Coeff Band 0 */
-                    { 212,  35, 215 },
-                    { 113,  47, 169 },
-                    {  29,  48, 105 }
-                }, { /* Coeff Band 1 */
-                    {  74, 129, 203 },
-                    { 106, 120, 203 },
-                    {  49, 107, 178 },
-                    {  19,  84, 144 },
-                    {   4,  50,  84 },
-                    {   1,  15,  25 }
-                }, { /* Coeff Band 2 */
-                    {  71, 172, 217 },
-                    {  44, 141, 209 },
-                    {  15, 102, 173 },
-                    {   6,  76, 133 },
-                    {   2,  51,  89 },
-                    {   1,  24,  42 }
-                }, { /* Coeff Band 3 */
-                    {  64, 185, 231 },
-                    {  31, 148, 216 },
-                    {   8, 103, 175 },
-                    {   3,  74, 131 },
-                    {   1,  46,  81 },
-                    {   1,  18,  30 }
-                }, { /* Coeff Band 4 */
-                    {  65, 196, 235 },
-                    {  25, 157, 221 },
-                    {   5, 105, 174 },
-                    {   1,  67, 120 },
-                    {   1,  38,  69 },
-                    {   1,  15,  30 }
-                }, { /* Coeff Band 5 */
-                    {  65, 204, 238 },
-                    {  30, 156, 224 },
-                    {   7, 107, 177 },
-                    {   2,  70, 124 },
-                    {   1,  42,  73 },
-                    {   1,  18,  34 }
-                }
-            }, { /* Inter */
-                { /* Coeff Band 0 */
-                    { 225,  86, 251 },
-                    { 144, 104, 235 },
-                    {  42,  99, 181 }
-                }, { /* Coeff Band 1 */
-                    {  85, 175, 239 },
-                    { 112, 165, 229 },
-                    {  29, 136, 200 },
-                    {  12, 103, 162 },
-                    {   6,  77, 123 },
-                    {   2,  53,  84 }
-                }, { /* Coeff Band 2 */
-                    {  75, 183, 239 },
-                    {  30, 155, 221 },
-                    {   3, 106, 171 },
-                    {   1,  74, 128 },
-                    {   1,  44,  76 },
-                    {   1,  17,  28 }
-                }, { /* Coeff Band 3 */
-                    {  73, 185, 240 },
-                    {  27, 159, 222 },
-                    {   2, 107, 172 },
-                    {   1,  75, 127 },
-                    {   1,  42,  73 },
-                    {   1,  17,  29 }
-                }, { /* Coeff Band 4 */
-                    {  62, 190, 238 },
-                    {  21, 159, 222 },
-                    {   2, 107, 172 },
-                    {   1,  72, 122 },
-                    {   1,  40,  71 },
-                    {   1,  18,  32 }
-                }, { /* Coeff Band 5 */
-                    {  61, 199, 240 },
-                    {  27, 161, 226 },
-                    {   4, 113, 180 },
-                    {   1,  76, 129 },
-                    {   1,  46,  80 },
-                    {   1,  23,  41 }
-                }
-            }
-        }
-    }, { /* tx = 16x16 */
-        { /* block Type 0 */
-            { /* Intra */
-                { /* Coeff Band 0 */
-                    {   7,  27, 153 },
-                    {   5,  30,  95 },
-                    {   1,  16,  30 }
-                }, { /* Coeff Band 1 */
-                    {  50,  75, 127 },
-                    {  57,  75, 124 },
-                    {  27,  67, 108 },
-                    {  10,  54,  86 },
-                    {   1,  33,  52 },
-                    {   1,  12,  18 }
-                }, { /* Coeff Band 2 */
-                    {  43, 125, 151 },
-                    {  26, 108, 148 },
-                    {   7,  83, 122 },
-                    {   2,  59,  89 },
-                    {   1,  38,  60 },
-                    {   1,  17,  27 }
-                }, { /* Coeff Band 3 */
-                    {  23, 144, 163 },
-                    {  13, 112, 154 },
-                    {   2,  75, 117 },
-                    {   1,  50,  81 },
-                    {   1,  31,  51 },
-                    {   1,  14,  23 }
-                }, { /* Coeff Band 4 */
-                    {  18, 162, 185 },
-                    {   6, 123, 171 },
-                    {   1,  78, 125 },
-                    {   1,  51,  86 },
-                    {   1,  31,  54 },
-                    {   1,  14,  23 }
-                }, { /* Coeff Band 5 */
-                    {  15, 199, 227 },
-                    {   3, 150, 204 },
-                    {   1,  91, 146 },
-                    {   1,  55,  95 },
-                    {   1,  30,  53 },
-                    {   1,  11,  20 }
-                }
-            }, { /* Inter */
-                { /* Coeff Band 0 */
-                    {  19,  55, 240 },
-                    {  19,  59, 196 },
-                    {   3,  52, 105 }
-                }, { /* Coeff Band 1 */
-                    {  41, 166, 207 },
-                    { 104, 153, 199 },
-                    {  31, 123, 181 },
-                    {  14, 101, 152 },
-                    {   5,  72, 106 },
-                    {   1,  36,  52 }
-                }, { /* Coeff Band 2 */
-                    {  35, 176, 211 },
-                    {  12, 131, 190 },
-                    {   2,  88, 144 },
-                    {   1,  60, 101 },
-                    {   1,  36,  60 },
-                    {   1,  16,  28 }
-                }, { /* Coeff Band 3 */
-                    {  28, 183, 213 },
-                    {   8, 134, 191 },
-                    {   1,  86, 142 },
-                    {   1,  56,  96 },
-                    {   1,  30,  53 },
-                    {   1,  12,  20 }
-                }, { /* Coeff Band 4 */
-                    {  20, 190, 215 },
-                    {   4, 135, 192 },
-                    {   1,  84, 139 },
-                    {   1,  53,  91 },
-                    {   1,  28,  49 },
-                    {   1,  11,  20 }
-                }, { /* Coeff Band 5 */
-                    {  13, 196, 216 },
-                    {   2, 137, 192 },
-                    {   1,  86, 143 },
-                    {   1,  57,  99 },
-                    {   1,  32,  56 },
-                    {   1,  13,  24 }
-                }
-            }
-        }, { /* block Type 1 */
-            { /* Intra */
-                { /* Coeff Band 0 */
-                    { 211,  29, 217 },
-                    {  96,  47, 156 },
-                    {  22,  43,  87 }
-                }, { /* Coeff Band 1 */
-                    {  78, 120, 193 },
-                    { 111, 116, 186 },
-                    {  46, 102, 164 },
-                    {  15,  80, 128 },
-                    {   2,  49,  76 },
-                    {   1,  18,  28 }
-                }, { /* Coeff Band 2 */
-                    {  71, 161, 203 },
-                    {  42, 132, 192 },
-                    {  10,  98, 150 },
-                    {   3,  69, 109 },
-                    {   1,  44,  70 },
-                    {   1,  18,  29 }
-                }, { /* Coeff Band 3 */
-                    {  57, 186, 211 },
-                    {  30, 140, 196 },
-                    {   4,  93, 146 },
-                    {   1,  62, 102 },
-                    {   1,  38,  65 },
-                    {   1,  16,  27 }
-                }, { /* Coeff Band 4 */
-                    {  47, 199, 217 },
-                    {  14, 145, 196 },
-                    {   1,  88, 142 },
-                    {   1,  57,  98 },
-                    {   1,  36,  62 },
-                    {   1,  15,  26 }
-                }, { /* Coeff Band 5 */
-                    {  26, 219, 229 },
-                    {   5, 155, 207 },
-                    {   1,  94, 151 },
-                    {   1,  60, 104 },
-                    {   1,  36,  62 },
-                    {   1,  16,  28 }
-                }
-            }, { /* Inter */
-                { /* Coeff Band 0 */
-                    { 233,  29, 248 },
-                    { 146,  47, 220 },
-                    {  43,  52, 140 }
-                }, { /* Coeff Band 1 */
-                    { 100, 163, 232 },
-                    { 179, 161, 222 },
-                    {  63, 142, 204 },
-                    {  37, 113, 174 },
-                    {  26,  89, 137 },
-                    {  18,  68,  97 }
-                }, { /* Coeff Band 2 */
-                    {  85, 181, 230 },
-                    {  32, 146, 209 },
-                    {   7, 100, 164 },
-                    {   3,  71, 121 },
-                    {   1,  45,  77 },
-                    {   1,  18,  30 }
-                }, { /* Coeff Band 3 */
-                    {  65, 187, 230 },
-                    {  20, 148, 207 },
-                    {   2,  97, 159 },
-                    {   1,  68, 116 },
-                    {   1,  40,  70 },
-                    {   1,  14,  29 }
-                }, { /* Coeff Band 4 */
-                    {  40, 194, 227 },
-                    {   8, 147, 204 },
-                    {   1,  94, 155 },
-                    {   1,  65, 112 },
-                    {   1,  39,  66 },
-                    {   1,  14,  26 }
-                }, { /* Coeff Band 5 */
-                    {  16, 208, 228 },
-                    {   3, 151, 207 },
-                    {   1,  98, 160 },
-                    {   1,  67, 117 },
-                    {   1,  41,  74 },
-                    {   1,  17,  31 }
-                }
-            }
-        }
-    }, { /* tx = 32x32 */
-        { /* block Type 0 */
-            { /* Intra */
-                { /* Coeff Band 0 */
-                    {  17,  38, 140 },
-                    {   7,  34,  80 },
-                    {   1,  17,  29 }
-                }, { /* Coeff Band 1 */
-                    {  37,  75, 128 },
-                    {  41,  76, 128 },
-                    {  26,  66, 116 },
-                    {  12,  52,  94 },
-                    {   2,  32,  55 },
-                    {   1,  10,  16 }
-                }, { /* Coeff Band 2 */
-                    {  50, 127, 154 },
-                    {  37, 109, 152 },
-                    {  16,  82, 121 },
-                    {   5,  59,  85 },
-                    {   1,  35,  54 },
-                    {   1,  13,  20 }
-                }, { /* Coeff Band 3 */
-                    {  40, 142, 167 },
-                    {  17, 110, 157 },
-                    {   2,  71, 112 },
-                    {   1,  44,  72 },
-                    {   1,  27,  45 },
-                    {   1,  11,  17 }
-                }, { /* Coeff Band 4 */
-                    {  30, 175, 188 },
-                    {   9, 124, 169 },
-                    {   1,  74, 116 },
-                    {   1,  48,  78 },
-                    {   1,  30,  49 },
-                    {   1,  11,  18 }
-                }, { /* Coeff Band 5 */
-                    {  10, 222, 223 },
-                    {   2, 150, 194 },
-                    {   1,  83, 128 },
-                    {   1,  48,  79 },
-                    {   1,  27,  45 },
-                    {   1,  11,  17 }
-                }
-            }, { /* Inter */
-                { /* Coeff Band 0 */
-                    {  36,  41, 235 },
-                    {  29,  36, 193 },
-                    {  10,  27, 111 }
-                }, { /* Coeff Band 1 */
-                    {  85, 165, 222 },
-                    { 177, 162, 215 },
-                    { 110, 135, 195 },
-                    {  57, 113, 168 },
-                    {  23,  83, 120 },
-                    {  10,  49,  61 }
-                }, { /* Coeff Band 2 */
-                    {  85, 190, 223 },
-                    {  36, 139, 200 },
-                    {   5,  90, 146 },
-                    {   1,  60, 103 },
-                    {   1,  38,  65 },
-                    {   1,  18,  30 }
-                }, { /* Coeff Band 3 */
-                    {  72, 202, 223 },
-                    {  23, 141, 199 },
-                    {   2,  86, 140 },
-                    {   1,  56,  97 },
-                    {   1,  36,  61 },
-                    {   1,  16,  27 }
-                }, { /* Coeff Band 4 */
-                    {  55, 218, 225 },
-                    {  13, 145, 200 },
-                    {   1,  86, 141 },
-                    {   1,  57,  99 },
-                    {   1,  35,  61 },
-                    {   1,  13,  22 }
-                }, { /* Coeff Band 5 */
-                    {  15, 235, 212 },
-                    {   1, 132, 184 },
-                    {   1,  84, 139 },
-                    {   1,  57,  97 },
-                    {   1,  34,  56 },
-                    {   1,  14,  23 }
-                }
-            }
-        }, { /* block Type 1 */
-            { /* Intra */
-                { /* Coeff Band 0 */
-                    { 181,  21, 201 },
-                    {  61,  37, 123 },
-                    {  10,  38,  71 }
-                }, { /* Coeff Band 1 */
-                    {  47, 106, 172 },
-                    {  95, 104, 173 },
-                    {  42,  93, 159 },
-                    {  18,  77, 131 },
-                    {   4,  50,  81 },
-                    {   1,  17,  23 }
-                }, { /* Coeff Band 2 */
-                    {  62, 147, 199 },
-                    {  44, 130, 189 },
-                    {  28, 102, 154 },
-                    {  18,  75, 115 },
-                    {   2,  44,  65 },
-                    {   1,  12,  19 }
-                }, { /* Coeff Band 3 */
-                    {  55, 153, 210 },
-                    {  24, 130, 194 },
-                    {   3,  93, 146 },
-                    {   1,  61,  97 },
-                    {   1,  31,  50 },
-                    {   1,  10,  16 }
-                }, { /* Coeff Band 4 */
-                    {  49, 186, 223 },
-                    {  17, 148, 204 },
-                    {   1,  96, 142 },
-                    {   1,  53,  83 },
-                    {   1,  26,  44 },
-                    {   1,  11,  17 }
-                }, { /* Coeff Band 5 */
-                    {  13, 217, 212 },
-                    {   2, 136, 180 },
-                    {   1,  78, 124 },
-                    {   1,  50,  83 },
-                    {   1,  29,  49 },
-                    {   1,  14,  23 }
-                }
-            }, { /* Inter */
-                { /* Coeff Band 0 */
-                    { 197,  13, 247 },
-                    {  82,  17, 222 },
-                    {  25,  17, 162 }
-                }, { /* Coeff Band 1 */
-                    { 126, 186, 247 },
-                    { 234, 191, 243 },
-                    { 176, 177, 234 },
-                    { 104, 158, 220 },
-                    {  66, 128, 186 },
-                    {  55,  90, 137 }
-                }, { /* Coeff Band 2 */
-                    { 111, 197, 242 },
-                    {  46, 158, 219 },
-                    {   9, 104, 171 },
-                    {   2,  65, 125 },
-                    {   1,  44,  80 },
-                    {   1,  17,  91 }
-                }, { /* Coeff Band 3 */
-                    { 104, 208, 245 },
-                    {  39, 168, 224 },
-                    {   3, 109, 162 },
-                    {   1,  79, 124 },
-                    {   1,  50, 102 },
-                    {   1,  43, 102 }
-                }, { /* Coeff Band 4 */
-                    {  84, 220, 246 },
-                    {  31, 177, 231 },
-                    {   2, 115, 180 },
-                    {   1,  79, 134 },
-                    {   1,  55,  77 },
-                    {   1,  60,  79 }
-                }, { /* Coeff Band 5 */
-                    {  43, 243, 240 },
-                    {   8, 180, 217 },
-                    {   1, 115, 166 },
-                    {   1,  84, 121 },
-                    {   1,  51,  67 },
-                    {   1,  16,   6 }
-                }
-            }
-        }
-    }
-};
-
-enum MVJoint {
-    MV_JOINT_ZERO,
-    MV_JOINT_H,
-    MV_JOINT_V,
-    MV_JOINT_HV,
-};
-
-static const int8_t vp9_mv_joint_tree[3][2] = {
-    { -MV_JOINT_ZERO, 1 },           // '0'
-     { -MV_JOINT_H, 2 },             // '10'
-      { -MV_JOINT_V, -MV_JOINT_HV }, // '11x'
-};
-
-static const int8_t vp9_mv_class_tree[10][2] = {
-    { -0, 1 },         // '0'
-     { -1, 2 },        // '10'
-      { 3, 4 },
-       { -2, -3 },     // '110x'
-       { 5, 6 },
-        { -4, -5 },    // '1110x'
-        { -6, 7 },     // '11110'
-         { 8, 9 },
-          { -7, -8 },  // '111110x'
-          { -9, -10 }, // '111111x'
-};
-
-static const int8_t vp9_mv_fp_tree[3][2] = {
-    { -0, 1 },    // '0'
-     { -1, 2 },   // '10'
-      { -2, -3 }, // '11x'
-};
+#include "vp9dec.h"
+
+extern const uint8_t ff_vp9_bwh_tab[2][N_BS_SIZES][2];
+extern const int8_t ff_vp9_partition_tree[3][2];
+extern const uint8_t ff_vp9_default_kf_partition_probs[4][4][3];
+extern const int8_t ff_vp9_segmentation_tree[7][2];
+extern const int8_t ff_vp9_intramode_tree[9][2];
+extern const uint8_t ff_vp9_default_kf_ymode_probs[10][10][9];
+extern const uint8_t ff_vp9_default_kf_uvmode_probs[10][9];
+extern const int8_t ff_vp9_inter_mode_tree[3][2];
+extern const int8_t ff_vp9_filter_tree[2][2];
+extern const enum FilterMode ff_vp9_filter_lut[3];
+extern const int16_t ff_vp9_dc_qlookup[3][256];
+extern const int16_t ff_vp9_ac_qlookup[3][256];
+extern const enum TxfmType ff_vp9_intra_txfm_type[14];
+extern const int16_t ff_vp9_default_scan_4x4[16];
+extern const int16_t ff_vp9_col_scan_4x4[16];
+extern const int16_t ff_vp9_row_scan_4x4[16];
+extern const int16_t ff_vp9_default_scan_8x8[64];
+extern const int16_t ff_vp9_col_scan_8x8[64];
+extern const int16_t ff_vp9_row_scan_8x8[64];
+extern const int16_t ff_vp9_default_scan_16x16[256];
+extern const int16_t ff_vp9_col_scan_16x16[256];
+extern const int16_t ff_vp9_row_scan_16x16[256];
+extern const int16_t ff_vp9_default_scan_32x32[1024];
+extern const int16_t * const ff_vp9_scans[5][4];
+extern const int16_t ff_vp9_default_scan_4x4_nb[16][2];
+extern const int16_t ff_vp9_col_scan_4x4_nb[16][2];
+extern const int16_t ff_vp9_row_scan_4x4_nb[16][2];
+extern const int16_t ff_vp9_default_scan_8x8_nb[64][2];
+extern const int16_t ff_vp9_col_scan_8x8_nb[64][2];
+extern const int16_t ff_vp9_row_scan_8x8_nb[64][2];
+extern const int16_t ff_vp9_default_scan_16x16_nb[256][2];
+extern const int16_t ff_vp9_col_scan_16x16_nb[256][2];
+extern const int16_t ff_vp9_row_scan_16x16_nb[256][2];
+extern const int16_t ff_vp9_default_scan_32x32_nb[1024][2];
+extern const int16_t (* const ff_vp9_scans_nb[5][4])[2];
+extern const uint8_t ff_vp9_model_pareto8[256][8];
+extern const ProbContext ff_vp9_default_probs;
+extern const uint8_t ff_vp9_default_coef_probs[4][2][2][6][6][3];
+extern const int8_t ff_vp9_mv_joint_tree[3][2];
+extern const int8_t ff_vp9_mv_class_tree[10][2];
+extern const int8_t ff_vp9_mv_fp_tree[3][2];
 
 #endif /* AVCODEC_VP9DATA_H */
diff --git a/media/ffvpx/libavcodec/vp9dec.h b/media/ffvpx/libavcodec/vp9dec.h
new file mode 100644
index 000000000..66573edc7
--- /dev/null
+++ b/media/ffvpx/libavcodec/vp9dec.h
@@ -0,0 +1,240 @@
+/*
+ * VP9 compatible video decoder
+ *
+ * Copyright (C) 2013 Ronald S. Bultje <rsbultje gmail com>
+ * Copyright (C) 2013 Clément Bœsch <u pkh me>
+ *
+ * This file is part of FFmpeg.
+ *
+ * FFmpeg is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * FFmpeg is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with FFmpeg; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#ifndef AVCODEC_VP9DEC_H
+#define AVCODEC_VP9DEC_H
+
+#include <stddef.h>
+#include <stdint.h>
+#include <stdatomic.h>
+
+#include "libavutil/buffer.h"
+#include "libavutil/thread.h"
+#include "libavutil/internal.h"
+
+#include "vp9.h"
+#include "vp9dsp.h"
+#include "vp9shared.h"
+
+enum MVJoint {
+    MV_JOINT_ZERO,
+    MV_JOINT_H,
+    MV_JOINT_V,
+    MV_JOINT_HV,
+};
+
+typedef struct ProbContext {
+    uint8_t y_mode[4][9];
+    uint8_t uv_mode[10][9];
+    uint8_t filter[4][2];
+    uint8_t mv_mode[7][3];
+    uint8_t intra[4];
+    uint8_t comp[5];
+    uint8_t single_ref[5][2];
+    uint8_t comp_ref[5];
+    uint8_t tx32p[2][3];
+    uint8_t tx16p[2][2];
+    uint8_t tx8p[2];
+    uint8_t skip[3];
+    uint8_t mv_joint[3];
+    struct {
+        uint8_t sign;
+        uint8_t classes[10];
+        uint8_t class0;
+        uint8_t bits[10];
+        uint8_t class0_fp[2][3];
+        uint8_t fp[3];
+        uint8_t class0_hp;
+        uint8_t hp;
+    } mv_comp[2];
+    uint8_t partition[4][4][3];
+} ProbContext;
+
+typedef struct VP9Filter {
+    uint8_t level[8 * 8];
+    uint8_t /* bit=col */ mask[2 /* 0=y, 1=uv */][2 /* 0=col, 1=row */]
+                              [8 /* rows */][4 /* 0=16, 1=8, 2=4, 3=inner4 */];
+} VP9Filter;
+
+typedef struct VP9Block {
+    uint8_t seg_id, intra, comp, ref[2], mode[4], uvmode, skip;
+    enum FilterMode filter;
+    VP56mv mv[4 /* b_idx */][2 /* ref */];
+    enum BlockSize bs;
+    enum TxfmMode tx, uvtx;
+    enum BlockLevel bl;
+    enum BlockPartition bp;
+} VP9Block;
+
+typedef struct VP9TileData VP9TileData;
+
+typedef struct VP9Context {
+    VP9SharedContext s;
+    VP9TileData *td;
+
+    VP9DSPContext dsp;
+    VideoDSPContext vdsp;
+    GetBitContext gb;
+    VP56RangeCoder c;
+    int pass, active_tile_cols;
+
+#if HAVE_THREADS
+    pthread_mutex_t progress_mutex;
+    pthread_cond_t progress_cond;
+    atomic_int *entries;
+#endif
+
+    uint8_t ss_h, ss_v;
+    uint8_t last_bpp, bpp_index, bytesperpixel;
+    uint8_t last_keyframe;
+    // sb_cols/rows, rows/cols and last_fmt are used for allocating all internal
+    // arrays, and are thus per-thread. w/h and gf_fmt are synced between threads
+    // and are therefore per-stream. pix_fmt represents the value in the header
+    // of the currently processed frame.
+    int w, h;
+    enum AVPixelFormat pix_fmt, last_fmt, gf_fmt;
+    unsigned sb_cols, sb_rows, rows, cols;
+    ThreadFrame next_refs[8];
+
+    struct {
+        uint8_t lim_lut[64];
+        uint8_t mblim_lut[64];
+    } filter_lut;
+    struct {
+        ProbContext p;
+        uint8_t coef[4][2][2][6][6][3];
+    } prob_ctx[4];
+    struct {
+        ProbContext p;
+        uint8_t coef[4][2][2][6][6][11];
+    } prob;
+
+    // contextual (above) cache
+    uint8_t *above_partition_ctx;
+    uint8_t *above_mode_ctx;
+    // FIXME maybe merge some of the below in a flags field?
+    uint8_t *above_y_nnz_ctx;
+    uint8_t *above_uv_nnz_ctx[2];
+    uint8_t *above_skip_ctx; // 1bit
+    uint8_t *above_txfm_ctx; // 2bit
+    uint8_t *above_segpred_ctx; // 1bit
+    uint8_t *above_intra_ctx; // 1bit
+    uint8_t *above_comp_ctx; // 1bit
+    uint8_t *above_ref_ctx; // 2bit
+    uint8_t *above_filter_ctx;
+    VP56mv (*above_mv_ctx)[2];
+
+    // whole-frame cache
+    uint8_t *intra_pred_data[3];
+    VP9Filter *lflvl;
+
+    // block reconstruction intermediates
+    int block_alloc_using_2pass;
+    uint16_t mvscale[3][2];
+    uint8_t mvstep[3][2];
+} VP9Context;
+
+struct VP9TileData {
+    //VP9Context should be const, but because of the threading API(generates
+    //a lot of warnings) it's not.
+    VP9Context *s;
+    VP56RangeCoder *c_b;
+    VP56RangeCoder *c;
+    int row, row7, col, col7;
+    uint8_t *dst[3];
+    ptrdiff_t y_stride, uv_stride;
+    VP9Block *b_base, *b;
+    unsigned tile_col_start;
+
+    struct {
+        unsigned y_mode[4][10];
+        unsigned uv_mode[10][10];
+        unsigned filter[4][3];
+        unsigned mv_mode[7][4];
+        unsigned intra[4][2];
+        unsigned comp[5][2];
+        unsigned single_ref[5][2][2];
+        unsigned comp_ref[5][2];
+        unsigned tx32p[2][4];
+        unsigned tx16p[2][3];
+        unsigned tx8p[2][2];
+        unsigned skip[3][2];
+        unsigned mv_joint[4];
+        struct {
+            unsigned sign[2];
+            unsigned classes[11];
+            unsigned class0[2];
+            unsigned bits[10][2];
+            unsigned class0_fp[2][4];
+            unsigned fp[4];
+            unsigned class0_hp[2];
+            unsigned hp[2];
+        } mv_comp[2];
+        unsigned partition[4][4][4];
+        unsigned coef[4][2][2][6][6][3];
+        unsigned eob[4][2][2][6][6][2];
+    } counts;
+
+    // whole-frame cache
+    DECLARE_ALIGNED(32, uint8_t, edge_emu_buffer)[135 * 144 * 2];
+
+    // contextual (left) cache
+    DECLARE_ALIGNED(16, uint8_t, left_y_nnz_ctx)[16];
+    DECLARE_ALIGNED(16, uint8_t, left_mode_ctx)[16];
+    DECLARE_ALIGNED(16, VP56mv, left_mv_ctx)[16][2];
+    DECLARE_ALIGNED(16, uint8_t, left_uv_nnz_ctx)[2][16];
+    DECLARE_ALIGNED(8, uint8_t, left_partition_ctx)[8];
+    DECLARE_ALIGNED(8, uint8_t, left_skip_ctx)[8];
+    DECLARE_ALIGNED(8, uint8_t, left_txfm_ctx)[8];
+    DECLARE_ALIGNED(8, uint8_t, left_segpred_ctx)[8];
+    DECLARE_ALIGNED(8, uint8_t, left_intra_ctx)[8];
+    DECLARE_ALIGNED(8, uint8_t, left_comp_ctx)[8];
+    DECLARE_ALIGNED(8, uint8_t, left_ref_ctx)[8];
+    DECLARE_ALIGNED(8, uint8_t, left_filter_ctx)[8];
+    // block reconstruction intermediates
+    DECLARE_ALIGNED(32, uint8_t, tmp_y)[64 * 64 * 2];
+    DECLARE_ALIGNED(32, uint8_t, tmp_uv)[2][64 * 64 * 2];
+    struct { int x, y; } min_mv, max_mv;
+    int16_t *block_base, *block, *uvblock_base[2], *uvblock[2];
+    uint8_t *eob_base, *uveob_base[2], *eob, *uveob[2];
+};
+
+void ff_vp9_fill_mv(VP9TileData *td, VP56mv *mv, int mode, int sb);
+
+void ff_vp9_adapt_probs(VP9Context *s);
+
+void ff_vp9_decode_block(VP9TileData *td, int row, int col,
+                         VP9Filter *lflvl, ptrdiff_t yoff, ptrdiff_t uvoff,
+                         enum BlockLevel bl, enum BlockPartition bp);
+
+void ff_vp9_loopfilter_sb(AVCodecContext *avctx, VP9Filter *lflvl,
+                          int row, int col, ptrdiff_t yoff, ptrdiff_t uvoff);
+
+void ff_vp9_intra_recon_8bpp(VP9TileData *td,
+                             ptrdiff_t y_off, ptrdiff_t uv_off);
+void ff_vp9_intra_recon_16bpp(VP9TileData *td,
+                              ptrdiff_t y_off, ptrdiff_t uv_off);
+void ff_vp9_inter_recon_8bpp(VP9TileData *td);
+void ff_vp9_inter_recon_16bpp(VP9TileData *td);
+
+#endif /* AVCODEC_VP9DEC_H */
diff --git a/media/ffvpx/libavcodec/vp9dsp.c b/media/ffvpx/libavcodec/vp9dsp.c
index 54e77e267..f6d73f73c 100644
--- a/media/ffvpx/libavcodec/vp9dsp.c
+++ b/media/ffvpx/libavcodec/vp9dsp.c
@@ -25,6 +25,62 @@
 #include "libavutil/common.h"
 #include "vp9dsp.h"
 
+const DECLARE_ALIGNED(16, int16_t, ff_vp9_subpel_filters)[3][16][8] = {
+    [FILTER_8TAP_REGULAR] = {
+        {  0,  0,   0, 128,   0,   0,  0,  0 },
+        {  0,  1,  -5, 126,   8,  -3,  1,  0 },
+        { -1,  3, -10, 122,  18,  -6,  2,  0 },
+        { -1,  4, -13, 118,  27,  -9,  3, -1 },
+        { -1,  4, -16, 112,  37, -11,  4, -1 },
+        { -1,  5, -18, 105,  48, -14,  4, -1 },
+        { -1,  5, -19,  97,  58, -16,  5, -1 },
+        { -1,  6, -19,  88,  68, -18,  5, -1 },
+        { -1,  6, -19,  78,  78, -19,  6, -1 },
+        { -1,  5, -18,  68,  88, -19,  6, -1 },
+        { -1,  5, -16,  58,  97, -19,  5, -1 },
+        { -1,  4, -14,  48, 105, -18,  5, -1 },
+        { -1,  4, -11,  37, 112, -16,  4, -1 },
+        { -1,  3,  -9,  27, 118, -13,  4, -1 },
+        {  0,  2,  -6,  18, 122, -10,  3, -1 },
+        {  0,  1,  -3,   8, 126,  -5,  1,  0 },
+    }, [FILTER_8TAP_SHARP] = {
+        {  0,  0,   0, 128,   0,   0,  0,  0 },
+        { -1,  3,  -7, 127,   8,  -3,  1,  0 },
+        { -2,  5, -13, 125,  17,  -6,  3, -1 },
+        { -3,  7, -17, 121,  27, -10,  5, -2 },
+        { -4,  9, -20, 115,  37, -13,  6, -2 },
+        { -4, 10, -23, 108,  48, -16,  8, -3 },
+        { -4, 10, -24, 100,  59, -19,  9, -3 },
+        { -4, 11, -24,  90,  70, -21, 10, -4 },
+        { -4, 11, -23,  80,  80, -23, 11, -4 },
+        { -4, 10, -21,  70,  90, -24, 11, -4 },
+        { -3,  9, -19,  59, 100, -24, 10, -4 },
+        { -3,  8, -16,  48, 108, -23, 10, -4 },
+        { -2,  6, -13,  37, 115, -20,  9, -4 },
+        { -2,  5, -10,  27, 121, -17,  7, -3 },
+        { -1,  3,  -6,  17, 125, -13,  5, -2 },
+        {  0,  1,  -3,   8, 127,  -7,  3, -1 },
+    }, [FILTER_8TAP_SMOOTH] = {
+        {  0,  0,   0, 128,   0,   0,  0,  0 },
+        { -3, -1,  32,  64,  38,   1, -3,  0 },
+        { -2, -2,  29,  63,  41,   2, -3,  0 },
+        { -2, -2,  26,  63,  43,   4, -4,  0 },
+        { -2, -3,  24,  62,  46,   5, -4,  0 },
+        { -2, -3,  21,  60,  49,   7, -4,  0 },
+        { -1, -4,  18,  59,  51,   9, -4,  0 },
+        { -1, -4,  16,  57,  53,  12, -4, -1 },
+        { -1, -4,  14,  55,  55,  14, -4, -1 },
+        { -1, -4,  12,  53,  57,  16, -4, -1 },
+        {  0, -4,   9,  51,  59,  18, -4, -1 },
+        {  0, -4,   7,  49,  60,  21, -3, -2 },
+        {  0, -4,   5,  46,  62,  24, -3, -2 },
+        {  0, -4,   4,  43,  63,  26, -2, -2 },
+        {  0, -3,   2,  41,  63,  29, -2, -2 },
+        {  0, -3,   1,  38,  64,  32, -1, -3 },
+    }
+};
+
+
 av_cold void ff_vp9dsp_init(VP9DSPContext *dsp, int bpp, int bitexact)
 {
     if (bpp == 8) {
@@ -36,6 +92,8 @@ av_cold void ff_vp9dsp_init(VP9DSPContext *dsp, int bpp, int bitexact)
         ff_vp9dsp_init_12(dsp);
     }
 
+    if (ARCH_AARCH64) ff_vp9dsp_init_aarch64(dsp, bpp);
+    if (ARCH_ARM) ff_vp9dsp_init_arm(dsp, bpp);
     if (ARCH_X86) ff_vp9dsp_init_x86(dsp, bpp, bitexact);
     if (ARCH_MIPS) ff_vp9dsp_init_mips(dsp, bpp);
 }
diff --git a/media/ffvpx/libavcodec/vp9dsp.h b/media/ffvpx/libavcodec/vp9dsp.h
index 733f5bfc4..e2256316a 100644
--- a/media/ffvpx/libavcodec/vp9dsp.h
+++ b/media/ffvpx/libavcodec/vp9dsp.h
@@ -27,7 +27,7 @@
 #include <stddef.h>
 #include <stdint.h>
 
-#include "vp9.h"
+#include "libavcodec/vp9.h"
 
 typedef void (*vp9_mc_func)(uint8_t *dst, ptrdiff_t dst_stride,
                             const uint8_t *ref, ptrdiff_t ref_stride,
@@ -111,21 +111,25 @@ typedef struct VP9DSPContext {
      *
      * dst/stride are aligned by hsize
      */
-    vp9_mc_func mc[5][4][2][2][2];
+    vp9_mc_func mc[5][N_FILTERS][2][2][2];
 
     /*
      * for scalable MC, first 3 dimensions identical to above, the other two
      * don't exist since it changes per stepsize.
      */
-    vp9_scaled_mc_func smc[5][4][2];
+    vp9_scaled_mc_func smc[5][N_FILTERS][2];
 } VP9DSPContext;
 
+extern const int16_t ff_vp9_subpel_filters[3][16][8];
+
 void ff_vp9dsp_init(VP9DSPContext *dsp, int bpp, int bitexact);
 
 void ff_vp9dsp_init_8(VP9DSPContext *dsp);
 void ff_vp9dsp_init_10(VP9DSPContext *dsp);
 void ff_vp9dsp_init_12(VP9DSPContext *dsp);
 
+void ff_vp9dsp_init_aarch64(VP9DSPContext *dsp, int bpp);
+void ff_vp9dsp_init_arm(VP9DSPContext *dsp, int bpp);
 void ff_vp9dsp_init_x86(VP9DSPContext *dsp, int bpp, int bitexact);
 void ff_vp9dsp_init_mips(VP9DSPContext *dsp, int bpp);
 
diff --git a/media/ffvpx/libavcodec/vp9dsp_template.c b/media/ffvpx/libavcodec/vp9dsp_template.c
index 4d810fec3..bb54561a6 100644
--- a/media/ffvpx/libavcodec/vp9dsp_template.c
+++ b/media/ffvpx/libavcodec/vp9dsp_template.c
@@ -1991,61 +1991,6 @@ copy_avg_fn(4)
 
 #endif /* BIT_DEPTH != 12 */
 
-static const int16_t vp9_subpel_filters[3][16][8] = {
-    [FILTER_8TAP_REGULAR] = {
-        {  0,  0,   0, 128,   0,   0,  0,  0 },
-        {  0,  1,  -5, 126,   8,  -3,  1,  0 },
-        { -1,  3, -10, 122,  18,  -6,  2,  0 },
-        { -1,  4, -13, 118,  27,  -9,  3, -1 },
-        { -1,  4, -16, 112,  37, -11,  4, -1 },
-        { -1,  5, -18, 105,  48, -14,  4, -1 },
-        { -1,  5, -19,  97,  58, -16,  5, -1 },
-        { -1,  6, -19,  88,  68, -18,  5, -1 },
-        { -1,  6, -19,  78,  78, -19,  6, -1 },
-        { -1,  5, -18,  68,  88, -19,  6, -1 },
-        { -1,  5, -16,  58,  97, -19,  5, -1 },
-        { -1,  4, -14,  48, 105, -18,  5, -1 },
-        { -1,  4, -11,  37, 112, -16,  4, -1 },
-        { -1,  3,  -9,  27, 118, -13,  4, -1 },
-        {  0,  2,  -6,  18, 122, -10,  3, -1 },
-        {  0,  1,  -3,   8, 126,  -5,  1,  0 },
-    }, [FILTER_8TAP_SHARP] = {
-        {  0,  0,   0, 128,   0,   0,  0,  0 },
-        { -1,  3,  -7, 127,   8,  -3,  1,  0 },
-        { -2,  5, -13, 125,  17,  -6,  3, -1 },
-        { -3,  7, -17, 121,  27, -10,  5, -2 },
-        { -4,  9, -20, 115,  37, -13,  6, -2 },
-        { -4, 10, -23, 108,  48, -16,  8, -3 },
-        { -4, 10, -24, 100,  59, -19,  9, -3 },
-        { -4, 11, -24,  90,  70, -21, 10, -4 },
-        { -4, 11, -23,  80,  80, -23, 11, -4 },
-        { -4, 10, -21,  70,  90, -24, 11, -4 },
-        { -3,  9, -19,  59, 100, -24, 10, -4 },
-        { -3,  8, -16,  48, 108, -23, 10, -4 },
-        { -2,  6, -13,  37, 115, -20,  9, -4 },
-        { -2,  5, -10,  27, 121, -17,  7, -3 },
-        { -1,  3,  -6,  17, 125, -13,  5, -2 },
-        {  0,  1,  -3,   8, 127,  -7,  3, -1 },
-    }, [FILTER_8TAP_SMOOTH] = {
-        {  0,  0,   0, 128,   0,   0,  0,  0 },
-        { -3, -1,  32,  64,  38,   1, -3,  0 },
-        { -2, -2,  29,  63,  41,   2, -3,  0 },
-        { -2, -2,  26,  63,  43,   4, -4,  0 },
-        { -2, -3,  24,  62,  46,   5, -4,  0 },
-        { -2, -3,  21,  60,  49,   7, -4,  0 },
-        { -1, -4,  18,  59,  51,   9, -4,  0 },
-        { -1, -4,  16,  57,  53,  12, -4, -1 },
-        { -1, -4,  14,  55,  55,  14, -4, -1 },
-        { -1, -4,  12,  53,  57,  16, -4, -1 },
-        {  0, -4,   9,  51,  59,  18, -4, -1 },
-        {  0, -4,   7,  49,  60,  21, -3, -2 },
-        {  0, -4,   5,  46,  62,  24, -3, -2 },
-        {  0, -4,   4,  43,  63,  26, -2, -2 },
-        {  0, -3,   2,  41,  63,  29, -2, -2 },
-        {  0, -3,   1,  38,  64,  32, -1, -3 },
-    }
-};
-
 #define FILTER_8TAP(src, x, F, stride) \
     av_clip_pixel((F[0] * src[x + -3 * stride] + \
                    F[1] * src[x + -2 * stride] + \
@@ -2155,7 +2100,7 @@ static void avg##_8tap_##type##_##sz##dir##_c(uint8_t *dst, ptrdiff_t dst_stride
                                               int h, int mx, int my) \
 { \
     avg##_8tap_1d_##dir##_c(dst, dst_stride, src, src_stride, sz, h, \
-                            vp9_subpel_filters[type_idx][dir_m]); \
+                            ff_vp9_subpel_filters[type_idx][dir_m]); \
 }
 
 #define filter_fn_2d(sz, type, type_idx, avg) \
@@ -2164,8 +2109,8 @@ static void avg##_8tap_##type##_##sz##hv_c(uint8_t *dst, ptrdiff_t dst_stride, \
                                            int h, int mx, int my) \
 { \
     avg##_8tap_2d_hv_c(dst, dst_stride, src, src_stride, sz, h, \
-                       vp9_subpel_filters[type_idx][mx], \
-                       vp9_subpel_filters[type_idx][my]); \
+                       ff_vp9_subpel_filters[type_idx][mx], \
+                       ff_vp9_subpel_filters[type_idx][my]); \
 }
 
 #if BIT_DEPTH != 12
@@ -2454,7 +2399,7 @@ static void avg##_scaled_##type##_##sz##_c(uint8_t *dst, ptrdiff_t dst_stride, \
                                            int h, int mx, int my, int dx, int dy) \
 { \
     avg##_scaled_8tap_c(dst, dst_stride, src, src_stride, sz, h, mx, my, dx, dy, \
-                        vp9_subpel_filters[type_idx]); \
+                        ff_vp9_subpel_filters[type_idx]); \
 }
 
 #if BIT_DEPTH != 12
diff --git a/media/ffvpx/libavcodec/vp9lpf.c b/media/ffvpx/libavcodec/vp9lpf.c
new file mode 100644
index 000000000..414cede85
--- /dev/null
+++ b/media/ffvpx/libavcodec/vp9lpf.c
@@ -0,0 +1,202 @@
+/*
+ * VP9 compatible video decoder
+ *
+ * Copyright (C) 2013 Ronald S. Bultje <rsbultje gmail com>
+ * Copyright (C) 2013 Clément Bœsch <u pkh me>
+ *
+ * This file is part of FFmpeg.
+ *
+ * FFmpeg is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * FFmpeg is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with FFmpeg; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#include "vp9dec.h"
+
+static av_always_inline void filter_plane_cols(VP9Context *s, int col, int ss_h, int ss_v,
+                                               uint8_t *lvl, uint8_t (*mask)[4],
+                                               uint8_t *dst, ptrdiff_t ls)
+{
+    int y, x, bytesperpixel = s->bytesperpixel;
+
+    // filter edges between columns (e.g. block1 | block2)
+    for (y = 0; y < 8; y += 2 << ss_v, dst += 16 * ls, lvl += 16 << ss_v) {
+        uint8_t *ptr = dst, *l = lvl, *hmask1 = mask[y], *hmask2 = mask[y + 1 + ss_v];
+        unsigned hm1 = hmask1[0] | hmask1[1] | hmask1[2], hm13 = hmask1[3];
+        unsigned hm2 = hmask2[1] | hmask2[2], hm23 = hmask2[3];
+        unsigned hm = hm1 | hm2 | hm13 | hm23;
+
+        for (x = 1; hm & ~(x - 1); x <<= 1, ptr += 8 * bytesperpixel >> ss_h) {
+            if (col || x > 1) {
+                if (hm1 & x) {
+                    int L = *l, H = L >> 4;
+                    int E = s->filter_lut.mblim_lut[L], I = s->filter_lut.lim_lut[L];
+
+                    if (hmask1[0] & x) {
+                        if (hmask2[0] & x) {
+                            av_assert2(l[8 << ss_v] == L);
+                            s->dsp.loop_filter_16[0](ptr, ls, E, I, H);
+                        } else {
+                            s->dsp.loop_filter_8[2][0](ptr, ls, E, I, H);
+                        }
+                    } else if (hm2 & x) {
+                        L = l[8 << ss_v];
+                        H |= (L >> 4) << 8;
+                        E |= s->filter_lut.mblim_lut[L] << 8;
+                        I |= s->filter_lut.lim_lut[L] << 8;
+                        s->dsp.loop_filter_mix2[!!(hmask1[1] & x)]
+                                               [!!(hmask2[1] & x)]
+                                               [0](ptr, ls, E, I, H);
+                    } else {
+                        s->dsp.loop_filter_8[!!(hmask1[1] & x)]
+                                            [0](ptr, ls, E, I, H);
+                    }
+                } else if (hm2 & x) {
+                    int L = l[8 << ss_v], H = L >> 4;
+                    int E = s->filter_lut.mblim_lut[L], I = s->filter_lut.lim_lut[L];
+
+                    s->dsp.loop_filter_8[!!(hmask2[1] & x)]
+                                        [0](ptr + 8 * ls, ls, E, I, H);
+                }
+            }
+            if (ss_h) {
+                if (x & 0xAA)
+                    l += 2;
+            } else {
+                if (hm13 & x) {
+                    int L = *l, H = L >> 4;
+                    int E = s->filter_lut.mblim_lut[L], I = s->filter_lut.lim_lut[L];
+
+                    if (hm23 & x) {
+                        L = l[8 << ss_v];
+                        H |= (L >> 4) << 8;
+                        E |= s->filter_lut.mblim_lut[L] << 8;
+                        I |= s->filter_lut.lim_lut[L] << 8;
+                        s->dsp.loop_filter_mix2[0][0][0](ptr + 4 * bytesperpixel, ls, E, I, H);
+                    } else {
+                        s->dsp.loop_filter_8[0][0](ptr + 4 * bytesperpixel, ls, E, I, H);
+                    }
+                } else if (hm23 & x) {
+                    int L = l[8 << ss_v], H = L >> 4;
+                    int E = s->filter_lut.mblim_lut[L], I = s->filter_lut.lim_lut[L];
+
+                    s->dsp.loop_filter_8[0][0](ptr + 8 * ls + 4 * bytesperpixel, ls, E, I, H);
+                }
+                l++;
+            }
+        }
+    }
+}
+
+static av_always_inline void filter_plane_rows(VP9Context *s, int row, int ss_h, int ss_v,
+                                               uint8_t *lvl, uint8_t (*mask)[4],
+                                               uint8_t *dst, ptrdiff_t ls)
+{
+    int y, x, bytesperpixel = s->bytesperpixel;
+
+    //                                 block1
+    // filter edges between rows (e.g. ------)
+    //                                 block2
+    for (y = 0; y < 8; y++, dst += 8 * ls >> ss_v) {
+        uint8_t *ptr = dst, *l = lvl, *vmask = mask[y];
+        unsigned vm = vmask[0] | vmask[1] | vmask[2], vm3 = vmask[3];
+
+        for (x = 1; vm & ~(x - 1); x <<= (2 << ss_h), ptr += 16 * bytesperpixel, l += 2 << ss_h) {
+            if (row || y) {
+                if (vm & x) {
+                    int L = *l, H = L >> 4;
+                    int E = s->filter_lut.mblim_lut[L], I = s->filter_lut.lim_lut[L];
+
+                    if (vmask[0] & x) {
+                        if (vmask[0] & (x << (1 + ss_h))) {
+                            av_assert2(l[1 + ss_h] == L);
+                            s->dsp.loop_filter_16[1](ptr, ls, E, I, H);
+                        } else {
+                            s->dsp.loop_filter_8[2][1](ptr, ls, E, I, H);
+                        }
+                    } else if (vm & (x << (1 + ss_h))) {
+                        L = l[1 + ss_h];
+                        H |= (L >> 4) << 8;
+                        E |= s->filter_lut.mblim_lut[L] << 8;
+                        I |= s->filter_lut.lim_lut[L] << 8;
+                        s->dsp.loop_filter_mix2[!!(vmask[1] &  x)]
+                                               [!!(vmask[1] & (x << (1 + ss_h)))]
+                                               [1](ptr, ls, E, I, H);
+                    } else {
+                        s->dsp.loop_filter_8[!!(vmask[1] & x)]
+                                            [1](ptr, ls, E, I, H);
+                    }
+                } else if (vm & (x << (1 + ss_h))) {
+                    int L = l[1 + ss_h], H = L >> 4;
+                    int E = s->filter_lut.mblim_lut[L], I = s->filter_lut.lim_lut[L];
+
+                    s->dsp.loop_filter_8[!!(vmask[1] & (x << (1 + ss_h)))]
+                                        [1](ptr + 8 * bytesperpixel, ls, E, I, H);
+                }
+            }
+            if (!ss_v) {
+                if (vm3 & x) {
+                    int L = *l, H = L >> 4;
+                    int E = s->filter_lut.mblim_lut[L], I = s->filter_lut.lim_lut[L];
+
+                    if (vm3 & (x << (1 + ss_h))) {
+                        L = l[1 + ss_h];
+                        H |= (L >> 4) << 8;
+                        E |= s->filter_lut.mblim_lut[L] << 8;
+                        I |= s->filter_lut.lim_lut[L] << 8;
+                        s->dsp.loop_filter_mix2[0][0][1](ptr + ls * 4, ls, E, I, H);
+                    } else {
+                        s->dsp.loop_filter_8[0][1](ptr + ls * 4, ls, E, I, H);
+                    }
+                } else if (vm3 & (x << (1 + ss_h))) {
+                    int L = l[1 + ss_h], H = L >> 4;
+                    int E = s->filter_lut.mblim_lut[L], I = s->filter_lut.lim_lut[L];
+
+                    s->dsp.loop_filter_8[0][1](ptr + ls * 4 + 8 * bytesperpixel, ls, E, I, H);
+                }
+            }
+        }
+        if (ss_v) {
+            if (y & 1)
+                lvl += 16;
+        } else {
+            lvl += 8;
+        }
+    }
+}
+
+void ff_vp9_loopfilter_sb(AVCodecContext *avctx, VP9Filter *lflvl,
+                          int row, int col, ptrdiff_t yoff, ptrdiff_t uvoff)
+{
+    VP9Context *s = avctx->priv_data;
+    AVFrame *f = s->s.frames[CUR_FRAME].tf.f;
+    uint8_t *dst = f->data[0] + yoff;
+    ptrdiff_t ls_y = f->linesize[0], ls_uv = f->linesize[1];
+    uint8_t (*uv_masks)[8][4] = lflvl->mask[s->ss_h | s->ss_v];
+    int p;
+
+    /* FIXME: In how far can we interleave the v/h loopfilter calls? E.g.
+     * if you think of them as acting on a 8x8 block max, we can interleave
+     * each v/h within the single x loop, but that only works if we work on
+     * 8 pixel blocks, and we won't always do that (we want at least 16px
+     * to use SSE2 optimizations, perhaps 32 for AVX2) */
+
+    filter_plane_cols(s, col, 0, 0, lflvl->level, lflvl->mask[0][0], dst, ls_y);
+    filter_plane_rows(s, row, 0, 0, lflvl->level, lflvl->mask[0][1], dst, ls_y);
+
+    for (p = 0; p < 2; p++) {
+        dst = f->data[1 + p] + uvoff;
+        filter_plane_cols(s, col, s->ss_h, s->ss_v, lflvl->level, uv_masks[0], dst, ls_uv);
+        filter_plane_rows(s, row, s->ss_h, s->ss_v, lflvl->level, uv_masks[1], dst, ls_uv);
+    }
+}
diff --git a/media/ffvpx/libavcodec/vp9mvs.c b/media/ffvpx/libavcodec/vp9mvs.c
new file mode 100644
index 000000000..88db1c341
--- /dev/null
+++ b/media/ffvpx/libavcodec/vp9mvs.c
@@ -0,0 +1,364 @@
+/*
+ * VP9 compatible video decoder
+ *
+ * Copyright (C) 2013 Ronald S. Bultje <rsbultje gmail com>
+ * Copyright (C) 2013 Clément Bœsch <u pkh me>
+ *
+ * This file is part of FFmpeg.
+ *
+ * FFmpeg is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * FFmpeg is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with FFmpeg; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#include "internal.h"
+#include "vp56.h"
+#include "vp9.h"
+#include "vp9data.h"
+#include "vp9dec.h"
+
+static av_always_inline void clamp_mv(VP56mv *dst, const VP56mv *src,
+                                      VP9TileData *td)
+{
+    dst->x = av_clip(src->x, td->min_mv.x, td->max_mv.x);
+    dst->y = av_clip(src->y, td->min_mv.y, td->max_mv.y);
+}
+
+static void find_ref_mvs(VP9TileData *td,
+                         VP56mv *pmv, int ref, int z, int idx, int sb)
+{
+    static const int8_t mv_ref_blk_off[N_BS_SIZES][8][2] = {
+        [BS_64x64] = { {  3, -1 }, { -1,  3 }, {  4, -1 }, { -1,  4 },
+                       { -1, -1 }, {  0, -1 }, { -1,  0 }, {  6, -1 } },
+        [BS_64x32] = { {  0, -1 }, { -1,  0 }, {  4, -1 }, { -1,  2 },
+                       { -1, -1 }, {  0, -3 }, { -3,  0 }, {  2, -1 } },
+        [BS_32x64] = { { -1,  0 }, {  0, -1 }, { -1,  4 }, {  2, -1 },
+                       { -1, -1 }, { -3,  0 }, {  0, -3 }, { -1,  2 } },
+        [BS_32x32] = { {  1, -1 }, { -1,  1 }, {  2, -1 }, { -1,  2 },
+                       { -1, -1 }, {  0, -3 }, { -3,  0 }, { -3, -3 } },
+        [BS_32x16] = { {  0, -1 }, { -1,  0 }, {  2, -1 }, { -1, -1 },
+                       { -1,  1 }, {  0, -3 }, { -3,  0 }, { -3, -3 } },
+        [BS_16x32] = { { -1,  0 }, {  0, -1 }, { -1,  2 }, { -1, -1 },
+                       {  1, -1 }, { -3,  0 }, {  0, -3 }, { -3, -3 } },
+        [BS_16x16] = { {  0, -1 }, { -1,  0 }, {  1, -1 }, { -1,  1 },
+                       { -1, -1 }, {  0, -3 }, { -3,  0 }, { -3, -3 } },
+        [BS_16x8]  = { {  0, -1 }, { -1,  0 }, {  1, -1 }, { -1, -1 },
+                       {  0, -2 }, { -2,  0 }, { -2, -1 }, { -1, -2 } },
+        [BS_8x16]  = { { -1,  0 }, {  0, -1 }, { -1,  1 }, { -1, -1 },
+                       { -2,  0 }, {  0, -2 }, { -1, -2 }, { -2, -1 } },
+        [BS_8x8]   = { {  0, -1 }, { -1,  0 }, { -1, -1 }, {  0, -2 },
+                       { -2,  0 }, { -1, -2 }, { -2, -1 }, { -2, -2 } },
+        [BS_8x4]   = { {  0, -1 }, { -1,  0 }, { -1, -1 }, {  0, -2 },
+                       { -2,  0 }, { -1, -2 }, { -2, -1 }, { -2, -2 } },
+        [BS_4x8]   = { {  0, -1 }, { -1,  0 }, { -1, -1 }, {  0, -2 },
+                       { -2,  0 }, { -1, -2 }, { -2, -1 }, { -2, -2 } },
+        [BS_4x4]   = { {  0, -1 }, { -1,  0 }, { -1, -1 }, {  0, -2 },
+                       { -2,  0 }, { -1, -2 }, { -2, -1 }, { -2, -2 } },
+    };
+    VP9Context *s = td->s;
+    VP9Block *b = td->b;
+    int row = td->row, col = td->col, row7 = td->row7;
+    const int8_t (*p)[2] = mv_ref_blk_off[b->bs];
+#define INVALID_MV 0x80008000U
+    uint32_t mem = INVALID_MV, mem_sub8x8 = INVALID_MV;
+    int i;
+
+#define RETURN_DIRECT_MV(mv)                    \
+    do {                                        \
+        uint32_t m = AV_RN32A(&mv);             \
+        if (!idx) {                             \
+            AV_WN32A(pmv, m);                   \
+            return;                             \
+        } else if (mem == INVALID_MV) {         \
+            mem = m;                            \
+        } else if (m != mem) {                  \
+            AV_WN32A(pmv, m);                   \
+            return;                             \
+        }                                       \
+    } while (0)
+
+    if (sb >= 0) {
+        if (sb == 2 || sb == 1) {
+            RETURN_DIRECT_MV(b->mv[0][z]);
+        } else if (sb == 3) {
+            RETURN_DIRECT_MV(b->mv[2][z]);
+            RETURN_DIRECT_MV(b->mv[1][z]);
+            RETURN_DIRECT_MV(b->mv[0][z]);
+        }
+
+#define RETURN_MV(mv)                                                  \
+    do {                                                               \
+        if (sb > 0) {                                                  \
+            VP56mv tmp;                                                \
+            uint32_t m;                                                \
+            av_assert2(idx == 1);                                      \
+            av_assert2(mem != INVALID_MV);                             \
+            if (mem_sub8x8 == INVALID_MV) {                            \
+                clamp_mv(&tmp, &mv, td);                               \
+                m = AV_RN32A(&tmp);                                    \
+                if (m != mem) {                                        \
+                    AV_WN32A(pmv, m);                                  \
+                    return;                                            \
+                }                                                      \
+                mem_sub8x8 = AV_RN32A(&mv);                            \
+            } else if (mem_sub8x8 != AV_RN32A(&mv)) {                  \
+                clamp_mv(&tmp, &mv, td);                               \
+                m = AV_RN32A(&tmp);                                    \
+                if (m != mem) {                                        \
+                    AV_WN32A(pmv, m);                                  \
+                } else {                                               \
+                    /* BUG I'm pretty sure this isn't the intention */ \
+                    AV_WN32A(pmv, 0);                                  \
+                }                                                      \
+                return;                                                \
+            }                                                          \
+        } else {                                                       \
+            uint32_t m = AV_RN32A(&mv);                                \
+            if (!idx) {                                                \
+                clamp_mv(pmv, &mv, td);                                \
+                return;                                                \
+            } else if (mem == INVALID_MV) {                            \
+                mem = m;                                               \
+            } else if (m != mem) {                                     \
+                clamp_mv(pmv, &mv, td);                                \
+                return;                                                \
+            }                                                          \
+        }                                                              \
+    } while (0)
+
+        if (row > 0) {
+            VP9mvrefPair *mv = &s->s.frames[CUR_FRAME].mv[(row - 1) * s->sb_cols * 8 + col];
+            if (mv->ref[0] == ref)
+                RETURN_MV(s->above_mv_ctx[2 * col + (sb & 1)][0]);
+            else if (mv->ref[1] == ref)
+                RETURN_MV(s->above_mv_ctx[2 * col + (sb & 1)][1]);
+        }
+        if (col > td->tile_col_start) {
+            VP9mvrefPair *mv = &s->s.frames[CUR_FRAME].mv[row * s->sb_cols * 8 + col - 1];
+            if (mv->ref[0] == ref)
+                RETURN_MV(td->left_mv_ctx[2 * row7 + (sb >> 1)][0]);
+            else if (mv->ref[1] == ref)
+                RETURN_MV(td->left_mv_ctx[2 * row7 + (sb >> 1)][1]);
+        }
+        i = 2;
+    } else {
+        i = 0;
+    }
+
+    // previously coded MVs in this neighborhood, using same reference frame
+    for (; i < 8; i++) {
+        int c = p[i][0] + col, r = p[i][1] + row;
+
+        if (c >= td->tile_col_start && c < s->cols &&
+            r >= 0 && r < s->rows) {
+            VP9mvrefPair *mv = &s->s.frames[CUR_FRAME].mv[r * s->sb_cols * 8 + c];
+
+            if (mv->ref[0] == ref)
+                RETURN_MV(mv->mv[0]);
+            else if (mv->ref[1] == ref)
+                RETURN_MV(mv->mv[1]);
+        }
+    }
+
+    // MV at this position in previous frame, using same reference frame
+    if (s->s.h.use_last_frame_mvs) {
+        VP9mvrefPair *mv = &s->s.frames[REF_FRAME_MVPAIR].mv[row * s->sb_cols * 8 + col];
+
+        if (!s->s.frames[REF_FRAME_MVPAIR].uses_2pass)
+            ff_thread_await_progress(&s->s.frames[REF_FRAME_MVPAIR].tf, row >> 3, 0);
+        if (mv->ref[0] == ref)
+            RETURN_MV(mv->mv[0]);
+        else if (mv->ref[1] == ref)
+            RETURN_MV(mv->mv[1]);
+    }
+
+#define RETURN_SCALE_MV(mv, scale)              \
+    do {                                        \
+        if (scale) {                            \
+            VP56mv mv_temp = { -mv.x, -mv.y };  \
+            RETURN_MV(mv_temp);                 \
+        } else {                                \
+            RETURN_MV(mv);                      \
+        }                                       \
+    } while (0)
+
+    // previously coded MVs in this neighborhood, using different reference frame
+    for (i = 0; i < 8; i++) {
+        int c = p[i][0] + col, r = p[i][1] + row;
+
+        if (c >= td->tile_col_start && c < s->cols && r >= 0 && r < s->rows) {
+            VP9mvrefPair *mv = &s->s.frames[CUR_FRAME].mv[r * s->sb_cols * 8 + c];
+
+            if (mv->ref[0] != ref && mv->ref[0] >= 0)
+                RETURN_SCALE_MV(mv->mv[0],
+                                s->s.h.signbias[mv->ref[0]] != s->s.h.signbias[ref]);
+            if (mv->ref[1] != ref && mv->ref[1] >= 0 &&
+                // BUG - libvpx has this condition regardless of whether
+                // we used the first ref MV and pre-scaling
+                AV_RN32A(&mv->mv[0]) != AV_RN32A(&mv->mv[1])) {
+                RETURN_SCALE_MV(mv->mv[1], s->s.h.signbias[mv->ref[1]] != s->s.h.signbias[ref]);
+            }
+        }
+    }
+
+    // MV at this position in previous frame, using different reference frame
+    if (s->s.h.use_last_frame_mvs) {
+        VP9mvrefPair *mv = &s->s.frames[REF_FRAME_MVPAIR].mv[row * s->sb_cols * 8 + col];
+
+        // no need to await_progress, because we already did that above
+        if (mv->ref[0] != ref && mv->ref[0] >= 0)
+            RETURN_SCALE_MV(mv->mv[0], s->s.h.signbias[mv->ref[0]] != s->s.h.signbias[ref]);
+        if (mv->ref[1] != ref && mv->ref[1] >= 0 &&
+            // BUG - libvpx has this condition regardless of whether
+            // we used the first ref MV and pre-scaling
+            AV_RN32A(&mv->mv[0]) != AV_RN32A(&mv->mv[1])) {
+            RETURN_SCALE_MV(mv->mv[1], s->s.h.signbias[mv->ref[1]] != s->s.h.signbias[ref]);
+        }
+    }
+
+    AV_ZERO32(pmv);
+    clamp_mv(pmv, pmv, td);
+#undef INVALID_MV
+#undef RETURN_MV
+#undef RETURN_SCALE_MV
+}
+
+static av_always_inline int read_mv_component(VP9TileData *td, int idx, int hp)
+{
+    VP9Context *s = td->s;
+    int bit, sign = vp56_rac_get_prob(td->c, s->prob.p.mv_comp[idx].sign);
+    int n, c = vp8_rac_get_tree(td->c, ff_vp9_mv_class_tree,
+                                s->prob.p.mv_comp[idx].classes);
+
+    td->counts.mv_comp[idx].sign[sign]++;
+    td->counts.mv_comp[idx].classes[c]++;
+    if (c) {
+        int m;
+
+        for (n = 0, m = 0; m < c; m++) {
+            bit = vp56_rac_get_prob(td->c, s->prob.p.mv_comp[idx].bits[m]);
+            n |= bit << m;
+            td->counts.mv_comp[idx].bits[m][bit]++;
+        }
+        n <<= 3;
+        bit = vp8_rac_get_tree(td->c, ff_vp9_mv_fp_tree,
+                               s->prob.p.mv_comp[idx].fp);
+        n  |= bit << 1;
+        td->counts.mv_comp[idx].fp[bit]++;
+        if (hp) {
+            bit = vp56_rac_get_prob(td->c, s->prob.p.mv_comp[idx].hp);
+            td->counts.mv_comp[idx].hp[bit]++;
+            n |= bit;
+        } else {
+            n |= 1;
+            // bug in libvpx - we count for bw entropy purposes even if the
+            // bit wasn't coded
+            td->counts.mv_comp[idx].hp[1]++;
+        }
+        n += 8 << c;
+    } else {
+        n = vp56_rac_get_prob(td->c, s->prob.p.mv_comp[idx].class0);
+        td->counts.mv_comp[idx].class0[n]++;
+        bit = vp8_rac_get_tree(td->c, ff_vp9_mv_fp_tree,
+                               s->prob.p.mv_comp[idx].class0_fp[n]);
+        td->counts.mv_comp[idx].class0_fp[n][bit]++;
+        n = (n << 3) | (bit << 1);
+        if (hp) {
+            bit = vp56_rac_get_prob(td->c, s->prob.p.mv_comp[idx].class0_hp);
+            td->counts.mv_comp[idx].class0_hp[bit]++;
+            n |= bit;
+        } else {
+            n |= 1;
+            // bug in libvpx - we count for bw entropy purposes even if the
+            // bit wasn't coded
+            td->counts.mv_comp[idx].class0_hp[1]++;
+        }
+    }
+
+    return sign ? -(n + 1) : (n + 1);
+}
+
+void ff_vp9_fill_mv(VP9TileData *td, VP56mv *mv, int mode, int sb)
+{
+    VP9Context *s = td->s;
+    VP9Block *b = td->b;
+
+    if (mode == ZEROMV) {
+        AV_ZERO64(mv);
+    } else {
+        int hp;
+
+        // FIXME cache this value and reuse for other subblocks
+        find_ref_mvs(td, &mv[0], b->ref[0], 0, mode == NEARMV,
+                     mode == NEWMV ? -1 : sb);
+        // FIXME maybe move this code into find_ref_mvs()
+        if ((mode == NEWMV || sb == -1) &&
+            !(hp = s->s.h.highprecisionmvs &&
+              abs(mv[0].x) < 64 && abs(mv[0].y) < 64)) {
+            if (mv[0].y & 1) {
+                if (mv[0].y < 0)
+                    mv[0].y++;
+                else
+                    mv[0].y--;
+            }
+            if (mv[0].x & 1) {
+                if (mv[0].x < 0)
+                    mv[0].x++;
+                else
+                    mv[0].x--;
+            }
+        }
+        if (mode == NEWMV) {
+            enum MVJoint j = vp8_rac_get_tree(td->c, ff_vp9_mv_joint_tree,
+                                              s->prob.p.mv_joint);
+
+            td->counts.mv_joint[j]++;
+            if (j >= MV_JOINT_V)
+                mv[0].y += read_mv_component(td, 0, hp);
+            if (j & 1)
+                mv[0].x += read_mv_component(td, 1, hp);
+        }
+
+        if (b->comp) {
+            // FIXME cache this value and reuse for other subblocks
+            find_ref_mvs(td, &mv[1], b->ref[1], 1, mode == NEARMV,
+                         mode == NEWMV ? -1 : sb);
+            if ((mode == NEWMV || sb == -1) &&
+                !(hp = s->s.h.highprecisionmvs &&
+                  abs(mv[1].x) < 64 && abs(mv[1].y) < 64)) {
+                if (mv[1].y & 1) {
+                    if (mv[1].y < 0)
+                        mv[1].y++;
+                    else
+                        mv[1].y--;
+                }
+                if (mv[1].x & 1) {
+                    if (mv[1].x < 0)
+                        mv[1].x++;
+                    else
+                        mv[1].x--;
+                }
+            }
+            if (mode == NEWMV) {
+                enum MVJoint j = vp8_rac_get_tree(td->c, ff_vp9_mv_joint_tree,
+                                                  s->prob.p.mv_joint);
+
+                td->counts.mv_joint[j]++;
+                if (j >= MV_JOINT_V)
+                    mv[1].y += read_mv_component(td, 0, hp);
+                if (j & 1)
+                    mv[1].x += read_mv_component(td, 1, hp);
+            }
+        }
+    }
+}
diff --git a/media/ffvpx/libavcodec/vp9prob.c b/media/ffvpx/libavcodec/vp9prob.c
new file mode 100644
index 000000000..fb295b482
--- /dev/null
+++ b/media/ffvpx/libavcodec/vp9prob.c
@@ -0,0 +1,274 @@
+/*
+ * VP9 compatible video decoder
+ *
+ * Copyright (C) 2013 Ronald S. Bultje <rsbultje gmail com>
+ * Copyright (C) 2013 Clément Bœsch <u pkh me>
+ *
+ * This file is part of FFmpeg.
+ *
+ * FFmpeg is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * FFmpeg is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with FFmpeg; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#include "vp56.h"
+#include "vp9.h"
+#include "vp9data.h"
+#include "vp9dec.h"
+
+static av_always_inline void adapt_prob(uint8_t *p, unsigned ct0, unsigned ct1,
+                                        int max_count, int update_factor)
+{
+    unsigned ct = ct0 + ct1, p2, p1;
+
+    if (!ct)
+        return;
+
+    update_factor = FASTDIV(update_factor * FFMIN(ct, max_count), max_count);
+    p1 = *p;
+    p2 = ((((int64_t) ct0) << 8) + (ct >> 1)) / ct;
+    p2 = av_clip(p2, 1, 255);
+
+    // (p1 * (256 - update_factor) + p2 * update_factor + 128) >> 8
+    *p = p1 + (((p2 - p1) * update_factor + 128) >> 8);
+}
+
+void ff_vp9_adapt_probs(VP9Context *s)
+{
+    int i, j, k, l, m;
+    ProbContext *p = &s->prob_ctx[s->s.h.framectxid].p;
+    int uf = (s->s.h.keyframe || s->s.h.intraonly || !s->last_keyframe) ? 112 : 128;
+
+    // coefficients
+    for (i = 0; i < 4; i++)
+        for (j = 0; j < 2; j++)
+            for (k = 0; k < 2; k++)
+                for (l = 0; l < 6; l++)
+                    for (m = 0; m < 6; m++) {
+                        uint8_t *pp = s->prob_ctx[s->s.h.framectxid].coef[i][j][k][l][m];
+                        unsigned *e = s->td[0].counts.eob[i][j][k][l][m];
+                        unsigned *c = s->td[0].counts.coef[i][j][k][l][m];
+
+                        if (l == 0 && m >= 3) // dc only has 3 pt
+                            break;
+
+                        adapt_prob(&pp[0], e[0], e[1], 24, uf);
+                        adapt_prob(&pp[1], c[0], c[1] + c[2], 24, uf);
+                        adapt_prob(&pp[2], c[1], c[2], 24, uf);
+                    }
+
+    if (s->s.h.keyframe || s->s.h.intraonly) {
+        memcpy(p->skip,  s->prob.p.skip,  sizeof(p->skip));
+        memcpy(p->tx32p, s->prob.p.tx32p, sizeof(p->tx32p));
+        memcpy(p->tx16p, s->prob.p.tx16p, sizeof(p->tx16p));
+        memcpy(p->tx8p,  s->prob.p.tx8p,  sizeof(p->tx8p));
+        return;
+    }
+
+    // skip flag
+    for (i = 0; i < 3; i++)
+        adapt_prob(&p->skip[i], s->td[0].counts.skip[i][0],
+                   s->td[0].counts.skip[i][1], 20, 128);
+
+    // intra/inter flag
+    for (i = 0; i < 4; i++)
+        adapt_prob(&p->intra[i], s->td[0].counts.intra[i][0],
+                   s->td[0].counts.intra[i][1], 20, 128);
+
+    // comppred flag
+    if (s->s.h.comppredmode == PRED_SWITCHABLE) {
+        for (i = 0; i < 5; i++)
+            adapt_prob(&p->comp[i], s->td[0].counts.comp[i][0],
+                       s->td[0].counts.comp[i][1], 20, 128);
+    }
+
+    // reference frames
+    if (s->s.h.comppredmode != PRED_SINGLEREF) {
+        for (i = 0; i < 5; i++)
+            adapt_prob(&p->comp_ref[i], s->td[0].counts.comp_ref[i][0],
+                       s->td[0].counts.comp_ref[i][1], 20, 128);
+    }
+
+    if (s->s.h.comppredmode != PRED_COMPREF) {
+        for (i = 0; i < 5; i++) {
+            uint8_t *pp = p->single_ref[i];
+            unsigned (*c)[2] = s->td[0].counts.single_ref[i];
+
+            adapt_prob(&pp[0], c[0][0], c[0][1], 20, 128);
+            adapt_prob(&pp[1], c[1][0], c[1][1], 20, 128);
+        }
+    }
+
+    // block partitioning
+    for (i = 0; i < 4; i++)
+        for (j = 0; j < 4; j++) {
+            uint8_t *pp = p->partition[i][j];
+            unsigned *c = s->td[0].counts.partition[i][j];
+
+            adapt_prob(&pp[0], c[0], c[1] + c[2] + c[3], 20, 128);
+            adapt_prob(&pp[1], c[1], c[2] + c[3], 20, 128);
+            adapt_prob(&pp[2], c[2], c[3], 20, 128);
+        }
+
+    // tx size
+    if (s->s.h.txfmmode == TX_SWITCHABLE) {
+        for (i = 0; i < 2; i++) {
+            unsigned *c16 = s->td[0].counts.tx16p[i], *c32 = s->td[0].counts.tx32p[i];
+
+            adapt_prob(&p->tx8p[i], s->td[0].counts.tx8p[i][0],
+                       s->td[0].counts.tx8p[i][1], 20, 128);
+            adapt_prob(&p->tx16p[i][0], c16[0], c16[1] + c16[2], 20, 128);
+            adapt_prob(&p->tx16p[i][1], c16[1], c16[2], 20, 128);
+            adapt_prob(&p->tx32p[i][0], c32[0], c32[1] + c32[2] + c32[3], 20, 128);
+            adapt_prob(&p->tx32p[i][1], c32[1], c32[2] + c32[3], 20, 128);
+            adapt_prob(&p->tx32p[i][2], c32[2], c32[3], 20, 128);
+        }
+    }
+
+    // interpolation filter
+    if (s->s.h.filtermode == FILTER_SWITCHABLE) {
+        for (i = 0; i < 4; i++) {
+            uint8_t *pp = p->filter[i];
+            unsigned *c = s->td[0].counts.filter[i];
+
+            adapt_prob(&pp[0], c[0], c[1] + c[2], 20, 128);
+            adapt_prob(&pp[1], c[1], c[2], 20, 128);
+        }
+    }
+
+    // inter modes
+    for (i = 0; i < 7; i++) {
+        uint8_t *pp = p->mv_mode[i];
+        unsigned *c = s->td[0].counts.mv_mode[i];
+
+        adapt_prob(&pp[0], c[2], c[1] + c[0] + c[3], 20, 128);
+        adapt_prob(&pp[1], c[0], c[1] + c[3], 20, 128);
+        adapt_prob(&pp[2], c[1], c[3], 20, 128);
+    }
+
+    // mv joints
+    {
+        uint8_t *pp = p->mv_joint;
+        unsigned *c = s->td[0].counts.mv_joint;
+
+        adapt_prob(&pp[0], c[0], c[1] + c[2] + c[3], 20, 128);
+        adapt_prob(&pp[1], c[1], c[2] + c[3], 20, 128);
+        adapt_prob(&pp[2], c[2], c[3], 20, 128);
+    }
+
+    // mv components
+    for (i = 0; i < 2; i++) {
+        uint8_t *pp;
+        unsigned *c, (*c2)[2], sum;
+
+        adapt_prob(&p->mv_comp[i].sign, s->td[0].counts.mv_comp[i].sign[0],
+                   s->td[0].counts.mv_comp[i].sign[1], 20, 128);
+
+        pp  = p->mv_comp[i].classes;
+        c   = s->td[0].counts.mv_comp[i].classes;
+        sum = c[1] + c[2] + c[3] + c[4] + c[5] +
+              c[6] + c[7] + c[8] + c[9] + c[10];
+        adapt_prob(&pp[0], c[0], sum, 20, 128);
+        sum -= c[1];
+        adapt_prob(&pp[1], c[1], sum, 20, 128);
+        sum -= c[2] + c[3];
+        adapt_prob(&pp[2], c[2] + c[3], sum, 20, 128);
+        adapt_prob(&pp[3], c[2], c[3], 20, 128);
+        sum -= c[4] + c[5];
+        adapt_prob(&pp[4], c[4] + c[5], sum, 20, 128);
+        adapt_prob(&pp[5], c[4], c[5], 20, 128);
+        sum -= c[6];
+        adapt_prob(&pp[6], c[6], sum, 20, 128);
+        adapt_prob(&pp[7], c[7] + c[8], c[9] + c[10], 20, 128);
+        adapt_prob(&pp[8], c[7], c[8], 20, 128);
+        adapt_prob(&pp[9], c[9], c[10], 20, 128);
+
+        adapt_prob(&p->mv_comp[i].class0, s->td[0].counts.mv_comp[i].class0[0],
+                   s->td[0].counts.mv_comp[i].class0[1], 20, 128);
+        pp = p->mv_comp[i].bits;
+        c2 = s->td[0].counts.mv_comp[i].bits;
+        for (j = 0; j < 10; j++)
+            adapt_prob(&pp[j], c2[j][0], c2[j][1], 20, 128);
+
+        for (j = 0; j < 2; j++) {
+            pp = p->mv_comp[i].class0_fp[j];
+            c  = s->td[0].counts.mv_comp[i].class0_fp[j];
+            adapt_prob(&pp[0], c[0], c[1] + c[2] + c[3], 20, 128);
+            adapt_prob(&pp[1], c[1], c[2] + c[3], 20, 128);
+            adapt_prob(&pp[2], c[2], c[3], 20, 128);
+        }
+        pp = p->mv_comp[i].fp;
+        c  = s->td[0].counts.mv_comp[i].fp;
+        adapt_prob(&pp[0], c[0], c[1] + c[2] + c[3], 20, 128);
+        adapt_prob(&pp[1], c[1], c[2] + c[3], 20, 128);
+        adapt_prob(&pp[2], c[2], c[3], 20, 128);
+
+        if (s->s.h.highprecisionmvs) {
+            adapt_prob(&p->mv_comp[i].class0_hp,
+                       s->td[0].counts.mv_comp[i].class0_hp[0],
+                       s->td[0].counts.mv_comp[i].class0_hp[1], 20, 128);
+            adapt_prob(&p->mv_comp[i].hp, s->td[0].counts.mv_comp[i].hp[0],
+                       s->td[0].counts.mv_comp[i].hp[1], 20, 128);
+        }
+    }
+
+    // y intra modes
+    for (i = 0; i < 4; i++) {
+        uint8_t *pp = p->y_mode[i];
+        unsigned *c = s->td[0].counts.y_mode[i], sum, s2;
+
+        sum = c[0] + c[1] + c[3] + c[4] + c[5] + c[6] + c[7] + c[8] + c[9];
+        adapt_prob(&pp[0], c[DC_PRED], sum, 20, 128);
+        sum -= c[TM_VP8_PRED];
+        adapt_prob(&pp[1], c[TM_VP8_PRED], sum, 20, 128);
+        sum -= c[VERT_PRED];
+        adapt_prob(&pp[2], c[VERT_PRED], sum, 20, 128);
+        s2   = c[HOR_PRED] + c[DIAG_DOWN_RIGHT_PRED] + c[VERT_RIGHT_PRED];
+        sum -= s2;
+        adapt_prob(&pp[3], s2, sum, 20, 128);
+        s2 -= c[HOR_PRED];
+        adapt_prob(&pp[4], c[HOR_PRED], s2, 20, 128);
+        adapt_prob(&pp[5], c[DIAG_DOWN_RIGHT_PRED], c[VERT_RIGHT_PRED],
+                   20, 128);
+        sum -= c[DIAG_DOWN_LEFT_PRED];
+        adapt_prob(&pp[6], c[DIAG_DOWN_LEFT_PRED], sum, 20, 128);
+        sum -= c[VERT_LEFT_PRED];
+        adapt_prob(&pp[7], c[VERT_LEFT_PRED], sum, 20, 128);
+        adapt_prob(&pp[8], c[HOR_DOWN_PRED], c[HOR_UP_PRED], 20, 128);
+    }
+
+    // uv intra modes
+    for (i = 0; i < 10; i++) {
+        uint8_t *pp = p->uv_mode[i];
+        unsigned *c = s->td[0].counts.uv_mode[i], sum, s2;
+
+        sum = c[0] + c[1] + c[3] + c[4] + c[5] + c[6] + c[7] + c[8] + c[9];
+        adapt_prob(&pp[0], c[DC_PRED], sum, 20, 128);
+        sum -= c[TM_VP8_PRED];
+        adapt_prob(&pp[1], c[TM_VP8_PRED], sum, 20, 128);
+        sum -= c[VERT_PRED];
+        adapt_prob(&pp[2], c[VERT_PRED], sum, 20, 128);
+        s2   = c[HOR_PRED] + c[DIAG_DOWN_RIGHT_PRED] + c[VERT_RIGHT_PRED];
+        sum -= s2;
+        adapt_prob(&pp[3], s2, sum, 20, 128);
+        s2 -= c[HOR_PRED];
+        adapt_prob(&pp[4], c[HOR_PRED], s2, 20, 128);
+        adapt_prob(&pp[5], c[DIAG_DOWN_RIGHT_PRED], c[VERT_RIGHT_PRED],
+                   20, 128);
+        sum -= c[DIAG_DOWN_LEFT_PRED];
+        adapt_prob(&pp[6], c[DIAG_DOWN_LEFT_PRED], sum, 20, 128);
+        sum -= c[VERT_LEFT_PRED];
+        adapt_prob(&pp[7], c[VERT_LEFT_PRED], sum, 20, 128);
+        adapt_prob(&pp[8], c[HOR_DOWN_PRED], c[HOR_UP_PRED], 20, 128);
+    }
+}
diff --git a/media/ffvpx/libavcodec/vp9recon.c b/media/ffvpx/libavcodec/vp9recon.c
new file mode 100644
index 000000000..49bb04e1f
--- /dev/null
+++ b/media/ffvpx/libavcodec/vp9recon.c
@@ -0,0 +1,644 @@
+/*
+ * VP9 compatible video decoder
+ *
+ * Copyright (C) 2013 Ronald S. Bultje <rsbultje gmail com>
+ * Copyright (C) 2013 Clément Bœsch <u pkh me>
+ *
+ * This file is part of FFmpeg.
+ *
+ * FFmpeg is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * FFmpeg is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with FFmpeg; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#include "libavutil/avassert.h"
+
+#include "avcodec.h"
+#include "internal.h"
+#include "videodsp.h"
+#include "vp9data.h"
+#include "vp9dec.h"
+
+static av_always_inline int check_intra_mode(VP9TileData *td, int mode, uint8_t **a,
+                                             uint8_t *dst_edge, ptrdiff_t stride_edge,
+                                             uint8_t *dst_inner, ptrdiff_t stride_inner,
+                                             uint8_t *l, int col, int x, int w,
+                                             int row, int y, enum TxfmMode tx,
+                                             int p, int ss_h, int ss_v, int bytesperpixel)
+{
+    VP9Context *s = td->s;
+    int have_top = row > 0 || y > 0;
+    int have_left = col > td->tile_col_start || x > 0;
+    int have_right = x < w - 1;
+    int bpp = s->s.h.bpp;
+    static const uint8_t mode_conv[10][2 /* have_left */][2 /* have_top */] = {
+        [VERT_PRED]            = { { DC_127_PRED,          VERT_PRED            },
+                                   { DC_127_PRED,          VERT_PRED            } },
+        [HOR_PRED]             = { { DC_129_PRED,          DC_129_PRED          },
+                                   { HOR_PRED,             HOR_PRED             } },
+        [DC_PRED]              = { { DC_128_PRED,          TOP_DC_PRED          },
+                                   { LEFT_DC_PRED,         DC_PRED              } },
+        [DIAG_DOWN_LEFT_PRED]  = { { DC_127_PRED,          DIAG_DOWN_LEFT_PRED  },
+                                   { DC_127_PRED,          DIAG_DOWN_LEFT_PRED  } },
+        [DIAG_DOWN_RIGHT_PRED] = { { DIAG_DOWN_RIGHT_PRED, DIAG_DOWN_RIGHT_PRED },
+                                   { DIAG_DOWN_RIGHT_PRED, DIAG_DOWN_RIGHT_PRED } },
+        [VERT_RIGHT_PRED]      = { { VERT_RIGHT_PRED,      VERT_RIGHT_PRED      },
+                                   { VERT_RIGHT_PRED,      VERT_RIGHT_PRED      } },
+        [HOR_DOWN_PRED]        = { { HOR_DOWN_PRED,        HOR_DOWN_PRED        },
+                                   { HOR_DOWN_PRED,        HOR_DOWN_PRED        } },
+        [VERT_LEFT_PRED]       = { { DC_127_PRED,          VERT_LEFT_PRED       },
+                                   { DC_127_PRED,          VERT_LEFT_PRED       } },
+        [HOR_UP_PRED]          = { { DC_129_PRED,          DC_129_PRED          },
+                                   { HOR_UP_PRED,          HOR_UP_PRED          } },
+        [TM_VP8_PRED]          = { { DC_129_PRED,          VERT_PRED            },
+                                   { HOR_PRED,             TM_VP8_PRED          } },
+    };
+    static const struct {
+        uint8_t needs_left:1;
+        uint8_t needs_top:1;
+        uint8_t needs_topleft:1;
+        uint8_t needs_topright:1;
+        uint8_t invert_left:1;
+    } edges[N_INTRA_PRED_MODES] = {
+        [VERT_PRED]            = { .needs_top  = 1 },
+        [HOR_PRED]             = { .needs_left = 1 },
+        [DC_PRED]              = { .needs_top  = 1, .needs_left = 1 },
+        [DIAG_DOWN_LEFT_PRED]  = { .needs_top  = 1, .needs_topright = 1 },
+        [DIAG_DOWN_RIGHT_PRED] = { .needs_left = 1, .needs_top = 1,
+                                   .needs_topleft = 1 },
+        [VERT_RIGHT_PRED]      = { .needs_left = 1, .needs_top = 1,
+                                   .needs_topleft = 1 },
+        [HOR_DOWN_PRED]        = { .needs_left = 1, .needs_top = 1,
+                                   .needs_topleft = 1 },
+        [VERT_LEFT_PRED]       = { .needs_top  = 1, .needs_topright = 1 },
+        [HOR_UP_PRED]          = { .needs_left = 1, .invert_left = 1 },
+        [TM_VP8_PRED]          = { .needs_left = 1, .needs_top = 1,
+                                   .needs_topleft = 1 },
+        [LEFT_DC_PRED]         = { .needs_left = 1 },
+        [TOP_DC_PRED]          = { .needs_top  = 1 },
+        [DC_128_PRED]          = { 0 },
+        [DC_127_PRED]          = { 0 },
+        [DC_129_PRED]          = { 0 }
+    };
+
+    av_assert2(mode >= 0 && mode < 10);
+    mode = mode_conv[mode][have_left][have_top];
+    if (edges[mode].needs_top) {
+        uint8_t *top, *topleft;
+        int n_px_need = 4 << tx, n_px_have = (((s->cols - col) << !ss_h) - x) * 4;
+        int n_px_need_tr = 0;
+
+        if (tx == TX_4X4 && edges[mode].needs_topright && have_right)
+            n_px_need_tr = 4;
+
+        // if top of sb64-row, use s->intra_pred_data[] instead of
+        // dst[-stride] for intra prediction (it contains pre- instead of
+        // post-loopfilter data)
+        if (have_top) {
+            top = !(row & 7) && !y ?
+                s->intra_pred_data[p] + (col * (8 >> ss_h) + x * 4) * bytesperpixel :
+                y == 0 ? &dst_edge[-stride_edge] : &dst_inner[-stride_inner];
+            if (have_left)
+                topleft = !(row & 7) && !y ?
+                    s->intra_pred_data[p] + (col * (8 >> ss_h) + x * 4) * bytesperpixel :
+                    y == 0 || x == 0 ? &dst_edge[-stride_edge] :
+                    &dst_inner[-stride_inner];
+        }
+
+        if (have_top &&
+            (!edges[mode].needs_topleft || (have_left && top == topleft)) &&
+            (tx != TX_4X4 || !edges[mode].needs_topright || have_right) &&
+            n_px_need + n_px_need_tr <= n_px_have) {
+            *a = top;
+        } else {
+            if (have_top) {
+                if (n_px_need <= n_px_have) {
+                    memcpy(*a, top, n_px_need * bytesperpixel);
+                } else {
+#define memset_bpp(c, i1, v, i2, num) do { \
+    if (bytesperpixel == 1) { \
+        memset(&(c)[(i1)], (v)[(i2)], (num)); \
+    } else { \
+        int n, val = AV_RN16A(&(v)[(i2) * 2]); \
+        for (n = 0; n < (num); n++) { \
+            AV_WN16A(&(c)[((i1) + n) * 2], val); \
+        } \
+    } \
+} while (0)
+                    memcpy(*a, top, n_px_have * bytesperpixel);
+                    memset_bpp(*a, n_px_have, (*a), n_px_have - 1, n_px_need - n_px_have);
+                }
+            } else {
+#define memset_val(c, val, num) do { \
+    if (bytesperpixel == 1) { \
+        memset((c), (val), (num)); \
+    } else { \
+        int n; \
+        for (n = 0; n < (num); n++) { \
+            AV_WN16A(&(c)[n * 2], (val)); \
+        } \
+    } \
+} while (0)
+                memset_val(*a, (128 << (bpp - 8)) - 1, n_px_need);
+            }
+            if (edges[mode].needs_topleft) {
+                if (have_left && have_top) {
+#define assign_bpp(c, i1, v, i2) do { \
+    if (bytesperpixel == 1) { \
+        (c)[(i1)] = (v)[(i2)]; \
+    } else { \
+        AV_COPY16(&(c)[(i1) * 2], &(v)[(i2) * 2]); \
+    } \
+} while (0)
+                    assign_bpp(*a, -1, topleft, -1);
+                } else {
+#define assign_val(c, i, v) do { \
+    if (bytesperpixel == 1) { \
+        (c)[(i)] = (v); \
+    } else { \
+        AV_WN16A(&(c)[(i) * 2], (v)); \
+    } \
+} while (0)
+                    assign_val((*a), -1, (128 << (bpp - 8)) + (have_top ? +1 : -1));
+                }
+            }
+            if (tx == TX_4X4 && edges[mode].needs_topright) {
+                if (have_top && have_right &&
+                    n_px_need + n_px_need_tr <= n_px_have) {
+                    memcpy(&(*a)[4 * bytesperpixel], &top[4 * bytesperpixel], 4 * bytesperpixel);
+                } else {
+                    memset_bpp(*a, 4, *a, 3, 4);
+                }
+            }
+        }
+    }
+    if (edges[mode].needs_left) {
+        if (have_left) {
+            int n_px_need = 4 << tx, i, n_px_have = (((s->rows - row) << !ss_v) - y) * 4;
+            uint8_t *dst = x == 0 ? dst_edge : dst_inner;
+            ptrdiff_t stride = x == 0 ? stride_edge : stride_inner;
+
+            if (edges[mode].invert_left) {
+                if (n_px_need <= n_px_have) {
+                    for (i = 0; i < n_px_need; i++)
+                        assign_bpp(l, i, &dst[i * stride], -1);
+                } else {
+                    for (i = 0; i < n_px_have; i++)
+                        assign_bpp(l, i, &dst[i * stride], -1);
+                    memset_bpp(l, n_px_have, l, n_px_have - 1, n_px_need - n_px_have);
+                }
+            } else {
+                if (n_px_need <= n_px_have) {
+                    for (i = 0; i < n_px_need; i++)
+                        assign_bpp(l, n_px_need - 1 - i, &dst[i * stride], -1);
+                } else {
+                    for (i = 0; i < n_px_have; i++)
+                        assign_bpp(l, n_px_need - 1 - i, &dst[i * stride], -1);
+                    memset_bpp(l, 0, l, n_px_need - n_px_have, n_px_need - n_px_have);
+                }
+            }
+        } else {
+            memset_val(l, (128 << (bpp - 8)) + 1, 4 << tx);
+        }
+    }
+
+    return mode;
+}
+
+static av_always_inline void intra_recon(VP9TileData *td, ptrdiff_t y_off,
+                                         ptrdiff_t uv_off, int bytesperpixel)
+{
+    VP9Context *s = td->s;
+    VP9Block *b = td->b;
+    int row = td->row, col = td->col;
+    int w4 = ff_vp9_bwh_tab[1][b->bs][0] << 1, step1d = 1 << b->tx, n;
+    int h4 = ff_vp9_bwh_tab[1][b->bs][1] << 1, x, y, step = 1 << (b->tx * 2);
+    int end_x = FFMIN(2 * (s->cols - col), w4);
+    int end_y = FFMIN(2 * (s->rows - row), h4);
+    int tx = 4 * s->s.h.lossless + b->tx, uvtx = b->uvtx + 4 * s->s.h.lossless;
+    int uvstep1d = 1 << b->uvtx, p;
+    uint8_t *dst = td->dst[0], *dst_r = s->s.frames[CUR_FRAME].tf.f->data[0] + y_off;
+    LOCAL_ALIGNED_32(uint8_t, a_buf, [96]);
+    LOCAL_ALIGNED_32(uint8_t, l, [64]);
+
+    for (n = 0, y = 0; y < end_y; y += step1d) {
+        uint8_t *ptr = dst, *ptr_r = dst_r;
+        for (x = 0; x < end_x; x += step1d, ptr += 4 * step1d * bytesperpixel,
+                               ptr_r += 4 * step1d * bytesperpixel, n += step) {
+            int mode = b->mode[b->bs > BS_8x8 && b->tx == TX_4X4 ?
+                               y * 2 + x : 0];
+            uint8_t *a = &a_buf[32];
+            enum TxfmType txtp = ff_vp9_intra_txfm_type[mode];
+            int eob = b->skip ? 0 : b->tx > TX_8X8 ? AV_RN16A(&td->eob[n]) : td->eob[n];
+
+            mode = check_intra_mode(td, mode, &a, ptr_r,
+                                    s->s.frames[CUR_FRAME].tf.f->linesize[0],
+                                    ptr, td->y_stride, l,
+                                    col, x, w4, row, y, b->tx, 0, 0, 0, bytesperpixel);
+            s->dsp.intra_pred[b->tx][mode](ptr, td->y_stride, l, a);
+            if (eob)
+                s->dsp.itxfm_add[tx][txtp](ptr, td->y_stride,
+                                           td->block + 16 * n * bytesperpixel, eob);
+        }
+        dst_r += 4 * step1d * s->s.frames[CUR_FRAME].tf.f->linesize[0];
+        dst   += 4 * step1d * td->y_stride;
+    }
+
+    // U/V
+    w4    >>= s->ss_h;
+    end_x >>= s->ss_h;
+    end_y >>= s->ss_v;
+    step = 1 << (b->uvtx * 2);
+    for (p = 0; p < 2; p++) {
+        dst   = td->dst[1 + p];
+        dst_r = s->s.frames[CUR_FRAME].tf.f->data[1 + p] + uv_off;
+        for (n = 0, y = 0; y < end_y; y += uvstep1d) {
+            uint8_t *ptr = dst, *ptr_r = dst_r;
+            for (x = 0; x < end_x; x += uvstep1d, ptr += 4 * uvstep1d * bytesperpixel,
+                                   ptr_r += 4 * uvstep1d * bytesperpixel, n += step) {
+                int mode = b->uvmode;
+                uint8_t *a = &a_buf[32];
+                int eob = b->skip ? 0 : b->uvtx > TX_8X8 ? AV_RN16A(&td->uveob[p][n]) : td->uveob[p][n];
+
+                mode = check_intra_mode(td, mode, &a, ptr_r,
+                                        s->s.frames[CUR_FRAME].tf.f->linesize[1],
+                                        ptr, td->uv_stride, l, col, x, w4, row, y,
+                                        b->uvtx, p + 1, s->ss_h, s->ss_v, bytesperpixel);
+                s->dsp.intra_pred[b->uvtx][mode](ptr, td->uv_stride, l, a);
+                if (eob)
+                    s->dsp.itxfm_add[uvtx][DCT_DCT](ptr, td->uv_stride,
+                                                    td->uvblock[p] + 16 * n * bytesperpixel, eob);
+            }
+            dst_r += 4 * uvstep1d * s->s.frames[CUR_FRAME].tf.f->linesize[1];
+            dst   += 4 * uvstep1d * td->uv_stride;
+        }
+    }
+}
+
+void ff_vp9_intra_recon_8bpp(VP9TileData *td, ptrdiff_t y_off, ptrdiff_t uv_off)
+{
+    intra_recon(td, y_off, uv_off, 1);
+}
+
+void ff_vp9_intra_recon_16bpp(VP9TileData *td, ptrdiff_t y_off, ptrdiff_t uv_off)
+{
+    intra_recon(td, y_off, uv_off, 2);
+}
+
+static av_always_inline void mc_luma_unscaled(VP9TileData *td, vp9_mc_func (*mc)[2],
+                                              uint8_t *dst, ptrdiff_t dst_stride,
+                                              const uint8_t *ref, ptrdiff_t ref_stride,
+                                              ThreadFrame *ref_frame,
+                                              ptrdiff_t y, ptrdiff_t x, const VP56mv *mv,
+                                              int bw, int bh, int w, int h, int bytesperpixel)
+{
+    VP9Context *s = td->s;
+    int mx = mv->x, my = mv->y, th;
+
+    y += my >> 3;
+    x += mx >> 3;
+    ref += y * ref_stride + x * bytesperpixel;
+    mx &= 7;
+    my &= 7;
+    // FIXME bilinear filter only needs 0/1 pixels, not 3/4
+    // we use +7 because the last 7 pixels of each sbrow can be changed in
+    // the longest loopfilter of the next sbrow
+    th = (y + bh + 4 * !!my + 7) >> 6;
+    ff_thread_await_progress(ref_frame, FFMAX(th, 0), 0);
+    // The arm/aarch64 _hv filters read one more row than what actually is
+    // needed, so switch to emulated edge one pixel sooner vertically
+    // (!!my * 5) than horizontally (!!mx * 4).
+    if (x < !!mx * 3 || y < !!my * 3 ||
+        x + !!mx * 4 > w - bw || y + !!my * 5 > h - bh) {
+        s->vdsp.emulated_edge_mc(td->edge_emu_buffer,
+                                 ref - !!my * 3 * ref_stride - !!mx * 3 * bytesperpixel,
+                                 160, ref_stride,
+                                 bw + !!mx * 7, bh + !!my * 7,
+                                 x - !!mx * 3, y - !!my * 3, w, h);
+        ref = td->edge_emu_buffer + !!my * 3 * 160 + !!mx * 3 * bytesperpixel;
+        ref_stride = 160;
+    }
+    mc[!!mx][!!my](dst, dst_stride, ref, ref_stride, bh, mx << 1, my << 1);
+}
+
+static av_always_inline void mc_chroma_unscaled(VP9TileData *td, vp9_mc_func (*mc)[2],
+                                                uint8_t *dst_u, uint8_t *dst_v,
+                                                ptrdiff_t dst_stride,
+                                                const uint8_t *ref_u, ptrdiff_t src_stride_u,
+                                                const uint8_t *ref_v, ptrdiff_t src_stride_v,
+                                                ThreadFrame *ref_frame,
+                                                ptrdiff_t y, ptrdiff_t x, const VP56mv *mv,
+                                                int bw, int bh, int w, int h, int bytesperpixel)
+{
+    VP9Context *s = td->s;
+    int mx = mv->x * (1 << !s->ss_h), my = mv->y * (1 << !s->ss_v), th;
+
+    y += my >> 4;
+    x += mx >> 4;
+    ref_u += y * src_stride_u + x * bytesperpixel;
+    ref_v += y * src_stride_v + x * bytesperpixel;
+    mx &= 15;
+    my &= 15;
+    // FIXME bilinear filter only needs 0/1 pixels, not 3/4
+    // we use +7 because the last 7 pixels of each sbrow can be changed in
+    // the longest loopfilter of the next sbrow
+    th = (y + bh + 4 * !!my + 7) >> (6 - s->ss_v);
+    ff_thread_await_progress(ref_frame, FFMAX(th, 0), 0);
+    // The arm/aarch64 _hv filters read one more row than what actually is
+    // needed, so switch to emulated edge one pixel sooner vertically
+    // (!!my * 5) than horizontally (!!mx * 4).
+    if (x < !!mx * 3 || y < !!my * 3 ||
+        x + !!mx * 4 > w - bw || y + !!my * 5 > h - bh) {
+        s->vdsp.emulated_edge_mc(td->edge_emu_buffer,
+                                 ref_u - !!my * 3 * src_stride_u - !!mx * 3 * bytesperpixel,
+                                 160, src_stride_u,
+                                 bw + !!mx * 7, bh + !!my * 7,
+                                 x - !!mx * 3, y - !!my * 3, w, h);
+        ref_u = td->edge_emu_buffer + !!my * 3 * 160 + !!mx * 3 * bytesperpixel;
+        mc[!!mx][!!my](dst_u, dst_stride, ref_u, 160, bh, mx, my);
+
+        s->vdsp.emulated_edge_mc(td->edge_emu_buffer,
+                                 ref_v - !!my * 3 * src_stride_v - !!mx * 3 * bytesperpixel,
+                                 160, src_stride_v,
+                                 bw + !!mx * 7, bh + !!my * 7,
+                                 x - !!mx * 3, y - !!my * 3, w, h);
+        ref_v = td->edge_emu_buffer + !!my * 3 * 160 + !!mx * 3 * bytesperpixel;
+        mc[!!mx][!!my](dst_v, dst_stride, ref_v, 160, bh, mx, my);
+    } else {
+        mc[!!mx][!!my](dst_u, dst_stride, ref_u, src_stride_u, bh, mx, my);
+        mc[!!mx][!!my](dst_v, dst_stride, ref_v, src_stride_v, bh, mx, my);
+    }
+}
+
+#define mc_luma_dir(td, mc, dst, dst_ls, src, src_ls, tref, row, col, mv, \
+                    px, py, pw, ph, bw, bh, w, h, i) \
+    mc_luma_unscaled(td, s->dsp.mc, dst, dst_ls, src, src_ls, tref, row, col, \
+                     mv, bw, bh, w, h, bytesperpixel)
+#define mc_chroma_dir(td, mc, dstu, dstv, dst_ls, srcu, srcu_ls, srcv, srcv_ls, tref, \
+                      row, col, mv, px, py, pw, ph, bw, bh, w, h, i) \
+    mc_chroma_unscaled(td, s->dsp.mc, dstu, dstv, dst_ls, srcu, srcu_ls, srcv, srcv_ls, tref, \
+                       row, col, mv, bw, bh, w, h, bytesperpixel)
+#define SCALED 0
+#define FN(x) x##_8bpp
+#define BYTES_PER_PIXEL 1
+#include "vp9_mc_template.c"
+#undef FN
+#undef BYTES_PER_PIXEL
+#define FN(x) x##_16bpp
+#define BYTES_PER_PIXEL 2
+#include "vp9_mc_template.c"
+#undef mc_luma_dir
+#undef mc_chroma_dir
+#undef FN
+#undef BYTES_PER_PIXEL
+#undef SCALED
+
+static av_always_inline void mc_luma_scaled(VP9TileData *td, vp9_scaled_mc_func smc,
+                                            vp9_mc_func (*mc)[2],
+                                            uint8_t *dst, ptrdiff_t dst_stride,
+                                            const uint8_t *ref, ptrdiff_t ref_stride,
+                                            ThreadFrame *ref_frame,
+                                            ptrdiff_t y, ptrdiff_t x, const VP56mv *in_mv,
+                                            int px, int py, int pw, int ph,
+                                            int bw, int bh, int w, int h, int bytesperpixel,
+                                            const uint16_t *scale, const uint8_t *step)
+{
+    VP9Context *s = td->s;
+    if (s->s.frames[CUR_FRAME].tf.f->width == ref_frame->f->width &&
+        s->s.frames[CUR_FRAME].tf.f->height == ref_frame->f->height) {
+        mc_luma_unscaled(td, mc, dst, dst_stride, ref, ref_stride, ref_frame,
+                         y, x, in_mv, bw, bh, w, h, bytesperpixel);
+    } else {
+#define scale_mv(n, dim) (((int64_t)(n) * scale[dim]) >> 14)
+    int mx, my;
+    int refbw_m1, refbh_m1;
+    int th;
+    VP56mv mv;
+
+    mv.x = av_clip(in_mv->x, -(x + pw - px + 4) * 8, (s->cols * 8 - x + px + 3) * 8);
+    mv.y = av_clip(in_mv->y, -(y + ph - py + 4) * 8, (s->rows * 8 - y + py + 3) * 8);
+    // BUG libvpx seems to scale the two components separately. This introduces
+    // rounding errors but we have to reproduce them to be exactly compatible
+    // with the output from libvpx...
+    mx = scale_mv(mv.x * 2, 0) + scale_mv(x * 16, 0);
+    my = scale_mv(mv.y * 2, 1) + scale_mv(y * 16, 1);
+
+    y = my >> 4;
+    x = mx >> 4;
+    ref += y * ref_stride + x * bytesperpixel;
+    mx &= 15;
+    my &= 15;
+    refbw_m1 = ((bw - 1) * step[0] + mx) >> 4;
+    refbh_m1 = ((bh - 1) * step[1] + my) >> 4;
+    // FIXME bilinear filter only needs 0/1 pixels, not 3/4
+    // we use +7 because the last 7 pixels of each sbrow can be changed in
+    // the longest loopfilter of the next sbrow
+    th = (y + refbh_m1 + 4 + 7) >> 6;
+    ff_thread_await_progress(ref_frame, FFMAX(th, 0), 0);
+    // The arm/aarch64 _hv filters read one more row than what actually is
+    // needed, so switch to emulated edge one pixel sooner vertically
+    // (y + 5 >= h - refbh_m1) than horizontally (x + 4 >= w - refbw_m1).
+    if (x < 3 || y < 3 || x + 4 >= w - refbw_m1 || y + 5 >= h - refbh_m1) {
+        s->vdsp.emulated_edge_mc(td->edge_emu_buffer,
+                                 ref - 3 * ref_stride - 3 * bytesperpixel,
+                                 288, ref_stride,
+                                 refbw_m1 + 8, refbh_m1 + 8,
+                                 x - 3, y - 3, w, h);
+        ref = td->edge_emu_buffer + 3 * 288 + 3 * bytesperpixel;
+        ref_stride = 288;
+    }
+    smc(dst, dst_stride, ref, ref_stride, bh, mx, my, step[0], step[1]);
+    }
+}
+
+static av_always_inline void mc_chroma_scaled(VP9TileData *td, vp9_scaled_mc_func smc,
+                                              vp9_mc_func (*mc)[2],
+                                              uint8_t *dst_u, uint8_t *dst_v,
+                                              ptrdiff_t dst_stride,
+                                              const uint8_t *ref_u, ptrdiff_t src_stride_u,
+                                              const uint8_t *ref_v, ptrdiff_t src_stride_v,
+                                              ThreadFrame *ref_frame,
+                                              ptrdiff_t y, ptrdiff_t x, const VP56mv *in_mv,
+                                              int px, int py, int pw, int ph,
+                                              int bw, int bh, int w, int h, int bytesperpixel,
+                                              const uint16_t *scale, const uint8_t *step)
+{
+    VP9Context *s = td->s;
+    if (s->s.frames[CUR_FRAME].tf.f->width == ref_frame->f->width &&
+        s->s.frames[CUR_FRAME].tf.f->height == ref_frame->f->height) {
+        mc_chroma_unscaled(td, mc, dst_u, dst_v, dst_stride, ref_u, src_stride_u,
+                           ref_v, src_stride_v, ref_frame,
+                           y, x, in_mv, bw, bh, w, h, bytesperpixel);
+    } else {
+    int mx, my;
+    int refbw_m1, refbh_m1;
+    int th;
+    VP56mv mv;
+
+    if (s->ss_h) {
+        // BUG https://code.google.com/p/webm/issues/detail?id=820
+        mv.x = av_clip(in_mv->x, -(x + pw - px + 4) * 16, (s->cols * 4 - x + px + 3) * 16);
+        mx = scale_mv(mv.x, 0) + (scale_mv(x * 16, 0) & ~15) + (scale_mv(x * 32, 0) & 15);
+    } else {
+        mv.x = av_clip(in_mv->x, -(x + pw - px + 4) * 8, (s->cols * 8 - x + px + 3) * 8);
+        mx = scale_mv(mv.x * 2, 0) + scale_mv(x * 16, 0);
+    }
+    if (s->ss_v) {
+        // BUG https://code.google.com/p/webm/issues/detail?id=820
+        mv.y = av_clip(in_mv->y, -(y + ph - py + 4) * 16, (s->rows * 4 - y + py + 3) * 16);
+        my = scale_mv(mv.y, 1) + (scale_mv(y * 16, 1) & ~15) + (scale_mv(y * 32, 1) & 15);
+    } else {
+        mv.y = av_clip(in_mv->y, -(y + ph - py + 4) * 8, (s->rows * 8 - y + py + 3) * 8);
+        my = scale_mv(mv.y * 2, 1) + scale_mv(y * 16, 1);
+    }
+#undef scale_mv
+    y = my >> 4;
+    x = mx >> 4;
+    ref_u += y * src_stride_u + x * bytesperpixel;
+    ref_v += y * src_stride_v + x * bytesperpixel;
+    mx &= 15;
+    my &= 15;
+    refbw_m1 = ((bw - 1) * step[0] + mx) >> 4;
+    refbh_m1 = ((bh - 1) * step[1] + my) >> 4;
+    // FIXME bilinear filter only needs 0/1 pixels, not 3/4
+    // we use +7 because the last 7 pixels of each sbrow can be changed in
+    // the longest loopfilter of the next sbrow
+    th = (y + refbh_m1 + 4 + 7) >> (6 - s->ss_v);
+    ff_thread_await_progress(ref_frame, FFMAX(th, 0), 0);
+    // The arm/aarch64 _hv filters read one more row than what actually is
+    // needed, so switch to emulated edge one pixel sooner vertically
+    // (y + 5 >= h - refbh_m1) than horizontally (x + 4 >= w - refbw_m1).
+    if (x < 3 || y < 3 || x + 4 >= w - refbw_m1 || y + 5 >= h - refbh_m1) {
+        s->vdsp.emulated_edge_mc(td->edge_emu_buffer,
+                                 ref_u - 3 * src_stride_u - 3 * bytesperpixel,
+                                 288, src_stride_u,
+                                 refbw_m1 + 8, refbh_m1 + 8,
+                                 x - 3, y - 3, w, h);
+        ref_u = td->edge_emu_buffer + 3 * 288 + 3 * bytesperpixel;
+        smc(dst_u, dst_stride, ref_u, 288, bh, mx, my, step[0], step[1]);
+
+        s->vdsp.emulated_edge_mc(td->edge_emu_buffer,
+                                 ref_v - 3 * src_stride_v - 3 * bytesperpixel,
+                                 288, src_stride_v,
+                                 refbw_m1 + 8, refbh_m1 + 8,
+                                 x - 3, y - 3, w, h);
+        ref_v = td->edge_emu_buffer + 3 * 288 + 3 * bytesperpixel;
+        smc(dst_v, dst_stride, ref_v, 288, bh, mx, my, step[0], step[1]);
+    } else {
+        smc(dst_u, dst_stride, ref_u, src_stride_u, bh, mx, my, step[0], step[1]);
+        smc(dst_v, dst_stride, ref_v, src_stride_v, bh, mx, my, step[0], step[1]);
+    }
+    }
+}
+
+#define mc_luma_dir(td, mc, dst, dst_ls, src, src_ls, tref, row, col, mv, \
+                    px, py, pw, ph, bw, bh, w, h, i) \
+    mc_luma_scaled(td, s->dsp.s##mc, s->dsp.mc, dst, dst_ls, src, src_ls, tref, row, col, \
+                   mv, px, py, pw, ph, bw, bh, w, h, bytesperpixel, \
+                   s->mvscale[b->ref[i]], s->mvstep[b->ref[i]])
+#define mc_chroma_dir(td, mc, dstu, dstv, dst_ls, srcu, srcu_ls, srcv, srcv_ls, tref, \
+                      row, col, mv, px, py, pw, ph, bw, bh, w, h, i) \
+    mc_chroma_scaled(td, s->dsp.s##mc, s->dsp.mc, dstu, dstv, dst_ls, srcu, srcu_ls, srcv, srcv_ls, tref, \
+                     row, col, mv, px, py, pw, ph, bw, bh, w, h, bytesperpixel, \
+                     s->mvscale[b->ref[i]], s->mvstep[b->ref[i]])
+#define SCALED 1
+#define FN(x) x##_scaled_8bpp
+#define BYTES_PER_PIXEL 1
+#include "vp9_mc_template.c"
+#undef FN
+#undef BYTES_PER_PIXEL
+#define FN(x) x##_scaled_16bpp
+#define BYTES_PER_PIXEL 2
+#include "vp9_mc_template.c"
+#undef mc_luma_dir
+#undef mc_chroma_dir
+#undef FN
+#undef BYTES_PER_PIXEL
+#undef SCALED
+
+static av_always_inline void inter_recon(VP9TileData *td, int bytesperpixel)
+{
+    VP9Context *s = td->s;
+    VP9Block *b = td->b;
+    int row = td->row, col = td->col;
+
+    if (s->mvscale[b->ref[0]][0] || (b->comp && s->mvscale[b->ref[1]][0])) {
+        if (bytesperpixel == 1) {
+            inter_pred_scaled_8bpp(td);
+        } else {
+            inter_pred_scaled_16bpp(td);
+        }
+    } else {
+        if (bytesperpixel == 1) {
+            inter_pred_8bpp(td);
+        } else {
+            inter_pred_16bpp(td);
+        }
+    }
+
+    if (!b->skip) {
+        /* mostly copied intra_recon() */
+
+        int w4 = ff_vp9_bwh_tab[1][b->bs][0] << 1, step1d = 1 << b->tx, n;
+        int h4 = ff_vp9_bwh_tab[1][b->bs][1] << 1, x, y, step = 1 << (b->tx * 2);
+        int end_x = FFMIN(2 * (s->cols - col), w4);
+        int end_y = FFMIN(2 * (s->rows - row), h4);
+        int tx = 4 * s->s.h.lossless + b->tx, uvtx = b->uvtx + 4 * s->s.h.lossless;
+        int uvstep1d = 1 << b->uvtx, p;
+        uint8_t *dst = td->dst[0];
+
+        // y itxfm add
+        for (n = 0, y = 0; y < end_y; y += step1d) {
+            uint8_t *ptr = dst;
+            for (x = 0; x < end_x; x += step1d,
+                 ptr += 4 * step1d * bytesperpixel, n += step) {
+                int eob = b->tx > TX_8X8 ? AV_RN16A(&td->eob[n]) : td->eob[n];
+
+                if (eob)
+                    s->dsp.itxfm_add[tx][DCT_DCT](ptr, td->y_stride,
+                                                  td->block + 16 * n * bytesperpixel, eob);
+            }
+            dst += 4 * td->y_stride * step1d;
+        }
+
+        // uv itxfm add
+        end_x >>= s->ss_h;
+        end_y >>= s->ss_v;
+        step = 1 << (b->uvtx * 2);
+        for (p = 0; p < 2; p++) {
+            dst = td->dst[p + 1];
+            for (n = 0, y = 0; y < end_y; y += uvstep1d) {
+                uint8_t *ptr = dst;
+                for (x = 0; x < end_x; x += uvstep1d,
+                     ptr += 4 * uvstep1d * bytesperpixel, n += step) {
+                    int eob = b->uvtx > TX_8X8 ? AV_RN16A(&td->uveob[p][n]) : td->uveob[p][n];
+
+                    if (eob)
+                        s->dsp.itxfm_add[uvtx][DCT_DCT](ptr, td->uv_stride,
+                                                        td->uvblock[p] + 16 * n * bytesperpixel, eob);
+                }
+                dst += 4 * uvstep1d * td->uv_stride;
+            }
+        }
+    }
+}
+
+void ff_vp9_inter_recon_8bpp(VP9TileData *td)
+{
+    inter_recon(td, 1);
+}
+
+void ff_vp9_inter_recon_16bpp(VP9TileData *td)
+{
+    inter_recon(td, 2);
+}
diff --git a/media/ffvpx/libavcodec/vp9shared.h b/media/ffvpx/libavcodec/vp9shared.h
new file mode 100644
index 000000000..54726df74
--- /dev/null
+++ b/media/ffvpx/libavcodec/vp9shared.h
@@ -0,0 +1,169 @@
+/*
+ * VP9 compatible video decoder
+ *
+ * Copyright (C) 2013 Ronald S. Bultje <rsbultje gmail com>
+ * Copyright (C) 2013 Clément Bœsch <u pkh me>
+ *
+ * This file is part of FFmpeg.
+ *
+ * FFmpeg is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * FFmpeg is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with FFmpeg; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#ifndef AVCODEC_VP9SHARED_H
+#define AVCODEC_VP9SHARED_H
+
+#include <stddef.h>
+#include <stdint.h>
+
+#include "vp9.h"
+#include "thread.h"
+#include "vp56.h"
+
+enum BlockPartition {
+    PARTITION_NONE,    // [ ] <-.
+    PARTITION_H,       // [-]   |
+    PARTITION_V,       // [|]   |
+    PARTITION_SPLIT,   // [+] --'
+};
+
+enum InterPredMode {
+    NEARESTMV = 10,
+    NEARMV    = 11,
+    ZEROMV    = 12,
+    NEWMV     = 13,
+};
+
+enum CompPredMode {
+    PRED_SINGLEREF,
+    PRED_COMPREF,
+    PRED_SWITCHABLE,
+};
+
+typedef struct VP9mvrefPair {
+    VP56mv mv[2];
+    int8_t ref[2];
+} VP9mvrefPair;
+
+typedef struct VP9Frame {
+    ThreadFrame tf;
+    AVBufferRef *extradata;
+    uint8_t *segmentation_map;
+    VP9mvrefPair *mv;
+    int uses_2pass;
+
+    AVBufferRef *hwaccel_priv_buf;
+    void *hwaccel_picture_private;
+} VP9Frame;
+
+enum BlockLevel {
+    BL_64X64,
+    BL_32X32,
+    BL_16X16,
+    BL_8X8,
+};
+
+enum BlockSize {
+    BS_64x64,
+    BS_64x32,
+    BS_32x64,
+    BS_32x32,
+    BS_32x16,
+    BS_16x32,
+    BS_16x16,
+    BS_16x8,
+    BS_8x16,
+    BS_8x8,
+    BS_8x4,
+    BS_4x8,
+    BS_4x4,
+    N_BS_SIZES,
+};
+
+typedef struct VP9BitstreamHeader {
+    // bitstream header
+    uint8_t profile;
+    uint8_t bpp;
+    uint8_t keyframe;
+    uint8_t invisible;
+    uint8_t errorres;
+    uint8_t intraonly;
+    uint8_t resetctx;
+    uint8_t refreshrefmask;
+    uint8_t highprecisionmvs;
+    enum FilterMode filtermode;
+    uint8_t allowcompinter;
+    uint8_t refreshctx;
+    uint8_t parallelmode;
+    uint8_t framectxid;
+    uint8_t use_last_frame_mvs;
+    uint8_t refidx[3];
+    uint8_t signbias[3];
+    uint8_t fixcompref;
+    uint8_t varcompref[2];
+    struct {
+        uint8_t level;
+        int8_t sharpness;
+    } filter;
+    struct {
+        uint8_t enabled;
+        uint8_t updated;
+        int8_t mode[2];
+        int8_t ref[4];
+    } lf_delta;
+    uint8_t yac_qi;
+    int8_t ydc_qdelta, uvdc_qdelta, uvac_qdelta;
+    uint8_t lossless;
+#define MAX_SEGMENT 8
+    struct {
+        uint8_t enabled;
+        uint8_t temporal;
+        uint8_t absolute_vals;
+        uint8_t update_map;
+        uint8_t prob[7];
+        uint8_t pred_prob[3];
+        struct {
+            uint8_t q_enabled;
+            uint8_t lf_enabled;
+            uint8_t ref_enabled;
+            uint8_t skip_enabled;
+            uint8_t ref_val;
+            int16_t q_val;
+            int8_t lf_val;
+            int16_t qmul[2][2];
+            uint8_t lflvl[4][2];
+        } feat[MAX_SEGMENT];
+    } segmentation;
+    enum TxfmMode txfmmode;
+    enum CompPredMode comppredmode;
+    struct {
+        unsigned log2_tile_cols, log2_tile_rows;
+        unsigned tile_cols, tile_rows;
+    } tiling;
+
+    int uncompressed_header_size;
+    int compressed_header_size;
+} VP9BitstreamHeader;
+
+typedef struct VP9SharedContext {
+    VP9BitstreamHeader h;
+
+    ThreadFrame refs[8];
+#define CUR_FRAME 0
+#define REF_FRAME_MVPAIR 1
+#define REF_FRAME_SEGMAP 2
+    VP9Frame frames[3];
+} VP9SharedContext;
+
+#endif /* AVCODEC_VP9SHARED_H */
diff --git a/media/ffvpx/libavcodec/x86/constants.h b/media/ffvpx/libavcodec/x86/constants.h
index b82aef9a4..bbb0ef844 100644
--- a/media/ffvpx/libavcodec/x86/constants.h
+++ b/media/ffvpx/libavcodec/x86/constants.h
@@ -43,6 +43,7 @@ extern const xmm_reg  ff_pw_64;
 extern const uint64_t ff_pw_96;
 extern const uint64_t ff_pw_128;
 extern const ymm_reg  ff_pw_255;
+extern const ymm_reg  ff_pw_256;
 extern const ymm_reg  ff_pw_512;
 extern const ymm_reg  ff_pw_1023;
 extern const ymm_reg  ff_pw_1024;
diff --git a/media/ffvpx/libavcodec/x86/flacdsp_init.c b/media/ffvpx/libavcodec/x86/flacdsp_init.c
index e28c5c932..1971f81b8 100644
--- a/media/ffvpx/libavcodec/x86/flacdsp_init.c
+++ b/media/ffvpx/libavcodec/x86/flacdsp_init.c
@@ -53,7 +53,7 @@ DECORRELATE_FUNCS(32,  avx);
 av_cold void ff_flacdsp_init_x86(FLACDSPContext *c, enum AVSampleFormat fmt, int channels,
                                  int bps)
 {
-#if HAVE_YASM
+#if HAVE_X86ASM
     int cpu_flags = av_get_cpu_flags();
 
 #if CONFIG_FLAC_DECODER
@@ -111,5 +111,5 @@ av_cold void ff_flacdsp_init_x86(FLACDSPContext *c, enum AVSampleFormat fmt, int
             c->lpc16_encode = ff_flac_enc_lpc_16_sse4;
     }
 #endif
-#endif /* HAVE_YASM */
+#endif /* HAVE_X86ASM */
 }
diff --git a/media/ffvpx/libavcodec/x86/h264_i386.h b/media/ffvpx/libavcodec/x86/h264_i386.h
deleted file mode 100644
index 19cd12838..000000000
--- a/media/ffvpx/libavcodec/x86/h264_i386.h
+++ /dev/null
@@ -1,212 +0,0 @@
-/*
- * H.26L/H.264/AVC/JVT/14496-10/... encoder/decoder
- * Copyright (c) 2003 Michael Niedermayer <michaelni@gmx.at>
- *
- * This file is part of FFmpeg.
- *
- * FFmpeg is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * FFmpeg is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with FFmpeg; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
-
-/**
- * @file
- * H.264 / AVC / MPEG-4 part10 codec.
- * non-MMX i386-specific optimizations for H.264
- * @author Michael Niedermayer <michaelni@gmx.at>
- */
-
-#ifndef AVCODEC_X86_H264_I386_H
-#define AVCODEC_X86_H264_I386_H
-
-#include <stddef.h>
-
-#include "libavcodec/cabac.h"
-#include "cabac.h"
-
-#if HAVE_INLINE_ASM
-
-#if ARCH_X86_64
-#define REG64 "r"
-#else
-#define REG64 "m"
-#endif
-
-//FIXME use some macros to avoid duplicating get_cabac (cannot be done yet
-//as that would make optimization work hard)
-#if HAVE_7REGS && !BROKEN_COMPILER
-#define decode_significance decode_significance_x86
-static int decode_significance_x86(CABACContext *c, int max_coeff,
-                                   uint8_t *significant_coeff_ctx_base,
-                                   int *index, x86_reg last_off){
-    void *end= significant_coeff_ctx_base + max_coeff - 1;
-    int minusstart= -(intptr_t)significant_coeff_ctx_base;
-    int minusindex= 4-(intptr_t)index;
-    int bit;
-    x86_reg coeff_count;
-
-#ifdef BROKEN_RELOCATIONS
-    void *tables;
-
-    __asm__ volatile(
-        "lea   "MANGLE(ff_h264_cabac_tables)", %0      \n\t"
-        : "=&r"(tables)
-        : NAMED_CONSTRAINTS_ARRAY(ff_h264_cabac_tables)
-    );
-#endif
-
-    __asm__ volatile(
-        "3:                                     \n\t"
-
-        BRANCHLESS_GET_CABAC("%4", "%q4", "(%1)", "%3", "%w3",
-                             "%5", "%q5", "%k0", "%b0",
-                             "%c11(%6)", "%c12(%6)",
-                             AV_STRINGIFY(H264_NORM_SHIFT_OFFSET),
-                             AV_STRINGIFY(H264_LPS_RANGE_OFFSET),
-                             AV_STRINGIFY(H264_MLPS_STATE_OFFSET),
-                             "%13")
-
-        "test $1, %4                            \n\t"
-        " jz 4f                                 \n\t"
-        "add  %10, %1                           \n\t"
-
-        BRANCHLESS_GET_CABAC("%4", "%q4", "(%1)", "%3", "%w3",
-                             "%5", "%q5", "%k0", "%b0",
-                             "%c11(%6)", "%c12(%6)",
-                             AV_STRINGIFY(H264_NORM_SHIFT_OFFSET),
-                             AV_STRINGIFY(H264_LPS_RANGE_OFFSET),
-                             AV_STRINGIFY(H264_MLPS_STATE_OFFSET),
-                             "%13")
-
-        "sub  %10, %1                           \n\t"
-        "mov  %2, %0                            \n\t"
-        "movl %7, %%ecx                         \n\t"
-        "add  %1, %%"FF_REG_c"                  \n\t"
-        "movl %%ecx, (%0)                       \n\t"
-
-        "test $1, %4                            \n\t"
-        " jnz 5f                                \n\t"
-
-        "add"FF_OPSIZE"  $4, %2                 \n\t"
-
-        "4:                                     \n\t"
-        "add  $1, %1                            \n\t"
-        "cmp  %8, %1                            \n\t"
-        " jb 3b                                 \n\t"
-        "mov  %2, %0                            \n\t"
-        "movl %7, %%ecx                         \n\t"
-        "add  %1, %%"FF_REG_c"                  \n\t"
-        "movl %%ecx, (%0)                       \n\t"
-        "5:                                     \n\t"
-        "add  %9, %k0                           \n\t"
-        "shr $2, %k0                            \n\t"
-        : "=&q"(coeff_count), "+r"(significant_coeff_ctx_base), "+m"(index),
-          "+&r"(c->low), "=&r"(bit), "+&r"(c->range)
-        : "r"(c), "m"(minusstart), "m"(end), "m"(minusindex), "m"(last_off),
-          "i"(offsetof(CABACContext, bytestream)),
-          "i"(offsetof(CABACContext, bytestream_end))
-          TABLES_ARG
-        : "%"FF_REG_c, "memory"
-    );
-    return coeff_count;
-}
-
-#define decode_significance_8x8 decode_significance_8x8_x86
-static int decode_significance_8x8_x86(CABACContext *c,
-                                       uint8_t *significant_coeff_ctx_base,
-                                       int *index, uint8_t *last_coeff_ctx_base, const uint8_t *sig_off){
-    int minusindex= 4-(intptr_t)index;
-    int bit;
-    x86_reg coeff_count;
-    x86_reg last=0;
-    x86_reg state;
-
-#ifdef BROKEN_RELOCATIONS
-    void *tables;
-
-    __asm__ volatile(
-        "lea    "MANGLE(ff_h264_cabac_tables)", %0      \n\t"
-        : "=&r"(tables)
-        : NAMED_CONSTRAINTS_ARRAY(ff_h264_cabac_tables)
-    );
-#endif
-
-    __asm__ volatile(
-        "mov %1, %6                             \n\t"
-        "3:                                     \n\t"
-
-        "mov %10, %0                            \n\t"
-        "movzb (%0, %6), %6                     \n\t"
-        "add %9, %6                             \n\t"
-
-        BRANCHLESS_GET_CABAC("%4", "%q4", "(%6)", "%3", "%w3",
-                             "%5", "%q5", "%k0", "%b0",
-                             "%c12(%7)", "%c13(%7)",
-                             AV_STRINGIFY(H264_NORM_SHIFT_OFFSET),
-                             AV_STRINGIFY(H264_LPS_RANGE_OFFSET),
-                             AV_STRINGIFY(H264_MLPS_STATE_OFFSET),
-                             "%15")
-
-        "mov %1, %6                             \n\t"
-        "test $1, %4                            \n\t"
-        " jz 4f                                 \n\t"
-
-#ifdef BROKEN_RELOCATIONS
-        "movzb %c14(%15, %q6), %6\n\t"
-#else
-        "movzb "MANGLE(ff_h264_cabac_tables)"+%c14(%6), %6\n\t"
-#endif
-        "add %11, %6                            \n\t"
-
-        BRANCHLESS_GET_CABAC("%4", "%q4", "(%6)", "%3", "%w3",
-                             "%5", "%q5", "%k0", "%b0",
-                             "%c12(%7)", "%c13(%7)",
-                             AV_STRINGIFY(H264_NORM_SHIFT_OFFSET),
-                             AV_STRINGIFY(H264_LPS_RANGE_OFFSET),
-                             AV_STRINGIFY(H264_MLPS_STATE_OFFSET),
-                             "%15")
-
-        "mov %2, %0                             \n\t"
-        "mov %1, %6                             \n\t"
-        "mov %k6, (%0)                          \n\t"
-
-        "test $1, %4                            \n\t"
-        " jnz 5f                                \n\t"
-
-        "add"FF_OPSIZE"  $4, %2                 \n\t"
-
-        "4:                                     \n\t"
-        "add $1, %6                             \n\t"
-        "mov %6, %1                             \n\t"
-        "cmp $63, %6                            \n\t"
-        " jb 3b                                 \n\t"
-        "mov %2, %0                             \n\t"
-        "mov %k6, (%0)                          \n\t"
-        "5:                                     \n\t"
-        "addl %8, %k0                           \n\t"
-        "shr $2, %k0                            \n\t"
-        : "=&q"(coeff_count), "+"REG64(last), "+"REG64(index), "+&r"(c->low),
-          "=&r"(bit), "+&r"(c->range), "=&r"(state)
-        : "r"(c), "m"(minusindex), "m"(significant_coeff_ctx_base),
-          REG64(sig_off), REG64(last_coeff_ctx_base),
-          "i"(offsetof(CABACContext, bytestream)),
-          "i"(offsetof(CABACContext, bytestream_end)),
-          "i"(H264_LAST_COEFF_FLAG_OFFSET_8x8_OFFSET) TABLES_ARG
-        : "%"FF_REG_c, "memory"
-    );
-    return coeff_count;
-}
-#endif /* HAVE_7REGS && BROKEN_COMPILER */
-
-#endif /* HAVE_INLINE_ASM */
-#endif /* AVCODEC_X86_H264_I386_H */
diff --git a/media/ffvpx/libavcodec/x86/h264_intrapred.asm b/media/ffvpx/libavcodec/x86/h264_intrapred.asm
index c88d91b49..f3aa3172f 100644
--- a/media/ffvpx/libavcodec/x86/h264_intrapred.asm
+++ b/media/ffvpx/libavcodec/x86/h264_intrapred.asm
@@ -49,7 +49,7 @@ cextern pw_17
 cextern pw_32
 
 ;-----------------------------------------------------------------------------
-; void ff_pred16x16_vertical_8(uint8_t *src, int stride)
+; void ff_pred16x16_vertical_8(uint8_t *src, ptrdiff_t stride)
 ;-----------------------------------------------------------------------------
 
 INIT_MMX mmx
@@ -85,7 +85,7 @@ cglobal pred16x16_vertical_8, 2,3
     REP_RET
 
 ;-----------------------------------------------------------------------------
-; void ff_pred16x16_horizontal_8(uint8_t *src, int stride)
+; void ff_pred16x16_horizontal_8(uint8_t *src, ptrdiff_t stride)
 ;-----------------------------------------------------------------------------
 
 %macro PRED16x16_H 0
@@ -126,7 +126,7 @@ INIT_XMM ssse3
 PRED16x16_H
 
 ;-----------------------------------------------------------------------------
-; void ff_pred16x16_dc_8(uint8_t *src, int stride)
+; void ff_pred16x16_dc_8(uint8_t *src, ptrdiff_t stride)
 ;-----------------------------------------------------------------------------
 
 %macro PRED16x16_DC 0
@@ -188,7 +188,7 @@ INIT_XMM ssse3
 PRED16x16_DC
 
 ;-----------------------------------------------------------------------------
-; void ff_pred16x16_tm_vp8_8(uint8_t *src, int stride)
+; void ff_pred16x16_tm_vp8_8(uint8_t *src, ptrdiff_t stride)
 ;-----------------------------------------------------------------------------
 
 %macro PRED16x16_TM 0
@@ -268,8 +268,45 @@ cglobal pred16x16_tm_vp8_8, 2,6,6
     jg .loop
     REP_RET
 
+%if HAVE_AVX2_EXTERNAL
+INIT_YMM avx2
+cglobal pred16x16_tm_vp8_8, 2, 4, 5, dst, stride, stride3, iteration
+    sub                       dstq, strideq
+    pmovzxbw                    m0, [dstq]
+    vpbroadcastb               xm1, [r0-1]
+    pmovzxbw                    m1, xm1
+    psubw                       m0, m1
+    mov                 iterationd, 4
+    lea                   stride3q, [strideq*3]
+.loop:
+    vpbroadcastb               xm1, [dstq+strideq*1-1]
+    vpbroadcastb               xm2, [dstq+strideq*2-1]
+    vpbroadcastb               xm3, [dstq+stride3q-1]
+    vpbroadcastb               xm4, [dstq+strideq*4-1]
+    pmovzxbw                    m1, xm1
+    pmovzxbw                    m2, xm2
+    pmovzxbw                    m3, xm3
+    pmovzxbw                    m4, xm4
+    paddw                       m1, m0
+    paddw                       m2, m0
+    paddw                       m3, m0
+    paddw                       m4, m0
+    vpackuswb                   m1, m1, m2
+    vpackuswb                   m3, m3, m4
+    vpermq                      m1, m1, q3120
+    vpermq                      m3, m3, q3120
+    movdqa        [dstq+strideq*1], xm1
+    vextracti128  [dstq+strideq*2], m1, 1
+    movdqa       [dstq+stride3q*1], xm3
+    vextracti128  [dstq+strideq*4], m3, 1
+    lea                       dstq, [dstq+strideq*4]
+    dec                 iterationd
+    jg .loop
+    REP_RET
+%endif
+
 ;-----------------------------------------------------------------------------
-; void ff_pred16x16_plane_*_8(uint8_t *src, int stride)
+; void ff_pred16x16_plane_*_8(uint8_t *src, ptrdiff_t stride)
 ;-----------------------------------------------------------------------------
 
 %macro H264_PRED16x16_PLANE 1
@@ -550,7 +587,7 @@ H264_PRED16x16_PLANE rv40
 H264_PRED16x16_PLANE svq3
 
 ;-----------------------------------------------------------------------------
-; void ff_pred8x8_plane_8(uint8_t *src, int stride)
+; void ff_pred8x8_plane_8(uint8_t *src, ptrdiff_t stride)
 ;-----------------------------------------------------------------------------
 
 %macro H264_PRED8x8_PLANE 0
@@ -724,7 +761,7 @@ INIT_XMM ssse3
 H264_PRED8x8_PLANE
 
 ;-----------------------------------------------------------------------------
-; void ff_pred8x8_vertical_8(uint8_t *src, int stride)
+; void ff_pred8x8_vertical_8(uint8_t *src, ptrdiff_t stride)
 ;-----------------------------------------------------------------------------
 
 INIT_MMX mmx
@@ -741,7 +778,7 @@ cglobal pred8x8_vertical_8, 2,2
     RET
 
 ;-----------------------------------------------------------------------------
-; void ff_pred8x8_horizontal_8(uint8_t *src, int stride)
+; void ff_pred8x8_horizontal_8(uint8_t *src, ptrdiff_t stride)
 ;-----------------------------------------------------------------------------
 
 %macro PRED8x8_H 0
@@ -769,7 +806,7 @@ INIT_MMX ssse3
 PRED8x8_H
 
 ;-----------------------------------------------------------------------------
-; void ff_pred8x8_top_dc_8_mmxext(uint8_t *src, int stride)
+; void ff_pred8x8_top_dc_8_mmxext(uint8_t *src, ptrdiff_t stride)
 ;-----------------------------------------------------------------------------
 INIT_MMX mmxext
 cglobal pred8x8_top_dc_8, 2,5
@@ -803,7 +840,7 @@ cglobal pred8x8_top_dc_8, 2,5
     RET
 
 ;-----------------------------------------------------------------------------
-; void ff_pred8x8_dc_8_mmxext(uint8_t *src, int stride)
+; void ff_pred8x8_dc_8_mmxext(uint8_t *src, ptrdiff_t stride)
 ;-----------------------------------------------------------------------------
 
 INIT_MMX mmxext
@@ -864,7 +901,7 @@ cglobal pred8x8_dc_8, 2,5
     RET
 
 ;-----------------------------------------------------------------------------
-; void ff_pred8x8_dc_rv40_8(uint8_t *src, int stride)
+; void ff_pred8x8_dc_rv40_8(uint8_t *src, ptrdiff_t stride)
 ;-----------------------------------------------------------------------------
 
 INIT_MMX mmxext
@@ -901,7 +938,7 @@ cglobal pred8x8_dc_rv40_8, 2,7
     REP_RET
 
 ;-----------------------------------------------------------------------------
-; void ff_pred8x8_tm_vp8_8(uint8_t *src, int stride)
+; void ff_pred8x8_tm_vp8_8(uint8_t *src, ptrdiff_t stride)
 ;-----------------------------------------------------------------------------
 
 %macro PRED8x8_TM 0
@@ -1014,7 +1051,7 @@ cglobal pred8x8_tm_vp8_8, 2,3,6
 
 ;-----------------------------------------------------------------------------
 ; void ff_pred8x8l_top_dc_8(uint8_t *src, int has_topleft, int has_topright,
-;                           int stride)
+;                           ptrdiff_t stride)
 ;-----------------------------------------------------------------------------
 %macro PRED8x8L_TOP_DC 0
 cglobal pred8x8l_top_dc_8, 4,4
@@ -1070,7 +1107,7 @@ PRED8x8L_TOP_DC
 
 ;-----------------------------------------------------------------------------
 ; void ff_pred8x8l_dc_8(uint8_t *src, int has_topleft, int has_topright,
-;                       int stride)
+;                       ptrdiff_t stride)
 ;-----------------------------------------------------------------------------
 
 %macro PRED8x8L_DC 0
@@ -1174,7 +1211,7 @@ PRED8x8L_DC
 
 ;-----------------------------------------------------------------------------
 ; void ff_pred8x8l_horizontal_8(uint8_t *src, int has_topleft,
-;                               int has_topright, int stride)
+;                               int has_topright, ptrdiff_t stride)
 ;-----------------------------------------------------------------------------
 
 %macro PRED8x8L_HORIZONTAL 0
@@ -1246,7 +1283,7 @@ PRED8x8L_HORIZONTAL
 
 ;-----------------------------------------------------------------------------
 ; void ff_pred8x8l_vertical_8(uint8_t *src, int has_topleft, int has_topright,
-;                             int stride)
+;                             ptrdiff_t stride)
 ;-----------------------------------------------------------------------------
 
 %macro PRED8x8L_VERTICAL 0
@@ -1297,7 +1334,7 @@ PRED8x8L_VERTICAL
 
 ;-----------------------------------------------------------------------------
 ; void ff_pred8x8l_down_left_8(uint8_t *src, int has_topleft,
-;                              int has_topright, int stride)
+;                              int has_topright, ptrdiff_t stride)
 ;-----------------------------------------------------------------------------
 
 INIT_MMX mmxext
@@ -1498,7 +1535,7 @@ PRED8x8L_DOWN_LEFT
 
 ;-----------------------------------------------------------------------------
 ; void ff_pred8x8l_down_right_8_mmxext(uint8_t *src, int has_topleft,
-;                                      int has_topright, int stride)
+;                                      int has_topright, ptrdiff_t stride)
 ;-----------------------------------------------------------------------------
 
 INIT_MMX mmxext
@@ -1750,7 +1787,7 @@ PRED8x8L_DOWN_RIGHT
 
 ;-----------------------------------------------------------------------------
 ; void ff_pred8x8l_vertical_right_8(uint8_t *src, int has_topleft,
-;                                   int has_topright, int stride)
+;                                   int has_topright, ptrdiff_t stride)
 ;-----------------------------------------------------------------------------
 
 INIT_MMX mmxext
@@ -1978,7 +2015,7 @@ PRED8x8L_VERTICAL_RIGHT
 
 ;-----------------------------------------------------------------------------
 ; void ff_pred8x8l_vertical_left_8(uint8_t *src, int has_topleft,
-;                                  int has_topright, int stride)
+;                                  int has_topright, ptrdiff_t stride)
 ;-----------------------------------------------------------------------------
 
 %macro PRED8x8L_VERTICAL_LEFT 0
@@ -2068,7 +2105,7 @@ PRED8x8L_VERTICAL_LEFT
 
 ;-----------------------------------------------------------------------------
 ; void ff_pred8x8l_horizontal_up_8(uint8_t *src, int has_topleft,
-;                                  int has_topright, int stride)
+;                                  int has_topright, ptrdiff_t stride)
 ;-----------------------------------------------------------------------------
 
 %macro PRED8x8L_HORIZONTAL_UP 0
@@ -2156,7 +2193,7 @@ PRED8x8L_HORIZONTAL_UP
 
 ;-----------------------------------------------------------------------------
 ; void ff_pred8x8l_horizontal_down_8(uint8_t *src, int has_topleft,
-;                                    int has_topright, int stride)
+;                                    int has_topright, ptrdiff_t stride)
 ;-----------------------------------------------------------------------------
 
 INIT_MMX mmxext
@@ -2404,7 +2441,8 @@ INIT_MMX ssse3
 PRED8x8L_HORIZONTAL_DOWN
 
 ;-------------------------------------------------------------------------------
-; void ff_pred4x4_dc_8_mmxext(uint8_t *src, const uint8_t *topright, int stride)
+; void ff_pred4x4_dc_8_mmxext(uint8_t *src, const uint8_t *topright,
+;                             ptrdiff_t stride)
 ;-------------------------------------------------------------------------------
 
 INIT_MMX mmxext
@@ -2435,7 +2473,7 @@ cglobal pred4x4_dc_8, 3,5
 
 ;-----------------------------------------------------------------------------
 ; void ff_pred4x4_tm_vp8_8_mmxext(uint8_t *src, const uint8_t *topright,
-;                                 int stride)
+;                                 ptrdiff_t stride)
 ;-----------------------------------------------------------------------------
 
 %macro PRED4x4_TM 0
@@ -2514,7 +2552,7 @@ cglobal pred4x4_tm_vp8_8, 3,3
 
 ;-----------------------------------------------------------------------------
 ; void ff_pred4x4_vertical_vp8_8_mmxext(uint8_t *src, const uint8_t *topright,
-;                                       int stride)
+;                                       ptrdiff_t stride)
 ;-----------------------------------------------------------------------------
 
 INIT_MMX mmxext
@@ -2535,7 +2573,7 @@ cglobal pred4x4_vertical_vp8_8, 3,3
 
 ;-----------------------------------------------------------------------------
 ; void ff_pred4x4_down_left_8_mmxext(uint8_t *src, const uint8_t *topright,
-;                                    int stride)
+;                                    ptrdiff_t stride)
 ;-----------------------------------------------------------------------------
 INIT_MMX mmxext
 cglobal pred4x4_down_left_8, 3,3
@@ -2562,7 +2600,7 @@ cglobal pred4x4_down_left_8, 3,3
 
 ;------------------------------------------------------------------------------
 ; void ff_pred4x4_vertical_left_8_mmxext(uint8_t *src, const uint8_t *topright,
-;                                        int stride)
+;                                        ptrdiff_t stride)
 ;------------------------------------------------------------------------------
 
 INIT_MMX mmxext
@@ -2588,7 +2626,7 @@ cglobal pred4x4_vertical_left_8, 3,3
 
 ;------------------------------------------------------------------------------
 ; void ff_pred4x4_horizontal_up_8_mmxext(uint8_t *src, const uint8_t *topright,
-;                                        int stride)
+;                                        ptrdiff_t stride)
 ;------------------------------------------------------------------------------
 
 INIT_MMX mmxext
@@ -2622,7 +2660,8 @@ cglobal pred4x4_horizontal_up_8, 3,3
 
 ;------------------------------------------------------------------------------
 ; void ff_pred4x4_horizontal_down_8_mmxext(uint8_t *src,
-;                                          const uint8_t *topright, int stride)
+;                                          const uint8_t *topright,
+;                                          ptrdiff_t stride)
 ;------------------------------------------------------------------------------
 
 INIT_MMX mmxext
@@ -2658,7 +2697,8 @@ cglobal pred4x4_horizontal_down_8, 3,3
 
 ;-----------------------------------------------------------------------------
 ; void ff_pred4x4_vertical_right_8_mmxext(uint8_t *src,
-;                                         const uint8_t *topright, int stride)
+;                                         const uint8_t *topright,
+;                                         ptrdiff_t stride)
 ;-----------------------------------------------------------------------------
 
 INIT_MMX mmxext
@@ -2689,7 +2729,7 @@ cglobal pred4x4_vertical_right_8, 3,3
 
 ;-----------------------------------------------------------------------------
 ; void ff_pred4x4_down_right_8_mmxext(uint8_t *src, const uint8_t *topright,
-;                                     int stride)
+;                                     ptrdiff_t stride)
 ;-----------------------------------------------------------------------------
 
 INIT_MMX mmxext
diff --git a/media/ffvpx/libavcodec/x86/h264_intrapred_10bit.asm b/media/ffvpx/libavcodec/x86/h264_intrapred_10bit.asm
index 9e40cfe24..629e0a72e 100644
--- a/media/ffvpx/libavcodec/x86/h264_intrapred_10bit.asm
+++ b/media/ffvpx/libavcodec/x86/h264_intrapred_10bit.asm
@@ -51,7 +51,8 @@ SECTION .text
 %endmacro
 
 ;-----------------------------------------------------------------------------
-; void ff_pred4x4_down_right(pixel *src, const pixel *topright, int stride)
+; void ff_pred4x4_down_right_10(pixel *src, const pixel *topright,
+;                               ptrdiff_t stride)
 ;-----------------------------------------------------------------------------
 %macro PRED4x4_DR 0
 cglobal pred4x4_down_right_10, 3, 3
@@ -89,7 +90,8 @@ PRED4x4_DR
 %endif
 
 ;------------------------------------------------------------------------------
-; void ff_pred4x4_vertical_right(pixel *src, const pixel *topright, int stride)
+; void ff_pred4x4_vertical_right_10(pixel *src, const pixel *topright,
+;                                   ptrdiff_t stride)
 ;------------------------------------------------------------------------------
 %macro PRED4x4_VR 0
 cglobal pred4x4_vertical_right_10, 3, 3, 6
@@ -128,7 +130,8 @@ PRED4x4_VR
 %endif
 
 ;-------------------------------------------------------------------------------
-; void ff_pred4x4_horizontal_down(pixel *src, const pixel *topright, int stride)
+; void ff_pred4x4_horizontal_down_10(pixel *src, const pixel *topright,
+;                                    ptrdiff_t stride)
 ;-------------------------------------------------------------------------------
 %macro PRED4x4_HD 0
 cglobal pred4x4_horizontal_down_10, 3, 3
@@ -170,7 +173,7 @@ PRED4x4_HD
 %endif
 
 ;-----------------------------------------------------------------------------
-; void ff_pred4x4_dc(pixel *src, const pixel *topright, int stride)
+; void ff_pred4x4_dc_10(pixel *src, const pixel *topright, ptrdiff_t stride)
 ;-----------------------------------------------------------------------------
 
 INIT_MMX mmxext
@@ -195,7 +198,8 @@ cglobal pred4x4_dc_10, 3, 3
     RET
 
 ;-----------------------------------------------------------------------------
-; void ff_pred4x4_down_left(pixel *src, const pixel *topright, int stride)
+; void ff_pred4x4_down_left_10(pixel *src, const pixel *topright,
+;                              ptrdiff_t stride)
 ;-----------------------------------------------------------------------------
 %macro PRED4x4_DL 0
 cglobal pred4x4_down_left_10, 3, 3
@@ -225,7 +229,8 @@ PRED4x4_DL
 %endif
 
 ;-----------------------------------------------------------------------------
-; void ff_pred4x4_vertical_left(pixel *src, const pixel *topright, int stride)
+; void ff_pred4x4_vertical_left_10(pixel *src, const pixel *topright,
+;                                  ptrdiff_t stride)
 ;-----------------------------------------------------------------------------
 %macro PRED4x4_VL 0
 cglobal pred4x4_vertical_left_10, 3, 3
@@ -254,7 +259,8 @@ PRED4x4_VL
 %endif
 
 ;-----------------------------------------------------------------------------
-; void ff_pred4x4_horizontal_up(pixel *src, const pixel *topright, int stride)
+; void ff_pred4x4_horizontal_up_10(pixel *src, const pixel *topright,
+;                                  ptrdiff_t stride)
 ;-----------------------------------------------------------------------------
 INIT_MMX mmxext
 cglobal pred4x4_horizontal_up_10, 3, 3
@@ -288,7 +294,7 @@ cglobal pred4x4_horizontal_up_10, 3, 3
 
 
 ;-----------------------------------------------------------------------------
-; void ff_pred8x8_vertical(pixel *src, int stride)
+; void ff_pred8x8_vertical_10(pixel *src, ptrdiff_t stride)
 ;-----------------------------------------------------------------------------
 INIT_XMM sse2
 cglobal pred8x8_vertical_10, 2, 2
@@ -304,7 +310,7 @@ cglobal pred8x8_vertical_10, 2, 2
     RET
 
 ;-----------------------------------------------------------------------------
-; void ff_pred8x8_horizontal(pixel *src, int stride)
+; void ff_pred8x8_horizontal_10(pixel *src, ptrdiff_t stride)
 ;-----------------------------------------------------------------------------
 INIT_XMM sse2
 cglobal pred8x8_horizontal_10, 2, 3
@@ -324,7 +330,7 @@ cglobal pred8x8_horizontal_10, 2, 3
     REP_RET
 
 ;-----------------------------------------------------------------------------
-; void ff_predict_8x8_dc(pixel *src, int stride)
+; void ff_predict_8x8_dc_10(pixel *src, ptrdiff_t stride)
 ;-----------------------------------------------------------------------------
 %macro MOV8 2-3
 ; sort of a hack, but it works
@@ -411,7 +417,7 @@ INIT_XMM sse2
 PRED8x8_DC pshuflw
 
 ;-----------------------------------------------------------------------------
-; void ff_pred8x8_top_dc(pixel *src, int stride)
+; void ff_pred8x8_top_dc_10(pixel *src, ptrdiff_t stride)
 ;-----------------------------------------------------------------------------
 INIT_XMM sse2
 cglobal pred8x8_top_dc_10, 2, 4
@@ -438,7 +444,7 @@ cglobal pred8x8_top_dc_10, 2, 4
     RET
 
 ;-----------------------------------------------------------------------------
-; void ff_pred8x8_plane(pixel *src, int stride)
+; void ff_pred8x8_plane_10(pixel *src, ptrdiff_t stride)
 ;-----------------------------------------------------------------------------
 INIT_XMM sse2
 cglobal pred8x8_plane_10, 2, 7, 7
@@ -501,8 +507,8 @@ cglobal pred8x8_plane_10, 2, 7, 7
 
 
 ;-----------------------------------------------------------------------------
-; void ff_pred8x8l_128_dc(pixel *src, int has_topleft, int has_topright,
-;                         int stride)
+; void ff_pred8x8l_128_dc_10(pixel *src, int has_topleft, int has_topright,
+;                            ptrdiff_t stride)
 ;-----------------------------------------------------------------------------
 %macro PRED8x8L_128_DC 0
 cglobal pred8x8l_128_dc_10, 4, 4
@@ -526,8 +532,8 @@ INIT_XMM sse2
 PRED8x8L_128_DC
 
 ;-----------------------------------------------------------------------------
-; void ff_pred8x8l_top_dc(pixel *src, int has_topleft, int has_topright,
-;                         int stride)
+; void ff_pred8x8l_top_dc_10(pixel *src, int has_topleft, int has_topright,
+;                            ptrdiff_t stride)
 ;-----------------------------------------------------------------------------
 %macro PRED8x8L_TOP_DC 0
 cglobal pred8x8l_top_dc_10, 4, 4, 6
@@ -566,7 +572,8 @@ PRED8x8L_TOP_DC
 %endif
 
 ;-------------------------------------------------------------------------------
-; void ff_pred8x8l_dc(pixel *src, int has_topleft, int has_topright, int stride)
+; void ff_pred8x8l_dc_10(pixel *src, int has_topleft, int has_topright,
+;                        ptrdiff_t stride)
 ;-------------------------------------------------------------------------------
 ;TODO: see if scalar is faster
 %macro PRED8x8L_DC 0
@@ -625,8 +632,8 @@ PRED8x8L_DC
 %endif
 
 ;-----------------------------------------------------------------------------
-; void ff_pred8x8l_vertical(pixel *src, int has_topleft, int has_topright,
-;                           int stride)
+; void ff_pred8x8l_vertical_10(pixel *src, int has_topleft, int has_topright,
+;                              ptrdiff_t stride)
 ;-----------------------------------------------------------------------------
 %macro PRED8x8L_VERTICAL 0
 cglobal pred8x8l_vertical_10, 4, 4, 6
@@ -661,8 +668,8 @@ PRED8x8L_VERTICAL
 %endif
 
 ;-----------------------------------------------------------------------------
-; void ff_pred8x8l_horizontal(uint8_t *src, int has_topleft, int has_topright,
-;                             int stride)
+; void ff_pred8x8l_horizontal_10(uint8_t *src, int has_topleft,
+;                                int has_topright, ptrdiff_t stride)
 ;-----------------------------------------------------------------------------
 %macro PRED8x8L_HORIZONTAL 0
 cglobal pred8x8l_horizontal_10, 4, 4, 5
@@ -718,8 +725,8 @@ PRED8x8L_HORIZONTAL
 %endif
 
 ;-----------------------------------------------------------------------------
-; void ff_pred8x8l_down_left(pixel *src, int has_topleft, int has_topright,
-;                            int stride)
+; void ff_pred8x8l_down_left_10(pixel *src, int has_topleft, int has_topright,
+;                               ptrdiff_t stride)
 ;-----------------------------------------------------------------------------
 %macro PRED8x8L_DOWN_LEFT 0
 cglobal pred8x8l_down_left_10, 4, 4, 7
@@ -787,8 +794,8 @@ PRED8x8L_DOWN_LEFT
 %endif
 
 ;-----------------------------------------------------------------------------
-; void ff_pred8x8l_down_right(pixel *src, int has_topleft, int has_topright,
-;                             int stride)
+; void ff_pred8x8l_down_right_10(pixel *src, int has_topleft,
+;                                int has_topright, ptrdiff_t stride)
 ;-----------------------------------------------------------------------------
 %macro PRED8x8L_DOWN_RIGHT 0
 ; standard forbids this when has_topleft is false
@@ -862,8 +869,8 @@ PRED8x8L_DOWN_RIGHT
 %endif
 
 ;-----------------------------------------------------------------------------
-; void ff_pred8x8l_vertical_right(pixel *src, int has_topleft,
-;                                 int has_topright, int stride)
+; void ff_pred8x8l_vertical_right_10(pixel *src, int has_topleft,
+;                                    int has_topright, ptrdiff_t stride)
 ;-----------------------------------------------------------------------------
 %macro PRED8x8L_VERTICAL_RIGHT 0
 ; likewise with 8x8l_down_right
@@ -933,8 +940,8 @@ PRED8x8L_VERTICAL_RIGHT
 %endif
 
 ;-----------------------------------------------------------------------------
-; void ff_pred8x8l_horizontal_up(pixel *src, int has_topleft,
-;                                int has_topright, int stride)
+; void ff_pred8x8l_horizontal_up_10(pixel *src, int has_topleft,
+;                                   int has_topright, ptrdiff_t stride)
 ;-----------------------------------------------------------------------------
 %macro PRED8x8L_HORIZONTAL_UP 0
 cglobal pred8x8l_horizontal_up_10, 4, 4, 6
@@ -996,7 +1003,7 @@ PRED8x8L_HORIZONTAL_UP
 
 
 ;-----------------------------------------------------------------------------
-; void ff_pred16x16_vertical(pixel *src, int stride)
+; void ff_pred16x16_vertical_10(pixel *src, ptrdiff_t stride)
 ;-----------------------------------------------------------------------------
 %macro MOV16 3-5
     mova [%1+     0], %2
@@ -1032,7 +1039,7 @@ INIT_XMM sse2
 PRED16x16_VERTICAL
 
 ;-----------------------------------------------------------------------------
-; void ff_pred16x16_horizontal(pixel *src, int stride)
+; void ff_pred16x16_horizontal_10(pixel *src, ptrdiff_t stride)
 ;-----------------------------------------------------------------------------
 %macro PRED16x16_HORIZONTAL 0
 cglobal pred16x16_horizontal_10, 2, 3
@@ -1056,7 +1063,7 @@ INIT_XMM sse2
 PRED16x16_HORIZONTAL
 
 ;-----------------------------------------------------------------------------
-; void ff_pred16x16_dc(pixel *src, int stride)
+; void ff_pred16x16_dc_10(pixel *src, ptrdiff_t stride)
 ;-----------------------------------------------------------------------------
 %macro PRED16x16_DC 0
 cglobal pred16x16_dc_10, 2, 6
@@ -1102,7 +1109,7 @@ INIT_XMM sse2
 PRED16x16_DC
 
 ;-----------------------------------------------------------------------------
-; void ff_pred16x16_top_dc(pixel *src, int stride)
+; void ff_pred16x16_top_dc_10(pixel *src, ptrdiff_t stride)
 ;-----------------------------------------------------------------------------
 %macro PRED16x16_TOP_DC 0
 cglobal pred16x16_top_dc_10, 2, 3
@@ -1134,7 +1141,7 @@ INIT_XMM sse2
 PRED16x16_TOP_DC
 
 ;-----------------------------------------------------------------------------
-; void ff_pred16x16_left_dc(pixel *src, int stride)
+; void ff_pred16x16_left_dc_10(pixel *src, ptrdiff_t stride)
 ;-----------------------------------------------------------------------------
 %macro PRED16x16_LEFT_DC 0
 cglobal pred16x16_left_dc_10, 2, 6
@@ -1171,7 +1178,7 @@ INIT_XMM sse2
 PRED16x16_LEFT_DC
 
 ;-----------------------------------------------------------------------------
-; void ff_pred16x16_128_dc(pixel *src, int stride)
+; void ff_pred16x16_128_dc_10(pixel *src, ptrdiff_t stride)
 ;-----------------------------------------------------------------------------
 %macro PRED16x16_128_DC 0
 cglobal pred16x16_128_dc_10, 2,3
diff --git a/media/ffvpx/libavcodec/x86/h264_intrapred_init.c b/media/ffvpx/libavcodec/x86/h264_intrapred_init.c
index 528b92e49..bdd5125d6 100644
--- a/media/ffvpx/libavcodec/x86/h264_intrapred_init.c
+++ b/media/ffvpx/libavcodec/x86/h264_intrapred_init.c
@@ -127,6 +127,7 @@ PRED16x16(plane_svq3, 8, ssse3)
 PRED16x16(tm_vp8, 8, mmx)
 PRED16x16(tm_vp8, 8, mmxext)
 PRED16x16(tm_vp8, 8, sse2)
+PRED16x16(tm_vp8, 8, avx2)
 
 PRED8x8(top_dc, 8, mmxext)
 PRED8x8(dc_rv40, 8, mmxext)
@@ -323,6 +324,12 @@ av_cold void ff_h264_pred_init_x86(H264PredContext *h, int codec_id,
                 }
             }
         }
+
+        if(EXTERNAL_AVX2(cpu_flags)){
+            if (codec_id == AV_CODEC_ID_VP8) {
+                h->pred16x16[PLANE_PRED8x8    ] = ff_pred16x16_tm_vp8_8_avx2;
+            }
+        }
     } else if (bit_depth == 10) {
         if (EXTERNAL_MMXEXT(cpu_flags)) {
             h->pred4x4[DC_PRED             ] = ff_pred4x4_dc_10_mmxext;
diff --git a/media/ffvpx/libavcodec/x86/videodsp.asm b/media/ffvpx/libavcodec/x86/videodsp.asm
index a807d3b88..e23786070 100644
--- a/media/ffvpx/libavcodec/x86/videodsp.asm
+++ b/media/ffvpx/libavcodec/x86/videodsp.asm
@@ -114,7 +114,7 @@ cglobal emu_edge_hvar, 5, 6, 1, dst, dst_stride, start_x, n_words, h, w
 .x_loop:                                        ;   do {
     movu    [dstq+wq*2], m0                     ;     write($reg, $mmsize)
     add              wq, mmsize/2               ;     w -= $mmsize/2
-    cmp              wq, -mmsize/2              ;   } while (w > $mmsize/2)
+    cmp              wq, -(mmsize/2)            ;   } while (w > $mmsize/2)
     jl .x_loop
     movu  [dstq-mmsize], m0                     ;   write($reg, $mmsize)
     add            dstq, dst_strideq            ;   dst += dst_stride
diff --git a/media/ffvpx/libavcodec/x86/videodsp_init.c b/media/ffvpx/libavcodec/x86/videodsp_init.c
index 26e072bb1..eeebb4154 100644
--- a/media/ffvpx/libavcodec/x86/videodsp_init.c
+++ b/media/ffvpx/libavcodec/x86/videodsp_init.c
@@ -29,7 +29,7 @@
 #include "libavutil/x86/cpu.h"
 #include "libavcodec/videodsp.h"
 
-#if HAVE_YASM
+#if HAVE_X86ASM
 typedef void emu_edge_vfix_func(uint8_t *dst, x86_reg dst_stride,
                                 const uint8_t *src, x86_reg src_stride,
                                 x86_reg start_y, x86_reg end_y, x86_reg bh);
@@ -271,14 +271,14 @@ static av_noinline void emulated_edge_mc_avx2(uint8_t *buf, const uint8_t *src,
                      hfixtbl_avx2, &ff_emu_edge_hvar_avx2);
 }
 #endif /* HAVE_AVX2_EXTERNAL */
-#endif /* HAVE_YASM */
+#endif /* HAVE_X86ASM */
 
 void ff_prefetch_mmxext(uint8_t *buf, ptrdiff_t stride, int h);
 void ff_prefetch_3dnow(uint8_t *buf, ptrdiff_t stride, int h);
 
 av_cold void ff_videodsp_init_x86(VideoDSPContext *ctx, int bpc)
 {
-#if HAVE_YASM
+#if HAVE_X86ASM
     int cpu_flags = av_get_cpu_flags();
 
 #if ARCH_X86_32
@@ -305,5 +305,5 @@ av_cold void ff_videodsp_init_x86(VideoDSPContext *ctx, int bpc)
         ctx->emulated_edge_mc = emulated_edge_mc_avx2;
     }
 #endif
-#endif /* HAVE_YASM */
+#endif /* HAVE_X86ASM */
 }
diff --git a/media/ffvpx/libavcodec/x86/vp8dsp.asm b/media/ffvpx/libavcodec/x86/vp8dsp.asm
index 538b3f4a9..e303b8029 100644
--- a/media/ffvpx/libavcodec/x86/vp8dsp.asm
+++ b/media/ffvpx/libavcodec/x86/vp8dsp.asm
@@ -156,8 +156,8 @@ SECTION .text
 ;-------------------------------------------------------------------------------
 ; subpel MC functions:
 ;
-; void ff_put_vp8_epel<size>_h<htap>v<vtap>_<opt>(uint8_t *dst, int deststride,
-;                                                 uint8_t *src, int srcstride,
+; void ff_put_vp8_epel<size>_h<htap>v<vtap>_<opt>(uint8_t *dst, ptrdiff_t deststride,
+;                                                 uint8_t *src, ptrdiff_t srcstride,
 ;                                                 int height,   int mx, int my);
 ;-------------------------------------------------------------------------------
 
@@ -884,7 +884,7 @@ cglobal put_vp8_pixels16, 5, 5, 2, dst, dststride, src, srcstride, height
     REP_RET
 
 ;-----------------------------------------------------------------------------
-; void ff_vp8_idct_dc_add_<opt>(uint8_t *dst, int16_t block[16], int stride);
+; void ff_vp8_idct_dc_add_<opt>(uint8_t *dst, int16_t block[16], ptrdiff_t stride);
 ;-----------------------------------------------------------------------------
 
 %macro ADD_DC 4
@@ -906,6 +906,7 @@ cglobal put_vp8_pixels16, 5, 5, 2, dst, dststride, src, srcstride, height
     %4 [dst2q+strideq+%3], m5
 %endmacro
 
+%if ARCH_X86_32
 INIT_MMX mmx
 cglobal vp8_idct_dc_add, 3, 3, 0, dst, block, stride
     ; load data
@@ -929,8 +930,9 @@ cglobal vp8_idct_dc_add, 3, 3, 0, dst, block, stride
     lea     dst2q, [dst1q+strideq*2]
     ADD_DC     m0, m1, 0, movh
     RET
+%endif
 
-INIT_XMM sse4
+%macro VP8_IDCT_DC_ADD 0
 cglobal vp8_idct_dc_add, 3, 3, 6, dst, block, stride
     ; load data
     movd       m0, [blockq]
@@ -956,13 +958,28 @@ cglobal vp8_idct_dc_add, 3, 3, 6, dst, block, stride
     paddw      m4, m0
     packuswb   m2, m4
     movd   [dst1q], m2
+%if cpuflag(sse4)
     pextrd [dst1q+strideq], m2, 1
     pextrd [dst2q], m2, 2
     pextrd [dst2q+strideq], m2, 3
+%else
+    psrldq     m2, 4
+    movd [dst1q+strideq], m2
+    psrldq     m2, 4
+    movd [dst2q], m2
+    psrldq     m2, 4
+    movd [dst2q+strideq], m2
+%endif
     RET
+%endmacro
+
+INIT_XMM sse2
+VP8_IDCT_DC_ADD
+INIT_XMM sse4
+VP8_IDCT_DC_ADD
 
 ;-----------------------------------------------------------------------------
-; void ff_vp8_idct_dc_add4y_<opt>(uint8_t *dst, int16_t block[4][16], int stride);
+; void ff_vp8_idct_dc_add4y_<opt>(uint8_t *dst, int16_t block[4][16], ptrdiff_t stride);
 ;-----------------------------------------------------------------------------
 
 %if ARCH_X86_32
@@ -1035,7 +1052,7 @@ cglobal vp8_idct_dc_add4y, 3, 3, 6, dst, block, stride
     RET
 
 ;-----------------------------------------------------------------------------
-; void ff_vp8_idct_dc_add4uv_<opt>(uint8_t *dst, int16_t block[4][16], int stride);
+; void ff_vp8_idct_dc_add4uv_<opt>(uint8_t *dst, int16_t block[4][16], ptrdiff_t stride);
 ;-----------------------------------------------------------------------------
 
 INIT_MMX mmx
@@ -1077,7 +1094,7 @@ cglobal vp8_idct_dc_add4uv, 3, 3, 0, dst, block, stride
     RET
 
 ;-----------------------------------------------------------------------------
-; void ff_vp8_idct_add_<opt>(uint8_t *dst, int16_t block[16], int stride);
+; void ff_vp8_idct_add_<opt>(uint8_t *dst, int16_t block[16], ptrdiff_t stride);
 ;-----------------------------------------------------------------------------
 
 ; calculate %1=mul_35468(%1)-mul_20091(%2); %2=mul_20091(%1)+mul_35468(%2)
diff --git a/media/ffvpx/libavcodec/x86/vp8dsp_init.c b/media/ffvpx/libavcodec/x86/vp8dsp_init.c
index 897d5a0e7..397b2518c 100644
--- a/media/ffvpx/libavcodec/x86/vp8dsp_init.c
+++ b/media/ffvpx/libavcodec/x86/vp8dsp_init.c
@@ -26,7 +26,7 @@
 #include "libavutil/x86/cpu.h"
 #include "libavcodec/vp8dsp.h"
 
-#if HAVE_YASM
+#if HAVE_X86ASM
 
 /*
  * MC functions
@@ -233,6 +233,8 @@ HVBILIN(ssse3, 8, 16, 16)
 
 void ff_vp8_idct_dc_add_mmx(uint8_t *dst, int16_t block[16],
                             ptrdiff_t stride);
+void ff_vp8_idct_dc_add_sse2(uint8_t *dst, int16_t block[16],
+                             ptrdiff_t stride);
 void ff_vp8_idct_dc_add_sse4(uint8_t *dst, int16_t block[16],
                              ptrdiff_t stride);
 void ff_vp8_idct_dc_add4y_mmx(uint8_t *dst, int16_t block[4][16],
@@ -288,7 +290,7 @@ DECLARE_LOOP_FILTER(sse2)
 DECLARE_LOOP_FILTER(ssse3)
 DECLARE_LOOP_FILTER(sse4)
 
-#endif /* HAVE_YASM */
+#endif /* HAVE_X86ASM */
 
 #define VP8_LUMA_MC_FUNC(IDX, SIZE, OPT) \
     c->put_vp8_epel_pixels_tab[IDX][0][2] = ff_put_vp8_epel ## SIZE ## _h6_ ## OPT; \
@@ -316,7 +318,7 @@ DECLARE_LOOP_FILTER(sse4)
 
 av_cold void ff_vp78dsp_init_x86(VP8DSPContext *c)
 {
-#if HAVE_YASM
+#if HAVE_X86ASM
     int cpu_flags = av_get_cpu_flags();
 
     if (EXTERNAL_MMX(cpu_flags)) {
@@ -346,7 +348,7 @@ av_cold void ff_vp78dsp_init_x86(VP8DSPContext *c)
         c->put_vp8_bilinear_pixels_tab[0][0][0] = ff_put_vp8_pixels16_sse;
     }
 
-    if (HAVE_SSE2_EXTERNAL && cpu_flags & (AV_CPU_FLAG_SSE2 | AV_CPU_FLAG_SSE2SLOW)) {
+    if (EXTERNAL_SSE2(cpu_flags) || EXTERNAL_SSE2_SLOW(cpu_flags)) {
         VP8_LUMA_MC_FUNC(0, 16, sse2);
         VP8_MC_FUNC(1, 8, sse2);
         VP8_BILINEAR_MC_FUNC(0, 16, sse2);
@@ -361,18 +363,18 @@ av_cold void ff_vp78dsp_init_x86(VP8DSPContext *c)
         VP8_BILINEAR_MC_FUNC(1, 8, ssse3);
         VP8_BILINEAR_MC_FUNC(2, 4, ssse3);
     }
-#endif /* HAVE_YASM */
+#endif /* HAVE_X86ASM */
 }
 
 av_cold void ff_vp8dsp_init_x86(VP8DSPContext *c)
 {
-#if HAVE_YASM
+#if HAVE_X86ASM
     int cpu_flags = av_get_cpu_flags();
 
     if (EXTERNAL_MMX(cpu_flags)) {
-        c->vp8_idct_dc_add    = ff_vp8_idct_dc_add_mmx;
         c->vp8_idct_dc_add4uv = ff_vp8_idct_dc_add4uv_mmx;
 #if ARCH_X86_32
+        c->vp8_idct_dc_add    = ff_vp8_idct_dc_add_mmx;
         c->vp8_idct_dc_add4y  = ff_vp8_idct_dc_add4y_mmx;
         c->vp8_idct_add       = ff_vp8_idct_add_mmx;
         c->vp8_luma_dc_wht    = ff_vp8_luma_dc_wht_mmx;
@@ -416,7 +418,7 @@ av_cold void ff_vp8dsp_init_x86(VP8DSPContext *c)
         c->vp8_luma_dc_wht                      = ff_vp8_luma_dc_wht_sse;
     }
 
-    if (HAVE_SSE2_EXTERNAL && cpu_flags & (AV_CPU_FLAG_SSE2 | AV_CPU_FLAG_SSE2SLOW)) {
+    if (EXTERNAL_SSE2(cpu_flags) || EXTERNAL_SSE2_SLOW(cpu_flags)) {
         c->vp8_v_loop_filter_simple = ff_vp8_v_loop_filter_simple_sse2;
 
         c->vp8_v_loop_filter16y_inner = ff_vp8_v_loop_filter16y_inner_sse2;
@@ -427,6 +429,7 @@ av_cold void ff_vp8dsp_init_x86(VP8DSPContext *c)
     }
 
     if (EXTERNAL_SSE2(cpu_flags)) {
+        c->vp8_idct_dc_add            = ff_vp8_idct_dc_add_sse2;
         c->vp8_idct_dc_add4y          = ff_vp8_idct_dc_add4y_sse2;
 
         c->vp8_h_loop_filter_simple   = ff_vp8_h_loop_filter_simple_sse2;
@@ -460,5 +463,5 @@ av_cold void ff_vp8dsp_init_x86(VP8DSPContext *c)
         c->vp8_h_loop_filter16y       = ff_vp8_h_loop_filter16y_mbedge_sse4;
         c->vp8_h_loop_filter8uv       = ff_vp8_h_loop_filter8uv_mbedge_sse4;
     }
-#endif /* HAVE_YASM */
+#endif /* HAVE_X86ASM */
 }
diff --git a/media/ffvpx/libavcodec/x86/vp8dsp_loopfilter.asm b/media/ffvpx/libavcodec/x86/vp8dsp_loopfilter.asm
index 98bb6696a..caeb40526 100644
--- a/media/ffvpx/libavcodec/x86/vp8dsp_loopfilter.asm
+++ b/media/ffvpx/libavcodec/x86/vp8dsp_loopfilter.asm
@@ -43,7 +43,7 @@ cextern pb_80
 SECTION .text
 
 ;-----------------------------------------------------------------------------
-; void ff_vp8_h/v_loop_filter_simple_<opt>(uint8_t *dst, int stride, int flim);
+; void ff_vp8_h/v_loop_filter_simple_<opt>(uint8_t *dst, ptrdiff_t stride, int flim);
 ;-----------------------------------------------------------------------------
 
 ; macro called with 7 mm register indexes as argument, and 4 regular registers
@@ -429,7 +429,7 @@ INIT_XMM sse4
 SIMPLE_LOOPFILTER h, 5
 
 ;-----------------------------------------------------------------------------
-; void ff_vp8_h/v_loop_filter<size>_inner_<opt>(uint8_t *dst, [uint8_t *v,] int stride,
+; void ff_vp8_h/v_loop_filter<size>_inner_<opt>(uint8_t *dst, [uint8_t *v,] ptrdiff_t stride,
 ;                                               int flimE, int flimI, int hev_thr);
 ;-----------------------------------------------------------------------------
 
@@ -921,7 +921,7 @@ INNER_LOOPFILTER v,  8
 INNER_LOOPFILTER h,  8
 
 ;-----------------------------------------------------------------------------
-; void ff_vp8_h/v_loop_filter<size>_mbedge_<opt>(uint8_t *dst, [uint8_t *v,] int stride,
+; void ff_vp8_h/v_loop_filter<size>_mbedge_<opt>(uint8_t *dst, [uint8_t *v,] ptrdiff_t stride,
 ;                                                int flimE, int flimI, int hev_thr);
 ;-----------------------------------------------------------------------------
 
diff --git a/media/ffvpx/libavcodec/x86/vp9dsp_init.c b/media/ffvpx/libavcodec/x86/vp9dsp_init.c
index cc781a009..837cce850 100644
--- a/media/ffvpx/libavcodec/x86/vp9dsp_init.c
+++ b/media/ffvpx/libavcodec/x86/vp9dsp_init.c
@@ -27,7 +27,7 @@
 #include "libavcodec/vp9dsp.h"
 #include "libavcodec/x86/vp9dsp_init.h"
 
-#if HAVE_YASM
+#if HAVE_X86ASM
 
 decl_fpel_func(put,  4,   , mmx);
 decl_fpel_func(put,  8,   , mmx);
@@ -114,7 +114,7 @@ itxfm_func(idct, idct, 32, sse2);
 itxfm_func(idct, idct, 32, ssse3);
 itxfm_func(idct, idct, 32, avx);
 itxfm_func(iwht, iwht, 4, mmx);
-itxfm_func(idct, idct, 16, avx2);
+itxfm_funcs(16, avx2);
 itxfm_func(idct, idct, 32, avx2);
 
 #undef itxfm_func
@@ -212,11 +212,11 @@ ipred_func(32, tm, avx2);
 #undef ipred_dir_tm_funcs
 #undef ipred_dc_funcs
 
-#endif /* HAVE_YASM */
+#endif /* HAVE_X86ASM */
 
 av_cold void ff_vp9dsp_init_x86(VP9DSPContext *dsp, int bpp, int bitexact)
 {
-#if HAVE_YASM
+#if HAVE_X86ASM
     int cpu_flags;
 
     if (bpp == 10) {
@@ -391,6 +391,12 @@ av_cold void ff_vp9dsp_init_x86(VP9DSPContext *dsp, int bpp, int bitexact)
         if (ARCH_X86_64) {
 #if ARCH_X86_64 && HAVE_AVX2_EXTERNAL
             dsp->itxfm_add[TX_16X16][DCT_DCT] = ff_vp9_idct_idct_16x16_add_avx2;
+            dsp->itxfm_add[TX_16X16][ADST_DCT]  = ff_vp9_idct_iadst_16x16_add_avx2;
+            dsp->itxfm_add[TX_16X16][DCT_ADST]  = ff_vp9_iadst_idct_16x16_add_avx2;
+            dsp->itxfm_add[TX_16X16][ADST_ADST] = ff_vp9_iadst_iadst_16x16_add_avx2;
+            dsp->itxfm_add[TX_32X32][ADST_ADST] =
+            dsp->itxfm_add[TX_32X32][ADST_DCT] =
+            dsp->itxfm_add[TX_32X32][DCT_ADST] =
             dsp->itxfm_add[TX_32X32][DCT_DCT] = ff_vp9_idct_idct_32x32_add_avx2;
             init_subpel3_32_64(0, put, 8, avx2);
             init_subpel3_32_64(1, avg, 8, avx2);
@@ -406,5 +412,5 @@ av_cold void ff_vp9dsp_init_x86(VP9DSPContext *dsp, int bpp, int bitexact)
 #undef init_subpel2
 #undef init_subpel3
 
-#endif /* HAVE_YASM */
+#endif /* HAVE_X86ASM */
 }
diff --git a/media/ffvpx/libavcodec/x86/vp9dsp_init_16bpp.c b/media/ffvpx/libavcodec/x86/vp9dsp_init_16bpp.c
index eb67499c9..60d10a12a 100644
--- a/media/ffvpx/libavcodec/x86/vp9dsp_init_16bpp.c
+++ b/media/ffvpx/libavcodec/x86/vp9dsp_init_16bpp.c
@@ -27,7 +27,7 @@
 #include "libavcodec/vp9dsp.h"
 #include "libavcodec/x86/vp9dsp_init.h"
 
-#if HAVE_YASM
+#if HAVE_X86ASM
 
 decl_fpel_func(put,   8,    , mmx);
 decl_fpel_func(avg,   8, _16, mmxext);
@@ -51,6 +51,10 @@ decl_ipred_fns(h,       16, mmxext, sse2);
 decl_ipred_fns(dc,      16, mmxext, sse2);
 decl_ipred_fns(dc_top,  16, mmxext, sse2);
 decl_ipred_fns(dc_left, 16, mmxext, sse2);
+decl_ipred_fn(dl,       16,     16, avx2);
+decl_ipred_fn(dl,       32,     16, avx2);
+decl_ipred_fn(dr,       16,     16, avx2);
+decl_ipred_fn(dr,       32,     16, avx2);
 
 #define decl_ipred_dir_funcs(type) \
 decl_ipred_fns(type, 16, sse2,  sse2); \
@@ -63,11 +67,11 @@ decl_ipred_dir_funcs(vl);
 decl_ipred_dir_funcs(vr);
 decl_ipred_dir_funcs(hu);
 decl_ipred_dir_funcs(hd);
-#endif /* HAVE_YASM */
+#endif /* HAVE_X86ASM */
 
 av_cold void ff_vp9dsp_init_16bpp_x86(VP9DSPContext *dsp)
 {
-#if HAVE_YASM
+#if HAVE_X86ASM
     int cpu_flags = av_get_cpu_flags();
 
     if (EXTERNAL_MMX(cpu_flags)) {
@@ -133,7 +137,13 @@ av_cold void ff_vp9dsp_init_16bpp_x86(VP9DSPContext *dsp)
         init_fpel_func(2, 1,  32, avg, _16, avx2);
         init_fpel_func(1, 1,  64, avg, _16, avx2);
         init_fpel_func(0, 1, 128, avg, _16, avx2);
+        init_ipred_func(dl, DIAG_DOWN_LEFT, 16, 16, avx2);
+        init_ipred_func(dl, DIAG_DOWN_LEFT, 32, 16, avx2);
+        init_ipred_func(dr, DIAG_DOWN_RIGHT, 16, 16, avx2);
+#if ARCH_X86_64
+        init_ipred_func(dr, DIAG_DOWN_RIGHT, 32, 16, avx2);
+#endif
     }
 
-#endif /* HAVE_YASM */
+#endif /* HAVE_X86ASM */
 }
diff --git a/media/ffvpx/libavcodec/x86/vp9dsp_init_16bpp_template.c b/media/ffvpx/libavcodec/x86/vp9dsp_init_16bpp_template.c
index 4840b2844..b56afc7f5 100644
--- a/media/ffvpx/libavcodec/x86/vp9dsp_init_16bpp_template.c
+++ b/media/ffvpx/libavcodec/x86/vp9dsp_init_16bpp_template.c
@@ -27,7 +27,7 @@
 #include "libavcodec/vp9dsp.h"
 #include "libavcodec/x86/vp9dsp_init.h"
 
-#if HAVE_YASM
+#if HAVE_X86ASM
 
 extern const int16_t ff_filters_16bpp[3][15][4][16];
 
@@ -137,11 +137,11 @@ decl_itxfm_func(iadst, iadst, 4, BPC, sse2);
 decl_itxfm_funcs(8, BPC, sse2);
 decl_itxfm_funcs(16, BPC, sse2);
 decl_itxfm_func(idct,  idct, 32, BPC, sse2);
-#endif /* HAVE_YASM */
+#endif /* HAVE_X86ASM */
 
 av_cold void INIT_FUNC(VP9DSPContext *dsp, int bitexact)
 {
-#if HAVE_YASM
+#if HAVE_X86ASM
     int cpu_flags = av_get_cpu_flags();
 
 #define init_lpf_8_func(idx1, idx2, dir, wd, bpp, opt) \
@@ -234,7 +234,7 @@ av_cold void INIT_FUNC(VP9DSPContext *dsp, int bitexact)
 #endif
     }
 
-#endif /* HAVE_YASM */
+#endif /* HAVE_X86ASM */
 
     ff_vp9dsp_init_16bpp_x86(dsp);
 }
diff --git a/media/ffvpx/libavcodec/x86/vp9intrapred_16bpp.asm b/media/ffvpx/libavcodec/x86/vp9intrapred_16bpp.asm
index c0ac16d3e..32b698243 100644
--- a/media/ffvpx/libavcodec/x86/vp9intrapred_16bpp.asm
+++ b/media/ffvpx/libavcodec/x86/vp9intrapred_16bpp.asm
@@ -847,6 +847,108 @@ DL_FUNCS
 INIT_XMM avx
 DL_FUNCS
 
+%if HAVE_AVX2_EXTERNAL
+INIT_YMM avx2
+cglobal vp9_ipred_dl_16x16_16, 2, 4, 5, dst, stride, l, a
+    movifnidn               aq, amp
+    mova                    m0, [aq]                   ; abcdefghijklmnop
+    vpbroadcastw           xm1, [aq+30]                ; pppppppp
+    vperm2i128              m2, m0, m1, q0201          ; ijklmnoppppppppp
+    vpalignr                m3, m2, m0, 2              ; bcdefghijklmnopp
+    vpalignr                m4, m2, m0, 4              ; cdefghijklmnoppp
+    LOWPASS                  0,  3,  4                 ; BCDEFGHIJKLMNOPp
+    vperm2i128              m2, m0, m1, q0201          ; JKLMNOPppppppppp
+    DEFINE_ARGS dst, stride, stride3, cnt
+    mov                   cntd, 2
+    lea               stride3q, [strideq*3]
+
+.loop:
+    mova      [dstq+strideq*0], m0
+    vpalignr                m3, m2, m0, 2
+    vpalignr                m4, m2, m0, 4
+    mova      [dstq+strideq*1], m3
+    mova      [dstq+strideq*2], m4
+    vpalignr                m3, m2, m0, 6
+    vpalignr                m4, m2, m0, 8
+    mova      [dstq+stride3q ], m3
+    lea                   dstq, [dstq+strideq*4]
+    mova      [dstq+strideq*0], m4
+    vpalignr                m3, m2, m0, 10
+    vpalignr                m4, m2, m0, 12
+    mova      [dstq+strideq*1], m3
+    mova      [dstq+strideq*2], m4
+    vpalignr                m3, m2, m0, 14
+    mova      [dstq+stride3q ], m3
+    lea                   dstq, [dstq+strideq*4]
+    mova                    m0, m2
+    vperm2i128              m2, m2, m2, q0101          ; pppppppppppppppp
+    dec                   cntd
+    jg .loop
+    RET
+
+cglobal vp9_ipred_dl_32x32_16, 2, 6, 7, dst, stride, l, a
+    movifnidn               aq, amp
+    mova                    m0, [aq+mmsize*0+ 0]       ; abcdefghijklmnop
+    mova                    m1, [aq+mmsize*1+ 0]       ; qrstuvwxyz012345
+    vpbroadcastw           xm4, [aq+mmsize*1+30]       ; 55555555
+    vperm2i128              m5, m0, m1, q0201          ; ijklmnopqrstuvwx
+    vpalignr                m2, m5, m0, 2              ; bcdefghijklmnopq
+    vpalignr                m3, m5, m0, 4              ; cdefghijklmnopqr
+    LOWPASS                  0,  2,  3                 ; BCDEFGHIJKLMNOPQ
+    vperm2i128              m5, m1, m4, q0201          ; yz01234555555555
+    vpalignr                m2, m5, m1, 2              ; rstuvwxyz0123455
+    vpalignr                m3, m5, m1, 4              ; stuvwxyz01234555
+    LOWPASS                  1,  2,  3                 ; RSTUVWXYZ......5
+    vperm2i128              m2, m1, m4, q0201          ; Z......555555555
+    vperm2i128              m5, m0, m1, q0201          ; JKLMNOPQRSTUVWXY
+    DEFINE_ARGS dst, stride, stride3, cnt
+    lea               stride3q, [strideq*3]
+    mov                   cntd, 4
+
+.loop:
+    mova   [dstq+strideq*0 + 0], m0
+    mova   [dstq+strideq*0 +32], m1
+    vpalignr                 m3, m5, m0, 2
+    vpalignr                 m4, m2, m1, 2
+    mova   [dstq+strideq*1 + 0], m3
+    mova   [dstq+strideq*1 +32], m4
+    vpalignr                 m3, m5, m0, 4
+    vpalignr                 m4, m2, m1, 4
+    mova   [dstq+strideq*2 + 0], m3
+    mova   [dstq+strideq*2 +32], m4
+    vpalignr                 m3, m5, m0, 6
+    vpalignr                 m4, m2, m1, 6
+    mova   [dstq+stride3q*1+ 0], m3
+    mova   [dstq+stride3q*1+32], m4
+    lea                    dstq, [dstq+strideq*4]
+    vpalignr                 m3, m5, m0, 8
+    vpalignr                 m4, m2, m1, 8
+    mova   [dstq+strideq*0 + 0], m3
+    mova   [dstq+strideq*0 +32], m4
+    vpalignr                 m3, m5, m0, 10
+    vpalignr                 m4, m2, m1, 10
+    mova   [dstq+strideq*1 + 0], m3
+    mova   [dstq+strideq*1 +32], m4
+    vpalignr                 m3, m5, m0, 12
+    vpalignr                 m4, m2, m1, 12
+    mova   [dstq+strideq*2+ 0], m3
+    mova   [dstq+strideq*2+32], m4
+    vpalignr                 m3, m5, m0, 14
+    vpalignr                 m4, m2, m1, 14
+    mova   [dstq+stride3q+  0], m3
+    mova   [dstq+stride3q+ 32], m4
+    vpalignr                 m3, m5, m0, 16
+    vpalignr                 m4, m2, m1, 16
+    vperm2i128               m5, m3, m4, q0201
+    vperm2i128               m2, m4, m4, q0101
+    mova                     m0, m3
+    mova                     m1, m4
+    lea                    dstq, [dstq+strideq*4]
+    dec                    cntd
+    jg .loop
+    RET
+%endif
+
 %macro DR_FUNCS 1 ; stack_mem_for_32x32_32bit_function
 cglobal vp9_ipred_dr_4x4_16, 4, 4, 3, dst, stride, l, a
     movh                    m0, [lq]                ; wxyz....
@@ -1068,6 +1170,161 @@ DR_FUNCS 2
 INIT_XMM avx
 DR_FUNCS 2
 
+%if HAVE_AVX2_EXTERNAL
+INIT_YMM avx2
+cglobal vp9_ipred_dr_16x16_16, 4, 5, 6, dst, stride, l, a
+    mova                    m0, [lq]                   ; klmnopqrstuvwxyz
+    movu                    m1, [aq-2]                 ; *abcdefghijklmno
+    mova                    m2, [aq]                   ; abcdefghijklmnop
+    vperm2i128              m4, m2, m2, q2001          ; ijklmnop........
+    vpalignr                m5, m4, m2, 2              ; bcdefghijklmnop.
+    vperm2i128              m3, m0, m1, q0201          ; stuvwxyz*abcdefg
+    LOWPASS                  1,  2,  5                 ; ABCDEFGHIJKLMNO.
+    vpalignr                m4, m3, m0, 2              ; lmnopqrstuvwxyz*
+    vpalignr                m5, m3, m0, 4              ; mnopqrstuvwxyz*a
+    LOWPASS                  0,  4,  5                 ; LMNOPQRSTUVWXYZ#
+    vperm2i128              m5, m0, m1, q0201          ; TUVWXYZ#ABCDEFGH
+    DEFINE_ARGS dst, stride, stride3, stride5, dst3
+    lea                  dst3q, [dstq+strideq*4]
+    lea               stride3q, [strideq*3]
+    lea               stride5q, [stride3q+strideq*2]
+
+    vpalignr                m3, m5, m0, 2
+    vpalignr                m4, m1, m5, 2
+    mova    [dst3q+stride5q*2], m3                     ; 14
+    mova    [ dstq+stride3q*2], m4                     ; 6
+    vpalignr                m3, m5, m0, 4
+    vpalignr                m4, m1, m5, 4
+    sub                  dst3q, strideq
+    mova    [dst3q+stride5q*2], m3                     ; 13
+    mova    [dst3q+strideq*2 ], m4                     ; 5
+    mova    [dst3q+stride3q*4], m0                     ; 15
+    vpalignr                m3, m5, m0, 6
+    vpalignr                m4, m1, m5, 6
+    mova     [dstq+stride3q*4], m3                     ; 12
+    mova     [dst3q+strideq*1], m4                     ; 4
+    vpalignr                m3, m5, m0, 8
+    vpalignr                m4, m1, m5, 8
+    mova     [dst3q+strideq*8], m3                     ; 11
+    mova     [dst3q+strideq*0], m4                     ; 3
+    vpalignr                m3, m5, m0, 10
+    vpalignr                m4, m1, m5, 10
+    mova     [dstq+stride5q*2], m3                     ; 10
+    mova     [dstq+strideq*2 ], m4                     ; 2
+    vpalignr                m3, m5, m0, 12
+    vpalignr                m4, m1, m5, 12
+    mova    [dst3q+stride3q*2], m3                     ; 9
+    mova     [dstq+strideq*1 ], m4                     ; 1
+    vpalignr                m3, m5, m0, 14
+    vpalignr                m4, m1, m5, 14
+    mova      [dstq+strideq*8], m3                     ; 8
+    mova      [dstq+strideq*0], m4                     ; 0
+    mova     [dst3q+strideq*4], m5                     ; 7
+    RET
+
+%if ARCH_X86_64
+cglobal vp9_ipred_dr_32x32_16, 4, 7, 10, dst, stride, l, a
+    mova                    m0, [lq+mmsize*0+0]        ; l[0-15]
+    mova                    m1, [lq+mmsize*1+0]        ; l[16-31]
+    movu                    m2, [aq+mmsize*0-2]        ; *abcdefghijklmno
+    mova                    m3, [aq+mmsize*0+0]        ; abcdefghijklmnop
+    mova                    m4, [aq+mmsize*1+0]        ; qrstuvwxyz012345
+    vperm2i128              m5, m0, m1, q0201          ; lmnopqrstuvwxyz0
+    vpalignr                m6, m5, m0, 2              ; mnopqrstuvwxyz01
+    vpalignr                m7, m5, m0, 4              ; nopqrstuvwxyz012
+    LOWPASS                  0,  6,  7                 ; L[0-15]
+    vperm2i128              m7, m1, m2, q0201          ; stuvwxyz*abcdefg
+    vpalignr                m5, m7, m1, 2              ; lmnopqrstuvwxyz*
+    vpalignr                m6, m7, m1, 4              ; mnopqrstuvwxyz*a
+    LOWPASS                  1,  5,  6                 ; L[16-31]#
+    vperm2i128              m5, m3, m4, q0201          ; ijklmnopqrstuvwx
+    vpalignr                m6, m5, m3, 2              ; bcdefghijklmnopq
+    LOWPASS                  2,  3,  6                 ; A[0-15]
+    movu                    m3, [aq+mmsize*1-2]        ; pqrstuvwxyz01234
+    vperm2i128              m6, m4, m4, q2001          ; yz012345........
+    vpalignr                m7, m6, m4, 2              ; rstuvwxyz012345.
+    LOWPASS                  3,  4,  7                 ; A[16-31].
+    vperm2i128              m4, m1, m2, q0201          ; TUVWXYZ#ABCDEFGH
+    vperm2i128              m5, m0, m1, q0201          ; L[7-15]L[16-23]
+    vperm2i128              m8, m2, m3, q0201          ; IJKLMNOPQRSTUVWX
+    DEFINE_ARGS dst8, stride, stride3, stride7, stride5, dst24, cnt
+    lea               stride3q, [strideq*3]
+    lea               stride5q, [stride3q+strideq*2]
+    lea               stride7q, [strideq*4+stride3q]
+    lea                 dst24q, [dst8q+stride3q*8]
+    lea                  dst8q, [dst8q+strideq*8]
+    mov                   cntd, 2
+
+.loop:
+    mova  [dst24q+stride7q+0 ], m0                     ; 31 23 15 7
+    mova  [dst24q+stride7q+32], m1
+    mova    [dst8q+stride7q+0], m1
+    mova   [dst8q+stride7q+32], m2
+    vpalignr                m6, m4, m1, 2
+    vpalignr                m7, m5, m0, 2
+    vpalignr                m9, m8, m2, 2
+    mova [dst24q+stride3q*2+0], m7                     ; 30 22 14 6
+    mova [dst24q+stride3q*2+32], m6
+    mova  [dst8q+stride3q*2+0], m6
+    mova [dst8q+stride3q*2+32], m9
+    vpalignr                m6, m4, m1, 4
+    vpalignr                m7, m5, m0, 4
+    vpalignr                m9, m8, m2, 4
+    mova   [dst24q+stride5q+0], m7                     ; 29 21 13 5
+    mova  [dst24q+stride5q+32], m6
+    mova    [dst8q+stride5q+0], m6
+    mova   [dst8q+stride5q+32], m9
+    vpalignr                m6, m4, m1, 6
+    vpalignr                m7, m5, m0, 6
+    vpalignr                m9, m8, m2, 6
+    mova [dst24q+strideq*4+0 ], m7                     ; 28 20 12 4
+    mova [dst24q+strideq*4+32], m6
+    mova   [dst8q+strideq*4+0], m6
+    mova  [dst8q+strideq*4+32], m9
+    vpalignr                m6, m4, m1, 8
+    vpalignr                m7, m5, m0, 8
+    vpalignr                m9, m8, m2, 8
+    mova  [dst24q+stride3q+0 ], m7                     ; 27 19 11 3
+    mova  [dst24q+stride3q+32], m6
+    mova    [dst8q+stride3q+0], m6
+    mova   [dst8q+stride3q+32], m9
+    vpalignr                m6, m4, m1, 10
+    vpalignr                m7, m5, m0, 10
+    vpalignr                m9, m8, m2, 10
+    mova [dst24q+strideq*2+0 ], m7                     ; 26 18 10 2
+    mova [dst24q+strideq*2+32], m6
+    mova   [dst8q+strideq*2+0], m6
+    mova  [dst8q+strideq*2+32], m9
+    vpalignr                m6, m4, m1, 12
+    vpalignr                m7, m5, m0, 12
+    vpalignr                m9, m8, m2, 12
+    mova   [dst24q+strideq+0 ], m7                     ; 25 17 9 1
+    mova   [dst24q+strideq+32], m6
+    mova     [dst8q+strideq+0], m6
+    mova    [dst8q+strideq+32], m9
+    vpalignr                m6, m4, m1, 14
+    vpalignr                m7, m5, m0, 14
+    vpalignr                m9, m8, m2, 14
+    mova [dst24q+strideq*0+0 ], m7                     ; 24 16 8 0
+    mova [dst24q+strideq*0+32], m6
+    mova   [dst8q+strideq*0+0], m6
+    mova  [dst8q+strideq*0+32], m9
+    mova                    m0, m5
+    mova                    m5, m1
+    mova                    m1, m4
+    mova                    m4, m2
+    mova                    m2, m8
+    mova                    m8, m3
+    sub                 dst24q, stride7q
+    sub                 dst24q, strideq
+    sub                  dst8q, stride7q
+    sub                  dst8q, strideq
+    dec                   cntd
+    jg .loop
+    RET
+%endif
+%endif
+
 %macro VL_FUNCS 1 ; stack_mem_for_32x32_32bit_function
 cglobal vp9_ipred_vl_4x4_16, 2, 4, 3, dst, stride, l, a
     movifnidn               aq, amp
diff --git a/media/ffvpx/libavcodec/x86/vp9itxfm.asm b/media/ffvpx/libavcodec/x86/vp9itxfm.asm
index 57d6d353b..2c63fe514 100644
--- a/media/ffvpx/libavcodec/x86/vp9itxfm.asm
+++ b/media/ffvpx/libavcodec/x86/vp9itxfm.asm
@@ -1581,33 +1581,30 @@ cglobal vp9_idct_idct_16x16_add, 4, 4, 16, dst, stride, block, eob
     VP9_IDCT16_YMM_1D
 
     mova      [blockq+224], m7
-    mova      [blockq+480], m15
-    pxor               m15, m15
 
     ; store
-    VP9_IDCT8_WRITEx2    0,  1, 6, 7, 15, [pw_512], 6
+    VP9_IDCT8_WRITEx2    0,  1, 6, 7, unused, [pw_512], 6
     lea               dstq, [dstq+2*strideq]
-    VP9_IDCT8_WRITEx2    2,  3, 6, 7, 15, [pw_512], 6
+    VP9_IDCT8_WRITEx2    2,  3, 6, 7, unused, [pw_512], 6
     lea               dstq, [dstq+2*strideq]
-    VP9_IDCT8_WRITEx2    4,  5, 6, 7, 15, [pw_512], 6
+    VP9_IDCT8_WRITEx2    4,  5, 6, 7, unused, [pw_512], 6
     lea               dstq, [dstq+2*strideq]
     mova                m6, [blockq+192]
     mova                m7, [blockq+224]
-    SWAP                 0, 15
-    mova               m15, [blockq+480]
-    VP9_IDCT8_WRITEx2    6,  7, 1, 2, 0, [pw_512], 6
+    VP9_IDCT8_WRITEx2    6,  7, 1, 2, unused, [pw_512], 6
     lea               dstq, [dstq+2*strideq]
-    VP9_IDCT8_WRITEx2    8,  9, 1, 2, 0, [pw_512], 6
+    VP9_IDCT8_WRITEx2    8,  9, 1, 2, unused, [pw_512], 6
     lea               dstq, [dstq+2*strideq]
-    VP9_IDCT8_WRITEx2   10, 11, 1, 2, 0, [pw_512], 6
+    VP9_IDCT8_WRITEx2   10, 11, 1, 2, unused, [pw_512], 6
     lea               dstq, [dstq+2*strideq]
-    VP9_IDCT8_WRITEx2   12, 13, 1, 2, 0, [pw_512], 6
+    VP9_IDCT8_WRITEx2   12, 13, 1, 2, unused, [pw_512], 6
     lea               dstq, [dstq+2*strideq]
-    VP9_IDCT8_WRITEx2   14, 15, 1, 2, 0, [pw_512], 6
+    VP9_IDCT8_WRITEx2   14, 15, 1, 2, unused, [pw_512], 6
     lea               dstq, [dstq+2*strideq]
 
     ; at the end of the loop, m0 should still be zero
     ; use that to zero out block coefficients
+    pxor                m0, m0
     ZERO_BLOCK      blockq, 32, 16, m0
     RET
 %endif
@@ -1987,6 +1984,173 @@ IADST16_FN idct,  IDCT16,  iadst, IADST16, avx
 IADST16_FN iadst, IADST16, idct,  IDCT16,  avx
 IADST16_FN iadst, IADST16, iadst, IADST16, avx
 
+; in: data in m[0-15] except m0/m4, which are in [blockq+0] and [blockq+128]
+; out: m[0-15] except m6, which is in [blockq+192]
+; uses blockq as scratch space
+%macro VP9_IADST16_YMM_1D 0
+    mova          [blockq+ 32], m3
+    mova          [blockq+ 64], m7
+    mova          [blockq+ 96], m8
+
+    ; first half of round 1
+    VP9_UNPACK_MULSUB_2D_4X  9,  6,  0,  3, 13160,  9760    ; m9/x=t7[d], m6/x=t6[d]
+    VP9_UNPACK_MULSUB_2D_4X  1, 14,  4,  7,  2404, 16207    ; m1/x=t15[d], m14/x=t14[d]
+    VP9_RND_SH_SUMSUB_BA    14,  6,  7,  3,  8, [pd_8192]   ; m14=t6[w], m6=t14[w]
+    VP9_RND_SH_SUMSUB_BA     1,  9,  4,  0,  8, [pd_8192]   ; m1=t7[w], m9=t15[w]
+
+    VP9_UNPACK_MULSUB_2D_4X 13,  2,  4,  7, 15893,  3981    ; m13/x=t3[d], m2/x=t2[d]
+    VP9_UNPACK_MULSUB_2D_4X  5, 10,  0,  3,  8423, 14053    ; m5/x=t11[d], m10/x=t10[d]
+    VP9_RND_SH_SUMSUB_BA    10,  2,  3,  7,  8, [pd_8192]   ; m10=t2[w], m2=t10[w]
+    VP9_RND_SH_SUMSUB_BA     5, 13,  0,  4,  8, [pd_8192]   ; m5=t3[w], m13=t11[w]
+
+    ; half of round 2 t8-15
+    VP9_UNPACK_MULSUB_2D_4X  2, 13,  4,  7,  9102, 13623    ; m2/x=t11[d], m13/x=t10[d]
+    VP9_UNPACK_MULSUB_2D_4X  9,  6,  3,  0, 13623,  9102    ; m9/x=t14[d], m6/x=t15[d]
+    VP9_RND_SH_SUMSUB_BA     9, 13,  3,  7,  8, [pd_8192]   ; m9=t10[w], m13=t14[w]
+    VP9_RND_SH_SUMSUB_BA     6,  2,  0,  4,  8, [pd_8192]   ; m6=t11[w], m2=t15[w]
+
+    SUMSUB_BA            w, 14, 10,  8                      ; m14=t2, m10=t6
+    SUMSUB_BA            w,  1,  5,  8                      ; m1=t3, m5=t7
+
+    mova                    m0, [blockq+  0]
+    mova                    m4, [blockq+128]
+    mova                    m3, [blockq+ 32]
+    mova                    m7, [blockq+ 64]
+    mova                    m8, [blockq+ 96]
+    mova          [blockq+  0], m1
+    mova          [blockq+128], m14
+    mova          [blockq+ 32], m6
+    mova          [blockq+ 64], m9
+    mova          [blockq+ 96], m10
+
+    ; second half of round 1
+    VP9_UNPACK_MULSUB_2D_4X 15,  0,  1,  9, 16364,   804    ; m15/x=t1[d], m0/x=t0[d]
+    VP9_UNPACK_MULSUB_2D_4X  7,  8, 10,  6, 11003, 12140    ; m7/x=t9[d], m8/x=t8[d]
+    VP9_RND_SH_SUMSUB_BA     8,  0,  6,  9, 14, [pd_8192]   ; m8=t0[w], m0=t8[w]
+    VP9_RND_SH_SUMSUB_BA     7, 15, 10,  1, 14, [pd_8192]   ; m7=t1[w], m15=t9[w]
+
+    VP9_UNPACK_MULSUB_2D_4X 11,  4, 10,  6, 14811,  7005    ; m11/x=t5[d], m4/x=t4[d]
+    VP9_UNPACK_MULSUB_2D_4X  3, 12,  1,  9,  5520, 15426    ; m3/x=t13[d], m12/x=t12[d]
+    VP9_RND_SH_SUMSUB_BA    12,  4,  9,  6, 14, [pd_8192]   ; m12=t4[w], m4=t12[w]
+    VP9_RND_SH_SUMSUB_BA     3, 11,  1, 10, 14, [pd_8192]   ; m3=t5[w], m11=t13[w]
+
+    ; second half of round 2 t8-15
+    VP9_UNPACK_MULSUB_2D_4X  0, 15,  6, 10, 16069,  3196    ; m15/x=t8[d], m0/x=t9[d]
+    VP9_UNPACK_MULSUB_2D_4X 11,  4,  9,  1,  3196, 16069    ; m11/x=t12[d], m4/x=t13[d]
+    VP9_RND_SH_SUMSUB_BA    11, 15,  9, 10, 14, [pd_8192]   ; m11=t8[w], m15=t12[w]
+    VP9_RND_SH_SUMSUB_BA     4,  0,  1,  6, 14, [pd_8192]   ; m4=t9[w], m0=t13[w]
+
+    SUMSUB_BA            w, 12,  8, 14                      ; m12=t0, m8=t4
+    SUMSUB_BA            w,  3,  7, 14                      ; m3=t1, m7=t5
+
+    mova                   m10, [blockq+ 96]
+    mova          [blockq+ 96], m12
+
+    ; round 3
+    VP9_UNPACK_MULSUB_2D_4X 15,  0,  9, 12, 15137,  6270    ; m15/x=t13[d], m0/x=t12[d]
+    VP9_UNPACK_MULSUB_2D_4X  2, 13,  1,  6,  6270, 15137    ; m2/x=t14[d], m13/x=t15[d]
+    VP9_RND_SH_SUMSUB_BA     2,  0,  1, 12, 14, [pd_8192]   ; m2=out2[w], m0=t14a[w]
+    VP9_RND_SH_SUMSUB_BA    13, 15,  6,  9, 14, [pd_8192]
+    PSIGNW                 m13, [pw_m1]                     ; m13=out13[w], m15=t15a[w]
+
+    VP9_UNPACK_MULSUB_2D_4X  8,  7, 12,  9, 15137,  6270    ; m8/x=t5[d], m7/x=t4[d]
+    VP9_UNPACK_MULSUB_2D_4X  5, 10,  1,  6,  6270, 15137    ; m5/x=t6[d], m10/x=t7[d]
+    VP9_RND_SH_SUMSUB_BA     5,  7,  1,  9, 14, [pd_8192]
+    PSIGNW                  m5, [pw_m1]                     ; m5=out3[w], m7=t6[w]
+    VP9_RND_SH_SUMSUB_BA    10,  8,  6, 12, 14, [pd_8192]   ; m10=out12[w], m8=t7[w]
+
+    mova                    m1, [blockq+  0]
+    mova                   m14, [blockq+128]
+    mova                    m6, [blockq+ 32]
+    mova                    m9, [blockq+ 64]
+    mova                   m12, [blockq+ 96]
+    mova          [blockq+  0], m10
+    mova          [blockq+128], m5
+
+    SUMSUB_BA            w, 14, 12,  5                      ; m14=out0, m12=t2a
+    SUMSUB_BA            w,  1,  3,  5
+    PSIGNW                  m1, [pw_m1]                     ; m1=out15, m3=t3a
+
+    SUMSUB_BA            w,  9, 11,  5
+    PSIGNW                  m9, [pw_m1]                     ; m9=out1, m11=t10
+    SUMSUB_BA            w,  6,  4,  5                      ; m6=out14, m4=t11
+
+    VP9_UNPACK_MULSUB_2W_4X  4, 11, 11585, 11585, [pd_8192],  5, 10 ; m4=out9, m11=out6
+    mova                    m5, [blockq+128]
+    mova          [blockq+192], m11
+    PSIGNW                 m15, [pw_m1]
+    VP9_UNPACK_MULSUB_2W_4X 15,  0, 11585, 11585, [pd_8192], 10, 11 ; m15=out5, m0=out10
+
+    PSIGNW                  m3, [pw_m1]
+    VP9_UNPACK_MULSUB_2W_4X  3, 12, 11585, 11585, [pd_8192], 10, 11 ; m3=out7,m12=out8
+    VP9_UNPACK_MULSUB_2W_4X  8,  7, 11585, 11585, [pd_8192], 10, 11 ; m8=out11,m7=out4
+
+    mova                   m10, [blockq+  0]
+
+    SWAP                     0, 14,  6, 11,  8, 12, 10
+    SWAP                     1,  9, 15,  4,  7,  3,  5
+    SWAP                     5,  9, 15
+%endmacro
+
+%if ARCH_X86_64 && HAVE_AVX2_EXTERNAL
+%macro IADST16_YMM_FN 4
+INIT_YMM avx2
+cglobal vp9_%1_%3_16x16_add, 4, 4, 16, dst, stride, block, eob
+    mova                m1, [blockq+ 32]
+    mova                m2, [blockq+ 64]
+    mova                m3, [blockq+ 96]
+    mova                m5, [blockq+160]
+    mova                m6, [blockq+192]
+    mova                m7, [blockq+224]
+    mova                m8, [blockq+256]
+    mova                m9, [blockq+288]
+    mova               m10, [blockq+320]
+    mova               m11, [blockq+352]
+    mova               m12, [blockq+384]
+    mova               m13, [blockq+416]
+    mova               m14, [blockq+448]
+    mova               m15, [blockq+480]
+
+    VP9_%2_YMM_1D
+    TRANSPOSE16x16W      0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, \
+                         [blockq+192], [blockq+128], 1
+    mova      [blockq+  0], m0
+    VP9_%4_YMM_1D
+
+    mova      [blockq+224], m7
+
+    ; store
+    VP9_IDCT8_WRITEx2    0,  1, 6, 7, unused, [pw_512], 6
+    lea               dstq, [dstq+2*strideq]
+    VP9_IDCT8_WRITEx2    2,  3, 6, 7, unused, [pw_512], 6
+    lea               dstq, [dstq+2*strideq]
+    VP9_IDCT8_WRITEx2    4,  5, 6, 7, unused, [pw_512], 6
+    lea               dstq, [dstq+2*strideq]
+    mova                m6, [blockq+192]
+    mova                m7, [blockq+224]
+    VP9_IDCT8_WRITEx2    6,  7, 1, 2, unused, [pw_512], 6
+    lea               dstq, [dstq+2*strideq]
+    VP9_IDCT8_WRITEx2    8,  9, 1, 2, unused, [pw_512], 6
+    lea               dstq, [dstq+2*strideq]
+    VP9_IDCT8_WRITEx2   10, 11, 1, 2, unused, [pw_512], 6
+    lea               dstq, [dstq+2*strideq]
+    VP9_IDCT8_WRITEx2   12, 13, 1, 2, unused, [pw_512], 6
+    lea               dstq, [dstq+2*strideq]
+    VP9_IDCT8_WRITEx2   14, 15, 1, 2, unused, [pw_512], 6
+    lea               dstq, [dstq+2*strideq]
+
+    ; at the end of the loop, m0 should still be zero
+    ; use that to zero out block coefficients
+    pxor                m0, m0
+    ZERO_BLOCK      blockq, 32, 16, m0
+    RET
+%endmacro
+
+IADST16_YMM_FN idct,  IDCT16,  iadst, IADST16
+IADST16_YMM_FN iadst, IADST16, idct,  IDCT16
+IADST16_YMM_FN iadst, IADST16, iadst, IADST16
+%endif
+
 ;---------------------------------------------------------------------------------------------
 ; void vp9_idct_idct_32x32_add_<opt>(uint8_t *dst, ptrdiff_t stride, int16_t *block, int eob);
 ;---------------------------------------------------------------------------------------------
diff --git a/media/ffvpx/libavcodec/x86/vp9mc.asm b/media/ffvpx/libavcodec/x86/vp9mc.asm
index 9152ba541..f64161b2c 100644
--- a/media/ffvpx/libavcodec/x86/vp9mc.asm
+++ b/media/ffvpx/libavcodec/x86/vp9mc.asm
@@ -1,5 +1,5 @@
 ;******************************************************************************
-;* VP9 MC SIMD optimizations
+;* VP9 motion compensation SIMD optimizations
 ;*
 ;* Copyright (c) 2013 Ronald S. Bultje <rsbultje gmail com>
 ;*
@@ -440,9 +440,8 @@ cglobal vp9_%1_8tap_1d_v_ %+ %%px %+ _8, 4, 7, 11, dst, dstride, src, sstride, f
     mova       m10, [filteryq+96]
 %endif
 .loop:
-    ; FIXME maybe reuse loads from previous rows, or just
-    ; more generally unroll this to prevent multiple loads of
-    ; the same data?
+    ; FIXME maybe reuse loads from previous rows, or just more generally
+    ; unroll this to prevent multiple loads of the same data?
     movh        m0, [srcq]
     movh        m1, [srcq+sstrideq]
     movh        m2, [srcq+sstrideq*2]
diff --git a/media/ffvpx/libavutil/atomic_gcc.h b/media/ffvpx/libavutil/atomic_gcc.h
index 5f9fc49ba..2bb43c3ce 100644
--- a/media/ffvpx/libavutil/atomic_gcc.h
+++ b/media/ffvpx/libavutil/atomic_gcc.h
@@ -28,40 +28,27 @@
 #define avpriv_atomic_int_get atomic_int_get_gcc
 static inline int atomic_int_get_gcc(volatile int *ptr)
 {
-#if HAVE_ATOMIC_COMPARE_EXCHANGE
-    return __atomic_load_n(ptr, __ATOMIC_SEQ_CST);
-#else
     __sync_synchronize();
     return *ptr;
-#endif
 }
 
 #define avpriv_atomic_int_set atomic_int_set_gcc
 static inline void atomic_int_set_gcc(volatile int *ptr, int val)
 {
-#if HAVE_ATOMIC_COMPARE_EXCHANGE
-    __atomic_store_n(ptr, val, __ATOMIC_SEQ_CST);
-#else
     *ptr = val;
     __sync_synchronize();
-#endif
 }
 
 #define avpriv_atomic_int_add_and_fetch atomic_int_add_and_fetch_gcc
 static inline int atomic_int_add_and_fetch_gcc(volatile int *ptr, int inc)
 {
-#if HAVE_ATOMIC_COMPARE_EXCHANGE
-    return __atomic_add_fetch(ptr, inc, __ATOMIC_SEQ_CST);
-#else
     return __sync_add_and_fetch(ptr, inc);
-#endif
 }
 
 #define avpriv_atomic_ptr_cas atomic_ptr_cas_gcc
 static inline void *atomic_ptr_cas_gcc(void * volatile *ptr,
                                        void *oldval, void *newval)
 {
-#if HAVE_SYNC_VAL_COMPARE_AND_SWAP
 #ifdef __ARMCC_VERSION
     // armcc will throw an error if ptr is not an integer type
     volatile uintptr_t *tmp = (volatile uintptr_t*)ptr;
@@ -69,10 +56,6 @@ static inline void *atomic_ptr_cas_gcc(void * volatile *ptr,
 #else
     return __sync_val_compare_and_swap(ptr, oldval, newval);
 #endif
-#else
-    __atomic_compare_exchange_n(ptr, &oldval, newval, 0, __ATOMIC_SEQ_CST, __ATOMIC_SEQ_CST);
-    return oldval;
-#endif
 }
 
 #endif /* AVUTIL_ATOMIC_GCC_H */
diff --git a/media/ffvpx/libavutil/atomic_suncc.h b/media/ffvpx/libavutil/atomic_suncc.h
deleted file mode 100644
index a75a37b47..000000000
--- a/media/ffvpx/libavutil/atomic_suncc.h
+++ /dev/null
@@ -1,54 +0,0 @@
-/*
- * This file is part of FFmpeg.
- *
- * FFmpeg is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * FFmpeg is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with FFmpeg; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
-
-#ifndef AVUTIL_ATOMIC_SUNCC_H
-#define AVUTIL_ATOMIC_SUNCC_H
-
-#include <atomic.h>
-#include <mbarrier.h>
-
-#include "atomic.h"
-
-#define avpriv_atomic_int_get atomic_int_get_suncc
-static inline int atomic_int_get_suncc(volatile int *ptr)
-{
-    __machine_rw_barrier();
-    return *ptr;
-}
-
-#define avpriv_atomic_int_set atomic_int_set_suncc
-static inline void atomic_int_set_suncc(volatile int *ptr, int val)
-{
-    *ptr = val;
-    __machine_rw_barrier();
-}
-
-#define avpriv_atomic_int_add_and_fetch atomic_int_add_and_fetch_suncc
-static inline int atomic_int_add_and_fetch_suncc(volatile int *ptr, int inc)
-{
-    return atomic_add_int_nv(ptr, inc);
-}
-
-#define avpriv_atomic_ptr_cas atomic_ptr_cas_suncc
-static inline void *atomic_ptr_cas_suncc(void * volatile *ptr,
-                                         void *oldval, void *newval)
-{
-    return atomic_cas_ptr(ptr, oldval, newval);
-}
-
-#endif /* AVUTIL_ATOMIC_SUNCC_H */
diff --git a/media/ffvpx/libavutil/attributes.h b/media/ffvpx/libavutil/attributes.h
index 5c6b9deec..54d190111 100644
--- a/media/ffvpx/libavutil/attributes.h
+++ b/media/ffvpx/libavutil/attributes.h
@@ -121,8 +121,7 @@
 #endif
 #endif
 
-
-#if defined(__GNUC__)
+#if defined(__GNUC__) || defined(__clang__)
 #    define av_unused __attribute__((unused))
 #else
 #    define av_unused
@@ -133,7 +132,7 @@
  * away.  This is useful for variables accessed only from inline
  * assembler without the compiler being aware.
  */
-#if AV_GCC_VERSION_AT_LEAST(3,1)
+#if AV_GCC_VERSION_AT_LEAST(3,1) || defined(__clang__)
 #    define av_used __attribute__((used))
 #else
 #    define av_used
diff --git a/media/ffvpx/libavutil/avconfig.h b/media/ffvpx/libavutil/avconfig.h
index 2ec333d15..f10aa6186 100644
--- a/media/ffvpx/libavutil/avconfig.h
+++ b/media/ffvpx/libavutil/avconfig.h
@@ -3,5 +3,4 @@
 #define AVUTIL_AVCONFIG_H
 #define AV_HAVE_BIGENDIAN 0
 #define AV_HAVE_FAST_UNALIGNED 1
-#define AV_HAVE_INCOMPATIBLE_FORK_ABI 0
 #endif /* AVUTIL_AVCONFIG_H */
diff --git a/media/ffvpx/libavutil/avstring.c b/media/ffvpx/libavutil/avstring.c
index 1787a1ef5..f03dd2514 100644
--- a/media/ffvpx/libavutil/avstring.c
+++ b/media/ffvpx/libavutil/avstring.c
@@ -231,6 +231,29 @@ int av_strncasecmp(const char *a, const char *b, size_t n)
     return c1 - c2;
 }
 
+char *av_strireplace(const char *str, const char *from, const char *to)
+{
+    char *ret = NULL;
+    const char *pstr2, *pstr = str;
+    size_t tolen = strlen(to), fromlen = strlen(from);
+    AVBPrint pbuf;
+
+    av_bprint_init(&pbuf, 1, AV_BPRINT_SIZE_UNLIMITED);
+    while ((pstr2 = av_stristr(pstr, from))) {
+        av_bprint_append_data(&pbuf, pstr, pstr2 - pstr);
+        pstr = pstr2 + fromlen;
+        av_bprint_append_data(&pbuf, to, tolen);
+    }
+    av_bprint_append_data(&pbuf, pstr, strlen(pstr));
+    if (!av_bprint_is_complete(&pbuf)) {
+        av_bprint_finalize(&pbuf, NULL);
+    } else {
+        av_bprint_finalize(&pbuf, &ret);
+    }
+
+    return ret;
+}
+
 const char *av_basename(const char *path)
 {
     char *p = strrchr(path, '/');
diff --git a/media/ffvpx/libavutil/avstring.h b/media/ffvpx/libavutil/avstring.h
index dd2876990..04d269564 100644
--- a/media/ffvpx/libavutil/avstring.h
+++ b/media/ffvpx/libavutil/avstring.h
@@ -266,6 +266,11 @@ int av_strcasecmp(const char *a, const char *b);
  */
 int av_strncasecmp(const char *a, const char *b, size_t n);
 
+/**
+ * Locale-independent strings replace.
+ * @note This means only ASCII-range characters are replace
+ */
+char *av_strireplace(const char *str, const char *from, const char *to);
 
 /**
  * Thread safe basename.
diff --git a/media/ffvpx/libavutil/avutil.h b/media/ffvpx/libavutil/avutil.h
index 29dd830bf..4d633156d 100644
--- a/media/ffvpx/libavutil/avutil.h
+++ b/media/ffvpx/libavutil/avutil.h
@@ -118,6 +118,12 @@
  *
  * @}
  *
+ * @defgroup lavu_video Video related
+ *
+ * @{
+ *
+ * @}
+ *
  * @defgroup lavu_audio Audio related
  *
  * @{
@@ -337,6 +343,20 @@ FILE *av_fopen_utf8(const char *path, const char *mode);
  */
 AVRational av_get_time_base_q(void);
 
+#define AV_FOURCC_MAX_STRING_SIZE 32
+
+#define av_fourcc2str(fourcc) av_fourcc_make_string((char[AV_FOURCC_MAX_STRING_SIZE]){0}, fourcc)
+
+/**
+ * Fill the provided buffer with a string containing a FourCC (four-character
+ * code) representation.
+ *
+ * @param buf    a buffer with size in bytes of at least AV_FOURCC_MAX_STRING_SIZE
+ * @param fourcc the fourcc to represent
+ * @return the buffer in input
+ */
+char *av_fourcc_make_string(char *buf, uint32_t fourcc);
+
 /**
  * @}
  * @}
diff --git a/media/ffvpx/libavutil/avutil.symbols b/media/ffvpx/libavutil/avutil.symbols
index 81cf6a8ef..ba68dc33c 100644
--- a/media/ffvpx/libavutil/avutil.symbols
+++ b/media/ffvpx/libavutil/avutil.symbols
@@ -57,9 +57,6 @@ av_dict_parse_string
 av_dict_set
 av_dict_set_int
 av_dirname
-av_display_matrix_flip
-av_display_rotation_get
-av_display_rotation_set
 av_div_q
 av_dynarray2_add
 av_dynarray_add
@@ -88,7 +85,9 @@ av_find_best_pix_fmt_of_2
 av_find_info_tag
 av_find_nearest_q_idx
 av_force_cpu_flags
+av_fourcc_make_string
 av_frame_alloc
+av_frame_apply_cropping
 av_frame_clone
 av_frame_copy
 av_frame_copy_props
@@ -166,6 +165,7 @@ av_hwframe_get_buffer
 av_image_alloc
 av_image_check_sar
 av_image_check_size
+av_image_check_size2
 av_image_copy
 av_image_copy_plane
 av_image_copy_to_buffer
@@ -332,5 +332,8 @@ avutil_configuration
 avutil_license
 avutil_version
 #ifdef XP_WIN
-avpriv_emms_yasm
+avpriv_emms_asm
 #endif
+avpriv_slicethread_create
+avpriv_slicethread_execute
+avpriv_slicethread_free
diff --git a/media/ffvpx/libavutil/buffer.c b/media/ffvpx/libavutil/buffer.c
index 694e116a3..8d1aa5fa8 100644
--- a/media/ffvpx/libavutil/buffer.c
+++ b/media/ffvpx/libavutil/buffer.c
@@ -16,10 +16,10 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
  */
 
+#include <stdatomic.h>
 #include <stdint.h>
 #include <string.h>
 
-#include "atomic.h"
 #include "buffer_internal.h"
 #include "common.h"
 #include "mem.h"
@@ -40,7 +40,8 @@ AVBufferRef *av_buffer_create(uint8_t *data, int size,
     buf->size     = size;
     buf->free     = free ? free : av_buffer_default_free;
     buf->opaque   = opaque;
-    buf->refcount = 1;
+
+    atomic_init(&buf->refcount, 1);
 
     if (flags & AV_BUFFER_FLAG_READONLY)
         buf->flags |= BUFFER_FLAG_READONLY;
@@ -98,7 +99,7 @@ AVBufferRef *av_buffer_ref(AVBufferRef *buf)
 
     *ret = *buf;
 
-    avpriv_atomic_int_add_and_fetch(&buf->buffer->refcount, 1);
+    atomic_fetch_add_explicit(&buf->buffer->refcount, 1, memory_order_relaxed);
 
     return ret;
 }
@@ -115,7 +116,7 @@ static void buffer_replace(AVBufferRef **dst, AVBufferRef **src)
     } else
         av_freep(dst);
 
-    if (!avpriv_atomic_int_add_and_fetch(&b->refcount, -1)) {
+    if (atomic_fetch_add_explicit(&b->refcount, -1, memory_order_acq_rel) == 1) {
         b->free(b->opaque, b->data);
         av_freep(&b);
     }
@@ -134,7 +135,7 @@ int av_buffer_is_writable(const AVBufferRef *buf)
     if (buf->buffer->flags & AV_BUFFER_FLAG_READONLY)
         return 0;
 
-    return avpriv_atomic_int_get(&buf->buffer->refcount) == 1;
+    return atomic_load(&buf->buffer->refcount) == 1;
 }
 
 void *av_buffer_get_opaque(const AVBufferRef *buf)
@@ -144,7 +145,7 @@ void *av_buffer_get_opaque(const AVBufferRef *buf)
 
 int av_buffer_get_ref_count(const AVBufferRef *buf)
 {
-    return buf->buffer->refcount;
+    return atomic_load(&buf->buffer->refcount);
 }
 
 int av_buffer_make_writable(AVBufferRef **pbuf)
@@ -191,7 +192,7 @@ int av_buffer_realloc(AVBufferRef **pbuf, int size)
         return 0;
 
     if (!(buf->buffer->flags & BUFFER_FLAG_REALLOCATABLE) ||
-        !av_buffer_is_writable(buf)) {
+        !av_buffer_is_writable(buf) || buf->data != buf->buffer->data) {
         /* cannot realloc, allocate a new reallocable buffer and copy data */
         AVBufferRef *new = NULL;
 
@@ -229,7 +230,7 @@ AVBufferPool *av_buffer_pool_init2(int size, void *opaque,
     pool->alloc2    = alloc;
     pool->pool_free = pool_free;
 
-    avpriv_atomic_int_set(&pool->refcount, 1);
+    atomic_init(&pool->refcount, 1);
 
     return pool;
 }
@@ -245,7 +246,7 @@ AVBufferPool *av_buffer_pool_init(int size, AVBufferRef* (*alloc)(int size))
     pool->size     = size;
     pool->alloc    = alloc ? alloc : av_buffer_alloc;
 
-    avpriv_atomic_int_set(&pool->refcount, 1);
+    atomic_init(&pool->refcount, 1);
 
     return pool;
 }
@@ -280,48 +281,10 @@ void av_buffer_pool_uninit(AVBufferPool **ppool)
     pool   = *ppool;
     *ppool = NULL;
 
-    if (!avpriv_atomic_int_add_and_fetch(&pool->refcount, -1))
+    if (atomic_fetch_add_explicit(&pool->refcount, -1, memory_order_acq_rel) == 1)
         buffer_pool_free(pool);
 }
 
-#if USE_ATOMICS
-/* remove the whole buffer list from the pool and return it */
-static BufferPoolEntry *get_pool(AVBufferPool *pool)
-{
-    BufferPoolEntry *cur = *(void * volatile *)&pool->pool, *last = NULL;
-
-    while (cur != last) {
-        last = cur;
-        cur = avpriv_atomic_ptr_cas((void * volatile *)&pool->pool, last, NULL);
-        if (!cur)
-            return NULL;
-    }
-
-    return cur;
-}
-
-static void add_to_pool(BufferPoolEntry *buf)
-{
-    AVBufferPool *pool;
-    BufferPoolEntry *cur, *end = buf;
-
-    if (!buf)
-        return;
-    pool = buf->pool;
-
-    while (end->next)
-        end = end->next;
-
-    while (avpriv_atomic_ptr_cas((void * volatile *)&pool->pool, NULL, buf)) {
-        /* pool is not empty, retrieve it and append it to our list */
-        cur = get_pool(pool);
-        end->next = cur;
-        while (end->next)
-            end = end->next;
-    }
-}
-#endif
-
 static void pool_release_buffer(void *opaque, uint8_t *data)
 {
     BufferPoolEntry *buf = opaque;
@@ -330,16 +293,12 @@ static void pool_release_buffer(void *opaque, uint8_t *data)
     if(CONFIG_MEMORY_POISONING)
         memset(buf->data, FF_MEMORY_POISON, pool->size);
 
-#if USE_ATOMICS
-    add_to_pool(buf);
-#else
     ff_mutex_lock(&pool->mutex);
     buf->next = pool->pool;
     pool->pool = buf;
     ff_mutex_unlock(&pool->mutex);
-#endif
 
-    if (!avpriv_atomic_int_add_and_fetch(&pool->refcount, -1))
+    if (atomic_fetch_add_explicit(&pool->refcount, -1, memory_order_acq_rel) == 1)
         buffer_pool_free(pool);
 }
 
@@ -369,11 +328,6 @@ static AVBufferRef *pool_alloc_buffer(AVBufferPool *pool)
     ret->buffer->opaque = buf;
     ret->buffer->free   = pool_release_buffer;
 
-#if USE_ATOMICS
-    avpriv_atomic_int_add_and_fetch(&pool->refcount, 1);
-    avpriv_atomic_int_add_and_fetch(&pool->nb_allocated, 1);
-#endif
-
     return ret;
 }
 
@@ -382,29 +336,6 @@ AVBufferRef *av_buffer_pool_get(AVBufferPool *pool)
     AVBufferRef *ret;
     BufferPoolEntry *buf;
 
-#if USE_ATOMICS
-    /* check whether the pool is empty */
-    buf = get_pool(pool);
-    if (!buf && pool->refcount <= pool->nb_allocated) {
-        av_log(NULL, AV_LOG_DEBUG, "Pool race dectected, spining to avoid overallocation and eventual OOM\n");
-        while (!buf && avpriv_atomic_int_get(&pool->refcount) <= avpriv_atomic_int_get(&pool->nb_allocated))
-            buf = get_pool(pool);
-    }
-
-    if (!buf)
-        return pool_alloc_buffer(pool);
-
-    /* keep the first entry, return the rest of the list to the pool */
-    add_to_pool(buf->next);
-    buf->next = NULL;
-
-    ret = av_buffer_create(buf->data, pool->size, pool_release_buffer,
-                           buf, 0);
-    if (!ret) {
-        add_to_pool(buf);
-        return NULL;
-    }
-#else
     ff_mutex_lock(&pool->mutex);
     buf = pool->pool;
     if (buf) {
@@ -418,10 +349,9 @@ AVBufferRef *av_buffer_pool_get(AVBufferPool *pool)
         ret = pool_alloc_buffer(pool);
     }
     ff_mutex_unlock(&pool->mutex);
-#endif
 
     if (ret)
-        avpriv_atomic_int_add_and_fetch(&pool->refcount, 1);
+        atomic_fetch_add_explicit(&pool->refcount, 1, memory_order_relaxed);
 
     return ret;
 }
diff --git a/media/ffvpx/libavutil/buffer.h b/media/ffvpx/libavutil/buffer.h
index 0c0ce12cf..73b6bd0b1 100644
--- a/media/ffvpx/libavutil/buffer.h
+++ b/media/ffvpx/libavutil/buffer.h
@@ -256,9 +256,10 @@ AVBufferPool *av_buffer_pool_init(int size, AVBufferRef* (*alloc)(int size));
  * @param alloc a function that will be used to allocate new buffers when the
  *              pool is empty.
  * @param pool_free a function that will be called immediately before the pool
- *                  is freed. I.e. after av_buffer_pool_can_uninit() is called
- *                  by the pool and all the frames are returned to the pool and
- *                  freed. It is intended to uninitialize the user opaque data.
+ *                  is freed. I.e. after av_buffer_pool_uninit() is called
+ *                  by the caller and all the frames are returned to the pool
+ *                  and freed. It is intended to uninitialize the user opaque
+ *                  data.
  * @return newly created buffer pool on success, NULL on error.
  */
 AVBufferPool *av_buffer_pool_init2(int size, void *opaque,
diff --git a/media/ffvpx/libavutil/buffer_internal.h b/media/ffvpx/libavutil/buffer_internal.h
index 29ce8a643..54b67047e 100644
--- a/media/ffvpx/libavutil/buffer_internal.h
+++ b/media/ffvpx/libavutil/buffer_internal.h
@@ -19,6 +19,7 @@
 #ifndef AVUTIL_BUFFER_INTERNAL_H
 #define AVUTIL_BUFFER_INTERNAL_H
 
+#include <stdatomic.h>
 #include <stdint.h>
 
 #include "buffer.h"
@@ -40,7 +41,7 @@ struct AVBuffer {
     /**
      *  number of existing AVBufferRef instances referring to this buffer
      */
-    volatile int refcount;
+    atomic_uint refcount;
 
     /**
      * a callback for freeing the data
@@ -85,9 +86,7 @@ struct AVBufferPool {
      * buffers have been released, then it's safe to free the pool and all
      * the buffers in it.
      */
-    volatile int refcount;
-
-    volatile int nb_allocated;
+    atomic_uint refcount;
 
     int size;
     void *opaque;
diff --git a/media/ffvpx/libavutil/channel_layout.c b/media/ffvpx/libavutil/channel_layout.c
index 26c87c96a..3bd5ee29b 100644
--- a/media/ffvpx/libavutil/channel_layout.c
+++ b/media/ffvpx/libavutil/channel_layout.c
@@ -152,6 +152,28 @@ uint64_t av_get_channel_layout(const char *name)
     return layout;
 }
 
+int av_get_extended_channel_layout(const char *name, uint64_t* channel_layout, int* nb_channels)
+{
+    int nb = 0;
+    char *end;
+    uint64_t layout = av_get_channel_layout(name);
+
+    if (layout) {
+        *channel_layout = layout;
+        *nb_channels = av_get_channel_layout_nb_channels(layout);
+        return 0;
+    }
+
+    nb = strtol(name, &end, 10);
+    if (!errno && *end  == 'C' && *(end + 1) == '\0' && nb > 0 && nb < 64) {
+        *channel_layout = 0;
+        *nb_channels = nb;
+        return 0;
+    }
+
+    return AVERROR(EINVAL);
+}
+
 void av_bprint_channel_layout(struct AVBPrint *bp,
                               int nb_channels, uint64_t channel_layout)
 {
diff --git a/media/ffvpx/libavutil/channel_layout.h b/media/ffvpx/libavutil/channel_layout.h
index ec7effead..50bb8f03c 100644
--- a/media/ffvpx/libavutil/channel_layout.h
+++ b/media/ffvpx/libavutil/channel_layout.h
@@ -131,22 +131,31 @@ enum AVMatrixEncoding {
  *   5.0(side), 5.1, 5.1(side), 7.1, 7.1(wide), downmix);
  * - the name of a single channel (FL, FR, FC, LFE, BL, BR, FLC, FRC, BC,
  *   SL, SR, TC, TFL, TFC, TFR, TBL, TBC, TBR, DL, DR);
- * - a number of channels, in decimal, optionally followed by 'c', yielding
+ * - a number of channels, in decimal, followed by 'c', yielding
  *   the default channel layout for that number of channels (@see
  *   av_get_default_channel_layout);
  * - a channel layout mask, in hexadecimal starting with "0x" (see the
  *   AV_CH_* macros).
  *
- * @warning Starting from the next major bump the trailing character
- * 'c' to specify a number of channels will be required, while a
- * channel layout mask could also be specified as a decimal number
- * (if and only if not followed by "c").
- *
  * Example: "stereo+FC" = "2c+FC" = "2c+1c" = "0x7"
  */
 uint64_t av_get_channel_layout(const char *name);
 
 /**
+ * Return a channel layout and the number of channels based on the specified name.
+ *
+ * This function is similar to (@see av_get_channel_layout), but can also parse
+ * unknown channel layout specifications.
+ *
+ * @param[in]  name             channel layout specification string
+ * @param[out] channel_layout   parsed channel layout (0 if unknown)
+ * @param[out] nb_channels      number of channels
+ *
+ * @return 0 on success, AVERROR(EINVAL) if the parsing fails.
+ */
+int av_get_extended_channel_layout(const char *name, uint64_t* channel_layout, int* nb_channels);
+
+/**
  * Return a description of a channel layout.
  * If nb_channels is <= 0, it is guessed from the channel_layout.
  *
diff --git a/media/ffvpx/libavutil/cpu.c b/media/ffvpx/libavutil/cpu.c
index f5785fc13..c8401b825 100644
--- a/media/ffvpx/libavutil/cpu.c
+++ b/media/ffvpx/libavutil/cpu.c
@@ -16,8 +16,11 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
  */
 
+#include <stddef.h>
 #include <stdint.h>
+#include <stdatomic.h>
 
+#include "attributes.h"
 #include "cpu.h"
 #include "cpu_internal.h"
 #include "config.h"
@@ -44,10 +47,24 @@
 #include <unistd.h>
 #endif
 
-static int flags, checked;
+static atomic_int cpu_flags = ATOMIC_VAR_INIT(-1);
+
+static int get_cpu_flags(void)
+{
+    if (ARCH_AARCH64)
+        return ff_get_cpu_flags_aarch64();
+    if (ARCH_ARM)
+        return ff_get_cpu_flags_arm();
+    if (ARCH_PPC)
+        return ff_get_cpu_flags_ppc();
+    if (ARCH_X86)
+        return ff_get_cpu_flags_x86();
+    return 0;
+}
 
 void av_force_cpu_flags(int arg){
-    if (   (arg & ( AV_CPU_FLAG_3DNOW    |
+    if (ARCH_X86 &&
+           (arg & ( AV_CPU_FLAG_3DNOW    |
                     AV_CPU_FLAG_3DNOWEXT |
                     AV_CPU_FLAG_MMXEXT   |
                     AV_CPU_FLAG_SSE      |
@@ -69,33 +86,23 @@ void av_force_cpu_flags(int arg){
         arg |= AV_CPU_FLAG_MMX;
     }
 
-    flags   = arg;
-    checked = arg != -1;
+    atomic_store_explicit(&cpu_flags, arg, memory_order_relaxed);
 }
 
 int av_get_cpu_flags(void)
 {
-    if (checked)
-        return flags;
-
-    if (ARCH_AARCH64)
-        flags = ff_get_cpu_flags_aarch64();
-    if (ARCH_ARM)
-        flags = ff_get_cpu_flags_arm();
-    if (ARCH_PPC)
-        flags = ff_get_cpu_flags_ppc();
-    if (ARCH_X86)
-        flags = ff_get_cpu_flags_x86();
-
-    checked = 1;
+    int flags = atomic_load_explicit(&cpu_flags, memory_order_relaxed);
+    if (flags == -1) {
+        flags = get_cpu_flags();
+        atomic_store_explicit(&cpu_flags, flags, memory_order_relaxed);
+    }
     return flags;
 }
 
 void av_set_cpu_flags_mask(int mask)
 {
-    checked       = 0;
-    flags         = av_get_cpu_flags() & mask;
-    checked       = 1;
+    atomic_store_explicit(&cpu_flags, get_cpu_flags() & mask,
+                          memory_order_relaxed);
 }
 
 int av_parse_cpu_flags(const char *s)
@@ -294,3 +301,17 @@ int av_cpu_count(void)
 
     return nb_cpus;
 }
+
+size_t av_cpu_max_align(void)
+{
+    if (ARCH_AARCH64)
+        return ff_get_cpu_max_align_aarch64();
+    if (ARCH_ARM)
+        return ff_get_cpu_max_align_arm();
+    if (ARCH_PPC)
+        return ff_get_cpu_max_align_ppc();
+    if (ARCH_X86)
+        return ff_get_cpu_max_align_x86();
+
+    return 8;
+}
diff --git a/media/ffvpx/libavutil/cpu.h b/media/ffvpx/libavutil/cpu.h
index 4bff16714..9e5d40aff 100644
--- a/media/ffvpx/libavutil/cpu.h
+++ b/media/ffvpx/libavutil/cpu.h
@@ -21,6 +21,8 @@
 #ifndef AVUTIL_CPU_H
 #define AVUTIL_CPU_H
 
+#include <stddef.h>
+
 #include "attributes.h"
 
 #define AV_CPU_FLAG_FORCE    0x80000000 /* force usage of selected flags (OR) */
@@ -39,6 +41,7 @@
 #define AV_CPU_FLAG_SSE3SLOW 0x20000000 ///< SSE3 supported, but usually not faster
                                         ///< than regular MMX/SSE (e.g. Core1)
 #define AV_CPU_FLAG_SSSE3        0x0080 ///< Conroe SSSE3 functions
+#define AV_CPU_FLAG_SSSE3SLOW 0x4000000 ///< SSSE3 supported, but usually not faster
 #define AV_CPU_FLAG_ATOM     0x10000000 ///< Atom processor, some SSSE3 instructions are slower
 #define AV_CPU_FLAG_SSE4         0x0100 ///< Penryn SSE4.1 functions
 #define AV_CPU_FLAG_SSE42        0x0200 ///< Nehalem SSE4.2 functions
@@ -85,8 +88,6 @@ void av_force_cpu_flags(int flags);
  * Set a mask on flags returned by av_get_cpu_flags().
  * This function is mainly useful for testing.
  * Please use av_force_cpu_flags() and av_get_cpu_flags() instead which are more flexible
- *
- * @warning this function is not thread safe.
  */
 attribute_deprecated void av_set_cpu_flags_mask(int mask);
 
@@ -114,4 +115,15 @@ int av_parse_cpu_caps(unsigned *flags, const char *s);
  */
 int av_cpu_count(void);
 
+/**
+ * Get the maximum data alignment that may be required by FFmpeg.
+ *
+ * Note that this is affected by the build configuration and the CPU flags mask,
+ * so e.g. if the CPU supports AVX, but libavutil has been built with
+ * --disable-avx or the AV_CPU_FLAG_AVX flag has been disabled through
+ *  av_set_cpu_flags_mask(), then this function will behave as if AVX is not
+ *  present.
+ */
+size_t av_cpu_max_align(void);
+
 #endif /* AVUTIL_CPU_H */
diff --git a/media/ffvpx/libavutil/cpu_internal.h b/media/ffvpx/libavutil/cpu_internal.h
index 6c352abe1..b8bf1e539 100644
--- a/media/ffvpx/libavutil/cpu_internal.h
+++ b/media/ffvpx/libavutil/cpu_internal.h
@@ -44,4 +44,9 @@ int ff_get_cpu_flags_arm(void);
 int ff_get_cpu_flags_ppc(void);
 int ff_get_cpu_flags_x86(void);
 
+size_t ff_get_cpu_max_align_aarch64(void);
+size_t ff_get_cpu_max_align_arm(void);
+size_t ff_get_cpu_max_align_ppc(void);
+size_t ff_get_cpu_max_align_x86(void);
+
 #endif /* AVUTIL_CPU_INTERNAL_H */
diff --git a/media/ffvpx/libavutil/display.c b/media/ffvpx/libavutil/display.c
deleted file mode 100644
index a0076e067..000000000
--- a/media/ffvpx/libavutil/display.c
+++ /dev/null
@@ -1,73 +0,0 @@
-/*
- * Copyright (c) 2014 Vittorio Giovara <vittorio.giovara@gmail.com>
- *
- * This file is part of FFmpeg.
- *
- * FFmpeg is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * FFmpeg is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with FFmpeg; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
-
-#include <stdint.h>
-#include <string.h>
-#include <math.h>
-
-#include "display.h"
-#include "mathematics.h"
-
-// fixed point to double
-#define CONV_FP(x) ((double) (x)) / (1 << 16)
-
-// double to fixed point
-#define CONV_DB(x) (int32_t) ((x) * (1 << 16))
-
-double av_display_rotation_get(const int32_t matrix[9])
-{
-    double rotation, scale[2];
-
-    scale[0] = hypot(CONV_FP(matrix[0]), CONV_FP(matrix[3]));
-    scale[1] = hypot(CONV_FP(matrix[1]), CONV_FP(matrix[4]));
-
-    if (scale[0] == 0.0 || scale[1] == 0.0)
-        return NAN;
-
-    rotation = atan2(CONV_FP(matrix[1]) / scale[1],
-                     CONV_FP(matrix[0]) / scale[0]) * 180 / M_PI;
-
-    return -rotation;
-}
-
-void av_display_rotation_set(int32_t matrix[9], double angle)
-{
-    double radians = -angle * M_PI / 180.0f;
-    double c = cos(radians);
-    double s = sin(radians);
-
-    memset(matrix, 0, 9 * sizeof(int32_t));
-
-    matrix[0] = CONV_DB(c);
-    matrix[1] = CONV_DB(-s);
-    matrix[3] = CONV_DB(s);
-    matrix[4] = CONV_DB(c);
-    matrix[8] = 1 << 30;
-}
-
-void av_display_matrix_flip(int32_t matrix[9], int hflip, int vflip)
-{
-    int i;
-    const int flip[] = { 1 - 2 * (!!hflip), 1 - 2 * (!!vflip), 1 };
-
-    if (hflip || vflip)
-        for (i = 0; i < 9; i++)
-            matrix[i] *= flip[i % 3];
-}
diff --git a/media/ffvpx/libavutil/display.h b/media/ffvpx/libavutil/display.h
deleted file mode 100644
index 39c15ee6b..000000000
--- a/media/ffvpx/libavutil/display.h
+++ /dev/null
@@ -1,87 +0,0 @@
-/*
- * Copyright (c) 2014 Vittorio Giovara <vittorio.giovara@gmail.com>
- *
- * This file is part of FFmpeg.
- *
- * FFmpeg is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * FFmpeg is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with FFmpeg; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
-
-#ifndef AVUTIL_DISPLAY_H
-#define AVUTIL_DISPLAY_H
-
-#include <stdint.h>
-#include "common.h"
-
-/**
- * The display transformation matrix specifies an affine transformation that
- * should be applied to video frames for correct presentation. It is compatible
- * with the matrices stored in the ISO/IEC 14496-12 container format.
- *
- * The data is a 3x3 matrix represented as a 9-element array:
- *
- *                                  | a b u |
- *   (a, b, u, c, d, v, x, y, w) -> | c d v |
- *                                  | x y w |
- *
- * All numbers are stored in native endianness, as 16.16 fixed-point values,
- * except for u, v and w, which are stored as 2.30 fixed-point values.
- *
- * The transformation maps a point (p, q) in the source (pre-transformation)
- * frame to the point (p', q') in the destination (post-transformation) frame as
- * follows:
- *               | a b u |
- *   (p, q, 1) . | c d v | = z * (p', q', 1)
- *               | x y w |
- *
- * The transformation can also be more explicitly written in components as
- * follows:
- *   p' = (a * p + c * q + x) / z;
- *   q' = (b * p + d * q + y) / z;
- *   z  =  u * p + v * q + w
- */
-
-/**
- * Extract the rotation component of the transformation matrix.
- *
- * @param matrix the transformation matrix
- * @return the angle (in degrees) by which the transformation rotates the frame
- *         counterclockwise. The angle will be in range [-180.0, 180.0],
- *         or NaN if the matrix is singular.
- *
- * @note floating point numbers are inherently inexact, so callers are
- *       recommended to round the return value to nearest integer before use.
- */
-double av_display_rotation_get(const int32_t matrix[9]);
-
-/**
- * Initialize a transformation matrix describing a pure counterclockwise
- * rotation by the specified angle (in degrees).
- *
- * @param matrix an allocated transformation matrix (will be fully overwritten
- *               by this function)
- * @param angle rotation angle in degrees.
- */
-void av_display_rotation_set(int32_t matrix[9], double angle);
-
-/**
- * Flip the input matrix horizontally and/or vertically.
- *
- * @param matrix an allocated transformation matrix
- * @param hflip whether the matrix should be flipped horizontally
- * @param vflip whether the matrix should be flipped vertically
- */
-void av_display_matrix_flip(int32_t matrix[9], int hflip, int vflip);
-
-#endif /* AVUTIL_DISPLAY_H */
diff --git a/media/ffvpx/libavutil/dummy_funcs.c b/media/ffvpx/libavutil/dummy_funcs.c
index 2ea84a140..3a2381074 100644
--- a/media/ffvpx/libavutil/dummy_funcs.c
+++ b/media/ffvpx/libavutil/dummy_funcs.c
@@ -5,7 +5,6 @@
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "avutil.h"
-#include "opt.h"
 
 // cpu_internal.c
 int ff_get_cpu_flags_aarch64(void) { return 0; }
@@ -19,65 +18,9 @@ void ff_float_dsp_init_arm(AVFloatDSPContext *fdsp) {}
 void ff_float_dsp_init_ppc(AVFloatDSPContext *fdsp, int strict) {}
 void ff_float_dsp_init_mips(AVFloatDSPContext *fdsp) {}
 
-// opt.c
-int av_opt_show2(void *obj, void *av_log_obj, int req_flags, int rej_flags) { return 0; }
-void av_opt_set_defaults(void *s) {}
-void av_opt_set_defaults2(void *s, int mask, int flags) {}
-int av_set_options_string(void *ctx, const char *opts,
-                          const char *key_val_sep, const char *pairs_sep) { return 0; }
-int av_opt_set_from_string(void *ctx, const char *opts,
-                           const char *const *shorthand,
-                           const char *key_val_sep, const char *pairs_sep) { return 0; }
-void av_opt_free(void *obj) {}
-int av_opt_flag_is_set(void *obj, const char *field_name, const char *flag_name) { return 0; }
-int av_opt_set_dict(void *obj, struct AVDictionary **options) { return 0; }
-int av_opt_set_dict2(void *obj, struct AVDictionary **options, int search_flags) { return 0; }
-int av_opt_get_key_value(const char **ropts,
-                         const char *key_val_sep, const char *pairs_sep,
-                         unsigned flags,
-                         char **rkey, char **rval) { return 0; }
-int av_opt_eval_flags (void *obj, const AVOption *o, const char *val, int       *flags_out) { return 0; }
-int av_opt_eval_int   (void *obj, const AVOption *o, const char *val, int       *int_out) { return 0; }
-int av_opt_eval_int64 (void *obj, const AVOption *o, const char *val, int64_t   *int64_out) { return 0; }
-int av_opt_eval_float (void *obj, const AVOption *o, const char *val, float     *float_out) { return 0; }
-int av_opt_eval_double(void *obj, const AVOption *o, const char *val, double    *double_out) { return 0; }
-int av_opt_eval_q     (void *obj, const AVOption *o, const char *val, AVRational *q_out) { return 0; }
-const AVOption *av_opt_find(void *obj, const char *name, const char *unit,
-                            int opt_flags, int search_flags) { return 0; }
-const AVOption *av_opt_find2(void *obj, const char *name, const char *unit,
-                             int opt_flags, int search_flags, void **target_obj) { return 0; }
-const AVOption *av_opt_next(const void *obj, const AVOption *prev) { return 0; }
-void *av_opt_child_next(void *obj, void *prev) { return 0; }
-const AVClass *av_opt_child_class_next(const AVClass *parent, const AVClass *prev) { return 0; }
-int av_opt_set         (void *obj, const char *name, const char *val, int search_flags) { return 0; }
-int av_opt_set_int     (void *obj, const char *name, int64_t     val, int search_flags) { return 0; }
-int av_opt_set_double  (void *obj, const char *name, double      val, int search_flags) { return 0; }
-int av_opt_set_q       (void *obj, const char *name, AVRational  val, int search_flags) { return 0; }
-int av_opt_set_bin     (void *obj, const char *name, const uint8_t *val, int size, int search_flags) { return 0; }
-int av_opt_set_image_size(void *obj, const char *name, int w, int h, int search_flags) { return 0; }
-int av_opt_set_pixel_fmt (void *obj, const char *name, enum AVPixelFormat fmt, int search_flags) { return 0; }
-int av_opt_set_sample_fmt(void *obj, const char *name, enum AVSampleFormat fmt, int search_flags) { return 0; }
-int av_opt_set_video_rate(void *obj, const char *name, AVRational val, int search_flags) { return 0; }
-int av_opt_set_channel_layout(void *obj, const char *name, int64_t ch_layout, int search_flags) { return 0; }
-int av_opt_set_dict_val(void *obj, const char *name, const AVDictionary *val, int search_flags) { return 0; }
-int av_opt_get         (void *obj, const char *name, int search_flags, uint8_t **out_val) { return 0; }
-int av_opt_get_int     (void *obj, const char *name, int search_flags, int64_t *out_val) { return 0; }
-int av_opt_get_double  (void *obj, const char *name, int search_flags, double *out_val) { return 0; }
-int av_opt_get_q       (void *obj, const char *name, int search_flags, AVRational *out_val) { return 0; }
-int av_opt_get_image_size(void *obj, const char *name, int search_flags, int *w_out, int *h_out) { return 0; }
-int av_opt_get_pixel_fmt (void *obj, const char *name, int search_flags, enum AVPixelFormat *out_fmt) { return 0; }
-int av_opt_get_sample_fmt(void *obj, const char *name, int search_flags, enum AVSampleFormat *out_fmt) { return 0; }
-int av_opt_get_video_rate(void *obj, const char *name, int search_flags, AVRational *out_val) { return 0; }
-int av_opt_get_channel_layout(void *obj, const char *name, int search_flags, int64_t *ch_layout) { return 0; }
-int av_opt_get_dict_val(void *obj, const char *name, int search_flags, AVDictionary **out_val) { return 0; }
-void *av_opt_ptr(const AVClass *avclass, void *obj, const char *name) { return 0; }
-void av_opt_freep_ranges(AVOptionRanges **ranges) {}
-int av_opt_query_ranges(AVOptionRanges **b, void *obj, const char *key, int flags) { return 0; }
-int av_opt_copy(void *dest, const void *src) { return 0; }
-int av_opt_query_ranges_default(AVOptionRanges **b, void *obj, const char *key, int flags) { return 0; }
-int av_opt_is_set_to_default(void *obj, const AVOption *o) { return 0; }
-int av_opt_is_set_to_default_by_name(void *obj, const char *name, int search_flags) { return 0; }
-int av_opt_serialize(void *obj, int opt_flags, int flags, char **buffer,
-                     const char key_val_sep, const char pairs_sep) { return 0; }
-
 int av_hwframe_get_buffer(struct AVBufferRef* hwframe_ref, struct AVFrame* frame, int flags) { return 0; }
+
+// cpu.c
+size_t ff_get_cpu_max_align_aarch64() { return 0; }
+size_t ff_get_cpu_max_align_arm() { return 0; }
+size_t ff_get_cpu_max_align_ppc() { return 0; }
diff --git a/media/ffvpx/libavutil/eval.c b/media/ffvpx/libavutil/eval.c
index fc12885c2..e5948793b 100644
--- a/media/ffvpx/libavutil/eval.c
+++ b/media/ffvpx/libavutil/eval.c
@@ -38,6 +38,7 @@
 #include "fftime.h"
 #include "avstring.h"
 #include "timer.h"
+#include "reverse.h"
 
 typedef struct Parser {
     const AVClass *class;
@@ -152,9 +153,9 @@ struct AVExpr {
         e_squish, e_gauss, e_ld, e_isnan, e_isinf,
         e_mod, e_max, e_min, e_eq, e_gt, e_gte, e_lte, e_lt,
         e_pow, e_mul, e_div, e_add,
-        e_last, e_st, e_while, e_taylor, e_root, e_floor, e_ceil, e_trunc,
+        e_last, e_st, e_while, e_taylor, e_root, e_floor, e_ceil, e_trunc, e_round,
         e_sqrt, e_not, e_random, e_hypot, e_gcd,
-        e_if, e_ifnot, e_print, e_bitand, e_bitor, e_between, e_clip
+        e_if, e_ifnot, e_print, e_bitand, e_bitor, e_between, e_clip, e_atan2, e_lerp,
     } type;
     double value; // is sign in other types
     union {
@@ -188,6 +189,7 @@ static double eval_expr(Parser *p, AVExpr *e)
         case e_floor:  return e->value * floor(eval_expr(p, e->param[0]));
         case e_ceil :  return e->value * ceil (eval_expr(p, e->param[0]));
         case e_trunc:  return e->value * trunc(eval_expr(p, e->param[0]));
+        case e_round:  return e->value * round(eval_expr(p, e->param[0]));
         case e_sqrt:   return e->value * sqrt (eval_expr(p, e->param[0]));
         case e_not:    return e->value * (eval_expr(p, e->param[0]) == 0);
         case e_if:     return e->value * (eval_expr(p, e->param[0]) ? eval_expr(p, e->param[1]) :
@@ -206,6 +208,12 @@ static double eval_expr(Parser *p, AVExpr *e)
             return e->value * (d >= eval_expr(p, e->param[1]) &&
                                d <= eval_expr(p, e->param[2]));
         }
+        case e_lerp: {
+            double v0 = eval_expr(p, e->param[0]);
+            double v1 = eval_expr(p, e->param[1]);
+            double f  = eval_expr(p, e->param[2]);
+            return v0 + (v1 - v0) * f;
+        }
         case e_print: {
             double x = eval_expr(p, e->param[0]);
             int level = e->param[1] ? av_clip(eval_expr(p, e->param[1]), INT_MIN, INT_MAX) : AV_LOG_INFO;
@@ -305,6 +313,7 @@ static double eval_expr(Parser *p, AVExpr *e)
                 case e_last:return e->value * d2;
                 case e_st : return e->value * (p->var[av_clip(d, 0, VARS-1)]= d2);
                 case e_hypot:return e->value * hypot(d, d2);
+                case e_atan2:return e->value * atan2(d, d2);
                 case e_bitand: return isnan(d) || isnan(d2) ? NAN : e->value * ((long int)d & (long int)d2);
                 case e_bitor:  return isnan(d) || isnan(d2) ? NAN : e->value * ((long int)d | (long int)d2);
             }
@@ -438,6 +447,7 @@ static int parse_primary(AVExpr **e, Parser *p)
     else if (strmatch(next, "floor" )) d->type = e_floor;
     else if (strmatch(next, "ceil"  )) d->type = e_ceil;
     else if (strmatch(next, "trunc" )) d->type = e_trunc;
+    else if (strmatch(next, "round" )) d->type = e_round;
     else if (strmatch(next, "sqrt"  )) d->type = e_sqrt;
     else if (strmatch(next, "not"   )) d->type = e_not;
     else if (strmatch(next, "pow"   )) d->type = e_pow;
@@ -451,6 +461,8 @@ static int parse_primary(AVExpr **e, Parser *p)
     else if (strmatch(next, "bitor" )) d->type = e_bitor;
     else if (strmatch(next, "between"))d->type = e_between;
     else if (strmatch(next, "clip"  )) d->type = e_clip;
+    else if (strmatch(next, "atan2" )) d->type = e_atan2;
+    else if (strmatch(next, "lerp"  )) d->type = e_lerp;
     else {
         for (i=0; p->func1_names && p->func1_names[i]; i++) {
             if (strmatch(next, p->func1_names[i])) {
@@ -634,6 +646,7 @@ static int verify_expr(AVExpr *e)
         case e_floor:
         case e_ceil:
         case e_trunc:
+        case e_round:
         case e_sqrt:
         case e_not:
         case e_random:
@@ -648,6 +661,7 @@ static int verify_expr(AVExpr *e)
                    && (!e->param[2] || verify_expr(e->param[2]));
         case e_between:
         case e_clip:
+        case e_lerp:
             return verify_expr(e->param[0]) &&
                    verify_expr(e->param[1]) &&
                    verify_expr(e->param[2]);
diff --git a/media/ffvpx/libavutil/ffversion.h b/media/ffvpx/libavutil/ffversion.h
index cbeaf627b..3da2a6bf1 100644
--- a/media/ffvpx/libavutil/ffversion.h
+++ b/media/ffvpx/libavutil/ffversion.h
@@ -1,5 +1,5 @@
 /* Automatically generated by version.sh, do not manually edit! */
 #ifndef AVUTIL_FFVERSION_H
 #define AVUTIL_FFVERSION_H
-#define FFMPEG_VERSION "n3.1.1-6-g86f9228"
+#define FFMPEG_VERSION "n3.4.2"
 #endif /* AVUTIL_FFVERSION_H */
diff --git a/media/ffvpx/libavutil/float_dsp.c b/media/ffvpx/libavutil/float_dsp.c
index c85daffc6..1d4911d81 100644
--- a/media/ffvpx/libavutil/float_dsp.c
+++ b/media/ffvpx/libavutil/float_dsp.c
@@ -40,6 +40,14 @@ static void vector_fmac_scalar_c(float *dst, const float *src, float mul,
         dst[i] += src[i] * mul;
 }
 
+static void vector_dmac_scalar_c(double *dst, const double *src, double mul,
+                                 int len)
+{
+    int i;
+    for (i = 0; i < len; i++)
+        dst[i] += src[i] * mul;
+}
+
 static void vector_fmul_scalar_c(float *dst, const float *src, float mul,
                                  int len)
 {
@@ -125,6 +133,7 @@ av_cold AVFloatDSPContext *avpriv_float_dsp_alloc(int bit_exact)
     fdsp->vector_fmul = vector_fmul_c;
     fdsp->vector_fmac_scalar = vector_fmac_scalar_c;
     fdsp->vector_fmul_scalar = vector_fmul_scalar_c;
+    fdsp->vector_dmac_scalar = vector_dmac_scalar_c;
     fdsp->vector_dmul_scalar = vector_dmul_scalar_c;
     fdsp->vector_fmul_window = vector_fmul_window_c;
     fdsp->vector_fmul_add = vector_fmul_add_c;
diff --git a/media/ffvpx/libavutil/float_dsp.h b/media/ffvpx/libavutil/float_dsp.h
index d1be38f94..2c24d9347 100644
--- a/media/ffvpx/libavutil/float_dsp.h
+++ b/media/ffvpx/libavutil/float_dsp.h
@@ -55,6 +55,22 @@ typedef struct AVFloatDSPContext {
                                int len);
 
     /**
+     * Multiply a vector of doubles by a scalar double and add to
+     * destination vector.  Source and destination vectors must
+     * overlap exactly or not at all.
+     *
+     * @param dst result vector
+     *            constraints: 32-byte aligned
+     * @param src input vector
+     *            constraints: 32-byte aligned
+     * @param mul scalar value
+     * @param len length of vector
+     *            constraints: multiple of 16
+     */
+    void (*vector_dmac_scalar)(double *dst, const double *src, double mul,
+                               int len);
+
+    /**
      * Multiply a vector of floats by a scalar float.  Source and
      * destination vectors must overlap exactly or not at all.
      *
diff --git a/media/ffvpx/libavutil/frame.c b/media/ffvpx/libavutil/frame.c
index 53e617422..d5fd2932e 100644
--- a/media/ffvpx/libavutil/frame.c
+++ b/media/ffvpx/libavutil/frame.c
@@ -26,6 +26,11 @@
 #include "mem.h"
 #include "samplefmt.h"
 
+
+static AVFrameSideData *frame_new_side_data(AVFrame *frame,
+                                            enum AVFrameSideDataType type,
+                                            AVBufferRef *buf);
+
 MAKE_ACCESSORS(AVFrame, frame, int64_t, best_effort_timestamp)
 MAKE_ACCESSORS(AVFrame, frame, int64_t, pkt_duration)
 MAKE_ACCESSORS(AVFrame, frame, int64_t, pkt_pos)
@@ -176,6 +181,9 @@ static int get_video_buffer(AVFrame *frame, int align)
         return ret;
 
     if (!frame->linesize[0]) {
+        if (align <= 0)
+            align = 32; /* STRIDE_ALIGN. Should be av_cpu_max_align() */
+
         for(i=1; i<=align; i+=i) {
             ret = av_image_fill_linesizes(frame->linesize, frame->format,
                                           FFALIGN(frame->width, i));
@@ -292,6 +300,10 @@ static int frame_copy_props(AVFrame *dst, const AVFrame *src, int force_copy)
     dst->key_frame              = src->key_frame;
     dst->pict_type              = src->pict_type;
     dst->sample_aspect_ratio    = src->sample_aspect_ratio;
+    dst->crop_top               = src->crop_top;
+    dst->crop_bottom            = src->crop_bottom;
+    dst->crop_left              = src->crop_left;
+    dst->crop_right             = src->crop_right;
     dst->pts                    = src->pts;
     dst->repeat_pict            = src->repeat_pict;
     dst->interlaced_frame       = src->interlaced_frame;
@@ -344,18 +356,11 @@ FF_ENABLE_DEPRECATION_WARNINGS
             }
             memcpy(sd_dst->data, sd_src->data, sd_src->size);
         } else {
-            sd_dst = av_frame_new_side_data(dst, sd_src->type, 0);
+            sd_dst = frame_new_side_data(dst, sd_src->type, av_buffer_ref(sd_src->buf));
             if (!sd_dst) {
                 wipe_side_data(dst);
                 return AVERROR(ENOMEM);
             }
-            sd_dst->buf = av_buffer_ref(sd_src->buf);
-            if (!sd_dst->buf) {
-                wipe_side_data(dst);
-                return AVERROR(ENOMEM);
-            }
-            sd_dst->data = sd_dst->buf->data;
-            sd_dst->size = sd_dst->buf->size;
         }
         av_dict_copy(&sd_dst->metadata, sd_src->metadata, 0);
     }
@@ -377,6 +382,13 @@ FF_DISABLE_DEPRECATION_WARNINGS
 FF_ENABLE_DEPRECATION_WARNINGS
 #endif
 
+    av_buffer_unref(&dst->opaque_ref);
+    if (src->opaque_ref) {
+        dst->opaque_ref = av_buffer_ref(src->opaque_ref);
+        if (!dst->opaque_ref)
+            return AVERROR(ENOMEM);
+    }
+
     return 0;
 }
 
@@ -511,6 +523,8 @@ void av_frame_unref(AVFrame *frame)
 
     av_buffer_unref(&frame->hw_frames_ctx);
 
+    av_buffer_unref(&frame->opaque_ref);
+
     get_frame_defaults(frame);
 }
 
@@ -622,40 +636,47 @@ AVBufferRef *av_frame_get_plane_buffer(AVFrame *frame, int plane)
     return NULL;
 }
 
-AVFrameSideData *av_frame_new_side_data(AVFrame *frame,
-                                        enum AVFrameSideDataType type,
-                                        int size)
+static AVFrameSideData *frame_new_side_data(AVFrame *frame,
+                                            enum AVFrameSideDataType type,
+                                            AVBufferRef *buf)
 {
     AVFrameSideData *ret, **tmp;
 
-    if (frame->nb_side_data > INT_MAX / sizeof(*frame->side_data) - 1)
+    if (!buf)
         return NULL;
 
+    if (frame->nb_side_data > INT_MAX / sizeof(*frame->side_data) - 1)
+        goto fail;
+
     tmp = av_realloc(frame->side_data,
                      (frame->nb_side_data + 1) * sizeof(*frame->side_data));
     if (!tmp)
-        return NULL;
+        goto fail;
     frame->side_data = tmp;
 
     ret = av_mallocz(sizeof(*ret));
     if (!ret)
-        return NULL;
+        goto fail;
 
-    if (size > 0) {
-        ret->buf = av_buffer_alloc(size);
-        if (!ret->buf) {
-            av_freep(&ret);
-            return NULL;
-        }
-
-        ret->data = ret->buf->data;
-        ret->size = size;
-    }
+    ret->buf = buf;
+    ret->data = ret->buf->data;
+    ret->size = buf->size;
     ret->type = type;
 
     frame->side_data[frame->nb_side_data++] = ret;
 
     return ret;
+fail:
+    av_buffer_unref(&buf);
+    return NULL;
+}
+
+AVFrameSideData *av_frame_new_side_data(AVFrame *frame,
+                                        enum AVFrameSideDataType type,
+                                        int size)
+{
+
+    return frame_new_side_data(frame, type, av_buffer_alloc(size));
 }
 
 AVFrameSideData *av_frame_get_side_data(const AVFrame *frame,
@@ -723,7 +744,7 @@ int av_frame_copy(AVFrame *dst, const AVFrame *src)
 
     if (dst->width > 0 && dst->height > 0)
         return frame_copy_video(dst, src);
-    else if (dst->nb_samples > 0 && dst->channel_layout)
+    else if (dst->nb_samples > 0 && dst->channels > 0)
         return frame_copy_audio(dst, src);
 
     return AVERROR(EINVAL);
@@ -758,7 +779,109 @@ const char *av_frame_side_data_name(enum AVFrameSideDataType type)
     case AV_FRAME_DATA_SKIP_SAMPLES:    return "Skip samples";
     case AV_FRAME_DATA_AUDIO_SERVICE_TYPE:          return "Audio service type";
     case AV_FRAME_DATA_MASTERING_DISPLAY_METADATA:  return "Mastering display metadata";
+    case AV_FRAME_DATA_CONTENT_LIGHT_LEVEL:         return "Content light level metadata";
     case AV_FRAME_DATA_GOP_TIMECODE:                return "GOP timecode";
+    case AV_FRAME_DATA_ICC_PROFILE:                 return "ICC profile";
     }
     return NULL;
 }
+
+static int calc_cropping_offsets(size_t offsets[4], const AVFrame *frame,
+                                 const AVPixFmtDescriptor *desc)
+{
+    int i, j;
+
+    for (i = 0; frame->data[i]; i++) {
+        const AVComponentDescriptor *comp = NULL;
+        int shift_x = (i == 1 || i == 2) ? desc->log2_chroma_w : 0;
+        int shift_y = (i == 1 || i == 2) ? desc->log2_chroma_h : 0;
+
+        if (desc->flags & (AV_PIX_FMT_FLAG_PAL | AV_PIX_FMT_FLAG_PSEUDOPAL) && i == 1) {
+            offsets[i] = 0;
+            break;
+        }
+
+        /* find any component descriptor for this plane */
+        for (j = 0; j < desc->nb_components; j++) {
+            if (desc->comp[j].plane == i) {
+                comp = &desc->comp[j];
+                break;
+            }
+        }
+        if (!comp)
+            return AVERROR_BUG;
+
+        offsets[i] = (frame->crop_top  >> shift_y) * frame->linesize[i] +
+                     (frame->crop_left >> shift_x) * comp->step;
+    }
+
+    return 0;
+}
+
+int av_frame_apply_cropping(AVFrame *frame, int flags)
+{
+    const AVPixFmtDescriptor *desc;
+    size_t offsets[4];
+    int i;
+
+    if (!(frame->width > 0 && frame->height > 0))
+        return AVERROR(EINVAL);
+
+    if (frame->crop_left >= INT_MAX - frame->crop_right        ||
+        frame->crop_top  >= INT_MAX - frame->crop_bottom       ||
+        (frame->crop_left + frame->crop_right) >= frame->width ||
+        (frame->crop_top + frame->crop_bottom) >= frame->height)
+        return AVERROR(ERANGE);
+
+    desc = av_pix_fmt_desc_get(frame->format);
+    if (!desc)
+        return AVERROR_BUG;
+
+    /* Apply just the right/bottom cropping for hwaccel formats. Bitstream
+     * formats cannot be easily handled here either (and corresponding decoders
+     * should not export any cropping anyway), so do the same for those as well.
+     * */
+    if (desc->flags & (AV_PIX_FMT_FLAG_BITSTREAM | AV_PIX_FMT_FLAG_HWACCEL)) {
+        frame->width      -= frame->crop_right;
+        frame->height     -= frame->crop_bottom;
+        frame->crop_right  = 0;
+        frame->crop_bottom = 0;
+        return 0;
+    }
+
+    /* calculate the offsets for each plane */
+    calc_cropping_offsets(offsets, frame, desc);
+
+    /* adjust the offsets to avoid breaking alignment */
+    if (!(flags & AV_FRAME_CROP_UNALIGNED)) {
+        int log2_crop_align = frame->crop_left ? ff_ctz(frame->crop_left) : INT_MAX;
+        int min_log2_align = INT_MAX;
+
+        for (i = 0; frame->data[i]; i++) {
+            int log2_align = offsets[i] ? ff_ctz(offsets[i]) : INT_MAX;
+            min_log2_align = FFMIN(log2_align, min_log2_align);
+        }
+
+        /* we assume, and it should always be true, that the data alignment is
+         * related to the cropping alignment by a constant power-of-2 factor */
+        if (log2_crop_align < min_log2_align)
+            return AVERROR_BUG;
+
+        if (min_log2_align < 5) {
+            frame->crop_left &= ~((1 << (5 + log2_crop_align - min_log2_align)) - 1);
+            calc_cropping_offsets(offsets, frame, desc);
+        }
+    }
+
+    for (i = 0; frame->data[i]; i++)
+        frame->data[i] += offsets[i];
+
+    frame->width      -= (frame->crop_left + frame->crop_right);
+    frame->height     -= (frame->crop_top  + frame->crop_bottom);
+    frame->crop_left   = 0;
+    frame->crop_right  = 0;
+    frame->crop_top    = 0;
+    frame->crop_bottom = 0;
+
+    return 0;
+}
diff --git a/media/ffvpx/libavutil/frame.h b/media/ffvpx/libavutil/frame.h
index 8e51361e2..abe4f4fd1 100644
--- a/media/ffvpx/libavutil/frame.h
+++ b/media/ffvpx/libavutil/frame.h
@@ -25,6 +25,7 @@
 #ifndef AVUTIL_FRAME_H
 #define AVUTIL_FRAME_H
 
+#include <stddef.h>
 #include <stdint.h>
 
 #include "avutil.h"
@@ -120,7 +121,26 @@ enum AVFrameSideDataType {
      * The GOP timecode in 25 bit timecode format. Data format is 64-bit integer.
      * This is set on the first frame of a GOP that has a temporal reference of 0.
      */
-    AV_FRAME_DATA_GOP_TIMECODE
+    AV_FRAME_DATA_GOP_TIMECODE,
+
+    /**
+     * The data represents the AVSphericalMapping structure defined in
+     * libavutil/spherical.h.
+     */
+    AV_FRAME_DATA_SPHERICAL,
+
+    /**
+     * Content light level (based on CTA-861.3). This payload contains data in
+     * the form of the AVContentLightMetadata struct.
+     */
+    AV_FRAME_DATA_CONTENT_LIGHT_LEVEL,
+
+    /**
+     * The data contains an ICC profile as an opaque octet buffer following the
+     * format described by ISO 15076-1 with an optional name defined in the
+     * metadata key entry "name".
+     */
+    AV_FRAME_DATA_ICC_PROFILE,
 };
 
 enum AVActiveFormatDescription {
@@ -173,9 +193,6 @@ typedef struct AVFrameSideData {
  *
  * sizeof(AVFrame) is not a part of the public ABI, so new fields may be added
  * to the end with a minor bump.
- * Similarly fields that are marked as to be only accessed by
- * av_opt_ptr() can be reordered. This allows 2 forks to add fields
- * without breaking compatibility with each other.
  *
  * Fields can be accessed through AVOptions, the name string used, matches the
  * C structure field name for fields accessible through AVOptions. The AVClass
@@ -231,9 +248,18 @@ typedef struct AVFrame {
     uint8_t **extended_data;
 
     /**
-     * width and height of the video frame
+     * @name Video dimensions
+     * Video frames only. The coded dimensions (in pixels) of the video frame,
+     * i.e. the size of the rectangle that contains some well-defined values.
+     *
+     * @note The part of the frame intended for display/presentation is further
+     * restricted by the @ref cropping "Cropping rectangle".
+     * @{
      */
     int width, height;
+    /**
+     * @}
+     */
 
     /**
      * number of audio samples (per channel) described by this frame
@@ -414,8 +440,6 @@ typedef struct AVFrame {
 
     /**
      * MPEG vs JPEG YUV range.
-     * It must be accessed using av_frame_get_color_range() and
-     * av_frame_set_color_range().
      * - encoding: Set by user
      * - decoding: Set by libavcodec
      */
@@ -427,8 +451,6 @@ typedef struct AVFrame {
 
     /**
      * YUV colorspace type.
-     * It must be accessed using av_frame_get_colorspace() and
-     * av_frame_set_colorspace().
      * - encoding: Set by user
      * - decoding: Set by libavcodec
      */
@@ -438,8 +460,6 @@ typedef struct AVFrame {
 
     /**
      * frame timestamp estimated using various heuristics, in stream time base
-     * Code outside libavutil should access this field using:
-     * av_frame_get_best_effort_timestamp(frame)
      * - encoding: unused
      * - decoding: set by libavcodec, read by user.
      */
@@ -447,8 +467,6 @@ typedef struct AVFrame {
 
     /**
      * reordered pos from the last AVPacket that has been input into the decoder
-     * Code outside libavutil should access this field using:
-     * av_frame_get_pkt_pos(frame)
      * - encoding: unused
      * - decoding: Read by user.
      */
@@ -457,8 +475,6 @@ typedef struct AVFrame {
     /**
      * duration of the corresponding packet, expressed in
      * AVStream->time_base units, 0 if unknown.
-     * Code outside libavutil should access this field using:
-     * av_frame_get_pkt_duration(frame)
      * - encoding: unused
      * - decoding: Read by user.
      */
@@ -466,8 +482,6 @@ typedef struct AVFrame {
 
     /**
      * metadata.
-     * Code outside libavutil should access this field using:
-     * av_frame_get_metadata(frame)
      * - encoding: Set by user.
      * - decoding: Set by libavcodec.
      */
@@ -477,8 +491,6 @@ typedef struct AVFrame {
      * decode error flags of the frame, set to a combination of
      * FF_DECODE_ERROR_xxx flags if the decoder produced a frame, but there
      * were errors during the decoding.
-     * Code outside libavutil should access this field using:
-     * av_frame_get_decode_error_flags(frame)
      * - encoding: unused
      * - decoding: set by libavcodec, read by user.
      */
@@ -488,8 +500,6 @@ typedef struct AVFrame {
 
     /**
      * number of audio channels, only used for audio.
-     * Code outside libavutil should access this field using:
-     * av_frame_get_channels(frame)
      * - encoding: unused
      * - decoding: Read by user.
      */
@@ -497,8 +507,7 @@ typedef struct AVFrame {
 
     /**
      * size of the corresponding packet containing the compressed
-     * frame. It must be accessed using av_frame_get_pkt_size() and
-     * av_frame_set_pkt_size().
+     * frame.
      * It is set to a negative value if unknown.
      * - encoding: unused
      * - decoding: set by libavcodec, read by user.
@@ -508,13 +517,11 @@ typedef struct AVFrame {
 #if FF_API_FRAME_QP
     /**
      * QP table
-     * Not to be accessed directly from outside libavutil
      */
     attribute_deprecated
     int8_t *qscale_table;
     /**
      * QP store stride
-     * Not to be accessed directly from outside libavutil
      */
     attribute_deprecated
     int qstride;
@@ -522,9 +529,6 @@ typedef struct AVFrame {
     attribute_deprecated
     int qscale_type;
 
-    /**
-     * Not to be accessed directly from outside libavutil
-     */
     AVBufferRef *qp_table_buf;
 #endif
     /**
@@ -532,12 +536,38 @@ typedef struct AVFrame {
      * AVHWFramesContext describing the frame.
      */
     AVBufferRef *hw_frames_ctx;
+
+    /**
+     * AVBufferRef for free use by the API user. FFmpeg will never check the
+     * contents of the buffer ref. FFmpeg calls av_buffer_unref() on it when
+     * the frame is unreferenced. av_frame_copy_props() calls create a new
+     * reference with av_buffer_ref() for the target frame's opaque_ref field.
+     *
+     * This is unrelated to the opaque field, although it serves a similar
+     * purpose.
+     */
+    AVBufferRef *opaque_ref;
+
+    /**
+     * @anchor cropping
+     * @name Cropping
+     * Video frames only. The number of pixels to discard from the the
+     * top/bottom/left/right border of the frame to obtain the sub-rectangle of
+     * the frame intended for presentation.
+     * @{
+     */
+    size_t crop_top;
+    size_t crop_bottom;
+    size_t crop_left;
+    size_t crop_right;
+    /**
+     * @}
+     */
 } AVFrame;
 
 /**
- * Accessors for some AVFrame fields.
- * The position of these field in the structure is not part of the ABI,
- * they should not be accessed directly outside libavutil.
+ * Accessors for some AVFrame fields. These used to be provided for ABI
+ * compatibility, and do not need to be used anymore.
  */
 int64_t av_frame_get_best_effort_timestamp(const AVFrame *frame);
 void    av_frame_set_best_effort_timestamp(AVFrame *frame, int64_t val);
@@ -651,7 +681,9 @@ void av_frame_move_ref(AVFrame *dst, AVFrame *src);
  *           cases.
  *
  * @param frame frame in which to store the new buffers.
- * @param align required buffer size alignment
+ * @param align Required buffer size alignment. If equal to 0, alignment will be
+ *              chosen automatically for the current CPU. It is highly
+ *              recommended to pass 0 here unless you know what you are doing.
  *
  * @return 0 on success, a negative AVERROR on error.
  */
@@ -743,6 +775,40 @@ AVFrameSideData *av_frame_get_side_data(const AVFrame *frame,
  */
 void av_frame_remove_side_data(AVFrame *frame, enum AVFrameSideDataType type);
 
+
+/**
+ * Flags for frame cropping.
+ */
+enum {
+    /**
+     * Apply the maximum possible cropping, even if it requires setting the
+     * AVFrame.data[] entries to unaligned pointers. Passing unaligned data
+     * to FFmpeg API is generally not allowed, and causes undefined behavior
+     * (such as crashes). You can pass unaligned data only to FFmpeg APIs that
+     * are explicitly documented to accept it. Use this flag only if you
+     * absolutely know what you are doing.
+     */
+    AV_FRAME_CROP_UNALIGNED     = 1 << 0,
+};
+
+/**
+ * Crop the given video AVFrame according to its crop_left/crop_top/crop_right/
+ * crop_bottom fields. If cropping is successful, the function will adjust the
+ * data pointers and the width/height fields, and set the crop fields to 0.
+ *
+ * In all cases, the cropping boundaries will be rounded to the inherent
+ * alignment of the pixel format. In some cases, such as for opaque hwaccel
+ * formats, the left/top cropping is ignored. The crop fields are set to 0 even
+ * if the cropping was rounded or ignored.
+ *
+ * @param frame the frame which should be cropped
+ * @param flags Some combination of AV_FRAME_CROP_* flags, or 0.
+ *
+ * @return >= 0 on success, a negative AVERROR on error. If the cropping fields
+ * were invalid, AVERROR(ERANGE) is returned, and nothing is changed.
+ */
+int av_frame_apply_cropping(AVFrame *frame, int flags);
+
 /**
  * @return a string identifying the side data type
  */
diff --git a/media/ffvpx/libavutil/hwcontext.h b/media/ffvpx/libavutil/hwcontext.h
index 5e2af092a..03334e20e 100644
--- a/media/ffvpx/libavutil/hwcontext.h
+++ b/media/ffvpx/libavutil/hwcontext.h
@@ -30,6 +30,10 @@ enum AVHWDeviceType {
     AV_HWDEVICE_TYPE_VAAPI,
     AV_HWDEVICE_TYPE_DXVA2,
     AV_HWDEVICE_TYPE_QSV,
+    AV_HWDEVICE_TYPE_VIDEOTOOLBOX,
+    AV_HWDEVICE_TYPE_NONE,
+    AV_HWDEVICE_TYPE_D3D11VA,
+    AV_HWDEVICE_TYPE_DRM,
 };
 
 typedef struct AVHWDeviceInternal AVHWDeviceInternal;
@@ -223,10 +227,36 @@ typedef struct AVHWFramesContext {
 } AVHWFramesContext;
 
 /**
- * Allocate an AVHWDeviceContext for a given pixel format.
+ * Look up an AVHWDeviceType by name.
  *
- * @param format a hwaccel pixel format (AV_PIX_FMT_FLAG_HWACCEL must be set
- *               on the corresponding format descriptor)
+ * @param name String name of the device type (case-insensitive).
+ * @return The type from enum AVHWDeviceType, or AV_HWDEVICE_TYPE_NONE if
+ *         not found.
+ */
+enum AVHWDeviceType av_hwdevice_find_type_by_name(const char *name);
+
+/** Get the string name of an AVHWDeviceType.
+ *
+ * @param type Type from enum AVHWDeviceType.
+ * @return Pointer to a static string containing the name, or NULL if the type
+ *         is not valid.
+ */
+const char *av_hwdevice_get_type_name(enum AVHWDeviceType type);
+
+/**
+ * Iterate over supported device types.
+ *
+ * @param type AV_HWDEVICE_TYPE_NONE initially, then the previous type
+ *             returned by this function in subsequent iterations.
+ * @return The next usable device type from enum AVHWDeviceType, or
+ *         AV_HWDEVICE_TYPE_NONE if there are no more.
+ */
+enum AVHWDeviceType av_hwdevice_iterate_types(enum AVHWDeviceType prev);
+
+/**
+ * Allocate an AVHWDeviceContext for a given hardware type.
+ *
+ * @param type the type of the hardware device to allocate.
  * @return a reference to the newly created AVHWDeviceContext on success or NULL
  *         on failure.
  */
@@ -271,6 +301,32 @@ int av_hwdevice_ctx_create(AVBufferRef **device_ctx, enum AVHWDeviceType type,
                            const char *device, AVDictionary *opts, int flags);
 
 /**
+ * Create a new device of the specified type from an existing device.
+ *
+ * If the source device is a device of the target type or was originally
+ * derived from such a device (possibly through one or more intermediate
+ * devices of other types), then this will return a reference to the
+ * existing device of the same type as is requested.
+ *
+ * Otherwise, it will attempt to derive a new device from the given source
+ * device.  If direct derivation to the new type is not implemented, it will
+ * attempt the same derivation from each ancestor of the source device in
+ * turn looking for an implemented derivation method.
+ *
+ * @param dst_ctx On success, a reference to the newly-created
+ *                AVHWDeviceContext.
+ * @param type    The type of the new device to create.
+ * @param src_ctx A reference to an existing AVHWDeviceContext which will be
+ *                used to create the new device.
+ * @param flags   Currently unused; should be set to zero.
+ * @return        Zero on success, a negative AVERROR code on failure.
+ */
+int av_hwdevice_ctx_create_derived(AVBufferRef **dst_ctx,
+                                   enum AVHWDeviceType type,
+                                   AVBufferRef *src_ctx, int flags);
+
+
+/**
  * Allocate an AVHWFramesContext tied to a given device context.
  *
  * @param device_ctx a reference to a AVHWDeviceContext. This function will make
@@ -318,6 +374,14 @@ int av_hwframe_get_buffer(AVBufferRef *hwframe_ctx, AVFrame *frame, int flags);
  * If dst->format is set, then this format will be used, otherwise (when
  * dst->format is AV_PIX_FMT_NONE) the first acceptable format will be chosen.
  *
+ * The two frames must have matching allocated dimensions (i.e. equal to
+ * AVHWFramesContext.width/height), since not all device types support
+ * transferring a sub-rectangle of the whole surface. The display dimensions
+ * (i.e. AVFrame.width/height) may be smaller than the allocated dimensions, but
+ * also have to be equal for both frames. When the display dimensions are
+ * smaller than the allocated dimensions, the content of the padding in the
+ * destination frame is unspecified.
+ *
  * @param dst the destination frame. dst is not touched on failure.
  * @param src the source frame.
  * @param flags currently unused, should be set to zero
@@ -410,7 +474,7 @@ void *av_hwdevice_hwconfig_alloc(AVBufferRef *device_ctx);
  * configuration is provided, returns the maximum possible capabilities
  * of the device.
  *
- * @param device_ctx a reference to the associated AVHWDeviceContext.
+ * @param ref a reference to the associated AVHWDeviceContext.
  * @param hwconfig a filled HW-specific configuration structure, or NULL
  *        to return the maximum possible capabilities of the device.
  * @return AVHWFramesConstraints structure describing the constraints
@@ -426,4 +490,93 @@ AVHWFramesConstraints *av_hwdevice_get_hwframe_constraints(AVBufferRef *ref,
  */
 void av_hwframe_constraints_free(AVHWFramesConstraints **constraints);
 
+
+/**
+ * Flags to apply to frame mappings.
+ */
+enum {
+    /**
+     * The mapping must be readable.
+     */
+    AV_HWFRAME_MAP_READ      = 1 << 0,
+    /**
+     * The mapping must be writeable.
+     */
+    AV_HWFRAME_MAP_WRITE     = 1 << 1,
+    /**
+     * The mapped frame will be overwritten completely in subsequent
+     * operations, so the current frame data need not be loaded.  Any values
+     * which are not overwritten are unspecified.
+     */
+    AV_HWFRAME_MAP_OVERWRITE = 1 << 2,
+    /**
+     * The mapping must be direct.  That is, there must not be any copying in
+     * the map or unmap steps.  Note that performance of direct mappings may
+     * be much lower than normal memory.
+     */
+    AV_HWFRAME_MAP_DIRECT    = 1 << 3,
+};
+
+/**
+ * Map a hardware frame.
+ *
+ * This has a number of different possible effects, depending on the format
+ * and origin of the src and dst frames.  On input, src should be a usable
+ * frame with valid buffers and dst should be blank (typically as just created
+ * by av_frame_alloc()).  src should have an associated hwframe context, and
+ * dst may optionally have a format and associated hwframe context.
+ *
+ * If src was created by mapping a frame from the hwframe context of dst,
+ * then this function undoes the mapping - dst is replaced by a reference to
+ * the frame that src was originally mapped from.
+ *
+ * If both src and dst have an associated hwframe context, then this function
+ * attempts to map the src frame from its hardware context to that of dst and
+ * then fill dst with appropriate data to be usable there.  This will only be
+ * possible if the hwframe contexts and associated devices are compatible -
+ * given compatible devices, av_hwframe_ctx_create_derived() can be used to
+ * create a hwframe context for dst in which mapping should be possible.
+ *
+ * If src has a hwframe context but dst does not, then the src frame is
+ * mapped to normal memory and should thereafter be usable as a normal frame.
+ * If the format is set on dst, then the mapping will attempt to create dst
+ * with that format and fail if it is not possible.  If format is unset (is
+ * AV_PIX_FMT_NONE) then dst will be mapped with whatever the most appropriate
+ * format to use is (probably the sw_format of the src hwframe context).
+ *
+ * A return value of AVERROR(ENOSYS) indicates that the mapping is not
+ * possible with the given arguments and hwframe setup, while other return
+ * values indicate that it failed somehow.
+ *
+ * @param dst Destination frame, to contain the mapping.
+ * @param src Source frame, to be mapped.
+ * @param flags Some combination of AV_HWFRAME_MAP_* flags.
+ * @return Zero on success, negative AVERROR code on failure.
+ */
+int av_hwframe_map(AVFrame *dst, const AVFrame *src, int flags);
+
+
+/**
+ * Create and initialise an AVHWFramesContext as a mapping of another existing
+ * AVHWFramesContext on a different device.
+ *
+ * av_hwframe_ctx_init() should not be called after this.
+ *
+ * @param derived_frame_ctx  On success, a reference to the newly created
+ *                           AVHWFramesContext.
+ * @param derived_device_ctx A reference to the device to create the new
+ *                           AVHWFramesContext on.
+ * @param source_frame_ctx   A reference to an existing AVHWFramesContext
+ *                           which will be mapped to the derived context.
+ * @param flags  Some combination of AV_HWFRAME_MAP_* flags, defining the
+ *               mapping parameters to apply to frames which are allocated
+ *               in the derived device.
+ * @return       Zero on success, negative AVERROR code on failure.
+ */
+int av_hwframe_ctx_create_derived(AVBufferRef **derived_frame_ctx,
+                                  enum AVPixelFormat format,
+                                  AVBufferRef *derived_device_ctx,
+                                  AVBufferRef *source_frame_ctx,
+                                  int flags);
+
 #endif /* AVUTIL_HWCONTEXT_H */
diff --git a/media/ffvpx/libavutil/imgutils.c b/media/ffvpx/libavutil/imgutils.c
index 37808e53d..500517880 100644
--- a/media/ffvpx/libavutil/imgutils.c
+++ b/media/ffvpx/libavutil/imgutils.c
@@ -24,6 +24,7 @@
 #include "avassert.h"
 #include "common.h"
 #include "imgutils.h"
+#include "imgutils_internal.h"
 #include "internal.h"
 #include "intreadwrite.h"
 #include "log.h"
@@ -248,19 +249,38 @@ static const AVClass imgutils_class = {
     .parent_log_context_offset = offsetof(ImgUtils, log_ctx),
 };
 
-int av_image_check_size(unsigned int w, unsigned int h, int log_offset, void *log_ctx)
+int av_image_check_size2(unsigned int w, unsigned int h, int64_t max_pixels, enum AVPixelFormat pix_fmt, int log_offset, void *log_ctx)
 {
     ImgUtils imgutils = {
         .class      = &imgutils_class,
         .log_offset = log_offset,
         .log_ctx    = log_ctx,
     };
+    int64_t stride = av_image_get_linesize(pix_fmt, w, 0);
+    if (stride <= 0)
+        stride = 8LL*w;
+    stride += 128*8;
 
-    if ((int)w>0 && (int)h>0 && (w+128)*(uint64_t)(h+128) < INT_MAX/8)
-        return 0;
+    if ((int)w<=0 || (int)h<=0 || stride >= INT_MAX || stride*(uint64_t)(h+128) >= INT_MAX) {
+        av_log(&imgutils, AV_LOG_ERROR, "Picture size %ux%u is invalid\n", w, h);
+        return AVERROR(EINVAL);
+    }
 
-    av_log(&imgutils, AV_LOG_ERROR, "Picture size %ux%u is invalid\n", w, h);
-    return AVERROR(EINVAL);
+    if (max_pixels < INT64_MAX) {
+        if (w*(int64_t)h > max_pixels) {
+            av_log(&imgutils, AV_LOG_ERROR,
+                    "Picture size %ux%u exceeds specified max pixel count %"PRId64", see the documentation if you wish to increase it\n",
+                    w, h, max_pixels);
+            return AVERROR(EINVAL);
+        }
+    }
+
+    return 0;
+}
+
+int av_image_check_size(unsigned int w, unsigned int h, int log_offset, void *log_ctx)
+{
+    return av_image_check_size2(w, h, INT64_MAX, AV_PIX_FMT_NONE, log_offset, log_ctx);
 }
 
 int av_image_check_sar(unsigned int w, unsigned int h, AVRational sar)
@@ -284,9 +304,9 @@ int av_image_check_sar(unsigned int w, unsigned int h, AVRational sar)
     return AVERROR(EINVAL);
 }
 
-void av_image_copy_plane(uint8_t       *dst, int dst_linesize,
-                         const uint8_t *src, int src_linesize,
-                         int bytewidth, int height)
+static void image_copy_plane(uint8_t       *dst, ptrdiff_t dst_linesize,
+                             const uint8_t *src, ptrdiff_t src_linesize,
+                             ptrdiff_t bytewidth, int height)
 {
     if (!dst || !src)
         return;
@@ -299,9 +319,33 @@ void av_image_copy_plane(uint8_t       *dst, int dst_linesize,
     }
 }
 
-void av_image_copy(uint8_t *dst_data[4], int dst_linesizes[4],
-                   const uint8_t *src_data[4], const int src_linesizes[4],
-                   enum AVPixelFormat pix_fmt, int width, int height)
+static void image_copy_plane_uc_from(uint8_t       *dst, ptrdiff_t dst_linesize,
+                                     const uint8_t *src, ptrdiff_t src_linesize,
+                                     ptrdiff_t bytewidth, int height)
+{
+    int ret = -1;
+
+#if ARCH_X86
+    ret = ff_image_copy_plane_uc_from_x86(dst, dst_linesize, src, src_linesize,
+                                          bytewidth, height);
+#endif
+
+    if (ret < 0)
+        image_copy_plane(dst, dst_linesize, src, src_linesize, bytewidth, height);
+}
+
+void av_image_copy_plane(uint8_t       *dst, int dst_linesize,
+                         const uint8_t *src, int src_linesize,
+                         int bytewidth, int height)
+{
+    image_copy_plane(dst, dst_linesize, src, src_linesize, bytewidth, height);
+}
+
+static void image_copy(uint8_t *dst_data[4], const ptrdiff_t dst_linesizes[4],
+                       const uint8_t *src_data[4], const ptrdiff_t src_linesizes[4],
+                       enum AVPixelFormat pix_fmt, int width, int height,
+                       void (*copy_plane)(uint8_t *, ptrdiff_t, const uint8_t *,
+                                          ptrdiff_t, ptrdiff_t, int))
 {
     const AVPixFmtDescriptor *desc = av_pix_fmt_desc_get(pix_fmt);
 
@@ -310,9 +354,9 @@ void av_image_copy(uint8_t *dst_data[4], int dst_linesizes[4],
 
     if (desc->flags & AV_PIX_FMT_FLAG_PAL ||
         desc->flags & AV_PIX_FMT_FLAG_PSEUDOPAL) {
-        av_image_copy_plane(dst_data[0], dst_linesizes[0],
-                            src_data[0], src_linesizes[0],
-                            width, height);
+        copy_plane(dst_data[0], dst_linesizes[0],
+                   src_data[0], src_linesizes[0],
+                   width, height);
         /* copy the palette */
         memcpy(dst_data[1], src_data[1], 4*256);
     } else {
@@ -323,7 +367,7 @@ void av_image_copy(uint8_t *dst_data[4], int dst_linesizes[4],
 
         for (i = 0; i < planes_nb; i++) {
             int h = height;
-            int bwidth = av_image_get_linesize(pix_fmt, width, i);
+            ptrdiff_t bwidth = av_image_get_linesize(pix_fmt, width, i);
             if (bwidth < 0) {
                 av_log(NULL, AV_LOG_ERROR, "av_image_get_linesize failed\n");
                 return;
@@ -331,13 +375,37 @@ void av_image_copy(uint8_t *dst_data[4], int dst_linesizes[4],
             if (i == 1 || i == 2) {
                 h = AV_CEIL_RSHIFT(height, desc->log2_chroma_h);
             }
-            av_image_copy_plane(dst_data[i], dst_linesizes[i],
-                                src_data[i], src_linesizes[i],
-                                bwidth, h);
+            copy_plane(dst_data[i], dst_linesizes[i],
+                       src_data[i], src_linesizes[i],
+                       bwidth, h);
         }
     }
 }
 
+void av_image_copy(uint8_t *dst_data[4], int dst_linesizes[4],
+                   const uint8_t *src_data[4], const int src_linesizes[4],
+                   enum AVPixelFormat pix_fmt, int width, int height)
+{
+    ptrdiff_t dst_linesizes1[4], src_linesizes1[4];
+    int i;
+
+    for (i = 0; i < 4; i++) {
+        dst_linesizes1[i] = dst_linesizes[i];
+        src_linesizes1[i] = src_linesizes[i];
+    }
+
+    image_copy(dst_data, dst_linesizes1, src_data, src_linesizes1, pix_fmt,
+               width, height, image_copy_plane);
+}
+
+void av_image_copy_uc_from(uint8_t *dst_data[4], const ptrdiff_t dst_linesizes[4],
+                           const uint8_t *src_data[4], const ptrdiff_t src_linesizes[4],
+                           enum AVPixelFormat pix_fmt, int width, int height)
+{
+    image_copy(dst_data, dst_linesizes, src_data, src_linesizes, pix_fmt,
+               width, height, image_copy_plane_uc_from);
+}
+
 int av_image_fill_arrays(uint8_t *dst_data[4], int dst_linesize[4],
                          const uint8_t *src, enum AVPixelFormat pix_fmt,
                          int width, int height, int align)
@@ -423,3 +491,170 @@ int av_image_copy_to_buffer(uint8_t *dst, int dst_size,
 
     return size;
 }
+
+// Fill dst[0..dst_size] with the bytes in clear[0..clear_size]. The clear
+// bytes are repeated until dst_size is reached. If dst_size is unaligned (i.e.
+// dst_size%clear_size!=0), the remaining data will be filled with the beginning
+// of the clear data only.
+static void memset_bytes(uint8_t *dst, size_t dst_size, uint8_t *clear,
+                         size_t clear_size)
+{
+    size_t pos = 0;
+    int same = 1;
+    int i;
+
+    if (!clear_size)
+        return;
+
+    // Reduce to memset() if possible.
+    for (i = 0; i < clear_size; i++) {
+        if (clear[i] != clear[0]) {
+            same = 0;
+            break;
+        }
+    }
+    if (same)
+        clear_size = 1;
+
+    if (clear_size == 1) {
+        memset(dst, clear[0], dst_size);
+        dst_size = 0;
+    } else if (clear_size == 2) {
+        uint16_t val = AV_RN16(clear);
+        for (; dst_size >= 2; dst_size -= 2) {
+            AV_WN16(dst, val);
+            dst += 2;
+        }
+    } else if (clear_size == 4) {
+        uint32_t val = AV_RN32(clear);
+        for (; dst_size >= 4; dst_size -= 4) {
+            AV_WN32(dst, val);
+            dst += 4;
+        }
+    } else if (clear_size == 8) {
+        uint32_t val = AV_RN64(clear);
+        for (; dst_size >= 8; dst_size -= 8) {
+            AV_WN64(dst, val);
+            dst += 8;
+        }
+    }
+
+    for (; dst_size; dst_size--)
+        *dst++ = clear[pos++ % clear_size];
+}
+
+// Maximum size in bytes of a plane element (usually a pixel, or multiple pixels
+// if it's a subsampled packed format).
+#define MAX_BLOCK_SIZE 32
+
+int av_image_fill_black(uint8_t *dst_data[4], const ptrdiff_t dst_linesize[4],
+                        enum AVPixelFormat pix_fmt, enum AVColorRange range,
+                        int width, int height)
+{
+    const AVPixFmtDescriptor *desc = av_pix_fmt_desc_get(pix_fmt);
+    int nb_planes = av_pix_fmt_count_planes(pix_fmt);
+    // A pixel or a group of pixels on each plane, with a value that represents black.
+    // Consider e.g. AV_PIX_FMT_UYVY422 for non-trivial cases.
+    uint8_t clear_block[4][MAX_BLOCK_SIZE] = {{0}}; // clear padding with 0
+    int clear_block_size[4] = {0};
+    ptrdiff_t plane_line_bytes[4] = {0};
+    int rgb, limited;
+    int plane, c;
+
+    if (!desc || nb_planes < 1 || nb_planes > 4 || desc->flags & AV_PIX_FMT_FLAG_HWACCEL)
+        return AVERROR(EINVAL);
+
+    rgb = !!(desc->flags & AV_PIX_FMT_FLAG_RGB);
+    limited = !rgb && range != AVCOL_RANGE_JPEG;
+
+    if (desc->flags & AV_PIX_FMT_FLAG_BITSTREAM) {
+        ptrdiff_t bytewidth = av_image_get_linesize(pix_fmt, width, 0);
+        uint8_t *data;
+        int mono = pix_fmt == AV_PIX_FMT_MONOWHITE || pix_fmt == AV_PIX_FMT_MONOBLACK;
+        int fill = pix_fmt == AV_PIX_FMT_MONOWHITE ? 0xFF : 0;
+        if (nb_planes != 1 || !(rgb || mono) || bytewidth < 1)
+            return AVERROR(EINVAL);
+
+        if (!dst_data)
+            return 0;
+
+        data = dst_data[0];
+
+        // (Bitstream + alpha will be handled incorrectly - it'll remain transparent.)
+        for (;height > 0; height--) {
+            memset(data, fill, bytewidth);
+            data += dst_linesize[0];
+        }
+        return 0;
+    }
+
+    for (c = 0; c < desc->nb_components; c++) {
+        const AVComponentDescriptor comp = desc->comp[c];
+
+        // We try to operate on entire non-subsampled pixel groups (for
+        // AV_PIX_FMT_UYVY422 this would mean two consecutive pixels).
+        clear_block_size[comp.plane] = FFMAX(clear_block_size[comp.plane], comp.step);
+
+        if (clear_block_size[comp.plane] > MAX_BLOCK_SIZE)
+            return AVERROR(EINVAL);
+    }
+
+    // Create a byte array for clearing 1 pixel (sometimes several pixels).
+    for (c = 0; c < desc->nb_components; c++) {
+        const AVComponentDescriptor comp = desc->comp[c];
+        // (Multiple pixels happen e.g. with AV_PIX_FMT_UYVY422.)
+        int w = clear_block_size[comp.plane] / comp.step;
+        uint8_t *c_data[4];
+        const int c_linesize[4] = {0};
+        uint16_t src_array[MAX_BLOCK_SIZE];
+        uint16_t src = 0;
+        int x;
+
+        if (comp.depth > 16)
+            return AVERROR(EINVAL);
+        if (!rgb && comp.depth < 8)
+            return AVERROR(EINVAL);
+        if (w < 1)
+            return AVERROR(EINVAL);
+
+        if (c == 0 && limited) {
+            src = 16 << (comp.depth - 8);
+        } else if ((c == 1 || c == 2) && !rgb) {
+            src = 128 << (comp.depth - 8);
+        } else if (c == 3) {
+            // (Assume even limited YUV uses full range alpha.)
+            src = (1 << comp.depth) - 1;
+        }
+
+        for (x = 0; x < w; x++)
+            src_array[x] = src;
+
+        for (x = 0; x < 4; x++)
+            c_data[x] = &clear_block[x][0];
+
+        av_write_image_line(src_array, c_data, c_linesize, desc, 0, 0, c, w);
+    }
+
+    for (plane = 0; plane < nb_planes; plane++) {
+        plane_line_bytes[plane] = av_image_get_linesize(pix_fmt, width, plane);
+        if (plane_line_bytes[plane] < 0)
+            return AVERROR(EINVAL);
+    }
+
+    if (!dst_data)
+        return 0;
+
+    for (plane = 0; plane < nb_planes; plane++) {
+        size_t bytewidth = plane_line_bytes[plane];
+        uint8_t *data = dst_data[plane];
+        int chroma_div = plane == 1 || plane == 2 ? desc->log2_chroma_h : 0;
+        int plane_h = ((height + ( 1 << chroma_div) - 1)) >> chroma_div;
+
+        for (; plane_h > 0; plane_h--) {
+            memset_bytes(data, bytewidth, &clear_block[plane][0], clear_block_size[plane]);
+            data += dst_linesize[plane];
+        }
+    }
+
+    return 0;
+}
diff --git a/media/ffvpx/libavutil/imgutils.h b/media/ffvpx/libavutil/imgutils.h
index 23282a38f..5b790ecf0 100644
--- a/media/ffvpx/libavutil/imgutils.h
+++ b/media/ffvpx/libavutil/imgutils.h
@@ -121,6 +121,24 @@ void av_image_copy(uint8_t *dst_data[4], int dst_linesizes[4],
                    enum AVPixelFormat pix_fmt, int width, int height);
 
 /**
+ * Copy image data located in uncacheable (e.g. GPU mapped) memory. Where
+ * available, this function will use special functionality for reading from such
+ * memory, which may result in greatly improved performance compared to plain
+ * av_image_copy().
+ *
+ * The data pointers and the linesizes must be aligned to the maximum required
+ * by the CPU architecture.
+ *
+ * @note The linesize parameters have the type ptrdiff_t here, while they are
+ *       int for av_image_copy().
+ * @note On x86, the linesizes currently need to be aligned to the cacheline
+ *       size (i.e. 64) to get improved performance.
+ */
+void av_image_copy_uc_from(uint8_t *dst_data[4],       const ptrdiff_t dst_linesizes[4],
+                           const uint8_t *src_data[4], const ptrdiff_t src_linesizes[4],
+                           enum AVPixelFormat pix_fmt, int width, int height);
+
+/**
  * Setup the data pointers and linesizes based on the specified image
  * parameters and the provided array.
  *
@@ -137,7 +155,7 @@ void av_image_copy(uint8_t *dst_data[4], int dst_linesizes[4],
  * one call, use av_image_alloc().
  *
  * @param dst_data      data pointers to be filled in
- * @param dst_linesizes linesizes for the image in dst_data to be filled in
+ * @param dst_linesize  linesizes for the image in dst_data to be filled in
  * @param src           buffer which will contain or contains the actual image data, can be NULL
  * @param pix_fmt       the pixel format of the image
  * @param width         the width of the image in pixels
@@ -154,7 +172,11 @@ int av_image_fill_arrays(uint8_t *dst_data[4], int dst_linesize[4],
  * Return the size in bytes of the amount of data required to store an
  * image with the given parameters.
  *
- * @param[in] align the assumed linesize alignment
+ * @param pix_fmt  the pixel format of the image
+ * @param width    the width of the image in pixels
+ * @param height   the height of the image in pixels
+ * @param align    the assumed linesize alignment
+ * @return the buffer size in bytes, a negative error code in case of failure
  */
 int av_image_get_buffer_size(enum AVPixelFormat pix_fmt, int width, int height, int align);
 
@@ -167,7 +189,7 @@ int av_image_get_buffer_size(enum AVPixelFormat pix_fmt, int width, int height,
  * @param dst           a buffer into which picture data will be copied
  * @param dst_size      the size in bytes of dst
  * @param src_data      pointers containing the source image data
- * @param src_linesizes linesizes for the image in src_data
+ * @param src_linesize  linesizes for the image in src_data
  * @param pix_fmt       the pixel format of the source image
  * @param width         the width of the source image in pixels
  * @param height        the height of the source image in pixels
@@ -192,6 +214,21 @@ int av_image_copy_to_buffer(uint8_t *dst, int dst_size,
 int av_image_check_size(unsigned int w, unsigned int h, int log_offset, void *log_ctx);
 
 /**
+ * Check if the given dimension of an image is valid, meaning that all
+ * bytes of a plane of an image with the specified pix_fmt can be addressed
+ * with a signed int.
+ *
+ * @param w the width of the picture
+ * @param h the height of the picture
+ * @param max_pixels the maximum number of pixels the user wants to accept
+ * @param pix_fmt the pixel format, can be AV_PIX_FMT_NONE if unknown.
+ * @param log_offset the offset to sum to the log level for logging with log_ctx
+ * @param log_ctx the parent logging context, it may be NULL
+ * @return >= 0 if valid, a negative error code otherwise
+ */
+int av_image_check_size2(unsigned int w, unsigned int h, int64_t max_pixels, enum AVPixelFormat pix_fmt, int log_offset, void *log_ctx);
+
+/**
  * Check if the given sample aspect ratio of an image is valid.
  *
  * It is considered invalid if the denominator is 0 or if applying the ratio
@@ -206,6 +243,33 @@ int av_image_check_size(unsigned int w, unsigned int h, int log_offset, void *lo
 int av_image_check_sar(unsigned int w, unsigned int h, AVRational sar);
 
 /**
+ * Overwrite the image data with black. This is suitable for filling a
+ * sub-rectangle of an image, meaning the padding between the right most pixel
+ * and the left most pixel on the next line will not be overwritten. For some
+ * formats, the image size might be rounded up due to inherent alignment.
+ *
+ * If the pixel format has alpha, the alpha is cleared to opaque.
+ *
+ * This can return an error if the pixel format is not supported. Normally, all
+ * non-hwaccel pixel formats should be supported.
+ *
+ * Passing NULL for dst_data is allowed. Then the function returns whether the
+ * operation would have succeeded. (It can return an error if the pix_fmt is
+ * not supported.)
+ *
+ * @param dst_data      data pointers to destination image
+ * @param dst_linesize  linesizes for the destination image
+ * @param pix_fmt       the pixel format of the image
+ * @param range         the color range of the image (important for colorspaces such as YUV)
+ * @param width         the width of the image in pixels
+ * @param height        the height of the image in pixels
+ * @return 0 if the image data was cleared, a negative AVERROR code otherwise
+ */
+int av_image_fill_black(uint8_t *dst_data[4], const ptrdiff_t dst_linesize[4],
+                        enum AVPixelFormat pix_fmt, enum AVColorRange range,
+                        int width, int height);
+
+/**
  * @}
  */
 
diff --git a/media/ffvpx/libavutil/imgutils_internal.h b/media/ffvpx/libavutil/imgutils_internal.h
new file mode 100644
index 000000000..d51585841
--- /dev/null
+++ b/media/ffvpx/libavutil/imgutils_internal.h
@@ -0,0 +1,30 @@
+/*
+ * This file is part of FFmpeg.
+ *
+ * FFmpeg is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * FFmpeg is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with FFmpeg; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#ifndef AVUTIL_IMGUTILS_INTERNAL_H
+#define AVUTIL_IMGUTILS_INTERNAL_H
+
+#include <stddef.h>
+#include <stdint.h>
+
+int ff_image_copy_plane_uc_from_x86(uint8_t       *dst, ptrdiff_t dst_linesize,
+                                    const uint8_t *src, ptrdiff_t src_linesize,
+                                    ptrdiff_t bytewidth, int height);
+
+
+#endif /* AVUTIL_IMGUTILS_INTERNAL_H */
diff --git a/media/ffvpx/libavutil/internal.h b/media/ffvpx/libavutil/internal.h
index e995af97e..a2d73e3cc 100644
--- a/media/ffvpx/libavutil/internal.h
+++ b/media/ffvpx/libavutil/internal.h
@@ -30,6 +30,9 @@
 #    define NDEBUG
 #endif
 
+// This can be enabled to allow detection of additional integer overflows with ubsan
+//#define CHECKED
+
 #include <limits.h>
 #include <stdint.h>
 #include <stddef.h>
@@ -258,6 +261,16 @@ void avpriv_request_sample(void *avc,
 #   define ff_dlog(ctx, ...) do { if (0) av_log(ctx, AV_LOG_DEBUG, __VA_ARGS__); } while (0)
 #endif
 
+// For debuging we use signed operations so overflows can be detected (by ubsan)
+// For production we use unsigned so there are no undefined operations
+#ifdef CHECKED
+#define SUINT   int
+#define SUINT32 int32_t
+#else
+#define SUINT   unsigned
+#define SUINT32 uint32_t
+#endif
+
 /**
  * Clip and convert a double value into the long long amin-amax range.
  * This function is needed because conversion of floating point to integers when
@@ -340,6 +353,4 @@ void ff_check_pixfmt_descriptors(void);
  */
 int avpriv_dict_set_timestamp(AVDictionary **dict, const char *key, int64_t timestamp);
 
-extern const uint8_t ff_reverse[256];
-
 #endif /* AVUTIL_INTERNAL_H */
diff --git a/media/ffvpx/libavutil/intreadwrite.h b/media/ffvpx/libavutil/intreadwrite.h
index 51fbe30a2..d54d4b91d 100644
--- a/media/ffvpx/libavutil/intreadwrite.h
+++ b/media/ffvpx/libavutil/intreadwrite.h
@@ -229,6 +229,11 @@ union unaligned_16 { uint16_t l; } __attribute__((packed)) av_alias;
 #   define AV_RN(s, p) (*((const __unaligned uint##s##_t*)(p)))
 #   define AV_WN(s, p, v) (*((__unaligned uint##s##_t*)(p)) = (v))
 
+#elif defined(_MSC_VER) && (defined(_M_ARM) || defined(_M_X64)) && AV_HAVE_FAST_UNALIGNED
+
+#   define AV_RN(s, p) (*((const __unaligned uint##s##_t*)(p)))
+#   define AV_WN(s, p, v) (*((__unaligned uint##s##_t*)(p)) = (v))
+
 #elif AV_HAVE_FAST_UNALIGNED
 
 #   define AV_RN(s, p) (((const av_alias##s*)(p))->u##s)
@@ -242,8 +247,8 @@ union unaligned_16 { uint16_t l; } __attribute__((packed)) av_alias;
       ((const uint8_t*)(x))[1])
 #endif
 #ifndef AV_WB16
-#   define AV_WB16(p, darg) do {                \
-        unsigned d = (darg);                    \
+#   define AV_WB16(p, val) do {                 \
+        uint16_t d = (val);                     \
         ((uint8_t*)(p))[1] = (d);               \
         ((uint8_t*)(p))[0] = (d)>>8;            \
     } while(0)
@@ -255,8 +260,8 @@ union unaligned_16 { uint16_t l; } __attribute__((packed)) av_alias;
       ((const uint8_t*)(x))[0])
 #endif
 #ifndef AV_WL16
-#   define AV_WL16(p, darg) do {                \
-        unsigned d = (darg);                    \
+#   define AV_WL16(p, val) do {                 \
+        uint16_t d = (val);                     \
         ((uint8_t*)(p))[0] = (d);               \
         ((uint8_t*)(p))[1] = (d)>>8;            \
     } while(0)
@@ -270,8 +275,8 @@ union unaligned_16 { uint16_t l; } __attribute__((packed)) av_alias;
                 ((const uint8_t*)(x))[3])
 #endif
 #ifndef AV_WB32
-#   define AV_WB32(p, darg) do {                \
-        unsigned d = (darg);                    \
+#   define AV_WB32(p, val) do {                 \
+        uint32_t d = (val);                     \
         ((uint8_t*)(p))[3] = (d);               \
         ((uint8_t*)(p))[2] = (d)>>8;            \
         ((uint8_t*)(p))[1] = (d)>>16;           \
@@ -287,8 +292,8 @@ union unaligned_16 { uint16_t l; } __attribute__((packed)) av_alias;
                 ((const uint8_t*)(x))[0])
 #endif
 #ifndef AV_WL32
-#   define AV_WL32(p, darg) do {                \
-        unsigned d = (darg);                    \
+#   define AV_WL32(p, val) do {                 \
+        uint32_t d = (val);                     \
         ((uint8_t*)(p))[0] = (d);               \
         ((uint8_t*)(p))[1] = (d)>>8;            \
         ((uint8_t*)(p))[2] = (d)>>16;           \
@@ -308,8 +313,8 @@ union unaligned_16 { uint16_t l; } __attribute__((packed)) av_alias;
       (uint64_t)((const uint8_t*)(x))[7])
 #endif
 #ifndef AV_WB64
-#   define AV_WB64(p, darg) do {                \
-        uint64_t d = (darg);                    \
+#   define AV_WB64(p, val) do {                 \
+        uint64_t d = (val);                     \
         ((uint8_t*)(p))[7] = (d);               \
         ((uint8_t*)(p))[6] = (d)>>8;            \
         ((uint8_t*)(p))[5] = (d)>>16;           \
@@ -333,8 +338,8 @@ union unaligned_16 { uint16_t l; } __attribute__((packed)) av_alias;
       (uint64_t)((const uint8_t*)(x))[0])
 #endif
 #ifndef AV_WL64
-#   define AV_WL64(p, darg) do {                \
-        uint64_t d = (darg);                    \
+#   define AV_WL64(p, val) do {                 \
+        uint64_t d = (val);                     \
         ((uint8_t*)(p))[0] = (d);               \
         ((uint8_t*)(p))[1] = (d)>>8;            \
         ((uint8_t*)(p))[2] = (d)>>16;           \
diff --git a/media/ffvpx/libavutil/log.c b/media/ffvpx/libavutil/log.c
index 44c11cb09..be806202f 100644
--- a/media/ffvpx/libavutil/log.c
+++ b/media/ffvpx/libavutil/log.c
@@ -168,19 +168,19 @@ static void colored_fputs(int level, int tint, const char *str)
 #else
     if (local_use_color == 1) {
         fprintf(stderr,
-                "\033[%d;3%dm%s\033[0m",
+                "\033[%"PRIu32";3%"PRIu32"m%s\033[0m",
                 (color[level] >> 4) & 15,
                 color[level] & 15,
                 str);
     } else if (tint && use_color == 256) {
         fprintf(stderr,
-                "\033[48;5;%dm\033[38;5;%dm%s\033[0m",
+                "\033[48;5;%"PRIu32"m\033[38;5;%dm%s\033[0m",
                 (color[level] >> 16) & 0xff,
                 tint,
                 str);
     } else if (local_use_color == 256) {
         fprintf(stderr,
-                "\033[48;5;%dm\033[38;5;%dm%s\033[0m",
+                "\033[48;5;%"PRIu32"m\033[38;5;%"PRIu32"m%s\033[0m",
                 (color[level] >> 16) & 0xff,
                 (color[level] >> 8) & 0xff,
                 str);
diff --git a/media/ffvpx/libavutil/lzo.c b/media/ffvpx/libavutil/lzo.c
deleted file mode 100644
index 1ae076e33..000000000
--- a/media/ffvpx/libavutil/lzo.c
+++ /dev/null
@@ -1,205 +0,0 @@
-/*
- * LZO 1x decompression
- * Copyright (c) 2006 Reimar Doeffinger
- *
- * This file is part of FFmpeg.
- *
- * FFmpeg is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * FFmpeg is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with FFmpeg; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
-
-#include <string.h>
-
-#include "avutil.h"
-#include "avassert.h"
-#include "common.h"
-#include "intreadwrite.h"
-#include "lzo.h"
-
-/// Define if we may write up to 12 bytes beyond the output buffer.
-#define OUTBUF_PADDED 1
-/// Define if we may read up to 8 bytes beyond the input buffer.
-#define INBUF_PADDED 1
-
-typedef struct LZOContext {
-    const uint8_t *in, *in_end;
-    uint8_t *out_start, *out, *out_end;
-    int error;
-} LZOContext;
-
-/**
- * @brief Reads one byte from the input buffer, avoiding an overrun.
- * @return byte read
- */
-static inline int get_byte(LZOContext *c)
-{
-    if (c->in < c->in_end)
-        return *c->in++;
-    c->error |= AV_LZO_INPUT_DEPLETED;
-    return 1;
-}
-
-#ifdef INBUF_PADDED
-#define GETB(c) (*(c).in++)
-#else
-#define GETB(c) get_byte(&(c))
-#endif
-
-/**
- * @brief Decodes a length value in the coding used by lzo.
- * @param x previous byte value
- * @param mask bits used from x
- * @return decoded length value
- */
-static inline int get_len(LZOContext *c, int x, int mask)
-{
-    int cnt = x & mask;
-    if (!cnt) {
-        while (!(x = get_byte(c))) {
-            if (cnt >= INT_MAX - 1000) {
-                c->error |= AV_LZO_ERROR;
-                break;
-            }
-            cnt += 255;
-        }
-        cnt += mask + x;
-    }
-    return cnt;
-}
-
-/**
- * @brief Copies bytes from input to output buffer with checking.
- * @param cnt number of bytes to copy, must be >= 0
- */
-static inline void copy(LZOContext *c, int cnt)
-{
-    register const uint8_t *src = c->in;
-    register uint8_t *dst       = c->out;
-    av_assert0(cnt >= 0);
-    if (cnt > c->in_end - src) {
-        cnt       = FFMAX(c->in_end - src, 0);
-        c->error |= AV_LZO_INPUT_DEPLETED;
-    }
-    if (cnt > c->out_end - dst) {
-        cnt       = FFMAX(c->out_end - dst, 0);
-        c->error |= AV_LZO_OUTPUT_FULL;
-    }
-#if defined(INBUF_PADDED) && defined(OUTBUF_PADDED)
-    AV_COPY32U(dst, src);
-    src += 4;
-    dst += 4;
-    cnt -= 4;
-    if (cnt > 0)
-#endif
-    memcpy(dst, src, cnt);
-    c->in  = src + cnt;
-    c->out = dst + cnt;
-}
-
-/**
- * @brief Copies previously decoded bytes to current position.
- * @param back how many bytes back we start, must be > 0
- * @param cnt number of bytes to copy, must be > 0
- *
- * cnt > back is valid, this will copy the bytes we just copied,
- * thus creating a repeating pattern with a period length of back.
- */
-static inline void copy_backptr(LZOContext *c, int back, int cnt)
-{
-    register uint8_t *dst       = c->out;
-    av_assert0(cnt > 0);
-    if (dst - c->out_start < back) {
-        c->error |= AV_LZO_INVALID_BACKPTR;
-        return;
-    }
-    if (cnt > c->out_end - dst) {
-        cnt       = FFMAX(c->out_end - dst, 0);
-        c->error |= AV_LZO_OUTPUT_FULL;
-    }
-    av_memcpy_backptr(dst, back, cnt);
-    c->out = dst + cnt;
-}
-
-int av_lzo1x_decode(void *out, int *outlen, const void *in, int *inlen)
-{
-    int state = 0;
-    int x;
-    LZOContext c;
-    if (*outlen <= 0 || *inlen <= 0) {
-        int res = 0;
-        if (*outlen <= 0)
-            res |= AV_LZO_OUTPUT_FULL;
-        if (*inlen <= 0)
-            res |= AV_LZO_INPUT_DEPLETED;
-        return res;
-    }
-    c.in      = in;
-    c.in_end  = (const uint8_t *)in + *inlen;
-    c.out     = c.out_start = out;
-    c.out_end = (uint8_t *)out + *outlen;
-    c.error   = 0;
-    x         = GETB(c);
-    if (x > 17) {
-        copy(&c, x - 17);
-        x = GETB(c);
-        if (x < 16)
-            c.error |= AV_LZO_ERROR;
-    }
-    if (c.in > c.in_end)
-        c.error |= AV_LZO_INPUT_DEPLETED;
-    while (!c.error) {
-        int cnt, back;
-        if (x > 15) {
-            if (x > 63) {
-                cnt  = (x >> 5) - 1;
-                back = (GETB(c) << 3) + ((x >> 2) & 7) + 1;
-            } else if (x > 31) {
-                cnt  = get_len(&c, x, 31);
-                x    = GETB(c);
-                back = (GETB(c) << 6) + (x >> 2) + 1;
-            } else {
-                cnt   = get_len(&c, x, 7);
-                back  = (1 << 14) + ((x & 8) << 11);
-                x     = GETB(c);
-                back += (GETB(c) << 6) + (x >> 2);
-                if (back == (1 << 14)) {
-                    if (cnt != 1)
-                        c.error |= AV_LZO_ERROR;
-                    break;
-                }
-            }
-        } else if (!state) {
-            cnt = get_len(&c, x, 15);
-            copy(&c, cnt + 3);
-            x = GETB(c);
-            if (x > 15)
-                continue;
-            cnt  = 1;
-            back = (1 << 11) + (GETB(c) << 2) + (x >> 2) + 1;
-        } else {
-            cnt  = 0;
-            back = (GETB(c) << 2) + (x >> 2) + 1;
-        }
-        copy_backptr(&c, back, cnt + 2);
-        state =
-        cnt   = x & 3;
-        copy(&c, cnt);
-        x = GETB(c);
-    }
-    *inlen = c.in_end - c.in;
-    if (c.in > c.in_end)
-        *inlen = 0;
-    *outlen = c.out_end - c.out;
-    return c.error;
-}
diff --git a/media/ffvpx/libavutil/lzo.h b/media/ffvpx/libavutil/lzo.h
deleted file mode 100644
index c03403992..000000000
--- a/media/ffvpx/libavutil/lzo.h
+++ /dev/null
@@ -1,66 +0,0 @@
-/*
- * LZO 1x decompression
- * copyright (c) 2006 Reimar Doeffinger
- *
- * This file is part of FFmpeg.
- *
- * FFmpeg is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * FFmpeg is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with FFmpeg; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
-
-#ifndef AVUTIL_LZO_H
-#define AVUTIL_LZO_H
-
-/**
- * @defgroup lavu_lzo LZO
- * @ingroup lavu_crypto
- *
- * @{
- */
-
-#include <stdint.h>
-
-/** @name Error flags returned by av_lzo1x_decode
- * @{ */
-/// end of the input buffer reached before decoding finished
-#define AV_LZO_INPUT_DEPLETED  1
-/// decoded data did not fit into output buffer
-#define AV_LZO_OUTPUT_FULL     2
-/// a reference to previously decoded data was wrong
-#define AV_LZO_INVALID_BACKPTR 4
-/// a non-specific error in the compressed bitstream
-#define AV_LZO_ERROR           8
-/** @} */
-
-#define AV_LZO_INPUT_PADDING   8
-#define AV_LZO_OUTPUT_PADDING 12
-
-/**
- * @brief Decodes LZO 1x compressed data.
- * @param out output buffer
- * @param outlen size of output buffer, number of bytes left are returned here
- * @param in input buffer
- * @param inlen size of input buffer, number of bytes left are returned here
- * @return 0 on success, otherwise a combination of the error flags above
- *
- * Make sure all buffers are appropriately padded, in must provide
- * AV_LZO_INPUT_PADDING, out must provide AV_LZO_OUTPUT_PADDING additional bytes.
- */
-int av_lzo1x_decode(void *out, int *outlen, const void *in, int *inlen);
-
-/**
- * @}
- */
-
-#endif /* AVUTIL_LZO_H */
diff --git a/media/ffvpx/libavutil/mathematics.c b/media/ffvpx/libavutil/mathematics.c
index 20ff37f5e..1bf044cdf 100644
--- a/media/ffvpx/libavutil/mathematics.c
+++ b/media/ffvpx/libavutil/mathematics.c
@@ -115,15 +115,15 @@ int64_t av_rescale_rnd(int64_t a, int64_t b, int64_t c, enum AVRounding rnd)
         if (t1 > INT64_MAX)
             return INT64_MIN;
         return t1;
-    }
 #else
+        /* reference code doing (a*b + r) / c, requires libavutil/integer.h */
         AVInteger ai;
         ai = av_mul_i(av_int2i(a), av_int2i(b));
         ai = av_add_i(ai, av_int2i(r));
 
         return av_i2int(av_div_i(ai, av_int2i(c)));
-    }
 #endif
+    }
 }
 
 int64_t av_rescale(int64_t a, int64_t b, int64_t c)
diff --git a/media/ffvpx/libavutil/mem.c b/media/ffvpx/libavutil/mem.c
index 1a8fc21e9..36740f115 100644
--- a/media/ffvpx/libavutil/mem.c
+++ b/media/ffvpx/libavutil/mem.c
@@ -77,22 +77,12 @@ void av_max_alloc(size_t max){
 void *av_malloc(size_t size)
 {
     void *ptr = NULL;
-#if CONFIG_MEMALIGN_HACK
-    long diff;
-#endif
 
     /* let's disallow possibly ambiguous cases */
     if (size > (max_alloc_size - 32))
         return NULL;
 
-#if CONFIG_MEMALIGN_HACK
-    ptr = malloc(size + ALIGN);
-    if (!ptr)
-        return ptr;
-    diff              = ((~(long)ptr)&(ALIGN - 1)) + 1;
-    ptr               = (char *)ptr + diff;
-    ((char *)ptr)[-1] = diff;
-#elif HAVE_POSIX_MEMALIGN
+#if HAVE_POSIX_MEMALIGN
     if (size) //OS X on SDK 10.6 has a broken posix_memalign implementation
     if (posix_memalign(&ptr, ALIGN, size))
         ptr = NULL;
@@ -144,25 +134,11 @@ void *av_malloc(size_t size)
 
 void *av_realloc(void *ptr, size_t size)
 {
-#if CONFIG_MEMALIGN_HACK
-    int diff;
-#endif
-
     /* let's disallow possibly ambiguous cases */
     if (size > (max_alloc_size - 32))
         return NULL;
 
-#if CONFIG_MEMALIGN_HACK
-    //FIXME this isn't aligned correctly, though it probably isn't needed
-    if (!ptr)
-        return av_malloc(size);
-    diff = ((char *)ptr)[-1];
-    av_assert0(diff>0 && diff<=ALIGN);
-    ptr = realloc((char *)ptr - diff, size + diff);
-    if (ptr)
-        ptr = (char *)ptr + diff;
-    return ptr;
-#elif HAVE_ALIGNED_MALLOC
+#if HAVE_ALIGNED_MALLOC
     return _aligned_realloc(ptr, size + !size, ALIGN);
 #else
     return realloc(ptr, size + !size);
@@ -227,13 +203,7 @@ int av_reallocp_array(void *ptr, size_t nmemb, size_t size)
 
 void av_free(void *ptr)
 {
-#if CONFIG_MEMALIGN_HACK
-    if (ptr) {
-        int v= ((char *)ptr)[-1];
-        av_assert0(v>0 && v<=ALIGN);
-        free((char *)ptr - v);
-    }
-#elif HAVE_ALIGNED_MALLOC
+#if HAVE_ALIGNED_MALLOC
     _aligned_free(ptr);
 #else
     free(ptr);
diff --git a/media/ffvpx/libavutil/mem.h b/media/ffvpx/libavutil/mem.h
index f9d888478..527cd0319 100644
--- a/media/ffvpx/libavutil/mem.h
+++ b/media/ffvpx/libavutil/mem.h
@@ -97,7 +97,10 @@
     #define DECLARE_ASM_CONST(n,t,v)                    \
         AV_PRAGMA(DATA_ALIGN(v,n))                      \
         static const t __attribute__((aligned(n))) v
-#elif defined(__GNUC__)
+#elif defined(__DJGPP__)
+    #define DECLARE_ALIGNED(n,t,v)      t __attribute__ ((aligned (FFMIN(n, 16)))) v
+    #define DECLARE_ASM_CONST(n,t,v)    static const t av_used __attribute__ ((aligned (FFMIN(n, 16)))) v
+#elif defined(__GNUC__) || defined(__clang__)
     #define DECLARE_ALIGNED(n,t,v)      t __attribute__ ((aligned (n))) v
     #define DECLARE_ASM_CONST(n,t,v)    static const t av_used __attribute__ ((aligned (n))) v
 #elif defined(_MSC_VER)
diff --git a/media/ffvpx/libavutil/motion_vector.h b/media/ffvpx/libavutil/motion_vector.h
deleted file mode 100644
index ec2955638..000000000
--- a/media/ffvpx/libavutil/motion_vector.h
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * This file is part of FFmpeg.
- *
- * FFmpeg is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * FFmpeg is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with FFmpeg; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
-
-#ifndef AVUTIL_MOTION_VECTOR_H
-#define AVUTIL_MOTION_VECTOR_H
-
-#include <stdint.h>
-
-typedef struct AVMotionVector {
-    /**
-     * Where the current macroblock comes from; negative value when it comes
-     * from the past, positive value when it comes from the future.
-     * XXX: set exact relative ref frame reference instead of a +/- 1 "direction".
-     */
-    int32_t source;
-    /**
-     * Width and height of the block.
-     */
-    uint8_t w, h;
-    /**
-     * Absolute source position. Can be outside the frame area.
-     */
-    int16_t src_x, src_y;
-    /**
-     * Absolute destination position. Can be outside the frame area.
-     */
-    int16_t dst_x, dst_y;
-    /**
-     * Extra flag information.
-     * Currently unused.
-     */
-    uint64_t flags;
-    /**
-     * Motion vector
-     * src_x = dst_x + motion_x / motion_scale
-     * src_y = dst_y + motion_y / motion_scale
-     */
-    int32_t motion_x, motion_y;
-    uint16_t motion_scale;
-} AVMotionVector;
-
-#endif /* AVUTIL_MOTION_VECTOR_H */
diff --git a/media/ffvpx/libavutil/moz.build b/media/ffvpx/libavutil/moz.build
index edc0888b1..201b62fed 100644
--- a/media/ffvpx/libavutil/moz.build
+++ b/media/ffvpx/libavutil/moz.build
@@ -22,7 +22,6 @@ SOURCES += [
     'cpu.c',
     'crc.c',
     'dict.c',
-    'display.c',
     'dummy_funcs.c',
     'error.c',
     'eval.c',
@@ -38,12 +37,14 @@ SOURCES += [
     'log2_tab.c',
     'mathematics.c',
     'mem.c',
+    'opt.c',
     'parseutils.c',
     'pixdesc.c',
     'pixelutils.c',
     'rational.c',
     'reverse.c',
     'samplefmt.c',
+    'slicethread.c',
     'threadmessage.c',
     'time.c',
     'timecode.c',
diff --git a/media/ffvpx/libavutil/opt.c b/media/ffvpx/libavutil/opt.c
new file mode 100644
index 000000000..df88663e3
--- /dev/null
+++ b/media/ffvpx/libavutil/opt.c
@@ -0,0 +1,2025 @@
+/*
+ * AVOptions
+ * Copyright (c) 2005 Michael Niedermayer <michaelni@gmx.at>
+ *
+ * This file is part of FFmpeg.
+ *
+ * FFmpeg is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * FFmpeg is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with FFmpeg; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+/**
+ * @file
+ * AVOptions
+ * @author Michael Niedermayer <michaelni@gmx.at>
+ */
+
+#include "avutil.h"
+#include "avassert.h"
+#include "avstring.h"
+#include "channel_layout.h"
+#include "common.h"
+#include "dict.h"
+#include "eval.h"
+#include "log.h"
+#include "parseutils.h"
+#include "pixdesc.h"
+#include "mathematics.h"
+#include "opt.h"
+#include "samplefmt.h"
+#include "bprint.h"
+
+#include <float.h>
+
+const AVOption *av_opt_next(const void *obj, const AVOption *last)
+{
+    const AVClass *class;
+    if (!obj)
+        return NULL;
+    class = *(const AVClass**)obj;
+    if (!last && class && class->option && class->option[0].name)
+        return class->option;
+    if (last && last[1].name)
+        return ++last;
+    return NULL;
+}
+
+static int read_number(const AVOption *o, const void *dst, double *num, int *den, int64_t *intnum)
+{
+    switch (o->type) {
+    case AV_OPT_TYPE_FLAGS:
+        *intnum = *(unsigned int*)dst;
+        return 0;
+    case AV_OPT_TYPE_PIXEL_FMT:
+        *intnum = *(enum AVPixelFormat *)dst;
+        return 0;
+    case AV_OPT_TYPE_SAMPLE_FMT:
+        *intnum = *(enum AVSampleFormat *)dst;
+        return 0;
+    case AV_OPT_TYPE_BOOL:
+    case AV_OPT_TYPE_INT:
+        *intnum = *(int *)dst;
+        return 0;
+    case AV_OPT_TYPE_CHANNEL_LAYOUT:
+    case AV_OPT_TYPE_DURATION:
+    case AV_OPT_TYPE_INT64:
+    case AV_OPT_TYPE_UINT64:
+        *intnum = *(int64_t *)dst;
+        return 0;
+    case AV_OPT_TYPE_FLOAT:
+        *num = *(float *)dst;
+        return 0;
+    case AV_OPT_TYPE_DOUBLE:
+        *num = *(double *)dst;
+        return 0;
+    case AV_OPT_TYPE_RATIONAL:
+        *intnum = ((AVRational *)dst)->num;
+        *den    = ((AVRational *)dst)->den;
+        return 0;
+    case AV_OPT_TYPE_CONST:
+        *num = o->default_val.dbl;
+        return 0;
+    }
+    return AVERROR(EINVAL);
+}
+
+static int write_number(void *obj, const AVOption *o, void *dst, double num, int den, int64_t intnum)
+{
+    if (o->type != AV_OPT_TYPE_FLAGS &&
+        (!den || o->max * den < num * intnum || o->min * den > num * intnum)) {
+        num = den ? num * intnum / den : (num && intnum ? INFINITY : NAN);
+        av_log(obj, AV_LOG_ERROR, "Value %f for parameter '%s' out of range [%g - %g]\n",
+               num, o->name, o->min, o->max);
+        return AVERROR(ERANGE);
+    }
+    if (o->type == AV_OPT_TYPE_FLAGS) {
+        double d = num*intnum/den;
+        if (d < -1.5 || d > 0xFFFFFFFF+0.5 || (llrint(d*256) & 255)) {
+            av_log(obj, AV_LOG_ERROR,
+                   "Value %f for parameter '%s' is not a valid set of 32bit integer flags\n",
+                   num*intnum/den, o->name);
+            return AVERROR(ERANGE);
+        }
+    }
+
+    switch (o->type) {
+    case AV_OPT_TYPE_PIXEL_FMT:
+        *(enum AVPixelFormat *)dst = llrint(num / den) * intnum;
+        break;
+    case AV_OPT_TYPE_SAMPLE_FMT:
+        *(enum AVSampleFormat *)dst = llrint(num / den) * intnum;
+        break;
+    case AV_OPT_TYPE_BOOL:
+    case AV_OPT_TYPE_FLAGS:
+    case AV_OPT_TYPE_INT:
+        *(int *)dst = llrint(num / den) * intnum;
+        break;
+    case AV_OPT_TYPE_DURATION:
+    case AV_OPT_TYPE_CHANNEL_LAYOUT:
+    case AV_OPT_TYPE_INT64:{
+        double d = num / den;
+        if (intnum == 1 && d == (double)INT64_MAX) {
+            *(int64_t *)dst = INT64_MAX;
+        } else
+            *(int64_t *)dst = llrint(d) * intnum;
+        break;}
+    case AV_OPT_TYPE_UINT64:{
+        double d = num / den;
+        // We must special case uint64_t here as llrint() does not support values
+        // outside the int64_t range and there is no portable function which does
+        // "INT64_MAX + 1ULL" is used as it is representable exactly as IEEE double
+        // while INT64_MAX is not
+        if (intnum == 1 && d == (double)UINT64_MAX) {
+            *(uint64_t *)dst = UINT64_MAX;
+        } else if (d > INT64_MAX + 1ULL) {
+            *(uint64_t *)dst = (llrint(d - (INT64_MAX + 1ULL)) + (INT64_MAX + 1ULL))*intnum;
+        } else {
+            *(uint64_t *)dst = llrint(d) * intnum;
+        }
+        break;}
+    case AV_OPT_TYPE_FLOAT:
+        *(float *)dst = num * intnum / den;
+        break;
+    case AV_OPT_TYPE_DOUBLE:
+        *(double    *)dst = num * intnum / den;
+        break;
+    case AV_OPT_TYPE_RATIONAL:
+    case AV_OPT_TYPE_VIDEO_RATE:
+        if ((int) num == num)
+            *(AVRational *)dst = (AVRational) { num *intnum, den };
+        else
+            *(AVRational *)dst = av_d2q(num * intnum / den, 1 << 24);
+        break;
+    default:
+        return AVERROR(EINVAL);
+    }
+    return 0;
+}
+
+static int hexchar2int(char c) {
+    if (c >= '0' && c <= '9')
+        return c - '0';
+    if (c >= 'a' && c <= 'f')
+        return c - 'a' + 10;
+    if (c >= 'A' && c <= 'F')
+        return c - 'A' + 10;
+    return -1;
+}
+
+static int set_string_binary(void *obj, const AVOption *o, const char *val, uint8_t **dst)
+{
+    int *lendst = (int *)(dst + 1);
+    uint8_t *bin, *ptr;
+    int len;
+
+    av_freep(dst);
+    *lendst = 0;
+
+    if (!val || !(len = strlen(val)))
+        return 0;
+
+    if (len & 1)
+        return AVERROR(EINVAL);
+    len /= 2;
+
+    ptr = bin = av_malloc(len);
+    if (!ptr)
+        return AVERROR(ENOMEM);
+    while (*val) {
+        int a = hexchar2int(*val++);
+        int b = hexchar2int(*val++);
+        if (a < 0 || b < 0) {
+            av_free(bin);
+            return AVERROR(EINVAL);
+        }
+        *ptr++ = (a << 4) | b;
+    }
+    *dst    = bin;
+    *lendst = len;
+
+    return 0;
+}
+
+static int set_string(void *obj, const AVOption *o, const char *val, uint8_t **dst)
+{
+    av_freep(dst);
+    *dst = av_strdup(val);
+    return *dst ? 0 : AVERROR(ENOMEM);
+}
+
+#define DEFAULT_NUMVAL(opt) ((opt->type == AV_OPT_TYPE_INT64 || \
+                              opt->type == AV_OPT_TYPE_UINT64 || \
+                              opt->type == AV_OPT_TYPE_CONST || \
+                              opt->type == AV_OPT_TYPE_FLAGS || \
+                              opt->type == AV_OPT_TYPE_INT)     \
+                             ? opt->default_val.i64             \
+                             : opt->default_val.dbl)
+
+static int set_string_number(void *obj, void *target_obj, const AVOption *o, const char *val, void *dst)
+{
+    int ret = 0;
+    int num, den;
+    char c;
+
+    if (sscanf(val, "%d%*1[:/]%d%c", &num, &den, &c) == 2) {
+        if ((ret = write_number(obj, o, dst, 1, den, num)) >= 0)
+            return ret;
+        ret = 0;
+    }
+
+    for (;;) {
+        int i = 0;
+        char buf[256];
+        int cmd = 0;
+        double d;
+        int64_t intnum = 1;
+
+        if (o->type == AV_OPT_TYPE_FLAGS) {
+            if (*val == '+' || *val == '-')
+                cmd = *(val++);
+            for (; i < sizeof(buf) - 1 && val[i] && val[i] != '+' && val[i] != '-'; i++)
+                buf[i] = val[i];
+            buf[i] = 0;
+        }
+
+        {
+            const AVOption *o_named = av_opt_find(target_obj, i ? buf : val, o->unit, 0, 0);
+            int res;
+            int ci = 0;
+            double const_values[64];
+            const char * const_names[64];
+            if (o_named && o_named->type == AV_OPT_TYPE_CONST)
+                d = DEFAULT_NUMVAL(o_named);
+            else {
+                if (o->unit) {
+                    for (o_named = NULL; o_named = av_opt_next(target_obj, o_named); ) {
+                        if (o_named->type == AV_OPT_TYPE_CONST &&
+                            o_named->unit &&
+                            !strcmp(o_named->unit, o->unit)) {
+                            if (ci + 6 >= FF_ARRAY_ELEMS(const_values)) {
+                                av_log(obj, AV_LOG_ERROR, "const_values array too small for %s\n", o->unit);
+                                return AVERROR_PATCHWELCOME;
+                            }
+                            const_names [ci  ] = o_named->name;
+                            const_values[ci++] = DEFAULT_NUMVAL(o_named);
+                        }
+                    }
+                }
+                const_names [ci  ] = "default";
+                const_values[ci++] = DEFAULT_NUMVAL(o);
+                const_names [ci  ] = "max";
+                const_values[ci++] = o->max;
+                const_names [ci  ] = "min";
+                const_values[ci++] = o->min;
+                const_names [ci  ] = "none";
+                const_values[ci++] = 0;
+                const_names [ci  ] = "all";
+                const_values[ci++] = ~0;
+                const_names [ci] = NULL;
+                const_values[ci] = 0;
+
+                res = av_expr_parse_and_eval(&d, i ? buf : val, const_names,
+                                            const_values, NULL, NULL, NULL, NULL, NULL, 0, obj);
+                if (res < 0) {
+                    av_log(obj, AV_LOG_ERROR, "Unable to parse option value \"%s\"\n", val);
+                    return res;
+                }
+            }
+        }
+        if (o->type == AV_OPT_TYPE_FLAGS) {
+            read_number(o, dst, NULL, NULL, &intnum);
+            if (cmd == '+')
+                d = intnum | (int64_t)d;
+            else if (cmd == '-')
+                d = intnum &~(int64_t)d;
+        }
+
+        if ((ret = write_number(obj, o, dst, d, 1, 1)) < 0)
+            return ret;
+        val += i;
+        if (!i || !*val)
+            return 0;
+    }
+}
+
+static int set_string_image_size(void *obj, const AVOption *o, const char *val, int *dst)
+{
+    int ret;
+
+    if (!val || !strcmp(val, "none")) {
+        dst[0] =
+        dst[1] = 0;
+        return 0;
+    }
+    ret = av_parse_video_size(dst, dst + 1, val);
+    if (ret < 0)
+        av_log(obj, AV_LOG_ERROR, "Unable to parse option value \"%s\" as image size\n", val);
+    return ret;
+}
+
+static int set_string_video_rate(void *obj, const AVOption *o, const char *val, AVRational *dst)
+{
+    int ret;
+    if (!val) {
+        ret = AVERROR(EINVAL);
+    } else {
+        ret = av_parse_video_rate(dst, val);
+    }
+    if (ret < 0)
+        av_log(obj, AV_LOG_ERROR, "Unable to parse option value \"%s\" as video rate\n", val);
+    return ret;
+}
+
+static int set_string_color(void *obj, const AVOption *o, const char *val, uint8_t *dst)
+{
+    int ret;
+
+    if (!val) {
+        return 0;
+    } else {
+        ret = av_parse_color(dst, val, -1, obj);
+        if (ret < 0)
+            av_log(obj, AV_LOG_ERROR, "Unable to parse option value \"%s\" as color\n", val);
+        return ret;
+    }
+    return 0;
+}
+
+static const char *get_bool_name(int val)
+{
+    if (val < 0)
+        return "auto";
+    return val ? "true" : "false";
+}
+
+static int set_string_bool(void *obj, const AVOption *o, const char *val, int *dst)
+{
+    int n;
+
+    if (!val)
+        return 0;
+
+    if (!strcmp(val, "auto")) {
+        n = -1;
+    } else if (av_match_name(val, "true,y,yes,enable,enabled,on")) {
+        n = 1;
+    } else if (av_match_name(val, "false,n,no,disable,disabled,off")) {
+        n = 0;
+    } else {
+        char *end = NULL;
+        n = strtol(val, &end, 10);
+        if (val + strlen(val) != end)
+            goto fail;
+    }
+
+    if (n < o->min || n > o->max)
+        goto fail;
+
+    *dst = n;
+    return 0;
+
+fail:
+    av_log(obj, AV_LOG_ERROR, "Unable to parse option value \"%s\" as boolean\n", val);
+    return AVERROR(EINVAL);
+}
+
+static int set_string_fmt(void *obj, const AVOption *o, const char *val, uint8_t *dst,
+                          int fmt_nb, int ((*get_fmt)(const char *)), const char *desc)
+{
+    int fmt, min, max;
+
+    if (!val || !strcmp(val, "none")) {
+        fmt = -1;
+    } else {
+        fmt = get_fmt(val);
+        if (fmt == -1) {
+            char *tail;
+            fmt = strtol(val, &tail, 0);
+            if (*tail || (unsigned)fmt >= fmt_nb) {
+                av_log(obj, AV_LOG_ERROR,
+                       "Unable to parse option value \"%s\" as %s\n", val, desc);
+                return AVERROR(EINVAL);
+            }
+        }
+    }
+
+    min = FFMAX(o->min, -1);
+    max = FFMIN(o->max, fmt_nb-1);
+
+    // hack for compatibility with old ffmpeg
+    if(min == 0 && max == 0) {
+        min = -1;
+        max = fmt_nb-1;
+    }
+
+    if (fmt < min || fmt > max) {
+        av_log(obj, AV_LOG_ERROR,
+               "Value %d for parameter '%s' out of %s format range [%d - %d]\n",
+               fmt, o->name, desc, min, max);
+        return AVERROR(ERANGE);
+    }
+
+    *(int *)dst = fmt;
+    return 0;
+}
+
+static int set_string_pixel_fmt(void *obj, const AVOption *o, const char *val, uint8_t *dst)
+{
+    return set_string_fmt(obj, o, val, dst,
+                          AV_PIX_FMT_NB, av_get_pix_fmt, "pixel format");
+}
+
+static int set_string_sample_fmt(void *obj, const AVOption *o, const char *val, uint8_t *dst)
+{
+    return set_string_fmt(obj, o, val, dst,
+                          AV_SAMPLE_FMT_NB, av_get_sample_fmt, "sample format");
+}
+
+int av_opt_set(void *obj, const char *name, const char *val, int search_flags)
+{
+    int ret = 0;
+    void *dst, *target_obj;
+    const AVOption *o = av_opt_find2(obj, name, NULL, 0, search_flags, &target_obj);
+    if (!o || !target_obj)
+        return AVERROR_OPTION_NOT_FOUND;
+    if (!val && (o->type != AV_OPT_TYPE_STRING &&
+                 o->type != AV_OPT_TYPE_PIXEL_FMT && o->type != AV_OPT_TYPE_SAMPLE_FMT &&
+                 o->type != AV_OPT_TYPE_IMAGE_SIZE && o->type != AV_OPT_TYPE_VIDEO_RATE &&
+                 o->type != AV_OPT_TYPE_DURATION && o->type != AV_OPT_TYPE_COLOR &&
+                 o->type != AV_OPT_TYPE_CHANNEL_LAYOUT && o->type != AV_OPT_TYPE_BOOL))
+        return AVERROR(EINVAL);
+
+    if (o->flags & AV_OPT_FLAG_READONLY)
+        return AVERROR(EINVAL);
+
+    dst = ((uint8_t *)target_obj) + o->offset;
+    switch (o->type) {
+    case AV_OPT_TYPE_BOOL:
+        return set_string_bool(obj, o, val, dst);
+    case AV_OPT_TYPE_STRING:
+        return set_string(obj, o, val, dst);
+    case AV_OPT_TYPE_BINARY:
+        return set_string_binary(obj, o, val, dst);
+    case AV_OPT_TYPE_FLAGS:
+    case AV_OPT_TYPE_INT:
+    case AV_OPT_TYPE_INT64:
+    case AV_OPT_TYPE_UINT64:
+    case AV_OPT_TYPE_FLOAT:
+    case AV_OPT_TYPE_DOUBLE:
+    case AV_OPT_TYPE_RATIONAL:
+        return set_string_number(obj, target_obj, o, val, dst);
+    case AV_OPT_TYPE_IMAGE_SIZE:
+        return set_string_image_size(obj, o, val, dst);
+    case AV_OPT_TYPE_VIDEO_RATE: {
+        AVRational tmp;
+        ret = set_string_video_rate(obj, o, val, &tmp);
+        if (ret < 0)
+            return ret;
+        return write_number(obj, o, dst, 1, tmp.den, tmp.num);
+    }
+    case AV_OPT_TYPE_PIXEL_FMT:
+        return set_string_pixel_fmt(obj, o, val, dst);
+    case AV_OPT_TYPE_SAMPLE_FMT:
+        return set_string_sample_fmt(obj, o, val, dst);
+    case AV_OPT_TYPE_DURATION:
+        if (!val) {
+            *(int64_t *)dst = 0;
+            return 0;
+        } else {
+            if ((ret = av_parse_time(dst, val, 1)) < 0)
+                av_log(obj, AV_LOG_ERROR, "Unable to parse option value \"%s\" as duration\n", val);
+            return ret;
+        }
+        break;
+    case AV_OPT_TYPE_COLOR:
+        return set_string_color(obj, o, val, dst);
+    case AV_OPT_TYPE_CHANNEL_LAYOUT:
+        if (!val || !strcmp(val, "none")) {
+            *(int64_t *)dst = 0;
+        } else {
+            int64_t cl = av_get_channel_layout(val);
+            if (!cl) {
+                av_log(obj, AV_LOG_ERROR, "Unable to parse option value \"%s\" as channel layout\n", val);
+                ret = AVERROR(EINVAL);
+            }
+            *(int64_t *)dst = cl;
+            return ret;
+        }
+        break;
+    }
+
+    av_log(obj, AV_LOG_ERROR, "Invalid option type.\n");
+    return AVERROR(EINVAL);
+}
+
+#define OPT_EVAL_NUMBER(name, opttype, vartype)                         \
+int av_opt_eval_ ## name(void *obj, const AVOption *o,                  \
+                         const char *val, vartype *name ## _out)        \
+{                                                                       \
+    if (!o || o->type != opttype || o->flags & AV_OPT_FLAG_READONLY)    \
+        return AVERROR(EINVAL);                                         \
+    return set_string_number(obj, obj, o, val, name ## _out);           \
+}
+
+OPT_EVAL_NUMBER(flags,  AV_OPT_TYPE_FLAGS,    int)
+OPT_EVAL_NUMBER(int,    AV_OPT_TYPE_INT,      int)
+OPT_EVAL_NUMBER(int64,  AV_OPT_TYPE_INT64,    int64_t)
+OPT_EVAL_NUMBER(float,  AV_OPT_TYPE_FLOAT,    float)
+OPT_EVAL_NUMBER(double, AV_OPT_TYPE_DOUBLE,   double)
+OPT_EVAL_NUMBER(q,      AV_OPT_TYPE_RATIONAL, AVRational)
+
+static int set_number(void *obj, const char *name, double num, int den, int64_t intnum,
+                      int search_flags)
+{
+    void *dst, *target_obj;
+    const AVOption *o = av_opt_find2(obj, name, NULL, 0, search_flags, &target_obj);
+
+    if (!o || !target_obj)
+        return AVERROR_OPTION_NOT_FOUND;
+
+    if (o->flags & AV_OPT_FLAG_READONLY)
+        return AVERROR(EINVAL);
+
+    dst = ((uint8_t *)target_obj) + o->offset;
+    return write_number(obj, o, dst, num, den, intnum);
+}
+
+int av_opt_set_int(void *obj, const char *name, int64_t val, int search_flags)
+{
+    return set_number(obj, name, 1, 1, val, search_flags);
+}
+
+int av_opt_set_double(void *obj, const char *name, double val, int search_flags)
+{
+    return set_number(obj, name, val, 1, 1, search_flags);
+}
+
+int av_opt_set_q(void *obj, const char *name, AVRational val, int search_flags)
+{
+    return set_number(obj, name, val.num, val.den, 1, search_flags);
+}
+
+int av_opt_set_bin(void *obj, const char *name, const uint8_t *val, int len, int search_flags)
+{
+    void *target_obj;
+    const AVOption *o = av_opt_find2(obj, name, NULL, 0, search_flags, &target_obj);
+    uint8_t *ptr;
+    uint8_t **dst;
+    int *lendst;
+
+    if (!o || !target_obj)
+        return AVERROR_OPTION_NOT_FOUND;
+
+    if (o->type != AV_OPT_TYPE_BINARY || o->flags & AV_OPT_FLAG_READONLY)
+        return AVERROR(EINVAL);
+
+    ptr = len ? av_malloc(len) : NULL;
+    if (len && !ptr)
+        return AVERROR(ENOMEM);
+
+    dst    = (uint8_t **)(((uint8_t *)target_obj) + o->offset);
+    lendst = (int *)(dst + 1);
+
+    av_free(*dst);
+    *dst    = ptr;
+    *lendst = len;
+    if (len)
+        memcpy(ptr, val, len);
+
+    return 0;
+}
+
+int av_opt_set_image_size(void *obj, const char *name, int w, int h, int search_flags)
+{
+    void *target_obj;
+    const AVOption *o = av_opt_find2(obj, name, NULL, 0, search_flags, &target_obj);
+
+    if (!o || !target_obj)
+        return AVERROR_OPTION_NOT_FOUND;
+    if (o->type != AV_OPT_TYPE_IMAGE_SIZE) {
+        av_log(obj, AV_LOG_ERROR,
+               "The value set by option '%s' is not an image size.\n", o->name);
+        return AVERROR(EINVAL);
+    }
+    if (w<0 || h<0) {
+        av_log(obj, AV_LOG_ERROR,
+               "Invalid negative size value %dx%d for size '%s'\n", w, h, o->name);
+        return AVERROR(EINVAL);
+    }
+    *(int *)(((uint8_t *)target_obj)             + o->offset) = w;
+    *(int *)(((uint8_t *)target_obj+sizeof(int)) + o->offset) = h;
+    return 0;
+}
+
+int av_opt_set_video_rate(void *obj, const char *name, AVRational val, int search_flags)
+{
+    void *target_obj;
+    const AVOption *o = av_opt_find2(obj, name, NULL, 0, search_flags, &target_obj);
+
+    if (!o || !target_obj)
+        return AVERROR_OPTION_NOT_FOUND;
+    if (o->type != AV_OPT_TYPE_VIDEO_RATE) {
+        av_log(obj, AV_LOG_ERROR,
+               "The value set by option '%s' is not a video rate.\n", o->name);
+        return AVERROR(EINVAL);
+    }
+    if (val.num <= 0 || val.den <= 0)
+        return AVERROR(EINVAL);
+    return set_number(obj, name, val.num, val.den, 1, search_flags);
+}
+
+static int set_format(void *obj, const char *name, int fmt, int search_flags,
+                      enum AVOptionType type, const char *desc, int nb_fmts)
+{
+    void *target_obj;
+    const AVOption *o = av_opt_find2(obj, name, NULL, 0,
+                                     search_flags, &target_obj);
+    int min, max;
+
+    if (!o || !target_obj)
+        return AVERROR_OPTION_NOT_FOUND;
+    if (o->type != type) {
+        av_log(obj, AV_LOG_ERROR,
+               "The value set by option '%s' is not a %s format", name, desc);
+        return AVERROR(EINVAL);
+    }
+
+    min = FFMAX(o->min, -1);
+    max = FFMIN(o->max, nb_fmts-1);
+
+    if (fmt < min || fmt > max) {
+        av_log(obj, AV_LOG_ERROR,
+               "Value %d for parameter '%s' out of %s format range [%d - %d]\n",
+               fmt, name, desc, min, max);
+        return AVERROR(ERANGE);
+    }
+    *(int *)(((uint8_t *)target_obj) + o->offset) = fmt;
+    return 0;
+}
+
+int av_opt_set_pixel_fmt(void *obj, const char *name, enum AVPixelFormat fmt, int search_flags)
+{
+    return set_format(obj, name, fmt, search_flags, AV_OPT_TYPE_PIXEL_FMT, "pixel", AV_PIX_FMT_NB);
+}
+
+int av_opt_set_sample_fmt(void *obj, const char *name, enum AVSampleFormat fmt, int search_flags)
+{
+    return set_format(obj, name, fmt, search_flags, AV_OPT_TYPE_SAMPLE_FMT, "sample", AV_SAMPLE_FMT_NB);
+}
+
+int av_opt_set_channel_layout(void *obj, const char *name, int64_t cl, int search_flags)
+{
+    void *target_obj;
+    const AVOption *o = av_opt_find2(obj, name, NULL, 0, search_flags, &target_obj);
+
+    if (!o || !target_obj)
+        return AVERROR_OPTION_NOT_FOUND;
+    if (o->type != AV_OPT_TYPE_CHANNEL_LAYOUT) {
+        av_log(obj, AV_LOG_ERROR,
+               "The value set by option '%s' is not a channel layout.\n", o->name);
+        return AVERROR(EINVAL);
+    }
+    *(int64_t *)(((uint8_t *)target_obj) + o->offset) = cl;
+    return 0;
+}
+
+int av_opt_set_dict_val(void *obj, const char *name, const AVDictionary *val,
+                        int search_flags)
+{
+    void *target_obj;
+    AVDictionary **dst;
+    const AVOption *o = av_opt_find2(obj, name, NULL, 0, search_flags, &target_obj);
+
+    if (!o || !target_obj)
+        return AVERROR_OPTION_NOT_FOUND;
+    if (o->flags & AV_OPT_FLAG_READONLY)
+        return AVERROR(EINVAL);
+
+    dst = (AVDictionary **)(((uint8_t *)target_obj) + o->offset);
+    av_dict_free(dst);
+    av_dict_copy(dst, val, 0);
+
+    return 0;
+}
+
+static void format_duration(char *buf, size_t size, int64_t d)
+{
+    char *e;
+
+    av_assert0(size >= 25);
+    if (d < 0 && d != INT64_MIN) {
+        *(buf++) = '-';
+        size--;
+        d = -d;
+    }
+    if (d == INT64_MAX)
+        snprintf(buf, size, "INT64_MAX");
+    else if (d == INT64_MIN)
+        snprintf(buf, size, "INT64_MIN");
+    else if (d > (int64_t)3600*1000000)
+        snprintf(buf, size, "%"PRId64":%02d:%02d.%06d", d / 3600000000,
+                 (int)((d / 60000000) % 60),
+                 (int)((d / 1000000) % 60),
+                 (int)(d % 1000000));
+    else if (d > 60*1000000)
+        snprintf(buf, size, "%d:%02d.%06d",
+                 (int)(d / 60000000),
+                 (int)((d / 1000000) % 60),
+                 (int)(d % 1000000));
+    else
+        snprintf(buf, size, "%d.%06d",
+                 (int)(d / 1000000),
+                 (int)(d % 1000000));
+    e = buf + strlen(buf);
+    while (e > buf && e[-1] == '0')
+        *(--e) = 0;
+    if (e > buf && e[-1] == '.')
+        *(--e) = 0;
+}
+
+int av_opt_get(void *obj, const char *name, int search_flags, uint8_t **out_val)
+{
+    void *dst, *target_obj;
+    const AVOption *o = av_opt_find2(obj, name, NULL, 0, search_flags, &target_obj);
+    uint8_t *bin, buf[128];
+    int len, i, ret;
+    int64_t i64;
+
+    if (!o || !target_obj || (o->offset<=0 && o->type != AV_OPT_TYPE_CONST))
+        return AVERROR_OPTION_NOT_FOUND;
+
+    dst = (uint8_t *)target_obj + o->offset;
+
+    buf[0] = 0;
+    switch (o->type) {
+    case AV_OPT_TYPE_BOOL:
+        ret = snprintf(buf, sizeof(buf), "%s", (char *)av_x_if_null(get_bool_name(*(int *)dst), "invalid"));
+        break;
+    case AV_OPT_TYPE_FLAGS:
+        ret = snprintf(buf, sizeof(buf), "0x%08X", *(int *)dst);
+        break;
+    case AV_OPT_TYPE_INT:
+        ret = snprintf(buf, sizeof(buf), "%d", *(int *)dst);
+        break;
+    case AV_OPT_TYPE_INT64:
+        ret = snprintf(buf, sizeof(buf), "%"PRId64, *(int64_t *)dst);
+        break;
+    case AV_OPT_TYPE_UINT64:
+        ret = snprintf(buf, sizeof(buf), "%"PRIu64, *(uint64_t *)dst);
+        break;
+    case AV_OPT_TYPE_FLOAT:
+        ret = snprintf(buf, sizeof(buf), "%f", *(float *)dst);
+        break;
+    case AV_OPT_TYPE_DOUBLE:
+        ret = snprintf(buf, sizeof(buf), "%f", *(double *)dst);
+        break;
+    case AV_OPT_TYPE_VIDEO_RATE:
+    case AV_OPT_TYPE_RATIONAL:
+        ret = snprintf(buf, sizeof(buf), "%d/%d", ((AVRational *)dst)->num, ((AVRational *)dst)->den);
+        break;
+    case AV_OPT_TYPE_CONST:
+        ret = snprintf(buf, sizeof(buf), "%f", o->default_val.dbl);
+        break;
+    case AV_OPT_TYPE_STRING:
+        if (*(uint8_t **)dst) {
+            *out_val = av_strdup(*(uint8_t **)dst);
+        } else if (search_flags & AV_OPT_ALLOW_NULL) {
+            *out_val = NULL;
+            return 0;
+        } else {
+            *out_val = av_strdup("");
+        }
+        return *out_val ? 0 : AVERROR(ENOMEM);
+    case AV_OPT_TYPE_BINARY:
+        if (!*(uint8_t **)dst && (search_flags & AV_OPT_ALLOW_NULL)) {
+            *out_val = NULL;
+            return 0;
+        }
+        len = *(int *)(((uint8_t *)dst) + sizeof(uint8_t *));
+        if ((uint64_t)len * 2 + 1 > INT_MAX)
+            return AVERROR(EINVAL);
+        if (!(*out_val = av_malloc(len * 2 + 1)))
+            return AVERROR(ENOMEM);
+        if (!len) {
+            *out_val[0] = '\0';
+            return 0;
+        }
+        bin = *(uint8_t **)dst;
+        for (i = 0; i < len; i++)
+            snprintf(*out_val + i * 2, 3, "%02X", bin[i]);
+        return 0;
+    case AV_OPT_TYPE_IMAGE_SIZE:
+        ret = snprintf(buf, sizeof(buf), "%dx%d", ((int *)dst)[0], ((int *)dst)[1]);
+        break;
+    case AV_OPT_TYPE_PIXEL_FMT:
+        ret = snprintf(buf, sizeof(buf), "%s", (char *)av_x_if_null(av_get_pix_fmt_name(*(enum AVPixelFormat *)dst), "none"));
+        break;
+    case AV_OPT_TYPE_SAMPLE_FMT:
+        ret = snprintf(buf, sizeof(buf), "%s", (char *)av_x_if_null(av_get_sample_fmt_name(*(enum AVSampleFormat *)dst), "none"));
+        break;
+    case AV_OPT_TYPE_DURATION:
+        i64 = *(int64_t *)dst;
+        format_duration(buf, sizeof(buf), i64);
+        ret = strlen(buf); // no overflow possible, checked by an assert
+        break;
+    case AV_OPT_TYPE_COLOR:
+        ret = snprintf(buf, sizeof(buf), "0x%02x%02x%02x%02x",
+                       (int)((uint8_t *)dst)[0], (int)((uint8_t *)dst)[1],
+                       (int)((uint8_t *)dst)[2], (int)((uint8_t *)dst)[3]);
+        break;
+    case AV_OPT_TYPE_CHANNEL_LAYOUT:
+        i64 = *(int64_t *)dst;
+        ret = snprintf(buf, sizeof(buf), "0x%"PRIx64, i64);
+        break;
+    default:
+        return AVERROR(EINVAL);
+    }
+
+    if (ret >= sizeof(buf))
+        return AVERROR(EINVAL);
+    *out_val = av_strdup(buf);
+    return *out_val ? 0 : AVERROR(ENOMEM);
+}
+
+static int get_number(void *obj, const char *name, const AVOption **o_out, double *num, int *den, int64_t *intnum,
+                      int search_flags)
+{
+    void *dst, *target_obj;
+    const AVOption *o = av_opt_find2(obj, name, NULL, 0, search_flags, &target_obj);
+    if (!o || !target_obj)
+        goto error;
+
+    dst = ((uint8_t *)target_obj) + o->offset;
+
+    if (o_out) *o_out= o;
+
+    return read_number(o, dst, num, den, intnum);
+
+error:
+    *den    =
+    *intnum = 0;
+    return -1;
+}
+
+int av_opt_get_int(void *obj, const char *name, int search_flags, int64_t *out_val)
+{
+    int64_t intnum = 1;
+    double num = 1;
+    int ret, den = 1;
+
+    if ((ret = get_number(obj, name, NULL, &num, &den, &intnum, search_flags)) < 0)
+        return ret;
+    *out_val = num * intnum / den;
+    return 0;
+}
+
+int av_opt_get_double(void *obj, const char *name, int search_flags, double *out_val)
+{
+    int64_t intnum = 1;
+    double num = 1;
+    int ret, den = 1;
+
+    if ((ret = get_number(obj, name, NULL, &num, &den, &intnum, search_flags)) < 0)
+        return ret;
+    *out_val = num * intnum / den;
+    return 0;
+}
+
+int av_opt_get_q(void *obj, const char *name, int search_flags, AVRational *out_val)
+{
+    int64_t intnum = 1;
+    double num = 1;
+    int ret, den = 1;
+
+    if ((ret = get_number(obj, name, NULL, &num, &den, &intnum, search_flags)) < 0)
+        return ret;
+
+    if (num == 1.0 && (int)intnum == intnum)
+        *out_val = (AVRational){intnum, den};
+    else
+        *out_val = av_d2q(num*intnum/den, 1<<24);
+    return 0;
+}
+
+int av_opt_get_image_size(void *obj, const char *name, int search_flags, int *w_out, int *h_out)
+{
+    void *dst, *target_obj;
+    const AVOption *o = av_opt_find2(obj, name, NULL, 0, search_flags, &target_obj);
+    if (!o || !target_obj)
+        return AVERROR_OPTION_NOT_FOUND;
+    if (o->type != AV_OPT_TYPE_IMAGE_SIZE) {
+        av_log(obj, AV_LOG_ERROR,
+               "The value for option '%s' is not an image size.\n", name);
+        return AVERROR(EINVAL);
+    }
+
+    dst = ((uint8_t*)target_obj) + o->offset;
+    if (w_out) *w_out = *(int *)dst;
+    if (h_out) *h_out = *((int *)dst+1);
+    return 0;
+}
+
+int av_opt_get_video_rate(void *obj, const char *name, int search_flags, AVRational *out_val)
+{
+    int64_t intnum = 1;
+    double     num = 1;
+    int   ret, den = 1;
+
+    if ((ret = get_number(obj, name, NULL, &num, &den, &intnum, search_flags)) < 0)
+        return ret;
+
+    if (num == 1.0 && (int)intnum == intnum)
+        *out_val = (AVRational) { intnum, den };
+    else
+        *out_val = av_d2q(num * intnum / den, 1 << 24);
+    return 0;
+}
+
+static int get_format(void *obj, const char *name, int search_flags, int *out_fmt,
+                      enum AVOptionType type, const char *desc)
+{
+    void *dst, *target_obj;
+    const AVOption *o = av_opt_find2(obj, name, NULL, 0, search_flags, &target_obj);
+    if (!o || !target_obj)
+        return AVERROR_OPTION_NOT_FOUND;
+    if (o->type != type) {
+        av_log(obj, AV_LOG_ERROR,
+               "The value for option '%s' is not a %s format.\n", desc, name);
+        return AVERROR(EINVAL);
+    }
+
+    dst = ((uint8_t*)target_obj) + o->offset;
+    *out_fmt = *(int *)dst;
+    return 0;
+}
+
+int av_opt_get_pixel_fmt(void *obj, const char *name, int search_flags, enum AVPixelFormat *out_fmt)
+{
+    return get_format(obj, name, search_flags, out_fmt, AV_OPT_TYPE_PIXEL_FMT, "pixel");
+}
+
+int av_opt_get_sample_fmt(void *obj, const char *name, int search_flags, enum AVSampleFormat *out_fmt)
+{
+    return get_format(obj, name, search_flags, out_fmt, AV_OPT_TYPE_SAMPLE_FMT, "sample");
+}
+
+int av_opt_get_channel_layout(void *obj, const char *name, int search_flags, int64_t *cl)
+{
+    void *dst, *target_obj;
+    const AVOption *o = av_opt_find2(obj, name, NULL, 0, search_flags, &target_obj);
+    if (!o || !target_obj)
+        return AVERROR_OPTION_NOT_FOUND;
+    if (o->type != AV_OPT_TYPE_CHANNEL_LAYOUT) {
+        av_log(obj, AV_LOG_ERROR,
+               "The value for option '%s' is not a channel layout.\n", name);
+        return AVERROR(EINVAL);
+    }
+
+    dst = ((uint8_t*)target_obj) + o->offset;
+    *cl = *(int64_t *)dst;
+    return 0;
+}
+
+int av_opt_get_dict_val(void *obj, const char *name, int search_flags, AVDictionary **out_val)
+{
+    void *target_obj;
+    AVDictionary *src;
+    const AVOption *o = av_opt_find2(obj, name, NULL, 0, search_flags, &target_obj);
+
+    if (!o || !target_obj)
+        return AVERROR_OPTION_NOT_FOUND;
+    if (o->type != AV_OPT_TYPE_DICT)
+        return AVERROR(EINVAL);
+
+    src = *(AVDictionary **)(((uint8_t *)target_obj) + o->offset);
+    av_dict_copy(out_val, src, 0);
+
+    return 0;
+}
+
+int av_opt_flag_is_set(void *obj, const char *field_name, const char *flag_name)
+{
+    const AVOption *field = av_opt_find(obj, field_name, NULL, 0, 0);
+    const AVOption *flag  = av_opt_find(obj, flag_name,
+                                        field ? field->unit : NULL, 0, 0);
+    int64_t res;
+
+    if (!field || !flag || flag->type != AV_OPT_TYPE_CONST ||
+        av_opt_get_int(obj, field_name, 0, &res) < 0)
+        return 0;
+    return res & flag->default_val.i64;
+}
+
+static void log_value(void *av_log_obj, int level, double d)
+{
+    if      (d == INT_MAX) {
+        av_log(av_log_obj, level, "INT_MAX");
+    } else if (d == INT_MIN) {
+        av_log(av_log_obj, level, "INT_MIN");
+    } else if (d == UINT32_MAX) {
+        av_log(av_log_obj, level, "UINT32_MAX");
+    } else if (d == (double)INT64_MAX) {
+        av_log(av_log_obj, level, "I64_MAX");
+    } else if (d == INT64_MIN) {
+        av_log(av_log_obj, level, "I64_MIN");
+    } else if (d == FLT_MAX) {
+        av_log(av_log_obj, level, "FLT_MAX");
+    } else if (d == FLT_MIN) {
+        av_log(av_log_obj, level, "FLT_MIN");
+    } else if (d == -FLT_MAX) {
+        av_log(av_log_obj, level, "-FLT_MAX");
+    } else if (d == -FLT_MIN) {
+        av_log(av_log_obj, level, "-FLT_MIN");
+    } else if (d == DBL_MAX) {
+        av_log(av_log_obj, level, "DBL_MAX");
+    } else if (d == DBL_MIN) {
+        av_log(av_log_obj, level, "DBL_MIN");
+    } else if (d == -DBL_MAX) {
+        av_log(av_log_obj, level, "-DBL_MAX");
+    } else if (d == -DBL_MIN) {
+        av_log(av_log_obj, level, "-DBL_MIN");
+    } else {
+        av_log(av_log_obj, level, "%g", d);
+    }
+}
+
+static const char *get_opt_const_name(void *obj, const char *unit, int64_t value)
+{
+    const AVOption *opt = NULL;
+
+    if (!unit)
+        return NULL;
+    while ((opt = av_opt_next(obj, opt)))
+        if (opt->type == AV_OPT_TYPE_CONST && !strcmp(opt->unit, unit) &&
+            opt->default_val.i64 == value)
+            return opt->name;
+    return NULL;
+}
+
+static char *get_opt_flags_string(void *obj, const char *unit, int64_t value)
+{
+    const AVOption *opt = NULL;
+    char flags[512];
+
+    flags[0] = 0;
+    if (!unit)
+        return NULL;
+    while ((opt = av_opt_next(obj, opt))) {
+        if (opt->type == AV_OPT_TYPE_CONST && !strcmp(opt->unit, unit) &&
+            opt->default_val.i64 & value) {
+            if (flags[0])
+                av_strlcatf(flags, sizeof(flags), "+");
+            av_strlcatf(flags, sizeof(flags), "%s", opt->name);
+        }
+    }
+    if (flags[0])
+        return av_strdup(flags);
+    return NULL;
+}
+
+static void opt_list(void *obj, void *av_log_obj, const char *unit,
+                     int req_flags, int rej_flags)
+{
+    const AVOption *opt = NULL;
+    AVOptionRanges *r;
+    int i;
+
+    while ((opt = av_opt_next(obj, opt))) {
+        if (!(opt->flags & req_flags) || (opt->flags & rej_flags))
+            continue;
+
+        /* Don't print CONST's on level one.
+         * Don't print anything but CONST's on level two.
+         * Only print items from the requested unit.
+         */
+        if (!unit && opt->type == AV_OPT_TYPE_CONST)
+            continue;
+        else if (unit && opt->type != AV_OPT_TYPE_CONST)
+            continue;
+        else if (unit && opt->type == AV_OPT_TYPE_CONST && strcmp(unit, opt->unit))
+            continue;
+        else if (unit && opt->type == AV_OPT_TYPE_CONST)
+            av_log(av_log_obj, AV_LOG_INFO, "     %-15s ", opt->name);
+        else
+            av_log(av_log_obj, AV_LOG_INFO, "  %s%-17s ",
+                   (opt->flags & AV_OPT_FLAG_FILTERING_PARAM) ? "" : "-",
+                   opt->name);
+
+        switch (opt->type) {
+            case AV_OPT_TYPE_FLAGS:
+                av_log(av_log_obj, AV_LOG_INFO, "%-12s ", "<flags>");
+                break;
+            case AV_OPT_TYPE_INT:
+                av_log(av_log_obj, AV_LOG_INFO, "%-12s ", "<int>");
+                break;
+            case AV_OPT_TYPE_INT64:
+                av_log(av_log_obj, AV_LOG_INFO, "%-12s ", "<int64>");
+                break;
+            case AV_OPT_TYPE_UINT64:
+                av_log(av_log_obj, AV_LOG_INFO, "%-12s ", "<uint64>");
+                break;
+            case AV_OPT_TYPE_DOUBLE:
+                av_log(av_log_obj, AV_LOG_INFO, "%-12s ", "<double>");
+                break;
+            case AV_OPT_TYPE_FLOAT:
+                av_log(av_log_obj, AV_LOG_INFO, "%-12s ", "<float>");
+                break;
+            case AV_OPT_TYPE_STRING:
+                av_log(av_log_obj, AV_LOG_INFO, "%-12s ", "<string>");
+                break;
+            case AV_OPT_TYPE_RATIONAL:
+                av_log(av_log_obj, AV_LOG_INFO, "%-12s ", "<rational>");
+                break;
+            case AV_OPT_TYPE_BINARY:
+                av_log(av_log_obj, AV_LOG_INFO, "%-12s ", "<binary>");
+                break;
+            case AV_OPT_TYPE_IMAGE_SIZE:
+                av_log(av_log_obj, AV_LOG_INFO, "%-12s ", "<image_size>");
+                break;
+            case AV_OPT_TYPE_VIDEO_RATE:
+                av_log(av_log_obj, AV_LOG_INFO, "%-12s ", "<video_rate>");
+                break;
+            case AV_OPT_TYPE_PIXEL_FMT:
+                av_log(av_log_obj, AV_LOG_INFO, "%-12s ", "<pix_fmt>");
+                break;
+            case AV_OPT_TYPE_SAMPLE_FMT:
+                av_log(av_log_obj, AV_LOG_INFO, "%-12s ", "<sample_fmt>");
+                break;
+            case AV_OPT_TYPE_DURATION:
+                av_log(av_log_obj, AV_LOG_INFO, "%-12s ", "<duration>");
+                break;
+            case AV_OPT_TYPE_COLOR:
+                av_log(av_log_obj, AV_LOG_INFO, "%-12s ", "<color>");
+                break;
+            case AV_OPT_TYPE_CHANNEL_LAYOUT:
+                av_log(av_log_obj, AV_LOG_INFO, "%-12s ", "<channel_layout>");
+                break;
+            case AV_OPT_TYPE_BOOL:
+                av_log(av_log_obj, AV_LOG_INFO, "%-12s ", "<boolean>");
+                break;
+            case AV_OPT_TYPE_CONST:
+            default:
+                av_log(av_log_obj, AV_LOG_INFO, "%-12s ", "");
+                break;
+        }
+        av_log(av_log_obj, AV_LOG_INFO, "%c", (opt->flags & AV_OPT_FLAG_ENCODING_PARAM) ? 'E' : '.');
+        av_log(av_log_obj, AV_LOG_INFO, "%c", (opt->flags & AV_OPT_FLAG_DECODING_PARAM) ? 'D' : '.');
+        av_log(av_log_obj, AV_LOG_INFO, "%c", (opt->flags & AV_OPT_FLAG_FILTERING_PARAM)? 'F' : '.');
+        av_log(av_log_obj, AV_LOG_INFO, "%c", (opt->flags & AV_OPT_FLAG_VIDEO_PARAM   ) ? 'V' : '.');
+        av_log(av_log_obj, AV_LOG_INFO, "%c", (opt->flags & AV_OPT_FLAG_AUDIO_PARAM   ) ? 'A' : '.');
+        av_log(av_log_obj, AV_LOG_INFO, "%c", (opt->flags & AV_OPT_FLAG_SUBTITLE_PARAM) ? 'S' : '.');
+        av_log(av_log_obj, AV_LOG_INFO, "%c", (opt->flags & AV_OPT_FLAG_EXPORT)         ? 'X' : '.');
+        av_log(av_log_obj, AV_LOG_INFO, "%c", (opt->flags & AV_OPT_FLAG_READONLY)       ? 'R' : '.');
+
+        if (opt->help)
+            av_log(av_log_obj, AV_LOG_INFO, " %s", opt->help);
+
+        if (av_opt_query_ranges(&r, obj, opt->name, AV_OPT_SEARCH_FAKE_OBJ) >= 0) {
+            switch (opt->type) {
+            case AV_OPT_TYPE_INT:
+            case AV_OPT_TYPE_INT64:
+            case AV_OPT_TYPE_UINT64:
+            case AV_OPT_TYPE_DOUBLE:
+            case AV_OPT_TYPE_FLOAT:
+            case AV_OPT_TYPE_RATIONAL:
+                for (i = 0; i < r->nb_ranges; i++) {
+                    av_log(av_log_obj, AV_LOG_INFO, " (from ");
+                    log_value(av_log_obj, AV_LOG_INFO, r->range[i]->value_min);
+                    av_log(av_log_obj, AV_LOG_INFO, " to ");
+                    log_value(av_log_obj, AV_LOG_INFO, r->range[i]->value_max);
+                    av_log(av_log_obj, AV_LOG_INFO, ")");
+                }
+                break;
+            }
+            av_opt_freep_ranges(&r);
+        }
+
+        if (opt->type != AV_OPT_TYPE_CONST  &&
+            opt->type != AV_OPT_TYPE_BINARY &&
+                !((opt->type == AV_OPT_TYPE_COLOR      ||
+                   opt->type == AV_OPT_TYPE_IMAGE_SIZE ||
+                   opt->type == AV_OPT_TYPE_STRING     ||
+                   opt->type == AV_OPT_TYPE_VIDEO_RATE) &&
+                  !opt->default_val.str)) {
+            av_log(av_log_obj, AV_LOG_INFO, " (default ");
+            switch (opt->type) {
+            case AV_OPT_TYPE_BOOL:
+                av_log(av_log_obj, AV_LOG_INFO, "%s", (char *)av_x_if_null(get_bool_name(opt->default_val.i64), "invalid"));
+                break;
+            case AV_OPT_TYPE_FLAGS: {
+                char *def_flags = get_opt_flags_string(obj, opt->unit, opt->default_val.i64);
+                if (def_flags) {
+                    av_log(av_log_obj, AV_LOG_INFO, "%s", def_flags);
+                    av_freep(&def_flags);
+                } else {
+                    av_log(av_log_obj, AV_LOG_INFO, "%"PRIX64, opt->default_val.i64);
+                }
+                break;
+            }
+            case AV_OPT_TYPE_DURATION: {
+                char buf[25];
+                format_duration(buf, sizeof(buf), opt->default_val.i64);
+                av_log(av_log_obj, AV_LOG_INFO, "%s", buf);
+                break;
+            }
+            case AV_OPT_TYPE_INT:
+            case AV_OPT_TYPE_UINT64:
+            case AV_OPT_TYPE_INT64: {
+                const char *def_const = get_opt_const_name(obj, opt->unit, opt->default_val.i64);
+                if (def_const)
+                    av_log(av_log_obj, AV_LOG_INFO, "%s", def_const);
+                else
+                    log_value(av_log_obj, AV_LOG_INFO, opt->default_val.i64);
+                break;
+            }
+            case AV_OPT_TYPE_DOUBLE:
+            case AV_OPT_TYPE_FLOAT:
+                log_value(av_log_obj, AV_LOG_INFO, opt->default_val.dbl);
+                break;
+            case AV_OPT_TYPE_RATIONAL: {
+                AVRational q = av_d2q(opt->default_val.dbl, INT_MAX);
+                av_log(av_log_obj, AV_LOG_INFO, "%d/%d", q.num, q.den); }
+                break;
+            case AV_OPT_TYPE_PIXEL_FMT:
+                av_log(av_log_obj, AV_LOG_INFO, "%s", (char *)av_x_if_null(av_get_pix_fmt_name(opt->default_val.i64), "none"));
+                break;
+            case AV_OPT_TYPE_SAMPLE_FMT:
+                av_log(av_log_obj, AV_LOG_INFO, "%s", (char *)av_x_if_null(av_get_sample_fmt_name(opt->default_val.i64), "none"));
+                break;
+            case AV_OPT_TYPE_COLOR:
+            case AV_OPT_TYPE_IMAGE_SIZE:
+            case AV_OPT_TYPE_STRING:
+            case AV_OPT_TYPE_VIDEO_RATE:
+                av_log(av_log_obj, AV_LOG_INFO, "\"%s\"", opt->default_val.str);
+                break;
+            case AV_OPT_TYPE_CHANNEL_LAYOUT:
+                av_log(av_log_obj, AV_LOG_INFO, "0x%"PRIx64, opt->default_val.i64);
+                break;
+            }
+            av_log(av_log_obj, AV_LOG_INFO, ")");
+        }
+
+        av_log(av_log_obj, AV_LOG_INFO, "\n");
+        if (opt->unit && opt->type != AV_OPT_TYPE_CONST)
+            opt_list(obj, av_log_obj, opt->unit, req_flags, rej_flags);
+    }
+}
+
+int av_opt_show2(void *obj, void *av_log_obj, int req_flags, int rej_flags)
+{
+    if (!obj)
+        return -1;
+
+    av_log(av_log_obj, AV_LOG_INFO, "%s AVOptions:\n", (*(AVClass **)obj)->class_name);
+
+    opt_list(obj, av_log_obj, NULL, req_flags, rej_flags);
+
+    return 0;
+}
+
+void av_opt_set_defaults(void *s)
+{
+    av_opt_set_defaults2(s, 0, 0);
+}
+
+void av_opt_set_defaults2(void *s, int mask, int flags)
+{
+    const AVOption *opt = NULL;
+    while ((opt = av_opt_next(s, opt))) {
+        void *dst = ((uint8_t*)s) + opt->offset;
+
+        if ((opt->flags & mask) != flags)
+            continue;
+
+        if (opt->flags & AV_OPT_FLAG_READONLY)
+            continue;
+
+        switch (opt->type) {
+            case AV_OPT_TYPE_CONST:
+                /* Nothing to be done here */
+                break;
+            case AV_OPT_TYPE_BOOL:
+            case AV_OPT_TYPE_FLAGS:
+            case AV_OPT_TYPE_INT:
+            case AV_OPT_TYPE_INT64:
+            case AV_OPT_TYPE_UINT64:
+            case AV_OPT_TYPE_DURATION:
+            case AV_OPT_TYPE_CHANNEL_LAYOUT:
+            case AV_OPT_TYPE_PIXEL_FMT:
+            case AV_OPT_TYPE_SAMPLE_FMT:
+                write_number(s, opt, dst, 1, 1, opt->default_val.i64);
+                break;
+            case AV_OPT_TYPE_DOUBLE:
+            case AV_OPT_TYPE_FLOAT: {
+                double val;
+                val = opt->default_val.dbl;
+                write_number(s, opt, dst, val, 1, 1);
+            }
+            break;
+            case AV_OPT_TYPE_RATIONAL: {
+                AVRational val;
+                val = av_d2q(opt->default_val.dbl, INT_MAX);
+                write_number(s, opt, dst, 1, val.den, val.num);
+            }
+            break;
+            case AV_OPT_TYPE_COLOR:
+                set_string_color(s, opt, opt->default_val.str, dst);
+                break;
+            case AV_OPT_TYPE_STRING:
+                set_string(s, opt, opt->default_val.str, dst);
+                break;
+            case AV_OPT_TYPE_IMAGE_SIZE:
+                set_string_image_size(s, opt, opt->default_val.str, dst);
+                break;
+            case AV_OPT_TYPE_VIDEO_RATE:
+                set_string_video_rate(s, opt, opt->default_val.str, dst);
+                break;
+            case AV_OPT_TYPE_BINARY:
+                set_string_binary(s, opt, opt->default_val.str, dst);
+                break;
+            case AV_OPT_TYPE_DICT:
+                /* Cannot set defaults for these types */
+            break;
+        default:
+            av_log(s, AV_LOG_DEBUG, "AVOption type %d of option %s not implemented yet\n",
+                   opt->type, opt->name);
+        }
+    }
+}
+
+/**
+ * Store the value in the field in ctx that is named like key.
+ * ctx must be an AVClass context, storing is done using AVOptions.
+ *
+ * @param buf the string to parse, buf will be updated to point at the
+ * separator just after the parsed key/value pair
+ * @param key_val_sep a 0-terminated list of characters used to
+ * separate key from value
+ * @param pairs_sep a 0-terminated list of characters used to separate
+ * two pairs from each other
+ * @return 0 if the key/value pair has been successfully parsed and
+ * set, or a negative value corresponding to an AVERROR code in case
+ * of error:
+ * AVERROR(EINVAL) if the key/value pair cannot be parsed,
+ * the error code issued by av_opt_set() if the key/value pair
+ * cannot be set
+ */
+static int parse_key_value_pair(void *ctx, const char **buf,
+                                const char *key_val_sep, const char *pairs_sep)
+{
+    char *key = av_get_token(buf, key_val_sep);
+    char *val;
+    int ret;
+
+    if (!key)
+        return AVERROR(ENOMEM);
+
+    if (*key && strspn(*buf, key_val_sep)) {
+        (*buf)++;
+        val = av_get_token(buf, pairs_sep);
+        if (!val) {
+            av_freep(&key);
+            return AVERROR(ENOMEM);
+        }
+    } else {
+        av_log(ctx, AV_LOG_ERROR, "Missing key or no key/value separator found after key '%s'\n", key);
+        av_free(key);
+        return AVERROR(EINVAL);
+    }
+
+    av_log(ctx, AV_LOG_DEBUG, "Setting entry with key '%s' to value '%s'\n", key, val);
+
+    ret = av_opt_set(ctx, key, val, AV_OPT_SEARCH_CHILDREN);
+    if (ret == AVERROR_OPTION_NOT_FOUND)
+        av_log(ctx, AV_LOG_ERROR, "Key '%s' not found.\n", key);
+
+    av_free(key);
+    av_free(val);
+    return ret;
+}
+
+int av_set_options_string(void *ctx, const char *opts,
+                          const char *key_val_sep, const char *pairs_sep)
+{
+    int ret, count = 0;
+
+    if (!opts)
+        return 0;
+
+    while (*opts) {
+        if ((ret = parse_key_value_pair(ctx, &opts, key_val_sep, pairs_sep)) < 0)
+            return ret;
+        count++;
+
+        if (*opts)
+            opts++;
+    }
+
+    return count;
+}
+
+#define WHITESPACES " \n\t\r"
+
+static int is_key_char(char c)
+{
+    return (unsigned)((c | 32) - 'a') < 26 ||
+           (unsigned)(c - '0') < 10 ||
+           c == '-' || c == '_' || c == '/' || c == '.';
+}
+
+/**
+ * Read a key from a string.
+ *
+ * The key consists of is_key_char characters and must be terminated by a
+ * character from the delim string; spaces are ignored.
+ *
+ * @return  0 for success (even with ellipsis), <0 for failure
+ */
+static int get_key(const char **ropts, const char *delim, char **rkey)
+{
+    const char *opts = *ropts;
+    const char *key_start, *key_end;
+
+    key_start = opts += strspn(opts, WHITESPACES);
+    while (is_key_char(*opts))
+        opts++;
+    key_end = opts;
+    opts += strspn(opts, WHITESPACES);
+    if (!*opts || !strchr(delim, *opts))
+        return AVERROR(EINVAL);
+    opts++;
+    if (!(*rkey = av_malloc(key_end - key_start + 1)))
+        return AVERROR(ENOMEM);
+    memcpy(*rkey, key_start, key_end - key_start);
+    (*rkey)[key_end - key_start] = 0;
+    *ropts = opts;
+    return 0;
+}
+
+int av_opt_get_key_value(const char **ropts,
+                         const char *key_val_sep, const char *pairs_sep,
+                         unsigned flags,
+                         char **rkey, char **rval)
+{
+    int ret;
+    char *key = NULL, *val;
+    const char *opts = *ropts;
+
+    if ((ret = get_key(&opts, key_val_sep, &key)) < 0 &&
+        !(flags & AV_OPT_FLAG_IMPLICIT_KEY))
+        return AVERROR(EINVAL);
+    if (!(val = av_get_token(&opts, pairs_sep))) {
+        av_free(key);
+        return AVERROR(ENOMEM);
+    }
+    *ropts = opts;
+    *rkey  = key;
+    *rval  = val;
+    return 0;
+}
+
+int av_opt_set_from_string(void *ctx, const char *opts,
+                           const char *const *shorthand,
+                           const char *key_val_sep, const char *pairs_sep)
+{
+    int ret, count = 0;
+    const char *dummy_shorthand = NULL;
+    char *av_uninit(parsed_key), *av_uninit(value);
+    const char *key;
+
+    if (!opts)
+        return 0;
+    if (!shorthand)
+        shorthand = &dummy_shorthand;
+
+    while (*opts) {
+        ret = av_opt_get_key_value(&opts, key_val_sep, pairs_sep,
+                                   *shorthand ? AV_OPT_FLAG_IMPLICIT_KEY : 0,
+                                   &parsed_key, &value);
+        if (ret < 0) {
+            if (ret == AVERROR(EINVAL))
+                av_log(ctx, AV_LOG_ERROR, "No option name near '%s'\n", opts);
+            else
+                av_log(ctx, AV_LOG_ERROR, "Unable to parse '%s': %s\n", opts,
+                       av_err2str(ret));
+            return ret;
+        }
+        if (*opts)
+            opts++;
+        if (parsed_key) {
+            key = parsed_key;
+            while (*shorthand) /* discard all remaining shorthand */
+                shorthand++;
+        } else {
+            key = *(shorthand++);
+        }
+
+        av_log(ctx, AV_LOG_DEBUG, "Setting '%s' to value '%s'\n", key, value);
+        if ((ret = av_opt_set(ctx, key, value, 0)) < 0) {
+            if (ret == AVERROR_OPTION_NOT_FOUND)
+                av_log(ctx, AV_LOG_ERROR, "Option '%s' not found\n", key);
+            av_free(value);
+            av_free(parsed_key);
+            return ret;
+        }
+
+        av_free(value);
+        av_free(parsed_key);
+        count++;
+    }
+    return count;
+}
+
+void av_opt_free(void *obj)
+{
+    const AVOption *o = NULL;
+    while ((o = av_opt_next(obj, o))) {
+        switch (o->type) {
+        case AV_OPT_TYPE_STRING:
+        case AV_OPT_TYPE_BINARY:
+            av_freep((uint8_t *)obj + o->offset);
+            break;
+
+        case AV_OPT_TYPE_DICT:
+            av_dict_free((AVDictionary **)(((uint8_t *)obj) + o->offset));
+            break;
+
+        default:
+            break;
+        }
+    }
+}
+
+int av_opt_set_dict2(void *obj, AVDictionary **options, int search_flags)
+{
+    AVDictionaryEntry *t = NULL;
+    AVDictionary    *tmp = NULL;
+    int ret = 0;
+
+    if (!options)
+        return 0;
+
+    while ((t = av_dict_get(*options, "", t, AV_DICT_IGNORE_SUFFIX))) {
+        ret = av_opt_set(obj, t->key, t->value, search_flags);
+        if (ret == AVERROR_OPTION_NOT_FOUND)
+            ret = av_dict_set(&tmp, t->key, t->value, 0);
+        if (ret < 0) {
+            av_log(obj, AV_LOG_ERROR, "Error setting option %s to value %s.\n", t->key, t->value);
+            av_dict_free(&tmp);
+            return ret;
+        }
+        ret = 0;
+    }
+    av_dict_free(options);
+    *options = tmp;
+    return ret;
+}
+
+int av_opt_set_dict(void *obj, AVDictionary **options)
+{
+    return av_opt_set_dict2(obj, options, 0);
+}
+
+const AVOption *av_opt_find(void *obj, const char *name, const char *unit,
+                            int opt_flags, int search_flags)
+{
+    return av_opt_find2(obj, name, unit, opt_flags, search_flags, NULL);
+}
+
+const AVOption *av_opt_find2(void *obj, const char *name, const char *unit,
+                             int opt_flags, int search_flags, void **target_obj)
+{
+    const AVClass  *c;
+    const AVOption *o = NULL;
+
+    if(!obj)
+        return NULL;
+
+    c= *(AVClass**)obj;
+
+    if (!c)
+        return NULL;
+
+    if (search_flags & AV_OPT_SEARCH_CHILDREN) {
+        if (search_flags & AV_OPT_SEARCH_FAKE_OBJ) {
+            const AVClass *child = NULL;
+            while (child = av_opt_child_class_next(c, child))
+                if (o = av_opt_find2(&child, name, unit, opt_flags, search_flags, NULL))
+                    return o;
+        } else {
+            void *child = NULL;
+            while (child = av_opt_child_next(obj, child))
+                if (o = av_opt_find2(child, name, unit, opt_flags, search_flags, target_obj))
+                    return o;
+        }
+    }
+
+    while (o = av_opt_next(obj, o)) {
+        if (!strcmp(o->name, name) && (o->flags & opt_flags) == opt_flags &&
+            ((!unit && o->type != AV_OPT_TYPE_CONST) ||
+             (unit  && o->type == AV_OPT_TYPE_CONST && o->unit && !strcmp(o->unit, unit)))) {
+            if (target_obj) {
+                if (!(search_flags & AV_OPT_SEARCH_FAKE_OBJ))
+                    *target_obj = obj;
+                else
+                    *target_obj = NULL;
+            }
+            return o;
+        }
+    }
+    return NULL;
+}
+
+void *av_opt_child_next(void *obj, void *prev)
+{
+    const AVClass *c = *(AVClass **)obj;
+    if (c->child_next)
+        return c->child_next(obj, prev);
+    return NULL;
+}
+
+const AVClass *av_opt_child_class_next(const AVClass *parent, const AVClass *prev)
+{
+    if (parent->child_class_next)
+        return parent->child_class_next(prev);
+    return NULL;
+}
+
+void *av_opt_ptr(const AVClass *class, void *obj, const char *name)
+{
+    const AVOption *opt= av_opt_find2(&class, name, NULL, 0, AV_OPT_SEARCH_FAKE_OBJ, NULL);
+    if(!opt)
+        return NULL;
+    return (uint8_t*)obj + opt->offset;
+}
+
+static int opt_size(enum AVOptionType type)
+{
+    switch(type) {
+    case AV_OPT_TYPE_BOOL:
+    case AV_OPT_TYPE_INT:
+    case AV_OPT_TYPE_FLAGS:
+        return sizeof(int);
+    case AV_OPT_TYPE_DURATION:
+    case AV_OPT_TYPE_CHANNEL_LAYOUT:
+    case AV_OPT_TYPE_INT64:
+    case AV_OPT_TYPE_UINT64:
+        return sizeof(int64_t);
+    case AV_OPT_TYPE_DOUBLE:
+        return sizeof(double);
+    case AV_OPT_TYPE_FLOAT:
+        return sizeof(float);
+    case AV_OPT_TYPE_STRING:
+        return sizeof(uint8_t*);
+    case AV_OPT_TYPE_VIDEO_RATE:
+    case AV_OPT_TYPE_RATIONAL:
+        return sizeof(AVRational);
+    case AV_OPT_TYPE_BINARY:
+        return sizeof(uint8_t*) + sizeof(int);
+    case AV_OPT_TYPE_IMAGE_SIZE:
+        return sizeof(int[2]);
+    case AV_OPT_TYPE_PIXEL_FMT:
+        return sizeof(enum AVPixelFormat);
+    case AV_OPT_TYPE_SAMPLE_FMT:
+        return sizeof(enum AVSampleFormat);
+    case AV_OPT_TYPE_COLOR:
+        return 4;
+    }
+    return AVERROR(EINVAL);
+}
+
+int av_opt_copy(void *dst, const void *src)
+{
+    const AVOption *o = NULL;
+    const AVClass *c;
+    int ret = 0;
+
+    if (!src)
+        return AVERROR(EINVAL);
+
+    c = *(AVClass **)src;
+    if (!c || c != *(AVClass **)dst)
+        return AVERROR(EINVAL);
+
+    while ((o = av_opt_next(src, o))) {
+        void *field_dst = (uint8_t *)dst + o->offset;
+        void *field_src = (uint8_t *)src + o->offset;
+        uint8_t **field_dst8 = (uint8_t **)field_dst;
+        uint8_t **field_src8 = (uint8_t **)field_src;
+
+        if (o->type == AV_OPT_TYPE_STRING) {
+            if (*field_dst8 != *field_src8)
+                av_freep(field_dst8);
+            *field_dst8 = av_strdup(*field_src8);
+            if (*field_src8 && !*field_dst8)
+                ret = AVERROR(ENOMEM);
+        } else if (o->type == AV_OPT_TYPE_BINARY) {
+            int len = *(int *)(field_src8 + 1);
+            if (*field_dst8 != *field_src8)
+                av_freep(field_dst8);
+            *field_dst8 = av_memdup(*field_src8, len);
+            if (len && !*field_dst8) {
+                ret = AVERROR(ENOMEM);
+                len = 0;
+            }
+            *(int *)(field_dst8 + 1) = len;
+        } else if (o->type == AV_OPT_TYPE_CONST) {
+            // do nothing
+        } else if (o->type == AV_OPT_TYPE_DICT) {
+            AVDictionary **sdict = (AVDictionary **) field_src;
+            AVDictionary **ddict = (AVDictionary **) field_dst;
+            if (*sdict != *ddict)
+                av_dict_free(ddict);
+            *ddict = NULL;
+            av_dict_copy(ddict, *sdict, 0);
+            if (av_dict_count(*sdict) != av_dict_count(*ddict))
+                ret = AVERROR(ENOMEM);
+        } else {
+            int size = opt_size(o->type);
+            if (size < 0)
+                ret = size;
+            else
+                memcpy(field_dst, field_src, size);
+        }
+    }
+    return ret;
+}
+
+int av_opt_query_ranges(AVOptionRanges **ranges_arg, void *obj, const char *key, int flags)
+{
+    int ret;
+    const AVClass *c = *(AVClass**)obj;
+    int (*callback)(AVOptionRanges **, void *obj, const char *key, int flags) = NULL;
+
+    if (c->version > (52 << 16 | 11 << 8))
+        callback = c->query_ranges;
+
+    if (!callback)
+        callback = av_opt_query_ranges_default;
+
+    ret = callback(ranges_arg, obj, key, flags);
+    if (ret >= 0) {
+        if (!(flags & AV_OPT_MULTI_COMPONENT_RANGE))
+            ret = 1;
+        (*ranges_arg)->nb_components = ret;
+    }
+    return ret;
+}
+
+int av_opt_query_ranges_default(AVOptionRanges **ranges_arg, void *obj, const char *key, int flags)
+{
+    AVOptionRanges *ranges = av_mallocz(sizeof(*ranges));
+    AVOptionRange **range_array = av_mallocz(sizeof(void*));
+    AVOptionRange *range = av_mallocz(sizeof(*range));
+    const AVOption *field = av_opt_find(obj, key, NULL, 0, flags);
+    int ret;
+
+    *ranges_arg = NULL;
+
+    if (!ranges || !range || !range_array || !field) {
+        ret = AVERROR(ENOMEM);
+        goto fail;
+    }
+
+    ranges->range = range_array;
+    ranges->range[0] = range;
+    ranges->nb_ranges = 1;
+    ranges->nb_components = 1;
+    range->is_range = 1;
+    range->value_min = field->min;
+    range->value_max = field->max;
+
+    switch (field->type) {
+    case AV_OPT_TYPE_BOOL:
+    case AV_OPT_TYPE_INT:
+    case AV_OPT_TYPE_INT64:
+    case AV_OPT_TYPE_UINT64:
+    case AV_OPT_TYPE_PIXEL_FMT:
+    case AV_OPT_TYPE_SAMPLE_FMT:
+    case AV_OPT_TYPE_FLOAT:
+    case AV_OPT_TYPE_DOUBLE:
+    case AV_OPT_TYPE_DURATION:
+    case AV_OPT_TYPE_COLOR:
+    case AV_OPT_TYPE_CHANNEL_LAYOUT:
+        break;
+    case AV_OPT_TYPE_STRING:
+        range->component_min = 0;
+        range->component_max = 0x10FFFF; // max unicode value
+        range->value_min = -1;
+        range->value_max = INT_MAX;
+        break;
+    case AV_OPT_TYPE_RATIONAL:
+        range->component_min = INT_MIN;
+        range->component_max = INT_MAX;
+        break;
+    case AV_OPT_TYPE_IMAGE_SIZE:
+        range->component_min = 0;
+        range->component_max = INT_MAX/128/8;
+        range->value_min = 0;
+        range->value_max = INT_MAX/8;
+        break;
+    case AV_OPT_TYPE_VIDEO_RATE:
+        range->component_min = 1;
+        range->component_max = INT_MAX;
+        range->value_min = 1;
+        range->value_max = INT_MAX;
+        break;
+    default:
+        ret = AVERROR(ENOSYS);
+        goto fail;
+    }
+
+    *ranges_arg = ranges;
+    return 1;
+fail:
+    av_free(ranges);
+    av_free(range);
+    av_free(range_array);
+    return ret;
+}
+
+void av_opt_freep_ranges(AVOptionRanges **rangesp)
+{
+    int i;
+    AVOptionRanges *ranges = *rangesp;
+
+    if (!ranges)
+        return;
+
+    for (i = 0; i < ranges->nb_ranges * ranges->nb_components; i++) {
+        AVOptionRange *range = ranges->range[i];
+        if (range) {
+            av_freep(&range->str);
+            av_freep(&ranges->range[i]);
+        }
+    }
+    av_freep(&ranges->range);
+    av_freep(rangesp);
+}
+
+int av_opt_is_set_to_default(void *obj, const AVOption *o)
+{
+    int64_t i64;
+    double d, d2;
+    float f;
+    AVRational q;
+    int ret, w, h;
+    char *str;
+    void *dst;
+
+    if (!o || !obj)
+        return AVERROR(EINVAL);
+
+    dst = ((uint8_t*)obj) + o->offset;
+
+    switch (o->type) {
+    case AV_OPT_TYPE_CONST:
+        return 1;
+    case AV_OPT_TYPE_BOOL:
+    case AV_OPT_TYPE_FLAGS:
+    case AV_OPT_TYPE_PIXEL_FMT:
+    case AV_OPT_TYPE_SAMPLE_FMT:
+    case AV_OPT_TYPE_INT:
+    case AV_OPT_TYPE_CHANNEL_LAYOUT:
+    case AV_OPT_TYPE_DURATION:
+    case AV_OPT_TYPE_INT64:
+    case AV_OPT_TYPE_UINT64:
+        read_number(o, dst, NULL, NULL, &i64);
+        return o->default_val.i64 == i64;
+    case AV_OPT_TYPE_STRING:
+        str = *(char **)dst;
+        if (str == o->default_val.str) //2 NULLs
+            return 1;
+        if (!str || !o->default_val.str) //1 NULL
+            return 0;
+        return !strcmp(str, o->default_val.str);
+    case AV_OPT_TYPE_DOUBLE:
+        read_number(o, dst, &d, NULL, NULL);
+        return o->default_val.dbl == d;
+    case AV_OPT_TYPE_FLOAT:
+        read_number(o, dst, &d, NULL, NULL);
+        f = o->default_val.dbl;
+        d2 = f;
+        return d2 == d;
+    case AV_OPT_TYPE_RATIONAL:
+        q = av_d2q(o->default_val.dbl, INT_MAX);
+        return !av_cmp_q(*(AVRational*)dst, q);
+    case AV_OPT_TYPE_BINARY: {
+        struct {
+            uint8_t *data;
+            int size;
+        } tmp = {0};
+        int opt_size = *(int *)((void **)dst + 1);
+        void *opt_ptr = *(void **)dst;
+        if (!opt_size && (!o->default_val.str || !strlen(o->default_val.str)))
+            return 1;
+        if (!opt_size ||  !o->default_val.str || !strlen(o->default_val.str ))
+            return 0;
+        if (opt_size != strlen(o->default_val.str) / 2)
+            return 0;
+        ret = set_string_binary(NULL, NULL, o->default_val.str, &tmp.data);
+        if (!ret)
+            ret = !memcmp(opt_ptr, tmp.data, tmp.size);
+        av_free(tmp.data);
+        return ret;
+    }
+    case AV_OPT_TYPE_DICT:
+        /* Binary and dict have not default support yet. Any pointer is not default. */
+        return !!(*(void **)dst);
+    case AV_OPT_TYPE_IMAGE_SIZE:
+        if (!o->default_val.str || !strcmp(o->default_val.str, "none"))
+            w = h = 0;
+        else if ((ret = av_parse_video_size(&w, &h, o->default_val.str)) < 0)
+            return ret;
+        return (w == *(int *)dst) && (h == *((int *)dst+1));
+    case AV_OPT_TYPE_VIDEO_RATE:
+        q = (AVRational){0, 0};
+        if (o->default_val.str) {
+            if ((ret = av_parse_video_rate(&q, o->default_val.str)) < 0)
+                return ret;
+        }
+        return !av_cmp_q(*(AVRational*)dst, q);
+    case AV_OPT_TYPE_COLOR: {
+        uint8_t color[4] = {0, 0, 0, 0};
+        if (o->default_val.str) {
+            if ((ret = av_parse_color(color, o->default_val.str, -1, NULL)) < 0)
+                return ret;
+        }
+        return !memcmp(color, dst, sizeof(color));
+    }
+    default:
+        av_log(obj, AV_LOG_WARNING, "Not supported option type: %d, option name: %s\n", o->type, o->name);
+        break;
+    }
+    return AVERROR_PATCHWELCOME;
+}
+
+int av_opt_is_set_to_default_by_name(void *obj, const char *name, int search_flags)
+{
+    const AVOption *o;
+    void *target;
+    if (!obj)
+        return AVERROR(EINVAL);
+    o = av_opt_find2(obj, name, NULL, 0, search_flags, &target);
+    if (!o)
+        return AVERROR_OPTION_NOT_FOUND;
+    return av_opt_is_set_to_default(target, o);
+}
+
+int av_opt_serialize(void *obj, int opt_flags, int flags, char **buffer,
+                     const char key_val_sep, const char pairs_sep)
+{
+    const AVOption *o = NULL;
+    uint8_t *buf;
+    AVBPrint bprint;
+    int ret, cnt = 0;
+    const char special_chars[] = {pairs_sep, key_val_sep, '\0'};
+
+    if (pairs_sep == '\0' || key_val_sep == '\0' || pairs_sep == key_val_sep ||
+        pairs_sep == '\\' || key_val_sep == '\\') {
+        av_log(obj, AV_LOG_ERROR, "Invalid separator(s) found.");
+        return AVERROR(EINVAL);
+    }
+
+    if (!obj || !buffer)
+        return AVERROR(EINVAL);
+
+    *buffer = NULL;
+    av_bprint_init(&bprint, 64, AV_BPRINT_SIZE_UNLIMITED);
+
+    while (o = av_opt_next(obj, o)) {
+        if (o->type == AV_OPT_TYPE_CONST)
+            continue;
+        if ((flags & AV_OPT_SERIALIZE_OPT_FLAGS_EXACT) && o->flags != opt_flags)
+            continue;
+        else if (((o->flags & opt_flags) != opt_flags))
+            continue;
+        if (flags & AV_OPT_SERIALIZE_SKIP_DEFAULTS && av_opt_is_set_to_default(obj, o) > 0)
+            continue;
+        if ((ret = av_opt_get(obj, o->name, 0, &buf)) < 0) {
+            av_bprint_finalize(&bprint, NULL);
+            return ret;
+        }
+        if (buf) {
+            if (cnt++)
+                av_bprint_append_data(&bprint, &pairs_sep, 1);
+            av_bprint_escape(&bprint, o->name, special_chars, AV_ESCAPE_MODE_BACKSLASH, 0);
+            av_bprint_append_data(&bprint, &key_val_sep, 1);
+            av_bprint_escape(&bprint, buf, special_chars, AV_ESCAPE_MODE_BACKSLASH, 0);
+            av_freep(&buf);
+        }
+    }
+    av_bprint_finalize(&bprint, buffer);
+    return 0;
+}
diff --git a/media/ffvpx/libavutil/opt.h b/media/ffvpx/libavutil/opt.h
index 9430b989e..0d893795d 100644
--- a/media/ffvpx/libavutil/opt.h
+++ b/media/ffvpx/libavutil/opt.h
@@ -228,6 +228,7 @@ enum AVOptionType{
     AV_OPT_TYPE_RATIONAL,
     AV_OPT_TYPE_BINARY,  ///< offset must point to a pointer immediately followed by an int for the length
     AV_OPT_TYPE_DICT,
+    AV_OPT_TYPE_UINT64,
     AV_OPT_TYPE_CONST = 128,
     AV_OPT_TYPE_IMAGE_SIZE = MKBETAG('S','I','Z','E'), ///< offset must point to two consecutive integers
     AV_OPT_TYPE_PIXEL_FMT  = MKBETAG('P','F','M','T'),
diff --git a/media/ffvpx/libavutil/parseutils.c b/media/ffvpx/libavutil/parseutils.c
index a2464cfc6..be4ea1ee1 100644
--- a/media/ffvpx/libavutil/parseutils.c
+++ b/media/ffvpx/libavutil/parseutils.c
@@ -140,6 +140,11 @@ static const VideoRateAbbr video_rate_abbrs[]= {
     { "ntsc-film", { 24000, 1001 } },
 };
 
+static const char *months[12] = {
+    "january", "february", "march", "april", "may", "june", "july", "august",
+    "september", "october", "november", "december"
+};
+
 int av_parse_video_size(int *width_ptr, int *height_ptr, const char *str)
 {
     int i;
@@ -466,6 +471,21 @@ static int date_get_num(const char **pp,
     return val;
 }
 
+static int date_get_month(const char **pp) {
+    int i = 0;
+    for (; i < 12; i++) {
+        if (!av_strncasecmp(*pp, months[i], 3)) {
+            const char *mo_full = months[i] + 3;
+            int len = strlen(mo_full);
+            *pp += 3;
+            if (len > 0 && !av_strncasecmp(*pp, mo_full, len))
+                *pp += len;
+            return i;
+        }
+    }
+    return -1;
+}
+
 char *av_small_strptime(const char *p, const char *fmt, struct tm *dt)
 {
     int c, val;
@@ -525,6 +545,14 @@ char *av_small_strptime(const char *p, const char *fmt, struct tm *dt)
             if (!p)
                 return NULL;
             break;
+        case 'b':
+        case 'B':
+        case 'h':
+            val = date_get_month(&p);
+            if (val == -1)
+                return NULL;
+            dt->tm_mon = val;
+            break;
         case '%':
             if (*p++ != '%')
                 return NULL;
diff --git a/media/ffvpx/libavutil/pixdesc.c b/media/ffvpx/libavutil/pixdesc.c
index b715fce15..2cfab89c0 100644
--- a/media/ffvpx/libavutil/pixdesc.c
+++ b/media/ffvpx/libavutil/pixdesc.c
@@ -560,6 +560,69 @@ static const AVPixFmtDescriptor av_pix_fmt_descriptors[AV_PIX_FMT_NB] = {
         },
         .flags = AV_PIX_FMT_FLAG_RGB,
     },
+    [AV_PIX_FMT_GRAY9BE] = {
+        .name = "gray9be",
+        .nb_components = 1,
+        .log2_chroma_w = 0,
+        .log2_chroma_h = 0,
+        .comp = {
+            { 0, 2, 0, 0, 9, 1, 8, 1 },       /* Y */
+        },
+        .flags = AV_PIX_FMT_FLAG_BE,
+        .alias = "y9be",
+    },
+    [AV_PIX_FMT_GRAY9LE] = {
+        .name = "gray9le",
+        .nb_components = 1,
+        .log2_chroma_w = 0,
+        .log2_chroma_h = 0,
+        .comp = {
+            { 0, 2, 0, 0, 9, 1, 8, 1 },       /* Y */
+        },
+        .alias = "y9le",
+    },
+    [AV_PIX_FMT_GRAY10BE] = {
+        .name = "gray10be",
+        .nb_components = 1,
+        .log2_chroma_w = 0,
+        .log2_chroma_h = 0,
+        .comp = {
+            { 0, 2, 0, 0, 10, 1, 9, 1 },       /* Y */
+        },
+        .flags = AV_PIX_FMT_FLAG_BE,
+        .alias = "y10be",
+    },
+    [AV_PIX_FMT_GRAY10LE] = {
+        .name = "gray10le",
+        .nb_components = 1,
+        .log2_chroma_w = 0,
+        .log2_chroma_h = 0,
+        .comp = {
+            { 0, 2, 0, 0, 10, 1, 9, 1 },       /* Y */
+        },
+        .alias = "y10le",
+    },
+    [AV_PIX_FMT_GRAY12BE] = {
+        .name = "gray12be",
+        .nb_components = 1,
+        .log2_chroma_w = 0,
+        .log2_chroma_h = 0,
+        .comp = {
+            { 0, 2, 0, 0, 12, 1, 11, 1 },       /* Y */
+        },
+        .flags = AV_PIX_FMT_FLAG_BE,
+        .alias = "y12be",
+    },
+    [AV_PIX_FMT_GRAY12LE] = {
+        .name = "gray12le",
+        .nb_components = 1,
+        .log2_chroma_w = 0,
+        .log2_chroma_h = 0,
+        .comp = {
+            { 0, 2, 0, 0, 12, 1, 11, 1 },       /* Y */
+        },
+        .alias = "y12le",
+    },
     [AV_PIX_FMT_GRAY16BE] = {
         .name = "gray16be",
         .nb_components = 1,
@@ -1873,62 +1936,62 @@ static const AVPixFmtDescriptor av_pix_fmt_descriptors[AV_PIX_FMT_NB] = {
     [AV_PIX_FMT_BAYER_BGGR8] = {
         .name = "bayer_bggr8",
         BAYER8_DESC_COMMON
-        .flags = AV_PIX_FMT_FLAG_RGB,
+        .flags = AV_PIX_FMT_FLAG_RGB | AV_PIX_FMT_FLAG_BAYER,
     },
     [AV_PIX_FMT_BAYER_BGGR16LE] = {
         .name = "bayer_bggr16le",
         BAYER16_DESC_COMMON
-        .flags = AV_PIX_FMT_FLAG_RGB,
+        .flags = AV_PIX_FMT_FLAG_RGB | AV_PIX_FMT_FLAG_BAYER,
     },
     [AV_PIX_FMT_BAYER_BGGR16BE] = {
         .name = "bayer_bggr16be",
         BAYER16_DESC_COMMON
-        .flags = AV_PIX_FMT_FLAG_BE | AV_PIX_FMT_FLAG_RGB,
+        .flags = AV_PIX_FMT_FLAG_BE | AV_PIX_FMT_FLAG_RGB | AV_PIX_FMT_FLAG_BAYER,
     },
     [AV_PIX_FMT_BAYER_RGGB8] = {
         .name = "bayer_rggb8",
         BAYER8_DESC_COMMON
-        .flags = AV_PIX_FMT_FLAG_RGB,
+        .flags = AV_PIX_FMT_FLAG_RGB | AV_PIX_FMT_FLAG_BAYER,
     },
     [AV_PIX_FMT_BAYER_RGGB16LE] = {
         .name = "bayer_rggb16le",
         BAYER16_DESC_COMMON
-        .flags = AV_PIX_FMT_FLAG_RGB,
+        .flags = AV_PIX_FMT_FLAG_RGB | AV_PIX_FMT_FLAG_BAYER,
     },
     [AV_PIX_FMT_BAYER_RGGB16BE] = {
         .name = "bayer_rggb16be",
         BAYER16_DESC_COMMON
-        .flags = AV_PIX_FMT_FLAG_BE | AV_PIX_FMT_FLAG_RGB,
+        .flags = AV_PIX_FMT_FLAG_BE | AV_PIX_FMT_FLAG_RGB | AV_PIX_FMT_FLAG_BAYER,
     },
     [AV_PIX_FMT_BAYER_GBRG8] = {
         .name = "bayer_gbrg8",
         BAYER8_DESC_COMMON
-        .flags = AV_PIX_FMT_FLAG_RGB,
+        .flags = AV_PIX_FMT_FLAG_RGB | AV_PIX_FMT_FLAG_BAYER,
     },
     [AV_PIX_FMT_BAYER_GBRG16LE] = {
         .name = "bayer_gbrg16le",
         BAYER16_DESC_COMMON
-        .flags = AV_PIX_FMT_FLAG_RGB,
+        .flags = AV_PIX_FMT_FLAG_RGB | AV_PIX_FMT_FLAG_BAYER,
     },
     [AV_PIX_FMT_BAYER_GBRG16BE] = {
         .name = "bayer_gbrg16be",
         BAYER16_DESC_COMMON
-        .flags = AV_PIX_FMT_FLAG_BE | AV_PIX_FMT_FLAG_RGB,
+        .flags = AV_PIX_FMT_FLAG_BE | AV_PIX_FMT_FLAG_RGB | AV_PIX_FMT_FLAG_BAYER,
     },
     [AV_PIX_FMT_BAYER_GRBG8] = {
         .name = "bayer_grbg8",
         BAYER8_DESC_COMMON
-        .flags = AV_PIX_FMT_FLAG_RGB,
+        .flags = AV_PIX_FMT_FLAG_RGB | AV_PIX_FMT_FLAG_BAYER,
     },
     [AV_PIX_FMT_BAYER_GRBG16LE] = {
         .name = "bayer_grbg16le",
         BAYER16_DESC_COMMON
-        .flags = AV_PIX_FMT_FLAG_RGB,
+        .flags = AV_PIX_FMT_FLAG_RGB | AV_PIX_FMT_FLAG_BAYER,
     },
     [AV_PIX_FMT_BAYER_GRBG16BE] = {
         .name = "bayer_grbg16be",
         BAYER16_DESC_COMMON
-        .flags = AV_PIX_FMT_FLAG_BE | AV_PIX_FMT_FLAG_RGB,
+        .flags = AV_PIX_FMT_FLAG_BE | AV_PIX_FMT_FLAG_RGB | AV_PIX_FMT_FLAG_BAYER,
     },
     [AV_PIX_FMT_NV16] = {
         .name = "nv16",
@@ -2036,6 +2099,30 @@ static const AVPixFmtDescriptor av_pix_fmt_descriptors[AV_PIX_FMT_NB] = {
         },
         .flags = AV_PIX_FMT_FLAG_PLANAR | AV_PIX_FMT_FLAG_BE,
     },
+    [AV_PIX_FMT_P016LE] = {
+        .name = "p016le",
+        .nb_components = 3,
+        .log2_chroma_w = 1,
+        .log2_chroma_h = 1,
+        .comp = {
+            { 0, 2, 0, 0, 16, 1, 15, 1 },       /* Y */
+            { 1, 4, 0, 0, 16, 3, 15, 1 },       /* U */
+            { 1, 4, 2, 0, 16, 3, 15, 3 },       /* V */
+        },
+        .flags = AV_PIX_FMT_FLAG_PLANAR,
+    },
+    [AV_PIX_FMT_P016BE] = {
+        .name = "p016be",
+        .nb_components = 3,
+        .log2_chroma_w = 1,
+        .log2_chroma_h = 1,
+        .comp = {
+            { 0, 2, 0, 0, 16, 1, 15, 1 },       /* Y */
+            { 1, 4, 0, 0, 16, 3, 15, 1 },       /* U */
+            { 1, 4, 2, 0, 16, 3, 15, 3 },       /* V */
+        },
+        .flags = AV_PIX_FMT_FLAG_PLANAR | AV_PIX_FMT_FLAG_BE,
+    },
     [AV_PIX_FMT_GBRAP12LE] = {
         .name = "gbrap12le",
         .nb_components = 4,
@@ -2092,18 +2179,80 @@ static const AVPixFmtDescriptor av_pix_fmt_descriptors[AV_PIX_FMT_NB] = {
         .flags = AV_PIX_FMT_FLAG_BE | AV_PIX_FMT_FLAG_PLANAR |
                  AV_PIX_FMT_FLAG_RGB | AV_PIX_FMT_FLAG_ALPHA,
     },
+    [AV_PIX_FMT_D3D11] = {
+        .name = "d3d11",
+        .flags = AV_PIX_FMT_FLAG_HWACCEL,
+    },
+    [AV_PIX_FMT_GBRPF32BE] = {
+        .name = "gbrpf32be",
+        .nb_components = 3,
+        .log2_chroma_w = 0,
+        .log2_chroma_h = 0,
+        .comp = {
+            { 2, 4, 0, 0, 32, 3, 31, 1 },        /* R */
+            { 0, 4, 0, 0, 32, 3, 31, 1 },        /* G */
+            { 1, 4, 0, 0, 32, 3, 31, 1 },        /* B */
+        },
+        .flags = AV_PIX_FMT_FLAG_BE | AV_PIX_FMT_FLAG_PLANAR |
+                 AV_PIX_FMT_FLAG_RGB | AV_PIX_FMT_FLAG_FLOAT,
+    },
+    [AV_PIX_FMT_GBRPF32LE] = {
+        .name = "gbrpf32le",
+        .nb_components = 3,
+        .log2_chroma_w = 0,
+        .log2_chroma_h = 0,
+        .comp = {
+            { 2, 4, 0, 0, 32, 3, 31, 1 },        /* R */
+            { 0, 4, 0, 0, 32, 3, 31, 1 },        /* G */
+            { 1, 4, 0, 0, 32, 3, 31, 1 },        /* B */
+        },
+        .flags = AV_PIX_FMT_FLAG_PLANAR | AV_PIX_FMT_FLAG_FLOAT | AV_PIX_FMT_FLAG_RGB,
+    },
+    [AV_PIX_FMT_GBRAPF32BE] = {
+        .name = "gbrapf32be",
+        .nb_components = 4,
+        .log2_chroma_w = 0,
+        .log2_chroma_h = 0,
+        .comp = {
+            { 2, 4, 0, 0, 32, 3, 31, 1 },        /* R */
+            { 0, 4, 0, 0, 32, 3, 31, 1 },        /* G */
+            { 1, 4, 0, 0, 32, 3, 31, 1 },        /* B */
+            { 3, 4, 0, 0, 32, 3, 31, 1 },        /* A */
+        },
+        .flags = AV_PIX_FMT_FLAG_BE | AV_PIX_FMT_FLAG_PLANAR |
+                 AV_PIX_FMT_FLAG_ALPHA | AV_PIX_FMT_FLAG_RGB |
+                 AV_PIX_FMT_FLAG_FLOAT,
+    },
+    [AV_PIX_FMT_GBRAPF32LE] = {
+        .name = "gbrapf32le",
+        .nb_components = 4,
+        .log2_chroma_w = 0,
+        .log2_chroma_h = 0,
+        .comp = {
+            { 2, 4, 0, 0, 32, 3, 31, 1 },        /* R */
+            { 0, 4, 0, 0, 32, 3, 31, 1 },        /* G */
+            { 1, 4, 0, 0, 32, 3, 31, 1 },        /* B */
+            { 3, 4, 0, 0, 32, 3, 31, 1 },        /* A */
+        },
+        .flags = AV_PIX_FMT_FLAG_PLANAR | AV_PIX_FMT_FLAG_ALPHA |
+                 AV_PIX_FMT_FLAG_RGB | AV_PIX_FMT_FLAG_FLOAT,
+    },
+    [AV_PIX_FMT_DRM_PRIME] = {
+        .name = "drm_prime",
+        .flags = AV_PIX_FMT_FLAG_HWACCEL,
+    },
 };
 #if FF_API_PLUS1_MINUS1
 FF_ENABLE_DEPRECATION_WARNINGS
 #endif
 
-static const char *color_range_names[] = {
+static const char * const color_range_names[] = {
     [AVCOL_RANGE_UNSPECIFIED] = "unknown",
     [AVCOL_RANGE_MPEG] = "tv",
     [AVCOL_RANGE_JPEG] = "pc",
 };
 
-static const char *color_primaries_names[AVCOL_PRI_NB] = {
+static const char * const color_primaries_names[AVCOL_PRI_NB] = {
     [AVCOL_PRI_RESERVED0] = "reserved",
     [AVCOL_PRI_BT709] = "bt709",
     [AVCOL_PRI_UNSPECIFIED] = "unknown",
@@ -2114,12 +2263,13 @@ static const char *color_primaries_names[AVCOL_PRI_NB] = {
     [AVCOL_PRI_SMPTE240M] = "smpte240m",
     [AVCOL_PRI_FILM] = "film",
     [AVCOL_PRI_BT2020] = "bt2020",
-    [AVCOL_PRI_SMPTEST428_1] = "smpte428-1",
+    [AVCOL_PRI_SMPTE428] = "smpte428",
     [AVCOL_PRI_SMPTE431] = "smpte431",
     [AVCOL_PRI_SMPTE432] = "smpte432",
+    [AVCOL_PRI_JEDEC_P22] = "jedec-p22",
 };
 
-static const char *color_transfer_names[] = {
+static const char * const color_transfer_names[] = {
     [AVCOL_TRC_RESERVED0] = "reserved",
     [AVCOL_TRC_BT709] = "bt709",
     [AVCOL_TRC_UNSPECIFIED] = "unknown",
@@ -2135,13 +2285,13 @@ static const char *color_transfer_names[] = {
     [AVCOL_TRC_BT1361_ECG] = "bt1361e",
     [AVCOL_TRC_IEC61966_2_1] = "iec61966-2-1",
     [AVCOL_TRC_BT2020_10] = "bt2020-10",
-    [AVCOL_TRC_BT2020_12] = "bt2020-20",
-    [AVCOL_TRC_SMPTEST2084] = "smpte2084",
-    [AVCOL_TRC_SMPTEST428_1] = "smpte428-1",
+    [AVCOL_TRC_BT2020_12] = "bt2020-12",
+    [AVCOL_TRC_SMPTE2084] = "smpte2084",
+    [AVCOL_TRC_SMPTE428] = "smpte428",
     [AVCOL_TRC_ARIB_STD_B67] = "arib-std-b67",
 };
 
-static const char *color_space_names[] = {
+static const char * const color_space_names[] = {
     [AVCOL_SPC_RGB] = "gbr",
     [AVCOL_SPC_BT709] = "bt709",
     [AVCOL_SPC_UNSPECIFIED] = "unknown",
@@ -2150,13 +2300,16 @@ static const char *color_space_names[] = {
     [AVCOL_SPC_BT470BG] = "bt470bg",
     [AVCOL_SPC_SMPTE170M] = "smpte170m",
     [AVCOL_SPC_SMPTE240M] = "smpte240m",
-    [AVCOL_SPC_YCOCG] = "ycgco",
+    [AVCOL_SPC_YCGCO] = "ycgco",
     [AVCOL_SPC_BT2020_NCL] = "bt2020nc",
     [AVCOL_SPC_BT2020_CL] = "bt2020c",
     [AVCOL_SPC_SMPTE2085] = "smpte2085",
+    [AVCOL_SPC_CHROMA_DERIVED_NCL] = "chroma-derived-nc",
+    [AVCOL_SPC_CHROMA_DERIVED_CL] = "chroma-derived-c",
+    [AVCOL_SPC_ICTCP] = "ictcp",
 };
 
-static const char *chroma_location_names[] = {
+static const char * const chroma_location_names[] = {
     [AVCHROMA_LOC_UNSPECIFIED] = "unspecified",
     [AVCHROMA_LOC_LEFT] = "left",
     [AVCHROMA_LOC_CENTER] = "center",
@@ -2349,7 +2502,7 @@ void ff_check_pixfmt_descriptors(void){
             } else {
                 av_assert0(8*c->step >= c->depth);
             }
-            if (!strncmp(d->name, "bayer_", 6))
+            if (d->flags & AV_PIX_FMT_FLAG_BAYER)
                 continue;
             av_read_image_line(tmp, (void*)data, linesize, d, 0, 0, j, 2, 0);
             av_assert0(tmp[0] == 0 && tmp[1] == 0);
@@ -2440,8 +2593,16 @@ static int get_pix_fmt_score(enum AVPixelFormat dst_pix_fmt,
     int ret, loss, i, nb_components;
     int score = INT_MAX - 1;
 
-    if (dst_pix_fmt >= AV_PIX_FMT_NB || dst_pix_fmt <= AV_PIX_FMT_NONE)
-        return ~0;
+    if (!src_desc || !dst_desc)
+        return -4;
+
+    if ((src_desc->flags & AV_PIX_FMT_FLAG_HWACCEL) ||
+        (dst_desc->flags & AV_PIX_FMT_FLAG_HWACCEL)) {
+        if (dst_pix_fmt == src_pix_fmt)
+            return -1;
+        else
+            return -2;
+    }
 
     /* compute loss */
     *lossp = loss = 0;
@@ -2450,9 +2611,9 @@ static int get_pix_fmt_score(enum AVPixelFormat dst_pix_fmt,
         return INT_MAX;
 
     if ((ret = get_pix_fmt_depth(&src_min_depth, &src_max_depth, src_pix_fmt)) < 0)
-        return ret;
+        return -3;
     if ((ret = get_pix_fmt_depth(&dst_min_depth, &dst_max_depth, dst_pix_fmt)) < 0)
-        return ret;
+        return -3;
 
     src_color = get_color_type(src_desc);
     dst_color = get_color_type(dst_desc);
@@ -2554,21 +2715,27 @@ enum AVPixelFormat av_find_best_pix_fmt_of_2(enum AVPixelFormat dst_pix_fmt1, en
     const AVPixFmtDescriptor *desc2 = av_pix_fmt_desc_get(dst_pix_fmt2);
     int score1, score2;
 
-    loss_mask= loss_ptr?~*loss_ptr:~0; /* use loss mask if provided */
-    if(!has_alpha)
-        loss_mask &= ~FF_LOSS_ALPHA;
+    if (!desc1) {
+        dst_pix_fmt = dst_pix_fmt2;
+    } else if (!desc2) {
+        dst_pix_fmt = dst_pix_fmt1;
+    } else {
+        loss_mask= loss_ptr?~*loss_ptr:~0; /* use loss mask if provided */
+        if(!has_alpha)
+            loss_mask &= ~FF_LOSS_ALPHA;
 
-    score1 = get_pix_fmt_score(dst_pix_fmt1, src_pix_fmt, &loss1, loss_mask);
-    score2 = get_pix_fmt_score(dst_pix_fmt2, src_pix_fmt, &loss2, loss_mask);
+        score1 = get_pix_fmt_score(dst_pix_fmt1, src_pix_fmt, &loss1, loss_mask);
+        score2 = get_pix_fmt_score(dst_pix_fmt2, src_pix_fmt, &loss2, loss_mask);
 
-    if (score1 == score2) {
-        if(av_get_padded_bits_per_pixel(desc2) != av_get_padded_bits_per_pixel(desc1)) {
-            dst_pix_fmt = av_get_padded_bits_per_pixel(desc2) < av_get_padded_bits_per_pixel(desc1) ? dst_pix_fmt2 : dst_pix_fmt1;
+        if (score1 == score2) {
+            if(av_get_padded_bits_per_pixel(desc2) != av_get_padded_bits_per_pixel(desc1)) {
+                dst_pix_fmt = av_get_padded_bits_per_pixel(desc2) < av_get_padded_bits_per_pixel(desc1) ? dst_pix_fmt2 : dst_pix_fmt1;
+            } else {
+                dst_pix_fmt = desc2->nb_components < desc1->nb_components ? dst_pix_fmt2 : dst_pix_fmt1;
+            }
         } else {
-            dst_pix_fmt = desc2->nb_components < desc1->nb_components ? dst_pix_fmt2 : dst_pix_fmt1;
+            dst_pix_fmt = score1 < score2 ? dst_pix_fmt2 : dst_pix_fmt1;
         }
-    } else {
-        dst_pix_fmt = score1 < score2 ? dst_pix_fmt2 : dst_pix_fmt1;
     }
 
     if (loss_ptr)
@@ -2582,26 +2749,91 @@ const char *av_color_range_name(enum AVColorRange range)
         color_range_names[range] : NULL;
 }
 
+int av_color_range_from_name(const char *name)
+{
+    int i;
+
+    for (i = 0; i < FF_ARRAY_ELEMS(color_range_names); i++) {
+        size_t len = strlen(color_range_names[i]);
+        if (!strncmp(color_range_names[i], name, len))
+            return i;
+    }
+
+    return AVERROR(EINVAL);
+}
+
 const char *av_color_primaries_name(enum AVColorPrimaries primaries)
 {
     return (unsigned) primaries < AVCOL_PRI_NB ?
         color_primaries_names[primaries] : NULL;
 }
 
+int av_color_primaries_from_name(const char *name)
+{
+    int i;
+
+    for (i = 0; i < FF_ARRAY_ELEMS(color_primaries_names); i++) {
+        size_t len = strlen(color_primaries_names[i]);
+        if (!strncmp(color_primaries_names[i], name, len))
+            return i;
+    }
+
+    return AVERROR(EINVAL);
+}
+
 const char *av_color_transfer_name(enum AVColorTransferCharacteristic transfer)
 {
     return (unsigned) transfer < AVCOL_TRC_NB ?
         color_transfer_names[transfer] : NULL;
 }
 
+int av_color_transfer_from_name(const char *name)
+{
+    int i;
+
+    for (i = 0; i < FF_ARRAY_ELEMS(color_transfer_names); i++) {
+        size_t len = strlen(color_transfer_names[i]);
+        if (!strncmp(color_transfer_names[i], name, len))
+            return i;
+    }
+
+    return AVERROR(EINVAL);
+}
+
 const char *av_color_space_name(enum AVColorSpace space)
 {
     return (unsigned) space < AVCOL_SPC_NB ?
         color_space_names[space] : NULL;
 }
 
+int av_color_space_from_name(const char *name)
+{
+    int i;
+
+    for (i = 0; i < FF_ARRAY_ELEMS(color_space_names); i++) {
+        size_t len = strlen(color_space_names[i]);
+        if (!strncmp(color_space_names[i], name, len))
+            return i;
+    }
+
+    return AVERROR(EINVAL);
+}
+
 const char *av_chroma_location_name(enum AVChromaLocation location)
 {
     return (unsigned) location < AVCHROMA_LOC_NB ?
         chroma_location_names[location] : NULL;
 }
+
+int av_chroma_location_from_name(const char *name)
+{
+    int i;
+
+    for (i = 0; i < FF_ARRAY_ELEMS(chroma_location_names); i++) {
+        size_t len = strlen(chroma_location_names[i]);
+        if (!strncmp(chroma_location_names[i], name, len))
+            return i;
+    }
+
+    return AVERROR(EINVAL);
+}
diff --git a/media/ffvpx/libavutil/pixdesc.h b/media/ffvpx/libavutil/pixdesc.h
index a8ad58891..fc3737c4a 100644
--- a/media/ffvpx/libavutil/pixdesc.h
+++ b/media/ffvpx/libavutil/pixdesc.h
@@ -173,6 +173,17 @@ typedef struct AVPixFmtDescriptor {
 #define AV_PIX_FMT_FLAG_ALPHA        (1 << 7)
 
 /**
+ * The pixel format is following a Bayer pattern
+ */
+#define AV_PIX_FMT_FLAG_BAYER        (1 << 8)
+
+/**
+ * The pixel format contains IEEE-754 floating point values. Precision (double,
+ * single, or half) should be determined by the pixel size (64, 32, or 16 bits).
+ */
+#define AV_PIX_FMT_FLAG_FLOAT        (1 << 9)
+
+/**
  * Return the number of bits per pixel used by the pixel format
  * described by pixdesc. Note that this is not the same as the number
  * of bits per sample.
@@ -240,26 +251,51 @@ int av_pix_fmt_count_planes(enum AVPixelFormat pix_fmt);
 const char *av_color_range_name(enum AVColorRange range);
 
 /**
+ * @return the AVColorRange value for name or an AVError if not found.
+ */
+int av_color_range_from_name(const char *name);
+
+/**
  * @return the name for provided color primaries or NULL if unknown.
  */
 const char *av_color_primaries_name(enum AVColorPrimaries primaries);
 
 /**
+ * @return the AVColorPrimaries value for name or an AVError if not found.
+ */
+int av_color_primaries_from_name(const char *name);
+
+/**
  * @return the name for provided color transfer or NULL if unknown.
  */
 const char *av_color_transfer_name(enum AVColorTransferCharacteristic transfer);
 
 /**
+ * @return the AVColorTransferCharacteristic value for name or an AVError if not found.
+ */
+int av_color_transfer_from_name(const char *name);
+
+/**
  * @return the name for provided color space or NULL if unknown.
  */
 const char *av_color_space_name(enum AVColorSpace space);
 
 /**
+ * @return the AVColorSpace value for name or an AVError if not found.
+ */
+int av_color_space_from_name(const char *name);
+
+/**
  * @return the name for provided chroma location or NULL if unknown.
  */
 const char *av_chroma_location_name(enum AVChromaLocation location);
 
 /**
+ * @return the AVChromaLocation value for name or an AVError if not found.
+ */
+int av_chroma_location_from_name(const char *name);
+
+/**
  * Return the pixel format corresponding to name.
  *
  * If there is no pixel format with name name, then looks for a
diff --git a/media/ffvpx/libavutil/pixfmt.h b/media/ffvpx/libavutil/pixfmt.h
index 7a3f68be7..24889c8e5 100644
--- a/media/ffvpx/libavutil/pixfmt.h
+++ b/media/ffvpx/libavutil/pixfmt.h
@@ -240,7 +240,7 @@ enum AVPixelFormat {
      */
     AV_PIX_FMT_MMAL,
 
-    AV_PIX_FMT_D3D11VA_VLD,  ///< HW decoding through Direct3D11, Picture.data[3] contains a ID3D11VideoDecoderOutputView pointer
+    AV_PIX_FMT_D3D11VA_VLD,  ///< HW decoding through Direct3D11 via old API, Picture.data[3] contains a ID3D11VideoDecoderOutputView pointer
 
     /**
      * HW acceleration through CUDA. data[i] contain CUdeviceptr pointers
@@ -306,6 +306,41 @@ enum AVPixelFormat {
 
     AV_PIX_FMT_MEDIACODEC, ///< hardware decoding through MediaCodec
 
+    AV_PIX_FMT_GRAY12BE,   ///<        Y        , 12bpp, big-endian
+    AV_PIX_FMT_GRAY12LE,   ///<        Y        , 12bpp, little-endian
+    AV_PIX_FMT_GRAY10BE,   ///<        Y        , 10bpp, big-endian
+    AV_PIX_FMT_GRAY10LE,   ///<        Y        , 10bpp, little-endian
+
+    AV_PIX_FMT_P016LE, ///< like NV12, with 16bpp per component, little-endian
+    AV_PIX_FMT_P016BE, ///< like NV12, with 16bpp per component, big-endian
+
+    /**
+     * Hardware surfaces for Direct3D11.
+     *
+     * This is preferred over the legacy AV_PIX_FMT_D3D11VA_VLD. The new D3D11
+     * hwaccel API and filtering support AV_PIX_FMT_D3D11 only.
+     *
+     * data[0] contains a ID3D11Texture2D pointer, and data[1] contains the
+     * texture array index of the frame as intptr_t if the ID3D11Texture2D is
+     * an array texture (or always 0 if it's a normal texture).
+     */
+    AV_PIX_FMT_D3D11,
+
+    AV_PIX_FMT_GRAY9BE,   ///<        Y        , 9bpp, big-endian
+    AV_PIX_FMT_GRAY9LE,   ///<        Y        , 9bpp, little-endian
+
+    AV_PIX_FMT_GBRPF32BE,  ///< IEEE-754 single precision planar GBR 4:4:4,     96bpp, big-endian
+    AV_PIX_FMT_GBRPF32LE,  ///< IEEE-754 single precision planar GBR 4:4:4,     96bpp, little-endian
+    AV_PIX_FMT_GBRAPF32BE, ///< IEEE-754 single precision planar GBRA 4:4:4:4, 128bpp, big-endian
+    AV_PIX_FMT_GBRAPF32LE, ///< IEEE-754 single precision planar GBRA 4:4:4:4, 128bpp, little-endian
+
+    /**
+     * DRM-managed buffers exposed through PRIME buffer sharing.
+     *
+     * data[0] points to an AVDRMFrameDescriptor.
+     */
+    AV_PIX_FMT_DRM_PRIME,
+
     AV_PIX_FMT_NB         ///< number of pixel formats, DO NOT USE THIS if you want to link with shared libav* because the number of formats might differ between versions
 };
 
@@ -322,6 +357,9 @@ enum AVPixelFormat {
 #define AV_PIX_FMT_0RGB32  AV_PIX_FMT_NE(0RGB, BGR0)
 #define AV_PIX_FMT_0BGR32  AV_PIX_FMT_NE(0BGR, RGB0)
 
+#define AV_PIX_FMT_GRAY9  AV_PIX_FMT_NE(GRAY9BE,  GRAY9LE)
+#define AV_PIX_FMT_GRAY10 AV_PIX_FMT_NE(GRAY10BE, GRAY10LE)
+#define AV_PIX_FMT_GRAY12 AV_PIX_FMT_NE(GRAY12BE, GRAY12LE)
 #define AV_PIX_FMT_GRAY16 AV_PIX_FMT_NE(GRAY16BE, GRAY16LE)
 #define AV_PIX_FMT_YA16   AV_PIX_FMT_NE(YA16BE,   YA16LE)
 #define AV_PIX_FMT_RGB48  AV_PIX_FMT_NE(RGB48BE,  RGB48LE)
@@ -367,6 +405,8 @@ enum AVPixelFormat {
 #define AV_PIX_FMT_BAYER_GBRG16 AV_PIX_FMT_NE(BAYER_GBRG16BE,    BAYER_GBRG16LE)
 #define AV_PIX_FMT_BAYER_GRBG16 AV_PIX_FMT_NE(BAYER_GRBG16BE,    BAYER_GRBG16LE)
 
+#define AV_PIX_FMT_GBRPF32    AV_PIX_FMT_NE(GBRPF32BE,  GBRPF32LE)
+#define AV_PIX_FMT_GBRAPF32   AV_PIX_FMT_NE(GBRAPF32BE, GBRAPF32LE)
 
 #define AV_PIX_FMT_YUVA420P9  AV_PIX_FMT_NE(YUVA420P9BE , YUVA420P9LE)
 #define AV_PIX_FMT_YUVA422P9  AV_PIX_FMT_NE(YUVA422P9BE , YUVA422P9LE)
@@ -382,9 +422,11 @@ enum AVPixelFormat {
 #define AV_PIX_FMT_NV20       AV_PIX_FMT_NE(NV20BE,  NV20LE)
 #define AV_PIX_FMT_AYUV64     AV_PIX_FMT_NE(AYUV64BE, AYUV64LE)
 #define AV_PIX_FMT_P010       AV_PIX_FMT_NE(P010BE,  P010LE)
+#define AV_PIX_FMT_P016       AV_PIX_FMT_NE(P016BE,  P016LE)
 
 /**
   * Chromaticity coordinates of the source primaries.
+  * These values match the ones defined by ISO/IEC 23001-8_2013 § 7.1.
   */
 enum AVColorPrimaries {
     AVCOL_PRI_RESERVED0   = 0,
@@ -398,14 +440,17 @@ enum AVColorPrimaries {
     AVCOL_PRI_SMPTE240M   = 7,  ///< functionally identical to above
     AVCOL_PRI_FILM        = 8,  ///< colour filters using Illuminant C
     AVCOL_PRI_BT2020      = 9,  ///< ITU-R BT2020
-    AVCOL_PRI_SMPTEST428_1 = 10, ///< SMPTE ST 428-1 (CIE 1931 XYZ)
-    AVCOL_PRI_SMPTE431    = 11, ///< SMPTE ST 431-2 (2011)
-    AVCOL_PRI_SMPTE432    = 12, ///< SMPTE ST 432-1 D65 (2010)
+    AVCOL_PRI_SMPTE428    = 10, ///< SMPTE ST 428-1 (CIE 1931 XYZ)
+    AVCOL_PRI_SMPTEST428_1 = AVCOL_PRI_SMPTE428,
+    AVCOL_PRI_SMPTE431    = 11, ///< SMPTE ST 431-2 (2011) / DCI P3
+    AVCOL_PRI_SMPTE432    = 12, ///< SMPTE ST 432-1 (2010) / P3 D65 / Display P3
+    AVCOL_PRI_JEDEC_P22   = 22, ///< JEDEC P22 phosphors
     AVCOL_PRI_NB                ///< Not part of ABI
 };
 
 /**
  * Color Transfer Characteristic.
+ * These values match the ones defined by ISO/IEC 23001-8_2013 § 7.2.
  */
 enum AVColorTransferCharacteristic {
     AVCOL_TRC_RESERVED0    = 0,
@@ -424,14 +469,17 @@ enum AVColorTransferCharacteristic {
     AVCOL_TRC_IEC61966_2_1 = 13, ///< IEC 61966-2-1 (sRGB or sYCC)
     AVCOL_TRC_BT2020_10    = 14, ///< ITU-R BT2020 for 10-bit system
     AVCOL_TRC_BT2020_12    = 15, ///< ITU-R BT2020 for 12-bit system
-    AVCOL_TRC_SMPTEST2084  = 16, ///< SMPTE ST 2084 for 10-, 12-, 14- and 16-bit systems
-    AVCOL_TRC_SMPTEST428_1 = 17, ///< SMPTE ST 428-1
+    AVCOL_TRC_SMPTE2084    = 16, ///< SMPTE ST 2084 for 10-, 12-, 14- and 16-bit systems
+    AVCOL_TRC_SMPTEST2084  = AVCOL_TRC_SMPTE2084,
+    AVCOL_TRC_SMPTE428     = 17, ///< SMPTE ST 428-1
+    AVCOL_TRC_SMPTEST428_1 = AVCOL_TRC_SMPTE428,
     AVCOL_TRC_ARIB_STD_B67 = 18, ///< ARIB STD-B67, known as "Hybrid log-gamma"
     AVCOL_TRC_NB                 ///< Not part of ABI
 };
 
 /**
  * YUV colorspace type.
+ * These values match the ones defined by ISO/IEC 23001-8_2013 § 7.3.
  */
 enum AVColorSpace {
     AVCOL_SPC_RGB         = 0,  ///< order of coefficients is actually GBR, also IEC 61966-2-1 (sRGB)
@@ -442,14 +490,16 @@ enum AVColorSpace {
     AVCOL_SPC_BT470BG     = 5,  ///< also ITU-R BT601-6 625 / ITU-R BT1358 625 / ITU-R BT1700 625 PAL & SECAM / IEC 61966-2-4 xvYCC601
     AVCOL_SPC_SMPTE170M   = 6,  ///< also ITU-R BT601-6 525 / ITU-R BT1358 525 / ITU-R BT1700 NTSC
     AVCOL_SPC_SMPTE240M   = 7,  ///< functionally identical to above
-    AVCOL_SPC_YCOCG       = 8,  ///< Used by Dirac / VC-2 and H.264 FRext, see ITU-T SG16
+    AVCOL_SPC_YCGCO       = 8,  ///< Used by Dirac / VC-2 and H.264 FRext, see ITU-T SG16
+    AVCOL_SPC_YCOCG       = AVCOL_SPC_YCGCO,
     AVCOL_SPC_BT2020_NCL  = 9,  ///< ITU-R BT2020 non-constant luminance system
     AVCOL_SPC_BT2020_CL   = 10, ///< ITU-R BT2020 constant luminance system
     AVCOL_SPC_SMPTE2085   = 11, ///< SMPTE 2085, Y'D'zD'x
+    AVCOL_SPC_CHROMA_DERIVED_NCL = 12, ///< Chromaticity-derived non-constant luminance system
+    AVCOL_SPC_CHROMA_DERIVED_CL = 13, ///< Chromaticity-derived constant luminance system
+    AVCOL_SPC_ICTCP       = 14, ///< ITU-R BT.2100-0, ICtCp
     AVCOL_SPC_NB                ///< Not part of ABI
 };
-#define AVCOL_SPC_YCGCO AVCOL_SPC_YCOCG
-
 
 /**
  * MPEG vs JPEG YUV range.
diff --git a/media/ffvpx/libavcodec/ff_options_table.h b/media/ffvpx/libavutil/reverse.h
index ee01275d3..4eb612393 100644
--- a/media/ffvpx/libavcodec/ff_options_table.h
+++ b/media/ffvpx/libavutil/reverse.h
@@ -1,5 +1,4 @@
 /*
- * Copyright (c) 2001 Fabrice Bellard
  * Copyright (c) 2002-2004 Michael Niedermayer <michaelni@gmx.at>
  *
  * This file is part of FFmpeg.
@@ -19,12 +18,11 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
  */
 
-#ifndef AVCODEC_OPTIONS_TABLE_H
-#define AVCODEC_OPTIONS_TABLE_H
+#ifndef AVUTIL_REVERSE_H
+#define AVUTIL_REVERSE_H
 
-#include "libavutil/opt.h"
-static const AVOption avcodec_options[] = {
-{NULL},
-};
+#include <stdint.h>
 
-#endif /* AVCODEC_OPTIONS_TABLE_H */
+extern const uint8_t ff_reverse[256];
+
+#endif /* AVUTIL_REVERSE_H */
diff --git a/media/ffvpx/libavutil/slicethread.c b/media/ffvpx/libavutil/slicethread.c
new file mode 100644
index 000000000..c43f87a2a
--- /dev/null
+++ b/media/ffvpx/libavutil/slicethread.c
@@ -0,0 +1,259 @@
+/*
+ * This file is part of FFmpeg.
+ *
+ * FFmpeg is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * FFmpeg is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with FFmpeg; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#include <stdatomic.h>
+#include "slicethread.h"
+#include "mem.h"
+#include "thread.h"
+#include "avassert.h"
+
+#if HAVE_PTHREADS || HAVE_W32THREADS || HAVE_OS2THREADS
+
+typedef struct WorkerContext {
+    AVSliceThread   *ctx;
+    pthread_mutex_t mutex;
+    pthread_cond_t  cond;
+    pthread_t       thread;
+    int             done;
+} WorkerContext;
+
+struct AVSliceThread {
+    WorkerContext   *workers;
+    int             nb_threads;
+    int             nb_active_threads;
+    int             nb_jobs;
+
+    atomic_uint     first_job;
+    atomic_uint     current_job;
+    pthread_mutex_t done_mutex;
+    pthread_cond_t  done_cond;
+    int             done;
+    int             finished;
+
+    void            *priv;
+    void            (*worker_func)(void *priv, int jobnr, int threadnr, int nb_jobs, int nb_threads);
+    void            (*main_func)(void *priv);
+};
+
+static int run_jobs(AVSliceThread *ctx)
+{
+    unsigned nb_jobs    = ctx->nb_jobs;
+    unsigned nb_active_threads = ctx->nb_active_threads;
+    unsigned first_job    = atomic_fetch_add_explicit(&ctx->first_job, 1, memory_order_acq_rel);
+    unsigned current_job  = first_job;
+
+    do {
+        ctx->worker_func(ctx->priv, current_job, first_job, nb_jobs, nb_active_threads);
+    } while ((current_job = atomic_fetch_add_explicit(&ctx->current_job, 1, memory_order_acq_rel)) < nb_jobs);
+
+    return current_job == nb_jobs + nb_active_threads - 1;
+}
+
+static void *attribute_align_arg thread_worker(void *v)
+{
+    WorkerContext *w = v;
+    AVSliceThread *ctx = w->ctx;
+
+    pthread_mutex_lock(&w->mutex);
+    pthread_cond_signal(&w->cond);
+
+    while (1) {
+        w->done = 1;
+        while (w->done)
+            pthread_cond_wait(&w->cond, &w->mutex);
+
+        if (ctx->finished) {
+            pthread_mutex_unlock(&w->mutex);
+            return NULL;
+        }
+
+        if (run_jobs(ctx)) {
+            pthread_mutex_lock(&ctx->done_mutex);
+            ctx->done = 1;
+            pthread_cond_signal(&ctx->done_cond);
+            pthread_mutex_unlock(&ctx->done_mutex);
+        }
+    }
+}
+
+int avpriv_slicethread_create(AVSliceThread **pctx, void *priv,
+                              void (*worker_func)(void *priv, int jobnr, int threadnr, int nb_jobs, int nb_threads),
+                              void (*main_func)(void *priv),
+                              int nb_threads)
+{
+    AVSliceThread *ctx;
+    int nb_workers, i;
+
+#if HAVE_W32THREADS
+    w32thread_init();
+#endif
+
+    av_assert0(nb_threads >= 0);
+    if (!nb_threads) {
+        int nb_cpus = av_cpu_count();
+        if (nb_cpus > 1)
+            nb_threads = nb_cpus + 1;
+        else
+            nb_threads = 1;
+    }
+
+    nb_workers = nb_threads;
+    if (!main_func)
+        nb_workers--;
+
+    *pctx = ctx = av_mallocz(sizeof(*ctx));
+    if (!ctx)
+        return AVERROR(ENOMEM);
+
+    if (nb_workers && !(ctx->workers = av_calloc(nb_workers, sizeof(*ctx->workers)))) {
+        av_freep(pctx);
+        return AVERROR(ENOMEM);
+    }
+
+    ctx->priv        = priv;
+    ctx->worker_func = worker_func;
+    ctx->main_func   = main_func;
+    ctx->nb_threads  = nb_threads;
+    ctx->nb_active_threads = 0;
+    ctx->nb_jobs     = 0;
+    ctx->finished    = 0;
+
+    atomic_init(&ctx->first_job, 0);
+    atomic_init(&ctx->current_job, 0);
+    pthread_mutex_init(&ctx->done_mutex, NULL);
+    pthread_cond_init(&ctx->done_cond, NULL);
+    ctx->done        = 0;
+
+    for (i = 0; i < nb_workers; i++) {
+        WorkerContext *w = &ctx->workers[i];
+        int ret;
+        w->ctx = ctx;
+        pthread_mutex_init(&w->mutex, NULL);
+        pthread_cond_init(&w->cond, NULL);
+        pthread_mutex_lock(&w->mutex);
+        w->done = 0;
+
+        if (ret = pthread_create(&w->thread, NULL, thread_worker, w)) {
+            ctx->nb_threads = main_func ? i : i + 1;
+            pthread_mutex_unlock(&w->mutex);
+            pthread_cond_destroy(&w->cond);
+            pthread_mutex_destroy(&w->mutex);
+            avpriv_slicethread_free(pctx);
+            return AVERROR(ret);
+        }
+
+        while (!w->done)
+            pthread_cond_wait(&w->cond, &w->mutex);
+        pthread_mutex_unlock(&w->mutex);
+    }
+
+    return nb_threads;
+}
+
+void avpriv_slicethread_execute(AVSliceThread *ctx, int nb_jobs, int execute_main)
+{
+    int nb_workers, i, is_last = 0;
+
+    av_assert0(nb_jobs > 0);
+    ctx->nb_jobs           = nb_jobs;
+    ctx->nb_active_threads = FFMIN(nb_jobs, ctx->nb_threads);
+    atomic_store_explicit(&ctx->first_job, 0, memory_order_relaxed);
+    atomic_store_explicit(&ctx->current_job, ctx->nb_active_threads, memory_order_relaxed);
+    nb_workers             = ctx->nb_active_threads;
+    if (!ctx->main_func || !execute_main)
+        nb_workers--;
+
+    for (i = 0; i < nb_workers; i++) {
+        WorkerContext *w = &ctx->workers[i];
+        pthread_mutex_lock(&w->mutex);
+        w->done = 0;
+        pthread_cond_signal(&w->cond);
+        pthread_mutex_unlock(&w->mutex);
+    }
+
+    if (ctx->main_func && execute_main)
+        ctx->main_func(ctx->priv);
+    else
+        is_last = run_jobs(ctx);
+
+    if (!is_last) {
+        pthread_mutex_lock(&ctx->done_mutex);
+        while (!ctx->done)
+            pthread_cond_wait(&ctx->done_cond, &ctx->done_mutex);
+        ctx->done = 0;
+        pthread_mutex_unlock(&ctx->done_mutex);
+    }
+}
+
+void avpriv_slicethread_free(AVSliceThread **pctx)
+{
+    AVSliceThread *ctx;
+    int nb_workers, i;
+
+    if (!pctx || !*pctx)
+        return;
+
+    ctx = *pctx;
+    nb_workers = ctx->nb_threads;
+    if (!ctx->main_func)
+        nb_workers--;
+
+    ctx->finished = 1;
+    for (i = 0; i < nb_workers; i++) {
+        WorkerContext *w = &ctx->workers[i];
+        pthread_mutex_lock(&w->mutex);
+        w->done = 0;
+        pthread_cond_signal(&w->cond);
+        pthread_mutex_unlock(&w->mutex);
+    }
+
+    for (i = 0; i < nb_workers; i++) {
+        WorkerContext *w = &ctx->workers[i];
+        pthread_join(w->thread, NULL);
+        pthread_cond_destroy(&w->cond);
+        pthread_mutex_destroy(&w->mutex);
+    }
+
+    pthread_cond_destroy(&ctx->done_cond);
+    pthread_mutex_destroy(&ctx->done_mutex);
+    av_freep(&ctx->workers);
+    av_freep(pctx);
+}
+
+#else /* HAVE_PTHREADS || HAVE_W32THREADS || HAVE_OS32THREADS */
+
+int avpriv_slicethread_create(AVSliceThread **pctx, void *priv,
+                              void (*worker_func)(void *priv, int jobnr, int threadnr, int nb_jobs, int nb_threads),
+                              void (*main_func)(void *priv),
+                              int nb_threads)
+{
+    *pctx = NULL;
+    return AVERROR(EINVAL);
+}
+
+void avpriv_slicethread_execute(AVSliceThread *ctx, int nb_jobs, int execute_main)
+{
+    av_assert0(0);
+}
+
+void avpriv_slicethread_free(AVSliceThread **pctx)
+{
+    av_assert0(!pctx || !*pctx);
+}
+
+#endif /* HAVE_PTHREADS || HAVE_W32THREADS || HAVE_OS32THREADS */
diff --git a/media/ffvpx/libavutil/slicethread.h b/media/ffvpx/libavutil/slicethread.h
new file mode 100644
index 000000000..f6f6f302c
--- /dev/null
+++ b/media/ffvpx/libavutil/slicethread.h
@@ -0,0 +1,52 @@
+/*
+ * This file is part of FFmpeg.
+ *
+ * FFmpeg is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * FFmpeg is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with FFmpeg; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#ifndef AVUTIL_SLICETHREAD_H
+#define AVUTIL_SLICETHREAD_H
+
+typedef struct AVSliceThread AVSliceThread;
+
+/**
+ * Create slice threading context.
+ * @param pctx slice threading context returned here
+ * @param priv private pointer to be passed to callback function
+ * @param worker_func callback function to be executed
+ * @param main_func special callback function, called from main thread, may be NULL
+ * @param nb_threads number of threads, 0 for automatic, must be >= 0
+ * @return return number of threads or negative AVERROR on failure
+ */
+int avpriv_slicethread_create(AVSliceThread **pctx, void *priv,
+                              void (*worker_func)(void *priv, int jobnr, int threadnr, int nb_jobs, int nb_threads),
+                              void (*main_func)(void *priv),
+                              int nb_threads);
+
+/**
+ * Execute slice threading.
+ * @param ctx slice threading context
+ * @param nb_jobs number of jobs, must be > 0
+ * @param execute_main also execute main_func
+ */
+void avpriv_slicethread_execute(AVSliceThread *ctx, int nb_jobs, int execute_main);
+
+/**
+ * Destroy slice threading context.
+ * @param pctx pointer to context
+ */
+void avpriv_slicethread_free(AVSliceThread **pctx);
+
+#endif
diff --git a/media/ffvpx/libavutil/thread.h b/media/ffvpx/libavutil/thread.h
index 32ddf4036..f108e2005 100644
--- a/media/ffvpx/libavutil/thread.h
+++ b/media/ffvpx/libavutil/thread.h
@@ -26,8 +26,6 @@
 
 #if HAVE_PTHREADS || HAVE_W32THREADS || HAVE_OS2THREADS
 
-#define USE_ATOMICS 0
-
 #if HAVE_PTHREADS
 #include <pthread.h>
 
@@ -38,8 +36,11 @@
 #define ASSERT_PTHREAD_NORET(func, ...) do {                            \
     int ret = func(__VA_ARGS__);                                        \
     if (ret) {                                                          \
+        char errbuf[AV_ERROR_MAX_STRING_SIZE] = "";                     \
         av_log(NULL, AV_LOG_FATAL, AV_STRINGIFY(func)                   \
-               " failed with error: %s\n", av_err2str(AVERROR(ret)));   \
+               " failed with error: %s\n",                              \
+               av_make_error_string(errbuf, AV_ERROR_MAX_STRING_SIZE,   \
+                                    AVERROR(ret)));                     \
         abort();                                                        \
     }                                                                   \
 } while (0)
@@ -146,8 +147,6 @@ static inline int strict_pthread_once(pthread_once_t *once_control, void (*init_
 
 #else
 
-#define USE_ATOMICS 1
-
 #define AVMutex char
 
 #define ff_mutex_init(mutex, attr) (0)
diff --git a/media/ffvpx/libavutil/threadmessage.c b/media/ffvpx/libavutil/threadmessage.c
index 7c5cd2463..872e9392b 100644
--- a/media/ffvpx/libavutil/threadmessage.c
+++ b/media/ffvpx/libavutil/threadmessage.c
@@ -69,7 +69,7 @@ int av_thread_message_queue_alloc(AVThreadMessageQueue **mq,
         pthread_cond_destroy(&rmq->cond_recv);
         pthread_mutex_destroy(&rmq->lock);
         av_free(rmq);
-        return AVERROR(ret);
+        return AVERROR(ENOMEM);
     }
     rmq->elsize = elsize;
     *mq = rmq;
diff --git a/media/ffvpx/libavutil/time.c b/media/ffvpx/libavutil/time.c
index 69419e6f3..80d1faf26 100644
--- a/media/ffvpx/libavutil/time.c
+++ b/media/ffvpx/libavutil/time.c
@@ -56,17 +56,25 @@ int64_t av_gettime(void)
 int64_t av_gettime_relative(void)
 {
 #if HAVE_CLOCK_GETTIME && defined(CLOCK_MONOTONIC)
-    struct timespec ts;
-    clock_gettime(CLOCK_MONOTONIC, &ts);
-    return (int64_t)ts.tv_sec * 1000000 + ts.tv_nsec / 1000;
-#else
-    return av_gettime() + 42 * 60 * 60 * INT64_C(1000000);
+#ifdef __APPLE__
+    if (clock_gettime)
+#endif
+    {
+        struct timespec ts;
+        clock_gettime(CLOCK_MONOTONIC, &ts);
+        return (int64_t)ts.tv_sec * 1000000 + ts.tv_nsec / 1000;
+    }
 #endif
+    return av_gettime() + 42 * 60 * 60 * INT64_C(1000000);
 }
 
 int av_gettime_relative_is_monotonic(void)
 {
 #if HAVE_CLOCK_GETTIME && defined(CLOCK_MONOTONIC)
+#ifdef __APPLE__
+    if (!clock_gettime)
+        return 0;
+#endif
     return 1;
 #else
     return 0;
diff --git a/media/ffvpx/libavutil/timecode.c b/media/ffvpx/libavutil/timecode.c
index fa92df1ef..c0c67c847 100644
--- a/media/ffvpx/libavutil/timecode.c
+++ b/media/ffvpx/libavutil/timecode.c
@@ -129,7 +129,8 @@ char *av_timecode_make_smpte_tc_string(char *buf, uint32_t tcsmpte, int prevent_
 
 char *av_timecode_make_mpeg_tc_string(char *buf, uint32_t tc25bit)
 {
-    snprintf(buf, AV_TIMECODE_STR_SIZE, "%02u:%02u:%02u%c%02u",
+    snprintf(buf, AV_TIMECODE_STR_SIZE,
+             "%02"PRIu32":%02"PRIu32":%02"PRIu32"%c%02"PRIu32,
              tc25bit>>19 & 0x1f,              // 5-bit hours
              tc25bit>>13 & 0x3f,              // 6-bit minutes
              tc25bit>>6  & 0x3f,              // 6-bit seconds
diff --git a/media/ffvpx/libavutil/timecode.h b/media/ffvpx/libavutil/timecode.h
index 56e3975fd..37c1361bc 100644
--- a/media/ffvpx/libavutil/timecode.h
+++ b/media/ffvpx/libavutil/timecode.h
@@ -30,7 +30,7 @@
 #include <stdint.h>
 #include "rational.h"
 
-#define AV_TIMECODE_STR_SIZE 16
+#define AV_TIMECODE_STR_SIZE 23
 
 enum AVTimecodeFlag {
     AV_TIMECODE_FLAG_DROPFRAME      = 1<<0, ///< timecode is drop frame
diff --git a/media/ffvpx/libavutil/timer.h b/media/ffvpx/libavutil/timer.h
index ed3b04787..f7ab455df 100644
--- a/media/ffvpx/libavutil/timer.h
+++ b/media/ffvpx/libavutil/timer.h
@@ -26,12 +26,22 @@
 #ifndef AVUTIL_TIMER_H
 #define AVUTIL_TIMER_H
 
+#include "config.h"
+
+#if CONFIG_LINUX_PERF
+# ifndef _GNU_SOURCE
+#  define _GNU_SOURCE
+# endif
+# include <unistd.h> // read(3)
+# include <sys/ioctl.h>
+# include <asm/unistd.h>
+# include <linux/perf_event.h>
+#endif
+
 #include <stdlib.h>
 #include <stdint.h>
 #include <inttypes.h>
 
-#include "config.h"
-
 #if HAVE_MACH_MACH_TIME_H
 #include <mach/mach_time.h>
 #endif
@@ -60,23 +70,17 @@
 #   define FF_TIMER_UNITS "UNITS"
 #endif
 
-#ifdef AV_READ_TIME
-#define START_TIMER                             \
-    uint64_t tend;                              \
-    uint64_t tstart = AV_READ_TIME();           \
-
-#define STOP_TIMER(id)                                                    \
-    tend = AV_READ_TIME();                                                \
+#define TIMER_REPORT(id, tdiff)                                           \
     {                                                                     \
         static uint64_t tsum   = 0;                                       \
         static int tcount      = 0;                                       \
         static int tskip_count = 0;                                       \
         static int thistogram[32] = {0};                                  \
-        thistogram[av_log2(tend - tstart)]++;                             \
-        if (tcount < 2                        ||                          \
-            tend - tstart < 8 * tsum / tcount ||                          \
-            tend - tstart < 2000) {                                       \
-            tsum+= tend - tstart;                                         \
+        thistogram[av_log2(tdiff)]++;                                     \
+        if (tcount < 2                ||                                  \
+            (tdiff) < 8 * tsum / tcount ||                                \
+            (tdiff) < 2000) {                                             \
+            tsum += (tdiff);                                              \
             tcount++;                                                     \
         } else                                                            \
             tskip_count++;                                                \
@@ -90,6 +94,45 @@
             av_log(NULL, AV_LOG_ERROR, "\n");                             \
         }                                                                 \
     }
+
+#if CONFIG_LINUX_PERF
+
+#define START_TIMER                                                         \
+    static int linux_perf_fd;                                               \
+    uint64_t tperf;                                                         \
+    if (!linux_perf_fd) {                                                   \
+        struct perf_event_attr attr = {                                     \
+            .type           = PERF_TYPE_HARDWARE,                           \
+            .size           = sizeof(struct perf_event_attr),               \
+            .config         = PERF_COUNT_HW_CPU_CYCLES,                     \
+            .disabled       = 1,                                            \
+            .exclude_kernel = 1,                                            \
+            .exclude_hv     = 1,                                            \
+        };                                                                  \
+        linux_perf_fd = syscall(__NR_perf_event_open, &attr,                \
+                                0, -1, -1, 0);                              \
+    }                                                                       \
+    if (linux_perf_fd == -1) {                                              \
+        av_log(NULL, AV_LOG_ERROR, "perf_event_open failed: %s\n",          \
+               av_err2str(AVERROR(errno)));                                 \
+    } else {                                                                \
+        ioctl(linux_perf_fd, PERF_EVENT_IOC_RESET, 0);                      \
+        ioctl(linux_perf_fd, PERF_EVENT_IOC_ENABLE, 0);                     \
+    }
+
+#define STOP_TIMER(id)                                                      \
+    ioctl(linux_perf_fd, PERF_EVENT_IOC_DISABLE, 0);                        \
+    read(linux_perf_fd, &tperf, sizeof(tperf));                             \
+    TIMER_REPORT(id, tperf)
+
+#elif defined(AV_READ_TIME)
+#define START_TIMER                             \
+    uint64_t tend;                              \
+    uint64_t tstart = AV_READ_TIME();           \
+
+#define STOP_TIMER(id)                                                    \
+    tend = AV_READ_TIME();                                                \
+    TIMER_REPORT(id, tend - tstart)
 #else
 #define START_TIMER
 #define STOP_TIMER(id) { }
diff --git a/media/ffvpx/libavutil/utils.c b/media/ffvpx/libavutil/utils.c
index 36e4dd5fd..2c170db2e 100644
--- a/media/ffvpx/libavutil/utils.c
+++ b/media/ffvpx/libavutil/utils.c
@@ -121,6 +121,29 @@ unsigned av_int_list_length_for_size(unsigned elsize,
     return i;
 }
 
+char *av_fourcc_make_string(char *buf, uint32_t fourcc)
+{
+    int i;
+    char *orig_buf = buf;
+    size_t buf_size = AV_FOURCC_MAX_STRING_SIZE;
+
+    for (i = 0; i < 4; i++) {
+        const int c = fourcc & 0xff;
+        const int print_chr = (c >= '0' && c <= '9') ||
+                              (c >= 'a' && c <= 'z') ||
+                              (c >= 'A' && c <= 'Z') ||
+                              (c && strchr(". -_", c));
+        const int len = snprintf(buf, buf_size, print_chr ? "%c" : "[%d]", c);
+        if (len < 0)
+            break;
+        buf += len;
+        buf_size = buf_size > len ? buf_size - len : 0;
+        fourcc >>= 8;
+    }
+
+    return orig_buf;
+}
+
 AVRational av_get_time_base_q(void)
 {
     return (AVRational){1, AV_TIME_BASE};
@@ -129,7 +152,7 @@ AVRational av_get_time_base_q(void)
 void av_assert0_fpu(void) {
 #if HAVE_MMX_INLINE
     uint16_t state[14];
-     __asm volatile (
+     __asm__ volatile (
         "fstenv %0 \n\t"
         : "+m" (state)
         :
diff --git a/media/ffvpx/libavutil/version.h b/media/ffvpx/libavutil/version.h
index bdd310f85..f594dc069 100644
--- a/media/ffvpx/libavutil/version.h
+++ b/media/ffvpx/libavutil/version.h
@@ -78,8 +78,9 @@
  * @{
  */
 
+
 #define LIBAVUTIL_VERSION_MAJOR  55
-#define LIBAVUTIL_VERSION_MINOR  34
+#define LIBAVUTIL_VERSION_MINOR  78
 #define LIBAVUTIL_VERSION_MICRO 100
 
 #define LIBAVUTIL_VERSION_INT   AV_VERSION_INT(LIBAVUTIL_VERSION_MAJOR, \
@@ -135,6 +136,9 @@
 #ifndef FF_API_PKT_PTS
 #define FF_API_PKT_PTS                  (LIBAVUTIL_VERSION_MAJOR < 56)
 #endif
+#ifndef FF_API_CRYPTO_SIZE_T
+#define FF_API_CRYPTO_SIZE_T            (LIBAVUTIL_VERSION_MAJOR < 56)
+#endif
 
 
 /**
diff --git a/media/ffvpx/libavutil/x86/cpu.c b/media/ffvpx/libavutil/x86/cpu.c
index f3a49c677..f33088c8c 100644
--- a/media/ffvpx/libavutil/x86/cpu.c
+++ b/media/ffvpx/libavutil/x86/cpu.c
@@ -28,7 +28,7 @@
 #include "libavutil/cpu.h"
 #include "libavutil/cpu_internal.h"
 
-#if HAVE_YASM
+#if HAVE_X86ASM
 
 #define cpuid(index, eax, ebx, ecx, edx)        \
     ff_cpu_cpuid(index, &eax, &ebx, &ecx, &edx)
@@ -66,7 +66,7 @@
 
 #define cpuid_test() 1
 
-#elif HAVE_YASM
+#elif HAVE_X86ASM
 
 #define cpuid_test ff_cpu_cpuid_test
 
@@ -221,9 +221,42 @@ int ff_get_cpu_flags_x86(void)
          * functions on the Atom. */
         if (family == 6 && model == 28)
             rval |= AV_CPU_FLAG_ATOM;
+
+        /* Conroe has a slow shuffle unit. Check the model number to ensure not
+         * to include crippled low-end Penryns and Nehalems that lack SSE4. */
+        if ((rval & AV_CPU_FLAG_SSSE3) && !(rval & AV_CPU_FLAG_SSE4) &&
+            family == 6 && model < 23)
+            rval |= AV_CPU_FLAG_SSSE3SLOW;
     }
 
 #endif /* cpuid */
 
     return rval;
 }
+
+size_t ff_get_cpu_max_align_x86(void)
+{
+    int flags = av_get_cpu_flags();
+
+    if (flags & (AV_CPU_FLAG_AVX2      |
+                 AV_CPU_FLAG_AVX       |
+                 AV_CPU_FLAG_XOP       |
+                 AV_CPU_FLAG_FMA4      |
+                 AV_CPU_FLAG_FMA3      |
+                 AV_CPU_FLAG_AVXSLOW))
+        return 32;
+    if (flags & (AV_CPU_FLAG_AESNI     |
+                 AV_CPU_FLAG_SSE42     |
+                 AV_CPU_FLAG_SSE4      |
+                 AV_CPU_FLAG_SSSE3     |
+                 AV_CPU_FLAG_SSE3      |
+                 AV_CPU_FLAG_SSE2      |
+                 AV_CPU_FLAG_SSE       |
+                 AV_CPU_FLAG_ATOM      |
+                 AV_CPU_FLAG_SSSE3SLOW |
+                 AV_CPU_FLAG_SSE3SLOW  |
+                 AV_CPU_FLAG_SSE2SLOW))
+        return 16;
+
+    return 8;
+}
diff --git a/media/ffvpx/libavutil/x86/cpu.h b/media/ffvpx/libavutil/x86/cpu.h
index f171037f1..309b8e746 100644
--- a/media/ffvpx/libavutil/x86/cpu.h
+++ b/media/ffvpx/libavutil/x86/cpu.h
@@ -38,6 +38,8 @@
 #define X86_SSE3_FAST(flags)        CPUEXT_FAST(flags, SSE3)
 #define X86_SSE3_SLOW(flags)        CPUEXT_SLOW(flags, SSE3)
 #define X86_SSSE3(flags)            CPUEXT(flags, SSSE3)
+#define X86_SSSE3_FAST(flags)       CPUEXT_FAST(flags, SSSE3)
+#define X86_SSSE3_SLOW(flags)       CPUEXT_SLOW(flags, SSSE3)
 #define X86_SSE4(flags)             CPUEXT(flags, SSE4)
 #define X86_SSE42(flags)            CPUEXT(flags, SSE42)
 #define X86_AVX(flags)              CPUEXT(flags, AVX)
@@ -61,6 +63,8 @@
 #define EXTERNAL_SSE3_FAST(flags)   CPUEXT_SUFFIX_FAST(flags, _EXTERNAL, SSE3)
 #define EXTERNAL_SSE3_SLOW(flags)   CPUEXT_SUFFIX_SLOW(flags, _EXTERNAL, SSE3)
 #define EXTERNAL_SSSE3(flags)       CPUEXT_SUFFIX(flags, _EXTERNAL, SSSE3)
+#define EXTERNAL_SSSE3_FAST(flags)  CPUEXT_SUFFIX_FAST(flags, _EXTERNAL, SSSE3)
+#define EXTERNAL_SSSE3_SLOW(flags)  CPUEXT_SUFFIX_SLOW(flags, _EXTERNAL, SSSE3)
 #define EXTERNAL_SSE4(flags)        CPUEXT_SUFFIX(flags, _EXTERNAL, SSE4)
 #define EXTERNAL_SSE42(flags)       CPUEXT_SUFFIX(flags, _EXTERNAL, SSE42)
 #define EXTERNAL_AVX(flags)         CPUEXT_SUFFIX(flags, _EXTERNAL, AVX)
@@ -88,6 +92,8 @@
 #define INLINE_SSE3_FAST(flags)     CPUEXT_SUFFIX_FAST(flags, _INLINE, SSE3)
 #define INLINE_SSE3_SLOW(flags)     CPUEXT_SUFFIX_SLOW(flags, _INLINE, SSE3)
 #define INLINE_SSSE3(flags)         CPUEXT_SUFFIX(flags, _INLINE, SSSE3)
+#define INLINE_SSSE3_FAST(flags)    CPUEXT_SUFFIX_FAST(flags, _INLINE, SSSE3)
+#define INLINE_SSSE3_SLOW(flags)    CPUEXT_SUFFIX_SLOW(flags, _INLINE, SSSE3)
 #define INLINE_SSE4(flags)          CPUEXT_SUFFIX(flags, _INLINE, SSE4)
 #define INLINE_SSE42(flags)         CPUEXT_SUFFIX(flags, _INLINE, SSE42)
 #define INLINE_AVX(flags)           CPUEXT_SUFFIX(flags, _INLINE, AVX)
diff --git a/media/ffvpx/libavutil/x86/emms.asm b/media/ffvpx/libavutil/x86/emms.asm
index 0aad34af3..8611762d7 100644
--- a/media/ffvpx/libavutil/x86/emms.asm
+++ b/media/ffvpx/libavutil/x86/emms.asm
@@ -23,8 +23,8 @@
 SECTION .text
 
 ;-----------------------------------------------------------------------------
-; void avpriv_emms_yasm(void)
+; void avpriv_emms_asm(void)
 ;-----------------------------------------------------------------------------
-cvisible emms_yasm, 0, 0
+cvisible emms_asm, 0, 0
     emms
     RET
diff --git a/media/ffvpx/libavutil/x86/emms.h b/media/ffvpx/libavutil/x86/emms.h
index 42c18e295..c21e34b45 100644
--- a/media/ffvpx/libavutil/x86/emms.h
+++ b/media/ffvpx/libavutil/x86/emms.h
@@ -23,7 +23,7 @@
 #include "libavutil/attributes.h"
 #include "libavutil/cpu.h"
 
-void avpriv_emms_yasm(void);
+void avpriv_emms_asm(void);
 
 #if HAVE_MMX_INLINE
 #   define emms_c emms_c
@@ -49,7 +49,7 @@ static av_always_inline void emms_c(void)
 #   include <mmintrin.h>
 #   define emms_c _mm_empty
 #elif HAVE_MMX_EXTERNAL
-#   define emms_c avpriv_emms_yasm
+#   define emms_c avpriv_emms_asm
 #endif /* HAVE_MMX_INLINE */
 
 #endif /* AVUTIL_X86_EMMS_H */
diff --git a/media/ffvpx/libavutil/x86/float_dsp.asm b/media/ffvpx/libavutil/x86/float_dsp.asm
index 021ff03c8..06d2d2cfd 100644
--- a/media/ffvpx/libavutil/x86/float_dsp.asm
+++ b/media/ffvpx/libavutil/x86/float_dsp.asm
@@ -22,6 +22,9 @@
 
 %include "x86util.asm"
 
+SECTION_RODATA 32
+pd_reverse: dd 7, 6, 5, 4, 3, 2, 1, 0
+
 SECTION .text
 
 ;-----------------------------------------------------------------------------
@@ -149,6 +152,69 @@ INIT_XMM sse
 VECTOR_FMUL_SCALAR
 
 ;------------------------------------------------------------------------------
+; void ff_vector_dmac_scalar(double *dst, const double *src, double mul,
+;                            int len)
+;------------------------------------------------------------------------------
+
+%macro VECTOR_DMAC_SCALAR 0
+%if ARCH_X86_32
+cglobal vector_dmac_scalar, 2,4,5, dst, src, mul, len, lenaddr
+    mov          lenq, lenaddrm
+    VBROADCASTSD m0, mulm
+%else
+%if UNIX64
+cglobal vector_dmac_scalar, 3,3,5, dst, src, len
+%else
+cglobal vector_dmac_scalar, 4,4,5, dst, src, mul, len
+    SWAP 0, 2
+%endif
+    movlhps     xm0, xm0
+%if cpuflag(avx)
+    vinsertf128  m0, m0, xm0, 1
+%endif
+%endif
+    lea    lenq, [lend*8-mmsize*4]
+.loop:
+%if cpuflag(fma3)
+    movaps   m1,     [dstq+lenq]
+    movaps   m2,     [dstq+lenq+1*mmsize]
+    movaps   m3,     [dstq+lenq+2*mmsize]
+    movaps   m4,     [dstq+lenq+3*mmsize]
+    fmaddpd  m1, m0, [srcq+lenq], m1
+    fmaddpd  m2, m0, [srcq+lenq+1*mmsize], m2
+    fmaddpd  m3, m0, [srcq+lenq+2*mmsize], m3
+    fmaddpd  m4, m0, [srcq+lenq+3*mmsize], m4
+%else ; cpuflag
+    mulpd    m1, m0, [srcq+lenq]
+    mulpd    m2, m0, [srcq+lenq+1*mmsize]
+    mulpd    m3, m0, [srcq+lenq+2*mmsize]
+    mulpd    m4, m0, [srcq+lenq+3*mmsize]
+    addpd    m1, m1, [dstq+lenq]
+    addpd    m2, m2, [dstq+lenq+1*mmsize]
+    addpd    m3, m3, [dstq+lenq+2*mmsize]
+    addpd    m4, m4, [dstq+lenq+3*mmsize]
+%endif ; cpuflag
+    movaps [dstq+lenq], m1
+    movaps [dstq+lenq+1*mmsize], m2
+    movaps [dstq+lenq+2*mmsize], m3
+    movaps [dstq+lenq+3*mmsize], m4
+    sub    lenq, mmsize*4
+    jge .loop
+    REP_RET
+%endmacro
+
+INIT_XMM sse2
+VECTOR_DMAC_SCALAR
+%if HAVE_AVX_EXTERNAL
+INIT_YMM avx
+VECTOR_DMAC_SCALAR
+%endif
+%if HAVE_FMA3_EXTERNAL
+INIT_YMM fma3
+VECTOR_DMAC_SCALAR
+%endif
+
+;------------------------------------------------------------------------------
 ; void ff_vector_dmul_scalar(double *dst, const double *src, double mul,
 ;                            int len)
 ;------------------------------------------------------------------------------
@@ -177,8 +243,8 @@ cglobal vector_dmul_scalar, 4,4,3, dst, src, mul, len
 .loop:
     mulpd          m1, m0, [srcq+lenq       ]
     mulpd          m2, m0, [srcq+lenq+mmsize]
-    mova   [dstq+lenq       ], m1
-    mova   [dstq+lenq+mmsize], m2
+    movaps [dstq+lenq       ], m1
+    movaps [dstq+lenq+mmsize], m2
     sub          lenq, 2*mmsize
     jge .loop
     REP_RET
@@ -296,10 +362,16 @@ VECTOR_FMUL_ADD
 ;-----------------------------------------------------------------------------
 %macro VECTOR_FMUL_REVERSE 0
 cglobal vector_fmul_reverse, 4,4,2, dst, src0, src1, len
+%if cpuflag(avx2)
+    movaps  m2, [pd_reverse]
+%endif
     lea       lenq, [lend*4 - 2*mmsize]
 ALIGN 16
 .loop:
-%if cpuflag(avx)
+%if cpuflag(avx2)
+    vpermps m0, m2, [src1q]
+    vpermps m1, m2, [src1q+mmsize]
+%elif cpuflag(avx)
     vmovaps     xmm0, [src1q + 16]
     vinsertf128 m0, m0, [src1q], 1
     vshufps     m0, m0, m0, q0123
@@ -314,8 +386,8 @@ ALIGN 16
 %endif
     mulps   m0, m0, [src0q + lenq + mmsize]
     mulps   m1, m1, [src0q + lenq]
-    mova    [dstq + lenq + mmsize], m0
-    mova    [dstq + lenq], m1
+    movaps  [dstq + lenq + mmsize], m0
+    movaps  [dstq + lenq], m1
     add     src1q, 2*mmsize
     sub     lenq,  2*mmsize
     jge     .loop
@@ -328,6 +400,10 @@ VECTOR_FMUL_REVERSE
 INIT_YMM avx
 VECTOR_FMUL_REVERSE
 %endif
+%if HAVE_AVX2_EXTERNAL
+INIT_YMM avx2
+VECTOR_FMUL_REVERSE
+%endif
 
 ; float scalarproduct_float_sse(const float *v1, const float *v2, int len)
 INIT_XMM sse
diff --git a/media/ffvpx/libavutil/x86/float_dsp_init.c b/media/ffvpx/libavutil/x86/float_dsp_init.c
index c836a78e1..122087a19 100644
--- a/media/ffvpx/libavutil/x86/float_dsp_init.c
+++ b/media/ffvpx/libavutil/x86/float_dsp_init.c
@@ -39,6 +39,13 @@ void ff_vector_fmac_scalar_fma3(float *dst, const float *src, float mul,
 void ff_vector_fmul_scalar_sse(float *dst, const float *src, float mul,
                                int len);
 
+void ff_vector_dmac_scalar_sse2(double *dst, const double *src, double mul,
+                                int len);
+void ff_vector_dmac_scalar_avx(double *dst, const double *src, double mul,
+                               int len);
+void ff_vector_dmac_scalar_fma3(double *dst, const double *src, double mul,
+                                int len);
+
 void ff_vector_dmul_scalar_sse2(double *dst, const double *src,
                                 double mul, int len);
 void ff_vector_dmul_scalar_avx(double *dst, const double *src,
@@ -60,10 +67,12 @@ void ff_vector_fmul_reverse_sse(float *dst, const float *src0,
                                 const float *src1, int len);
 void ff_vector_fmul_reverse_avx(float *dst, const float *src0,
                                 const float *src1, int len);
+void ff_vector_fmul_reverse_avx2(float *dst, const float *src0,
+                                 const float *src1, int len);
 
 float ff_scalarproduct_float_sse(const float *v1, const float *v2, int order);
 
-void ff_butterflies_float_sse(float *src0, float *src1, int len);
+void ff_butterflies_float_sse(float *av_restrict src0, float *av_restrict src1, int len);
 
 av_cold void ff_float_dsp_init_x86(AVFloatDSPContext *fdsp)
 {
@@ -83,17 +92,23 @@ av_cold void ff_float_dsp_init_x86(AVFloatDSPContext *fdsp)
         fdsp->butterflies_float   = ff_butterflies_float_sse;
     }
     if (EXTERNAL_SSE2(cpu_flags)) {
+        fdsp->vector_dmac_scalar = ff_vector_dmac_scalar_sse2;
         fdsp->vector_dmul_scalar = ff_vector_dmul_scalar_sse2;
     }
     if (EXTERNAL_AVX_FAST(cpu_flags)) {
         fdsp->vector_fmul = ff_vector_fmul_avx;
         fdsp->vector_fmac_scalar = ff_vector_fmac_scalar_avx;
         fdsp->vector_dmul_scalar = ff_vector_dmul_scalar_avx;
+        fdsp->vector_dmac_scalar = ff_vector_dmac_scalar_avx;
         fdsp->vector_fmul_add    = ff_vector_fmul_add_avx;
         fdsp->vector_fmul_reverse = ff_vector_fmul_reverse_avx;
     }
+    if (EXTERNAL_AVX2_FAST(cpu_flags)) {
+        fdsp->vector_fmul_reverse = ff_vector_fmul_reverse_avx2;
+    }
     if (EXTERNAL_FMA3_FAST(cpu_flags)) {
         fdsp->vector_fmac_scalar = ff_vector_fmac_scalar_fma3;
         fdsp->vector_fmul_add    = ff_vector_fmul_add_fma3;
+        fdsp->vector_dmac_scalar = ff_vector_dmac_scalar_fma3;
     }
 }
diff --git a/media/ffvpx/libavutil/x86/imgutils.asm b/media/ffvpx/libavutil/x86/imgutils.asm
new file mode 100644
index 000000000..3cca56cdc
--- /dev/null
+++ b/media/ffvpx/libavutil/x86/imgutils.asm
@@ -0,0 +1,53 @@
+;*****************************************************************************
+;* Copyright 2016 Anton Khirnov
+;*
+;* This file is part of FFmpeg.
+;*
+;* FFmpeg is free software; you can redistribute it and/or
+;* modify it under the terms of the GNU Lesser General Public
+;* License as published by the Free Software Foundation; either
+;* version 2.1 of the License, or (at your option) any later version.
+;*
+;* FFmpeg is distributed in the hope that it will be useful,
+;* but WITHOUT ANY WARRANTY; without even the implied warranty of
+;* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+;* Lesser General Public License for more details.
+;*
+;* You should have received a copy of the GNU Lesser General Public
+;* License along with FFmpeg; if not, write to the Free Software
+;* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+;******************************************************************************
+
+%include "libavutil/x86/x86util.asm"
+
+SECTION .text
+
+INIT_XMM sse4
+cglobal image_copy_plane_uc_from, 6, 7, 4, dst, dst_linesize, src, src_linesize, bw, height, rowpos
+    add dstq, bwq
+    add srcq, bwq
+    neg bwq
+
+.row_start:
+    mov rowposq, bwq
+
+.loop:
+    movntdqa m0, [srcq + rowposq + 0 * mmsize]
+    movntdqa m1, [srcq + rowposq + 1 * mmsize]
+    movntdqa m2, [srcq + rowposq + 2 * mmsize]
+    movntdqa m3, [srcq + rowposq + 3 * mmsize]
+
+    mova [dstq + rowposq + 0 * mmsize], m0
+    mova [dstq + rowposq + 1 * mmsize], m1
+    mova [dstq + rowposq + 2 * mmsize], m2
+    mova [dstq + rowposq + 3 * mmsize], m3
+
+    add rowposq, 4 * mmsize
+    jnz .loop
+
+    add srcq, src_linesizeq
+    add dstq, dst_linesizeq
+    dec heightd
+    jnz .row_start
+
+    RET
diff --git a/media/ffvpx/libavutil/x86/imgutils_init.c b/media/ffvpx/libavutil/x86/imgutils_init.c
new file mode 100644
index 000000000..4ea398205
--- /dev/null
+++ b/media/ffvpx/libavutil/x86/imgutils_init.c
@@ -0,0 +1,49 @@
+/*
+ * This file is part of FFmpeg.
+ *
+ * FFmpeg is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * FFmpeg is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with FFmpeg; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#include <stddef.h>
+#include <stdint.h>
+
+#include "libavutil/cpu.h"
+#include "libavutil/error.h"
+#include "libavutil/imgutils.h"
+#include "libavutil/imgutils_internal.h"
+#include "libavutil/internal.h"
+
+#include "cpu.h"
+
+void ff_image_copy_plane_uc_from_sse4(uint8_t *dst, ptrdiff_t dst_linesize,
+                                      const uint8_t *src, ptrdiff_t src_linesize,
+                                      ptrdiff_t bytewidth, int height);
+
+int ff_image_copy_plane_uc_from_x86(uint8_t       *dst, ptrdiff_t dst_linesize,
+                                    const uint8_t *src, ptrdiff_t src_linesize,
+                                    ptrdiff_t bytewidth, int height)
+{
+    int cpu_flags = av_get_cpu_flags();
+    ptrdiff_t bw_aligned = FFALIGN(bytewidth, 64);
+
+    if (EXTERNAL_SSE4(cpu_flags) &&
+        bw_aligned <= dst_linesize && bw_aligned <= src_linesize)
+        ff_image_copy_plane_uc_from_sse4(dst, dst_linesize, src, src_linesize,
+                                         bw_aligned, height);
+    else
+        return AVERROR(ENOSYS);
+
+    return 0;
+}
diff --git a/media/ffvpx/libavutil/x86/moz.build b/media/ffvpx/libavutil/x86/moz.build
index 1d1a6ca67..b56ed75ea 100644
--- a/media/ffvpx/libavutil/x86/moz.build
+++ b/media/ffvpx/libavutil/x86/moz.build
@@ -12,6 +12,8 @@ SOURCES += [
     'fixed_dsp_init.c',
     'float_dsp.asm',
     'float_dsp_init.c',
+    'imgutils.asm',
+    'imgutils_init.c',
     'lls.asm',
     'lls_init.c'
 ]
diff --git a/media/ffvpx/libavutil/x86/x86inc.asm b/media/ffvpx/libavutil/x86/x86inc.asm
index b2e9c6019..6a054a3e0 100644
--- a/media/ffvpx/libavutil/x86/x86inc.asm
+++ b/media/ffvpx/libavutil/x86/x86inc.asm
@@ -1,7 +1,7 @@
 ;*****************************************************************************
 ;* x86inc.asm: x264asm abstraction layer
 ;*****************************************************************************
-;* Copyright (C) 2005-2016 x264 project
+;* Copyright (C) 2005-2017 x264 project
 ;*
 ;* Authors: Loren Merritt <lorenm@u.washington.edu>
 ;*          Anton Mitrofanov <BugMaster@narod.ru>
@@ -87,7 +87,9 @@
 ; keep supporting OS/2.
 %macro SECTION_RODATA 0-1 16
     %ifidn __OUTPUT_FORMAT__,aout
-        section .text
+        SECTION .text
+    %elifidn __OUTPUT_FORMAT__,coff
+        SECTION .text
     %else
         SECTION .rodata align=%1
     %endif
@@ -385,7 +387,14 @@ DECLARE_REG_TMP_SIZE 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14
     %ifnum %1
         %if %1 != 0 && required_stack_alignment > STACK_ALIGNMENT
             %if %1 > 0
+                ; Reserve an additional register for storing the original stack pointer, but avoid using
+                ; eax/rax for this purpose since it can potentially get overwritten as a return value.
                 %assign regs_used (regs_used + 1)
+                %if ARCH_X86_64 && regs_used == 7
+                    %assign regs_used 8
+                %elif ARCH_X86_64 == 0 && regs_used == 1
+                    %assign regs_used 2
+                %endif
             %endif
             %if ARCH_X86_64 && regs_used < 5 + UNIX64 * 3
                 ; Ensure that we don't clobber any registers containing arguments. For UNIX64 we also preserve r6 (rax)
@@ -419,10 +428,10 @@ DECLARE_REG 7,  rdi, 64
 DECLARE_REG 8,  rsi, 72
 DECLARE_REG 9,  rbx, 80
 DECLARE_REG 10, rbp, 88
-DECLARE_REG 11, R12, 96
-DECLARE_REG 12, R13, 104
-DECLARE_REG 13, R14, 112
-DECLARE_REG 14, R15, 120
+DECLARE_REG 11, R14, 96
+DECLARE_REG 12, R15, 104
+DECLARE_REG 13, R12, 112
+DECLARE_REG 14, R13, 120
 
 %macro PROLOGUE 2-5+ 0 ; #args, #regs, #xmm_regs, [stack_size,] arg_names...
     %assign num_args %1
@@ -468,41 +477,42 @@ DECLARE_REG 14, R15, 120
     WIN64_PUSH_XMM
 %endmacro
 
-%macro WIN64_RESTORE_XMM_INTERNAL 1
+%macro WIN64_RESTORE_XMM_INTERNAL 0
     %assign %%pad_size 0
     %if xmm_regs_used > 8
         %assign %%i xmm_regs_used
         %rep xmm_regs_used-8
             %assign %%i %%i-1
-            movaps xmm %+ %%i, [%1 + (%%i-8)*16 + stack_size + 32]
+            movaps xmm %+ %%i, [rsp + (%%i-8)*16 + stack_size + 32]
         %endrep
     %endif
     %if stack_size_padded > 0
         %if stack_size > 0 && required_stack_alignment > STACK_ALIGNMENT
             mov rsp, rstkm
         %else
-            add %1, stack_size_padded
+            add rsp, stack_size_padded
             %assign %%pad_size stack_size_padded
         %endif
     %endif
     %if xmm_regs_used > 7
-        movaps xmm7, [%1 + stack_offset - %%pad_size + 24]
+        movaps xmm7, [rsp + stack_offset - %%pad_size + 24]
     %endif
     %if xmm_regs_used > 6
-        movaps xmm6, [%1 + stack_offset - %%pad_size +  8]
+        movaps xmm6, [rsp + stack_offset - %%pad_size +  8]
     %endif
 %endmacro
 
-%macro WIN64_RESTORE_XMM 1
-    WIN64_RESTORE_XMM_INTERNAL %1
+%macro WIN64_RESTORE_XMM 0
+    WIN64_RESTORE_XMM_INTERNAL
     %assign stack_offset (stack_offset-stack_size_padded)
+    %assign stack_size_padded 0
     %assign xmm_regs_used 0
 %endmacro
 
 %define has_epilogue regs_used > 7 || xmm_regs_used > 6 || mmsize == 32 || stack_size > 0
 
 %macro RET 0
-    WIN64_RESTORE_XMM_INTERNAL rsp
+    WIN64_RESTORE_XMM_INTERNAL
     POP_IF_USED 14, 13, 12, 11, 10, 9, 8, 7
     %if mmsize == 32
         vzeroupper
@@ -523,10 +533,10 @@ DECLARE_REG 7,  R10, 16
 DECLARE_REG 8,  R11, 24
 DECLARE_REG 9,  rbx, 32
 DECLARE_REG 10, rbp, 40
-DECLARE_REG 11, R12, 48
-DECLARE_REG 12, R13, 56
-DECLARE_REG 13, R14, 64
-DECLARE_REG 14, R15, 72
+DECLARE_REG 11, R14, 48
+DECLARE_REG 12, R15, 56
+DECLARE_REG 13, R12, 64
+DECLARE_REG 14, R13, 72
 
 %macro PROLOGUE 2-5+ ; #args, #regs, #xmm_regs, [stack_size,] arg_names...
     %assign num_args %1
@@ -618,7 +628,7 @@ DECLARE_ARG 7, 8, 9, 10, 11, 12, 13, 14
 %if WIN64 == 0
     %macro WIN64_SPILL_XMM 1
     %endmacro
-    %macro WIN64_RESTORE_XMM 1
+    %macro WIN64_RESTORE_XMM 0
     %endmacro
     %macro WIN64_PUSH_XMM 0
     %endmacro
@@ -629,7 +639,7 @@ DECLARE_ARG 7, 8, 9, 10, 11, 12, 13, 14
 ; We can automatically detect "follows a branch", but not a branch target.
 ; (SSSE3 is a sufficient condition to know that your cpu doesn't have this problem.)
 %macro REP_RET 0
-    %if has_epilogue
+    %if has_epilogue || cpuflag(ssse3)
         RET
     %else
         rep ret
@@ -780,25 +790,25 @@ BRANCH_INSTR jz, je, jnz, jne, jl, jle, jnl, jnle, jg, jge, jng, jnge, ja, jae,
 %assign cpuflags_sse      (1<<4) | cpuflags_mmx2
 %assign cpuflags_sse2     (1<<5) | cpuflags_sse
 %assign cpuflags_sse2slow (1<<6) | cpuflags_sse2
-%assign cpuflags_sse3     (1<<7) | cpuflags_sse2
-%assign cpuflags_ssse3    (1<<8) | cpuflags_sse3
-%assign cpuflags_sse4     (1<<9) | cpuflags_ssse3
-%assign cpuflags_sse42    (1<<10)| cpuflags_sse4
-%assign cpuflags_avx      (1<<11)| cpuflags_sse42
-%assign cpuflags_xop      (1<<12)| cpuflags_avx
-%assign cpuflags_fma4     (1<<13)| cpuflags_avx
-%assign cpuflags_fma3     (1<<14)| cpuflags_avx
-%assign cpuflags_avx2     (1<<15)| cpuflags_fma3
-
-%assign cpuflags_cache32  (1<<16)
-%assign cpuflags_cache64  (1<<17)
-%assign cpuflags_slowctz  (1<<18)
-%assign cpuflags_lzcnt    (1<<19)
-%assign cpuflags_aligned  (1<<20) ; not a cpu feature, but a function variant
-%assign cpuflags_atom     (1<<21)
-%assign cpuflags_bmi1     (1<<22)|cpuflags_lzcnt
-%assign cpuflags_bmi2     (1<<23)|cpuflags_bmi1
-%assign cpuflags_aesni    (1<<24)|cpuflags_sse42
+%assign cpuflags_lzcnt    (1<<7) | cpuflags_sse2
+%assign cpuflags_sse3     (1<<8) | cpuflags_sse2
+%assign cpuflags_ssse3    (1<<9) | cpuflags_sse3
+%assign cpuflags_sse4     (1<<10)| cpuflags_ssse3
+%assign cpuflags_sse42    (1<<11)| cpuflags_sse4
+%assign cpuflags_aesni    (1<<12)| cpuflags_sse42
+%assign cpuflags_avx      (1<<13)| cpuflags_sse42
+%assign cpuflags_xop      (1<<14)| cpuflags_avx
+%assign cpuflags_fma4     (1<<15)| cpuflags_avx
+%assign cpuflags_fma3     (1<<16)| cpuflags_avx
+%assign cpuflags_bmi1     (1<<17)| cpuflags_avx|cpuflags_lzcnt
+%assign cpuflags_bmi2     (1<<18)| cpuflags_bmi1
+%assign cpuflags_avx2     (1<<19)| cpuflags_fma3|cpuflags_bmi2
+
+%assign cpuflags_cache32  (1<<20)
+%assign cpuflags_cache64  (1<<21)
+%assign cpuflags_slowctz  (1<<22)
+%assign cpuflags_aligned  (1<<23) ; not a cpu feature, but a function variant
+%assign cpuflags_atom     (1<<24)
 
 ; Returns a boolean value expressing whether or not the specified cpuflag is enabled.
 %define    cpuflag(x) (((((cpuflags & (cpuflags_ %+ x)) ^ (cpuflags_ %+ x)) - 1) >> 31) & 1)
@@ -1030,7 +1040,11 @@ INIT_XMM
 
 ; Append cpuflags to the callee's name iff the appended name is known and the plain name isn't
 %macro call 1
-    call_internal %1 %+ SUFFIX, %1
+    %ifid %1
+        call_internal %1 %+ SUFFIX, %1
+    %else
+        call %1
+    %endif
 %endmacro
 %macro call_internal 2
     %xdefine %%i %2
diff --git a/media/ffvpx/libavutil/x86/x86util.asm b/media/ffvpx/libavutil/x86/x86util.asm
index 44ed750ae..e1220dfc1 100644
--- a/media/ffvpx/libavutil/x86/x86util.asm
+++ b/media/ffvpx/libavutil/x86/x86util.asm
@@ -29,6 +29,21 @@
 
 %include "libavutil/x86/x86inc.asm"
 
+; expands to [base],...,[base+7*stride]
+%define PASS8ROWS(base, base3, stride, stride3) \
+    [base],           [base  + stride],   [base  + 2*stride], [base3], \
+    [base3 + stride], [base3 + 2*stride], [base3 + stride3],  [base3 + stride*4]
+
+; Interleave low src0 with low src1 and store in src0,
+; interleave high src0 with high src1 and store in src1.
+; %1 - types
+; %2 - index of the register with src0
+; %3 - index of the register with src1
+; %4 - index of the register for intermediate results
+; example for %1 - wd: input: src0: x0 x1 x2 x3 z0 z1 z2 z3
+;                             src1: y0 y1 y2 y3 q0 q1 q2 q3
+;                     output: src0: x0 y0 x1 y1 x2 y2 x3 y3
+;                             src1: z0 q0 z1 q1 z2 q2 z3 q3
 %macro SBUTTERFLY 4
 %ifidn %1, dqqq
     vperm2i128  m%4, m%2, m%3, q0301
@@ -56,6 +71,12 @@
     SWAP %1, %3, %2
 %endmacro
 
+%macro SBUTTERFLYPD 3
+    movlhps m%3, m%1, m%2
+    movhlps m%2, m%2, m%1
+    SWAP %1, %3
+%endmacro
+
 %macro TRANSPOSE4x4B 5
     SBUTTERFLY bw, %1, %2, %5
     SBUTTERFLY bw, %3, %4, %5
@@ -102,12 +123,9 @@
 %macro TRANSPOSE4x4PS 5
     SBUTTERFLYPS %1, %2, %5
     SBUTTERFLYPS %3, %4, %5
-    movlhps m%5, m%1, m%3
-    movhlps m%3, m%1
-    SWAP %5, %1
-    movlhps m%5, m%2, m%4
-    movhlps m%4, m%2
-    SWAP %5, %2, %3
+    SBUTTERFLYPD %1, %3, %5
+    SBUTTERFLYPD %2, %4, %5
+    SWAP %2, %3
 %endmacro
 
 %macro TRANSPOSE8x4D 9-11
@@ -260,6 +278,21 @@
     SWAP       %12, %15
 %endmacro
 
+%macro TRANSPOSE_8X8B 8
+    %if mmsize == 8
+        %error "This macro does not support mmsize == 8"
+    %endif
+    punpcklbw m%1, m%2
+    punpcklbw m%3, m%4
+    punpcklbw m%5, m%6
+    punpcklbw m%7, m%8
+    TRANSPOSE4x4W %1, %3, %5, %7, %2
+    MOVHL m%2, m%1
+    MOVHL m%4, m%3
+    MOVHL m%6, m%5
+    MOVHL m%8, m%7
+%endmacro
+
 ; PABSW macro assumes %1 != %2, while ABS1/2 macros work in-place
 %macro PABSW 2
 %if cpuflag(ssse3)
@@ -799,12 +832,25 @@
     pmaxsd  %1, %2
 %endmacro
 
-%macro VBROADCASTSS 2 ; dst xmm/ymm, src m32
-%if cpuflag(avx)
-    vbroadcastss %1, %2
-%else ; sse
-    movss        %1, %2
-    shufps       %1, %1, 0
+%macro VBROADCASTSS 2 ; dst xmm/ymm, src m32/xmm
+%if cpuflag(avx2)
+    vbroadcastss  %1, %2
+%elif cpuflag(avx)
+    %ifnum sizeof%2         ; avx1 register
+        shufps  xmm%1, xmm%2, xmm%2, q0000
+        %if sizeof%1 >= 32  ; mmsize>=32
+            vinsertf128  %1, %1, xmm%1, 1
+        %endif
+    %else                   ; avx1 memory
+        vbroadcastss  %1, %2
+    %endif
+%else
+    %ifnum sizeof%2         ; sse register
+        shufps  %1, %2, %2, q0000
+    %else                   ; sse memory
+        movss   %1, %2
+        shufps  %1, %1, 0
+    %endif
 %endif
 %endmacro
 
@@ -819,6 +865,21 @@
 %endif
 %endmacro
 
+%macro VPBROADCASTD 2 ; dst xmm/ymm, src m32/xmm
+%if cpuflag(avx2)
+    vpbroadcastd  %1, %2
+%elif cpuflag(avx) && sizeof%1 >= 32
+    %error vpbroadcastd not possible with ymm on avx1. try vbroadcastss
+%else
+    %ifnum sizeof%2         ; sse2 register
+        pshufd  %1, %2, q0000
+    %else                   ; sse memory
+        movd    %1, %2
+        pshufd  %1, %1, 0
+    %endif
+%endif
+%endmacro
+
 %macro SHUFFLE_MASK_W 8
     %rep 8
         %if %1>=0x80
@@ -871,3 +932,79 @@
     psrlq   %1, 8*(%2)
 %endif
 %endmacro
+
+%macro MOVHL 2 ; dst, src
+%ifidn %1, %2
+    punpckhqdq %1, %2
+%elif cpuflag(avx)
+    punpckhqdq %1, %2, %2
+%elif cpuflag(sse4)
+    pshufd     %1, %2, q3232 ; pshufd is slow on some older CPUs, so only use it on more modern ones
+%else
+    movhlps    %1, %2        ; may cause an int/float domain transition and has a dependency on dst
+%endif
+%endmacro
+
+; Horizontal Sum of Packed Single precision floats
+; The resulting sum is in all elements.
+%macro HSUMPS 2 ; dst/src, tmp
+%if cpuflag(avx)
+    %if sizeof%1>=32  ; avx
+        vperm2f128  %2, %1, %1, (0)*16+(1)
+        addps       %1, %2
+    %endif
+    shufps      %2, %1, %1, q1032
+    addps       %1, %2
+    shufps      %2, %1, %1, q0321
+    addps       %1, %2
+%else  ; this form is a bit faster than the short avx-like emulation.
+    movaps      %2, %1
+    shufps      %1, %1, q1032
+    addps       %1, %2
+    movaps      %2, %1
+    shufps      %1, %1, q0321
+    addps       %1, %2
+    ; all %1 members should be equal for as long as float a+b==b+a
+%endif
+%endmacro
+
+; Emulate blendvps if not available
+;
+; src_b is destroyed when using emulation with logical operands
+; SSE41 blendv instruction is hard coded to use xmm0 as mask
+%macro BLENDVPS 3 ; dst/src_a, src_b, mask
+%if cpuflag(avx)
+    blendvps  %1, %1, %2, %3
+%elif cpuflag(sse4)
+    %ifnidn %3,xmm0
+        %error sse41 blendvps uses xmm0 as default 3d operand, you used %3
+    %endif
+    blendvps  %1, %2, %3
+%else
+    xorps  %2, %1
+    andps  %2, %3
+    xorps  %1, %2
+%endif
+%endmacro
+
+; Emulate pblendvb if not available
+;
+; src_b is destroyed when using emulation with logical operands
+; SSE41 blendv instruction is hard coded to use xmm0 as mask
+%macro PBLENDVB 3 ; dst/src_a, src_b, mask
+%if cpuflag(avx)
+    %if cpuflag(avx) && notcpuflag(avx2) && sizeof%1 >= 32
+        %error pblendb not possible with ymm on avx1, try blendvps.
+    %endif
+    pblendvb  %1, %1, %2, %3
+%elif cpuflag(sse4)
+    %ifnidn %3,xmm0
+        %error sse41 pblendvd uses xmm0 as default 3d operand, you used %3
+    %endif
+    pblendvb  %1, %2, %3
+%else
+    pxor  %2, %1
+    pand  %2, %3
+    pxor  %1, %2
+%endif
+%endmacro
diff --git a/media/ffvpx/libavutil_visibility.h b/media/ffvpx/libavutil_visibility.h
index a5cce0844..706aacdf3 100644
--- a/media/ffvpx/libavutil_visibility.h
+++ b/media/ffvpx/libavutil_visibility.h
@@ -9,6 +9,15 @@
 #ifndef MOZILLA_AVUTIL_VISIBILITY_H
 #define MOZILLA_AVUTIL_VISIBILITY_H
 
+// We need to preemptively include <stdlib.h> before anyone[1] has a chance
+// to include <limits.h>. We do this to avoid a Linux clang build error, in
+// -ffreestanding mode, which happens when limits.h defines MB_LEN_MAX to some
+// value that is different from what stdlib.h expects. If we include stdlib.h
+// before limits.h, then they don't get a chance to interact badly.
+//
+// [1] (e.g. libavutil/common.h, which is indirectly included by log.h below.)
+#include <stdlib.h>
+
 #pragma GCC visibility push(default)
 #include "libavutil/cpu.h"
 
diff --git a/netwerk/base/security-prefs.js b/netwerk/base/security-prefs.js
index d1b56ce35..329a4c6b7 100644
--- a/netwerk/base/security-prefs.js
+++ b/netwerk/base/security-prefs.js
@@ -3,7 +3,7 @@
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 pref("security.tls.version.min", 1);
-pref("security.tls.version.max", 4);
+pref("security.tls.version.max", 3);
 pref("security.tls.version.fallback-limit", 3);
 pref("security.tls.insecure_fallback_hosts", "");
 pref("security.tls.unrestricted_rc4_fallback", false);
diff --git a/nsprpub/TAG-INFO b/nsprpub/TAG-INFO
new file mode 100644
index 000000000..ebe7269ae
--- /dev/null
+++ b/nsprpub/TAG-INFO
@@ -0,0 +1 @@
+NSPR_4_16_RTM
diff --git a/nsprpub/configure b/nsprpub/configure
index 19e9fa60f..b8ad2b4eb 100755
--- a/nsprpub/configure
+++ b/nsprpub/configure
@@ -2488,7 +2488,7 @@ test -n "$target_alias" &&
   program_prefix=${target_alias}-
 
 MOD_MAJOR_VERSION=4
-MOD_MINOR_VERSION=18
+MOD_MINOR_VERSION=16
 MOD_PATCH_VERSION=0
 NSPR_MODNAME=nspr20
 _HAVE_PTHREADS=
@@ -6560,13 +6560,11 @@ fi
 
     $as_echo "#define HAVE_POINTER_LOCALTIME_R 1" >>confdefs.h
 
-
     HOST_DARWIN_MAJOR=`echo "$build_os" | sed -E -e 's/^darwin([0-9]+).*$/\1/'`
-
     if test "$HOST_DARWIN_MAJOR" -ge 15 ; then
         $as_echo "#define HAS_CONNECTX 1" >>confdefs.h
-
     fi
+
     AS='$(CC) -x assembler-with-cpp'
     CFLAGS="$CFLAGS -Wall -fno-common"
     case "${target_cpu}" in
@@ -8474,12 +8472,19 @@ case "$target" in
 
     fi
     if test "$USE_PTHREADS"; then
-        cat >>confdefs.h <<_ACEOF
+        if echo "$OS_RELEASE" | egrep '^(B.10.10|B.10.20)' >/dev/null; then
+            $as_echo "#define _REENTRANT 1" >>confdefs.h
+
+            $as_echo "#define _PR_DCETHREADS 1" >>confdefs.h
+
+        else
+            cat >>confdefs.h <<_ACEOF
 #define _POSIX_C_SOURCE 199506L
 _ACEOF
 
-        $as_echo "#define _PR_HAVE_THREADSAFE_GETHOST 1" >>confdefs.h
+            $as_echo "#define _PR_HAVE_THREADSAFE_GETHOST 1" >>confdefs.h
 
+        fi
     fi
     if test "$USE_USER_PTHREADS"; then
         cat >>confdefs.h <<_ACEOF
diff --git a/nsprpub/configure.in b/nsprpub/configure.in
index 7b0b8b395..22b4e7224 100644
--- a/nsprpub/configure.in
+++ b/nsprpub/configure.in
@@ -15,7 +15,7 @@ dnl ========================================================
 dnl = Defaults
 dnl ========================================================
 MOD_MAJOR_VERSION=4
-MOD_MINOR_VERSION=18
+MOD_MINOR_VERSION=16
 MOD_PATCH_VERSION=0
 NSPR_MODNAME=nspr20
 _HAVE_PTHREADS=
@@ -2889,8 +2889,13 @@ case "$target" in
         AC_DEFINE(_PR_LOCAL_THREADS_ONLY)
     fi 
     if test "$USE_PTHREADS"; then
-        AC_DEFINE_UNQUOTED(_POSIX_C_SOURCE,199506L)
-        AC_DEFINE(_PR_HAVE_THREADSAFE_GETHOST)
+        if echo "$OS_RELEASE" | egrep '^(B.10.10|B.10.20)' >/dev/null; then
+            AC_DEFINE(_REENTRANT)
+            AC_DEFINE(_PR_DCETHREADS)
+        else
+            AC_DEFINE_UNQUOTED(_POSIX_C_SOURCE,199506L)
+            AC_DEFINE(_PR_HAVE_THREADSAFE_GETHOST)
+        fi
     fi
     if test "$USE_USER_PTHREADS"; then
         AC_DEFINE_UNQUOTED(_POSIX_C_SOURCE,199506L)
diff --git a/nsprpub/pr/include/md/_pth.h b/nsprpub/pr/include/md/_pth.h
index 5603223a0..eeeef0438 100644
--- a/nsprpub/pr/include/md/_pth.h
+++ b/nsprpub/pr/include/md/_pth.h
@@ -14,7 +14,29 @@
 #define _PR_MD_DISABLE_CLOCK_INTERRUPTS()
 #define _PR_MD_ENABLE_CLOCK_INTERRUPTS()
 
-#if defined(BSDI)
+/* In good standards fashion, the DCE threads (based on posix-4) are not
+ * quite the same as newer posix implementations.  These are mostly name
+ * changes and small differences, so macros usually do the trick
+ */
+#ifdef _PR_DCETHREADS
+#define _PT_PTHREAD_MUTEXATTR_INIT        pthread_mutexattr_create
+#define _PT_PTHREAD_MUTEXATTR_DESTROY     pthread_mutexattr_delete
+#define _PT_PTHREAD_MUTEX_INIT(m, a)      pthread_mutex_init(&(m), a)
+#define _PT_PTHREAD_MUTEX_IS_LOCKED(m)    (0 == pthread_mutex_trylock(&(m)))
+#define _PT_PTHREAD_CONDATTR_INIT         pthread_condattr_create
+#define _PT_PTHREAD_COND_INIT(m, a)       pthread_cond_init(&(m), a)
+#define _PT_PTHREAD_CONDATTR_DESTROY      pthread_condattr_delete
+
+/* Notes about differences between DCE threads and pthreads 10:
+ *   1. pthread_mutex_trylock returns 1 when it locks the mutex
+ *      0 when it does not.  The latest pthreads has a set of errno-like
+ *      return values.
+ *   2. return values from pthread_cond_timedwait are different.
+ *
+ *
+ *
+ */
+#elif defined(BSDI)
 /*
  * Mutex and condition attributes are not supported.  The attr
  * argument to pthread_mutex_init() and pthread_cond_init() must
@@ -84,7 +106,13 @@
  *   PR_EnterMonitor calls any of these functions, infinite
  *   recursion ensues.
  */
-#if defined(IRIX) || defined(OSF1) || defined(AIX) || defined(SOLARIS) \
+#if defined(_PR_DCETHREADS)
+#define _PT_PTHREAD_INVALIDATE_THR_HANDLE(t) \
+	memset(&(t), 0, sizeof(pthread_t))
+#define _PT_PTHREAD_THR_HANDLE_IS_INVALID(t) \
+	(!memcmp(&(t), &pt_zero_tid, sizeof(pthread_t)))
+#define _PT_PTHREAD_COPY_THR_HANDLE(st, dt)   (dt) = (st)
+#elif defined(IRIX) || defined(OSF1) || defined(AIX) || defined(SOLARIS) \
 	|| defined(LINUX) || defined(__GNU__) || defined(__GLIBC__) \
 	|| defined(HPUX) || defined(FREEBSD) \
 	|| defined(NETBSD) || defined(OPENBSD) || defined(BSDI) \
@@ -97,7 +125,17 @@
 #error "pthreads is not supported for this architecture"
 #endif
 
-#if defined(_PR_PTHREADS)
+#if defined(_PR_DCETHREADS)
+#define _PT_PTHREAD_ATTR_INIT            pthread_attr_create
+#define _PT_PTHREAD_ATTR_DESTROY         pthread_attr_delete
+#define _PT_PTHREAD_CREATE(t, a, f, r)   pthread_create(t, a, f, r) 
+#define _PT_PTHREAD_KEY_CREATE           pthread_keycreate
+#define _PT_PTHREAD_ATTR_SETSCHEDPOLICY  pthread_attr_setsched
+#define _PT_PTHREAD_ATTR_GETSTACKSIZE(a, s) \
+                                     (*(s) = pthread_attr_getstacksize(*(a)), 0)
+#define _PT_PTHREAD_GETSPECIFIC(k, r) \
+		pthread_getspecific((k), (pthread_addr_t *) &(r))
+#elif defined(_PR_PTHREADS)
 #define _PT_PTHREAD_ATTR_INIT            pthread_attr_init
 #define _PT_PTHREAD_ATTR_DESTROY         pthread_attr_destroy
 #define _PT_PTHREAD_CREATE(t, a, f, r)   pthread_create(t, &a, f, r) 
@@ -109,6 +147,22 @@
 #error "Cannot determine pthread strategy"
 #endif
 
+#if defined(_PR_DCETHREADS)
+#define _PT_PTHREAD_EXPLICIT_SCHED      _PT_PTHREAD_DEFAULT_SCHED
+#endif
+
+/*
+ * pthread_mutex_trylock returns different values in DCE threads and
+ * pthreads.
+ */
+#if defined(_PR_DCETHREADS)
+#define PT_TRYLOCK_SUCCESS 1
+#define PT_TRYLOCK_BUSY    0
+#else
+#define PT_TRYLOCK_SUCCESS 0
+#define PT_TRYLOCK_BUSY    EBUSY
+#endif
+
 /*
  * These platforms don't have sigtimedwait()
  */
@@ -136,9 +190,16 @@
 #define PT_PRIO_MIN            DEFAULT_PRIO
 #define PT_PRIO_MAX            DEFAULT_PRIO
 #elif defined(HPUX)
+
+#if defined(_PR_DCETHREADS)
+#define PT_PRIO_MIN            PRI_OTHER_MIN
+#define PT_PRIO_MAX            PRI_OTHER_MAX
+#else /* defined(_PR_DCETHREADS) */
 #include <sys/sched.h>
 #define PT_PRIO_MIN            sched_get_priority_min(SCHED_OTHER)
 #define PT_PRIO_MAX            sched_get_priority_max(SCHED_OTHER)
+#endif /* defined(_PR_DCETHREADS) */
+
 #elif defined(LINUX) || defined(__GNU__) || defined(__GLIBC__) \
 	|| defined(FREEBSD) || defined(SYMBIAN)
 #define PT_PRIO_MIN            sched_get_priority_min(SCHED_OTHER)
@@ -177,7 +238,9 @@
  * Needed for garbage collection -- Look at PR_Suspend/PR_Resume
  * implementation.
  */
-#if defined(OSF1)
+#if defined(_PR_DCETHREADS)
+#define _PT_PTHREAD_YIELD()            	pthread_yield()
+#elif defined(OSF1)
 /*
  * sched_yield can't be called from a signal handler.  Must use
  * the _np version.
diff --git a/nsprpub/pr/include/prinet.h b/nsprpub/pr/include/prinet.h
index fc9f73918..15d229fe4 100644
--- a/nsprpub/pr/include/prinet.h
+++ b/nsprpub/pr/include/prinet.h
@@ -54,7 +54,7 @@ struct sockaddr_dl;
 #endif /* XP_UNIX */
 #include <netdb.h>
 
-#if defined(BSDI) || defined(QNX)
+#if defined(FREEBSD) || defined(BSDI) || defined(QNX)
 #include <rpc/types.h> /* the only place that defines INADDR_LOOPBACK */
 #endif
 
diff --git a/nsprpub/pr/include/prinit.h b/nsprpub/pr/include/prinit.h
index c55788923..fd935ec30 100644
--- a/nsprpub/pr/include/prinit.h
+++ b/nsprpub/pr/include/prinit.h
@@ -31,9 +31,9 @@ PR_BEGIN_EXTERN_C
 ** The format of the version string is
 **     "<major version>.<minor version>[.<patch level>] [<Beta>]"
 */
-#define PR_VERSION  "4.18"
+#define PR_VERSION  "4.16"
 #define PR_VMAJOR   4
-#define PR_VMINOR   18
+#define PR_VMINOR   16
 #define PR_VPATCH   0
 #define PR_BETA     PR_FALSE
 
diff --git a/nsprpub/pr/include/private/primpl.h b/nsprpub/pr/include/private/primpl.h
index a817c206c..dc24a2572 100644
--- a/nsprpub/pr/include/private/primpl.h
+++ b/nsprpub/pr/include/private/primpl.h
@@ -6,6 +6,14 @@
 #ifndef primpl_h___
 #define primpl_h___
 
+/*
+ * HP-UX 10.10's pthread.h (DCE threads) includes dce/cma.h, which
+ * has:
+ *     #define sigaction _sigaction_sys
+ * This macro causes chaos if signal.h gets included before pthread.h.
+ * To be safe, we include pthread.h first.
+ */
+
 #if defined(_PR_PTHREADS)
 #include <pthread.h>
 #endif
@@ -1869,7 +1877,7 @@ extern PRFileDesc *_pr_stderr;
 ** and functions with macros that expand to the native thread
 ** types and functions on each platform.
 */
-#if defined(_PR_PTHREADS)
+#if defined(_PR_PTHREADS) && !defined(_PR_DCETHREADS)
 #define _PR_ZONE_ALLOCATOR
 #endif
 
@@ -2157,18 +2165,6 @@ extern PRUint32 connectCount;
 
 #endif /* XP_BEOS */
 
-#if defined(_WIN64) && defined(WIN95)
-typedef struct _PRFileDescList {
-  PRFileDesc *fd;
-  struct _PRFileDescList *next;
-} PRFileDescList;
-
-extern PRLock *_fd_waiting_for_overlapped_done_lock;
-extern PRFileDescList *_fd_waiting_for_overlapped_done;
-extern void CheckOverlappedPendingSocketsAreDone();
-#endif
-
-
 PR_END_EXTERN_C
 
 #endif /* primpl_h___ */
diff --git a/nsprpub/pr/src/Makefile.in b/nsprpub/pr/src/Makefile.in
index 19c5a6987..48b6faed7 100644
--- a/nsprpub/pr/src/Makefile.in
+++ b/nsprpub/pr/src/Makefile.in
@@ -138,8 +138,12 @@ endif
 
 ifeq ($(OS_ARCH),HP-UX)
 ifeq ($(USE_PTHREADS), 1)
+ifeq (,$(filter-out B.10.10 B.10.20,$(OS_RELEASE)))
+OS_LIBS 	= -ldce
+else
 OS_LIBS 	= -lpthread -lrt
 endif
+endif
 ifeq ($(PTHREADS_USER), 1)
 OS_LIBS 	= -lpthread
 endif
diff --git a/nsprpub/pr/src/io/prio.c b/nsprpub/pr/src/io/prio.c
index 10ae5e098..bf9763a2c 100644
--- a/nsprpub/pr/src/io/prio.c
+++ b/nsprpub/pr/src/io/prio.c
@@ -137,82 +137,11 @@ PR_IMPLEMENT(void) PR_FreeFileDesc(PRFileDesc *fd)
     _PR_Putfd(fd);
 }
 
-#if defined(_WIN64) && defined(WIN95)
-
-PRFileDescList *_fd_waiting_for_overlapped_done = NULL;
-PRLock *_fd_waiting_for_overlapped_done_lock = NULL;
-
-void CheckOverlappedPendingSocketsAreDone()
-{
-  if (!_fd_waiting_for_overlapped_done_lock ||
-      !_fd_waiting_for_overlapped_done) {
-    return;
-  }
-
-  PR_Lock(_fd_waiting_for_overlapped_done_lock);
-
-  PRFileDescList *cur = _fd_waiting_for_overlapped_done;
-  PRFileDescList *previous = NULL;
-  while (cur) {
-    PR_ASSERT(cur->fd->secret->overlappedActive);
-    PRFileDesc *fd = cur->fd;
-    DWORD rvSent;
-    if (GetOverlappedResult((HANDLE)fd->secret->md.osfd, &fd->secret->ol, &rvSent, FALSE) == TRUE) {
-      fd->secret->overlappedActive = PR_FALSE;
-      PR_LOG(_pr_io_lm, PR_LOG_MIN,
-             ("CheckOverlappedPendingSocketsAreDone GetOverlappedResult succeeded\n"));
-    } else {
-      DWORD err = WSAGetLastError();
-      PR_LOG(_pr_io_lm, PR_LOG_MIN,
-             ("CheckOverlappedPendingSocketsAreDone GetOverlappedResult failed %d\n", err));
-      if (err != ERROR_IO_INCOMPLETE) {
-        fd->secret->overlappedActive = PR_FALSE;
-      }
-    }
-
-    if (!fd->secret->overlappedActive) {
-
-      _PR_MD_CLOSE_SOCKET(fd->secret->md.osfd);
-      fd->secret->state = _PR_FILEDESC_CLOSED;
-#ifdef _PR_HAVE_PEEK_BUFFER
-      if (fd->secret->peekBuffer) {
-        PR_ASSERT(fd->secret->peekBufSize > 0);
-        PR_DELETE(fd->secret->peekBuffer);
-        fd->secret->peekBufSize = 0;
-        fd->secret->peekBytes = 0;
-      }
-#endif
-
-      PR_FreeFileDesc(fd);
-
-      if (previous) {
-        previous->next = cur->next;
-      } else {
-        _fd_waiting_for_overlapped_done = cur->next;
-      }
-      PRFileDescList *del = cur;
-      cur = cur->next;
-      PR_Free(del);
-    } else {
-      previous = cur;
-      cur = cur->next;
-    }
-  }
-
-  PR_Unlock(_fd_waiting_for_overlapped_done_lock);
-}
-#endif
-
 /*
 ** Wait for some i/o to finish on one or more more poll descriptors.
 */
 PR_IMPLEMENT(PRInt32) PR_Poll(PRPollDesc *pds, PRIntn npds, PRIntervalTime timeout)
 {
-#if defined(_WIN64) && defined(WIN95)
-  // For each iteration check if TFO overlapped IOs are down.
-  CheckOverlappedPendingSocketsAreDone();
-#endif
-
 	return(_PR_MD_PR_POLL(pds, npds, timeout));
 }
 
diff --git a/nsprpub/pr/src/io/prsocket.c b/nsprpub/pr/src/io/prsocket.c
index 26f7a245d..a24b8e1bb 100644
--- a/nsprpub/pr/src/io/prsocket.c
+++ b/nsprpub/pr/src/io/prsocket.c
@@ -304,25 +304,7 @@ static PRStatus PR_CALLBACK SocketConnectContinue(
         if (err != 0) {
             _PR_MD_MAP_CONNECT_ERROR(err);
         } else {
-#if defined(_WIN64)
-            if (fd->secret->overlappedActive) {
-                PRInt32 rvSent;
-                if (GetOverlappedResult(osfd, &fd->secret->ol, &rvSent, FALSE) == FALSE) {
-                    err = WSAGetLastError();
-                    PR_LOG(_pr_io_lm, PR_LOG_MIN,
-                           ("SocketConnectContinue GetOverlappedResult failed %d\n", err));
-                    if (err != ERROR_IO_INCOMPLETE) {
-                        _PR_MD_MAP_CONNECT_ERROR(err);
-                        fd->secret->overlappedActive = PR_FALSE;
-                    }
-                }
-            }
-            if (err == 0) {
-                PR_SetError(PR_UNKNOWN_ERROR, 0);
-            }
-#else
             PR_SetError(PR_UNKNOWN_ERROR, 0);
-#endif
         }
         return PR_FAILURE;
     }
@@ -737,56 +719,6 @@ static PRStatus PR_CALLBACK SocketClose(PRFileDesc *fd)
 	}
 
 	if (fd->secret->state == _PR_FILEDESC_OPEN) {
-#if defined(_WIN64) && defined(WIN95)
-    /* TCP Fast Open on Windows must use ConnectEx, which uses overlapped
-     * input/output. Before closing such a socket we must cancelIO.
-     */
-    if (fd->secret->overlappedActive) {
-      PR_ASSERT(fd->secret->nonblocking);
-      if (CancelIo((HANDLE) fd->secret->md.osfd) == TRUE) {
-        PR_LOG(_pr_io_lm, PR_LOG_MIN,
-               ("SocketClose - CancelIo succeeded\n"));
-      } else {
-        DWORD err = WSAGetLastError();
-        PR_LOG(_pr_io_lm, PR_LOG_MIN,
-               ("SocketClose - CancelIo failed err=%x\n", err));
-      }
-
-      DWORD rvSent;
-      if (GetOverlappedResult((HANDLE)fd->secret->md.osfd, &fd->secret->ol, &rvSent, FALSE) == TRUE) {
-        fd->secret->overlappedActive = PR_FALSE;
-        PR_LOG(_pr_io_lm, PR_LOG_MIN,
-               ("SocketClose GetOverlappedResult succeeded\n"));
-      } else {
-        DWORD err = WSAGetLastError();
-        PR_LOG(_pr_io_lm, PR_LOG_MIN,
-               ("SocketClose GetOverlappedResult failed %d\n", err));
-        if (err != ERROR_IO_INCOMPLETE) {
-          _PR_MD_MAP_CONNECT_ERROR(err);
-          fd->secret->overlappedActive = PR_FALSE;
-        }
-      }
-    }
-
-    if (fd->secret->overlappedActive &&
-        _fd_waiting_for_overlapped_done_lock) {
-      // Put osfd into the list to be checked later.
-      PRFileDescList *forWaiting = PR_NEW(PRFileDescList);
-      if (!forWaiting) {
-        PR_SetError(PR_OUT_OF_MEMORY_ERROR, 0);
-        return PR_FAILURE;
-      }
-      forWaiting->fd = fd;
-
-      PR_Lock(_fd_waiting_for_overlapped_done_lock);
-      forWaiting->next = _fd_waiting_for_overlapped_done;
-      _fd_waiting_for_overlapped_done = forWaiting;
-      PR_Unlock(_fd_waiting_for_overlapped_done_lock);
-
-      return PR_SUCCESS;
-    }
-#endif
-
 		if (_PR_MD_CLOSE_SOCKET(fd->secret->md.osfd) < 0) {
 			return PR_FAILURE;
 		}
diff --git a/nsprpub/pr/src/md/unix/unix.c b/nsprpub/pr/src/md/unix/unix.c
index 29e24e574..662f561b6 100644
--- a/nsprpub/pr/src/md/unix/unix.c
+++ b/nsprpub/pr/src/md/unix/unix.c
@@ -2854,11 +2854,28 @@ void _PR_UnixInit(void)
 #endif
 #endif  /* !defined(_PR_PTHREADS) */
 
+    /*
+     * Under HP-UX DCE threads, sigaction() installs a per-thread
+     * handler, so we use sigvector() to install a process-wide
+     * handler.
+     */
+#if defined(HPUX) && defined(_PR_DCETHREADS)
+    {
+        struct sigvec vec;
+
+        vec.sv_handler = SIG_IGN;
+        vec.sv_mask = 0;
+        vec.sv_flags = 0;
+        rv = sigvector(SIGPIPE, &vec, NULL);
+        PR_ASSERT(0 == rv);
+    }
+#else
     sigact.sa_handler = SIG_IGN;
     sigemptyset(&sigact.sa_mask);
     sigact.sa_flags = 0;
     rv = sigaction(SIGPIPE, &sigact, 0);
     PR_ASSERT(0 == rv);
+#endif /* HPUX && _PR_DCETHREADS */
 
     _pr_rename_lock = PR_NewLock();
     PR_ASSERT(NULL != _pr_rename_lock);
diff --git a/nsprpub/pr/src/md/unix/uxproces.c b/nsprpub/pr/src/md/unix/uxproces.c
index 18f23fde8..5286b9e18 100644
--- a/nsprpub/pr/src/md/unix/uxproces.c
+++ b/nsprpub/pr/src/md/unix/uxproces.c
@@ -685,6 +685,10 @@ static void pr_SigchldHandler(int sig)
 
 static void pr_InstallSigchldHandler()
 {
+#if defined(HPUX) && defined(_PR_DCETHREADS)
+#error "HP-UX DCE threads have their own SIGCHLD handler"
+#endif
+
     struct sigaction act, oact;
     int rv;
 
diff --git a/nsprpub/pr/src/md/windows/ntthread.c b/nsprpub/pr/src/md/windows/ntthread.c
index 1fdf0e93b..fead1236d 100644
--- a/nsprpub/pr/src/md/windows/ntthread.c
+++ b/nsprpub/pr/src/md/windows/ntthread.c
@@ -27,9 +27,6 @@ PRUint32                        _nt_idleCount;
 extern __declspec(thread) PRThread *_pr_io_restarted_io;
 extern DWORD _pr_io_restartedIOIndex;
 
-typedef HRESULT (WINAPI *SETTHREADDESCRIPTION)(HANDLE, PCWSTR);
-static SETTHREADDESCRIPTION sSetThreadDescription = NULL;
-
 /* Must check the restarted_io *before* decrementing no_sched to 0 */
 #define POST_SWITCH_WORK() \
     PR_BEGIN_MACRO \
@@ -82,8 +79,6 @@ _nt_handle_restarted_io(PRThread *restarted_io)
 void
 _PR_MD_EARLY_INIT()
 {
-    HMODULE hModule;
-
     _MD_NEW_LOCK( &_nt_idleLock );
     _nt_idleCount = 0;
     PR_INIT_CLIST(&_nt_idleList);
@@ -103,15 +98,6 @@ _PR_MD_EARLY_INIT()
         _pr_intsOffIndex = TlsAlloc();
         _pr_io_restartedIOIndex = TlsAlloc();
     }
-
-    // SetThreadDescription is Windows 10 build 1607+
-    hModule = GetModuleHandleW(L"kernel32.dll");
-    if (hModule) {
-        sSetThreadDescription =
-            (SETTHREADDESCRIPTION) GetProcAddress(
-                                       hModule,
-                                       "SetThreadDescription");
-    }
 }
 
 void _PR_MD_CLEANUP_BEFORE_EXIT(void)
@@ -307,16 +293,7 @@ _PR_MD_SET_CURRENT_THREAD_NAME(const char *name)
 {
 #ifdef _MSC_VER
    THREADNAME_INFO info;
-#endif
-
-   if (sSetThreadDescription) {
-      WCHAR wideName[MAX_PATH];
-      if (MultiByteToWideChar(CP_ACP, 0, name, -1, wideName, MAX_PATH)) {
-         sSetThreadDescription(GetCurrentThread(), wideName);
-      }
-   }
 
-#ifdef _MSC_VER
    if (!IsDebuggerPresent())
       return;
 
diff --git a/nsprpub/pr/src/md/windows/w95sock.c b/nsprpub/pr/src/md/windows/w95sock.c
index c6a3ec111..0429c655a 100644
--- a/nsprpub/pr/src/md/windows/w95sock.c
+++ b/nsprpub/pr/src/md/windows/w95sock.c
@@ -382,11 +382,6 @@ PRInt32
 _PR_MD_TCPSENDTO(PRFileDesc *fd, const void *buf, PRInt32 amount, PRIntn flags,
                  const PRNetAddr *addr, PRUint32 addrlen, PRIntervalTime timeout)
 {
-    if (!_fd_waiting_for_overlapped_done_lock) {
-        PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
-        return PR_FAILURE;
-    }
-
     if (PR_CallOnce(&_pr_has_connectex_once, _pr_set_connectex) != PR_SUCCESS) {
         PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
         return PR_FAILURE;
diff --git a/nsprpub/pr/src/md/windows/w95thred.c b/nsprpub/pr/src/md/windows/w95thred.c
index a365411f5..c27d982a7 100644
--- a/nsprpub/pr/src/md/windows/w95thred.c
+++ b/nsprpub/pr/src/md/windows/w95thred.c
@@ -1,4 +1,3 @@
-
 /* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -28,32 +27,14 @@ DWORD _pr_currentCPUIndex;
 int                           _pr_intsOff = 0; 
 _PRInterruptTable             _pr_interruptTable[] = { { 0 } };
 
-typedef HRESULT (WINAPI *SETTHREADDESCRIPTION)(HANDLE, PCWSTR);
-static SETTHREADDESCRIPTION sSetThreadDescription = NULL;
-
 void
 _PR_MD_EARLY_INIT()
 {
-    HMODULE hModule;
-
 #ifndef _PR_USE_STATIC_TLS
     _pr_currentThreadIndex = TlsAlloc();
     _pr_lastThreadIndex = TlsAlloc();
     _pr_currentCPUIndex = TlsAlloc();
 #endif
-
-#if defined(_WIN64) && defined(WIN95)
-    _fd_waiting_for_overlapped_done_lock = PR_NewLock();
-#endif
-
-    // SetThreadDescription is Windows 10 build 1607+
-    hModule = GetModuleHandleW(L"kernel32.dll");
-    if (hModule) {
-        sSetThreadDescription =
-            (SETTHREADDESCRIPTION) GetProcAddress(
-                                       hModule,
-                                       "SetThreadDescription");
-    }
 }
 
 void _PR_MD_CLEANUP_BEFORE_EXIT(void)
@@ -69,29 +50,6 @@ void _PR_MD_CLEANUP_BEFORE_EXIT(void)
     TlsFree(_pr_lastThreadIndex);
     TlsFree(_pr_currentCPUIndex);
 #endif
-
-#if defined(_WIN64) && defined(WIN95)
-    // For each iteration check if TFO overlapped IOs are down.
-    if (_fd_waiting_for_overlapped_done_lock) {
-        PRIntervalTime delay = PR_MillisecondsToInterval(1000);
-        PRFileDescList *cur;
-        do {
-            CheckOverlappedPendingSocketsAreDone();
-
-            PR_Lock(_fd_waiting_for_overlapped_done_lock);
-            cur = _fd_waiting_for_overlapped_done;
-            PR_Unlock(_fd_waiting_for_overlapped_done_lock);
-#if defined(DO_NOT_WAIT_FOR_CONNECT_OVERLAPPED_OPERATIONS)
-            cur = NULL;
-#endif
-            if (cur) {
-                PR_Sleep(delay); // wait another 1s.
-            }
-        } while (cur);
-
-        PR_DestroyLock(_fd_waiting_for_overlapped_done_lock);
-    }
-#endif
 }
 
 PRStatus
@@ -232,16 +190,7 @@ _PR_MD_SET_CURRENT_THREAD_NAME(const char *name)
 {
 #ifdef _MSC_VER
    THREADNAME_INFO info;
-#endif
-
-   if (sSetThreadDescription) {
-      WCHAR wideName[MAX_PATH];
-      if (MultiByteToWideChar(CP_ACP, 0, name, -1, wideName, MAX_PATH)) {
-         sSetThreadDescription(GetCurrentThread(), wideName);
-      }
-   }
 
-#ifdef _MSC_VER
    if (!IsDebuggerPresent())
       return;
 
diff --git a/nsprpub/pr/src/md/windows/win32_errors.c b/nsprpub/pr/src/md/windows/win32_errors.c
index 275792187..d26820a7a 100644
--- a/nsprpub/pr/src/md/windows/win32_errors.c
+++ b/nsprpub/pr/src/md/windows/win32_errors.c
@@ -166,26 +166,21 @@ void _MD_win32_map_default_error(PRInt32 err)
             prError = PR_ADDRESS_IN_USE_ERROR;
             break;
         case WSAEADDRNOTAVAIL:
-        case ERROR_INVALID_NETNAME:
             prError = PR_ADDRESS_NOT_AVAILABLE_ERROR;
             break;
         case WSAEAFNOSUPPORT:
-        case ERROR_INCORRECT_ADDRESS:
             prError = PR_ADDRESS_NOT_SUPPORTED_ERROR;
             break;
         case WSAEALREADY:
-        case ERROR_ALREADY_INITIALIZED:
             prError = PR_ALREADY_INITIATED_ERROR;
             break;
         case WSAEBADF:
             prError = PR_BAD_DESCRIPTOR_ERROR;
             break;
         case WSAECONNABORTED:
-        case ERROR_CONNECTION_ABORTED:
             prError = PR_CONNECT_ABORTED_ERROR;
             break;
         case WSAECONNREFUSED:
-        case ERROR_CONNECTION_REFUSED:
             prError = PR_CONNECT_REFUSED_ERROR;
             break;
         case WSAECONNRESET:
@@ -198,7 +193,6 @@ void _MD_win32_map_default_error(PRInt32 err)
             prError = PR_ACCESS_FAULT_ERROR;
             break;
         case WSAEHOSTUNREACH:
-        case ERROR_HOST_UNREACHABLE:
             prError = PR_HOST_UNREACHABLE_ERROR;
             break;
         case WSAEINVAL:
@@ -214,14 +208,12 @@ void _MD_win32_map_default_error(PRInt32 err)
             prError = PR_BUFFER_OVERFLOW_ERROR;
             break;
         case WSAENETDOWN:
-        case ERROR_NO_NETWORK:
             prError = PR_NETWORK_DOWN_ERROR;
             break;
         case WSAENETRESET:
             prError = PR_CONNECT_ABORTED_ERROR;
             break;
         case WSAENETUNREACH:
-        case ERROR_NETWORK_UNREACHABLE:
             prError = PR_NETWORK_UNREACHABLE_ERROR;
             break;
         case WSAENOBUFS:
diff --git a/nsprpub/pr/src/misc/pratom.c b/nsprpub/pr/src/misc/pratom.c
index 65e6f3cd8..95bbee1d5 100644
--- a/nsprpub/pr/src/misc/pratom.c
+++ b/nsprpub/pr/src/misc/pratom.c
@@ -23,7 +23,7 @@
 
 #if !defined(_PR_HAVE_ATOMIC_OPS)
 
-#if defined(_PR_PTHREADS)
+#if defined(_PR_PTHREADS) && !defined(_PR_DCETHREADS)
 /*
  * PR_AtomicDecrement() is used in NSPR's thread-specific data
  * destructor.  Because thread-specific data destructors may be
@@ -190,7 +190,7 @@ _PR_MD_ATOMIC_SET(PRInt32 *val, PRInt32 newval)
     pthread_mutex_unlock(&atomic_locks[idx]);
     return rv;
 }
-#else  /* _PR_PTHREADS */
+#else  /* _PR_PTHREADS && !_PR_DCETHREADS */
 /*
  * We use a single lock for all the emulated atomic operations.
  * The lock contention should be acceptable.
@@ -259,7 +259,7 @@ _PR_MD_ATOMIC_SET(PRInt32 *val, PRInt32 newval)
     PR_Unlock(atomic_lock);
     return rv;
 }
-#endif  /* _PR_PTHREADS */
+#endif  /* _PR_PTHREADS && !_PR_DCETHREADS */
 
 #endif  /* !_PR_HAVE_ATOMIC_OPS */
 
diff --git a/nsprpub/pr/src/pthreads/ptio.c b/nsprpub/pr/src/pthreads/ptio.c
index f6aa56741..9dde03191 100644
--- a/nsprpub/pr/src/pthreads/ptio.c
+++ b/nsprpub/pr/src/pthreads/ptio.c
@@ -1895,6 +1895,19 @@ static PRInt32 pt_Send(
 	PRInt32 tmp_amount = amount;
 #endif
 
+    /*
+     * Under HP-UX DCE threads, pthread.h includes dce/cma_ux.h,
+     * which has the following:
+     *     #  define send        cma_send
+     *     extern int  cma_send (int , void *, int, int );
+     * So we need to cast away the 'const' of argument #2 for send().
+     */
+#if defined (HPUX) && defined(_PR_DCETHREADS)
+#define PT_SENDBUF_CAST (void *)
+#else
+#define PT_SENDBUF_CAST
+#endif
+
     if (pt_TestAbort()) return bytes;
 
     /*
@@ -1905,9 +1918,9 @@ static PRInt32 pt_Send(
 #if defined(SOLARIS)
     PR_ASSERT(0 == flags);
 retry:
-    bytes = write(fd->secret->md.osfd, buf, tmp_amount);
+    bytes = write(fd->secret->md.osfd, PT_SENDBUF_CAST buf, tmp_amount);
 #else
-    bytes = send(fd->secret->md.osfd, buf, amount, flags);
+    bytes = send(fd->secret->md.osfd, PT_SENDBUF_CAST buf, amount, flags);
 #endif
     syserrno = errno;
 
diff --git a/nsprpub/pr/src/pthreads/ptsynch.c b/nsprpub/pr/src/pthreads/ptsynch.c
index a93b74795..251205336 100644
--- a/nsprpub/pr/src/pthreads/ptsynch.c
+++ b/nsprpub/pr/src/pthreads/ptsynch.c
@@ -23,6 +23,11 @@ static pthread_condattr_t _pt_cvar_attr;
 
 #if defined(DEBUG)
 extern PTDebug pt_debug;  /* this is shared between several modules */
+
+#if defined(_PR_DCETHREADS)
+static pthread_t pt_zero_tid;  /* a null pthread_t (pthread_t is a struct
+                                * in DCE threads) to compare with */
+#endif  /* defined(_PR_DCETHREADS) */
 #endif  /* defined(DEBUG) */
 
 #if defined(FREEBSD)
@@ -258,7 +263,12 @@ static PRIntn pt_TimedWait(
     rv = pthread_cond_timedwait(cv, ml, &tmo);
 
     /* NSPR doesn't report timeouts */
+#ifdef _PR_DCETHREADS
+    if (rv == -1) return (errno == EAGAIN) ? 0 : errno;
+    else return rv;
+#else
     return (rv == ETIMEDOUT) ? 0 : rv;
+#endif
 }  /* pt_TimedWait */
 
 
@@ -1161,14 +1171,14 @@ PR_IMPLEMENT(PRStatus) PR_DeleteSemaphore(const char *name)
 PR_IMPLEMENT(PRStatus) PRP_TryLock(PRLock *lock)
 {
     PRIntn rv = pthread_mutex_trylock(&lock->mutex);
-    if (rv == 0)
+    if (rv == PT_TRYLOCK_SUCCESS)
     {
         PR_ASSERT(PR_FALSE == lock->locked);
         lock->locked = PR_TRUE;
         lock->owner = pthread_self();
     }
     /* XXX set error code? */
-    return (0 == rv) ? PR_SUCCESS : PR_FAILURE;
+    return (PT_TRYLOCK_SUCCESS == rv) ? PR_SUCCESS : PR_FAILURE;
 }  /* PRP_TryLock */
 
 PR_IMPLEMENT(PRCondVar*) PRP_NewNakedCondVar(void)
diff --git a/nsprpub/pr/src/pthreads/ptthread.c b/nsprpub/pr/src/pthreads/ptthread.c
index 6046d5d8d..9e12606ea 100644
--- a/nsprpub/pr/src/pthreads/ptthread.c
+++ b/nsprpub/pr/src/pthreads/ptthread.c
@@ -9,7 +9,7 @@
 ** Exports:            ptthread.h
 */
 
-#if defined(_PR_PTHREADS)
+#if defined(_PR_PTHREADS) || defined(_PR_DCETHREADS)
 
 #include "prlog.h"
 #include "primpl.h"
@@ -58,7 +58,7 @@ static struct _PT_Bookeeping
     pthread_key_t key;          /* thread private data key */
     PRBool keyCreated;          /* whether 'key' should be deleted */
     PRThread *first, *last;     /* list of threads we know about */
-#if _POSIX_THREAD_PRIORITY_SCHEDULING > 0
+#if defined(_PR_DCETHREADS) || _POSIX_THREAD_PRIORITY_SCHEDULING > 0
     PRInt32 minPrio, maxPrio;   /* range of scheduling priorities */
 #endif
 } pt_book = {0};
@@ -67,7 +67,7 @@ static void _pt_thread_death(void *arg);
 static void _pt_thread_death_internal(void *arg, PRBool callDestructors);
 static void init_pthread_gc_support(void);
 
-#if _POSIX_THREAD_PRIORITY_SCHEDULING > 0
+#if defined(_PR_DCETHREADS) || _POSIX_THREAD_PRIORITY_SCHEDULING > 0
 static PRIntn pt_PriorityMap(PRThreadPriority pri)
 {
 #ifdef NTO
@@ -148,6 +148,21 @@ static void *_pt_root(void *arg)
     }
 #endif
 
+    /*
+    ** DCE Threads can't detach during creation, so do it late.
+    ** I would like to do it only here, but that doesn't seem
+    ** to work.
+    */
+#if defined(_PR_DCETHREADS)
+    if (detached)
+    {
+        /* pthread_detach() modifies its argument, so we must pass a copy */
+        pthread_t self = id;
+        rv = pthread_detach(&self);
+        PR_ASSERT(0 == rv);
+    }
+#endif /* defined(_PR_DCETHREADS) */
+
     /* Set up the thread stack information */
     _PR_InitializeStack(thred->stack);
 
@@ -314,7 +329,7 @@ static PRThread* _PR_CreateThread(
 
     if (EPERM != pt_schedpriv)
     {
-#if _POSIX_THREAD_PRIORITY_SCHEDULING > 0
+#if !defined(_PR_DCETHREADS) && _POSIX_THREAD_PRIORITY_SCHEDULING > 0
         struct sched_param schedule;
 #endif
 
@@ -325,7 +340,10 @@ static PRThread* _PR_CreateThread(
 
         /* Use the default scheduling policy */
 
-#if _POSIX_THREAD_PRIORITY_SCHEDULING > 0
+#if defined(_PR_DCETHREADS)
+        rv = pthread_attr_setprio(&tattr, pt_PriorityMap(priority));
+        PR_ASSERT(0 == rv);
+#elif _POSIX_THREAD_PRIORITY_SCHEDULING > 0
         rv = pthread_attr_getschedparam(&tattr, &schedule);
         PR_ASSERT(0 == rv);
         schedule.sched_priority = pt_PriorityMap(priority);
@@ -335,13 +353,19 @@ static PRThread* _PR_CreateThread(
         rv = pthread_attr_setschedpolicy(&tattr, SCHED_RR); /* Round Robin */
         PR_ASSERT(0 == rv);
 #endif
-#endif /* _POSIX_THREAD_PRIORITY_SCHEDULING > 0 */
+#endif /* !defined(_PR_DCETHREADS) */
     }
 
+    /*
+     * DCE threads can't set detach state before creating the thread.
+     * AIX can't set detach late. Why can't we all just get along?
+     */
+#if !defined(_PR_DCETHREADS)
     rv = pthread_attr_setdetachstate(&tattr,
         ((PR_JOINABLE_THREAD == state) ?
             PTHREAD_CREATE_JOINABLE : PTHREAD_CREATE_DETACHED));
     PR_ASSERT(0 == rv);
+#endif /* !defined(_PR_DCETHREADS) */
 
     /*
      * If stackSize is 0, we use the default pthread stack size.
@@ -432,6 +456,7 @@ static PRThread* _PR_CreateThread(
          */
         rv = _PT_PTHREAD_CREATE(&id, tattr, _pt_root, thred);
 
+#if !defined(_PR_DCETHREADS)
         if (EPERM == rv)
         {
 #if defined(IRIX)
@@ -457,10 +482,15 @@ static PRThread* _PR_CreateThread(
 #endif	/* IRIX */
             rv = _PT_PTHREAD_CREATE(&id, tattr, _pt_root, thred);
         }
+#endif
 
         if (0 != rv)
         {
+#if defined(_PR_DCETHREADS)
+            PRIntn oserr = errno;
+#else
             PRIntn oserr = rv;
+#endif
             PR_Lock(pt_book.ml);
             if (thred->state & PT_THREAD_SYSTEM)
                 pt_book.system -= 1;
@@ -572,6 +602,10 @@ PR_IMPLEMENT(PRStatus) PR_JoinThread(PRThread *thred)
         PR_ASSERT(rv == 0 && result == NULL);
         if (0 == rv)
         {
+#ifdef _PR_DCETHREADS
+            rv = pthread_detach(&id);
+            PR_ASSERT(0 == rv);
+#endif
             /*
              * PR_FALSE, because the thread already called the TPD
              * destructors before exiting _pt_root.
@@ -659,7 +693,10 @@ PR_IMPLEMENT(void) PR_SetThreadPriority(PRThread *thred, PRThreadPriority newPri
     else if ((PRIntn)PR_PRIORITY_LAST < (PRIntn)newPri)
         newPri = PR_PRIORITY_LAST;
 
-#if _POSIX_THREAD_PRIORITY_SCHEDULING > 0
+#if defined(_PR_DCETHREADS)
+    rv = pthread_setprio(thred->id, pt_PriorityMap(newPri));
+    /* pthread_setprio returns the old priority */
+#elif _POSIX_THREAD_PRIORITY_SCHEDULING > 0
     if (EPERM != pt_schedpriv)
     {
         int policy;
@@ -890,7 +927,7 @@ void _PR_InitThreads(
     pthread_init();
 #endif
 
-#if _POSIX_THREAD_PRIORITY_SCHEDULING > 0
+#if defined(_PR_DCETHREADS) || _POSIX_THREAD_PRIORITY_SCHEDULING > 0
 #if defined(FREEBSD)
     {
     pthread_attr_t attr;
@@ -1124,7 +1161,11 @@ PR_IMPLEMENT(void) PR_ProcessExit(PRIntn status)
 
 PR_IMPLEMENT(PRUint32) PR_GetThreadID(PRThread *thred)
 {
+#if defined(_PR_DCETHREADS)
+    return (PRUint32)&thred->id;  /* this is really a sham! */
+#else
     return (PRUint32)thred->id;  /* and I don't know what they will do with it */
+#endif
 }
 
 /*
@@ -1156,6 +1197,18 @@ PR_SetThreadDumpProc(PRThread* thread, PRThreadDumpProc dump, void *arg)
  * Garbage collection support follows.
  */
 
+#if defined(_PR_DCETHREADS)
+
+/*
+ * statics for Garbage Collection support.  We don't need to protect these
+ * signal masks since the garbage collector itself is protected by a lock
+ * and multiple threads will not be garbage collecting at the same time.
+ */
+static sigset_t javagc_vtalarm_sigmask;
+static sigset_t javagc_intsoff_sigmask;
+
+#else /* defined(_PR_DCETHREADS) */
+
 /* a bogus signal mask for forcing a timed wait */
 /* Not so bogus in AIX as we really do a sigwait */
 static sigset_t sigwait_set;
@@ -1171,6 +1224,8 @@ static void suspend_signal_handler(PRIntn sig);
 static void null_signal_handler(PRIntn sig);
 #endif
 
+#endif /* defined(_PR_DCETHREADS) */
+
 /*
  * Linux pthreads use SIGUSR1 and SIGUSR2 internally, which
  * conflict with the use of these two signals in our GC support.
@@ -1181,6 +1236,12 @@ static void init_pthread_gc_support(void)
 #ifndef SYMBIAN
     PRIntn rv;
 
+#if defined(_PR_DCETHREADS)
+	rv = sigemptyset(&javagc_vtalarm_sigmask);
+    PR_ASSERT(0 == rv);
+	rv = sigaddset(&javagc_vtalarm_sigmask, SIGVTALRM);
+    PR_ASSERT(0 == rv);
+#else  /* defined(_PR_DCETHREADS) */
 	{
 	    struct sigaction sigact_usr2;
 
@@ -1208,6 +1269,7 @@ static void init_pthread_gc_support(void)
 	    PR_ASSERT(0 ==rv); 
     }
 #endif  /* defined(PT_NO_SIGTIMEDWAIT) */
+#endif /* defined(_PR_DCETHREADS) */
 #endif /* SYMBIAN */
 }
 
@@ -1238,8 +1300,10 @@ PR_IMPLEMENT(PRStatus) PR_EnumerateThreads(PREnumerator func, void *arg)
     PRThread* thred = pt_book.first;
 
 #if defined(DEBUG) || defined(FORCE_PR_ASSERT)
+#if !defined(_PR_DCETHREADS)
     PRThread *me = PR_GetCurrentThread();
 #endif
+#endif
 
     PR_LOG(_pr_gc_lm, PR_LOG_ALWAYS, ("Begin PR_EnumerateThreads\n"));
     /*
@@ -1267,7 +1331,9 @@ PR_IMPLEMENT(PRStatus) PR_EnumerateThreads(PREnumerator func, void *arg)
 
         if (_PT_IS_GCABLE_THREAD(thred))
         {
+#if !defined(_PR_DCETHREADS)
             PR_ASSERT((thred == me) || (thred->suspend & PT_THREAD_SUSPENDED));
+#endif
             PR_LOG(_pr_gc_lm, PR_LOG_ALWAYS, 
                    ("In PR_EnumerateThreads callback thread %p thid = %X\n", 
                     thred, thred->id));
@@ -1295,6 +1361,8 @@ PR_IMPLEMENT(PRStatus) PR_EnumerateThreads(PREnumerator func, void *arg)
  * proceed until the thread is suspended or resumed.
  */
 
+#if !defined(_PR_DCETHREADS)
+
 /*
  * In the signal handler, we can not use condition variable notify or wait.
  * This does not work consistently across all pthread platforms.  We also can not 
@@ -1593,6 +1661,78 @@ PR_IMPLEMENT(void *)PR_GetSP(PRThread *thred)
     return thred->sp;
 }  /* PR_GetSP */
 
+#else /* !defined(_PR_DCETHREADS) */
+
+static pthread_once_t pt_gc_support_control = pthread_once_init;
+
+/*
+ * For DCE threads, there is no pthread_kill or a way of suspending or resuming a
+ * particular thread.  We will just disable the preemption (virtual timer alarm) and
+ * let the executing thread finish the garbage collection.  This stops all other threads
+ * (GC able or not) and is very inefficient but there is no other choice.
+ */
+PR_IMPLEMENT(void) PR_SuspendAll()
+{
+    PRIntn rv;
+
+    rv = pthread_once(&pt_gc_support_control, init_pthread_gc_support);
+    PR_ASSERT(0 == rv);  /* returns -1 on failure */
+#ifdef DEBUG
+    suspendAllOn = PR_TRUE;
+#endif
+    PR_LOG(_pr_gc_lm, PR_LOG_ALWAYS, ("Begin PR_SuspendAll\n"));
+    /* 
+     * turn off preemption - i.e add virtual alarm signal to the set of 
+     * blocking signals 
+     */
+    rv = sigprocmask(
+        SIG_BLOCK, &javagc_vtalarm_sigmask, &javagc_intsoff_sigmask);
+    PR_ASSERT(0 == rv);
+    suspendAllSuspended = PR_TRUE;
+    PR_LOG(_pr_gc_lm, PR_LOG_ALWAYS, ("End PR_SuspendAll\n"));
+}  /* PR_SuspendAll */
+
+PR_IMPLEMENT(void) PR_ResumeAll()
+{
+    PRIntn rv;
+    
+    suspendAllSuspended = PR_FALSE;
+    PR_LOG(_pr_gc_lm, PR_LOG_ALWAYS, ("Begin PR_ResumeAll\n"));
+    /* turn on preemption - i.e re-enable virtual alarm signal */
+
+    rv = sigprocmask(SIG_SETMASK, &javagc_intsoff_sigmask, (sigset_t *)NULL);
+    PR_ASSERT(0 == rv);
+#ifdef DEBUG
+    suspendAllOn = PR_FALSE;
+#endif
+
+    PR_LOG(_pr_gc_lm, PR_LOG_ALWAYS, ("End PR_ResumeAll\n"));
+}  /* PR_ResumeAll */
+
+/* Return the stack pointer for the given thread- used by the GC */
+PR_IMPLEMENT(void*)PR_GetSP(PRThread *thred)
+{
+	pthread_t tid = thred->id;
+	char *thread_tcb, *top_sp;
+
+	/*
+	 * For HPUX DCE threads, pthread_t is a struct with the
+	 * following three fields (see pthread.h, dce/cma.h):
+	 *     cma_t_address       field1;
+	 *     short int           field2;
+	 *     short int           field3;
+	 * where cma_t_address is typedef'd to be either void*
+	 * or char*.
+	 */
+	PR_LOG(_pr_gc_lm, PR_LOG_ALWAYS, ("Begin PR_GetSP\n"));
+	thread_tcb = (char*)tid.field1;
+	top_sp = *(char**)(thread_tcb + 128);
+	PR_LOG(_pr_gc_lm, PR_LOG_ALWAYS, ("End PR_GetSP %p \n", top_sp));
+	return top_sp;
+}  /* PR_GetSP */
+
+#endif /* !defined(_PR_DCETHREADS) */
+
 PR_IMPLEMENT(PRStatus) PR_SetCurrentThreadName(const char *name)
 {
     PRThread *thread;
@@ -1677,6 +1817,6 @@ PR_IMPLEMENT(const char *) PR_GetThreadName(const PRThread *thread)
     return thread->name;
 }
 
-#endif  /* defined(_PR_PTHREADS) */
+#endif  /* defined(_PR_PTHREADS) || defined(_PR_DCETHREADS) */
 
 /* ptthread.c */
diff --git a/nsprpub/pr/src/threads/prrwlock.c b/nsprpub/pr/src/threads/prrwlock.c
index 1dd9e0a90..2e0f9ea4e 100644
--- a/nsprpub/pr/src/threads/prrwlock.c
+++ b/nsprpub/pr/src/threads/prrwlock.c
@@ -7,7 +7,7 @@
 
 #include <string.h>
 
-#if defined(HPUX) && defined(_PR_PTHREADS)
+#if defined(HPUX) && defined(_PR_PTHREADS) && !defined(_PR_DCETHREADS)
 
 #include <pthread.h>
 #define HAVE_UNIX98_RWLOCK
diff --git a/nsprpub/pr/tests/Makefile.in b/nsprpub/pr/tests/Makefile.in
index 79a67f09c..df1f1f2dd 100644
--- a/nsprpub/pr/tests/Makefile.in
+++ b/nsprpub/pr/tests/Makefile.in
@@ -373,6 +373,9 @@ endif
 ifeq (,$(filter-out FreeBSD OpenBSD BSD_OS QNX Darwin OpenUNIX,$(OS_ARCH)))
 LIBPTHREAD =
 endif
+ifeq ($(OS_ARCH)$(basename $(OS_RELEASE)),HP-UXB.10)
+LIBPTHREAD = -ldce
+endif
 endif
 
 ifeq ($(OS_TARGET),Android)
diff --git a/nsprpub/pr/tests/attach.c b/nsprpub/pr/tests/attach.c
index a1493b8ec..a5daf9d96 100644
--- a/nsprpub/pr/tests/attach.c
+++ b/nsprpub/pr/tests/attach.c
@@ -111,6 +111,16 @@ static int32 threadStartFunc(void *arg)
 static void * threadStartFunc(void *arg)
 #endif
 {
+#ifdef _PR_DCETHREADS
+    {
+        int rv;
+        pthread_t self = pthread_self();
+        rv = pthread_detach(&self);
+        if (debug_mode) PR_ASSERT(0 == rv);
+		else if (0 != rv) failed_already=1;
+    }
+#endif
+
     Measure(AttachDetach, "Attach/Detach");
 
 #ifndef IRIX
@@ -196,12 +206,14 @@ int main(int argc, char **argv)
 		goto exit_now;
 	}
 	
+#ifndef _PR_DCETHREADS
     rv = pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_JOINABLE);
     if (debug_mode) PR_ASSERT(0 == rv);
 	else if (0 != rv) {
 		failed_already=1;
 		goto exit_now;
 	}
+#endif  /* !_PR_DCETHREADS */
     rv = _PT_PTHREAD_CREATE(&threadID, attr, threadStartFunc, NULL);
     if (rv != 0) {
 			fprintf(stderr, "thread creation failed: error code %d\n", rv);
diff --git a/nsprpub/pr/tests/dceemu.c b/nsprpub/pr/tests/dceemu.c
index 99fd6cb7c..b06b49e3a 100644
--- a/nsprpub/pr/tests/dceemu.c
+++ b/nsprpub/pr/tests/dceemu.c
@@ -29,6 +29,8 @@
 #include <stdio.h>
 #include <stdlib.h>
 
+#if defined(_PR_DCETHREADS)
+
 PRIntn failed_already=0;
 PRIntn debug_mode=0;
 
@@ -78,13 +80,20 @@ static PRIntn prmain(PRIntn argc, char **argv)
 
 }  /* prmain */
 
+#endif /* #if defined(_PR_DCETHREADS) */
+
 int main(int argc, char **argv)
 {
+
+#if defined(_PR_DCETHREADS)
     PR_Initialize(prmain, argc, argv, 0);
     if(failed_already)    
         return 1;
     else
         return 0;
+#else
+    return 0;
+#endif
 }  /* main */
 
 
diff --git a/nsprpub/pr/tests/foreign.c b/nsprpub/pr/tests/foreign.c
index cfb2e56ef..637f419d1 100644
--- a/nsprpub/pr/tests/foreign.c
+++ b/nsprpub/pr/tests/foreign.c
@@ -52,7 +52,7 @@ static int _debug_on = 0;
 
 #define DPRINTF(arg)	if (_debug_on) PR_fprintf arg
 
-#if defined(_PR_PTHREADS)
+#if defined(_PR_PTHREADS) && !defined(_PR_DCETHREADS)
 #include <pthread.h>
 #include "md/_pth.h"
 static void *pthread_start(void *arg)
@@ -63,7 +63,7 @@ static void *pthread_start(void *arg)
     start(data);
     return NULL;
 }  /* pthread_start */
-#endif /* defined(_PR_PTHREADS) */
+#endif /* defined(_PR_PTHREADS) && !defined(_PR_DCETHREADS) */
 
 #if defined(IRIX) && !defined(_PR_PTHREADS)
 #include <sys/types.h>
@@ -109,7 +109,7 @@ static PRStatus NSPRPUB_TESTS_CreateThread(StartFn start, void *arg)
         }
         break;
     case thread_pthread:
-#if defined(_PR_PTHREADS)
+#if defined(_PR_PTHREADS) && !defined(_PR_DCETHREADS)
         {
             int rv;
             pthread_t id;
@@ -137,7 +137,7 @@ static PRStatus NSPRPUB_TESTS_CreateThread(StartFn start, void *arg)
         PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
         rv = PR_FAILURE;
         break;
-#endif /* defined(_PR_PTHREADS) */
+#endif /* defined(_PR_PTHREADS) && !defined(_PR_DCETHREADS) */
 
     case thread_sproc:
 #if defined(IRIX) && !defined(_PR_PTHREADS)
diff --git a/nsprpub/pr/tests/forktest.c b/nsprpub/pr/tests/forktest.c
index 66dc64575..a389fa479 100644
--- a/nsprpub/pr/tests/forktest.c
+++ b/nsprpub/pr/tests/forktest.c
@@ -196,6 +196,51 @@ finish:
     return;
 }
 
+#ifdef _PR_DCETHREADS
+
+#include <syscall.h>
+
+pid_t PR_UnixFork1(void)
+{
+    pid_t parent = getpid();
+    int rv = syscall(SYS_fork);
+
+    if (rv == -1) {
+        return (pid_t) -1;
+    } else {
+        /* For each process, rv is the pid of the other process */
+        if (rv == parent) {
+            /* the child */
+            return 0;
+        } else {
+            /* the parent */
+            return rv;
+        }
+    }
+}
+
+#elif defined(SOLARIS)
+
+/*
+ * It seems like that in Solaris 2.4 one must call fork1() if the
+ * the child process is going to use thread functions.  Solaris 2.5
+ * doesn't have this problem. Calling fork() also works. 
+ */
+
+pid_t PR_UnixFork1(void)
+{
+    return fork1();
+}
+
+#else
+
+pid_t PR_UnixFork1(void)
+{
+    return fork();
+}
+
+#endif  /* PR_DCETHREADS */
+
 int main(int argc, char **argv)
 {
     pid_t pid;
@@ -205,7 +250,7 @@ int main(int argc, char **argv)
 
     DoIO();
 
-    pid = fork();
+    pid = PR_UnixFork1();
 
     if (pid  == (pid_t) -1) {
         fprintf(stderr, "Fork failed: errno %d\n", errno);
diff --git a/nsprpub/pr/tests/provider.c b/nsprpub/pr/tests/provider.c
index 932241ec3..0e6569d66 100644
--- a/nsprpub/pr/tests/provider.c
+++ b/nsprpub/pr/tests/provider.c
@@ -606,7 +606,7 @@ typedef struct StartObject
     void *arg;
 } StartObject;
 
-#if defined(_PR_PTHREADS)
+#if defined(_PR_PTHREADS) && !defined(_PR_DCETHREADS)
 #include "md/_pth.h"
 #include <pthread.h>
 
@@ -619,7 +619,7 @@ static void *pthread_start(void *arg)
     start(data);
     return NULL;
 }  /* pthread_start */
-#endif /* defined(_PR_PTHREADS) */
+#endif /* defined(_PR_PTHREADS) && !defined(_PR_DCETHREADS) */
 
 #if defined(IRIX) && !defined(_PR_PTHREADS)
 #include <sys/types.h>
@@ -657,10 +657,10 @@ static PRStatus JoinThread(PRThread *thread)
         rv = PR_JoinThread(thread);
         break;
     case thread_pthread:
-#if defined(_PR_PTHREADS)
+#if defined(_PR_PTHREADS) && !defined(_PR_DCETHREADS)
         rv = PR_SUCCESS;
         break;
-#endif /* defined(_PR_PTHREADS) */
+#endif /* defined(_PR_PTHREADS) && !defined(_PR_DCETHREADS) */
     case thread_win32:
 #if defined(WIN32)
         rv = PR_SUCCESS;
@@ -690,7 +690,7 @@ static PRStatus NewThread(
         }
         break;
     case thread_pthread:
-#if defined(_PR_PTHREADS)
+#if defined(_PR_PTHREADS) && !defined(_PR_DCETHREADS)
         {
             int rv;
             pthread_t id;
@@ -717,7 +717,7 @@ static PRStatus NewThread(
 #else
         PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
         rv = PR_FAILURE;
-#endif /* defined(_PR_PTHREADS) */
+#endif /* defined(_PR_PTHREADS) && !defined(_PR_DCETHREADS) */
         break;
 
     case thread_sproc:
diff --git a/nsprpub/pr/tests/socket.c b/nsprpub/pr/tests/socket.c
index 92f019d01..5ee2b78f3 100644
--- a/nsprpub/pr/tests/socket.c
+++ b/nsprpub/pr/tests/socket.c
@@ -21,7 +21,7 @@
 #ifdef XP_UNIX
 #include <sys/mman.h>
 #endif
-#if defined(_PR_PTHREADS)
+#if defined(_PR_PTHREADS) && !defined(_PR_DCETHREADS)
 #include <pthread.h>
 #endif
 
@@ -313,7 +313,7 @@ PRThread* create_new_thread(PRThreadType type,
 PRInt32 native_thread = 0;
 
 	PR_ASSERT(state == PR_UNJOINABLE_THREAD);
-#if defined(_PR_PTHREADS) || defined(WIN32)
+#if (defined(_PR_PTHREADS) && !defined(_PR_DCETHREADS)) || defined(WIN32)
 	switch(index %  4) {
 		case 0:
 			scope = (PR_LOCAL_THREAD);
@@ -332,7 +332,7 @@ PRInt32 native_thread = 0;
 			break;
 	}
 	if (native_thread) {
-#if defined(_PR_PTHREADS)
+#if defined(_PR_PTHREADS) && !defined(_PR_DCETHREADS)
 		pthread_t tid;
 		if (!pthread_create(&tid, NULL, (void * (*)(void *)) start, arg))
 			return((PRThread *) tid);
diff --git a/nsprpub/pr/tests/testfile.c b/nsprpub/pr/tests/testfile.c
index 1191bfe94..23659876e 100644
--- a/nsprpub/pr/tests/testfile.c
+++ b/nsprpub/pr/tests/testfile.c
@@ -13,7 +13,7 @@
 #include <windows.h>
 #include <process.h>
 #endif
-#if defined(_PR_PTHREADS)
+#if defined(_PR_PTHREADS) && !defined(_PR_DCETHREADS)
 #include <pthread.h>
 #endif
 #ifdef SYMBIAN
@@ -104,7 +104,7 @@ PRInt32 native_thread = 0;
 
 	PR_ASSERT(state == PR_UNJOINABLE_THREAD);
 
-#if defined(_PR_PTHREADS) || defined(WIN32) || defined(XP_OS2)
+#if (defined(_PR_PTHREADS) && !defined(_PR_DCETHREADS)) || defined(WIN32) || defined(XP_OS2)
 
 	switch(index %  4) {
 		case 0:
@@ -124,7 +124,7 @@ PRInt32 native_thread = 0;
 			break;
 	}
 	if (native_thread) {
-#if defined(_PR_PTHREADS)
+#if defined(_PR_PTHREADS) && !defined(_PR_DCETHREADS)
 		pthread_t tid;
 		if (!pthread_create(&tid, NULL, start, arg))
 			return((PRThread *) tid);
diff --git a/nsprpub/pr/tests/thrpool_client.c b/nsprpub/pr/tests/thrpool_client.c
index 7f3df3271..a0e1e4c24 100644
--- a/nsprpub/pr/tests/thrpool_client.c
+++ b/nsprpub/pr/tests/thrpool_client.c
@@ -21,7 +21,7 @@
 #ifdef XP_UNIX
 #include <sys/mman.h>
 #endif
-#if defined(_PR_PTHREADS)
+#if defined(_PR_PTHREADS) && !defined(_PR_DCETHREADS)
 #include <pthread.h>
 #endif
 
diff --git a/nsprpub/pr/tests/thrpool_server.c b/nsprpub/pr/tests/thrpool_server.c
index ef09f23b5..9665829a1 100644
--- a/nsprpub/pr/tests/thrpool_server.c
+++ b/nsprpub/pr/tests/thrpool_server.c
@@ -21,7 +21,7 @@
 #ifdef XP_UNIX
 #include <sys/mman.h>
 #endif
-#if defined(_PR_PTHREADS)
+#if defined(_PR_PTHREADS) && !defined(_PR_DCETHREADS)
 #include <pthread.h>
 #endif
 
diff --git a/nsprpub/pr/tests/vercheck.c b/nsprpub/pr/tests/vercheck.c
index da2f7b1de..6170125de 100644
--- a/nsprpub/pr/tests/vercheck.c
+++ b/nsprpub/pr/tests/vercheck.c
@@ -39,8 +39,7 @@ static char *compatible_version[] = {
     "4.9.6",
     "4.10", "4.10.1", "4.10.2", "4.10.3", "4.10.4",
     "4.10.5", "4.10.6", "4.10.7", "4.10.8", "4.10.9",
-    "4.10.10", "4.11", "4.12", "4.13", "4.14", "4.15",
-    "4.16", "4.17",
+    "4.10.10", "4.11", "4.12", "4.13", "4.14", "4.15"
     PR_VERSION
 };
 
@@ -56,8 +55,8 @@ static char *incompatible_version[] = {
     "3.0", "3.0.1",
     "3.1", "3.1.1", "3.1.2", "3.1.3",
     "3.5", "3.5.1",
-    "4.18.1",
-    "4.19", "4.19.1",
+    "4.16.1",
+    "4.17", "4.17.1",
     "10.0", "11.1", "12.14.20"
 };
 
diff --git a/old-configure.in b/old-configure.in
index 511f40653..dabd37e6d 100644
--- a/old-configure.in
+++ b/old-configure.in
@@ -2109,7 +2109,7 @@ MOZ_ARG_WITH_BOOL(system-nss,
     _USE_SYSTEM_NSS=1 )
 
 if test -n "$_USE_SYSTEM_NSS"; then
-    AM_PATH_NSS(3.35, [MOZ_SYSTEM_NSS=1], [AC_MSG_ERROR([you don't have NSS installed or your version is too old])])
+    AM_PATH_NSS(3.28.6, [MOZ_SYSTEM_NSS=1], [AC_MSG_ERROR([you don't have NSS installed or your version is too old])])
 fi
 
 if test -n "$MOZ_SYSTEM_NSS"; then
diff --git a/security/nss/.taskcluster.yml b/security/nss/.taskcluster.yml
index 494d31a7b..9d56c9bcd 100644
--- a/security/nss/.taskcluster.yml
+++ b/security/nss/.taskcluster.yml
@@ -57,7 +57,7 @@ tasks:
         - "tc-treeherder.v2.{{project}}.{{revision}}.{{pushlog_id}}"
 
       payload:
-        image: nssdev/nss-decision:0.0.2
+        image: ttaubert/nss-decision:0.0.2
 
         env:
           TC_OWNER: {{owner}}
diff --git a/security/nss/TAG-INFO b/security/nss/TAG-INFO
new file mode 100644
index 000000000..2ff04f990
--- /dev/null
+++ b/security/nss/TAG-INFO
@@ -0,0 +1 @@
+NSS_3_32_1_RTM
diff --git a/security/nss/automation/abi-check/expected-report-libnspr4.so.txt b/security/nss/automation/abi-check/expected-report-libnspr4.so.txt
index 44f52325f..e69de29bb 100644
--- a/security/nss/automation/abi-check/expected-report-libnspr4.so.txt
+++ b/security/nss/automation/abi-check/expected-report-libnspr4.so.txt
@@ -1,8 +0,0 @@
-Functions changes summary: 1 Removed, 0 Changed, 0 Added function
-Variables changes summary: 0 Removed, 0 Changed, 0 Added variable
-
-1 Removed function:
-
-  'function void PR_EXPERIMENTAL_ONLY_IN_4_17_GetOverlappedIOHandle(void**)'    {PR_EXPERIMENTAL_ONLY_IN_4_17_GetOverlappedIOHandle}
-
-
diff --git a/security/nss/automation/abi-check/expected-report-libssl3.so.txt b/security/nss/automation/abi-check/expected-report-libssl3.so.txt
index 2a093094f..e69de29bb 100644
--- a/security/nss/automation/abi-check/expected-report-libssl3.so.txt
+++ b/security/nss/automation/abi-check/expected-report-libssl3.so.txt
@@ -1,3 +0,0 @@
-Functions changes summary: 0 Removed, 0 Changed (5 filtered out), 0 Added function
-Variables changes summary: 0 Removed, 0 Changed, 0 Added variable
-
diff --git a/security/nss/automation/abi-check/previous-nss-release b/security/nss/automation/abi-check/previous-nss-release
index a91a569f5..b8d28cde0 100644
--- a/security/nss/automation/abi-check/previous-nss-release
+++ b/security/nss/automation/abi-check/previous-nss-release
@@ -1 +1 @@
-NSS_3_34_BRANCH
+NSS_3_31_BRANCH
diff --git a/security/nss/automation/buildbot-slave/build.sh b/security/nss/automation/buildbot-slave/build.sh
index 844254dae..3fc914803 100755
--- a/security/nss/automation/buildbot-slave/build.sh
+++ b/security/nss/automation/buildbot-slave/build.sh
@@ -236,14 +236,11 @@ check_abi()
     BASE_NSPR=NSPR_$(head -1 ${HGDIR}/baseline/nss/automation/release/nspr-version.txt | cut -d . -f 1-2 | tr . _)_BRANCH
     hg clone -u "${BASE_NSPR}" "${HGDIR}/nspr" "${HGDIR}/baseline/nspr"
     if [ $? -ne 0 ]; then
-        echo "nonexisting tag ${BASE_NSPR} derived from ${BASE_NSS} automation/release/nspr-version.txt"
-        # Assume that version hasn't been released yet, fall back to trunk
-        pushd "${HGDIR}/baseline/nspr"
-        hg update default
-        popd
+        echo "invalid tag ${BASE_NSPR} derived from ${BASE_NSS} automation/release/nspr-version.txt"
+        return 1
     fi
 
-    print_log "######## building baseline NSPR/NSS ########"
+    print_log "######## building older NSPR/NSS ########"
     pushd ${HGDIR}/baseline/nss
 
     print_log "$ ${MAKE} ${NSS_BUILD_TARGET}"
@@ -256,44 +253,26 @@ check_abi()
     fi
     popd
 
-    ABI_PROBLEM_FOUND=0
     ABI_REPORT=${OUTPUTDIR}/abi-diff.txt
     rm -f ${ABI_REPORT}
     PREVDIST=${HGDIR}/baseline/dist
     NEWDIST=${HGDIR}/dist
     ALL_SOs="libfreebl3.so libfreeblpriv3.so libnspr4.so libnss3.so libnssckbi.so libnssdbm3.so libnsssysinit.so libnssutil3.so libplc4.so libplds4.so libsmime3.so libsoftokn3.so libssl3.so"
     for SO in ${ALL_SOs}; do
-        if [ ! -f ${HGDIR}/nss/automation/abi-check/expected-report-$SO.txt ]; then
-            touch ${HGDIR}/nss/automation/abi-check/expected-report-$SO.txt
+        if [ ! -f nss/automation/abi-check/expected-report-$SO.txt ]; then
+            touch nss/automation/abi-check/expected-report-$SO.txt
         fi
         abidiff --hd1 $PREVDIST/public/ --hd2 $NEWDIST/public \
             $PREVDIST/*/lib/$SO $NEWDIST/*/lib/$SO \
-            > ${HGDIR}/nss/automation/abi-check/new-report-$SO.txt
-        if [ $? -ne 0 ]; then
-            ABI_PROBLEM_FOUND=1
-            print_log "FAILED to run abidiff {$PREVDIST , $NEWDIST} for $SO, or failed writing to ${HGDIR}/nss/automation/abi-check/new-report-$SO.txt"
-        fi
-        if [ ! -f ${HGDIR}/nss/automation/abi-check/expected-report-$SO.txt ]; then
-            ABI_PROBLEM_FOUND=1
-            print_log "FAILED to access report file: ${HGDIR}/nss/automation/abi-check/expected-report-$SO.txt"
-        fi
-
-        diff -wB -u ${HGDIR}/nss/automation/abi-check/expected-report-$SO.txt \
-                ${HGDIR}/nss/automation/abi-check/new-report-$SO.txt >> ${ABI_REPORT}
-        if [ ! -f ${ABI_REPORT} ]; then
-            ABI_PROBLEM_FOUND=1
-            print_log "FAILED to compare exepcted and new report: ${HGDIR}/nss/automation/abi-check/new-report-$SO.txt"
-        fi
+            > nss/automation/abi-check/new-report-$SO.txt
+        diff -u nss/automation/abi-check/expected-report-$SO.txt \
+                nss/automation/abi-check/new-report-$SO.txt >> ${ABI_REPORT}
     done
 
     if [ -s ${ABI_REPORT} ]; then
         print_log "FAILED: there are new unexpected ABI changes"
         cat ${ABI_REPORT}
         return 1
-    elif [ $ABI_PROBLEM_FOUND -ne 0 ]; then
-        print_log "FAILED: failure executing the ABI checks"
-        cat ${ABI_REPORT}
-        return 1
     fi
 
     return 0
diff --git a/security/nss/automation/clang-format/run_clang_format.sh b/security/nss/automation/clang-format/run_clang_format.sh
index 378b00ff0..2ba5ebeb1 100644
--- a/security/nss/automation/clang-format/run_clang_format.sh
+++ b/security/nss/automation/clang-format/run_clang_format.sh
@@ -6,8 +6,6 @@ if [[ $(id -u) -eq 0 ]]; then
     exec su worker -c "$0 $*"
 fi
 
-set -e
-
 # Apply clang-format on the provided folder and verify that this doesn't change any file.
 # If any file differs after formatting, the script eventually exits with 1.
 # Any differences between formatted and unformatted files is printed to stdout to give a hint what's wrong.
@@ -23,16 +21,17 @@ blacklist=(
      "./lib/zlib" \
      "./lib/sqlite" \
      "./gtests/google_test" \
+     "./.hg" \
      "./out" \
 )
 
-top=$(cd "$(dirname $0)/../.."; pwd -P)
+top="$(dirname $0)/../.."
+cd "$top"
 
 if [ $# -gt 0 ]; then
     dirs=("$@")
 else
-    cd "$top"
-    dirs=($(find . -maxdepth 2 -mindepth 1 -type d ! -path '*/.*' -print))
+    dirs=($(find . -maxdepth 2 -mindepth 1 -type d ! -path . \( ! -regex '.*/' \)))
 fi
 
 format_folder()
@@ -47,20 +46,20 @@ format_folder()
 }
 
 for dir in "${dirs[@]}"; do
-    if format_folder "$dir"; then
+    if format_folder "$dir" ; then
         c="${dir//[^\/]}"
         echo "formatting $dir ..."
-        depth=()
+        depth=""
         if [ "${#c}" == "1" ]; then
-            depth+=(-maxdepth 1)
+            depth="-maxdepth 1"
         fi
-        find "$dir" "${depth[@]}" -type f \( -name '*.[ch]' -o -name '*.cc' \) -exec clang-format -i {} \+
+        find "$dir" $depth -type f \( -name '*.[ch]' -o -name '*.cc' \) -exec clang-format -i {} \+
     fi
 done
 
 TMPFILE=$(mktemp /tmp/$(basename $0).XXXXXX)
-trap 'rm -f $TMPFILE' exit
-if [[ -d "$top/.hg" ]]; then
+trap 'rm $TMPFILE' exit
+if (cd $(dirname $0); hg root >/dev/null 2>&1); then
     hg diff --git "$top" | tee $TMPFILE
 else
     git -C "$top" diff | tee $TMPFILE
diff --git a/security/nss/automation/clang-format/setup.sh b/security/nss/automation/clang-format/setup.sh
index beac9e905..9b2480e90 100644
--- a/security/nss/automation/clang-format/setup.sh
+++ b/security/nss/automation/clang-format/setup.sh
@@ -17,8 +17,8 @@ apt_packages+=('locales')
 apt-get install -y --no-install-recommends ${apt_packages[@]}
 
 # Download clang.
-curl -L https://releases.llvm.org/3.9.1/clang+llvm-3.9.1-x86_64-linux-gnu-ubuntu-16.04.tar.xz -o clang.tar.xz
-curl -L https://releases.llvm.org/3.9.1/clang+llvm-3.9.1-x86_64-linux-gnu-ubuntu-16.04.tar.xz.sig -o clang.tar.xz.sig
+curl -L http://releases.llvm.org/3.9.1/clang+llvm-3.9.1-x86_64-linux-gnu-ubuntu-16.04.tar.xz -o clang.tar.xz
+curl -L http://releases.llvm.org/3.9.1/clang+llvm-3.9.1-x86_64-linux-gnu-ubuntu-16.04.tar.xz.sig -o clang.tar.xz.sig
 # Verify the signature.
 gpg --keyserver pool.sks-keyservers.net --recv-keys B6C8F98282B944E3B0D5C2530FC3042E345AD05D
 gpg --verify clang.tar.xz.sig
diff --git a/security/nss/automation/release/nspr-version.txt b/security/nss/automation/release/nspr-version.txt
index 01eeb3615..98783a615 100644
--- a/security/nss/automation/release/nspr-version.txt
+++ b/security/nss/automation/release/nspr-version.txt
@@ -1,4 +1,4 @@
-4.18
+4.16
 
 # The first line of this file must contain the human readable NSPR
 # version number, which is the minimum required version of NSPR
diff --git a/security/nss/automation/taskcluster/docker-clang-3.9/setup.sh b/security/nss/automation/taskcluster/docker-clang-3.9/setup.sh
index 3076667a6..7b7d534e6 100644
--- a/security/nss/automation/taskcluster/docker-clang-3.9/setup.sh
+++ b/security/nss/automation/taskcluster/docker-clang-3.9/setup.sh
@@ -25,8 +25,8 @@ apt-get -y update
 apt-get install -y --no-install-recommends ${apt_packages[@]}
 
 # Download clang.
-curl -LO https://releases.llvm.org/3.9.1/clang+llvm-3.9.1-x86_64-linux-gnu-ubuntu-16.04.tar.xz
-curl -LO https://releases.llvm.org/3.9.1/clang+llvm-3.9.1-x86_64-linux-gnu-ubuntu-16.04.tar.xz.sig
+curl -LO http://releases.llvm.org/3.9.1/clang+llvm-3.9.1-x86_64-linux-gnu-ubuntu-16.04.tar.xz
+curl -LO http://releases.llvm.org/3.9.1/clang+llvm-3.9.1-x86_64-linux-gnu-ubuntu-16.04.tar.xz.sig
 # Verify the signature.
 gpg --keyserver pool.sks-keyservers.net --recv-keys B6C8F98282B944E3B0D5C2530FC3042E345AD05D
 gpg --verify *.tar.xz.sig
diff --git a/security/nss/automation/taskcluster/docker-decision/Dockerfile b/security/nss/automation/taskcluster/docker-decision/Dockerfile
index 473ce64ba..35777c0b7 100644
--- a/security/nss/automation/taskcluster/docker-decision/Dockerfile
+++ b/security/nss/automation/taskcluster/docker-decision/Dockerfile
@@ -12,9 +12,6 @@ RUN chmod +x /home/worker/bin/*
 ADD setup.sh /tmp/setup.sh
 RUN bash /tmp/setup.sh
 
-# Change user.
-USER worker
-
 # Env variables.
 ENV HOME /home/worker
 ENV SHELL /bin/bash
diff --git a/security/nss/automation/taskcluster/docker-decision/bin/checkout.sh b/security/nss/automation/taskcluster/docker-decision/bin/checkout.sh
index 0cdd2ac40..9167f6bda 100644
--- a/security/nss/automation/taskcluster/docker-decision/bin/checkout.sh
+++ b/security/nss/automation/taskcluster/docker-decision/bin/checkout.sh
@@ -2,6 +2,11 @@
 
 set -v -e -x
 
+if [ $(id -u) = 0 ]; then
+    # Drop privileges by re-running this script.
+    exec su worker $0
+fi
+
 # Default values for testing.
 REVISION=${NSS_HEAD_REVISION:-default}
 REPOSITORY=${NSS_HEAD_REPOSITORY:-https://hg.mozilla.org/projects/nss}
diff --git a/security/nss/automation/taskcluster/docker-gcc-4.4/Dockerfile b/security/nss/automation/taskcluster/docker-gcc-4.4/Dockerfile
deleted file mode 100644
index 3330c007f..000000000
--- a/security/nss/automation/taskcluster/docker-gcc-4.4/Dockerfile
+++ /dev/null
@@ -1,30 +0,0 @@
-FROM ubuntu:14.04
-MAINTAINER Tim Taubert <ttaubert@mozilla.com>
-
-RUN useradd -d /home/worker -s /bin/bash -m worker
-WORKDIR /home/worker
-
-# Add build and test scripts.
-ADD bin /home/worker/bin
-RUN chmod +x /home/worker/bin/*
-
-# Install dependencies.
-ADD setup.sh /tmp/setup.sh
-RUN bash /tmp/setup.sh
-
-# Change user.
-USER worker
-
-# Env variables.
-ENV HOME /home/worker
-ENV SHELL /bin/bash
-ENV USER worker
-ENV LOGNAME worker
-ENV HOSTNAME taskcluster-worker
-ENV LANG en_US.UTF-8
-ENV LC_ALL en_US.UTF-8
-ENV HOST localhost
-ENV DOMSUF localdomain
-
-# Set a default command for debugging.
-CMD ["/bin/bash", "--login"]
diff --git a/security/nss/automation/taskcluster/docker-gcc-4.4/bin/checkout.sh b/security/nss/automation/taskcluster/docker-gcc-4.4/bin/checkout.sh
deleted file mode 100644
index 9167f6bda..000000000
--- a/security/nss/automation/taskcluster/docker-gcc-4.4/bin/checkout.sh
+++ /dev/null
@@ -1,20 +0,0 @@
-#!/usr/bin/env bash
-
-set -v -e -x
-
-if [ $(id -u) = 0 ]; then
-    # Drop privileges by re-running this script.
-    exec su worker $0
-fi
-
-# Default values for testing.
-REVISION=${NSS_HEAD_REVISION:-default}
-REPOSITORY=${NSS_HEAD_REPOSITORY:-https://hg.mozilla.org/projects/nss}
-
-# Clone NSS.
-for i in 0 2 5; do
-    sleep $i
-    hg clone -r $REVISION $REPOSITORY nss && exit 0
-    rm -rf nss
-done
-exit 1
diff --git a/security/nss/automation/taskcluster/docker-gcc-4.4/setup.sh b/security/nss/automation/taskcluster/docker-gcc-4.4/setup.sh
deleted file mode 100644
index f6325d966..000000000
--- a/security/nss/automation/taskcluster/docker-gcc-4.4/setup.sh
+++ /dev/null
@@ -1,30 +0,0 @@
-#!/usr/bin/env bash
-
-set -v -e -x
-
-# Update packages.
-export DEBIAN_FRONTEND=noninteractive
-apt-get -y update && apt-get -y upgrade
-
-apt_packages=()
-apt_packages+=('ca-certificates')
-apt_packages+=('g++-4.4')
-apt_packages+=('gcc-4.4')
-apt_packages+=('locales')
-apt_packages+=('make')
-apt_packages+=('mercurial')
-apt_packages+=('zlib1g-dev')
-
-# Install packages.
-apt-get -y update
-apt-get install -y --no-install-recommends ${apt_packages[@]}
-
-locale-gen en_US.UTF-8
-dpkg-reconfigure locales
-
-# Cleanup.
-rm -rf ~/.ccache ~/.cache
-apt-get autoremove -y
-apt-get clean
-apt-get autoclean
-rm $0
diff --git a/security/nss/automation/taskcluster/docker-hacl/Dockerfile b/security/nss/automation/taskcluster/docker-hacl/Dockerfile
deleted file mode 100644
index e8a88f06c..000000000
--- a/security/nss/automation/taskcluster/docker-hacl/Dockerfile
+++ /dev/null
@@ -1,30 +0,0 @@
-FROM ubuntu:xenial
-
-MAINTAINER Franziskus Kiefer <franziskuskiefer@gmail.com>
-# Based on the HACL* image from Benjamin Beurdouche and
-# the original F* formula with Daniel Fabian
-
-# Pinned versions of HACL* (F* and KreMLin are pinned as submodules)
-ENV haclrepo https://github.com/mitls/hacl-star.git
-
-# Define versions of dependencies
-ENV opamv 4.04.2
-ENV haclversion dcd48329d535727dbde93877b124c5ec4a7a2b20
-
-# Install required packages and set versions
-ADD setup.sh /tmp/setup.sh
-RUN bash /tmp/setup.sh
-
-# Create user, add scripts.
-RUN useradd -ms /bin/bash worker
-WORKDIR /home/worker
-ADD bin /home/worker/bin
-RUN chmod +x /home/worker/bin/*
-USER worker
-
-# Build F*, HACL*, verify. Install a few more dependencies.
-ENV OPAMYES true
-ENV PATH "/home/worker/hacl-star/dependencies/z3/bin:$PATH"
-ADD setup-user.sh /tmp/setup-user.sh
-ADD license.txt /tmp/license.txt
-RUN bash /tmp/setup-user.sh
diff --git a/security/nss/automation/taskcluster/docker-hacl/bin/checkout.sh b/security/nss/automation/taskcluster/docker-hacl/bin/checkout.sh
deleted file mode 100644
index 9167f6bda..000000000
--- a/security/nss/automation/taskcluster/docker-hacl/bin/checkout.sh
+++ /dev/null
@@ -1,20 +0,0 @@
-#!/usr/bin/env bash
-
-set -v -e -x
-
-if [ $(id -u) = 0 ]; then
-    # Drop privileges by re-running this script.
-    exec su worker $0
-fi
-
-# Default values for testing.
-REVISION=${NSS_HEAD_REVISION:-default}
-REPOSITORY=${NSS_HEAD_REPOSITORY:-https://hg.mozilla.org/projects/nss}
-
-# Clone NSS.
-for i in 0 2 5; do
-    sleep $i
-    hg clone -r $REVISION $REPOSITORY nss && exit 0
-    rm -rf nss
-done
-exit 1
diff --git a/security/nss/automation/taskcluster/docker-hacl/license.txt b/security/nss/automation/taskcluster/docker-hacl/license.txt
deleted file mode 100644
index 03d25c4d3..000000000
--- a/security/nss/automation/taskcluster/docker-hacl/license.txt
+++ /dev/null
@@ -1,15 +0,0 @@
-/* Copyright 2016-2017 INRIA and Microsoft Corporation
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
diff --git a/security/nss/automation/taskcluster/docker-hacl/setup-user.sh b/security/nss/automation/taskcluster/docker-hacl/setup-user.sh
deleted file mode 100644
index b8accaf58..000000000
--- a/security/nss/automation/taskcluster/docker-hacl/setup-user.sh
+++ /dev/null
@@ -1,26 +0,0 @@
-#!/usr/bin/env bash
-
-set -v -e -x
-
-# Prepare build (OCaml packages)
-opam init
-echo ". /home/worker/.opam/opam-init/init.sh > /dev/null 2> /dev/null || true" >> .bashrc
-opam switch -v ${opamv}
-opam install ocamlfind batteries sqlite3 fileutils yojson ppx_deriving_yojson zarith pprint menhir ulex process fix wasm stdint
-
-# Get the HACL* code
-git clone ${haclrepo} hacl-star
-git -C hacl-star checkout ${haclversion}
-
-# Prepare submodules, and build, verify, test, and extract c code
-# This caches the extracted c code (pins the HACL* version). All we need to do
-# on CI now is comparing the code in this docker image with the one in NSS.
-opam config exec -- make -C hacl-star prepare -j$(nproc)
-make -C hacl-star verify-nss -j$(nproc)
-make -C hacl-star -f Makefile.build snapshots/nss -j$(nproc)
-KOPTS="-funroll-loops 5" make -C hacl-star/code/curve25519 test -j$(nproc)
-make -C hacl-star/code/salsa-family test -j$(nproc)
-make -C hacl-star/code/poly1305 test -j$(nproc)
-
-# Cleanup.
-rm -rf ~/.ccache ~/.cache
diff --git a/security/nss/automation/taskcluster/docker-hacl/setup.sh b/security/nss/automation/taskcluster/docker-hacl/setup.sh
deleted file mode 100644
index f5f8bd7d5..000000000
--- a/security/nss/automation/taskcluster/docker-hacl/setup.sh
+++ /dev/null
@@ -1,30 +0,0 @@
-#!/usr/bin/env bash
-
-set -v -e -x
-
-# Update packages.
-export DEBIAN_FRONTEND=noninteractive
-apt-get -qq update
-apt-get install --yes libssl-dev libsqlite3-dev g++-5 gcc-5 m4 make opam pkg-config python libgmp3-dev cmake curl libtool-bin autoconf wget locales
-update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-5 200
-update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-5 200
-
-# Get clang-format-3.9
-curl -LO https://releases.llvm.org/3.9.1/clang+llvm-3.9.1-x86_64-linux-gnu-ubuntu-16.04.tar.xz
-curl -LO https://releases.llvm.org/3.9.1/clang+llvm-3.9.1-x86_64-linux-gnu-ubuntu-16.04.tar.xz.sig
-# Verify the signature.
-gpg --keyserver pool.sks-keyservers.net --recv-keys B6C8F98282B944E3B0D5C2530FC3042E345AD05D
-gpg --verify *.tar.xz.sig
-# Install into /usr/local/.
-tar xJvf *.tar.xz -C /usr/local --strip-components=1
-# Cleanup.
-rm *.tar.xz*
-
-locale-gen en_US.UTF-8
-dpkg-reconfigure locales
-
-# Cleanup.
-rm -rf ~/.ccache ~/.cache
-apt-get autoremove -y
-apt-get clean
-apt-get autoclean
diff --git a/security/nss/automation/taskcluster/docker/setup.sh b/security/nss/automation/taskcluster/docker/setup.sh
index 01f9c413a..3ba4e854e 100644
--- a/security/nss/automation/taskcluster/docker/setup.sh
+++ b/security/nss/automation/taskcluster/docker/setup.sh
@@ -48,8 +48,8 @@ apt-get -y update
 apt-get install -y --no-install-recommends ${apt_packages[@]}
 
 # Download clang.
-curl -LO https://releases.llvm.org/4.0.0/clang+llvm-4.0.0-x86_64-linux-gnu-ubuntu-16.04.tar.xz
-curl -LO https://releases.llvm.org/4.0.0/clang+llvm-4.0.0-x86_64-linux-gnu-ubuntu-16.04.tar.xz.sig
+curl -LO http://releases.llvm.org/4.0.0/clang+llvm-4.0.0-x86_64-linux-gnu-ubuntu-16.04.tar.xz
+curl -LO http://releases.llvm.org/4.0.0/clang+llvm-4.0.0-x86_64-linux-gnu-ubuntu-16.04.tar.xz.sig
 # Verify the signature.
 gpg --keyserver pool.sks-keyservers.net --recv-keys B6C8F98282B944E3B0D5C2530FC3042E345AD05D
 gpg --verify *.tar.xz.sig
diff --git a/security/nss/automation/taskcluster/graph/src/context_hash.js b/security/nss/automation/taskcluster/graph/src/context_hash.js
index 0699a0590..f0a2e9a88 100644
--- a/security/nss/automation/taskcluster/graph/src/context_hash.js
+++ b/security/nss/automation/taskcluster/graph/src/context_hash.js
@@ -27,24 +27,14 @@ function collectFilesInDirectory(dir) {
   });
 }
 
-// A list of hashes for each file in the given path.
-function collectFileHashes(context_path) {
+// Compute a context hash for the given context path.
+export default function (context_path) {
   let root = path.join(__dirname, "../../../..");
   let dir = path.join(root, context_path);
   let files = collectFilesInDirectory(dir).sort();
-
-  return files.map(file => {
+  let hashes = files.map(file => {
     return sha256(file + "|" + fs.readFileSync(file, "utf-8"));
   });
-}
-
-// Compute a context hash for the given context path.
-export default function (context_path) {
-  // Regenerate all images when the image_builder changes.
-  let hashes = collectFileHashes("automation/taskcluster/image_builder");
-
-  // Regenerate images when the image itself changes.
-  hashes = hashes.concat(collectFileHashes(context_path));
 
   // Generate a new prefix every month to ensure the image stays buildable.
   let now = new Date();
diff --git a/security/nss/automation/taskcluster/graph/src/extend.js b/security/nss/automation/taskcluster/graph/src/extend.js
index 90e23ae60..d541a1a3b 100644
--- a/security/nss/automation/taskcluster/graph/src/extend.js
+++ b/security/nss/automation/taskcluster/graph/src/extend.js
@@ -15,29 +15,15 @@ const LINUX_CLANG39_IMAGE = {
   path: "automation/taskcluster/docker-clang-3.9"
 };
 
-const LINUX_GCC44_IMAGE = {
-  name: "linux-gcc-4.4",
-  path: "automation/taskcluster/docker-gcc-4.4"
-};
-
 const FUZZ_IMAGE = {
   name: "fuzz",
   path: "automation/taskcluster/docker-fuzz"
 };
 
-const HACL_GEN_IMAGE = {
-  name: "hacl",
-  path: "automation/taskcluster/docker-hacl"
-};
-
 const WINDOWS_CHECKOUT_CMD =
   "bash -c \"hg clone -r $NSS_HEAD_REVISION $NSS_HEAD_REPOSITORY nss || " +
     "(sleep 2; hg clone -r $NSS_HEAD_REVISION $NSS_HEAD_REPOSITORY nss) || " +
     "(sleep 5; hg clone -r $NSS_HEAD_REVISION $NSS_HEAD_REPOSITORY nss)\"";
-const MAC_CHECKOUT_CMD = ["bash", "-c",
-            "hg clone -r $NSS_HEAD_REVISION $NSS_HEAD_REPOSITORY nss || " +
-            "(sleep 2; hg clone -r $NSS_HEAD_REVISION $NSS_HEAD_REPOSITORY nss) || " +
-            "(sleep 5; hg clone -r $NSS_HEAD_REVISION $NSS_HEAD_REPOSITORY nss)"];
 
 /*****************************************************************************/
 
@@ -65,15 +51,6 @@ queue.filter(task => {
     if (task.platform == "aarch64") {
       return false;
     }
-
-    // No mac
-    if (task.platform == "mac") {
-      return false;
-    }
-  }
-
-  if (task.tests == "fips" && task.platform == "mac") {
-    return false;
   }
 
   // Only old make builds have -Ddisable_libpkix=0 and can run chain tests.
@@ -82,8 +59,8 @@ queue.filter(task => {
   }
 
   if (task.group == "Test") {
-    // Don't run test builds on old make platforms, and not for fips gyp.
-    if (task.collection == "make" || task.collection == "fips") {
+    // Don't run test builds on old make platforms
+    if (task.collection == "make") {
       return false;
     }
   }
@@ -101,19 +78,11 @@ queue.filter(task => {
 queue.map(task => {
   if (task.collection == "asan") {
     // CRMF and FIPS tests still leak, unfortunately.
-    if (task.tests == "crmf") {
+    if (task.tests == "crmf" || task.tests == "fips") {
       task.env.ASAN_OPTIONS = "detect_leaks=0";
     }
   }
 
-  // We don't run FIPS SSL tests
-  if (task.tests == "ssl") {
-    if (!task.env) {
-      task.env = {};
-    }
-    task.env.NSS_SSL_TESTS = "crl iopr policy";
-  }
-
   // Windows is slow.
   if (task.platform == "windows2012-64" && task.tests == "chains") {
     task.maxRunTime = 7200;
@@ -159,18 +128,6 @@ export default async function main() {
     ],
   });
 
-  await scheduleLinux("Linux 64 (opt, make)", {
-    env: {USE_64: "1", BUILD_OPT: "1"},
-    platform: "linux64",
-    image: LINUX_IMAGE,
-    collection: "make",
-    command: [
-       "/bin/bash",
-       "-c",
-       "bin/checkout.sh && nss/automation/taskcluster/scripts/build.sh"
-    ],
-  });
-
   await scheduleLinux("Linux 32 (debug, make)", {
     platform: "linux32",
     image: LINUX_IMAGE,
@@ -196,12 +153,6 @@ export default async function main() {
     features: ["allowPtrace"],
   }, "--ubsan --asan");
 
-  await scheduleLinux("Linux 64 (FIPS opt)", {
-    platform: "linux64",
-    collection: "fips",
-    image: LINUX_IMAGE,
-  }, "--enable-fips --opt");
-
   await scheduleWindows("Windows 2012 64 (debug, make)", {
     platform: "windows2012-64",
     collection: "make",
@@ -265,70 +216,6 @@ export default async function main() {
       collection: "opt",
     }, aarch64_base)
   );
-
-  await scheduleMac("Mac (opt)", {collection: "opt"}, "--opt");
-  await scheduleMac("Mac (debug)", {collection: "debug"});
-}
-
-
-async function scheduleMac(name, base, args = "") {
-  let mac_base = merge(base, {
-    env: {
-      PATH: "/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin",
-      NSS_TASKCLUSTER_MAC: "1",
-      DOMSUF: "localdomain",
-      HOST: "localhost",
-    },
-    provisioner: "localprovisioner",
-    workerType: "nss-macos-10-12",
-    platform: "mac"
-  });
-
-  // Build base definition.
-  let build_base = merge({
-    command: [
-      MAC_CHECKOUT_CMD,
-      ["bash", "-c",
-       "nss/automation/taskcluster/scripts/build_gyp.sh", args]
-    ],
-    provisioner: "localprovisioner",
-    workerType: "nss-macos-10-12",
-    platform: "mac",
-    maxRunTime: 7200,
-    artifacts: [{
-      expires: 24 * 7,
-      type: "directory",
-      path: "public"
-    }],
-    kind: "build",
-    symbol: "B"
-  }, mac_base);
-
-  // The task that builds NSPR+NSS.
-  let task_build = queue.scheduleTask(merge(build_base, {name}));
-
-  // The task that generates certificates.
-  let task_cert = queue.scheduleTask(merge(build_base, {
-    name: "Certificates",
-    command: [
-      MAC_CHECKOUT_CMD,
-      ["bash", "-c",
-       "nss/automation/taskcluster/scripts/gen_certs.sh"]
-    ],
-    parent: task_build,
-    symbol: "Certs"
-  }));
-
-  // Schedule tests.
-  scheduleTests(task_build, task_cert, merge(mac_base, {
-    command: [
-      MAC_CHECKOUT_CMD,
-      ["bash", "-c",
-       "nss/automation/taskcluster/scripts/run_tests.sh"]
-    ]
-  }));
-
-  return queue.submit();
 }
 
 /*****************************************************************************/
@@ -355,45 +242,6 @@ async function scheduleLinux(name, base, args = "") {
   // The task that builds NSPR+NSS.
   let task_build = queue.scheduleTask(merge(build_base, {name}));
 
-  // Make builds run FIPS tests, which need an extra FIPS build.
-  if (base.collection == "make") {
-    let extra_build = queue.scheduleTask(merge(build_base, {
-      env: { NSS_FORCE_FIPS: "1" },
-      group: "FIPS",
-      name: `${name} w/ NSS_FORCE_FIPS`
-    }));
-
-    // The task that generates certificates.
-    let task_cert = queue.scheduleTask(merge(build_base, {
-      name: "Certificates",
-      command: [
-        "/bin/bash",
-        "-c",
-        "bin/checkout.sh && nss/automation/taskcluster/scripts/gen_certs.sh"
-      ],
-      parent: extra_build,
-      symbol: "Certs-F",
-      group: "FIPS",
-    }));
-
-    // Schedule FIPS tests.
-    queue.scheduleTask(merge(base, {
-      parent: task_cert,
-      name: "FIPS",
-      command: [
-        "/bin/bash",
-        "-c",
-        "bin/checkout.sh && nss/automation/taskcluster/scripts/run_tests.sh"
-      ],
-      cycle: "standard",
-      kind: "test",
-      name: "FIPS tests",
-      symbol: "Tests-F",
-      tests: "fips",
-      group: "FIPS"
-    }));
-  }
-
   // The task that generates certificates.
   let task_cert = queue.scheduleTask(merge(build_base, {
     name: "Certificates",
@@ -427,26 +275,6 @@ async function scheduleLinux(name, base, args = "") {
   }));
 
   queue.scheduleTask(merge(extra_base, {
-    name: `${name} w/ gcc-4.4`,
-    image: LINUX_GCC44_IMAGE,
-    env: {
-      USE_64: "1",
-      CC: "gcc-4.4",
-      CCC: "g++-4.4",
-      // gcc-4.6 introduced nullptr.
-      NSS_DISABLE_GTESTS: "1",
-    },
-    // Use the old Makefile-based build system, GYP doesn't have a proper GCC
-    // version check for __int128 support. It's mainly meant to cover RHEL6.
-    command: [
-      "/bin/bash",
-      "-c",
-      "bin/checkout.sh && nss/automation/taskcluster/scripts/build.sh",
-    ],
-    symbol: "gcc-4.4"
-  }));
-
-  queue.scheduleTask(merge(extra_base, {
     name: `${name} w/ gcc-4.8`,
     env: {
       CC: "gcc-4.8",
@@ -575,13 +403,12 @@ async function scheduleFuzzing() {
 
   // Schedule MPI fuzzing runs.
   let mpi_base = merge(run_base, {group: "MPI"});
-  let mpi_names = ["add", "addmod", "div", "mod", "mulmod", "sqr",
+  let mpi_names = ["add", "addmod", "div", "expmod", "mod", "mulmod", "sqr",
                    "sqrmod", "sub", "submod"];
   for (let name of mpi_names) {
     scheduleFuzzingRun(mpi_base, `MPI (${name})`, `mpi-${name}`, 4096, name);
   }
   scheduleFuzzingRun(mpi_base, `MPI (invmod)`, `mpi-invmod`, 256, "invmod");
-  scheduleFuzzingRun(mpi_base, `MPI (expmod)`, `mpi-expmod`, 2048, "expmod");
 
   // Schedule TLS fuzzing runs (non-fuzzing mode).
   let tls_base = merge(run_base, {group: "TLS"});
@@ -798,43 +625,6 @@ async function scheduleWindows(name, base, build_script) {
     symbol: "B"
   });
 
-  // Make builds run FIPS tests, which need an extra FIPS build.
-  if (base.collection == "make") {
-    let extra_build = queue.scheduleTask(merge(build_base, {
-      env: { NSS_FORCE_FIPS: "1" },
-      group: "FIPS",
-      name: `${name} w/ NSS_FORCE_FIPS`
-    }));
-
-    // The task that generates certificates.
-    let task_cert = queue.scheduleTask(merge(build_base, {
-      name: "Certificates",
-      command: [
-        WINDOWS_CHECKOUT_CMD,
-        "bash -c nss/automation/taskcluster/windows/gen_certs.sh"
-      ],
-      parent: extra_build,
-      symbol: "Certs-F",
-      group: "FIPS",
-    }));
-
-    // Schedule FIPS tests.
-    queue.scheduleTask(merge(base, {
-      parent: task_cert,
-      name: "FIPS",
-      command: [
-        WINDOWS_CHECKOUT_CMD,
-        "bash -c nss/automation/taskcluster/windows/run_tests.sh"
-      ],
-      cycle: "standard",
-      kind: "test",
-      name: "FIPS tests",
-      symbol: "Tests-F",
-      tests: "fips",
-      group: "FIPS"
-    }));
-  }
-
   // The task that builds NSPR+NSS.
   let task_build = queue.scheduleTask(merge(build_base, {name}));
 
@@ -913,6 +703,9 @@ function scheduleTests(task_build, task_cert, test_base) {
     name: "DB tests", symbol: "DB", tests: "dbtests"
   }));
   queue.scheduleTask(merge(cert_base, {
+    name: "FIPS tests", symbol: "FIPS", tests: "fips"
+  }));
+  queue.scheduleTask(merge(cert_base, {
     name: "Merge tests", symbol: "Merge", tests: "merge"
   }));
   queue.scheduleTask(merge(cert_base, {
@@ -980,16 +773,5 @@ async function scheduleTools() {
     ]
   }));
 
-  queue.scheduleTask(merge(base, {
-    symbol: "hacl",
-    name: "hacl",
-    image: HACL_GEN_IMAGE,
-    command: [
-      "/bin/bash",
-      "-c",
-      "bin/checkout.sh && nss/automation/taskcluster/scripts/run_hacl.sh"
-    ]
-  }));
-
   return queue.submit();
 }
diff --git a/security/nss/automation/taskcluster/graph/src/image_builder.js b/security/nss/automation/taskcluster/graph/src/image_builder.js
index b89b6980c..bc90e0242 100644
--- a/security/nss/automation/taskcluster/graph/src/image_builder.js
+++ b/security/nss/automation/taskcluster/graph/src/image_builder.js
@@ -31,11 +31,13 @@ export async function buildTask({name, path}) {
 
   return {
     name: "Image Builder",
-    image: "nssdev/image_builder:0.1.5",
+    image: "taskcluster/image_builder:0.1.5",
     routes: ["index." + ns],
     env: {
-      NSS_HEAD_REPOSITORY: process.env.NSS_HEAD_REPOSITORY,
-      NSS_HEAD_REVISION: process.env.NSS_HEAD_REVISION,
+      HEAD_REPOSITORY: process.env.NSS_HEAD_REPOSITORY,
+      BASE_REPOSITORY: process.env.NSS_HEAD_REPOSITORY,
+      HEAD_REV: process.env.NSS_HEAD_REVISION,
+      HEAD_REF: process.env.NSS_HEAD_REVISION,
       PROJECT: process.env.TC_PROJECT,
       CONTEXT_PATH: path,
       HASH: hash
@@ -50,11 +52,10 @@ export async function buildTask({name, path}) {
     command: [
       "/bin/bash",
       "-c",
-      "bin/checkout.sh && nss/automation/taskcluster/scripts/build_image.sh"
+      "/home/worker/bin/build_image.sh"
     ],
     platform: "nss-decision",
     features: ["dind"],
-    maxRunTime: 7200,
     kind: "build",
     symbol: "I"
   };
diff --git a/security/nss/automation/taskcluster/graph/src/try_syntax.js b/security/nss/automation/taskcluster/graph/src/try_syntax.js
index 1f4e12eee..7748e068a 100644
--- a/security/nss/automation/taskcluster/graph/src/try_syntax.js
+++ b/security/nss/automation/taskcluster/graph/src/try_syntax.js
@@ -22,10 +22,10 @@ function parseOptions(opts) {
   }
 
   // Parse platforms.
-  let allPlatforms = ["linux", "linux64", "linux64-asan", "linux64-fips",
+  let allPlatforms = ["linux", "linux64", "linux64-asan",
                       "win", "win64", "win-make", "win64-make",
                       "linux64-make", "linux-make", "linux-fuzz",
-                      "linux64-fuzz", "aarch64", "mac"];
+                      "linux64-fuzz", "aarch64"];
   let platforms = intersect(opts.platform.split(/\s*,\s*/), allPlatforms);
 
   // If the given value is nonsense or "none" default to all platforms.
@@ -51,7 +51,7 @@ function parseOptions(opts) {
   }
 
   // Parse tools.
-  let allTools = ["clang-format", "scan-build", "hacl"];
+  let allTools = ["clang-format", "scan-build"];
   let tools = intersect(opts.tools.split(/\s*,\s*/), allTools);
 
   // If the given value is "all" run all tools.
@@ -111,7 +111,6 @@ function filter(opts) {
         "linux": "linux32",
         "linux-fuzz": "linux32",
         "linux64-asan": "linux64",
-        "linux64-fips": "linux64",
         "linux64-fuzz": "linux64",
         "linux64-make": "linux64",
         "linux-make": "linux32",
@@ -127,8 +126,6 @@ function filter(opts) {
       // Additional checks.
       if (platform == "linux64-asan") {
         keep &= coll("asan");
-      } else if (platform == "linux64-fips") {
-        keep &= coll("fips");
       } else if (platform == "linux64-make" || platform == "linux-make" ||
                  platform == "win64-make" || platform == "win-make") {
         keep &= coll("make");
diff --git a/security/nss/automation/taskcluster/image_builder/Dockerfile b/security/nss/automation/taskcluster/image_builder/Dockerfile
deleted file mode 100644
index f8b4edcc5..000000000
--- a/security/nss/automation/taskcluster/image_builder/Dockerfile
+++ /dev/null
@@ -1,23 +0,0 @@
-FROM ubuntu:16.04
-MAINTAINER Tim Taubert <ttaubert@mozilla.com>
-
-WORKDIR /home/worker
-
-ENV DEBIAN_FRONTEND noninteractive
-
-RUN apt-get update && apt-get install -y apt-transport-https apt-utils
-RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9 && \
-    sh -c "echo deb https://get.docker.io/ubuntu docker main \
-    > /etc/apt/sources.list.d/docker.list"
-RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 41BD8711B1F0EC2B0D85B91CF59CE3A8323293EE && \
-    sh -c "echo deb http://ppa.launchpad.net/mercurial-ppa/releases/ubuntu xenial main \
-    > /etc/apt/sources.list.d/mercurial.list"
-RUN apt-get update && apt-get install -y \
-    lxc-docker-1.6.1 \
-    mercurial
-
-ADD bin /home/worker/bin
-RUN chmod +x /home/worker/bin/*
-
-# Set a default command useful for debugging
-CMD ["/bin/bash", "--login"]
diff --git a/security/nss/automation/taskcluster/image_builder/VERSION b/security/nss/automation/taskcluster/image_builder/VERSION
deleted file mode 100644
index 9faa1b7a7..000000000
--- a/security/nss/automation/taskcluster/image_builder/VERSION
+++ /dev/null
@@ -1 +0,0 @@
-0.1.5
diff --git a/security/nss/automation/taskcluster/image_builder/bin/checkout.sh b/security/nss/automation/taskcluster/image_builder/bin/checkout.sh
deleted file mode 100644
index 0cdd2ac40..000000000
--- a/security/nss/automation/taskcluster/image_builder/bin/checkout.sh
+++ /dev/null
@@ -1,15 +0,0 @@
-#!/usr/bin/env bash
-
-set -v -e -x
-
-# Default values for testing.
-REVISION=${NSS_HEAD_REVISION:-default}
-REPOSITORY=${NSS_HEAD_REPOSITORY:-https://hg.mozilla.org/projects/nss}
-
-# Clone NSS.
-for i in 0 2 5; do
-    sleep $i
-    hg clone -r $REVISION $REPOSITORY nss && exit 0
-    rm -rf nss
-done
-exit 1
diff --git a/security/nss/automation/taskcluster/scripts/build_gyp.sh b/security/nss/automation/taskcluster/scripts/build_gyp.sh
index fb3a33a52..7190bd5c4 100755
--- a/security/nss/automation/taskcluster/scripts/build_gyp.sh
+++ b/security/nss/automation/taskcluster/scripts/build_gyp.sh
@@ -9,10 +9,5 @@ hg_clone https://hg.mozilla.org/projects/nspr ./nspr default
 nss/build.sh -g -v "$@"
 
 # Package.
-if [[ $(uname) = "Darwin" ]]; then
-  mkdir -p public
-  tar cvfjh public/dist.tar.bz2 dist
-else
-  mkdir artifacts
-  tar cvfjh artifacts/dist.tar.bz2 dist
-fi
+mkdir artifacts
+tar cvfjh artifacts/dist.tar.bz2 dist
diff --git a/security/nss/automation/taskcluster/scripts/build_image.sh b/security/nss/automation/taskcluster/scripts/build_image.sh
deleted file mode 100644
index b422214e7..000000000
--- a/security/nss/automation/taskcluster/scripts/build_image.sh
+++ /dev/null
@@ -1,24 +0,0 @@
-#!/bin/bash -vex
-
-set -x -e -v
-
-# Prefix errors with taskcluster error prefix so that they are parsed by Treeherder
-raise_error() {
-   echo
-   echo "[taskcluster-image-build:error] $1"
-   exit 1
-}
-
-# Ensure that the PROJECT is specified so the image can be indexed
-test -n "$PROJECT" || raise_error "Project must be provided."
-test -n "$HASH" || raise_error "Context Hash must be provided."
-
-CONTEXT_PATH=/home/worker/nss/$CONTEXT_PATH
-
-test -d $CONTEXT_PATH || raise_error "Context Path $CONTEXT_PATH does not exist."
-test -f "$CONTEXT_PATH/Dockerfile" || raise_error "Dockerfile must be present in $CONTEXT_PATH."
-
-docker build -t $PROJECT:$HASH $CONTEXT_PATH
-
-mkdir /artifacts
-docker save $PROJECT:$HASH > /artifacts/image.tar
diff --git a/security/nss/automation/taskcluster/scripts/gen_certs.sh b/security/nss/automation/taskcluster/scripts/gen_certs.sh
index c03db7e9c..b8d4f60ba 100755
--- a/security/nss/automation/taskcluster/scripts/gen_certs.sh
+++ b/security/nss/automation/taskcluster/scripts/gen_certs.sh
@@ -12,10 +12,5 @@ NSS_TESTS=cert NSS_CYCLES="standard pkix sharedb" $(dirname $0)/run_tests.sh
 echo 1 > tests_results/security/localhost
 
 # Package.
-if [[ $(uname) = "Darwin" ]]; then
-  mkdir -p public
-  tar cvfjh public/dist.tar.bz2 dist tests_results
-else
-  mkdir artifacts
-  tar cvfjh artifacts/dist.tar.bz2 dist tests_results
-fi
+mkdir artifacts
+tar cvfjh artifacts/dist.tar.bz2 dist tests_results
diff --git a/security/nss/automation/taskcluster/scripts/run_hacl.sh b/security/nss/automation/taskcluster/scripts/run_hacl.sh
deleted file mode 100644
index 281075eef..000000000
--- a/security/nss/automation/taskcluster/scripts/run_hacl.sh
+++ /dev/null
@@ -1,40 +0,0 @@
-#!/usr/bin/env bash
-
-if [[ $(id -u) -eq 0 ]]; then
-    # Drop privileges by re-running this script.
-    # Note: this mangles arguments, better to avoid running scripts as root.
-    exec su worker -c "$0 $*"
-fi
-
-set -e -x -v
-
-# The docker image this is running in has the HACL* and NSS sources.
-# The extracted C code from HACL* is already generated and the HACL* tests were
-# successfully executed.
-
-# Verify Poly1305 (doesn't work in docker image build)
-make verify -C ~/hacl-star/code/poly1305 -j$(nproc)
-
-# Add license header to specs
-spec_files=($(find ~/hacl-star/specs -type f -name '*.fst'))
-for f in "${spec_files[@]}"; do
-    cat /tmp/license.txt "$f" > /tmp/tmpfile && mv /tmp/tmpfile "$f"
-done
-
-# Format the extracted C code.
-cd ~/hacl-star/snapshots/nss
-cp ~/nss/.clang-format .
-find . -type f -name '*.[ch]' -exec clang-format -i {} \+
-
-# These diff commands will return 1 if there are differences and stop the script.
-files=($(find ~/nss/lib/freebl/verified/ -type f -name '*.[ch]'))
-for f in "${files[@]}"; do
-    diff $f $(basename "$f")
-done
-
-# Check that the specs didn't change either.
-cd ~/hacl-star/specs
-files=($(find ~/nss/lib/freebl/verified/specs -type f))
-for f in "${files[@]}"; do
-    diff $f $(basename "$f")
-done
diff --git a/security/nss/automation/taskcluster/scripts/split.sh b/security/nss/automation/taskcluster/scripts/split.sh
index fded64e1b..4d18385ec 100644
--- a/security/nss/automation/taskcluster/scripts/split.sh
+++ b/security/nss/automation/taskcluster/scripts/split.sh
@@ -23,10 +23,16 @@ split_util() {
   # Copy everything.
   cp -R $nssdir $dstdir
 
+  # Skip gtests when building.
+  sed '/^DIRS = /s/ cpputil gtests$//' $nssdir/manifest.mn > $dstdir/manifest.mn-t && mv $dstdir/manifest.mn-t $dstdir/manifest.mn
+
   # Remove subdirectories that we don't want.
   rm -rf $dstdir/cmd
+  rm -rf $dstdir/tests
   rm -rf $dstdir/lib
   rm -rf $dstdir/automation
+  rm -rf $dstdir/gtests
+  rm -rf $dstdir/cpputil
   rm -rf $dstdir/doc
 
   # Start with an empty cmd lib directories to be filled selectively.
diff --git a/security/nss/automation/taskcluster/windows/releng.manifest b/security/nss/automation/taskcluster/windows/releng.manifest
index d571c544d..68d2c1d9e 100644
--- a/security/nss/automation/taskcluster/windows/releng.manifest
+++ b/security/nss/automation/taskcluster/windows/releng.manifest
@@ -1,10 +1,10 @@
 [
   {
-    "version": "Visual Studio 2017 15.4.2 / SDK 10.0.15063.0",
-    "size": 303146863,
-    "digest": "18700889e6b5e81613b9cf57ce4e0d46a6ee45bb4c5c33bae2604a5275326128775b8a032a1eb178c5db973746d565340c4e36d98375789e1d5bd836ab16ba58",
+    "version": "Visual Studio 2015 Update 3 14.0.25425.01 / SDK 10.0.14393.0",
+    "size": 326656969,
+    "digest": "babc414ffc0457d27f5a1ed24a8e4873afbe2f1c1a4075469a27c005e1babc3b2a788f643f825efedff95b79686664c67ec4340ed535487168a3482e68559bc7",
     "algorithm": "sha512",
-    "filename": "vs2017_15.4.2.zip",
+    "filename": "vs2015u3.zip",
     "unpack": true
   },
   {
diff --git a/security/nss/automation/taskcluster/windows/setup.sh b/security/nss/automation/taskcluster/windows/setup.sh
index 36a040ba1..7def50db4 100644
--- a/security/nss/automation/taskcluster/windows/setup.sh
+++ b/security/nss/automation/taskcluster/windows/setup.sh
@@ -2,12 +2,12 @@
 
 set -v -e -x
 
-export VSPATH="$(pwd)/vs2017_15.4.2"
+export VSPATH="$(pwd)/vs2015u3"
 export NINJA_PATH="$(pwd)/ninja/bin"
 
 export WINDOWSSDKDIR="${VSPATH}/SDK"
 export VS90COMNTOOLS="${VSPATH}/VC"
-export INCLUDE="${VSPATH}/VC/include:${VSPATH}/SDK/Include/10.0.15063.0/ucrt:${VSPATH}/SDK/Include/10.0.15063.0/shared:${VSPATH}/SDK/Include/10.0.15063.0/um"
+export INCLUDE="${VSPATH}/VC/include:${VSPATH}/SDK/Include/10.0.14393.0/ucrt:${VSPATH}/SDK/Include/10.0.14393.0/shared:${VSPATH}/SDK/Include/10.0.14393.0/um"
 
 # Usage: hg_clone repo dir [revision=@]
 hg_clone() {
@@ -23,4 +23,4 @@ hg_clone() {
 }
 
 hg_clone https://hg.mozilla.org/build/tools tools default
-tools/scripts/tooltool/tooltool_wrapper.sh $(dirname $0)/releng.manifest https://tooltool.mozilla-releng.net/ non-existant-file.sh /c/mozilla-build/python/python.exe /c/builds/tooltool.py --authentication-file /c/builds/relengapi.tok -c /c/builds/tooltool_cache
+tools/scripts/tooltool/tooltool_wrapper.sh $(dirname $0)/releng.manifest https://api.pub.build.mozilla.org/tooltool/ non-existant-file.sh /c/mozilla-build/python/python.exe /c/builds/tooltool.py --authentication-file /c/builds/relengapi.tok -c /c/builds/tooltool_cache
diff --git a/security/nss/automation/taskcluster/windows/setup32.sh b/security/nss/automation/taskcluster/windows/setup32.sh
index 19bed284d..bcddabfa3 100644
--- a/security/nss/automation/taskcluster/windows/setup32.sh
+++ b/security/nss/automation/taskcluster/windows/setup32.sh
@@ -4,7 +4,7 @@ set -v -e -x
 
 source $(dirname $0)/setup.sh
 
-export WIN32_REDIST_DIR="${VSPATH}/VC/redist/x86/Microsoft.VC141.CRT"
+export WIN32_REDIST_DIR="${VSPATH}/VC/redist/x86/Microsoft.VC140.CRT"
 export WIN_UCRT_REDIST_DIR="${VSPATH}/SDK/Redist/ucrt/DLLs/x86"
-export PATH="${NINJA_PATH}:${VSPATH}/VC/bin/Hostx64/x86:${VSPATH}/VC/bin/Hostx64/x64:${VSPATH}/VC/Hostx86/x86:${VSPATH}/SDK/bin/10.0.15063.0/x64:${VSPATH}/VC/redist/x86/Microsoft.VC141.CRT:${VSPATH}/SDK/Redist/ucrt/DLLs/x86:${PATH}"
-export LIB="${VSPATH}/VC/lib/x86:${VSPATH}/SDK/lib/10.0.15063.0/ucrt/x86:${VSPATH}/SDK/lib/10.0.15063.0/um/x86"
+export PATH="${NINJA_PATH}:${VSPATH}/VC/bin/amd64_x86:${VSPATH}/VC/bin/amd64:${VSPATH}/VC/bin:${VSPATH}/SDK/bin/x86:${VSPATH}/SDK/bin/x64:${VSPATH}/VC/redist/x86/Microsoft.VC140.CRT:${VSPATH}/VC/redist/x64/Microsoft.VC140.CRT:${VSPATH}/SDK/Redist/ucrt/DLLs/x86:${VSPATH}/SDK/Redist/ucrt/DLLs/x64:${PATH}"
+export LIB="${VSPATH}/VC/lib:${VSPATH}/SDK/lib/10.0.14393.0/ucrt/x86:${VSPATH}/SDK/lib/10.0.14393.0/um/x86"
diff --git a/security/nss/automation/taskcluster/windows/setup64.sh b/security/nss/automation/taskcluster/windows/setup64.sh
index d16cb0ec9..f308298c1 100644
--- a/security/nss/automation/taskcluster/windows/setup64.sh
+++ b/security/nss/automation/taskcluster/windows/setup64.sh
@@ -4,7 +4,7 @@ set -v -e -x
 
 source $(dirname $0)/setup.sh
 
-export WIN32_REDIST_DIR="${VSPATH}/VC/redist/x64/Microsoft.VC141.CRT"
+export WIN32_REDIST_DIR="${VSPATH}/VC/redist/x64/Microsoft.VC140.CRT"
 export WIN_UCRT_REDIST_DIR="${VSPATH}/SDK/Redist/ucrt/DLLs/x64"
-export PATH="${NINJA_PATH}:${VSPATH}/VC/bin/Hostx64/x64:${VSPATH}/VC/bin/Hostx86/x86:${VSPATH}/SDK/bin/10.0.15063.0/x64:${VSPATH}/VC/redist/x64/Microsoft.VC141.CRT:${VSPATH}/SDK/Redist/ucrt/DLLs/x64:${PATH}"
-export LIB="${VSPATH}/VC/lib/x64:${VSPATH}/SDK/lib/10.0.15063.0/ucrt/x64:${VSPATH}/SDK/lib/10.0.15063.0/um/x64"
+export PATH="${NINJA_PATH}:${VSPATH}/VC/bin/amd64:${VSPATH}/VC/bin:${VSPATH}/SDK/bin/x64:${VSPATH}/VC/redist/x64/Microsoft.VC140.CRT:${VSPATH}/SDK/Redist/ucrt/DLLs/x64:${PATH}"
+export LIB="${VSPATH}/VC/lib/amd64:${VSPATH}/SDK/lib/10.0.14393.0/ucrt/x64:${VSPATH}/SDK/lib/10.0.14393.0/um/x64"
diff --git a/security/nss/build.sh b/security/nss/build.sh
index 2db8256d8..2b377dec5 100755
--- a/security/nss/build.sh
+++ b/security/nss/build.sh
@@ -68,14 +68,11 @@ fi
 while [ $# -gt 0 ]; do
     case $1 in
         -c) clean=1 ;;
-        -cc) clean_only=1 ;;
         --gyp|-g) rebuild_gyp=1 ;;
         --nspr) nspr_clean; rebuild_nspr=1 ;;
         -j) ninja_params+=(-j "$2"); shift ;;
         -v) ninja_params+=(-v); verbose=1 ;;
         --test) gyp_params+=(-Dtest_build=1) ;;
-        --clang) export CC=clang; export CCC=clang++; export CXX=clang++ ;;
-        --gcc) export CC=gcc; export CCC=g++; export CXX=g++ ;;
         --fuzz) fuzz=1 ;;
         --fuzz=oss) fuzz=1; fuzz_oss=1 ;;
         --fuzz=tls) fuzz=1; fuzz_tls=1 ;;
@@ -97,7 +94,6 @@ while [ $# -gt 0 ]; do
         --with-nspr=?*) set_nspr_path "${1#*=}"; no_local_nspr=1 ;;
         --system-nspr) set_nspr_path "/usr/include/nspr/:"; no_local_nspr=1 ;;
         --enable-libpkix) gyp_params+=(-Ddisable_libpkix=0) ;;
-        --enable-fips) gyp_params+=(-Ddisable_fips=0) ;;
         *) show_help; exit 2 ;;
     esac
     shift
@@ -125,15 +121,10 @@ dist_dir=$(mkdir -p "$dist_dir"; cd "$dist_dir"; pwd -P)
 gyp_params+=(-Dnss_dist_dir="$dist_dir")
 
 # -c = clean first
-if [ "$clean" = 1 -o "$clean_only" = 1 ]; then
+if [ "$clean" = 1 ]; then
     nspr_clean
     rm -rf "$cwd"/out
     rm -rf "$dist_dir"
-    # -cc = only clean, don't build
-    if [ "$clean_only" = 1 ]; then
-        echo "Cleaned"
-        exit 0
-    fi
 fi
 
 # This saves a canonical representation of arguments that we are passing to gyp
diff --git a/security/nss/cmd/bltest/blapitest.c b/security/nss/cmd/bltest/blapitest.c
index ca3d6f314..a3a162da1 100644
--- a/security/nss/cmd/bltest/blapitest.c
+++ b/security/nss/cmd/bltest/blapitest.c
@@ -20,14 +20,16 @@
 #include "secport.h"
 #include "secoid.h"
 #include "nssutil.h"
-#include "ecl-curve.h"
 
 #include "pkcs1_vectors.h"
 
+#ifndef NSS_DISABLE_ECC
+#include "ecl-curve.h"
 SECStatus EC_DecodeParams(const SECItem *encodedParams,
                           ECParams **ecparams);
 SECStatus EC_CopyParams(PLArenaPool *arena, ECParams *dstParams,
                         const ECParams *srcParams);
+#endif
 
 char *progName;
 char *testdir = NULL;
@@ -133,14 +135,18 @@ Usage()
     PRINTUSAGE(progName, "-S -m mode", "Sign a buffer");
     PRINTUSAGE("", "", "[-i plaintext] [-o signature] [-k key]");
     PRINTUSAGE("", "", "[-b bufsize]");
+#ifndef NSS_DISABLE_ECC
     PRINTUSAGE("", "", "[-n curvename]");
+#endif
     PRINTUSAGE("", "", "[-p repetitions | -5 time_interval] [-4 th_num]");
     PRINTUSAGE("", "-m", "cipher mode to use");
     PRINTUSAGE("", "-i", "file which contains input buffer");
     PRINTUSAGE("", "-o", "file for signature");
     PRINTUSAGE("", "-k", "file which contains key");
+#ifndef NSS_DISABLE_ECC
     PRINTUSAGE("", "-n", "name of curve for EC key generation; one of:");
     PRINTUSAGE("", "", "  nistp256, nistp384, nistp521");
+#endif
     PRINTUSAGE("", "-p", "do performance test");
     PRINTUSAGE("", "-4", "run test in multithread mode. th_num number of parallel threads");
     PRINTUSAGE("", "-5", "run test for specified time interval(in seconds)");
@@ -363,6 +369,7 @@ dsakey_from_filedata(PLArenaPool *arena, SECItem *filedata)
     return key;
 }
 
+#ifndef NSS_DISABLE_ECC
 static ECPrivateKey *
 eckey_from_filedata(PLArenaPool *arena, SECItem *filedata)
 {
@@ -512,6 +519,7 @@ getECParams(const char *curve)
 
     return ecparams;
 }
+#endif /* NSS_DISABLE_ECC */
 
 static void
 dump_pqg(PQGParams *pqg)
@@ -529,6 +537,7 @@ dump_dsakey(DSAPrivateKey *key)
     SECU_PrintInteger(stdout, &key->privateValue, "PRIVATE VALUE:", 0);
 }
 
+#ifndef NSS_DISABLE_ECC
 static void
 dump_ecp(ECParams *ecp)
 {
@@ -543,6 +552,7 @@ dump_eckey(ECPrivateKey *key)
     SECU_PrintInteger(stdout, &key->publicValue, "PUBLIC VALUE:", 0);
     SECU_PrintInteger(stdout, &key->privateValue, "PRIVATE VALUE:", 0);
 }
+#endif
 
 static void
 dump_rsakey(RSAPrivateKey *key)
@@ -628,15 +638,17 @@ typedef enum {
     bltestRSA,          /* Public Key Ciphers    */
     bltestRSA_OAEP,     /* . (Public Key Enc.)   */
     bltestRSA_PSS,      /* . (Public Key Sig.)   */
-    bltestECDSA,        /* . (Public Key Sig.)   */
-    bltestDSA,          /* . (Public Key Sig.)   */
-    bltestMD2,          /* Hash algorithms       */
-    bltestMD5,          /* .             */
-    bltestSHA1,         /* .             */
-    bltestSHA224,       /* .             */
-    bltestSHA256,       /* .             */
-    bltestSHA384,       /* .             */
-    bltestSHA512,       /* .             */
+#ifndef NSS_DISABLE_ECC
+    bltestECDSA, /* . (Public Key Sig.)   */
+#endif
+    bltestDSA,    /* . (Public Key Sig.)   */
+    bltestMD2,    /* Hash algorithms       */
+    bltestMD5,    /* .             */
+    bltestSHA1,   /* .             */
+    bltestSHA224, /* .             */
+    bltestSHA256, /* .             */
+    bltestSHA384, /* .             */
+    bltestSHA512, /* .             */
     NUMMODES
 } bltestCipherMode;
 
@@ -666,7 +678,9 @@ static char *mode_strings[] =
       "rsa",
       "rsa_oaep",
       "rsa_pss",
+#ifndef NSS_DISABLE_ECC
       "ecdsa",
+#endif
       /*"pqg",*/
       "dsa",
       "md2",
@@ -718,11 +732,13 @@ typedef struct
     PQGParams *pqg;
 } bltestDSAParams;
 
+#ifndef NSS_DISABLE_ECC
 typedef struct
 {
     char *curveName;
     bltestIO sigseed;
 } bltestECDSAParams;
+#endif
 
 typedef struct
 {
@@ -735,7 +751,9 @@ typedef struct
     union {
         bltestRSAParams rsa;
         bltestDSAParams dsa;
+#ifndef NSS_DISABLE_ECC
         bltestECDSAParams ecdsa;
+#endif
     } cipherParams;
 } bltestAsymKeyParams;
 
@@ -1292,6 +1310,7 @@ dsa_verifyDigest(void *cx, SECItem *output, const SECItem *input)
     return DSA_VerifyDigest((DSAPublicKey *)params->pubKey, output, input);
 }
 
+#ifndef NSS_DISABLE_ECC
 SECStatus
 ecdsa_signDigest(void *cx, SECItem *output, const SECItem *input)
 {
@@ -1312,6 +1331,7 @@ ecdsa_verifyDigest(void *cx, SECItem *output, const SECItem *input)
     bltestAsymKeyParams *params = (bltestAsymKeyParams *)cx;
     return ECDSA_VerifyDigest((ECPublicKey *)params->pubKey, output, input);
 }
+#endif
 
 SECStatus
 bltest_des_init(bltestCipherInfo *cipherInfo, PRBool encrypt)
@@ -1791,6 +1811,7 @@ bltest_dsa_init(bltestCipherInfo *cipherInfo, PRBool encrypt)
     return SECSuccess;
 }
 
+#ifndef NSS_DISABLE_ECC
 SECStatus
 bltest_ecdsa_init(bltestCipherInfo *cipherInfo, PRBool encrypt)
 {
@@ -1856,6 +1877,7 @@ bltest_ecdsa_init(bltestCipherInfo *cipherInfo, PRBool encrypt)
     }
     return SECSuccess;
 }
+#endif
 
 /* XXX unfortunately, this is not defined in blapi.h */
 SECStatus
@@ -2147,7 +2169,11 @@ finish:
 
 SECStatus
 pubkeyInitKey(bltestCipherInfo *cipherInfo, PRFileDesc *file,
+#ifndef NSS_DISABLE_ECC
               int keysize, int exponent, char *curveName)
+#else
+              int keysize, int exponent)
+#endif
 {
     int i;
     SECStatus rv = SECSuccess;
@@ -2156,10 +2182,12 @@ pubkeyInitKey(bltestCipherInfo *cipherInfo, PRFileDesc *file,
     RSAPrivateKey **rsaKey = NULL;
     bltestDSAParams *dsap;
     DSAPrivateKey **dsaKey = NULL;
+#ifndef NSS_DISABLE_ECC
     SECItem *tmpECParamsDER;
     ECParams *tmpECParams = NULL;
     SECItem ecSerialize[3];
     ECPrivateKey **ecKey = NULL;
+#endif
     switch (cipherInfo->mode) {
         case bltestRSA:
         case bltestRSA_PSS:
@@ -2196,6 +2224,7 @@ pubkeyInitKey(bltestCipherInfo *cipherInfo, PRFileDesc *file,
                 dsap->keysize = (*dsaKey)->params.prime.len * 8;
             }
             break;
+#ifndef NSS_DISABLE_ECC
         case bltestECDSA:
             ecKey = (ECPrivateKey **)&asymk->privKey;
             if (curveName != NULL) {
@@ -2225,6 +2254,7 @@ pubkeyInitKey(bltestCipherInfo *cipherInfo, PRFileDesc *file,
                 *ecKey = eckey_from_filedata(cipherInfo->arena, &asymk->key.buf);
             }
             break;
+#endif
         default:
             return SECFailure;
     }
@@ -2311,6 +2341,7 @@ cipherInit(bltestCipherInfo *cipherInfo, PRBool encrypt)
             }
             return bltest_dsa_init(cipherInfo, encrypt);
             break;
+#ifndef NSS_DISABLE_ECC
         case bltestECDSA:
             if (encrypt) {
                 SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
@@ -2318,6 +2349,7 @@ cipherInit(bltestCipherInfo *cipherInfo, PRBool encrypt)
             }
             return bltest_ecdsa_init(cipherInfo, encrypt);
             break;
+#endif
         case bltestMD2:
             restart = cipherInfo->params.hash.restart;
             SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
@@ -2612,7 +2644,9 @@ cipherFinish(bltestCipherInfo *cipherInfo)
         case bltestRSA_PSS: /* will be freed with it. */
         case bltestRSA_OAEP:
         case bltestDSA:
+#ifndef NSS_DISABLE_ECC
         case bltestECDSA:
+#endif
         case bltestMD2: /* hash contexts are ephemeral */
         case bltestMD5:
         case bltestSHA1:
@@ -2788,6 +2822,7 @@ print_td:
                 fprintf(stdout, "%8d", info->params.asymk.cipherParams.dsa.keysize);
             }
             break;
+#ifndef NSS_DISABLE_ECC
         case bltestECDSA:
             if (td) {
                 fprintf(stdout, "%12s", "ec_curve");
@@ -2798,6 +2833,7 @@ print_td:
                         ecCurve_map[curveName] ? ecCurve_map[curveName]->text : "Unsupported curve");
             }
             break;
+#endif
         case bltestMD2:
         case bltestMD5:
         case bltestSHA1:
@@ -3027,6 +3063,7 @@ get_params(PLArenaPool *arena, bltestParams *params,
             sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "ciphertext", j);
             load_file_data(arena, &params->asymk.sig, filename, bltestBase64Encoded);
             break;
+#ifndef NSS_DISABLE_ECC
         case bltestECDSA:
             sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "key", j);
             load_file_data(arena, &params->asymk.key, filename, bltestBase64Encoded);
@@ -3038,6 +3075,7 @@ get_params(PLArenaPool *arena, bltestParams *params,
             sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "ciphertext", j);
             load_file_data(arena, &params->asymk.sig, filename, bltestBase64Encoded);
             break;
+#endif
         case bltestMD2:
         case bltestMD5:
         case bltestSHA1:
@@ -3259,11 +3297,13 @@ dump_file(bltestCipherMode mode, char *filename)
         load_file_data(arena, &keydata, filename, bltestBase64Encoded);
         key = dsakey_from_filedata(arena, &keydata.buf);
         dump_dsakey(key);
+#ifndef NSS_DISABLE_ECC
     } else if (mode == bltestECDSA) {
         ECPrivateKey *key;
         load_file_data(arena, &keydata, filename, bltestBase64Encoded);
         key = eckey_from_filedata(arena, &keydata.buf);
         dump_eckey(key);
+#endif
     }
     PORT_FreeArena(arena, PR_FALSE);
     return SECFailure;
@@ -3550,7 +3590,9 @@ enum {
     opt_Key,
     opt_HexWSpc,
     opt_Mode,
+#ifndef NSS_DISABLE_ECC
     opt_CurveName,
+#endif
     opt_Output,
     opt_Repetitions,
     opt_ZeroBuf,
@@ -3602,7 +3644,9 @@ static secuCommandFlag bltest_options[] =
       { /* opt_Key */ 'k', PR_TRUE, 0, PR_FALSE },
       { /* opt_HexWSpc */ 'l', PR_FALSE, 0, PR_FALSE },
       { /* opt_Mode */ 'm', PR_TRUE, 0, PR_FALSE },
+#ifndef NSS_DISABLE_ECC
       { /* opt_CurveName */ 'n', PR_TRUE, 0, PR_FALSE },
+#endif
       { /* opt_Output */ 'o', PR_TRUE, 0, PR_FALSE },
       { /* opt_Repetitions */ 'p', PR_TRUE, 0, PR_FALSE },
       { /* opt_ZeroBuf */ 'q', PR_FALSE, 0, PR_FALSE },
@@ -3635,7 +3679,9 @@ main(int argc, char **argv)
     bltestCipherInfo *cipherInfoListHead, *cipherInfo = NULL;
     bltestIOMode ioMode;
     int bufsize, exponent, curThrdNum;
+#ifndef NSS_DISABLE_ECC
     char *curveName = NULL;
+#endif
     int i, commandsEntered;
     int inoff, outoff;
     int threads = 1;
@@ -3871,10 +3917,12 @@ main(int argc, char **argv)
     else
         exponent = 65537;
 
+#ifndef NSS_DISABLE_ECC
     if (bltest.options[opt_CurveName].activated)
         curveName = PORT_Strdup(bltest.options[opt_CurveName].arg);
     else
         curveName = NULL;
+#endif
 
     if (bltest.commands[cmd_Verify].activated &&
         !bltest.options[opt_SigFile].activated) {
@@ -3960,7 +4008,11 @@ main(int argc, char **argv)
                 file = PR_Open("tmp.key", PR_WRONLY | PR_CREATE_FILE, 00660);
             }
             params->key.mode = bltestBase64Encoded;
+#ifndef NSS_DISABLE_ECC
             pubkeyInitKey(cipherInfo, file, keysize, exponent, curveName);
+#else
+            pubkeyInitKey(cipherInfo, file, keysize, exponent);
+#endif
             PR_Close(file);
         }
 
diff --git a/security/nss/cmd/certcgi/certcgi.c b/security/nss/cmd/certcgi/certcgi.c
index 4d1a1061a..35409e250 100644
--- a/security/nss/cmd/certcgi/certcgi.c
+++ b/security/nss/cmd/certcgi/certcgi.c
@@ -233,7 +233,8 @@ make_datastruct(char *data, int len)
         if (remaining == 1) {
             remaining += fields;
             fields = fields * 2;
-            datastruct = (Pair *)PORT_Realloc(datastruct, fields * sizeof(Pair));
+            datastruct = (Pair *)PORT_Realloc(datastruct, fields *
+                                                              sizeof(Pair));
             if (datastruct == NULL) {
                 error_allocate();
             }
diff --git a/security/nss/cmd/certutil/certutil.c b/security/nss/cmd/certutil/certutil.c
index 03f4478b7..fbc752c1b 100644
--- a/security/nss/cmd/certutil/certutil.c
+++ b/security/nss/cmd/certutil/certutil.c
@@ -194,8 +194,6 @@ CertReq(SECKEYPrivateKey *privk, SECKEYPublicKey *pubk, KeyType keyType,
     PLArenaPool *arena;
     void *extHandle;
     SECItem signedReq = { siBuffer, NULL, 0 };
-    SECAlgorithmID signAlg;
-    SECItem *params = NULL;
 
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if (!arena) {
@@ -213,26 +211,11 @@ CertReq(SECKEYPrivateKey *privk, SECKEYPublicKey *pubk, KeyType keyType,
 
     /* Change cert type to RSA-PSS, if desired. */
     if (pssCertificate) {
-        params = SEC_CreateSignatureAlgorithmParameters(arena,
-                                                        NULL,
-                                                        SEC_OID_PKCS1_RSA_PSS_SIGNATURE,
-                                                        hashAlgTag,
-                                                        NULL,
-                                                        privk);
-        if (!params) {
-            PORT_FreeArena(arena, PR_FALSE);
-            SECKEY_DestroySubjectPublicKeyInfo(spki);
-            SECU_PrintError(progName, "unable to create RSA-PSS parameters");
-            return SECFailure;
-        }
-
         spki->algorithm.parameters.data = NULL;
         rv = SECOID_SetAlgorithmID(arena, &spki->algorithm,
-                                   SEC_OID_PKCS1_RSA_PSS_SIGNATURE,
-                                   hashAlgTag == SEC_OID_UNKNOWN ? NULL : params);
+                                   SEC_OID_PKCS1_RSA_PSS_SIGNATURE, 0);
         if (rv != SECSuccess) {
             PORT_FreeArena(arena, PR_FALSE);
-            SECKEY_DestroySubjectPublicKeyInfo(spki);
             SECU_PrintError(progName, "unable to set algorithm ID");
             return SECFailure;
         }
@@ -273,34 +256,16 @@ CertReq(SECKEYPrivateKey *privk, SECKEYPublicKey *pubk, KeyType keyType,
         return SECFailure;
     }
 
-    PORT_Memset(&signAlg, 0, sizeof(signAlg));
-    if (pssCertificate) {
-        rv = SECOID_SetAlgorithmID(arena, &signAlg,
-                                   SEC_OID_PKCS1_RSA_PSS_SIGNATURE, params);
-        if (rv != SECSuccess) {
-            PORT_FreeArena(arena, PR_FALSE);
-            SECU_PrintError(progName, "unable to set algorithm ID");
-            return SECFailure;
-        }
-    } else {
-        signAlgTag = SEC_GetSignatureAlgorithmOidTag(keyType, hashAlgTag);
-        if (signAlgTag == SEC_OID_UNKNOWN) {
-            PORT_FreeArena(arena, PR_FALSE);
-            SECU_PrintError(progName, "unknown Key or Hash type");
-            return SECFailure;
-        }
-        rv = SECOID_SetAlgorithmID(arena, &signAlg, signAlgTag, 0);
-        if (rv != SECSuccess) {
-            PORT_FreeArena(arena, PR_FALSE);
-            SECU_PrintError(progName, "unable to set algorithm ID");
-            return SECFailure;
-        }
+    /* Sign the request */
+    signAlgTag = SEC_GetSignatureAlgorithmOidTag(keyType, hashAlgTag);
+    if (signAlgTag == SEC_OID_UNKNOWN) {
+        PORT_FreeArena(arena, PR_FALSE);
+        SECU_PrintError(progName, "unknown Key or Hash type");
+        return SECFailure;
     }
 
-    /* Sign the request */
-    rv = SEC_DerSignDataWithAlgorithmID(arena, &signedReq,
-                                        encoding->data, encoding->len,
-                                        privk, &signAlg);
+    rv = SEC_DerSignData(arena, &signedReq, encoding->data, encoding->len,
+                         privk, signAlgTag);
     if (rv) {
         PORT_FreeArena(arena, PR_FALSE);
         SECU_PrintError(progName, "signing of data failed");
@@ -400,7 +365,7 @@ ChangeTrustAttributes(CERTCertDBHandle *handle, PK11SlotInfo *slot,
     CERTCertificate *cert;
     CERTCertTrust *trust;
 
-    cert = CERT_FindCertByNicknameOrEmailAddrCX(handle, name, pwdata);
+    cert = CERT_FindCertByNicknameOrEmailAddr(handle, name);
     if (!cert) {
         SECU_PrintError(progName, "could not find certificate named \"%s\"",
                         name);
@@ -626,10 +591,6 @@ ListCerts(CERTCertDBHandle *handle, char *nickname, char *email,
 {
     SECStatus rv;
 
-    if (slot && PK11_NeedUserInit(slot)) {
-        printf("\nDatabase needs user init\n");
-    }
-
     if (!ascii && !raw && !nickname && !email) {
         PR_fprintf(outfile, "\n%-60s %-5s\n%-60s %-5s\n\n",
                    "Certificate Nickname", "Trust Attributes", "",
@@ -653,12 +614,12 @@ ListCerts(CERTCertDBHandle *handle, char *nickname, char *email,
 }
 
 static SECStatus
-DeleteCert(CERTCertDBHandle *handle, char *name, void *pwdata)
+DeleteCert(CERTCertDBHandle *handle, char *name)
 {
     SECStatus rv;
     CERTCertificate *cert;
 
-    cert = CERT_FindCertByNicknameOrEmailAddrCX(handle, name, pwdata);
+    cert = CERT_FindCertByNicknameOrEmailAddr(handle, name);
     if (!cert) {
         SECU_PrintError(progName, "could not find certificate named \"%s\"",
                         name);
@@ -674,12 +635,12 @@ DeleteCert(CERTCertDBHandle *handle, char *name, void *pwdata)
 }
 
 static SECStatus
-RenameCert(CERTCertDBHandle *handle, char *name, char *newName, void *pwdata)
+RenameCert(CERTCertDBHandle *handle, char *name, char *newName)
 {
     SECStatus rv;
     CERTCertificate *cert;
 
-    cert = CERT_FindCertByNicknameOrEmailAddrCX(handle, name, pwdata);
+    cert = CERT_FindCertByNicknameOrEmailAddr(handle, name);
     if (!cert) {
         SECU_PrintError(progName, "could not find certificate named \"%s\"",
                         name);
@@ -1054,18 +1015,6 @@ ListModules(void)
 }
 
 static void
-PrintBuildFlags()
-{
-#ifdef NSS_FIPS_DISABLED
-    PR_fprintf(PR_STDOUT, "NSS_FIPS_DISABLED\n");
-#endif
-#ifdef NSS_NO_INIT_SUPPORT
-    PR_fprintf(PR_STDOUT, "NSS_NO_INIT_SUPPORT\n");
-#endif
-    exit(0);
-}
-
-static void
 PrintSyntax(char *progName)
 {
 #define FPS fprintf(stderr,
@@ -1095,10 +1044,15 @@ PrintSyntax(char *progName)
         "\t\t [-f pwfile] [-z noisefile] [-d certdir] [-P dbprefix]\n", progName);
     FPS "\t%s -G [-h token-name] -k dsa [-q pqgfile -g key-size] [-f pwfile]\n"
         "\t\t [-z noisefile] [-d certdir] [-P dbprefix]\n", progName);
+#ifndef NSS_DISABLE_ECC
     FPS "\t%s -G [-h token-name] -k ec -q curve [-f pwfile]\n"
         "\t\t [-z noisefile] [-d certdir] [-P dbprefix]\n", progName);
     FPS "\t%s -K [-n key-name] [-h token-name] [-k dsa|ec|rsa|all]\n",
         progName);
+#else
+    FPS "\t%s -K [-n key-name] [-h token-name] [-k dsa|rsa|all]\n",
+        progName);
+#endif /* NSS_DISABLE_ECC */
     FPS "\t\t [-f pwfile] [-X] [-d certdir] [-P dbprefix]\n");
     FPS "\t%s --upgrade-merge --source-dir upgradeDir --upgrade-id uniqueID\n",
         progName);
@@ -1112,7 +1066,6 @@ PrintSyntax(char *progName)
     FPS "\t%s -L [-n cert-name] [-h token-name] [--email email-address]\n",
         progName);
     FPS "\t\t [-X] [-r] [-a] [--dump-ext-val OID] [-d certdir] [-P dbprefix]\n");
-    FPS "\t%s --build-flags\n", progName);
     FPS "\t%s -M -n cert-name -t trustargs [-d certdir] [-P dbprefix]\n",
         progName);
     FPS "\t%s -O -n cert-name [-X] [-d certdir] [-a] [-P dbprefix]\n", progName);
@@ -1231,8 +1184,6 @@ luC(enum usage_level ul, const char *command)
         "   -o output-cert");
     FPS "%-20s Self sign\n",
         "   -x");
-    FPS "%-20s Sign the certificate with RSA-PSS (the issuer key must be rsa)\n",
-        "   --pss-sign");
     FPS "%-20s Cert serial number\n",
         "   -m serial-number");
     FPS "%-20s Time Warp\n",
@@ -1293,10 +1244,17 @@ luG(enum usage_level ul, const char *command)
         return;
     FPS "%-20s Name of token in which to generate key (default is internal)\n",
         "   -h token-name");
+#ifndef NSS_DISABLE_ECC
     FPS "%-20s Type of key pair to generate (\"dsa\", \"ec\", \"rsa\" (default))\n",
         "   -k key-type");
     FPS "%-20s Key size in bits, (min %d, max %d, default %d) (not for ec)\n",
         "   -g key-size", MIN_KEY_BITS, MAX_KEY_BITS, DEFAULT_KEY_BITS);
+#else
+    FPS "%-20s Type of key pair to generate (\"dsa\", \"rsa\" (default))\n",
+        "   -k key-type");
+    FPS "%-20s Key size in bits, (min %d, max %d, default %d)\n",
+        "   -g key-size", MIN_KEY_BITS, MAX_KEY_BITS, DEFAULT_KEY_BITS);
+#endif /* NSS_DISABLE_ECC */
     FPS "%-20s Set the public exponent value (3, 17, 65537) (rsa only)\n",
         "   -y exp");
     FPS "%-20s Specify the password file\n",
@@ -1305,6 +1263,7 @@ luG(enum usage_level ul, const char *command)
         "   -z noisefile");
     FPS "%-20s read PQG value from pqgfile (dsa only)\n",
         "   -q pqgfile");
+#ifndef NSS_DISABLE_ECC
     FPS "%-20s Elliptic curve name (ec only)\n",
         "   -q curve-name");
     FPS "%-20s One of nistp256, nistp384, nistp521, curve25519.\n", "");
@@ -1326,6 +1285,7 @@ luG(enum usage_level ul, const char *command)
     FPS "%-20s c2tnb359w1, c2pnb368w1, c2tnb431r1, secp112r1, \n", "");
     FPS "%-20s secp112r2, secp128r1, secp128r2, sect113r1, sect113r2\n", "");
     FPS "%-20s sect131r1, sect131r2\n", "");
+#endif
     FPS "%-20s Key database directory (default is ~/.netscape)\n",
         "   -d keydir");
     FPS "%-20s Cert & Key database prefix\n",
@@ -1415,7 +1375,9 @@ luK(enum usage_level ul, const char *command)
         "   -h token-name ");
 
     FPS "%-20s Key type (\"all\" (default), \"dsa\","
+#ifndef NSS_DISABLE_ECC
                                                     " \"ec\","
+#endif
                                                     " \"rsa\")\n",
         "   -k key-type");
     FPS "%-20s The nickname of the key or associated certificate\n",
@@ -1558,7 +1520,11 @@ luR(enum usage_level ul, const char *command)
         "   -s subject");
     FPS "%-20s Output the cert request to this file\n",
         "   -o output-req");
+#ifndef NSS_DISABLE_ECC
     FPS "%-20s Type of key pair to generate (\"dsa\", \"ec\", \"rsa\" (default))\n",
+#else
+    FPS "%-20s Type of key pair to generate (\"dsa\", \"rsa\" (default))\n",
+#endif /* NSS_DISABLE_ECC */
         "   -k key-type-or-id");
     FPS "%-20s or nickname of the cert key to use \n",
         "");
@@ -1566,14 +1532,14 @@ luR(enum usage_level ul, const char *command)
         "   -h token-name");
     FPS "%-20s Key size in bits, RSA keys only (min %d, max %d, default %d)\n",
         "   -g key-size", MIN_KEY_BITS, MAX_KEY_BITS, DEFAULT_KEY_BITS);
-    FPS "%-20s Create a certificate request restricted to RSA-PSS (rsa only)\n",
-        "   --pss");
     FPS "%-20s Name of file containing PQG parameters (dsa only)\n",
         "   -q pqgfile");
+#ifndef NSS_DISABLE_ECC
     FPS "%-20s Elliptic curve name (ec only)\n",
         "   -q curve-name");
     FPS "%-20s See the \"-G\" option for a full list of supported names.\n",
         "");
+#endif /* NSS_DISABLE_ECC */
     FPS "%-20s Specify the password file\n",
         "   -f pwfile");
     FPS "%-20s Key database directory (default is ~/.netscape)\n",
@@ -1739,24 +1705,26 @@ luS(enum usage_level ul, const char *command)
         "   -c issuer-name");
     FPS "%-20s Set the certificate trust attributes (see -A above)\n",
         "   -t trustargs");
+#ifndef NSS_DISABLE_ECC
     FPS "%-20s Type of key pair to generate (\"dsa\", \"ec\", \"rsa\" (default))\n",
+#else
+    FPS "%-20s Type of key pair to generate (\"dsa\", \"rsa\" (default))\n",
+#endif /* NSS_DISABLE_ECC */
         "   -k key-type-or-id");
     FPS "%-20s Name of token in which to generate key (default is internal)\n",
         "   -h token-name");
     FPS "%-20s Key size in bits, RSA keys only (min %d, max %d, default %d)\n",
         "   -g key-size", MIN_KEY_BITS, MAX_KEY_BITS, DEFAULT_KEY_BITS);
-    FPS "%-20s Create a certificate restricted to RSA-PSS (rsa only)\n",
-        "   --pss");
     FPS "%-20s Name of file containing PQG parameters (dsa only)\n",
         "   -q pqgfile");
+#ifndef NSS_DISABLE_ECC
     FPS "%-20s Elliptic curve name (ec only)\n",
         "   -q curve-name");
     FPS "%-20s See the \"-G\" option for a full list of supported names.\n",
         "");
+#endif /* NSS_DISABLE_ECC */
     FPS "%-20s Self sign\n",
         "   -x");
-    FPS "%-20s Sign the certificate with RSA-PSS (the issuer key must be rsa)\n",
-        "   --pss-sign");
     FPS "%-20s Cert serial number\n",
         "   -m serial-number");
     FPS "%-20s Time Warp\n",
@@ -1826,18 +1794,6 @@ luS(enum usage_level ul, const char *command)
 }
 
 static void
-luBuildFlags(enum usage_level ul, const char *command)
-{
-    int is_my_command = (command && 0 == strcmp(command, "build-flags"));
-    if (ul == usage_all || !command || is_my_command)
-    FPS "%-15s Print enabled build flags relevant for NSS test execution\n",
-        "--build-flags");
-    if (ul == usage_selected && !is_my_command)
-        return;
-    FPS "\n");
-}
-
-static void
 LongUsage(char *progName, enum usage_level ul, const char *command)
 {
     luA(ul, command);
@@ -1851,7 +1807,6 @@ LongUsage(char *progName, enum usage_level ul, const char *command)
     luU(ul, command);
     luK(ul, command);
     luL(ul, command);
-    luBuildFlags(ul, command);
     luM(ul, command);
     luN(ul, command);
     luT(ul, command);
@@ -1934,119 +1889,46 @@ MakeV1Cert(CERTCertDBHandle *handle,
 }
 
 static SECStatus
-SetSignatureAlgorithm(PLArenaPool *arena,
-                      SECAlgorithmID *signAlg,
-                      SECAlgorithmID *spkiAlg,
-                      SECOidTag hashAlgTag,
-                      SECKEYPrivateKey *privKey,
-                      PRBool pssSign)
-{
-    SECStatus rv;
-
-    if (pssSign ||
-        SECOID_GetAlgorithmTag(spkiAlg) == SEC_OID_PKCS1_RSA_PSS_SIGNATURE) {
-        SECItem *srcParams;
-        SECItem *params;
-
-        if (SECOID_GetAlgorithmTag(spkiAlg) == SEC_OID_PKCS1_RSA_PSS_SIGNATURE) {
-            srcParams = &spkiAlg->parameters;
-        } else {
-            /* If the issuer's public key is RSA, the parameter field
-             * of the SPKI should be NULL, which can't be used as a
-             * basis of RSA-PSS parameters. */
-            srcParams = NULL;
-        }
-        params = SEC_CreateSignatureAlgorithmParameters(arena,
-                                                        NULL,
-                                                        SEC_OID_PKCS1_RSA_PSS_SIGNATURE,
-                                                        hashAlgTag,
-                                                        srcParams,
-                                                        privKey);
-        if (!params) {
-            SECU_PrintError(progName, "Could not create RSA-PSS parameters");
-            return SECFailure;
-        }
-        rv = SECOID_SetAlgorithmID(arena, signAlg,
-                                   SEC_OID_PKCS1_RSA_PSS_SIGNATURE,
-                                   params);
-        if (rv != SECSuccess) {
-            SECU_PrintError(progName, "Could not set signature algorithm id.");
-            return rv;
-        }
-    } else {
-        KeyType keyType = SECKEY_GetPrivateKeyType(privKey);
-        SECOidTag algID;
-
-        algID = SEC_GetSignatureAlgorithmOidTag(keyType, hashAlgTag);
-        if (algID == SEC_OID_UNKNOWN) {
-            SECU_PrintError(progName, "Unknown key or hash type for issuer.");
-            return SECFailure;
-        }
-        rv = SECOID_SetAlgorithmID(arena, signAlg, algID, 0);
-        if (rv != SECSuccess) {
-            SECU_PrintError(progName, "Could not set signature algorithm id.");
-            return rv;
-        }
-    }
-    return SECSuccess;
-}
-
-static SECStatus
 SignCert(CERTCertDBHandle *handle, CERTCertificate *cert, PRBool selfsign,
          SECOidTag hashAlgTag,
          SECKEYPrivateKey *privKey, char *issuerNickName,
-         int certVersion, PRBool pssSign, void *pwarg)
+         int certVersion, void *pwarg)
 {
     SECItem der;
     SECKEYPrivateKey *caPrivateKey = NULL;
     SECStatus rv;
     PLArenaPool *arena;
-    CERTCertificate *issuer;
+    SECOidTag algID;
     void *dummy;
 
-    arena = cert->arena;
-
-    if (selfsign) {
-        issuer = cert;
-    } else {
-        issuer = PK11_FindCertFromNickname(issuerNickName, pwarg);
+    if (!selfsign) {
+        CERTCertificate *issuer = PK11_FindCertFromNickname(issuerNickName, pwarg);
         if ((CERTCertificate *)NULL == issuer) {
             SECU_PrintError(progName, "unable to find issuer with nickname %s",
                             issuerNickName);
-            rv = SECFailure;
-            goto done;
+            return SECFailure;
         }
+
         privKey = caPrivateKey = PK11_FindKeyByAnyCert(issuer, pwarg);
+        CERT_DestroyCertificate(issuer);
         if (caPrivateKey == NULL) {
             SECU_PrintError(progName, "unable to retrieve key %s", issuerNickName);
-            rv = SECFailure;
-            CERT_DestroyCertificate(issuer);
-            goto done;
+            return SECFailure;
         }
     }
 
-    if (pssSign &&
-        (SECKEY_GetPrivateKeyType(privKey) != rsaKey &&
-         SECKEY_GetPrivateKeyType(privKey) != rsaPssKey)) {
-        SECU_PrintError(progName, "unable to create RSA-PSS signature with key %s",
-                        issuerNickName);
+    arena = cert->arena;
+
+    algID = SEC_GetSignatureAlgorithmOidTag(privKey->keyType, hashAlgTag);
+    if (algID == SEC_OID_UNKNOWN) {
+        fprintf(stderr, "Unknown key or hash type for issuer.");
         rv = SECFailure;
-        if (!selfsign) {
-            CERT_DestroyCertificate(issuer);
-        }
         goto done;
     }
 
-    rv = SetSignatureAlgorithm(arena,
-                               &cert->signature,
-                               &issuer->subjectPublicKeyInfo.algorithm,
-                               hashAlgTag,
-                               privKey,
-                               pssSign);
-    if (!selfsign) {
-        CERT_DestroyCertificate(issuer);
-    }
+    rv = SECOID_SetAlgorithmID(arena, &cert->signature, algID, 0);
     if (rv != SECSuccess) {
+        fprintf(stderr, "Could not set signature algorithm id.");
         goto done;
     }
 
@@ -2065,8 +1947,7 @@ SignCert(CERTCertDBHandle *handle, CERTCertificate *cert, PRBool selfsign,
             break;
         default:
             PORT_SetError(SEC_ERROR_INVALID_ARGS);
-            rv = SECFailure;
-            goto done;
+            return SECFailure;
     }
 
     der.len = 0;
@@ -2079,8 +1960,7 @@ SignCert(CERTCertDBHandle *handle, CERTCertificate *cert, PRBool selfsign,
         goto done;
     }
 
-    rv = SEC_DerSignDataWithAlgorithmID(arena, &cert->derCert, der.data, der.len,
-                                        privKey, &cert->signature);
+    rv = SEC_DerSignData(arena, &cert->derCert, der.data, der.len, privKey, algID);
     if (rv != SECSuccess) {
         fprintf(stderr, "Could not sign encoded certificate data.\n");
         /* result allocated out of the arena, it will be freed
@@ -2113,7 +1993,6 @@ CreateCert(
     certutilExtnList extnList,
     const char *extGeneric,
     int certVersion,
-    PRBool pssSign,
     SECItem *certDER)
 {
     void *extHandle = NULL;
@@ -2174,7 +2053,7 @@ CreateCert(
 
         rv = SignCert(handle, subjectCert, selfsign, hashAlgTag,
                       *selfsignprivkey, issuerNickName,
-                      certVersion, pssSign, pwarg);
+                      certVersion, pwarg);
         if (rv != SECSuccess)
             break;
 
@@ -2427,7 +2306,6 @@ enum {
     cmd_Merge,
     cmd_UpgradeMerge, /* test only */
     cmd_Rename,
-    cmd_BuildFlags,
     max_cmd
 };
 
@@ -2498,7 +2376,6 @@ enum certutilOpts {
     opt_GenericExtensions,
     opt_NewNickname,
     opt_Pss,
-    opt_PssSign,
     opt_Help
 };
 
@@ -2530,9 +2407,7 @@ static const secuCommandFlag commands_init[] =
       { /* cmd_UpgradeMerge        */ 0, PR_FALSE, 0, PR_FALSE,
         "upgrade-merge" },
       { /* cmd_Rename              */ 0, PR_FALSE, 0, PR_FALSE,
-        "rename" },
-      { /* cmd_BuildFlags          */ 0, PR_FALSE, 0, PR_FALSE,
-        "build-flags" }
+        "rename" }
     };
 #define NUM_COMMANDS ((sizeof commands_init) / (sizeof commands_init[0]))
 
@@ -2621,8 +2496,6 @@ static const secuCommandFlag options_init[] =
         "new-n" },
       { /* opt_Pss                 */ 0, PR_FALSE, 0, PR_FALSE,
         "pss" },
-      { /* opt_PssSign             */ 0, PR_FALSE, 0, PR_FALSE,
-        "pss-sign" },
     };
 #define NUM_OPTIONS ((sizeof options_init) / (sizeof options_init[0]))
 
@@ -2719,10 +2592,6 @@ certutil_main(int argc, char **argv, PRBool initialize)
         exit(1);
     }
 
-    if (certutil.commands[cmd_BuildFlags].activated) {
-        PrintBuildFlags();
-    }
-
     if (certutil.options[opt_PasswordFile].arg) {
         pwdata.source = PW_FROMFILE;
         pwdata.data = certutil.options[opt_PasswordFile].arg;
@@ -2752,10 +2621,12 @@ certutil_main(int argc, char **argv, PRBool initialize)
                        progName, MIN_KEY_BITS, MAX_KEY_BITS);
             return 255;
         }
+#ifndef NSS_DISABLE_ECC
         if (keytype == ecKey) {
             PR_fprintf(PR_STDERR, "%s -g:  Not for ec keys.\n", progName);
             return 255;
         }
+#endif /* NSS_DISABLE_ECC */
     }
 
     /*  -h specify token name  */
@@ -2784,8 +2655,10 @@ certutil_main(int argc, char **argv, PRBool initialize)
             keytype = rsaKey;
         } else if (PL_strcmp(arg, "dsa") == 0) {
             keytype = dsaKey;
+#ifndef NSS_DISABLE_ECC
         } else if (PL_strcmp(arg, "ec") == 0) {
             keytype = ecKey;
+#endif /* NSS_DISABLE_ECC */
         } else if (PL_strcmp(arg, "all") == 0) {
             keytype = nullKey;
         } else {
@@ -2838,10 +2711,16 @@ certutil_main(int argc, char **argv, PRBool initialize)
 
     /*  -q PQG file or curve name */
     if (certutil.options[opt_PQGFile].activated) {
+#ifndef NSS_DISABLE_ECC
         if ((keytype != dsaKey) && (keytype != ecKey)) {
             PR_fprintf(PR_STDERR, "%s -q: specifies a PQG file for DSA keys"
                                   " (-k dsa) or a named curve for EC keys (-k ec)\n)",
                        progName);
+#else  /* } */
+        if (keytype != dsaKey) {
+            PR_fprintf(PR_STDERR, "%s -q: PQG file is for DSA key (-k dsa).\n)",
+                       progName);
+#endif /* NSS_DISABLE_ECC */
             return 255;
         }
     }
@@ -3153,43 +3032,11 @@ certutil_main(int argc, char **argv, PRBool initialize)
 
     /*  If creating new database, initialize the password.  */
     if (certutil.commands[cmd_NewDBs].activated) {
-        if (certutil.options[opt_EmptyPassword].activated && (PK11_NeedUserInit(slot))) {
-            rv = PK11_InitPin(slot, (char *)NULL, "");
-        } else {
-            rv = SECU_ChangePW2(slot, 0, 0, certutil.options[opt_PasswordFile].arg,
-                                certutil.options[opt_NewPasswordFile].arg);
-        }
-        if (rv != SECSuccess) {
-            SECU_PrintError(progName, "Could not set password for the slot");
-            goto shutdown;
-        }
-    }
-
-    /* if we are going to modify the cert database,
-     * make sure it's initialized */
-    if (certutil.commands[cmd_ModifyCertTrust].activated ||
-        certutil.commands[cmd_CreateAndAddCert].activated ||
-        certutil.commands[cmd_AddCert].activated ||
-        certutil.commands[cmd_AddEmailCert].activated) {
-        if (PK11_NeedLogin(slot) && PK11_NeedUserInit(slot)) {
-            char *password = NULL;
-            /* fetch the password from the command line or the file
-             * if no password is supplied, initialize the password to NULL */
-            if (pwdata.source == PW_FROMFILE) {
-                password = SECU_FilePasswd(slot, PR_FALSE, pwdata.data);
-            } else if (pwdata.source == PW_PLAINTEXT) {
-                password = PL_strdup(pwdata.data);
-            }
-            rv = PK11_InitPin(slot, (char *)NULL, password ? password : "");
-            if (password) {
-                PORT_Memset(password, 0, PL_strlen(password));
-                PORT_Free(password);
-            }
-            if (rv != SECSuccess) {
-                SECU_PrintError(progName, "Could not set password for the slot");
-                goto shutdown;
-            }
-        }
+        if (certutil.options[opt_EmptyPassword].activated && (PK11_NeedUserInit(slot)))
+            PK11_InitPin(slot, (char *)NULL, "");
+        else
+            SECU_ChangePW2(slot, 0, 0, certutil.options[opt_PasswordFile].arg,
+                           certutil.options[opt_NewPasswordFile].arg);
     }
 
     /* walk through the upgrade merge if necessary.
@@ -3367,12 +3214,12 @@ certutil_main(int argc, char **argv, PRBool initialize)
     }
     /*  Delete cert (-D)  */
     if (certutil.commands[cmd_DeleteCert].activated) {
-        rv = DeleteCert(certHandle, name, &pwdata);
+        rv = DeleteCert(certHandle, name);
         goto shutdown;
     }
     /*  Rename cert (--rename)  */
     if (certutil.commands[cmd_Rename].activated) {
-        rv = RenameCert(certHandle, name, newName, &pwdata);
+        rv = RenameCert(certHandle, name, newName);
         goto shutdown;
     }
     /*  Delete key (-F)  */
@@ -3390,10 +3237,7 @@ certutil_main(int argc, char **argv, PRBool initialize)
     if (certutil.commands[cmd_ChangePassword].activated) {
         rv = SECU_ChangePW2(slot, 0, 0, certutil.options[opt_PasswordFile].arg,
                             certutil.options[opt_NewPasswordFile].arg);
-        if (rv != SECSuccess) {
-            SECU_PrintError(progName, "Could not set password for the slot");
-            goto shutdown;
-        }
+        goto shutdown;
     }
     /*  Reset the a token */
     if (certutil.commands[cmd_TokenReset].activated) {
@@ -3518,25 +3362,6 @@ certutil_main(int argc, char **argv, PRBool initialize)
         }
     }
 
-    /* --pss-sign is to sign a certificate with RSA-PSS, even if the
-     * issuer's key is an RSA key.  If the key is an RSA-PSS key, the
-     * generated signature is always RSA-PSS. */
-    if (certutil.options[opt_PssSign].activated) {
-        if (!certutil.commands[cmd_CreateNewCert].activated &&
-            !certutil.commands[cmd_CreateAndAddCert].activated) {
-            PR_fprintf(PR_STDERR,
-                       "%s -%c: --pss-sign only works with -C or -S.\n",
-                       progName, commandToRun);
-            return 255;
-        }
-        if (keytype != rsaKey) {
-            PR_fprintf(PR_STDERR,
-                       "%s -%c: --pss-sign only works with RSA keys.\n",
-                       progName, commandToRun);
-            return 255;
-        }
-    }
-
     /* If we need a list of extensions convert the flags into list format */
     if (certutil.commands[cmd_CertReq].activated ||
         certutil.commands[cmd_CreateAndAddCert].activated ||
@@ -3674,7 +3499,6 @@ certutil_main(int argc, char **argv, PRBool initialize)
                         (certutil.options[opt_GenericExtensions].activated ? certutil.options[opt_GenericExtensions].arg
                                                                            : NULL),
                         certVersion,
-                        certutil.options[opt_PssSign].activated,
                         &certDER);
         if (rv)
             goto shutdown;
diff --git a/security/nss/cmd/certutil/keystuff.c b/security/nss/cmd/certutil/keystuff.c
index 330284c61..2878e3765 100644
--- a/security/nss/cmd/certutil/keystuff.c
+++ b/security/nss/cmd/certutil/keystuff.c
@@ -380,6 +380,7 @@ CERTUTIL_FileForRNG(const char *noise)
     return SECSuccess;
 }
 
+#ifndef NSS_DISABLE_ECC
 typedef struct curveNameTagPairStr {
     char *curveName;
     SECOidTag curveOidTag;
@@ -494,9 +495,9 @@ getECParams(const char *curve)
 
     ecparams = SECITEM_AllocItem(NULL, NULL, (2 + oidData->oid.len));
 
-    /*
+    /* 
      * ecparams->data needs to contain the ASN encoding of an object ID (OID)
-     * representing the named curve. The actual OID is in
+     * representing the named curve. The actual OID is in 
      * oidData->oid.data so we simply prepend 0x06 and OID length
      */
     ecparams->data[0] = SEC_ASN1_OBJECT_ID;
@@ -505,6 +506,7 @@ getECParams(const char *curve)
 
     return ecparams;
 }
+#endif /* NSS_DISABLE_ECC */
 
 SECKEYPrivateKey *
 CERTUTIL_GeneratePrivateKey(KeyType keytype, PK11SlotInfo *slot, int size,
@@ -562,12 +564,14 @@ CERTUTIL_GeneratePrivateKey(KeyType keytype, PK11SlotInfo *slot, int size,
                 params = (void *)&default_pqg_params;
             }
             break;
+#ifndef NSS_DISABLE_ECC
         case ecKey:
             mechanism = CKM_EC_KEY_PAIR_GEN;
             /* For EC keys, PQGFile determines EC parameters */
             if ((params = (void *)getECParams(pqgFile)) == NULL)
                 return NULL;
             break;
+#endif /* NSS_DISABLE_ECC */
         default:
             return NULL;
     }
@@ -576,7 +580,8 @@ CERTUTIL_GeneratePrivateKey(KeyType keytype, PK11SlotInfo *slot, int size,
     fprintf(stderr, "Generating key.  This may take a few moments...\n\n");
 
     privKey = PK11_GenerateKeyPairWithOpFlags(slot, mechanism, params, pubkeyp,
-                                              attrFlags, opFlagsOn, opFlagsOn | opFlagsOff,
+                                              attrFlags, opFlagsOn, opFlagsOn |
+                                                                        opFlagsOff,
                                               pwdata /*wincx*/);
     /* free up the params */
     switch (keytype) {
@@ -584,9 +589,11 @@ CERTUTIL_GeneratePrivateKey(KeyType keytype, PK11SlotInfo *slot, int size,
             if (dsaparams)
                 CERTUTIL_DestroyParamsPQG(dsaparams);
             break;
+#ifndef NSS_DISABLE_ECC
         case ecKey:
             SECITEM_FreeItem((SECItem *)params, PR_TRUE);
             break;
+#endif
         default: /* nothing to free */
             break;
     }
diff --git a/security/nss/cmd/crlutil/crlgen.c b/security/nss/cmd/crlutil/crlgen.c
index fce5e2a60..1f9dc4b43 100644
--- a/security/nss/cmd/crlutil/crlgen.c
+++ b/security/nss/cmd/crlutil/crlgen.c
@@ -616,7 +616,8 @@ crlgen_CreateInvalidityDate(PLArenaPool *arena, const char **dataArr,
         goto loser;
     }
 
-    PORT_Memcpy(encodedItem->data, dataArr[2], (encodedItem->len = length) * sizeof(char));
+    PORT_Memcpy(encodedItem->data, dataArr[2], (encodedItem->len = length) *
+                                                   sizeof(char));
 
     *extCode = SEC_OID_X509_INVALID_DATE;
     return encodedItem;
diff --git a/security/nss/cmd/fipstest/fipstest.c b/security/nss/cmd/fipstest/fipstest.c
index 061f3dde0..ab73e42a5 100644
--- a/security/nss/cmd/fipstest/fipstest.c
+++ b/security/nss/cmd/fipstest/fipstest.c
@@ -35,11 +35,13 @@
 #include "../../lib/freebl/mpi/mpi.h"
 #endif
 
+#ifndef NSS_DISABLE_ECC
 extern SECStatus
 EC_DecodeParams(const SECItem *encodedParams, ECParams **ecparams);
 extern SECStatus
 EC_CopyParams(PLArenaPool *arena, ECParams *dstParams,
               const ECParams *srcParams);
+#endif
 
 #define ENCRYPT 1
 #define DECRYPT 0
@@ -2092,6 +2094,7 @@ get_next_line(FILE *req, char *key, char *val, FILE *rsp)
     return (c == EOF) ? -1 : ignore;
 }
 
+#ifndef NSS_DISABLE_ECC
 typedef struct curveNameTagPairStr {
     char *curveName;
     SECOidTag curveOidTag;
@@ -2955,6 +2958,7 @@ loser:
     }
     fclose(ecdsareq);
 }
+#endif /* NSS_DISABLE_ECC */
 
 PRBool
 isblankline(char *b)
@@ -5922,7 +5926,8 @@ tls(char *reqfn)
                 goto loser;
             }
             crv = NSC_DeriveKey(session, &master_mech, pms_handle,
-                                derive_template, derive_template_count - 1,
+                                derive_template, derive_template_count -
+                                                     1,
                                 &master_handle);
             if (crv != CKR_OK) {
                 fprintf(stderr, "NSC_DeriveKey(master) failed crv=0x%x\n",
@@ -6089,6 +6094,7 @@ main(int argc, char **argv)
             /* Signature Verification Test */
             dsa_sigver_test(argv[3]);
         }
+#ifndef NSS_DISABLE_ECC
         /*************/
         /*   ECDSA   */
         /*************/
@@ -6107,6 +6113,7 @@ main(int argc, char **argv)
             /* Signature Verification Test */
             ecdsa_sigver_test(argv[3]);
         }
+#endif /* NSS_DISABLE_ECC */
         /*************/
         /*   RNG     */
         /*************/
diff --git a/security/nss/cmd/fipstest/runtest.sh b/security/nss/cmd/fipstest/runtest.sh
index 5f8e66a08..99cefed77 100644
--- a/security/nss/cmd/fipstest/runtest.sh
+++ b/security/nss/cmd/fipstest/runtest.sh
@@ -7,6 +7,9 @@
 TESTDIR=${1-.}
 COMMAND=${2-run}
 TESTS="aes aesgcm dsa ecdsa hmac tls rng rsa sha tdea"
+if [ ${NSS_ENABLE_ECC}x = 1x ]; then
+   TESTS=${TESTS} ecdsa
+fi
 for i in $TESTS
 do
     echo "********************Running $i tests"
diff --git a/security/nss/cmd/lib/secutil.c b/security/nss/cmd/lib/secutil.c
index 2b33f8963..cb4752df9 100644
--- a/security/nss/cmd/lib/secutil.c
+++ b/security/nss/cmd/lib/secutil.c
@@ -54,10 +54,6 @@ static char consoleName[] = {
 
 static PRBool utf8DisplayEnabled = PR_FALSE;
 
-/* The minimum password/pin length (in Unicode characters) in FIPS mode,
- * defined in lib/softoken/pkcs11i.h. */
-#define FIPS_MIN_PIN 7
-
 void
 SECU_EnableUtf8Display(PRBool enable)
 {
@@ -240,8 +236,7 @@ SECU_GetModulePassword(PK11SlotInfo *slot, PRBool retry, void *arg)
             sprintf(prompt,
                     "Press Enter, then enter PIN for \"%s\" on external device.\n",
                     PK11_GetTokenName(slot));
-            char *pw = SECU_GetPasswordString(NULL, prompt);
-            PORT_Free(pw);
+            (void)SECU_GetPasswordString(NULL, prompt);
         /* Fall Through */
         case PW_PLAINTEXT:
             return PL_strdup(pwdata->data);
@@ -281,25 +276,10 @@ secu_InitSlotPassword(PK11SlotInfo *slot, PRBool retry, void *arg)
     }
 
     /* we have no password, so initialize database with one */
-    if (PK11_IsFIPS()) {
-        PR_fprintf(PR_STDERR,
-                   "Enter a password which will be used to encrypt your keys.\n"
-                   "The password should be at least %d characters long,\n"
-                   "and should consist of at least three character classes.\n"
-                   "The available character classes are: digits (0-9), ASCII\n"
-                   "lowercase letters, ASCII uppercase letters, ASCII\n"
-                   "non-alphanumeric characters, and non-ASCII characters.\n\n"
-                   "If an ASCII uppercase letter appears at the beginning of\n"
-                   "the password, it is not counted toward its character class.\n"
-                   "Similarly, if a digit appears at the end of the password,\n"
-                   "it is not counted toward its character class.\n\n",
-                   FIPS_MIN_PIN);
-    } else {
-        PR_fprintf(PR_STDERR,
-                   "Enter a password which will be used to encrypt your keys.\n"
-                   "The password should be at least 8 characters long,\n"
-                   "and should contain at least one non-alphabetic character.\n\n");
-    }
+    PR_fprintf(PR_STDERR,
+               "Enter a password which will be used to encrypt your keys.\n"
+               "The password should be at least 8 characters long,\n"
+               "and should contain at least one non-alphabetic character.\n\n");
 
     output = fopen(consoleName, "w");
     if (output == NULL) {
@@ -485,6 +465,48 @@ SECU_ConfigDirectory(const char *base)
     return buf;
 }
 
+/*Turn off SSL for now */
+/* This gets called by SSL when server wants our cert & key */
+int
+SECU_GetClientAuthData(void *arg, PRFileDesc *fd,
+                       struct CERTDistNamesStr *caNames,
+                       struct CERTCertificateStr **pRetCert,
+                       struct SECKEYPrivateKeyStr **pRetKey)
+{
+    SECKEYPrivateKey *key;
+    CERTCertificate *cert;
+    int errsave;
+
+    if (arg == NULL) {
+        fprintf(stderr, "no key/cert name specified for client auth\n");
+        return -1;
+    }
+    cert = PK11_FindCertFromNickname(arg, NULL);
+    errsave = PORT_GetError();
+    if (!cert) {
+        if (errsave == SEC_ERROR_BAD_PASSWORD)
+            fprintf(stderr, "Bad password\n");
+        else if (errsave > 0)
+            fprintf(stderr, "Unable to read cert (error %d)\n", errsave);
+        else if (errsave == SEC_ERROR_BAD_DATABASE)
+            fprintf(stderr, "Unable to get cert from database (%d)\n", errsave);
+        else
+            fprintf(stderr, "SECKEY_FindKeyByName: internal error %d\n", errsave);
+        return -1;
+    }
+
+    key = PK11_FindKeyByAnyCert(arg, NULL);
+    if (!key) {
+        fprintf(stderr, "Unable to get key (%d)\n", PORT_GetError());
+        return -1;
+    }
+
+    *pRetCert = cert;
+    *pRetKey = key;
+
+    return 0;
+}
+
 SECStatus
 SECU_ReadDERFromFile(SECItem *der, PRFileDesc *inFile, PRBool ascii,
                      PRBool warnOnPrivateKeyInAsciiFile)
@@ -969,7 +991,7 @@ secu_PrintUniversalString(FILE *out, const SECItem *i, const char *m, int level)
     for (s = my.data, d = tmp.data; len > 0; len--) {
         PRUint32 bmpChar = (s[0] << 24) | (s[1] << 16) | (s[2] << 8) | s[3];
         s += 4;
-        if (!isprint(bmpChar & 0xFF))
+        if (!isprint(bmpChar))
             goto loser;
         *d++ = (unsigned char)bmpChar;
     }
@@ -1193,7 +1215,7 @@ secu_PrintRSAPSSParams(FILE *out, SECItem *value, char *m, int level)
             SECU_Indent(out, level + 1);
             fprintf(out, "Salt length: default, %i (0x%2X)\n", 20, 20);
         } else {
-            SECU_PrintInteger(out, &param.saltLength, "Salt length", level + 1);
+            SECU_PrintInteger(out, &param.saltLength, "Salt Length", level + 1);
         }
     } else {
         SECU_Indent(out, level + 1);
@@ -1313,12 +1335,15 @@ SECU_PrintAlgorithmID(FILE *out, SECAlgorithmID *a, char *m, int level)
         return;
     }
 
+    if (algtag == SEC_OID_PKCS1_RSA_PSS_SIGNATURE) {
+        secu_PrintRSAPSSParams(out, &a->parameters, "Parameters", level + 1);
+        return;
+    }
+
     if (a->parameters.len == 0 ||
         (a->parameters.len == 2 &&
          PORT_Memcmp(a->parameters.data, "\005\000", 2) == 0)) {
         /* No arguments or NULL argument */
-    } else if (algtag == SEC_OID_PKCS1_RSA_PSS_SIGNATURE) {
-        secu_PrintRSAPSSParams(out, &a->parameters, "Parameters", level + 1);
     } else {
         /* Print args to algorithm */
         SECU_PrintAsHex(out, &a->parameters, "Args", level + 1);
@@ -1365,6 +1390,7 @@ secu_PrintAttribute(FILE *out, SEC_PKCS7Attribute *attr, char *m, int level)
     }
 }
 
+#ifndef NSS_DISABLE_ECC
 static void
 secu_PrintECPublicKey(FILE *out, SECKEYPublicKey *pk, char *m, int level)
 {
@@ -1383,6 +1409,7 @@ secu_PrintECPublicKey(FILE *out, SECKEYPublicKey *pk, char *m, int level)
         SECU_PrintObjectID(out, &curveOID, "Curve", level + 1);
     }
 }
+#endif /* NSS_DISABLE_ECC */
 
 void
 SECU_PrintRSAPublicKey(FILE *out, SECKEYPublicKey *pk, char *m, int level)
@@ -1430,9 +1457,11 @@ secu_PrintSubjectPublicKeyInfo(FILE *out, PLArenaPool *arena,
                 SECU_PrintDSAPublicKey(out, pk, "DSA Public Key", level + 1);
                 break;
 
+#ifndef NSS_DISABLE_ECC
             case ecKey:
                 secu_PrintECPublicKey(out, pk, "EC Public Key", level + 1);
                 break;
+#endif
 
             case dhKey:
             case fortezzaKey:
@@ -3585,6 +3614,44 @@ loser:
     return rv;
 }
 
+#if 0
+
+/* we need access to the private function cert_FindExtension for this code to work */
+
+CERTAuthKeyID *
+SECU_FindCRLAuthKeyIDExten (PLArenaPool *arena, CERTSignedCrl *scrl)
+{
+    SECItem encodedExtenValue;
+    SECStatus rv;
+    CERTAuthKeyID *ret;
+    CERTCrl* crl;
+
+    if (!scrl) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+
+    crl = &scrl->crl;
+
+    encodedExtenValue.data = NULL;
+    encodedExtenValue.len = 0;
+
+    rv = cert_FindExtension(crl->extensions, SEC_OID_X509_AUTH_KEY_ID,
+                            &encodedExtenValue);
+    if ( rv != SECSuccess ) {
+        return (NULL);
+    }
+
+    ret = CERT_DecodeAuthKeyID (arena, &encodedExtenValue);
+
+    PORT_Free(encodedExtenValue.data);
+    encodedExtenValue.data = NULL;
+
+    return(ret);
+}
+
+#endif
+
 /*
  * Find the issuer of a Crl.  Use the authorityKeyID if it exists.
  */
@@ -3658,7 +3725,7 @@ SECU_FindCertByNicknameOrFilename(CERTCertDBHandle *handle,
                                   void *pwarg)
 {
     CERTCertificate *the_cert;
-    the_cert = CERT_FindCertByNicknameOrEmailAddrCX(handle, name, pwarg);
+    the_cert = CERT_FindCertByNicknameOrEmailAddr(handle, name);
     if (the_cert) {
         return the_cert;
     }
diff --git a/security/nss/cmd/libpkix/pkix/util/test_list2.c b/security/nss/cmd/libpkix/pkix/util/test_list2.c
index b802ff0e6..7e4114e52 100644
--- a/security/nss/cmd/libpkix/pkix/util/test_list2.c
+++ b/security/nss/cmd/libpkix/pkix/util/test_list2.c
@@ -78,14 +78,16 @@ test_list2(int argc, char *argv[])
     for (i = 0; i < size; i++)
         for (j = 9; j > i; j--) {
             PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(list, j, &obj, plContext));
-            PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(list, j - 1,
+            PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(list, j -
+                                                                  1,
                                                         &obj2, plContext));
 
             PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Compare(obj, obj2, &cmpResult, plContext));
             if (cmpResult < 0) {
                 /* Exchange the items */
                 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_SetItem(list, j, obj2, plContext));
-                PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_SetItem(list, j - 1,
+                PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_SetItem(list, j -
+                                                                      1,
                                                             obj, plContext));
             }
             /* DecRef objects */
diff --git a/security/nss/cmd/listsuites/listsuites.c b/security/nss/cmd/listsuites/listsuites.c
index 8eb2c3553..458130e5e 100644
--- a/security/nss/cmd/listsuites/listsuites.c
+++ b/security/nss/cmd/listsuites/listsuites.c
@@ -10,9 +10,7 @@
 
 #include <errno.h>
 #include <stdio.h>
-#include "nss.h"
 #include "secport.h"
-#include "secutil.h"
 #include "ssl.h"
 
 int
@@ -21,43 +19,6 @@ main(int argc, char **argv)
     const PRUint16 *cipherSuites = SSL_ImplementedCiphers;
     int i;
     int errCount = 0;
-    SECStatus rv;
-    PRErrorCode err;
-    char *certDir = NULL;
-
-    /* load policy from $SSL_DIR/pkcs11.txt, for testing */
-    certDir = SECU_DefaultSSLDir();
-    if (certDir) {
-        rv = NSS_Init(certDir);
-    } else {
-        rv = NSS_NoDB_Init(NULL);
-    }
-    if (rv != SECSuccess) {
-        err = PR_GetError();
-        ++errCount;
-        fprintf(stderr, "NSS_Init failed: %s\n", PORT_ErrorToString(err));
-        goto out;
-    }
-
-    /* apply policy */
-    rv = NSS_SetAlgorithmPolicy(SEC_OID_APPLY_SSL_POLICY, NSS_USE_POLICY_IN_SSL, 0);
-    if (rv != SECSuccess) {
-        err = PR_GetError();
-        ++errCount;
-        fprintf(stderr, "NSS_SetAlgorithmPolicy failed: %s\n",
-                PORT_ErrorToString(err));
-        goto out;
-    }
-
-    /* update the default cipher suites according to the policy */
-    rv = SSL_OptionSetDefault(SSL_SECURITY, PR_TRUE);
-    if (rv != SECSuccess) {
-        err = PR_GetError();
-        ++errCount;
-        fprintf(stderr, "SSL_OptionSetDefault failed: %s\n",
-                PORT_ErrorToString(err));
-        goto out;
-    }
 
     fputs("This version of libSSL supports these cipher suites:\n\n", stdout);
 
@@ -97,14 +58,5 @@ main(int argc, char **argv)
                 info.isFIPS ? "FIPS" : "",
                 info.nonStandard ? "nonStandard" : "");
     }
-
-out:
-    rv = NSS_Shutdown();
-    if (rv != SECSuccess) {
-        err = PR_GetError();
-        ++errCount;
-        fprintf(stderr, "NSS_Shutdown failed: %s\n", PORT_ErrorToString(err));
-    }
-
     return errCount;
 }
diff --git a/security/nss/cmd/manifest.mn b/security/nss/cmd/manifest.mn
index f5e6bc236..153384ce1 100644
--- a/security/nss/cmd/manifest.mn
+++ b/security/nss/cmd/manifest.mn
@@ -63,7 +63,6 @@ NSS_SRCDIRS = \
  pp  \
  pwdecrypt \
  rsaperf \
- rsapoptst \
  sdrtest \
  selfserv  \
  signtool \
diff --git a/security/nss/cmd/modutil/error.h b/security/nss/cmd/modutil/error.h
index d9f06592f..b328afebc 100644
--- a/security/nss/cmd/modutil/error.h
+++ b/security/nss/cmd/modutil/error.h
@@ -57,7 +57,6 @@ typedef enum {
     UNSPECIFIED_ERR,
     NOCERTDB_MISUSE_ERR,
     NSS_INITIALIZE_FAILED_ERR,
-    INITPW_FAILED_ERR,
 
     LAST_ERR /* must be last */
 } Error;
@@ -110,9 +109,8 @@ static char *errStrings[] = {
     "ERROR: Failed to change default.\n",
     "ERROR: Unable to read from standard input.\n",
     "ERROR: Unknown error occurred.\n",
-    "ERROR: -nocertdb option can only be used with the -jar command.\n",
-    "ERROR: NSS_Initialize() failed.\n",
-    "ERROR: Unable to set initial password on the database.\n"
+    "ERROR: -nocertdb option can only be used with the -jar command.\n"
+    "ERROR: NSS_Initialize() failed.\n"
 };
 
 typedef enum {
diff --git a/security/nss/cmd/modutil/install-ds.c b/security/nss/cmd/modutil/install-ds.c
index 030568762..c8fef7897 100644
--- a/security/nss/cmd/modutil/install-ds.c
+++ b/security/nss/cmd/modutil/install-ds.c
@@ -975,7 +975,8 @@ Pk11Install_Platform_Print(Pk11Install_Platform* _this, int pad)
         printf("Doesn't use equiv\n");
     }
     PAD(pad);
-    printf("Module File: %s\n", _this->moduleFile ? _this->moduleFile : "<NULL>");
+    printf("Module File: %s\n", _this->moduleFile ? _this->moduleFile
+                                                  : "<NULL>");
     PAD(pad);
     printf("mechFlags: %lx\n", _this->mechFlags);
     PAD(pad);
diff --git a/security/nss/cmd/modutil/modutil.c b/security/nss/cmd/modutil/modutil.c
index c1b44be53..02972f7b4 100644
--- a/security/nss/cmd/modutil/modutil.c
+++ b/security/nss/cmd/modutil/modutil.c
@@ -865,7 +865,7 @@ main(int argc, char* argv[])
             errcode = ChangePW(tokenName, pwFile, newpwFile);
             break;
         case CREATE_COMMAND:
-            errcode = InitPW();
+            /* The work was already done in init_crypto() */
             break;
         case DEFAULT_COMMAND:
             errcode = SetDefaultModule(moduleName, slotName, mechanisms);
diff --git a/security/nss/cmd/modutil/modutil.h b/security/nss/cmd/modutil/modutil.h
index 04aa908c8..127d0d0da 100644
--- a/security/nss/cmd/modutil/modutil.h
+++ b/security/nss/cmd/modutil/modutil.h
@@ -29,7 +29,6 @@ Error AddModule(char *moduleName, char *libFile, char *ciphers,
 Error DeleteModule(char *moduleName);
 Error ListModule(char *moduleName);
 Error ListModules();
-Error InitPW(void);
 Error ChangePW(char *tokenName, char *pwFile, char *newpwFile);
 Error EnableModule(char *moduleName, char *slotName, PRBool enable);
 Error RawAddModule(char *dbmodulespec, char *modulespec);
diff --git a/security/nss/cmd/modutil/pk11.c b/security/nss/cmd/modutil/pk11.c
index 1efc1895c..834469af1 100644
--- a/security/nss/cmd/modutil/pk11.c
+++ b/security/nss/cmd/modutil/pk11.c
@@ -670,39 +670,6 @@ loser:
 
 /************************************************************************
  *
- * I n i t P W
- */
-Error
-InitPW(void)
-{
-    PK11SlotInfo *slot;
-    Error ret = UNSPECIFIED_ERR;
-
-    slot = PK11_GetInternalKeySlot();
-    if (!slot) {
-        PR_fprintf(PR_STDERR, errStrings[NO_SUCH_TOKEN_ERR], "internal");
-        return NO_SUCH_TOKEN_ERR;
-    }
-
-    /* Set the initial password to empty */
-    if (PK11_NeedUserInit(slot)) {
-        if (PK11_InitPin(slot, NULL, "") != SECSuccess) {
-            PR_fprintf(PR_STDERR, errStrings[INITPW_FAILED_ERR]);
-            ret = INITPW_FAILED_ERR;
-            goto loser;
-        }
-    }
-
-    ret = SUCCESS;
-
-loser:
-    PK11_FreeSlot(slot);
-
-    return ret;
-}
-
-/************************************************************************
- *
  * C h a n g e P W
  */
 Error
@@ -728,7 +695,7 @@ ChangePW(char *tokenName, char *pwFile, char *newpwFile)
                 ret = BAD_PW_ERR;
                 goto loser;
             }
-        } else if (PK11_NeedLogin(slot)) {
+        } else {
             for (matching = PR_FALSE; !matching;) {
                 oldpw = SECU_GetPasswordString(NULL, "Enter old password: ");
                 if (PK11_CheckUserPassword(slot, oldpw) == SECSuccess) {
diff --git a/security/nss/cmd/multinit/multinit.c b/security/nss/cmd/multinit/multinit.c
index 874263e56..a57c4819f 100644
--- a/security/nss/cmd/multinit/multinit.c
+++ b/security/nss/cmd/multinit/multinit.c
@@ -502,7 +502,8 @@ do_list_certs(const char *progName, int log)
 
         SECU_PrintCertNickname(node, stderr);
         if (log) {
-            fprintf(stderr, "*	Slot=%s*\n", cert->slot ? PK11_GetTokenName(cert->slot) : "none");
+            fprintf(stderr, "*	Slot=%s*\n", cert->slot ? PK11_GetTokenName(cert->slot)
+                                                        : "none");
             fprintf(stderr, "*	Nickname=%s*\n", cert->nickname);
             fprintf(stderr, "*	Subject=<%s>*\n", cert->subjectName);
             fprintf(stderr, "*	Issuer=<%s>*\n", cert->issuerName);
diff --git a/security/nss/cmd/pk11mode/pk11mode.c b/security/nss/cmd/pk11mode/pk11mode.c
index 99891096c..2f1fa374e 100644
--- a/security/nss/cmd/pk11mode/pk11mode.c
+++ b/security/nss/cmd/pk11mode/pk11mode.c
@@ -2169,22 +2169,36 @@ PKM_Mechanism(CK_FUNCTION_LIST_PTR pFunctionList,
         PKM_LogIt("    ulMinKeySize = %lu\n", minfo.ulMinKeySize);
         PKM_LogIt("    ulMaxKeySize = %lu\n", minfo.ulMaxKeySize);
         PKM_LogIt("    flags = 0x%08x\n", minfo.flags);
-        PKM_LogIt("        -> HW = %s\n", minfo.flags & CKF_HW ? "TRUE" : "FALSE");
-        PKM_LogIt("        -> ENCRYPT = %s\n", minfo.flags & CKF_ENCRYPT ? "TRUE" : "FALSE");
-        PKM_LogIt("        -> DECRYPT = %s\n", minfo.flags & CKF_DECRYPT ? "TRUE" : "FALSE");
-        PKM_LogIt("        -> DIGEST = %s\n", minfo.flags & CKF_DIGEST ? "TRUE" : "FALSE");
-        PKM_LogIt("        -> SIGN = %s\n", minfo.flags & CKF_SIGN ? "TRUE" : "FALSE");
-        PKM_LogIt("        -> SIGN_RECOVER = %s\n", minfo.flags & CKF_SIGN_RECOVER ? "TRUE" : "FALSE");
-        PKM_LogIt("        -> VERIFY = %s\n", minfo.flags & CKF_VERIFY ? "TRUE" : "FALSE");
+        PKM_LogIt("        -> HW = %s\n", minfo.flags & CKF_HW ? "TRUE"
+                                                               : "FALSE");
+        PKM_LogIt("        -> ENCRYPT = %s\n", minfo.flags & CKF_ENCRYPT ? "TRUE"
+                                                                         : "FALSE");
+        PKM_LogIt("        -> DECRYPT = %s\n", minfo.flags & CKF_DECRYPT ? "TRUE"
+                                                                         : "FALSE");
+        PKM_LogIt("        -> DIGEST = %s\n", minfo.flags & CKF_DIGEST ? "TRUE"
+                                                                       : "FALSE");
+        PKM_LogIt("        -> SIGN = %s\n", minfo.flags & CKF_SIGN ? "TRUE"
+                                                                   : "FALSE");
+        PKM_LogIt("        -> SIGN_RECOVER = %s\n", minfo.flags &
+                                                            CKF_SIGN_RECOVER
+                                                        ? "TRUE"
+                                                        : "FALSE");
+        PKM_LogIt("        -> VERIFY = %s\n", minfo.flags & CKF_VERIFY ? "TRUE"
+                                                                       : "FALSE");
         PKM_LogIt("        -> VERIFY_RECOVER = %s\n",
                   minfo.flags & CKF_VERIFY_RECOVER ? "TRUE" : "FALSE");
-        PKM_LogIt("        -> GENERATE = %s\n", minfo.flags & CKF_GENERATE ? "TRUE" : "FALSE");
+        PKM_LogIt("        -> GENERATE = %s\n", minfo.flags & CKF_GENERATE ? "TRUE"
+                                                                           : "FALSE");
         PKM_LogIt("        -> GENERATE_KEY_PAIR = %s\n",
                   minfo.flags & CKF_GENERATE_KEY_PAIR ? "TRUE" : "FALSE");
-        PKM_LogIt("        -> WRAP = %s\n", minfo.flags & CKF_WRAP ? "TRUE" : "FALSE");
-        PKM_LogIt("        -> UNWRAP = %s\n", minfo.flags & CKF_UNWRAP ? "TRUE" : "FALSE");
-        PKM_LogIt("        -> DERIVE = %s\n", minfo.flags & CKF_DERIVE ? "TRUE" : "FALSE");
-        PKM_LogIt("        -> EXTENSION = %s\n", minfo.flags & CKF_EXTENSION ? "TRUE" : "FALSE");
+        PKM_LogIt("        -> WRAP = %s\n", minfo.flags & CKF_WRAP ? "TRUE"
+                                                                   : "FALSE");
+        PKM_LogIt("        -> UNWRAP = %s\n", minfo.flags & CKF_UNWRAP ? "TRUE"
+                                                                       : "FALSE");
+        PKM_LogIt("        -> DERIVE = %s\n", minfo.flags & CKF_DERIVE ? "TRUE"
+                                                                       : "FALSE");
+        PKM_LogIt("        -> EXTENSION = %s\n", minfo.flags & CKF_EXTENSION ? "TRUE"
+                                                                             : "FALSE");
 
         PKM_LogIt("\n");
     }
@@ -3590,12 +3604,24 @@ PKM_FindAllObjects(CK_FUNCTION_LIST_PTR pFunctionList,
     PKM_LogIt("        state = %lu\n", sinfo.state);
     PKM_LogIt("        flags = 0x%08x\n", sinfo.flags);
 #ifdef CKF_EXCLUSIVE_SESSION
-    PKM_LogIt("            -> EXCLUSIVE SESSION = %s\n", sinfo.flags & CKF_EXCLUSIVE_SESSION ? "TRUE" : "FALSE");
+    PKM_LogIt("            -> EXCLUSIVE SESSION = %s\n", sinfo.flags &
+                                                                 CKF_EXCLUSIVE_SESSION
+                                                             ? "TRUE"
+                                                             : "FALSE");
 #endif /* CKF_EXCLUSIVE_SESSION */
-    PKM_LogIt("            -> RW SESSION = %s\n", sinfo.flags & CKF_RW_SESSION ? "TRUE" : "FALSE");
-    PKM_LogIt("            -> SERIAL SESSION = %s\n", sinfo.flags & CKF_SERIAL_SESSION ? "TRUE" : "FALSE");
+    PKM_LogIt("            -> RW SESSION = %s\n", sinfo.flags &
+                                                          CKF_RW_SESSION
+                                                      ? "TRUE"
+                                                      : "FALSE");
+    PKM_LogIt("            -> SERIAL SESSION = %s\n", sinfo.flags &
+                                                              CKF_SERIAL_SESSION
+                                                          ? "TRUE"
+                                                          : "FALSE");
 #ifdef CKF_INSERTION_CALLBACK
-    PKM_LogIt("            -> INSERTION CALLBACK = %s\n", sinfo.flags & CKF_INSERTION_CALLBACK ? "TRUE" : "FALSE");
+    PKM_LogIt("            -> INSERTION CALLBACK = %s\n", sinfo.flags &
+                                                                  CKF_INSERTION_CALLBACK
+                                                              ? "TRUE"
+                                                              : "FALSE");
 #endif /* CKF_INSERTION_CALLBACK */
     PKM_LogIt("        ulDeviceError = %lu\n", sinfo.ulDeviceError);
     PKM_LogIt("\n");
diff --git a/security/nss/cmd/pk12util/pk12util.c b/security/nss/cmd/pk12util/pk12util.c
index 70454a0d8..0ac1ba00e 100644
--- a/security/nss/cmd/pk12util/pk12util.c
+++ b/security/nss/cmd/pk12util/pk12util.c
@@ -23,7 +23,6 @@
 static char *progName;
 PRBool pk12_debugging = PR_FALSE;
 PRBool dumpRawFile;
-static PRBool pk12uForceUnicode;
 
 PRIntn pk12uErrno = 0;
 
@@ -358,7 +357,6 @@ p12U_ReadPKCS12File(SECItem *uniPwp, char *in_file, PK11SlotInfo *slot,
     SECItem p12file = { 0 };
     SECStatus rv = SECFailure;
     PRBool swapUnicode = PR_FALSE;
-    PRBool forceUnicode = pk12uForceUnicode;
     PRBool trypw;
     int error;
 
@@ -426,18 +424,6 @@ p12U_ReadPKCS12File(SECItem *uniPwp, char *in_file, PK11SlotInfo *slot,
                 SEC_PKCS12DecoderFinish(p12dcx);
                 uniPwp->len = 0;
                 trypw = PR_TRUE;
-            } else if (forceUnicode == pk12uForceUnicode) {
-                /* try again with a different password encoding */
-                forceUnicode = !pk12uForceUnicode;
-                rv = NSS_OptionSet(__NSS_PKCS12_DECODE_FORCE_UNICODE,
-                                   forceUnicode);
-                if (rv != SECSuccess) {
-                    SECU_PrintError(progName, "PKCS12 decoding failed to set option");
-                    pk12uErrno = PK12UERR_DECODEVERIFY;
-                    break;
-                }
-                SEC_PKCS12DecoderFinish(p12dcx);
-                trypw = PR_TRUE;
             } else {
                 SECU_PrintError(progName, "PKCS12 decode not verified");
                 pk12uErrno = PK12UERR_DECODEVERIFY;
@@ -445,15 +431,6 @@ p12U_ReadPKCS12File(SECItem *uniPwp, char *in_file, PK11SlotInfo *slot,
             }
         }
     } while (trypw == PR_TRUE);
-
-    /* revert the option setting */
-    if (forceUnicode != pk12uForceUnicode) {
-        rv = NSS_OptionSet(__NSS_PKCS12_DECODE_FORCE_UNICODE, pk12uForceUnicode);
-        if (rv != SECSuccess) {
-            SECU_PrintError(progName, "PKCS12 decoding failed to set option");
-            pk12uErrno = PK12UERR_DECODEVERIFY;
-        }
-    }
 /* rv has been set at this point */
 
 done:
@@ -493,8 +470,6 @@ P12U_ImportPKCS12Object(char *in_file, PK11SlotInfo *slot,
 {
     SEC_PKCS12DecoderContext *p12dcx = NULL;
     SECItem uniPwitem = { 0 };
-    PRBool forceUnicode = pk12uForceUnicode;
-    PRBool trypw;
     SECStatus rv = SECFailure;
 
     rv = P12U_InitSlot(slot, slotPw);
@@ -505,62 +480,31 @@ P12U_ImportPKCS12Object(char *in_file, PK11SlotInfo *slot,
         return rv;
     }
 
-    do {
-        trypw = PR_FALSE; /* normally we do this once */
-        rv = SECFailure;
-        p12dcx = p12U_ReadPKCS12File(&uniPwitem, in_file, slot, slotPw, p12FilePw);
-
-        if (p12dcx == NULL) {
-            goto loser;
-        }
+    rv = SECFailure;
+    p12dcx = p12U_ReadPKCS12File(&uniPwitem, in_file, slot, slotPw, p12FilePw);
 
-        /* make sure the bags are okey dokey -- nicknames correct, etc. */
-        rv = SEC_PKCS12DecoderValidateBags(p12dcx, P12U_NicknameCollisionCallback);
-        if (rv != SECSuccess) {
-            if (PORT_GetError() == SEC_ERROR_PKCS12_DUPLICATE_DATA) {
-                pk12uErrno = PK12UERR_CERTALREADYEXISTS;
-            } else {
-                pk12uErrno = PK12UERR_DECODEVALIBAGS;
-            }
-            SECU_PrintError(progName, "PKCS12 decode validate bags failed");
-            goto loser;
-        }
+    if (p12dcx == NULL) {
+        goto loser;
+    }
 
-        /* stuff 'em in */
-        if (forceUnicode != pk12uForceUnicode) {
-            rv = NSS_OptionSet(__NSS_PKCS12_DECODE_FORCE_UNICODE,
-                               forceUnicode);
-            if (rv != SECSuccess) {
-                SECU_PrintError(progName, "PKCS12 decode set option failed");
-                pk12uErrno = PK12UERR_DECODEIMPTBAGS;
-                goto loser;
-            }
-        }
-        rv = SEC_PKCS12DecoderImportBags(p12dcx);
-        if (rv != SECSuccess) {
-            if (PR_GetError() == SEC_ERROR_PKCS12_UNABLE_TO_IMPORT_KEY &&
-                forceUnicode == pk12uForceUnicode) {
-                /* try again with a different password encoding */
-                forceUnicode = !pk12uForceUnicode;
-                SEC_PKCS12DecoderFinish(p12dcx);
-                SECITEM_ZfreeItem(&uniPwitem, PR_FALSE);
-                trypw = PR_TRUE;
-            } else {
-                SECU_PrintError(progName, "PKCS12 decode import bags failed");
-                pk12uErrno = PK12UERR_DECODEIMPTBAGS;
-                goto loser;
-            }
+    /* make sure the bags are okey dokey -- nicknames correct, etc. */
+    rv = SEC_PKCS12DecoderValidateBags(p12dcx, P12U_NicknameCollisionCallback);
+    if (rv != SECSuccess) {
+        if (PORT_GetError() == SEC_ERROR_PKCS12_DUPLICATE_DATA) {
+            pk12uErrno = PK12UERR_CERTALREADYEXISTS;
+        } else {
+            pk12uErrno = PK12UERR_DECODEVALIBAGS;
         }
-    } while (trypw);
+        SECU_PrintError(progName, "PKCS12 decode validate bags failed");
+        goto loser;
+    }
 
-    /* revert the option setting */
-    if (forceUnicode != pk12uForceUnicode) {
-        rv = NSS_OptionSet(__NSS_PKCS12_DECODE_FORCE_UNICODE, pk12uForceUnicode);
-        if (rv != SECSuccess) {
-            SECU_PrintError(progName, "PKCS12 decode set option failed");
-            pk12uErrno = PK12UERR_DECODEIMPTBAGS;
-            goto loser;
-        }
+    /* stuff 'em in */
+    rv = SEC_PKCS12DecoderImportBags(p12dcx);
+    if (rv != SECSuccess) {
+        SECU_PrintError(progName, "PKCS12 decode import bags failed");
+        pk12uErrno = PK12UERR_DECODEIMPTBAGS;
+        goto loser;
     }
 
     fprintf(stdout, "%s: PKCS12 IMPORT SUCCESSFUL\n", progName);
@@ -1003,7 +947,6 @@ main(int argc, char **argv)
     int keyLen = 0;
     int certKeyLen = 0;
     secuCommand pk12util;
-    PRInt32 forceUnicode;
 
 #ifdef _CRTDBG_MAP_ALLOC
     _CrtSetDbgFlag(_CRTDBG_ALLOC_MEM_DF | _CRTDBG_LEAK_CHECK_DF);
@@ -1035,14 +978,6 @@ main(int argc, char **argv)
         Usage(progName);
     }
 
-    rv = NSS_OptionGet(__NSS_PKCS12_DECODE_FORCE_UNICODE, &forceUnicode);
-    if (rv != SECSuccess) {
-        SECU_PrintError(progName,
-                        "Failed to get NSS_PKCS12_DECODE_FORCE_UNICODE option");
-        Usage(progName);
-    }
-    pk12uForceUnicode = forceUnicode;
-
     slotname = SECU_GetOptionArg(&pk12util, opt_TokenName);
 
     import_file = (pk12util.options[opt_List].activated) ? SECU_GetOptionArg(&pk12util, opt_List)
diff --git a/security/nss/cmd/pp/pp.c b/security/nss/cmd/pp/pp.c
index d6e276834..9f33d10a4 100644
--- a/security/nss/cmd/pp/pp.c
+++ b/security/nss/cmd/pp/pp.c
@@ -84,8 +84,6 @@ main(int argc, char **argv)
                 if (!inFile) {
                     fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
                             progName, optstate->value);
-                    PORT_Free(typeTag);
-                    PL_DestroyOptState(optstate);
                     return -1;
                 }
                 break;
@@ -95,8 +93,6 @@ main(int argc, char **argv)
                 if (!outFile) {
                     fprintf(stderr, "%s: unable to open \"%s\" for writing\n",
                             progName, optstate->value);
-                    PORT_Free(typeTag);
-                    PL_DestroyOptState(optstate);
                     return -1;
                 }
                 break;
diff --git a/security/nss/cmd/rsaperf/rsaperf.c b/security/nss/cmd/rsaperf/rsaperf.c
index 2bb23856e..556030f6a 100644
--- a/security/nss/cmd/rsaperf/rsaperf.c
+++ b/security/nss/cmd/rsaperf/rsaperf.c
@@ -671,7 +671,8 @@ main(int argc, char **argv)
 
     printf("%ld iterations in %s\n",
            iters, TimingGenerateString(timeCtx));
-    printf("%.2f operations/s .\n", ((double)(iters) * (double)1000000.0) / (double)timeCtx->interval);
+    printf("%.2f operations/s .\n", ((double)(iters) * (double)1000000.0) /
+                                        (double)timeCtx->interval);
     TimingDivide(timeCtx, iters);
     printf("one operation every %s\n", TimingGenerateString(timeCtx));
 
diff --git a/security/nss/cmd/rsapoptst/rsapoptst.c b/security/nss/cmd/rsapoptst/rsapoptst.c
index d9468e6d6..81ddcd6c4 100644
--- a/security/nss/cmd/rsapoptst/rsapoptst.c
+++ b/security/nss/cmd/rsapoptst/rsapoptst.c
@@ -23,7 +23,7 @@ static const struct test_args test_array[] = {
     { "d_n_q", 0x02, "private exponent, modulus, prime2" },
     { "d_p_q", 0x04, "private exponent, prime1, prime2" },
     { "e_d_q", 0x08, "public exponent, private exponent, prime2" },
-    { "e_d_n", 0x10, "public exponent, private exponent, modulus" }
+    { "e_d_n", 0x10, "public exponent, private exponent, moduls" }
 };
 static const int test_array_size =
     (sizeof(test_array) / sizeof(struct test_args));
@@ -58,7 +58,6 @@ const static CK_ATTRIBUTE rsaTemplate[] = {
     { CKA_TOKEN, NULL, 0 },
     { CKA_SENSITIVE, NULL, 0 },
     { CKA_PRIVATE, NULL, 0 },
-    { CKA_ID, NULL, 0 },
     { CKA_MODULUS, NULL, 0 },
     { CKA_PUBLIC_EXPONENT, NULL, 0 },
     { CKA_PRIVATE_EXPONENT, NULL, 0 },
@@ -124,77 +123,46 @@ fail:
 
 #define ATTR_STRING(x) getNameFromAttribute(x)
 
-static void
-dumphex(FILE *file, const unsigned char *cpval, int start, int end)
-{
-    int i;
-    for (i = start; i < end; i++) {
-        if ((i % 16) == 0)
-            fprintf(file, "\n ");
-        fprintf(file, " %02x", cpval[i]);
-    }
-    return;
-}
-
 void
-dumpTemplate(FILE *file, const CK_ATTRIBUTE *template, int start, int end)
+dumpTemplate(CK_ATTRIBUTE *template, int start, int end)
 {
-    int i;
-    for (i = start; i < end; i++) {
+    int i, j;
+    for (i = 0; i < end; i++) {
         unsigned char cval;
         CK_ULONG ulval;
-        const unsigned char *cpval;
+        unsigned char *cpval;
 
-        fprintf(file, "%s:", ATTR_STRING(template[i].type));
+        fprintf(stderr, "%s:", ATTR_STRING(template[i].type));
         switch (template[i].ulValueLen) {
             case 1:
                 cval = *(unsigned char *)template[i].pValue;
                 switch (cval) {
                     case 0:
-                        fprintf(file, " false");
+                        fprintf(stderr, " false");
                         break;
                     case 1:
-                        fprintf(file, " true");
+                        fprintf(stderr, " true");
                         break;
                     default:
-                        fprintf(file, " %d (=0x%02x,'%c')", cval, cval, cval);
+                        fprintf(stderr, " %d (=0x%02x,'%c')", cval, cval, cval);
                         break;
                 }
                 break;
             case sizeof(CK_ULONG):
                 ulval = *(CK_ULONG *)template[i].pValue;
-                fprintf(file, " %ld (=0x%04lx)", ulval, ulval);
+                fprintf(stderr, " %ld (=0x%04lx)", ulval, ulval);
                 break;
             default:
-                cpval = (const unsigned char *)template[i].pValue;
-                dumphex(file, cpval, 0, template[i].ulValueLen);
+                cpval = (unsigned char *)template[i].pValue;
+                for (j = 0; j < template[i].ulValueLen; j++) {
+                    if ((j % 16) == 0)
+                        fprintf(stderr, "\n ");
+                    fprintf(stderr, " %02x", cpval[j]);
+                }
                 break;
         }
-        fprintf(file, "\n");
-    }
-}
-
-void
-dumpItem(FILE *file, const SECItem *item)
-{
-    const unsigned char *cpval;
-
-    if (item == NULL) {
-        fprintf(file, " pNULL ");
-        return;
-    }
-    if (item->data == NULL) {
-        fprintf(file, " NULL ");
-        return;
+        fprintf(stderr, "\n");
     }
-    if (item->len == 0) {
-        fprintf(file, " Empty ");
-        return;
-    }
-    cpval = item->data;
-    dumphex(file, cpval, 0, item->len);
-    fprintf(file, " ");
-    return;
 }
 
 PRBool
@@ -216,16 +184,13 @@ rsaKeysAreEqual(PK11ObjectType srcType, void *src,
         printf("Could read source key\n");
         return PR_FALSE;
     }
-    rv = readKey(destType, dest, destTemplate, 0, RSA_ATTRIBUTES);
+    readKey(destType, dest, destTemplate, 0, RSA_ATTRIBUTES);
     if (rv != SECSuccess) {
         printf("Could read dest key\n");
         return PR_FALSE;
     }
 
     for (i = 0; i < RSA_ATTRIBUTES; i++) {
-        if (srcTemplate[i].type == CKA_ID) {
-            continue; /* we purposefully make the CKA_ID different */
-        }
         if (srcTemplate[i].ulValueLen != destTemplate[i].ulValueLen) {
             printf("key->%s not equal src_len = %ld, dest_len=%ld\n",
                    ATTR_STRING(srcTemplate[i].type),
@@ -239,22 +204,18 @@ rsaKeysAreEqual(PK11ObjectType srcType, void *src,
     }
     if (!areEqual) {
         fprintf(stderr, "original key:\n");
-        dumpTemplate(stderr, srcTemplate, 0, RSA_ATTRIBUTES);
+        dumpTemplate(srcTemplate, 0, RSA_ATTRIBUTES);
         fprintf(stderr, "created key:\n");
-        dumpTemplate(stderr, destTemplate, 0, RSA_ATTRIBUTES);
+        dumpTemplate(destTemplate, 0, RSA_ATTRIBUTES);
     }
-    resetTemplate(srcTemplate, 0, RSA_ATTRIBUTES);
-    resetTemplate(destTemplate, 0, RSA_ATTRIBUTES);
     return areEqual;
 }
 
 static int exp_exp_prime_fail_count = 0;
 
-#define LEAK_ID 0xf
-
 static int
 doRSAPopulateTest(unsigned int keySize, unsigned long exponent,
-                  int mask, int round, void *pwarg)
+                  int mask, void *pwarg)
 {
     SECKEYPrivateKey *rsaPrivKey;
     SECKEYPublicKey *rsaPubKey;
@@ -266,10 +227,7 @@ doRSAPopulateTest(unsigned int keySize, unsigned long exponent,
     CK_OBJECT_CLASS obj_class = CKO_PRIVATE_KEY;
     CK_KEY_TYPE key_type = CKK_RSA;
     CK_BBOOL ck_false = CK_FALSE;
-    CK_BYTE cka_id[2] = { 0, 0 };
     int failed = 0;
-    int leak_found;      /* did we find the expected leak */
-    int expect_leak = 0; /* are we expecting a leak? */
 
     rsaParams.pe = exponent;
     rsaParams.keySizeInBits = keySize;
@@ -301,15 +259,11 @@ doRSAPopulateTest(unsigned int keySize, unsigned long exponent,
     tstTemplate[3].ulValueLen = sizeof(ck_false);
     tstTemplate[4].pValue = &ck_false;
     tstTemplate[4].ulValueLen = sizeof(ck_false);
-    tstTemplate[5].pValue = &cka_id[0];
-    tstTemplate[5].ulValueLen = sizeof(cka_id);
-    tstHeaderCount = 6;
-    cka_id[0] = round;
+    tstHeaderCount = 5;
 
     if (mask & 1) {
         printf("%s\n", test_array[1].description);
         resetTemplate(tstTemplate, tstHeaderCount, RSA_ATTRIBUTES);
-        cka_id[1] = 0;
         copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate,
                       tstHeaderCount, CKA_PUBLIC_EXPONENT);
         copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate,
@@ -317,10 +271,10 @@ doRSAPopulateTest(unsigned int keySize, unsigned long exponent,
         copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate,
                       tstHeaderCount + 2, CKA_PRIME_1);
 
-        tstPrivKey = PK11_CreateManagedGenericObject(slot, tstTemplate,
-                                                     tstHeaderCount +
-                                                         3,
-                                                     PR_FALSE);
+        tstPrivKey = PK11_CreateGenericObject(slot, tstTemplate,
+                                              tstHeaderCount +
+                                                  3,
+                                              PR_FALSE);
         if (tstPrivKey == NULL) {
             fprintf(stderr, "RSA Populate failed: pubExp mod p\n");
             failed = 1;
@@ -336,7 +290,6 @@ doRSAPopulateTest(unsigned int keySize, unsigned long exponent,
         printf("%s\n", test_array[2].description);
         /* test the basic2 case, public exponent, modulus, prime2 */
         resetTemplate(tstTemplate, tstHeaderCount, RSA_ATTRIBUTES);
-        cka_id[1] = 1;
         copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate,
                       tstHeaderCount, CKA_PUBLIC_EXPONENT);
         copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate,
@@ -346,10 +299,10 @@ doRSAPopulateTest(unsigned int keySize, unsigned long exponent,
         /* test with q in the prime1 position */
         tstTemplate[tstHeaderCount + 2].type = CKA_PRIME_1;
 
-        tstPrivKey = PK11_CreateManagedGenericObject(slot, tstTemplate,
-                                                     tstHeaderCount +
-                                                         3,
-                                                     PR_FALSE);
+        tstPrivKey = PK11_CreateGenericObject(slot, tstTemplate,
+                                              tstHeaderCount +
+                                                  3,
+                                              PR_FALSE);
         if (tstPrivKey == NULL) {
             fprintf(stderr, "RSA Populate failed: pubExp mod q\n");
             failed = 1;
@@ -365,7 +318,6 @@ doRSAPopulateTest(unsigned int keySize, unsigned long exponent,
         printf("%s\n", test_array[3].description);
         /* test the medium case, private exponent, prime1, prime2 */
         resetTemplate(tstTemplate, tstHeaderCount, RSA_ATTRIBUTES);
-        cka_id[1] = 2;
 
         copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate,
                       tstHeaderCount, CKA_PRIVATE_EXPONENT);
@@ -377,10 +329,10 @@ doRSAPopulateTest(unsigned int keySize, unsigned long exponent,
         tstTemplate[tstHeaderCount + 2].type = CKA_PRIME_1;
         tstTemplate[tstHeaderCount + 1].type = CKA_PRIME_2;
 
-        tstPrivKey = PK11_CreateManagedGenericObject(slot, tstTemplate,
-                                                     tstHeaderCount +
-                                                         3,
-                                                     PR_FALSE);
+        tstPrivKey = PK11_CreateGenericObject(slot, tstTemplate,
+                                              tstHeaderCount +
+                                                  3,
+                                              PR_FALSE);
         if (tstPrivKey == NULL) {
             fprintf(stderr, "RSA Populate failed: privExp p q\n");
             failed = 1;
@@ -396,7 +348,6 @@ doRSAPopulateTest(unsigned int keySize, unsigned long exponent,
         printf("%s\n", test_array[4].description);
         /* test the advanced case, public exponent, private exponent, prime2 */
         resetTemplate(tstTemplate, tstHeaderCount, RSA_ATTRIBUTES);
-        cka_id[1] = 3;
         copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate,
                       tstHeaderCount, CKA_PRIVATE_EXPONENT);
         copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate,
@@ -404,10 +355,10 @@ doRSAPopulateTest(unsigned int keySize, unsigned long exponent,
         copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate,
                       tstHeaderCount + 2, CKA_PRIME_2);
 
-        tstPrivKey = PK11_CreateManagedGenericObject(slot, tstTemplate,
-                                                     tstHeaderCount +
-                                                         3,
-                                                     PR_FALSE);
+        tstPrivKey = PK11_CreateGenericObject(slot, tstTemplate,
+                                              tstHeaderCount +
+                                                  3,
+                                              PR_FALSE);
         if (tstPrivKey == NULL) {
             fprintf(stderr, "RSA Populate failed: pubExp privExp q\n");
             fprintf(stderr, " this is expected periodically. It means we\n");
@@ -422,12 +373,11 @@ doRSAPopulateTest(unsigned int keySize, unsigned long exponent,
         if (tstPrivKey)
             PK11_DestroyGenericObject(tstPrivKey);
     }
-    if (mask & 0x10) {
+    if (mask & 16) {
         printf("%s\n", test_array[5].description);
         /* test the advanced case2, public exponent, private exponent, modulus
          */
         resetTemplate(tstTemplate, tstHeaderCount, RSA_ATTRIBUTES);
-        cka_id[1] = LEAK_ID;
 
         copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate,
                       tstHeaderCount, CKA_PRIVATE_EXPONENT);
@@ -436,7 +386,6 @@ doRSAPopulateTest(unsigned int keySize, unsigned long exponent,
         copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate,
                       tstHeaderCount + 2, CKA_MODULUS);
 
-        /* purposefully use the old version. This will create a leak */
         tstPrivKey = PK11_CreateGenericObject(slot, tstTemplate,
                                               tstHeaderCount +
                                                   3,
@@ -449,59 +398,9 @@ doRSAPopulateTest(unsigned int keySize, unsigned long exponent,
             fprintf(stderr, "RSA Populate key mismatch: pubExp privExp mod\n");
             failed = 1;
         }
-        expect_leak = 1;
         if (tstPrivKey)
             PK11_DestroyGenericObject(tstPrivKey);
     }
-    resetTemplate(tstTemplate, tstHeaderCount, RSA_ATTRIBUTES);
-    SECKEY_DestroyPrivateKey(rsaPrivKey);
-    SECKEY_DestroyPublicKey(rsaPubKey);
-
-    /* make sure we didn't leak */
-    leak_found = 0;
-    tstPrivKey = PK11_FindGenericObjects(slot, CKO_PRIVATE_KEY);
-    if (tstPrivKey) {
-        SECStatus rv;
-        PK11GenericObject *thisKey;
-        int i;
-
-        fprintf(stderr, "Leaking keys...\n");
-        for (i = 0, thisKey = tstPrivKey; thisKey; i++,
-            thisKey = PK11_GetNextGenericObject(thisKey)) {
-            SECItem id = { 0, NULL, 0 };
-
-            rv = PK11_ReadRawAttribute(PK11_TypeGeneric, thisKey,
-                                       CKA_ID, &id);
-            if (rv != SECSuccess) {
-                fprintf(stderr, "Key %d: couldn't read CKA_ID: %s\n",
-                        i, PORT_ErrorToString(PORT_GetError()));
-                continue;
-            }
-            fprintf(stderr, "id = { ");
-            dumpItem(stderr, &id);
-            fprintf(stderr, "};");
-            if (id.data[1] == LEAK_ID) {
-                fprintf(stderr, " ---> leak expected\n");
-                if (id.data[0] == round)
-                    leak_found = 1;
-            } else {
-                if (id.len != sizeof(cka_id)) {
-                    fprintf(stderr,
-                            " ---> ERROR unexpected leak in generated key\n");
-                } else {
-                    fprintf(stderr,
-                            " ---> ERROR unexpected leak in constructed key\n");
-                }
-                failed = 1;
-            }
-            SECITEM_FreeItem(&id, PR_FALSE);
-        }
-        PK11_DestroyGenericObjects(tstPrivKey);
-    }
-    if (expect_leak && !leak_found) {
-        fprintf(stderr, "ERROR expected leak not found\n");
-        failed = 1;
-    }
 
     PK11_FreeSlot(slot);
     return failed ? -1 : 0;
@@ -618,7 +517,7 @@ main(int argc, char **argv)
     exp_exp_prime_fail_count = 0;
     for (i = 0; i < repeat; i++) {
         printf("Running RSA Populate test run %d\n", i);
-        ret = doRSAPopulateTest(keySize, exponent, mask, i, NULL);
+        ret = doRSAPopulateTest(keySize, exponent, mask, NULL);
         if (ret != 0) {
             i++;
             break;
@@ -632,9 +531,5 @@ main(int argc, char **argv)
                exp_exp_prime_fail_count, i,
                (((double)exp_exp_prime_fail_count) * 100.0) / (double)i);
     }
-    if (NSS_Shutdown() != SECSuccess) {
-        fprintf(stderr, "Shutdown failed\n");
-        ret = -1;
-    }
     return ret;
 }
diff --git a/security/nss/cmd/rsapoptst/rsapoptst.gyp b/security/nss/cmd/rsapoptst/rsapoptst.gyp
deleted file mode 100644
index 325a10909..000000000
--- a/security/nss/cmd/rsapoptst/rsapoptst.gyp
+++ /dev/null
@@ -1,25 +0,0 @@
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-{
-  'includes': [
-    '../../coreconf/config.gypi',
-    '../../cmd/platlibs.gypi'
-  ],
-  'targets': [
-    {
-      'target_name': 'rsapoptst',
-      'type': 'executable',
-      'sources': [
-        'rsapoptst.c'
-      ],
-      'dependencies': [
-        '<(DEPTH)/exports.gyp:dbm_exports',
-        '<(DEPTH)/exports.gyp:nss_exports',
-      ]
-    }
-  ],
-  'variables': {
-    'module': 'nss',
-  }
-}
diff --git a/security/nss/cmd/selfserv/selfserv.c b/security/nss/cmd/selfserv/selfserv.c
index fac428e10..65b1ee304 100644
--- a/security/nss/cmd/selfserv/selfserv.c
+++ b/security/nss/cmd/selfserv/selfserv.c
@@ -38,7 +38,6 @@
 #include "nss.h"
 #include "ssl.h"
 #include "sslproto.h"
-#include "sslexp.h"
 #include "cert.h"
 #include "certt.h"
 #include "ocsp.h"
@@ -166,7 +165,9 @@ PrintUsageHeader(const char *progName)
             "         [-V [min-version]:[max-version]] [-a sni_name]\n"
             "         [ T <good|revoked|unknown|badsig|corrupted|none|ocsp>] [-A ca]\n"
             "         [-C SSLCacheEntries] [-S dsa_nickname] -Q [-I groups]"
+#ifndef NSS_DISABLE_ECC
             " [-e ec_nickname]"
+#endif /* NSS_DISABLE_ECC */
             "\n"
             "         -U [0|1] -H [0|1|2] -W [0|1]\n"
             "\n",
@@ -1954,10 +1955,6 @@ server_main(
         if (enabledVersions.max < SSL_LIBRARY_VERSION_TLS_1_3) {
             errExit("You tried enabling 0RTT without enabling TLS 1.3!");
         }
-        rv = SSL_SetupAntiReplay(10 * PR_USEC_PER_SEC, 7, 14);
-        if (rv != SECSuccess) {
-            errExit("error configuring anti-replay ");
-        }
         rv = SSL_OptionSet(model_sock, SSL_ENABLE_0RTT_DATA, PR_TRUE);
         if (rv != SECSuccess) {
             errExit("error enabling 0RTT ");
@@ -2346,6 +2343,7 @@ main(int argc, char **argv)
                 dir = optstate->value;
                 break;
 
+#ifndef NSS_DISABLE_ECC
             case 'e':
                 if (certNicknameIndex >= MAX_CERT_NICKNAME_ARRAY_INDEX) {
                     Usage(progName);
@@ -2353,6 +2351,7 @@ main(int argc, char **argv)
                 }
                 certNicknameArray[certNicknameIndex++] = PORT_Strdup(optstate->value);
                 break;
+#endif /* NSS_DISABLE_ECC */
 
             case 'f':
                 pwdata.source = PW_FROMFILE;
@@ -2554,14 +2553,6 @@ main(int argc, char **argv)
         tmp = PR_GetEnvSecure("TMPDIR");
     if (!tmp)
         tmp = PR_GetEnvSecure("TEMP");
-
-    /* Call the NSS initialization routines */
-    rv = NSS_Initialize(dir, certPrefix, certPrefix, SECMOD_DB, NSS_INIT_READONLY);
-    if (rv != SECSuccess) {
-        fputs("NSS_Init failed.\n", stderr);
-        exit(8);
-    }
-
     if (envString) {
         /* we're one of the children in a multi-process server. */
         listen_sock = PR_GetInheritedFD(inheritableSockName);
@@ -2616,6 +2607,13 @@ main(int argc, char **argv)
     /* set our password function */
     PK11_SetPasswordFunc(SECU_GetModulePassword);
 
+    /* Call the NSS initialization routines */
+    rv = NSS_Initialize(dir, certPrefix, certPrefix, SECMOD_DB, NSS_INIT_READONLY);
+    if (rv != SECSuccess) {
+        fputs("NSS_Init failed.\n", stderr);
+        exit(8);
+    }
+
     /* all SSL3 cipher suites are enabled by default. */
     if (cipherString) {
         char *cstringSaved = cipherString;
@@ -2683,7 +2681,9 @@ main(int argc, char **argv)
                     certNicknameArray[i]);
             exit(11);
         }
+#ifdef NSS_DISABLE_ECC
         if (privKey[i]->keyType != ecKey)
+#endif
             setupCertStatus(certStatusArena, ocspStaplingMode, cert[i], i, &pwdata);
     }
 
diff --git a/security/nss/cmd/signtool/javascript.c b/security/nss/cmd/signtool/javascript.c
index ffff2db59..746f724f8 100644
--- a/security/nss/cmd/signtool/javascript.c
+++ b/security/nss/cmd/signtool/javascript.c
@@ -1115,7 +1115,8 @@ extract_js(char *filename)
 
     textStart = 0;
     startLine = 0;
-    while (linenum = FB_GetLineNum(fb), (curchar = FB_GetChar(fb)) != EOF) {
+    while (linenum = FB_GetLineNum(fb), (curchar = FB_GetChar(fb)) !=
+                                            EOF) {
         switch (state) {
             case TEXT_HTML_STATE:
                 if (curchar == '<') {
diff --git a/security/nss/cmd/signtool/signtool.c b/security/nss/cmd/signtool/signtool.c
index 915a00fbc..51857d638 100644
--- a/security/nss/cmd/signtool/signtool.c
+++ b/security/nss/cmd/signtool/signtool.c
@@ -1033,7 +1033,9 @@ main(int argc, char *argv[])
         if (errorCount > 0 || warningCount > 0) {
             PR_fprintf(outputFD, "%d error%s, %d warning%s.\n",
                        errorCount,
-                       errorCount == 1 ? "" : "s", warningCount, warningCount == 1 ? "" : "s");
+                       errorCount == 1 ? "" : "s", warningCount, warningCount == 1
+                                                                     ? ""
+                                                                     : "s");
         } else {
             PR_fprintf(outputFD, "Directory %s signed successfully.\n",
                        jartree);
diff --git a/security/nss/cmd/smimetools/cmsutil.c b/security/nss/cmd/smimetools/cmsutil.c
index fe17f26a4..10e743c6b 100644
--- a/security/nss/cmd/smimetools/cmsutil.c
+++ b/security/nss/cmd/smimetools/cmsutil.c
@@ -1572,7 +1572,10 @@ main(int argc, char **argv)
             {
                 unsigned int j;
                 for (j = 0; j < input.len; j++)
-                    fprintf(stderr, "%2x%c", input.data[j], (j > 0 && j % 35 == 0) ? '\n' : ' ');
+                    fprintf(stderr, "%2x%c", input.data[j], (j > 0 &&
+                                                             j % 35 == 0)
+                                                                ? '\n'
+                                                                : ' ');
             }
         }
         if (input.len > 0) { /* skip if certs-only (or other zero content) */
diff --git a/security/nss/cmd/ssltap/ssltap.c b/security/nss/cmd/ssltap/ssltap.c
index a2471884e..197b1942d 100644
--- a/security/nss/cmd/ssltap/ssltap.c
+++ b/security/nss/cmd/ssltap/ssltap.c
@@ -1637,7 +1637,8 @@ print_ssl3_handshake(unsigned char *recordBuf,
                         PR_snprintf(certFileName, sizeof certFileName, "cert.%03d",
                                     ++certFileNumber);
                         cfd =
-                            PR_Open(certFileName, PR_WRONLY | PR_CREATE_FILE | PR_TRUNCATE,
+                            PR_Open(certFileName, PR_WRONLY |
+                                                      PR_CREATE_FILE | PR_TRUNCATE,
                                     0664);
                         if (!cfd) {
                             PR_fprintf(PR_STDOUT,
@@ -1721,7 +1722,8 @@ print_ssl3_handshake(unsigned char *recordBuf,
                                     0 &&
                                 sslhexparse) {
                                 PR_fprintf(PR_STDOUT, " = {\n");
-                                print_hex(dnLen, hsdata + pos);
+                                print_hex(dnLen, hsdata +
+                                                     pos);
                                 PR_fprintf(PR_STDOUT, "              }\n");
                             } else {
                                 PR_fprintf(PR_STDOUT, "\n");
@@ -1794,7 +1796,8 @@ print_ssl3_handshake(unsigned char *recordBuf,
 
                 PR_snprintf(ocspFileName, sizeof ocspFileName, "ocsp.%03d",
                             ++ocspFileNumber);
-                ofd = PR_Open(ocspFileName, PR_WRONLY | PR_CREATE_FILE | PR_TRUNCATE,
+                ofd = PR_Open(ocspFileName, PR_WRONLY |
+                                                PR_CREATE_FILE | PR_TRUNCATE,
                               0664);
                 if (!ofd) {
                     PR_fprintf(PR_STDOUT,
@@ -2164,7 +2167,8 @@ print_ssl(DataBufferList *s, int length, unsigned char *buffer)
                         break;
 
                     case 22: /* handshake */
-                        print_ssl3_handshake(recordBuf, recordLen - s->hMACsize,
+                        print_ssl3_handshake(recordBuf, recordLen -
+                                                            s->hMACsize,
                                              &sr, s);
                         break;
 
diff --git a/security/nss/cmd/strsclnt/strsclnt.c b/security/nss/cmd/strsclnt/strsclnt.c
index 7d259bd0a..f65e31913 100644
--- a/security/nss/cmd/strsclnt/strsclnt.c
+++ b/security/nss/cmd/strsclnt/strsclnt.c
@@ -886,10 +886,8 @@ PRBool
 LoggedIn(CERTCertificate *cert, SECKEYPrivateKey *key)
 {
     if ((cert->slot) && (key->pkcs11Slot) &&
-        (!PK11_NeedLogin(cert->slot) ||
-         PR_TRUE == PK11_IsLoggedIn(cert->slot, NULL)) &&
-        (!PK11_NeedLogin(key->pkcs11Slot) ||
-         PR_TRUE == PK11_IsLoggedIn(key->pkcs11Slot, NULL))) {
+        (PR_TRUE == PK11_IsLoggedIn(cert->slot, NULL)) &&
+        (PR_TRUE == PK11_IsLoggedIn(key->pkcs11Slot, NULL))) {
         return PR_TRUE;
     }
 
diff --git a/security/nss/cmd/tstclnt/tstclnt.c b/security/nss/cmd/tstclnt/tstclnt.c
index 1ad99502b..959afec59 100644
--- a/security/nss/cmd/tstclnt/tstclnt.c
+++ b/security/nss/cmd/tstclnt/tstclnt.c
@@ -31,7 +31,6 @@
 #include "ocsp.h"
 #include "ssl.h"
 #include "sslproto.h"
-#include "sslexp.h"
 #include "pk11func.h"
 #include "secmod.h"
 #include "plgetopt.h"
@@ -96,7 +95,6 @@ PRBool verbose;
 int dumpServerChain = 0;
 int renegotiationsToDo = 0;
 int renegotiationsDone = 0;
-PRBool initializedServerSessionCache = PR_FALSE;
 
 static char *progName;
 
@@ -180,7 +178,7 @@ PrintUsageHeader(const char *progName)
             "[-n nickname] [-Bafosvx] [-c ciphers] [-Y] [-Z]\n"
             "[-V [min-version]:[max-version]] [-K] [-T] [-U]\n"
             "[-r N] [-w passwd] [-W pwfile] [-q [-t seconds]] [-I groups]\n"
-            "[-A requestfile] [-L totalconnections] [-P {client,server}] [-Q]\n"
+            "[-A requestfile] [-L totalconnections]\n"
             "\n",
             progName);
 }
@@ -204,7 +202,7 @@ PrintParameterUsage(void)
     fprintf(stderr, "%-20s Print certificate chain information\n", "-C");
     fprintf(stderr, "%-20s (use -C twice to print more certificate details)\n", "");
     fprintf(stderr, "%-20s (use -C three times to include PEM format certificate dumps)\n", "");
-    fprintf(stderr, "%-20s Nickname of key and cert\n",
+    fprintf(stderr, "%-20s Nickname of key and cert for client auth\n",
             "-n nickname");
     fprintf(stderr,
             "%-20s Restricts the set of enabled SSL/TLS protocols versions.\n"
@@ -253,9 +251,6 @@ PrintParameterUsage(void)
                     "%-20s The following values are valid:\n"
                     "%-20s P256, P384, P521, x25519, FF2048, FF3072, FF4096, FF6144, FF8192\n",
             "-I", "", "");
-    fprintf(stderr, "%-20s Enable alternative TLS 1.3 handshake\n", "-X alt-server-hello");
-    fprintf(stderr, "%-20s Use DTLS\n", "-P {client, server}");
-    fprintf(stderr, "%-20s Exit after handshake\n", "-Q");
 }
 
 static void
@@ -919,12 +914,6 @@ char *requestString = NULL;
 PRInt32 requestStringLen = 0;
 PRBool requestSent = PR_FALSE;
 PRBool enableZeroRtt = PR_FALSE;
-PRBool enableAltServerHello = PR_FALSE;
-PRBool useDTLS = PR_FALSE;
-PRBool actAsServer = PR_FALSE;
-PRBool stopAfterHandshake = PR_FALSE;
-PRBool requestToExit = PR_FALSE;
-char *versionString = NULL;
 
 static int
 writeBytesToServer(PRFileDesc *s, const char *buf, int nb)
@@ -1007,129 +996,12 @@ handshakeCallback(PRFileDesc *fd, void *client_data)
             writeBytesToServer(fd, requestString, requestStringLen);
         }
     }
-    if (stopAfterHandshake) {
-        requestToExit = PR_TRUE;
-    }
 }
 
 #define REQUEST_WAITING (requestString && !requestSent)
 
-static SECStatus
-installServerCertificate(PRFileDesc *s, char *nickname)
-{
-    CERTCertificate *cert;
-    SECKEYPrivateKey *privKey = NULL;
-
-    if (!nickname) {
-        PORT_SetError(SEC_ERROR_INVALID_ARGS);
-        return SECFailure;
-    }
-
-    cert = PK11_FindCertFromNickname(nickname, &pwdata);
-    if (cert == NULL) {
-        return SECFailure;
-    }
-
-    privKey = PK11_FindKeyByAnyCert(cert, &pwdata);
-    if (privKey == NULL) {
-        return SECFailure;
-    }
-    if (SSL_ConfigServerCert(s, cert, privKey, NULL, 0) != SECSuccess) {
-        return SECFailure;
-    }
-    SECKEY_DestroyPrivateKey(privKey);
-    CERT_DestroyCertificate(cert);
-
-    return SECSuccess;
-}
-
-static SECStatus
-bindToClient(PRFileDesc *s)
-{
-    PRStatus status;
-    status = PR_Bind(s, &addr);
-    if (status != PR_SUCCESS) {
-        return SECFailure;
-    }
-
-    for (;;) {
-        /* Bind the remote address on first packet. This must happen
-         * before we SSL-ize the socket because we need to get the
-         * peer's address before SSLizing. Recvfrom gives us that
-         * while not consuming any data. */
-        unsigned char tmp;
-        PRNetAddr remote;
-        int nb;
-
-        nb = PR_RecvFrom(s, &tmp, 1, PR_MSG_PEEK,
-                         &remote, PR_INTERVAL_NO_TIMEOUT);
-        if (nb != 1)
-            continue;
-
-        status = PR_Connect(s, &remote, PR_INTERVAL_NO_TIMEOUT);
-        if (status != PR_SUCCESS) {
-            SECU_PrintError(progName, "server bind to remote end failed");
-            return SECFailure;
-        }
-        return SECSuccess;
-    }
-
-    /* Unreachable. */
-}
-
-static SECStatus
-connectToServer(PRFileDesc *s, PRPollDesc *pollset)
-{
-    PRStatus status;
-    PRInt32 filesReady;
-
-    status = PR_Connect(s, &addr, PR_INTERVAL_NO_TIMEOUT);
-    if (status != PR_SUCCESS) {
-        if (PR_GetError() == PR_IN_PROGRESS_ERROR) {
-            if (verbose)
-                SECU_PrintError(progName, "connect");
-            milliPause(50 * multiplier);
-            pollset[SSOCK_FD].in_flags = PR_POLL_WRITE | PR_POLL_EXCEPT;
-            pollset[SSOCK_FD].out_flags = 0;
-            pollset[SSOCK_FD].fd = s;
-            while (1) {
-                FPRINTF(stderr,
-                        "%s: about to call PR_Poll for connect completion!\n",
-                        progName);
-                filesReady = PR_Poll(pollset, 1, PR_INTERVAL_NO_TIMEOUT);
-                if (filesReady < 0) {
-                    SECU_PrintError(progName, "unable to connect (poll)");
-                    return SECFailure;
-                }
-                FPRINTF(stderr,
-                        "%s: PR_Poll returned 0x%02x for socket out_flags.\n",
-                        progName, pollset[SSOCK_FD].out_flags);
-                if (filesReady == 0) { /* shouldn't happen! */
-                    SECU_PrintError(progName, "%s: PR_Poll returned zero!\n");
-                    return SECFailure;
-                }
-                status = PR_GetConnectStatus(pollset);
-                if (status == PR_SUCCESS) {
-                    break;
-                }
-                if (PR_GetError() != PR_IN_PROGRESS_ERROR) {
-                    SECU_PrintError(progName, "unable to connect (poll)");
-                    return SECFailure;
-                }
-                SECU_PrintError(progName, "poll");
-                milliPause(50 * multiplier);
-            }
-        } else {
-            SECU_PrintError(progName, "unable to connect");
-            return SECFailure;
-        }
-    }
-
-    return SECSuccess;
-}
-
 static int
-run(void)
+run_client(void)
 {
     int headerSeparatorPtrnId = 0;
     int error = 0;
@@ -1145,23 +1017,13 @@ run(void)
     requestSent = PR_FALSE;
 
     /* Create socket */
-    if (useDTLS) {
-        s = PR_OpenUDPSocket(addr.raw.family);
-    } else {
-        s = PR_OpenTCPSocket(addr.raw.family);
-    }
-
+    s = PR_OpenTCPSocket(addr.raw.family);
     if (s == NULL) {
         SECU_PrintError(progName, "error creating socket");
         error = 1;
         goto done;
     }
 
-    if (actAsServer) {
-        if (bindToClient(s) != SECSuccess) {
-            return 1;
-        }
-    }
     opt.option = PR_SockOpt_Nonblocking;
     opt.value.non_blocking = PR_TRUE; /* default */
     if (serverCertAuth.testFreshStatusFromSideChannel) {
@@ -1174,16 +1036,13 @@ run(void)
         goto done;
     }
 
-    if (useDTLS) {
-        s = DTLS_ImportFD(NULL, s);
-    } else {
-        s = SSL_ImportFD(NULL, s);
-    }
+    s = SSL_ImportFD(NULL, s);
     if (s == NULL) {
         SECU_PrintError(progName, "error importing socket");
         error = 1;
         goto done;
     }
+
     SSL_SetPKCS11PinArg(s, &pwdata);
 
     rv = SSL_OptionSet(s, SSL_SECURITY, 1);
@@ -1193,7 +1052,7 @@ run(void)
         goto done;
     }
 
-    rv = SSL_OptionSet(s, actAsServer ? SSL_HANDSHAKE_AS_SERVER : SSL_HANDSHAKE_AS_CLIENT, 1);
+    rv = SSL_OptionSet(s, SSL_HANDSHAKE_AS_CLIENT, 1);
     if (rv != SECSuccess) {
         SECU_PrintError(progName, "error enabling client handshake");
         error = 1;
@@ -1319,16 +1178,6 @@ run(void)
         }
     }
 
-    /* Alternate ServerHello content type (TLS 1.3 only) */
-    if (enableAltServerHello) {
-        rv = SSL_UseAltServerHelloType(s, PR_TRUE);
-        if (rv != SECSuccess) {
-            SECU_PrintError(progName, "error enabling alternate ServerHello type");
-            error = 1;
-            goto done;
-        }
-    }
-
     /* require the use of fixed finite-field DH groups */
     if (requireDHNamedGroups) {
         rv = SSL_OptionSet(s, SSL_REQUIRE_DH_NAMED_GROUPS, PR_TRUE);
@@ -1363,21 +1212,7 @@ run(void)
     if (override) {
         SSL_BadCertHook(s, ownBadCertHandler, NULL);
     }
-    if (actAsServer) {
-        rv = installServerCertificate(s, nickname);
-        if (rv != SECSuccess) {
-            SECU_PrintError(progName, "error installing server cert");
-            return 1;
-        }
-        rv = SSL_ConfigServerSessionIDCache(1024, 0, 0, ".");
-        if (rv != SECSuccess) {
-            SECU_PrintError(progName, "error configuring session cache");
-            return 1;
-        }
-        initializedServerSessionCache = PR_TRUE;
-    } else {
-        SSL_GetClientAuthDataHook(s, own_GetClientAuthData, (void *)nickname);
-    }
+    SSL_GetClientAuthDataHook(s, own_GetClientAuthData, (void *)nickname);
     SSL_HandshakeCallback(s, handshakeCallback, hs2SniHostName);
     if (hs1SniHostName) {
         SSL_SetURL(s, hs1SniHostName);
@@ -1385,27 +1220,56 @@ run(void)
         SSL_SetURL(s, host);
     }
 
-    if (actAsServer) {
-        rv = SSL_ResetHandshake(s, PR_TRUE /* server */);
-        if (rv != SECSuccess) {
-            return 1;
-        }
-    } else {
-        /* Try to connect to the server */
-        rv = connectToServer(s, pollset);
-        if (rv != SECSuccess) {
-            ;
+    /* Try to connect to the server */
+    status = PR_Connect(s, &addr, PR_INTERVAL_NO_TIMEOUT);
+    if (status != PR_SUCCESS) {
+        if (PR_GetError() == PR_IN_PROGRESS_ERROR) {
+            if (verbose)
+                SECU_PrintError(progName, "connect");
+            milliPause(50 * multiplier);
+            pollset[SSOCK_FD].in_flags = PR_POLL_WRITE | PR_POLL_EXCEPT;
+            pollset[SSOCK_FD].out_flags = 0;
+            pollset[SSOCK_FD].fd = s;
+            while (1) {
+                FPRINTF(stderr,
+                        "%s: about to call PR_Poll for connect completion!\n",
+                        progName);
+                filesReady = PR_Poll(pollset, 1, PR_INTERVAL_NO_TIMEOUT);
+                if (filesReady < 0) {
+                    SECU_PrintError(progName, "unable to connect (poll)");
+                    error = 1;
+                    goto done;
+                }
+                FPRINTF(stderr,
+                        "%s: PR_Poll returned 0x%02x for socket out_flags.\n",
+                        progName, pollset[SSOCK_FD].out_flags);
+                if (filesReady == 0) { /* shouldn't happen! */
+                    FPRINTF(stderr, "%s: PR_Poll returned zero!\n", progName);
+                    error = 1;
+                    goto done;
+                }
+                status = PR_GetConnectStatus(pollset);
+                if (status == PR_SUCCESS) {
+                    break;
+                }
+                if (PR_GetError() != PR_IN_PROGRESS_ERROR) {
+                    SECU_PrintError(progName, "unable to connect (poll)");
+                    error = 1;
+                    goto done;
+                }
+                SECU_PrintError(progName, "poll");
+                milliPause(50 * multiplier);
+            }
+        } else {
+            SECU_PrintError(progName, "unable to connect");
             error = 1;
             goto done;
         }
     }
 
     pollset[SSOCK_FD].fd = s;
-    pollset[SSOCK_FD].in_flags = PR_POLL_EXCEPT;
-    if (!actAsServer)
-        pollset[SSOCK_FD].in_flags |= (clientSpeaksFirst ? 0 : PR_POLL_READ);
-    else
-        pollset[SSOCK_FD].in_flags |= PR_POLL_READ;
+    pollset[SSOCK_FD].in_flags = PR_POLL_EXCEPT |
+                                 (clientSpeaksFirst ? 0 : PR_POLL_READ);
     pollset[STDIN_FD].fd = PR_GetSpecialFD(PR_StandardInput);
     if (!REQUEST_WAITING) {
         pollset[STDIN_FD].in_flags = PR_POLL_READ;
@@ -1455,11 +1319,9 @@ run(void)
     ** Select on stdin and on the socket. Write data from stdin to
     ** socket, read data from socket and write to stdout.
     */
-    requestToExit = PR_FALSE;
     FPRINTF(stderr, "%s: ready...\n", progName);
-    while (!requestToExit &&
-           ((pollset[SSOCK_FD].in_flags | pollset[STDIN_FD].in_flags) ||
-            REQUEST_WAITING)) {
+    while ((pollset[SSOCK_FD].in_flags | pollset[STDIN_FD].in_flags) ||
+           REQUEST_WAITING) {
         char buf[4000]; /* buffer for stdin */
         int nb;         /* num bytes read from stdin. */
 
@@ -1645,10 +1507,12 @@ main(int argc, char **argv)
         }
     }
 
+    SSL_VersionRangeGetSupported(ssl_variant_stream, &enabledVersions);
+
     /* XXX: 'B' was used in the past but removed in 3.28,
      *      please leave some time before resuing it. */
     optstate = PL_CreateOptState(argc, argv,
-                                 "46A:CDFGHI:KL:M:OP:QR:STUV:W:X:YZa:bc:d:fgh:m:n:op:qr:st:uvw:z");
+                                 "46A:CDFGHI:KL:M:OR:STUV:W:YZa:bc:d:fgh:m:n:op:qr:st:uvw:z");
     while ((optstatus = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
         switch (optstate->option) {
             case '?':
@@ -1729,21 +1593,6 @@ main(int argc, char **argv)
                 };
                 break;
 
-            case 'P':
-                useDTLS = PR_TRUE;
-                if (!strcmp(optstate->value, "server")) {
-                    actAsServer = 1;
-                } else {
-                    if (strcmp(optstate->value, "client")) {
-                        Usage(progName);
-                    }
-                }
-                break;
-
-            case 'Q':
-                stopAfterHandshake = PR_TRUE;
-                break;
-
             case 'R':
                 rootModule = PORT_Strdup(optstate->value);
                 break;
@@ -1761,16 +1610,14 @@ main(int argc, char **argv)
                 break;
 
             case 'V':
-                versionString = PORT_Strdup(optstate->value);
-                break;
-
-            case 'X':
-                if (!strcmp(optstate->value, "alt-server-hello")) {
-                    enableAltServerHello = PR_TRUE;
-                } else {
+                if (SECU_ParseSSLVersionRangeString(optstate->value,
+                                                    enabledVersions, &enabledVersions) !=
+                    SECSuccess) {
+                    fprintf(stderr, "Bad version specified.\n");
                     Usage(progName);
                 }
                 break;
+
             case 'Y':
                 PrintCipherUsage(progName);
                 exit(0);
@@ -1880,19 +1727,8 @@ main(int argc, char **argv)
                 break;
         }
     }
-    PL_DestroyOptState(optstate);
 
-    SSL_VersionRangeGetSupported(useDTLS ? ssl_variant_datagram : ssl_variant_stream, &enabledVersions);
-
-    if (versionString) {
-        if (SECU_ParseSSLVersionRangeString(versionString,
-                                            enabledVersions, &enabledVersions) !=
-            SECSuccess) {
-            fprintf(stderr, "Bad version specified.\n");
-            Usage(progName);
-        }
-        PORT_Free(versionString);
-    }
+    PL_DestroyOptState(optstate);
 
     if (optstatus == PL_OPT_BAD) {
         Usage(progName);
@@ -1922,7 +1758,7 @@ main(int argc, char **argv)
     PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
 
     PK11_SetPasswordFunc(SECU_GetModulePassword);
-    memset(&addr, 0, sizeof(addr));
+
     status = PR_StringToNetAddr(host, &addr);
     if (status == PR_SUCCESS) {
         addr.inet.port = PR_htons(portno);
@@ -1934,7 +1770,6 @@ main(int argc, char **argv)
         addrInfo = PR_GetAddrInfoByName(host, PR_AF_UNSPEC,
                                         PR_AI_ADDRCONFIG | PR_AI_NOCANONNAME);
         if (!addrInfo) {
-            fprintf(stderr, "HOSTNAME=%s\n", host);
             SECU_PrintError(progName, "error looking up host");
             error = 1;
             goto done;
@@ -2049,7 +1884,7 @@ main(int argc, char **argv)
     }
 
     while (numConnections--) {
-        error = run();
+        error = run_client();
         if (error) {
             goto done;
         }
@@ -2080,12 +1915,6 @@ done:
     }
     if (NSS_IsInitialized()) {
         SSL_ClearSessionCache();
-        if (initializedServerSessionCache) {
-            if (SSL_ShutdownServerSessionIDCache() != SECSuccess) {
-                error = 1;
-            }
-        }
-
         if (NSS_Shutdown() != SECSuccess) {
             error = 1;
         }
diff --git a/security/nss/coreconf/config.gypi b/security/nss/coreconf/config.gypi
index f4c3fbd0f..9ea528ae4 100644
--- a/security/nss/coreconf/config.gypi
+++ b/security/nss/coreconf/config.gypi
@@ -96,6 +96,7 @@
     'mozilla_client%': 0,
     'moz_fold_libs%': 0,
     'moz_folded_library_name%': '',
+    'ssl_enable_zlib%': 1,
     'sanitizer_flags%': 0,
     'test_build%': 0,
     'no_zdefs%': 0,
@@ -108,7 +109,6 @@
     'nss_public_dist_dir%': '<(nss_dist_dir)/public',
     'nss_private_dist_dir%': '<(nss_dist_dir)/private',
     'only_dev_random%': 1,
-    'disable_fips%': 1,
   },
   'target_defaults': {
     # Settings specific to targets should go here.
@@ -125,12 +125,6 @@
       '<(nss_dist_dir)/private/<(module)',
     ],
     'conditions': [
-      [ 'disable_fips==1', {
-        'defines': [
-          'NSS_FIPS_DISABLED',
-          'NSS_NO_INIT_SUPPORT',
-        ],
-      }],
       [ 'OS!="android" and OS!="mac" and OS!="win"', {
         'libraries': [
           '-lpthread',
@@ -173,7 +167,7 @@
           },
         },
       }],
-      [ 'target_arch=="arm64" or target_arch=="aarch64" or target_arch=="sparc64" or target_arch=="ppc64" or target_arch=="ppc64le" or target_arch=="s390x" or target_arch=="mips64"', {
+      [ 'target_arch=="arm64" or target_arch=="aarch64"', {
         'defines': [
           'NSS_USE_64',
         ],
@@ -300,6 +294,7 @@
       'Common': {
         'abstract': 1,
         'defines': [
+          'NSS_NO_INIT_SUPPORT',
           'USE_UTIL_DIRECTLY',
           'NO_NSPR_10_SUPPORT',
           'SSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES',
diff --git a/security/nss/coreconf/config.mk b/security/nss/coreconf/config.mk
index 55d95c30e..09b733d5c 100644
--- a/security/nss/coreconf/config.mk
+++ b/security/nss/coreconf/config.mk
@@ -146,6 +146,10 @@ endif
 # [16.0] Global environ ment defines
 #######################################################################
 
+ifdef NSS_DISABLE_ECC
+DEFINES += -DNSS_DISABLE_ECC
+endif
+
 ifdef NSS_ALLOW_UNSUPPORTED_CRITICAL
 DEFINES += -DNSS_ALLOW_UNSUPPORTED_CRITICAL
 endif
@@ -172,7 +176,7 @@ endif
 
 # FIPS support requires startup tests to be executed at load time of shared modules.
 # For performance reasons, these tests are disabled by default.
-# When compiling binaries that must support FIPS mode,
+# When compiling binaries that must support FIPS mode, 
 # you should define NSS_FORCE_FIPS
 #
 # NSS_NO_INIT_SUPPORT is always defined on platforms that don't support
@@ -199,3 +203,8 @@ DEFINES += -DNO_NSPR_10_SUPPORT
 
 # Hide old, deprecated, TLS cipher suite names when building NSS
 DEFINES += -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES
+
+# Mozilla's mozilla/modules/zlib/src/zconf.h adds the MOZ_Z_ prefix to zlib
+# exported symbols, which causes problem when NSS is built as part of Mozilla.
+# So we add a NSS_SSL_ENABLE_ZLIB variable to allow Mozilla to turn this off.
+NSS_SSL_ENABLE_ZLIB = 1
diff --git a/security/nss/coreconf/coreconf.dep b/security/nss/coreconf/coreconf.dep
index 5182f7555..590d1bfae 100644
--- a/security/nss/coreconf/coreconf.dep
+++ b/security/nss/coreconf/coreconf.dep
@@ -10,3 +10,4 @@
  */
 
 #error "Do not include this header file."
+
diff --git a/security/nss/coreconf/werror.py b/security/nss/coreconf/werror.py
index c469c4002..0d3843f64 100644
--- a/security/nss/coreconf/werror.py
+++ b/security/nss/coreconf/werror.py
@@ -24,7 +24,7 @@ def main():
         # If we aren't clang, make sure we have gcc 4.8 at least
         if not cc_is_clang:
             try:
-                v = subprocess.check_output([cc, '-dumpversion'], stderr=sink).decode("utf-8")
+                v = subprocess.check_output([cc, '-dumpversion'], stderr=sink)
                 v = v.strip(' \r\n').split('.')
                 v = list(map(int, v))
                 if v[0] < 4 or (v[0] == 4 and v[1] < 8):
diff --git a/security/nss/cpputil/.clang-format b/security/nss/cpputil/.clang-format
deleted file mode 100644
index 06e3c5115..000000000
--- a/security/nss/cpputil/.clang-format
+++ /dev/null
@@ -1,4 +0,0 @@
----
-Language: Cpp
-BasedOnStyle: Google
-...
diff --git a/security/nss/cpputil/Makefile b/security/nss/cpputil/Makefile
deleted file mode 100644
index 7adfc6117..000000000
--- a/security/nss/cpputil/Makefile
+++ /dev/null
@@ -1,49 +0,0 @@
-#! gmake
-#
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY).   #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL)          #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL)       #
-#######################################################################
-
-ifeq (WINNT,$(OS_ARCH))
-OS_CFLAGS += -EHsc
-else
-CXXFLAGS += -std=c++0x
-endif
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
-#######################################################################
-
-include config.mk
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL)                              #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL)                           #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL).                              #
-#######################################################################
diff --git a/security/nss/cpputil/README b/security/nss/cpputil/README
deleted file mode 100644
index 22297dd33..000000000
--- a/security/nss/cpputil/README
+++ /dev/null
@@ -1,11 +0,0 @@
-######################################
-## PLEASE READ BEFORE USING CPPUTIL ##
-######################################
-
-This is a static library supposed to be mainly used by NSS internally. We use
-it for testing, fuzzing, and a few new tools written in C++ that we're
-experimenting with.
-
-You might find it handy to use for your own projects but please be aware that
-we will make no promises your application won't break in the future. We will
-provide no support if you decide to link against it.
diff --git a/security/nss/cpputil/config.mk b/security/nss/cpputil/config.mk
deleted file mode 100644
index b8c03de79..000000000
--- a/security/nss/cpputil/config.mk
+++ /dev/null
@@ -1,15 +0,0 @@
-#
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
-#
-#  Override TARGETS variable so that only static libraries
-#  are specifed as dependencies within rules.mk.
-#
-
-TARGETS        = $(LIBRARY)
-SHARED_LIBRARY =
-IMPORT_LIBRARY =
-PROGRAM        =
-
diff --git a/security/nss/cpputil/cpputil.gyp b/security/nss/cpputil/cpputil.gyp
deleted file mode 100644
index 5042acf5c..000000000
--- a/security/nss/cpputil/cpputil.gyp
+++ /dev/null
@@ -1,29 +0,0 @@
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-{
-  'includes': [
-    '../coreconf/config.gypi',
-  ],
-  'targets': [
-    {
-      'target_name': 'cpputil',
-      'type': 'static_library',
-      'sources': [
-        'databuffer.cc',
-        'dummy_io.cc',
-        'dummy_io_fwd.cc',
-        'tls_parser.cc',
-      ],
-      'dependencies': [
-        '<(DEPTH)/exports.gyp:nss_exports',
-      ],
-      'direct_dependent_settings': {
-        'include_dirs': [
-          '<(DEPTH)/cpputil',
-        ],
-      },
-    },
-  ],
-}
-
diff --git a/security/nss/cpputil/cpputil.h b/security/nss/cpputil/cpputil.h
deleted file mode 100644
index 017ce9bfc..000000000
--- a/security/nss/cpputil/cpputil.h
+++ /dev/null
@@ -1,12 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this file,
- * You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#ifndef cpputil_h__
-#define cpputil_h__
-
-static unsigned char* toUcharPtr(const uint8_t* v) {
-  return const_cast<unsigned char*>(static_cast<const unsigned char*>(v));
-}
-
-#endif  // cpputil_h__
diff --git a/security/nss/cpputil/databuffer.cc b/security/nss/cpputil/databuffer.cc
deleted file mode 100644
index d60ebccb3..000000000
--- a/security/nss/cpputil/databuffer.cc
+++ /dev/null
@@ -1,127 +0,0 @@
-/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/* vim: set ts=2 et sw=2 tw=80: */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this file,
- * You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "databuffer.h"
-#include <algorithm>
-#include <cassert>
-#include <cstring>
-#include <iomanip>
-#include <iostream>
-#if defined(WIN32) || defined(WIN64)
-#include <winsock2.h>
-#else
-#include <arpa/inet.h>
-#endif
-
-namespace nss_test {
-
-void DataBuffer::Assign(const uint8_t* data, size_t len) {
-  if (data) {
-    Allocate(len);
-    memcpy(static_cast<void*>(data_), static_cast<const void*>(data), len);
-  } else {
-    assert(len == 0);
-    data_ = nullptr;
-    len_ = 0;
-  }
-}
-
-// Write will do a new allocation and expand the size of the buffer if needed.
-// Returns the offset of the end of the write.
-size_t DataBuffer::Write(size_t index, const uint8_t* val, size_t count) {
-  assert(val);
-  if (index + count > len_) {
-    size_t newlen = index + count;
-    uint8_t* tmp = new uint8_t[newlen];  // Always > 0.
-    if (data_) {
-      memcpy(static_cast<void*>(tmp), static_cast<const void*>(data_), len_);
-    }
-    if (index > len_) {
-      memset(static_cast<void*>(tmp + len_), 0, index - len_);
-    }
-    delete[] data_;
-    data_ = tmp;
-    len_ = newlen;
-  }
-  if (data_) {
-    memcpy(static_cast<void*>(data_ + index), static_cast<const void*>(val),
-           count);
-  }
-  return index + count;
-}
-
-// Write an integer, also performing host-to-network order conversion.
-// Returns the offset of the end of the write.
-size_t DataBuffer::Write(size_t index, uint32_t val, size_t count) {
-  assert(count <= sizeof(uint32_t));
-  uint32_t nvalue = htonl(val);
-  auto* addr = reinterpret_cast<const uint8_t*>(&nvalue);
-  return Write(index, addr + sizeof(uint32_t) - count, count);
-}
-
-void DataBuffer::Splice(const uint8_t* ins, size_t ins_len, size_t index,
-                        size_t remove) {
-  assert(ins);
-  uint8_t* old_value = data_;
-  size_t old_len = len_;
-
-  // The amount of stuff remaining from the tail of the old.
-  size_t tail_len = old_len - (std::min)(old_len, index + remove);
-  // The new length: the head of the old, the new, and the tail of the old.
-  len_ = index + ins_len + tail_len;
-  data_ = new uint8_t[len_ ? len_ : 1];
-
-  // The head of the old.
-  if (old_value) {
-    Write(0, old_value, (std::min)(old_len, index));
-  }
-  // Maybe a gap.
-  if (old_value && index > old_len) {
-    memset(old_value + index, 0, index - old_len);
-  }
-  // The new.
-  Write(index, ins, ins_len);
-  // The tail of the old.
-  if (tail_len > 0) {
-    Write(index + ins_len, old_value + index + remove, tail_len);
-  }
-
-  delete[] old_value;
-}
-
-// This can't use the same trick as Write(), since we might be reading from a
-// smaller data source.
-bool DataBuffer::Read(size_t index, size_t count, uint64_t* val) const {
-  assert(count <= sizeof(uint64_t));
-  assert(val);
-  if ((index > len()) || (count > (len() - index))) {
-    return false;
-  }
-  *val = 0;
-  for (size_t i = 0; i < count; ++i) {
-    *val = (*val << 8) | data()[index + i];
-  }
-  return true;
-}
-
-bool DataBuffer::Read(size_t index, size_t count, uint32_t* val) const {
-  assert(count <= sizeof(uint32_t));
-  uint64_t tmp;
-
-  if (!Read(index, count, &tmp)) {
-    return false;
-  }
-  *val = tmp & 0xffffffff;
-  return true;
-}
-
-size_t DataBuffer::logging_limit = 32;
-
-/* static */ void DataBuffer::SetLogLimit(size_t limit) {
-  DataBuffer::logging_limit = limit;
-}
-
-}  // namespace nss_test
diff --git a/security/nss/cpputil/databuffer.h b/security/nss/cpputil/databuffer.h
deleted file mode 100644
index 58e07efe1..000000000
--- a/security/nss/cpputil/databuffer.h
+++ /dev/null
@@ -1,110 +0,0 @@
-/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/* vim: set ts=2 et sw=2 tw=80: */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this file,
- * You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#ifndef databuffer_h__
-#define databuffer_h__
-
-#include <algorithm>
-#include <cstring>
-#include <iomanip>
-#include <iostream>
-
-namespace nss_test {
-
-class DataBuffer {
- public:
-  DataBuffer() : data_(nullptr), len_(0) {}
-  DataBuffer(const uint8_t* data, size_t len) : data_(nullptr), len_(0) {
-    Assign(data, len);
-  }
-  DataBuffer(const DataBuffer& other) : data_(nullptr), len_(0) {
-    Assign(other);
-  }
-  ~DataBuffer() { delete[] data_; }
-
-  DataBuffer& operator=(const DataBuffer& other) {
-    if (&other != this) {
-      Assign(other);
-    }
-    return *this;
-  }
-
-  void Allocate(size_t len) {
-    delete[] data_;
-    data_ = new uint8_t[len ? len : 1];  // Don't depend on new [0].
-    len_ = len;
-  }
-
-  void Truncate(size_t len) { len_ = (std::min)(len_, len); }
-
-  void Assign(const DataBuffer& other) { Assign(other.data(), other.len()); }
-
-  void Assign(const uint8_t* data, size_t len);
-
-  // Write will do a new allocation and expand the size of the buffer if needed.
-  // Returns the offset of the end of the write.
-  size_t Write(size_t index, const uint8_t* val, size_t count);
-  size_t Write(size_t index, const DataBuffer& buf) {
-    return Write(index, buf.data(), buf.len());
-  }
-
-  // Write an integer, also performing host-to-network order conversion.
-  // Returns the offset of the end of the write.
-  size_t Write(size_t index, uint32_t val, size_t count);
-
-  // Starting at |index|, remove |remove| bytes and replace them with the
-  // contents of |buf|.
-  void Splice(const DataBuffer& buf, size_t index, size_t remove = 0) {
-    Splice(buf.data(), buf.len(), index, remove);
-  }
-
-  void Splice(const uint8_t* ins, size_t ins_len, size_t index,
-              size_t remove = 0);
-  void Append(const DataBuffer& buf) { Splice(buf, len_); }
-
-  bool Read(size_t index, size_t count, uint64_t* val) const;
-  bool Read(size_t index, size_t count, uint32_t* val) const;
-
-  const uint8_t* data() const { return data_; }
-  uint8_t* data() { return data_; }
-  size_t len() const { return len_; }
-  bool empty() const { return len_ == 0; }
-
-  static void SetLogLimit(size_t limit);
-  friend std::ostream& operator<<(std::ostream& stream, const DataBuffer& buf);
-
- private:
-  static size_t logging_limit;
-  uint8_t* data_;
-  size_t len_;
-};
-
-inline std::ostream& operator<<(std::ostream& stream, const DataBuffer& buf) {
-  stream << "[" << buf.len() << "] ";
-  for (size_t i = 0; i < buf.len(); ++i) {
-    if (i >= DataBuffer::logging_limit) {
-      stream << "...";
-      break;
-    }
-    stream << std::hex << std::setfill('0') << std::setw(2)
-           << static_cast<unsigned>(buf.data()[i]);
-  }
-  stream << std::dec;
-  return stream;
-}
-
-inline bool operator==(const DataBuffer& a, const DataBuffer& b) {
-  return (a.empty() && b.empty()) ||
-         (a.len() == b.len() && 0 == memcmp(a.data(), b.data(), a.len()));
-}
-
-inline bool operator!=(const DataBuffer& a, const DataBuffer& b) {
-  return !(a == b);
-}
-
-}  // namespace nss_test
-
-#endif
diff --git a/security/nss/cpputil/dummy_io.cc b/security/nss/cpputil/dummy_io.cc
deleted file mode 100644
index ef45db833..000000000
--- a/security/nss/cpputil/dummy_io.cc
+++ /dev/null
@@ -1,225 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this file,
- * You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include <assert.h>
-#include <iostream>
-
-#include "prerror.h"
-#include "prio.h"
-
-#include "dummy_io.h"
-
-#define UNIMPLEMENTED()                                        \
-  std::cerr << "Unimplemented: " << __FUNCTION__ << std::endl; \
-  assert(false);
-
-extern const struct PRIOMethods DummyMethodsForward;
-
-ScopedPRFileDesc DummyIOLayerMethods::CreateFD(PRDescIdentity id,
-                                               DummyIOLayerMethods *methods) {
-  ScopedPRFileDesc fd(PR_CreateIOLayerStub(id, &DummyMethodsForward));
-  assert(fd);
-  if (!fd) {
-    return nullptr;
-  }
-  fd->secret = reinterpret_cast<PRFilePrivate *>(methods);
-  return fd;
-}
-
-PRStatus DummyIOLayerMethods::Close(PRFileDesc *f) {
-  f->secret = nullptr;
-  f->dtor(f);
-  return PR_SUCCESS;
-}
-
-int32_t DummyIOLayerMethods::Read(PRFileDesc *f, void *buf, int32_t length) {
-  UNIMPLEMENTED();
-  return -1;
-}
-
-int32_t DummyIOLayerMethods::Write(PRFileDesc *f, const void *buf,
-                                   int32_t length) {
-  UNIMPLEMENTED();
-  return -1;
-}
-
-int32_t DummyIOLayerMethods::Available(PRFileDesc *f) {
-  UNIMPLEMENTED();
-  return -1;
-}
-
-int64_t DummyIOLayerMethods::Available64(PRFileDesc *f) {
-  UNIMPLEMENTED();
-  return -1;
-}
-
-PRStatus DummyIOLayerMethods::Sync(PRFileDesc *f) {
-  UNIMPLEMENTED();
-  return PR_FAILURE;
-}
-
-int32_t DummyIOLayerMethods::Seek(PRFileDesc *f, int32_t offset,
-                                  PRSeekWhence how) {
-  UNIMPLEMENTED();
-  return -1;
-}
-
-int64_t DummyIOLayerMethods::Seek64(PRFileDesc *f, int64_t offset,
-                                    PRSeekWhence how) {
-  UNIMPLEMENTED();
-  return -1;
-}
-
-PRStatus DummyIOLayerMethods::FileInfo(PRFileDesc *f, PRFileInfo *info) {
-  UNIMPLEMENTED();
-  return PR_FAILURE;
-}
-
-PRStatus DummyIOLayerMethods::FileInfo64(PRFileDesc *f, PRFileInfo64 *info) {
-  UNIMPLEMENTED();
-  return PR_FAILURE;
-}
-
-int32_t DummyIOLayerMethods::Writev(PRFileDesc *f, const PRIOVec *iov,
-                                    int32_t iov_size, PRIntervalTime to) {
-  UNIMPLEMENTED();
-  return -1;
-}
-
-PRStatus DummyIOLayerMethods::Connect(PRFileDesc *f, const PRNetAddr *addr,
-                                      PRIntervalTime to) {
-  UNIMPLEMENTED();
-  return PR_FAILURE;
-}
-
-PRFileDesc *DummyIOLayerMethods::Accept(PRFileDesc *sd, PRNetAddr *addr,
-                                        PRIntervalTime to) {
-  UNIMPLEMENTED();
-  return nullptr;
-}
-
-PRStatus DummyIOLayerMethods::Bind(PRFileDesc *f, const PRNetAddr *addr) {
-  UNIMPLEMENTED();
-  return PR_FAILURE;
-}
-
-PRStatus DummyIOLayerMethods::Listen(PRFileDesc *f, int32_t depth) {
-  UNIMPLEMENTED();
-  return PR_FAILURE;
-}
-
-PRStatus DummyIOLayerMethods::Shutdown(PRFileDesc *f, int32_t how) {
-  return PR_SUCCESS;
-}
-
-int32_t DummyIOLayerMethods::Recv(PRFileDesc *f, void *buf, int32_t buflen,
-                                  int32_t flags, PRIntervalTime to) {
-  UNIMPLEMENTED();
-  return -1;
-}
-
-// Note: this is always nonblocking and assumes a zero timeout.
-int32_t DummyIOLayerMethods::Send(PRFileDesc *f, const void *buf,
-                                  int32_t amount, int32_t flags,
-                                  PRIntervalTime to) {
-  return Write(f, buf, amount);
-}
-
-int32_t DummyIOLayerMethods::Recvfrom(PRFileDesc *f, void *buf, int32_t amount,
-                                      int32_t flags, PRNetAddr *addr,
-                                      PRIntervalTime to) {
-  UNIMPLEMENTED();
-  return -1;
-}
-
-int32_t DummyIOLayerMethods::Sendto(PRFileDesc *f, const void *buf,
-                                    int32_t amount, int32_t flags,
-                                    const PRNetAddr *addr, PRIntervalTime to) {
-  UNIMPLEMENTED();
-  return -1;
-}
-
-int16_t DummyIOLayerMethods::Poll(PRFileDesc *f, int16_t in_flags,
-                                  int16_t *out_flags) {
-  UNIMPLEMENTED();
-  return -1;
-}
-
-int32_t DummyIOLayerMethods::AcceptRead(PRFileDesc *sd, PRFileDesc **nd,
-                                        PRNetAddr **raddr, void *buf,
-                                        int32_t amount, PRIntervalTime t) {
-  UNIMPLEMENTED();
-  return -1;
-}
-
-int32_t DummyIOLayerMethods::TransmitFile(PRFileDesc *sd, PRFileDesc *f,
-                                          const void *headers, int32_t hlen,
-                                          PRTransmitFileFlags flags,
-                                          PRIntervalTime t) {
-  UNIMPLEMENTED();
-  return -1;
-}
-
-// TODO: Modify to return unique names for each channel
-// somehow, as opposed to always the same static address. The current
-// implementation messes up the session cache, which is why it's off
-// elsewhere
-PRStatus DummyIOLayerMethods::Getpeername(PRFileDesc *f, PRNetAddr *addr) {
-  addr->inet.family = PR_AF_INET;
-  addr->inet.port = 0;
-  addr->inet.ip = 0;
-
-  return PR_SUCCESS;
-}
-
-PRStatus DummyIOLayerMethods::Getsockname(PRFileDesc *f, PRNetAddr *addr) {
-  UNIMPLEMENTED();
-  return PR_FAILURE;
-}
-
-PRStatus DummyIOLayerMethods::Getsockoption(PRFileDesc *f,
-                                            PRSocketOptionData *opt) {
-  switch (opt->option) {
-    case PR_SockOpt_Nonblocking:
-      opt->value.non_blocking = PR_TRUE;
-      return PR_SUCCESS;
-    default:
-      UNIMPLEMENTED();
-      break;
-  }
-
-  return PR_FAILURE;
-}
-
-PRStatus DummyIOLayerMethods::Setsockoption(PRFileDesc *f,
-                                            const PRSocketOptionData *opt) {
-  switch (opt->option) {
-    case PR_SockOpt_Nonblocking:
-      return PR_SUCCESS;
-    case PR_SockOpt_NoDelay:
-      return PR_SUCCESS;
-    default:
-      UNIMPLEMENTED();
-      break;
-  }
-
-  return PR_FAILURE;
-}
-
-int32_t DummyIOLayerMethods::Sendfile(PRFileDesc *out, PRSendFileData *in,
-                                      PRTransmitFileFlags flags,
-                                      PRIntervalTime to) {
-  UNIMPLEMENTED();
-  return -1;
-}
-
-PRStatus DummyIOLayerMethods::ConnectContinue(PRFileDesc *f, int16_t flags) {
-  UNIMPLEMENTED();
-  return PR_FAILURE;
-}
-
-int32_t DummyIOLayerMethods::Reserved(PRFileDesc *f) {
-  UNIMPLEMENTED();
-  return -1;
-}
diff --git a/security/nss/cpputil/dummy_io.h b/security/nss/cpputil/dummy_io.h
deleted file mode 100644
index 797ac6113..000000000
--- a/security/nss/cpputil/dummy_io.h
+++ /dev/null
@@ -1,62 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this file,
- * You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#ifndef dummy_io_h__
-#define dummy_io_h__
-
-#include "prerror.h"
-#include "prio.h"
-
-#include "scoped_ptrs.h"
-
-class DummyIOLayerMethods {
- public:
-  static ScopedPRFileDesc CreateFD(PRDescIdentity id,
-                                   DummyIOLayerMethods *methods);
-
-  virtual PRStatus Close(PRFileDesc *f);
-  virtual int32_t Read(PRFileDesc *f, void *buf, int32_t length);
-  virtual int32_t Write(PRFileDesc *f, const void *buf, int32_t length);
-  virtual int32_t Available(PRFileDesc *f);
-  virtual int64_t Available64(PRFileDesc *f);
-  virtual PRStatus Sync(PRFileDesc *f);
-  virtual int32_t Seek(PRFileDesc *f, int32_t offset, PRSeekWhence how);
-  virtual int64_t Seek64(PRFileDesc *f, int64_t offset, PRSeekWhence how);
-  virtual PRStatus FileInfo(PRFileDesc *f, PRFileInfo *info);
-  virtual PRStatus FileInfo64(PRFileDesc *f, PRFileInfo64 *info);
-  virtual int32_t Writev(PRFileDesc *f, const PRIOVec *iov, int32_t iov_size,
-                         PRIntervalTime to);
-  virtual PRStatus Connect(PRFileDesc *f, const PRNetAddr *addr,
-                           PRIntervalTime to);
-  virtual PRFileDesc *Accept(PRFileDesc *sd, PRNetAddr *addr,
-                             PRIntervalTime to);
-  virtual PRStatus Bind(PRFileDesc *f, const PRNetAddr *addr);
-  virtual PRStatus Listen(PRFileDesc *f, int32_t depth);
-  virtual PRStatus Shutdown(PRFileDesc *f, int32_t how);
-  virtual int32_t Recv(PRFileDesc *f, void *buf, int32_t buflen, int32_t flags,
-                       PRIntervalTime to);
-  virtual int32_t Send(PRFileDesc *f, const void *buf, int32_t amount,
-                       int32_t flags, PRIntervalTime to);
-  virtual int32_t Recvfrom(PRFileDesc *f, void *buf, int32_t amount,
-                           int32_t flags, PRNetAddr *addr, PRIntervalTime to);
-  virtual int32_t Sendto(PRFileDesc *f, const void *buf, int32_t amount,
-                         int32_t flags, const PRNetAddr *addr,
-                         PRIntervalTime to);
-  virtual int16_t Poll(PRFileDesc *f, int16_t in_flags, int16_t *out_flags);
-  virtual int32_t AcceptRead(PRFileDesc *sd, PRFileDesc **nd, PRNetAddr **raddr,
-                             void *buf, int32_t amount, PRIntervalTime t);
-  virtual int32_t TransmitFile(PRFileDesc *sd, PRFileDesc *f,
-                               const void *headers, int32_t hlen,
-                               PRTransmitFileFlags flags, PRIntervalTime t);
-  virtual PRStatus Getpeername(PRFileDesc *f, PRNetAddr *addr);
-  virtual PRStatus Getsockname(PRFileDesc *f, PRNetAddr *addr);
-  virtual PRStatus Getsockoption(PRFileDesc *f, PRSocketOptionData *opt);
-  virtual PRStatus Setsockoption(PRFileDesc *f, const PRSocketOptionData *opt);
-  virtual int32_t Sendfile(PRFileDesc *out, PRSendFileData *in,
-                           PRTransmitFileFlags flags, PRIntervalTime to);
-  virtual PRStatus ConnectContinue(PRFileDesc *f, int16_t flags);
-  virtual int32_t Reserved(PRFileDesc *f);
-};
-
-#endif  // dummy_io_h__
diff --git a/security/nss/cpputil/dummy_io_fwd.cc b/security/nss/cpputil/dummy_io_fwd.cc
deleted file mode 100644
index 5e53d9e1b..000000000
--- a/security/nss/cpputil/dummy_io_fwd.cc
+++ /dev/null
@@ -1,162 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this file,
- * You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "prio.h"
-
-#include "dummy_io.h"
-
-static DummyIOLayerMethods *ToMethods(PRFileDesc *f) {
-  return reinterpret_cast<DummyIOLayerMethods *>(f->secret);
-}
-
-static PRStatus DummyClose(PRFileDesc *f) { return ToMethods(f)->Close(f); }
-
-static int32_t DummyRead(PRFileDesc *f, void *buf, int32_t length) {
-  return ToMethods(f)->Read(f, buf, length);
-}
-
-static int32_t DummyWrite(PRFileDesc *f, const void *buf, int32_t length) {
-  return ToMethods(f)->Write(f, buf, length);
-}
-
-static int32_t DummyAvailable(PRFileDesc *f) {
-  return ToMethods(f)->Available(f);
-}
-
-static int64_t DummyAvailable64(PRFileDesc *f) {
-  return ToMethods(f)->Available64(f);
-}
-
-static PRStatus DummySync(PRFileDesc *f) { return ToMethods(f)->Sync(f); }
-
-static int32_t DummySeek(PRFileDesc *f, int32_t offset, PRSeekWhence how) {
-  return ToMethods(f)->Seek(f, offset, how);
-}
-
-static int64_t DummySeek64(PRFileDesc *f, int64_t offset, PRSeekWhence how) {
-  return ToMethods(f)->Seek64(f, offset, how);
-}
-
-static PRStatus DummyFileInfo(PRFileDesc *f, PRFileInfo *info) {
-  return ToMethods(f)->FileInfo(f, info);
-}
-
-static PRStatus DummyFileInfo64(PRFileDesc *f, PRFileInfo64 *info) {
-  return ToMethods(f)->FileInfo64(f, info);
-}
-
-static int32_t DummyWritev(PRFileDesc *f, const PRIOVec *iov, int32_t iov_size,
-                           PRIntervalTime to) {
-  return ToMethods(f)->Writev(f, iov, iov_size, to);
-}
-
-static PRStatus DummyConnect(PRFileDesc *f, const PRNetAddr *addr,
-                             PRIntervalTime to) {
-  return ToMethods(f)->Connect(f, addr, to);
-}
-
-static PRFileDesc *DummyAccept(PRFileDesc *f, PRNetAddr *addr,
-                               PRIntervalTime to) {
-  return ToMethods(f)->Accept(f, addr, to);
-}
-
-static PRStatus DummyBind(PRFileDesc *f, const PRNetAddr *addr) {
-  return ToMethods(f)->Bind(f, addr);
-}
-
-static PRStatus DummyListen(PRFileDesc *f, int32_t depth) {
-  return ToMethods(f)->Listen(f, depth);
-}
-
-static PRStatus DummyShutdown(PRFileDesc *f, int32_t how) {
-  return ToMethods(f)->Shutdown(f, how);
-}
-
-static int32_t DummyRecv(PRFileDesc *f, void *buf, int32_t buflen,
-                         int32_t flags, PRIntervalTime to) {
-  return ToMethods(f)->Recv(f, buf, buflen, flags, to);
-}
-
-static int32_t DummySend(PRFileDesc *f, const void *buf, int32_t amount,
-                         int32_t flags, PRIntervalTime to) {
-  return ToMethods(f)->Send(f, buf, amount, flags, to);
-}
-
-static int32_t DummyRecvfrom(PRFileDesc *f, void *buf, int32_t amount,
-                             int32_t flags, PRNetAddr *addr,
-                             PRIntervalTime to) {
-  return ToMethods(f)->Recvfrom(f, buf, amount, flags, addr, to);
-}
-
-static int32_t DummySendto(PRFileDesc *f, const void *buf, int32_t amount,
-                           int32_t flags, const PRNetAddr *addr,
-                           PRIntervalTime to) {
-  return ToMethods(f)->Sendto(f, buf, amount, flags, addr, to);
-}
-
-static int16_t DummyPoll(PRFileDesc *f, int16_t in_flags, int16_t *out_flags) {
-  return ToMethods(f)->Poll(f, in_flags, out_flags);
-}
-
-static int32_t DummyAcceptRead(PRFileDesc *f, PRFileDesc **nd,
-                               PRNetAddr **raddr, void *buf, int32_t amount,
-                               PRIntervalTime t) {
-  return ToMethods(f)->AcceptRead(f, nd, raddr, buf, amount, t);
-}
-
-static int32_t DummyTransmitFile(PRFileDesc *sd, PRFileDesc *f,
-                                 const void *headers, int32_t hlen,
-                                 PRTransmitFileFlags flags, PRIntervalTime t) {
-  return ToMethods(f)->TransmitFile(sd, f, headers, hlen, flags, t);
-}
-
-static PRStatus DummyGetpeername(PRFileDesc *f, PRNetAddr *addr) {
-  return ToMethods(f)->Getpeername(f, addr);
-}
-
-static PRStatus DummyGetsockname(PRFileDesc *f, PRNetAddr *addr) {
-  return ToMethods(f)->Getsockname(f, addr);
-}
-
-static PRStatus DummyGetsockoption(PRFileDesc *f, PRSocketOptionData *opt) {
-  return ToMethods(f)->Getsockoption(f, opt);
-}
-
-static PRStatus DummySetsockoption(PRFileDesc *f,
-                                   const PRSocketOptionData *opt) {
-  return ToMethods(f)->Setsockoption(f, opt);
-}
-
-static int32_t DummySendfile(PRFileDesc *f, PRSendFileData *in,
-                             PRTransmitFileFlags flags, PRIntervalTime to) {
-  return ToMethods(f)->Sendfile(f, in, flags, to);
-}
-
-static PRStatus DummyConnectContinue(PRFileDesc *f, int16_t flags) {
-  return ToMethods(f)->ConnectContinue(f, flags);
-}
-
-static int32_t DummyReserved(PRFileDesc *f) {
-  return ToMethods(f)->Reserved(f);
-}
-
-extern const struct PRIOMethods DummyMethodsForward = {
-    PR_DESC_LAYERED,    DummyClose,
-    DummyRead,          DummyWrite,
-    DummyAvailable,     DummyAvailable64,
-    DummySync,          DummySeek,
-    DummySeek64,        DummyFileInfo,
-    DummyFileInfo64,    DummyWritev,
-    DummyConnect,       DummyAccept,
-    DummyBind,          DummyListen,
-    DummyShutdown,      DummyRecv,
-    DummySend,          DummyRecvfrom,
-    DummySendto,        DummyPoll,
-    DummyAcceptRead,    DummyTransmitFile,
-    DummyGetsockname,   DummyGetpeername,
-    DummyReserved,      DummyReserved,
-    DummyGetsockoption, DummySetsockoption,
-    DummySendfile,      DummyConnectContinue,
-    DummyReserved,      DummyReserved,
-    DummyReserved,      DummyReserved};
diff --git a/security/nss/cpputil/manifest.mn b/security/nss/cpputil/manifest.mn
deleted file mode 100644
index b3ccad8b5..000000000
--- a/security/nss/cpputil/manifest.mn
+++ /dev/null
@@ -1,24 +0,0 @@
-#
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-CORE_DEPTH = ..
-DEPTH      = ..
-
-MODULE = nss
-LIBRARY_NAME = cpputil
-
-ifeq ($(NSS_BUILD_UTIL_ONLY),1)
-CPPSRCS = \
-      $(NULL)
-else
-CPPSRCS = \
-      databuffer.cc \
-      dummy_io.cc \
-      dummy_io_fwd.cc \
-      tls_parser.cc \
-      $(NULL)
-endif
-
-EXPORTS = \
-      $(NULL)
diff --git a/security/nss/cpputil/scoped_ptrs.h b/security/nss/cpputil/scoped_ptrs.h
deleted file mode 100644
index b92b8132b..000000000
--- a/security/nss/cpputil/scoped_ptrs.h
+++ /dev/null
@@ -1,74 +0,0 @@
-/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/* vim: set ts=2 et sw=2 tw=80: */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this file,
- * You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#ifndef scoped_ptrs_h__
-#define scoped_ptrs_h__
-
-#include <memory>
-#include "cert.h"
-#include "keyhi.h"
-#include "pk11pub.h"
-#include "pkcs11uri.h"
-
-struct ScopedDelete {
-  void operator()(CERTCertificate* cert) { CERT_DestroyCertificate(cert); }
-  void operator()(CERTCertificateList* list) {
-    CERT_DestroyCertificateList(list);
-  }
-  void operator()(CERTName* name) { CERT_DestroyName(name); }
-  void operator()(CERTCertList* list) { CERT_DestroyCertList(list); }
-  void operator()(CERTSubjectPublicKeyInfo* spki) {
-    SECKEY_DestroySubjectPublicKeyInfo(spki);
-  }
-  void operator()(PK11SlotInfo* slot) { PK11_FreeSlot(slot); }
-  void operator()(PK11SymKey* key) { PK11_FreeSymKey(key); }
-  void operator()(PRFileDesc* fd) { PR_Close(fd); }
-  void operator()(SECAlgorithmID* id) { SECOID_DestroyAlgorithmID(id, true); }
-  void operator()(SECItem* item) { SECITEM_FreeItem(item, true); }
-  void operator()(SECKEYPublicKey* key) { SECKEY_DestroyPublicKey(key); }
-  void operator()(SECKEYPrivateKey* key) { SECKEY_DestroyPrivateKey(key); }
-  void operator()(SECKEYPrivateKeyList* list) {
-    SECKEY_DestroyPrivateKeyList(list);
-  }
-  void operator()(PK11URI* uri) { PK11URI_DestroyURI(uri); }
-  void operator()(PLArenaPool* arena) { PORT_FreeArena(arena, PR_FALSE); }
-  void operator()(PK11Context* context) { PK11_DestroyContext(context, true); }
-  void operator()(PK11GenericObject* obj) { PK11_DestroyGenericObject(obj); }
-};
-
-template <class T>
-struct ScopedMaybeDelete {
-  void operator()(T* ptr) {
-    if (ptr) {
-      ScopedDelete del;
-      del(ptr);
-    }
-  }
-};
-
-#define SCOPED(x) typedef std::unique_ptr<x, ScopedMaybeDelete<x> > Scoped##x
-
-SCOPED(CERTCertificate);
-SCOPED(CERTCertificateList);
-SCOPED(CERTCertList);
-SCOPED(CERTName);
-SCOPED(CERTSubjectPublicKeyInfo);
-SCOPED(PK11SlotInfo);
-SCOPED(PK11SymKey);
-SCOPED(PRFileDesc);
-SCOPED(SECAlgorithmID);
-SCOPED(SECItem);
-SCOPED(SECKEYPublicKey);
-SCOPED(SECKEYPrivateKey);
-SCOPED(SECKEYPrivateKeyList);
-SCOPED(PK11URI);
-SCOPED(PLArenaPool);
-SCOPED(PK11Context);
-SCOPED(PK11GenericObject);
-
-#undef SCOPED
-
-#endif  // scoped_ptrs_h__
diff --git a/security/nss/cpputil/scoped_ptrs_util.h b/security/nss/cpputil/scoped_ptrs_util.h
deleted file mode 100644
index 2dbf34e1d..000000000
--- a/security/nss/cpputil/scoped_ptrs_util.h
+++ /dev/null
@@ -1,39 +0,0 @@
-/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/* vim: set ts=2 et sw=2 tw=80: */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this file,
- * You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#ifndef scoped_ptrs_util_h__
-#define scoped_ptrs_util_h__
-
-#include <memory>
-#include "pkcs11uri.h"
-#include "secoid.h"
-
-struct ScopedDelete {
-  void operator()(SECAlgorithmID* id) { SECOID_DestroyAlgorithmID(id, true); }
-  void operator()(SECItem* item) { SECITEM_FreeItem(item, true); }
-  void operator()(PK11URI* uri) { PK11URI_DestroyURI(uri); }
-  void operator()(PLArenaPool* arena) { PORT_FreeArena(arena, PR_FALSE); }
-};
-
-template <class T>
-struct ScopedMaybeDelete {
-  void operator()(T* ptr) {
-    if (ptr) {
-      ScopedDelete del;
-      del(ptr);
-    }
-  }
-};
-
-#define SCOPED(x) typedef std::unique_ptr<x, ScopedMaybeDelete<x> > Scoped##x
-
-SCOPED(SECAlgorithmID);
-SCOPED(SECItem);
-SCOPED(PK11URI);
-
-#undef SCOPED
-
-#endif  // scoped_ptrs_util_h__
diff --git a/security/nss/cpputil/tls_parser.cc b/security/nss/cpputil/tls_parser.cc
deleted file mode 100644
index e4c06aa91..000000000
--- a/security/nss/cpputil/tls_parser.cc
+++ /dev/null
@@ -1,73 +0,0 @@
-/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/* vim: set ts=2 et sw=2 tw=80: */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this file,
- * You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "tls_parser.h"
-
-namespace nss_test {
-
-bool TlsParser::Read(uint8_t* val) {
-  if (remaining() < 1) {
-    return false;
-  }
-  *val = *ptr();
-  consume(1);
-  return true;
-}
-
-bool TlsParser::Read(uint32_t* val, size_t size) {
-  if (size > sizeof(uint32_t)) {
-    return false;
-  }
-
-  uint32_t v = 0;
-  for (size_t i = 0; i < size; ++i) {
-    uint8_t tmp;
-    if (!Read(&tmp)) {
-      return false;
-    }
-
-    v = (v << 8) | tmp;
-  }
-
-  *val = v;
-  return true;
-}
-
-bool TlsParser::Read(DataBuffer* val, size_t len) {
-  if (remaining() < len) {
-    return false;
-  }
-
-  val->Assign(ptr(), len);
-  consume(len);
-  return true;
-}
-
-bool TlsParser::ReadVariable(DataBuffer* val, size_t len_size) {
-  uint32_t len;
-  if (!Read(&len, len_size)) {
-    return false;
-  }
-  return Read(val, len);
-}
-
-bool TlsParser::Skip(size_t len) {
-  if (len > remaining()) {
-    return false;
-  }
-  consume(len);
-  return true;
-}
-
-bool TlsParser::SkipVariable(size_t len_size) {
-  uint32_t len;
-  if (!Read(&len, len_size)) {
-    return false;
-  }
-  return Skip(len);
-}
-
-}  // namespace nss_test
diff --git a/security/nss/cpputil/tls_parser.h b/security/nss/cpputil/tls_parser.h
deleted file mode 100644
index a5f5771d5..000000000
--- a/security/nss/cpputil/tls_parser.h
+++ /dev/null
@@ -1,145 +0,0 @@
-/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/* vim: set ts=2 et sw=2 tw=80: */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this file,
- * You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#ifndef tls_parser_h_
-#define tls_parser_h_
-
-#include <cstdint>
-#include <cstring>
-#include <memory>
-#if defined(WIN32) || defined(WIN64)
-#include <winsock2.h>
-#else
-#include <arpa/inet.h>
-#endif
-#include "databuffer.h"
-#include "sslt.h"
-
-namespace nss_test {
-
-const uint8_t kTlsChangeCipherSpecType = 20;
-const uint8_t kTlsAlertType = 21;
-const uint8_t kTlsHandshakeType = 22;
-const uint8_t kTlsApplicationDataType = 23;
-const uint8_t kTlsAltHandshakeType = 24;
-const uint8_t kTlsAckType = 25;
-
-const uint8_t kTlsHandshakeClientHello = 1;
-const uint8_t kTlsHandshakeServerHello = 2;
-const uint8_t kTlsHandshakeNewSessionTicket = 4;
-const uint8_t kTlsHandshakeHelloRetryRequest = 6;
-const uint8_t kTlsHandshakeEncryptedExtensions = 8;
-const uint8_t kTlsHandshakeCertificate = 11;
-const uint8_t kTlsHandshakeServerKeyExchange = 12;
-const uint8_t kTlsHandshakeCertificateRequest = 13;
-const uint8_t kTlsHandshakeCertificateVerify = 15;
-const uint8_t kTlsHandshakeClientKeyExchange = 16;
-const uint8_t kTlsHandshakeFinished = 20;
-
-const uint8_t kTlsAlertWarning = 1;
-const uint8_t kTlsAlertFatal = 2;
-
-const uint8_t kTlsAlertCloseNotify = 0;
-const uint8_t kTlsAlertUnexpectedMessage = 10;
-const uint8_t kTlsAlertBadRecordMac = 20;
-const uint8_t kTlsAlertRecordOverflow = 22;
-const uint8_t kTlsAlertHandshakeFailure = 40;
-const uint8_t kTlsAlertIllegalParameter = 47;
-const uint8_t kTlsAlertDecodeError = 50;
-const uint8_t kTlsAlertDecryptError = 51;
-const uint8_t kTlsAlertProtocolVersion = 70;
-const uint8_t kTlsAlertInternalError = 80;
-const uint8_t kTlsAlertInappropriateFallback = 86;
-const uint8_t kTlsAlertMissingExtension = 109;
-const uint8_t kTlsAlertUnsupportedExtension = 110;
-const uint8_t kTlsAlertUnrecognizedName = 112;
-const uint8_t kTlsAlertNoApplicationProtocol = 120;
-
-const uint8_t kTlsFakeChangeCipherSpec[] = {
-    kTlsChangeCipherSpecType,  // Type
-    0xfe,
-    0xff,  // Version
-    0x00,
-    0x00,
-    0x00,
-    0x00,
-    0x00,
-    0x00,
-    0x00,
-    0x10,  // Fictitious sequence #
-    0x00,
-    0x01,  // Length
-    0x01   // Value
-};
-
-static const uint8_t kTls13PskKe = 0;
-static const uint8_t kTls13PskDhKe = 1;
-static const uint8_t kTls13PskAuth = 0;
-static const uint8_t kTls13PskSignAuth = 1;
-
-inline std::ostream& operator<<(std::ostream& os, SSLProtocolVariant v) {
-  return os << ((v == ssl_variant_stream) ? "TLS" : "DTLS");
-}
-
-inline bool IsDtls(uint16_t version) { return (version & 0x8000) == 0x8000; }
-
-inline uint16_t NormalizeTlsVersion(uint16_t version) {
-  if (version == 0xfeff) {
-    return 0x0302;  // special: DTLS 1.0 == TLS 1.1
-  }
-  if (IsDtls(version)) {
-    return (version ^ 0xffff) + 0x0201;
-  }
-  return version;
-}
-
-inline uint16_t TlsVersionToDtlsVersion(uint16_t version) {
-  if (version == 0x0302) {
-    return 0xfeff;
-  }
-  if (version == 0x0304) {
-    return version;
-  }
-  return 0xffff - version + 0x0201;
-}
-
-inline size_t WriteVariable(DataBuffer* target, size_t index,
-                            const DataBuffer& buf, size_t len_size) {
-  index = target->Write(index, static_cast<uint32_t>(buf.len()), len_size);
-  return target->Write(index, buf.data(), buf.len());
-}
-
-class TlsParser {
- public:
-  TlsParser(const uint8_t* data, size_t len) : buffer_(data, len), offset_(0) {}
-  explicit TlsParser(const DataBuffer& buf) : buffer_(buf), offset_(0) {}
-
-  bool Read(uint8_t* val);
-  // Read an integral type of specified width.
-  bool Read(uint32_t* val, size_t size);
-  // Reads len bytes into dest buffer, overwriting it.
-  bool Read(DataBuffer* dest, size_t len);
-  // Reads bytes into dest buffer, overwriting it.  The number of bytes is
-  // determined by reading from len_size bytes from the stream first.
-  bool ReadVariable(DataBuffer* dest, size_t len_size);
-
-  bool Skip(size_t len);
-  bool SkipVariable(size_t len_size);
-
-  size_t consumed() const { return offset_; }
-  size_t remaining() const { return buffer_.len() - offset_; }
-
- private:
-  void consume(size_t len) { offset_ += len; }
-  const uint8_t* ptr() const { return buffer_.data() + offset_; }
-
-  DataBuffer buffer_;
-  size_t offset_;
-};
-
-}  // namespace nss_test
-
-#endif
diff --git a/security/nss/doc/certutil.xml b/security/nss/doc/certutil.xml
index d5062bd5e..461b21389 100644
--- a/security/nss/doc/certutil.xml
+++ b/security/nss/doc/certutil.xml
@@ -456,16 +456,6 @@ of the attribute codes:
       </varlistentry>
 
       <varlistentry>
-        <term>--pss</term>
-        <listitem><para>Restrict the generated certificate (with the <option>-S</option> option) or certificate request (with the <option>-R</option> option) to be used with the RSA-PSS signature scheme. This only works when the private key of the certificate or certificate request is RSA.</para></listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>--pss-sign</term>
-        <listitem><para>Sign the generated certificate with the RSA-PSS signature scheme (with the <option>-C</option> or <option>-S</option> option). This only works when the private key of the signer's certificate is RSA. If the signer's certificate is restricted to RSA-PSS, it is not necessary to specify this option.</para></listitem>
-      </varlistentry>
-
-      <varlistentry>
         <term>-z noise-file</term>
         <listitem><para>Read a seed value from the specified file to generate a new private and public key pair. This argument makes it possible to use hardware-generated seed values or manually create a value from the keyboard. The minimum file size is 20 bytes.</para></listitem>
       </varlistentry>
diff --git a/security/nss/doc/html/certutil.html b/security/nss/doc/html/certutil.html
index 902d1309a..eb2e94322 100644
--- a/security/nss/doc/html/certutil.html
+++ b/security/nss/doc/html/certutil.html
@@ -1,4 +1,4 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>CERTUTIL</title><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot"><link rel="home" href="index.html" title="CERTUTIL"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">CERTUTIL</th></tr></table><hr></div><div class="refentry"><a name="certutil"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>certutil — Manage keys and certificate in both NSS databases and other NSS tokens</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">certutil</code>  [<em class="replaceable"><code>options</code></em>] [[<em class="replaceable"><code>arguments</code></em>]]</p></div></div><div class="refsection"><a name="idm140440587239488"></a><h2>STATUS</h2><p>This documentation is still work in progress. Please contribute to the initial review in <a class="ulink" href="https://bugzilla.mozilla.org/show_bug.cgi?id=836477" target="_top">Mozilla NSS bug 836477</a>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>CERTUTIL</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><link rel="home" href="index.html" title="CERTUTIL"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">CERTUTIL</th></tr></table><hr></div><div class="refentry"><a name="certutil"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>certutil — Manage keys and certificate in both NSS databases and other NSS tokens</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">certutil</code>  [<em class="replaceable"><code>options</code></em>] [[<em class="replaceable"><code>arguments</code></em>]]</p></div></div><div class="refsection"><a name="idm139774553663312"></a><h2>STATUS</h2><p>This documentation is still work in progress. Please contribute to the initial review in <a class="ulink" href="https://bugzilla.mozilla.org/show_bug.cgi?id=836477" target="_top">Mozilla NSS bug 836477</a>
     </p></div><div class="refsection"><a name="description"></a><h2>Description</h2><p>The Certificate Database Tool, <span class="command"><strong>certutil</strong></span>, is a command-line utility that can create and modify certificate and key databases. It can specifically list, generate, modify, or delete certificates, create or change the password, generate new public and private key pairs, display the contents of the key database, or delete key pairs within the key database.</p><p>Certificate issuance, part of the key and certificate management process, requires that keys and certificates be created in the key database. This document discusses certificate and key database management. For information on the security module database management, see the <span class="command"><strong>modutil</strong></span> manpage.</p></div><div class="refsection"><a name="options"></a><h2>Command Options and Arguments</h2><p>Running <span class="command"><strong>certutil</strong></span> always requires one and only one command option to specify the type of certificate operation. Each command option may take zero or more arguments. The command option <code class="option">-H</code> will list all the command options and their relevant arguments.</p><p><span class="command"><strong>Command Options</strong></span></p><div class="variablelist"><dl class="variablelist"><dt><span class="term">-A </span></dt><dd><p>Add an existing certificate to a certificate database. The certificate database should already exist; if one is not present, this command option will initialize one by default.</p></dd><dt><span class="term">-B</span></dt><dd><p>Run a series of commands from the specified batch file. This requires the <code class="option">-i</code> argument.</p></dd><dt><span class="term">-C </span></dt><dd><p>Create a new binary certificate file from a binary certificate request file. Use the <code class="option">-i</code> argument to specify the certificate request file. If this argument is not used, <span class="command"><strong>certutil</strong></span> prompts for a filename. </p></dd><dt><span class="term">-D </span></dt><dd><p>Delete a certificate from the certificate database.</p></dd><dt><span class="term">--rename </span></dt><dd><p>Change the database nickname of a certificate.</p></dd><dt><span class="term">-E </span></dt><dd><p>Add an email certificate to the certificate database.</p></dd><dt><span class="term">-F</span></dt><dd><p>Delete a private key from a key database. Specify the key to delete with the -n argument. Specify the database from which to delete the key with the 
 <code class="option">-d</code> argument. Use the <code class="option">-k</code> argument to specify explicitly whether to delete a DSA, RSA, or ECC key. If you don't use the <code class="option">-k</code> argument, the option looks for an RSA key matching the specified nickname. 
 </p><p>
@@ -20,26 +20,25 @@ Add one or multiple extensions that certutil cannot encode yet, by loading their
            duplicate nicknames. Giving a key type generates a new key pair; 
            giving the ID of an existing key reuses that key pair (which is 
            required to renew certificates).
-          </p></dd><dt><span class="term">-l </span></dt><dd><p>Display detailed information when validating a certificate with the -V option.</p></dd><dt><span class="term">-m serial-number</span></dt><dd><p>Assign a unique serial number to a certificate being created. This operation should be performed by a CA. If no serial number is provided a default serial number is made from the current time. Serial numbers are limited to integers </p></dd><dt><span class="term">-n nickname</span></dt><dd><p>Specify the nickname of a certificate or key to list, create, add to a database, modify, or validate. Bracket the nickname string with quotation marks if it contains spaces.</p></dd><dt><span class="term">-o output-file</span></dt><dd><p>Specify the output file name for new certificates or binary certificate requests. Bracket the output-file string with quotation marks if it contains spaces. If this argument is not used the output destination defaults to standard output.</p></dd><dt><span class="term">-P dbPrefix</span></dt><dd><p>Specify the prefix used on the certificate and key database file. This argument is provided to support legacy servers. Most applications do not use a database prefix.</p></dd><dt><span class="term">-p phone</span></dt><dd><p>Specify a contact telephone number to include in new certificates or certificate requests. Bracket this string with quotation marks if it contains spaces.</p></dd><dt><span class="term">-q pqgfile or curve-name</span></dt><dd><p>Read an alternate PQG value from the specified file when generating DSA key pairs. If this argument is not used, <span class="command"><strong>certutil</strong></span> generates its own PQG value. PQG files are created with a separate DSA utility.</p><p>Elliptic curve name is one of the ones from nistp256, nistp384, nistp521, curve25519.</p><p>
-           If a token is available that supports more curves, the foolowing curves are supported as well:
-           sect163k1, nistk163, sect163r1, sect163r2,
-           nistb163,  sect193r1, sect193r2, sect233k1, nistk233,
-           sect233r1, nistb233, sect239k1, sect283k1, nistk283,
-           sect283r1, nistb283, sect409k1, nistk409, sect409r1,
-           nistb409,  sect571k1, nistk571, sect571r1, nistb571,
-           secp160k1, secp160r1, secp160r2, secp192k1, secp192r1,
-           nistp192,  secp224k1, secp224r1, nistp224, secp256k1,
-           secp256r1, secp384r1, secp521r1,
-           prime192v1, prime192v2, prime192v3,
-           prime239v1, prime239v2, prime239v3, c2pnb163v1,
-           c2pnb163v2, c2pnb163v3, c2pnb176v1, c2tnb191v1,
-           c2tnb191v2, c2tnb191v3,
-           c2pnb208w1, c2tnb239v1, c2tnb239v2, c2tnb239v3,
-           c2pnb272w1, c2pnb304w1,
-           c2tnb359w1, c2pnb368w1, c2tnb431r1, secp112r1,
-           secp112r2, secp128r1, secp128r2, sect113r1, sect113r2,
-           sect131r1, sect131r2
-        </p></dd><dt><span class="term">-r </span></dt><dd><p>Display a certificate's binary DER encoding when listing information about that certificate with the -L option.</p></dd><dt><span class="term">-s subject</span></dt><dd><p>Identify a particular certificate owner for new certificates or certificate requests. Bracket this string with quotation marks if it contains spaces. The subject identification format follows RFC #1485.</p></dd><dt><span class="term">-t trustargs</span></dt><dd><p>Specify the trust attributes to modify in an existing certificate or to apply to a certificate when creating it or adding it to a database. There are three available trust categories for each certificate, expressed in the order <span class="emphasis"><em>SSL, email, object signing</em></span> for each trust setting. In each category position, use none, any, or all
+          </p></dd><dt><span class="term">-l </span></dt><dd><p>Display detailed information when validating a certificate with the -V option.</p></dd><dt><span class="term">-m serial-number</span></dt><dd><p>Assign a unique serial number to a certificate being created. This operation should be performed by a CA. If no serial number is provided a default serial number is made from the current time. Serial numbers are limited to integers </p></dd><dt><span class="term">-n nickname</span></dt><dd><p>Specify the nickname of a certificate or key to list, create, add to a database, modify, or validate. Bracket the nickname string with quotation marks if it contains spaces.</p></dd><dt><span class="term">-o output-file</span></dt><dd><p>Specify the output file name for new certificates or binary certificate requests. Bracket the output-file string with quotation marks if it contains spaces. If this argument is not used the output destination defaults to standard output.</p></dd><dt><span class="term">-P dbPrefix</span></dt><dd><p>Specify the prefix used on the certificate and key database file. This argument is provided to support legacy servers. Most applications do not use a database prefix.</p></dd><dt><span class="term">-p phone</span></dt><dd><p>Specify a contact telephone number to include in new certificates or certificate requests. Bracket this string with quotation marks if it contains spaces.</p></dd><dt><span class="term">-q pqgfile or curve-name</span></dt><dd><p>Read an alternate PQG value from the specified file when generating DSA key pairs. If this argument is not used, <span class="command"><strong>certutil</strong></span> generates its own PQG value. PQG files are created with a separate DSA utility.</p><p>Elliptic curve name is one of the ones from nistp256, nistp384, nistp521, curve25519.</p><p>If a token is available that supports more curves, the foolowing curves are supported as well:
+          sect163k1, nistk163, sect163r1, sect163r2,
+          nistb163,  sect193r1, sect193r2, sect233k1, nistk233,
+          sect233r1, nistb233, sect239k1, sect283k1, nistk283,
+          sect283r1, nistb283, sect409k1, nistk409, sect409r1,
+          nistb409,  sect571k1, nistk571, sect571r1, nistb571,
+          secp160k1, secp160r1, secp160r2, secp192k1, secp192r1,
+          nistp192,  secp224k1, secp224r1, nistp224, secp256k1,
+          secp256r1, secp384r1, secp521r1,
+          prime192v1, prime192v2, prime192v3,
+          prime239v1, prime239v2, prime239v3, c2pnb163v1,
+          c2pnb163v2, c2pnb163v3, c2pnb176v1, c2tnb191v1,
+          c2tnb191v2, c2tnb191v3,
+          c2pnb208w1, c2tnb239v1, c2tnb239v2, c2tnb239v3,
+          c2pnb272w1, c2pnb304w1,
+          c2tnb359w1, c2pnb368w1, c2tnb431r1, secp112r1,
+          secp112r2, secp128r1, secp128r2, sect113r1, sect113r2,
+          sect131r1, sect131r2</p>
+          </dd><dt><span class="term">-r </span></dt><dd><p>Display a certificate's binary DER encoding when listing information about that certificate with the -L option.</p></dd><dt><span class="term">-s subject</span></dt><dd><p>Identify a particular certificate owner for new certificates or certificate requests. Bracket this string with quotation marks if it contains spaces. The subject identification format follows RFC #1485.</p></dd><dt><span class="term">-t trustargs</span></dt><dd><p>Specify the trust attributes to modify in an existing certificate or to apply to a certificate when creating it or adding it to a database. There are three available trust categories for each certificate, expressed in the order <span class="emphasis"><em>SSL, email, object signing</em></span> for each trust setting. In each category position, use none, any, or all
 of the attribute codes: 
 	</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
 		<span class="command"><strong>p</strong></span> - Valid peer
@@ -60,7 +59,7 @@ of the attribute codes:
  the certificate or adding it to a database. Express the offset in integers, 
  using a minus sign (-) to indicate a negative offset. If this argument is 
  not used, the validity period begins at the current system time. The length 
- of the validity period is set with the -v argument. </p></dd><dt><span class="term">-X </span></dt><dd><p>Force the key and certificate database to open in read-write mode. This is used with the <code class="option">-U</code> and <code class="option">-L</code> command options.</p></dd><dt><span class="term">-x </span></dt><dd><p>Use <span class="command"><strong>certutil</strong></span> to generate the signature for a certificate being created or added to a database, rather than obtaining a signature from a separate CA.</p></dd><dt><span class="term">-y exp</span></dt><dd><p>Set an alternate exponent value to use in generating a new RSA public key for the database, instead of the default value of 65537. The available alternate values are 3 and 17.</p></dd><dt><span class="term">--pss</span></dt><dd><p>Restrict the generated certificate (with the <code class="option">-S</code> option) or certificate request (with the <code class="option">-R</code> option) to be used with the RSA-PSS signature scheme. This only works when the private key of the certificate or certificate request is RSA.</p></dd><dt><span class="term">--pss-sign</span></dt><dd><p>Sign the generated certificate with the RSA-PSS signature scheme (with the <code class="option">-C</code> or <code class="option">-S</code> option). This only works when the private key of the signer's certificate is RSA. If the signer's certificate is restricted to RSA-PSS, it is not necessary to specify this option.</p></dd><dt><span class="term">-z noise-file</span></dt><dd><p>Read a seed value from the specified file to generate a new private and public key pair. This argument makes it possible to use hardware-generated seed values or manually create a value from the keyboard. The minimum file size is 20 bytes.</p></dd><dt><span class="term">-Z hashAlg</span></dt><dd><p>Specify the hash algorithm to use with the -C, -S or -R command options. Possible keywords:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>MD2</p></li><li class="listitem"><p>MD4</p></li><li class="listitem"><p>MD5</p></li><li class="listitem"><p>SHA1</p></li><li class="listitem"><p>SHA224</p></li><li class="listitem"><p>SHA256</p></li><li class="listitem"><p>SHA384</p></li><li class="listitem"><p>SHA512</p></li></ul></div></dd><dt><span class="term">-0 SSO_password</span></dt><dd><p>Set a site security officer password on a token.</p></dd><dt><span class="term">-1 | --keyUsage keyword,keyword</span></dt><dd><p>Set an X.509 V3 Certificate Type Extension in the certificate. There are several available keywords:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
+ of the validity period is set with the -v argument. </p></dd><dt><span class="term">-X </span></dt><dd><p>Force the key and certificate database to open in read-write mode. This is used with the <code class="option">-U</code> and <code class="option">-L</code> command options.</p></dd><dt><span class="term">-x </span></dt><dd><p>Use <span class="command"><strong>certutil</strong></span> to generate the signature for a certificate being created or added to a database, rather than obtaining a signature from a separate CA.</p></dd><dt><span class="term">-y exp</span></dt><dd><p>Set an alternate exponent value to use in generating a new RSA public key for the database, instead of the default value of 65537. The available alternate values are 3 and 17.</p></dd><dt><span class="term">-z noise-file</span></dt><dd><p>Read a seed value from the specified file to generate a new private and public key pair. This argument makes it possible to use hardware-generated seed values or manually create a value from the keyboard. The minimum file size is 20 bytes.</p></dd><dt><span class="term">-Z hashAlg</span></dt><dd><p>Specify the hash algorithm to use with the -C, -S or -R command options. Possible keywords:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>MD2</p></li><li class="listitem"><p>MD4</p></li><li class="listitem"><p>MD5</p></li><li class="listitem"><p>SHA1</p></li><li class="listitem"><p>SHA224</p></li><li class="listitem"><p>SHA256</p></li><li class="listitem"><p>SHA384</p></li><li class="listitem"><p>SHA512</p></li></ul></div></dd><dt><span class="term">-0 SSO_password</span></dt><dd><p>Set a site security officer password on a token.</p></dd><dt><span class="term">-1 | --keyUsage keyword,keyword</span></dt><dd><p>Set an X.509 V3 Certificate Type Extension in the certificate. There are several available keywords:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
 		digitalSignature
 	</p></li><li class="listitem"><p>
 		nonRepudiation
diff --git a/security/nss/doc/html/pk12util.html b/security/nss/doc/html/pk12util.html
index 94dbf51e9..fe516dd83 100644
--- a/security/nss/doc/html/pk12util.html
+++ b/security/nss/doc/html/pk12util.html
@@ -1,6 +1,6 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>PK12UTIL</title><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot"><link rel="home" href="index.html" title="PK12UTIL"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">PK12UTIL</th></tr></table><hr></div><div class="refentry"><a name="pk12util"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>pk12util — Export and import keys and certificate to or from a PKCS #12 file and the NSS database</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">pk12util</code>  [-i p12File|-l p12File|-o p12File] [-d [sql:]directory] [-h tokenname] [-P dbprefix] [-r] [-v] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword]</p></div></div><div class="refsection"><a name="idm139975398059856"></a><h2>STATUS</h2><p>This documentation is still work in progress. Please contribute to the initial review in <a class="ulink" href="https://bugzilla.mozilla.org/show_bug.cgi?id=836477" target="_top">Mozilla NSS bug 836477</a>
-    </p></div><div class="refsection"><a name="description"></a><h2>Description</h2><p>The PKCS #12 utility, <span class="command"><strong>pk12util</strong></span>, enables sharing certificates among any server that supports PKCS #12. The tool can import certificates and keys from PKCS #12 files into security databases, export certificates, and list certificates and keys.</p></div><div class="refsection"><a name="options"></a><h2>Options and Arguments</h2><p><span class="command"><strong>Options</strong></span></p><div class="variablelist"><dl class="variablelist"><dt><span class="term">-i p12file</span></dt><dd><p>Import keys and certificates from a PKCS #12 file into a security database.</p></dd><dt><span class="term">-l p12file</span></dt><dd><p>List the keys and certificates in PKCS #12 file.</p></dd><dt><span class="term">-o p12file</span></dt><dd><p>Export keys and certificates from the security database to a PKCS #12 file.</p></dd></dl></div><p><span class="command"><strong>Arguments</strong></span></p><div class="variablelist"><dl class="variablelist"><dt><span class="term">-c keyCipher</span></dt><dd><p>Specify the key encryption algorithm.</p></dd><dt><span class="term">-C certCipher</span></dt><dd><p>Specify the certiticate encryption algorithm.</p></dd><dt><span class="term">-d [sql:]directory</span></dt><dd><p>Specify the database directory into which to import to or export from certificates and keys.</p><p><span class="command"><strong>pk12util</strong></span> supports two types of databases: the legacy security databases (<code class="filename">cert8.db</code>, <code class="filename">key3.db</code>, and <code class="filename">secmod.db</code>) and new SQLite databases (<code class="filename">cert9.db</code>, <code class="filename">key4.db</code>, and <code class="filename">pkcs11.txt</code>). If the prefix <span class="command"><strong>sql:</strong></span> is not used, then the tool assumes that the given databases are in the old format.</p></dd><dt><span class="term">-h tokenname</span></dt><dd><p>Specify the name of the token to import into or export from.</p></dd><dt><span class="term">-k slotPasswordFile</span></dt><dd><p>Specify the text file containing the slot's password.</p></dd><dt><span class="term">-K slotPassword</span></dt><dd><p>Specify the slot's password.</p></dd><dt><span class="term">-m | --key-len  keyLength</span></dt><dd><p>Specify the desired length of the symmetric key to be used to encrypt the private key.</p></dd><dt><span class="term">-n | --cert-key-len  certKeyLength</span></dt><dd><p>Specify the desired length of the symmetric key to be used to encrypt the certificates and other meta-data.</p></dd><dt><span class="term">-n certname</span></dt><dd><p>Specify the nickname of the cert and private key to export.</p></dd><dt><span class="term">-P prefix</span></dt><dd><p>Specify the prefix used on the certificate and key databases. This option is provided as a special case. 
-          Changing the names of the certificate and key databases is not recommended.</p></dd><dt><span class="term">-r</span></dt><dd><p>Dumps all of the data in raw (binary) form. This must be saved as a DER file. The default is to return information in a pretty-print ASCII format, which displays the information about the certificates and public keys in the p12 file.</p></dd><dt><span class="term">-v </span></dt><dd><p>Enable debug logging when importing.</p></dd><dt><span class="term">-w p12filePasswordFile</span></dt><dd><p>Specify the text file containing the pkcs #12 file password.</p></dd><dt><span class="term">-W p12filePassword</span></dt><dd><p>Specify the pkcs #12 file password.</p></dd></dl></div></div><div class="refsection"><a name="return-codes"></a><h2>Return Codes</h2><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p> 0 - No error</p></li><li class="listitem"><p> 1 - User Cancelled</p></li><li class="listitem"><p> 2 - Usage error</p></li><li class="listitem"><p> 6 - NLS init error</p></li><li class="listitem"><p> 8 - Certificate DB open error</p></li><li class="listitem"><p> 9 - Key DB open error</p></li><li class="listitem"><p> 10 - File initialization error</p></li><li class="listitem"><p> 11 - Unicode conversion error</p></li><li class="listitem"><p> 12 - Temporary file creation error</p></li><li class="listitem"><p> 13 - PKCS11 get slot error</p></li><li class="listitem"><p> 14 - PKCS12 decoder start error</p></li><li class="listitem"><p> 15 - error read from import file</p></li><li class="listitem"><p> 16 - pkcs12 decode error</p></li><li class="listitem"><p> 17 - pkcs12 decoder verify error</p></li><li class="listitem"><p> 18 - pkcs12 decoder validate bags error</p></li><li class="listitem"><p> 19 - pkcs12 decoder import bags error</p></li><li class="listitem"><p> 20 - key db conversion version 3 to version 2 error</p></li><li class="listitem"><p> 21 - cert db conversion version 7 to version 5 error</p></li><li class="listitem"><p> 22 - cert and key dbs patch error</p></li><li class="listitem"><p> 23 - get default cert db error</p></li><li class="listitem"><p> 24 - find cert by nickname error</p></li><li class="listitem"><p> 25 - create export context error</p></li><li class="listitem"><p> 26 - PKCS12 add password itegrity error</p></li><li class="listitem"><p> 27 - cert and key Safes creation error</p></li><li class="listitem"><p> 28 - PKCS12 add cert and key error</p></li><li class="listitem"><p> 29 - PKCS12 encode error</p></li></ul></div></div><div class="refsection"><a name="examples"></a><h2>Examples</h2><p><span class="command"><strong>Importing Keys and Certificates</strong></span></p><p>The most basic usage of <span class="command"><strong>pk12util</strong></span> for importing a certificate or key is the PKCS #12 input file (<code class="option">-i</code>) and some way to specify the security database being accessed (either <code class="option">-d</code> for a directory or <code class="option">-h</code> for a token).
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>PK12UTIL</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><link rel="home" href="index.html" title="PK12UTIL"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">PK12UTIL</th></tr></table><hr></div><div class="refentry"><a name="pk12util"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>pk12util — Export and import keys and certificate to or from a PKCS #12 file and the NSS database</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">pk12util</code>  [-i p12File|-l p12File|-o p12File] [-d [sql:]directory] [-h tokenname] [-P dbprefix] [-r] [-v] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword]</p></div></div><div class="refsection"><a name="idm233250345408"></a><h2>STATUS</h2><p>This documentation is still work in progress. Please contribute to the initial review in <a class="ulink" href="https://bugzilla.mozilla.org/show_bug.cgi?id=836477" target="_top">Mozilla NSS bug 836477</a>
+    </p></div><div class="refsection"><a name="description"></a><h2>Description</h2><p>The PKCS #12 utility, <span class="command"><strong>pk12util</strong></span>, enables sharing certificates among any server that supports PKCS#12. The tool can import certificates and keys from PKCS#12 files into security databases, export certificates, and list certificates and keys.</p></div><div class="refsection"><a name="options"></a><h2>Options and Arguments</h2><p><span class="command"><strong>Options</strong></span></p><div class="variablelist"><dl class="variablelist"><dt><span class="term">-i p12file</span></dt><dd><p>Import keys and certificates from a PKCS#12 file into a security database.</p></dd><dt><span class="term">-l p12file</span></dt><dd><p>List the keys and certificates in PKCS#12 file.</p></dd><dt><span class="term">-o p12file</span></dt><dd><p>Export keys and certificates from the security database to a PKCS#12 file.</p></dd></dl></div><p><span class="command"><strong>Arguments</strong></span></p><div class="variablelist"><dl class="variablelist"><dt><span class="term">-c keyCipher</span></dt><dd><p>Specify the key encryption algorithm.</p></dd><dt><span class="term">-C certCipher</span></dt><dd><p>Specify the key cert (overall package) encryption algorithm.</p></dd><dt><span class="term">-d [sql:]directory</span></dt><dd><p>Specify the database directory into which to import to or export from certificates and keys.</p><p><span class="command"><strong>pk12util</strong></span> supports two types of databases: the legacy security databases (<code class="filename">cert8.db</code>, <code class="filename">key3.db</code>, and <code class="filename">secmod.db</code>) and new SQLite databases (<code class="filename">cert9.db</code>, <code class="filename">key4.db</code>, and <code class="filename">pkcs11.txt</code>). If the prefix <span class="command"><strong>sql:</strong></span> is not used, then the tool assumes that the given databases are in the old format.</p></dd><dt><span class="term">-h tokenname</span></dt><dd><p>Specify the name of the token to import into or export from.</p></dd><dt><span class="term">-k slotPasswordFile</span></dt><dd><p>Specify the text file containing the slot's password.</p></dd><dt><span class="term">-K slotPassword</span></dt><dd><p>Specify the slot's password.</p></dd><dt><span class="term">-m | --key-len  keyLength</span></dt><dd><p>Specify the desired length of the symmetric key to be used to encrypt the private key.</p></dd><dt><span class="term">-n | --cert-key-len  certKeyLength</span></dt><dd><p>Specify the desired length of the symmetric key to be used to encrypt the certificates and other meta-data.</p></dd><dt><span class="term">-n certname</span></dt><dd><p>Specify the nickname of the cert and private key to export.</p></dd><dt><span class="term">-P prefix</span></dt><dd><p>Specify the prefix used on the certificate and key databases. This option is provided as a special case. 
+          Changing the names of the certificate and key databases is not recommended.</p></dd><dt><span class="term">-r</span></dt><dd><p>Dumps all of the data in raw (binary) form. This must be saved as a DER file. The default is to return information in a pretty-print ASCII format, which displays the information about the certificates and public keys in the p12 file.</p></dd><dt><span class="term">-v </span></dt><dd><p>Enable debug logging when importing.</p></dd><dt><span class="term">-w p12filePasswordFile</span></dt><dd><p>Specify the text file containing the pkcs #12 file password.</p></dd><dt><span class="term">-W p12filePassword</span></dt><dd><p>Specify the pkcs #12 file password.</p></dd></dl></div></div><div class="refsection"><a name="return-codes"></a><h2>Return Codes</h2><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p> 0 - No error</p></li><li class="listitem"><p> 1 - User Cancelled</p></li><li class="listitem"><p> 2 - Usage error</p></li><li class="listitem"><p> 6 - NLS init error</p></li><li class="listitem"><p> 8 - Certificate DB open error</p></li><li class="listitem"><p> 9 - Key DB open error</p></li><li class="listitem"><p> 10 - File initialization error</p></li><li class="listitem"><p> 11 - Unicode conversion error</p></li><li class="listitem"><p> 12 - Temporary file creation error</p></li><li class="listitem"><p> 13 - PKCS11 get slot error</p></li><li class="listitem"><p> 14 - PKCS12 decoder start error</p></li><li class="listitem"><p> 15 - error read from import file</p></li><li class="listitem"><p> 16 - pkcs12 decode error</p></li><li class="listitem"><p> 17 - pkcs12 decoder verify error</p></li><li class="listitem"><p> 18 - pkcs12 decoder validate bags error</p></li><li class="listitem"><p> 19 - pkcs12 decoder import bags error</p></li><li class="listitem"><p> 20 - key db conversion version 3 to version 2 error</p></li><li class="listitem"><p> 21 - cert db conversion version 7 to version 5 error</p></li><li class="listitem"><p> 22 - cert and key dbs patch error</p></li><li class="listitem"><p> 23 - get default cert db error</p></li><li class="listitem"><p> 24 - find cert by nickname error</p></li><li class="listitem"><p> 25 - create export context error</p></li><li class="listitem"><p> 26 - PKCS12 add password itegrity error</p></li><li class="listitem"><p> 27 - cert and key Safes creation error</p></li><li class="listitem"><p> 28 - PKCS12 add cert and key error</p></li><li class="listitem"><p> 29 - PKCS12 encode error</p></li></ul></div></div><div class="refsection"><a name="examples"></a><h2>Examples</h2><p><span class="command"><strong>Importing Keys and Certificates</strong></span></p><p>The most basic usage of <span class="command"><strong>pk12util</strong></span> for importing a certificate or key is the PKCS#12 input file (<code class="option">-i</code>) and some way to specify the security database being accessed (either <code class="option">-d</code> for a directory or <code class="option">-h</code> for a token).
     </p><p>
     pk12util -i p12File [-h tokenname] [-v] [-d [sql:]directory] [-P dbprefix] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword]
     </p><p>For example:</p><p> </p><pre class="programlisting"># pk12util -i /tmp/cert-files/users.p12 -d sql:/home/my/sharednssdb
@@ -12,7 +12,7 @@ and should contain at least one non-alphabetic character.
 Enter new password: 
 Re-enter password: 
 Enter password for PKCS12 file: 
-pk12util: PKCS12 IMPORT SUCCESSFUL</pre><p><span class="command"><strong>Exporting Keys and Certificates</strong></span></p><p>Using the <span class="command"><strong>pk12util</strong></span> command to export certificates and keys requires both the name of the certificate to extract from the database (<code class="option">-n</code>) and the PKCS #12-formatted output file to write to. There are optional parameters that can be used to encrypt the file to protect the certificate material.
+pk12util: PKCS12 IMPORT SUCCESSFUL</pre><p><span class="command"><strong>Exporting Keys and Certificates</strong></span></p><p>Using the <span class="command"><strong>pk12util</strong></span> command to export certificates and keys requires both the name of the certificate to extract from the database (<code class="option">-n</code>) and the PKCS#12-formatted output file to write to. There are optional parameters that can be used to encrypt the file to protect the certificate material.
     </p><p>pk12util -o p12File -n certname [-c keyCipher] [-C certCipher] [-m|--key_len keyLen] [-n|--cert_key_len certKeyLen] [-d [sql:]directory] [-P dbprefix] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword]</p><p>For example:</p><pre class="programlisting"># pk12util -o certs.p12 -n Server-Cert -d sql:/home/my/sharednssdb
 Enter password for PKCS12 file: 
 Re-enter password: </pre><p><span class="command"><strong>Listing Keys and Certificates</strong></span></p><p>The information in a <code class="filename">.p12</code> file are not human-readable. The certificates and keys in the file can be printed (listed) in a human-readable pretty-print format that shows information for every certificate and any public keys in the <code class="filename">.p12</code> file.
@@ -48,7 +48,7 @@ Key(shrouded):
 Certificate    Friendly Name: Thawte Personal Freemail Issuing CA - Thawte Consulting
 
 Certificate    Friendly Name: Thawte Freemail Member's Thawte Consulting (Pty) Ltd. ID
-    </pre></div><div class="refsection"><a name="encryption"></a><h2>Password Encryption</h2><p>PKCS #12 provides for not only the protection of the private keys but also the certificate and meta-data associated with the keys. Password-based encryption is used to protect private keys on export to a PKCS #12 file and, optionally, the associated certificates. If no algorithm is specified, the tool defaults to using PKCS #12 SHA-1 and 3-key triple DES for private key encryption. When not in FIPS mode, PKCS #12 SHA-1 and 40-bit RC4 is used for certificate encryption. When in FIPS mode, there is no certificate encryption. If certificate encryption is not wanted, specify <strong class="userinput"><code>"NONE"</code></strong> as the argument of the <code class="option">-C</code> option.</p><p>The private key is always protected with strong encryption by default.</p><p>Several types of ciphers are supported.</p><div class="variablelist"><dl class="variablelist"><dt><span class="term">PKCS #5 password-based encryption</span></dt><dd><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>PBES2 with AES-CBC-Pad as underlying encryption scheme (<strong class="userinput"><code>"AES-128-CBC"</code></strong>, <strong class="userinput"><code>"AES-192-CBC"</code></strong>, and <strong class="userinput"><code>"AES-256-CBC"</code></strong>)</p></li></ul></div></dd><dt><span class="term">PKCS #12 password-based encryption</span></dt><dd><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>SHA-1 and 128-bit RC4 (<strong class="userinput"><code>"PKCS #12 V2 PBE With SHA-1 And 128 Bit RC4"</code></strong> or <strong class="userinput"><code>"RC4"</code></strong>)</p></li><li class="listitem"><p>SHA-1 and 40-bit RC4 (<strong class="userinput"><code>"PKCS #12 V2 PBE With SHA-1 And 40 Bit RC4"</code></strong>) (used by default for certificate encryption in non-FIPS mode)</p></li><li class="listitem"><p>SHA-1 and 3-key triple-DES (<strong class="userinput"><code>"PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC"</code></strong> or <strong class="userinput"><code>"DES-EDE3-CBC"</code></strong>)</p></li><li class="listitem"><p>SHA-1 and 128-bit RC2 (<strong class="userinput"><code>"PKCS #12 V2 PBE With SHA-1 And 128 Bit RC2 CBC"</code></strong> or <strong class="userinput"><code>"RC2-CBC"</code></strong>)</p></li><li class="listitem"><p>SHA-1 and 40-bit RC2 (<strong class="userinput"><code>"PKCS #12 V2 PBE With SHA-1 And 40 Bit RC2 CBC"</code></strong>)</p></li></ul></div></dd></dl></div><p>With PKCS #12, the crypto provider may be the soft token module or an external hardware module. If the cryptographic module does not support the requested algorithm, then the next best fit will be selected (usually the default). If no suitable replacement for the desired algorithm can be found, the tool returns the error <span class="emphasis"><em>no security module can perform the requested operation</em></span>.</p></div><div class="refsection"><a name="databases"></a><h2>NSS Database Types</h2><p>NSS originally used BerkeleyDB databases to store security information. 
+    </pre></div><div class="refsection"><a name="encryption"></a><h2>Password Encryption</h2><p>PKCS#12 provides for not only the protection of the private keys but also the certificate and meta-data associated with the keys. Password-based encryption is used to protect private keys on export to a PKCS#12 file and, optionally, the entire package. If no algorithm is specified, the tool defaults to using <span class="command"><strong>PKCS12 V2 PBE with SHA1 and 3KEY Triple DES-cbc</strong></span> for private key encryption. <span class="command"><strong>PKCS12 V2 PBE with SHA1 and 40 Bit RC4</strong></span> is the default for the overall package encryption when not in FIPS mode. When in FIPS mode, there is no package encryption.</p><p>The private key is always protected with strong encryption by default.</p><p>Several types of ciphers are supported.</p><div class="variablelist"><dl class="variablelist"><dt><span class="term">Symmetric CBC ciphers for PKCS#5 V2</span></dt><dd><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>DES-CBC</p></li><li class="listitem"><p>RC2-CBC</p></li><li class="listitem"><p>RC5-CBCPad</p></li><li class="listitem"><p>DES-EDE3-CBC (the default for key encryption)</p></li><li class="listitem"><p>AES-128-CBC</p></li><li class="listitem"><p>AES-192-CBC</p></li><li class="listitem"><p>AES-256-CBC</p></li><li class="listitem"><p>CAMELLIA-128-CBC</p></li><li class="listitem"><p>CAMELLIA-192-CBC</p></li><li class="listitem"><p>CAMELLIA-256-CBC</p></li></ul></div></dd><dt><span class="term">PKCS#12 PBE ciphers</span></dt><dd><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>PKCS #12 PBE with Sha1 and 128 Bit RC4</p></li><li class="listitem"><p>PKCS #12 PBE with Sha1 and 40 Bit RC4</p></li><li class="listitem"><p>PKCS #12 PBE with Sha1 and Triple DES CBC</p></li><li class="listitem"><p>PKCS #12 PBE with Sha1 and 128 Bit RC2 CBC</p></li><li class="listitem"><p>PKCS #12 PBE with Sha1 and 40 Bit RC2 CBC</p></li><li class="listitem"><p>PKCS12 V2 PBE with SHA1 and 128 Bit RC4</p></li><li class="listitem"><p>PKCS12 V2 PBE with SHA1 and 40 Bit RC4 (the default for non-FIPS mode)</p></li><li class="listitem"><p>PKCS12 V2 PBE with SHA1 and 3KEY Triple DES-cbc</p></li><li class="listitem"><p>PKCS12 V2 PBE with SHA1 and 2KEY Triple DES-cbc</p></li><li class="listitem"><p>PKCS12 V2 PBE with SHA1 and 128 Bit RC2 CBC</p></li><li class="listitem"><p>PKCS12 V2 PBE with SHA1 and 40 Bit RC2 CBC</p></li></ul></div></dd><dt><span class="term">PKCS#5 PBE ciphers</span></dt><dd><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>PKCS #5 Password Based Encryption with MD2 and DES CBC</p></li><li class="listitem"><p>PKCS #5 Password Based Encryption with MD5 and DES CBC</p></li><li class="listitem"><p>PKCS #5 Password Based Encryption with SHA1 and DES CBC</p></li></ul></div></dd></dl></div><p>With PKCS#12, the crypto provider may be the soft token module or an external hardware module. If the cryptographic module does not support the requested algorithm, then the next best fit will be selected (usually the default). If no suitable replacement for the desired algorithm can be found, the tool returns the error <span class="emphasis"><em>no security module can perform the requested operation</em></span>.</p></div><div class="refsection"><a name="databases"></a><h2>NSS Database Types</h2><p>NSS originally used BerkeleyDB databases to store security information. 
 The last versions of these <span class="emphasis"><em>legacy</em></span> databases are:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
 			cert8.db for certificates
 		</p></li><li class="listitem"><p>
@@ -68,7 +68,7 @@ BerkleyDB. These new databases provide more accessibility and performance:</p><d
 Using the SQLite databases must be manually specified by using the <span class="command"><strong>sql:</strong></span> prefix with the given security directory. For example:</p><pre class="programlisting"># pk12util -i /tmp/cert-files/users.p12 -d sql:/home/my/sharednssdb</pre><p>To set the shared database type as the default type for the tools, set the <code class="envar">NSS_DEFAULT_DB_TYPE</code> environment variable to <code class="envar">sql</code>:</p><pre class="programlisting">export NSS_DEFAULT_DB_TYPE="sql"</pre><p>This line can be set added to the <code class="filename">~/.bashrc</code> file to make the change permanent.</p><p>Most applications do not use the shared database by default, but they can be configured to use them. For example, this how-to article covers how to configure Firefox and Thunderbird to use the new shared NSS databases:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
 			https://wiki.mozilla.org/NSS_Shared_DB_Howto</p></li></ul></div><p>For an engineering draft on the changes in the shared NSS databases, see the NSS project wiki:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
 			https://wiki.mozilla.org/NSS_Shared_DB
-		</p></li></ul></div></div><div class="refsection"><a name="compatibility"></a><h2>Compatibility Notes</h2><p>The exporting behavior of <span class="command"><strong>pk12util</strong></span> has changed over time, while importing files exported with older versions of NSS is still supported.</p><p>Until the 3.30 release, <span class="command"><strong>pk12util</strong></span> used the UTF-16 encoding for the PKCS #5 password-based encryption schemes, while the recommendation is to encode passwords in UTF-8 if the used encryption scheme is defined outside of the PKCS #12 standard.</p><p>Until the 3.31 release, even when <strong class="userinput"><code>"AES-128-CBC"</code></strong> or <strong class="userinput"><code>"AES-192-CBC"</code></strong> is given from the command line, <span class="command"><strong>pk12util</strong></span> always used 256-bit AES as the underlying encryption scheme.</p><p>For historical reasons, <span class="command"><strong>pk12util</strong></span> accepts password-based encryption schemes not listed in this document.  However, those schemes are not officially supported and may have issues in interoperability with other tools.</p></div><div class="refsection"><a name="seealso"></a><h2>See Also</h2><p>certutil (1)</p><p>modutil (1)</p><p>The NSS wiki has information on the new database design and how to configure applications to use it.</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
+		</p></li></ul></div></div><div class="refsection"><a name="seealso"></a><h2>See Also</h2><p>certutil (1)</p><p>modutil (1)</p><p>The NSS wiki has information on the new database design and how to configure applications to use it.</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
 			https://wiki.mozilla.org/NSS_Shared_DB_Howto</p></li><li class="listitem"><p>
 			https://wiki.mozilla.org/NSS_Shared_DB
 		</p></li></ul></div></div><div class="refsection"><a name="resources"></a><h2>Additional Resources</h2><p>For information about NSS and other tools related to NSS (like JSS), check out the NSS project wiki at <a class="ulink" href="http://www.mozilla.org/projects/security/pki/nss/" target="_top">http://www.mozilla.org/projects/security/pki/nss/</a>. The NSS site relates directly to NSS code changes and releases.</p><p>Mailing lists: https://lists.mozilla.org/listinfo/dev-tech-crypto</p><p>IRC: Freenode at #dogtag-pki</p></div><div class="refsection"><a name="authors"></a><h2>Authors</h2><p>The NSS tools were written and maintained by developers with Netscape, Red Hat,  Sun, Oracle, Mozilla, and Google.</p><p>
diff --git a/security/nss/doc/nroff/certutil.1 b/security/nss/doc/nroff/certutil.1
index 80a02fc27..b2a8bd2bb 100644
--- a/security/nss/doc/nroff/certutil.1
+++ b/security/nss/doc/nroff/certutil.1
@@ -1,13 +1,13 @@
 '\" t
 .\"     Title: CERTUTIL
 .\"    Author: [see the "Authors" section]
-.\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 27 October 2017
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\"      Date:  8 September 2016
 .\"    Manual: NSS Security Tools
 .\"    Source: nss-tools
 .\"  Language: English
 .\"
-.TH "CERTUTIL" "1" "27 October 2017" "nss-tools" "NSS Security Tools"
+.TH "CERTUTIL" "1" "8 September 2016" "nss-tools" "NSS Security Tools"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -371,9 +371,9 @@ Read an alternate PQG value from the specified file when generating DSA key pair
 \fBcertutil\fR
 generates its own PQG value\&. PQG files are created with a separate DSA utility\&.
 .sp
-Elliptic curve name is one of the ones from nistp256, nistp384, nistp521, curve25519\&.
+Elliptic curve name is one of the ones from nistp256, nistp384, nistp521, curve25519.
 .sp
-If a token is available that supports more curves, the foolowing curves are supported as well: sect163k1, nistk163, sect163r1, sect163r2, nistb163, sect193r1, sect193r2, sect233k1, nistk233, sect233r1, nistb233, sect239k1, sect283k1, nistk283, sect283r1, nistb283, sect409k1, nistk409, sect409r1, nistb409, sect571k1, nistk571, sect571r1, nistb571, secp160k1, secp160r1, secp160r2, secp192k1, secp192r1, nistp192, secp224k1, secp224r1, nistp224, secp256k1, secp256r1, secp384r1, secp521r1, prime192v1, prime192v2, prime192v3, prime239v1, prime239v2, prime239v3, c2pnb163v1, c2pnb163v2, c2pnb163v3, c2pnb176v1, c2tnb191v1, c2tnb191v2, c2tnb191v3, c2pnb208w1, c2tnb239v1, c2tnb239v2, c2tnb239v3, c2pnb272w1, c2pnb304w1, c2tnb359w1, c2pnb368w1, c2tnb431r1, secp112r1, secp112r2, secp128r1, secp128r2, sect113r1, sect113r2, sect131r1, sect131r2
+If a token is available that supports more curves, the foolowing curves are supported as well: sect163k1, nistk163, sect163r1, sect163r2, nistb163,  sect193r1, sect193r2, sect233k1, nistk233, sect233r1, nistb233, sect239k1, sect283k1, nistk283, sect283r1, nistb283, sect409k1, nistk409, sect409r1, nistb409,  sect571k1, nistk571, sect571r1, nistb571, secp160k1, secp160r1, secp160r2, secp192k1, secp192r1, nistp192,  secp224k1, secp224r1, nistp224, secp256k1, secp256r1, secp384r1, secp521r1, prime192v1, prime192v2, prime192v3, prime239v1, prime239v2, prime239v3, c2pnb163v1, c2pnb163v2, c2pnb163v3, c2pnb176v1, c2tnb191v1, c2tnb191v2, c2tnb191v3, c2pnb208w1, c2tnb239v1, c2tnb239v2, c2tnb239v3, c2pnb272w1, c2pnb304w1, c2tnb359w1, c2pnb368w1, c2tnb431r1, secp112r1, secp112r2, secp128r1, secp128r2, sect113r1, sect113r2, sect131r1, sect131r2
 .RE
 .PP
 \-r
@@ -609,24 +609,6 @@ to generate the signature for a certificate being created or added to a database
 Set an alternate exponent value to use in generating a new RSA public key for the database, instead of the default value of 65537\&. The available alternate values are 3 and 17\&.
 .RE
 .PP
-\-\-pss
-.RS 4
-Restrict the generated certificate (with the
-\fB\-S\fR
-option) or certificate request (with the
-\fB\-R\fR
-option) to be used with the RSA\-PSS signature scheme\&. This only works when the private key of the certificate or certificate request is RSA\&.
-.RE
-.PP
-\-\-pss\-sign
-.RS 4
-Sign the generated certificate with the RSA\-PSS signature scheme (with the
-\fB\-C\fR
-or
-\fB\-S\fR
-option)\&. This only works when the private key of the signer\*(Aqs certificate is RSA\&. If the signer\*(Aqs certificate is restricted to RSA\-PSS, it is not necessary to specify this option\&.
-.RE
-.PP
 \-z noise\-file
 .RS 4
 Read a seed value from the specified file to generate a new private and public key pair\&. This argument makes it possible to use hardware\-generated seed values or manually create a value from the keyboard\&. The minimum file size is 20 bytes\&.
@@ -1530,8 +1512,7 @@ There are ways to narrow the keys listed in the search results:
 .IP \(bu 2.3
 .\}
 To return a specific key, use the
-\fB\-n\fR
-\fIname\fR
+\fB\-n\fR\fIname\fR
 argument with the name of the key\&.
 .RE
 .sp
@@ -1544,8 +1525,7 @@ argument with the name of the key\&.
 .IP \(bu 2.3
 .\}
 If there are multiple security devices loaded, then the
-\fB\-h\fR
-\fItokenname\fR
+\fB\-h\fR\fItokenname\fR
 argument can search a specific token or all tokens\&.
 .RE
 .sp
@@ -1558,8 +1538,7 @@ argument can search a specific token or all tokens\&.
 .IP \(bu 2.3
 .\}
 If there are multiple key types available, then the
-\fB\-k\fR
-\fIkey\-type\fR
+\fB\-k\fR\fIkey\-type\fR
 argument can search a specific type of key, like RSA, DSA, or ECC\&.
 .RE
 .PP
diff --git a/security/nss/doc/nroff/pk12util.1 b/security/nss/doc/nroff/pk12util.1
index e0a8da833..c4fa972c0 100644
--- a/security/nss/doc/nroff/pk12util.1
+++ b/security/nss/doc/nroff/pk12util.1
@@ -1,13 +1,13 @@
 '\" t
 .\"     Title: PK12UTIL
 .\"    Author: [see the "Authors" section]
-.\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 27 October 2017
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\"      Date:  5 June 2014
 .\"    Manual: NSS Security Tools
 .\"    Source: nss-tools
 .\"  Language: English
 .\"
-.TH "PK12UTIL" "1" "27 October 2017" "nss-tools" "NSS Security Tools"
+.TH "PK12UTIL" "1" "5 June 2014" "nss-tools" "NSS Security Tools"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -39,24 +39,24 @@ This documentation is still work in progress\&. Please contribute to the initial
 .SH "DESCRIPTION"
 .PP
 The PKCS #12 utility,
-\fBpk12util\fR, enables sharing certificates among any server that supports PKCS #12\&. The tool can import certificates and keys from PKCS #12 files into security databases, export certificates, and list certificates and keys\&.
+\fBpk12util\fR, enables sharing certificates among any server that supports PKCS#12\&. The tool can import certificates and keys from PKCS#12 files into security databases, export certificates, and list certificates and keys\&.
 .SH "OPTIONS AND ARGUMENTS"
 .PP
 \fBOptions\fR
 .PP
 \-i p12file
 .RS 4
-Import keys and certificates from a PKCS #12 file into a security database\&.
+Import keys and certificates from a PKCS#12 file into a security database\&.
 .RE
 .PP
 \-l p12file
 .RS 4
-List the keys and certificates in PKCS #12 file\&.
+List the keys and certificates in PKCS#12 file\&.
 .RE
 .PP
 \-o p12file
 .RS 4
-Export keys and certificates from the security database to a PKCS #12 file\&.
+Export keys and certificates from the security database to a PKCS#12 file\&.
 .RE
 .PP
 \fBArguments\fR
@@ -68,7 +68,7 @@ Specify the key encryption algorithm\&.
 .PP
 \-C certCipher
 .RS 4
-Specify the certiticate encryption algorithm\&.
+Specify the key cert (overall package) encryption algorithm\&.
 .RE
 .PP
 \-d [sql:]directory
@@ -432,7 +432,7 @@ Specify the pkcs #12 file password\&.
 .PP
 The most basic usage of
 \fBpk12util\fR
-for importing a certificate or key is the PKCS #12 input file (\fB\-i\fR) and some way to specify the security database being accessed (either
+for importing a certificate or key is the PKCS#12 input file (\fB\-i\fR) and some way to specify the security database being accessed (either
 \fB\-d\fR
 for a directory or
 \fB\-h\fR
@@ -467,7 +467,7 @@ pk12util: PKCS12 IMPORT SUCCESSFUL
 .PP
 Using the
 \fBpk12util\fR
-command to export certificates and keys requires both the name of the certificate to extract from the database (\fB\-n\fR) and the PKCS #12\-formatted output file to write to\&. There are optional parameters that can be used to encrypt the file to protect the certificate material\&.
+command to export certificates and keys requires both the name of the certificate to extract from the database (\fB\-n\fR) and the PKCS#12\-formatted output file to write to\&. There are optional parameters that can be used to encrypt the file to protect the certificate material\&.
 .PP
 pk12util \-o p12File \-n certname [\-c keyCipher] [\-C certCipher] [\-m|\-\-key_len keyLen] [\-n|\-\-cert_key_len certKeyLen] [\-d [sql:]directory] [\-P dbprefix] [\-k slotPasswordFile|\-K slotPassword] [\-w p12filePasswordFile|\-W p12filePassword]
 .PP
@@ -559,17 +559,17 @@ Certificate    Friendly Name: Thawte Freemail Member\*(Aqs Thawte Consulting (Pt
 .\}
 .SH "PASSWORD ENCRYPTION"
 .PP
-PKCS #12 provides for not only the protection of the private keys but also the certificate and meta\-data associated with the keys\&. Password\-based encryption is used to protect private keys on export to a PKCS #12 file and, optionally, the associated certificates\&. If no algorithm is specified, the tool defaults to using PKCS #12 SHA\-1 and 3\-key triple DES for private key encryption\&. When not in FIPS mode, PKCS #12 SHA\-1 and 40\-bit RC4 is used for certificate encryption\&. When in FIPS mode, there is no certificate encryption\&. If certificate encryption is not wanted, specify
-\fB"NONE"\fR
-as the argument of the
-\fB\-C\fR
-option\&.
+PKCS#12 provides for not only the protection of the private keys but also the certificate and meta\-data associated with the keys\&. Password\-based encryption is used to protect private keys on export to a PKCS#12 file and, optionally, the entire package\&. If no algorithm is specified, the tool defaults to using
+\fBPKCS12 V2 PBE with SHA1 and 3KEY Triple DES\-cbc\fR
+for private key encryption\&.
+\fBPKCS12 V2 PBE with SHA1 and 40 Bit RC4\fR
+is the default for the overall package encryption when not in FIPS mode\&. When in FIPS mode, there is no package encryption\&.
 .PP
 The private key is always protected with strong encryption by default\&.
 .PP
 Several types of ciphers are supported\&.
 .PP
-PKCS #5 password\-based encryption
+Symmetric CBC ciphers for PKCS#5 V2
 .RS 4
 .sp
 .RS 4
@@ -580,13 +580,110 @@ PKCS #5 password\-based encryption
 .sp -1
 .IP \(bu 2.3
 .\}
-PBES2 with AES\-CBC\-Pad as underlying encryption scheme (\fB"AES\-128\-CBC"\fR,
-\fB"AES\-192\-CBC"\fR, and
-\fB"AES\-256\-CBC"\fR)
+DES\-CBC
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+RC2\-CBC
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+RC5\-CBCPad
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+DES\-EDE3\-CBC (the default for key encryption)
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+AES\-128\-CBC
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+AES\-192\-CBC
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+AES\-256\-CBC
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+CAMELLIA\-128\-CBC
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+CAMELLIA\-192\-CBC
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+CAMELLIA\-256\-CBC
 .RE
 .RE
 .PP
-PKCS #12 password\-based encryption
+PKCS#12 PBE ciphers
 .RS 4
 .sp
 .RS 4
@@ -597,9 +694,7 @@ PKCS #12 password\-based encryption
 .sp -1
 .IP \(bu 2.3
 .\}
-SHA\-1 and 128\-bit RC4 (\fB"PKCS #12 V2 PBE With SHA\-1 And 128 Bit RC4"\fR
-or
-\fB"RC4"\fR)
+PKCS #12 PBE with Sha1 and 128 Bit RC4
 .RE
 .sp
 .RS 4
@@ -610,7 +705,7 @@ or
 .sp -1
 .IP \(bu 2.3
 .\}
-SHA\-1 and 40\-bit RC4 (\fB"PKCS #12 V2 PBE With SHA\-1 And 40 Bit RC4"\fR) (used by default for certificate encryption in non\-FIPS mode)
+PKCS #12 PBE with Sha1 and 40 Bit RC4
 .RE
 .sp
 .RS 4
@@ -621,9 +716,7 @@ SHA\-1 and 40\-bit RC4 (\fB"PKCS #12 V2 PBE With SHA\-1 And 40 Bit RC4"\fR) (use
 .sp -1
 .IP \(bu 2.3
 .\}
-SHA\-1 and 3\-key triple\-DES (\fB"PKCS #12 V2 PBE With SHA\-1 And 3KEY Triple DES\-CBC"\fR
-or
-\fB"DES\-EDE3\-CBC"\fR)
+PKCS #12 PBE with Sha1 and Triple DES CBC
 .RE
 .sp
 .RS 4
@@ -634,9 +727,7 @@ or
 .sp -1
 .IP \(bu 2.3
 .\}
-SHA\-1 and 128\-bit RC2 (\fB"PKCS #12 V2 PBE With SHA\-1 And 128 Bit RC2 CBC"\fR
-or
-\fB"RC2\-CBC"\fR)
+PKCS #12 PBE with Sha1 and 128 Bit RC2 CBC
 .RE
 .sp
 .RS 4
@@ -647,11 +738,114 @@ or
 .sp -1
 .IP \(bu 2.3
 .\}
-SHA\-1 and 40\-bit RC2 (\fB"PKCS #12 V2 PBE With SHA\-1 And 40 Bit RC2 CBC"\fR)
+PKCS #12 PBE with Sha1 and 40 Bit RC2 CBC
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+PKCS12 V2 PBE with SHA1 and 128 Bit RC4
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+PKCS12 V2 PBE with SHA1 and 40 Bit RC4 (the default for non\-FIPS mode)
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+PKCS12 V2 PBE with SHA1 and 3KEY Triple DES\-cbc
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+PKCS12 V2 PBE with SHA1 and 2KEY Triple DES\-cbc
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+PKCS12 V2 PBE with SHA1 and 128 Bit RC2 CBC
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+PKCS12 V2 PBE with SHA1 and 40 Bit RC2 CBC
 .RE
 .RE
 .PP
-With PKCS #12, the crypto provider may be the soft token module or an external hardware module\&. If the cryptographic module does not support the requested algorithm, then the next best fit will be selected (usually the default)\&. If no suitable replacement for the desired algorithm can be found, the tool returns the error
+PKCS#5 PBE ciphers
+.RS 4
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+PKCS #5 Password Based Encryption with MD2 and DES CBC
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+PKCS #5 Password Based Encryption with MD5 and DES CBC
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+PKCS #5 Password Based Encryption with SHA1 and DES CBC
+.RE
+.RE
+.PP
+With PKCS#12, the crypto provider may be the soft token module or an external hardware module\&. If the cryptographic module does not support the requested algorithm, then the next best fit will be selected (usually the default)\&. If no suitable replacement for the desired algorithm can be found, the tool returns the error
 \fIno security module can perform the requested operation\fR\&.
 .SH "NSS DATABASE TYPES"
 .PP
@@ -793,27 +987,6 @@ For an engineering draft on the changes in the shared NSS databases, see the NSS
 .\}
 https://wiki\&.mozilla\&.org/NSS_Shared_DB
 .RE
-.SH "COMPATIBILITY NOTES"
-.PP
-The exporting behavior of
-\fBpk12util\fR
-has changed over time, while importing files exported with older versions of NSS is still supported\&.
-.PP
-Until the 3\&.30 release,
-\fBpk12util\fR
-used the UTF\-16 encoding for the PKCS #5 password\-based encryption schemes, while the recommendation is to encode passwords in UTF\-8 if the used encryption scheme is defined outside of the PKCS #12 standard\&.
-.PP
-Until the 3\&.31 release, even when
-\fB"AES\-128\-CBC"\fR
-or
-\fB"AES\-192\-CBC"\fR
-is given from the command line,
-\fBpk12util\fR
-always used 256\-bit AES as the underlying encryption scheme\&.
-.PP
-For historical reasons,
-\fBpk12util\fR
-accepts password\-based encryption schemes not listed in this document\&. However, those schemes are not officially supported and may have issues in interoperability with other tools\&.
 .SH "SEE ALSO"
 .PP
 certutil (1)
diff --git a/security/nss/doc/pk12util.xml b/security/nss/doc/pk12util.xml
index c26794965..03ee356e6 100644
--- a/security/nss/doc/pk12util.xml
+++ b/security/nss/doc/pk12util.xml
@@ -46,7 +46,7 @@
 
   <refsection id="description">
     <title>Description</title>
-    <para>The PKCS #12 utility, <command>pk12util</command>, enables sharing certificates among any server that supports PKCS #12. The tool can import certificates and keys from PKCS #12 files into security databases, export certificates, and list certificates and keys.</para>
+    <para>The PKCS #12 utility, <command>pk12util</command>, enables sharing certificates among any server that supports PKCS#12. The tool can import certificates and keys from PKCS#12 files into security databases, export certificates, and list certificates and keys.</para>
   </refsection>
   
   <refsection id="options">
@@ -55,17 +55,17 @@
     <variablelist>
       <varlistentry>
         <term>-i p12file</term>
-        <listitem><para>Import keys and certificates from a PKCS #12 file into a security database.</para></listitem>
+        <listitem><para>Import keys and certificates from a PKCS#12 file into a security database.</para></listitem>
       </varlistentry>
 
       <varlistentry>
         <term>-l p12file</term>
-        <listitem><para>List the keys and certificates in PKCS #12 file.</para></listitem>
+        <listitem><para>List the keys and certificates in PKCS#12 file.</para></listitem>
       </varlistentry>
 
       <varlistentry>
         <term>-o p12file</term>
-        <listitem><para>Export keys and certificates from the security database to a PKCS #12 file.</para></listitem>
+        <listitem><para>Export keys and certificates from the security database to a PKCS#12 file.</para></listitem>
       </varlistentry>
     </variablelist>
 
@@ -78,7 +78,7 @@
 
       <varlistentry>
         <term>-C certCipher</term>
-        <listitem><para>Specify the certiticate encryption algorithm.</para></listitem>
+        <listitem><para>Specify the key cert (overall package) encryption algorithm.</para></listitem>
       </varlistentry>
 
       <varlistentry>
@@ -233,7 +233,7 @@
   <refsection id="examples">
     <title>Examples</title>
     <para><command>Importing Keys and Certificates</command></para>
-    <para>The most basic usage of <command>pk12util</command> for importing a certificate or key is the PKCS #12 input file (<option>-i</option>) and some way to specify the security database being accessed (either <option>-d</option> for a directory or <option>-h</option> for a token).
+    <para>The most basic usage of <command>pk12util</command> for importing a certificate or key is the PKCS#12 input file (<option>-i</option>) and some way to specify the security database being accessed (either <option>-d</option> for a directory or <option>-h</option> for a token).
     </para>
     <para>
     pk12util -i p12File [-h tokenname] [-v] [-d [sql:]directory] [-P dbprefix] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword]
@@ -252,7 +252,7 @@ Enter password for PKCS12 file:
 pk12util: PKCS12 IMPORT SUCCESSFUL</programlisting>
 
     <para><command>Exporting Keys and Certificates</command></para>
-    <para>Using the <command>pk12util</command> command to export certificates and keys requires both the name of the certificate to extract from the database (<option>-n</option>) and the PKCS #12-formatted output file to write to. There are optional parameters that can be used to encrypt the file to protect the certificate material.
+    <para>Using the <command>pk12util</command> command to export certificates and keys requires both the name of the certificate to extract from the database (<option>-n</option>) and the PKCS#12-formatted output file to write to. There are optional parameters that can be used to encrypt the file to protect the certificate material.
     </para>
     <para>pk12util -o p12File -n certname [-c keyCipher] [-C certCipher] [-m|--key_len keyLen] [-n|--cert_key_len certKeyLen] [-d [sql:]directory] [-P dbprefix] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword]</para>
     <para>For example:</para>
@@ -304,34 +304,58 @@ Certificate    Friendly Name: Thawte Freemail Member's Thawte Consulting (Pty) L
 
   <refsection id="encryption">
     <title>Password Encryption</title>
-    <para>PKCS #12 provides for not only the protection of the private keys but also the certificate and meta-data associated with the keys. Password-based encryption is used to protect private keys on export to a PKCS #12 file and, optionally, the associated certificates. If no algorithm is specified, the tool defaults to using PKCS #12 SHA-1 and 3-key triple DES for private key encryption. When not in FIPS mode, PKCS #12 SHA-1 and 40-bit RC4 is used for certificate encryption. When in FIPS mode, there is no certificate encryption. If certificate encryption is not wanted, specify <userinput>"NONE"</userinput> as the argument of the <option>-C</option> option.</para>
+    <para>PKCS#12 provides for not only the protection of the private keys but also the certificate and meta-data associated with the keys. Password-based encryption is used to protect private keys on export to a PKCS#12 file and, optionally, the entire package. If no algorithm is specified, the tool defaults to using <command>PKCS12 V2 PBE with SHA1 and 3KEY Triple DES-cbc</command> for private key encryption. <command>PKCS12 V2 PBE with SHA1 and 40 Bit RC4</command> is the default for the overall package encryption when not in FIPS mode. When in FIPS mode, there is no package encryption.</para>
     <para>The private key is always protected with strong encryption by default.</para>
     <para>Several types of ciphers are supported.</para>
     <variablelist>
     
       <varlistentry>
-        <term>PKCS #5 password-based encryption</term>
+        <term>Symmetric CBC ciphers for PKCS#5 V2</term>
         <listitem>
-	  <itemizedlist>
-	    <listitem><para>PBES2 with AES-CBC-Pad as underlying encryption scheme (<userinput>"AES-128-CBC"</userinput>, <userinput>"AES-192-CBC"</userinput>, and <userinput>"AES-256-CBC"</userinput>)</para></listitem>
-	  </itemizedlist>
+	     <itemizedlist>
+	       <listitem><para>DES-CBC</para></listitem>
+	       <listitem><para>RC2-CBC</para></listitem>
+	       <listitem><para>RC5-CBCPad</para></listitem>
+	       <listitem><para>DES-EDE3-CBC (the default for key encryption)</para></listitem>
+	       <listitem><para>AES-128-CBC</para></listitem>
+	       <listitem><para>AES-192-CBC</para></listitem>
+	       <listitem><para>AES-256-CBC</para></listitem>
+	       <listitem><para>CAMELLIA-128-CBC</para></listitem>
+	       <listitem><para>CAMELLIA-192-CBC</para></listitem>
+	       <listitem><para>CAMELLIA-256-CBC</para></listitem>
+	     </itemizedlist>
         </listitem>
       </varlistentry>
 
       <varlistentry>
-        <term>PKCS #12 password-based encryption</term>
+        <term>PKCS#12 PBE ciphers</term>
         <listitem>
-	  <itemizedlist>
-	    <listitem><para>SHA-1 and 128-bit RC4 (<userinput>"PKCS #12 V2 PBE With SHA-1 And 128 Bit RC4"</userinput> or <userinput>"RC4"</userinput>)</para></listitem>
-	    <listitem><para>SHA-1 and 40-bit RC4 (<userinput>"PKCS #12 V2 PBE With SHA-1 And 40 Bit RC4"</userinput>) (used by default for certificate encryption in non-FIPS mode)</para></listitem>
-	    <listitem><para>SHA-1 and 3-key triple-DES (<userinput>"PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC"</userinput> or <userinput>"DES-EDE3-CBC"</userinput>)</para></listitem>
-	    <listitem><para>SHA-1 and 128-bit RC2 (<userinput>"PKCS #12 V2 PBE With SHA-1 And 128 Bit RC2 CBC"</userinput> or <userinput>"RC2-CBC"</userinput>)</para></listitem>
-	    <listitem><para>SHA-1 and 40-bit RC2 (<userinput>"PKCS #12 V2 PBE With SHA-1 And 40 Bit RC2 CBC"</userinput>)</para></listitem>
-	  </itemizedlist>
+	     <itemizedlist>
+	       <listitem><para>PKCS #12 PBE with Sha1 and 128 Bit RC4</para></listitem>
+	       <listitem><para>PKCS #12 PBE with Sha1 and 40 Bit RC4</para></listitem>
+	       <listitem><para>PKCS #12 PBE with Sha1 and Triple DES CBC</para></listitem>
+	       <listitem><para>PKCS #12 PBE with Sha1 and 128 Bit RC2 CBC</para></listitem>
+	       <listitem><para>PKCS #12 PBE with Sha1 and 40 Bit RC2 CBC</para></listitem>
+	       <listitem><para>PKCS12 V2 PBE with SHA1 and 128 Bit RC4</para></listitem>
+	       <listitem><para>PKCS12 V2 PBE with SHA1 and 40 Bit RC4 (the default for non-FIPS mode)</para></listitem>
+	       <listitem><para>PKCS12 V2 PBE with SHA1 and 3KEY Triple DES-cbc</para></listitem>
+	       <listitem><para>PKCS12 V2 PBE with SHA1 and 2KEY Triple DES-cbc</para></listitem>
+	       <listitem><para>PKCS12 V2 PBE with SHA1 and 128 Bit RC2 CBC</para></listitem>
+	       <listitem><para>PKCS12 V2 PBE with SHA1 and 40 Bit RC2 CBC</para></listitem>
+	     </itemizedlist>
+        </listitem>
+      </varlistentry>
+        <varlistentry><term>PKCS#5 PBE ciphers</term>
+        <listitem>
+	     <itemizedlist>
+	       <listitem><para>PKCS #5 Password Based Encryption with MD2 and DES CBC</para></listitem>
+	       <listitem><para>PKCS #5 Password Based Encryption with MD5 and DES CBC</para></listitem>
+	       <listitem><para>PKCS #5 Password Based Encryption with SHA1 and DES CBC</para></listitem>
+	     </itemizedlist>
         </listitem>
       </varlistentry>
     </variablelist>
-    <para>With PKCS #12, the crypto provider may be the soft token module or an external hardware module. If the cryptographic module does not support the requested algorithm, then the next best fit will be selected (usually the default). If no suitable replacement for the desired algorithm can be found, the tool returns the error <emphasis>no security module can perform the requested operation</emphasis>.</para>
+    <para>With PKCS#12, the crypto provider may be the soft token module or an external hardware module. If the cryptographic module does not support the requested algorithm, then the next best fit will be selected (usually the default). If no suitable replacement for the desired algorithm can be found, the tool returns the error <emphasis>no security module can perform the requested operation</emphasis>.</para>
   </refsection>
 
 <refsection id="databases"><title>NSS Database Types</title>
@@ -408,14 +432,6 @@ Using the SQLite databases must be manually specified by using the <command>sql:
 </itemizedlist>
 </refsection>
 
-  <refsection id="compatibility">
-    <title>Compatibility Notes</title>
-    <para>The exporting behavior of <command>pk12util</command> has changed over time, while importing files exported with older versions of NSS is still supported.</para>
-    <para>Until the 3.30 release, <command>pk12util</command> used the UTF-16 encoding for the PKCS #5 password-based encryption schemes, while the recommendation is to encode passwords in UTF-8 if the used encryption scheme is defined outside of the PKCS #12 standard.</para>
-    <para>Until the 3.31 release, even when <userinput>"AES-128-CBC"</userinput> or <userinput>"AES-192-CBC"</userinput> is given from the command line, <command>pk12util</command> always used 256-bit AES as the underlying encryption scheme.</para>
-    <para>For historical reasons, <command>pk12util</command> accepts password-based encryption schemes not listed in this document.  However, those schemes are not officially supported and may have issues in interoperability with other tools.</para>
-  </refsection>
-
   <refsection id="seealso">
     <title>See Also</title>
     <para>certutil (1)</para>
diff --git a/security/nss/fuzz/config/clone_libfuzzer.sh b/security/nss/fuzz/config/clone_libfuzzer.sh
index c516057d7..f1dc2e14b 100644
--- a/security/nss/fuzz/config/clone_libfuzzer.sh
+++ b/security/nss/fuzz/config/clone_libfuzzer.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 
-LIBFUZZER_REVISION=6937e68f927b6aefe526fcb9db8953f497e6e74d
+LIBFUZZER_REVISION=56bd1d43451cca4b6a11d3be316bb77ab159b09d
 
 d=$(dirname $0)
 $d/git-copy.sh https://chromium.googlesource.com/chromium/llvm-project/llvm/lib/Fuzzer $LIBFUZZER_REVISION $d/../libFuzzer
diff --git a/security/nss/fuzz/config/git-copy.sh b/security/nss/fuzz/config/git-copy.sh
index a9e817e2a..a5c7d371d 100644
--- a/security/nss/fuzz/config/git-copy.sh
+++ b/security/nss/fuzz/config/git-copy.sh
@@ -7,18 +7,18 @@ if [ $# -lt 3 ]; then
   exit 2
 fi
 
-REPO="$1"
-COMMIT="$2"
-DIR="$3"
+REPO=$1
+COMMIT=$2
+DIR=$3
 
 echo "Copy '$COMMIT' from '$REPO' to '$DIR'"
-if [ -f "$DIR"/.git-copy ]; then
-  CURRENT=$(cat "$DIR"/.git-copy)
-  if [ $(echo -n "$COMMIT" | wc -c) != "40" ]; then
+if [ -f $DIR/.git-copy ]; then
+  CURRENT=$(cat $DIR/.git-copy)
+  if [ $(echo -n $COMMIT | wc -c) != "40" ]; then
     # On the off chance that $COMMIT is a remote head.
-    ACTUAL=$(git ls-remote "$REPO" "$COMMIT" | cut -c 1-40 -)
+    ACTUAL=$(git ls-remote $REPO $COMMIT | cut -c 1-40 -)
   else
-    ACTUAL="$COMMIT"
+    ACTUAL=$COMMIT
   fi
   if [ "$CURRENT" = "$ACTUAL" ]; then
     echo "Up to date."
@@ -26,9 +26,8 @@ if [ -f "$DIR"/.git-copy ]; then
   fi
 fi
 
-rm -rf "$DIR"
-git init -q "$DIR"
-git -C "$DIR" fetch -q --depth=1 "$REPO" "$COMMIT":git-copy-tmp
-git -C "$DIR" reset --hard git-copy-tmp
-git -C "$DIR" rev-parse --verify HEAD > "$DIR"/.git-copy
-rm -rf "$DIR"/.git
+git init -q $DIR
+git -C $DIR fetch -q --depth=1 $REPO $COMMIT:git-copy-tmp
+git -C $DIR reset --hard git-copy-tmp
+git -C $DIR rev-parse --verify HEAD > $DIR/.git-copy
+rm -rf $DIR/.git
diff --git a/security/nss/fuzz/mpi_expmod_target.cc b/security/nss/fuzz/mpi_expmod_target.cc
index b9be5854f..ed31da354 100644
--- a/security/nss/fuzz/mpi_expmod_target.cc
+++ b/security/nss/fuzz/mpi_expmod_target.cc
@@ -19,15 +19,6 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
   auto modulus = get_modulus(data, size, ctx);
   // Compare with OpenSSL exp mod
   m1 = &std::get<1>(modulus);
-  // The exponent b (B) can get really big. Make it smaller if necessary.
-  if (MP_USED(&b) > 100) {
-    size_t shift = (MP_USED(&b) - 100) * MP_DIGIT_BIT;
-    mp_div_2d(&b, shift, &b, nullptr);
-    BN_rshift(B, B, shift);
-  }
-  check_equal(A, &a, max_size);
-  check_equal(B, &b, max_size);
-  check_equal(std::get<0>(modulus), m1, 3 * max_size);
   assert(mp_exptmod(&a, &b, m1, &c) == MP_OKAY);
   (void)BN_mod_exp(C, A, B, std::get<0>(modulus), ctx);
   check_equal(C, &c, 2 * max_size);
diff --git a/security/nss/fuzz/mpi_helper.cc b/security/nss/fuzz/mpi_helper.cc
index d092fdb11..65cf4b9cd 100644
--- a/security/nss/fuzz/mpi_helper.cc
+++ b/security/nss/fuzz/mpi_helper.cc
@@ -12,12 +12,6 @@ char *to_char(const uint8_t *x) {
   return reinterpret_cast<char *>(const_cast<unsigned char *>(x));
 }
 
-void print_bn(std::string label, BIGNUM *x) {
-  char *xc = BN_bn2hex(x);
-  std::cout << label << ": " << std::hex << xc << std::endl;
-  OPENSSL_free(xc);
-}
-
 // Check that the two numbers are equal.
 void check_equal(BIGNUM *b, mp_int *m, size_t max_size) {
   char *bnBc = BN_bn2hex(b);
diff --git a/security/nss/fuzz/mpi_helper.h b/security/nss/fuzz/mpi_helper.h
index ef7041b25..17383744b 100644
--- a/security/nss/fuzz/mpi_helper.h
+++ b/security/nss/fuzz/mpi_helper.h
@@ -23,7 +23,6 @@ void parse_input(const uint8_t *data, size_t size, BIGNUM *A, BIGNUM *B,
 void parse_input(const uint8_t *data, size_t size, BIGNUM *A, mp_int *a);
 std::tuple<BIGNUM *, mp_int> get_modulus(const uint8_t *data, size_t size,
                                          BN_CTX *ctx);
-void print_bn(std::string label, BIGNUM *x);
 
 // Initialise MPI and BN variables
 // XXX: Also silence unused variable warnings for R.
diff --git a/security/nss/fuzz/tls_mutators.cc b/security/nss/fuzz/tls_mutators.cc
index 228bd0bb7..e9770cb39 100644
--- a/security/nss/fuzz/tls_mutators.cc
+++ b/security/nss/fuzz/tls_mutators.cc
@@ -2,14 +2,11 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
-#include <algorithm>
 #include "shared.h"
 #include "tls_parser.h"
 
 #include "ssl.h"
-extern "C" {
 #include "sslimpl.h"
-}
 
 using namespace nss_test;
 
@@ -42,9 +39,7 @@ class Record {
   void truncate(size_t length) {
     assert(length >= 5 + gExtraHeaderBytes);
     uint8_t *dest = const_cast<uint8_t *>(data_);
-    size_t l = length - (5 + gExtraHeaderBytes);
-    dest[3] = (l >> 8) & 0xff;
-    dest[4] = l & 0xff;
+    (void)ssl_EncodeUintX(length - 5 - gExtraHeaderBytes, 2, &dest[3]);
     memmove(dest + length, data_ + size_, remaining_);
   }
 
@@ -227,8 +222,8 @@ size_t FragmentRecord(uint8_t *data, size_t size, size_t max_size,
   }
 
   // Pick a record to fragment at random.
-  std::uniform_int_distribution<size_t> rand_record(0, records.size() - 1);
-  auto &rec = records.at(rand_record(rng));
+  std::uniform_int_distribution<size_t> dist(0, records.size() - 1);
+  auto &rec = records.at(dist(rng));
   uint8_t *rdata = const_cast<uint8_t *>(rec->data());
   size_t length = rec->size();
   size_t content_length = length - 5;
@@ -238,21 +233,17 @@ size_t FragmentRecord(uint8_t *data, size_t size, size_t max_size,
   }
 
   // Assign a new length to the first fragment.
-  std::uniform_int_distribution<size_t> rand_size(1, content_length - 1);
-  size_t first_length = rand_size(rng);
-  size_t second_length = content_length - first_length;
-  rdata[3] = (first_length >> 8) & 0xff;
-  rdata[4] = first_length & 0xff;
-  uint8_t *second_record = rdata + 5 + first_length;
+  size_t new_length = content_length / 2;
+  uint8_t *content = ssl_EncodeUintX(new_length, 2, &rdata[3]);
 
-  // Make room for the header of the second record.
-  memmove(second_record + 5, second_record,
-          rec->remaining() + content_length - first_length);
+  // Make room for one more header.
+  memmove(content + new_length + 5, content + new_length,
+          rec->remaining() + content_length - new_length);
 
   // Write second header.
-  memcpy(second_record, rdata, 3);
-  second_record[3] = (second_length >> 8) & 0xff;
-  second_record[4] = second_length & 0xff;
+  memcpy(content + new_length, rdata, 3);
+  (void)ssl_EncodeUintX(content_length - new_length, 2,
+                        &content[new_length + 3]);
 
   return size + 5;
 }
diff --git a/security/nss/fuzz/tls_socket.h b/security/nss/fuzz/tls_socket.h
index e30f6fa3c..61fa4b3a8 100644
--- a/security/nss/fuzz/tls_socket.h
+++ b/security/nss/fuzz/tls_socket.h
@@ -10,7 +10,6 @@
 class DummyPrSocket : public DummyIOLayerMethods {
  public:
   DummyPrSocket(const uint8_t *buf, size_t len) : buf_(buf), len_(len) {}
-  virtual ~DummyPrSocket() {}
 
   int32_t Read(PRFileDesc *f, void *data, int32_t len) override;
   int32_t Write(PRFileDesc *f, const void *buf, int32_t length) override;
diff --git a/security/nss/gtests/certdb_gtest/alg1485_unittest.cc b/security/nss/gtests/certdb_gtest/alg1485_unittest.cc
index ef6733092..b7c659414 100644
--- a/security/nss/gtests/certdb_gtest/alg1485_unittest.cc
+++ b/security/nss/gtests/certdb_gtest/alg1485_unittest.cc
@@ -10,7 +10,6 @@
 
 #include "nss.h"
 #include "scoped_ptrs.h"
-#include "prprf.h"
 
 namespace nss_test {
 
@@ -90,23 +89,4 @@ INSTANTIATE_TEST_CASE_P(ParseAVAStrings, Alg1485ParseTest,
                         ::testing::ValuesIn(kAVATestStrings));
 INSTANTIATE_TEST_CASE_P(CompareAVAStrings, Alg1485CompareTest,
                         ::testing::ValuesIn(kAVACompareStrings));
-
-TEST_F(Alg1485Test, ShortOIDTest) {
-  // This is not a valid OID (too short). CERT_GetOidString should return 0.
-  unsigned char data[] = {0x05};
-  const SECItem oid = {siBuffer, data, sizeof(data)};
-  char* result = CERT_GetOidString(&oid);
-  EXPECT_EQ(result, nullptr);
-}
-
-TEST_F(Alg1485Test, BrokenOIDTest) {
-  // This is not a valid OID (first bit of last byte is not set).
-  // CERT_GetOidString should return 0.
-  unsigned char data[] = {0x81, 0x82, 0x83, 0x84};
-  const SECItem oid = {siBuffer, data, sizeof(data)};
-  char* result = CERT_GetOidString(&oid);
-  EXPECT_EQ(15U, strlen(result));
-  EXPECT_EQ(0, strncmp("OID.UNSUPPORTED", result, 15));
-  PR_smprintf_free(result);
-}
 }
diff --git a/security/nss/gtests/common/util.h b/security/nss/gtests/common/util.h
index 7ed1fd799..ccab5604e 100644
--- a/security/nss/gtests/common/util.h
+++ b/security/nss/gtests/common/util.h
@@ -10,7 +10,7 @@
 #include <cassert>
 #include <vector>
 
-static inline std::vector<uint8_t> hex_string_to_bytes(std::string s) {
+std::vector<uint8_t> hex_string_to_bytes(std::string s) {
   std::vector<uint8_t> bytes;
   for (size_t i = 0; i < s.length(); i += 2) {
     bytes.push_back(std::stoul(s.substr(i, 2), nullptr, 16));
diff --git a/security/nss/gtests/cryptohi_gtest/Makefile b/security/nss/gtests/cryptohi_gtest/Makefile
deleted file mode 100644
index 0d547e080..000000000
--- a/security/nss/gtests/cryptohi_gtest/Makefile
+++ /dev/null
@@ -1,43 +0,0 @@
-#! gmake
-#
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY).   #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL)          #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL)       #
-#######################################################################
-
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
-#######################################################################
-
-include ../common/gtest.mk
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL)                              #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL)                           #
-#######################################################################
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL).                              #
-#######################################################################
diff --git a/security/nss/gtests/cryptohi_gtest/cryptohi_gtest.gyp b/security/nss/gtests/cryptohi_gtest/cryptohi_gtest.gyp
deleted file mode 100644
index 72c815eca..000000000
--- a/security/nss/gtests/cryptohi_gtest/cryptohi_gtest.gyp
+++ /dev/null
@@ -1,29 +0,0 @@
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-{
-  'includes': [
-    '../../coreconf/config.gypi',
-    '../common/gtest.gypi',
-  ],
-  'targets': [
-    {
-      'target_name': 'cryptohi_gtest',
-      'type': 'executable',
-      'sources': [
-        'cryptohi_unittest.cc',
-        '<(DEPTH)/gtests/common/gtests.cc'
-      ],
-      'dependencies': [
-        '<(DEPTH)/exports.gyp:nss_exports',
-        '<(DEPTH)/gtests/google_test/google_test.gyp:gtest',
-        '<(DEPTH)/lib/util/util.gyp:nssutil3',
-        '<(DEPTH)/lib/ssl/ssl.gyp:ssl3',
-        '<(DEPTH)/lib/nss/nss.gyp:nss3',
-      ]
-    }
-  ],
-  'variables': {
-    'module': 'nss'
-  }
-}
diff --git a/security/nss/gtests/cryptohi_gtest/cryptohi_unittest.cc b/security/nss/gtests/cryptohi_gtest/cryptohi_unittest.cc
deleted file mode 100644
index ab553ee01..000000000
--- a/security/nss/gtests/cryptohi_gtest/cryptohi_unittest.cc
+++ /dev/null
@@ -1,373 +0,0 @@
-/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/* vim: set ts=2 et sw=2 tw=80: */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this file,
- * You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include <string>
-
-#include "gtest/gtest.h"
-
-#include "scoped_ptrs.h"
-#include "cryptohi.h"
-#include "secitem.h"
-#include "secerr.h"
-
-namespace nss_test {
-
-class SignParamsTestF : public ::testing::Test {
- protected:
-  ScopedPLArenaPool arena_;
-  ScopedSECKEYPrivateKey privk_;
-  ScopedSECKEYPublicKey pubk_;
-  ScopedSECKEYPrivateKey ecPrivk_;
-  ScopedSECKEYPublicKey ecPubk_;
-
-  void SetUp() {
-    arena_.reset(PORT_NewArena(2048));
-
-    SECKEYPublicKey *pubk;
-    SECKEYPrivateKey *privk = SECKEY_CreateRSAPrivateKey(1024, &pubk, NULL);
-    ASSERT_NE(nullptr, pubk);
-    pubk_.reset(pubk);
-    ASSERT_NE(nullptr, privk);
-    privk_.reset(privk);
-
-    SECKEYECParams ecParams = {siBuffer, NULL, 0};
-    SECOidData *oidData;
-    oidData = SECOID_FindOIDByTag(SEC_OID_CURVE25519);
-    ASSERT_NE(nullptr, oidData);
-    ASSERT_NE(nullptr,
-              SECITEM_AllocItem(NULL, &ecParams, (2 + oidData->oid.len)))
-        << "Couldn't allocate memory for OID.";
-    ecParams.data[0] = SEC_ASN1_OBJECT_ID; /* we have to prepend 0x06 */
-    ecParams.data[1] = oidData->oid.len;
-    memcpy(ecParams.data + 2, oidData->oid.data, oidData->oid.len);
-    SECKEYPublicKey *ecPubk;
-    SECKEYPrivateKey *ecPrivk =
-        SECKEY_CreateECPrivateKey(&ecParams, &ecPubk, NULL);
-    ASSERT_NE(nullptr, ecPubk);
-    ecPubk_.reset(ecPubk);
-    ASSERT_NE(nullptr, ecPrivk);
-    ecPrivk_.reset(ecPrivk);
-  }
-
-  void CreatePssParams(SECKEYRSAPSSParams *params, SECOidTag hashAlgTag) {
-    PORT_Memset(params, 0, sizeof(SECKEYRSAPSSParams));
-
-    params->hashAlg = (SECAlgorithmID *)PORT_ArenaZAlloc(
-        arena_.get(), sizeof(SECAlgorithmID));
-    ASSERT_NE(nullptr, params->hashAlg);
-    SECStatus rv =
-        SECOID_SetAlgorithmID(arena_.get(), params->hashAlg, hashAlgTag, NULL);
-    ASSERT_EQ(SECSuccess, rv);
-  }
-
-  void CreatePssParams(SECKEYRSAPSSParams *params, SECOidTag hashAlgTag,
-                       SECOidTag maskHashAlgTag) {
-    CreatePssParams(params, hashAlgTag);
-
-    SECAlgorithmID maskHashAlg;
-    PORT_Memset(&maskHashAlg, 0, sizeof(maskHashAlg));
-    SECStatus rv =
-        SECOID_SetAlgorithmID(arena_.get(), &maskHashAlg, maskHashAlgTag, NULL);
-    ASSERT_EQ(SECSuccess, rv);
-
-    SECItem *maskHashAlgItem =
-        SEC_ASN1EncodeItem(arena_.get(), NULL, &maskHashAlg,
-                           SEC_ASN1_GET(SECOID_AlgorithmIDTemplate));
-
-    params->maskAlg = (SECAlgorithmID *)PORT_ArenaZAlloc(
-        arena_.get(), sizeof(SECAlgorithmID));
-    ASSERT_NE(nullptr, params->maskAlg);
-
-    rv = SECOID_SetAlgorithmID(arena_.get(), params->maskAlg,
-                               SEC_OID_PKCS1_MGF1, maskHashAlgItem);
-    ASSERT_EQ(SECSuccess, rv);
-  }
-
-  void CreatePssParams(SECKEYRSAPSSParams *params, SECOidTag hashAlgTag,
-                       SECOidTag maskHashAlgTag, unsigned long saltLength) {
-    CreatePssParams(params, hashAlgTag, maskHashAlgTag);
-
-    SECItem *saltLengthItem =
-        SEC_ASN1EncodeInteger(arena_.get(), &params->saltLength, saltLength);
-    ASSERT_EQ(&params->saltLength, saltLengthItem);
-  }
-
-  void CheckHashAlg(SECKEYRSAPSSParams *params, SECOidTag hashAlgTag) {
-    // If hash algorithm is SHA-1, it must be omitted in the parameters
-    if (hashAlgTag == SEC_OID_SHA1) {
-      EXPECT_EQ(nullptr, params->hashAlg);
-    } else {
-      EXPECT_NE(nullptr, params->hashAlg);
-      EXPECT_EQ(hashAlgTag, SECOID_GetAlgorithmTag(params->hashAlg));
-    }
-  }
-
-  void CheckMaskAlg(SECKEYRSAPSSParams *params, SECOidTag hashAlgTag) {
-    SECStatus rv;
-
-    // If hash algorithm is SHA-1, it must be omitted in the parameters
-    if (hashAlgTag == SEC_OID_SHA1)
-      EXPECT_EQ(nullptr, params->hashAlg);
-    else {
-      EXPECT_NE(nullptr, params->maskAlg);
-      EXPECT_EQ(SEC_OID_PKCS1_MGF1, SECOID_GetAlgorithmTag(params->maskAlg));
-
-      SECAlgorithmID hashAlg;
-      rv = SEC_QuickDERDecodeItem(arena_.get(), &hashAlg,
-                                  SEC_ASN1_GET(SECOID_AlgorithmIDTemplate),
-                                  &params->maskAlg->parameters);
-      ASSERT_EQ(SECSuccess, rv);
-
-      EXPECT_EQ(hashAlgTag, SECOID_GetAlgorithmTag(&hashAlg));
-    }
-  }
-
-  void CheckSaltLength(SECKEYRSAPSSParams *params, SECOidTag hashAlg) {
-    // If the salt length parameter is missing, that means it is 20 (default)
-    if (!params->saltLength.data) {
-      return;
-    }
-
-    unsigned long value;
-    SECStatus rv = SEC_ASN1DecodeInteger(&params->saltLength, &value);
-    ASSERT_EQ(SECSuccess, rv);
-
-    // The salt length are usually the same as the hash length,
-    // except for the case where the hash length exceeds the limit
-    // set by the key length
-    switch (hashAlg) {
-      case SEC_OID_SHA1:
-        EXPECT_EQ(20UL, value);
-        break;
-      case SEC_OID_SHA224:
-        EXPECT_EQ(28UL, value);
-        break;
-      case SEC_OID_SHA256:
-        EXPECT_EQ(32UL, value);
-        break;
-      case SEC_OID_SHA384:
-        EXPECT_EQ(48UL, value);
-        break;
-      case SEC_OID_SHA512:
-        // Truncated from 64, because our private key is 1024-bit
-        EXPECT_EQ(62UL, value);
-        break;
-      default:
-        FAIL();
-    }
-  }
-};
-
-class SignParamsTest
-    : public SignParamsTestF,
-      public ::testing::WithParamInterface<std::tuple<SECOidTag, SECOidTag>> {};
-
-class SignParamsSourceTest : public SignParamsTestF,
-                             public ::testing::WithParamInterface<SECOidTag> {};
-
-TEST_P(SignParamsTest, CreateRsa) {
-  SECOidTag hashAlg = std::get<0>(GetParam());
-  SECOidTag srcHashAlg = std::get<1>(GetParam());
-
-  SECItem *srcParams;
-  if (srcHashAlg != SEC_OID_UNKNOWN) {
-    SECKEYRSAPSSParams pssParams;
-    ASSERT_NO_FATAL_FAILURE(
-        CreatePssParams(&pssParams, srcHashAlg, srcHashAlg));
-    srcParams = SEC_ASN1EncodeItem(arena_.get(), nullptr, &pssParams,
-                                   SEC_ASN1_GET(SECKEY_RSAPSSParamsTemplate));
-    ASSERT_NE(nullptr, srcParams);
-  } else {
-    srcParams = NULL;
-  }
-
-  SECItem *params = SEC_CreateSignatureAlgorithmParameters(
-      arena_.get(), nullptr, SEC_OID_PKCS1_RSA_ENCRYPTION, hashAlg, srcParams,
-      privk_.get());
-
-  // PKCS#1 RSA actually doesn't take any parameters, but if it is
-  // given, return a copy of it
-  if (srcHashAlg != SEC_OID_UNKNOWN) {
-    EXPECT_EQ(srcParams->len, params->len);
-    EXPECT_EQ(0, memcmp(params->data, srcParams->data, srcParams->len));
-  } else {
-    EXPECT_EQ(nullptr, params);
-  }
-}
-
-TEST_P(SignParamsTest, CreateRsaPss) {
-  SECOidTag hashAlg = std::get<0>(GetParam());
-  SECOidTag srcHashAlg = std::get<1>(GetParam());
-
-  SECItem *srcParams;
-  if (srcHashAlg != SEC_OID_UNKNOWN) {
-    SECKEYRSAPSSParams pssParams;
-    ASSERT_NO_FATAL_FAILURE(
-        CreatePssParams(&pssParams, srcHashAlg, srcHashAlg));
-    srcParams = SEC_ASN1EncodeItem(arena_.get(), nullptr, &pssParams,
-                                   SEC_ASN1_GET(SECKEY_RSAPSSParamsTemplate));
-    ASSERT_NE(nullptr, srcParams);
-  } else {
-    srcParams = NULL;
-  }
-
-  SECItem *params = SEC_CreateSignatureAlgorithmParameters(
-      arena_.get(), nullptr, SEC_OID_PKCS1_RSA_PSS_SIGNATURE, hashAlg,
-      srcParams, privk_.get());
-
-  if (hashAlg != SEC_OID_UNKNOWN && srcHashAlg != SEC_OID_UNKNOWN &&
-      hashAlg != srcHashAlg) {
-    EXPECT_EQ(nullptr, params);
-    return;
-  }
-
-  EXPECT_NE(nullptr, params);
-
-  SECKEYRSAPSSParams pssParams;
-  PORT_Memset(&pssParams, 0, sizeof(pssParams));
-  SECStatus rv =
-      SEC_QuickDERDecodeItem(arena_.get(), &pssParams,
-                             SEC_ASN1_GET(SECKEY_RSAPSSParamsTemplate), params);
-  ASSERT_EQ(SECSuccess, rv);
-
-  if (hashAlg == SEC_OID_UNKNOWN) {
-    if (!pssParams.hashAlg) {
-      hashAlg = SEC_OID_SHA1;
-    } else {
-      hashAlg = SECOID_GetAlgorithmTag(pssParams.hashAlg);
-    }
-
-    if (srcHashAlg == SEC_OID_UNKNOWN) {
-      // If both hashAlg and srcHashAlg is unset, NSS will decide the hash
-      // algorithm based on the key length; in this case it's SHA256
-      EXPECT_EQ(SEC_OID_SHA256, hashAlg);
-    } else {
-      EXPECT_EQ(srcHashAlg, hashAlg);
-    }
-  }
-
-  ASSERT_NO_FATAL_FAILURE(CheckHashAlg(&pssParams, hashAlg));
-  ASSERT_NO_FATAL_FAILURE(CheckMaskAlg(&pssParams, hashAlg));
-  ASSERT_NO_FATAL_FAILURE(CheckSaltLength(&pssParams, hashAlg));
-
-  // The default trailer field (1) must be omitted
-  EXPECT_EQ(nullptr, pssParams.trailerField.data);
-}
-
-TEST_P(SignParamsTest, CreateRsaPssWithECPrivateKey) {
-  SECOidTag hashAlg = std::get<0>(GetParam());
-  SECOidTag srcHashAlg = std::get<1>(GetParam());
-
-  SECItem *srcParams;
-  if (srcHashAlg != SEC_OID_UNKNOWN) {
-    SECKEYRSAPSSParams pssParams;
-    ASSERT_NO_FATAL_FAILURE(
-        CreatePssParams(&pssParams, srcHashAlg, srcHashAlg));
-    srcParams = SEC_ASN1EncodeItem(arena_.get(), nullptr, &pssParams,
-                                   SEC_ASN1_GET(SECKEY_RSAPSSParamsTemplate));
-    ASSERT_NE(nullptr, srcParams);
-  } else {
-    srcParams = NULL;
-  }
-
-  SECItem *params = SEC_CreateSignatureAlgorithmParameters(
-      arena_.get(), nullptr, SEC_OID_PKCS1_RSA_PSS_SIGNATURE, hashAlg,
-      srcParams, ecPrivk_.get());
-
-  EXPECT_EQ(nullptr, params);
-}
-
-TEST_P(SignParamsTest, CreateRsaPssWithInvalidHashAlg) {
-  SECOidTag srcHashAlg = std::get<1>(GetParam());
-
-  SECItem *srcParams;
-  if (srcHashAlg != SEC_OID_UNKNOWN) {
-    SECKEYRSAPSSParams pssParams;
-    ASSERT_NO_FATAL_FAILURE(
-        CreatePssParams(&pssParams, srcHashAlg, srcHashAlg));
-    srcParams = SEC_ASN1EncodeItem(arena_.get(), nullptr, &pssParams,
-                                   SEC_ASN1_GET(SECKEY_RSAPSSParamsTemplate));
-    ASSERT_NE(nullptr, srcParams);
-  } else {
-    srcParams = NULL;
-  }
-
-  SECItem *params = SEC_CreateSignatureAlgorithmParameters(
-      arena_.get(), nullptr, SEC_OID_PKCS1_RSA_PSS_SIGNATURE, SEC_OID_MD5,
-      srcParams, privk_.get());
-
-  EXPECT_EQ(nullptr, params);
-}
-
-TEST_P(SignParamsSourceTest, CreateRsaPssWithInvalidHashAlg) {
-  SECOidTag hashAlg = GetParam();
-
-  SECItem *srcParams;
-  SECKEYRSAPSSParams pssParams;
-  ASSERT_NO_FATAL_FAILURE(
-      CreatePssParams(&pssParams, SEC_OID_MD5, SEC_OID_MD5));
-  srcParams = SEC_ASN1EncodeItem(arena_.get(), nullptr, &pssParams,
-                                 SEC_ASN1_GET(SECKEY_RSAPSSParamsTemplate));
-  ASSERT_NE(nullptr, srcParams);
-
-  SECItem *params = SEC_CreateSignatureAlgorithmParameters(
-      arena_.get(), nullptr, SEC_OID_PKCS1_RSA_PSS_SIGNATURE, hashAlg,
-      srcParams, privk_.get());
-
-  EXPECT_EQ(nullptr, params);
-}
-
-TEST_P(SignParamsSourceTest, CreateRsaPssWithInvalidSaltLength) {
-  SECOidTag hashAlg = GetParam();
-
-  SECItem *srcParams;
-  SECKEYRSAPSSParams pssParams;
-  ASSERT_NO_FATAL_FAILURE(
-      CreatePssParams(&pssParams, SEC_OID_SHA512, SEC_OID_SHA512, 100));
-  srcParams = SEC_ASN1EncodeItem(arena_.get(), nullptr, &pssParams,
-                                 SEC_ASN1_GET(SECKEY_RSAPSSParamsTemplate));
-  ASSERT_NE(nullptr, srcParams);
-
-  SECItem *params = SEC_CreateSignatureAlgorithmParameters(
-      arena_.get(), nullptr, SEC_OID_PKCS1_RSA_PSS_SIGNATURE, hashAlg,
-      srcParams, privk_.get());
-
-  EXPECT_EQ(nullptr, params);
-}
-
-TEST_P(SignParamsSourceTest, CreateRsaPssWithHashMismatch) {
-  SECOidTag hashAlg = GetParam();
-
-  SECItem *srcParams;
-  SECKEYRSAPSSParams pssParams;
-  ASSERT_NO_FATAL_FAILURE(
-      CreatePssParams(&pssParams, SEC_OID_SHA256, SEC_OID_SHA512));
-  srcParams = SEC_ASN1EncodeItem(arena_.get(), nullptr, &pssParams,
-                                 SEC_ASN1_GET(SECKEY_RSAPSSParamsTemplate));
-  ASSERT_NE(nullptr, srcParams);
-
-  SECItem *params = SEC_CreateSignatureAlgorithmParameters(
-      arena_.get(), nullptr, SEC_OID_PKCS1_RSA_PSS_SIGNATURE, hashAlg,
-      srcParams, privk_.get());
-
-  EXPECT_EQ(nullptr, params);
-}
-
-INSTANTIATE_TEST_CASE_P(
-    SignParamsTestCases, SignParamsTest,
-    ::testing::Combine(::testing::Values(SEC_OID_UNKNOWN, SEC_OID_SHA1,
-                                         SEC_OID_SHA224, SEC_OID_SHA256,
-                                         SEC_OID_SHA384, SEC_OID_SHA512),
-                       ::testing::Values(SEC_OID_UNKNOWN, SEC_OID_SHA1,
-                                         SEC_OID_SHA224, SEC_OID_SHA256,
-                                         SEC_OID_SHA384, SEC_OID_SHA512)));
-
-INSTANTIATE_TEST_CASE_P(SignParamsSourceTestCases, SignParamsSourceTest,
-                        ::testing::Values(SEC_OID_UNKNOWN, SEC_OID_SHA1,
-                                          SEC_OID_SHA224, SEC_OID_SHA256,
-                                          SEC_OID_SHA384, SEC_OID_SHA512));
-
-}  // namespace nss_test
diff --git a/security/nss/gtests/cryptohi_gtest/manifest.mn b/security/nss/gtests/cryptohi_gtest/manifest.mn
deleted file mode 100644
index 644463aa6..000000000
--- a/security/nss/gtests/cryptohi_gtest/manifest.mn
+++ /dev/null
@@ -1,22 +0,0 @@
-#
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-CORE_DEPTH = ../..
-DEPTH      = ../..
-MODULE = nss
-
-CPPSRCS = \
-      cryptohi_unittest.cc \
-      $(NULL)
-
-INCLUDES += -I$(CORE_DEPTH)/gtests/google_test/gtest/include \
-            -I$(CORE_DEPTH)/gtests/common \
-            -I$(CORE_DEPTH)/cpputil
-
-REQUIRES = nspr gtest
-
-PROGRAM = cryptohi_gtest
-
-EXTRA_LIBS = $(DIST)/lib/$(LIB_PREFIX)gtest.$(LIB_SUFFIX) $(EXTRA_OBJS) \
-             $(DIST)/lib/$(LIB_PREFIX)gtestutil.$(LIB_SUFFIX)
diff --git a/security/nss/gtests/freebl_gtest/blake2b_unittest.cc b/security/nss/gtests/freebl_gtest/blake2b_unittest.cc
deleted file mode 100644
index e6b0c1157..000000000
--- a/security/nss/gtests/freebl_gtest/blake2b_unittest.cc
+++ /dev/null
@@ -1,277 +0,0 @@
-/*
- * blake2b_unittest.cc - unittests for blake2b hash function
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "blapi.h"
-#include "nspr.h"
-#include "nss.h"
-#include "secerr.h"
-
-#include <cstdlib>
-#include <iostream>
-#include <memory>
-
-#define GTEST_HAS_RTTI 0
-#include "gtest/gtest.h"
-
-#include "kat/blake2b_kat.h"
-
-template <class T>
-struct ScopedDelete {
-  void operator()(T* ptr) {
-    if (ptr) {
-      BLAKE2B_DestroyContext(ptr, PR_TRUE);
-    }
-  }
-};
-
-typedef std::unique_ptr<BLAKE2BContext, ScopedDelete<BLAKE2BContext>>
-    ScopedBLAKE2BContext;
-
-class Blake2BTests : public ::testing::Test {};
-
-class Blake2BKAT
-    : public ::testing::TestWithParam<std::pair<int, std::vector<uint8_t>>> {};
-
-class Blake2BKATUnkeyed : public Blake2BKAT {};
-class Blake2BKATKeyed : public Blake2BKAT {};
-
-TEST_P(Blake2BKATUnkeyed, Unkeyed) {
-  std::vector<uint8_t> values(BLAKE2B512_LENGTH);
-  SECStatus rv =
-      BLAKE2B_HashBuf(values.data(), kat_data.data(), std::get<0>(GetParam()));
-  ASSERT_EQ(SECSuccess, rv);
-  EXPECT_EQ(values, std::get<1>(GetParam()));
-}
-
-TEST_P(Blake2BKATKeyed, Keyed) {
-  std::vector<uint8_t> values(BLAKE2B512_LENGTH);
-  SECStatus rv = BLAKE2B_MAC_HashBuf(values.data(), kat_data.data(),
-                                     std::get<0>(GetParam()), key.data(),
-                                     BLAKE2B_KEY_SIZE);
-  ASSERT_EQ(SECSuccess, rv);
-  EXPECT_EQ(values, std::get<1>(GetParam()));
-}
-
-INSTANTIATE_TEST_CASE_P(UnkeyedKAT, Blake2BKATUnkeyed,
-                        ::testing::ValuesIn(TestcasesUnkeyed));
-INSTANTIATE_TEST_CASE_P(KeyedKAT, Blake2BKATKeyed,
-                        ::testing::ValuesIn(TestcasesKeyed));
-
-TEST_F(Blake2BTests, ContextTest) {
-  ScopedBLAKE2BContext ctx(BLAKE2B_NewContext());
-  ASSERT_TRUE(ctx) << "BLAKE2B_NewContext failed!";
-
-  SECStatus rv = BLAKE2B_Begin(ctx.get());
-  ASSERT_EQ(SECSuccess, rv);
-
-  size_t src_length = 252;
-  const size_t quarter = 63;
-
-  for (int i = 0; i < 4 && src_length > 0; i++) {
-    rv = BLAKE2B_Update(ctx.get(), kat_data.data() + i * quarter,
-                        PR_MIN(quarter, src_length));
-    ASSERT_EQ(SECSuccess, rv);
-
-    size_t len = BLAKE2B_FlattenSize(ctx.get());
-    std::vector<unsigned char> ctxbytes(len);
-    rv = BLAKE2B_Flatten(ctx.get(), ctxbytes.data());
-    ASSERT_EQ(SECSuccess, rv);
-    ScopedBLAKE2BContext ctx_cpy(BLAKE2B_Resurrect(ctxbytes.data(), NULL));
-    ASSERT_TRUE(ctx_cpy) << "BLAKE2B_Resurrect failed!";
-    ASSERT_EQ(SECSuccess, PORT_Memcmp(ctx.get(), ctx_cpy.get(), len));
-    src_length -= quarter;
-  }
-  ASSERT_EQ(0U, src_length);
-
-  std::vector<uint8_t> digest(BLAKE2B512_LENGTH);
-  rv = BLAKE2B_End(ctx.get(), digest.data(), nullptr, BLAKE2B512_LENGTH);
-  ASSERT_EQ(SECSuccess, rv);
-  ASSERT_EQ(std::get<1>(TestcasesUnkeyed[252]), digest)
-      << "BLAKE2B_End failed!";
-}
-
-TEST_F(Blake2BTests, ContextTest2) {
-  ScopedBLAKE2BContext ctx(BLAKE2B_NewContext());
-  ASSERT_TRUE(ctx) << "BLAKE2B_NewContext failed!";
-
-  SECStatus rv = BLAKE2B_Begin(ctx.get());
-  ASSERT_EQ(SECSuccess, rv);
-
-  rv = BLAKE2B_Update(ctx.get(), kat_data.data(), 128);
-  ASSERT_EQ(SECSuccess, rv);
-  rv = BLAKE2B_Update(ctx.get(), kat_data.data() + 128, 127);
-  ASSERT_EQ(SECSuccess, rv);
-
-  std::vector<uint8_t> digest(BLAKE2B512_LENGTH);
-  rv = BLAKE2B_End(ctx.get(), digest.data(), nullptr, BLAKE2B512_LENGTH);
-  ASSERT_EQ(SECSuccess, rv);
-  ASSERT_EQ(std::get<1>(TestcasesUnkeyed[255]), digest)
-      << "BLAKE2B_End failed!";
-}
-
-TEST_F(Blake2BTests, CloneTest) {
-  ScopedBLAKE2BContext ctx(BLAKE2B_NewContext());
-  ScopedBLAKE2BContext cloned_ctx(BLAKE2B_NewContext());
-  ASSERT_TRUE(ctx) << "BLAKE2B_NewContext failed!";
-  ASSERT_TRUE(cloned_ctx) << "BLAKE2B_NewContext failed!";
-
-  SECStatus rv = BLAKE2B_Begin(ctx.get());
-  ASSERT_EQ(SECSuccess, rv);
-  rv = BLAKE2B_Update(ctx.get(), kat_data.data(), 255);
-  ASSERT_EQ(SECSuccess, rv);
-  BLAKE2B_Clone(cloned_ctx.get(), ctx.get());
-
-  std::vector<uint8_t> digest(BLAKE2B512_LENGTH);
-  rv = BLAKE2B_End(cloned_ctx.get(), digest.data(), nullptr, BLAKE2B512_LENGTH);
-  ASSERT_EQ(SECSuccess, rv);
-  ASSERT_EQ(std::get<1>(TestcasesUnkeyed[255]), digest)
-      << "BLAKE2B_End failed!";
-}
-
-TEST_F(Blake2BTests, NullTest) {
-  std::vector<uint8_t> digest(BLAKE2B512_LENGTH);
-  SECStatus rv = BLAKE2B_HashBuf(digest.data(), nullptr, 0);
-  ASSERT_EQ(SECSuccess, rv);
-  EXPECT_EQ(std::get<1>(TestcasesUnkeyed[0]), digest);
-
-  digest = std::vector<uint8_t>(BLAKE2B512_LENGTH);
-  rv = BLAKE2B_MAC_HashBuf(digest.data(), nullptr, 0, key.data(),
-                           BLAKE2B_KEY_SIZE);
-  ASSERT_EQ(SECSuccess, rv);
-  EXPECT_EQ(std::get<1>(TestcasesKeyed[0]), digest);
-}
-
-TEST_F(Blake2BTests, HashTest) {
-  ScopedBLAKE2BContext ctx(BLAKE2B_NewContext());
-  ASSERT_TRUE(ctx) << "BLAKE2B_NewContext failed!";
-
-  std::vector<uint8_t> digest(BLAKE2B512_LENGTH);
-  SECStatus rv = BLAKE2B_Hash(digest.data(), "abc");
-  std::vector<uint8_t> expected = {
-      0xba, 0x80, 0xa5, 0x3f, 0x98, 0x1c, 0x4d, 0x0d, 0x6a, 0x27, 0x97,
-      0xb6, 0x9f, 0x12, 0xf6, 0xe9, 0x4c, 0x21, 0x2f, 0x14, 0x68, 0x5a,
-      0xc4, 0xb7, 0x4b, 0x12, 0xbb, 0x6f, 0xdb, 0xff, 0xa2, 0xd1, 0x7d,
-      0x87, 0xc5, 0x39, 0x2a, 0xab, 0x79, 0x2d, 0xc2, 0x52, 0xd5, 0xde,
-      0x45, 0x33, 0xcc, 0x95, 0x18, 0xd3, 0x8a, 0xa8, 0xdb, 0xf1, 0x92,
-      0x5a, 0xb9, 0x23, 0x86, 0xed, 0xd4, 0x00, 0x99, 0x23};
-  ASSERT_EQ(SECSuccess, rv);
-  EXPECT_EQ(expected, digest);
-}
-
-TEST_F(Blake2BTests, LongHashTest) {
-  ScopedBLAKE2BContext ctx(BLAKE2B_NewContext());
-  ASSERT_TRUE(ctx) << "BLAKE2B_NewContext failed!";
-
-  std::vector<uint8_t> digest(BLAKE2B512_LENGTH);
-  SECStatus rv = BLAKE2B_Hash(
-      digest.data(),
-      "qwertzuiopasdfghjklyxcvbnm123456789qwertzuiopasdfghjklyxcvbnm123456789qw"
-      "ertzuiopasdfghjklyxcvbnm123456789qwertzuiopasdfghjklyxcvbnm123456789qwer"
-      "tzuiopasdfghjklyxcvbnm123456789qwertzuiopasdfghjklyxcvbnm123456789qwertz"
-      "uiopasdfghjklyxcvbnm123456789qwertzuiopasdfghjklyxcvbnm123456789");
-  std::vector<uint8_t> expected = {
-      0x1f, 0x9e, 0xe6, 0x5a, 0xa0, 0x36, 0x05, 0xfc, 0x41, 0x0e, 0x2f,
-      0x55, 0x96, 0xfd, 0xb5, 0x9d, 0x85, 0x95, 0x5e, 0x24, 0x37, 0xe7,
-      0x0d, 0xe4, 0xa0, 0x22, 0x4a, 0xe1, 0x59, 0x1f, 0x97, 0x03, 0x57,
-      0x54, 0xf0, 0xca, 0x92, 0x75, 0x2f, 0x9e, 0x86, 0xeb, 0x82, 0x4f,
-      0x9c, 0xf4, 0x02, 0x17, 0x7f, 0x76, 0x56, 0x26, 0x46, 0xf4, 0x07,
-      0xfd, 0x1f, 0x78, 0xdb, 0x7b, 0x0d, 0x24, 0x43, 0xf0};
-  ASSERT_EQ(SECSuccess, rv);
-  EXPECT_EQ(expected, digest);
-}
-
-TEST_F(Blake2BTests, TruncatedHashTest) {
-  ScopedBLAKE2BContext ctx(BLAKE2B_NewContext());
-  ASSERT_TRUE(ctx) << "BLAKE2B_NewContext failed!";
-
-  SECStatus rv = BLAKE2B_Begin(ctx.get());
-  ASSERT_EQ(SECSuccess, rv);
-
-  rv = BLAKE2B_Update(ctx.get(), kat_data.data(), 128);
-  ASSERT_EQ(SECSuccess, rv);
-  rv = BLAKE2B_Update(ctx.get(), kat_data.data() + 128, 127);
-  ASSERT_EQ(SECSuccess, rv);
-
-  size_t max_digest_len = BLAKE2B512_LENGTH - 5;
-  std::vector<uint8_t> digest(max_digest_len);
-  unsigned int digest_len;
-  rv = BLAKE2B_End(ctx.get(), digest.data(), &digest_len, max_digest_len);
-  ASSERT_EQ(SECSuccess, rv);
-  ASSERT_EQ(digest.size(), digest_len);
-  ASSERT_EQ(0, memcmp(std::get<1>(TestcasesUnkeyed[255]).data(), digest.data(),
-                      max_digest_len))
-      << "BLAKE2B_End failed!";
-}
-
-TEST_F(Blake2BTests, TruncatedHashTest2) {
-  ScopedBLAKE2BContext ctx(BLAKE2B_NewContext());
-  ASSERT_TRUE(ctx) << "BLAKE2B_NewContext failed!";
-
-  SECStatus rv = BLAKE2B_Begin(ctx.get());
-  ASSERT_EQ(SECSuccess, rv);
-
-  rv = BLAKE2B_Update(ctx.get(), kat_data.data(), 128);
-  ASSERT_EQ(SECSuccess, rv);
-  rv = BLAKE2B_Update(ctx.get(), kat_data.data() + 128, 127);
-  ASSERT_EQ(SECSuccess, rv);
-
-  size_t max_digest_len = BLAKE2B512_LENGTH - 60;
-  std::vector<uint8_t> digest(max_digest_len);
-  unsigned int digest_len;
-  rv = BLAKE2B_End(ctx.get(), digest.data(), &digest_len, max_digest_len);
-  ASSERT_EQ(SECSuccess, rv);
-  ASSERT_EQ(digest.size(), digest_len);
-}
-
-TEST_F(Blake2BTests, OverlongKeyTest) {
-  ScopedBLAKE2BContext ctx(BLAKE2B_NewContext());
-  ASSERT_TRUE(ctx) << "BLAKE2B_NewContext failed!";
-
-  std::vector<uint8_t> key = {
-      0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x30, 0x31,
-      0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x30, 0x31, 0x32,
-      0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x30, 0x31, 0x32, 0x33,
-      0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x30, 0x31, 0x32, 0x33, 0x34,
-      0x35, 0x36, 0x37, 0x38, 0x39, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35,
-      0x36, 0x37, 0x38, 0x39, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35};
-  std::vector<uint8_t> data = {0x61, 0x62, 0x63};
-
-  std::vector<uint8_t> digest(BLAKE2B512_LENGTH);
-  SECStatus rv =
-      BLAKE2B_MAC_HashBuf(digest.data(), data.data(), 3, key.data(), 65);
-  EXPECT_EQ(SECFailure, rv);
-  EXPECT_EQ(SEC_ERROR_INVALID_ARGS, PORT_GetError());
-}
-
-TEST_F(Blake2BTests, EmptyKeyTest) {
-  ScopedBLAKE2BContext ctx(BLAKE2B_NewContext());
-  ASSERT_TRUE(ctx) << "BLAKE2B_NewContext failed!";
-
-  uint8_t key[1];  // A vector.data() would give us a nullptr.
-  std::vector<uint8_t> data = {0x61, 0x62, 0x63};
-
-  std::vector<uint8_t> digest(BLAKE2B512_LENGTH);
-  SECStatus rv = BLAKE2B_MAC_HashBuf(digest.data(), data.data(), 3, key, 0);
-  EXPECT_EQ(SECFailure, rv);
-  EXPECT_EQ(SEC_ERROR_INVALID_ARGS, PORT_GetError());
-}
-
-int main(int argc, char** argv) {
-  ::testing::InitGoogleTest(&argc, argv);
-
-  if (NSS_NoDB_Init(nullptr) != SECSuccess) {
-    return 1;
-  }
-
-  int rv = RUN_ALL_TESTS();
-
-  if (NSS_Shutdown() != SECSuccess) {
-    return 1;
-  }
-
-  return rv;
-}
diff --git a/security/nss/gtests/freebl_gtest/freebl_gtest.gyp b/security/nss/gtests/freebl_gtest/freebl_gtest.gyp
index 21a87c557..7e11cd103 100644
--- a/security/nss/gtests/freebl_gtest/freebl_gtest.gyp
+++ b/security/nss/gtests/freebl_gtest/freebl_gtest.gyp
@@ -8,10 +8,17 @@
   ],
   'targets': [
     {
-      # Dependencies for tests.
-      'target_name': 'freebl_gtest_deps',
-      'type': 'none',
+      'target_name': 'freebl_gtest',
+      'type': 'executable',
+      'sources': [
+        'mpi_unittest.cc',
+        'dh_unittest.cc',
+        'ecl_unittest.cc',
+        'ghash_unittest.cc',
+        '<(DEPTH)/gtests/common/gtests.cc'
+      ],
       'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports',
         '<(DEPTH)/lib/util/util.gyp:nssutil3',
         '<(DEPTH)/gtests/google_test/google_test.gyp:gtest',
         '<(DEPTH)/lib/nss/nss.gyp:nss_static',
@@ -26,57 +33,42 @@
       ],
     },
     {
-      'target_name': 'freebl_gtest',
-      'type': 'executable',
-      'sources': [
-        'mpi_unittest.cc',
-        'dh_unittest.cc',
-        'ecl_unittest.cc',
-        'ghash_unittest.cc',
-        'rsa_unittest.cc',
-        '<(DEPTH)/gtests/common/gtests.cc'
-      ],
-      'dependencies': [
-        'freebl_gtest_deps',
-        '<(DEPTH)/exports.gyp:nss_exports',
-      ],
-    },
-    {
       'target_name': 'prng_gtest',
       'type': 'executable',
       'sources': [
         'prng_kat_unittest.cc',
       ],
       'dependencies': [
-        'freebl_gtest_deps',
         '<(DEPTH)/exports.gyp:nss_exports',
+        '<(DEPTH)/lib/util/util.gyp:nssutil3',
+        '<(DEPTH)/gtests/google_test/google_test.gyp:gtest',
+        '<(DEPTH)/lib/nss/nss.gyp:nss_static',
+        '<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap_static',
+        '<(DEPTH)/lib/cryptohi/cryptohi.gyp:cryptohi',
+        '<(DEPTH)/lib/certhigh/certhigh.gyp:certhi',
+        '<(DEPTH)/lib/certdb/certdb.gyp:certdb',
+        '<(DEPTH)/lib/base/base.gyp:nssb',
+        '<(DEPTH)/lib/dev/dev.gyp:nssdev',
+        '<(DEPTH)/lib/pki/pki.gyp:nsspki',
+        '<(DEPTH)/lib/ssl/ssl.gyp:ssl',
+        '<(DEPTH)/lib/libpkix/libpkix.gyp:libpkix',
       ],
-    },
-    {
-      'target_name': 'blake2b_gtest',
-      'type': 'executable',
-      'sources': [
-        'blake2b_unittest.cc',
+      'conditions': [
+        [ 'OS=="win"', {
+          'libraries': [
+            'advapi32.lib',
+          ],
+        }],
       ],
-      'dependencies': [
-        'freebl_gtest_deps',
-        '<(DEPTH)/exports.gyp:nss_exports',
+      'defines': [
+        'NSS_USE_STATIC_LIBS'
       ],
     },
   ],
   'target_defaults': {
     'include_dirs': [
-      '<(DEPTH)/lib/freebl/ecl',
       '<(DEPTH)/lib/freebl/mpi',
       '<(DEPTH)/lib/freebl/',
-      '<(DEPTH)/lib/ssl/',
-      '<(DEPTH)/lib/util/',
-      '<(DEPTH)/lib/certdb/',
-      '<(DEPTH)/lib/cryptohi/',
-      '<(DEPTH)/lib/pk11wrap/',
-    ],
-    'defines': [
-      'NSS_USE_STATIC_LIBS',
     ],
     # For test builds we have to set MPI defines.
     'conditions': [
@@ -93,11 +85,6 @@
           'MP_ASSEMBLY_DIV_2DX1D',
         ],
       }],
-      [ 'OS=="win"', {
-        'libraries': [
-          'advapi32.lib',
-        ],
-      }],
     ],
   },
   'variables': {
diff --git a/security/nss/gtests/freebl_gtest/kat/blake2b_kat.h b/security/nss/gtests/freebl_gtest/kat/blake2b_kat.h
deleted file mode 100644
index 28921cc94..000000000
--- a/security/nss/gtests/freebl_gtest/kat/blake2b_kat.h
+++ /dev/null
@@ -1,4646 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-/* https://github.com/BLAKE2/BLAKE2/blob/master/testvectors/blake2b-kat.txt */
-
-#include <vector>
-#include <stdint.h>
-
-const std::vector<uint8_t> key = {
-    0,  1,  2,  3,  4,  5,  6,  7,  8,  9,  10, 11, 12, 13, 14, 15,
-    16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31,
-    32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47,
-    48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63};
-
-const std::vector<uint8_t> kat_data = {
-    0,   1,   2,   3,   4,   5,   6,   7,   8,   9,   10,  11,  12,  13,  14,
-    15,  16,  17,  18,  19,  20,  21,  22,  23,  24,  25,  26,  27,  28,  29,
-    30,  31,  32,  33,  34,  35,  36,  37,  38,  39,  40,  41,  42,  43,  44,
-    45,  46,  47,  48,  49,  50,  51,  52,  53,  54,  55,  56,  57,  58,  59,
-    60,  61,  62,  63,  64,  65,  66,  67,  68,  69,  70,  71,  72,  73,  74,
-    75,  76,  77,  78,  79,  80,  81,  82,  83,  84,  85,  86,  87,  88,  89,
-    90,  91,  92,  93,  94,  95,  96,  97,  98,  99,  100, 101, 102, 103, 104,
-    105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119,
-    120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, 133, 134,
-    135, 136, 137, 138, 139, 140, 141, 142, 143, 144, 145, 146, 147, 148, 149,
-    150, 151, 152, 153, 154, 155, 156, 157, 158, 159, 160, 161, 162, 163, 164,
-    165, 166, 167, 168, 169, 170, 171, 172, 173, 174, 175, 176, 177, 178, 179,
-    180, 181, 182, 183, 184, 185, 186, 187, 188, 189, 190, 191, 192, 193, 194,
-    195, 196, 197, 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, 209,
-    210, 211, 212, 213, 214, 215, 216, 217, 218, 219, 220, 221, 222, 223, 224,
-    225, 226, 227, 228, 229, 230, 231, 232, 233, 234, 235, 236, 237, 238, 239,
-    240, 241, 242, 243, 244, 245, 246, 247, 248, 249, 250, 251, 252, 253, 254,
-    255};
-
-std::vector<std::pair<int, std::vector<uint8_t>>> TestcasesUnkeyed = {
-    std::make_pair(
-        0,
-        std::vector<uint8_t>(
-            {0x78, 0x6a, 0x02, 0xf7, 0x42, 0x01, 0x59, 0x03, 0xc6, 0xc6, 0xfd,
-             0x85, 0x25, 0x52, 0xd2, 0x72, 0x91, 0x2f, 0x47, 0x40, 0xe1, 0x58,
-             0x47, 0x61, 0x8a, 0x86, 0xe2, 0x17, 0xf7, 0x1f, 0x54, 0x19, 0xd2,
-             0x5e, 0x10, 0x31, 0xaf, 0xee, 0x58, 0x53, 0x13, 0x89, 0x64, 0x44,
-             0x93, 0x4e, 0xb0, 0x4b, 0x90, 0x3a, 0x68, 0x5b, 0x14, 0x48, 0xb7,
-             0x55, 0xd5, 0x6f, 0x70, 0x1a, 0xfe, 0x9b, 0xe2, 0xce})),
-    std::make_pair(
-        1,
-        std::vector<uint8_t>(
-            {0x2f, 0xa3, 0xf6, 0x86, 0xdf, 0x87, 0x69, 0x95, 0x16, 0x7e, 0x7c,
-             0x2e, 0x5d, 0x74, 0xc4, 0xc7, 0xb6, 0xe4, 0x8f, 0x80, 0x68, 0xfe,
-             0x0e, 0x44, 0x20, 0x83, 0x44, 0xd4, 0x80, 0xf7, 0x90, 0x4c, 0x36,
-             0x96, 0x3e, 0x44, 0x11, 0x5f, 0xe3, 0xeb, 0x2a, 0x3a, 0xc8, 0x69,
-             0x4c, 0x28, 0xbc, 0xb4, 0xf5, 0xa0, 0xf3, 0x27, 0x6f, 0x2e, 0x79,
-             0x48, 0x7d, 0x82, 0x19, 0x05, 0x7a, 0x50, 0x6e, 0x4b})),
-    std::make_pair(
-        2,
-        std::vector<uint8_t>(
-            {0x1c, 0x08, 0x79, 0x8d, 0xc6, 0x41, 0xab, 0xa9, 0xde, 0xe4, 0x35,
-             0xe2, 0x25, 0x19, 0xa4, 0x72, 0x9a, 0x09, 0xb2, 0xbf, 0xe0, 0xff,
-             0x00, 0xef, 0x2d, 0xcd, 0x8e, 0xd6, 0xf8, 0xa0, 0x7d, 0x15, 0xea,
-             0xf4, 0xae, 0xe5, 0x2b, 0xbf, 0x18, 0xab, 0x56, 0x08, 0xa6, 0x19,
-             0x0f, 0x70, 0xb9, 0x04, 0x86, 0xc8, 0xa7, 0xd4, 0x87, 0x37, 0x10,
-             0xb1, 0x11, 0x5d, 0x3d, 0xeb, 0xbb, 0x43, 0x27, 0xb5})),
-    std::make_pair(
-        3,
-        std::vector<uint8_t>(
-            {0x40, 0xa3, 0x74, 0x72, 0x73, 0x02, 0xd9, 0xa4, 0x76, 0x9c, 0x17,
-             0xb5, 0xf4, 0x09, 0xff, 0x32, 0xf5, 0x8a, 0xa2, 0x4f, 0xf1, 0x22,
-             0xd7, 0x60, 0x3e, 0x4f, 0xda, 0x15, 0x09, 0xe9, 0x19, 0xd4, 0x10,
-             0x7a, 0x52, 0xc5, 0x75, 0x70, 0xa6, 0xd9, 0x4e, 0x50, 0x96, 0x7a,
-             0xea, 0x57, 0x3b, 0x11, 0xf8, 0x6f, 0x47, 0x3f, 0x53, 0x75, 0x65,
-             0xc6, 0x6f, 0x70, 0x39, 0x83, 0x0a, 0x85, 0xd1, 0x86})),
-    std::make_pair(
-        4,
-        std::vector<uint8_t>(
-            {0x77, 0xdd, 0xf4, 0xb1, 0x44, 0x25, 0xeb, 0x3d, 0x05, 0x3c, 0x1e,
-             0x84, 0xe3, 0x46, 0x9d, 0x92, 0xc4, 0xcd, 0x91, 0x0e, 0xd2, 0x0f,
-             0x92, 0x03, 0x5e, 0x0c, 0x99, 0xd8, 0xa7, 0xa8, 0x6c, 0xec, 0xaf,
-             0x69, 0xf9, 0x66, 0x3c, 0x20, 0xa7, 0xaa, 0x23, 0x0b, 0xc8, 0x2f,
-             0x60, 0xd2, 0x2f, 0xb4, 0xa0, 0x0b, 0x09, 0xd3, 0xeb, 0x8f, 0xc6,
-             0x5e, 0xf5, 0x47, 0xfe, 0x63, 0xc8, 0xd3, 0xdd, 0xce})),
-    std::make_pair(
-        5,
-        std::vector<uint8_t>(
-            {0xcb, 0xaa, 0x0b, 0xa7, 0xd4, 0x82, 0xb1, 0xf3, 0x01, 0x10, 0x9a,
-             0xe4, 0x10, 0x51, 0x99, 0x1a, 0x32, 0x89, 0xbc, 0x11, 0x98, 0x00,
-             0x5a, 0xf2, 0x26, 0xc5, 0xe4, 0xf1, 0x03, 0xb6, 0x65, 0x79, 0xf4,
-             0x61, 0x36, 0x10, 0x44, 0xc8, 0xba, 0x34, 0x39, 0xff, 0x12, 0xc5,
-             0x15, 0xfb, 0x29, 0xc5, 0x21, 0x61, 0xb7, 0xeb, 0x9c, 0x28, 0x37,
-             0xb7, 0x6a, 0x5d, 0xc3, 0x3f, 0x7c, 0xb2, 0xe2, 0xe8})),
-    std::make_pair(
-        6,
-        std::vector<uint8_t>(
-            {0xf9, 0x5d, 0x45, 0xcf, 0x69, 0xaf, 0x5c, 0x20, 0x23, 0xbd, 0xb5,
-             0x05, 0x82, 0x1e, 0x62, 0xe8, 0x5d, 0x7c, 0xae, 0xdf, 0x7b, 0xed,
-             0xa1, 0x2c, 0x02, 0x48, 0x77, 0x5b, 0x0c, 0x88, 0x20, 0x5e, 0xeb,
-             0x35, 0xaf, 0x3a, 0x90, 0x81, 0x6f, 0x66, 0x08, 0xce, 0x7d, 0xd4,
-             0x4e, 0xc2, 0x8d, 0xb1, 0x14, 0x06, 0x14, 0xe1, 0xdd, 0xeb, 0xf3,
-             0xaa, 0x9c, 0xd1, 0x84, 0x3e, 0x0f, 0xad, 0x2c, 0x36})),
-    std::make_pair(
-        7,
-        std::vector<uint8_t>(
-            {0x8f, 0x94, 0x5b, 0xa7, 0x00, 0xf2, 0x53, 0x0e, 0x5c, 0x2a, 0x7d,
-             0xf7, 0xd5, 0xdc, 0xe0, 0xf8, 0x3f, 0x9e, 0xfc, 0x78, 0xc0, 0x73,
-             0xfe, 0x71, 0xae, 0x1f, 0x88, 0x20, 0x4a, 0x4f, 0xd1, 0xcf, 0x70,
-             0xa0, 0x73, 0xf5, 0xd1, 0xf9, 0x42, 0xed, 0x62, 0x3a, 0xa1, 0x6e,
-             0x90, 0xa8, 0x71, 0x24, 0x6c, 0x90, 0xc4, 0x5b, 0x62, 0x1b, 0x34,
-             0x01, 0xa5, 0xdd, 0xbd, 0x9d, 0xf6, 0x26, 0x41, 0x65})),
-    std::make_pair(
-        8,
-        std::vector<uint8_t>(
-            {0xe9, 0x98, 0xe0, 0xdc, 0x03, 0xec, 0x30, 0xeb, 0x99, 0xbb, 0x6b,
-             0xfa, 0xaf, 0x66, 0x18, 0xac, 0xc6, 0x20, 0x32, 0x0d, 0x72, 0x20,
-             0xb3, 0xaf, 0x2b, 0x23, 0xd1, 0x12, 0xd8, 0xe9, 0xcb, 0x12, 0x62,
-             0xf3, 0xc0, 0xd6, 0x0d, 0x18, 0x3b, 0x1e, 0xe7, 0xf0, 0x96, 0xd1,
-             0x2d, 0xae, 0x42, 0xc9, 0x58, 0x41, 0x86, 0x00, 0x21, 0x4d, 0x04,
-             0xf5, 0xed, 0x6f, 0x5e, 0x71, 0x8b, 0xe3, 0x55, 0x66})),
-    std::make_pair(
-        9,
-        std::vector<uint8_t>(
-            {0x6a, 0x9a, 0x09, 0x0c, 0x61, 0xb3, 0x41, 0x0a, 0xed, 0xe7, 0xec,
-             0x91, 0x38, 0x14, 0x6c, 0xeb, 0x2c, 0x69, 0x66, 0x2f, 0x46, 0x0c,
-             0x3d, 0xa5, 0x3c, 0x65, 0x15, 0xc1, 0xeb, 0x31, 0xf4, 0x1c, 0xa3,
-             0xd2, 0x80, 0xe5, 0x67, 0x88, 0x2f, 0x95, 0xcf, 0x66, 0x4a, 0x94,
-             0x14, 0x7d, 0x78, 0xf4, 0x2c, 0xfc, 0x71, 0x4a, 0x40, 0xd2, 0x2e,
-             0xf1, 0x94, 0x70, 0xe0, 0x53, 0x49, 0x35, 0x08, 0xa2})),
-    std::make_pair(
-        10,
-        std::vector<uint8_t>(
-            {0x29, 0x10, 0x25, 0x11, 0xd7, 0x49, 0xdb, 0x3c, 0xc9, 0xb4, 0xe3,
-             0x35, 0xfa, 0x1f, 0x5e, 0x8f, 0xac, 0xa8, 0x42, 0x1d, 0x55, 0x8f,
-             0x6a, 0x3f, 0x33, 0x21, 0xd5, 0x0d, 0x04, 0x4a, 0x24, 0x8b, 0xa5,
-             0x95, 0xcf, 0xc3, 0xef, 0xd3, 0xd2, 0xad, 0xc9, 0x73, 0x34, 0xda,
-             0x73, 0x24, 0x13, 0xf5, 0xcb, 0xf4, 0x75, 0x1c, 0x36, 0x2b, 0xa1,
-             0xd5, 0x38, 0x62, 0xac, 0x1e, 0x8d, 0xab, 0xee, 0xe8})),
-    std::make_pair(
-        11,
-        std::vector<uint8_t>(
-            {0xc9, 0x7a, 0x47, 0x79, 0xd4, 0x7e, 0x6f, 0x77, 0x72, 0x9b, 0x59,
-             0x17, 0xd0, 0x13, 0x8a, 0xbb, 0x35, 0x98, 0x0a, 0xb6, 0x41, 0xbd,
-             0x73, 0xa8, 0x85, 0x9e, 0xb1, 0xac, 0x98, 0xc0, 0x53, 0x62, 0xed,
-             0x7d, 0x60, 0x8f, 0x2e, 0x95, 0x87, 0xd6, 0xba, 0x9e, 0x27, 0x1d,
-             0x34, 0x31, 0x25, 0xd4, 0x0d, 0x93, 0x3a, 0x8e, 0xd0, 0x4e, 0xc1,
-             0xfe, 0x75, 0xec, 0x40, 0x7c, 0x7a, 0x53, 0xc3, 0x4e})),
-    std::make_pair(
-        12,
-        std::vector<uint8_t>(
-            {0x10, 0xf0, 0xdc, 0x91, 0xb9, 0xf8, 0x45, 0xfb, 0x95, 0xfa, 0xd6,
-             0x86, 0x0e, 0x6c, 0xe1, 0xad, 0xfa, 0x00, 0x2c, 0x7f, 0xc3, 0x27,
-             0x11, 0x6d, 0x44, 0xd0, 0x47, 0xcd, 0x7d, 0x58, 0x70, 0xd7, 0x72,
-             0xbb, 0x12, 0xb5, 0xfa, 0xc0, 0x0e, 0x02, 0xb0, 0x8a, 0xc2, 0xa0,
-             0x17, 0x4d, 0x04, 0x46, 0xc3, 0x6a, 0xb3, 0x5f, 0x14, 0xca, 0x31,
-             0x89, 0x4c, 0xd6, 0x1c, 0x78, 0xc8, 0x49, 0xb4, 0x8a})),
-    std::make_pair(
-        13,
-        std::vector<uint8_t>(
-            {0xde, 0xa9, 0x10, 0x1c, 0xac, 0x62, 0xb8, 0xf6, 0xa3, 0xc6, 0x50,
-             0xf9, 0x0e, 0xea, 0x5b, 0xfa, 0xe2, 0x65, 0x3a, 0x4e, 0xaf, 0xd6,
-             0x3a, 0x6d, 0x1f, 0x0f, 0x13, 0x2d, 0xb9, 0xe4, 0xf2, 0xb1, 0xb6,
-             0x62, 0x43, 0x2e, 0xc8, 0x5b, 0x17, 0xbc, 0xac, 0x41, 0xe7, 0x75,
-             0x63, 0x78, 0x81, 0xf6, 0xaa, 0xb3, 0x8d, 0xd6, 0x6d, 0xcb, 0xd0,
-             0x80, 0xf0, 0x99, 0x0a, 0x7a, 0x6e, 0x98, 0x54, 0xfe})),
-    std::make_pair(
-        14,
-        std::vector<uint8_t>(
-            {0x44, 0x1f, 0xfa, 0xa0, 0x8c, 0xd7, 0x9d, 0xff, 0x4a, 0xfc, 0x9b,
-             0x9e, 0x5b, 0x56, 0x20, 0xee, 0xc0, 0x86, 0x73, 0x0c, 0x25, 0xf6,
-             0x61, 0xb1, 0xd6, 0xfb, 0xfb, 0xd1, 0xce, 0xc3, 0x14, 0x8d, 0xd7,
-             0x22, 0x58, 0xc6, 0x56, 0x41, 0xf2, 0xfc, 0xa5, 0xeb, 0x15, 0x5f,
-             0xad, 0xbc, 0xab, 0xb1, 0x3c, 0x6e, 0x21, 0xdc, 0x11, 0xfa, 0xf7,
-             0x2c, 0x2a, 0x28, 0x1b, 0x7d, 0x56, 0x14, 0x5f, 0x19})),
-    std::make_pair(
-        15,
-        std::vector<uint8_t>(
-            {0x44, 0x4b, 0x24, 0x0f, 0xe3, 0xed, 0x86, 0xd0, 0xe2, 0xef, 0x4c,
-             0xe7, 0xd8, 0x51, 0xed, 0xde, 0x22, 0x15, 0x55, 0x82, 0xaa, 0x09,
-             0x14, 0x79, 0x7b, 0x72, 0x6c, 0xd0, 0x58, 0xb6, 0xf4, 0x59, 0x32,
-             0xe0, 0xe1, 0x29, 0x51, 0x68, 0x76, 0x52, 0x7b, 0x1d, 0xd8, 0x8f,
-             0xc6, 0x6d, 0x71, 0x19, 0xf4, 0xab, 0x3b, 0xed, 0x93, 0xa6, 0x1a,
-             0x0e, 0x2d, 0x2d, 0x2a, 0xea, 0xc3, 0x36, 0xd9, 0x58})),
-    std::make_pair(
-        16,
-        std::vector<uint8_t>(
-            {0xbf, 0xba, 0xbb, 0xef, 0x45, 0x55, 0x4c, 0xcf, 0xa0, 0xdc, 0x83,
-             0x75, 0x2a, 0x19, 0xcc, 0x35, 0xd5, 0x92, 0x09, 0x56, 0xb3, 0x01,
-             0xd5, 0x58, 0xd7, 0x72, 0x28, 0x2b, 0xc8, 0x67, 0x00, 0x91, 0x68,
-             0xe9, 0xe9, 0x86, 0x06, 0xbb, 0x5b, 0xa7, 0x3a, 0x38, 0x5d, 0xe5,
-             0x74, 0x92, 0x28, 0xc9, 0x25, 0xa8, 0x50, 0x19, 0xb7, 0x1f, 0x72,
-             0xfe, 0x29, 0xb3, 0xcd, 0x37, 0xca, 0x52, 0xef, 0xe6})),
-    std::make_pair(
-        17,
-        std::vector<uint8_t>(
-            {0x9c, 0x4d, 0x0c, 0x3e, 0x1c, 0xdb, 0xbf, 0x48, 0x5b, 0xec, 0x86,
-             0xf4, 0x1c, 0xec, 0x7c, 0x98, 0x37, 0x3f, 0x0e, 0x09, 0xf3, 0x92,
-             0x84, 0x9a, 0xaa, 0x22, 0x9e, 0xbf, 0xbf, 0x39, 0x7b, 0x22, 0x08,
-             0x55, 0x29, 0xcb, 0x7e, 0xf3, 0x9f, 0x9c, 0x7c, 0x22, 0x22, 0xa5,
-             0x14, 0x18, 0x2b, 0x1e, 0xff, 0xaa, 0x17, 0x8c, 0xc3, 0x68, 0x7b,
-             0x1b, 0x2b, 0x6c, 0xbc, 0xb6, 0xfd, 0xeb, 0x96, 0xf8})),
-    std::make_pair(
-        18,
-        std::vector<uint8_t>(
-            {0x47, 0x71, 0x76, 0xb3, 0xbf, 0xcb, 0xad, 0xd7, 0x65, 0x7c, 0x23,
-             0xc2, 0x46, 0x25, 0xe4, 0xd0, 0xd6, 0x74, 0xd1, 0x86, 0x8f, 0x00,
-             0x60, 0x06, 0x39, 0x8a, 0xf9, 0x7a, 0xa4, 0x18, 0x77, 0xc8, 0xe7,
-             0x0d, 0x3d, 0x14, 0xc3, 0xbb, 0xc9, 0xbb, 0xcd, 0xce, 0xa8, 0x01,
-             0xbd, 0x0e, 0x15, 0x99, 0xaf, 0x1f, 0x3e, 0xec, 0x67, 0x40, 0x51,
-             0x70, 0xf4, 0xe2, 0x6c, 0x96, 0x4a, 0x57, 0xa8, 0xb7})),
-    std::make_pair(
-        19,
-        std::vector<uint8_t>(
-            {0xa7, 0x8c, 0x49, 0x0e, 0xda, 0x31, 0x73, 0xbb, 0x3f, 0x10, 0xde,
-             0xe5, 0x2f, 0x11, 0x0f, 0xb1, 0xc0, 0x8e, 0x03, 0x02, 0x23, 0x0b,
-             0x85, 0xdd, 0xd7, 0xc1, 0x12, 0x57, 0xd9, 0x2d, 0xe1, 0x48, 0x78,
-             0x5e, 0xf0, 0x0c, 0x03, 0x9c, 0x0b, 0xb8, 0xeb, 0x98, 0x08, 0xa3,
-             0x5b, 0x2d, 0x8c, 0x08, 0x0f, 0x57, 0x28, 0x59, 0x71, 0x4c, 0x9d,
-             0x40, 0x69, 0xc5, 0xbc, 0xaf, 0x09, 0x0e, 0x89, 0x8e})),
-    std::make_pair(
-        20,
-        std::vector<uint8_t>(
-            {0x58, 0xd0, 0x23, 0x39, 0x7b, 0xeb, 0x5b, 0x41, 0x45, 0xcb, 0x22,
-             0x55, 0xb0, 0x7d, 0x74, 0x29, 0x0b, 0x36, 0xd9, 0xfd, 0x1e, 0x59,
-             0x4a, 0xfb, 0xd8, 0xee, 0xa4, 0x7c, 0x20, 0x5b, 0x2e, 0xfb, 0xfe,
-             0x6f, 0x46, 0x19, 0x0f, 0xaf, 0x95, 0xaf, 0x50, 0x4a, 0xb0, 0x72,
-             0xe3, 0x6f, 0x6c, 0x85, 0xd7, 0x67, 0xa3, 0x21, 0xbf, 0xd7, 0xf2,
-             0x26, 0x87, 0xa4, 0xab, 0xbf, 0x49, 0x4a, 0x68, 0x9c})),
-    std::make_pair(
-        21,
-        std::vector<uint8_t>(
-            {0x40, 0x01, 0xec, 0x74, 0xd5, 0xa4, 0x6f, 0xd2, 0x9c, 0x2c, 0x3c,
-             0xdb, 0xe5, 0xd1, 0xb9, 0xf2, 0x0e, 0x51, 0xa9, 0x41, 0xbe, 0x98,
-             0xd2, 0xa4, 0xe1, 0xe2, 0xfb, 0xf8, 0x66, 0xa6, 0x72, 0x12, 0x1d,
-             0xb6, 0xf8, 0x1a, 0x51, 0x4c, 0xfd, 0x10, 0xe7, 0x35, 0x8d, 0x57,
-             0x1b, 0xdb, 0xa4, 0x8e, 0x4c, 0xe7, 0x08, 0xb9, 0xd1, 0x24, 0x89,
-             0x4b, 0xc0, 0xb5, 0xed, 0x55, 0x49, 0x35, 0xf7, 0x3a})),
-    std::make_pair(
-        22,
-        std::vector<uint8_t>(
-            {0xcc, 0xd1, 0xb2, 0x2d, 0xab, 0x65, 0x11, 0x22, 0x5d, 0x24, 0x01,
-             0xea, 0x2d, 0x86, 0x25, 0xd2, 0x06, 0xa1, 0x24, 0x73, 0xcc, 0x73,
-             0x2b, 0x61, 0x5e, 0x56, 0x40, 0xce, 0xff, 0xf0, 0xa4, 0xad, 0xf9,
-             0x71, 0xb0, 0xe8, 0x27, 0xa6, 0x19, 0xe0, 0xa8, 0x0f, 0x5d, 0xb9,
-             0xcc, 0xd0, 0x96, 0x23, 0x29, 0x01, 0x0d, 0x07, 0xe3, 0x4a, 0x20,
-             0x64, 0xe7, 0x31, 0xc5, 0x20, 0x81, 0x7b, 0x21, 0x83})),
-    std::make_pair(
-        23,
-        std::vector<uint8_t>(
-            {0xb4, 0xa0, 0xa9, 0xe3, 0x57, 0x4e, 0xdb, 0x9e, 0x1e, 0x72, 0xaa,
-             0x31, 0xe3, 0x9c, 0xc5, 0xf3, 0x0d, 0xbf, 0x94, 0x3f, 0x8c, 0xab,
-             0xc4, 0x08, 0x44, 0x96, 0x54, 0xa3, 0x91, 0x31, 0xe6, 0x6d, 0x71,
-             0x8a, 0x18, 0x81, 0x91, 0x43, 0xe3, 0xea, 0x96, 0xb4, 0xa1, 0x89,
-             0x59, 0x88, 0xa1, 0xc0, 0x05, 0x6c, 0xf2, 0xb6, 0xe0, 0x4f, 0x9a,
-             0xc1, 0x9d, 0x65, 0x73, 0x83, 0xc2, 0x91, 0x0c, 0x44})),
-    std::make_pair(
-        24,
-        std::vector<uint8_t>(
-            {0x44, 0x7b, 0xec, 0xab, 0x16, 0x63, 0x06, 0x08, 0xd3, 0x9f, 0x4f,
-             0x05, 0x8b, 0x16, 0xf7, 0xaf, 0x95, 0xb8, 0x5a, 0x76, 0xaa, 0x0f,
-             0xa7, 0xce, 0xa2, 0xb8, 0x07, 0x55, 0xfb, 0x76, 0xe9, 0xc8, 0x04,
-             0xf2, 0xca, 0x78, 0xf0, 0x26, 0x43, 0xc9, 0x15, 0xfb, 0xf2, 0xfc,
-             0xe5, 0xe1, 0x9d, 0xe8, 0x60, 0x00, 0xde, 0x03, 0xb1, 0x88, 0x61,
-             0x81, 0x5a, 0x83, 0x12, 0x60, 0x71, 0xf8, 0xa3, 0x7b})),
-    std::make_pair(
-        25,
-        std::vector<uint8_t>(
-            {0x54, 0xe6, 0xda, 0xb9, 0x97, 0x73, 0x80, 0xa5, 0x66, 0x58, 0x22,
-             0xdb, 0x93, 0x37, 0x4e, 0xda, 0x52, 0x8d, 0x9b, 0xeb, 0x62, 0x6f,
-             0x9b, 0x94, 0x02, 0x70, 0x71, 0xcb, 0x26, 0x67, 0x5e, 0x11, 0x2b,
-             0x4a, 0x7f, 0xec, 0x94, 0x1e, 0xe6, 0x0a, 0x81, 0xe4, 0xd2, 0xea,
-             0x3f, 0xf7, 0xbc, 0x52, 0xcf, 0xc4, 0x5d, 0xfb, 0xfe, 0x73, 0x5a,
-             0x1c, 0x64, 0x6b, 0x2c, 0xf6, 0xd6, 0xa4, 0x9b, 0x62})),
-    std::make_pair(
-        26,
-        std::vector<uint8_t>(
-            {0x3e, 0xa6, 0x26, 0x25, 0x94, 0x9e, 0x36, 0x46, 0x70, 0x4d, 0x7e,
-             0x3c, 0x90, 0x6f, 0x82, 0xf6, 0xc0, 0x28, 0xf5, 0x40, 0xf5, 0xf7,
-             0x2a, 0x79, 0x4b, 0x0c, 0x57, 0xbf, 0x97, 0xb7, 0x64, 0x9b, 0xfe,
-             0xb9, 0x0b, 0x01, 0xd3, 0xca, 0x3e, 0x82, 0x9d, 0xe2, 0x1b, 0x38,
-             0x26, 0xe6, 0xf8, 0x70, 0x14, 0xd3, 0xc7, 0x73, 0x50, 0xcb, 0x5a,
-             0x15, 0xff, 0x5d, 0x46, 0x8a, 0x81, 0xbe, 0xc1, 0x60})),
-    std::make_pair(
-        27,
-        std::vector<uint8_t>(
-            {0x21, 0x3c, 0xfe, 0x14, 0x5c, 0x54, 0xa3, 0x36, 0x91, 0x56, 0x99,
-             0x80, 0xe5, 0x93, 0x8c, 0x88, 0x83, 0xa4, 0x6d, 0x84, 0xd1, 0x49,
-             0xc8, 0xff, 0x1a, 0x67, 0xcd, 0x28, 0x7b, 0x4d, 0x49, 0xc6, 0xda,
-             0x69, 0xd3, 0xa0, 0x35, 0x44, 0x3d, 0xb0, 0x85, 0x98, 0x3d, 0x0e,
-             0xfe, 0x63, 0x70, 0x6b, 0xd5, 0xb6, 0xf1, 0x5a, 0x7d, 0xa4, 0x59,
-             0xe8, 0xd5, 0x0a, 0x19, 0x09, 0x3d, 0xb5, 0x5e, 0x80})),
-    std::make_pair(
-        28,
-        std::vector<uint8_t>(
-            {0x57, 0x16, 0xc4, 0xa3, 0x8f, 0x38, 0xdb, 0x10, 0x4e, 0x49, 0x4a,
-             0x0a, 0x27, 0xcb, 0xe8, 0x9a, 0x26, 0xa6, 0xbb, 0x6f, 0x49, 0x9e,
-             0xc0, 0x1c, 0x8c, 0x01, 0xaa, 0x7c, 0xb8, 0x84, 0x97, 0xe7, 0x51,
-             0x48, 0xcd, 0x6e, 0xee, 0x12, 0xa7, 0x16, 0x8b, 0x6f, 0x78, 0xab,
-             0x74, 0xe4, 0xbe, 0x74, 0x92, 0x51, 0xa1, 0xa7, 0x4c, 0x38, 0xc8,
-             0x6d, 0x61, 0x29, 0x17, 0x7e, 0x28, 0x89, 0xe0, 0xb6})),
-    std::make_pair(
-        29,
-        std::vector<uint8_t>(
-            {0x03, 0x04, 0x60, 0xa9, 0x8b, 0xdf, 0x9f, 0xf1, 0x7c, 0xd9, 0x64,
-             0x04, 0xf2, 0x8f, 0xc3, 0x04, 0xf2, 0xb7, 0xc0, 0x4e, 0xaa, 0xde,
-             0x53, 0x67, 0x7f, 0xd2, 0x8f, 0x78, 0x8c, 0xa2, 0x21, 0x86, 0xb8,
-             0xbc, 0x80, 0xdd, 0x21, 0xd1, 0x7f, 0x85, 0x49, 0xc7, 0x11, 0xaf,
-             0xf0, 0xe5, 0x14, 0xe1, 0x9d, 0x4e, 0x15, 0xf5, 0x99, 0x02, 0x52,
-             0xa0, 0x3e, 0x08, 0x2f, 0x28, 0xdc, 0x20, 0x52, 0xf6})),
-    std::make_pair(
-        30,
-        std::vector<uint8_t>(
-            {0x19, 0xe7, 0xf1, 0xcc, 0xee, 0x88, 0xa1, 0x06, 0x72, 0x33, 0x3e,
-             0x39, 0x0c, 0xf2, 0x20, 0x13, 0xa8, 0xc7, 0x34, 0xc6, 0xcb, 0x9e,
-             0xab, 0x41, 0xf1, 0x7c, 0x3c, 0x80, 0x32, 0xa2, 0xe4, 0xac, 0xa0,
-             0x56, 0x9e, 0xa3, 0x6f, 0x08, 0x60, 0xc7, 0xa1, 0xaf, 0x28, 0xfa,
-             0x47, 0x68, 0x40, 0xd6, 0x60, 0x11, 0x16, 0x88, 0x59, 0x33, 0x4a,
-             0x9e, 0x4e, 0xf9, 0xcc, 0x2e, 0x61, 0xa0, 0xe2, 0x9e})),
-    std::make_pair(
-        31,
-        std::vector<uint8_t>(
-            {0x29, 0xf8, 0xb8, 0xc7, 0x8c, 0x80, 0xf2, 0xfc, 0xb4, 0xbd, 0xf7,
-             0x82, 0x5e, 0xd9, 0x0a, 0x70, 0xd6, 0x25, 0xff, 0x78, 0x5d, 0x26,
-             0x26, 0x77, 0xe2, 0x50, 0xc0, 0x4f, 0x37, 0x20, 0xc8, 0x88, 0xd0,
-             0x3f, 0x80, 0x45, 0xe4, 0xed, 0xf3, 0xf5, 0x28, 0x5b, 0xd3, 0x9d,
-             0x92, 0x8a, 0x10, 0xa7, 0xd0, 0xa5, 0xdf, 0x00, 0xb8, 0x48, 0x4a,
-             0xc2, 0x86, 0x81, 0x42, 0xa1, 0xe8, 0xbe, 0xa3, 0x51})),
-    std::make_pair(
-        32,
-        std::vector<uint8_t>(
-            {0x5c, 0x52, 0x92, 0x0a, 0x72, 0x63, 0xe3, 0x9d, 0x57, 0x92, 0x0c,
-             0xa0, 0xcb, 0x75, 0x2a, 0xc6, 0xd7, 0x9a, 0x04, 0xfe, 0xf8, 0xa7,
-             0xa2, 0x16, 0xa1, 0xec, 0xb7, 0x11, 0x5c, 0xe0, 0x6d, 0x89, 0xfd,
-             0x7d, 0x73, 0x5b, 0xd6, 0xf4, 0x27, 0x25, 0x55, 0xdb, 0xa2, 0x2c,
-             0x2d, 0x1c, 0x96, 0xe6, 0x35, 0x23, 0x22, 0xc6, 0x2c, 0x56, 0x30,
-             0xfd, 0xe0, 0xf4, 0x77, 0x7a, 0x76, 0xc3, 0xde, 0x2c})),
-    std::make_pair(
-        33,
-        std::vector<uint8_t>(
-            {0x83, 0xb0, 0x98, 0xf2, 0x62, 0x25, 0x1b, 0xf6, 0x60, 0x06, 0x4a,
-             0x9d, 0x35, 0x11, 0xce, 0x76, 0x87, 0xa0, 0x9e, 0x6d, 0xfb, 0xb8,
-             0x78, 0x29, 0x9c, 0x30, 0xe9, 0x3d, 0xfb, 0x43, 0xa9, 0x31, 0x4d,
-             0xb9, 0xa6, 0x00, 0x33, 0x7d, 0xb2, 0x6e, 0xbe, 0xed, 0xaf, 0x22,
-             0x56, 0xa9, 0x6d, 0xab, 0xe9, 0xb2, 0x9e, 0x75, 0x73, 0xad, 0x11,
-             0xc3, 0x52, 0x3d, 0x87, 0x4d, 0xde, 0x5b, 0xe7, 0xed})),
-    std::make_pair(
-        34,
-        std::vector<uint8_t>(
-            {0x94, 0x47, 0xd9, 0x8a, 0xa5, 0xc9, 0x33, 0x13, 0x52, 0xf4, 0x3d,
-             0x3e, 0x56, 0xd0, 0xa9, 0xa9, 0xf9, 0x58, 0x18, 0x65, 0x99, 0x8e,
-             0x28, 0x85, 0xcc, 0x56, 0xdd, 0x0a, 0x0b, 0xd5, 0xa7, 0xb5, 0x05,
-             0x95, 0xbd, 0x10, 0xf7, 0x52, 0x9b, 0xcd, 0x31, 0xf3, 0x7d, 0xc1,
-             0x6a, 0x14, 0x65, 0xd5, 0x94, 0x07, 0x96, 0x67, 0xda, 0x2a, 0x3f,
-             0xcb, 0x70, 0x40, 0x14, 0x98, 0x83, 0x7c, 0xed, 0xeb})),
-    std::make_pair(
-        35,
-        std::vector<uint8_t>(
-            {0x86, 0x77, 0x32, 0xf2, 0xfe, 0xeb, 0x23, 0x89, 0x30, 0x97, 0x56,
-             0x1a, 0xc7, 0x10, 0xa4, 0xbf, 0xf4, 0x53, 0xbe, 0x9c, 0xfb, 0xed,
-             0xba, 0x8b, 0xa3, 0x24, 0xf9, 0xd3, 0x12, 0xa8, 0x2d, 0x73, 0x2e,
-             0x1b, 0x83, 0xb8, 0x29, 0xfd, 0xcd, 0x17, 0x7b, 0x88, 0x2c, 0xa0,
-             0xc1, 0xbf, 0x54, 0x4b, 0x22, 0x3b, 0xe5, 0x29, 0x92, 0x4a, 0x24,
-             0x6a, 0x63, 0xcf, 0x05, 0x9b, 0xfd, 0xc5, 0x0a, 0x1b})),
-    std::make_pair(
-        36,
-        std::vector<uint8_t>(
-            {0xf1, 0x5a, 0xb2, 0x6d, 0x4c, 0xdf, 0xcf, 0x56, 0xe1, 0x96, 0xbb,
-             0x6b, 0xa1, 0x70, 0xa8, 0xfc, 0xcc, 0x41, 0x4d, 0xe9, 0x28, 0x5a,
-             0xfd, 0x98, 0xa3, 0xd3, 0xcf, 0x2f, 0xb8, 0x8f, 0xcb, 0xc0, 0xf1,
-             0x98, 0x32, 0xac, 0x43, 0x3a, 0x5b, 0x2c, 0xc2, 0x39, 0x2a, 0x4c,
-             0xe3, 0x43, 0x32, 0x98, 0x7d, 0x8d, 0x2c, 0x2b, 0xef, 0x6c, 0x34,
-             0x66, 0x13, 0x8d, 0xb0, 0xc6, 0xe4, 0x2f, 0xa4, 0x7b})),
-    std::make_pair(
-        37,
-        std::vector<uint8_t>(
-            {0x28, 0x13, 0x51, 0x6d, 0x68, 0xed, 0x4a, 0x08, 0xb3, 0x9d, 0x64,
-             0x8a, 0xa6, 0xaa, 0xcd, 0x81, 0xe9, 0xd6, 0x55, 0xec, 0xd5, 0xf0,
-             0xc1, 0x35, 0x56, 0xc6, 0x0f, 0xdf, 0x0d, 0x33, 0x3e, 0xa3, 0x84,
-             0x64, 0xb3, 0x6c, 0x02, 0xba, 0xcc, 0xd7, 0x46, 0xe9, 0x57, 0x5e,
-             0x96, 0xc6, 0x30, 0x14, 0xf0, 0x74, 0xae, 0x34, 0xa0, 0xa2, 0x5b,
-             0x32, 0x0f, 0x0f, 0xbe, 0xdd, 0x6a, 0xcf, 0x76, 0x65})),
-    std::make_pair(
-        38,
-        std::vector<uint8_t>(
-            {0xd3, 0x25, 0x9a, 0xfc, 0xa8, 0xa4, 0x89, 0x62, 0xfa, 0x89, 0x2e,
-             0x14, 0x5a, 0xcf, 0x54, 0x7f, 0x26, 0x92, 0x3a, 0xe8, 0xd4, 0x92,
-             0x4c, 0x8a, 0x53, 0x15, 0x81, 0x52, 0x6b, 0x04, 0xb4, 0x4c, 0x7a,
-             0xf8, 0x3c, 0x64, 0x3e, 0xf5, 0xa0, 0xbc, 0x28, 0x2d, 0x36, 0xf3,
-             0xfb, 0x04, 0xc8, 0x4e, 0x28, 0xb3, 0x51, 0xf4, 0x0c, 0x74, 0xb6,
-             0x9d, 0xc7, 0x84, 0x0b, 0xc7, 0x17, 0xb6, 0xf1, 0x5f})),
-    std::make_pair(
-        39,
-        std::vector<uint8_t>(
-            {0xf1, 0x4b, 0x06, 0x1a, 0xe3, 0x59, 0xfa, 0x31, 0xb9, 0x89, 0xe3,
-             0x03, 0x32, 0xbf, 0xe8, 0xde, 0x8c, 0xc8, 0xcd, 0xb5, 0x68, 0xe1,
-             0x4b, 0xe2, 0x14, 0xa2, 0x22, 0x3b, 0x84, 0xca, 0xab, 0x74, 0x19,
-             0x54, 0x9e, 0xcf, 0xcc, 0x96, 0xce, 0x2a, 0xce, 0xc1, 0x19, 0x48,
-             0x5d, 0x87, 0xd1, 0x57, 0xd3, 0xa8, 0x73, 0x4f, 0xc4, 0x26, 0x59,
-             0x7d, 0x64, 0xf3, 0x65, 0x70, 0xce, 0xaf, 0x22, 0x4d})),
-    std::make_pair(
-        40,
-        std::vector<uint8_t>(
-            {0x55, 0xe7, 0x0b, 0x01, 0xd1, 0xfb, 0xf8, 0xb2, 0x3b, 0x57, 0xfb,
-             0x62, 0xe2, 0x6c, 0x2c, 0xe5, 0x4f, 0x13, 0xf8, 0xfa, 0x24, 0x64,
-             0xe6, 0xeb, 0x98, 0xd1, 0x6a, 0x61, 0x17, 0x02, 0x6d, 0x8b, 0x90,
-             0x81, 0x90, 0x12, 0x49, 0x6d, 0x40, 0x71, 0xeb, 0xe2, 0xe5, 0x95,
-             0x57, 0xec, 0xe3, 0x51, 0x9a, 0x7a, 0xa4, 0x58, 0x02, 0xf9, 0x61,
-             0x53, 0x74, 0x87, 0x73, 0x32, 0xb7, 0x34, 0x90, 0xb3})),
-    std::make_pair(
-        41,
-        std::vector<uint8_t>(
-            {0x25, 0x26, 0x1e, 0xb2, 0x96, 0x97, 0x1d, 0x6e, 0x4a, 0x71, 0xb2,
-             0x92, 0x8e, 0x64, 0x83, 0x9c, 0x67, 0xd4, 0x22, 0x87, 0x2b, 0xf9,
-             0xf3, 0xc3, 0x19, 0x93, 0x61, 0x52, 0x22, 0xde, 0x9f, 0x8f, 0x0b,
-             0x2c, 0x4b, 0xe8, 0x54, 0x85, 0x59, 0xb4, 0xb3, 0x54, 0xe7, 0x36,
-             0x41, 0x6e, 0x32, 0x18, 0xd4, 0xe8, 0xa1, 0xe2, 0x19, 0xa4, 0xa6,
-             0xd4, 0x3e, 0x1a, 0x9a, 0x52, 0x1d, 0x0e, 0x75, 0xfc})),
-    std::make_pair(
-        42,
-        std::vector<uint8_t>(
-            {0x08, 0x30, 0x7f, 0x34, 0x7c, 0x41, 0x29, 0x4e, 0x34, 0xbb, 0x54,
-             0xcb, 0x42, 0xb1, 0x52, 0x2d, 0x22, 0xf8, 0x24, 0xf7, 0xb6, 0xe5,
-             0xdb, 0x50, 0xfd, 0xa0, 0x96, 0x79, 0x8e, 0x18, 0x1a, 0x8f, 0x02,
-             0x6f, 0xa2, 0x7b, 0x4a, 0xe4, 0x5d, 0x52, 0xa6, 0x2c, 0xaf, 0x9d,
-             0x51, 0x98, 0xe2, 0x4a, 0x49, 0x13, 0xc6, 0x67, 0x17, 0x75, 0xb2,
-             0xd7, 0x23, 0xc1, 0x23, 0x9b, 0xfb, 0xf0, 0x16, 0xd7})),
-    std::make_pair(
-        43,
-        std::vector<uint8_t>(
-            {0x1e, 0x5c, 0x62, 0xe7, 0xe9, 0xbf, 0xa1, 0xb1, 0x18, 0x74, 0x7a,
-             0x2d, 0xe0, 0x8b, 0x3c, 0xa1, 0x01, 0x12, 0xaf, 0x96, 0xa4, 0x6e,
-             0x4b, 0x22, 0xc3, 0xfc, 0x06, 0xf9, 0xbf, 0xee, 0x4e, 0xb5, 0xc4,
-             0x9e, 0x05, 0x7a, 0x4a, 0x48, 0x86, 0x23, 0x43, 0x24, 0x57, 0x25,
-             0x76, 0xbb, 0x9b, 0x5e, 0xcf, 0xde, 0x0d, 0x99, 0xb0, 0xde, 0x4f,
-             0x98, 0xec, 0x16, 0xe4, 0xd1, 0xb8, 0x5f, 0xa9, 0x47})),
-    std::make_pair(
-        44,
-        std::vector<uint8_t>(
-            {0xc7, 0x4a, 0x77, 0x39, 0x5f, 0xb8, 0xbc, 0x12, 0x64, 0x47, 0x45,
-             0x48, 0x38, 0xe5, 0x61, 0xe9, 0x62, 0x85, 0x3d, 0xc7, 0xeb, 0x49,
-             0xa1, 0xe3, 0xcb, 0x67, 0xc3, 0xd0, 0x85, 0x1f, 0x3e, 0x39, 0x51,
-             0x7b, 0xe8, 0xc3, 0x50, 0xac, 0x91, 0x09, 0x03, 0xd4, 0x9c, 0xd2,
-             0xbf, 0xdf, 0x54, 0x5c, 0x99, 0x31, 0x6d, 0x03, 0x46, 0x17, 0x0b,
-             0x73, 0x9f, 0x0a, 0xdd, 0x5d, 0x53, 0x3c, 0x2c, 0xfc})),
-    std::make_pair(
-        45,
-        std::vector<uint8_t>(
-            {0x0d, 0xd5, 0x7b, 0x42, 0x3c, 0xc0, 0x1e, 0xb2, 0x86, 0x13, 0x91,
-             0xeb, 0x88, 0x6a, 0x0d, 0x17, 0x07, 0x9b, 0x93, 0x3f, 0xc7, 0x6e,
-             0xb3, 0xfc, 0x08, 0xa1, 0x9f, 0x8a, 0x74, 0x95, 0x2c, 0xb6, 0x8f,
-             0x6b, 0xcd, 0xc6, 0x44, 0xf7, 0x73, 0x70, 0x96, 0x6e, 0x4d, 0x13,
-             0xe8, 0x05, 0x60, 0xbc, 0xf0, 0x82, 0xef, 0x04, 0x79, 0xd4, 0x8f,
-             0xbb, 0xab, 0x4d, 0xf0, 0x3b, 0x53, 0xa4, 0xe1, 0x78})),
-    std::make_pair(
-        46,
-        std::vector<uint8_t>(
-            {0x4d, 0x8d, 0xc3, 0x92, 0x3e, 0xdc, 0xcd, 0xfc, 0xe7, 0x00, 0x72,
-             0x39, 0x8b, 0x8a, 0x3d, 0xa5, 0xc3, 0x1f, 0xcb, 0x3e, 0xe3, 0xb6,
-             0x45, 0xc8, 0x5f, 0x71, 0x7c, 0xba, 0xeb, 0x4b, 0x67, 0x3a, 0x19,
-             0x39, 0x44, 0x25, 0xa5, 0x85, 0xbf, 0xb4, 0x64, 0xd9, 0x2f, 0x15,
-             0x97, 0xd0, 0xb7, 0x54, 0xd1, 0x63, 0xf9, 0x7c, 0xed, 0x34, 0x3b,
-             0x25, 0xdb, 0x5a, 0x70, 0xef, 0x48, 0xeb, 0xb3, 0x4f})),
-    std::make_pair(
-        47,
-        std::vector<uint8_t>(
-            {0xf0, 0xa5, 0x05, 0x53, 0xe4, 0xdf, 0xb0, 0xc4, 0xe3, 0xe3, 0xd3,
-             0xba, 0x82, 0x03, 0x48, 0x57, 0xe3, 0xb1, 0xe5, 0x09, 0x18, 0xf5,
-             0xb8, 0xa7, 0xd6, 0x98, 0xe1, 0x0d, 0x24, 0x2b, 0x0f, 0xb5, 0x44,
-             0xaf, 0x6c, 0x92, 0xd0, 0xc3, 0xaa, 0xf9, 0x93, 0x22, 0x20, 0x41,
-             0x61, 0x17, 0xb4, 0xe7, 0x8e, 0xcb, 0x8a, 0x8f, 0x43, 0x0e, 0x13,
-             0xb8, 0x2a, 0x59, 0x15, 0x29, 0x0a, 0x58, 0x19, 0xc5})),
-    std::make_pair(
-        48,
-        std::vector<uint8_t>(
-            {0xb1, 0x55, 0x43, 0xf3, 0xf7, 0x36, 0x08, 0x66, 0x27, 0xcc, 0x53,
-             0x65, 0xe7, 0xe8, 0x98, 0x8c, 0x2e, 0xf1, 0x55, 0xc0, 0xfd, 0x4f,
-             0x42, 0x89, 0x61, 0xb0, 0x0d, 0x15, 0x26, 0xf0, 0x4d, 0x6d, 0x6a,
-             0x65, 0x8b, 0x4b, 0x8e, 0xd3, 0x2c, 0x5d, 0x86, 0x21, 0xe7, 0xf4,
-             0xf8, 0xe8, 0xa9, 0x33, 0xd9, 0xec, 0xc9, 0xdd, 0x1b, 0x83, 0x33,
-             0xcb, 0xe2, 0x8c, 0xfc, 0x37, 0xd9, 0x71, 0x9e, 0x1c})),
-    std::make_pair(
-        49,
-        std::vector<uint8_t>(
-            {0x7b, 0x4f, 0xa1, 0x58, 0xe4, 0x15, 0xfe, 0xf0, 0x23, 0x24, 0x72,
-             0x64, 0xcb, 0xbe, 0x15, 0xd1, 0x6d, 0x91, 0xa4, 0x44, 0x24, 0xa8,
-             0xdb, 0x70, 0x7e, 0xb1, 0xe2, 0x03, 0x3c, 0x30, 0xe9, 0xe1, 0xe7,
-             0xc8, 0xc0, 0x86, 0x45, 0x95, 0xd2, 0xcb, 0x8c, 0x58, 0x0e, 0xb4,
-             0x7e, 0x9d, 0x16, 0xab, 0xbd, 0x7e, 0x44, 0xe8, 0x24, 0xf7, 0xce,
-             0xdb, 0x7d, 0xef, 0x57, 0x13, 0x0e, 0x52, 0xcf, 0xe9})),
-    std::make_pair(
-        50,
-        std::vector<uint8_t>(
-            {0x60, 0x42, 0x4f, 0xf2, 0x32, 0x34, 0xc3, 0x4d, 0xc9, 0x68, 0x7a,
-             0xd5, 0x02, 0x86, 0x93, 0x72, 0xcc, 0x31, 0xa5, 0x93, 0x80, 0x18,
-             0x6b, 0xc2, 0x36, 0x1c, 0x83, 0x5d, 0x97, 0x2f, 0x49, 0x66, 0x6e,
-             0xb1, 0xac, 0x69, 0x62, 0x9d, 0xe6, 0x46, 0xf0, 0x3f, 0x9b, 0x4d,
-             0xb9, 0xe2, 0xac, 0xe0, 0x93, 0xfb, 0xfd, 0xf8, 0xf2, 0x0a, 0xb5,
-             0xf9, 0x85, 0x41, 0x97, 0x8b, 0xe8, 0xef, 0x54, 0x9f})),
-    std::make_pair(
-        51,
-        std::vector<uint8_t>(
-            {0x74, 0x06, 0x01, 0x8c, 0xe7, 0x04, 0xd8, 0x4f, 0x5e, 0xb9, 0xc7,
-             0x9f, 0xea, 0x97, 0xda, 0x34, 0x56, 0x99, 0x46, 0x8a, 0x35, 0x0e,
-             0xe0, 0xb2, 0xd0, 0xf3, 0xa4, 0xbf, 0x20, 0x70, 0x30, 0x4e, 0xa8,
-             0x62, 0xd7, 0x2a, 0x51, 0xc5, 0x7d, 0x30, 0x64, 0x94, 0x72, 0x86,
-             0xf5, 0x31, 0xe0, 0xea, 0xf7, 0x56, 0x37, 0x02, 0x26, 0x2e, 0x6c,
-             0x72, 0x4a, 0xbf, 0x5e, 0xd8, 0xc8, 0x39, 0x8d, 0x17})),
-    std::make_pair(
-        52,
-        std::vector<uint8_t>(
-            {0x14, 0xef, 0x5c, 0x6d, 0x64, 0x7b, 0x3b, 0xd1, 0xe6, 0xe3, 0x20,
-             0x06, 0xc2, 0x31, 0x19, 0x98, 0x10, 0xde, 0x5c, 0x4d, 0xc8, 0x8e,
-             0x70, 0x24, 0x02, 0x73, 0xb0, 0xea, 0x18, 0xe6, 0x51, 0xa3, 0xeb,
-             0x4f, 0x5c, 0xa3, 0x11, 0x4b, 0x8a, 0x56, 0x71, 0x69, 0x69, 0xc7,
-             0xcd, 0xa2, 0x7e, 0x0c, 0x8d, 0xb8, 0x32, 0xad, 0x5e, 0x89, 0xa2,
-             0xdc, 0x6c, 0xb0, 0xad, 0xbe, 0x7d, 0x93, 0xab, 0xd1})),
-    std::make_pair(
-        53,
-        std::vector<uint8_t>(
-            {0x38, 0xcf, 0x6c, 0x24, 0xe3, 0xe0, 0x8b, 0xcf, 0x1f, 0x6c, 0xf3,
-             0xd1, 0xb1, 0xf6, 0x5b, 0x90, 0x52, 0x39, 0xa3, 0x11, 0x80, 0x33,
-             0x24, 0x9e, 0x44, 0x81, 0x13, 0xec, 0x63, 0x2e, 0xa6, 0xdc, 0x34,
-             0x6f, 0xee, 0xb2, 0x57, 0x1c, 0x38, 0xbd, 0x9a, 0x73, 0x98, 0xb2,
-             0x22, 0x12, 0x80, 0x32, 0x80, 0x02, 0xb2, 0x3e, 0x1a, 0x45, 0xad,
-             0xaf, 0xfe, 0x66, 0xd9, 0x3f, 0x65, 0x64, 0xea, 0xa2})),
-    std::make_pair(
-        54,
-        std::vector<uint8_t>(
-            {0x6c, 0xd7, 0x20, 0x8a, 0x4b, 0xc7, 0xe7, 0xe5, 0x62, 0x01, 0xbb,
-             0xba, 0x02, 0xa0, 0xf4, 0x89, 0xcd, 0x38, 0x4a, 0xbe, 0x40, 0xaf,
-             0xd4, 0x22, 0x2f, 0x15, 0x8b, 0x3d, 0x98, 0x6e, 0xe7, 0x2a, 0x54,
-             0xc5, 0x0f, 0xb6, 0x4f, 0xd4, 0xed, 0x25, 0x30, 0xed, 0xa2, 0xc8,
-             0xaf, 0x29, 0x28, 0xa0, 0xda, 0x6d, 0x4f, 0x83, 0x0a, 0xe1, 0xc9,
-             0xdb, 0x46, 0x9d, 0xfd, 0x97, 0x0f, 0x12, 0xa5, 0x6f})),
-    std::make_pair(
-        55,
-        std::vector<uint8_t>(
-            {0x65, 0x98, 0x58, 0xf0, 0xb5, 0xc9, 0xed, 0xab, 0x5b, 0x94, 0xfd,
-             0x73, 0x2f, 0x6e, 0x6b, 0x17, 0xc5, 0x1c, 0xc0, 0x96, 0x10, 0x4f,
-             0x09, 0xbe, 0xb3, 0xaf, 0xc3, 0xaa, 0x46, 0x7c, 0x2e, 0xcf, 0x88,
-             0x5c, 0x4c, 0x65, 0x41, 0xef, 0xfa, 0x90, 0x23, 0xd3, 0xb5, 0x73,
-             0x8a, 0xe5, 0xa1, 0x4d, 0x86, 0x7e, 0x15, 0xdb, 0x06, 0xfe, 0x1f,
-             0x9d, 0x11, 0x27, 0xb7, 0x7e, 0x1a, 0xab, 0xb5, 0x16})),
-    std::make_pair(
-        56,
-        std::vector<uint8_t>(
-            {0x26, 0xcc, 0xa0, 0x12, 0x6f, 0x5d, 0x1a, 0x81, 0x3c, 0x62, 0xe5,
-             0xc7, 0x10, 0x01, 0xc0, 0x46, 0xf9, 0xc9, 0x20, 0x95, 0x70, 0x45,
-             0x50, 0xbe, 0x58, 0x73, 0xa4, 0x95, 0xa9, 0x99, 0xad, 0x01, 0x0a,
-             0x4f, 0x79, 0x49, 0x1f, 0x24, 0xf2, 0x86, 0x50, 0x0a, 0xdc, 0xe1,
-             0xa1, 0x37, 0xbc, 0x20, 0x84, 0xe4, 0x94, 0x9f, 0x5b, 0x72, 0x94,
-             0xce, 0xfe, 0x51, 0xec, 0xaf, 0xf8, 0xe9, 0x5c, 0xba})),
-    std::make_pair(
-        57,
-        std::vector<uint8_t>(
-            {0x41, 0x47, 0xc1, 0xf5, 0x51, 0x72, 0x78, 0x8c, 0x55, 0x67, 0xc5,
-             0x61, 0xfe, 0xef, 0x87, 0x6f, 0x62, 0x1f, 0xff, 0x1c, 0xe8, 0x77,
-             0x86, 0xb8, 0x46, 0x76, 0x37, 0xe7, 0x0d, 0xfb, 0xcd, 0x0d, 0xbd,
-             0xb6, 0x41, 0x5c, 0xb6, 0x00, 0x95, 0x4a, 0xb9, 0xc0, 0x4c, 0x0e,
-             0x45, 0x7e, 0x62, 0x5b, 0x40, 0x72, 0x22, 0xc0, 0xfe, 0x1a, 0xe2,
-             0x1b, 0x21, 0x43, 0x68, 0x8a, 0xda, 0x94, 0xdc, 0x58})),
-    std::make_pair(
-        58,
-        std::vector<uint8_t>(
-            {0x5b, 0x1b, 0xf1, 0x54, 0xc6, 0x2a, 0x8a, 0xf6, 0xe9, 0x3d, 0x35,
-             0xf1, 0x8f, 0x7f, 0x90, 0xab, 0xb1, 0x6a, 0x6e, 0xf0, 0xe8, 0xd1,
-             0xae, 0xcd, 0x11, 0x8b, 0xf7, 0x01, 0x67, 0xba, 0xb2, 0xaf, 0x08,
-             0x93, 0x5c, 0x6f, 0xdc, 0x06, 0x63, 0xce, 0x74, 0x48, 0x2d, 0x17,
-             0xa8, 0xe5, 0x4b, 0x54, 0x6d, 0x1c, 0x29, 0x66, 0x31, 0xc6, 0x5f,
-             0x3b, 0x52, 0x2a, 0x51, 0x58, 0x39, 0xd4, 0x3d, 0x71})),
-    std::make_pair(
-        59,
-        std::vector<uint8_t>(
-            {0x9f, 0x60, 0x04, 0x19, 0xa4, 0xe8, 0xf4, 0xfb, 0x83, 0x4c, 0x24,
-             0xb0, 0xf7, 0xfc, 0x13, 0xbf, 0x4e, 0x27, 0x9d, 0x98, 0xe8, 0xa3,
-             0xc7, 0x65, 0xee, 0x93, 0x49, 0x17, 0x40, 0x3e, 0x3a, 0x66, 0x09,
-             0x71, 0x82, 0xea, 0x21, 0x45, 0x3c, 0xb6, 0x3e, 0xbb, 0xe8, 0xb7,
-             0x3a, 0x9c, 0x21, 0x67, 0x59, 0x64, 0x46, 0x43, 0x8c, 0x57, 0x62,
-             0x7f, 0x33, 0x0b, 0xad, 0xd4, 0xf5, 0x69, 0xf7, 0xd6})),
-    std::make_pair(
-        60,
-        std::vector<uint8_t>(
-            {0x45, 0x7e, 0xf6, 0x46, 0x6a, 0x89, 0x24, 0xfd, 0x80, 0x11, 0xa3,
-             0x44, 0x71, 0xa5, 0xa1, 0xac, 0x8c, 0xcd, 0x9b, 0xd0, 0xd0, 0x7a,
-             0x97, 0x41, 0x4a, 0xc9, 0x43, 0x02, 0x1c, 0xe4, 0xb9, 0xe4, 0xb9,
-             0xc8, 0xdb, 0x0a, 0x28, 0xf0, 0x16, 0xed, 0x43, 0xb1, 0x54, 0x24,
-             0x81, 0x99, 0x00, 0x22, 0x14, 0x7b, 0x31, 0x3e, 0x19, 0x46, 0x71,
-             0x13, 0x1e, 0x70, 0x8d, 0xd4, 0x3a, 0x3e, 0xd7, 0xdc})),
-    std::make_pair(
-        61,
-        std::vector<uint8_t>(
-            {0x99, 0x97, 0xb2, 0x19, 0x4d, 0x9a, 0xf6, 0xdf, 0xcb, 0x91, 0x43,
-             0xf4, 0x1c, 0x0e, 0xd8, 0x3d, 0x3a, 0x3f, 0x43, 0x88, 0x36, 0x11,
-             0x03, 0xd3, 0x8c, 0x2a, 0x49, 0xb2, 0x80, 0xa5, 0x81, 0x21, 0x27,
-             0x15, 0xfd, 0x90, 0x8d, 0x41, 0xc6, 0x51, 0xf5, 0xc7, 0x15, 0xca,
-             0x38, 0xc0, 0xce, 0x28, 0x30, 0xa3, 0x7e, 0x00, 0xe5, 0x08, 0xce,
-             0xd1, 0xbc, 0xdc, 0x32, 0x0e, 0x5e, 0x4d, 0x1e, 0x2e})),
-    std::make_pair(
-        62,
-        std::vector<uint8_t>(
-            {0x5c, 0x6b, 0xbf, 0x16, 0xba, 0xa1, 0x80, 0xf9, 0x86, 0xbd, 0x40,
-             0xa1, 0x28, 0x7e, 0xd4, 0xc5, 0x49, 0x77, 0x0e, 0x72, 0x84, 0x85,
-             0x8f, 0xc4, 0x7b, 0xc2, 0x1a, 0xb9, 0x5e, 0xbb, 0xf3, 0x37, 0x4b,
-             0x4e, 0xe3, 0xfd, 0x9f, 0x2a, 0xf6, 0x0f, 0x33, 0x95, 0x22, 0x1b,
-             0x2a, 0xcc, 0x76, 0xf2, 0xd3, 0x4c, 0x13, 0x29, 0x54, 0x04, 0x9f,
-             0x8a, 0x3a, 0x99, 0x6f, 0x1e, 0x32, 0xec, 0x84, 0xe5})),
-    std::make_pair(
-        63,
-        std::vector<uint8_t>(
-            {0xd1, 0x0b, 0xf9, 0xa1, 0x5b, 0x1c, 0x9f, 0xc8, 0xd4, 0x1f, 0x89,
-             0xbb, 0x14, 0x0b, 0xf0, 0xbe, 0x08, 0xd2, 0xf3, 0x66, 0x61, 0x76,
-             0xd1, 0x3b, 0xaa, 0xc4, 0xd3, 0x81, 0x35, 0x8a, 0xd0, 0x74, 0xc9,
-             0xd4, 0x74, 0x8c, 0x30, 0x05, 0x20, 0xeb, 0x02, 0x6d, 0xae, 0xae,
-             0xa7, 0xc5, 0xb1, 0x58, 0x89, 0x2f, 0xde, 0x4e, 0x8e, 0xc1, 0x7d,
-             0xc9, 0x98, 0xdc, 0xd5, 0x07, 0xdf, 0x26, 0xeb, 0x63})),
-    std::make_pair(
-        64,
-        std::vector<uint8_t>(
-            {0x2f, 0xc6, 0xe6, 0x9f, 0xa2, 0x6a, 0x89, 0xa5, 0xed, 0x26, 0x90,
-             0x92, 0xcb, 0x9b, 0x2a, 0x44, 0x9a, 0x44, 0x09, 0xa7, 0xa4, 0x40,
-             0x11, 0xee, 0xca, 0xd1, 0x3d, 0x7c, 0x4b, 0x04, 0x56, 0x60, 0x2d,
-             0x40, 0x2f, 0xa5, 0x84, 0x4f, 0x1a, 0x7a, 0x75, 0x81, 0x36, 0xce,
-             0x3d, 0x5d, 0x8d, 0x0e, 0x8b, 0x86, 0x92, 0x1f, 0xff, 0xf4, 0xf6,
-             0x92, 0xdd, 0x95, 0xbd, 0xc8, 0xe5, 0xff, 0x00, 0x52})),
-    std::make_pair(
-        65,
-        std::vector<uint8_t>(
-            {0xfc, 0xbe, 0x8b, 0xe7, 0xdc, 0xb4, 0x9a, 0x32, 0xdb, 0xdf, 0x23,
-             0x94, 0x59, 0xe2, 0x63, 0x08, 0xb8, 0x4d, 0xff, 0x1e, 0xa4, 0x80,
-             0xdf, 0x8d, 0x10, 0x4e, 0xef, 0xf3, 0x4b, 0x46, 0xfa, 0xe9, 0x86,
-             0x27, 0xb4, 0x50, 0xc2, 0x26, 0x7d, 0x48, 0xc0, 0x94, 0x6a, 0x69,
-             0x7c, 0x5b, 0x59, 0x53, 0x14, 0x52, 0xac, 0x04, 0x84, 0xf1, 0xc8,
-             0x4e, 0x3a, 0x33, 0xd0, 0xc3, 0x39, 0xbb, 0x2e, 0x28})),
-    std::make_pair(
-        66,
-        std::vector<uint8_t>(
-            {0xa1, 0x90, 0x93, 0xa6, 0xe3, 0xbc, 0xf5, 0x95, 0x2f, 0x85, 0x0f,
-             0x20, 0x30, 0xf6, 0x9b, 0x96, 0x06, 0xf1, 0x47, 0xf9, 0x0b, 0x8b,
-             0xae, 0xe3, 0x36, 0x2d, 0xa7, 0x1d, 0x9f, 0x35, 0xb4, 0x4e, 0xf9,
-             0xd8, 0xf0, 0xa7, 0x71, 0x2b, 0xa1, 0x87, 0x7f, 0xdd, 0xcd, 0x2d,
-             0x8e, 0xa8, 0xf1, 0xe5, 0xa7, 0x73, 0xd0, 0xb7, 0x45, 0xd4, 0x72,
-             0x56, 0x05, 0x98, 0x3a, 0x2d, 0xe9, 0x01, 0xf8, 0x03})),
-    std::make_pair(
-        67,
-        std::vector<uint8_t>(
-            {0x3c, 0x20, 0x06, 0x42, 0x3f, 0x73, 0xe2, 0x68, 0xfa, 0x59, 0xd2,
-             0x92, 0x03, 0x77, 0xeb, 0x29, 0xa4, 0xf9, 0xa8, 0xb4, 0x62, 0xbe,
-             0x15, 0x98, 0x3e, 0xe3, 0xb8, 0x5a, 0xe8, 0xa7, 0x8e, 0x99, 0x26,
-             0x33, 0x58, 0x1a, 0x90, 0x99, 0x89, 0x3b, 0x63, 0xdb, 0x30, 0x24,
-             0x1c, 0x34, 0xf6, 0x43, 0x02, 0x7d, 0xc8, 0x78, 0x27, 0x9a, 0xf5,
-             0x85, 0x0d, 0x7e, 0x2d, 0x4a, 0x26, 0x53, 0x07, 0x3a})),
-    std::make_pair(
-        68,
-        std::vector<uint8_t>(
-            {0xd0, 0xf2, 0xf2, 0xe3, 0x78, 0x76, 0x53, 0xf7, 0x7c, 0xce, 0x2f,
-             0xa2, 0x48, 0x35, 0x78, 0x5b, 0xbd, 0x0c, 0x43, 0x3f, 0xc7, 0x79,
-             0x46, 0x5a, 0x11, 0x51, 0x49, 0x90, 0x5a, 0x9d, 0xd1, 0xcb, 0x82,
-             0x7a, 0x62, 0x85, 0x06, 0xd4, 0x57, 0xfc, 0xf1, 0x24, 0xa0, 0xc2,
-             0xae, 0xf9, 0xce, 0x2d, 0x2a, 0x0a, 0x0f, 0x63, 0x54, 0x55, 0x70,
-             0xd8, 0x66, 0x7f, 0xf9, 0xe2, 0xeb, 0xa0, 0x73, 0x34})),
-    std::make_pair(
-        69,
-        std::vector<uint8_t>(
-            {0x78, 0xa9, 0xfc, 0x04, 0x8e, 0x25, 0xc6, 0xdc, 0xb5, 0xde, 0x45,
-             0x66, 0x7d, 0xe8, 0xff, 0xdd, 0x3a, 0x93, 0x71, 0x11, 0x41, 0xd5,
-             0x94, 0xe9, 0xfa, 0x62, 0xa9, 0x59, 0x47, 0x5d, 0xa6, 0x07, 0x5e,
-             0xa8, 0xf0, 0x91, 0x6e, 0x84, 0xe4, 0x5a, 0xd9, 0x11, 0xb7, 0x54,
-             0x67, 0x07, 0x7e, 0xe5, 0x2d, 0x2c, 0x9a, 0xeb, 0xf4, 0xd5, 0x8f,
-             0x20, 0xce, 0x4a, 0x3a, 0x00, 0x45, 0x8b, 0x05, 0xd4})),
-    std::make_pair(
-        70,
-        std::vector<uint8_t>(
-            {0x45, 0x81, 0x3f, 0x44, 0x17, 0x69, 0xab, 0x6e, 0xd3, 0x7d, 0x34,
-             0x9f, 0xf6, 0xe7, 0x22, 0x67, 0xd7, 0x6a, 0xe6, 0xbb, 0x3e, 0x3c,
-             0x61, 0x2e, 0xc0, 0x5c, 0x6e, 0x02, 0xa1, 0x2a, 0xf5, 0xa3, 0x7c,
-             0x91, 0x8b, 0x52, 0xbf, 0x74, 0x26, 0x7c, 0x3f, 0x6a, 0x3f, 0x18,
-             0x3a, 0x80, 0x64, 0xff, 0x84, 0xc0, 0x7b, 0x19, 0x3d, 0x08, 0x06,
-             0x67, 0x89, 0xa0, 0x1a, 0xcc, 0xdb, 0x6f, 0x93, 0x40})),
-    std::make_pair(
-        71,
-        std::vector<uint8_t>(
-            {0x95, 0x6d, 0xa1, 0xc6, 0x8d, 0x83, 0xa7, 0xb8, 0x81, 0xe0, 0x1b,
-             0x9a, 0x96, 0x6c, 0x3c, 0x0b, 0xf2, 0x7f, 0x68, 0x60, 0x6a, 0x8b,
-             0x71, 0xd4, 0x57, 0xbd, 0x01, 0x6d, 0x4c, 0x41, 0xdd, 0x8a, 0x38,
-             0x0c, 0x70, 0x9a, 0x29, 0x6c, 0xb4, 0xc6, 0x54, 0x47, 0x92, 0x92,
-             0x0f, 0xd7, 0x88, 0x83, 0x57, 0x71, 0xa0, 0x7d, 0x4a, 0x16, 0xfb,
-             0x52, 0xed, 0x48, 0x05, 0x03, 0x31, 0xdc, 0x4c, 0x8b})),
-    std::make_pair(
-        72,
-        std::vector<uint8_t>(
-            {0xdf, 0x18, 0x6c, 0x2d, 0xc0, 0x9c, 0xaa, 0x48, 0xe1, 0x4e, 0x94,
-             0x2f, 0x75, 0xde, 0x5a, 0xc1, 0xb7, 0xa2, 0x1e, 0x4f, 0x9f, 0x07,
-             0x2a, 0x5b, 0x37, 0x1e, 0x09, 0xe0, 0x73, 0x45, 0xb0, 0x74, 0x0c,
-             0x76, 0x17, 0x7b, 0x01, 0x27, 0x88, 0x08, 0xfe, 0xc0, 0x25, 0xed,
-             0xed, 0x98, 0x22, 0xc1, 0x22, 0xaf, 0xd1, 0xc6, 0x3e, 0x6f, 0x0c,
-             0xe2, 0xe3, 0x26, 0x31, 0x04, 0x10, 0x63, 0x14, 0x5c})),
-    std::make_pair(
-        73,
-        std::vector<uint8_t>(
-            {0x87, 0x47, 0x56, 0x40, 0x96, 0x6a, 0x9f, 0xdc, 0xd6, 0xd3, 0xa3,
-             0xb5, 0xa2, 0xcc, 0xa5, 0xc0, 0x8f, 0x0d, 0x88, 0x2b, 0x10, 0x24,
-             0x3c, 0x0e, 0xc1, 0xbf, 0x3c, 0x6b, 0x1c, 0x37, 0xf2, 0xcd, 0x32,
-             0x12, 0xf1, 0x9a, 0x05, 0x78, 0x64, 0x47, 0x7d, 0x5e, 0xaf, 0x8f,
-             0xae, 0xd7, 0x3f, 0x29, 0x37, 0xc7, 0x68, 0xa0, 0xaf, 0x41, 0x5e,
-             0x84, 0xbb, 0xce, 0x6b, 0xd7, 0xde, 0x23, 0xb6, 0x60})),
-    std::make_pair(
-        74,
-        std::vector<uint8_t>(
-            {0xc3, 0xb5, 0x73, 0xbb, 0xe1, 0x09, 0x49, 0xa0, 0xfb, 0xd4, 0xff,
-             0x88, 0x4c, 0x44, 0x6f, 0x22, 0x29, 0xb7, 0x69, 0x02, 0xf9, 0xdf,
-             0xdb, 0xb8, 0xa0, 0x35, 0x3d, 0xa5, 0xc8, 0x3c, 0xa1, 0x4e, 0x81,
-             0x51, 0xbb, 0xaa, 0xc8, 0x2f, 0xd1, 0x57, 0x6a, 0x00, 0x9a, 0xdc,
-             0x6f, 0x19, 0x35, 0xcf, 0x26, 0xed, 0xd4, 0xf1, 0xfb, 0x8d, 0xa4,
-             0x83, 0xe6, 0xc5, 0xcd, 0x9d, 0x89, 0x23, 0xad, 0xc3})),
-    std::make_pair(
-        75,
-        std::vector<uint8_t>(
-            {0xb0, 0x9d, 0x8d, 0x0b, 0xba, 0x8a, 0x72, 0x86, 0xe4, 0x35, 0x68,
-             0xf7, 0x90, 0x75, 0x50, 0xe4, 0x20, 0x36, 0xd6, 0x74, 0xe3, 0xc8,
-             0xfc, 0x34, 0xd8, 0xca, 0x46, 0xf7, 0x71, 0xd6, 0x46, 0x6b, 0x70,
-             0xfb, 0x60, 0x58, 0x75, 0xf6, 0xa8, 0x63, 0xc8, 0x77, 0xd1, 0x2f,
-             0x07, 0x06, 0x3f, 0xdc, 0x2e, 0x90, 0xcc, 0xd4, 0x59, 0xb1, 0x91,
-             0x0d, 0xcd, 0x52, 0xd8, 0xf1, 0x0b, 0x2b, 0x0a, 0x15})),
-    std::make_pair(
-        76,
-        std::vector<uint8_t>(
-            {0xaf, 0x3a, 0x22, 0xbf, 0x75, 0xb2, 0x1a, 0xbf, 0xb0, 0xac, 0xd5,
-             0x44, 0x22, 0xba, 0x1b, 0x73, 0x00, 0xa9, 0x52, 0xef, 0xf0, 0x2e,
-             0xbe, 0xb6, 0x5b, 0x5c, 0x23, 0x44, 0x71, 0xa9, 0x8d, 0xf3, 0x2f,
-             0x4f, 0x96, 0x43, 0xce, 0x19, 0x04, 0x10, 0x8a, 0x16, 0x87, 0x67,
-             0x92, 0x42, 0x80, 0xbd, 0x76, 0xc8, 0x3f, 0x8c, 0x82, 0xd9, 0xa7,
-             0x9d, 0x92, 0x59, 0xb1, 0x95, 0x36, 0x2a, 0x2a, 0x04})),
-    std::make_pair(
-        77,
-        std::vector<uint8_t>(
-            {0xbf, 0x4f, 0xf2, 0x22, 0x1b, 0x7e, 0x69, 0x57, 0xa7, 0x24, 0xcd,
-             0x96, 0x4a, 0xa3, 0xd5, 0xd0, 0xd9, 0x94, 0x1f, 0x54, 0x04, 0x13,
-             0x75, 0x2f, 0x46, 0x99, 0xd8, 0x10, 0x1b, 0x3e, 0x53, 0x75, 0x08,
-             0xbf, 0x09, 0xf8, 0x50, 0x8b, 0x31, 0x77, 0x36, 0xff, 0xd2, 0x65,
-             0xf2, 0x84, 0x7a, 0xa7, 0xd8, 0x4b, 0xd2, 0xd9, 0x75, 0x69, 0xc4,
-             0x9d, 0x63, 0x2a, 0xed, 0x99, 0x45, 0xe5, 0xfa, 0x5e})),
-    std::make_pair(
-        78,
-        std::vector<uint8_t>(
-            {0x9c, 0x6b, 0x6b, 0x78, 0x19, 0x9b, 0x1b, 0xda, 0xcb, 0x43, 0x00,
-             0xe3, 0x14, 0x79, 0xfa, 0x62, 0x2a, 0x6b, 0x5b, 0xc8, 0x0d, 0x46,
-             0x78, 0xa6, 0x07, 0x8f, 0x88, 0xa8, 0x26, 0x8c, 0xd7, 0x20, 0x6a,
-             0x27, 0x99, 0xe8, 0xd4, 0x62, 0x1a, 0x46, 0x4e, 0xf6, 0xb4, 0x3d,
-             0xd8, 0xad, 0xff, 0xe9, 0x7c, 0xaf, 0x22, 0x1b, 0x22, 0xb6, 0xb8,
-             0x77, 0x8b, 0x14, 0x9a, 0x82, 0x2a, 0xef, 0xbb, 0x09})),
-    std::make_pair(
-        79,
-        std::vector<uint8_t>(
-            {0x89, 0x06, 0x56, 0xf0, 0x9c, 0x99, 0xd2, 0x80, 0xb5, 0xec, 0xb3,
-             0x81, 0xf5, 0x64, 0x27, 0xb8, 0x13, 0x75, 0x1b, 0xc6, 0x52, 0xc7,
-             0x82, 0x80, 0x78, 0xb2, 0x3a, 0x4a, 0xf8, 0x3b, 0x4e, 0x3a, 0x61,
-             0xfd, 0xba, 0xc6, 0x1f, 0x89, 0xbe, 0xe8, 0x4e, 0xa6, 0xbe, 0xe7,
-             0x60, 0xc0, 0x47, 0xf2, 0x5c, 0x6b, 0x0a, 0x20, 0x1c, 0x69, 0xa3,
-             0x8f, 0xd6, 0xfd, 0x97, 0x1a, 0xf1, 0x85, 0x88, 0xbb})),
-    std::make_pair(
-        80,
-        std::vector<uint8_t>(
-            {0x31, 0xa0, 0x46, 0xf7, 0x88, 0x2f, 0xfe, 0x6f, 0x83, 0xce, 0x47,
-             0x2e, 0x9a, 0x07, 0x01, 0x83, 0x2e, 0xc7, 0xb3, 0xf7, 0x6f, 0xbc,
-             0xfd, 0x1d, 0xf6, 0x0f, 0xe3, 0xea, 0x48, 0xfd, 0xe1, 0x65, 0x12,
-             0x54, 0x24, 0x7c, 0x3f, 0xd9, 0x5e, 0x10, 0x0f, 0x91, 0x72, 0x73,
-             0x1e, 0x17, 0xfd, 0x52, 0x97, 0xc1, 0x1f, 0x4b, 0xb3, 0x28, 0x36,
-             0x3c, 0xa3, 0x61, 0x62, 0x4a, 0x81, 0xaf, 0x79, 0x7c})),
-    std::make_pair(
-        81,
-        std::vector<uint8_t>(
-            {0x27, 0xa6, 0x0b, 0x2d, 0x00, 0xe7, 0xa6, 0x71, 0xd4, 0x7d, 0x0a,
-             0xec, 0x2a, 0x68, 0x6a, 0x0a, 0xc0, 0x4b, 0x52, 0xf4, 0x0a, 0xb6,
-             0x62, 0x90, 0x28, 0xeb, 0x7d, 0x13, 0xf4, 0xba, 0xa9, 0x9a, 0xc0,
-             0xfe, 0x46, 0xee, 0x6c, 0x81, 0x49, 0x44, 0xf2, 0xf4, 0xb4, 0xd2,
-             0x0e, 0x93, 0x78, 0xe4, 0x84, 0x7e, 0xa4, 0x4c, 0x13, 0x17, 0x80,
-             0x91, 0xe2, 0x77, 0xb8, 0x7e, 0xa7, 0xa5, 0x57, 0x11})),
-    std::make_pair(
-        82,
-        std::vector<uint8_t>(
-            {0x8b, 0x5c, 0xce, 0xf1, 0x94, 0x16, 0x2c, 0x1f, 0x19, 0xd6, 0x8f,
-             0x91, 0xe0, 0xb0, 0x92, 0x8f, 0x28, 0x9e, 0xc5, 0x28, 0x37, 0x20,
-             0x84, 0x0c, 0x2f, 0x73, 0xd2, 0x53, 0x11, 0x12, 0x38, 0xdc, 0xfe,
-             0x94, 0xaf, 0x2b, 0x59, 0xc2, 0xc1, 0xca, 0x25, 0x91, 0x90, 0x1a,
-             0x7b, 0xc0, 0x60, 0xe7, 0x45, 0x9b, 0x6c, 0x47, 0xdf, 0x0f, 0x71,
-             0x70, 0x1a, 0x35, 0xcc, 0x0a, 0xa8, 0x31, 0xb5, 0xb6})),
-    std::make_pair(
-        83,
-        std::vector<uint8_t>(
-            {0x57, 0xab, 0x6c, 0x4b, 0x22, 0x29, 0xae, 0xb3, 0xb7, 0x04, 0x76,
-             0xd8, 0x03, 0xcd, 0x63, 0x81, 0x2f, 0x10, 0x7c, 0xe6, 0xda, 0x17,
-             0xfe, 0xd9, 0xb1, 0x78, 0x75, 0xe8, 0xf8, 0x6c, 0x72, 0x4f, 0x49,
-             0xe0, 0x24, 0xcb, 0xf3, 0xa1, 0xb8, 0xb1, 0x19, 0xc5, 0x03, 0x57,
-             0x65, 0x2b, 0x81, 0x87, 0x9d, 0x2a, 0xde, 0x2d, 0x58, 0x8b, 0x9e,
-             0x4f, 0x7c, 0xed, 0xba, 0x0e, 0x46, 0x44, 0xc9, 0xee})),
-    std::make_pair(
-        84,
-        std::vector<uint8_t>(
-            {0x01, 0x90, 0xa8, 0xda, 0xc3, 0x20, 0xa7, 0x39, 0xf3, 0x22, 0xe1,
-             0x57, 0x31, 0xaa, 0x14, 0x0d, 0xda, 0xf5, 0xbe, 0xd2, 0x94, 0xd5,
-             0xc8, 0x2e, 0x54, 0xfe, 0xf2, 0x9f, 0x21, 0x4e, 0x18, 0xaa, 0xfa,
-             0xa8, 0x4f, 0x8b, 0xe9, 0x9a, 0xf6, 0x29, 0x50, 0x26, 0x6b, 0x8f,
-             0x90, 0x1f, 0x15, 0xdd, 0x4c, 0x5d, 0x35, 0x51, 0x6f, 0xc3, 0x5b,
-             0x4c, 0xab, 0x2e, 0x96, 0xe4, 0x69, 0x5b, 0xbe, 0x1c})),
-    std::make_pair(
-        85,
-        std::vector<uint8_t>(
-            {0xd1, 0x4d, 0x7c, 0x4c, 0x41, 0x5e, 0xeb, 0x0e, 0x10, 0xb1, 0x59,
-             0x22, 0x4b, 0xea, 0x12, 0x7e, 0xbd, 0x84, 0xf9, 0x59, 0x1c, 0x70,
-             0x2a, 0x33, 0x0f, 0x5b, 0xb7, 0xbb, 0x7a, 0xa4, 0x4e, 0xa3, 0x9d,
-             0xe6, 0xed, 0x01, 0xf1, 0x8d, 0xa7, 0xad, 0xf4, 0x0c, 0xfb, 0x97,
-             0xc5, 0xd1, 0x52, 0xc2, 0x75, 0x28, 0x82, 0x4b, 0x21, 0xe2, 0x39,
-             0x52, 0x6a, 0xf8, 0xf3, 0x6b, 0x21, 0x4e, 0x0c, 0xfb})),
-    std::make_pair(
-        86,
-        std::vector<uint8_t>(
-            {0xbe, 0x28, 0xc4, 0xbe, 0x70, 0x69, 0x70, 0x48, 0x8f, 0xac, 0x7d,
-             0x29, 0xc3, 0xbd, 0x5c, 0x4e, 0x98, 0x60, 0x85, 0xc4, 0xc3, 0x33,
-             0x2f, 0x1f, 0x3f, 0xd3, 0x09, 0x73, 0xdb, 0x61, 0x41, 0x64, 0xba,
-             0x2f, 0x31, 0xa7, 0x88, 0x75, 0xff, 0xdc, 0x15, 0x03, 0x25, 0xc8,
-             0x83, 0x27, 0xa9, 0x44, 0x3e, 0xd0, 0x4f, 0xdf, 0xe5, 0xbe, 0x93,
-             0x87, 0x6d, 0x16, 0x28, 0x56, 0x0c, 0x76, 0x4a, 0x80})),
-    std::make_pair(
-        87,
-        std::vector<uint8_t>(
-            {0x03, 0x1d, 0xa1, 0x06, 0x9e, 0x3a, 0x2e, 0x9c, 0x33, 0x82, 0xe4,
-             0x36, 0xff, 0xd7, 0x9d, 0xf7, 0x4b, 0x1c, 0xa6, 0xa8, 0xad, 0xb2,
-             0xde, 0xab, 0xe6, 0x76, 0xab, 0x45, 0x99, 0x4c, 0xbc, 0x05, 0x4f,
-             0x03, 0x7d, 0x2f, 0x0e, 0xac, 0xe8, 0x58, 0xd3, 0x2c, 0x14, 0xe2,
-             0xd1, 0xc8, 0xb4, 0x60, 0x77, 0x30, 0x8e, 0x3b, 0xdc, 0x2c, 0x1b,
-             0x53, 0x17, 0x2e, 0xcf, 0x7a, 0x8c, 0x14, 0xe3, 0x49})),
-    std::make_pair(
-        88,
-        std::vector<uint8_t>(
-            {0x46, 0x65, 0xce, 0xf8, 0xba, 0x4d, 0xb4, 0xd0, 0xac, 0xb1, 0x18,
-             0xf2, 0x98, 0x7f, 0x0b, 0xb0, 0x9f, 0x8f, 0x86, 0xaa, 0x44, 0x5a,
-             0xa3, 0xd5, 0xfc, 0x9a, 0x8b, 0x34, 0x68, 0x64, 0x78, 0x74, 0x89,
-             0xe8, 0xfc, 0xec, 0xc1, 0x25, 0xd1, 0x7e, 0x9b, 0x56, 0xe1, 0x29,
-             0x88, 0xea, 0xc5, 0xec, 0xc7, 0x28, 0x68, 0x83, 0xdb, 0x06, 0x61,
-             0xb8, 0xff, 0x05, 0xda, 0x2a, 0xff, 0xf3, 0x0f, 0xe4})),
-    std::make_pair(
-        89,
-        std::vector<uint8_t>(
-            {0x63, 0xb7, 0x03, 0x2e, 0x5f, 0x93, 0x0c, 0xc9, 0x93, 0x95, 0x17,
-             0xf9, 0xe9, 0x86, 0x81, 0x6c, 0xfb, 0xec, 0x2b, 0xe5, 0x9b, 0x95,
-             0x68, 0xb1, 0x3f, 0x2e, 0xad, 0x05, 0xba, 0xe7, 0x77, 0x7c, 0xab,
-             0x62, 0x0c, 0x66, 0x59, 0x40, 0x4f, 0x74, 0x09, 0xe4, 0x19, 0x9a,
-             0x3b, 0xe5, 0xf7, 0x86, 0x5a, 0xa7, 0xcb, 0xdf, 0x8c, 0x42, 0x53,
-             0xf7, 0xe8, 0x21, 0x9b, 0x1b, 0xd5, 0xf4, 0x6f, 0xea})),
-    std::make_pair(
-        90,
-        std::vector<uint8_t>(
-            {0x9f, 0x09, 0xbf, 0x09, 0x3a, 0x2b, 0x0f, 0xf8, 0xc2, 0x63, 0x4b,
-             0x49, 0xe3, 0x7f, 0x1b, 0x21, 0x35, 0xb4, 0x47, 0xaa, 0x91, 0x44,
-             0xc9, 0x78, 0x7d, 0xbf, 0xd9, 0x21, 0x29, 0x31, 0x6c, 0x99, 0xe8,
-             0x8a, 0xab, 0x8a, 0x21, 0xfd, 0xef, 0x23, 0x72, 0xd1, 0x18, 0x9a,
-             0xec, 0x50, 0x0f, 0x95, 0x77, 0x5f, 0x1f, 0x92, 0xbf, 0xb4, 0x55,
-             0x45, 0xe4, 0x25, 0x9f, 0xb9, 0xb7, 0xb0, 0x2d, 0x14})),
-    std::make_pair(
-        91,
-        std::vector<uint8_t>(
-            {0xf9, 0xf8, 0x49, 0x3c, 0x68, 0x08, 0x88, 0x07, 0xdf, 0x7f, 0x6a,
-             0x26, 0x93, 0xd6, 0x4e, 0xa5, 0x9f, 0x03, 0xe9, 0xe0, 0x5a, 0x22,
-             0x3e, 0x68, 0x52, 0x4c, 0xa3, 0x21, 0x95, 0xa4, 0x73, 0x4b, 0x65,
-             0x4f, 0xce, 0xa4, 0xd2, 0x73, 0x4c, 0x86, 0x6c, 0xf9, 0x5c, 0x88,
-             0x9f, 0xb1, 0x0c, 0x49, 0x15, 0x9b, 0xe2, 0xf5, 0x04, 0x3d, 0xc9,
-             0x8b, 0xb5, 0x5e, 0x02, 0xef, 0x7b, 0xdc, 0xb0, 0x82})),
-    std::make_pair(
-        92,
-        std::vector<uint8_t>(
-            {0x3c, 0x9a, 0x73, 0x59, 0xab, 0x4f, 0xeb, 0xce, 0x07, 0xb2, 0x0a,
-             0xc4, 0x47, 0xb0, 0x6a, 0x24, 0x0b, 0x7f, 0xe1, 0xda, 0xe5, 0x43,
-             0x9c, 0x49, 0xb6, 0x0b, 0x58, 0x19, 0xf7, 0x81, 0x2e, 0x4c, 0x17,
-             0x24, 0x06, 0xc1, 0xaa, 0xc3, 0x16, 0x71, 0x3c, 0xf0, 0xdd, 0xed,
-             0x10, 0x38, 0x07, 0x72, 0x58, 0xe2, 0xef, 0xf5, 0xb3, 0x39, 0x13,
-             0xd9, 0xd9, 0x5c, 0xae, 0xb4, 0xe6, 0xc6, 0xb9, 0x70})),
-    std::make_pair(
-        93,
-        std::vector<uint8_t>(
-            {0xad, 0x6a, 0xab, 0x80, 0x84, 0x51, 0x0e, 0x82, 0x2c, 0xfc, 0xe8,
-             0x62, 0x5d, 0x62, 0xcf, 0x4d, 0xe6, 0x55, 0xf4, 0x76, 0x38, 0x84,
-             0xc7, 0x1e, 0x80, 0xba, 0xb9, 0xac, 0x9d, 0x53, 0x18, 0xdb, 0xa4,
-             0xa6, 0x03, 0x3e, 0xd2, 0x90, 0x84, 0xe6, 0x52, 0x16, 0xc0, 0x31,
-             0x60, 0x6c, 0xa1, 0x76, 0x15, 0xdc, 0xfe, 0x3b, 0xa1, 0x1d, 0x26,
-             0x85, 0x1a, 0xe0, 0x99, 0x9c, 0xa6, 0xe2, 0x32, 0xcf})),
-    std::make_pair(
-        94,
-        std::vector<uint8_t>(
-            {0x15, 0x6e, 0x9e, 0x62, 0x61, 0x37, 0x4c, 0x9d, 0xc8, 0x84, 0xf3,
-             0x6e, 0x70, 0xf0, 0xfe, 0x1a, 0xb9, 0x29, 0x79, 0x97, 0xb8, 0x36,
-             0xfa, 0x7d, 0x17, 0x0a, 0x9c, 0x9e, 0xbf, 0x57, 0x5b, 0x88, 0x1e,
-             0x7b, 0xce, 0xa4, 0x4d, 0x6c, 0x02, 0x48, 0xd3, 0x55, 0x97, 0x90,
-             0x71, 0x54, 0x82, 0x89, 0x55, 0xbe, 0x19, 0x13, 0x58, 0x52, 0xf9,
-             0x22, 0x88, 0x15, 0xec, 0xa0, 0x24, 0xa8, 0xad, 0xfb})),
-    std::make_pair(
-        95,
-        std::vector<uint8_t>(
-            {0x42, 0x15, 0x40, 0x76, 0x33, 0xf4, 0xcc, 0xa9, 0xb6, 0x78, 0x8b,
-             0xe9, 0x3e, 0x6a, 0xa3, 0xd9, 0x63, 0xc7, 0xd6, 0xce, 0x4b, 0x14,
-             0x72, 0x47, 0x09, 0x9f, 0x46, 0xa3, 0xac, 0xb5, 0x00, 0xa3, 0x00,
-             0x38, 0xcb, 0x3e, 0x78, 0x8c, 0x3d, 0x29, 0xf1, 0x32, 0xad, 0x84,
-             0x4e, 0x80, 0xe9, 0xe9, 0x92, 0x51, 0xf6, 0xdb, 0x96, 0xac, 0xd8,
-             0xa0, 0x91, 0xcf, 0xc7, 0x70, 0xaf, 0x53, 0x84, 0x7b})),
-    std::make_pair(
-        96,
-        std::vector<uint8_t>(
-            {0x1c, 0x07, 0x7e, 0x27, 0x9d, 0xe6, 0x54, 0x85, 0x23, 0x50, 0x2b,
-             0x6d, 0xf8, 0x00, 0xff, 0xda, 0xb5, 0xe2, 0xc3, 0xe9, 0x44, 0x2e,
-             0xb8, 0x38, 0xf5, 0x8c, 0x29, 0x5f, 0x3b, 0x14, 0x7c, 0xef, 0x9d,
-             0x70, 0x1c, 0x41, 0xc3, 0x21, 0x28, 0x3f, 0x00, 0xc7, 0x1a, 0xff,
-             0xa0, 0x61, 0x93, 0x10, 0x39, 0x91, 0x26, 0x29, 0x5b, 0x78, 0xdd,
-             0x4d, 0x1a, 0x74, 0x57, 0x2e, 0xf9, 0xed, 0x51, 0x35})),
-    std::make_pair(
-        97,
-        std::vector<uint8_t>(
-            {0xf0, 0x7a, 0x55, 0x5f, 0x49, 0xfe, 0x48, 0x1c, 0xf4, 0xcd, 0x0a,
-             0x87, 0xb7, 0x1b, 0x82, 0xe4, 0xa9, 0x50, 0x64, 0xd0, 0x66, 0x77,
-             0xfd, 0xd9, 0x0a, 0x0e, 0xb5, 0x98, 0x87, 0x7b, 0xa1, 0xc8, 0x3d,
-             0x46, 0x77, 0xb3, 0x93, 0xc3, 0xa3, 0xb6, 0x66, 0x1c, 0x42, 0x1f,
-             0x5b, 0x12, 0xcb, 0x99, 0xd2, 0x03, 0x76, 0xba, 0x72, 0x75, 0xc2,
-             0xf3, 0xa8, 0xf5, 0xa9, 0xb7, 0x82, 0x17, 0x20, 0xda})),
-    std::make_pair(
-        98,
-        std::vector<uint8_t>(
-            {0xb5, 0x91, 0x1b, 0x38, 0x0d, 0x20, 0xc7, 0xb0, 0x43, 0x23, 0xe4,
-             0x02, 0x6b, 0x38, 0xe2, 0x00, 0xf5, 0x34, 0x25, 0x92, 0x33, 0xb5,
-             0x81, 0xe0, 0x2c, 0x1e, 0x3e, 0x2d, 0x84, 0x38, 0xd6, 0xc6, 0x6d,
-             0x5a, 0x4e, 0xb2, 0x01, 0xd5, 0xa8, 0xb7, 0x50, 0x72, 0xc4, 0xec,
-             0x29, 0x10, 0x63, 0x34, 0xda, 0x70, 0xbc, 0x79, 0x52, 0x1b, 0x0c,
-             0xed, 0x2c, 0xfd, 0x53, 0x3f, 0x5f, 0xf8, 0x4f, 0x95})),
-    std::make_pair(
-        99,
-        std::vector<uint8_t>(
-            {0x01, 0xf0, 0x70, 0xa0, 0x9b, 0xae, 0x91, 0x12, 0x96, 0x36, 0x1f,
-             0x91, 0xaa, 0x0e, 0x8e, 0x0d, 0x09, 0xa7, 0x72, 0x54, 0x78, 0x53,
-             0x6d, 0x9d, 0x48, 0xc5, 0xfe, 0x1e, 0x5e, 0x7c, 0x3c, 0x5b, 0x9b,
-             0x9d, 0x6e, 0xb0, 0x77, 0x96, 0xf6, 0xda, 0x57, 0xae, 0x56, 0x2a,
-             0x7d, 0x70, 0xe8, 0x82, 0xe3, 0x7a, 0xdf, 0xde, 0x83, 0xf0, 0xc4,
-             0x33, 0xc2, 0xcd, 0x36, 0x35, 0x36, 0xbb, 0x22, 0xc8})),
-    std::make_pair(
-        100,
-        std::vector<uint8_t>(
-            {0x6f, 0x79, 0x3e, 0xb4, 0x37, 0x4a, 0x48, 0xb0, 0x77, 0x5a, 0xca,
-             0xf9, 0xad, 0xcf, 0x8e, 0x45, 0xe5, 0x42, 0x70, 0xc9, 0x47, 0x5f,
-             0x00, 0x4a, 0xd8, 0xd5, 0x97, 0x3e, 0x2a, 0xca, 0x52, 0x74, 0x7f,
-             0xf4, 0xed, 0x04, 0xae, 0x96, 0x72, 0x75, 0xb9, 0xf9, 0xeb, 0x0e,
-             0x1f, 0xf7, 0x5f, 0xb4, 0xf7, 0x94, 0xfa, 0x8b, 0xe9, 0xad, 0xd7,
-             0xa4, 0x13, 0x04, 0x86, 0x8d, 0x10, 0x3f, 0xab, 0x10})),
-    std::make_pair(
-        101,
-        std::vector<uint8_t>(
-            {0x96, 0x5f, 0x20, 0xf1, 0x39, 0x76, 0x5f, 0xcc, 0x4c, 0xe4, 0xba,
-             0x37, 0x94, 0x67, 0x58, 0x63, 0xca, 0xc2, 0x4d, 0xb4, 0x72, 0xcd,
-             0x2b, 0x79, 0x9d, 0x03, 0x5b, 0xce, 0x3d, 0xbe, 0xa5, 0x02, 0xda,
-             0x7b, 0x52, 0x48, 0x65, 0xf6, 0xb8, 0x11, 0xd8, 0xc5, 0x82, 0x8d,
-             0x3a, 0x88, 0x96, 0x46, 0xfe, 0x64, 0xa3, 0x80, 0xda, 0x1a, 0xa7,
-             0xc7, 0x04, 0x4e, 0x9f, 0x24, 0x5d, 0xce, 0xd1, 0x28})),
-    std::make_pair(
-        102,
-        std::vector<uint8_t>(
-            {0xec, 0x29, 0x5b, 0x57, 0x83, 0x60, 0x12, 0x44, 0xc3, 0x0e, 0x46,
-             0x41, 0xe3, 0xb4, 0x5b, 0xe2, 0x22, 0xc4, 0xdc, 0xe7, 0x7a, 0x58,
-             0x70, 0x0f, 0x53, 0xbc, 0x8e, 0xc5, 0x2a, 0x94, 0x16, 0x90, 0xb4,
-             0xd0, 0xb0, 0x87, 0xfb, 0x6f, 0xcb, 0x3f, 0x39, 0x83, 0x2b, 0x9d,
-             0xe8, 0xf7, 0x5e, 0xc2, 0x0b, 0xd4, 0x30, 0x79, 0x81, 0x17, 0x49,
-             0xcd, 0xc9, 0x07, 0xed, 0xb9, 0x41, 0x57, 0xd1, 0x80})),
-    std::make_pair(
-        103,
-        std::vector<uint8_t>(
-            {0x61, 0xc7, 0x2f, 0x8c, 0xcc, 0x91, 0xdb, 0xb5, 0x4c, 0xa6, 0x75,
-             0x0b, 0xc4, 0x89, 0x67, 0x2d, 0xe0, 0x9f, 0xae, 0xdb, 0x8f, 0xdd,
-             0x4f, 0x94, 0xff, 0x23, 0x20, 0x90, 0x9a, 0x30, 0x3f, 0x5d, 0x5a,
-             0x98, 0x48, 0x1c, 0x0b, 0xc1, 0xa6, 0x25, 0x41, 0x9f, 0xb4, 0xde,
-             0xbf, 0xbf, 0x7f, 0x8a, 0x53, 0xbb, 0x07, 0xec, 0x3d, 0x98, 0x5e,
-             0x8e, 0xa1, 0x1e, 0x72, 0xd5, 0x59, 0x94, 0x07, 0x80})),
-    std::make_pair(
-        104,
-        std::vector<uint8_t>(
-            {0xaf, 0xd8, 0x14, 0x5b, 0x25, 0x9e, 0xef, 0xc8, 0xd1, 0x26, 0x20,
-             0xc3, 0xc5, 0xb0, 0x3e, 0x1e, 0xd8, 0xfd, 0x2c, 0xce, 0xfe, 0x03,
-             0x65, 0x07, 0x8c, 0x80, 0xfd, 0x42, 0xc1, 0x77, 0x0e, 0x28, 0xb4,
-             0x49, 0x48, 0xf2, 0x7e, 0x65, 0xa1, 0x88, 0x66, 0x90, 0x11, 0x0d,
-             0xb8, 0x14, 0x39, 0x7b, 0x68, 0xe4, 0x3d, 0x80, 0xd1, 0xba, 0x16,
-             0xdf, 0xa3, 0x58, 0xe7, 0x39, 0xc8, 0x98, 0xcf, 0xa3})),
-    std::make_pair(
-        105,
-        std::vector<uint8_t>(
-            {0x55, 0x2f, 0xc7, 0x89, 0x3c, 0xf1, 0xce, 0x93, 0x3a, 0xda, 0x35,
-             0xc0, 0xda, 0x98, 0x84, 0x4e, 0x41, 0x54, 0x5e, 0x24, 0x4c, 0x31,
-             0x57, 0xa1, 0x42, 0x8d, 0x7b, 0x4c, 0x21, 0xf9, 0xcd, 0x7e, 0x40,
-             0x71, 0xae, 0xd7, 0x7b, 0x7c, 0xa9, 0xf1, 0xc3, 0x8f, 0xba, 0x32,
-             0x23, 0x74, 0x12, 0xef, 0x21, 0xa3, 0x42, 0x74, 0x2e, 0xc8, 0x32,
-             0x43, 0x78, 0xf2, 0x1e, 0x50, 0x7f, 0xaf, 0xdd, 0x88})),
-    std::make_pair(
-        106,
-        std::vector<uint8_t>(
-            {0x46, 0x7a, 0x33, 0xfb, 0xad, 0xf5, 0xeb, 0xc5, 0x25, 0x96, 0xef,
-             0x86, 0xaa, 0xae, 0xfc, 0x6f, 0xab, 0xa8, 0xee, 0x65, 0x1b, 0x1c,
-             0xe0, 0x4d, 0xe3, 0x68, 0xa0, 0x3a, 0x5a, 0x90, 0x40, 0xef, 0x28,
-             0x35, 0xe0, 0x0a, 0xdb, 0x09, 0xab, 0xb3, 0xfb, 0xd2, 0xbc, 0xe8,
-             0x18, 0xa2, 0x41, 0x3d, 0x0b, 0x02, 0x53, 0xb5, 0xbd, 0xa4, 0xfc,
-             0x5b, 0x2f, 0x6f, 0x85, 0xf3, 0xfd, 0x5b, 0x55, 0xf2})),
-    std::make_pair(
-        107,
-        std::vector<uint8_t>(
-            {0x22, 0xef, 0xf8, 0xe6, 0xdd, 0x52, 0x36, 0xf5, 0xf5, 0x7d, 0x94,
-             0xed, 0xe8, 0x74, 0xd6, 0xc9, 0x42, 0x8e, 0x8f, 0x5d, 0x56, 0x6f,
-             0x17, 0xcd, 0x6d, 0x18, 0x48, 0xcd, 0x75, 0x2f, 0xe1, 0x3c, 0x65,
-             0x5c, 0xb1, 0x0f, 0xba, 0xaf, 0xf7, 0x68, 0x72, 0xf2, 0xbf, 0x2d,
-             0xa9, 0x9e, 0x15, 0xdc, 0x62, 0x40, 0x75, 0xe1, 0xec, 0x2f, 0x58,
-             0xa3, 0xf6, 0x40, 0x72, 0x12, 0x18, 0x38, 0x56, 0x9e})),
-    std::make_pair(
-        108,
-        std::vector<uint8_t>(
-            {0x9c, 0xec, 0x6b, 0xbf, 0x62, 0xc4, 0xbc, 0xe4, 0x13, 0x8a, 0xba,
-             0xe1, 0xcb, 0xec, 0x8d, 0xad, 0x31, 0x95, 0x04, 0x44, 0xe9, 0x03,
-             0x21, 0xb1, 0x34, 0x71, 0x96, 0x83, 0x4c, 0x11, 0x4b, 0x86, 0x4a,
-             0xf3, 0xf3, 0xcc, 0x35, 0x08, 0xf8, 0x37, 0x51, 0xff, 0xb4, 0xed,
-             0xa7, 0xc8, 0x4d, 0x14, 0x07, 0x34, 0xbb, 0x42, 0x63, 0xc3, 0x62,
-             0x5c, 0x00, 0xf0, 0x4f, 0x4c, 0x80, 0x68, 0x98, 0x1b})),
-    std::make_pair(
-        109,
-        std::vector<uint8_t>(
-            {0xa8, 0xb6, 0x0f, 0xa4, 0xfc, 0x24, 0x42, 0xf6, 0xf1, 0x51, 0x4a,
-             0xd7, 0x40, 0x26, 0x26, 0x92, 0x0c, 0xc7, 0xc2, 0xc9, 0xf7, 0x21,
-             0x24, 0xb8, 0xcb, 0xa8, 0xee, 0x2c, 0xb7, 0xc4, 0x58, 0x6f, 0x65,
-             0x8a, 0x44, 0x10, 0xcf, 0xfc, 0xc0, 0xab, 0x88, 0x34, 0x39, 0x55,
-             0xe0, 0x94, 0xc6, 0xaf, 0x0d, 0x20, 0xd0, 0xc7, 0x14, 0xfb, 0x0a,
-             0x98, 0x8f, 0x54, 0x3f, 0x30, 0x0f, 0x58, 0xd3, 0x89})),
-    std::make_pair(
-        110,
-        std::vector<uint8_t>(
-            {0x82, 0x71, 0xcc, 0x45, 0xdf, 0xa5, 0xe4, 0x17, 0x0e, 0x84, 0x7e,
-             0x86, 0x30, 0xb9, 0x52, 0xcf, 0x9c, 0x2a, 0xa7, 0x77, 0xd0, 0x6f,
-             0x26, 0xa7, 0x58, 0x5b, 0x83, 0x81, 0xf1, 0x88, 0xda, 0xcc, 0x73,
-             0x37, 0x39, 0x1c, 0xfc, 0xc9, 0x4b, 0x05, 0x3d, 0xc4, 0xec, 0x29,
-             0xcc, 0x17, 0xf0, 0x77, 0x87, 0x04, 0x28, 0xf1, 0xac, 0x23, 0xfd,
-             0xdd, 0xa1, 0x65, 0xef, 0x5a, 0x3f, 0x15, 0x5f, 0x39})),
-    std::make_pair(
-        111,
-        std::vector<uint8_t>(
-            {0xbf, 0x23, 0xc0, 0xc2, 0x5c, 0x80, 0x60, 0xe4, 0xf6, 0x99, 0x5f,
-             0x16, 0x23, 0xa3, 0xbe, 0xbe, 0xca, 0xa9, 0x6e, 0x30, 0x86, 0x80,
-             0x00, 0x0a, 0x8a, 0xa3, 0xcd, 0x56, 0xbb, 0x1a, 0x6d, 0xa0, 0x99,
-             0xe1, 0x0d, 0x92, 0x31, 0xb3, 0x7f, 0x45, 0x19, 0xb2, 0xef, 0xd2,
-             0xc2, 0x4d, 0xe7, 0x2f, 0x31, 0xa5, 0xf1, 0x95, 0x35, 0x24, 0x1b,
-             0x4a, 0x59, 0xfa, 0x3c, 0x03, 0xce, 0xb7, 0x90, 0xe7})),
-    std::make_pair(
-        112,
-        std::vector<uint8_t>(
-            {0x87, 0x7f, 0xd6, 0x52, 0xc0, 0x52, 0x81, 0x00, 0x9c, 0x0a, 0x52,
-             0x50, 0xe7, 0xa3, 0xa6, 0x71, 0xf8, 0xb1, 0x8c, 0x10, 0x88, 0x17,
-             0xfe, 0x4a, 0x87, 0x4d, 0xe2, 0x2d, 0xa8, 0xe4, 0x5d, 0xb1, 0x19,
-             0x58, 0xa6, 0x00, 0xc5, 0xf6, 0x2e, 0x67, 0xd3, 0x6c, 0xbf, 0x84,
-             0x47, 0x4c, 0xf2, 0x44, 0xa9, 0xc2, 0xb0, 0x3a, 0x9f, 0xb9, 0xdc,
-             0x71, 0x1c, 0xd1, 0xa2, 0xca, 0xb6, 0xf3, 0xfa, 0xe0})),
-    std::make_pair(
-        113,
-        std::vector<uint8_t>(
-            {0x29, 0xdf, 0x4d, 0x87, 0xea, 0x44, 0x4b, 0xaf, 0x5b, 0xcd, 0xf5,
-             0xf4, 0xe4, 0x15, 0x79, 0xe2, 0x8a, 0x67, 0xde, 0x84, 0x14, 0x9f,
-             0x06, 0xc0, 0x3f, 0x11, 0x0e, 0xa8, 0x4f, 0x57, 0x2a, 0x9f, 0x67,
-             0x6a, 0xdd, 0xd0, 0x4c, 0x48, 0x78, 0xf4, 0x9c, 0x5c, 0x00, 0xac,
-             0xcd, 0xa4, 0x41, 0xb1, 0xa3, 0x87, 0xca, 0xce, 0xb2, 0xe9, 0x93,
-             0xbb, 0x7a, 0x10, 0xcd, 0x8c, 0x2d, 0x67, 0x17, 0xe1})),
-    std::make_pair(
-        114,
-        std::vector<uint8_t>(
-            {0x71, 0x0d, 0xac, 0xb1, 0x66, 0x84, 0x46, 0x39, 0xcd, 0x7b, 0x63,
-             0x7c, 0x27, 0x42, 0x09, 0x42, 0x4e, 0x24, 0x49, 0xdc, 0x35, 0xd7,
-             0x90, 0xbb, 0xfa, 0x4f, 0x76, 0x17, 0x70, 0x54, 0xa3, 0x6b, 0x3b,
-             0x76, 0xfa, 0xc0, 0xca, 0x6e, 0x61, 0xdf, 0x1e, 0x68, 0x70, 0x00,
-             0x67, 0x8a, 0xc0, 0x74, 0x6d, 0xf7, 0x5d, 0x0a, 0x39, 0x54, 0x89,
-             0x76, 0x81, 0xfd, 0x39, 0x3a, 0x15, 0x5a, 0x1b, 0xb4})),
-    std::make_pair(
-        115,
-        std::vector<uint8_t>(
-            {0xc1, 0xd5, 0xf9, 0x3b, 0x8d, 0xea, 0x1f, 0x25, 0x71, 0xba, 0xbc,
-             0xcb, 0xc0, 0x17, 0x64, 0x54, 0x1a, 0x0c, 0xda, 0x87, 0xe4, 0x44,
-             0xd6, 0x73, 0xc5, 0x09, 0x66, 0xca, 0x55, 0x9c, 0x33, 0x35, 0x4b,
-             0x3a, 0xcb, 0x26, 0xe5, 0xd5, 0x78, 0x1f, 0xfb, 0x28, 0x84, 0x7a,
-             0x4b, 0x47, 0x54, 0xd7, 0x70, 0x08, 0xc6, 0x2a, 0x83, 0x58, 0x35,
-             0xf5, 0x00, 0xde, 0xa7, 0xc3, 0xb5, 0x8b, 0xda, 0xe2})),
-    std::make_pair(
-        116,
-        std::vector<uint8_t>(
-            {0xa4, 0x1e, 0x41, 0x27, 0x1c, 0xda, 0xb8, 0xaf, 0x4d, 0x72, 0xb1,
-             0x04, 0xbf, 0xb2, 0xad, 0x04, 0x1a, 0xc4, 0xdf, 0x14, 0x67, 0x7d,
-             0xa6, 0x71, 0xd8, 0x56, 0x40, 0xc4, 0xb1, 0x87, 0xf5, 0x0c, 0x2b,
-             0x66, 0x51, 0x3c, 0x46, 0x19, 0xfb, 0xd5, 0xd5, 0xdc, 0x4f, 0xe6,
-             0x5d, 0xd3, 0x7b, 0x90, 0x42, 0xe9, 0x84, 0x8d, 0xda, 0x55, 0x6a,
-             0x50, 0x4c, 0xaa, 0x2b, 0x1c, 0x6a, 0xfe, 0x47, 0x30})),
-    std::make_pair(
-        117,
-        std::vector<uint8_t>(
-            {0xe7, 0xbc, 0xba, 0xcd, 0xc3, 0x79, 0xc4, 0x3d, 0x81, 0xeb, 0xad,
-             0xcb, 0x37, 0x78, 0x15, 0x52, 0xfc, 0x1d, 0x75, 0x3e, 0x8c, 0xf3,
-             0x10, 0xd9, 0x68, 0x39, 0x2d, 0x06, 0xc9, 0x1f, 0x1d, 0x64, 0xcc,
-             0x9e, 0x90, 0xce, 0x1d, 0x22, 0xc3, 0x2d, 0x27, 0x7f, 0xc6, 0xcd,
-             0xa4, 0x33, 0xa4, 0xd4, 0x42, 0xc7, 0x62, 0xe9, 0xea, 0xcf, 0x2c,
-             0x25, 0x9f, 0x32, 0xd6, 0x4c, 0xf9, 0xda, 0x3a, 0x22})),
-    std::make_pair(
-        118,
-        std::vector<uint8_t>(
-            {0x51, 0x75, 0x5b, 0x4a, 0xc5, 0x45, 0x6b, 0x13, 0x21, 0x8a, 0x19,
-             0xc5, 0xb9, 0x24, 0x2f, 0x57, 0xc4, 0xa9, 0x81, 0xe4, 0xd4, 0xec,
-             0xdc, 0xe0, 0x9a, 0x31, 0x93, 0x36, 0x2b, 0x80, 0x8a, 0x57, 0x93,
-             0x45, 0xd4, 0x88, 0x1c, 0x26, 0x07, 0xa5, 0x65, 0x34, 0xdd, 0x7f,
-             0x21, 0x95, 0x6a, 0xff, 0x72, 0xc2, 0xf4, 0x17, 0x3a, 0x6e, 0x7b,
-             0x6c, 0xc2, 0x21, 0x2b, 0xa0, 0xe3, 0xda, 0xee, 0x1f})),
-    std::make_pair(
-        119,
-        std::vector<uint8_t>(
-            {0xdc, 0xc2, 0xc4, 0xbe, 0xb9, 0xc1, 0xf2, 0x60, 0x7b, 0x78, 0x6c,
-             0x20, 0xc6, 0x31, 0x97, 0x23, 0x47, 0x03, 0x4c, 0x1c, 0xc0, 0x2f,
-             0xcc, 0x7d, 0x02, 0xff, 0x01, 0x09, 0x9c, 0xfe, 0x1c, 0x69, 0x89,
-             0x84, 0x0a, 0xc2, 0x13, 0x92, 0x36, 0x29, 0x11, 0x3a, 0xa8, 0xba,
-             0xd7, 0x13, 0xcc, 0xf0, 0xfe, 0x4c, 0xe1, 0x32, 0x64, 0xfb, 0x32,
-             0xb8, 0xb0, 0xfe, 0x37, 0x2d, 0xa3, 0x82, 0x54, 0x4a})),
-    std::make_pair(
-        120,
-        std::vector<uint8_t>(
-            {0x3d, 0x55, 0x17, 0x6a, 0xce, 0xa4, 0xa7, 0xe3, 0xa6, 0x5f, 0xfa,
-             0x9f, 0xb1, 0x0a, 0x7a, 0x17, 0x67, 0x19, 0x9c, 0xf0, 0x77, 0xce,
-             0xe9, 0xf7, 0x15, 0x32, 0xd6, 0x7c, 0xd7, 0xc7, 0x3c, 0x9f, 0x93,
-             0xcf, 0xc3, 0x7c, 0xcd, 0xcc, 0x1f, 0xde, 0xf5, 0x0a, 0xad, 0x46,
-             0xa5, 0x04, 0xa6, 0x50, 0xd2, 0x98, 0xd5, 0x97, 0xa3, 0xa9, 0xfa,
-             0x95, 0xc6, 0xc4, 0x0c, 0xb7, 0x1f, 0xa5, 0xe7, 0x25})),
-    std::make_pair(
-        121,
-        std::vector<uint8_t>(
-            {0xd0, 0x77, 0x13, 0xc0, 0x05, 0xde, 0x96, 0xdd, 0x21, 0xd2, 0xeb,
-             0x8b, 0xbe, 0xca, 0x66, 0x74, 0x6e, 0xa5, 0x1a, 0x31, 0xae, 0x92,
-             0x2a, 0x3e, 0x74, 0x86, 0x48, 0x89, 0x54, 0x0a, 0x48, 0xdb, 0x27,
-             0xd7, 0xe4, 0xc9, 0x03, 0x11, 0x63, 0x8b, 0x22, 0x4b, 0xf0, 0x20,
-             0x1b, 0x50, 0x18, 0x91, 0x75, 0x48, 0x48, 0x11, 0x3c, 0x26, 0x61,
-             0x08, 0xd0, 0xad, 0xb1, 0x3d, 0xb7, 0x19, 0x09, 0xc7})),
-    std::make_pair(
-        122,
-        std::vector<uint8_t>(
-            {0x58, 0x98, 0x3c, 0x21, 0x43, 0x3d, 0x95, 0x0c, 0xaa, 0x23, 0xe4,
-             0xbc, 0x18, 0x54, 0x3b, 0x8e, 0x60, 0x1c, 0x20, 0x43, 0x18, 0x53,
-             0x21, 0x52, 0xda, 0xf5, 0xe1, 0x59, 0xa0, 0xcd, 0x14, 0x80, 0x18,
-             0x3d, 0x29, 0x28, 0x5c, 0x05, 0xf1, 0x29, 0xcb, 0x0c, 0xc3, 0x16,
-             0x46, 0x87, 0x92, 0x80, 0x86, 0xff, 0xe3, 0x80, 0x15, 0x8d, 0xf1,
-             0xd3, 0x94, 0xc6, 0xac, 0x0d, 0x42, 0x88, 0xbc, 0xa8})),
-    std::make_pair(
-        123,
-        std::vector<uint8_t>(
-            {0x81, 0x00, 0xa8, 0xdc, 0x52, 0x8d, 0x2b, 0x68, 0x2a, 0xb4, 0x25,
-             0x08, 0x01, 0xba, 0x33, 0xf0, 0x2a, 0x3e, 0x94, 0xc5, 0x4d, 0xac,
-             0x0a, 0xe1, 0x48, 0x2a, 0xa2, 0x1f, 0x51, 0xef, 0x3a, 0x82, 0xf3,
-             0x80, 0x7e, 0x6f, 0xac, 0xb0, 0xae, 0xb0, 0x59, 0x47, 0xbf, 0x7a,
-             0xa2, 0xad, 0xcb, 0x03, 0x43, 0x56, 0xf9, 0x0f, 0xa4, 0x56, 0x0e,
-             0xde, 0x02, 0x20, 0x1a, 0x37, 0xe4, 0x11, 0xec, 0x1a})),
-    std::make_pair(
-        124,
-        std::vector<uint8_t>(
-            {0x07, 0x02, 0x5f, 0x1b, 0xb6, 0xc7, 0x84, 0xf3, 0xfe, 0x49, 0xde,
-             0x5c, 0x14, 0xb9, 0x36, 0xa5, 0xac, 0xac, 0xac, 0xaa, 0xb3, 0x3f,
-             0x6a, 0xc4, 0xd0, 0xe0, 0x0a, 0xb6, 0xa1, 0x24, 0x83, 0xd6, 0xbe,
-             0xc0, 0x0b, 0x4f, 0xe6, 0x7c, 0x7c, 0xa5, 0xcc, 0x50, 0x8c, 0x2a,
-             0x53, 0xef, 0xb5, 0xbf, 0xa5, 0x39, 0x87, 0x69, 0xd8, 0x43, 0xff,
-             0x0d, 0x9e, 0x8b, 0x14, 0xd3, 0x6a, 0x01, 0xa7, 0x7f})),
-    std::make_pair(
-        125,
-        std::vector<uint8_t>(
-            {0xba, 0x6a, 0xef, 0xd9, 0x72, 0xb6, 0x18, 0x6e, 0x02, 0x7a, 0x76,
-             0x27, 0x3a, 0x4a, 0x72, 0x33, 0x21, 0xa3, 0xf5, 0x80, 0xcf, 0xa8,
-             0x94, 0xda, 0x5a, 0x9c, 0xe8, 0xe7, 0x21, 0xc8, 0x28, 0x55, 0x2c,
-             0x64, 0xda, 0xce, 0xe3, 0xa7, 0xfd, 0x2d, 0x74, 0x3b, 0x5c, 0x35,
-             0xad, 0x0c, 0x8e, 0xfa, 0x71, 0xf8, 0xce, 0x99, 0xbf, 0x96, 0x33,
-             0x47, 0x10, 0xe2, 0xc2, 0x34, 0x6e, 0x8f, 0x3c, 0x52})),
-    std::make_pair(
-        126,
-        std::vector<uint8_t>(
-            {0xe0, 0x72, 0x1e, 0x02, 0x51, 0x7a, 0xed, 0xfa, 0x4e, 0x7e, 0x9b,
-             0xa5, 0x03, 0xe0, 0x25, 0xfd, 0x46, 0xe7, 0x14, 0x56, 0x6d, 0xc8,
-             0x89, 0xa8, 0x4c, 0xbf, 0xe5, 0x6a, 0x55, 0xdf, 0xbe, 0x2f, 0xc4,
-             0x93, 0x8a, 0xc4, 0x12, 0x05, 0x88, 0x33, 0x5d, 0xea, 0xc8, 0xef,
-             0x3f, 0xa2, 0x29, 0xad, 0xc9, 0x64, 0x7f, 0x54, 0xad, 0x2e, 0x34,
-             0x72, 0x23, 0x4f, 0x9b, 0x34, 0xef, 0xc4, 0x65, 0x43})),
-    std::make_pair(
-        127,
-        std::vector<uint8_t>(
-            {0xb6, 0x29, 0x26, 0x69, 0xcc, 0xd3, 0x8d, 0x5f, 0x01, 0xca, 0xae,
-             0x96, 0xba, 0x27, 0x2c, 0x76, 0xa8, 0x79, 0xa4, 0x57, 0x43, 0xaf,
-             0xa0, 0x72, 0x5d, 0x83, 0xb9, 0xeb, 0xb2, 0x66, 0x65, 0xb7, 0x31,
-             0xf1, 0x84, 0x8c, 0x52, 0xf1, 0x19, 0x72, 0xb6, 0x64, 0x4f, 0x55,
-             0x4c, 0x06, 0x4f, 0xa9, 0x07, 0x80, 0xdb, 0xbb, 0xf3, 0xa8, 0x9d,
-             0x4f, 0xc3, 0x1f, 0x67, 0xdf, 0x3e, 0x58, 0x57, 0xef})),
-    std::make_pair(
-        128,
-        std::vector<uint8_t>(
-            {0x23, 0x19, 0xe3, 0x78, 0x9c, 0x47, 0xe2, 0xda, 0xa5, 0xfe, 0x80,
-             0x7f, 0x61, 0xbe, 0xc2, 0xa1, 0xa6, 0x53, 0x7f, 0xa0, 0x3f, 0x19,
-             0xff, 0x32, 0xe8, 0x7e, 0xec, 0xbf, 0xd6, 0x4b, 0x7e, 0x0e, 0x8c,
-             0xcf, 0xf4, 0x39, 0xac, 0x33, 0x3b, 0x04, 0x0f, 0x19, 0xb0, 0xc4,
-             0xdd, 0xd1, 0x1a, 0x61, 0xe2, 0x4a, 0xc1, 0xfe, 0x0f, 0x10, 0xa0,
-             0x39, 0x80, 0x6c, 0x5d, 0xcc, 0x0d, 0xa3, 0xd1, 0x15})),
-    std::make_pair(
-        129,
-        std::vector<uint8_t>(
-            {0xf5, 0x97, 0x11, 0xd4, 0x4a, 0x03, 0x1d, 0x5f, 0x97, 0xa9, 0x41,
-             0x3c, 0x06, 0x5d, 0x1e, 0x61, 0x4c, 0x41, 0x7e, 0xde, 0x99, 0x85,
-             0x90, 0x32, 0x5f, 0x49, 0xba, 0xd2, 0xfd, 0x44, 0x4d, 0x3e, 0x44,
-             0x18, 0xbe, 0x19, 0xae, 0xc4, 0xe1, 0x14, 0x49, 0xac, 0x1a, 0x57,
-             0x20, 0x78, 0x98, 0xbc, 0x57, 0xd7, 0x6a, 0x1b, 0xcf, 0x35, 0x66,
-             0x29, 0x2c, 0x20, 0xc6, 0x83, 0xa5, 0xc4, 0x64, 0x8f})),
-    std::make_pair(
-        130,
-        std::vector<uint8_t>(
-            {0xdf, 0x0a, 0x9d, 0x0c, 0x21, 0x28, 0x43, 0xa6, 0xa9, 0x34, 0xe3,
-             0x90, 0x2b, 0x2d, 0xd3, 0x0d, 0x17, 0xfb, 0xa5, 0xf9, 0x69, 0xd2,
-             0x03, 0x0b, 0x12, 0xa5, 0x46, 0xd8, 0xa6, 0xa4, 0x5e, 0x80, 0xcf,
-             0x56, 0x35, 0xf0, 0x71, 0xf0, 0x45, 0x2e, 0x9c, 0x91, 0x92, 0x75,
-             0xda, 0x99, 0xbe, 0xd5, 0x1e, 0xb1, 0x17, 0x3c, 0x1a, 0xf0, 0x51,
-             0x87, 0x26, 0xb7, 0x5b, 0x0e, 0xc3, 0xba, 0xe2, 0xb5})),
-    std::make_pair(
-        131,
-        std::vector<uint8_t>(
-            {0xa3, 0xeb, 0x6e, 0x6c, 0x7b, 0xf2, 0xfb, 0x8b, 0x28, 0xbf, 0xe8,
-             0xb1, 0x5e, 0x15, 0xbb, 0x50, 0x0f, 0x78, 0x1e, 0xcc, 0x86, 0xf7,
-             0x78, 0xc3, 0xa4, 0xe6, 0x55, 0xfc, 0x58, 0x69, 0xbf, 0x28, 0x46,
-             0xa2, 0x45, 0xd4, 0xe3, 0x3b, 0x7b, 0x14, 0x43, 0x6a, 0x17, 0xe6,
-             0x3b, 0xe7, 0x9b, 0x36, 0x65, 0x5c, 0x22, 0x6a, 0x50, 0xff, 0xbc,
-             0x71, 0x24, 0x20, 0x7b, 0x02, 0x02, 0x34, 0x2d, 0xb5})),
-    std::make_pair(
-        132,
-        std::vector<uint8_t>(
-            {0x56, 0xd4, 0xcb, 0xcd, 0x07, 0x05, 0x63, 0x42, 0x6a, 0x01, 0x70,
-             0x69, 0x42, 0x5c, 0x2c, 0xd2, 0xae, 0x54, 0x06, 0x68, 0x28, 0x7a,
-             0x5f, 0xb9, 0xda, 0xc4, 0x32, 0xeb, 0x8a, 0xb1, 0xa3, 0x53, 0xa3,
-             0x0f, 0x2f, 0xe1, 0xf4, 0x0d, 0x83, 0x33, 0x3a, 0xfe, 0x69, 0x6a,
-             0x26, 0x77, 0x95, 0x40, 0x8a, 0x92, 0xfe, 0x7d, 0xa0, 0x7a, 0x0c,
-             0x18, 0x14, 0xcf, 0x77, 0xf3, 0x6e, 0x10, 0x5e, 0xe8})),
-    std::make_pair(
-        133,
-        std::vector<uint8_t>(
-            {0xe5, 0x9b, 0x99, 0x87, 0xd4, 0x28, 0xb3, 0xed, 0xa3, 0x7d, 0x80,
-             0xab, 0xdb, 0x16, 0xcd, 0x2b, 0x0a, 0xef, 0x67, 0x4c, 0x2b, 0x1d,
-             0xda, 0x44, 0x32, 0xea, 0x91, 0xee, 0x6c, 0x93, 0x5c, 0x68, 0x4b,
-             0x48, 0xb4, 0x42, 0x8a, 0x8c, 0xc7, 0x40, 0xe5, 0x79, 0xa3, 0x0d,
-             0xef, 0xf3, 0x5a, 0x80, 0x30, 0x13, 0x82, 0x0d, 0xd2, 0x3f, 0x14,
-             0xae, 0x1d, 0x84, 0x13, 0xb5, 0xc8, 0x67, 0x2a, 0xec})),
-    std::make_pair(
-        134,
-        std::vector<uint8_t>(
-            {0xcd, 0x9f, 0xcc, 0x99, 0xf9, 0x9d, 0x4c, 0xc1, 0x6d, 0x03, 0x19,
-             0x00, 0xb2, 0xa7, 0x36, 0xe1, 0x50, 0x8d, 0xb4, 0xb5, 0x86, 0x81,
-             0x4e, 0x63, 0x45, 0x85, 0x7f, 0x35, 0x4a, 0x70, 0xcc, 0xec, 0xb1,
-             0xdf, 0x3b, 0x50, 0xa1, 0x9a, 0xda, 0xf4, 0x3c, 0x27, 0x8e, 0xfa,
-             0x42, 0x3f, 0xf4, 0xbb, 0x6c, 0x52, 0x3e, 0xc7, 0xfd, 0x78, 0x59,
-             0xb9, 0x7b, 0x16, 0x8a, 0x7e, 0xbf, 0xf8, 0x46, 0x7c})),
-    std::make_pair(
-        135,
-        std::vector<uint8_t>(
-            {0x06, 0x02, 0x18, 0x5d, 0x8c, 0x3a, 0x78, 0x73, 0x8b, 0x99, 0x16,
-             0x4b, 0x8b, 0xc6, 0xff, 0xb2, 0x1c, 0x7d, 0xeb, 0xeb, 0xbf, 0x80,
-             0x63, 0x72, 0xe0, 0xda, 0x44, 0xd1, 0x21, 0x54, 0x55, 0x97, 0xb9,
-             0xc6, 0x62, 0xa2, 0x55, 0xdc, 0x31, 0x54, 0x2c, 0xf9, 0x95, 0xec,
-             0xbe, 0x6a, 0x50, 0xfb, 0x5e, 0x6e, 0x0e, 0xe4, 0xef, 0x24, 0x0f,
-             0xe5, 0x57, 0xed, 0xed, 0x11, 0x88, 0x08, 0x7e, 0x86})),
-    std::make_pair(
-        136,
-        std::vector<uint8_t>(
-            {0xc0, 0x8a, 0xfa, 0x5b, 0x92, 0x7b, 0xf0, 0x80, 0x97, 0xaf, 0xc5,
-             0xff, 0xf9, 0xca, 0x4e, 0x78, 0x00, 0x12, 0x5c, 0x1f, 0x52, 0xf2,
-             0xaf, 0x35, 0x53, 0xfa, 0x2b, 0x89, 0xe1, 0xe3, 0x01, 0x5c, 0x4f,
-             0x87, 0xd5, 0xe0, 0xa4, 0x89, 0x56, 0xad, 0x31, 0x45, 0x0b, 0x08,
-             0x3d, 0xad, 0x14, 0x7f, 0xfb, 0x5e, 0xc0, 0x34, 0x34, 0xa2, 0x68,
-             0x30, 0xcf, 0x37, 0xd1, 0x03, 0xab, 0x50, 0xc5, 0xda})),
-    std::make_pair(
-        137,
-        std::vector<uint8_t>(
-            {0x36, 0xf1, 0xe1, 0xc1, 0x1d, 0x6e, 0xf6, 0xbc, 0x3b, 0x53, 0x6d,
-             0x50, 0x5d, 0x54, 0x4a, 0x87, 0x15, 0x22, 0xc5, 0xc2, 0xa2, 0x53,
-             0x06, 0x7e, 0xc9, 0x93, 0x3b, 0x6e, 0xc2, 0x54, 0x64, 0xda, 0xf9,
-             0x85, 0x52, 0x5f, 0x5b, 0x95, 0x60, 0xa1, 0x6d, 0x89, 0x02, 0x59,
-             0xac, 0x1b, 0xb5, 0xcc, 0x67, 0xc0, 0xc4, 0x69, 0xcd, 0xe1, 0x33,
-             0xde, 0xf0, 0x00, 0xea, 0x1d, 0x68, 0x6f, 0x4f, 0x5d})),
-    std::make_pair(
-        138,
-        std::vector<uint8_t>(
-            {0xbf, 0x2a, 0xb2, 0xe2, 0x47, 0x0f, 0x54, 0x38, 0xc3, 0xb6, 0x89,
-             0xe6, 0x6e, 0x76, 0x86, 0xff, 0xfa, 0x0c, 0xb1, 0xe1, 0x79, 0x8a,
-             0xd3, 0xa8, 0x6f, 0xf9, 0x90, 0x75, 0xbf, 0x61, 0x38, 0xe3, 0x3d,
-             0x9c, 0x0c, 0xe5, 0x9a, 0xfb, 0x24, 0xac, 0x67, 0xa0, 0x2a, 0xf3,
-             0x44, 0x28, 0x19, 0x1a, 0x9a, 0x0a, 0x60, 0x41, 0xc0, 0x74, 0x71,
-             0xb7, 0xc3, 0xb1, 0xa7, 0x52, 0xd6, 0xfc, 0x0b, 0x8b})),
-    std::make_pair(
-        139,
-        std::vector<uint8_t>(
-            {0xd4, 0x00, 0x60, 0x1f, 0x97, 0x28, 0xcc, 0xc4, 0xc9, 0x23, 0x42,
-             0xd9, 0x78, 0x7d, 0x8d, 0x28, 0xab, 0x32, 0x3a, 0xf3, 0x75, 0xca,
-             0x56, 0x24, 0xb4, 0xbb, 0x91, 0xd1, 0x72, 0x71, 0xfb, 0xae, 0x86,
-             0x2e, 0x41, 0x3b, 0xe7, 0x3f, 0x1f, 0x68, 0xe6, 0x15, 0xb8, 0xc5,
-             0xc3, 0x91, 0xbe, 0x0d, 0xbd, 0x91, 0x44, 0x74, 0x6e, 0xb3, 0x39,
-             0xad, 0x54, 0x15, 0x47, 0xba, 0x9c, 0x46, 0x8a, 0x17})),
-    std::make_pair(
-        140,
-        std::vector<uint8_t>(
-            {0x79, 0xfe, 0x2f, 0xe1, 0x57, 0xeb, 0x85, 0xa0, 0x38, 0xab, 0xb8,
-             0xeb, 0xbc, 0x64, 0x77, 0x31, 0xd2, 0xc8, 0x3f, 0x51, 0xb0, 0xac,
-             0x6e, 0xe1, 0x4a, 0xa2, 0x84, 0xcb, 0x6a, 0x35, 0x49, 0xa4, 0xdc,
-             0xce, 0xb3, 0x00, 0x74, 0x0a, 0x82, 0x5f, 0x52, 0xf5, 0xfb, 0x30,
-             0xb0, 0x3b, 0x8c, 0x4d, 0x8b, 0x0f, 0x4a, 0xa6, 0x7a, 0x63, 0xf4,
-             0xa9, 0x4e, 0x33, 0x03, 0xc4, 0xed, 0xa4, 0xc0, 0x2b})),
-    std::make_pair(
-        141,
-        std::vector<uint8_t>(
-            {0x75, 0x35, 0x13, 0x13, 0xb5, 0x2a, 0x85, 0x29, 0x29, 0x8d, 0x8c,
-             0x18, 0x6b, 0x17, 0x68, 0x66, 0x6d, 0xcc, 0xa8, 0x59, 0x53, 0x17,
-             0xd7, 0xa4, 0x81, 0x6e, 0xb8, 0x8c, 0x06, 0x20, 0x20, 0xc0, 0xc8,
-             0xef, 0xc5, 0x54, 0xbb, 0x34, 0x1b, 0x64, 0x68, 0x8d, 0xb5, 0xcc,
-             0xaf, 0xc3, 0x5f, 0x3c, 0x3c, 0xd0, 0x9d, 0x65, 0x64, 0xb3, 0x6d,
-             0x7b, 0x04, 0xa2, 0x48, 0xe1, 0x46, 0x98, 0x0d, 0x4b})),
-    std::make_pair(
-        142,
-        std::vector<uint8_t>(
-            {0xe3, 0x12, 0x8b, 0x1d, 0x31, 0x1d, 0x02, 0x17, 0x9d, 0x7f, 0x25,
-             0xf9, 0x7a, 0x5a, 0x8b, 0xee, 0x2c, 0xc8, 0xc8, 0x63, 0x03, 0x64,
-             0x4f, 0xcd, 0x66, 0x4e, 0x15, 0x7d, 0x1f, 0xef, 0x00, 0xf2, 0x3e,
-             0x46, 0xf9, 0xa5, 0xe8, 0xe5, 0xc8, 0x90, 0xce, 0x56, 0x5b, 0xb6,
-             0xab, 0xd4, 0x30, 0x2c, 0xe0, 0x64, 0x69, 0xd5, 0x2a, 0x5b, 0xd5,
-             0x3e, 0x1c, 0x5a, 0x54, 0xd0, 0x46, 0x49, 0xdc, 0x03})),
-    std::make_pair(
-        143,
-        std::vector<uint8_t>(
-            {0xc2, 0x38, 0x2a, 0x72, 0xd2, 0xd3, 0xac, 0xe9, 0xd5, 0x93, 0x3d,
-             0x00, 0xb6, 0x08, 0x27, 0xed, 0x38, 0x0c, 0xda, 0x08, 0xd0, 0xba,
-             0x5f, 0x6d, 0xd4, 0x1e, 0x29, 0xee, 0x6d, 0xbe, 0x8e, 0xcb, 0x92,
-             0x35, 0xf0, 0x6b, 0xe9, 0x5d, 0x83, 0xb6, 0x81, 0x6a, 0x2f, 0xb7,
-             0xa5, 0xad, 0x47, 0x03, 0x5e, 0x8a, 0x4b, 0x69, 0xa4, 0x88, 0x4b,
-             0x99, 0xe4, 0xbe, 0xce, 0x58, 0xca, 0xb2, 0x5d, 0x44})),
-    std::make_pair(
-        144,
-        std::vector<uint8_t>(
-            {0x6b, 0x1c, 0x69, 0x46, 0x0b, 0xbd, 0x50, 0xac, 0x2e, 0xd6, 0xf3,
-             0x2e, 0x6e, 0x88, 0x7c, 0xfe, 0xd4, 0x07, 0xd4, 0x7d, 0xcf, 0x0a,
-             0xaa, 0x60, 0x38, 0x7f, 0xe3, 0x20, 0xd7, 0x80, 0xbd, 0x03, 0xea,
-             0xb6, 0xd7, 0xba, 0xeb, 0x2a, 0x07, 0xd1, 0x0c, 0xd5, 0x52, 0xa3,
-             0x00, 0x34, 0x13, 0x54, 0xea, 0x9a, 0x5f, 0x03, 0x18, 0x3a, 0x62,
-             0x3f, 0x92, 0xa2, 0xd4, 0xd9, 0xf0, 0x09, 0x26, 0xaf})),
-    std::make_pair(
-        145,
-        std::vector<uint8_t>(
-            {0x6c, 0xda, 0x20, 0x6c, 0x80, 0xcd, 0xc9, 0xc4, 0x4b, 0xa9, 0x90,
-             0xe0, 0x32, 0x8c, 0x31, 0x4f, 0x81, 0x9b, 0x14, 0x2d, 0x00, 0x63,
-             0x04, 0x04, 0xc4, 0x8c, 0x05, 0xdc, 0x76, 0xd1, 0xb0, 0x0c, 0xe4,
-             0xd7, 0x2f, 0xc6, 0xa4, 0x8e, 0x14, 0x69, 0xdd, 0xef, 0x60, 0x94,
-             0x12, 0xc3, 0x64, 0x82, 0x08, 0x54, 0x21, 0x4b, 0x48, 0x69, 0xaf,
-             0x09, 0x0f, 0x00, 0xd3, 0xc1, 0xba, 0x44, 0x3e, 0x1b})),
-    std::make_pair(
-        146,
-        std::vector<uint8_t>(
-            {0x7f, 0xfc, 0x8c, 0x26, 0xfb, 0xd6, 0xa0, 0xf7, 0xa6, 0x09, 0xe6,
-             0xe1, 0x93, 0x9f, 0x6a, 0x9e, 0xdf, 0x1b, 0x0b, 0x06, 0x66, 0x41,
-             0xfb, 0x76, 0xc4, 0xf9, 0x60, 0x2e, 0xd7, 0x48, 0xd1, 0x16, 0x02,
-             0x49, 0x6b, 0x35, 0x35, 0x5b, 0x1a, 0xa2, 0x55, 0x85, 0x0a, 0x50,
-             0x9d, 0x2f, 0x8e, 0xe1, 0x8c, 0x8f, 0x3e, 0x1d, 0x7d, 0xcb, 0xc3,
-             0x7a, 0x13, 0x65, 0x98, 0xf5, 0x6a, 0x59, 0xed, 0x17})),
-    std::make_pair(
-        147,
-        std::vector<uint8_t>(
-            {0x70, 0xde, 0x1f, 0x08, 0xdd, 0x4e, 0x09, 0xd5, 0xfc, 0x15, 0x1f,
-             0x17, 0xfc, 0x99, 0x1a, 0x23, 0xab, 0xfc, 0x05, 0x10, 0x42, 0x90,
-             0xd5, 0x04, 0x68, 0x88, 0x2e, 0xfa, 0xf5, 0x82, 0xb6, 0xec, 0x2f,
-             0x14, 0xf5, 0x77, 0xc0, 0xd6, 0x8c, 0x3a, 0xd0, 0x66, 0x26, 0x91,
-             0x6e, 0x3c, 0x86, 0xe6, 0xda, 0xab, 0x6c, 0x53, 0xe5, 0x16, 0x3e,
-             0x82, 0xb6, 0xbd, 0x0c, 0xe4, 0x9f, 0xc0, 0xd8, 0xdf})),
-    std::make_pair(
-        148,
-        std::vector<uint8_t>(
-            {0x4f, 0x81, 0x93, 0x57, 0x56, 0xed, 0x35, 0xee, 0x20, 0x58, 0xee,
-             0x0c, 0x6a, 0x61, 0x10, 0xd6, 0xfa, 0xc5, 0xcb, 0x6a, 0x4f, 0x46,
-             0xaa, 0x94, 0x11, 0x60, 0x3f, 0x99, 0x96, 0x58, 0x23, 0xb6, 0xda,
-             0x48, 0x38, 0x27, 0x6c, 0x5c, 0x06, 0xbc, 0x78, 0x80, 0xe3, 0x76,
-             0xd9, 0x27, 0x58, 0x36, 0x9e, 0xe7, 0x30, 0x5b, 0xce, 0xc8, 0xd3,
-             0xcf, 0xd2, 0x8c, 0xca, 0xbb, 0x7b, 0x4f, 0x05, 0x79})),
-    std::make_pair(
-        149,
-        std::vector<uint8_t>(
-            {0xab, 0xcb, 0x61, 0xcb, 0x36, 0x83, 0xd1, 0x8f, 0x27, 0xad, 0x52,
-             0x79, 0x08, 0xed, 0x2d, 0x32, 0xa0, 0x42, 0x6c, 0xb7, 0xbb, 0x4b,
-             0xf1, 0x80, 0x61, 0x90, 0x3a, 0x7d, 0xc4, 0x2e, 0x7e, 0x76, 0xf9,
-             0x82, 0x38, 0x23, 0x04, 0xd1, 0x8a, 0xf8, 0xc8, 0x0d, 0x91, 0xdd,
-             0x58, 0xdd, 0x47, 0xaf, 0x76, 0xf8, 0xe2, 0xc3, 0x6e, 0x28, 0xaf,
-             0x24, 0x76, 0xb4, 0xbc, 0xcf, 0x82, 0xe8, 0x9f, 0xdf})),
-    std::make_pair(
-        150,
-        std::vector<uint8_t>(
-            {0x02, 0xd2, 0x61, 0xad, 0x56, 0xa5, 0x26, 0x33, 0x1b, 0x64, 0x3d,
-             0xd2, 0x18, 0x6d, 0xe9, 0xa8, 0x2e, 0x72, 0xa5, 0x82, 0x23, 0xcd,
-             0x1e, 0x72, 0x36, 0x86, 0xc5, 0x3d, 0x86, 0x9b, 0x83, 0xb9, 0x46,
-             0x32, 0xb7, 0xb6, 0x47, 0xab, 0x2a, 0xfc, 0x0d, 0x52, 0x2e, 0x29,
-             0xda, 0x3a, 0x56, 0x15, 0xb7, 0x41, 0xd8, 0x28, 0x52, 0xe0, 0xdf,
-             0x41, 0xb6, 0x60, 0x07, 0xdb, 0xcb, 0xa9, 0x05, 0x43})),
-    std::make_pair(
-        151,
-        std::vector<uint8_t>(
-            {0xc5, 0x83, 0x27, 0x41, 0xfa, 0x30, 0xc5, 0x43, 0x68, 0x23, 0x01,
-             0x53, 0x83, 0xd2, 0x97, 0xff, 0x4c, 0x4a, 0x5d, 0x72, 0x76, 0xc3,
-             0xf9, 0x02, 0x12, 0x20, 0x66, 0xe0, 0x4b, 0xe5, 0x43, 0x1b, 0x1a,
-             0x85, 0xfa, 0xf7, 0x3b, 0x91, 0x84, 0x34, 0xf9, 0x30, 0x09, 0x63,
-             0xd1, 0xde, 0xa9, 0xe8, 0xac, 0x39, 0x24, 0xef, 0x49, 0x02, 0x26,
-             0xed, 0xee, 0xa5, 0xf7, 0x43, 0xe4, 0x10, 0x66, 0x9f})),
-    std::make_pair(
-        152,
-        std::vector<uint8_t>(
-            {0xcf, 0xae, 0xab, 0x26, 0x8c, 0xd0, 0x75, 0xa5, 0xa6, 0xae, 0xd5,
-             0x15, 0x02, 0x3a, 0x03, 0x2d, 0x54, 0xf2, 0xf2, 0xff, 0x73, 0x3c,
-             0xe0, 0xcb, 0xc7, 0x8d, 0xb5, 0x1d, 0xb4, 0x50, 0x4d, 0x67, 0x59,
-             0x23, 0xf8, 0x27, 0x46, 0xd6, 0x59, 0x46, 0x06, 0xad, 0x5d, 0x67,
-             0x73, 0x4b, 0x11, 0xa6, 0x7c, 0xc6, 0xa4, 0x68, 0xc2, 0x03, 0x2e,
-             0x43, 0xca, 0x1a, 0x94, 0xc6, 0x27, 0x3a, 0x98, 0x5e})),
-    std::make_pair(
-        153,
-        std::vector<uint8_t>(
-            {0x86, 0x08, 0x50, 0xf9, 0x2e, 0xb2, 0x68, 0x27, 0x2b, 0x67, 0xd1,
-             0x33, 0x60, 0x9b, 0xd6, 0x4e, 0x34, 0xf6, 0x1b, 0xf0, 0x3f, 0x4c,
-             0x17, 0x38, 0x64, 0x5c, 0x17, 0xfe, 0xc8, 0x18, 0x46, 0x5d, 0x7e,
-             0xcd, 0x2b, 0xe2, 0x90, 0x76, 0x41, 0x13, 0x00, 0x25, 0xfd, 0xa7,
-             0x94, 0x70, 0xab, 0x73, 0x16, 0x46, 0xe7, 0xf6, 0x94, 0x40, 0xe8,
-             0x36, 0x7e, 0xa7, 0x6a, 0xc4, 0xce, 0xe8, 0xa1, 0xdf})),
-    std::make_pair(
-        154,
-        std::vector<uint8_t>(
-            {0x84, 0xb1, 0x54, 0xed, 0x29, 0xbb, 0xed, 0xef, 0xa6, 0x48, 0x28,
-             0x68, 0x39, 0x04, 0x6f, 0x4b, 0x5a, 0xa3, 0x44, 0x30, 0xe2, 0xd6,
-             0x7f, 0x74, 0x96, 0xe4, 0xc3, 0x9f, 0x2c, 0x7e, 0xa7, 0x89, 0x95,
-             0xf6, 0x9e, 0x12, 0x92, 0x20, 0x00, 0x16, 0xf1, 0x6a, 0xc3, 0xb3,
-             0x77, 0x00, 0xe6, 0xc7, 0xe7, 0x86, 0x1a, 0xfc, 0x39, 0x6b, 0x64,
-             0xa5, 0x9a, 0x1d, 0xbf, 0x47, 0xa5, 0x5c, 0x4b, 0xbc})),
-    std::make_pair(
-        155,
-        std::vector<uint8_t>(
-            {0xae, 0xee, 0xc2, 0x60, 0xa5, 0xd8, 0xef, 0xf5, 0xcc, 0xab, 0x8b,
-             0x95, 0xda, 0x43, 0x5a, 0x63, 0xed, 0x7a, 0x21, 0xea, 0x7f, 0xc7,
-             0x55, 0x94, 0x13, 0xfd, 0x61, 0x7e, 0x33, 0x60, 0x9f, 0x8c, 0x29,
-             0x0e, 0x64, 0xbb, 0xac, 0xc5, 0x28, 0xf6, 0xc0, 0x80, 0x26, 0x22,
-             0x88, 0xb0, 0xf0, 0xa3, 0x21, 0x9b, 0xe2, 0x23, 0xc9, 0x91, 0xbe,
-             0xe9, 0x2e, 0x72, 0x34, 0x95, 0x93, 0xe6, 0x76, 0x38})),
-    std::make_pair(
-        156,
-        std::vector<uint8_t>(
-            {0x8a, 0xd7, 0x8a, 0x9f, 0x26, 0x60, 0x1d, 0x12, 0x7e, 0x8d, 0x2f,
-             0x2f, 0x97, 0x6e, 0x63, 0xd1, 0x9a, 0x05, 0x4a, 0x17, 0xdc, 0xf5,
-             0x9e, 0x0f, 0x01, 0x3a, 0xb5, 0x4a, 0x68, 0x87, 0xbb, 0xdf, 0xfd,
-             0xe7, 0xaa, 0xae, 0x11, 0x7e, 0x0f, 0xbf, 0x32, 0x71, 0x01, 0x65,
-             0x95, 0xb9, 0xd9, 0xc7, 0x12, 0xc0, 0x1b, 0x2c, 0x53, 0xe9, 0x65,
-             0x5a, 0x38, 0x2b, 0xc4, 0x52, 0x2e, 0x61, 0x66, 0x45})),
-    std::make_pair(
-        157,
-        std::vector<uint8_t>(
-            {0x89, 0x34, 0x15, 0x9d, 0xad, 0xe1, 0xac, 0x74, 0x14, 0x7d, 0xfa,
-             0x28, 0x2c, 0x75, 0x95, 0x4f, 0xce, 0xf4, 0x43, 0xef, 0x25, 0xf8,
-             0x0d, 0xfe, 0x9f, 0xb6, 0xea, 0x63, 0x3b, 0x85, 0x45, 0x11, 0x1d,
-             0x08, 0xb3, 0x4e, 0xf4, 0x3f, 0xff, 0x17, 0x02, 0x6c, 0x79, 0x64,
-             0xf5, 0xde, 0xac, 0x6d, 0x2b, 0x3c, 0x29, 0xda, 0xcf, 0x27, 0x47,
-             0xf0, 0x22, 0xdf, 0x59, 0x67, 0xdf, 0xdc, 0x1a, 0x0a})),
-    std::make_pair(
-        158,
-        std::vector<uint8_t>(
-            {0xcd, 0x36, 0xdd, 0x0b, 0x24, 0x06, 0x14, 0xcf, 0x2f, 0xa2, 0xb9,
-             0xe9, 0x59, 0x67, 0x9d, 0xcd, 0xd7, 0x2e, 0xc0, 0xcd, 0x58, 0xa4,
-             0x3d, 0xa3, 0x79, 0x0a, 0x92, 0xf6, 0xcd, 0xeb, 0x9e, 0x1e, 0x79,
-             0x5e, 0x47, 0x8a, 0x0a, 0x47, 0xd3, 0x71, 0x10, 0x0d, 0x34, 0x0c,
-             0x5c, 0xed, 0xcd, 0xbb, 0xc9, 0xe6, 0x8b, 0x3f, 0x46, 0x08, 0x18,
-             0xe5, 0xbd, 0xff, 0x7b, 0x4c, 0xda, 0x4c, 0x27, 0x44})),
-    std::make_pair(
-        159,
-        std::vector<uint8_t>(
-            {0x00, 0xdf, 0x4e, 0x09, 0x9b, 0x80, 0x71, 0x37, 0xa8, 0x59, 0x90,
-             0xf4, 0x9d, 0x3a, 0x94, 0x31, 0x5e, 0x5a, 0x5f, 0x7f, 0x7a, 0x60,
-             0x76, 0xb3, 0x03, 0xe9, 0x6b, 0x05, 0x6f, 0xb9, 0x38, 0x00, 0x11,
-             0x1f, 0x47, 0x96, 0x28, 0xe2, 0xf8, 0xdb, 0x59, 0xae, 0xb6, 0xac,
-             0x70, 0xc3, 0xb6, 0x1f, 0x51, 0xf9, 0xb4, 0x6e, 0x80, 0xff, 0xde,
-             0xae, 0x25, 0xeb, 0xdd, 0xb4, 0xaf, 0x6c, 0xb4, 0xee})),
-    std::make_pair(
-        160,
-        std::vector<uint8_t>(
-            {0x2b, 0x9c, 0x95, 0x5e, 0x6c, 0xae, 0xd4, 0xb7, 0xc9, 0xe2, 0x46,
-             0xb8, 0x6f, 0x9a, 0x17, 0x26, 0xe8, 0x10, 0xc5, 0x9d, 0x12, 0x6c,
-             0xee, 0x66, 0xed, 0x71, 0xbf, 0x01, 0x5b, 0x83, 0x55, 0x8a, 0x4b,
-             0x6d, 0x84, 0xd1, 0x8d, 0xc3, 0xff, 0x46, 0x20, 0xc2, 0xff, 0xb7,
-             0x22, 0x35, 0x9f, 0xde, 0xf8, 0x5b, 0xa0, 0xd4, 0xe2, 0xd2, 0x2e,
-             0xcb, 0xe0, 0xed, 0x78, 0x4f, 0x99, 0xaf, 0xe5, 0x87})),
-    std::make_pair(
-        161,
-        std::vector<uint8_t>(
-            {0x18, 0x1d, 0xf0, 0xa2, 0x61, 0xa2, 0xf7, 0xd2, 0x9e, 0xa5, 0xa1,
-             0x57, 0x72, 0x71, 0x51, 0x05, 0xd4, 0x50, 0xa4, 0xb6, 0xc2, 0x36,
-             0xf6, 0x99, 0xf4, 0x62, 0xd6, 0x0c, 0xa7, 0x64, 0x87, 0xfe, 0xed,
-             0xfc, 0x9f, 0x5e, 0xb9, 0x2d, 0xf8, 0x38, 0xe8, 0xfb, 0x5d, 0xc3,
-             0x69, 0x4e, 0x84, 0xc5, 0xe0, 0xf4, 0xa1, 0x0b, 0x76, 0x1f, 0x50,
-             0x67, 0x62, 0xbe, 0x05, 0x2c, 0x74, 0x5a, 0x6e, 0xe8})),
-    std::make_pair(
-        162,
-        std::vector<uint8_t>(
-            {0x21, 0xfb, 0x20, 0x34, 0x58, 0xbf, 0x3a, 0x7e, 0x9a, 0x80, 0x43,
-             0x9f, 0x9a, 0x90, 0x28, 0x99, 0xcd, 0x5d, 0xe0, 0x13, 0x9d, 0xfd,
-             0x56, 0xf7, 0x11, 0x0c, 0x9d, 0xec, 0x84, 0x37, 0xb2, 0x6b, 0xda,
-             0x63, 0xde, 0x2f, 0x56, 0x59, 0x26, 0xd8, 0x5e, 0xdb, 0x1d, 0x6c,
-             0x68, 0x25, 0x66, 0x97, 0x43, 0xdd, 0x99, 0x92, 0x65, 0x3d, 0x13,
-             0x97, 0x95, 0x44, 0xd5, 0xdc, 0x82, 0x28, 0xbf, 0xaa})),
-    std::make_pair(
-        163,
-        std::vector<uint8_t>(
-            {0xef, 0x02, 0x1f, 0x29, 0xc5, 0xff, 0xb8, 0x30, 0xe6, 0x4b, 0x9a,
-             0xa9, 0x05, 0x8d, 0xd6, 0x60, 0xfd, 0x2f, 0xcb, 0x81, 0xc4, 0x97,
-             0xa7, 0xe6, 0x98, 0xbc, 0xfb, 0xf5, 0x9d, 0xe5, 0xad, 0x4a, 0x86,
-             0xff, 0x93, 0xc1, 0x0a, 0x4b, 0x9d, 0x1a, 0xe5, 0x77, 0x47, 0x25,
-             0xf9, 0x07, 0x2d, 0xcd, 0xe9, 0xe1, 0xf1, 0x99, 0xba, 0xb9, 0x1f,
-             0x8b, 0xff, 0x92, 0x18, 0x64, 0xaa, 0x50, 0x2e, 0xee})),
-    std::make_pair(
-        164,
-        std::vector<uint8_t>(
-            {0xb3, 0xcf, 0xda, 0x40, 0x52, 0x6b, 0x7f, 0x1d, 0x37, 0x56, 0x9b,
-             0xdf, 0xcd, 0xf9, 0x11, 0xe5, 0xa6, 0xef, 0xe6, 0xb2, 0xec, 0x90,
-             0xa0, 0x45, 0x4c, 0x47, 0xb2, 0xc0, 0x46, 0xbf, 0x13, 0x0f, 0xc3,
-             0xb3, 0x52, 0xb3, 0x4d, 0xf4, 0x81, 0x3d, 0x48, 0xd3, 0x3a, 0xb8,
-             0xe2, 0x69, 0xb6, 0x9b, 0x07, 0x56, 0x76, 0xcb, 0x6d, 0x00, 0xa8,
-             0xdc, 0xf9, 0xe1, 0xf9, 0x67, 0xec, 0x19, 0x1b, 0x2c})),
-    std::make_pair(
-        165,
-        std::vector<uint8_t>(
-            {0xb4, 0xc6, 0xc3, 0xb2, 0x67, 0x07, 0x1e, 0xef, 0xb9, 0xc8, 0xc7,
-             0x2e, 0x0e, 0x2b, 0x94, 0x12, 0x93, 0x64, 0x1f, 0x86, 0x73, 0xcb,
-             0x70, 0xc1, 0xcc, 0x26, 0xad, 0x1e, 0x73, 0xcf, 0x14, 0x17, 0x55,
-             0x86, 0x0a, 0xd1, 0x9b, 0x34, 0xc2, 0xf3, 0x4e, 0xd3, 0x5b, 0xb5,
-             0x2e, 0xc4, 0x50, 0x7c, 0xc1, 0xfe, 0x59, 0x04, 0x77, 0x43, 0xa5,
-             0xf0, 0xc6, 0xfe, 0xbd, 0xe6, 0x25, 0xe2, 0x60, 0x91})),
-    std::make_pair(
-        166,
-        std::vector<uint8_t>(
-            {0x57, 0xa3, 0x4f, 0x2b, 0xcc, 0xa6, 0x0d, 0x4b, 0x85, 0x10, 0x3b,
-             0x83, 0x0c, 0x9d, 0x79, 0x52, 0xa4, 0x16, 0xbe, 0x52, 0x63, 0xae,
-             0x42, 0x9c, 0x9e, 0x5e, 0x53, 0xfe, 0x85, 0x90, 0xa8, 0xf7, 0x8e,
-             0xc6, 0x5a, 0x51, 0x10, 0x9e, 0xa8, 0x5d, 0xcd, 0xf7, 0xb6, 0x22,
-             0x3f, 0x9f, 0x2b, 0x34, 0x05, 0x39, 0xfa, 0xd8, 0x19, 0x23, 0xdb,
-             0xf8, 0xed, 0xab, 0xf9, 0x51, 0x29, 0xe4, 0xdf, 0xf6})),
-    std::make_pair(
-        167,
-        std::vector<uint8_t>(
-            {0x9c, 0xf4, 0x66, 0x62, 0xfc, 0xd6, 0x1a, 0x23, 0x22, 0x77, 0xb6,
-             0x85, 0x66, 0x3b, 0x8b, 0x5d, 0xa8, 0x32, 0xdf, 0xd9, 0xa3, 0xb8,
-             0xcc, 0xfe, 0xec, 0x99, 0x3e, 0xc6, 0xac, 0x41, 0x5a, 0xd0, 0x7e,
-             0x04, 0x8a, 0xdf, 0xe4, 0x14, 0xdf, 0x27, 0x27, 0x70, 0xdb, 0xa8,
-             0x67, 0xda, 0x5c, 0x12, 0x24, 0xc6, 0xfd, 0x0a, 0xa0, 0xc2, 0x18,
-             0x7d, 0x42, 0x6a, 0xc6, 0x47, 0xe9, 0x88, 0x73, 0x61})),
-    std::make_pair(
-        168,
-        std::vector<uint8_t>(
-            {0x5c, 0xe1, 0x04, 0x2a, 0xb4, 0xd5, 0x42, 0xc2, 0xf9, 0xee, 0x9d,
-             0x17, 0x26, 0x2a, 0xf8, 0x16, 0x40, 0x98, 0x93, 0x5b, 0xef, 0x17,
-             0x3d, 0x0e, 0x18, 0x48, 0x9b, 0x04, 0x84, 0x17, 0x46, 0xcd, 0x2f,
-             0x2d, 0xf8, 0x66, 0xbd, 0x7d, 0xa6, 0xe5, 0xef, 0x90, 0x24, 0xc6,
-             0x48, 0x02, 0x3e, 0xc7, 0x23, 0xab, 0x9c, 0x62, 0xfd, 0x80, 0x28,
-             0x57, 0x39, 0xd8, 0x4f, 0x15, 0xd2, 0xab, 0x51, 0x5a})),
-    std::make_pair(
-        169,
-        std::vector<uint8_t>(
-            {0x84, 0x88, 0x39, 0x6b, 0xd4, 0xa8, 0x72, 0x9b, 0x7a, 0x47, 0x31,
-             0x78, 0xf2, 0x32, 0xda, 0xdf, 0x3f, 0x0f, 0x8e, 0x22, 0x67, 0x8b,
-             0xa5, 0xa4, 0x3e, 0x04, 0x1e, 0x72, 0xda, 0x1e, 0x2c, 0xf8, 0x21,
-             0x94, 0xc3, 0x07, 0x20, 0x7a, 0x54, 0xcb, 0x81, 0x56, 0x29, 0x33,
-             0x39, 0xea, 0xec, 0x69, 0x3f, 0xf6, 0x6b, 0xfc, 0xd5, 0xef, 0xc6,
-             0x5e, 0x95, 0xe4, 0xec, 0xaf, 0x54, 0x53, 0x0a, 0xbd})),
-    std::make_pair(
-        170,
-        std::vector<uint8_t>(
-            {0xf5, 0x98, 0xda, 0x90, 0x1c, 0x38, 0x35, 0xbc, 0xa5, 0x60, 0x77,
-             0x90, 0x37, 0xdf, 0xde, 0x9f, 0x0c, 0x51, 0xdc, 0x61, 0xc0, 0xb7,
-             0x60, 0xfc, 0x15, 0x22, 0xd7, 0xb4, 0x70, 0xee, 0x63, 0xf5, 0xbd,
-             0xc6, 0x49, 0x84, 0x76, 0xe8, 0x60, 0x49, 0xad, 0x86, 0xe4, 0xe2,
-             0x1a, 0xf2, 0x85, 0x4a, 0x98, 0x4c, 0xc9, 0x05, 0x42, 0x7d, 0x2f,
-             0x17, 0xf6, 0x6b, 0x1f, 0x41, 0xc3, 0xda, 0x6f, 0x61})),
-    std::make_pair(
-        171,
-        std::vector<uint8_t>(
-            {0x5f, 0x93, 0x26, 0x97, 0x98, 0xcf, 0x02, 0x13, 0x21, 0x07, 0x33,
-             0x76, 0x60, 0xa8, 0xd7, 0xa1, 0x77, 0x35, 0x4c, 0x02, 0x12, 0xeb,
-             0x93, 0xe5, 0x55, 0xe7, 0xc3, 0x7a, 0x08, 0xae, 0xf3, 0xd8, 0xdc,
-             0xe0, 0x12, 0x17, 0x01, 0x1c, 0xd9, 0x65, 0xc0, 0x4d, 0xd2, 0xc1,
-             0x05, 0xf2, 0xe2, 0xb6, 0xca, 0xe5, 0xe4, 0xe6, 0xbc, 0xaf, 0x09,
-             0xdf, 0xbe, 0xe3, 0xe0, 0xa6, 0xa6, 0x35, 0x7c, 0x37})),
-    std::make_pair(
-        172,
-        std::vector<uint8_t>(
-            {0x0e, 0xcf, 0x58, 0x1d, 0x47, 0xba, 0xc9, 0x23, 0x09, 0x86, 0xfa,
-             0xab, 0xd7, 0x0c, 0x2f, 0x5b, 0x80, 0xe9, 0x10, 0x66, 0xf0, 0xec,
-             0x55, 0xa8, 0x42, 0x93, 0x78, 0x82, 0x28, 0x6d, 0x2c, 0xa0, 0x07,
-             0xbb, 0x4e, 0x97, 0x3b, 0x0b, 0x09, 0x1d, 0x52, 0x16, 0x7f, 0xf7,
-             0xc4, 0x00, 0x9c, 0x7a, 0xb4, 0xad, 0x38, 0xff, 0xf1, 0xdc, 0xea,
-             0xcd, 0xb7, 0xbe, 0x81, 0xef, 0x4a, 0x45, 0x29, 0x52})),
-    std::make_pair(
-        173,
-        std::vector<uint8_t>(
-            {0x5a, 0xec, 0xa8, 0xab, 0xe1, 0x52, 0x85, 0x82, 0xb2, 0xa3, 0x07,
-             0xb4, 0x00, 0x95, 0x85, 0x49, 0x8a, 0x3d, 0x46, 0x7c, 0xa6, 0x10,
-             0x1c, 0xb0, 0xc5, 0x12, 0x6f, 0x99, 0x76, 0x05, 0x6e, 0x9f, 0xfc,
-             0x12, 0x3c, 0xc2, 0x0c, 0x30, 0x2b, 0x2a, 0x73, 0x7f, 0x49, 0x2c,
-             0x75, 0xd2, 0x1f, 0x01, 0x51, 0x2c, 0x90, 0xca, 0x05, 0x41, 0xdf,
-             0xa5, 0x6e, 0x95, 0x0a, 0x32, 0x1d, 0xcb, 0x28, 0xd8})),
-    std::make_pair(
-        174,
-        std::vector<uint8_t>(
-            {0x73, 0x2f, 0xbf, 0x8f, 0x1c, 0xb2, 0xb8, 0x32, 0x92, 0x63, 0xed,
-             0xe2, 0x78, 0x58, 0xfe, 0x46, 0xf8, 0xd3, 0x35, 0x4d, 0x37, 0x6b,
-             0xcd, 0xa0, 0x54, 0x8e, 0x7c, 0xe1, 0xfa, 0x9d, 0xd1, 0x1f, 0x85,
-             0xeb, 0x66, 0x1f, 0xe9, 0x50, 0xb5, 0x43, 0xaa, 0x63, 0x5c, 0xa4,
-             0xd3, 0xf0, 0x4e, 0xde, 0x5b, 0x32, 0xd6, 0xb6, 0x56, 0xe5, 0xce,
-             0x1c, 0x44, 0xd3, 0x5c, 0x4a, 0x6c, 0x56, 0xcf, 0xf8})),
-    std::make_pair(
-        175,
-        std::vector<uint8_t>(
-            {0xd5, 0xe9, 0x38, 0x73, 0x5d, 0x63, 0x78, 0x8c, 0x80, 0x10, 0x0a,
-             0xef, 0xd1, 0x86, 0x48, 0xd1, 0x8c, 0xf2, 0x72, 0xf6, 0x9f, 0x20,
-             0xff, 0x24, 0xcf, 0xe2, 0x89, 0x5c, 0x08, 0x8a, 0xd0, 0x8b, 0x01,
-             0x04, 0xda, 0x16, 0x72, 0xa4, 0xeb, 0x26, 0xfc, 0x52, 0x54, 0x5c,
-             0xc7, 0xd7, 0xa0, 0x1b, 0x26, 0x6c, 0xf5, 0x46, 0xc4, 0x03, 0xc4,
-             0x5b, 0xd1, 0x29, 0xeb, 0x41, 0xbd, 0xd9, 0x20, 0x0b})),
-    std::make_pair(
-        176,
-        std::vector<uint8_t>(
-            {0x65, 0xa2, 0x45, 0xb4, 0x93, 0x52, 0xee, 0x29, 0x7d, 0x91, 0xaf,
-             0x8c, 0x8b, 0xe0, 0x05, 0x28, 0xac, 0x6e, 0x04, 0x6d, 0xd8, 0x3a,
-             0xc7, 0xbd, 0x46, 0x5a, 0x98, 0x81, 0x6d, 0xd6, 0x8f, 0x3e, 0x00,
-             0xe1, 0xae, 0x8f, 0x89, 0x53, 0x27, 0xa7, 0xe9, 0xa8, 0xc9, 0x32,
-             0x65, 0x98, 0x37, 0x9a, 0x29, 0xc9, 0xfc, 0x91, 0xec, 0x0c, 0x6e,
-             0xef, 0x08, 0xf3, 0xe2, 0xb2, 0x16, 0xc1, 0x10, 0x08})),
-    std::make_pair(
-        177,
-        std::vector<uint8_t>(
-            {0xc9, 0x56, 0x54, 0xb6, 0x30, 0x19, 0x13, 0x0a, 0xb4, 0x5d, 0xd0,
-             0xfb, 0x49, 0x41, 0xb9, 0x8a, 0xeb, 0x3a, 0xf2, 0xa1, 0x23, 0x91,
-             0x3e, 0xca, 0x2c, 0xe9, 0x9b, 0x3e, 0x97, 0x41, 0x0a, 0x7b, 0xf8,
-             0x66, 0x1c, 0xc7, 0xfb, 0xaa, 0x2b, 0xc1, 0xcf, 0x2b, 0x13, 0x11,
-             0x3b, 0x1e, 0xd4, 0x0a, 0x01, 0x18, 0xb8, 0x8e, 0x5f, 0xff, 0xc3,
-             0x54, 0x27, 0x59, 0xea, 0x00, 0x7e, 0xd4, 0xc5, 0x8d})),
-    std::make_pair(
-        178,
-        std::vector<uint8_t>(
-            {0x1e, 0xb2, 0x62, 0xf3, 0x8f, 0xa4, 0x94, 0x43, 0x1f, 0x01, 0x7d,
-             0xad, 0x44, 0xc0, 0xdf, 0xb6, 0x93, 0x24, 0xac, 0x03, 0x2f, 0x04,
-             0xb6, 0x57, 0xfc, 0x91, 0xa8, 0x86, 0x47, 0xbb, 0x74, 0x76, 0x0f,
-             0x24, 0xe7, 0xc9, 0x56, 0x51, 0x4f, 0x0c, 0xf0, 0x02, 0x99, 0x0b,
-             0x18, 0x2c, 0x16, 0x42, 0xb9, 0xb2, 0x42, 0x6e, 0x96, 0xa6, 0x11,
-             0x87, 0xe4, 0xe0, 0x12, 0xf0, 0x0e, 0x21, 0x7d, 0x84})),
-    std::make_pair(
-        179,
-        std::vector<uint8_t>(
-            {0x3b, 0x95, 0x5a, 0xee, 0xbf, 0xa5, 0x15, 0x1a, 0xc1, 0xab, 0x8e,
-             0x3f, 0x5c, 0xc1, 0xe3, 0x76, 0x70, 0x84, 0xc8, 0x42, 0xa5, 0x75,
-             0xd3, 0x62, 0x69, 0x83, 0x6e, 0x97, 0x35, 0x3d, 0x41, 0x62, 0x2b,
-             0x73, 0x1d, 0xdd, 0xcd, 0x5f, 0x26, 0x95, 0x50, 0xa3, 0xa5, 0xb8,
-             0x7b, 0xe1, 0xe9, 0x03, 0x26, 0x34, 0x0b, 0x6e, 0x0e, 0x62, 0x55,
-             0x58, 0x15, 0xd9, 0x60, 0x05, 0x97, 0xac, 0x6e, 0xf9})),
-    std::make_pair(
-        180,
-        std::vector<uint8_t>(
-            {0x68, 0x28, 0x9f, 0x66, 0x05, 0x47, 0x3b, 0xa0, 0xe4, 0xf2, 0x41,
-             0xba, 0xf7, 0x47, 0x7a, 0x98, 0x85, 0x42, 0x6a, 0x85, 0x8f, 0x19,
-             0xef, 0x2a, 0x18, 0xb0, 0xd4, 0x0e, 0xf8, 0xe4, 0x12, 0x82, 0xed,
-             0x55, 0x26, 0xb5, 0x19, 0x79, 0x9e, 0x27, 0x0f, 0x13, 0x88, 0x13,
-             0x27, 0x91, 0x82, 0x78, 0x75, 0x57, 0x11, 0x07, 0x1d, 0x85, 0x11,
-             0xfe, 0x96, 0x3e, 0x3b, 0x56, 0x06, 0xaa, 0x37, 0x16})),
-    std::make_pair(
-        181,
-        std::vector<uint8_t>(
-            {0x80, 0xa3, 0x37, 0x87, 0x54, 0x26, 0x12, 0xc3, 0x8f, 0x6b, 0xcd,
-             0x7c, 0xd8, 0x6c, 0xab, 0x46, 0x02, 0x27, 0x50, 0x9b, 0x1c, 0xba,
-             0xd5, 0xec, 0x40, 0x8a, 0x91, 0x41, 0x3d, 0x51, 0x15, 0x5a, 0x04,
-             0x76, 0xda, 0xdb, 0xf3, 0xa2, 0x51, 0x8e, 0x4a, 0x6e, 0x77, 0xcc,
-             0x34, 0x66, 0x22, 0xe3, 0x47, 0xa4, 0x69, 0xbf, 0x8b, 0xaa, 0x5f,
-             0x04, 0xeb, 0x2d, 0x98, 0x70, 0x53, 0x55, 0xd0, 0x63})),
-    std::make_pair(
-        182,
-        std::vector<uint8_t>(
-            {0x34, 0x62, 0x9b, 0xc6, 0xd8, 0x31, 0x39, 0x1c, 0x4c, 0xdf, 0x8a,
-             0xf1, 0xb4, 0xb7, 0xb6, 0xb8, 0xe8, 0xee, 0x17, 0xcf, 0x98, 0xc7,
-             0x0e, 0x5d, 0xd5, 0x86, 0xcd, 0x99, 0xf1, 0x4b, 0x11, 0xdf, 0x94,
-             0x51, 0x66, 0x23, 0x6a, 0x95, 0x71, 0xe6, 0xd5, 0x91, 0xbb, 0x83,
-             0xee, 0x4d, 0x16, 0x4d, 0x46, 0xf6, 0xb9, 0xd8, 0xef, 0x86, 0xff,
-             0x86, 0x5a, 0x81, 0xbf, 0xb9, 0x1b, 0x00, 0x42, 0x4b})),
-    std::make_pair(
-        183,
-        std::vector<uint8_t>(
-            {0x8b, 0x7c, 0xc3, 0x39, 0x16, 0x38, 0x63, 0xbb, 0x43, 0x83, 0xe5,
-             0x42, 0xb0, 0xef, 0x0e, 0x7c, 0xf3, 0x6b, 0x84, 0xad, 0x93, 0x2c,
-             0xdf, 0x5a, 0x80, 0x41, 0x9e, 0xc9, 0xad, 0x69, 0x2e, 0x7a, 0x7e,
-             0x78, 0x4d, 0x2c, 0x7c, 0xb3, 0x79, 0x6a, 0x18, 0xb8, 0xf8, 0x00,
-             0x03, 0x5f, 0x3a, 0xa0, 0x6c, 0x82, 0x41, 0x00, 0x61, 0x11, 0x20,
-             0xa7, 0xbd, 0xeb, 0x35, 0x61, 0x8c, 0xcb, 0x81, 0xb7})),
-    std::make_pair(
-        184,
-        std::vector<uint8_t>(
-            {0x4f, 0x08, 0x4e, 0x49, 0x39, 0xdd, 0x5a, 0x7f, 0x5a, 0x65, 0x8f,
-             0xad, 0x58, 0xa1, 0x8a, 0x15, 0xc2, 0x5c, 0x32, 0xec, 0x1c, 0x7f,
-             0xd5, 0xc5, 0xc6, 0xc3, 0xe8, 0x92, 0xb3, 0x97, 0x1a, 0xea, 0xac,
-             0x30, 0x83, 0x04, 0xef, 0x17, 0xb1, 0xc4, 0x72, 0x39, 0xea, 0x4b,
-             0xb3, 0x98, 0xb3, 0xfd, 0x6d, 0x45, 0x28, 0xd8, 0xde, 0x8e, 0x76,
-             0x8a, 0xe0, 0xf1, 0xa5, 0xa5, 0xc6, 0xb5, 0xc2, 0x97})),
-    std::make_pair(
-        185,
-        std::vector<uint8_t>(
-            {0x48, 0xf4, 0x07, 0xa1, 0xaf, 0x5b, 0x80, 0x09, 0xb2, 0x05, 0x17,
-             0x42, 0xe8, 0xcf, 0x5c, 0xd5, 0x65, 0x66, 0x69, 0xe7, 0xd7, 0x22,
-             0xee, 0x8e, 0x7b, 0xd2, 0x02, 0x06, 0x08, 0x49, 0x44, 0x21, 0x68,
-             0xd8, 0xfa, 0xcc, 0x11, 0x7c, 0x01, 0x2b, 0xfb, 0x7b, 0xf4, 0x49,
-             0xd9, 0x9b, 0xef, 0xff, 0x6a, 0x34, 0xae, 0xa2, 0x03, 0xf1, 0xd8,
-             0xd3, 0x52, 0x72, 0x2b, 0xe5, 0x01, 0x4e, 0xc8, 0x18})),
-    std::make_pair(
-        186,
-        std::vector<uint8_t>(
-            {0xa6, 0xaa, 0x82, 0xcd, 0x1e, 0x42, 0x6f, 0x9a, 0x73, 0xbf, 0xa3,
-             0x9a, 0x29, 0x03, 0x78, 0x76, 0x11, 0x46, 0x55, 0xb8, 0xc2, 0x2d,
-             0x6d, 0x3f, 0xf8, 0xb6, 0x38, 0xae, 0x7d, 0xea, 0x6b, 0x17, 0x84,
-             0x3e, 0x09, 0xe5, 0x2e, 0xb6, 0x6f, 0xa1, 0xe4, 0x75, 0xe4, 0xa8,
-             0xa3, 0xde, 0x42, 0x9b, 0x7d, 0x0f, 0x4a, 0x77, 0x6f, 0xcb, 0x8b,
-             0xdc, 0x9b, 0x9f, 0xed, 0xe7, 0xd5, 0x2e, 0x81, 0x5f})),
-    std::make_pair(
-        187,
-        std::vector<uint8_t>(
-            {0x58, 0x17, 0x02, 0x7d, 0x6b, 0xdd, 0x00, 0xc5, 0xdd, 0x10, 0xac,
-             0x59, 0x3c, 0xd5, 0x60, 0x37, 0x22, 0x70, 0x77, 0x5a, 0x18, 0x52,
-             0x6d, 0x7e, 0x6f, 0x13, 0x87, 0x2a, 0x2e, 0x20, 0xea, 0xb6, 0x64,
-             0x62, 0x5b, 0xe7, 0x16, 0x8a, 0xc4, 0xbd, 0x7c, 0x9e, 0x0c, 0xe7,
-             0xfc, 0x40, 0x99, 0xe0, 0xf4, 0x84, 0x42, 0xe2, 0xc7, 0x67, 0x19,
-             0x1c, 0x6e, 0x12, 0x84, 0xe9, 0xb2, 0xcc, 0xea, 0x8c})),
-    std::make_pair(
-        188,
-        std::vector<uint8_t>(
-            {0x08, 0xe4, 0x10, 0x28, 0x34, 0x0a, 0x45, 0xc7, 0x4e, 0x40, 0x52,
-             0xb3, 0xa8, 0xd6, 0x38, 0x9e, 0x22, 0xe0, 0x43, 0xa1, 0xad, 0xab,
-             0x5e, 0x28, 0xd9, 0x76, 0x19, 0x45, 0x0d, 0x72, 0x34, 0x69, 0xb6,
-             0x20, 0xca, 0xa5, 0x19, 0xb8, 0x1c, 0x14, 0x52, 0x38, 0x54, 0xf6,
-             0x19, 0xfd, 0x30, 0x27, 0xe3, 0x84, 0x7b, 0xd0, 0x32, 0x76, 0xe6,
-             0x06, 0x04, 0xa8, 0x0d, 0xdb, 0x4d, 0xe8, 0x76, 0xd6})),
-    std::make_pair(
-        189,
-        std::vector<uint8_t>(
-            {0x13, 0x0b, 0x84, 0x20, 0x53, 0x7e, 0xb0, 0x7d, 0x72, 0xab, 0xda,
-             0x07, 0xc8, 0x5a, 0xcb, 0xd8, 0xb9, 0xa4, 0x4f, 0x16, 0x32, 0x1d,
-             0xd0, 0x42, 0x21, 0x45, 0xf8, 0x09, 0x67, 0x3d, 0x30, 0xf2, 0xb5,
-             0x32, 0x13, 0x26, 0xe2, 0xbf, 0xf3, 0x17, 0xef, 0x3f, 0xef, 0x98,
-             0x3c, 0x51, 0xc4, 0xf8, 0xab, 0x24, 0xa3, 0x25, 0xd2, 0x98, 0xe3,
-             0x4a, 0xfc, 0xe5, 0x69, 0xa8, 0x25, 0x55, 0x77, 0x4c})),
-    std::make_pair(
-        190,
-        std::vector<uint8_t>(
-            {0xac, 0x49, 0xb8, 0x44, 0xaf, 0xaa, 0x01, 0x2e, 0x31, 0xc4, 0x74,
-             0xca, 0x26, 0x36, 0x48, 0x84, 0x4f, 0xd2, 0xf6, 0x30, 0x79, 0x92,
-             0xc2, 0xf7, 0x52, 0xac, 0xa0, 0x2c, 0x38, 0x28, 0x96, 0x51, 0x75,
-             0x79, 0x4d, 0xee, 0xe2, 0xd2, 0xee, 0x95, 0xc6, 0x1c, 0xd2, 0x84,
-             0xf6, 0xb5, 0xa2, 0xd7, 0x5e, 0x2e, 0xf2, 0xb2, 0x9e, 0xe8, 0x14,
-             0x9e, 0x77, 0xfb, 0x81, 0x44, 0x7b, 0x2f, 0xd0, 0x4b})),
-    std::make_pair(
-        191,
-        std::vector<uint8_t>(
-            {0xb9, 0xd7, 0xca, 0x81, 0xcc, 0x60, 0xbb, 0x95, 0x78, 0xe4, 0x40,
-             0x24, 0xe5, 0xa0, 0xa0, 0xbe, 0x80, 0xf2, 0x73, 0x36, 0xa6, 0xa9,
-             0xf4, 0xe5, 0x3d, 0xf3, 0x99, 0x9c, 0xb1, 0x91, 0x28, 0x0b, 0x09,
-             0x0e, 0x2a, 0xc2, 0xd2, 0x9c, 0x5b, 0xaa, 0xd9, 0xd7, 0x14, 0x15,
-             0xbd, 0xc1, 0x29, 0xe6, 0x9a, 0xa2, 0x66, 0x7a, 0xf6, 0xa7, 0xfd,
-             0x5e, 0x18, 0x9f, 0xcc, 0xdc, 0xee, 0x81, 0x73, 0x40})),
-    std::make_pair(
-        192,
-        std::vector<uint8_t>(
-            {0xa7, 0x55, 0xe1, 0x13, 0x38, 0x65, 0x72, 0xc7, 0x5c, 0xed, 0x61,
-             0xd7, 0x19, 0x70, 0x60, 0x70, 0xb9, 0x14, 0x60, 0x48, 0xe4, 0x2a,
-             0x9f, 0x8c, 0xd3, 0x56, 0x67, 0xa0, 0x88, 0xb4, 0x2f, 0x08, 0x80,
-             0x8a, 0xbd, 0xf7, 0x7e, 0x61, 0x8a, 0xbd, 0x95, 0x9a, 0xfc, 0x75,
-             0x73, 0x79, 0xca, 0x2c, 0x00, 0xbc, 0xc1, 0xa4, 0x83, 0x90, 0xfa,
-             0x2b, 0xff, 0x61, 0x8b, 0x1e, 0x00, 0x78, 0xa6, 0x13})),
-    std::make_pair(
-        193,
-        std::vector<uint8_t>(
-            {0xa7, 0x3c, 0x7d, 0xeb, 0xed, 0x32, 0x6f, 0x1c, 0x0d, 0xb0, 0x79,
-             0x5e, 0xe7, 0xd6, 0xe3, 0x94, 0x68, 0x94, 0xb8, 0x26, 0xb1, 0xf8,
-             0x10, 0x1c, 0x56, 0xc8, 0x23, 0xba, 0x17, 0x16, 0x83, 0x12, 0xe7,
-             0xf5, 0x3f, 0xc7, 0xdb, 0xe5, 0x2c, 0x3e, 0x11, 0xe6, 0x98, 0x52,
-             0xc4, 0x04, 0x85, 0xe2, 0xef, 0x18, 0x24, 0x77, 0x86, 0x2e, 0xa6,
-             0xa3, 0x4e, 0xc1, 0x36, 0xe2, 0xdf, 0xee, 0xa6, 0xf4})),
-    std::make_pair(
-        194,
-        std::vector<uint8_t>(
-            {0x6c, 0xb8, 0xf9, 0xd5, 0x2c, 0x56, 0xd8, 0x2c, 0xac, 0x28, 0xf3,
-             0x9e, 0xa1, 0x59, 0x3e, 0x8b, 0xb2, 0x50, 0x62, 0x93, 0xac, 0x0d,
-             0x68, 0x37, 0x6a, 0x17, 0x09, 0xb6, 0x2a, 0x46, 0xdf, 0x14, 0xa4,
-             0xae, 0x64, 0xb2, 0xd8, 0xfa, 0xb7, 0x67, 0x33, 0xa1, 0xce, 0xd2,
-             0xd5, 0x48, 0xe3, 0xf3, 0xc6, 0xfc, 0xb4, 0x9d, 0x40, 0xc3, 0xd5,
-             0x80, 0x8e, 0x44, 0x9c, 0xd8, 0x3d, 0x1c, 0x2a, 0xa2})),
-    std::make_pair(
-        195,
-        std::vector<uint8_t>(
-            {0x68, 0x3f, 0xa2, 0xb2, 0x36, 0x9a, 0x10, 0x16, 0x2c, 0x1c, 0x1c,
-             0x7b, 0x24, 0xbc, 0x97, 0x0e, 0xe6, 0x7d, 0xa2, 0x20, 0x56, 0x4f,
-             0x32, 0x20, 0x3f, 0x62, 0x56, 0x96, 0xc0, 0x35, 0x2a, 0x0b, 0x9a,
-             0xd9, 0x66, 0x24, 0x36, 0x2d, 0x95, 0x2d, 0x84, 0x46, 0x3c, 0x11,
-             0x06, 0xa2, 0xdb, 0xa7, 0xa0, 0x92, 0x59, 0x98, 0x84, 0xb3, 0x5a,
-             0x0b, 0x89, 0xc8, 0xf1, 0xb6, 0xa9, 0xb5, 0xa6, 0x1e})),
-    std::make_pair(
-        196,
-        std::vector<uint8_t>(
-            {0xaa, 0xd9, 0xad, 0x44, 0x61, 0x01, 0x18, 0xb7, 0x7d, 0x50, 0x8a,
-             0xeb, 0x1b, 0xbc, 0xd1, 0xc1, 0xb7, 0xd0, 0x17, 0x13, 0x97, 0xfb,
-             0x51, 0x0a, 0x40, 0x1b, 0xbc, 0x0e, 0xc3, 0x46, 0x23, 0x67, 0x0d,
-             0x86, 0xa2, 0xdc, 0x3c, 0x8f, 0x3a, 0xb5, 0xa2, 0x04, 0x4d, 0xf7,
-             0x30, 0x25, 0x67, 0x27, 0x54, 0x5f, 0x08, 0x60, 0xce, 0x21, 0xa1,
-             0xea, 0xc7, 0x17, 0xdf, 0xc4, 0x8f, 0x5d, 0x22, 0x8e})),
-    std::make_pair(
-        197,
-        std::vector<uint8_t>(
-            {0xc4, 0x25, 0x78, 0xde, 0x23, 0xb4, 0xc9, 0x87, 0xd5, 0xe1, 0xac,
-             0x4d, 0x68, 0x9e, 0xd5, 0xde, 0x4b, 0x04, 0x17, 0xf9, 0x70, 0x4b,
-             0xc6, 0xbc, 0xe9, 0x69, 0xfa, 0x13, 0x47, 0x15, 0x85, 0xd6, 0x2c,
-             0x2c, 0xb1, 0x21, 0x2a, 0x94, 0x4f, 0x39, 0x7f, 0xc9, 0xca, 0x2c,
-             0x37, 0x47, 0xc3, 0xbe, 0xb6, 0x94, 0xec, 0x4c, 0x5b, 0xe6, 0x88,
-             0x28, 0xdd, 0xa5, 0x3e, 0xf4, 0x3f, 0xae, 0xc6, 0xc0})),
-    std::make_pair(
-        198,
-        std::vector<uint8_t>(
-            {0x47, 0x0f, 0x00, 0x84, 0x1e, 0xe8, 0x24, 0x4e, 0x63, 0xed, 0x2c,
-             0x7e, 0xa3, 0x0e, 0x2e, 0x41, 0x98, 0x97, 0xc1, 0x97, 0x46, 0x2e,
-             0xcc, 0xce, 0xcf, 0x71, 0x3b, 0x42, 0xa5, 0x06, 0x5f, 0xff, 0x59,
-             0x14, 0xbc, 0x9b, 0x79, 0xaf, 0xfe, 0x8f, 0x6b, 0x65, 0x78, 0x75,
-             0xe7, 0x89, 0xae, 0x21, 0x3b, 0xd9, 0x14, 0xcd, 0x35, 0xbd, 0x17,
-             0x4d, 0x46, 0xe9, 0xd1, 0x8b, 0xd8, 0x43, 0x77, 0x3d})),
-    std::make_pair(
-        199,
-        std::vector<uint8_t>(
-            {0x34, 0xfc, 0x42, 0x13, 0x73, 0x0f, 0x47, 0xa5, 0xe9, 0xa3, 0x58,
-             0x0f, 0x64, 0x3e, 0x12, 0x94, 0x5c, 0xfc, 0xb3, 0x1b, 0xf2, 0x06,
-             0xf6, 0xad, 0x45, 0x0c, 0xe5, 0x28, 0xda, 0x3f, 0xa4, 0x32, 0xe0,
-             0x05, 0xd6, 0xb0, 0xec, 0xce, 0x10, 0xdc, 0xa7, 0xc5, 0x99, 0x5f,
-             0x6a, 0xac, 0xc5, 0x15, 0x0e, 0x1b, 0x00, 0x9e, 0x19, 0x75, 0x1e,
-             0x83, 0x09, 0xf8, 0x85, 0x95, 0x31, 0x84, 0x43, 0x74})),
-    std::make_pair(
-        200,
-        std::vector<uint8_t>(
-            {0xfb, 0x3c, 0x1f, 0x0f, 0x56, 0xa5, 0x6f, 0x8e, 0x31, 0x6f, 0xdf,
-             0x5d, 0x85, 0x3c, 0x8c, 0x87, 0x2c, 0x39, 0x63, 0x5d, 0x08, 0x36,
-             0x34, 0xc3, 0x90, 0x4f, 0xc3, 0xac, 0x07, 0xd1, 0xb5, 0x78, 0xe8,
-             0x5f, 0xf0, 0xe4, 0x80, 0xe9, 0x2d, 0x44, 0xad, 0xe3, 0x3b, 0x62,
-             0xe8, 0x93, 0xee, 0x32, 0x34, 0x3e, 0x79, 0xdd, 0xf6, 0xef, 0x29,
-             0x2e, 0x89, 0xb5, 0x82, 0xd3, 0x12, 0x50, 0x23, 0x14})),
-    std::make_pair(
-        201,
-        std::vector<uint8_t>(
-            {0xc7, 0xc9, 0x7f, 0xc6, 0x5d, 0xd2, 0xb9, 0xe3, 0xd3, 0xd6, 0x07,
-             0xd3, 0x15, 0x98, 0xd3, 0xf8, 0x42, 0x61, 0xe9, 0x91, 0x92, 0x51,
-             0xe9, 0xc8, 0xe5, 0x7b, 0xb5, 0xf8, 0x29, 0x37, 0x7d, 0x5f, 0x73,
-             0xea, 0xbb, 0xed, 0x55, 0xc6, 0xc3, 0x81, 0x18, 0x0f, 0x29, 0xad,
-             0x02, 0xe5, 0xbe, 0x79, 0x7f, 0xfe, 0xc7, 0xe5, 0x7b, 0xde, 0xcb,
-             0xc5, 0x0a, 0xd3, 0xd0, 0x62, 0xf0, 0x99, 0x3a, 0xb0})),
-    std::make_pair(
-        202,
-        std::vector<uint8_t>(
-            {0xa5, 0x7a, 0x49, 0xcd, 0xbe, 0x67, 0xae, 0x7d, 0x9f, 0x79, 0x7b,
-             0xb5, 0xcc, 0x7e, 0xfc, 0x2d, 0xf0, 0x7f, 0x4e, 0x1b, 0x15, 0x95,
-             0x5f, 0x85, 0xda, 0xe7, 0x4b, 0x76, 0xe2, 0xec, 0xb8, 0x5a, 0xfb,
-             0x6c, 0xd9, 0xee, 0xed, 0x88, 0x88, 0xd5, 0xca, 0x3e, 0xc5, 0xab,
-             0x65, 0xd2, 0x7a, 0x7b, 0x19, 0xe5, 0x78, 0x47, 0x57, 0x60, 0xa0,
-             0x45, 0xac, 0x3c, 0x92, 0xe1, 0x3a, 0x93, 0x8e, 0x77})),
-    std::make_pair(
-        203,
-        std::vector<uint8_t>(
-            {0xc7, 0x14, 0x3f, 0xce, 0x96, 0x14, 0xa1, 0x7f, 0xd6, 0x53, 0xae,
-             0xb1, 0x40, 0x72, 0x6d, 0xc9, 0xc3, 0xdb, 0xb1, 0xde, 0x6c, 0xc5,
-             0x81, 0xb2, 0x72, 0x68, 0x97, 0xec, 0x24, 0xb7, 0xa5, 0x03, 0x59,
-             0xad, 0x49, 0x22, 0x43, 0xbe, 0x66, 0xd9, 0xed, 0xd8, 0xc9, 0x33,
-             0xb5, 0xb8, 0x0e, 0x0b, 0x91, 0xbb, 0x61, 0xea, 0x98, 0x05, 0x60,
-             0x06, 0x51, 0x69, 0x76, 0xfa, 0xe8, 0xd9, 0x9a, 0x35})),
-    std::make_pair(
-        204,
-        std::vector<uint8_t>(
-            {0x65, 0xbb, 0x58, 0xd0, 0x7f, 0x93, 0x7e, 0x2d, 0x3c, 0x7e, 0x65,
-             0x38, 0x5f, 0x9c, 0x54, 0x73, 0x0b, 0x70, 0x41, 0x05, 0xcc, 0xdb,
-             0x69, 0x1f, 0x6e, 0x14, 0x6d, 0x4e, 0xe8, 0xf6, 0xc0, 0x86, 0xf4,
-             0x95, 0x11, 0x03, 0x51, 0x10, 0xa9, 0xad, 0x60, 0x31, 0xfd, 0xce,
-             0xb9, 0x43, 0xe0, 0xf9, 0x61, 0x3b, 0xcb, 0x27, 0x6d, 0xd4, 0x0f,
-             0x06, 0x24, 0xef, 0x0f, 0x92, 0x4f, 0x80, 0x97, 0x83})),
-    std::make_pair(
-        205,
-        std::vector<uint8_t>(
-            {0xe5, 0x40, 0x27, 0x7f, 0x68, 0x3b, 0x11, 0x86, 0xdd, 0x3b, 0x5b,
-             0x3f, 0x61, 0x43, 0x33, 0x96, 0x58, 0x1a, 0x35, 0xfe, 0xb1, 0x20,
-             0x02, 0xbe, 0x8c, 0x6a, 0x62, 0x31, 0xfc, 0x40, 0xff, 0xa7, 0x0f,
-             0x08, 0x08, 0x1b, 0xc5, 0x8b, 0x2d, 0x94, 0xf7, 0x64, 0x95, 0x43,
-             0x61, 0x4a, 0x43, 0x5f, 0xaa, 0x2d, 0x62, 0x11, 0x0e, 0x13, 0xda,
-             0xbc, 0x7b, 0x86, 0x62, 0x9b, 0x63, 0xaf, 0x9c, 0x24})),
-    std::make_pair(
-        206,
-        std::vector<uint8_t>(
-            {0x41, 0x85, 0x00, 0x87, 0x8c, 0x5f, 0xbc, 0xb5, 0x84, 0xc4, 0x32,
-             0xf4, 0x28, 0x5e, 0x05, 0xe4, 0x9f, 0x2e, 0x3e, 0x07, 0x53, 0x99,
-             0xa0, 0xdb, 0xfc, 0xf8, 0x74, 0xeb, 0xf8, 0xc0, 0x3d, 0x02, 0xbf,
-             0x16, 0xbc, 0x69, 0x89, 0xd1, 0x61, 0xc7, 0x7c, 0xa0, 0x78, 0x6b,
-             0x05, 0x05, 0x3c, 0x6c, 0x70, 0x94, 0x33, 0x71, 0x23, 0x19, 0x19,
-             0x21, 0x28, 0x83, 0x5c, 0xf0, 0xb6, 0x60, 0x59, 0x5b})),
-    std::make_pair(
-        207,
-        std::vector<uint8_t>(
-            {0x88, 0x90, 0x90, 0xdb, 0xb1, 0x94, 0x4b, 0xdc, 0x94, 0x33, 0xee,
-             0x5e, 0xf1, 0x01, 0x0c, 0x7a, 0x4a, 0x24, 0xa8, 0xe7, 0x1e, 0xce,
-             0xa8, 0xe1, 0x2a, 0x31, 0x31, 0x8c, 0xe4, 0x9d, 0xca, 0xb0, 0xac,
-             0xa5, 0xc3, 0x80, 0x23, 0x34, 0xaa, 0xb2, 0xcc, 0x84, 0xb1, 0x4c,
-             0x6b, 0x93, 0x21, 0xfe, 0x58, 0x6b, 0xf3, 0xf8, 0x76, 0xf1, 0x9c,
-             0xd4, 0x06, 0xeb, 0x11, 0x27, 0xfb, 0x94, 0x48, 0x01})),
-    std::make_pair(
-        208,
-        std::vector<uint8_t>(
-            {0x53, 0xb6, 0xa2, 0x89, 0x10, 0xaa, 0x92, 0xe2, 0x7e, 0x53, 0x6f,
-             0xb5, 0x49, 0xcf, 0x9b, 0x99, 0x18, 0x79, 0x10, 0x60, 0x89, 0x8e,
-             0x0b, 0x9f, 0xe1, 0x83, 0x57, 0x7f, 0xf4, 0x3b, 0x5e, 0x9c, 0x76,
-             0x89, 0xc7, 0x45, 0xb3, 0x2e, 0x41, 0x22, 0x69, 0x83, 0x7c, 0x31,
-             0xb8, 0x9e, 0x6c, 0xc1, 0x2b, 0xf7, 0x6e, 0x13, 0xca, 0xd3, 0x66,
-             0xb7, 0x4e, 0xce, 0x48, 0xbb, 0x85, 0xfd, 0x09, 0xe9})),
-    std::make_pair(
-        209,
-        std::vector<uint8_t>(
-            {0x7c, 0x09, 0x20, 0x80, 0xc6, 0xa8, 0x0d, 0x67, 0x24, 0x09, 0xd0,
-             0x81, 0xd3, 0xd1, 0x77, 0x10, 0x6b, 0xcd, 0x63, 0x56, 0x77, 0x85,
-             0x14, 0x07, 0x19, 0x49, 0x09, 0x50, 0xae, 0x07, 0xae, 0x8f, 0xca,
-             0xab, 0xba, 0xaa, 0xb3, 0x30, 0xcf, 0xbc, 0xf7, 0x37, 0x44, 0x82,
-             0xc2, 0x20, 0xaf, 0x2e, 0xad, 0xee, 0xb7, 0x3d, 0xcb, 0xb3, 0x5e,
-             0xd8, 0x23, 0x34, 0x4e, 0x14, 0x4e, 0x7d, 0x48, 0x99})),
-    std::make_pair(
-        210,
-        std::vector<uint8_t>(
-            {0x9c, 0xcd, 0xe5, 0x66, 0xd2, 0x40, 0x05, 0x09, 0x18, 0x11, 0x11,
-             0xf3, 0x2d, 0xde, 0x4c, 0xd6, 0x32, 0x09, 0xfe, 0x59, 0xa3, 0x0c,
-             0x11, 0x45, 0x46, 0xad, 0x27, 0x76, 0xd8, 0x89, 0xa4, 0x1b, 0xad,
-             0x8f, 0xa1, 0xbb, 0x46, 0x8c, 0xb2, 0xf9, 0xd4, 0x2c, 0xa9, 0x92,
-             0x8a, 0x77, 0x70, 0xfe, 0xf8, 0xe8, 0xba, 0x4d, 0x0c, 0x81, 0x2d,
-             0x9a, 0x1e, 0x75, 0xc3, 0xd8, 0xd2, 0xcc, 0xd7, 0x5a})),
-    std::make_pair(
-        211,
-        std::vector<uint8_t>(
-            {0x6e, 0x29, 0x3b, 0xf5, 0xd0, 0x3f, 0xe4, 0x39, 0x77, 0xcf, 0xe3,
-             0xf5, 0x7c, 0xcd, 0xb3, 0xae, 0x28, 0x2a, 0x85, 0x45, 0x5d, 0xca,
-             0x33, 0xf3, 0x7f, 0x4b, 0x74, 0xf8, 0x39, 0x8c, 0xc6, 0x12, 0x43,
-             0x3d, 0x75, 0x5c, 0xbe, 0xc4, 0x12, 0xf8, 0xf8, 0x2a, 0x3b, 0xd3,
-             0xbc, 0x4a, 0x27, 0x8f, 0x7e, 0xcd, 0x0d, 0xfa, 0x9b, 0xbd, 0xc4,
-             0x0b, 0xe7, 0xa7, 0x87, 0xc8, 0xf1, 0x59, 0xb2, 0xdf})),
-    std::make_pair(
-        212,
-        std::vector<uint8_t>(
-            {0xc5, 0x65, 0x46, 0xfb, 0x21, 0x78, 0x45, 0x6f, 0x33, 0x61, 0x64,
-             0xc1, 0x8b, 0x90, 0xde, 0xff, 0xc8, 0x3a, 0xe2, 0xb5, 0xa3, 0xac,
-             0xa7, 0x7b, 0x68, 0x84, 0xd3, 0x6d, 0x2c, 0x1d, 0xb3, 0x95, 0x01,
-             0xb3, 0xe6, 0x5e, 0x36, 0xc7, 0x58, 0xc6, 0x6e, 0x31, 0x88, 0x45,
-             0x1f, 0xdb, 0x35, 0x15, 0xee, 0x16, 0x2c, 0x00, 0x1f, 0x06, 0xc3,
-             0xe8, 0xcb, 0x57, 0x3a, 0xdf, 0x30, 0xf7, 0xa1, 0x01})),
-    std::make_pair(
-        213,
-        std::vector<uint8_t>(
-            {0x6f, 0x82, 0xf8, 0x9f, 0x29, 0x9e, 0xbc, 0xa2, 0xfe, 0x01, 0x4b,
-             0x59, 0xbf, 0xfe, 0x1a, 0xa8, 0x4e, 0x88, 0xb1, 0x91, 0x5f, 0xe2,
-             0x56, 0xaf, 0xb6, 0x46, 0xfd, 0x84, 0x48, 0xaf, 0x2b, 0x88, 0x91,
-             0xa7, 0xfa, 0xb3, 0x7a, 0x4e, 0xa6, 0xf9, 0xa5, 0x0e, 0x6c, 0x31,
-             0x70, 0x39, 0xd8, 0xcf, 0x87, 0x8f, 0x4c, 0x8e, 0x1a, 0x0d, 0xd4,
-             0x64, 0xf0, 0xb4, 0xd6, 0xff, 0x1c, 0x7e, 0xa8, 0x53})),
-    std::make_pair(
-        214,
-        std::vector<uint8_t>(
-            {0x2b, 0x85, 0x99, 0xff, 0x9c, 0x3d, 0x61, 0x98, 0x63, 0x7a, 0xd5,
-             0x1e, 0x57, 0xd1, 0x99, 0x8b, 0x0d, 0x75, 0x31, 0x3f, 0xe2, 0xdd,
-             0x61, 0xa5, 0x33, 0xc9, 0x64, 0xa6, 0xdd, 0x96, 0x07, 0xc6, 0xf7,
-             0x23, 0xe9, 0x45, 0x2c, 0xe4, 0x6e, 0x01, 0x4b, 0x1c, 0x1d, 0x6d,
-             0xe7, 0x7b, 0xa5, 0xb8, 0x8c, 0x91, 0x4d, 0x1c, 0x59, 0x7b, 0xf1,
-             0xea, 0xe1, 0x34, 0x74, 0xb4, 0x29, 0x0e, 0x89, 0xb2})),
-    std::make_pair(
-        215,
-        std::vector<uint8_t>(
-            {0x08, 0xbf, 0x34, 0x6d, 0x38, 0xe1, 0xdf, 0x06, 0xc8, 0x26, 0x0e,
-             0xdb, 0x1d, 0xa7, 0x55, 0x79, 0x27, 0x59, 0x48, 0xd5, 0xc0, 0xa0,
-             0xaa, 0x9e, 0xd2, 0x88, 0x6f, 0x88, 0x56, 0xde, 0x54, 0x17, 0xa1,
-             0x56, 0x99, 0x87, 0x58, 0xf5, 0xb1, 0x7e, 0x52, 0xf1, 0x01, 0xca,
-             0x95, 0x7a, 0x71, 0x13, 0x74, 0x73, 0xdf, 0xd1, 0x8d, 0x7d, 0x20,
-             0x9c, 0x4c, 0x10, 0xd9, 0x23, 0x3c, 0x93, 0x69, 0x1d})),
-    std::make_pair(
-        216,
-        std::vector<uint8_t>(
-            {0x6d, 0xf2, 0x15, 0x6d, 0x77, 0x31, 0x14, 0xd3, 0x10, 0xb6, 0x3d,
-             0xb9, 0xee, 0x53, 0x50, 0xd7, 0x7e, 0x6b, 0xcf, 0x25, 0xb0, 0x5f,
-             0xcd, 0x91, 0x0f, 0x9b, 0x31, 0xbc, 0x42, 0xbb, 0x13, 0xfe, 0x82,
-             0x25, 0xeb, 0xcb, 0x2a, 0x23, 0xa6, 0x22, 0x80, 0x77, 0x7b, 0x6b,
-             0xf7, 0x4e, 0x2c, 0xd0, 0x91, 0x7c, 0x76, 0x40, 0xb4, 0x3d, 0xef,
-             0xe4, 0x68, 0xcd, 0x1e, 0x18, 0xc9, 0x43, 0xc6, 0x6a})),
-    std::make_pair(
-        217,
-        std::vector<uint8_t>(
-            {0x7c, 0x70, 0x38, 0xbc, 0x13, 0xa9, 0x11, 0x51, 0x82, 0x8a, 0x5b,
-             0xa8, 0x2b, 0x4a, 0x96, 0x04, 0x0f, 0x25, 0x8a, 0x4d, 0xfb, 0x1b,
-             0x13, 0x73, 0xf0, 0xd3, 0x59, 0x16, 0x8a, 0xfb, 0x05, 0x17, 0xa2,
-             0x0b, 0x28, 0xa1, 0x2d, 0x36, 0x44, 0x04, 0x6b, 0xe6, 0x6b, 0x8d,
-             0x08, 0xd8, 0xae, 0x7f, 0x6a, 0x92, 0x3e, 0xa1, 0xc0, 0x01, 0x87,
-             0xc6, 0xd1, 0x1d, 0xc5, 0x02, 0xba, 0xc7, 0x13, 0x05})),
-    std::make_pair(
-        218,
-        std::vector<uint8_t>(
-            {0xbc, 0xd1, 0xb3, 0x0d, 0x80, 0x8f, 0xb7, 0x39, 0xb9, 0x87, 0xcb,
-             0xf1, 0x54, 0xbe, 0xa0, 0x0d, 0xa9, 0xd4, 0x03, 0x80, 0xb8, 0x61,
-             0xd4, 0xc1, 0xd6, 0x37, 0x71, 0x22, 0xda, 0xdd, 0x61, 0xc0, 0xe5,
-             0x90, 0x18, 0xb7, 0x19, 0x41, 0xcf, 0xb6, 0x2e, 0x00, 0xdc, 0xd7,
-             0x0a, 0xeb, 0x9a, 0xbf, 0x04, 0x73, 0xe8, 0x0f, 0x0a, 0x7e, 0xca,
-             0x6b, 0x6d, 0xea, 0x24, 0x6a, 0xb2, 0x29, 0xdd, 0x2b})),
-    std::make_pair(
-        219,
-        std::vector<uint8_t>(
-            {0x7e, 0xd4, 0x46, 0x8d, 0x96, 0x85, 0x30, 0xfe, 0x7a, 0xb2, 0xc3,
-             0x35, 0x40, 0xb2, 0x6d, 0x8c, 0x3b, 0xd3, 0xed, 0x44, 0xb3, 0x4f,
-             0xbe, 0x8c, 0x2a, 0x9d, 0x7f, 0x80, 0x5b, 0x5a, 0xda, 0x0e, 0xa2,
-             0x52, 0xee, 0xad, 0xe4, 0xfc, 0xe9, 0x7f, 0x89, 0x72, 0x8a, 0xd8,
-             0x5b, 0xc8, 0xbb, 0x24, 0x30, 0xb1, 0xbe, 0xf2, 0xcd, 0xdd, 0x32,
-             0xc8, 0x44, 0x6e, 0x59, 0xb8, 0xe8, 0xba, 0x3c, 0x67})),
-    std::make_pair(
-        220,
-        std::vector<uint8_t>(
-            {0x6d, 0x30, 0xb7, 0xc6, 0xce, 0x8a, 0x32, 0x36, 0xc0, 0xca, 0x2f,
-             0x8d, 0x72, 0x8b, 0x10, 0x88, 0xca, 0x06, 0x98, 0x3a, 0x80, 0x43,
-             0xe6, 0x21, 0xd5, 0xdc, 0xf0, 0xc5, 0x37, 0xd1, 0x3b, 0x08, 0x79,
-             0x1e, 0xde, 0xb0, 0x1a, 0x3c, 0xf0, 0x94, 0x3e, 0xc1, 0xc8, 0x90,
-             0xab, 0x6e, 0x29, 0xb1, 0x46, 0xa2, 0x36, 0xcd, 0x46, 0xbc, 0xb9,
-             0xd9, 0x3b, 0xf5, 0x16, 0xfb, 0x67, 0xc6, 0x3f, 0xe5})),
-    std::make_pair(
-        221,
-        std::vector<uint8_t>(
-            {0x97, 0xfe, 0x03, 0xce, 0xf3, 0x14, 0x38, 0x50, 0x89, 0x11, 0xbd,
-             0xed, 0x97, 0x59, 0x80, 0xa6, 0x60, 0x29, 0x30, 0x5d, 0xc5, 0xe3,
-             0xfa, 0x8a, 0xd1, 0xb4, 0xfb, 0x22, 0xfc, 0xdf, 0x5a, 0x19, 0xa7,
-             0x33, 0x32, 0x03, 0x27, 0xd8, 0xf7, 0x1c, 0xcf, 0x49, 0x6c, 0xb3,
-             0xa4, 0x4a, 0x77, 0xaf, 0x56, 0xe3, 0xdd, 0xe7, 0x3d, 0x3a, 0x5f,
-             0x17, 0x68, 0x96, 0xcc, 0x57, 0xc9, 0xa5, 0xad, 0x99})),
-    std::make_pair(
-        222,
-        std::vector<uint8_t>(
-            {0x78, 0x5a, 0x9d, 0x0f, 0xbd, 0x21, 0x13, 0x6d, 0xbc, 0xe8, 0xfa,
-             0x7e, 0xaf, 0xd6, 0x3c, 0x9d, 0xad, 0x22, 0x00, 0x52, 0x97, 0x84,
-             0x16, 0xb3, 0x1d, 0x97, 0x53, 0xea, 0xa1, 0x49, 0x09, 0x78, 0x47,
-             0xed, 0x9b, 0x30, 0xa6, 0x5c, 0x70, 0x50, 0x7e, 0xff, 0x01, 0x87,
-             0x91, 0x49, 0xed, 0x5c, 0xf0, 0x47, 0x1d, 0x37, 0x79, 0x8e, 0xdc,
-             0x05, 0xab, 0xd5, 0x6a, 0xd4, 0xa2, 0xcc, 0xcb, 0x1d})),
-    std::make_pair(
-        223,
-        std::vector<uint8_t>(
-            {0xad, 0x40, 0x8d, 0x2a, 0xbd, 0xdf, 0xd3, 0x7b, 0x3b, 0xf3, 0x47,
-             0x94, 0xc1, 0xa3, 0x37, 0x1d, 0x92, 0x8e, 0xd7, 0xfc, 0x8d, 0x96,
-             0x62, 0x25, 0x33, 0x35, 0x84, 0xc5, 0x66, 0x58, 0x17, 0x83, 0x2a,
-             0x37, 0xc0, 0x7f, 0x0d, 0xc7, 0xcb, 0x5a, 0xa8, 0x74, 0xcd, 0x7d,
-             0x20, 0xfe, 0x8f, 0xab, 0x8e, 0xab, 0xcb, 0x9b, 0x33, 0xd2, 0xe0,
-             0x84, 0x1f, 0x6e, 0x20, 0x09, 0x60, 0x89, 0x9d, 0x95})),
-    std::make_pair(
-        224,
-        std::vector<uint8_t>(
-            {0x97, 0x66, 0x8f, 0x74, 0x5b, 0x60, 0x32, 0xfc, 0x81, 0x5d, 0x95,
-             0x79, 0x32, 0x27, 0x69, 0xdc, 0xcd, 0x95, 0x01, 0xa5, 0x08, 0x00,
-             0x29, 0xb8, 0xae, 0x82, 0x6b, 0xef, 0xb6, 0x74, 0x23, 0x31, 0xbd,
-             0x9f, 0x76, 0xef, 0xeb, 0x3e, 0x2b, 0x8e, 0x81, 0xa9, 0x78, 0x6b,
-             0x28, 0x2f, 0x50, 0x68, 0xa3, 0xa2, 0x42, 0x46, 0x97, 0xa7, 0x7c,
-             0x41, 0x87, 0x6b, 0x7e, 0x75, 0x3f, 0x4c, 0x77, 0x67})),
-    std::make_pair(
-        225,
-        std::vector<uint8_t>(
-            {0x26, 0xbb, 0x98, 0x5f, 0x47, 0xe7, 0xfe, 0xe0, 0xcf, 0xd2, 0x52,
-             0xd4, 0xef, 0x96, 0xbe, 0xd4, 0x2b, 0x9c, 0x37, 0x0c, 0x1c, 0x6a,
-             0x3e, 0x8c, 0x9e, 0xb0, 0x4e, 0xf7, 0xf7, 0x81, 0x8b, 0x83, 0x3a,
-             0x0d, 0x1f, 0x04, 0x3e, 0xba, 0xfb, 0x91, 0x1d, 0xc7, 0x79, 0xe0,
-             0x27, 0x40, 0xa0, 0x2a, 0x44, 0xd3, 0xa1, 0xea, 0x45, 0xed, 0x4a,
-             0xd5, 0x5e, 0x68, 0x6c, 0x92, 0x7c, 0xaf, 0xe9, 0x7e})),
-    std::make_pair(
-        226,
-        std::vector<uint8_t>(
-            {0x5b, 0xfe, 0x2b, 0x1d, 0xcf, 0x7f, 0xe9, 0xb9, 0x50, 0x88, 0xac,
-             0xed, 0xb5, 0x75, 0xc1, 0x90, 0x16, 0xc7, 0x43, 0xb2, 0xe7, 0x63,
-             0xbf, 0x58, 0x51, 0xac, 0x40, 0x7c, 0x9e, 0xda, 0x43, 0x71, 0x5e,
-             0xdf, 0xa4, 0x8b, 0x48, 0x25, 0x49, 0x2c, 0x51, 0x79, 0x59, 0x3f,
-             0xff, 0x21, 0x35, 0x1b, 0x76, 0xe8, 0xb7, 0xe0, 0x34, 0xe4, 0xc5,
-             0x3c, 0x79, 0xf6, 0x1f, 0x29, 0xc4, 0x79, 0xbd, 0x08})),
-    std::make_pair(
-        227,
-        std::vector<uint8_t>(
-            {0xc7, 0x65, 0x09, 0xef, 0x72, 0xf4, 0xa6, 0xf9, 0xc9, 0xc4, 0x06,
-             0x18, 0xed, 0x52, 0xb2, 0x08, 0x4f, 0x83, 0x50, 0x22, 0x32, 0xe0,
-             0xac, 0x8b, 0xda, 0xf3, 0x26, 0x43, 0x68, 0xe4, 0xd0, 0x18, 0x0f,
-             0x68, 0x54, 0xc4, 0xab, 0xf4, 0xf6, 0x50, 0x9c, 0x79, 0xca, 0xaf,
-             0xc4, 0x4c, 0xf3, 0x19, 0x4a, 0xfc, 0x57, 0xbd, 0x07, 0x7b, 0xd7,
-             0xb3, 0xc9, 0xbd, 0xa3, 0xd4, 0xb8, 0x77, 0x58, 0x16})),
-    std::make_pair(
-        228,
-        std::vector<uint8_t>(
-            {0xd6, 0x6f, 0x2b, 0xea, 0xb9, 0x90, 0xe3, 0x54, 0xcc, 0xb9, 0x10,
-             0xe4, 0xe9, 0xc7, 0xac, 0x61, 0x8c, 0x7b, 0x63, 0xef, 0x29, 0x2a,
-             0x96, 0xb5, 0x52, 0x34, 0x1d, 0xe7, 0x8d, 0xc4, 0x6d, 0x3e, 0xc8,
-             0xcf, 0xab, 0xc6, 0x99, 0xb5, 0x0a, 0xf4, 0x1f, 0xda, 0x39, 0xcf,
-             0x1b, 0x01, 0x73, 0x66, 0x09, 0x23, 0x51, 0x0a, 0xd6, 0x7f, 0xae,
-             0xde, 0xf5, 0x20, 0x7c, 0xff, 0xe8, 0x64, 0x1d, 0x20})),
-    std::make_pair(
-        229,
-        std::vector<uint8_t>(
-            {0x7d, 0x8f, 0x06, 0x72, 0x99, 0x2b, 0x79, 0xbe, 0x3a, 0x36, 0x4d,
-             0x8e, 0x59, 0x04, 0xf4, 0xab, 0x71, 0x3b, 0xbc, 0x8a, 0xb0, 0x1b,
-             0x4f, 0x30, 0x9a, 0xd8, 0xcc, 0xf2, 0x23, 0xce, 0x10, 0x34, 0xa8,
-             0x60, 0xdc, 0xb0, 0xb0, 0x05, 0x50, 0x61, 0x2c, 0xc2, 0xfa, 0x17,
-             0xf2, 0x96, 0x9e, 0x18, 0xf2, 0x2e, 0x14, 0x27, 0xd2, 0x54, 0xb4,
-             0xa8, 0x2b, 0x3a, 0x03, 0xa3, 0xeb, 0x39, 0x4a, 0xdf})),
-    std::make_pair(
-        230,
-        std::vector<uint8_t>(
-            {0xa5, 0x6d, 0x67, 0x25, 0xbf, 0xb3, 0xde, 0x47, 0xc1, 0x41, 0x4a,
-             0xdf, 0x25, 0xfc, 0x8f, 0x0f, 0xc9, 0x84, 0x6f, 0x69, 0x87, 0x72,
-             0x2b, 0xc0, 0x63, 0x66, 0xd5, 0xca, 0x4e, 0x89, 0x72, 0x29, 0x25,
-             0xeb, 0xbc, 0x88, 0x14, 0x18, 0x84, 0x40, 0x75, 0x39, 0x7a, 0x0c,
-             0xa8, 0x98, 0x42, 0xc7, 0xb9, 0xe9, 0xe0, 0x7e, 0x1d, 0x9d, 0x18,
-             0x3e, 0xbe, 0xb3, 0x9e, 0x12, 0x0b, 0x48, 0x3b, 0xf7})),
-    std::make_pair(
-        231,
-        std::vector<uint8_t>(
-            {0xaf, 0x5e, 0x03, 0xd7, 0xfe, 0x60, 0xc6, 0x7e, 0x10, 0x31, 0x33,
-             0x44, 0x43, 0x4e, 0x79, 0x48, 0x5a, 0x03, 0xa7, 0x58, 0xd6, 0xdc,
-             0xe9, 0x85, 0x57, 0x47, 0x45, 0x76, 0x3c, 0x1c, 0x5c, 0x77, 0xd4,
-             0xfb, 0x3e, 0x6f, 0xb1, 0x22, 0x30, 0x36, 0x83, 0x70, 0x99, 0x3b,
-             0xf9, 0x0f, 0xee, 0xd0, 0xc5, 0xd1, 0x60, 0x75, 0x24, 0x56, 0x2d,
-             0x7c, 0x09, 0xc0, 0xc2, 0x10, 0xed, 0x39, 0x3d, 0x7c})),
-    std::make_pair(
-        232,
-        std::vector<uint8_t>(
-            {0x7a, 0x20, 0x54, 0x0c, 0xc0, 0x7b, 0xf7, 0x2b, 0x58, 0x24, 0x21,
-             0xfc, 0x34, 0x2e, 0x82, 0xf5, 0x21, 0x34, 0xb6, 0x98, 0x41, 0xec,
-             0x28, 0xed, 0x18, 0x9e, 0x2e, 0xa6, 0xa2, 0x9d, 0xd2, 0xf8, 0x2a,
-             0x64, 0x03, 0x52, 0xd2, 0x22, 0xb5, 0x2f, 0x29, 0x11, 0xdc, 0x72,
-             0xa7, 0xda, 0xb3, 0x1c, 0xaa, 0xdd, 0x80, 0xc6, 0x11, 0x8f, 0x13,
-             0xc5, 0x6b, 0x2a, 0x1e, 0x43, 0x73, 0xbe, 0x0e, 0xa3})),
-    std::make_pair(
-        233,
-        std::vector<uint8_t>(
-            {0x48, 0x6f, 0x02, 0xc6, 0x3e, 0x54, 0x67, 0xea, 0x1f, 0xdd, 0xe7,
-             0xe8, 0x2b, 0xfa, 0xcc, 0x2c, 0x1b, 0xa5, 0xd6, 0x36, 0xd9, 0xf3,
-             0xd0, 0x8b, 0x21, 0x0d, 0xa3, 0xf3, 0x72, 0xf7, 0x06, 0xec, 0x21,
-             0x8c, 0xc1, 0x7f, 0xf6, 0x0a, 0xef, 0x70, 0x3b, 0xbe, 0x0c, 0x15,
-             0xc3, 0x8a, 0xe5, 0x5d, 0x28, 0x6a, 0x68, 0x4f, 0x86, 0x4c, 0x78,
-             0x21, 0x1c, 0xca, 0xb4, 0x17, 0x8c, 0x92, 0xad, 0xba})),
-    std::make_pair(
-        234,
-        std::vector<uint8_t>(
-            {0x1c, 0x7a, 0x5c, 0x1d, 0xed, 0xcd, 0x04, 0xa9, 0x21, 0x78, 0x8f,
-             0x7e, 0xb2, 0x33, 0x61, 0xca, 0x19, 0x53, 0xb0, 0x4b, 0x9c, 0x7a,
-             0xec, 0x35, 0xd6, 0x5e, 0xa3, 0xe4, 0x99, 0x6d, 0xb2, 0x6f, 0x28,
-             0x12, 0x78, 0xea, 0x4a, 0xe6, 0x66, 0xad, 0x81, 0x02, 0x7d, 0x98,
-             0xaf, 0x57, 0x26, 0x2c, 0xdb, 0xfa, 0x4c, 0x08, 0x5f, 0x42, 0x10,
-             0x56, 0x8c, 0x7e, 0x15, 0xee, 0xc7, 0x80, 0x51, 0x14})),
-    std::make_pair(
-        235,
-        std::vector<uint8_t>(
-            {0x9c, 0xe3, 0xfa, 0x9a, 0x86, 0x0b, 0xdb, 0xd5, 0x37, 0x8f, 0xd6,
-             0xd7, 0xb8, 0xb6, 0x71, 0xc6, 0xcb, 0x76, 0x92, 0x91, 0x0c, 0xe8,
-             0xf9, 0xb6, 0xcb, 0x41, 0x22, 0xcb, 0xcb, 0xe6, 0xac, 0x06, 0xca,
-             0x04, 0x22, 0xce, 0xf1, 0x22, 0x59, 0x35, 0x05, 0x3b, 0x7d, 0x19,
-             0x3a, 0x81, 0xb9, 0xe9, 0x72, 0xeb, 0x85, 0xa1, 0xd3, 0x07, 0x4f,
-             0x14, 0xcb, 0xb5, 0xec, 0x9f, 0x05, 0x73, 0x89, 0x2d})),
-    std::make_pair(
-        236,
-        std::vector<uint8_t>(
-            {0xa9, 0x11, 0x87, 0xbe, 0x5c, 0x37, 0x1c, 0x42, 0x65, 0xc1, 0x74,
-             0xfd, 0x46, 0x53, 0xb8, 0xab, 0x70, 0x85, 0x51, 0xf8, 0x3d, 0x1f,
-             0xee, 0x1c, 0xc1, 0x47, 0x95, 0x81, 0xbc, 0x00, 0x6d, 0x6f, 0xb7,
-             0x8f, 0xcc, 0x9a, 0x5d, 0xee, 0x1d, 0xb3, 0x66, 0x6f, 0x50, 0x8f,
-             0x97, 0x80, 0xa3, 0x75, 0x93, 0xeb, 0xcc, 0xcf, 0x5f, 0xbe, 0xd3,
-             0x96, 0x67, 0xdc, 0x63, 0x61, 0xe9, 0x21, 0xf7, 0x79})),
-    std::make_pair(
-        237,
-        std::vector<uint8_t>(
-            {0x46, 0x25, 0x76, 0x7d, 0x7b, 0x1d, 0x3d, 0x3e, 0xd2, 0xfb, 0xc6,
-             0x74, 0xaf, 0x14, 0xe0, 0x24, 0x41, 0x52, 0xf2, 0xa4, 0x02, 0x1f,
-             0xcf, 0x33, 0x11, 0x50, 0x5d, 0x89, 0xbd, 0x81, 0xe2, 0xf9, 0xf9,
-             0xa5, 0x00, 0xc3, 0xb1, 0x99, 0x91, 0x4d, 0xb4, 0x95, 0x00, 0xb3,
-             0xc9, 0x8d, 0x03, 0xea, 0x93, 0x28, 0x67, 0x51, 0xa6, 0x86, 0xa3,
-             0xb8, 0x75, 0xda, 0xab, 0x0c, 0xcd, 0x63, 0xb4, 0x4f})),
-    std::make_pair(
-        238,
-        std::vector<uint8_t>(
-            {0x43, 0xdf, 0xdf, 0xe1, 0xb0, 0x14, 0xfe, 0xd3, 0xa2, 0xac, 0xab,
-             0xb7, 0xf3, 0xe9, 0xa1, 0x82, 0xf2, 0xaa, 0x18, 0x01, 0x9d, 0x27,
-             0xe3, 0xe6, 0xcd, 0xcf, 0x31, 0xa1, 0x5b, 0x42, 0x8e, 0x91, 0xe7,
-             0xb0, 0x8c, 0xf5, 0xe5, 0xc3, 0x76, 0xfc, 0xe2, 0xd8, 0xa2, 0x8f,
-             0xf8, 0x5a, 0xb0, 0xa0, 0xa1, 0x65, 0x6e, 0xdb, 0x4a, 0x0a, 0x91,
-             0x53, 0x26, 0x20, 0x09, 0x6d, 0x9a, 0x5a, 0x65, 0x2d})),
-    std::make_pair(
-        239,
-        std::vector<uint8_t>(
-            {0x27, 0x9e, 0x32, 0x02, 0xbe, 0x39, 0x89, 0xba, 0x31, 0x12, 0x77,
-             0x25, 0x85, 0x17, 0x74, 0x87, 0xe4, 0xfe, 0x3e, 0xe3, 0xea, 0xb4,
-             0x9c, 0x2f, 0x7f, 0xa7, 0xfe, 0x87, 0xcf, 0xe7, 0xb8, 0x0d, 0x3e,
-             0x03, 0x55, 0xed, 0xff, 0x6d, 0x03, 0x1e, 0x6c, 0x96, 0xc7, 0x95,
-             0xdb, 0x1c, 0x6f, 0x04, 0x18, 0x80, 0xec, 0x38, 0x24, 0xde, 0xfa,
-             0xcf, 0x92, 0x63, 0x82, 0x0a, 0x8e, 0x73, 0x27, 0xde})),
-    std::make_pair(
-        240,
-        std::vector<uint8_t>(
-            {0xea, 0x2d, 0x06, 0x6a, 0xc2, 0x29, 0xd4, 0xd4, 0xb6, 0x16, 0xa8,
-             0xbe, 0xde, 0xc7, 0x34, 0x32, 0x52, 0x24, 0xe4, 0xb4, 0xe5, 0x8f,
-             0x1a, 0xe6, 0xda, 0xd7, 0xe4, 0x0c, 0x2d, 0xa2, 0x91, 0x96, 0xc3,
-             0xb1, 0xea, 0x95, 0x71, 0xda, 0xcc, 0x81, 0xe8, 0x73, 0x28, 0xca,
-             0xa0, 0x21, 0x1e, 0x09, 0x02, 0x7b, 0x05, 0x24, 0xaa, 0x3f, 0x4a,
-             0x84, 0x99, 0x17, 0xb3, 0x58, 0x67, 0x47, 0xeb, 0xbb})),
-    std::make_pair(
-        241,
-        std::vector<uint8_t>(
-            {0x49, 0xf0, 0x14, 0xf5, 0xc6, 0x18, 0x22, 0xc8, 0x99, 0xab, 0x5c,
-             0xae, 0x51, 0xbe, 0x40, 0x44, 0xa4, 0x49, 0x5e, 0x77, 0x7d, 0xeb,
-             0x7d, 0xa9, 0xb6, 0xd8, 0x49, 0x0e, 0xfb, 0xb8, 0x75, 0x30, 0xad,
-             0xf2, 0x93, 0xda, 0xf0, 0x79, 0xf9, 0x4c, 0x33, 0xb7, 0x04, 0x4e,
-             0xf6, 0x2e, 0x2e, 0x5b, 0xb3, 0xeb, 0x11, 0xe1, 0x73, 0x04, 0xf8,
-             0x45, 0x3e, 0xe6, 0xce, 0x24, 0xf0, 0x33, 0xdd, 0xb0})),
-    std::make_pair(
-        242,
-        std::vector<uint8_t>(
-            {0x92, 0x33, 0x49, 0x03, 0x44, 0xe5, 0xb0, 0xdc, 0x59, 0x12, 0x67,
-             0x1b, 0x7a, 0xe5, 0x4c, 0xee, 0x77, 0x30, 0xdb, 0xe1, 0xf4, 0xc7,
-             0xd9, 0x2a, 0x4d, 0x3e, 0x3a, 0xab, 0x50, 0x57, 0x17, 0x08, 0xdb,
-             0x51, 0xdc, 0xf9, 0xc2, 0x94, 0x45, 0x91, 0xdb, 0x65, 0x1d, 0xb3,
-             0x2d, 0x22, 0x93, 0x5b, 0x86, 0x94, 0x49, 0x69, 0xbe, 0x77, 0xd5,
-             0xb5, 0xfe, 0xae, 0x6c, 0x38, 0x40, 0xa8, 0xdb, 0x26})),
-    std::make_pair(
-        243,
-        std::vector<uint8_t>(
-            {0xb6, 0xe7, 0x5e, 0x6f, 0x4c, 0x7f, 0x45, 0x3b, 0x74, 0x65, 0xd2,
-             0x5b, 0x5a, 0xc8, 0xc7, 0x19, 0x69, 0x02, 0xea, 0xa9, 0x53, 0x87,
-             0x52, 0x28, 0xc8, 0x63, 0x4e, 0x16, 0xe2, 0xae, 0x1f, 0x38, 0xbc,
-             0x32, 0x75, 0x30, 0x43, 0x35, 0xf5, 0x98, 0x9e, 0xcc, 0xc1, 0xe3,
-             0x41, 0x67, 0xd4, 0xe6, 0x8d, 0x77, 0x19, 0x96, 0x8f, 0xba, 0x8e,
-             0x2f, 0xe6, 0x79, 0x47, 0xc3, 0x5c, 0x48, 0xe8, 0x06})),
-    std::make_pair(
-        244,
-        std::vector<uint8_t>(
-            {0xcc, 0x14, 0xca, 0x66, 0x5a, 0xf1, 0x48, 0x3e, 0xfb, 0xc3, 0xaf,
-             0x80, 0x08, 0x0e, 0x65, 0x0d, 0x50, 0x46, 0xa3, 0x93, 0x2f, 0x4f,
-             0x51, 0xf3, 0xfe, 0x90, 0xa0, 0x70, 0x5e, 0xc2, 0x51, 0x04, 0xad,
-             0xf0, 0x78, 0x39, 0x26, 0x5d, 0xc5, 0x1d, 0x43, 0x40, 0x14, 0x11,
-             0x24, 0x6e, 0x47, 0x4f, 0x0d, 0x5e, 0x56, 0x37, 0xaf, 0x94, 0x76,
-             0x72, 0x83, 0xd5, 0x3e, 0x06, 0x17, 0xe9, 0x81, 0xf4})),
-    std::make_pair(
-        245,
-        std::vector<uint8_t>(
-            {0x23, 0x0a, 0x1c, 0x85, 0x7c, 0xb2, 0xe7, 0x85, 0x2e, 0x41, 0xb6,
-             0x47, 0xe9, 0x0e, 0x45, 0x85, 0xd2, 0xd8, 0x81, 0xe1, 0x73, 0x4d,
-             0xc3, 0x89, 0x55, 0x35, 0x6e, 0x8d, 0xd7, 0xbf, 0xf3, 0x90, 0x53,
-             0x09, 0x2c, 0x6b, 0x38, 0xe2, 0x36, 0xe1, 0x89, 0x95, 0x25, 0x64,
-             0x70, 0x73, 0xdd, 0xdf, 0x68, 0x95, 0xd6, 0x42, 0x06, 0x32, 0x5e,
-             0x76, 0x47, 0xf2, 0x75, 0x56, 0x7b, 0x25, 0x59, 0x09})),
-    std::make_pair(
-        246,
-        std::vector<uint8_t>(
-            {0xcb, 0xb6, 0x53, 0x21, 0xac, 0x43, 0x6e, 0x2f, 0xfd, 0xab, 0x29,
-             0x36, 0x35, 0x9c, 0xe4, 0x90, 0x23, 0xf7, 0xde, 0xe7, 0x61, 0x4e,
-             0xf2, 0x8d, 0x17, 0x3c, 0x3d, 0x27, 0xc5, 0xd1, 0xbf, 0xfa, 0x51,
-             0x55, 0x3d, 0x43, 0x3f, 0x8e, 0xe3, 0xc9, 0xe4, 0x9c, 0x05, 0xa2,
-             0xb8, 0x83, 0xcc, 0xe9, 0x54, 0xc9, 0xa8, 0x09, 0x3b, 0x80, 0x61,
-             0x2a, 0x0c, 0xdd, 0x47, 0x32, 0xe0, 0x41, 0xf9, 0x95})),
-    std::make_pair(
-        247,
-        std::vector<uint8_t>(
-            {0x3e, 0x7e, 0x57, 0x00, 0x74, 0x33, 0x72, 0x75, 0xef, 0xb5, 0x13,
-             0x15, 0x58, 0x80, 0x34, 0xc3, 0xcf, 0x0d, 0xdd, 0xca, 0x20, 0xb4,
-             0x61, 0x2e, 0x0b, 0xd5, 0xb8, 0x81, 0xe7, 0xe5, 0x47, 0x6d, 0x31,
-             0x9c, 0xe4, 0xfe, 0x9f, 0x19, 0x18, 0x6e, 0x4c, 0x08, 0x26, 0xf4,
-             0x4f, 0x13, 0x1e, 0xb0, 0x48, 0xe6, 0x5b, 0xe2, 0x42, 0xb1, 0x17,
-             0x2c, 0x63, 0xba, 0xdb, 0x12, 0x3a, 0xb0, 0xcb, 0xe8})),
-    std::make_pair(
-        248,
-        std::vector<uint8_t>(
-            {0xd3, 0x2e, 0x9e, 0xc0, 0x2d, 0x38, 0xd4, 0xe1, 0xb8, 0x24, 0x9d,
-             0xf8, 0xdc, 0xb0, 0x0c, 0x5b, 0x9c, 0x68, 0xeb, 0x89, 0x22, 0x67,
-             0x2e, 0x35, 0x05, 0x39, 0x3b, 0x6a, 0x21, 0x0b, 0xa5, 0x6f, 0x94,
-             0x96, 0xe5, 0xee, 0x04, 0x90, 0xef, 0x38, 0x7c, 0x3c, 0xde, 0xc0,
-             0x61, 0xf0, 0x6b, 0xc0, 0x38, 0x2d, 0x93, 0x04, 0xca, 0xfb, 0xb8,
-             0xe0, 0xcd, 0x33, 0xd5, 0x70, 0x29, 0xe6, 0x2d, 0xf2})),
-    std::make_pair(
-        249,
-        std::vector<uint8_t>(
-            {0x8c, 0x15, 0x12, 0x46, 0x60, 0x89, 0xf0, 0x5b, 0x37, 0x75, 0xc2,
-             0x62, 0xb6, 0x2d, 0x22, 0xb8, 0x38, 0x54, 0xa8, 0x32, 0x18, 0x13,
-             0x0b, 0x4e, 0xc9, 0x1b, 0x3c, 0xcb, 0xd2, 0x93, 0xd2, 0xa5, 0x43,
-             0x02, 0xce, 0xca, 0xab, 0x9b, 0x10, 0x0c, 0x68, 0xd1, 0xe6, 0xdd,
-             0xc8, 0xf0, 0x7c, 0xdd, 0xbd, 0xfe, 0x6f, 0xda, 0xaa, 0xf0, 0x99,
-             0xcc, 0x09, 0xd6, 0xb7, 0x25, 0x87, 0x9c, 0x63, 0x69})),
-    std::make_pair(
-        250,
-        std::vector<uint8_t>(
-            {0x91, 0xa7, 0xf6, 0x1c, 0x97, 0xc2, 0x91, 0x1e, 0x4c, 0x81, 0x2e,
-             0xf7, 0x1d, 0x78, 0x0a, 0xd8, 0xfa, 0x78, 0x87, 0x94, 0x56, 0x1d,
-             0x08, 0x30, 0x3f, 0xd1, 0xc1, 0xcb, 0x60, 0x8a, 0x46, 0xa1, 0x25,
-             0x63, 0x08, 0x6e, 0xc5, 0xb3, 0x9d, 0x47, 0x1a, 0xed, 0x94, 0xfb,
-             0x0f, 0x6c, 0x67, 0x8a, 0x43, 0xb8, 0x79, 0x29, 0x32, 0xf9, 0x02,
-             0x8d, 0x77, 0x2a, 0x22, 0x76, 0x8e, 0xa2, 0x3a, 0x9b})),
-    std::make_pair(
-        251,
-        std::vector<uint8_t>(
-            {0x4f, 0x6b, 0xb2, 0x22, 0xa3, 0x95, 0xe8, 0xb1, 0x8f, 0x6b, 0xa1,
-             0x55, 0x47, 0x7a, 0xed, 0x3f, 0x07, 0x29, 0xac, 0x9e, 0x83, 0xe1,
-             0x6d, 0x31, 0xa2, 0xa8, 0xbc, 0x65, 0x54, 0x22, 0xb8, 0x37, 0xc8,
-             0x91, 0xc6, 0x19, 0x9e, 0x6f, 0x0d, 0x75, 0x79, 0x9e, 0x3b, 0x69,
-             0x15, 0x25, 0xc5, 0x81, 0x95, 0x35, 0x17, 0xf2, 0x52, 0xc4, 0xb9,
-             0xe3, 0xa2, 0x7a, 0x28, 0xfb, 0xaf, 0x49, 0x64, 0x4c})),
-    std::make_pair(
-        252,
-        std::vector<uint8_t>(
-            {0x5d, 0x06, 0xc0, 0x7e, 0x7a, 0x64, 0x6c, 0x41, 0x3a, 0x50, 0x1c,
-             0x3f, 0x4b, 0xb2, 0xfc, 0x38, 0x12, 0x7d, 0xe7, 0x50, 0x9b, 0x70,
-             0x77, 0xc4, 0xd9, 0xb5, 0x61, 0x32, 0x01, 0xc1, 0xaa, 0x02, 0xfd,
-             0x5f, 0x79, 0xd2, 0x74, 0x59, 0x15, 0xdd, 0x57, 0xfb, 0xcb, 0x4c,
-             0xe0, 0x86, 0x95, 0xf6, 0xef, 0xc0, 0xcb, 0x3d, 0x2d, 0x33, 0x0e,
-             0x19, 0xb4, 0xb0, 0xe6, 0x00, 0x4e, 0xa6, 0x47, 0x1e})),
-    std::make_pair(
-        253,
-        std::vector<uint8_t>(
-            {0xb9, 0x67, 0x56, 0xe5, 0x79, 0x09, 0x96, 0x8f, 0x14, 0xb7, 0x96,
-             0xa5, 0xd3, 0x0f, 0x4c, 0x9d, 0x67, 0x14, 0x72, 0xcf, 0x82, 0xc8,
-             0xcf, 0xb2, 0xca, 0xca, 0x7a, 0xc7, 0xa4, 0x4c, 0xa0, 0xa1, 0x4c,
-             0x98, 0x42, 0xd0, 0x0c, 0x82, 0xe3, 0x37, 0x50, 0x2c, 0x94, 0xd5,
-             0x96, 0x0a, 0xca, 0x4c, 0x49, 0x2e, 0xa7, 0xb0, 0xdf, 0x91, 0x9d,
-             0xdf, 0x1a, 0xad, 0xa2, 0xa2, 0x75, 0xbb, 0x10, 0xd4})),
-    std::make_pair(
-        254,
-        std::vector<uint8_t>(
-            {0xff, 0x0a, 0x01, 0x5e, 0x98, 0xdb, 0x9c, 0x99, 0xf0, 0x39, 0x77,
-             0x71, 0x0a, 0xac, 0x3e, 0x65, 0x8c, 0x0d, 0x89, 0x6f, 0x6d, 0x71,
-             0xd6, 0x18, 0xba, 0x79, 0xdc, 0x6c, 0xf7, 0x2a, 0xc7, 0x5b, 0x7c,
-             0x03, 0x8e, 0xb6, 0x86, 0x2d, 0xed, 0xe4, 0x54, 0x3e, 0x14, 0x54,
-             0x13, 0xa6, 0x36, 0x8d, 0x69, 0xf5, 0x72, 0x2c, 0x82, 0x7b, 0xa3,
-             0xef, 0x25, 0xb6, 0xae, 0x64, 0x40, 0xd3, 0x92, 0x76})),
-    std::make_pair(
-        255,
-        std::vector<uint8_t>(
-            {0x5b, 0x21, 0xc5, 0xfd, 0x88, 0x68, 0x36, 0x76, 0x12, 0x47, 0x4f,
-             0xa2, 0xe7, 0x0e, 0x9c, 0xfa, 0x22, 0x01, 0xff, 0xee, 0xe8, 0xfa,
-             0xfa, 0xb5, 0x79, 0x7a, 0xd5, 0x8f, 0xef, 0xa1, 0x7c, 0x9b, 0x5b,
-             0x10, 0x7d, 0xa4, 0xa3, 0xdb, 0x63, 0x20, 0xba, 0xaf, 0x2c, 0x86,
-             0x17, 0xd5, 0xa5, 0x1d, 0xf9, 0x14, 0xae, 0x88, 0xda, 0x38, 0x67,
-             0xc2, 0xd4, 0x1f, 0x0c, 0xc1, 0x4f, 0xa6, 0x79, 0x28}))};
-
-std::vector<std::pair<int, std::vector<uint8_t>>> TestcasesKeyed = {
-    std::make_pair(
-        0,
-        std::vector<uint8_t>(
-            {0x10, 0xeb, 0xb6, 0x77, 0x00, 0xb1, 0x86, 0x8e, 0xfb, 0x44, 0x17,
-             0x98, 0x7a, 0xcf, 0x46, 0x90, 0xae, 0x9d, 0x97, 0x2f, 0xb7, 0xa5,
-             0x90, 0xc2, 0xf0, 0x28, 0x71, 0x79, 0x9a, 0xaa, 0x47, 0x86, 0xb5,
-             0xe9, 0x96, 0xe8, 0xf0, 0xf4, 0xeb, 0x98, 0x1f, 0xc2, 0x14, 0xb0,
-             0x05, 0xf4, 0x2d, 0x2f, 0xf4, 0x23, 0x34, 0x99, 0x39, 0x16, 0x53,
-             0xdf, 0x7a, 0xef, 0xcb, 0xc1, 0x3f, 0xc5, 0x15, 0x68})),
-    std::make_pair(
-        1,
-        std::vector<uint8_t>(
-            {0x96, 0x1f, 0x6d, 0xd1, 0xe4, 0xdd, 0x30, 0xf6, 0x39, 0x01, 0x69,
-             0x0c, 0x51, 0x2e, 0x78, 0xe4, 0xb4, 0x5e, 0x47, 0x42, 0xed, 0x19,
-             0x7c, 0x3c, 0x5e, 0x45, 0xc5, 0x49, 0xfd, 0x25, 0xf2, 0xe4, 0x18,
-             0x7b, 0x0b, 0xc9, 0xfe, 0x30, 0x49, 0x2b, 0x16, 0xb0, 0xd0, 0xbc,
-             0x4e, 0xf9, 0xb0, 0xf3, 0x4c, 0x70, 0x03, 0xfa, 0xc0, 0x9a, 0x5e,
-             0xf1, 0x53, 0x2e, 0x69, 0x43, 0x02, 0x34, 0xce, 0xbd})),
-    std::make_pair(
-        2,
-        std::vector<uint8_t>(
-            {0xda, 0x2c, 0xfb, 0xe2, 0xd8, 0x40, 0x9a, 0x0f, 0x38, 0x02, 0x61,
-             0x13, 0x88, 0x4f, 0x84, 0xb5, 0x01, 0x56, 0x37, 0x1a, 0xe3, 0x04,
-             0xc4, 0x43, 0x01, 0x73, 0xd0, 0x8a, 0x99, 0xd9, 0xfb, 0x1b, 0x98,
-             0x31, 0x64, 0xa3, 0x77, 0x07, 0x06, 0xd5, 0x37, 0xf4, 0x9e, 0x0c,
-             0x91, 0x6d, 0x9f, 0x32, 0xb9, 0x5c, 0xc3, 0x7a, 0x95, 0xb9, 0x9d,
-             0x85, 0x74, 0x36, 0xf0, 0x23, 0x2c, 0x88, 0xa9, 0x65})),
-    std::make_pair(
-        3,
-        std::vector<uint8_t>(
-            {0x33, 0xd0, 0x82, 0x5d, 0xdd, 0xf7, 0xad, 0xa9, 0x9b, 0x0e, 0x7e,
-             0x30, 0x71, 0x04, 0xad, 0x07, 0xca, 0x9c, 0xfd, 0x96, 0x92, 0x21,
-             0x4f, 0x15, 0x61, 0x35, 0x63, 0x15, 0xe7, 0x84, 0xf3, 0xe5, 0xa1,
-             0x7e, 0x36, 0x4a, 0xe9, 0xdb, 0xb1, 0x4c, 0xb2, 0x03, 0x6d, 0xf9,
-             0x32, 0xb7, 0x7f, 0x4b, 0x29, 0x27, 0x61, 0x36, 0x5f, 0xb3, 0x28,
-             0xde, 0x7a, 0xfd, 0xc6, 0xd8, 0x99, 0x8f, 0x5f, 0xc1})),
-    std::make_pair(
-        4,
-        std::vector<uint8_t>(
-            {0xbe, 0xaa, 0x5a, 0x3d, 0x08, 0xf3, 0x80, 0x71, 0x43, 0xcf, 0x62,
-             0x1d, 0x95, 0xcd, 0x69, 0x05, 0x14, 0xd0, 0xb4, 0x9e, 0xff, 0xf9,
-             0xc9, 0x1d, 0x24, 0xb5, 0x92, 0x41, 0xec, 0x0e, 0xef, 0xa5, 0xf6,
-             0x01, 0x96, 0xd4, 0x07, 0x04, 0x8b, 0xba, 0x8d, 0x21, 0x46, 0x82,
-             0x8e, 0xbc, 0xb0, 0x48, 0x8d, 0x88, 0x42, 0xfd, 0x56, 0xbb, 0x4f,
-             0x6d, 0xf8, 0xe1, 0x9c, 0x4b, 0x4d, 0xaa, 0xb8, 0xac})),
-    std::make_pair(
-        5,
-        std::vector<uint8_t>(
-            {0x09, 0x80, 0x84, 0xb5, 0x1f, 0xd1, 0x3d, 0xea, 0xe5, 0xf4, 0x32,
-             0x0d, 0xe9, 0x4a, 0x68, 0x8e, 0xe0, 0x7b, 0xae, 0xa2, 0x80, 0x04,
-             0x86, 0x68, 0x9a, 0x86, 0x36, 0x11, 0x7b, 0x46, 0xc1, 0xf4, 0xc1,
-             0xf6, 0xaf, 0x7f, 0x74, 0xae, 0x7c, 0x85, 0x76, 0x00, 0x45, 0x6a,
-             0x58, 0xa3, 0xaf, 0x25, 0x1d, 0xc4, 0x72, 0x3a, 0x64, 0xcc, 0x7c,
-             0x0a, 0x5a, 0xb6, 0xd9, 0xca, 0xc9, 0x1c, 0x20, 0xbb})),
-    std::make_pair(
-        6,
-        std::vector<uint8_t>(
-            {0x60, 0x44, 0x54, 0x0d, 0x56, 0x08, 0x53, 0xeb, 0x1c, 0x57, 0xdf,
-             0x00, 0x77, 0xdd, 0x38, 0x10, 0x94, 0x78, 0x1c, 0xdb, 0x90, 0x73,
-             0xe5, 0xb1, 0xb3, 0xd3, 0xf6, 0xc7, 0x82, 0x9e, 0x12, 0x06, 0x6b,
-             0xba, 0xca, 0x96, 0xd9, 0x89, 0xa6, 0x90, 0xde, 0x72, 0xca, 0x31,
-             0x33, 0xa8, 0x36, 0x52, 0xba, 0x28, 0x4a, 0x6d, 0x62, 0x94, 0x2b,
-             0x27, 0x1f, 0xfa, 0x26, 0x20, 0xc9, 0xe7, 0x5b, 0x1f})),
-    std::make_pair(
-        7,
-        std::vector<uint8_t>(
-            {0x7a, 0x8c, 0xfe, 0x9b, 0x90, 0xf7, 0x5f, 0x7e, 0xcb, 0x3a, 0xcc,
-             0x05, 0x3a, 0xae, 0xd6, 0x19, 0x31, 0x12, 0xb6, 0xf6, 0xa4, 0xae,
-             0xeb, 0x3f, 0x65, 0xd3, 0xde, 0x54, 0x19, 0x42, 0xde, 0xb9, 0xe2,
-             0x22, 0x81, 0x52, 0xa3, 0xc4, 0xbb, 0xbe, 0x72, 0xfc, 0x3b, 0x12,
-             0x62, 0x95, 0x28, 0xcf, 0xbb, 0x09, 0xfe, 0x63, 0x0f, 0x04, 0x74,
-             0x33, 0x9f, 0x54, 0xab, 0xf4, 0x53, 0xe2, 0xed, 0x52})),
-    std::make_pair(
-        8,
-        std::vector<uint8_t>(
-            {0x38, 0x0b, 0xea, 0xf6, 0xea, 0x7c, 0xc9, 0x36, 0x5e, 0x27, 0x0e,
-             0xf0, 0xe6, 0xf3, 0xa6, 0x4f, 0xb9, 0x02, 0xac, 0xae, 0x51, 0xdd,
-             0x55, 0x12, 0xf8, 0x42, 0x59, 0xad, 0x2c, 0x91, 0xf4, 0xbc, 0x41,
-             0x08, 0xdb, 0x73, 0x19, 0x2a, 0x5b, 0xbf, 0xb0, 0xcb, 0xcf, 0x71,
-             0xe4, 0x6c, 0x3e, 0x21, 0xae, 0xe1, 0xc5, 0xe8, 0x60, 0xdc, 0x96,
-             0xe8, 0xeb, 0x0b, 0x7b, 0x84, 0x26, 0xe6, 0xab, 0xe9})),
-    std::make_pair(
-        9,
-        std::vector<uint8_t>(
-            {0x60, 0xfe, 0x3c, 0x45, 0x35, 0xe1, 0xb5, 0x9d, 0x9a, 0x61, 0xea,
-             0x85, 0x00, 0xbf, 0xac, 0x41, 0xa6, 0x9d, 0xff, 0xb1, 0xce, 0xad,
-             0xd9, 0xac, 0xa3, 0x23, 0xe9, 0xa6, 0x25, 0xb6, 0x4d, 0xa5, 0x76,
-             0x3b, 0xad, 0x72, 0x26, 0xda, 0x02, 0xb9, 0xc8, 0xc4, 0xf1, 0xa5,
-             0xde, 0x14, 0x0a, 0xc5, 0xa6, 0xc1, 0x12, 0x4e, 0x4f, 0x71, 0x8c,
-             0xe0, 0xb2, 0x8e, 0xa4, 0x73, 0x93, 0xaa, 0x66, 0x37})),
-    std::make_pair(
-        10,
-        std::vector<uint8_t>(
-            {0x4f, 0xe1, 0x81, 0xf5, 0x4a, 0xd6, 0x3a, 0x29, 0x83, 0xfe, 0xaa,
-             0xf7, 0x7d, 0x1e, 0x72, 0x35, 0xc2, 0xbe, 0xb1, 0x7f, 0xa3, 0x28,
-             0xb6, 0xd9, 0x50, 0x5b, 0xda, 0x32, 0x7d, 0xf1, 0x9f, 0xc3, 0x7f,
-             0x02, 0xc4, 0xb6, 0xf0, 0x36, 0x8c, 0xe2, 0x31, 0x47, 0x31, 0x3a,
-             0x8e, 0x57, 0x38, 0xb5, 0xfa, 0x2a, 0x95, 0xb2, 0x9d, 0xe1, 0xc7,
-             0xf8, 0x26, 0x4e, 0xb7, 0x7b, 0x69, 0xf5, 0x85, 0xcd})),
-    std::make_pair(
-        11,
-        std::vector<uint8_t>(
-            {0xf2, 0x28, 0x77, 0x3c, 0xe3, 0xf3, 0xa4, 0x2b, 0x5f, 0x14, 0x4d,
-             0x63, 0x23, 0x7a, 0x72, 0xd9, 0x96, 0x93, 0xad, 0xb8, 0x83, 0x7d,
-             0x0e, 0x11, 0x2a, 0x8a, 0x0f, 0x8f, 0xff, 0xf2, 0xc3, 0x62, 0x85,
-             0x7a, 0xc4, 0x9c, 0x11, 0xec, 0x74, 0x0d, 0x15, 0x00, 0x74, 0x9d,
-             0xac, 0x9b, 0x1f, 0x45, 0x48, 0x10, 0x8b, 0xf3, 0x15, 0x57, 0x94,
-             0xdc, 0xc9, 0xe4, 0x08, 0x28, 0x49, 0xe2, 0xb8, 0x5b})),
-    std::make_pair(
-        12,
-        std::vector<uint8_t>(
-            {0x96, 0x24, 0x52, 0xa8, 0x45, 0x5c, 0xc5, 0x6c, 0x85, 0x11, 0x31,
-             0x7e, 0x3b, 0x1f, 0x3b, 0x2c, 0x37, 0xdf, 0x75, 0xf5, 0x88, 0xe9,
-             0x43, 0x25, 0xfd, 0xd7, 0x70, 0x70, 0x35, 0x9c, 0xf6, 0x3a, 0x9a,
-             0xe6, 0xe9, 0x30, 0x93, 0x6f, 0xdf, 0x8e, 0x1e, 0x08, 0xff, 0xca,
-             0x44, 0x0c, 0xfb, 0x72, 0xc2, 0x8f, 0x06, 0xd8, 0x9a, 0x21, 0x51,
-             0xd1, 0xc4, 0x6c, 0xd5, 0xb2, 0x68, 0xef, 0x85, 0x63})),
-    std::make_pair(
-        13,
-        std::vector<uint8_t>(
-            {0x43, 0xd4, 0x4b, 0xfa, 0x18, 0x76, 0x8c, 0x59, 0x89, 0x6b, 0xf7,
-             0xed, 0x17, 0x65, 0xcb, 0x2d, 0x14, 0xaf, 0x8c, 0x26, 0x02, 0x66,
-             0x03, 0x90, 0x99, 0xb2, 0x5a, 0x60, 0x3e, 0x4d, 0xdc, 0x50, 0x39,
-             0xd6, 0xef, 0x3a, 0x91, 0x84, 0x7d, 0x10, 0x88, 0xd4, 0x01, 0xc0,
-             0xc7, 0xe8, 0x47, 0x78, 0x1a, 0x8a, 0x59, 0x0d, 0x33, 0xa3, 0xc6,
-             0xcb, 0x4d, 0xf0, 0xfa, 0xb1, 0xc2, 0xf2, 0x23, 0x55})),
-    std::make_pair(
-        14,
-        std::vector<uint8_t>(
-            {0xdc, 0xff, 0xa9, 0xd5, 0x8c, 0x2a, 0x4c, 0xa2, 0xcd, 0xbb, 0x0c,
-             0x7a, 0xa4, 0xc4, 0xc1, 0xd4, 0x51, 0x65, 0x19, 0x00, 0x89, 0xf4,
-             0xe9, 0x83, 0xbb, 0x1c, 0x2c, 0xab, 0x4a, 0xae, 0xff, 0x1f, 0xa2,
-             0xb5, 0xee, 0x51, 0x6f, 0xec, 0xd7, 0x80, 0x54, 0x02, 0x40, 0xbf,
-             0x37, 0xe5, 0x6c, 0x8b, 0xcc, 0xa7, 0xfa, 0xb9, 0x80, 0xe1, 0xe6,
-             0x1c, 0x94, 0x00, 0xd8, 0xa9, 0xa5, 0xb1, 0x4a, 0xc6})),
-    std::make_pair(
-        15,
-        std::vector<uint8_t>(
-            {0x6f, 0xbf, 0x31, 0xb4, 0x5a, 0xb0, 0xc0, 0xb8, 0xda, 0xd1, 0xc0,
-             0xf5, 0xf4, 0x06, 0x13, 0x79, 0x91, 0x2d, 0xde, 0x5a, 0xa9, 0x22,
-             0x09, 0x9a, 0x03, 0x0b, 0x72, 0x5c, 0x73, 0x34, 0x6c, 0x52, 0x42,
-             0x91, 0xad, 0xef, 0x89, 0xd2, 0xf6, 0xfd, 0x8d, 0xfc, 0xda, 0x6d,
-             0x07, 0xda, 0xd8, 0x11, 0xa9, 0x31, 0x45, 0x36, 0xc2, 0x91, 0x5e,
-             0xd4, 0x5d, 0xa3, 0x49, 0x47, 0xe8, 0x3d, 0xe3, 0x4e})),
-    std::make_pair(
-        16,
-        std::vector<uint8_t>(
-            {0xa0, 0xc6, 0x5b, 0xdd, 0xde, 0x8a, 0xde, 0xf5, 0x72, 0x82, 0xb0,
-             0x4b, 0x11, 0xe7, 0xbc, 0x8a, 0xab, 0x10, 0x5b, 0x99, 0x23, 0x1b,
-             0x75, 0x0c, 0x02, 0x1f, 0x4a, 0x73, 0x5c, 0xb1, 0xbc, 0xfa, 0xb8,
-             0x75, 0x53, 0xbb, 0xa3, 0xab, 0xb0, 0xc3, 0xe6, 0x4a, 0x0b, 0x69,
-             0x55, 0x28, 0x51, 0x85, 0xa0, 0xbd, 0x35, 0xfb, 0x8c, 0xfd, 0xe5,
-             0x57, 0x32, 0x9b, 0xeb, 0xb1, 0xf6, 0x29, 0xee, 0x93})),
-    std::make_pair(
-        17,
-        std::vector<uint8_t>(
-            {0xf9, 0x9d, 0x81, 0x55, 0x50, 0x55, 0x8e, 0x81, 0xec, 0xa2, 0xf9,
-             0x67, 0x18, 0xae, 0xd1, 0x0d, 0x86, 0xf3, 0xf1, 0xcf, 0xb6, 0x75,
-             0xcc, 0xe0, 0x6b, 0x0e, 0xff, 0x02, 0xf6, 0x17, 0xc5, 0xa4, 0x2c,
-             0x5a, 0xa7, 0x60, 0x27, 0x0f, 0x26, 0x79, 0xda, 0x26, 0x77, 0xc5,
-             0xae, 0xb9, 0x4f, 0x11, 0x42, 0x27, 0x7f, 0x21, 0xc7, 0xf7, 0x9f,
-             0x3c, 0x4f, 0x0c, 0xce, 0x4e, 0xd8, 0xee, 0x62, 0xb1})),
-    std::make_pair(
-        18,
-        std::vector<uint8_t>(
-            {0x95, 0x39, 0x1d, 0xa8, 0xfc, 0x7b, 0x91, 0x7a, 0x20, 0x44, 0xb3,
-             0xd6, 0xf5, 0x37, 0x4e, 0x1c, 0xa0, 0x72, 0xb4, 0x14, 0x54, 0xd5,
-             0x72, 0xc7, 0x35, 0x6c, 0x05, 0xfd, 0x4b, 0xc1, 0xe0, 0xf4, 0x0b,
-             0x8b, 0xb8, 0xb4, 0xa9, 0xf6, 0xbc, 0xe9, 0xbe, 0x2c, 0x46, 0x23,
-             0xc3, 0x99, 0xb0, 0xdc, 0xa0, 0xda, 0xb0, 0x5c, 0xb7, 0x28, 0x1b,
-             0x71, 0xa2, 0x1b, 0x0e, 0xbc, 0xd9, 0xe5, 0x56, 0x70})),
-    std::make_pair(
-        19,
-        std::vector<uint8_t>(
-            {0x04, 0xb9, 0xcd, 0x3d, 0x20, 0xd2, 0x21, 0xc0, 0x9a, 0xc8, 0x69,
-             0x13, 0xd3, 0xdc, 0x63, 0x04, 0x19, 0x89, 0xa9, 0xa1, 0xe6, 0x94,
-             0xf1, 0xe6, 0x39, 0xa3, 0xba, 0x7e, 0x45, 0x18, 0x40, 0xf7, 0x50,
-             0xc2, 0xfc, 0x19, 0x1d, 0x56, 0xad, 0x61, 0xf2, 0xe7, 0x93, 0x6b,
-             0xc0, 0xac, 0x8e, 0x09, 0x4b, 0x60, 0xca, 0xee, 0xd8, 0x78, 0xc1,
-             0x87, 0x99, 0x04, 0x54, 0x02, 0xd6, 0x1c, 0xea, 0xf9})),
-    std::make_pair(
-        20,
-        std::vector<uint8_t>(
-            {0xec, 0x0e, 0x0e, 0xf7, 0x07, 0xe4, 0xed, 0x6c, 0x0c, 0x66, 0xf9,
-             0xe0, 0x89, 0xe4, 0x95, 0x4b, 0x05, 0x80, 0x30, 0xd2, 0xdd, 0x86,
-             0x39, 0x8f, 0xe8, 0x40, 0x59, 0x63, 0x1f, 0x9e, 0xe5, 0x91, 0xd9,
-             0xd7, 0x73, 0x75, 0x35, 0x51, 0x49, 0x17, 0x8c, 0x0c, 0xf8, 0xf8,
-             0xe7, 0xc4, 0x9e, 0xd2, 0xa5, 0xe4, 0xf9, 0x54, 0x88, 0xa2, 0x24,
-             0x70, 0x67, 0xc2, 0x08, 0x51, 0x0f, 0xad, 0xc4, 0x4c})),
-    std::make_pair(
-        21,
-        std::vector<uint8_t>(
-            {0x9a, 0x37, 0xcc, 0xe2, 0x73, 0xb7, 0x9c, 0x09, 0x91, 0x36, 0x77,
-             0x51, 0x0e, 0xaf, 0x76, 0x88, 0xe8, 0x9b, 0x33, 0x14, 0xd3, 0x53,
-             0x2f, 0xd2, 0x76, 0x4c, 0x39, 0xde, 0x02, 0x2a, 0x29, 0x45, 0xb5,
-             0x71, 0x0d, 0x13, 0x51, 0x7a, 0xf8, 0xdd, 0xc0, 0x31, 0x66, 0x24,
-             0xe7, 0x3b, 0xec, 0x1c, 0xe6, 0x7d, 0xf1, 0x52, 0x28, 0x30, 0x20,
-             0x36, 0xf3, 0x30, 0xab, 0x0c, 0xb4, 0xd2, 0x18, 0xdd})),
-    std::make_pair(
-        22,
-        std::vector<uint8_t>(
-            {0x4c, 0xf9, 0xbb, 0x8f, 0xb3, 0xd4, 0xde, 0x8b, 0x38, 0xb2, 0xf2,
-             0x62, 0xd3, 0xc4, 0x0f, 0x46, 0xdf, 0xe7, 0x47, 0xe8, 0xfc, 0x0a,
-             0x41, 0x4c, 0x19, 0x3d, 0x9f, 0xcf, 0x75, 0x31, 0x06, 0xce, 0x47,
-             0xa1, 0x8f, 0x17, 0x2f, 0x12, 0xe8, 0xa2, 0xf1, 0xc2, 0x67, 0x26,
-             0x54, 0x53, 0x58, 0xe5, 0xee, 0x28, 0xc9, 0xe2, 0x21, 0x3a, 0x87,
-             0x87, 0xaa, 0xfb, 0xc5, 0x16, 0xd2, 0x34, 0x31, 0x52})),
-    std::make_pair(
-        23,
-        std::vector<uint8_t>(
-            {0x64, 0xe0, 0xc6, 0x3a, 0xf9, 0xc8, 0x08, 0xfd, 0x89, 0x31, 0x37,
-             0x12, 0x98, 0x67, 0xfd, 0x91, 0x93, 0x9d, 0x53, 0xf2, 0xaf, 0x04,
-             0xbe, 0x4f, 0xa2, 0x68, 0x00, 0x61, 0x00, 0x06, 0x9b, 0x2d, 0x69,
-             0xda, 0xa5, 0xc5, 0xd8, 0xed, 0x7f, 0xdd, 0xcb, 0x2a, 0x70, 0xee,
-             0xec, 0xdf, 0x2b, 0x10, 0x5d, 0xd4, 0x6a, 0x1e, 0x3b, 0x73, 0x11,
-             0x72, 0x8f, 0x63, 0x9a, 0xb4, 0x89, 0x32, 0x6b, 0xc9})),
-    std::make_pair(
-        24,
-        std::vector<uint8_t>(
-            {0x5e, 0x9c, 0x93, 0x15, 0x8d, 0x65, 0x9b, 0x2d, 0xef, 0x06, 0xb0,
-             0xc3, 0xc7, 0x56, 0x50, 0x45, 0x54, 0x26, 0x62, 0xd6, 0xee, 0xe8,
-             0xa9, 0x6a, 0x89, 0xb7, 0x8a, 0xde, 0x09, 0xfe, 0x8b, 0x3d, 0xcc,
-             0x09, 0x6d, 0x4f, 0xe4, 0x88, 0x15, 0xd8, 0x8d, 0x8f, 0x82, 0x62,
-             0x01, 0x56, 0x60, 0x2a, 0xf5, 0x41, 0x95, 0x5e, 0x1f, 0x6c, 0xa3,
-             0x0d, 0xce, 0x14, 0xe2, 0x54, 0xc3, 0x26, 0xb8, 0x8f})),
-    std::make_pair(
-        25,
-        std::vector<uint8_t>(
-            {0x77, 0x75, 0xdf, 0xf8, 0x89, 0x45, 0x8d, 0xd1, 0x1a, 0xef, 0x41,
-             0x72, 0x76, 0x85, 0x3e, 0x21, 0x33, 0x5e, 0xb8, 0x8e, 0x4d, 0xec,
-             0x9c, 0xfb, 0x4e, 0x9e, 0xdb, 0x49, 0x82, 0x00, 0x88, 0x55, 0x1a,
-             0x2c, 0xa6, 0x03, 0x39, 0xf1, 0x20, 0x66, 0x10, 0x11, 0x69, 0xf0,
-             0xdf, 0xe8, 0x4b, 0x09, 0x8f, 0xdd, 0xb1, 0x48, 0xd9, 0xda, 0x6b,
-             0x3d, 0x61, 0x3d, 0xf2, 0x63, 0x88, 0x9a, 0xd6, 0x4b})),
-    std::make_pair(
-        26,
-        std::vector<uint8_t>(
-            {0xf0, 0xd2, 0x80, 0x5a, 0xfb, 0xb9, 0x1f, 0x74, 0x39, 0x51, 0x35,
-             0x1a, 0x6d, 0x02, 0x4f, 0x93, 0x53, 0xa2, 0x3c, 0x7c, 0xe1, 0xfc,
-             0x2b, 0x05, 0x1b, 0x3a, 0x8b, 0x96, 0x8c, 0x23, 0x3f, 0x46, 0xf5,
-             0x0f, 0x80, 0x6e, 0xcb, 0x15, 0x68, 0xff, 0xaa, 0x0b, 0x60, 0x66,
-             0x1e, 0x33, 0x4b, 0x21, 0xdd, 0xe0, 0x4f, 0x8f, 0xa1, 0x55, 0xac,
-             0x74, 0x0e, 0xeb, 0x42, 0xe2, 0x0b, 0x60, 0xd7, 0x64})),
-    std::make_pair(
-        27,
-        std::vector<uint8_t>(
-            {0x86, 0xa2, 0xaf, 0x31, 0x6e, 0x7d, 0x77, 0x54, 0x20, 0x1b, 0x94,
-             0x2e, 0x27, 0x53, 0x64, 0xac, 0x12, 0xea, 0x89, 0x62, 0xab, 0x5b,
-             0xd8, 0xd7, 0xfb, 0x27, 0x6d, 0xc5, 0xfb, 0xff, 0xc8, 0xf9, 0xa2,
-             0x8c, 0xae, 0x4e, 0x48, 0x67, 0xdf, 0x67, 0x80, 0xd9, 0xb7, 0x25,
-             0x24, 0x16, 0x09, 0x27, 0xc8, 0x55, 0xda, 0x5b, 0x60, 0x78, 0xe0,
-             0xb5, 0x54, 0xaa, 0x91, 0xe3, 0x1c, 0xb9, 0xca, 0x1d})),
-    std::make_pair(
-        28,
-        std::vector<uint8_t>(
-            {0x10, 0xbd, 0xf0, 0xca, 0xa0, 0x80, 0x27, 0x05, 0xe7, 0x06, 0x36,
-             0x9b, 0xaf, 0x8a, 0x3f, 0x79, 0xd7, 0x2c, 0x0a, 0x03, 0xa8, 0x06,
-             0x75, 0xa7, 0xbb, 0xb0, 0x0b, 0xe3, 0xa4, 0x5e, 0x51, 0x64, 0x24,
-             0xd1, 0xee, 0x88, 0xef, 0xb5, 0x6f, 0x6d, 0x57, 0x77, 0x54, 0x5a,
-             0xe6, 0xe2, 0x77, 0x65, 0xc3, 0xa8, 0xf5, 0xe4, 0x93, 0xfc, 0x30,
-             0x89, 0x15, 0x63, 0x89, 0x33, 0xa1, 0xdf, 0xee, 0x55})),
-    std::make_pair(
-        29,
-        std::vector<uint8_t>(
-            {0xb0, 0x17, 0x81, 0x09, 0x2b, 0x17, 0x48, 0x45, 0x9e, 0x2e, 0x4e,
-             0xc1, 0x78, 0x69, 0x66, 0x27, 0xbf, 0x4e, 0xba, 0xfe, 0xbb, 0xa7,
-             0x74, 0xec, 0xf0, 0x18, 0xb7, 0x9a, 0x68, 0xae, 0xb8, 0x49, 0x17,
-             0xbf, 0x0b, 0x84, 0xbb, 0x79, 0xd1, 0x7b, 0x74, 0x31, 0x51, 0x14,
-             0x4c, 0xd6, 0x6b, 0x7b, 0x33, 0xa4, 0xb9, 0xe5, 0x2c, 0x76, 0xc4,
-             0xe1, 0x12, 0x05, 0x0f, 0xf5, 0x38, 0x5b, 0x7f, 0x0b})),
-    std::make_pair(
-        30,
-        std::vector<uint8_t>(
-            {0xc6, 0xdb, 0xc6, 0x1d, 0xec, 0x6e, 0xae, 0xac, 0x81, 0xe3, 0xd5,
-             0xf7, 0x55, 0x20, 0x3c, 0x8e, 0x22, 0x05, 0x51, 0x53, 0x4a, 0x0b,
-             0x2f, 0xd1, 0x05, 0xa9, 0x18, 0x89, 0x94, 0x5a, 0x63, 0x85, 0x50,
-             0x20, 0x4f, 0x44, 0x09, 0x3d, 0xd9, 0x98, 0xc0, 0x76, 0x20, 0x5d,
-             0xff, 0xad, 0x70, 0x3a, 0x0e, 0x5c, 0xd3, 0xc7, 0xf4, 0x38, 0xa7,
-             0xe6, 0x34, 0xcd, 0x59, 0xfe, 0xde, 0xdb, 0x53, 0x9e})),
-    std::make_pair(
-        31,
-        std::vector<uint8_t>(
-            {0xeb, 0xa5, 0x1a, 0xcf, 0xfb, 0x4c, 0xea, 0x31, 0xdb, 0x4b, 0x8d,
-             0x87, 0xe9, 0xbf, 0x7d, 0xd4, 0x8f, 0xe9, 0x7b, 0x02, 0x53, 0xae,
-             0x67, 0xaa, 0x58, 0x0f, 0x9a, 0xc4, 0xa9, 0xd9, 0x41, 0xf2, 0xbe,
-             0xa5, 0x18, 0xee, 0x28, 0x68, 0x18, 0xcc, 0x9f, 0x63, 0x3f, 0x2a,
-             0x3b, 0x9f, 0xb6, 0x8e, 0x59, 0x4b, 0x48, 0xcd, 0xd6, 0xd5, 0x15,
-             0xbf, 0x1d, 0x52, 0xba, 0x6c, 0x85, 0xa2, 0x03, 0xa7})),
-    std::make_pair(
-        32,
-        std::vector<uint8_t>(
-            {0x86, 0x22, 0x1f, 0x3a, 0xda, 0x52, 0x03, 0x7b, 0x72, 0x22, 0x4f,
-             0x10, 0x5d, 0x79, 0x99, 0x23, 0x1c, 0x5e, 0x55, 0x34, 0xd0, 0x3d,
-             0xa9, 0xd9, 0xc0, 0xa1, 0x2a, 0xcb, 0x68, 0x46, 0x0c, 0xd3, 0x75,
-             0xda, 0xf8, 0xe2, 0x43, 0x86, 0x28, 0x6f, 0x96, 0x68, 0xf7, 0x23,
-             0x26, 0xdb, 0xf9, 0x9b, 0xa0, 0x94, 0x39, 0x24, 0x37, 0xd3, 0x98,
-             0xe9, 0x5b, 0xb8, 0x16, 0x1d, 0x71, 0x7f, 0x89, 0x91})),
-    std::make_pair(
-        33,
-        std::vector<uint8_t>(
-            {0x55, 0x95, 0xe0, 0x5c, 0x13, 0xa7, 0xec, 0x4d, 0xc8, 0xf4, 0x1f,
-             0xb7, 0x0c, 0xb5, 0x0a, 0x71, 0xbc, 0xe1, 0x7c, 0x02, 0x4f, 0xf6,
-             0xde, 0x7a, 0xf6, 0x18, 0xd0, 0xcc, 0x4e, 0x9c, 0x32, 0xd9, 0x57,
-             0x0d, 0x6d, 0x3e, 0xa4, 0x5b, 0x86, 0x52, 0x54, 0x91, 0x03, 0x0c,
-             0x0d, 0x8f, 0x2b, 0x18, 0x36, 0xd5, 0x77, 0x8c, 0x1c, 0xe7, 0x35,
-             0xc1, 0x77, 0x07, 0xdf, 0x36, 0x4d, 0x05, 0x43, 0x47})),
-    std::make_pair(
-        34,
-        std::vector<uint8_t>(
-            {0xce, 0x0f, 0x4f, 0x6a, 0xca, 0x89, 0x59, 0x0a, 0x37, 0xfe, 0x03,
-             0x4d, 0xd7, 0x4d, 0xd5, 0xfa, 0x65, 0xeb, 0x1c, 0xbd, 0x0a, 0x41,
-             0x50, 0x8a, 0xad, 0xdc, 0x09, 0x35, 0x1a, 0x3c, 0xea, 0x6d, 0x18,
-             0xcb, 0x21, 0x89, 0xc5, 0x4b, 0x70, 0x0c, 0x00, 0x9f, 0x4c, 0xbf,
-             0x05, 0x21, 0xc7, 0xea, 0x01, 0xbe, 0x61, 0xc5, 0xae, 0x09, 0xcb,
-             0x54, 0xf2, 0x7b, 0xc1, 0xb4, 0x4d, 0x65, 0x8c, 0x82})),
-    std::make_pair(
-        35,
-        std::vector<uint8_t>(
-            {0x7e, 0xe8, 0x0b, 0x06, 0xa2, 0x15, 0xa3, 0xbc, 0xa9, 0x70, 0xc7,
-             0x7c, 0xda, 0x87, 0x61, 0x82, 0x2b, 0xc1, 0x03, 0xd4, 0x4f, 0xa4,
-             0xb3, 0x3f, 0x4d, 0x07, 0xdc, 0xb9, 0x97, 0xe3, 0x6d, 0x55, 0x29,
-             0x8b, 0xce, 0xae, 0x12, 0x24, 0x1b, 0x3f, 0xa0, 0x7f, 0xa6, 0x3b,
-             0xe5, 0x57, 0x60, 0x68, 0xda, 0x38, 0x7b, 0x8d, 0x58, 0x59, 0xae,
-             0xab, 0x70, 0x13, 0x69, 0x84, 0x8b, 0x17, 0x6d, 0x42})),
-    std::make_pair(
-        36,
-        std::vector<uint8_t>(
-            {0x94, 0x0a, 0x84, 0xb6, 0xa8, 0x4d, 0x10, 0x9a, 0xab, 0x20, 0x8c,
-             0x02, 0x4c, 0x6c, 0xe9, 0x64, 0x76, 0x76, 0xba, 0x0a, 0xaa, 0x11,
-             0xf8, 0x6d, 0xbb, 0x70, 0x18, 0xf9, 0xfd, 0x22, 0x20, 0xa6, 0xd9,
-             0x01, 0xa9, 0x02, 0x7f, 0x9a, 0xbc, 0xf9, 0x35, 0x37, 0x27, 0x27,
-             0xcb, 0xf0, 0x9e, 0xbd, 0x61, 0xa2, 0xa2, 0xee, 0xb8, 0x76, 0x53,
-             0xe8, 0xec, 0xad, 0x1b, 0xab, 0x85, 0xdc, 0x83, 0x27})),
-    std::make_pair(
-        37,
-        std::vector<uint8_t>(
-            {0x20, 0x20, 0xb7, 0x82, 0x64, 0xa8, 0x2d, 0x9f, 0x41, 0x51, 0x14,
-             0x1a, 0xdb, 0xa8, 0xd4, 0x4b, 0xf2, 0x0c, 0x5e, 0xc0, 0x62, 0xee,
-             0xe9, 0xb5, 0x95, 0xa1, 0x1f, 0x9e, 0x84, 0x90, 0x1b, 0xf1, 0x48,
-             0xf2, 0x98, 0xe0, 0xc9, 0xf8, 0x77, 0x7d, 0xcd, 0xbc, 0x7c, 0xc4,
-             0x67, 0x0a, 0xac, 0x35, 0x6c, 0xc2, 0xad, 0x8c, 0xcb, 0x16, 0x29,
-             0xf1, 0x6f, 0x6a, 0x76, 0xbc, 0xef, 0xbe, 0xe7, 0x60})),
-    std::make_pair(
-        38,
-        std::vector<uint8_t>(
-            {0xd1, 0xb8, 0x97, 0xb0, 0xe0, 0x75, 0xba, 0x68, 0xab, 0x57, 0x2a,
-             0xdf, 0x9d, 0x9c, 0x43, 0x66, 0x63, 0xe4, 0x3e, 0xb3, 0xd8, 0xe6,
-             0x2d, 0x92, 0xfc, 0x49, 0xc9, 0xbe, 0x21, 0x4e, 0x6f, 0x27, 0x87,
-             0x3f, 0xe2, 0x15, 0xa6, 0x51, 0x70, 0xe6, 0xbe, 0xa9, 0x02, 0x40,
-             0x8a, 0x25, 0xb4, 0x95, 0x06, 0xf4, 0x7b, 0xab, 0xd0, 0x7c, 0xec,
-             0xf7, 0x11, 0x3e, 0xc1, 0x0c, 0x5d, 0xd3, 0x12, 0x52})),
-    std::make_pair(
-        39,
-        std::vector<uint8_t>(
-            {0xb1, 0x4d, 0x0c, 0x62, 0xab, 0xfa, 0x46, 0x9a, 0x35, 0x71, 0x77,
-             0xe5, 0x94, 0xc1, 0x0c, 0x19, 0x42, 0x43, 0xed, 0x20, 0x25, 0xab,
-             0x8a, 0xa5, 0xad, 0x2f, 0xa4, 0x1a, 0xd3, 0x18, 0xe0, 0xff, 0x48,
-             0xcd, 0x5e, 0x60, 0xbe, 0xc0, 0x7b, 0x13, 0x63, 0x4a, 0x71, 0x1d,
-             0x23, 0x26, 0xe4, 0x88, 0xa9, 0x85, 0xf3, 0x1e, 0x31, 0x15, 0x33,
-             0x99, 0xe7, 0x30, 0x88, 0xef, 0xc8, 0x6a, 0x5c, 0x55})),
-    std::make_pair(
-        40,
-        std::vector<uint8_t>(
-            {0x41, 0x69, 0xc5, 0xcc, 0x80, 0x8d, 0x26, 0x97, 0xdc, 0x2a, 0x82,
-             0x43, 0x0d, 0xc2, 0x3e, 0x3c, 0xd3, 0x56, 0xdc, 0x70, 0xa9, 0x45,
-             0x66, 0x81, 0x05, 0x02, 0xb8, 0xd6, 0x55, 0xb3, 0x9a, 0xbf, 0x9e,
-             0x7f, 0x90, 0x2f, 0xe7, 0x17, 0xe0, 0x38, 0x92, 0x19, 0x85, 0x9e,
-             0x19, 0x45, 0xdf, 0x1a, 0xf6, 0xad, 0xa4, 0x2e, 0x4c, 0xcd, 0xa5,
-             0x5a, 0x19, 0x7b, 0x71, 0x00, 0xa3, 0x0c, 0x30, 0xa1})),
-    std::make_pair(
-        41,
-        std::vector<uint8_t>(
-            {0x25, 0x8a, 0x4e, 0xdb, 0x11, 0x3d, 0x66, 0xc8, 0x39, 0xc8, 0xb1,
-             0xc9, 0x1f, 0x15, 0xf3, 0x5a, 0xde, 0x60, 0x9f, 0x11, 0xcd, 0x7f,
-             0x86, 0x81, 0xa4, 0x04, 0x5b, 0x9f, 0xef, 0x7b, 0x0b, 0x24, 0xc8,
-             0x2c, 0xda, 0x06, 0xa5, 0xf2, 0x06, 0x7b, 0x36, 0x88, 0x25, 0xe3,
-             0x91, 0x4e, 0x53, 0xd6, 0x94, 0x8e, 0xde, 0x92, 0xef, 0xd6, 0xe8,
-             0x38, 0x7f, 0xa2, 0xe5, 0x37, 0x23, 0x9b, 0x5b, 0xee})),
-    std::make_pair(
-        42,
-        std::vector<uint8_t>(
-            {0x79, 0xd2, 0xd8, 0x69, 0x6d, 0x30, 0xf3, 0x0f, 0xb3, 0x46, 0x57,
-             0x76, 0x11, 0x71, 0xa1, 0x1e, 0x6c, 0x3f, 0x1e, 0x64, 0xcb, 0xe7,
-             0xbe, 0xbe, 0xe1, 0x59, 0xcb, 0x95, 0xbf, 0xaf, 0x81, 0x2b, 0x4f,
-             0x41, 0x1e, 0x2f, 0x26, 0xd9, 0xc4, 0x21, 0xdc, 0x2c, 0x28, 0x4a,
-             0x33, 0x42, 0xd8, 0x23, 0xec, 0x29, 0x38, 0x49, 0xe4, 0x2d, 0x1e,
-             0x46, 0xb0, 0xa4, 0xac, 0x1e, 0x3c, 0x86, 0xab, 0xaa})),
-    std::make_pair(
-        43,
-        std::vector<uint8_t>(
-            {0x8b, 0x94, 0x36, 0x01, 0x0d, 0xc5, 0xde, 0xe9, 0x92, 0xae, 0x38,
-             0xae, 0xa9, 0x7f, 0x2c, 0xd6, 0x3b, 0x94, 0x6d, 0x94, 0xfe, 0xdd,
-             0x2e, 0xc9, 0x67, 0x1d, 0xcd, 0xe3, 0xbd, 0x4c, 0xe9, 0x56, 0x4d,
-             0x55, 0x5c, 0x66, 0xc1, 0x5b, 0xb2, 0xb9, 0x00, 0xdf, 0x72, 0xed,
-             0xb6, 0xb8, 0x91, 0xeb, 0xca, 0xdf, 0xef, 0xf6, 0x3c, 0x9e, 0xa4,
-             0x03, 0x6a, 0x99, 0x8b, 0xe7, 0x97, 0x39, 0x81, 0xe7})),
-    std::make_pair(
-        44,
-        std::vector<uint8_t>(
-            {0xc8, 0xf6, 0x8e, 0x69, 0x6e, 0xd2, 0x82, 0x42, 0xbf, 0x99, 0x7f,
-             0x5b, 0x3b, 0x34, 0x95, 0x95, 0x08, 0xe4, 0x2d, 0x61, 0x38, 0x10,
-             0xf1, 0xe2, 0xa4, 0x35, 0xc9, 0x6e, 0xd2, 0xff, 0x56, 0x0c, 0x70,
-             0x22, 0xf3, 0x61, 0xa9, 0x23, 0x4b, 0x98, 0x37, 0xfe, 0xee, 0x90,
-             0xbf, 0x47, 0x92, 0x2e, 0xe0, 0xfd, 0x5f, 0x8d, 0xdf, 0x82, 0x37,
-             0x18, 0xd8, 0x6d, 0x1e, 0x16, 0xc6, 0x09, 0x00, 0x71})),
-    std::make_pair(
-        45,
-        std::vector<uint8_t>(
-            {0xb0, 0x2d, 0x3e, 0xee, 0x48, 0x60, 0xd5, 0x86, 0x8b, 0x2c, 0x39,
-             0xce, 0x39, 0xbf, 0xe8, 0x10, 0x11, 0x29, 0x05, 0x64, 0xdd, 0x67,
-             0x8c, 0x85, 0xe8, 0x78, 0x3f, 0x29, 0x30, 0x2d, 0xfc, 0x13, 0x99,
-             0xba, 0x95, 0xb6, 0xb5, 0x3c, 0xd9, 0xeb, 0xbf, 0x40, 0x0c, 0xca,
-             0x1d, 0xb0, 0xab, 0x67, 0xe1, 0x9a, 0x32, 0x5f, 0x2d, 0x11, 0x58,
-             0x12, 0xd2, 0x5d, 0x00, 0x97, 0x8a, 0xd1, 0xbc, 0xa4})),
-    std::make_pair(
-        46,
-        std::vector<uint8_t>(
-            {0x76, 0x93, 0xea, 0x73, 0xaf, 0x3a, 0xc4, 0xda, 0xd2, 0x1c, 0xa0,
-             0xd8, 0xda, 0x85, 0xb3, 0x11, 0x8a, 0x7d, 0x1c, 0x60, 0x24, 0xcf,
-             0xaf, 0x55, 0x76, 0x99, 0x86, 0x82, 0x17, 0xbc, 0x0c, 0x2f, 0x44,
-             0xa1, 0x99, 0xbc, 0x6c, 0x0e, 0xdd, 0x51, 0x97, 0x98, 0xba, 0x05,
-             0xbd, 0x5b, 0x1b, 0x44, 0x84, 0x34, 0x6a, 0x47, 0xc2, 0xca, 0xdf,
-             0x6b, 0xf3, 0x0b, 0x78, 0x5c, 0xc8, 0x8b, 0x2b, 0xaf})),
-    std::make_pair(
-        47,
-        std::vector<uint8_t>(
-            {0xa0, 0xe5, 0xc1, 0xc0, 0x03, 0x1c, 0x02, 0xe4, 0x8b, 0x7f, 0x09,
-             0xa5, 0xe8, 0x96, 0xee, 0x9a, 0xef, 0x2f, 0x17, 0xfc, 0x9e, 0x18,
-             0xe9, 0x97, 0xd7, 0xf6, 0xca, 0xc7, 0xae, 0x31, 0x64, 0x22, 0xc2,
-             0xb1, 0xe7, 0x79, 0x84, 0xe5, 0xf3, 0xa7, 0x3c, 0xb4, 0x5d, 0xee,
-             0xd5, 0xd3, 0xf8, 0x46, 0x00, 0x10, 0x5e, 0x6e, 0xe3, 0x8f, 0x2d,
-             0x09, 0x0c, 0x7d, 0x04, 0x42, 0xea, 0x34, 0xc4, 0x6d})),
-    std::make_pair(
-        48,
-        std::vector<uint8_t>(
-            {0x41, 0xda, 0xa6, 0xad, 0xcf, 0xdb, 0x69, 0xf1, 0x44, 0x0c, 0x37,
-             0xb5, 0x96, 0x44, 0x01, 0x65, 0xc1, 0x5a, 0xda, 0x59, 0x68, 0x13,
-             0xe2, 0xe2, 0x2f, 0x06, 0x0f, 0xcd, 0x55, 0x1f, 0x24, 0xde, 0xe8,
-             0xe0, 0x4b, 0xa6, 0x89, 0x03, 0x87, 0x88, 0x6c, 0xee, 0xc4, 0xa7,
-             0xa0, 0xd7, 0xfc, 0x6b, 0x44, 0x50, 0x63, 0x92, 0xec, 0x38, 0x22,
-             0xc0, 0xd8, 0xc1, 0xac, 0xfc, 0x7d, 0x5a, 0xeb, 0xe8})),
-    std::make_pair(
-        49,
-        std::vector<uint8_t>(
-            {0x14, 0xd4, 0xd4, 0x0d, 0x59, 0x84, 0xd8, 0x4c, 0x5c, 0xf7, 0x52,
-             0x3b, 0x77, 0x98, 0xb2, 0x54, 0xe2, 0x75, 0xa3, 0xa8, 0xcc, 0x0a,
-             0x1b, 0xd0, 0x6e, 0xbc, 0x0b, 0xee, 0x72, 0x68, 0x56, 0xac, 0xc3,
-             0xcb, 0xf5, 0x16, 0xff, 0x66, 0x7c, 0xda, 0x20, 0x58, 0xad, 0x5c,
-             0x34, 0x12, 0x25, 0x44, 0x60, 0xa8, 0x2c, 0x92, 0x18, 0x70, 0x41,
-             0x36, 0x3c, 0xc7, 0x7a, 0x4d, 0xc2, 0x15, 0xe4, 0x87})),
-    std::make_pair(
-        50,
-        std::vector<uint8_t>(
-            {0xd0, 0xe7, 0xa1, 0xe2, 0xb9, 0xa4, 0x47, 0xfe, 0xe8, 0x3e, 0x22,
-             0x77, 0xe9, 0xff, 0x80, 0x10, 0xc2, 0xf3, 0x75, 0xae, 0x12, 0xfa,
-             0x7a, 0xaa, 0x8c, 0xa5, 0xa6, 0x31, 0x78, 0x68, 0xa2, 0x6a, 0x36,
-             0x7a, 0x0b, 0x69, 0xfb, 0xc1, 0xcf, 0x32, 0xa5, 0x5d, 0x34, 0xeb,
-             0x37, 0x06, 0x63, 0x01, 0x6f, 0x3d, 0x21, 0x10, 0x23, 0x0e, 0xba,
-             0x75, 0x40, 0x28, 0xa5, 0x6f, 0x54, 0xac, 0xf5, 0x7c})),
-    std::make_pair(
-        51,
-        std::vector<uint8_t>(
-            {0xe7, 0x71, 0xaa, 0x8d, 0xb5, 0xa3, 0xe0, 0x43, 0xe8, 0x17, 0x8f,
-             0x39, 0xa0, 0x85, 0x7b, 0xa0, 0x4a, 0x3f, 0x18, 0xe4, 0xaa, 0x05,
-             0x74, 0x3c, 0xf8, 0xd2, 0x22, 0xb0, 0xb0, 0x95, 0x82, 0x53, 0x50,
-             0xba, 0x42, 0x2f, 0x63, 0x38, 0x2a, 0x23, 0xd9, 0x2e, 0x41, 0x49,
-             0x07, 0x4e, 0x81, 0x6a, 0x36, 0xc1, 0xcd, 0x28, 0x28, 0x4d, 0x14,
-             0x62, 0x67, 0x94, 0x0b, 0x31, 0xf8, 0x81, 0x8e, 0xa2})),
-    std::make_pair(
-        52,
-        std::vector<uint8_t>(
-            {0xfe, 0xb4, 0xfd, 0x6f, 0x9e, 0x87, 0xa5, 0x6b, 0xef, 0x39, 0x8b,
-             0x32, 0x84, 0xd2, 0xbd, 0xa5, 0xb5, 0xb0, 0xe1, 0x66, 0x58, 0x3a,
-             0x66, 0xb6, 0x1e, 0x53, 0x84, 0x57, 0xff, 0x05, 0x84, 0x87, 0x2c,
-             0x21, 0xa3, 0x29, 0x62, 0xb9, 0x92, 0x8f, 0xfa, 0xb5, 0x8d, 0xe4,
-             0xaf, 0x2e, 0xdd, 0x4e, 0x15, 0xd8, 0xb3, 0x55, 0x70, 0x52, 0x32,
-             0x07, 0xff, 0x4e, 0x2a, 0x5a, 0xa7, 0x75, 0x4c, 0xaa})),
-    std::make_pair(
-        53,
-        std::vector<uint8_t>(
-            {0x46, 0x2f, 0x17, 0xbf, 0x00, 0x5f, 0xb1, 0xc1, 0xb9, 0xe6, 0x71,
-             0x77, 0x9f, 0x66, 0x52, 0x09, 0xec, 0x28, 0x73, 0xe3, 0xe4, 0x11,
-             0xf9, 0x8d, 0xab, 0xf2, 0x40, 0xa1, 0xd5, 0xec, 0x3f, 0x95, 0xce,
-             0x67, 0x96, 0xb6, 0xfc, 0x23, 0xfe, 0x17, 0x19, 0x03, 0xb5, 0x02,
-             0x02, 0x34, 0x67, 0xde, 0xc7, 0x27, 0x3f, 0xf7, 0x48, 0x79, 0xb9,
-             0x29, 0x67, 0xa2, 0xa4, 0x3a, 0x5a, 0x18, 0x3d, 0x33})),
-    std::make_pair(
-        54,
-        std::vector<uint8_t>(
-            {0xd3, 0x33, 0x81, 0x93, 0xb6, 0x45, 0x53, 0xdb, 0xd3, 0x8d, 0x14,
-             0x4b, 0xea, 0x71, 0xc5, 0x91, 0x5b, 0xb1, 0x10, 0xe2, 0xd8, 0x81,
-             0x80, 0xdb, 0xc5, 0xdb, 0x36, 0x4f, 0xd6, 0x17, 0x1d, 0xf3, 0x17,
-             0xfc, 0x72, 0x68, 0x83, 0x1b, 0x5a, 0xef, 0x75, 0xe4, 0x34, 0x2b,
-             0x2f, 0xad, 0x87, 0x97, 0xba, 0x39, 0xed, 0xdc, 0xef, 0x80, 0xe6,
-             0xec, 0x08, 0x15, 0x93, 0x50, 0xb1, 0xad, 0x69, 0x6d})),
-    std::make_pair(
-        55,
-        std::vector<uint8_t>(
-            {0xe1, 0x59, 0x0d, 0x58, 0x5a, 0x3d, 0x39, 0xf7, 0xcb, 0x59, 0x9a,
-             0xbd, 0x47, 0x90, 0x70, 0x96, 0x64, 0x09, 0xa6, 0x84, 0x6d, 0x43,
-             0x77, 0xac, 0xf4, 0x47, 0x1d, 0x06, 0x5d, 0x5d, 0xb9, 0x41, 0x29,
-             0xcc, 0x9b, 0xe9, 0x25, 0x73, 0xb0, 0x5e, 0xd2, 0x26, 0xbe, 0x1e,
-             0x9b, 0x7c, 0xb0, 0xca, 0xbe, 0x87, 0x91, 0x85, 0x89, 0xf8, 0x0d,
-             0xad, 0xd4, 0xef, 0x5e, 0xf2, 0x5a, 0x93, 0xd2, 0x8e})),
-    std::make_pair(
-        56,
-        std::vector<uint8_t>(
-            {0xf8, 0xf3, 0x72, 0x6a, 0xc5, 0xa2, 0x6c, 0xc8, 0x01, 0x32, 0x49,
-             0x3a, 0x6f, 0xed, 0xcb, 0x0e, 0x60, 0x76, 0x0c, 0x09, 0xcf, 0xc8,
-             0x4c, 0xad, 0x17, 0x81, 0x75, 0x98, 0x68, 0x19, 0x66, 0x5e, 0x76,
-             0x84, 0x2d, 0x7b, 0x9f, 0xed, 0xf7, 0x6d, 0xdd, 0xeb, 0xf5, 0xd3,
-             0xf5, 0x6f, 0xaa, 0xad, 0x44, 0x77, 0x58, 0x7a, 0xf2, 0x16, 0x06,
-             0xd3, 0x96, 0xae, 0x57, 0x0d, 0x8e, 0x71, 0x9a, 0xf2})),
-    std::make_pair(
-        57,
-        std::vector<uint8_t>(
-            {0x30, 0x18, 0x60, 0x55, 0xc0, 0x79, 0x49, 0x94, 0x81, 0x83, 0xc8,
-             0x50, 0xe9, 0xa7, 0x56, 0xcc, 0x09, 0x93, 0x7e, 0x24, 0x7d, 0x9d,
-             0x92, 0x8e, 0x86, 0x9e, 0x20, 0xba, 0xfc, 0x3c, 0xd9, 0x72, 0x17,
-             0x19, 0xd3, 0x4e, 0x04, 0xa0, 0x89, 0x9b, 0x92, 0xc7, 0x36, 0x08,
-             0x45, 0x50, 0x18, 0x68, 0x86, 0xef, 0xba, 0x2e, 0x79, 0x0d, 0x8b,
-             0xe6, 0xeb, 0xf0, 0x40, 0xb2, 0x09, 0xc4, 0x39, 0xa4})),
-    std::make_pair(
-        58,
-        std::vector<uint8_t>(
-            {0xf3, 0xc4, 0x27, 0x6c, 0xb8, 0x63, 0x63, 0x77, 0x12, 0xc2, 0x41,
-             0xc4, 0x44, 0xc5, 0xcc, 0x1e, 0x35, 0x54, 0xe0, 0xfd, 0xdb, 0x17,
-             0x4d, 0x03, 0x58, 0x19, 0xdd, 0x83, 0xeb, 0x70, 0x0b, 0x4c, 0xe8,
-             0x8d, 0xf3, 0xab, 0x38, 0x41, 0xba, 0x02, 0x08, 0x5e, 0x1a, 0x99,
-             0xb4, 0xe1, 0x73, 0x10, 0xc5, 0x34, 0x10, 0x75, 0xc0, 0x45, 0x8b,
-             0xa3, 0x76, 0xc9, 0x5a, 0x68, 0x18, 0xfb, 0xb3, 0xe2})),
-    std::make_pair(
-        59,
-        std::vector<uint8_t>(
-            {0x0a, 0xa0, 0x07, 0xc4, 0xdd, 0x9d, 0x58, 0x32, 0x39, 0x30, 0x40,
-             0xa1, 0x58, 0x3c, 0x93, 0x0b, 0xca, 0x7d, 0xc5, 0xe7, 0x7e, 0xa5,
-             0x3a, 0xdd, 0x7e, 0x2b, 0x3f, 0x7c, 0x8e, 0x23, 0x13, 0x68, 0x04,
-             0x35, 0x20, 0xd4, 0xa3, 0xef, 0x53, 0xc9, 0x69, 0xb6, 0xbb, 0xfd,
-             0x02, 0x59, 0x46, 0xf6, 0x32, 0xbd, 0x7f, 0x76, 0x5d, 0x53, 0xc2,
-             0x10, 0x03, 0xb8, 0xf9, 0x83, 0xf7, 0x5e, 0x2a, 0x6a})),
-    std::make_pair(
-        60,
-        std::vector<uint8_t>(
-            {0x08, 0xe9, 0x46, 0x47, 0x20, 0x53, 0x3b, 0x23, 0xa0, 0x4e, 0xc2,
-             0x4f, 0x7a, 0xe8, 0xc1, 0x03, 0x14, 0x5f, 0x76, 0x53, 0x87, 0xd7,
-             0x38, 0x77, 0x7d, 0x3d, 0x34, 0x34, 0x77, 0xfd, 0x1c, 0x58, 0xdb,
-             0x05, 0x21, 0x42, 0xca, 0xb7, 0x54, 0xea, 0x67, 0x43, 0x78, 0xe1,
-             0x87, 0x66, 0xc5, 0x35, 0x42, 0xf7, 0x19, 0x70, 0x17, 0x1c, 0xc4,
-             0xf8, 0x16, 0x94, 0x24, 0x6b, 0x71, 0x7d, 0x75, 0x64})),
-    std::make_pair(
-        61,
-        std::vector<uint8_t>(
-            {0xd3, 0x7f, 0xf7, 0xad, 0x29, 0x79, 0x93, 0xe7, 0xec, 0x21, 0xe0,
-             0xf1, 0xb4, 0xb5, 0xae, 0x71, 0x9c, 0xdc, 0x83, 0xc5, 0xdb, 0x68,
-             0x75, 0x27, 0xf2, 0x75, 0x16, 0xcb, 0xff, 0xa8, 0x22, 0x88, 0x8a,
-             0x68, 0x10, 0xee, 0x5c, 0x1c, 0xa7, 0xbf, 0xe3, 0x32, 0x11, 0x19,
-             0xbe, 0x1a, 0xb7, 0xbf, 0xa0, 0xa5, 0x02, 0x67, 0x1c, 0x83, 0x29,
-             0x49, 0x4d, 0xf7, 0xad, 0x6f, 0x52, 0x2d, 0x44, 0x0f})),
-    std::make_pair(
-        62,
-        std::vector<uint8_t>(
-            {0xdd, 0x90, 0x42, 0xf6, 0xe4, 0x64, 0xdc, 0xf8, 0x6b, 0x12, 0x62,
-             0xf6, 0xac, 0xcf, 0xaf, 0xbd, 0x8c, 0xfd, 0x90, 0x2e, 0xd3, 0xed,
-             0x89, 0xab, 0xf7, 0x8f, 0xfa, 0x48, 0x2d, 0xbd, 0xee, 0xb6, 0x96,
-             0x98, 0x42, 0x39, 0x4c, 0x9a, 0x11, 0x68, 0xae, 0x3d, 0x48, 0x1a,
-             0x01, 0x78, 0x42, 0xf6, 0x60, 0x00, 0x2d, 0x42, 0x44, 0x7c, 0x6b,
-             0x22, 0xf7, 0xb7, 0x2f, 0x21, 0xaa, 0xe0, 0x21, 0xc9})),
-    std::make_pair(
-        63,
-        std::vector<uint8_t>(
-            {0xbd, 0x96, 0x5b, 0xf3, 0x1e, 0x87, 0xd7, 0x03, 0x27, 0x53, 0x6f,
-             0x2a, 0x34, 0x1c, 0xeb, 0xc4, 0x76, 0x8e, 0xca, 0x27, 0x5f, 0xa0,
-             0x5e, 0xf9, 0x8f, 0x7f, 0x1b, 0x71, 0xa0, 0x35, 0x12, 0x98, 0xde,
-             0x00, 0x6f, 0xba, 0x73, 0xfe, 0x67, 0x33, 0xed, 0x01, 0xd7, 0x58,
-             0x01, 0xb4, 0xa9, 0x28, 0xe5, 0x42, 0x31, 0xb3, 0x8e, 0x38, 0xc5,
-             0x62, 0xb2, 0xe3, 0x3e, 0xa1, 0x28, 0x49, 0x92, 0xfa})),
-    std::make_pair(
-        64,
-        std::vector<uint8_t>(
-            {0x65, 0x67, 0x6d, 0x80, 0x06, 0x17, 0x97, 0x2f, 0xbd, 0x87, 0xe4,
-             0xb9, 0x51, 0x4e, 0x1c, 0x67, 0x40, 0x2b, 0x7a, 0x33, 0x10, 0x96,
-             0xd3, 0xbf, 0xac, 0x22, 0xf1, 0xab, 0xb9, 0x53, 0x74, 0xab, 0xc9,
-             0x42, 0xf1, 0x6e, 0x9a, 0xb0, 0xea, 0xd3, 0x3b, 0x87, 0xc9, 0x19,
-             0x68, 0xa6, 0xe5, 0x09, 0xe1, 0x19, 0xff, 0x07, 0x78, 0x7b, 0x3e,
-             0xf4, 0x83, 0xe1, 0xdc, 0xdc, 0xcf, 0x6e, 0x30, 0x22})),
-    std::make_pair(
-        65,
-        std::vector<uint8_t>(
-            {0x93, 0x9f, 0xa1, 0x89, 0x69, 0x9c, 0x5d, 0x2c, 0x81, 0xdd, 0xd1,
-             0xff, 0xc1, 0xfa, 0x20, 0x7c, 0x97, 0x0b, 0x6a, 0x36, 0x85, 0xbb,
-             0x29, 0xce, 0x1d, 0x3e, 0x99, 0xd4, 0x2f, 0x2f, 0x74, 0x42, 0xda,
-             0x53, 0xe9, 0x5a, 0x72, 0x90, 0x73, 0x14, 0xf4, 0x58, 0x83, 0x99,
-             0xa3, 0xff, 0x5b, 0x0a, 0x92, 0xbe, 0xb3, 0xf6, 0xbe, 0x26, 0x94,
-             0xf9, 0xf8, 0x6e, 0xcf, 0x29, 0x52, 0xd5, 0xb4, 0x1c})),
-    std::make_pair(
-        66,
-        std::vector<uint8_t>(
-            {0xc5, 0x16, 0x54, 0x17, 0x01, 0x86, 0x3f, 0x91, 0x00, 0x5f, 0x31,
-             0x41, 0x08, 0xce, 0xec, 0xe3, 0xc6, 0x43, 0xe0, 0x4f, 0xc8, 0xc4,
-             0x2f, 0xd2, 0xff, 0x55, 0x62, 0x20, 0xe6, 0x16, 0xaa, 0xa6, 0xa4,
-             0x8a, 0xeb, 0x97, 0xa8, 0x4b, 0xad, 0x74, 0x78, 0x2e, 0x8d, 0xff,
-             0x96, 0xa1, 0xa2, 0xfa, 0x94, 0x93, 0x39, 0xd7, 0x22, 0xed, 0xca,
-             0xa3, 0x2b, 0x57, 0x06, 0x70, 0x41, 0xdf, 0x88, 0xcc})),
-    std::make_pair(
-        67,
-        std::vector<uint8_t>(
-            {0x98, 0x7f, 0xd6, 0xe0, 0xd6, 0x85, 0x7c, 0x55, 0x3e, 0xae, 0xbb,
-             0x3d, 0x34, 0x97, 0x0a, 0x2c, 0x2f, 0x6e, 0x89, 0xa3, 0x54, 0x8f,
-             0x49, 0x25, 0x21, 0x72, 0x2b, 0x80, 0xa1, 0xc2, 0x1a, 0x15, 0x38,
-             0x92, 0x34, 0x6d, 0x2c, 0xba, 0x64, 0x44, 0x21, 0x2d, 0x56, 0xda,
-             0x9a, 0x26, 0xe3, 0x24, 0xdc, 0xcb, 0xc0, 0xdc, 0xde, 0x85, 0xd4,
-             0xd2, 0xee, 0x43, 0x99, 0xee, 0xc5, 0xa6, 0x4e, 0x8f})),
-    std::make_pair(
-        68,
-        std::vector<uint8_t>(
-            {0xae, 0x56, 0xde, 0xb1, 0xc2, 0x32, 0x8d, 0x9c, 0x40, 0x17, 0x70,
-             0x6b, 0xce, 0x6e, 0x99, 0xd4, 0x13, 0x49, 0x05, 0x3b, 0xa9, 0xd3,
-             0x36, 0xd6, 0x77, 0xc4, 0xc2, 0x7d, 0x9f, 0xd5, 0x0a, 0xe6, 0xae,
-             0xe1, 0x7e, 0x85, 0x31, 0x54, 0xe1, 0xf4, 0xfe, 0x76, 0x72, 0x34,
-             0x6d, 0xa2, 0xea, 0xa3, 0x1e, 0xea, 0x53, 0xfc, 0xf2, 0x4a, 0x22,
-             0x80, 0x4f, 0x11, 0xd0, 0x3d, 0xa6, 0xab, 0xfc, 0x2b})),
-    std::make_pair(
-        69,
-        std::vector<uint8_t>(
-            {0x49, 0xd6, 0xa6, 0x08, 0xc9, 0xbd, 0xe4, 0x49, 0x18, 0x70, 0x49,
-             0x85, 0x72, 0xac, 0x31, 0xaa, 0xc3, 0xfa, 0x40, 0x93, 0x8b, 0x38,
-             0xa7, 0x81, 0x8f, 0x72, 0x38, 0x3e, 0xb0, 0x40, 0xad, 0x39, 0x53,
-             0x2b, 0xc0, 0x65, 0x71, 0xe1, 0x3d, 0x76, 0x7e, 0x69, 0x45, 0xab,
-             0x77, 0xc0, 0xbd, 0xc3, 0xb0, 0x28, 0x42, 0x53, 0x34, 0x3f, 0x9f,
-             0x6c, 0x12, 0x44, 0xeb, 0xf2, 0xff, 0x0d, 0xf8, 0x66})),
-    std::make_pair(
-        70,
-        std::vector<uint8_t>(
-            {0xda, 0x58, 0x2a, 0xd8, 0xc5, 0x37, 0x0b, 0x44, 0x69, 0xaf, 0x86,
-             0x2a, 0xa6, 0x46, 0x7a, 0x22, 0x93, 0xb2, 0xb2, 0x8b, 0xd8, 0x0a,
-             0xe0, 0xe9, 0x1f, 0x42, 0x5a, 0xd3, 0xd4, 0x72, 0x49, 0xfd, 0xf9,
-             0x88, 0x25, 0xcc, 0x86, 0xf1, 0x40, 0x28, 0xc3, 0x30, 0x8c, 0x98,
-             0x04, 0xc7, 0x8b, 0xfe, 0xee, 0xee, 0x46, 0x14, 0x44, 0xce, 0x24,
-             0x36, 0x87, 0xe1, 0xa5, 0x05, 0x22, 0x45, 0x6a, 0x1d})),
-    std::make_pair(
-        71,
-        std::vector<uint8_t>(
-            {0xd5, 0x26, 0x6a, 0xa3, 0x33, 0x11, 0x94, 0xae, 0xf8, 0x52, 0xee,
-             0xd8, 0x6d, 0x7b, 0x5b, 0x26, 0x33, 0xa0, 0xaf, 0x1c, 0x73, 0x59,
-             0x06, 0xf2, 0xe1, 0x32, 0x79, 0xf1, 0x49, 0x31, 0xa9, 0xfc, 0x3b,
-             0x0e, 0xac, 0x5c, 0xe9, 0x24, 0x52, 0x73, 0xbd, 0x1a, 0xa9, 0x29,
-             0x05, 0xab, 0xe1, 0x62, 0x78, 0xef, 0x7e, 0xfd, 0x47, 0x69, 0x47,
-             0x89, 0xa7, 0x28, 0x3b, 0x77, 0xda, 0x3c, 0x70, 0xf8})),
-    std::make_pair(
-        72,
-        std::vector<uint8_t>(
-            {0x29, 0x62, 0x73, 0x4c, 0x28, 0x25, 0x21, 0x86, 0xa9, 0xa1, 0x11,
-             0x1c, 0x73, 0x2a, 0xd4, 0xde, 0x45, 0x06, 0xd4, 0xb4, 0x48, 0x09,
-             0x16, 0x30, 0x3e, 0xb7, 0x99, 0x1d, 0x65, 0x9c, 0xcd, 0xa0, 0x7a,
-             0x99, 0x11, 0x91, 0x4b, 0xc7, 0x5c, 0x41, 0x8a, 0xb7, 0xa4, 0x54,
-             0x17, 0x57, 0xad, 0x05, 0x47, 0x96, 0xe2, 0x67, 0x97, 0xfe, 0xaf,
-             0x36, 0xe9, 0xf6, 0xad, 0x43, 0xf1, 0x4b, 0x35, 0xa4})),
-    std::make_pair(
-        73,
-        std::vector<uint8_t>(
-            {0xe8, 0xb7, 0x9e, 0xc5, 0xd0, 0x6e, 0x11, 0x1b, 0xdf, 0xaf, 0xd7,
-             0x1e, 0x9f, 0x57, 0x60, 0xf0, 0x0a, 0xc8, 0xac, 0x5d, 0x8b, 0xf7,
-             0x68, 0xf9, 0xff, 0x6f, 0x08, 0xb8, 0xf0, 0x26, 0x09, 0x6b, 0x1c,
-             0xc3, 0xa4, 0xc9, 0x73, 0x33, 0x30, 0x19, 0xf1, 0xe3, 0x55, 0x3e,
-             0x77, 0xda, 0x3f, 0x98, 0xcb, 0x9f, 0x54, 0x2e, 0x0a, 0x90, 0xe5,
-             0xf8, 0xa9, 0x40, 0xcc, 0x58, 0xe5, 0x98, 0x44, 0xb3})),
-    std::make_pair(
-        74,
-        std::vector<uint8_t>(
-            {0xdf, 0xb3, 0x20, 0xc4, 0x4f, 0x9d, 0x41, 0xd1, 0xef, 0xdc, 0xc0,
-             0x15, 0xf0, 0x8d, 0xd5, 0x53, 0x9e, 0x52, 0x6e, 0x39, 0xc8, 0x7d,
-             0x50, 0x9a, 0xe6, 0x81, 0x2a, 0x96, 0x9e, 0x54, 0x31, 0xbf, 0x4f,
-             0xa7, 0xd9, 0x1f, 0xfd, 0x03, 0xb9, 0x81, 0xe0, 0xd5, 0x44, 0xcf,
-             0x72, 0xd7, 0xb1, 0xc0, 0x37, 0x4f, 0x88, 0x01, 0x48, 0x2e, 0x6d,
-             0xea, 0x2e, 0xf9, 0x03, 0x87, 0x7e, 0xba, 0x67, 0x5e})),
-    std::make_pair(
-        75,
-        std::vector<uint8_t>(
-            {0xd8, 0x86, 0x75, 0x11, 0x8f, 0xdb, 0x55, 0xa5, 0xfb, 0x36, 0x5a,
-             0xc2, 0xaf, 0x1d, 0x21, 0x7b, 0xf5, 0x26, 0xce, 0x1e, 0xe9, 0xc9,
-             0x4b, 0x2f, 0x00, 0x90, 0xb2, 0xc5, 0x8a, 0x06, 0xca, 0x58, 0x18,
-             0x7d, 0x7f, 0xe5, 0x7c, 0x7b, 0xed, 0x9d, 0x26, 0xfc, 0xa0, 0x67,
-             0xb4, 0x11, 0x0e, 0xef, 0xcd, 0x9a, 0x0a, 0x34, 0x5d, 0xe8, 0x72,
-             0xab, 0xe2, 0x0d, 0xe3, 0x68, 0x00, 0x1b, 0x07, 0x45})),
-    std::make_pair(
-        76,
-        std::vector<uint8_t>(
-            {0xb8, 0x93, 0xf2, 0xfc, 0x41, 0xf7, 0xb0, 0xdd, 0x6e, 0x2f, 0x6a,
-             0xa2, 0xe0, 0x37, 0x0c, 0x0c, 0xff, 0x7d, 0xf0, 0x9e, 0x3a, 0xcf,
-             0xcc, 0x0e, 0x92, 0x0b, 0x6e, 0x6f, 0xad, 0x0e, 0xf7, 0x47, 0xc4,
-             0x06, 0x68, 0x41, 0x7d, 0x34, 0x2b, 0x80, 0xd2, 0x35, 0x1e, 0x8c,
-             0x17, 0x5f, 0x20, 0x89, 0x7a, 0x06, 0x2e, 0x97, 0x65, 0xe6, 0xc6,
-             0x7b, 0x53, 0x9b, 0x6b, 0xa8, 0xb9, 0x17, 0x05, 0x45})),
-    std::make_pair(
-        77,
-        std::vector<uint8_t>(
-            {0x6c, 0x67, 0xec, 0x56, 0x97, 0xac, 0xcd, 0x23, 0x5c, 0x59, 0xb4,
-             0x86, 0xd7, 0xb7, 0x0b, 0xae, 0xed, 0xcb, 0xd4, 0xaa, 0x64, 0xeb,
-             0xd4, 0xee, 0xf3, 0xc7, 0xea, 0xc1, 0x89, 0x56, 0x1a, 0x72, 0x62,
-             0x50, 0xae, 0xc4, 0xd4, 0x8c, 0xad, 0xca, 0xfb, 0xbe, 0x2c, 0xe3,
-             0xc1, 0x6c, 0xe2, 0xd6, 0x91, 0xa8, 0xcc, 0xe0, 0x6e, 0x88, 0x79,
-             0x55, 0x6d, 0x44, 0x83, 0xed, 0x71, 0x65, 0xc0, 0x63})),
-    std::make_pair(
-        78,
-        std::vector<uint8_t>(
-            {0xf1, 0xaa, 0x2b, 0x04, 0x4f, 0x8f, 0x0c, 0x63, 0x8a, 0x3f, 0x36,
-             0x2e, 0x67, 0x7b, 0x5d, 0x89, 0x1d, 0x6f, 0xd2, 0xab, 0x07, 0x65,
-             0xf6, 0xee, 0x1e, 0x49, 0x87, 0xde, 0x05, 0x7e, 0xad, 0x35, 0x78,
-             0x83, 0xd9, 0xb4, 0x05, 0xb9, 0xd6, 0x09, 0xee, 0xa1, 0xb8, 0x69,
-             0xd9, 0x7f, 0xb1, 0x6d, 0x9b, 0x51, 0x01, 0x7c, 0x55, 0x3f, 0x3b,
-             0x93, 0xc0, 0xa1, 0xe0, 0xf1, 0x29, 0x6f, 0xed, 0xcd})),
-    std::make_pair(
-        79,
-        std::vector<uint8_t>(
-            {0xcb, 0xaa, 0x25, 0x95, 0x72, 0xd4, 0xae, 0xbf, 0xc1, 0x91, 0x7a,
-             0xcd, 0xdc, 0x58, 0x2b, 0x9f, 0x8d, 0xfa, 0xa9, 0x28, 0xa1, 0x98,
-             0xca, 0x7a, 0xcd, 0x0f, 0x2a, 0xa7, 0x6a, 0x13, 0x4a, 0x90, 0x25,
-             0x2e, 0x62, 0x98, 0xa6, 0x5b, 0x08, 0x18, 0x6a, 0x35, 0x0d, 0x5b,
-             0x76, 0x26, 0x69, 0x9f, 0x8c, 0xb7, 0x21, 0xa3, 0xea, 0x59, 0x21,
-             0xb7, 0x53, 0xae, 0x3a, 0x2d, 0xce, 0x24, 0xba, 0x3a})),
-    std::make_pair(
-        80,
-        std::vector<uint8_t>(
-            {0xfa, 0x15, 0x49, 0xc9, 0x79, 0x6c, 0xd4, 0xd3, 0x03, 0xdc, 0xf4,
-             0x52, 0xc1, 0xfb, 0xd5, 0x74, 0x4f, 0xd9, 0xb9, 0xb4, 0x70, 0x03,
-             0xd9, 0x20, 0xb9, 0x2d, 0xe3, 0x48, 0x39, 0xd0, 0x7e, 0xf2, 0xa2,
-             0x9d, 0xed, 0x68, 0xf6, 0xfc, 0x9e, 0x6c, 0x45, 0xe0, 0x71, 0xa2,
-             0xe4, 0x8b, 0xd5, 0x0c, 0x50, 0x84, 0xe9, 0x6b, 0x65, 0x7d, 0xd0,
-             0x40, 0x40, 0x45, 0xa1, 0xdd, 0xef, 0xe2, 0x82, 0xed})),
-    std::make_pair(
-        81,
-        std::vector<uint8_t>(
-            {0x5c, 0xf2, 0xac, 0x89, 0x7a, 0xb4, 0x44, 0xdc, 0xb5, 0xc8, 0xd8,
-             0x7c, 0x49, 0x5d, 0xbd, 0xb3, 0x4e, 0x18, 0x38, 0xb6, 0xb6, 0x29,
-             0x42, 0x7c, 0xaa, 0x51, 0x70, 0x2a, 0xd0, 0xf9, 0x68, 0x85, 0x25,
-             0xf1, 0x3b, 0xec, 0x50, 0x3a, 0x3c, 0x3a, 0x2c, 0x80, 0xa6, 0x5e,
-             0x0b, 0x57, 0x15, 0xe8, 0xaf, 0xab, 0x00, 0xff, 0xa5, 0x6e, 0xc4,
-             0x55, 0xa4, 0x9a, 0x1a, 0xd3, 0x0a, 0xa2, 0x4f, 0xcd})),
-    std::make_pair(
-        82,
-        std::vector<uint8_t>(
-            {0x9a, 0xaf, 0x80, 0x20, 0x7b, 0xac, 0xe1, 0x7b, 0xb7, 0xab, 0x14,
-             0x57, 0x57, 0xd5, 0x69, 0x6b, 0xde, 0x32, 0x40, 0x6e, 0xf2, 0x2b,
-             0x44, 0x29, 0x2e, 0xf6, 0x5d, 0x45, 0x19, 0xc3, 0xbb, 0x2a, 0xd4,
-             0x1a, 0x59, 0xb6, 0x2c, 0xc3, 0xe9, 0x4b, 0x6f, 0xa9, 0x6d, 0x32,
-             0xa7, 0xfa, 0xad, 0xae, 0x28, 0xaf, 0x7d, 0x35, 0x09, 0x72, 0x19,
-             0xaa, 0x3f, 0xd8, 0xcd, 0xa3, 0x1e, 0x40, 0xc2, 0x75})),
-    std::make_pair(
-        83,
-        std::vector<uint8_t>(
-            {0xaf, 0x88, 0xb1, 0x63, 0x40, 0x2c, 0x86, 0x74, 0x5c, 0xb6, 0x50,
-             0xc2, 0x98, 0x8f, 0xb9, 0x52, 0x11, 0xb9, 0x4b, 0x03, 0xef, 0x29,
-             0x0e, 0xed, 0x96, 0x62, 0x03, 0x42, 0x41, 0xfd, 0x51, 0xcf, 0x39,
-             0x8f, 0x80, 0x73, 0xe3, 0x69, 0x35, 0x4c, 0x43, 0xea, 0xe1, 0x05,
-             0x2f, 0x9b, 0x63, 0xb0, 0x81, 0x91, 0xca, 0xa1, 0x38, 0xaa, 0x54,
-             0xfe, 0xa8, 0x89, 0xcc, 0x70, 0x24, 0x23, 0x68, 0x97})),
-    std::make_pair(
-        84,
-        std::vector<uint8_t>(
-            {0x48, 0xfa, 0x7d, 0x64, 0xe1, 0xce, 0xee, 0x27, 0xb9, 0x86, 0x4d,
-             0xb5, 0xad, 0xa4, 0xb5, 0x3d, 0x00, 0xc9, 0xbc, 0x76, 0x26, 0x55,
-             0x58, 0x13, 0xd3, 0xcd, 0x67, 0x30, 0xab, 0x3c, 0xc0, 0x6f, 0xf3,
-             0x42, 0xd7, 0x27, 0x90, 0x5e, 0x33, 0x17, 0x1b, 0xde, 0x6e, 0x84,
-             0x76, 0xe7, 0x7f, 0xb1, 0x72, 0x08, 0x61, 0xe9, 0x4b, 0x73, 0xa2,
-             0xc5, 0x38, 0xd2, 0x54, 0x74, 0x62, 0x85, 0xf4, 0x30})),
-    std::make_pair(
-        85,
-        std::vector<uint8_t>(
-            {0x0e, 0x6f, 0xd9, 0x7a, 0x85, 0xe9, 0x04, 0xf8, 0x7b, 0xfe, 0x85,
-             0xbb, 0xeb, 0x34, 0xf6, 0x9e, 0x1f, 0x18, 0x10, 0x5c, 0xf4, 0xed,
-             0x4f, 0x87, 0xae, 0xc3, 0x6c, 0x6e, 0x8b, 0x5f, 0x68, 0xbd, 0x2a,
-             0x6f, 0x3d, 0xc8, 0xa9, 0xec, 0xb2, 0xb6, 0x1d, 0xb4, 0xee, 0xdb,
-             0x6b, 0x2e, 0xa1, 0x0b, 0xf9, 0xcb, 0x02, 0x51, 0xfb, 0x0f, 0x8b,
-             0x34, 0x4a, 0xbf, 0x7f, 0x36, 0x6b, 0x6d, 0xe5, 0xab})),
-    std::make_pair(
-        86,
-        std::vector<uint8_t>(
-            {0x06, 0x62, 0x2d, 0xa5, 0x78, 0x71, 0x76, 0x28, 0x7f, 0xdc, 0x8f,
-             0xed, 0x44, 0x0b, 0xad, 0x18, 0x7d, 0x83, 0x00, 0x99, 0xc9, 0x4e,
-             0x6d, 0x04, 0xc8, 0xe9, 0xc9, 0x54, 0xcd, 0xa7, 0x0c, 0x8b, 0xb9,
-             0xe1, 0xfc, 0x4a, 0x6d, 0x0b, 0xaa, 0x83, 0x1b, 0x9b, 0x78, 0xef,
-             0x66, 0x48, 0x68, 0x1a, 0x48, 0x67, 0xa1, 0x1d, 0xa9, 0x3e, 0xe3,
-             0x6e, 0x5e, 0x6a, 0x37, 0xd8, 0x7f, 0xc6, 0x3f, 0x6f})),
-    std::make_pair(
-        87,
-        std::vector<uint8_t>(
-            {0x1d, 0xa6, 0x77, 0x2b, 0x58, 0xfa, 0xbf, 0x9c, 0x61, 0xf6, 0x8d,
-             0x41, 0x2c, 0x82, 0xf1, 0x82, 0xc0, 0x23, 0x6d, 0x7d, 0x57, 0x5e,
-             0xf0, 0xb5, 0x8d, 0xd2, 0x24, 0x58, 0xd6, 0x43, 0xcd, 0x1d, 0xfc,
-             0x93, 0xb0, 0x38, 0x71, 0xc3, 0x16, 0xd8, 0x43, 0x0d, 0x31, 0x29,
-             0x95, 0xd4, 0x19, 0x7f, 0x08, 0x74, 0xc9, 0x91, 0x72, 0xba, 0x00,
-             0x4a, 0x01, 0xee, 0x29, 0x5a, 0xba, 0xc2, 0x4e, 0x46})),
-    std::make_pair(
-        88,
-        std::vector<uint8_t>(
-            {0x3c, 0xd2, 0xd9, 0x32, 0x0b, 0x7b, 0x1d, 0x5f, 0xb9, 0xaa, 0xb9,
-             0x51, 0xa7, 0x60, 0x23, 0xfa, 0x66, 0x7b, 0xe1, 0x4a, 0x91, 0x24,
-             0xe3, 0x94, 0x51, 0x39, 0x18, 0xa3, 0xf4, 0x40, 0x96, 0xae, 0x49,
-             0x04, 0xba, 0x0f, 0xfc, 0x15, 0x0b, 0x63, 0xbc, 0x7a, 0xb1, 0xee,
-             0xb9, 0xa6, 0xe2, 0x57, 0xe5, 0xc8, 0xf0, 0x00, 0xa7, 0x03, 0x94,
-             0xa5, 0xaf, 0xd8, 0x42, 0x71, 0x5d, 0xe1, 0x5f, 0x29})),
-    std::make_pair(
-        89,
-        std::vector<uint8_t>(
-            {0x04, 0xcd, 0xc1, 0x4f, 0x74, 0x34, 0xe0, 0xb4, 0xbe, 0x70, 0xcb,
-             0x41, 0xdb, 0x4c, 0x77, 0x9a, 0x88, 0xea, 0xef, 0x6a, 0xcc, 0xeb,
-             0xcb, 0x41, 0xf2, 0xd4, 0x2f, 0xff, 0xe7, 0xf3, 0x2a, 0x8e, 0x28,
-             0x1b, 0x5c, 0x10, 0x3a, 0x27, 0x02, 0x1d, 0x0d, 0x08, 0x36, 0x22,
-             0x50, 0x75, 0x3c, 0xdf, 0x70, 0x29, 0x21, 0x95, 0xa5, 0x3a, 0x48,
-             0x72, 0x8c, 0xeb, 0x58, 0x44, 0xc2, 0xd9, 0x8b, 0xab})),
-    std::make_pair(
-        90,
-        std::vector<uint8_t>(
-            {0x90, 0x71, 0xb7, 0xa8, 0xa0, 0x75, 0xd0, 0x09, 0x5b, 0x8f, 0xb3,
-             0xae, 0x51, 0x13, 0x78, 0x57, 0x35, 0xab, 0x98, 0xe2, 0xb5, 0x2f,
-             0xaf, 0x91, 0xd5, 0xb8, 0x9e, 0x44, 0xaa, 0xc5, 0xb5, 0xd4, 0xeb,
-             0xbf, 0x91, 0x22, 0x3b, 0x0f, 0xf4, 0xc7, 0x19, 0x05, 0xda, 0x55,
-             0x34, 0x2e, 0x64, 0x65, 0x5d, 0x6e, 0xf8, 0xc8, 0x9a, 0x47, 0x68,
-             0xc3, 0xf9, 0x3a, 0x6d, 0xc0, 0x36, 0x6b, 0x5b, 0xc8})),
-    std::make_pair(
-        91,
-        std::vector<uint8_t>(
-            {0xeb, 0xb3, 0x02, 0x40, 0xdd, 0x96, 0xc7, 0xbc, 0x8d, 0x0a, 0xbe,
-             0x49, 0xaa, 0x4e, 0xdc, 0xbb, 0x4a, 0xfd, 0xc5, 0x1f, 0xf9, 0xaa,
-             0xf7, 0x20, 0xd3, 0xf9, 0xe7, 0xfb, 0xb0, 0xf9, 0xc6, 0xd6, 0x57,
-             0x13, 0x50, 0x50, 0x17, 0x69, 0xfc, 0x4e, 0xbd, 0x0b, 0x21, 0x41,
-             0x24, 0x7f, 0xf4, 0x00, 0xd4, 0xfd, 0x4b, 0xe4, 0x14, 0xed, 0xf3,
-             0x77, 0x57, 0xbb, 0x90, 0xa3, 0x2a, 0xc5, 0xc6, 0x5a})),
-    std::make_pair(
-        92,
-        std::vector<uint8_t>(
-            {0x85, 0x32, 0xc5, 0x8b, 0xf3, 0xc8, 0x01, 0x5d, 0x9d, 0x1c, 0xbe,
-             0x00, 0xee, 0xf1, 0xf5, 0x08, 0x2f, 0x8f, 0x36, 0x32, 0xfb, 0xe9,
-             0xf1, 0xed, 0x4f, 0x9d, 0xfb, 0x1f, 0xa7, 0x9e, 0x82, 0x83, 0x06,
-             0x6d, 0x77, 0xc4, 0x4c, 0x4a, 0xf9, 0x43, 0xd7, 0x6b, 0x30, 0x03,
-             0x64, 0xae, 0xcb, 0xd0, 0x64, 0x8c, 0x8a, 0x89, 0x39, 0xbd, 0x20,
-             0x41, 0x23, 0xf4, 0xb5, 0x62, 0x60, 0x42, 0x2d, 0xec})),
-    std::make_pair(
-        93,
-        std::vector<uint8_t>(
-            {0xfe, 0x98, 0x46, 0xd6, 0x4f, 0x7c, 0x77, 0x08, 0x69, 0x6f, 0x84,
-             0x0e, 0x2d, 0x76, 0xcb, 0x44, 0x08, 0xb6, 0x59, 0x5c, 0x2f, 0x81,
-             0xec, 0x6a, 0x28, 0xa7, 0xf2, 0xf2, 0x0c, 0xb8, 0x8c, 0xfe, 0x6a,
-             0xc0, 0xb9, 0xe9, 0xb8, 0x24, 0x4f, 0x08, 0xbd, 0x70, 0x95, 0xc3,
-             0x50, 0xc1, 0xd0, 0x84, 0x2f, 0x64, 0xfb, 0x01, 0xbb, 0x7f, 0x53,
-             0x2d, 0xfc, 0xd4, 0x73, 0x71, 0xb0, 0xae, 0xeb, 0x79})),
-    std::make_pair(
-        94,
-        std::vector<uint8_t>(
-            {0x28, 0xf1, 0x7e, 0xa6, 0xfb, 0x6c, 0x42, 0x09, 0x2d, 0xc2, 0x64,
-             0x25, 0x7e, 0x29, 0x74, 0x63, 0x21, 0xfb, 0x5b, 0xda, 0xea, 0x98,
-             0x73, 0xc2, 0xa7, 0xfa, 0x9d, 0x8f, 0x53, 0x81, 0x8e, 0x89, 0x9e,
-             0x16, 0x1b, 0xc7, 0x7d, 0xfe, 0x80, 0x90, 0xaf, 0xd8, 0x2b, 0xf2,
-             0x26, 0x6c, 0x5c, 0x1b, 0xc9, 0x30, 0xa8, 0xd1, 0x54, 0x76, 0x24,
-             0x43, 0x9e, 0x66, 0x2e, 0xf6, 0x95, 0xf2, 0x6f, 0x24})),
-    std::make_pair(
-        95,
-        std::vector<uint8_t>(
-            {0xec, 0x6b, 0x7d, 0x7f, 0x03, 0x0d, 0x48, 0x50, 0xac, 0xae, 0x3c,
-             0xb6, 0x15, 0xc2, 0x1d, 0xd2, 0x52, 0x06, 0xd6, 0x3e, 0x84, 0xd1,
-             0xdb, 0x8d, 0x95, 0x73, 0x70, 0x73, 0x7b, 0xa0, 0xe9, 0x84, 0x67,
-             0xea, 0x0c, 0xe2, 0x74, 0xc6, 0x61, 0x99, 0x90, 0x1e, 0xae, 0xc1,
-             0x8a, 0x08, 0x52, 0x57, 0x15, 0xf5, 0x3b, 0xfd, 0xb0, 0xaa, 0xcb,
-             0x61, 0x3d, 0x34, 0x2e, 0xbd, 0xce, 0xed, 0xdc, 0x3b})),
-    std::make_pair(
-        96,
-        std::vector<uint8_t>(
-            {0xb4, 0x03, 0xd3, 0x69, 0x1c, 0x03, 0xb0, 0xd3, 0x41, 0x8d, 0xf3,
-             0x27, 0xd5, 0x86, 0x0d, 0x34, 0xbb, 0xfc, 0xc4, 0x51, 0x9b, 0xfb,
-             0xce, 0x36, 0xbf, 0x33, 0xb2, 0x08, 0x38, 0x5f, 0xad, 0xb9, 0x18,
-             0x6b, 0xc7, 0x8a, 0x76, 0xc4, 0x89, 0xd8, 0x9f, 0xd5, 0x7e, 0x7d,
-             0xc7, 0x54, 0x12, 0xd2, 0x3b, 0xcd, 0x1d, 0xae, 0x84, 0x70, 0xce,
-             0x92, 0x74, 0x75, 0x4b, 0xb8, 0x58, 0x5b, 0x13, 0xc5})),
-    std::make_pair(
-        97,
-        std::vector<uint8_t>(
-            {0x31, 0xfc, 0x79, 0x73, 0x8b, 0x87, 0x72, 0xb3, 0xf5, 0x5c, 0xd8,
-             0x17, 0x88, 0x13, 0xb3, 0xb5, 0x2d, 0x0d, 0xb5, 0xa4, 0x19, 0xd3,
-             0x0b, 0xa9, 0x49, 0x5c, 0x4b, 0x9d, 0xa0, 0x21, 0x9f, 0xac, 0x6d,
-             0xf8, 0xe7, 0xc2, 0x3a, 0x81, 0x15, 0x51, 0xa6, 0x2b, 0x82, 0x7f,
-             0x25, 0x6e, 0xcd, 0xb8, 0x12, 0x4a, 0xc8, 0xa6, 0x79, 0x2c, 0xcf,
-             0xec, 0xc3, 0xb3, 0x01, 0x27, 0x22, 0xe9, 0x44, 0x63})),
-    std::make_pair(
-        98,
-        std::vector<uint8_t>(
-            {0xbb, 0x20, 0x39, 0xec, 0x28, 0x70, 0x91, 0xbc, 0xc9, 0x64, 0x2f,
-             0xc9, 0x00, 0x49, 0xe7, 0x37, 0x32, 0xe0, 0x2e, 0x57, 0x7e, 0x28,
-             0x62, 0xb3, 0x22, 0x16, 0xae, 0x9b, 0xed, 0xcd, 0x73, 0x0c, 0x4c,
-             0x28, 0x4e, 0xf3, 0x96, 0x8c, 0x36, 0x8b, 0x7d, 0x37, 0x58, 0x4f,
-             0x97, 0xbd, 0x4b, 0x4d, 0xc6, 0xef, 0x61, 0x27, 0xac, 0xfe, 0x2e,
-             0x6a, 0xe2, 0x50, 0x91, 0x24, 0xe6, 0x6c, 0x8a, 0xf4})),
-    std::make_pair(
-        99,
-        std::vector<uint8_t>(
-            {0xf5, 0x3d, 0x68, 0xd1, 0x3f, 0x45, 0xed, 0xfc, 0xb9, 0xbd, 0x41,
-             0x5e, 0x28, 0x31, 0xe9, 0x38, 0x35, 0x0d, 0x53, 0x80, 0xd3, 0x43,
-             0x22, 0x78, 0xfc, 0x1c, 0x0c, 0x38, 0x1f, 0xcb, 0x7c, 0x65, 0xc8,
-             0x2d, 0xaf, 0xe0, 0x51, 0xd8, 0xc8, 0xb0, 0xd4, 0x4e, 0x09, 0x74,
-             0xa0, 0xe5, 0x9e, 0xc7, 0xbf, 0x7e, 0xd0, 0x45, 0x9f, 0x86, 0xe9,
-             0x6f, 0x32, 0x9f, 0xc7, 0x97, 0x52, 0x51, 0x0f, 0xd3})),
-    std::make_pair(
-        100,
-        std::vector<uint8_t>(
-            {0x8d, 0x56, 0x8c, 0x79, 0x84, 0xf0, 0xec, 0xdf, 0x76, 0x40, 0xfb,
-             0xc4, 0x83, 0xb5, 0xd8, 0xc9, 0xf8, 0x66, 0x34, 0xf6, 0xf4, 0x32,
-             0x91, 0x84, 0x1b, 0x30, 0x9a, 0x35, 0x0a, 0xb9, 0xc1, 0x13, 0x7d,
-             0x24, 0x06, 0x6b, 0x09, 0xda, 0x99, 0x44, 0xba, 0xc5, 0x4d, 0x5b,
-             0xb6, 0x58, 0x0d, 0x83, 0x60, 0x47, 0xaa, 0xc7, 0x4a, 0xb7, 0x24,
-             0xb8, 0x87, 0xeb, 0xf9, 0x3d, 0x4b, 0x32, 0xec, 0xa9})),
-    std::make_pair(
-        101,
-        std::vector<uint8_t>(
-            {0xc0, 0xb6, 0x5c, 0xe5, 0xa9, 0x6f, 0xf7, 0x74, 0xc4, 0x56, 0xca,
-             0xc3, 0xb5, 0xf2, 0xc4, 0xcd, 0x35, 0x9b, 0x4f, 0xf5, 0x3e, 0xf9,
-             0x3a, 0x3d, 0xa0, 0x77, 0x8b, 0xe4, 0x90, 0x0d, 0x1e, 0x8d, 0xa1,
-             0x60, 0x1e, 0x76, 0x9e, 0x8f, 0x1b, 0x02, 0xd2, 0xa2, 0xf8, 0xc5,
-             0xb9, 0xfa, 0x10, 0xb4, 0x4f, 0x1c, 0x18, 0x69, 0x85, 0x46, 0x8f,
-             0xee, 0xb0, 0x08, 0x73, 0x02, 0x83, 0xa6, 0x65, 0x7d})),
-    std::make_pair(
-        102,
-        std::vector<uint8_t>(
-            {0x49, 0x00, 0xbb, 0xa6, 0xf5, 0xfb, 0x10, 0x3e, 0xce, 0x8e, 0xc9,
-             0x6a, 0xda, 0x13, 0xa5, 0xc3, 0xc8, 0x54, 0x88, 0xe0, 0x55, 0x51,
-             0xda, 0x6b, 0x6b, 0x33, 0xd9, 0x88, 0xe6, 0x11, 0xec, 0x0f, 0xe2,
-             0xe3, 0xc2, 0xaa, 0x48, 0xea, 0x6a, 0xe8, 0x98, 0x6a, 0x3a, 0x23,
-             0x1b, 0x22, 0x3c, 0x5d, 0x27, 0xce, 0xc2, 0xea, 0xdd, 0xe9, 0x1c,
-             0xe0, 0x79, 0x81, 0xee, 0x65, 0x28, 0x62, 0xd1, 0xe4})),
-    std::make_pair(
-        103,
-        std::vector<uint8_t>(
-            {0xc7, 0xf5, 0xc3, 0x7c, 0x72, 0x85, 0xf9, 0x27, 0xf7, 0x64, 0x43,
-             0x41, 0x4d, 0x43, 0x57, 0xff, 0x78, 0x96, 0x47, 0xd7, 0xa0, 0x05,
-             0xa5, 0xa7, 0x87, 0xe0, 0x3c, 0x34, 0x6b, 0x57, 0xf4, 0x9f, 0x21,
-             0xb6, 0x4f, 0xa9, 0xcf, 0x4b, 0x7e, 0x45, 0x57, 0x3e, 0x23, 0x04,
-             0x90, 0x17, 0x56, 0x71, 0x21, 0xa9, 0xc3, 0xd4, 0xb2, 0xb7, 0x3e,
-             0xc5, 0xe9, 0x41, 0x35, 0x77, 0x52, 0x5d, 0xb4, 0x5a})),
-    std::make_pair(
-        104,
-        std::vector<uint8_t>(
-            {0xec, 0x70, 0x96, 0x33, 0x07, 0x36, 0xfd, 0xb2, 0xd6, 0x4b, 0x56,
-             0x53, 0xe7, 0x47, 0x5d, 0xa7, 0x46, 0xc2, 0x3a, 0x46, 0x13, 0xa8,
-             0x26, 0x87, 0xa2, 0x80, 0x62, 0xd3, 0x23, 0x63, 0x64, 0x28, 0x4a,
-             0xc0, 0x17, 0x20, 0xff, 0xb4, 0x06, 0xcf, 0xe2, 0x65, 0xc0, 0xdf,
-             0x62, 0x6a, 0x18, 0x8c, 0x9e, 0x59, 0x63, 0xac, 0xe5, 0xd3, 0xd5,
-             0xbb, 0x36, 0x3e, 0x32, 0xc3, 0x8c, 0x21, 0x90, 0xa6})),
-    std::make_pair(
-        105,
-        std::vector<uint8_t>(
-            {0x82, 0xe7, 0x44, 0xc7, 0x5f, 0x46, 0x49, 0xec, 0x52, 0xb8, 0x07,
-             0x71, 0xa7, 0x7d, 0x47, 0x5a, 0x3b, 0xc0, 0x91, 0x98, 0x95, 0x56,
-             0x96, 0x0e, 0x27, 0x6a, 0x5f, 0x9e, 0xad, 0x92, 0xa0, 0x3f, 0x71,
-             0x87, 0x42, 0xcd, 0xcf, 0xea, 0xee, 0x5c, 0xb8, 0x5c, 0x44, 0xaf,
-             0x19, 0x8a, 0xdc, 0x43, 0xa4, 0xa4, 0x28, 0xf5, 0xf0, 0xc2, 0xdd,
-             0xb0, 0xbe, 0x36, 0x05, 0x9f, 0x06, 0xd7, 0xdf, 0x73})),
-    std::make_pair(
-        106,
-        std::vector<uint8_t>(
-            {0x28, 0x34, 0xb7, 0xa7, 0x17, 0x0f, 0x1f, 0x5b, 0x68, 0x55, 0x9a,
-             0xb7, 0x8c, 0x10, 0x50, 0xec, 0x21, 0xc9, 0x19, 0x74, 0x0b, 0x78,
-             0x4a, 0x90, 0x72, 0xf6, 0xe5, 0xd6, 0x9f, 0x82, 0x8d, 0x70, 0xc9,
-             0x19, 0xc5, 0x03, 0x9f, 0xb1, 0x48, 0xe3, 0x9e, 0x2c, 0x8a, 0x52,
-             0x11, 0x83, 0x78, 0xb0, 0x64, 0xca, 0x8d, 0x50, 0x01, 0xcd, 0x10,
-             0xa5, 0x47, 0x83, 0x87, 0xb9, 0x66, 0x71, 0x5e, 0xd6})),
-    std::make_pair(
-        107,
-        std::vector<uint8_t>(
-            {0x16, 0xb4, 0xad, 0xa8, 0x83, 0xf7, 0x2f, 0x85, 0x3b, 0xb7, 0xef,
-             0x25, 0x3e, 0xfc, 0xab, 0x0c, 0x3e, 0x21, 0x61, 0x68, 0x7a, 0xd6,
-             0x15, 0x43, 0xa0, 0xd2, 0x82, 0x4f, 0x91, 0xc1, 0xf8, 0x13, 0x47,
-             0xd8, 0x6b, 0xe7, 0x09, 0xb1, 0x69, 0x96, 0xe1, 0x7f, 0x2d, 0xd4,
-             0x86, 0x92, 0x7b, 0x02, 0x88, 0xad, 0x38, 0xd1, 0x30, 0x63, 0xc4,
-             0xa9, 0x67, 0x2c, 0x39, 0x39, 0x7d, 0x37, 0x89, 0xb6})),
-    std::make_pair(
-        108,
-        std::vector<uint8_t>(
-            {0x78, 0xd0, 0x48, 0xf3, 0xa6, 0x9d, 0x8b, 0x54, 0xae, 0x0e, 0xd6,
-             0x3a, 0x57, 0x3a, 0xe3, 0x50, 0xd8, 0x9f, 0x7c, 0x6c, 0xf1, 0xf3,
-             0x68, 0x89, 0x30, 0xde, 0x89, 0x9a, 0xfa, 0x03, 0x76, 0x97, 0x62,
-             0x9b, 0x31, 0x4e, 0x5c, 0xd3, 0x03, 0xaa, 0x62, 0xfe, 0xea, 0x72,
-             0xa2, 0x5b, 0xf4, 0x2b, 0x30, 0x4b, 0x6c, 0x6b, 0xcb, 0x27, 0xfa,
-             0xe2, 0x1c, 0x16, 0xd9, 0x25, 0xe1, 0xfb, 0xda, 0xc3})),
-    std::make_pair(
-        109,
-        std::vector<uint8_t>(
-            {0x0f, 0x74, 0x6a, 0x48, 0x74, 0x92, 0x87, 0xad, 0xa7, 0x7a, 0x82,
-             0x96, 0x1f, 0x05, 0xa4, 0xda, 0x4a, 0xbd, 0xb7, 0xd7, 0x7b, 0x12,
-             0x20, 0xf8, 0x36, 0xd0, 0x9e, 0xc8, 0x14, 0x35, 0x9c, 0x0e, 0xc0,
-             0x23, 0x9b, 0x8c, 0x7b, 0x9f, 0xf9, 0xe0, 0x2f, 0x56, 0x9d, 0x1b,
-             0x30, 0x1e, 0xf6, 0x7c, 0x46, 0x12, 0xd1, 0xde, 0x4f, 0x73, 0x0f,
-             0x81, 0xc1, 0x2c, 0x40, 0xcc, 0x06, 0x3c, 0x5c, 0xaa})),
-    std::make_pair(
-        110,
-        std::vector<uint8_t>(
-            {0xf0, 0xfc, 0x85, 0x9d, 0x3b, 0xd1, 0x95, 0xfb, 0xdc, 0x2d, 0x59,
-             0x1e, 0x4c, 0xda, 0xc1, 0x51, 0x79, 0xec, 0x0f, 0x1d, 0xc8, 0x21,
-             0xc1, 0x1d, 0xf1, 0xf0, 0xc1, 0xd2, 0x6e, 0x62, 0x60, 0xaa, 0xa6,
-             0x5b, 0x79, 0xfa, 0xfa, 0xca, 0xfd, 0x7d, 0x3a, 0xd6, 0x1e, 0x60,
-             0x0f, 0x25, 0x09, 0x05, 0xf5, 0x87, 0x8c, 0x87, 0x45, 0x28, 0x97,
-             0x64, 0x7a, 0x35, 0xb9, 0x95, 0xbc, 0xad, 0xc3, 0xa3})),
-    std::make_pair(
-        111,
-        std::vector<uint8_t>(
-            {0x26, 0x20, 0xf6, 0x87, 0xe8, 0x62, 0x5f, 0x6a, 0x41, 0x24, 0x60,
-             0xb4, 0x2e, 0x2c, 0xef, 0x67, 0x63, 0x42, 0x08, 0xce, 0x10, 0xa0,
-             0xcb, 0xd4, 0xdf, 0xf7, 0x04, 0x4a, 0x41, 0xb7, 0x88, 0x00, 0x77,
-             0xe9, 0xf8, 0xdc, 0x3b, 0x8d, 0x12, 0x16, 0xd3, 0x37, 0x6a, 0x21,
-             0xe0, 0x15, 0xb5, 0x8f, 0xb2, 0x79, 0xb5, 0x21, 0xd8, 0x3f, 0x93,
-             0x88, 0xc7, 0x38, 0x2c, 0x85, 0x05, 0x59, 0x0b, 0x9b})),
-    std::make_pair(
-        112,
-        std::vector<uint8_t>(
-            {0x22, 0x7e, 0x3a, 0xed, 0x8d, 0x2c, 0xb1, 0x0b, 0x91, 0x8f, 0xcb,
-             0x04, 0xf9, 0xde, 0x3e, 0x6d, 0x0a, 0x57, 0xe0, 0x84, 0x76, 0xd9,
-             0x37, 0x59, 0xcd, 0x7b, 0x2e, 0xd5, 0x4a, 0x1c, 0xbf, 0x02, 0x39,
-             0xc5, 0x28, 0xfb, 0x04, 0xbb, 0xf2, 0x88, 0x25, 0x3e, 0x60, 0x1d,
-             0x3b, 0xc3, 0x8b, 0x21, 0x79, 0x4a, 0xfe, 0xf9, 0x0b, 0x17, 0x09,
-             0x4a, 0x18, 0x2c, 0xac, 0x55, 0x77, 0x45, 0xe7, 0x5f})),
-    std::make_pair(
-        113,
-        std::vector<uint8_t>(
-            {0x1a, 0x92, 0x99, 0x01, 0xb0, 0x9c, 0x25, 0xf2, 0x7d, 0x6b, 0x35,
-             0xbe, 0x7b, 0x2f, 0x1c, 0x47, 0x45, 0x13, 0x1f, 0xde, 0xbc, 0xa7,
-             0xf3, 0xe2, 0x45, 0x19, 0x26, 0x72, 0x04, 0x34, 0xe0, 0xdb, 0x6e,
-             0x74, 0xfd, 0x69, 0x3a, 0xd2, 0x9b, 0x77, 0x7d, 0xc3, 0x35, 0x5c,
-             0x59, 0x2a, 0x36, 0x1c, 0x48, 0x73, 0xb0, 0x11, 0x33, 0xa5, 0x7c,
-             0x2e, 0x3b, 0x70, 0x75, 0xcb, 0xdb, 0x86, 0xf4, 0xfc})),
-    std::make_pair(
-        114,
-        std::vector<uint8_t>(
-            {0x5f, 0xd7, 0x96, 0x8b, 0xc2, 0xfe, 0x34, 0xf2, 0x20, 0xb5, 0xe3,
-             0xdc, 0x5a, 0xf9, 0x57, 0x17, 0x42, 0xd7, 0x3b, 0x7d, 0x60, 0x81,
-             0x9f, 0x28, 0x88, 0xb6, 0x29, 0x07, 0x2b, 0x96, 0xa9, 0xd8, 0xab,
-             0x2d, 0x91, 0xb8, 0x2d, 0x0a, 0x9a, 0xab, 0xa6, 0x1b, 0xbd, 0x39,
-             0x95, 0x81, 0x32, 0xfc, 0xc4, 0x25, 0x70, 0x23, 0xd1, 0xec, 0xa5,
-             0x91, 0xb3, 0x05, 0x4e, 0x2d, 0xc8, 0x1c, 0x82, 0x00})),
-    std::make_pair(
-        115,
-        std::vector<uint8_t>(
-            {0xdf, 0xcc, 0xe8, 0xcf, 0x32, 0x87, 0x0c, 0xc6, 0xa5, 0x03, 0xea,
-             0xda, 0xfc, 0x87, 0xfd, 0x6f, 0x78, 0x91, 0x8b, 0x9b, 0x4d, 0x07,
-             0x37, 0xdb, 0x68, 0x10, 0xbe, 0x99, 0x6b, 0x54, 0x97, 0xe7, 0xe5,
-             0xcc, 0x80, 0xe3, 0x12, 0xf6, 0x1e, 0x71, 0xff, 0x3e, 0x96, 0x24,
-             0x43, 0x60, 0x73, 0x15, 0x64, 0x03, 0xf7, 0x35, 0xf5, 0x6b, 0x0b,
-             0x01, 0x84, 0x5c, 0x18, 0xf6, 0xca, 0xf7, 0x72, 0xe6})),
-    std::make_pair(
-        116,
-        std::vector<uint8_t>(
-            {0x02, 0xf7, 0xef, 0x3a, 0x9c, 0xe0, 0xff, 0xf9, 0x60, 0xf6, 0x70,
-             0x32, 0xb2, 0x96, 0xef, 0xca, 0x30, 0x61, 0xf4, 0x93, 0x4d, 0x69,
-             0x07, 0x49, 0xf2, 0xd0, 0x1c, 0x35, 0xc8, 0x1c, 0x14, 0xf3, 0x9a,
-             0x67, 0xfa, 0x35, 0x0b, 0xc8, 0xa0, 0x35, 0x9b, 0xf1, 0x72, 0x4b,
-             0xff, 0xc3, 0xbc, 0xa6, 0xd7, 0xc7, 0xbb, 0xa4, 0x79, 0x1f, 0xd5,
-             0x22, 0xa3, 0xad, 0x35, 0x3c, 0x02, 0xec, 0x5a, 0xa8})),
-    std::make_pair(
-        117,
-        std::vector<uint8_t>(
-            {0x64, 0xbe, 0x5c, 0x6a, 0xba, 0x65, 0xd5, 0x94, 0x84, 0x4a, 0xe7,
-             0x8b, 0xb0, 0x22, 0xe5, 0xbe, 0xbe, 0x12, 0x7f, 0xd6, 0xb6, 0xff,
-             0xa5, 0xa1, 0x37, 0x03, 0x85, 0x5a, 0xb6, 0x3b, 0x62, 0x4d, 0xcd,
-             0x1a, 0x36, 0x3f, 0x99, 0x20, 0x3f, 0x63, 0x2e, 0xc3, 0x86, 0xf3,
-             0xea, 0x76, 0x7f, 0xc9, 0x92, 0xe8, 0xed, 0x96, 0x86, 0x58, 0x6a,
-             0xa2, 0x75, 0x55, 0xa8, 0x59, 0x9d, 0x5b, 0x80, 0x8f})),
-    std::make_pair(
-        118,
-        std::vector<uint8_t>(
-            {0xf7, 0x85, 0x85, 0x50, 0x5c, 0x4e, 0xaa, 0x54, 0xa8, 0xb5, 0xbe,
-             0x70, 0xa6, 0x1e, 0x73, 0x5e, 0x0f, 0xf9, 0x7a, 0xf9, 0x44, 0xdd,
-             0xb3, 0x00, 0x1e, 0x35, 0xd8, 0x6c, 0x4e, 0x21, 0x99, 0xd9, 0x76,
-             0x10, 0x4b, 0x6a, 0xe3, 0x17, 0x50, 0xa3, 0x6a, 0x72, 0x6e, 0xd2,
-             0x85, 0x06, 0x4f, 0x59, 0x81, 0xb5, 0x03, 0x88, 0x9f, 0xef, 0x82,
-             0x2f, 0xcd, 0xc2, 0x89, 0x8d, 0xdd, 0xb7, 0x88, 0x9a})),
-    std::make_pair(
-        119,
-        std::vector<uint8_t>(
-            {0xe4, 0xb5, 0x56, 0x60, 0x33, 0x86, 0x95, 0x72, 0xed, 0xfd, 0x87,
-             0x47, 0x9a, 0x5b, 0xb7, 0x3c, 0x80, 0xe8, 0x75, 0x9b, 0x91, 0x23,
-             0x28, 0x79, 0xd9, 0x6b, 0x1d, 0xda, 0x36, 0xc0, 0x12, 0x07, 0x6e,
-             0xe5, 0xa2, 0xed, 0x7a, 0xe2, 0xde, 0x63, 0xef, 0x84, 0x06, 0xa0,
-             0x6a, 0xea, 0x82, 0xc1, 0x88, 0x03, 0x1b, 0x56, 0x0b, 0xea, 0xfb,
-             0x58, 0x3f, 0xb3, 0xde, 0x9e, 0x57, 0x95, 0x2a, 0x7e})),
-    std::make_pair(
-        120,
-        std::vector<uint8_t>(
-            {0xe1, 0xb3, 0xe7, 0xed, 0x86, 0x7f, 0x6c, 0x94, 0x84, 0xa2, 0xa9,
-             0x7f, 0x77, 0x15, 0xf2, 0x5e, 0x25, 0x29, 0x4e, 0x99, 0x2e, 0x41,
-             0xf6, 0xa7, 0xc1, 0x61, 0xff, 0xc2, 0xad, 0xc6, 0xda, 0xae, 0xb7,
-             0x11, 0x31, 0x02, 0xd5, 0xe6, 0x09, 0x02, 0x87, 0xfe, 0x6a, 0xd9,
-             0x4c, 0xe5, 0xd6, 0xb7, 0x39, 0xc6, 0xca, 0x24, 0x0b, 0x05, 0xc7,
-             0x6f, 0xb7, 0x3f, 0x25, 0xdd, 0x02, 0x4b, 0xf9, 0x35})),
-    std::make_pair(
-        121,
-        std::vector<uint8_t>(
-            {0x85, 0xfd, 0x08, 0x5f, 0xdc, 0x12, 0xa0, 0x80, 0x98, 0x3d, 0xf0,
-             0x7b, 0xd7, 0x01, 0x2b, 0x0d, 0x40, 0x2a, 0x0f, 0x40, 0x43, 0xfc,
-             0xb2, 0x77, 0x5a, 0xdf, 0x0b, 0xad, 0x17, 0x4f, 0x9b, 0x08, 0xd1,
-             0x67, 0x6e, 0x47, 0x69, 0x85, 0x78, 0x5c, 0x0a, 0x5d, 0xcc, 0x41,
-             0xdb, 0xff, 0x6d, 0x95, 0xef, 0x4d, 0x66, 0xa3, 0xfb, 0xdc, 0x4a,
-             0x74, 0xb8, 0x2b, 0xa5, 0x2d, 0xa0, 0x51, 0x2b, 0x74})),
-    std::make_pair(
-        122,
-        std::vector<uint8_t>(
-            {0xae, 0xd8, 0xfa, 0x76, 0x4b, 0x0f, 0xbf, 0xf8, 0x21, 0xe0, 0x52,
-             0x33, 0xd2, 0xf7, 0xb0, 0x90, 0x0e, 0xc4, 0x4d, 0x82, 0x6f, 0x95,
-             0xe9, 0x3c, 0x34, 0x3c, 0x1b, 0xc3, 0xba, 0x5a, 0x24, 0x37, 0x4b,
-             0x1d, 0x61, 0x6e, 0x7e, 0x7a, 0xba, 0x45, 0x3a, 0x0a, 0xda, 0x5e,
-             0x4f, 0xab, 0x53, 0x82, 0x40, 0x9e, 0x0d, 0x42, 0xce, 0x9c, 0x2b,
-             0xc7, 0xfb, 0x39, 0xa9, 0x9c, 0x34, 0x0c, 0x20, 0xf0})),
-    std::make_pair(
-        123,
-        std::vector<uint8_t>(
-            {0x7b, 0xa3, 0xb2, 0xe2, 0x97, 0x23, 0x35, 0x22, 0xee, 0xb3, 0x43,
-             0xbd, 0x3e, 0xbc, 0xfd, 0x83, 0x5a, 0x04, 0x00, 0x77, 0x35, 0xe8,
-             0x7f, 0x0c, 0xa3, 0x00, 0xcb, 0xee, 0x6d, 0x41, 0x65, 0x65, 0x16,
-             0x21, 0x71, 0x58, 0x1e, 0x40, 0x20, 0xff, 0x4c, 0xf1, 0x76, 0x45,
-             0x0f, 0x12, 0x91, 0xea, 0x22, 0x85, 0xcb, 0x9e, 0xbf, 0xfe, 0x4c,
-             0x56, 0x66, 0x06, 0x27, 0x68, 0x51, 0x45, 0x05, 0x1c})),
-    std::make_pair(
-        124,
-        std::vector<uint8_t>(
-            {0xde, 0x74, 0x8b, 0xcf, 0x89, 0xec, 0x88, 0x08, 0x47, 0x21, 0xe1,
-             0x6b, 0x85, 0xf3, 0x0a, 0xdb, 0x1a, 0x61, 0x34, 0xd6, 0x64, 0xb5,
-             0x84, 0x35, 0x69, 0xba, 0xbc, 0x5b, 0xbd, 0x1a, 0x15, 0xca, 0x9b,
-             0x61, 0x80, 0x3c, 0x90, 0x1a, 0x4f, 0xef, 0x32, 0x96, 0x5a, 0x17,
-             0x49, 0xc9, 0xf3, 0xa4, 0xe2, 0x43, 0xe1, 0x73, 0x93, 0x9d, 0xc5,
-             0xa8, 0xdc, 0x49, 0x5c, 0x67, 0x1a, 0xb5, 0x21, 0x45})),
-    std::make_pair(
-        125,
-        std::vector<uint8_t>(
-            {0xaa, 0xf4, 0xd2, 0xbd, 0xf2, 0x00, 0xa9, 0x19, 0x70, 0x6d, 0x98,
-             0x42, 0xdc, 0xe1, 0x6c, 0x98, 0x14, 0x0d, 0x34, 0xbc, 0x43, 0x3d,
-             0xf3, 0x20, 0xab, 0xa9, 0xbd, 0x42, 0x9e, 0x54, 0x9a, 0xa7, 0xa3,
-             0x39, 0x76, 0x52, 0xa4, 0xd7, 0x68, 0x27, 0x77, 0x86, 0xcf, 0x99,
-             0x3c, 0xde, 0x23, 0x38, 0x67, 0x3e, 0xd2, 0xe6, 0xb6, 0x6c, 0x96,
-             0x1f, 0xef, 0xb8, 0x2c, 0xd2, 0x0c, 0x93, 0x33, 0x8f})),
-    std::make_pair(
-        126,
-        std::vector<uint8_t>(
-            {0xc4, 0x08, 0x21, 0x89, 0x68, 0xb7, 0x88, 0xbf, 0x86, 0x4f, 0x09,
-             0x97, 0xe6, 0xbc, 0x4c, 0x3d, 0xba, 0x68, 0xb2, 0x76, 0xe2, 0x12,
-             0x5a, 0x48, 0x43, 0x29, 0x60, 0x52, 0xff, 0x93, 0xbf, 0x57, 0x67,
-             0xb8, 0xcd, 0xce, 0x71, 0x31, 0xf0, 0x87, 0x64, 0x30, 0xc1, 0x16,
-             0x5f, 0xec, 0x6c, 0x4f, 0x47, 0xad, 0xaa, 0x4f, 0xd8, 0xbc, 0xfa,
-             0xce, 0xf4, 0x63, 0xb5, 0xd3, 0xd0, 0xfa, 0x61, 0xa0})),
-    std::make_pair(
-        127,
-        std::vector<uint8_t>(
-            {0x76, 0xd2, 0xd8, 0x19, 0xc9, 0x2b, 0xce, 0x55, 0xfa, 0x8e, 0x09,
-             0x2a, 0xb1, 0xbf, 0x9b, 0x9e, 0xab, 0x23, 0x7a, 0x25, 0x26, 0x79,
-             0x86, 0xca, 0xcf, 0x2b, 0x8e, 0xe1, 0x4d, 0x21, 0x4d, 0x73, 0x0d,
-             0xc9, 0xa5, 0xaa, 0x2d, 0x7b, 0x59, 0x6e, 0x86, 0xa1, 0xfd, 0x8f,
-             0xa0, 0x80, 0x4c, 0x77, 0x40, 0x2d, 0x2f, 0xcd, 0x45, 0x08, 0x36,
-             0x88, 0xb2, 0x18, 0xb1, 0xcd, 0xfa, 0x0d, 0xcb, 0xcb})),
-    std::make_pair(
-        128,
-        std::vector<uint8_t>(
-            {0x72, 0x06, 0x5e, 0xe4, 0xdd, 0x91, 0xc2, 0xd8, 0x50, 0x9f, 0xa1,
-             0xfc, 0x28, 0xa3, 0x7c, 0x7f, 0xc9, 0xfa, 0x7d, 0x5b, 0x3f, 0x8a,
-             0xd3, 0xd0, 0xd7, 0xa2, 0x56, 0x26, 0xb5, 0x7b, 0x1b, 0x44, 0x78,
-             0x8d, 0x4c, 0xaf, 0x80, 0x62, 0x90, 0x42, 0x5f, 0x98, 0x90, 0xa3,
-             0xa2, 0xa3, 0x5a, 0x90, 0x5a, 0xb4, 0xb3, 0x7a, 0xcf, 0xd0, 0xda,
-             0x6e, 0x45, 0x17, 0xb2, 0x52, 0x5c, 0x96, 0x51, 0xe4})),
-    std::make_pair(
-        129,
-        std::vector<uint8_t>(
-            {0x64, 0x47, 0x5d, 0xfe, 0x76, 0x00, 0xd7, 0x17, 0x1b, 0xea, 0x0b,
-             0x39, 0x4e, 0x27, 0xc9, 0xb0, 0x0d, 0x8e, 0x74, 0xdd, 0x1e, 0x41,
-             0x6a, 0x79, 0x47, 0x36, 0x82, 0xad, 0x3d, 0xfd, 0xbb, 0x70, 0x66,
-             0x31, 0x55, 0x80, 0x55, 0xcf, 0xc8, 0xa4, 0x0e, 0x07, 0xbd, 0x01,
-             0x5a, 0x45, 0x40, 0xdc, 0xde, 0xa1, 0x58, 0x83, 0xcb, 0xbf, 0x31,
-             0x41, 0x2d, 0xf1, 0xde, 0x1c, 0xd4, 0x15, 0x2b, 0x91})),
-    std::make_pair(
-        130,
-        std::vector<uint8_t>(
-            {0x12, 0xcd, 0x16, 0x74, 0xa4, 0x48, 0x8a, 0x5d, 0x7c, 0x2b, 0x31,
-             0x60, 0xd2, 0xe2, 0xc4, 0xb5, 0x83, 0x71, 0xbe, 0xda, 0xd7, 0x93,
-             0x41, 0x8d, 0x6f, 0x19, 0xc6, 0xee, 0x38, 0x5d, 0x70, 0xb3, 0xe0,
-             0x67, 0x39, 0x36, 0x9d, 0x4d, 0xf9, 0x10, 0xed, 0xb0, 0xb0, 0xa5,
-             0x4c, 0xbf, 0xf4, 0x3d, 0x54, 0x54, 0x4c, 0xd3, 0x7a, 0xb3, 0xa0,
-             0x6c, 0xfa, 0x0a, 0x3d, 0xda, 0xc8, 0xb6, 0x6c, 0x89})),
-    std::make_pair(
-        131,
-        std::vector<uint8_t>(
-            {0x60, 0x75, 0x69, 0x66, 0x47, 0x9d, 0xed, 0xc6, 0xdd, 0x4b, 0xcf,
-             0xf8, 0xea, 0x7d, 0x1d, 0x4c, 0xe4, 0xd4, 0xaf, 0x2e, 0x7b, 0x09,
-             0x7e, 0x32, 0xe3, 0x76, 0x35, 0x18, 0x44, 0x11, 0x47, 0xcc, 0x12,
-             0xb3, 0xc0, 0xee, 0x6d, 0x2e, 0xca, 0xbf, 0x11, 0x98, 0xce, 0xc9,
-             0x2e, 0x86, 0xa3, 0x61, 0x6f, 0xba, 0x4f, 0x4e, 0x87, 0x2f, 0x58,
-             0x25, 0x33, 0x0a, 0xdb, 0xb4, 0xc1, 0xde, 0xe4, 0x44})),
-    std::make_pair(
-        132,
-        std::vector<uint8_t>(
-            {0xa7, 0x80, 0x3b, 0xcb, 0x71, 0xbc, 0x1d, 0x0f, 0x43, 0x83, 0xdd,
-             0xe1, 0xe0, 0x61, 0x2e, 0x04, 0xf8, 0x72, 0xb7, 0x15, 0xad, 0x30,
-             0x81, 0x5c, 0x22, 0x49, 0xcf, 0x34, 0xab, 0xb8, 0xb0, 0x24, 0x91,
-             0x5c, 0xb2, 0xfc, 0x9f, 0x4e, 0x7c, 0xc4, 0xc8, 0xcf, 0xd4, 0x5b,
-             0xe2, 0xd5, 0xa9, 0x1e, 0xab, 0x09, 0x41, 0xc7, 0xd2, 0x70, 0xe2,
-             0xda, 0x4c, 0xa4, 0xa9, 0xf7, 0xac, 0x68, 0x66, 0x3a})),
-    std::make_pair(
-        133,
-        std::vector<uint8_t>(
-            {0xb8, 0x4e, 0xf6, 0xa7, 0x22, 0x9a, 0x34, 0xa7, 0x50, 0xd9, 0xa9,
-             0x8e, 0xe2, 0x52, 0x98, 0x71, 0x81, 0x6b, 0x87, 0xfb, 0xe3, 0xbc,
-             0x45, 0xb4, 0x5f, 0xa5, 0xae, 0x82, 0xd5, 0x14, 0x15, 0x40, 0x21,
-             0x11, 0x65, 0xc3, 0xc5, 0xd7, 0xa7, 0x47, 0x6b, 0xa5, 0xa4, 0xaa,
-             0x06, 0xd6, 0x64, 0x76, 0xf0, 0xd9, 0xdc, 0x49, 0xa3, 0xf1, 0xee,
-             0x72, 0xc3, 0xac, 0xab, 0xd4, 0x98, 0x96, 0x74, 0x14})),
-    std::make_pair(
-        134,
-        std::vector<uint8_t>(
-            {0xfa, 0xe4, 0xb6, 0xd8, 0xef, 0xc3, 0xf8, 0xc8, 0xe6, 0x4d, 0x00,
-             0x1d, 0xab, 0xec, 0x3a, 0x21, 0xf5, 0x44, 0xe8, 0x27, 0x14, 0x74,
-             0x52, 0x51, 0xb2, 0xb4, 0xb3, 0x93, 0xf2, 0xf4, 0x3e, 0x0d, 0xa3,
-             0xd4, 0x03, 0xc6, 0x4d, 0xb9, 0x5a, 0x2c, 0xb6, 0xe2, 0x3e, 0xbb,
-             0x7b, 0x9e, 0x94, 0xcd, 0xd5, 0xdd, 0xac, 0x54, 0xf0, 0x7c, 0x4a,
-             0x61, 0xbd, 0x3c, 0xb1, 0x0a, 0xa6, 0xf9, 0x3b, 0x49})),
-    std::make_pair(
-        135,
-        std::vector<uint8_t>(
-            {0x34, 0xf7, 0x28, 0x66, 0x05, 0xa1, 0x22, 0x36, 0x95, 0x40, 0x14,
-             0x1d, 0xed, 0x79, 0xb8, 0x95, 0x72, 0x55, 0xda, 0x2d, 0x41, 0x55,
-             0xab, 0xbf, 0x5a, 0x8d, 0xbb, 0x89, 0xc8, 0xeb, 0x7e, 0xde, 0x8e,
-             0xee, 0xf1, 0xda, 0xa4, 0x6d, 0xc2, 0x9d, 0x75, 0x1d, 0x04, 0x5d,
-             0xc3, 0xb1, 0xd6, 0x58, 0xbb, 0x64, 0xb8, 0x0f, 0xf8, 0x58, 0x9e,
-             0xdd, 0xb3, 0x82, 0x4b, 0x13, 0xda, 0x23, 0x5a, 0x6b})),
-    std::make_pair(
-        136,
-        std::vector<uint8_t>(
-            {0x3b, 0x3b, 0x48, 0x43, 0x4b, 0xe2, 0x7b, 0x9e, 0xab, 0xab, 0xba,
-             0x43, 0xbf, 0x6b, 0x35, 0xf1, 0x4b, 0x30, 0xf6, 0xa8, 0x8d, 0xc2,
-             0xe7, 0x50, 0xc3, 0x58, 0x47, 0x0d, 0x6b, 0x3a, 0xa3, 0xc1, 0x8e,
-             0x47, 0xdb, 0x40, 0x17, 0xfa, 0x55, 0x10, 0x6d, 0x82, 0x52, 0xf0,
-             0x16, 0x37, 0x1a, 0x00, 0xf5, 0xf8, 0xb0, 0x70, 0xb7, 0x4b, 0xa5,
-             0xf2, 0x3c, 0xff, 0xc5, 0x51, 0x1c, 0x9f, 0x09, 0xf0})),
-    std::make_pair(
-        137,
-        std::vector<uint8_t>(
-            {0xba, 0x28, 0x9e, 0xbd, 0x65, 0x62, 0xc4, 0x8c, 0x3e, 0x10, 0xa8,
-             0xad, 0x6c, 0xe0, 0x2e, 0x73, 0x43, 0x3d, 0x1e, 0x93, 0xd7, 0xc9,
-             0x27, 0x9d, 0x4d, 0x60, 0xa7, 0xe8, 0x79, 0xee, 0x11, 0xf4, 0x41,
-             0xa0, 0x00, 0xf4, 0x8e, 0xd9, 0xf7, 0xc4, 0xed, 0x87, 0xa4, 0x51,
-             0x36, 0xd7, 0xdc, 0xcd, 0xca, 0x48, 0x21, 0x09, 0xc7, 0x8a, 0x51,
-             0x06, 0x2b, 0x3b, 0xa4, 0x04, 0x4a, 0xda, 0x24, 0x69})),
-    std::make_pair(
-        138,
-        std::vector<uint8_t>(
-            {0x02, 0x29, 0x39, 0xe2, 0x38, 0x6c, 0x5a, 0x37, 0x04, 0x98, 0x56,
-             0xc8, 0x50, 0xa2, 0xbb, 0x10, 0xa1, 0x3d, 0xfe, 0xa4, 0x21, 0x2b,
-             0x4c, 0x73, 0x2a, 0x88, 0x40, 0xa9, 0xff, 0xa5, 0xfa, 0xf5, 0x48,
-             0x75, 0xc5, 0x44, 0x88, 0x16, 0xb2, 0x78, 0x5a, 0x00, 0x7d, 0xa8,
-             0xa8, 0xd2, 0xbc, 0x7d, 0x71, 0xa5, 0x4e, 0x4e, 0x65, 0x71, 0xf1,
-             0x0b, 0x60, 0x0c, 0xbd, 0xb2, 0x5d, 0x13, 0xed, 0xe3})),
-    std::make_pair(
-        139,
-        std::vector<uint8_t>(
-            {0xe6, 0xfe, 0xc1, 0x9d, 0x89, 0xce, 0x87, 0x17, 0xb1, 0xa0, 0x87,
-             0x02, 0x46, 0x70, 0xfe, 0x02, 0x6f, 0x6c, 0x7c, 0xbd, 0xa1, 0x1c,
-             0xae, 0xf9, 0x59, 0xbb, 0x2d, 0x35, 0x1b, 0xf8, 0x56, 0xf8, 0x05,
-             0x5d, 0x1c, 0x0e, 0xbd, 0xaa, 0xa9, 0xd1, 0xb1, 0x78, 0x86, 0xfc,
-             0x2c, 0x56, 0x2b, 0x5e, 0x99, 0x64, 0x2f, 0xc0, 0x64, 0x71, 0x0c,
-             0x0d, 0x34, 0x88, 0xa0, 0x2b, 0x5e, 0xd7, 0xf6, 0xfd})),
-    std::make_pair(
-        140,
-        std::vector<uint8_t>(
-            {0x94, 0xc9, 0x6f, 0x02, 0xa8, 0xf5, 0x76, 0xac, 0xa3, 0x2b, 0xa6,
-             0x1c, 0x2b, 0x20, 0x6f, 0x90, 0x72, 0x85, 0xd9, 0x29, 0x9b, 0x83,
-             0xac, 0x17, 0x5c, 0x20, 0x9a, 0x8d, 0x43, 0xd5, 0x3b, 0xfe, 0x68,
-             0x3d, 0xd1, 0xd8, 0x3e, 0x75, 0x49, 0xcb, 0x90, 0x6c, 0x28, 0xf5,
-             0x9a, 0xb7, 0xc4, 0x6f, 0x87, 0x51, 0x36, 0x6a, 0x28, 0xc3, 0x9d,
-             0xd5, 0xfe, 0x26, 0x93, 0xc9, 0x01, 0x96, 0x66, 0xc8})),
-    std::make_pair(
-        141,
-        std::vector<uint8_t>(
-            {0x31, 0xa0, 0xcd, 0x21, 0x5e, 0xbd, 0x2c, 0xb6, 0x1d, 0xe5, 0xb9,
-             0xed, 0xc9, 0x1e, 0x61, 0x95, 0xe3, 0x1c, 0x59, 0xa5, 0x64, 0x8d,
-             0x5c, 0x9f, 0x73, 0x7e, 0x12, 0x5b, 0x26, 0x05, 0x70, 0x8f, 0x2e,
-             0x32, 0x5a, 0xb3, 0x38, 0x1c, 0x8d, 0xce, 0x1a, 0x3e, 0x95, 0x88,
-             0x86, 0xf1, 0xec, 0xdc, 0x60, 0x31, 0x8f, 0x88, 0x2c, 0xfe, 0x20,
-             0xa2, 0x41, 0x91, 0x35, 0x2e, 0x61, 0x7b, 0x0f, 0x21})),
-    std::make_pair(
-        142,
-        std::vector<uint8_t>(
-            {0x91, 0xab, 0x50, 0x4a, 0x52, 0x2d, 0xce, 0x78, 0x77, 0x9f, 0x4c,
-             0x6c, 0x6b, 0xa2, 0xe6, 0xb6, 0xdb, 0x55, 0x65, 0xc7, 0x6d, 0x3e,
-             0x7e, 0x7c, 0x92, 0x0c, 0xaf, 0x7f, 0x75, 0x7e, 0xf9, 0xdb, 0x7c,
-             0x8f, 0xcf, 0x10, 0xe5, 0x7f, 0x03, 0x37, 0x9e, 0xa9, 0xbf, 0x75,
-             0xeb, 0x59, 0x89, 0x5d, 0x96, 0xe1, 0x49, 0x80, 0x0b, 0x6a, 0xae,
-             0x01, 0xdb, 0x77, 0x8b, 0xb9, 0x0a, 0xfb, 0xc9, 0x89})),
-    std::make_pair(
-        143,
-        std::vector<uint8_t>(
-            {0xd8, 0x5c, 0xab, 0xc6, 0xbd, 0x5b, 0x1a, 0x01, 0xa5, 0xaf, 0xd8,
-             0xc6, 0x73, 0x47, 0x40, 0xda, 0x9f, 0xd1, 0xc1, 0xac, 0xc6, 0xdb,
-             0x29, 0xbf, 0xc8, 0xa2, 0xe5, 0xb6, 0x68, 0xb0, 0x28, 0xb6, 0xb3,
-             0x15, 0x4b, 0xfb, 0x87, 0x03, 0xfa, 0x31, 0x80, 0x25, 0x1d, 0x58,
-             0x9a, 0xd3, 0x80, 0x40, 0xce, 0xb7, 0x07, 0xc4, 0xba, 0xd1, 0xb5,
-             0x34, 0x3c, 0xb4, 0x26, 0xb6, 0x1e, 0xaa, 0x49, 0xc1})),
-    std::make_pair(
-        144,
-        std::vector<uint8_t>(
-            {0xd6, 0x2e, 0xfb, 0xec, 0x2c, 0xa9, 0xc1, 0xf8, 0xbd, 0x66, 0xce,
-             0x8b, 0x3f, 0x6a, 0x89, 0x8c, 0xb3, 0xf7, 0x56, 0x6b, 0xa6, 0x56,
-             0x8c, 0x61, 0x8a, 0xd1, 0xfe, 0xb2, 0xb6, 0x5b, 0x76, 0xc3, 0xce,
-             0x1d, 0xd2, 0x0f, 0x73, 0x95, 0x37, 0x2f, 0xaf, 0x28, 0x42, 0x7f,
-             0x61, 0xc9, 0x27, 0x80, 0x49, 0xcf, 0x01, 0x40, 0xdf, 0x43, 0x4f,
-             0x56, 0x33, 0x04, 0x8c, 0x86, 0xb8, 0x1e, 0x03, 0x99})),
-    std::make_pair(
-        145,
-        std::vector<uint8_t>(
-            {0x7c, 0x8f, 0xdc, 0x61, 0x75, 0x43, 0x9e, 0x2c, 0x3d, 0xb1, 0x5b,
-             0xaf, 0xa7, 0xfb, 0x06, 0x14, 0x3a, 0x6a, 0x23, 0xbc, 0x90, 0xf4,
-             0x49, 0xe7, 0x9d, 0xee, 0xf7, 0x3c, 0x3d, 0x49, 0x2a, 0x67, 0x17,
-             0x15, 0xc1, 0x93, 0xb6, 0xfe, 0xa9, 0xf0, 0x36, 0x05, 0x0b, 0x94,
-             0x60, 0x69, 0x85, 0x6b, 0x89, 0x7e, 0x08, 0xc0, 0x07, 0x68, 0xf5,
-             0xee, 0x5d, 0xdc, 0xf7, 0x0b, 0x7c, 0xd6, 0xd0, 0xe0})),
-    std::make_pair(
-        146,
-        std::vector<uint8_t>(
-            {0x58, 0x60, 0x2e, 0xe7, 0x46, 0x8e, 0x6b, 0xc9, 0xdf, 0x21, 0xbd,
-             0x51, 0xb2, 0x3c, 0x00, 0x5f, 0x72, 0xd6, 0xcb, 0x01, 0x3f, 0x0a,
-             0x1b, 0x48, 0xcb, 0xec, 0x5e, 0xca, 0x29, 0x92, 0x99, 0xf9, 0x7f,
-             0x09, 0xf5, 0x4a, 0x9a, 0x01, 0x48, 0x3e, 0xae, 0xb3, 0x15, 0xa6,
-             0x47, 0x8b, 0xad, 0x37, 0xba, 0x47, 0xca, 0x13, 0x47, 0xc7, 0xc8,
-             0xfc, 0x9e, 0x66, 0x95, 0x59, 0x2c, 0x91, 0xd7, 0x23})),
-    std::make_pair(
-        147,
-        std::vector<uint8_t>(
-            {0x27, 0xf5, 0xb7, 0x9e, 0xd2, 0x56, 0xb0, 0x50, 0x99, 0x3d, 0x79,
-             0x34, 0x96, 0xed, 0xf4, 0x80, 0x7c, 0x1d, 0x85, 0xa7, 0xb0, 0xa6,
-             0x7c, 0x9c, 0x4f, 0xa9, 0x98, 0x60, 0x75, 0x0b, 0x0a, 0xe6, 0x69,
-             0x89, 0x67, 0x0a, 0x8f, 0xfd, 0x78, 0x56, 0xd7, 0xce, 0x41, 0x15,
-             0x99, 0xe5, 0x8c, 0x4d, 0x77, 0xb2, 0x32, 0xa6, 0x2b, 0xef, 0x64,
-             0xd1, 0x52, 0x75, 0xbe, 0x46, 0xa6, 0x82, 0x35, 0xff})),
-    std::make_pair(
-        148,
-        std::vector<uint8_t>(
-            {0x39, 0x57, 0xa9, 0x76, 0xb9, 0xf1, 0x88, 0x7b, 0xf0, 0x04, 0xa8,
-             0xdc, 0xa9, 0x42, 0xc9, 0x2d, 0x2b, 0x37, 0xea, 0x52, 0x60, 0x0f,
-             0x25, 0xe0, 0xc9, 0xbc, 0x57, 0x07, 0xd0, 0x27, 0x9c, 0x00, 0xc6,
-             0xe8, 0x5a, 0x83, 0x9b, 0x0d, 0x2d, 0x8e, 0xb5, 0x9c, 0x51, 0xd9,
-             0x47, 0x88, 0xeb, 0xe6, 0x24, 0x74, 0xa7, 0x91, 0xca, 0xdf, 0x52,
-             0xcc, 0xcf, 0x20, 0xf5, 0x07, 0x0b, 0x65, 0x73, 0xfc})),
-    std::make_pair(
-        149,
-        std::vector<uint8_t>(
-            {0xea, 0xa2, 0x37, 0x6d, 0x55, 0x38, 0x0b, 0xf7, 0x72, 0xec, 0xca,
-             0x9c, 0xb0, 0xaa, 0x46, 0x68, 0xc9, 0x5c, 0x70, 0x71, 0x62, 0xfa,
-             0x86, 0xd5, 0x18, 0xc8, 0xce, 0x0c, 0xa9, 0xbf, 0x73, 0x62, 0xb9,
-             0xf2, 0xa0, 0xad, 0xc3, 0xff, 0x59, 0x92, 0x2d, 0xf9, 0x21, 0xb9,
-             0x45, 0x67, 0xe8, 0x1e, 0x45, 0x2f, 0x6c, 0x1a, 0x07, 0xfc, 0x81,
-             0x7c, 0xeb, 0xe9, 0x96, 0x04, 0xb3, 0x50, 0x5d, 0x38})),
-    std::make_pair(
-        150,
-        std::vector<uint8_t>(
-            {0xc1, 0xe2, 0xc7, 0x8b, 0x6b, 0x27, 0x34, 0xe2, 0x48, 0x0e, 0xc5,
-             0x50, 0x43, 0x4c, 0xb5, 0xd6, 0x13, 0x11, 0x1a, 0xdc, 0xc2, 0x1d,
-             0x47, 0x55, 0x45, 0xc3, 0xb1, 0xb7, 0xe6, 0xff, 0x12, 0x44, 0x44,
-             0x76, 0xe5, 0xc0, 0x55, 0x13, 0x2e, 0x22, 0x29, 0xdc, 0x0f, 0x80,
-             0x70, 0x44, 0xbb, 0x91, 0x9b, 0x1a, 0x56, 0x62, 0xdd, 0x38, 0xa9,
-             0xee, 0x65, 0xe2, 0x43, 0xa3, 0x91, 0x1a, 0xed, 0x1a})),
-    std::make_pair(
-        151,
-        std::vector<uint8_t>(
-            {0x8a, 0xb4, 0x87, 0x13, 0x38, 0x9d, 0xd0, 0xfc, 0xf9, 0xf9, 0x65,
-             0xd3, 0xce, 0x66, 0xb1, 0xe5, 0x59, 0xa1, 0xf8, 0xc5, 0x87, 0x41,
-             0xd6, 0x76, 0x83, 0xcd, 0x97, 0x13, 0x54, 0xf4, 0x52, 0xe6, 0x2d,
-             0x02, 0x07, 0xa6, 0x5e, 0x43, 0x6c, 0x5d, 0x5d, 0x8f, 0x8e, 0xe7,
-             0x1c, 0x6a, 0xbf, 0xe5, 0x0e, 0x66, 0x90, 0x04, 0xc3, 0x02, 0xb3,
-             0x1a, 0x7e, 0xa8, 0x31, 0x1d, 0x4a, 0x91, 0x60, 0x51})),
-    std::make_pair(
-        152,
-        std::vector<uint8_t>(
-            {0x24, 0xce, 0x0a, 0xdd, 0xaa, 0x4c, 0x65, 0x03, 0x8b, 0xd1, 0xb1,
-             0xc0, 0xf1, 0x45, 0x2a, 0x0b, 0x12, 0x87, 0x77, 0xaa, 0xbc, 0x94,
-             0xa2, 0x9d, 0xf2, 0xfd, 0x6c, 0x7e, 0x2f, 0x85, 0xf8, 0xab, 0x9a,
-             0xc7, 0xef, 0xf5, 0x16, 0xb0, 0xe0, 0xa8, 0x25, 0xc8, 0x4a, 0x24,
-             0xcf, 0xe4, 0x92, 0xea, 0xad, 0x0a, 0x63, 0x08, 0xe4, 0x6d, 0xd4,
-             0x2f, 0xe8, 0x33, 0x3a, 0xb9, 0x71, 0xbb, 0x30, 0xca})),
-    std::make_pair(
-        153,
-        std::vector<uint8_t>(
-            {0x51, 0x54, 0xf9, 0x29, 0xee, 0x03, 0x04, 0x5b, 0x6b, 0x0c, 0x00,
-             0x04, 0xfa, 0x77, 0x8e, 0xde, 0xe1, 0xd1, 0x39, 0x89, 0x32, 0x67,
-             0xcc, 0x84, 0x82, 0x5a, 0xd7, 0xb3, 0x6c, 0x63, 0xde, 0x32, 0x79,
-             0x8e, 0x4a, 0x16, 0x6d, 0x24, 0x68, 0x65, 0x61, 0x35, 0x4f, 0x63,
-             0xb0, 0x07, 0x09, 0xa1, 0x36, 0x4b, 0x3c, 0x24, 0x1d, 0xe3, 0xfe,
-             0xbf, 0x07, 0x54, 0x04, 0x58, 0x97, 0x46, 0x7c, 0xd4})),
-    std::make_pair(
-        154,
-        std::vector<uint8_t>(
-            {0xe7, 0x4e, 0x90, 0x79, 0x20, 0xfd, 0x87, 0xbd, 0x5a, 0xd6, 0x36,
-             0xdd, 0x11, 0x08, 0x5e, 0x50, 0xee, 0x70, 0x45, 0x9c, 0x44, 0x3e,
-             0x1c, 0xe5, 0x80, 0x9a, 0xf2, 0xbc, 0x2e, 0xba, 0x39, 0xf9, 0xe6,
-             0xd7, 0x12, 0x8e, 0x0e, 0x37, 0x12, 0xc3, 0x16, 0xda, 0x06, 0xf4,
-             0x70, 0x5d, 0x78, 0xa4, 0x83, 0x8e, 0x28, 0x12, 0x1d, 0x43, 0x44,
-             0xa2, 0xc7, 0x9c, 0x5e, 0x0d, 0xb3, 0x07, 0xa6, 0x77})),
-    std::make_pair(
-        155,
-        std::vector<uint8_t>(
-            {0xbf, 0x91, 0xa2, 0x23, 0x34, 0xba, 0xc2, 0x0f, 0x3f, 0xd8, 0x06,
-             0x63, 0xb3, 0xcd, 0x06, 0xc4, 0xe8, 0x80, 0x2f, 0x30, 0xe6, 0xb5,
-             0x9f, 0x90, 0xd3, 0x03, 0x5c, 0xc9, 0x79, 0x8a, 0x21, 0x7e, 0xd5,
-             0xa3, 0x1a, 0xbb, 0xda, 0x7f, 0xa6, 0x84, 0x28, 0x27, 0xbd, 0xf2,
-             0xa7, 0xa1, 0xc2, 0x1f, 0x6f, 0xcf, 0xcc, 0xbb, 0x54, 0xc6, 0xc5,
-             0x29, 0x26, 0xf3, 0x2d, 0xa8, 0x16, 0x26, 0x9b, 0xe1})),
-    std::make_pair(
-        156,
-        std::vector<uint8_t>(
-            {0xd9, 0xd5, 0xc7, 0x4b, 0xe5, 0x12, 0x1b, 0x0b, 0xd7, 0x42, 0xf2,
-             0x6b, 0xff, 0xb8, 0xc8, 0x9f, 0x89, 0x17, 0x1f, 0x3f, 0x93, 0x49,
-             0x13, 0x49, 0x2b, 0x09, 0x03, 0xc2, 0x71, 0xbb, 0xe2, 0xb3, 0x39,
-             0x5e, 0xf2, 0x59, 0x66, 0x9b, 0xef, 0x43, 0xb5, 0x7f, 0x7f, 0xcc,
-             0x30, 0x27, 0xdb, 0x01, 0x82, 0x3f, 0x6b, 0xae, 0xe6, 0x6e, 0x4f,
-             0x9f, 0xea, 0xd4, 0xd6, 0x72, 0x6c, 0x74, 0x1f, 0xce})),
-    std::make_pair(
-        157,
-        std::vector<uint8_t>(
-            {0x50, 0xc8, 0xb8, 0xcf, 0x34, 0xcd, 0x87, 0x9f, 0x80, 0xe2, 0xfa,
-             0xab, 0x32, 0x30, 0xb0, 0xc0, 0xe1, 0xcc, 0x3e, 0x9d, 0xca, 0xde,
-             0xb1, 0xb9, 0xd9, 0x7a, 0xb9, 0x23, 0x41, 0x5d, 0xd9, 0xa1, 0xfe,
-             0x38, 0xad, 0xdd, 0x5c, 0x11, 0x75, 0x6c, 0x67, 0x99, 0x0b, 0x25,
-             0x6e, 0x95, 0xad, 0x6d, 0x8f, 0x9f, 0xed, 0xce, 0x10, 0xbf, 0x1c,
-             0x90, 0x67, 0x9c, 0xde, 0x0e, 0xcf, 0x1b, 0xe3, 0x47})),
-    std::make_pair(
-        158,
-        std::vector<uint8_t>(
-            {0x0a, 0x38, 0x6e, 0x7c, 0xd5, 0xdd, 0x9b, 0x77, 0xa0, 0x35, 0xe0,
-             0x9f, 0xe6, 0xfe, 0xe2, 0xc8, 0xce, 0x61, 0xb5, 0x38, 0x3c, 0x87,
-             0xea, 0x43, 0x20, 0x50, 0x59, 0xc5, 0xe4, 0xcd, 0x4f, 0x44, 0x08,
-             0x31, 0x9b, 0xb0, 0xa8, 0x23, 0x60, 0xf6, 0xa5, 0x8e, 0x6c, 0x9c,
-             0xe3, 0xf4, 0x87, 0xc4, 0x46, 0x06, 0x3b, 0xf8, 0x13, 0xbc, 0x6b,
-             0xa5, 0x35, 0xe1, 0x7f, 0xc1, 0x82, 0x6c, 0xfc, 0x91})),
-    std::make_pair(
-        159,
-        std::vector<uint8_t>(
-            {0x1f, 0x14, 0x59, 0xcb, 0x6b, 0x61, 0xcb, 0xac, 0x5f, 0x0e, 0xfe,
-             0x8f, 0xc4, 0x87, 0x53, 0x8f, 0x42, 0x54, 0x89, 0x87, 0xfc, 0xd5,
-             0x62, 0x21, 0xcf, 0xa7, 0xbe, 0xb2, 0x25, 0x04, 0x76, 0x9e, 0x79,
-             0x2c, 0x45, 0xad, 0xfb, 0x1d, 0x6b, 0x3d, 0x60, 0xd7, 0xb7, 0x49,
-             0xc8, 0xa7, 0x5b, 0x0b, 0xdf, 0x14, 0xe8, 0xea, 0x72, 0x1b, 0x95,
-             0xdc, 0xa5, 0x38, 0xca, 0x6e, 0x25, 0x71, 0x12, 0x09})),
-    std::make_pair(
-        160,
-        std::vector<uint8_t>(
-            {0xe5, 0x8b, 0x38, 0x36, 0xb7, 0xd8, 0xfe, 0xdb, 0xb5, 0x0c, 0xa5,
-             0x72, 0x5c, 0x65, 0x71, 0xe7, 0x4c, 0x07, 0x85, 0xe9, 0x78, 0x21,
-             0xda, 0xb8, 0xb6, 0x29, 0x8c, 0x10, 0xe4, 0xc0, 0x79, 0xd4, 0xa6,
-             0xcd, 0xf2, 0x2f, 0x0f, 0xed, 0xb5, 0x50, 0x32, 0x92, 0x5c, 0x16,
-             0x74, 0x81, 0x15, 0xf0, 0x1a, 0x10, 0x5e, 0x77, 0xe0, 0x0c, 0xee,
-             0x3d, 0x07, 0x92, 0x4d, 0xc0, 0xd8, 0xf9, 0x06, 0x59})),
-    std::make_pair(
-        161,
-        std::vector<uint8_t>(
-            {0xb9, 0x29, 0xcc, 0x65, 0x05, 0xf0, 0x20, 0x15, 0x86, 0x72, 0xde,
-             0xda, 0x56, 0xd0, 0xdb, 0x08, 0x1a, 0x2e, 0xe3, 0x4c, 0x00, 0xc1,
-             0x10, 0x00, 0x29, 0xbd, 0xf8, 0xea, 0x98, 0x03, 0x4f, 0xa4, 0xbf,
-             0x3e, 0x86, 0x55, 0xec, 0x69, 0x7f, 0xe3, 0x6f, 0x40, 0x55, 0x3c,
-             0x5b, 0xb4, 0x68, 0x01, 0x64, 0x4a, 0x62, 0x7d, 0x33, 0x42, 0xf4,
-             0xfc, 0x92, 0xb6, 0x1f, 0x03, 0x29, 0x0f, 0xb3, 0x81})),
-    std::make_pair(
-        162,
-        std::vector<uint8_t>(
-            {0x72, 0xd3, 0x53, 0x99, 0x4b, 0x49, 0xd3, 0xe0, 0x31, 0x53, 0x92,
-             0x9a, 0x1e, 0x4d, 0x4f, 0x18, 0x8e, 0xe5, 0x8a, 0xb9, 0xe7, 0x2e,
-             0xe8, 0xe5, 0x12, 0xf2, 0x9b, 0xc7, 0x73, 0x91, 0x38, 0x19, 0xce,
-             0x05, 0x7d, 0xdd, 0x70, 0x02, 0xc0, 0x43, 0x3e, 0xe0, 0xa1, 0x61,
-             0x14, 0xe3, 0xd1, 0x56, 0xdd, 0x2c, 0x4a, 0x7e, 0x80, 0xee, 0x53,
-             0x37, 0x8b, 0x86, 0x70, 0xf2, 0x3e, 0x33, 0xef, 0x56})),
-    std::make_pair(
-        163,
-        std::vector<uint8_t>(
-            {0xc7, 0x0e, 0xf9, 0xbf, 0xd7, 0x75, 0xd4, 0x08, 0x17, 0x67, 0x37,
-             0xa0, 0x73, 0x6d, 0x68, 0x51, 0x7c, 0xe1, 0xaa, 0xad, 0x7e, 0x81,
-             0xa9, 0x3c, 0x8c, 0x1e, 0xd9, 0x67, 0xea, 0x21, 0x4f, 0x56, 0xc8,
-             0xa3, 0x77, 0xb1, 0x76, 0x3e, 0x67, 0x66, 0x15, 0xb6, 0x0f, 0x39,
-             0x88, 0x24, 0x1e, 0xae, 0x6e, 0xab, 0x96, 0x85, 0xa5, 0x12, 0x49,
-             0x29, 0xd2, 0x81, 0x88, 0xf2, 0x9e, 0xab, 0x06, 0xf7})),
-    std::make_pair(
-        164,
-        std::vector<uint8_t>(
-            {0xc2, 0x30, 0xf0, 0x80, 0x26, 0x79, 0xcb, 0x33, 0x82, 0x2e, 0xf8,
-             0xb3, 0xb2, 0x1b, 0xf7, 0xa9, 0xa2, 0x89, 0x42, 0x09, 0x29, 0x01,
-             0xd7, 0xda, 0xc3, 0x76, 0x03, 0x00, 0x83, 0x10, 0x26, 0xcf, 0x35,
-             0x4c, 0x92, 0x32, 0xdf, 0x3e, 0x08, 0x4d, 0x99, 0x03, 0x13, 0x0c,
-             0x60, 0x1f, 0x63, 0xc1, 0xf4, 0xa4, 0xa4, 0xb8, 0x10, 0x6e, 0x46,
-             0x8c, 0xd4, 0x43, 0xbb, 0xe5, 0xa7, 0x34, 0xf4, 0x5f})),
-    std::make_pair(
-        165,
-        std::vector<uint8_t>(
-            {0x6f, 0x43, 0x09, 0x4c, 0xaf, 0xb5, 0xeb, 0xf1, 0xf7, 0xa4, 0x93,
-             0x7e, 0xc5, 0x0f, 0x56, 0xa4, 0xc9, 0xda, 0x30, 0x3c, 0xbb, 0x55,
-             0xac, 0x1f, 0x27, 0xf1, 0xf1, 0x97, 0x6c, 0xd9, 0x6b, 0xed, 0xa9,
-             0x46, 0x4f, 0x0e, 0x7b, 0x9c, 0x54, 0x62, 0x0b, 0x8a, 0x9f, 0xba,
-             0x98, 0x31, 0x64, 0xb8, 0xbe, 0x35, 0x78, 0x42, 0x5a, 0x02, 0x4f,
-             0x5f, 0xe1, 0x99, 0xc3, 0x63, 0x56, 0xb8, 0x89, 0x72})),
-    std::make_pair(
-        166,
-        std::vector<uint8_t>(
-            {0x37, 0x45, 0x27, 0x3f, 0x4c, 0x38, 0x22, 0x5d, 0xb2, 0x33, 0x73,
-             0x81, 0x87, 0x1a, 0x0c, 0x6a, 0xaf, 0xd3, 0xaf, 0x9b, 0x01, 0x8c,
-             0x88, 0xaa, 0x02, 0x02, 0x58, 0x50, 0xa5, 0xdc, 0x3a, 0x42, 0xa1,
-             0xa3, 0xe0, 0x3e, 0x56, 0xcb, 0xf1, 0xb0, 0x87, 0x6d, 0x63, 0xa4,
-             0x41, 0xf1, 0xd2, 0x85, 0x6a, 0x39, 0xb8, 0x80, 0x1e, 0xb5, 0xaf,
-             0x32, 0x52, 0x01, 0xc4, 0x15, 0xd6, 0x5e, 0x97, 0xfe})),
-    std::make_pair(
-        167,
-        std::vector<uint8_t>(
-            {0xc5, 0x0c, 0x44, 0xcc, 0xa3, 0xec, 0x3e, 0xda, 0xae, 0x77, 0x9a,
-             0x7e, 0x17, 0x94, 0x50, 0xeb, 0xdd, 0xa2, 0xf9, 0x70, 0x67, 0xc6,
-             0x90, 0xaa, 0x6c, 0x5a, 0x4a, 0xc7, 0xc3, 0x01, 0x39, 0xbb, 0x27,
-             0xc0, 0xdf, 0x4d, 0xb3, 0x22, 0x0e, 0x63, 0xcb, 0x11, 0x0d, 0x64,
-             0xf3, 0x7f, 0xfe, 0x07, 0x8d, 0xb7, 0x26, 0x53, 0xe2, 0xda, 0xac,
-             0xf9, 0x3a, 0xe3, 0xf0, 0xa2, 0xd1, 0xa7, 0xeb, 0x2e})),
-    std::make_pair(
-        168,
-        std::vector<uint8_t>(
-            {0x8a, 0xef, 0x26, 0x3e, 0x38, 0x5c, 0xbc, 0x61, 0xe1, 0x9b, 0x28,
-             0x91, 0x42, 0x43, 0x26, 0x2a, 0xf5, 0xaf, 0xe8, 0x72, 0x6a, 0xf3,
-             0xce, 0x39, 0xa7, 0x9c, 0x27, 0x02, 0x8c, 0xf3, 0xec, 0xd3, 0xf8,
-             0xd2, 0xdf, 0xd9, 0xcf, 0xc9, 0xad, 0x91, 0xb5, 0x8f, 0x6f, 0x20,
-             0x77, 0x8f, 0xd5, 0xf0, 0x28, 0x94, 0xa3, 0xd9, 0x1c, 0x7d, 0x57,
-             0xd1, 0xe4, 0xb8, 0x66, 0xa7, 0xf3, 0x64, 0xb6, 0xbe})),
-    std::make_pair(
-        169,
-        std::vector<uint8_t>(
-            {0x28, 0x69, 0x61, 0x41, 0xde, 0x6e, 0x2d, 0x9b, 0xcb, 0x32, 0x35,
-             0x57, 0x8a, 0x66, 0x16, 0x6c, 0x14, 0x48, 0xd3, 0xe9, 0x05, 0xa1,
-             0xb4, 0x82, 0xd4, 0x23, 0xbe, 0x4b, 0xc5, 0x36, 0x9b, 0xc8, 0xc7,
-             0x4d, 0xae, 0x0a, 0xcc, 0x9c, 0xc1, 0x23, 0xe1, 0xd8, 0xdd, 0xce,
-             0x9f, 0x97, 0x91, 0x7e, 0x8c, 0x01, 0x9c, 0x55, 0x2d, 0xa3, 0x2d,
-             0x39, 0xd2, 0x21, 0x9b, 0x9a, 0xbf, 0x0f, 0xa8, 0xc8})),
-    std::make_pair(
-        170,
-        std::vector<uint8_t>(
-            {0x2f, 0xb9, 0xeb, 0x20, 0x85, 0x83, 0x01, 0x81, 0x90, 0x3a, 0x9d,
-             0xaf, 0xe3, 0xdb, 0x42, 0x8e, 0xe1, 0x5b, 0xe7, 0x66, 0x22, 0x24,
-             0xef, 0xd6, 0x43, 0x37, 0x1f, 0xb2, 0x56, 0x46, 0xae, 0xe7, 0x16,
-             0xe5, 0x31, 0xec, 0xa6, 0x9b, 0x2b, 0xdc, 0x82, 0x33, 0xf1, 0xa8,
-             0x08, 0x1f, 0xa4, 0x3d, 0xa1, 0x50, 0x03, 0x02, 0x97, 0x5a, 0x77,
-             0xf4, 0x2f, 0xa5, 0x92, 0x13, 0x67, 0x10, 0xe9, 0xdc})),
-    std::make_pair(
-        171,
-        std::vector<uint8_t>(
-            {0x66, 0xf9, 0xa7, 0x14, 0x3f, 0x7a, 0x33, 0x14, 0xa6, 0x69, 0xbf,
-             0x2e, 0x24, 0xbb, 0xb3, 0x50, 0x14, 0x26, 0x1d, 0x63, 0x9f, 0x49,
-             0x5b, 0x6c, 0x9c, 0x1f, 0x10, 0x4f, 0xe8, 0xe3, 0x20, 0xac, 0xa6,
-             0x0d, 0x45, 0x50, 0xd6, 0x9d, 0x52, 0xed, 0xbd, 0x5a, 0x3c, 0xde,
-             0xb4, 0x01, 0x4a, 0xe6, 0x5b, 0x1d, 0x87, 0xaa, 0x77, 0x0b, 0x69,
-             0xae, 0x5c, 0x15, 0xf4, 0x33, 0x0b, 0x0b, 0x0a, 0xd8})),
-    std::make_pair(
-        172,
-        std::vector<uint8_t>(
-            {0xf4, 0xc4, 0xdd, 0x1d, 0x59, 0x4c, 0x35, 0x65, 0xe3, 0xe2, 0x5c,
-             0xa4, 0x3d, 0xad, 0x82, 0xf6, 0x2a, 0xbe, 0xa4, 0x83, 0x5e, 0xd4,
-             0xcd, 0x81, 0x1b, 0xcd, 0x97, 0x5e, 0x46, 0x27, 0x98, 0x28, 0xd4,
-             0x4d, 0x4c, 0x62, 0xc3, 0x67, 0x9f, 0x1b, 0x7f, 0x7b, 0x9d, 0xd4,
-             0x57, 0x1d, 0x7b, 0x49, 0x55, 0x73, 0x47, 0xb8, 0xc5, 0x46, 0x0c,
-             0xbd, 0xc1, 0xbe, 0xf6, 0x90, 0xfb, 0x2a, 0x08, 0xc0})),
-    std::make_pair(
-        173,
-        std::vector<uint8_t>(
-            {0x8f, 0x1d, 0xc9, 0x64, 0x9c, 0x3a, 0x84, 0x55, 0x1f, 0x8f, 0x6e,
-             0x91, 0xca, 0xc6, 0x82, 0x42, 0xa4, 0x3b, 0x1f, 0x8f, 0x32, 0x8e,
-             0xe9, 0x22, 0x80, 0x25, 0x73, 0x87, 0xfa, 0x75, 0x59, 0xaa, 0x6d,
-             0xb1, 0x2e, 0x4a, 0xea, 0xdc, 0x2d, 0x26, 0x09, 0x91, 0x78, 0x74,
-             0x9c, 0x68, 0x64, 0xb3, 0x57, 0xf3, 0xf8, 0x3b, 0x2f, 0xb3, 0xef,
-             0xa8, 0xd2, 0xa8, 0xdb, 0x05, 0x6b, 0xed, 0x6b, 0xcc})),
-    std::make_pair(
-        174,
-        std::vector<uint8_t>(
-            {0x31, 0x39, 0xc1, 0xa7, 0xf9, 0x7a, 0xfd, 0x16, 0x75, 0xd4, 0x60,
-             0xeb, 0xbc, 0x07, 0xf2, 0x72, 0x8a, 0xa1, 0x50, 0xdf, 0x84, 0x96,
-             0x24, 0x51, 0x1e, 0xe0, 0x4b, 0x74, 0x3b, 0xa0, 0xa8, 0x33, 0x09,
-             0x2f, 0x18, 0xc1, 0x2d, 0xc9, 0x1b, 0x4d, 0xd2, 0x43, 0xf3, 0x33,
-             0x40, 0x2f, 0x59, 0xfe, 0x28, 0xab, 0xdb, 0xbb, 0xae, 0x30, 0x1e,
-             0x7b, 0x65, 0x9c, 0x7a, 0x26, 0xd5, 0xc0, 0xf9, 0x79})),
-    std::make_pair(
-        175,
-        std::vector<uint8_t>(
-            {0x06, 0xf9, 0x4a, 0x29, 0x96, 0x15, 0x8a, 0x81, 0x9f, 0xe3, 0x4c,
-             0x40, 0xde, 0x3c, 0xf0, 0x37, 0x9f, 0xd9, 0xfb, 0x85, 0xb3, 0xe3,
-             0x63, 0xba, 0x39, 0x26, 0xa0, 0xe7, 0xd9, 0x60, 0xe3, 0xf4, 0xc2,
-             0xe0, 0xc7, 0x0c, 0x7c, 0xe0, 0xcc, 0xb2, 0xa6, 0x4f, 0xc2, 0x98,
-             0x69, 0xf6, 0xe7, 0xab, 0x12, 0xbd, 0x4d, 0x3f, 0x14, 0xfc, 0xe9,
-             0x43, 0x27, 0x90, 0x27, 0xe7, 0x85, 0xfb, 0x5c, 0x29})),
-    std::make_pair(
-        176,
-        std::vector<uint8_t>(
-            {0xc2, 0x9c, 0x39, 0x9e, 0xf3, 0xee, 0xe8, 0x96, 0x1e, 0x87, 0x56,
-             0x5c, 0x1c, 0xe2, 0x63, 0x92, 0x5f, 0xc3, 0xd0, 0xce, 0x26, 0x7d,
-             0x13, 0xe4, 0x8d, 0xd9, 0xe7, 0x32, 0xee, 0x67, 0xb0, 0xf6, 0x9f,
-             0xad, 0x56, 0x40, 0x1b, 0x0f, 0x10, 0xfc, 0xaa, 0xc1, 0x19, 0x20,
-             0x10, 0x46, 0xcc, 0xa2, 0x8c, 0x5b, 0x14, 0xab, 0xde, 0xa3, 0x21,
-             0x2a, 0xe6, 0x55, 0x62, 0xf7, 0xf1, 0x38, 0xdb, 0x3d})),
-    std::make_pair(
-        177,
-        std::vector<uint8_t>(
-            {0x4c, 0xec, 0x4c, 0x9d, 0xf5, 0x2e, 0xef, 0x05, 0xc3, 0xf6, 0xfa,
-             0xaa, 0x97, 0x91, 0xbc, 0x74, 0x45, 0x93, 0x71, 0x83, 0x22, 0x4e,
-             0xcc, 0x37, 0xa1, 0xe5, 0x8d, 0x01, 0x32, 0xd3, 0x56, 0x17, 0x53,
-             0x1d, 0x7e, 0x79, 0x5f, 0x52, 0xaf, 0x7b, 0x1e, 0xb9, 0xd1, 0x47,
-             0xde, 0x12, 0x92, 0xd3, 0x45, 0xfe, 0x34, 0x18, 0x23, 0xf8, 0xe6,
-             0xbc, 0x1e, 0x5b, 0xad, 0xca, 0x5c, 0x65, 0x61, 0x08})),
-    std::make_pair(
-        178,
-        std::vector<uint8_t>(
-            {0x89, 0x8b, 0xfb, 0xae, 0x93, 0xb3, 0xe1, 0x8d, 0x00, 0x69, 0x7e,
-             0xab, 0x7d, 0x97, 0x04, 0xfa, 0x36, 0xec, 0x33, 0x9d, 0x07, 0x61,
-             0x31, 0xce, 0xfd, 0xf3, 0x0e, 0xdb, 0xe8, 0xd9, 0xcc, 0x81, 0xc3,
-             0xa8, 0x0b, 0x12, 0x96, 0x59, 0xb1, 0x63, 0xa3, 0x23, 0xba, 0xb9,
-             0x79, 0x3d, 0x4f, 0xee, 0xd9, 0x2d, 0x54, 0xda, 0xe9, 0x66, 0xc7,
-             0x75, 0x29, 0x76, 0x4a, 0x09, 0xbe, 0x88, 0xdb, 0x45})),
-    std::make_pair(
-        179,
-        std::vector<uint8_t>(
-            {0xee, 0x9b, 0xd0, 0x46, 0x9d, 0x3a, 0xaf, 0x4f, 0x14, 0x03, 0x5b,
-             0xe4, 0x8a, 0x2c, 0x3b, 0x84, 0xd9, 0xb4, 0xb1, 0xff, 0xf1, 0xd9,
-             0x45, 0xe1, 0xf1, 0xc1, 0xd3, 0x89, 0x80, 0xa9, 0x51, 0xbe, 0x19,
-             0x7b, 0x25, 0xfe, 0x22, 0xc7, 0x31, 0xf2, 0x0a, 0xea, 0xcc, 0x93,
-             0x0b, 0xa9, 0xc4, 0xa1, 0xf4, 0x76, 0x22, 0x27, 0x61, 0x7a, 0xd3,
-             0x50, 0xfd, 0xab, 0xb4, 0xe8, 0x02, 0x73, 0xa0, 0xf4})),
-    std::make_pair(
-        180,
-        std::vector<uint8_t>(
-            {0x3d, 0x4d, 0x31, 0x13, 0x30, 0x05, 0x81, 0xcd, 0x96, 0xac, 0xbf,
-             0x09, 0x1c, 0x3d, 0x0f, 0x3c, 0x31, 0x01, 0x38, 0xcd, 0x69, 0x79,
-             0xe6, 0x02, 0x6c, 0xde, 0x62, 0x3e, 0x2d, 0xd1, 0xb2, 0x4d, 0x4a,
-             0x86, 0x38, 0xbe, 0xd1, 0x07, 0x33, 0x44, 0x78, 0x3a, 0xd0, 0x64,
-             0x9c, 0xc6, 0x30, 0x5c, 0xce, 0xc0, 0x4b, 0xeb, 0x49, 0xf3, 0x1c,
-             0x63, 0x30, 0x88, 0xa9, 0x9b, 0x65, 0x13, 0x02, 0x67})),
-    std::make_pair(
-        181,
-        std::vector<uint8_t>(
-            {0x95, 0xc0, 0x59, 0x1a, 0xd9, 0x1f, 0x92, 0x1a, 0xc7, 0xbe, 0x6d,
-             0x9c, 0xe3, 0x7e, 0x06, 0x63, 0xed, 0x80, 0x11, 0xc1, 0xcf, 0xd6,
-             0xd0, 0x16, 0x2a, 0x55, 0x72, 0xe9, 0x43, 0x68, 0xba, 0xc0, 0x20,
-             0x24, 0x48, 0x5e, 0x6a, 0x39, 0x85, 0x4a, 0xa4, 0x6f, 0xe3, 0x8e,
-             0x97, 0xd6, 0xc6, 0xb1, 0x94, 0x7c, 0xd2, 0x72, 0xd8, 0x6b, 0x06,
-             0xbb, 0x5b, 0x2f, 0x78, 0xb9, 0xb6, 0x8d, 0x55, 0x9d})),
-    std::make_pair(
-        182,
-        std::vector<uint8_t>(
-            {0x22, 0x7b, 0x79, 0xde, 0xd3, 0x68, 0x15, 0x3b, 0xf4, 0x6c, 0x0a,
-             0x3c, 0xa9, 0x78, 0xbf, 0xdb, 0xef, 0x31, 0xf3, 0x02, 0x4a, 0x56,
-             0x65, 0x84, 0x24, 0x68, 0x49, 0x0b, 0x0f, 0xf7, 0x48, 0xae, 0x04,
-             0xe7, 0x83, 0x2e, 0xd4, 0xc9, 0xf4, 0x9d, 0xe9, 0xb1, 0x70, 0x67,
-             0x09, 0xd6, 0x23, 0xe5, 0xc8, 0xc1, 0x5e, 0x3c, 0xae, 0xca, 0xe8,
-             0xd5, 0xe4, 0x33, 0x43, 0x0f, 0xf7, 0x2f, 0x20, 0xeb})),
-    std::make_pair(
-        183,
-        std::vector<uint8_t>(
-            {0x5d, 0x34, 0xf3, 0x95, 0x2f, 0x01, 0x05, 0xee, 0xf8, 0x8a, 0xe8,
-             0xb6, 0x4c, 0x6c, 0xe9, 0x5e, 0xbf, 0xad, 0xe0, 0xe0, 0x2c, 0x69,
-             0xb0, 0x87, 0x62, 0xa8, 0x71, 0x2d, 0x2e, 0x49, 0x11, 0xad, 0x3f,
-             0x94, 0x1f, 0xc4, 0x03, 0x4d, 0xc9, 0xb2, 0xe4, 0x79, 0xfd, 0xbc,
-             0xd2, 0x79, 0xb9, 0x02, 0xfa, 0xf5, 0xd8, 0x38, 0xbb, 0x2e, 0x0c,
-             0x64, 0x95, 0xd3, 0x72, 0xb5, 0xb7, 0x02, 0x98, 0x13})),
-    std::make_pair(
-        184,
-        std::vector<uint8_t>(
-            {0x7f, 0x93, 0x9b, 0xf8, 0x35, 0x3a, 0xbc, 0xe4, 0x9e, 0x77, 0xf1,
-             0x4f, 0x37, 0x50, 0xaf, 0x20, 0xb7, 0xb0, 0x39, 0x02, 0xe1, 0xa1,
-             0xe7, 0xfb, 0x6a, 0xaf, 0x76, 0xd0, 0x25, 0x9c, 0xd4, 0x01, 0xa8,
-             0x31, 0x90, 0xf1, 0x56, 0x40, 0xe7, 0x4f, 0x3e, 0x6c, 0x5a, 0x90,
-             0xe8, 0x39, 0xc7, 0x82, 0x1f, 0x64, 0x74, 0x75, 0x7f, 0x75, 0xc7,
-             0xbf, 0x90, 0x02, 0x08, 0x4d, 0xdc, 0x7a, 0x62, 0xdc})),
-    std::make_pair(
-        185,
-        std::vector<uint8_t>(
-            {0x06, 0x2b, 0x61, 0xa2, 0xf9, 0xa3, 0x3a, 0x71, 0xd7, 0xd0, 0xa0,
-             0x61, 0x19, 0x64, 0x4c, 0x70, 0xb0, 0x71, 0x6a, 0x50, 0x4d, 0xe7,
-             0xe5, 0xe1, 0xbe, 0x49, 0xbd, 0x7b, 0x86, 0xe7, 0xed, 0x68, 0x17,
-             0x71, 0x4f, 0x9f, 0x0f, 0xc3, 0x13, 0xd0, 0x61, 0x29, 0x59, 0x7e,
-             0x9a, 0x22, 0x35, 0xec, 0x85, 0x21, 0xde, 0x36, 0xf7, 0x29, 0x0a,
-             0x90, 0xcc, 0xfc, 0x1f, 0xfa, 0x6d, 0x0a, 0xee, 0x29})),
-    std::make_pair(
-        186,
-        std::vector<uint8_t>(
-            {0xf2, 0x9e, 0x01, 0xee, 0xae, 0x64, 0x31, 0x1e, 0xb7, 0xf1, 0xc6,
-             0x42, 0x2f, 0x94, 0x6b, 0xf7, 0xbe, 0xa3, 0x63, 0x79, 0x52, 0x3e,
-             0x7b, 0x2b, 0xba, 0xba, 0x7d, 0x1d, 0x34, 0xa2, 0x2d, 0x5e, 0xa5,
-             0xf1, 0xc5, 0xa0, 0x9d, 0x5c, 0xe1, 0xfe, 0x68, 0x2c, 0xce, 0xd9,
-             0xa4, 0x79, 0x8d, 0x1a, 0x05, 0xb4, 0x6c, 0xd7, 0x2d, 0xff, 0x5c,
-             0x1b, 0x35, 0x54, 0x40, 0xb2, 0xa2, 0xd4, 0x76, 0xbc})),
-    std::make_pair(
-        187,
-        std::vector<uint8_t>(
-            {0xec, 0x38, 0xcd, 0x3b, 0xba, 0xb3, 0xef, 0x35, 0xd7, 0xcb, 0x6d,
-             0x5c, 0x91, 0x42, 0x98, 0x35, 0x1d, 0x8a, 0x9d, 0xc9, 0x7f, 0xce,
-             0xe0, 0x51, 0xa8, 0xa0, 0x2f, 0x58, 0xe3, 0xed, 0x61, 0x84, 0xd0,
-             0xb7, 0x81, 0x0a, 0x56, 0x15, 0x41, 0x1a, 0xb1, 0xb9, 0x52, 0x09,
-             0xc3, 0xc8, 0x10, 0x11, 0x4f, 0xde, 0xb2, 0x24, 0x52, 0x08, 0x4e,
-             0x77, 0xf3, 0xf8, 0x47, 0xc6, 0xdb, 0xaa, 0xfe, 0x16})),
-    std::make_pair(
-        188,
-        std::vector<uint8_t>(
-            {0xc2, 0xae, 0xf5, 0xe0, 0xca, 0x43, 0xe8, 0x26, 0x41, 0x56, 0x5b,
-             0x8c, 0xb9, 0x43, 0xaa, 0x8b, 0xa5, 0x35, 0x50, 0xca, 0xef, 0x79,
-             0x3b, 0x65, 0x32, 0xfa, 0xfa, 0xd9, 0x4b, 0x81, 0x60, 0x82, 0xf0,
-             0x11, 0x3a, 0x3e, 0xa2, 0xf6, 0x36, 0x08, 0xab, 0x40, 0x43, 0x7e,
-             0xcc, 0x0f, 0x02, 0x29, 0xcb, 0x8f, 0xa2, 0x24, 0xdc, 0xf1, 0xc4,
-             0x78, 0xa6, 0x7d, 0x9b, 0x64, 0x16, 0x2b, 0x92, 0xd1})),
-    std::make_pair(
-        189,
-        std::vector<uint8_t>(
-            {0x15, 0xf5, 0x34, 0xef, 0xff, 0x71, 0x05, 0xcd, 0x1c, 0x25, 0x4d,
-             0x07, 0x4e, 0x27, 0xd5, 0x89, 0x8b, 0x89, 0x31, 0x3b, 0x7d, 0x36,
-             0x6d, 0xc2, 0xd7, 0xd8, 0x71, 0x13, 0xfa, 0x7d, 0x53, 0xaa, 0xe1,
-             0x3f, 0x6d, 0xba, 0x48, 0x7a, 0xd8, 0x10, 0x3d, 0x5e, 0x85, 0x4c,
-             0x91, 0xfd, 0xb6, 0xe1, 0xe7, 0x4b, 0x2e, 0xf6, 0xd1, 0x43, 0x17,
-             0x69, 0xc3, 0x07, 0x67, 0xdd, 0xe0, 0x67, 0xa3, 0x5c})),
-    std::make_pair(
-        190,
-        std::vector<uint8_t>(
-            {0x89, 0xac, 0xbc, 0xa0, 0xb1, 0x69, 0x89, 0x7a, 0x0a, 0x27, 0x14,
-             0xc2, 0xdf, 0x8c, 0x95, 0xb5, 0xb7, 0x9c, 0xb6, 0x93, 0x90, 0x14,
-             0x2b, 0x7d, 0x60, 0x18, 0xbb, 0x3e, 0x30, 0x76, 0xb0, 0x99, 0xb7,
-             0x9a, 0x96, 0x41, 0x52, 0xa9, 0xd9, 0x12, 0xb1, 0xb8, 0x64, 0x12,
-             0xb7, 0xe3, 0x72, 0xe9, 0xce, 0xca, 0xd7, 0xf2, 0x5d, 0x4c, 0xba,
-             0xb8, 0xa3, 0x17, 0xbe, 0x36, 0x49, 0x2a, 0x67, 0xd7})),
-    std::make_pair(
-        191,
-        std::vector<uint8_t>(
-            {0xe3, 0xc0, 0x73, 0x91, 0x90, 0xed, 0x84, 0x9c, 0x9c, 0x96, 0x2f,
-             0xd9, 0xdb, 0xb5, 0x5e, 0x20, 0x7e, 0x62, 0x4f, 0xca, 0xc1, 0xeb,
-             0x41, 0x76, 0x91, 0x51, 0x54, 0x99, 0xee, 0xa8, 0xd8, 0x26, 0x7b,
-             0x7e, 0x8f, 0x12, 0x87, 0xa6, 0x36, 0x33, 0xaf, 0x50, 0x11, 0xfd,
-             0xe8, 0xc4, 0xdd, 0xf5, 0x5b, 0xfd, 0xf7, 0x22, 0xed, 0xf8, 0x88,
-             0x31, 0x41, 0x4f, 0x2c, 0xfa, 0xed, 0x59, 0xcb, 0x9a})),
-    std::make_pair(
-        192,
-        std::vector<uint8_t>(
-            {0x8d, 0x6c, 0xf8, 0x7c, 0x08, 0x38, 0x0d, 0x2d, 0x15, 0x06, 0xee,
-             0xe4, 0x6f, 0xd4, 0x22, 0x2d, 0x21, 0xd8, 0xc0, 0x4e, 0x58, 0x5f,
-             0xbf, 0xd0, 0x82, 0x69, 0xc9, 0x8f, 0x70, 0x28, 0x33, 0xa1, 0x56,
-             0x32, 0x6a, 0x07, 0x24, 0x65, 0x64, 0x00, 0xee, 0x09, 0x35, 0x1d,
-             0x57, 0xb4, 0x40, 0x17, 0x5e, 0x2a, 0x5d, 0xe9, 0x3c, 0xc5, 0xf8,
-             0x0d, 0xb6, 0xda, 0xf8, 0x35, 0x76, 0xcf, 0x75, 0xfa})),
-    std::make_pair(
-        193,
-        std::vector<uint8_t>(
-            {0xda, 0x24, 0xbe, 0xde, 0x38, 0x36, 0x66, 0xd5, 0x63, 0xee, 0xed,
-             0x37, 0xf6, 0x31, 0x9b, 0xaf, 0x20, 0xd5, 0xc7, 0x5d, 0x16, 0x35,
-             0xa6, 0xba, 0x5e, 0xf4, 0xcf, 0xa1, 0xac, 0x95, 0x48, 0x7e, 0x96,
-             0xf8, 0xc0, 0x8a, 0xf6, 0x00, 0xaa, 0xb8, 0x7c, 0x98, 0x6e, 0xba,
-             0xd4, 0x9f, 0xc7, 0x0a, 0x58, 0xb4, 0x89, 0x0b, 0x9c, 0x87, 0x6e,
-             0x09, 0x10, 0x16, 0xda, 0xf4, 0x9e, 0x1d, 0x32, 0x2e})),
-    std::make_pair(
-        194,
-        std::vector<uint8_t>(
-            {0xf9, 0xd1, 0xd1, 0xb1, 0xe8, 0x7e, 0xa7, 0xae, 0x75, 0x3a, 0x02,
-             0x97, 0x50, 0xcc, 0x1c, 0xf3, 0xd0, 0x15, 0x7d, 0x41, 0x80, 0x5e,
-             0x24, 0x5c, 0x56, 0x17, 0xbb, 0x93, 0x4e, 0x73, 0x2f, 0x0a, 0xe3,
-             0x18, 0x0b, 0x78, 0xe0, 0x5b, 0xfe, 0x76, 0xc7, 0xc3, 0x05, 0x1e,
-             0x3e, 0x3a, 0xc7, 0x8b, 0x9b, 0x50, 0xc0, 0x51, 0x42, 0x65, 0x7e,
-             0x1e, 0x03, 0x21, 0x5d, 0x6e, 0xc7, 0xbf, 0xd0, 0xfc})),
-    std::make_pair(
-        195,
-        std::vector<uint8_t>(
-            {0x11, 0xb7, 0xbc, 0x16, 0x68, 0x03, 0x20, 0x48, 0xaa, 0x43, 0x34,
-             0x3d, 0xe4, 0x76, 0x39, 0x5e, 0x81, 0x4b, 0xbb, 0xc2, 0x23, 0x67,
-             0x8d, 0xb9, 0x51, 0xa1, 0xb0, 0x3a, 0x02, 0x1e, 0xfa, 0xc9, 0x48,
-             0xcf, 0xbe, 0x21, 0x5f, 0x97, 0xfe, 0x9a, 0x72, 0xa2, 0xf6, 0xbc,
-             0x03, 0x9e, 0x39, 0x56, 0xbf, 0xa4, 0x17, 0xc1, 0xa9, 0xf1, 0x0d,
-             0x6d, 0x7b, 0xa5, 0xd3, 0xd3, 0x2f, 0xf3, 0x23, 0xe5})),
-    std::make_pair(
-        196,
-        std::vector<uint8_t>(
-            {0xb8, 0xd9, 0x00, 0x0e, 0x4f, 0xc2, 0xb0, 0x66, 0xed, 0xb9, 0x1a,
-             0xfe, 0xe8, 0xe7, 0xeb, 0x0f, 0x24, 0xe3, 0xa2, 0x01, 0xdb, 0x8b,
-             0x67, 0x93, 0xc0, 0x60, 0x85, 0x81, 0xe6, 0x28, 0xed, 0x0b, 0xcc,
-             0x4e, 0x5a, 0xa6, 0x78, 0x79, 0x92, 0xa4, 0xbc, 0xc4, 0x4e, 0x28,
-             0x80, 0x93, 0xe6, 0x3e, 0xe8, 0x3a, 0xbd, 0x0b, 0xc3, 0xec, 0x6d,
-             0x09, 0x34, 0xa6, 0x74, 0xa4, 0xda, 0x13, 0x83, 0x8a})),
-    std::make_pair(
-        197,
-        std::vector<uint8_t>(
-            {0xce, 0x32, 0x5e, 0x29, 0x4f, 0x9b, 0x67, 0x19, 0xd6, 0xb6, 0x12,
-             0x78, 0x27, 0x6a, 0xe0, 0x6a, 0x25, 0x64, 0xc0, 0x3b, 0xb0, 0xb7,
-             0x83, 0xfa, 0xfe, 0x78, 0x5b, 0xdf, 0x89, 0xc7, 0xd5, 0xac, 0xd8,
-             0x3e, 0x78, 0x75, 0x6d, 0x30, 0x1b, 0x44, 0x56, 0x99, 0x02, 0x4e,
-             0xae, 0xb7, 0x7b, 0x54, 0xd4, 0x77, 0x33, 0x6e, 0xc2, 0xa4, 0xf3,
-             0x32, 0xf2, 0xb3, 0xf8, 0x87, 0x65, 0xdd, 0xb0, 0xc3})),
-    std::make_pair(
-        198,
-        std::vector<uint8_t>(
-            {0x29, 0xac, 0xc3, 0x0e, 0x96, 0x03, 0xae, 0x2f, 0xcc, 0xf9, 0x0b,
-             0xf9, 0x7e, 0x6c, 0xc4, 0x63, 0xeb, 0xe2, 0x8c, 0x1b, 0x2f, 0x9b,
-             0x4b, 0x76, 0x5e, 0x70, 0x53, 0x7c, 0x25, 0xc7, 0x02, 0xa2, 0x9d,
-             0xcb, 0xfb, 0xf1, 0x4c, 0x99, 0xc5, 0x43, 0x45, 0xba, 0x2b, 0x51,
-             0xf1, 0x7b, 0x77, 0xb5, 0xf1, 0x5d, 0xb9, 0x2b, 0xba, 0xd8, 0xfa,
-             0x95, 0xc4, 0x71, 0xf5, 0xd0, 0x70, 0xa1, 0x37, 0xcc})),
-    std::make_pair(
-        199,
-        std::vector<uint8_t>(
-            {0x33, 0x79, 0xcb, 0xaa, 0xe5, 0x62, 0xa8, 0x7b, 0x4c, 0x04, 0x25,
-             0x55, 0x0f, 0xfd, 0xd6, 0xbf, 0xe1, 0x20, 0x3f, 0x0d, 0x66, 0x6c,
-             0xc7, 0xea, 0x09, 0x5b, 0xe4, 0x07, 0xa5, 0xdf, 0xe6, 0x1e, 0xe9,
-             0x14, 0x41, 0xcd, 0x51, 0x54, 0xb3, 0xe5, 0x3b, 0x4f, 0x5f, 0xb3,
-             0x1a, 0xd4, 0xc7, 0xa9, 0xad, 0x5c, 0x7a, 0xf4, 0xae, 0x67, 0x9a,
-             0xa5, 0x1a, 0x54, 0x00, 0x3a, 0x54, 0xca, 0x6b, 0x2d})),
-    std::make_pair(
-        200,
-        std::vector<uint8_t>(
-            {0x30, 0x95, 0xa3, 0x49, 0xd2, 0x45, 0x70, 0x8c, 0x7c, 0xf5, 0x50,
-             0x11, 0x87, 0x03, 0xd7, 0x30, 0x2c, 0x27, 0xb6, 0x0a, 0xf5, 0xd4,
-             0xe6, 0x7f, 0xc9, 0x78, 0xf8, 0xa4, 0xe6, 0x09, 0x53, 0xc7, 0xa0,
-             0x4f, 0x92, 0xfc, 0xf4, 0x1a, 0xee, 0x64, 0x32, 0x1c, 0xcb, 0x70,
-             0x7a, 0x89, 0x58, 0x51, 0x55, 0x2b, 0x1e, 0x37, 0xb0, 0x0b, 0xc5,
-             0xe6, 0xb7, 0x2f, 0xa5, 0xbc, 0xef, 0x9e, 0x3f, 0xff})),
-    std::make_pair(
-        201,
-        std::vector<uint8_t>(
-            {0x07, 0x26, 0x2d, 0x73, 0x8b, 0x09, 0x32, 0x1f, 0x4d, 0xbc, 0xce,
-             0xc4, 0xbb, 0x26, 0xf4, 0x8c, 0xb0, 0xf0, 0xed, 0x24, 0x6c, 0xe0,
-             0xb3, 0x1b, 0x9a, 0x6e, 0x7b, 0xc6, 0x83, 0x04, 0x9f, 0x1f, 0x3e,
-             0x55, 0x45, 0xf2, 0x8c, 0xe9, 0x32, 0xdd, 0x98, 0x5c, 0x5a, 0xb0,
-             0xf4, 0x3b, 0xd6, 0xde, 0x07, 0x70, 0x56, 0x0a, 0xf3, 0x29, 0x06,
-             0x5e, 0xd2, 0xe4, 0x9d, 0x34, 0x62, 0x4c, 0x2c, 0xbb})),
-    std::make_pair(
-        202,
-        std::vector<uint8_t>(
-            {0xb6, 0x40, 0x5e, 0xca, 0x8e, 0xe3, 0x31, 0x6c, 0x87, 0x06, 0x1c,
-             0xc6, 0xec, 0x18, 0xdb, 0xa5, 0x3e, 0x6c, 0x25, 0x0c, 0x63, 0xba,
-             0x1f, 0x3b, 0xae, 0x9e, 0x55, 0xdd, 0x34, 0x98, 0x03, 0x6a, 0xf0,
-             0x8c, 0xd2, 0x72, 0xaa, 0x24, 0xd7, 0x13, 0xc6, 0x02, 0x0d, 0x77,
-             0xab, 0x2f, 0x39, 0x19, 0xaf, 0x1a, 0x32, 0xf3, 0x07, 0x42, 0x06,
-             0x18, 0xab, 0x97, 0xe7, 0x39, 0x53, 0x99, 0x4f, 0xb4})),
-    std::make_pair(
-        203,
-        std::vector<uint8_t>(
-            {0x7e, 0xe6, 0x82, 0xf6, 0x31, 0x48, 0xee, 0x45, 0xf6, 0xe5, 0x31,
-             0x5d, 0xa8, 0x1e, 0x5c, 0x6e, 0x55, 0x7c, 0x2c, 0x34, 0x64, 0x1f,
-             0xc5, 0x09, 0xc7, 0xa5, 0x70, 0x10, 0x88, 0xc3, 0x8a, 0x74, 0x75,
-             0x61, 0x68, 0xe2, 0xcd, 0x8d, 0x35, 0x1e, 0x88, 0xfd, 0x1a, 0x45,
-             0x1f, 0x36, 0x0a, 0x01, 0xf5, 0xb2, 0x58, 0x0f, 0x9b, 0x5a, 0x2e,
-             0x8c, 0xfc, 0x13, 0x8f, 0x3d, 0xd5, 0x9a, 0x3f, 0xfc})),
-    std::make_pair(
-        204,
-        std::vector<uint8_t>(
-            {0x1d, 0x26, 0x3c, 0x17, 0x9d, 0x6b, 0x26, 0x8f, 0x6f, 0xa0, 0x16,
-             0xf3, 0xa4, 0xf2, 0x9e, 0x94, 0x38, 0x91, 0x12, 0x5e, 0xd8, 0x59,
-             0x3c, 0x81, 0x25, 0x60, 0x59, 0xf5, 0xa7, 0xb4, 0x4a, 0xf2, 0xdc,
-             0xb2, 0x03, 0x0d, 0x17, 0x5c, 0x00, 0xe6, 0x2e, 0xca, 0xf7, 0xee,
-             0x96, 0x68, 0x2a, 0xa0, 0x7a, 0xb2, 0x0a, 0x61, 0x10, 0x24, 0xa2,
-             0x85, 0x32, 0xb1, 0xc2, 0x5b, 0x86, 0x65, 0x79, 0x02})),
-    std::make_pair(
-        205,
-        std::vector<uint8_t>(
-            {0x10, 0x6d, 0x13, 0x2c, 0xbd, 0xb4, 0xcd, 0x25, 0x97, 0x81, 0x28,
-             0x46, 0xe2, 0xbc, 0x1b, 0xf7, 0x32, 0xfe, 0xc5, 0xf0, 0xa5, 0xf6,
-             0x5d, 0xbb, 0x39, 0xec, 0x4e, 0x6d, 0xc6, 0x4a, 0xb2, 0xce, 0x6d,
-             0x24, 0x63, 0x0d, 0x0f, 0x15, 0xa8, 0x05, 0xc3, 0x54, 0x00, 0x25,
-             0xd8, 0x4a, 0xfa, 0x98, 0xe3, 0x67, 0x03, 0xc3, 0xdb, 0xee, 0x71,
-             0x3e, 0x72, 0xdd, 0xe8, 0x46, 0x5b, 0xc1, 0xbe, 0x7e})),
-    std::make_pair(
-        206,
-        std::vector<uint8_t>(
-            {0x0e, 0x79, 0x96, 0x82, 0x26, 0x65, 0x06, 0x67, 0xa8, 0xd8, 0x62,
-             0xea, 0x8d, 0xa4, 0x89, 0x1a, 0xf5, 0x6a, 0x4e, 0x3a, 0x8b, 0x6d,
-             0x17, 0x50, 0xe3, 0x94, 0xf0, 0xde, 0xa7, 0x6d, 0x64, 0x0d, 0x85,
-             0x07, 0x7b, 0xce, 0xc2, 0xcc, 0x86, 0x88, 0x6e, 0x50, 0x67, 0x51,
-             0xb4, 0xf6, 0xa5, 0x83, 0x8f, 0x7f, 0x0b, 0x5f, 0xef, 0x76, 0x5d,
-             0x9d, 0xc9, 0x0d, 0xcd, 0xcb, 0xaf, 0x07, 0x9f, 0x08})),
-    std::make_pair(
-        207,
-        std::vector<uint8_t>(
-            {0x52, 0x11, 0x56, 0xa8, 0x2a, 0xb0, 0xc4, 0xe5, 0x66, 0xe5, 0x84,
-             0x4d, 0x5e, 0x31, 0xad, 0x9a, 0xaf, 0x14, 0x4b, 0xbd, 0x5a, 0x46,
-             0x4f, 0xdc, 0xa3, 0x4d, 0xbd, 0x57, 0x17, 0xe8, 0xff, 0x71, 0x1d,
-             0x3f, 0xfe, 0xbb, 0xfa, 0x08, 0x5d, 0x67, 0xfe, 0x99, 0x6a, 0x34,
-             0xf6, 0xd3, 0xe4, 0xe6, 0x0b, 0x13, 0x96, 0xbf, 0x4b, 0x16, 0x10,
-             0xc2, 0x63, 0xbd, 0xbb, 0x83, 0x4d, 0x56, 0x08, 0x16})),
-    std::make_pair(
-        208,
-        std::vector<uint8_t>(
-            {0x1a, 0xba, 0x88, 0xbe, 0xfc, 0x55, 0xbc, 0x25, 0xef, 0xbc, 0xe0,
-             0x2d, 0xb8, 0xb9, 0x93, 0x3e, 0x46, 0xf5, 0x76, 0x61, 0xba, 0xea,
-             0xbe, 0xb2, 0x1c, 0xc2, 0x57, 0x4d, 0x2a, 0x51, 0x8a, 0x3c, 0xba,
-             0x5d, 0xc5, 0xa3, 0x8e, 0x49, 0x71, 0x34, 0x40, 0xb2, 0x5f, 0x9c,
-             0x74, 0x4e, 0x75, 0xf6, 0xb8, 0x5c, 0x9d, 0x8f, 0x46, 0x81, 0xf6,
-             0x76, 0x16, 0x0f, 0x61, 0x05, 0x35, 0x7b, 0x84, 0x06})),
-    std::make_pair(
-        209,
-        std::vector<uint8_t>(
-            {0x5a, 0x99, 0x49, 0xfc, 0xb2, 0xc4, 0x73, 0xcd, 0xa9, 0x68, 0xac,
-             0x1b, 0x5d, 0x08, 0x56, 0x6d, 0xc2, 0xd8, 0x16, 0xd9, 0x60, 0xf5,
-             0x7e, 0x63, 0xb8, 0x98, 0xfa, 0x70, 0x1c, 0xf8, 0xeb, 0xd3, 0xf5,
-             0x9b, 0x12, 0x4d, 0x95, 0xbf, 0xbb, 0xed, 0xc5, 0xf1, 0xcf, 0x0e,
-             0x17, 0xd5, 0xea, 0xed, 0x0c, 0x02, 0xc5, 0x0b, 0x69, 0xd8, 0xa4,
-             0x02, 0xca, 0xbc, 0xca, 0x44, 0x33, 0xb5, 0x1f, 0xd4})),
-    std::make_pair(
-        210,
-        std::vector<uint8_t>(
-            {0xb0, 0xce, 0xad, 0x09, 0x80, 0x7c, 0x67, 0x2a, 0xf2, 0xeb, 0x2b,
-             0x0f, 0x06, 0xdd, 0xe4, 0x6c, 0xf5, 0x37, 0x0e, 0x15, 0xa4, 0x09,
-             0x6b, 0x1a, 0x7d, 0x7c, 0xbb, 0x36, 0xec, 0x31, 0xc2, 0x05, 0xfb,
-             0xef, 0xca, 0x00, 0xb7, 0xa4, 0x16, 0x2f, 0xa8, 0x9f, 0xb4, 0xfb,
-             0x3e, 0xb7, 0x8d, 0x79, 0x77, 0x0c, 0x23, 0xf4, 0x4e, 0x72, 0x06,
-             0x66, 0x4c, 0xe3, 0xcd, 0x93, 0x1c, 0x29, 0x1e, 0x5d})),
-    std::make_pair(
-        211,
-        std::vector<uint8_t>(
-            {0xbb, 0x66, 0x64, 0x93, 0x1e, 0xc9, 0x70, 0x44, 0xe4, 0x5b, 0x2a,
-             0xe4, 0x20, 0xae, 0x1c, 0x55, 0x1a, 0x88, 0x74, 0xbc, 0x93, 0x7d,
-             0x08, 0xe9, 0x69, 0x39, 0x9c, 0x39, 0x64, 0xeb, 0xdb, 0xa8, 0x34,
-             0x6c, 0xdd, 0x5d, 0x09, 0xca, 0xaf, 0xe4, 0xc2, 0x8b, 0xa7, 0xec,
-             0x78, 0x81, 0x91, 0xce, 0xca, 0x65, 0xdd, 0xd6, 0xf9, 0x5f, 0x18,
-             0x58, 0x3e, 0x04, 0x0d, 0x0f, 0x30, 0xd0, 0x36, 0x4d})),
-    std::make_pair(
-        212,
-        std::vector<uint8_t>(
-            {0x65, 0xbc, 0x77, 0x0a, 0x5f, 0xaa, 0x37, 0x92, 0x36, 0x98, 0x03,
-             0x68, 0x3e, 0x84, 0x4b, 0x0b, 0xe7, 0xee, 0x96, 0xf2, 0x9f, 0x6d,
-             0x6a, 0x35, 0x56, 0x80, 0x06, 0xbd, 0x55, 0x90, 0xf9, 0xa4, 0xef,
-             0x63, 0x9b, 0x7a, 0x80, 0x61, 0xc7, 0xb0, 0x42, 0x4b, 0x66, 0xb6,
-             0x0a, 0xc3, 0x4a, 0xf3, 0x11, 0x99, 0x05, 0xf3, 0x3a, 0x9d, 0x8c,
-             0x3a, 0xe1, 0x83, 0x82, 0xca, 0x9b, 0x68, 0x99, 0x00})),
-    std::make_pair(
-        213,
-        std::vector<uint8_t>(
-            {0xea, 0x9b, 0x4d, 0xca, 0x33, 0x33, 0x36, 0xaa, 0xf8, 0x39, 0xa4,
-             0x5c, 0x6e, 0xaa, 0x48, 0xb8, 0xcb, 0x4c, 0x7d, 0xda, 0xbf, 0xfe,
-             0xa4, 0xf6, 0x43, 0xd6, 0x35, 0x7e, 0xa6, 0x62, 0x8a, 0x48, 0x0a,
-             0x5b, 0x45, 0xf2, 0xb0, 0x52, 0xc1, 0xb0, 0x7d, 0x1f, 0xed, 0xca,
-             0x91, 0x8b, 0x6f, 0x11, 0x39, 0xd8, 0x0f, 0x74, 0xc2, 0x45, 0x10,
-             0xdc, 0xba, 0xa4, 0xbe, 0x70, 0xea, 0xcc, 0x1b, 0x06})),
-    std::make_pair(
-        214,
-        std::vector<uint8_t>(
-            {0xe6, 0x34, 0x2f, 0xb4, 0xa7, 0x80, 0xad, 0x97, 0x5d, 0x0e, 0x24,
-             0xbc, 0xe1, 0x49, 0x98, 0x9b, 0x91, 0xd3, 0x60, 0x55, 0x7e, 0x87,
-             0x99, 0x4f, 0x6b, 0x45, 0x7b, 0x89, 0x55, 0x75, 0xcc, 0x02, 0xd0,
-             0xc1, 0x5b, 0xad, 0x3c, 0xe7, 0x57, 0x7f, 0x4c, 0x63, 0x92, 0x7f,
-             0xf1, 0x3f, 0x3e, 0x38, 0x1f, 0xf7, 0xe7, 0x2b, 0xdb, 0xe7, 0x45,
-             0x32, 0x48, 0x44, 0xa9, 0xd2, 0x7e, 0x3f, 0x1c, 0x01})),
-    std::make_pair(
-        215,
-        std::vector<uint8_t>(
-            {0x3e, 0x20, 0x9c, 0x9b, 0x33, 0xe8, 0xe4, 0x61, 0x17, 0x8a, 0xb4,
-             0x6b, 0x1c, 0x64, 0xb4, 0x9a, 0x07, 0xfb, 0x74, 0x5f, 0x1c, 0x8b,
-             0xc9, 0x5f, 0xbf, 0xb9, 0x4c, 0x6b, 0x87, 0xc6, 0x95, 0x16, 0x65,
-             0x1b, 0x26, 0x4e, 0xf9, 0x80, 0x93, 0x7f, 0xad, 0x41, 0x23, 0x8b,
-             0x91, 0xdd, 0xc0, 0x11, 0xa5, 0xdd, 0x77, 0x7c, 0x7e, 0xfd, 0x44,
-             0x94, 0xb4, 0xb6, 0xec, 0xd3, 0xa9, 0xc2, 0x2a, 0xc0})),
-    std::make_pair(
-        216,
-        std::vector<uint8_t>(
-            {0xfd, 0x6a, 0x3d, 0x5b, 0x18, 0x75, 0xd8, 0x04, 0x86, 0xd6, 0xe6,
-             0x96, 0x94, 0xa5, 0x6d, 0xbb, 0x04, 0xa9, 0x9a, 0x4d, 0x05, 0x1f,
-             0x15, 0xdb, 0x26, 0x89, 0x77, 0x6b, 0xa1, 0xc4, 0x88, 0x2e, 0x6d,
-             0x46, 0x2a, 0x60, 0x3b, 0x70, 0x15, 0xdc, 0x9f, 0x4b, 0x74, 0x50,
-             0xf0, 0x53, 0x94, 0x30, 0x3b, 0x86, 0x52, 0xcf, 0xb4, 0x04, 0xa2,
-             0x66, 0x96, 0x2c, 0x41, 0xba, 0xe6, 0xe1, 0x8a, 0x94})),
-    std::make_pair(
-        217,
-        std::vector<uint8_t>(
-            {0x95, 0x1e, 0x27, 0x51, 0x7e, 0x6b, 0xad, 0x9e, 0x41, 0x95, 0xfc,
-             0x86, 0x71, 0xde, 0xe3, 0xe7, 0xe9, 0xbe, 0x69, 0xce, 0xe1, 0x42,
-             0x2c, 0xb9, 0xfe, 0xcf, 0xce, 0x0d, 0xba, 0x87, 0x5f, 0x7b, 0x31,
-             0x0b, 0x93, 0xee, 0x3a, 0x3d, 0x55, 0x8f, 0x94, 0x1f, 0x63, 0x5f,
-             0x66, 0x8f, 0xf8, 0x32, 0xd2, 0xc1, 0xd0, 0x33, 0xc5, 0xe2, 0xf0,
-             0x99, 0x7e, 0x4c, 0x66, 0xf1, 0x47, 0x34, 0x4e, 0x02})),
-    std::make_pair(
-        218,
-        std::vector<uint8_t>(
-            {0x8e, 0xba, 0x2f, 0x87, 0x4f, 0x1a, 0xe8, 0x40, 0x41, 0x90, 0x3c,
-             0x7c, 0x42, 0x53, 0xc8, 0x22, 0x92, 0x53, 0x0f, 0xc8, 0x50, 0x95,
-             0x50, 0xbf, 0xdc, 0x34, 0xc9, 0x5c, 0x7e, 0x28, 0x89, 0xd5, 0x65,
-             0x0b, 0x0a, 0xd8, 0xcb, 0x98, 0x8e, 0x5c, 0x48, 0x94, 0xcb, 0x87,
-             0xfb, 0xfb, 0xb1, 0x96, 0x12, 0xea, 0x93, 0xcc, 0xc4, 0xc5, 0xca,
-             0xd1, 0x71, 0x58, 0xb9, 0x76, 0x34, 0x64, 0xb4, 0x92})),
-    std::make_pair(
-        219,
-        std::vector<uint8_t>(
-            {0x16, 0xf7, 0x12, 0xea, 0xa1, 0xb7, 0xc6, 0x35, 0x47, 0x19, 0xa8,
-             0xe7, 0xdb, 0xdf, 0xaf, 0x55, 0xe4, 0x06, 0x3a, 0x4d, 0x27, 0x7d,
-             0x94, 0x75, 0x50, 0x01, 0x9b, 0x38, 0xdf, 0xb5, 0x64, 0x83, 0x09,
-             0x11, 0x05, 0x7d, 0x50, 0x50, 0x61, 0x36, 0xe2, 0x39, 0x4c, 0x3b,
-             0x28, 0x94, 0x5c, 0xc9, 0x64, 0x96, 0x7d, 0x54, 0xe3, 0x00, 0x0c,
-             0x21, 0x81, 0x62, 0x6c, 0xfb, 0x9b, 0x73, 0xef, 0xd2})),
-    std::make_pair(
-        220,
-        std::vector<uint8_t>(
-            {0xc3, 0x96, 0x39, 0xe7, 0xd5, 0xc7, 0xfb, 0x8c, 0xdd, 0x0f, 0xd3,
-             0xe6, 0xa5, 0x20, 0x96, 0x03, 0x94, 0x37, 0x12, 0x2f, 0x21, 0xc7,
-             0x8f, 0x16, 0x79, 0xce, 0xa9, 0xd7, 0x8a, 0x73, 0x4c, 0x56, 0xec,
-             0xbe, 0xb2, 0x86, 0x54, 0xb4, 0xf1, 0x8e, 0x34, 0x2c, 0x33, 0x1f,
-             0x6f, 0x72, 0x29, 0xec, 0x4b, 0x4b, 0xc2, 0x81, 0xb2, 0xd8, 0x0a,
-             0x6e, 0xb5, 0x00, 0x43, 0xf3, 0x17, 0x96, 0xc8, 0x8c})),
-    std::make_pair(
-        221,
-        std::vector<uint8_t>(
-            {0x72, 0xd0, 0x81, 0xaf, 0x99, 0xf8, 0xa1, 0x73, 0xdc, 0xc9, 0xa0,
-             0xac, 0x4e, 0xb3, 0x55, 0x74, 0x05, 0x63, 0x9a, 0x29, 0x08, 0x4b,
-             0x54, 0xa4, 0x01, 0x72, 0x91, 0x2a, 0x2f, 0x8a, 0x39, 0x51, 0x29,
-             0xd5, 0x53, 0x6f, 0x09, 0x18, 0xe9, 0x02, 0xf9, 0xe8, 0xfa, 0x60,
-             0x00, 0x99, 0x5f, 0x41, 0x68, 0xdd, 0xc5, 0xf8, 0x93, 0x01, 0x1b,
-             0xe6, 0xa0, 0xdb, 0xc9, 0xb8, 0xa1, 0xa3, 0xf5, 0xbb})),
-    std::make_pair(
-        222,
-        std::vector<uint8_t>(
-            {0xc1, 0x1a, 0xa8, 0x1e, 0x5e, 0xfd, 0x24, 0xd5, 0xfc, 0x27, 0xee,
-             0x58, 0x6c, 0xfd, 0x88, 0x47, 0xfb, 0xb0, 0xe2, 0x76, 0x01, 0xcc,
-             0xec, 0xe5, 0xec, 0xca, 0x01, 0x98, 0xe3, 0xc7, 0x76, 0x53, 0x93,
-             0xbb, 0x74, 0x45, 0x7c, 0x7e, 0x7a, 0x27, 0xeb, 0x91, 0x70, 0x35,
-             0x0e, 0x1f, 0xb5, 0x38, 0x57, 0x17, 0x75, 0x06, 0xbe, 0x3e, 0x76,
-             0x2c, 0xc0, 0xf1, 0x4d, 0x8c, 0x3a, 0xfe, 0x90, 0x77})),
-    std::make_pair(
-        223,
-        std::vector<uint8_t>(
-            {0xc2, 0x8f, 0x21, 0x50, 0xb4, 0x52, 0xe6, 0xc0, 0xc4, 0x24, 0xbc,
-             0xde, 0x6f, 0x8d, 0x72, 0x00, 0x7f, 0x93, 0x10, 0xfe, 0xd7, 0xf2,
-             0xf8, 0x7d, 0xe0, 0xdb, 0xb6, 0x4f, 0x44, 0x79, 0xd6, 0xc1, 0x44,
-             0x1b, 0xa6, 0x6f, 0x44, 0xb2, 0xac, 0xce, 0xe6, 0x16, 0x09, 0x17,
-             0x7e, 0xd3, 0x40, 0x12, 0x8b, 0x40, 0x7e, 0xce, 0xc7, 0xc6, 0x4b,
-             0xbe, 0x50, 0xd6, 0x3d, 0x22, 0xd8, 0x62, 0x77, 0x27})),
-    std::make_pair(
-        224,
-        std::vector<uint8_t>(
-            {0xf6, 0x3d, 0x88, 0x12, 0x28, 0x77, 0xec, 0x30, 0xb8, 0xc8, 0xb0,
-             0x0d, 0x22, 0xe8, 0x90, 0x00, 0xa9, 0x66, 0x42, 0x61, 0x12, 0xbd,
-             0x44, 0x16, 0x6e, 0x2f, 0x52, 0x5b, 0x76, 0x9c, 0xcb, 0xe9, 0xb2,
-             0x86, 0xd4, 0x37, 0xa0, 0x12, 0x91, 0x30, 0xdd, 0xe1, 0xa8, 0x6c,
-             0x43, 0xe0, 0x4b, 0xed, 0xb5, 0x94, 0xe6, 0x71, 0xd9, 0x82, 0x83,
-             0xaf, 0xe6, 0x4c, 0xe3, 0x31, 0xde, 0x98, 0x28, 0xfd})),
-    std::make_pair(
-        225,
-        std::vector<uint8_t>(
-            {0x34, 0x8b, 0x05, 0x32, 0x88, 0x0b, 0x88, 0xa6, 0x61, 0x4a, 0x8d,
-             0x74, 0x08, 0xc3, 0xf9, 0x13, 0x35, 0x7f, 0xbb, 0x60, 0xe9, 0x95,
-             0xc6, 0x02, 0x05, 0xbe, 0x91, 0x39, 0xe7, 0x49, 0x98, 0xae, 0xde,
-             0x7f, 0x45, 0x81, 0xe4, 0x2f, 0x6b, 0x52, 0x69, 0x8f, 0x7f, 0xa1,
-             0x21, 0x97, 0x08, 0xc1, 0x44, 0x98, 0x06, 0x7f, 0xd1, 0xe0, 0x95,
-             0x02, 0xde, 0x83, 0xa7, 0x7d, 0xd2, 0x81, 0x15, 0x0c})),
-    std::make_pair(
-        226,
-        std::vector<uint8_t>(
-            {0x51, 0x33, 0xdc, 0x8b, 0xef, 0x72, 0x53, 0x59, 0xdf, 0xf5, 0x97,
-             0x92, 0xd8, 0x5e, 0xaf, 0x75, 0xb7, 0xe1, 0xdc, 0xd1, 0x97, 0x8b,
-             0x01, 0xc3, 0x5b, 0x1b, 0x85, 0xfc, 0xeb, 0xc6, 0x33, 0x88, 0xad,
-             0x99, 0xa1, 0x7b, 0x63, 0x46, 0xa2, 0x17, 0xdc, 0x1a, 0x96, 0x22,
-             0xeb, 0xd1, 0x22, 0xec, 0xf6, 0x91, 0x3c, 0x4d, 0x31, 0xa6, 0xb5,
-             0x2a, 0x69, 0x5b, 0x86, 0xaf, 0x00, 0xd7, 0x41, 0xa0})),
-    std::make_pair(
-        227,
-        std::vector<uint8_t>(
-            {0x27, 0x53, 0xc4, 0xc0, 0xe9, 0x8e, 0xca, 0xd8, 0x06, 0xe8, 0x87,
-             0x80, 0xec, 0x27, 0xfc, 0xcd, 0x0f, 0x5c, 0x1a, 0xb5, 0x47, 0xf9,
-             0xe4, 0xbf, 0x16, 0x59, 0xd1, 0x92, 0xc2, 0x3a, 0xa2, 0xcc, 0x97,
-             0x1b, 0x58, 0xb6, 0x80, 0x25, 0x80, 0xba, 0xef, 0x8a, 0xdc, 0x3b,
-             0x77, 0x6e, 0xf7, 0x08, 0x6b, 0x25, 0x45, 0xc2, 0x98, 0x7f, 0x34,
-             0x8e, 0xe3, 0x71, 0x9c, 0xde, 0xf2, 0x58, 0xc4, 0x03})),
-    std::make_pair(
-        228,
-        std::vector<uint8_t>(
-            {0xb1, 0x66, 0x35, 0x73, 0xce, 0x4b, 0x9d, 0x8c, 0xae, 0xfc, 0x86,
-             0x50, 0x12, 0xf3, 0xe3, 0x97, 0x14, 0xb9, 0x89, 0x8a, 0x5d, 0xa6,
-             0xce, 0x17, 0xc2, 0x5a, 0x6a, 0x47, 0x93, 0x1a, 0x9d, 0xdb, 0x9b,
-             0xbe, 0x98, 0xad, 0xaa, 0x55, 0x3b, 0xee, 0xd4, 0x36, 0xe8, 0x95,
-             0x78, 0x45, 0x54, 0x16, 0xc2, 0xa5, 0x2a, 0x52, 0x5c, 0xf2, 0x86,
-             0x2b, 0x8d, 0x1d, 0x49, 0xa2, 0x53, 0x1b, 0x73, 0x91})),
-    std::make_pair(
-        229,
-        std::vector<uint8_t>(
-            {0x64, 0xf5, 0x8b, 0xd6, 0xbf, 0xc8, 0x56, 0xf5, 0xe8, 0x73, 0xb2,
-             0xa2, 0x95, 0x6e, 0xa0, 0xed, 0xa0, 0xd6, 0xdb, 0x0d, 0xa3, 0x9c,
-             0x8c, 0x7f, 0xc6, 0x7c, 0x9f, 0x9f, 0xee, 0xfc, 0xff, 0x30, 0x72,
-             0xcd, 0xf9, 0xe6, 0xea, 0x37, 0xf6, 0x9a, 0x44, 0xf0, 0xc6, 0x1a,
-             0xa0, 0xda, 0x36, 0x93, 0xc2, 0xdb, 0x5b, 0x54, 0x96, 0x0c, 0x02,
-             0x81, 0xa0, 0x88, 0x15, 0x1d, 0xb4, 0x2b, 0x11, 0xe8})),
-    std::make_pair(
-        230,
-        std::vector<uint8_t>(
-            {0x07, 0x64, 0xc7, 0xbe, 0x28, 0x12, 0x5d, 0x90, 0x65, 0xc4, 0xb9,
-             0x8a, 0x69, 0xd6, 0x0a, 0xed, 0xe7, 0x03, 0x54, 0x7c, 0x66, 0xa1,
-             0x2e, 0x17, 0xe1, 0xc6, 0x18, 0x99, 0x41, 0x32, 0xf5, 0xef, 0x82,
-             0x48, 0x2c, 0x1e, 0x3f, 0xe3, 0x14, 0x6c, 0xc6, 0x53, 0x76, 0xcc,
-             0x10, 0x9f, 0x01, 0x38, 0xed, 0x9a, 0x80, 0xe4, 0x9f, 0x1f, 0x3c,
-             0x7d, 0x61, 0x0d, 0x2f, 0x24, 0x32, 0xf2, 0x06, 0x05})),
-    std::make_pair(
-        231,
-        std::vector<uint8_t>(
-            {0xf7, 0x48, 0x78, 0x43, 0x98, 0xa2, 0xff, 0x03, 0xeb, 0xeb, 0x07,
-             0xe1, 0x55, 0xe6, 0x61, 0x16, 0xa8, 0x39, 0x74, 0x1a, 0x33, 0x6e,
-             0x32, 0xda, 0x71, 0xec, 0x69, 0x60, 0x01, 0xf0, 0xad, 0x1b, 0x25,
-             0xcd, 0x48, 0xc6, 0x9c, 0xfc, 0xa7, 0x26, 0x5e, 0xca, 0x1d, 0xd7,
-             0x19, 0x04, 0xa0, 0xce, 0x74, 0x8a, 0xc4, 0x12, 0x4f, 0x35, 0x71,
-             0x07, 0x6d, 0xfa, 0x71, 0x16, 0xa9, 0xcf, 0x00, 0xe9})),
-    std::make_pair(
-        232,
-        std::vector<uint8_t>(
-            {0x3f, 0x0d, 0xbc, 0x01, 0x86, 0xbc, 0xeb, 0x6b, 0x78, 0x5b, 0xa7,
-             0x8d, 0x2a, 0x2a, 0x01, 0x3c, 0x91, 0x0b, 0xe1, 0x57, 0xbd, 0xaf,
-             0xfa, 0xe8, 0x1b, 0xb6, 0x66, 0x3b, 0x1a, 0x73, 0x72, 0x2f, 0x7f,
-             0x12, 0x28, 0x79, 0x5f, 0x3e, 0xca, 0xda, 0x87, 0xcf, 0x6e, 0xf0,
-             0x07, 0x84, 0x74, 0xaf, 0x73, 0xf3, 0x1e, 0xca, 0x0c, 0xc2, 0x00,
-             0xed, 0x97, 0x5b, 0x68, 0x93, 0xf7, 0x61, 0xcb, 0x6d})),
-    std::make_pair(
-        233,
-        std::vector<uint8_t>(
-            {0xd4, 0x76, 0x2c, 0xd4, 0x59, 0x98, 0x76, 0xca, 0x75, 0xb2, 0xb8,
-             0xfe, 0x24, 0x99, 0x44, 0xdb, 0xd2, 0x7a, 0xce, 0x74, 0x1f, 0xda,
-             0xb9, 0x36, 0x16, 0xcb, 0xc6, 0xe4, 0x25, 0x46, 0x0f, 0xeb, 0x51,
-             0xd4, 0xe7, 0xad, 0xcc, 0x38, 0x18, 0x0e, 0x7f, 0xc4, 0x7c, 0x89,
-             0x02, 0x4a, 0x7f, 0x56, 0x19, 0x1a, 0xdb, 0x87, 0x8d, 0xfd, 0xe4,
-             0xea, 0xd6, 0x22, 0x23, 0xf5, 0xa2, 0x61, 0x0e, 0xfe})),
-    std::make_pair(
-        234,
-        std::vector<uint8_t>(
-            {0xcd, 0x36, 0xb3, 0xd5, 0xb4, 0xc9, 0x1b, 0x90, 0xfc, 0xbb, 0xa7,
-             0x95, 0x13, 0xcf, 0xee, 0x19, 0x07, 0xd8, 0x64, 0x5a, 0x16, 0x2a,
-             0xfd, 0x0c, 0xd4, 0xcf, 0x41, 0x92, 0xd4, 0xa5, 0xf4, 0xc8, 0x92,
-             0x18, 0x3a, 0x8e, 0xac, 0xdb, 0x2b, 0x6b, 0x6a, 0x9d, 0x9a, 0xa8,
-             0xc1, 0x1a, 0xc1, 0xb2, 0x61, 0xb3, 0x80, 0xdb, 0xee, 0x24, 0xca,
-             0x46, 0x8f, 0x1b, 0xfd, 0x04, 0x3c, 0x58, 0xee, 0xfe})),
-    std::make_pair(
-        235,
-        std::vector<uint8_t>(
-            {0x98, 0x59, 0x34, 0x52, 0x28, 0x16, 0x61, 0xa5, 0x3c, 0x48, 0xa9,
-             0xd8, 0xcd, 0x79, 0x08, 0x26, 0xc1, 0xa1, 0xce, 0x56, 0x77, 0x38,
-             0x05, 0x3d, 0x0b, 0xee, 0x4a, 0x91, 0xa3, 0xd5, 0xbd, 0x92, 0xee,
-             0xfd, 0xba, 0xbe, 0xbe, 0x32, 0x04, 0xf2, 0x03, 0x1c, 0xa5, 0xf7,
-             0x81, 0xbd, 0xa9, 0x9e, 0xf5, 0xd8, 0xae, 0x56, 0xe5, 0xb0, 0x4a,
-             0x9e, 0x1e, 0xcd, 0x21, 0xb0, 0xeb, 0x05, 0xd3, 0xe1})),
-    std::make_pair(
-        236,
-        std::vector<uint8_t>(
-            {0x77, 0x1f, 0x57, 0xdd, 0x27, 0x75, 0xcc, 0xda, 0xb5, 0x59, 0x21,
-             0xd3, 0xe8, 0xe3, 0x0c, 0xcf, 0x48, 0x4d, 0x61, 0xfe, 0x1c, 0x1b,
-             0x9c, 0x2a, 0xe8, 0x19, 0xd0, 0xfb, 0x2a, 0x12, 0xfa, 0xb9, 0xbe,
-             0x70, 0xc4, 0xa7, 0xa1, 0x38, 0xda, 0x84, 0xe8, 0x28, 0x04, 0x35,
-             0xda, 0xad, 0xe5, 0xbb, 0xe6, 0x6a, 0xf0, 0x83, 0x6a, 0x15, 0x4f,
-             0x81, 0x7f, 0xb1, 0x7f, 0x33, 0x97, 0xe7, 0x25, 0xa3})),
-    std::make_pair(
-        237,
-        std::vector<uint8_t>(
-            {0xc6, 0x08, 0x97, 0xc6, 0xf8, 0x28, 0xe2, 0x1f, 0x16, 0xfb, 0xb5,
-             0xf1, 0x5b, 0x32, 0x3f, 0x87, 0xb6, 0xc8, 0x95, 0x5e, 0xab, 0xf1,
-             0xd3, 0x80, 0x61, 0xf7, 0x07, 0xf6, 0x08, 0xab, 0xdd, 0x99, 0x3f,
-             0xac, 0x30, 0x70, 0x63, 0x3e, 0x28, 0x6c, 0xf8, 0x33, 0x9c, 0xe2,
-             0x95, 0xdd, 0x35, 0x2d, 0xf4, 0xb4, 0xb4, 0x0b, 0x2f, 0x29, 0xda,
-             0x1d, 0xd5, 0x0b, 0x3a, 0x05, 0xd0, 0x79, 0xe6, 0xbb})),
-    std::make_pair(
-        238,
-        std::vector<uint8_t>(
-            {0x82, 0x10, 0xcd, 0x2c, 0x2d, 0x3b, 0x13, 0x5c, 0x2c, 0xf0, 0x7f,
-             0xa0, 0xd1, 0x43, 0x3c, 0xd7, 0x71, 0xf3, 0x25, 0xd0, 0x75, 0xc6,
-             0x46, 0x9d, 0x9c, 0x7f, 0x1b, 0xa0, 0x94, 0x3c, 0xd4, 0xab, 0x09,
-             0x80, 0x8c, 0xab, 0xf4, 0xac, 0xb9, 0xce, 0x5b, 0xb8, 0x8b, 0x49,
-             0x89, 0x29, 0xb4, 0xb8, 0x47, 0xf6, 0x81, 0xad, 0x2c, 0x49, 0x0d,
-             0x04, 0x2d, 0xb2, 0xae, 0xc9, 0x42, 0x14, 0xb0, 0x6b})),
-    std::make_pair(
-        239,
-        std::vector<uint8_t>(
-            {0x1d, 0x4e, 0xdf, 0xff, 0xd8, 0xfd, 0x80, 0xf7, 0xe4, 0x10, 0x78,
-             0x40, 0xfa, 0x3a, 0xa3, 0x1e, 0x32, 0x59, 0x84, 0x91, 0xe4, 0xaf,
-             0x70, 0x13, 0xc1, 0x97, 0xa6, 0x5b, 0x7f, 0x36, 0xdd, 0x3a, 0xc4,
-             0xb4, 0x78, 0x45, 0x61, 0x11, 0xcd, 0x43, 0x09, 0xd9, 0x24, 0x35,
-             0x10, 0x78, 0x2f, 0xa3, 0x1b, 0x7c, 0x4c, 0x95, 0xfa, 0x95, 0x15,
-             0x20, 0xd0, 0x20, 0xeb, 0x7e, 0x5c, 0x36, 0xe4, 0xef})),
-    std::make_pair(
-        240,
-        std::vector<uint8_t>(
-            {0xaf, 0x8e, 0x6e, 0x91, 0xfa, 0xb4, 0x6c, 0xe4, 0x87, 0x3e, 0x1a,
-             0x50, 0xa8, 0xef, 0x44, 0x8c, 0xc2, 0x91, 0x21, 0xf7, 0xf7, 0x4d,
-             0xee, 0xf3, 0x4a, 0x71, 0xef, 0x89, 0xcc, 0x00, 0xd9, 0x27, 0x4b,
-             0xc6, 0xc2, 0x45, 0x4b, 0xbb, 0x32, 0x30, 0xd8, 0xb2, 0xec, 0x94,
-             0xc6, 0x2b, 0x1d, 0xec, 0x85, 0xf3, 0x59, 0x3b, 0xfa, 0x30, 0xea,
-             0x6f, 0x7a, 0x44, 0xd7, 0xc0, 0x94, 0x65, 0xa2, 0x53})),
-    std::make_pair(
-        241,
-        std::vector<uint8_t>(
-            {0x29, 0xfd, 0x38, 0x4e, 0xd4, 0x90, 0x6f, 0x2d, 0x13, 0xaa, 0x9f,
-             0xe7, 0xaf, 0x90, 0x59, 0x90, 0x93, 0x8b, 0xed, 0x80, 0x7f, 0x18,
-             0x32, 0x45, 0x4a, 0x37, 0x2a, 0xb4, 0x12, 0xee, 0xa1, 0xf5, 0x62,
-             0x5a, 0x1f, 0xcc, 0x9a, 0xc8, 0x34, 0x3b, 0x7c, 0x67, 0xc5, 0xab,
-             0xa6, 0xe0, 0xb1, 0xcc, 0x46, 0x44, 0x65, 0x49, 0x13, 0x69, 0x2c,
-             0x6b, 0x39, 0xeb, 0x91, 0x87, 0xce, 0xac, 0xd3, 0xec})),
-    std::make_pair(
-        242,
-        std::vector<uint8_t>(
-            {0xa2, 0x68, 0xc7, 0x88, 0x5d, 0x98, 0x74, 0xa5, 0x1c, 0x44, 0xdf,
-             0xfe, 0xd8, 0xea, 0x53, 0xe9, 0x4f, 0x78, 0x45, 0x6e, 0x0b, 0x2e,
-             0xd9, 0x9f, 0xf5, 0xa3, 0x92, 0x47, 0x60, 0x81, 0x38, 0x26, 0xd9,
-             0x60, 0xa1, 0x5e, 0xdb, 0xed, 0xbb, 0x5d, 0xe5, 0x22, 0x6b, 0xa4,
-             0xb0, 0x74, 0xe7, 0x1b, 0x05, 0xc5, 0x5b, 0x97, 0x56, 0xbb, 0x79,
-             0xe5, 0x5c, 0x02, 0x75, 0x4c, 0x2c, 0x7b, 0x6c, 0x8a})),
-    std::make_pair(
-        243,
-        std::vector<uint8_t>(
-            {0x0c, 0xf8, 0x54, 0x54, 0x88, 0xd5, 0x6a, 0x86, 0x81, 0x7c, 0xd7,
-             0xec, 0xb1, 0x0f, 0x71, 0x16, 0xb7, 0xea, 0x53, 0x0a, 0x45, 0xb6,
-             0xea, 0x49, 0x7b, 0x6c, 0x72, 0xc9, 0x97, 0xe0, 0x9e, 0x3d, 0x0d,
-             0xa8, 0x69, 0x8f, 0x46, 0xbb, 0x00, 0x6f, 0xc9, 0x77, 0xc2, 0xcd,
-             0x3d, 0x11, 0x77, 0x46, 0x3a, 0xc9, 0x05, 0x7f, 0xdd, 0x16, 0x62,
-             0xc8, 0x5d, 0x0c, 0x12, 0x64, 0x43, 0xc1, 0x04, 0x73})),
-    std::make_pair(
-        244,
-        std::vector<uint8_t>(
-            {0xb3, 0x96, 0x14, 0x26, 0x8f, 0xdd, 0x87, 0x81, 0x51, 0x5e, 0x2c,
-             0xfe, 0xbf, 0x89, 0xb4, 0xd5, 0x40, 0x2b, 0xab, 0x10, 0xc2, 0x26,
-             0xe6, 0x34, 0x4e, 0x6b, 0x9a, 0xe0, 0x00, 0xfb, 0x0d, 0x6c, 0x79,
-             0xcb, 0x2f, 0x3e, 0xc8, 0x0e, 0x80, 0xea, 0xeb, 0x19, 0x80, 0xd2,
-             0xf8, 0x69, 0x89, 0x16, 0xbd, 0x2e, 0x9f, 0x74, 0x72, 0x36, 0x65,
-             0x51, 0x16, 0x64, 0x9c, 0xd3, 0xca, 0x23, 0xa8, 0x37})),
-    std::make_pair(
-        245,
-        std::vector<uint8_t>(
-            {0x74, 0xbe, 0xf0, 0x92, 0xfc, 0x6f, 0x1e, 0x5d, 0xba, 0x36, 0x63,
-             0xa3, 0xfb, 0x00, 0x3b, 0x2a, 0x5b, 0xa2, 0x57, 0x49, 0x65, 0x36,
-             0xd9, 0x9f, 0x62, 0xb9, 0xd7, 0x3f, 0x8f, 0x9e, 0xb3, 0xce, 0x9f,
-             0xf3, 0xee, 0xc7, 0x09, 0xeb, 0x88, 0x36, 0x55, 0xec, 0x9e, 0xb8,
-             0x96, 0xb9, 0x12, 0x8f, 0x2a, 0xfc, 0x89, 0xcf, 0x7d, 0x1a, 0xb5,
-             0x8a, 0x72, 0xf4, 0xa3, 0xbf, 0x03, 0x4d, 0x2b, 0x4a})),
-    std::make_pair(
-        246,
-        std::vector<uint8_t>(
-            {0x3a, 0x98, 0x8d, 0x38, 0xd7, 0x56, 0x11, 0xf3, 0xef, 0x38, 0xb8,
-             0x77, 0x49, 0x80, 0xb3, 0x3e, 0x57, 0x3b, 0x6c, 0x57, 0xbe, 0xe0,
-             0x46, 0x9b, 0xa5, 0xee, 0xd9, 0xb4, 0x4f, 0x29, 0x94, 0x5e, 0x73,
-             0x47, 0x96, 0x7f, 0xba, 0x2c, 0x16, 0x2e, 0x1c, 0x3b, 0xe7, 0xf3,
-             0x10, 0xf2, 0xf7, 0x5e, 0xe2, 0x38, 0x1e, 0x7b, 0xfd, 0x6b, 0x3f,
-             0x0b, 0xae, 0xa8, 0xd9, 0x5d, 0xfb, 0x1d, 0xaf, 0xb1})),
-    std::make_pair(
-        247,
-        std::vector<uint8_t>(
-            {0x58, 0xae, 0xdf, 0xce, 0x6f, 0x67, 0xdd, 0xc8, 0x5a, 0x28, 0xc9,
-             0x92, 0xf1, 0xc0, 0xbd, 0x09, 0x69, 0xf0, 0x41, 0xe6, 0x6f, 0x1e,
-             0xe8, 0x80, 0x20, 0xa1, 0x25, 0xcb, 0xfc, 0xfe, 0xbc, 0xd6, 0x17,
-             0x09, 0xc9, 0xc4, 0xeb, 0xa1, 0x92, 0xc1, 0x5e, 0x69, 0xf0, 0x20,
-             0xd4, 0x62, 0x48, 0x60, 0x19, 0xfa, 0x8d, 0xea, 0x0c, 0xd7, 0xa4,
-             0x29, 0x21, 0xa1, 0x9d, 0x2f, 0xe5, 0x46, 0xd4, 0x3d})),
-    std::make_pair(
-        248,
-        std::vector<uint8_t>(
-            {0x93, 0x47, 0xbd, 0x29, 0x14, 0x73, 0xe6, 0xb4, 0xe3, 0x68, 0x43,
-             0x7b, 0x8e, 0x56, 0x1e, 0x06, 0x5f, 0x64, 0x9a, 0x6d, 0x8a, 0xda,
-             0x47, 0x9a, 0xd0, 0x9b, 0x19, 0x99, 0xa8, 0xf2, 0x6b, 0x91, 0xcf,
-             0x61, 0x20, 0xfd, 0x3b, 0xfe, 0x01, 0x4e, 0x83, 0xf2, 0x3a, 0xcf,
-             0xa4, 0xc0, 0xad, 0x7b, 0x37, 0x12, 0xb2, 0xc3, 0xc0, 0x73, 0x32,
-             0x70, 0x66, 0x31, 0x12, 0xcc, 0xd9, 0x28, 0x5c, 0xd9})),
-    std::make_pair(
-        249,
-        std::vector<uint8_t>(
-            {0xb3, 0x21, 0x63, 0xe7, 0xc5, 0xdb, 0xb5, 0xf5, 0x1f, 0xdc, 0x11,
-             0xd2, 0xea, 0xc8, 0x75, 0xef, 0xbb, 0xcb, 0x7e, 0x76, 0x99, 0x09,
-             0x0a, 0x7e, 0x7f, 0xf8, 0xa8, 0xd5, 0x07, 0x95, 0xaf, 0x5d, 0x74,
-             0xd9, 0xff, 0x98, 0x54, 0x3e, 0xf8, 0xcd, 0xf8, 0x9a, 0xc1, 0x3d,
-             0x04, 0x85, 0x27, 0x87, 0x56, 0xe0, 0xef, 0x00, 0xc8, 0x17, 0x74,
-             0x56, 0x61, 0xe1, 0xd5, 0x9f, 0xe3, 0x8e, 0x75, 0x37})),
-    std::make_pair(
-        250,
-        std::vector<uint8_t>(
-            {0x10, 0x85, 0xd7, 0x83, 0x07, 0xb1, 0xc4, 0xb0, 0x08, 0xc5, 0x7a,
-             0x2e, 0x7e, 0x5b, 0x23, 0x46, 0x58, 0xa0, 0xa8, 0x2e, 0x4f, 0xf1,
-             0xe4, 0xaa, 0xac, 0x72, 0xb3, 0x12, 0xfd, 0xa0, 0xfe, 0x27, 0xd2,
-             0x33, 0xbc, 0x5b, 0x10, 0xe9, 0xcc, 0x17, 0xfd, 0xc7, 0x69, 0x7b,
-             0x54, 0x0c, 0x7d, 0x95, 0xeb, 0x21, 0x5a, 0x19, 0xa1, 0xa0, 0xe2,
-             0x0e, 0x1a, 0xbf, 0xa1, 0x26, 0xef, 0xd5, 0x68, 0xc7})),
-    std::make_pair(
-        251,
-        std::vector<uint8_t>(
-            {0x4e, 0x5c, 0x73, 0x4c, 0x7d, 0xde, 0x01, 0x1d, 0x83, 0xea, 0xc2,
-             0xb7, 0x34, 0x7b, 0x37, 0x35, 0x94, 0xf9, 0x2d, 0x70, 0x91, 0xb9,
-             0xca, 0x34, 0xcb, 0x9c, 0x6f, 0x39, 0xbd, 0xf5, 0xa8, 0xd2, 0xf1,
-             0x34, 0x37, 0x9e, 0x16, 0xd8, 0x22, 0xf6, 0x52, 0x21, 0x70, 0xcc,
-             0xf2, 0xdd, 0xd5, 0x5c, 0x84, 0xb9, 0xe6, 0xc6, 0x4f, 0xc9, 0x27,
-             0xac, 0x4c, 0xf8, 0xdf, 0xb2, 0xa1, 0x77, 0x01, 0xf2})),
-    std::make_pair(
-        252,
-        std::vector<uint8_t>(
-            {0x69, 0x5d, 0x83, 0xbd, 0x99, 0x0a, 0x11, 0x17, 0xb3, 0xd0, 0xce,
-             0x06, 0xcc, 0x88, 0x80, 0x27, 0xd1, 0x2a, 0x05, 0x4c, 0x26, 0x77,
-             0xfd, 0x82, 0xf0, 0xd4, 0xfb, 0xfc, 0x93, 0x57, 0x55, 0x23, 0xe7,
-             0x99, 0x1a, 0x5e, 0x35, 0xa3, 0x75, 0x2e, 0x9b, 0x70, 0xce, 0x62,
-             0x99, 0x2e, 0x26, 0x8a, 0x87, 0x77, 0x44, 0xcd, 0xd4, 0x35, 0xf5,
-             0xf1, 0x30, 0x86, 0x9c, 0x9a, 0x20, 0x74, 0xb3, 0x38})),
-    std::make_pair(
-        253,
-        std::vector<uint8_t>(
-            {0xa6, 0x21, 0x37, 0x43, 0x56, 0x8e, 0x3b, 0x31, 0x58, 0xb9, 0x18,
-             0x43, 0x01, 0xf3, 0x69, 0x08, 0x47, 0x55, 0x4c, 0x68, 0x45, 0x7c,
-             0xb4, 0x0f, 0xc9, 0xa4, 0xb8, 0xcf, 0xd8, 0xd4, 0xa1, 0x18, 0xc3,
-             0x01, 0xa0, 0x77, 0x37, 0xae, 0xda, 0x0f, 0x92, 0x9c, 0x68, 0x91,
-             0x3c, 0x5f, 0x51, 0xc8, 0x03, 0x94, 0xf5, 0x3b, 0xff, 0x1c, 0x3e,
-             0x83, 0xb2, 0xe4, 0x0c, 0xa9, 0x7e, 0xba, 0x9e, 0x15})),
-    std::make_pair(
-        254,
-        std::vector<uint8_t>(
-            {0xd4, 0x44, 0xbf, 0xa2, 0x36, 0x2a, 0x96, 0xdf, 0x21, 0x3d, 0x07,
-             0x0e, 0x33, 0xfa, 0x84, 0x1f, 0x51, 0x33, 0x4e, 0x4e, 0x76, 0x86,
-             0x6b, 0x81, 0x39, 0xe8, 0xaf, 0x3b, 0xb3, 0x39, 0x8b, 0xe2, 0xdf,
-             0xad, 0xdc, 0xbc, 0x56, 0xb9, 0x14, 0x6d, 0xe9, 0xf6, 0x81, 0x18,
-             0xdc, 0x58, 0x29, 0xe7, 0x4b, 0x0c, 0x28, 0xd7, 0x71, 0x19, 0x07,
-             0xb1, 0x21, 0xf9, 0x16, 0x1c, 0xb9, 0x2b, 0x69, 0xa9})),
-    std::make_pair(
-        255,
-        std::vector<uint8_t>(
-            {0x14, 0x27, 0x09, 0xd6, 0x2e, 0x28, 0xfc, 0xcc, 0xd0, 0xaf, 0x97,
-             0xfa, 0xd0, 0xf8, 0x46, 0x5b, 0x97, 0x1e, 0x82, 0x20, 0x1d, 0xc5,
-             0x10, 0x70, 0xfa, 0xa0, 0x37, 0x2a, 0xa4, 0x3e, 0x92, 0x48, 0x4b,
-             0xe1, 0xc1, 0xe7, 0x3b, 0xa1, 0x09, 0x06, 0xd5, 0xd1, 0x85, 0x3d,
-             0xb6, 0xa4, 0x10, 0x6e, 0x0a, 0x7b, 0xf9, 0x80, 0x0d, 0x37, 0x3d,
-             0x6d, 0xee, 0x2d, 0x46, 0xd6, 0x2e, 0xf2, 0xa4, 0x61}))};
\ No newline at end of file
diff --git a/security/nss/gtests/freebl_gtest/rsa_unittest.cc b/security/nss/gtests/freebl_gtest/rsa_unittest.cc
deleted file mode 100644
index 5c667a1d1..000000000
--- a/security/nss/gtests/freebl_gtest/rsa_unittest.cc
+++ /dev/null
@@ -1,61 +0,0 @@
-// This Source Code Form is subject to the terms of the Mozilla Public
-// License, v. 2.0. If a copy of the MPL was not distributed with this file,
-// You can obtain one at http://mozilla.org/MPL/2.0/.
-
-#include "gtest/gtest.h"
-
-#include <stdint.h>
-
-#include "blapi.h"
-#include "secitem.h"
-
-template <class T>
-struct ScopedDelete {
-  void operator()(T* ptr) {
-    if (ptr) {
-      PORT_FreeArena(ptr->arena, PR_TRUE);
-    }
-  }
-};
-
-typedef std::unique_ptr<RSAPrivateKey, ScopedDelete<RSAPrivateKey>>
-    ScopedRSAPrivateKey;
-
-class RSANewKeyTest : public ::testing::Test {
- protected:
-  RSAPrivateKey* CreateKeyWithExponent(int keySizeInBits,
-                                       unsigned char publicExponent) {
-    SECItem exp = {siBuffer, 0, 0};
-    unsigned char pubExp[1] = {publicExponent};
-    exp.data = pubExp;
-    exp.len = 1;
-
-    return RSA_NewKey(keySizeInBits, &exp);
-  }
-};
-
-TEST_F(RSANewKeyTest, expOneTest) {
-  ScopedRSAPrivateKey key(CreateKeyWithExponent(2048, 0x01));
-  ASSERT_TRUE(key == nullptr);
-}
-TEST_F(RSANewKeyTest, expTwoTest) {
-  ScopedRSAPrivateKey key(CreateKeyWithExponent(2048, 0x02));
-  ASSERT_TRUE(key == nullptr);
-}
-TEST_F(RSANewKeyTest, expFourTest) {
-  ScopedRSAPrivateKey key(CreateKeyWithExponent(2048, 0x04));
-  ASSERT_TRUE(key == nullptr);
-}
-TEST_F(RSANewKeyTest, WrongKeysizeTest) {
-  ScopedRSAPrivateKey key(CreateKeyWithExponent(2047, 0x03));
-  ASSERT_TRUE(key == nullptr);
-}
-
-TEST_F(RSANewKeyTest, expThreeTest) {
-  ScopedRSAPrivateKey key(CreateKeyWithExponent(2048, 0x03));
-#ifdef NSS_FIPS_DISABLED
-  ASSERT_TRUE(key != nullptr);
-#else
-  ASSERT_TRUE(key == nullptr);
-#endif
-}
diff --git a/security/nss/gtests/manifest.mn b/security/nss/gtests/manifest.mn
index 13048f037..1ae4cab77 100644
--- a/security/nss/gtests/manifest.mn
+++ b/security/nss/gtests/manifest.mn
@@ -13,6 +13,7 @@ LIB_SRCDIRS = \
 ifneq ($(NSS_BUILD_WITHOUT_UTIL),1)
 UTIL_SRCDIRS = \
 	util_gtest \
+	der_gtest \
 	$(NULL)
 endif
 
@@ -21,12 +22,9 @@ ifneq ($(NSS_BUILD_UTIL_ONLY),1)
 NSS_SRCDIRS = \
 	certdb_gtest \
 	certhigh_gtest \
-	cryptohi_gtest \
-	der_gtest \
 	pk11_gtest \
-	softoken_gtest \
 	ssl_gtest \
-	nss_bogo_shim \
+        nss_bogo_shim \
 	$(NULL)
 endif
 endif
diff --git a/security/nss/gtests/nss_bogo_shim/Makefile b/security/nss/gtests/nss_bogo_shim/Makefile
index a2ac4b145..fd6426d89 100644
--- a/security/nss/gtests/nss_bogo_shim/Makefile
+++ b/security/nss/gtests/nss_bogo_shim/Makefile
@@ -30,6 +30,10 @@ include ../common/gtest.mk
 
 CFLAGS += -I$(CORE_DEPTH)/lib/ssl
 
+ifdef NSS_SSL_ENABLE_ZLIB
+include $(CORE_DEPTH)/coreconf/zlib.mk
+endif
+
 #######################################################################
 # (5) Execute "global" rules. (OPTIONAL)                              #
 #######################################################################
@@ -44,3 +48,5 @@ include $(CORE_DEPTH)/coreconf/rules.mk
 #######################################################################
 # (7) Execute "local" rules. (OPTIONAL).                              #
 #######################################################################
+
+
diff --git a/security/nss/gtests/nss_bogo_shim/config.json b/security/nss/gtests/nss_bogo_shim/config.json
index fed7ca993..4109bd2ca 100644
--- a/security/nss/gtests/nss_bogo_shim/config.json
+++ b/security/nss/gtests/nss_bogo_shim/config.json
@@ -1,14 +1,12 @@
 {
     "DisabledTests": {
         "### These tests break whenever we rev versions, so just leave them here for easy uncommenting":"",
-        "*TLS13*":"(NSS=19, BoGo=18)",
-        "*HelloRetryRequest*":"(NSS=19, BoGo=18)",
-        "*KeyShare*":"(NSS=19, BoGo=18)",
-        "*EncryptedExtensions*":"(NSS=19, BoGo=18)",
-        "*SecondClientHello*":"(NSS=19, BoGo=18)",
-        "*IgnoreClientVersionOrder*":"(NSS=19, BoGo=18)",
-        "SkipEarlyData*":"(NSS=19, BoGo=18)",
-        "*Binder*":"(NSS=19, BoGo=18)",
+        "#*TLS13*":"(NSS=18, BoGo=16)",
+        "#*HelloRetryRequest*":"(NSS=18, BoGo=16)",
+        "#*KeyShare*":"(NSS=18, BoGo=16)",
+        "#*EncryptedExtensions*":"(NSS=18, BoGo=16)",
+        "#*SecondClientHello*":"(NSS=18, BoGo=16)",
+        "#*IgnoreClientVersionOrder*":"(NSS=18, BoGo=16)",
         "Resume-Server-BinderWrongLength":"Alert disagreement (Bug 1317633)",
         "Resume-Server-NoPSKBinder":"Alert disagreement (Bug 1317633)",
         "CheckRecordVersion-TLS*":"Bug 1317634",
@@ -68,3 +66,4 @@
         ":DIGEST_CHECK_FAILED:":"SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE"
     }
 }
+
diff --git a/security/nss/gtests/pk11_gtest/manifest.mn b/security/nss/gtests/pk11_gtest/manifest.mn
index a3dff9d10..fb773ee18 100644
--- a/security/nss/gtests/pk11_gtest/manifest.mn
+++ b/security/nss/gtests/pk11_gtest/manifest.mn
@@ -11,7 +11,6 @@ CPPSRCS = \
       pk11_chacha20poly1305_unittest.cc \
       pk11_curve25519_unittest.cc \
       pk11_ecdsa_unittest.cc \
-      pk11_encrypt_derive_unittest.cc \
       pk11_export_unittest.cc \
       pk11_pbkdf2_unittest.cc \
       pk11_prf_unittest.cc \
@@ -24,12 +23,10 @@ INCLUDES += -I$(CORE_DEPTH)/gtests/google_test/gtest/include \
             -I$(CORE_DEPTH)/gtests/common \
             -I$(CORE_DEPTH)/cpputil
 
-REQUIRES = nspr nss libdbm gtest cpputil
+REQUIRES = nspr nss libdbm gtest
 
 PROGRAM = pk11_gtest
 
-EXTRA_LIBS = $(DIST)/lib/$(LIB_PREFIX)gtest.$(LIB_SUFFIX) \
-             $(DIST)/lib/$(LIB_PREFIX)cpputil.$(LIB_SUFFIX) \
-             $(DIST)/lib/$(LIB_PREFIX)gtestutil.$(LIB_SUFFIX) \
-             $(NULL)
+EXTRA_LIBS = $(DIST)/lib/$(LIB_PREFIX)gtest.$(LIB_SUFFIX) $(EXTRA_OBJS) \
+             $(DIST)/lib/$(LIB_PREFIX)gtestutil.$(LIB_SUFFIX)
 
diff --git a/security/nss/gtests/pk11_gtest/pk11_ecdsa_unittest.cc b/security/nss/gtests/pk11_gtest/pk11_ecdsa_unittest.cc
index fb0659852..a54190c7c 100644
--- a/security/nss/gtests/pk11_gtest/pk11_ecdsa_unittest.cc
+++ b/security/nss/gtests/pk11_gtest/pk11_ecdsa_unittest.cc
@@ -15,117 +15,103 @@
 
 namespace nss_test {
 
-class Pkcs11EcdsaTestBase : public Pk11SignatureTest {
+class Pkcs11EcdsaTest : public Pk11SignatureTest {
  protected:
-  Pkcs11EcdsaTestBase(SECOidTag hash_oid)
-      : Pk11SignatureTest(CKM_ECDSA, hash_oid) {}
+  CK_MECHANISM_TYPE mechanism() { return CKM_ECDSA; }
+  SECItem* parameters() { return nullptr; }
 };
 
-struct Pkcs11EcdsaTestParams {
-  SECOidTag hash_oid_;
-  Pkcs11SignatureTestParams sig_params_;
+class Pkcs11EcdsaSha256Test : public Pkcs11EcdsaTest {
+ protected:
+  SECOidTag hashOID() { return SEC_OID_SHA256; }
 };
 
-class Pkcs11EcdsaTest
-    : public Pkcs11EcdsaTestBase,
-      public ::testing::WithParamInterface<Pkcs11EcdsaTestParams> {
- public:
-  Pkcs11EcdsaTest() : Pkcs11EcdsaTestBase(GetParam().hash_oid_) {}
+class Pkcs11EcdsaSha384Test : public Pkcs11EcdsaTest {
+ protected:
+  SECOidTag hashOID() { return SEC_OID_SHA384; }
 };
 
-TEST_P(Pkcs11EcdsaTest, Verify) { Verify(GetParam().sig_params_); }
+class Pkcs11EcdsaSha512Test : public Pkcs11EcdsaTest {
+ protected:
+  SECOidTag hashOID() { return SEC_OID_SHA512; }
+};
 
-TEST_P(Pkcs11EcdsaTest, SignAndVerify) {
-  SignAndVerify(GetParam().sig_params_);
+TEST_F(Pkcs11EcdsaSha256Test, VerifyP256) {
+  SIG_TEST_VECTOR_VERIFY(kP256Spki, kP256Data, kP256Signature)
+}
+TEST_F(Pkcs11EcdsaSha256Test, SignAndVerifyP256) {
+  SIG_TEST_VECTOR_SIGN_VERIFY(kP256Pkcs8, kP256Spki, kP256Data)
 }
 
-static const Pkcs11EcdsaTestParams kEcdsaVectors[] = {
-    {SEC_OID_SHA256,
-     {DataBuffer(kP256Pkcs8, sizeof(kP256Pkcs8)),
-      DataBuffer(kP256Spki, sizeof(kP256Spki)),
-      DataBuffer(kP256Data, sizeof(kP256Data)),
-      DataBuffer(kP256Signature, sizeof(kP256Signature))}},
-    {SEC_OID_SHA384,
-     {DataBuffer(kP384Pkcs8, sizeof(kP384Pkcs8)),
-      DataBuffer(kP384Spki, sizeof(kP384Spki)),
-      DataBuffer(kP384Data, sizeof(kP384Data)),
-      DataBuffer(kP384Signature, sizeof(kP384Signature))}},
-    {SEC_OID_SHA512,
-     {DataBuffer(kP521Pkcs8, sizeof(kP521Pkcs8)),
-      DataBuffer(kP521Spki, sizeof(kP521Spki)),
-      DataBuffer(kP521Data, sizeof(kP521Data)),
-      DataBuffer(kP521Signature, sizeof(kP521Signature))}}};
-
-INSTANTIATE_TEST_CASE_P(EcdsaSignVerify, Pkcs11EcdsaTest,
-                        ::testing::ValuesIn(kEcdsaVectors));
-
-class Pkcs11EcdsaSha256Test : public Pkcs11EcdsaTestBase {
- public:
-  Pkcs11EcdsaSha256Test() : Pkcs11EcdsaTestBase(SEC_OID_SHA256) {}
-};
+TEST_F(Pkcs11EcdsaSha384Test, VerifyP384) {
+  SIG_TEST_VECTOR_VERIFY(kP384Spki, kP384Data, kP384Signature)
+}
+TEST_F(Pkcs11EcdsaSha384Test, SignAndVerifyP384) {
+  SIG_TEST_VECTOR_SIGN_VERIFY(kP384Pkcs8, kP384Spki, kP384Data)
+}
+
+TEST_F(Pkcs11EcdsaSha512Test, VerifyP521) {
+  SIG_TEST_VECTOR_VERIFY(kP521Spki, kP521Data, kP521Signature)
+}
+TEST_F(Pkcs11EcdsaSha512Test, SignAndVerifyP521) {
+  SIG_TEST_VECTOR_SIGN_VERIFY(kP521Pkcs8, kP521Spki, kP521Data)
+}
 
 // Importing a private key in PKCS#8 format must fail when the outer AlgID
 // struct contains neither id-ecPublicKey nor a namedCurve parameter.
 TEST_F(Pkcs11EcdsaSha256Test, ImportNoCurveOIDOrAlgorithmParams) {
-  DataBuffer k(kP256Pkcs8NoCurveOIDOrAlgorithmParams,
-               sizeof(kP256Pkcs8NoCurveOIDOrAlgorithmParams));
-  EXPECT_FALSE(ImportPrivateKey(k));
+  EXPECT_FALSE(ImportPrivateKey(kP256Pkcs8NoCurveOIDOrAlgorithmParams,
+                                sizeof(kP256Pkcs8NoCurveOIDOrAlgorithmParams)));
 };
 
 // Importing a private key in PKCS#8 format must succeed when only the outer
 // AlgID struct contains the namedCurve parameters.
 TEST_F(Pkcs11EcdsaSha256Test, ImportOnlyAlgorithmParams) {
-  DataBuffer k(kP256Pkcs8OnlyAlgorithmParams,
-               sizeof(kP256Pkcs8OnlyAlgorithmParams));
-  DataBuffer data(kP256Data, sizeof(kP256Data));
-  DataBuffer sig;
-  EXPECT_TRUE(ImportPrivateKeyAndSignHashedData(k, data, &sig));
+  EXPECT_TRUE(ImportPrivateKeyAndSignHashedData(
+      kP256Pkcs8OnlyAlgorithmParams, sizeof(kP256Pkcs8OnlyAlgorithmParams),
+      kP256Data, sizeof(kP256Data)));
 };
 
 // Importing a private key in PKCS#8 format must succeed when the outer AlgID
 // struct and the inner ECPrivateKey contain the same namedCurve parameters.
 // The inner curveOID is always ignored, so only the outer one will be used.
 TEST_F(Pkcs11EcdsaSha256Test, ImportMatchingCurveOIDAndAlgorithmParams) {
-  DataBuffer k(kP256Pkcs8MatchingCurveOIDAndAlgorithmParams,
-               sizeof(kP256Pkcs8MatchingCurveOIDAndAlgorithmParams));
-  DataBuffer data(kP256Data, sizeof(kP256Data));
-  DataBuffer sig;
-  EXPECT_TRUE(ImportPrivateKeyAndSignHashedData(k, data, &sig));
+  EXPECT_TRUE(ImportPrivateKeyAndSignHashedData(
+      kP256Pkcs8MatchingCurveOIDAndAlgorithmParams,
+      sizeof(kP256Pkcs8MatchingCurveOIDAndAlgorithmParams), kP256Data,
+      sizeof(kP256Data)));
 };
 
 // Importing a private key in PKCS#8 format must succeed when the outer AlgID
 // struct and the inner ECPrivateKey contain dissimilar namedCurve parameters.
 // The inner curveOID is always ignored, so only the outer one will be used.
 TEST_F(Pkcs11EcdsaSha256Test, ImportDissimilarCurveOIDAndAlgorithmParams) {
-  DataBuffer k(kP256Pkcs8DissimilarCurveOIDAndAlgorithmParams,
-               sizeof(kP256Pkcs8DissimilarCurveOIDAndAlgorithmParams));
-  DataBuffer data(kP256Data, sizeof(kP256Data));
-  DataBuffer sig;
-  EXPECT_TRUE(ImportPrivateKeyAndSignHashedData(k, data, &sig));
+  EXPECT_TRUE(ImportPrivateKeyAndSignHashedData(
+      kP256Pkcs8DissimilarCurveOIDAndAlgorithmParams,
+      sizeof(kP256Pkcs8DissimilarCurveOIDAndAlgorithmParams), kP256Data,
+      sizeof(kP256Data)));
 };
 
 // Importing a private key in PKCS#8 format must fail when the outer ASN.1
 // AlgorithmID struct contains only id-ecPublicKey but no namedCurve parameter.
 TEST_F(Pkcs11EcdsaSha256Test, ImportNoAlgorithmParams) {
-  DataBuffer k(kP256Pkcs8NoAlgorithmParams,
-               sizeof(kP256Pkcs8NoAlgorithmParams));
-  EXPECT_FALSE(ImportPrivateKey(k));
+  EXPECT_FALSE(ImportPrivateKey(kP256Pkcs8NoAlgorithmParams,
+                                sizeof(kP256Pkcs8NoAlgorithmParams)));
 };
 
 // Importing a private key in PKCS#8 format must fail when id-ecPublicKey is
 // given (so we know it's an EC key) but the namedCurve parameter is unknown.
 TEST_F(Pkcs11EcdsaSha256Test, ImportInvalidAlgorithmParams) {
-  DataBuffer k(kP256Pkcs8InvalidAlgorithmParams,
-               sizeof(kP256Pkcs8InvalidAlgorithmParams));
-  EXPECT_FALSE(ImportPrivateKey(k));
+  EXPECT_FALSE(ImportPrivateKey(kP256Pkcs8InvalidAlgorithmParams,
+                                sizeof(kP256Pkcs8InvalidAlgorithmParams)));
 };
 
 // Importing a private key in PKCS#8 format with a point not on the curve will
 // succeed. Using the contained public key however will fail when trying to
 // import it before using it for any operation.
 TEST_F(Pkcs11EcdsaSha256Test, ImportPointNotOnCurve) {
-  DataBuffer k(kP256Pkcs8PointNotOnCurve, sizeof(kP256Pkcs8PointNotOnCurve));
-  ScopedSECKEYPrivateKey privKey(ImportPrivateKey(k));
+  ScopedSECKEYPrivateKey privKey(ImportPrivateKey(
+      kP256Pkcs8PointNotOnCurve, sizeof(kP256Pkcs8PointNotOnCurve)));
   ASSERT_TRUE(privKey);
 
   ScopedSECKEYPublicKey pubKey(SECKEY_ConvertToPublicKey(privKey.get()));
@@ -141,23 +127,23 @@ TEST_F(Pkcs11EcdsaSha256Test, ImportPointNotOnCurve) {
 // Importing a private key in PKCS#8 format must fail when no point is given.
 // PK11 currently offers no APIs to derive raw public keys from private values.
 TEST_F(Pkcs11EcdsaSha256Test, ImportNoPublicKey) {
-  DataBuffer k(kP256Pkcs8NoPublicKey, sizeof(kP256Pkcs8NoPublicKey));
-  EXPECT_FALSE(ImportPrivateKey(k));
+  EXPECT_FALSE(
+      ImportPrivateKey(kP256Pkcs8NoPublicKey, sizeof(kP256Pkcs8NoPublicKey)));
 };
 
 // Importing a public key in SPKI format must fail when id-ecPublicKey is
 // given (so we know it's an EC key) but the namedCurve parameter is missing.
 TEST_F(Pkcs11EcdsaSha256Test, ImportSpkiNoAlgorithmParams) {
-  DataBuffer k(kP256SpkiNoAlgorithmParams, sizeof(kP256SpkiNoAlgorithmParams));
-  EXPECT_FALSE(ImportPublicKey(k));
+  EXPECT_FALSE(ImportPublicKey(kP256SpkiNoAlgorithmParams,
+                               sizeof(kP256SpkiNoAlgorithmParams)));
 }
 
 // Importing a public key in SPKI format with a point not on the curve will
 // succeed. Using the public key however will fail when trying to import
 // it before using it for any operation.
 TEST_F(Pkcs11EcdsaSha256Test, ImportSpkiPointNotOnCurve) {
-  DataBuffer k(kP256SpkiPointNotOnCurve, sizeof(kP256SpkiPointNotOnCurve));
-  ScopedSECKEYPublicKey pubKey(ImportPublicKey(k));
+  ScopedSECKEYPublicKey pubKey(ImportPublicKey(
+      kP256SpkiPointNotOnCurve, sizeof(kP256SpkiPointNotOnCurve)));
   ASSERT_TRUE(pubKey);
 
   ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
diff --git a/security/nss/gtests/pk11_gtest/pk11_encrypt_derive_unittest.cc b/security/nss/gtests/pk11_gtest/pk11_encrypt_derive_unittest.cc
deleted file mode 100644
index aa92756f2..000000000
--- a/security/nss/gtests/pk11_gtest/pk11_encrypt_derive_unittest.cc
+++ /dev/null
@@ -1,210 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this file,
- * You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "pk11pub.h"
-#include "nssutil.h"
-#include <stdio.h>
-#include "prerror.h"
-#include "nss.h"
-#include "gtest/gtest.h"
-#include "scoped_ptrs.h"
-#include "cpputil.h"
-#include "databuffer.h"
-#include "util.h"
-
-#define MAX_KEY_SIZE 24
-
-namespace nss_test {
-
-static const uint8_t kIv[] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
-                              0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
-                              0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77};
-static const uint8_t kInput[] = {
-    0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11, 0x00, 0xff, 0xee, 0xdd, 0xcc,
-    0xbb, 0xaa, 0x99, 0x88, 0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11, 0x00};
-
-class EncryptDeriveTest
-    : public ::testing::Test,
-      public ::testing::WithParamInterface<CK_MECHANISM_TYPE> {
- public:
-  void TestEncryptDerive() {
-    ScopedPK11SymKey derived_key(PK11_Derive(key_.get(), derive_mech(),
-                                             derive_param(), encrypt_mech(),
-                                             CKA_DECRYPT, keysize()));
-    ASSERT_TRUE(derived_key);
-
-    uint8_t derived_key_data[MAX_KEY_SIZE];
-    ASSERT_GE(sizeof(derived_key_data), keysize());
-    GetKeyData(derived_key, derived_key_data, keysize());
-    RemoveChecksum(derived_key_data);
-
-    uint8_t reference_key_data[MAX_KEY_SIZE];
-    unsigned int reference_len = 0;
-    SECStatus rv = PK11_Encrypt(key_.get(), encrypt_mech(), encrypt_param(),
-                                reference_key_data, &reference_len, keysize(),
-                                kInput, keysize());
-    ASSERT_EQ(SECSuccess, rv);
-    ASSERT_EQ(keysize(), static_cast<size_t>(reference_len));
-    RemoveChecksum(reference_key_data);
-
-    EXPECT_EQ(DataBuffer(reference_key_data, keysize()),
-              DataBuffer(derived_key_data, keysize()));
-  }
-
- protected:
-  unsigned int keysize() const { return 16; }
-
- private:
-  CK_MECHANISM_TYPE encrypt_mech() const { return GetParam(); }
-
-  CK_MECHANISM_TYPE derive_mech() const {
-    switch (encrypt_mech()) {
-      case CKM_DES3_ECB:
-        return CKM_DES3_ECB_ENCRYPT_DATA;
-      case CKM_DES3_CBC:
-        return CKM_DES3_CBC_ENCRYPT_DATA;
-      case CKM_AES_ECB:
-        return CKM_AES_ECB_ENCRYPT_DATA;
-      case CKM_AES_CBC:
-        return CKM_AES_CBC_ENCRYPT_DATA;
-      case CKM_CAMELLIA_ECB:
-        return CKM_CAMELLIA_ECB_ENCRYPT_DATA;
-      case CKM_CAMELLIA_CBC:
-        return CKM_CAMELLIA_CBC_ENCRYPT_DATA;
-      case CKM_SEED_ECB:
-        return CKM_SEED_ECB_ENCRYPT_DATA;
-      case CKM_SEED_CBC:
-        return CKM_SEED_CBC_ENCRYPT_DATA;
-      default:
-        ADD_FAILURE() << "Unknown mechanism";
-        break;
-    }
-    return CKM_INVALID_MECHANISM;
-  }
-
-  SECItem* derive_param() const {
-    static CK_AES_CBC_ENCRYPT_DATA_PARAMS aes_data;
-    static CK_DES_CBC_ENCRYPT_DATA_PARAMS des_data;
-    static CK_KEY_DERIVATION_STRING_DATA string_data;
-    static SECItem param = {siBuffer, NULL, 0};
-
-    switch (encrypt_mech()) {
-      case CKM_DES3_ECB:
-      case CKM_AES_ECB:
-      case CKM_CAMELLIA_ECB:
-      case CKM_SEED_ECB:
-        string_data.pData = toUcharPtr(kInput);
-        string_data.ulLen = keysize();
-        param.data = reinterpret_cast<uint8_t*>(&string_data);
-        param.len = sizeof(string_data);
-        break;
-
-      case CKM_DES3_CBC:
-        des_data.pData = toUcharPtr(kInput);
-        des_data.length = keysize();
-        PORT_Memcpy(des_data.iv, kIv, 8);
-        param.data = reinterpret_cast<uint8_t*>(&des_data);
-        param.len = sizeof(des_data);
-        break;
-
-      case CKM_AES_CBC:
-      case CKM_CAMELLIA_CBC:
-      case CKM_SEED_CBC:
-        aes_data.pData = toUcharPtr(kInput);
-        aes_data.length = keysize();
-        PORT_Memcpy(aes_data.iv, kIv, keysize());
-        param.data = reinterpret_cast<uint8_t*>(&aes_data);
-        param.len = sizeof(aes_data);
-        break;
-
-      default:
-        ADD_FAILURE() << "Unknown mechanism";
-        break;
-    }
-    return &param;
-  }
-
-  SECItem* encrypt_param() const {
-    static SECItem param = {siBuffer, NULL, 0};
-
-    switch (encrypt_mech()) {
-      case CKM_DES3_ECB:
-      case CKM_AES_ECB:
-      case CKM_CAMELLIA_ECB:
-      case CKM_SEED_ECB:
-        // No parameter needed here.
-        break;
-
-      case CKM_DES3_CBC:
-      case CKM_AES_CBC:
-      case CKM_CAMELLIA_CBC:
-      case CKM_SEED_CBC:
-        param.data = toUcharPtr(kIv);
-        param.len = keysize();
-        break;
-
-      default:
-        ADD_FAILURE() << "Unknown mechanism";
-        break;
-    }
-    return &param;
-  }
-
-  virtual void SetUp() {
-    slot_.reset(PK11_GetBestSlot(derive_mech(), NULL));
-    ASSERT_TRUE(slot_);
-
-    key_.reset(PK11_TokenKeyGenWithFlags(slot_.get(), encrypt_mech(), NULL,
-                                         keysize(), NULL,
-                                         CKF_ENCRYPT | CKF_DERIVE, 0, NULL));
-    ASSERT_TRUE(key_);
-  }
-
-  void GetKeyData(ScopedPK11SymKey& key, uint8_t* buf, size_t max_len) const {
-    ASSERT_EQ(SECSuccess, PK11_ExtractKeyValue(key.get()));
-    SECItem* data = PK11_GetKeyData(key.get());
-    ASSERT_TRUE(data);
-    ASSERT_EQ(max_len, static_cast<size_t>(data->len));
-    PORT_Memcpy(buf, data->data, data->len);
-  }
-
-  // Remove checksum if the key is a 3DES key.
-  void RemoveChecksum(uint8_t* key_data) const {
-    if (encrypt_mech() != CKM_DES3_CBC && encrypt_mech() != CKM_DES3_ECB) {
-      return;
-    }
-    for (size_t i = 0; i < keysize(); ++i) {
-      key_data[i] &= 0xfe;
-    }
-  }
-
-  ScopedPK11SlotInfo slot_;
-  ScopedPK11SymKey key_;
-};
-
-TEST_P(EncryptDeriveTest, Test) { TestEncryptDerive(); }
-
-static const CK_MECHANISM_TYPE kEncryptDeriveMechanisms[] = {
-    CKM_DES3_ECB,     CKM_DES3_CBC,     CKM_AES_ECB,  CKM_AES_ECB, CKM_AES_CBC,
-    CKM_CAMELLIA_ECB, CKM_CAMELLIA_CBC, CKM_SEED_ECB, CKM_SEED_CBC};
-
-INSTANTIATE_TEST_CASE_P(EncryptDeriveTests, EncryptDeriveTest,
-                        ::testing::ValuesIn(kEncryptDeriveMechanisms));
-
-// This class handles the case where 3DES takes a 192-bit key
-// where all 24 octets will be used.
-class EncryptDerive3Test : public EncryptDeriveTest {
- protected:
-  unsigned int keysize() const { return 24; }
-};
-
-TEST_P(EncryptDerive3Test, Test) { TestEncryptDerive(); }
-
-static const CK_MECHANISM_TYPE kDES3EncryptDeriveMechanisms[] = {CKM_DES3_ECB,
-                                                                 CKM_DES3_CBC};
-
-INSTANTIATE_TEST_CASE_P(Encrypt3DeriveTests, EncryptDerive3Test,
-                        ::testing::ValuesIn(kDES3EncryptDeriveMechanisms));
-
-}  // namespace nss_test
diff --git a/security/nss/gtests/pk11_gtest/pk11_gtest.gyp b/security/nss/gtests/pk11_gtest/pk11_gtest.gyp
index 076b4d37f..c47ff4778 100644
--- a/security/nss/gtests/pk11_gtest/pk11_gtest.gyp
+++ b/security/nss/gtests/pk11_gtest/pk11_gtest.gyp
@@ -16,7 +16,6 @@
         'pk11_chacha20poly1305_unittest.cc',
         'pk11_curve25519_unittest.cc',
         'pk11_ecdsa_unittest.cc',
-        'pk11_encrypt_derive_unittest.cc',
         'pk11_pbkdf2_unittest.cc',
         'pk11_prf_unittest.cc',
         'pk11_prng_unittest.cc',
@@ -27,7 +26,6 @@
       'dependencies': [
         '<(DEPTH)/exports.gyp:nss_exports',
         '<(DEPTH)/lib/util/util.gyp:nssutil3',
-        '<(DEPTH)/cpputil/cpputil.gyp:cpputil',
         '<(DEPTH)/gtests/google_test/google_test.gyp:gtest',
       ],
       'conditions': [
diff --git a/security/nss/gtests/pk11_gtest/pk11_rsapss_unittest.cc b/security/nss/gtests/pk11_gtest/pk11_rsapss_unittest.cc
index 6c8c5ab4e..012bae0e9 100644
--- a/security/nss/gtests/pk11_gtest/pk11_rsapss_unittest.cc
+++ b/security/nss/gtests/pk11_gtest/pk11_rsapss_unittest.cc
@@ -12,14 +12,14 @@
 #include "gtest/gtest.h"
 #include "scoped_ptrs.h"
 
-#include "pk11_signature_test.h"
 #include "pk11_rsapss_vectors.h"
+#include "pk11_signature_test.h"
 
 namespace nss_test {
 
-class Pkcs11RsaPssTest : public Pk11SignatureTest {
+class Pkcs11RsaPssVectorTest : public Pk11SignatureTest {
  public:
-  Pkcs11RsaPssTest() : Pk11SignatureTest(CKM_RSA_PKCS_PSS, SEC_OID_SHA1) {
+  Pkcs11RsaPssVectorTest() {
     rsaPssParams_.hashAlg = CKM_SHA_1;
     rsaPssParams_.mgf = CKG_MGF1_SHA1;
     rsaPssParams_.sLen = HASH_ResultLenByOidTag(SEC_OID_SHA1);
@@ -30,14 +30,16 @@ class Pkcs11RsaPssTest : public Pk11SignatureTest {
   }
 
  protected:
-  const SECItem* parameters() const { return &params_; }
+  CK_MECHANISM_TYPE mechanism() { return CKM_RSA_PKCS_PSS; }
+  SECItem* parameters() { return &params_; }
+  SECOidTag hashOID() { return SEC_OID_SHA1; }
 
  private:
   CK_RSA_PKCS_PSS_PARAMS rsaPssParams_;
   SECItem params_;
 };
 
-TEST_F(Pkcs11RsaPssTest, GenerateAndSignAndVerify) {
+TEST_F(Pkcs11RsaPssVectorTest, GenerateAndSignAndVerify) {
   // Sign data with a 1024-bit RSA key, using PSS/SHA-256.
   SECOidTag hashOid = SEC_OID_SHA256;
   CK_MECHANISM_TYPE hashMech = CKM_SHA256;
@@ -93,56 +95,105 @@ TEST_F(Pkcs11RsaPssTest, GenerateAndSignAndVerify) {
   EXPECT_EQ(rv, SECFailure);
 }
 
-class Pkcs11RsaPssVectorTest
-    : public Pkcs11RsaPssTest,
-      public ::testing::WithParamInterface<Pkcs11SignatureTestParams> {};
+// RSA-PSS test vectors, pss-vect.txt, Example 1.1: A 1024-bit RSA Key Pair
+// <ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip>
+TEST_F(Pkcs11RsaPssVectorTest, VerifyKnownSignature1) {
+  SIG_TEST_VECTOR_VERIFY(kTestVector1Spki, kTestVector1Data, kTestVector1Sig);
+}
+TEST_F(Pkcs11RsaPssVectorTest, SignAndVerify1) {
+  SIG_TEST_VECTOR_SIGN_VERIFY(kTestVector1Pkcs8, kTestVector1Spki,
+                              kTestVector1Data);
+}
 
-TEST_P(Pkcs11RsaPssVectorTest, Verify) { Verify(GetParam()); }
+// RSA-PSS test vectors, pss-vect.txt, Example 2.1: A 1025-bit RSA Key Pair
+// <ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip>
+TEST_F(Pkcs11RsaPssVectorTest, VerifyKnownSignature2) {
+  SIG_TEST_VECTOR_VERIFY(kTestVector2Spki, kTestVector2Data, kTestVector2Sig);
+}
+TEST_F(Pkcs11RsaPssVectorTest, SignAndVerify2) {
+  SIG_TEST_VECTOR_SIGN_VERIFY(kTestVector2Pkcs8, kTestVector2Spki,
+                              kTestVector2Data);
+}
 
-TEST_P(Pkcs11RsaPssVectorTest, SignAndVerify) { SignAndVerify(GetParam()); }
+// RSA-PSS test vectors, pss-vect.txt, Example 3.1: A 1026-bit RSA Key Pair
+// <ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip>
+TEST_F(Pkcs11RsaPssVectorTest, VerifyKnownSignature3) {
+  SIG_TEST_VECTOR_VERIFY(kTestVector3Spki, kTestVector3Data, kTestVector3Sig);
+}
+TEST_F(Pkcs11RsaPssVectorTest, SignAndVerify3) {
+  SIG_TEST_VECTOR_SIGN_VERIFY(kTestVector3Pkcs8, kTestVector3Spki,
+                              kTestVector3Data);
+}
 
-#define VECTOR(pkcs8, spki, data, sig)                                \
-  {                                                                   \
-    DataBuffer(pkcs8, sizeof(pkcs8)), DataBuffer(spki, sizeof(spki)), \
-        DataBuffer(data, sizeof(data)), DataBuffer(sig, sizeof(sig))  \
-  }
-#define VECTOR_N(n)                                                         \
-  VECTOR(kTestVector##n##Pkcs8, kTestVector##n##Spki, kTestVector##n##Data, \
-         kTestVector##n##Sig)
-
-static const Pkcs11SignatureTestParams kRsaPssVectors[] = {
-    // RSA-PSS test vectors, pss-vect.txt, Example 1.1: A 1024-bit RSA Key Pair
-    // <ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip>
-    VECTOR_N(1),
-    // RSA-PSS test vectors, pss-vect.txt, Example 2.1: A 1025-bit RSA Key Pair
-    // <ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip>
-    VECTOR_N(2),
-    // RSA-PSS test vectors, pss-vect.txt, Example 3.1: A 1026-bit RSA Key Pair
-    // <ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip>
-    VECTOR_N(3),
-    // RSA-PSS test vectors, pss-vect.txt, Example 4.1: A 1027-bit RSA Key Pair
-    // <ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip>
-    VECTOR_N(4),
-    // RSA-PSS test vectors, pss-vect.txt, Example 5.1: A 1028-bit RSA Key Pair
-    // <ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip>
-    VECTOR_N(5),
-    // RSA-PSS test vectors, pss-vect.txt, Example 6.1: A 1029-bit RSA Key Pair
-    // <ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip>
-    VECTOR_N(6),
-    // RSA-PSS test vectors, pss-vect.txt, Example 7.1: A 1030-bit RSA Key Pair
-    // <ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip>
-    VECTOR_N(7),
-    // RSA-PSS test vectors, pss-vect.txt, Example 8.1: A 1031-bit RSA Key Pair
-    // <ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip>
-    VECTOR_N(8),
-    // RSA-PSS test vectors, pss-vect.txt, Example 9.1: A 1536-bit RSA Key Pair
-    // <ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip>
-    VECTOR_N(9),
-    // RSA-PSS test vectors, pss-vect.txt, Example 10.1: A 2048-bit RSA Key Pair
-    // <ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip>
-    VECTOR_N(10)};
-
-INSTANTIATE_TEST_CASE_P(RsaPssSignVerify, Pkcs11RsaPssVectorTest,
-                        ::testing::ValuesIn(kRsaPssVectors));
+// RSA-PSS test vectors, pss-vect.txt, Example 4.1: A 1027-bit RSA Key Pair
+// <ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip>
+TEST_F(Pkcs11RsaPssVectorTest, VerifyKnownSignature4) {
+  SIG_TEST_VECTOR_VERIFY(kTestVector4Spki, kTestVector4Data, kTestVector4Sig);
+}
+TEST_F(Pkcs11RsaPssVectorTest, SignAndVerify4) {
+  SIG_TEST_VECTOR_SIGN_VERIFY(kTestVector4Pkcs8, kTestVector4Spki,
+                              kTestVector4Data);
+}
+
+// RSA-PSS test vectors, pss-vect.txt, Example 5.1: A 1028-bit RSA Key Pair
+// <ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip>
+TEST_F(Pkcs11RsaPssVectorTest, VerifyKnownSignature5) {
+  SIG_TEST_VECTOR_VERIFY(kTestVector5Spki, kTestVector5Data, kTestVector5Sig);
+}
+TEST_F(Pkcs11RsaPssVectorTest, SignAndVerify5) {
+  SIG_TEST_VECTOR_SIGN_VERIFY(kTestVector5Pkcs8, kTestVector5Spki,
+                              kTestVector5Data);
+}
+
+// RSA-PSS test vectors, pss-vect.txt, Example 6.1: A 1029-bit RSA Key Pair
+// <ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip>
+TEST_F(Pkcs11RsaPssVectorTest, VerifyKnownSignature6) {
+  SIG_TEST_VECTOR_VERIFY(kTestVector6Spki, kTestVector6Data, kTestVector6Sig);
+}
+TEST_F(Pkcs11RsaPssVectorTest, SignAndVerify6) {
+  SIG_TEST_VECTOR_SIGN_VERIFY(kTestVector6Pkcs8, kTestVector6Spki,
+                              kTestVector6Data);
+}
+
+// RSA-PSS test vectors, pss-vect.txt, Example 7.1: A 1030-bit RSA Key Pair
+// <ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip>
+TEST_F(Pkcs11RsaPssVectorTest, VerifyKnownSignature7) {
+  SIG_TEST_VECTOR_VERIFY(kTestVector7Spki, kTestVector7Data, kTestVector7Sig);
+}
+TEST_F(Pkcs11RsaPssVectorTest, SignAndVerify7) {
+  SIG_TEST_VECTOR_SIGN_VERIFY(kTestVector7Pkcs8, kTestVector7Spki,
+                              kTestVector7Data);
+}
+
+// RSA-PSS test vectors, pss-vect.txt, Example 8.1: A 1031-bit RSA Key Pair
+// <ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip>
+TEST_F(Pkcs11RsaPssVectorTest, VerifyKnownSignature8) {
+  SIG_TEST_VECTOR_VERIFY(kTestVector8Spki, kTestVector8Data, kTestVector8Sig);
+}
+TEST_F(Pkcs11RsaPssVectorTest, SignAndVerify8) {
+  SIG_TEST_VECTOR_SIGN_VERIFY(kTestVector8Pkcs8, kTestVector8Spki,
+                              kTestVector8Data);
+}
+
+// RSA-PSS test vectors, pss-vect.txt, Example 9.1: A 1536-bit RSA Key Pair
+// <ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip>
+TEST_F(Pkcs11RsaPssVectorTest, VerifyKnownSignature9) {
+  SIG_TEST_VECTOR_VERIFY(kTestVector9Spki, kTestVector9Data, kTestVector9Sig);
+}
+TEST_F(Pkcs11RsaPssVectorTest, SignAndVerify9) {
+  SIG_TEST_VECTOR_SIGN_VERIFY(kTestVector9Pkcs8, kTestVector9Spki,
+                              kTestVector9Data);
+}
+
+// RSA-PSS test vectors, pss-vect.txt, Example 10.1: A 2048-bit RSA Key Pair
+// <ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip>
+TEST_F(Pkcs11RsaPssVectorTest, VerifyKnownSignature10) {
+  SIG_TEST_VECTOR_VERIFY(kTestVector10Spki, kTestVector10Data,
+                         kTestVector10Sig);
+}
+TEST_F(Pkcs11RsaPssVectorTest, SignAndVerify10) {
+  SIG_TEST_VECTOR_SIGN_VERIFY(kTestVector10Pkcs8, kTestVector10Spki,
+                              kTestVector10Data);
+}
 
 }  // namespace nss_test
diff --git a/security/nss/gtests/pk11_gtest/pk11_signature_test.h b/security/nss/gtests/pk11_gtest/pk11_signature_test.h
index b14104371..e6a0a9c57 100644
--- a/security/nss/gtests/pk11_gtest/pk11_signature_test.h
+++ b/security/nss/gtests/pk11_gtest/pk11_signature_test.h
@@ -9,37 +9,26 @@
 
 #include "cpputil.h"
 #include "scoped_ptrs.h"
-#include "databuffer.h"
 
 #include "gtest/gtest.h"
 
 namespace nss_test {
 
-// For test vectors.
-struct Pkcs11SignatureTestParams {
-  const DataBuffer pkcs8_;
-  const DataBuffer spki_;
-  const DataBuffer data_;
-  const DataBuffer signature_;
-};
-
 class Pk11SignatureTest : public ::testing::Test {
  protected:
-  Pk11SignatureTest(CK_MECHANISM_TYPE mechanism, SECOidTag hash_oid)
-      : mechanism_(mechanism), hash_oid_(hash_oid) {}
+  virtual CK_MECHANISM_TYPE mechanism() = 0;
+  virtual SECItem* parameters() = 0;
+  virtual SECOidTag hashOID() = 0;
 
-  virtual const SECItem* parameters() const { return nullptr; }
-  CK_MECHANISM_TYPE mechanism() const { return mechanism_; }
-
-  ScopedSECKEYPrivateKey ImportPrivateKey(const DataBuffer& pkcs8) {
+  ScopedSECKEYPrivateKey ImportPrivateKey(const uint8_t* pkcs8,
+                                          size_t pkcs8_len) {
     ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
     if (!slot) {
-      ADD_FAILURE() << "No slot";
       return nullptr;
     }
 
-    SECItem pkcs8Item = {siBuffer, toUcharPtr(pkcs8.data()),
-                         static_cast<unsigned int>(pkcs8.len())};
+    SECItem pkcs8Item = {siBuffer, toUcharPtr(pkcs8),
+                         static_cast<unsigned int>(pkcs8_len)};
 
     SECKEYPrivateKey* key = nullptr;
     SECStatus rv = PK11_ImportDERPrivateKeyInfoAndReturnKey(
@@ -53,9 +42,9 @@ class Pk11SignatureTest : public ::testing::Test {
     return ScopedSECKEYPrivateKey(key);
   }
 
-  ScopedSECKEYPublicKey ImportPublicKey(const DataBuffer& spki) {
-    SECItem spkiItem = {siBuffer, toUcharPtr(spki.data()),
-                        static_cast<unsigned int>(spki.len())};
+  ScopedSECKEYPublicKey ImportPublicKey(const uint8_t* spki, size_t spki_len) {
+    SECItem spkiItem = {siBuffer, toUcharPtr(spki),
+                        static_cast<unsigned int>(spki_len)};
 
     ScopedCERTSubjectPublicKeyInfo certSpki(
         SECKEY_DecodeDERSubjectPublicKeyInfo(&spkiItem));
@@ -63,74 +52,87 @@ class Pk11SignatureTest : public ::testing::Test {
     return ScopedSECKEYPublicKey(SECKEY_ExtractPublicKey(certSpki.get()));
   }
 
-  bool ComputeHash(const DataBuffer& data, DataBuffer* hash) {
-    hash->Allocate(static_cast<size_t>(HASH_ResultLenByOidTag(hash_oid_)));
-    SECStatus rv =
-        PK11_HashBuf(hash_oid_, hash->data(), data.data(), data.len());
-    return rv == SECSuccess;
+  ScopedSECItem ComputeHash(const uint8_t* data, size_t len) {
+    unsigned int hLen = HASH_ResultLenByOidTag(hashOID());
+    ScopedSECItem hash(SECITEM_AllocItem(nullptr, nullptr, hLen));
+    if (!hash) {
+      return nullptr;
+    }
+
+    SECStatus rv = PK11_HashBuf(hashOID(), hash->data, data, len);
+    if (rv != SECSuccess) {
+      return nullptr;
+    }
+
+    return hash;
   }
 
-  bool SignHashedData(ScopedSECKEYPrivateKey& privKey, const DataBuffer& hash,
-                      DataBuffer* sig) {
-    SECItem hashItem = {siBuffer, toUcharPtr(hash.data()),
-                        static_cast<unsigned int>(hash.len())};
-    int sigLen = PK11_SignatureLen(privKey.get());
-    EXPECT_LT(0, sigLen);
-    sig->Allocate(static_cast<size_t>(sigLen));
-    SECItem sigItem = {siBuffer, toUcharPtr(sig->data()),
-                       static_cast<unsigned int>(sig->len())};
-    SECStatus rv = PK11_SignWithMechanism(privKey.get(), mechanism_,
-                                          parameters(), &sigItem, &hashItem);
-    return rv == SECSuccess;
+  ScopedSECItem SignHashedData(ScopedSECKEYPrivateKey& privKey,
+                               ScopedSECItem& hash) {
+    unsigned int sLen = PK11_SignatureLen(privKey.get());
+    ScopedSECItem sig(SECITEM_AllocItem(nullptr, nullptr, sLen));
+    if (!sig) {
+      return nullptr;
+    }
+
+    SECStatus rv = PK11_SignWithMechanism(privKey.get(), mechanism(),
+                                          parameters(), sig.get(), hash.get());
+    if (rv != SECSuccess) {
+      return nullptr;
+    }
+
+    return sig;
   }
 
-  bool ImportPrivateKeyAndSignHashedData(const DataBuffer& pkcs8,
-                                         const DataBuffer& data,
-                                         DataBuffer* sig) {
-    ScopedSECKEYPrivateKey privKey(ImportPrivateKey(pkcs8));
+  ScopedSECItem ImportPrivateKeyAndSignHashedData(const uint8_t* pkcs8,
+                                                  size_t pkcs8_len,
+                                                  const uint8_t* data,
+                                                  size_t data_len) {
+    ScopedSECKEYPrivateKey privKey(ImportPrivateKey(pkcs8, pkcs8_len));
     if (!privKey) {
-      return false;
+      return nullptr;
     }
 
-    DataBuffer hash;
-    if (!ComputeHash(data, &hash)) {
-      ADD_FAILURE() << "Failed to compute hash";
-      return false;
+    ScopedSECItem hash(ComputeHash(data, data_len));
+    if (!hash) {
+      return nullptr;
     }
-    return SignHashedData(privKey, hash, sig);
+
+    return ScopedSECItem(SignHashedData(privKey, hash));
   }
 
-  void Verify(const Pkcs11SignatureTestParams& params, const DataBuffer& sig) {
-    ScopedSECKEYPublicKey pubKey(ImportPublicKey(params.spki_));
+  void Verify(const uint8_t* spki, size_t spki_len, const uint8_t* data,
+              size_t data_len, const uint8_t* sig, size_t sig_len) {
+    ScopedSECKEYPublicKey pubKey(ImportPublicKey(spki, spki_len));
     ASSERT_TRUE(pubKey);
 
-    DataBuffer hash;
-    ASSERT_TRUE(ComputeHash(params.data_, &hash));
+    ScopedSECItem hash(ComputeHash(data, data_len));
+    ASSERT_TRUE(hash);
+
+    SECItem sigItem = {siBuffer, toUcharPtr(sig),
+                       static_cast<unsigned int>(sig_len)};
 
     // Verify.
-    SECItem hashItem = {siBuffer, toUcharPtr(hash.data()),
-                        static_cast<unsigned int>(hash.len())};
-    SECItem sigItem = {siBuffer, toUcharPtr(sig.data()),
-                       static_cast<unsigned int>(sig.len())};
     SECStatus rv = PK11_VerifyWithMechanism(
-        pubKey.get(), mechanism_, parameters(), &sigItem, &hashItem, nullptr);
+        pubKey.get(), mechanism(), parameters(), &sigItem, hash.get(), nullptr);
     EXPECT_EQ(rv, SECSuccess);
   }
 
-  void Verify(const Pkcs11SignatureTestParams& params) {
-    Verify(params, params.signature_);
-  }
+  void SignAndVerify(const uint8_t* pkcs8, size_t pkcs8_len,
+                     const uint8_t* spki, size_t spki_len, const uint8_t* data,
+                     size_t data_len) {
+    ScopedSECItem sig(
+        ImportPrivateKeyAndSignHashedData(pkcs8, pkcs8_len, data, data_len));
+    ASSERT_TRUE(sig);
 
-  void SignAndVerify(const Pkcs11SignatureTestParams& params) {
-    DataBuffer sig;
-    ASSERT_TRUE(
-        ImportPrivateKeyAndSignHashedData(params.pkcs8_, params.data_, &sig));
-    Verify(params, sig);
+    Verify(spki, spki_len, data, data_len, sig->data, sig->len);
   }
-
- private:
-  CK_MECHANISM_TYPE mechanism_;
-  SECOidTag hash_oid_;
 };
 
+#define SIG_TEST_VECTOR_VERIFY(spki, data, sig) \
+  Verify(spki, sizeof(spki), data, sizeof(data), sig, sizeof(sig));
+
+#define SIG_TEST_VECTOR_SIGN_VERIFY(pkcs8, spki, data) \
+  SignAndVerify(pkcs8, sizeof(pkcs8), spki, sizeof(spki), data, sizeof(data));
+
 }  // namespace nss_test
diff --git a/security/nss/gtests/softoken_gtest/Makefile b/security/nss/gtests/softoken_gtest/Makefile
deleted file mode 100644
index 996669782..000000000
--- a/security/nss/gtests/softoken_gtest/Makefile
+++ /dev/null
@@ -1,45 +0,0 @@
-#! gmake
-#
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY).   #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL)          #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL)       #
-#######################################################################
-
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
-#######################################################################
-
-include ../common/gtest.mk
-
-CFLAGS += -I$(CORE_DEPTH)/lib/util
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL)                              #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL)                           #
-#######################################################################
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL).                              #
-#######################################################################
diff --git a/security/nss/gtests/softoken_gtest/manifest.mn b/security/nss/gtests/softoken_gtest/manifest.mn
deleted file mode 100644
index 4b34c099f..000000000
--- a/security/nss/gtests/softoken_gtest/manifest.mn
+++ /dev/null
@@ -1,25 +0,0 @@
-# -*- makefile -*-
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-CORE_DEPTH = ../..
-DEPTH      = ../..
-MODULE = nss
-
-CPPSRCS = \
-	softoken_gtest.cc \
-	$(NULL)
-
-INCLUDES += \
-	-I$(CORE_DEPTH)/gtests/google_test/gtest/include \
-	-I$(CORE_DEPTH)/cpputil \
-	$(NULL)
-
-REQUIRES = nspr gtest
-
-PROGRAM = softoken_gtest
-
-EXTRA_LIBS = \
-	$(DIST)/lib/$(LIB_PREFIX)gtest.$(LIB_SUFFIX) \
-	$(DIST)/lib/$(LIB_PREFIX)gtestutil.$(LIB_SUFFIX) \
-	$(NULL)
diff --git a/security/nss/gtests/softoken_gtest/softoken_gtest.cc b/security/nss/gtests/softoken_gtest/softoken_gtest.cc
deleted file mode 100644
index d61e2e75f..000000000
--- a/security/nss/gtests/softoken_gtest/softoken_gtest.cc
+++ /dev/null
@@ -1,360 +0,0 @@
-#include <cstdlib>
-#if defined(_WIN32)
-#include <windows.h>
-#include <codecvt>
-#endif
-
-#include "cert.h"
-#include "certdb.h"
-#include "nspr.h"
-#include "nss.h"
-#include "pk11pub.h"
-#include "secerr.h"
-
-#include "scoped_ptrs.h"
-
-#define GTEST_HAS_RTTI 0
-#include "gtest/gtest.h"
-
-namespace nss_test {
-
-// Given a prefix, attempts to create a unique directory that the user can do
-// work in without impacting other tests. For example, if given the prefix
-// "scratch", a directory like "scratch05c17b25" will be created in the current
-// working directory (or the location specified by NSS_GTEST_WORKDIR, if
-// defined).
-// Upon destruction, the implementation will attempt to delete the directory.
-// However, no attempt is made to first remove files in the directory - the
-// user is responsible for this. If the directory is not empty, deleting it will
-// fail.
-// Statistically, it is technically possible to fail to create a unique
-// directory name, but this is extremely unlikely given the expected workload of
-// this implementation.
-class ScopedUniqueDirectory {
- public:
-  explicit ScopedUniqueDirectory(const std::string &prefix);
-
-  // NB: the directory must be empty upon destruction
-  ~ScopedUniqueDirectory() { assert(rmdir(mPath.c_str()) == 0); }
-
-  const std::string &GetPath() { return mPath; }
-  const std::string &GetUTF8Path() { return mUTF8Path; }
-
- private:
-  static const int RETRY_LIMIT = 5;
-  static void GenerateRandomName(/*in/out*/ std::string &prefix);
-  static bool TryMakingDirectory(/*in/out*/ std::string &prefix);
-
-  std::string mPath;
-  std::string mUTF8Path;
-};
-
-ScopedUniqueDirectory::ScopedUniqueDirectory(const std::string &prefix) {
-  std::string path;
-  const char *workingDirectory = PR_GetEnvSecure("NSS_GTEST_WORKDIR");
-  if (workingDirectory) {
-    path.assign(workingDirectory);
-  }
-  path.append(prefix);
-  for (int i = 0; i < RETRY_LIMIT; i++) {
-    std::string pathCopy(path);
-    // TryMakingDirectory will modify its input. If it fails, we want to throw
-    // away the modified result.
-    if (TryMakingDirectory(pathCopy)) {
-      mPath.assign(pathCopy);
-      break;
-    }
-  }
-  assert(mPath.length() > 0);
-#if defined(_WIN32)
-  // sqldb always uses UTF-8 regardless of the current system locale.
-  DWORD len =
-      MultiByteToWideChar(CP_ACP, 0, mPath.data(), mPath.size(), nullptr, 0);
-  std::vector<wchar_t> buf(len, L'\0');
-  MultiByteToWideChar(CP_ACP, 0, mPath.data(), mPath.size(), buf.data(),
-                      buf.size());
-  std::wstring_convert<std::codecvt_utf8_utf16<wchar_t>> converter;
-  mUTF8Path = converter.to_bytes(std::wstring(buf.begin(), buf.end()));
-#else
-  mUTF8Path = mPath;
-#endif
-}
-
-void ScopedUniqueDirectory::GenerateRandomName(std::string &prefix) {
-  std::stringstream ss;
-  ss << prefix;
-  // RAND_MAX is at least 32767.
-  ss << std::setfill('0') << std::setw(4) << std::hex << rand() << rand();
-  // This will overwrite the value of prefix. This is a little inefficient, but
-  // at least it makes the code simple.
-  ss >> prefix;
-}
-
-bool ScopedUniqueDirectory::TryMakingDirectory(std::string &prefix) {
-  GenerateRandomName(prefix);
-#if defined(_WIN32)
-  return _mkdir(prefix.c_str()) == 0;
-#else
-  return mkdir(prefix.c_str(), 0777) == 0;
-#endif
-}
-
-class SoftokenTest : public ::testing::Test {
- protected:
-  SoftokenTest() : mNSSDBDir("SoftokenTest.d-") {}
-  SoftokenTest(const std::string &prefix) : mNSSDBDir(prefix) {}
-
-  virtual void SetUp() {
-    std::string nssInitArg("sql:");
-    nssInitArg.append(mNSSDBDir.GetUTF8Path());
-    ASSERT_EQ(SECSuccess, NSS_Initialize(nssInitArg.c_str(), "", "", SECMOD_DB,
-                                         NSS_INIT_NOROOTINIT));
-  }
-
-  virtual void TearDown() {
-    ASSERT_EQ(SECSuccess, NSS_Shutdown());
-    const std::string &nssDBDirPath = mNSSDBDir.GetPath();
-    ASSERT_EQ(0, unlink((nssDBDirPath + "/cert9.db").c_str()));
-    ASSERT_EQ(0, unlink((nssDBDirPath + "/key4.db").c_str()));
-    ASSERT_EQ(0, unlink((nssDBDirPath + "/pkcs11.txt").c_str()));
-  }
-
-  ScopedUniqueDirectory mNSSDBDir;
-};
-
-TEST_F(SoftokenTest, ResetSoftokenEmptyPassword) {
-  ScopedPK11SlotInfo slot(PK11_GetInternalKeySlot());
-  ASSERT_TRUE(slot);
-  EXPECT_EQ(SECSuccess, PK11_InitPin(slot.get(), nullptr, nullptr));
-  EXPECT_EQ(SECSuccess, PK11_ResetToken(slot.get(), nullptr));
-  EXPECT_EQ(SECSuccess, PK11_InitPin(slot.get(), nullptr, nullptr));
-}
-
-TEST_F(SoftokenTest, ResetSoftokenNonEmptyPassword) {
-  ScopedPK11SlotInfo slot(PK11_GetInternalKeySlot());
-  ASSERT_TRUE(slot);
-  EXPECT_EQ(SECSuccess, PK11_InitPin(slot.get(), nullptr, "password"));
-  EXPECT_EQ(SECSuccess, PK11_ResetToken(slot.get(), nullptr));
-  EXPECT_EQ(SECSuccess, PK11_InitPin(slot.get(), nullptr, "password2"));
-}
-
-// Test certificate to use in the CreateObject tests.
-static const CK_OBJECT_CLASS cko_nss_trust = CKO_NSS_TRUST;
-static const CK_BBOOL ck_false = CK_FALSE;
-static const CK_BBOOL ck_true = CK_TRUE;
-static const CK_TRUST ckt_nss_must_verify_trust = CKT_NSS_MUST_VERIFY_TRUST;
-static const CK_TRUST ckt_nss_trusted_delegator = CKT_NSS_TRUSTED_DELEGATOR;
-static const CK_ATTRIBUTE attributes[] = {
-    {CKA_CLASS, (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS)},
-    {CKA_TOKEN, (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL)},
-    {CKA_PRIVATE, (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL)},
-    {CKA_MODIFIABLE, (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL)},
-    {CKA_LABEL,
-     (void *)"Symantec Class 2 Public Primary Certification Authority - G4",
-     (PRUint32)61},
-    {CKA_CERT_SHA1_HASH,
-     (void *)"\147\044\220\056\110\001\260\042\226\100\020\106\264\261\147\054"
-             "\251\165\375\053",
-     (PRUint32)20},
-    {CKA_CERT_MD5_HASH,
-     (void *)"\160\325\060\361\332\224\227\324\327\164\337\276\355\150\336\226",
-     (PRUint32)16},
-    {CKA_ISSUER,
-     (void *)"\060\201\224\061\013\060\011\006\003\125\004\006\023\002\125\123"
-             "\061\035\060\033\006\003\125\004\012\023\024\123\171\155\141\156"
-             "\164\145\143\040\103\157\162\160\157\162\141\164\151\157\156\061"
-             "\037\060\035\006\003\125\004\013\023\026\123\171\155\141\156\164"
-             "\145\143\040\124\162\165\163\164\040\116\145\164\167\157\162\153"
-             "\061\105\060\103\006\003\125\004\003\023\074\123\171\155\141\156"
-             "\164\145\143\040\103\154\141\163\163\040\062\040\120\165\142\154"
-             "\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151"
-             "\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151"
-             "\164\171\040\055\040\107\064",
-     (PRUint32)151},
-    {CKA_SERIAL_NUMBER,
-     (void *)"\002\020\064\027\145\022\100\073\267\126\200\055\200\313\171\125"
-             "\246\036",
-     (PRUint32)18},
-    {CKA_TRUST_SERVER_AUTH, (void *)&ckt_nss_must_verify_trust,
-     (PRUint32)sizeof(CK_TRUST)},
-    {CKA_TRUST_EMAIL_PROTECTION, (void *)&ckt_nss_trusted_delegator,
-     (PRUint32)sizeof(CK_TRUST)},
-    {CKA_TRUST_CODE_SIGNING, (void *)&ckt_nss_must_verify_trust,
-     (PRUint32)sizeof(CK_TRUST)},
-    {CKA_TRUST_STEP_UP_APPROVED, (void *)&ck_false,
-     (PRUint32)sizeof(CK_BBOOL)}};
-
-TEST_F(SoftokenTest, CreateObjectNonEmptyPassword) {
-  ScopedPK11SlotInfo slot(PK11_GetInternalKeySlot());
-  ASSERT_TRUE(slot);
-  EXPECT_EQ(SECSuccess, PK11_InitPin(slot.get(), nullptr, "password"));
-  EXPECT_EQ(SECSuccess, PK11_Logout(slot.get()));
-  ScopedPK11GenericObject obj(PK11_CreateGenericObject(
-      slot.get(), attributes, PR_ARRAY_SIZE(attributes), true));
-  EXPECT_EQ(nullptr, obj);
-}
-
-TEST_F(SoftokenTest, CreateObjectChangePassword) {
-  ScopedPK11SlotInfo slot(PK11_GetInternalKeySlot());
-  ASSERT_TRUE(slot);
-  EXPECT_EQ(SECSuccess, PK11_InitPin(slot.get(), nullptr, nullptr));
-  EXPECT_EQ(SECSuccess, PK11_ChangePW(slot.get(), "", "password"));
-  EXPECT_EQ(SECSuccess, PK11_Logout(slot.get()));
-  ScopedPK11GenericObject obj(PK11_CreateGenericObject(
-      slot.get(), attributes, PR_ARRAY_SIZE(attributes), true));
-  EXPECT_EQ(nullptr, obj);
-}
-
-TEST_F(SoftokenTest, CreateObjectChangeToEmptyPassword) {
-  ScopedPK11SlotInfo slot(PK11_GetInternalKeySlot());
-  ASSERT_TRUE(slot);
-  EXPECT_EQ(SECSuccess, PK11_InitPin(slot.get(), nullptr, "password"));
-  EXPECT_EQ(SECSuccess, PK11_ChangePW(slot.get(), "password", ""));
-  // PK11_Logout returnes an error and SEC_ERROR_TOKEN_NOT_LOGGED_IN if the user
-  // is not "logged in".
-  EXPECT_EQ(SECFailure, PK11_Logout(slot.get()));
-  EXPECT_EQ(SEC_ERROR_TOKEN_NOT_LOGGED_IN, PORT_GetError());
-  ScopedPK11GenericObject obj(PK11_CreateGenericObject(
-      slot.get(), attributes, PR_ARRAY_SIZE(attributes), true));
-  // Because there's no password we can't logout and the operation should have
-  // succeeded.
-  EXPECT_NE(nullptr, obj);
-}
-
-class SoftokenNonAsciiTest : public SoftokenTest {
- protected:
-  SoftokenNonAsciiTest() : SoftokenTest("SoftokenTest.\xF7-") {}
-};
-
-TEST_F(SoftokenNonAsciiTest, NonAsciiPathWorking) {
-  ScopedPK11SlotInfo slot(PK11_GetInternalKeySlot());
-  ASSERT_TRUE(slot);
-  EXPECT_EQ(SECSuccess, PK11_InitPin(slot.get(), nullptr, nullptr));
-  EXPECT_EQ(SECSuccess, PK11_ResetToken(slot.get(), nullptr));
-  EXPECT_EQ(SECSuccess, PK11_InitPin(slot.get(), nullptr, nullptr));
-}
-
-// This is just any X509 certificate. Its contents don't matter.
-static unsigned char certDER[] = {
-    0x30, 0x82, 0x01, 0xEF, 0x30, 0x82, 0x01, 0x94, 0xA0, 0x03, 0x02, 0x01,
-    0x02, 0x02, 0x14, 0x49, 0xC4, 0xC4, 0x4A, 0xB6, 0x86, 0x07, 0xA3, 0x06,
-    0xDC, 0x4D, 0xC8, 0xC3, 0xFE, 0xC7, 0x21, 0x3A, 0x2D, 0xE4, 0xDA, 0x30,
-    0x0B, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B,
-    0x30, 0x0F, 0x31, 0x0D, 0x30, 0x0B, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C,
-    0x04, 0x74, 0x65, 0x73, 0x74, 0x30, 0x22, 0x18, 0x0F, 0x32, 0x30, 0x31,
-    0x35, 0x31, 0x31, 0x32, 0x38, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5A,
-    0x18, 0x0F, 0x32, 0x30, 0x31, 0x38, 0x30, 0x32, 0x30, 0x35, 0x30, 0x30,
-    0x30, 0x30, 0x30, 0x30, 0x5A, 0x30, 0x0F, 0x31, 0x0D, 0x30, 0x0B, 0x06,
-    0x03, 0x55, 0x04, 0x03, 0x0C, 0x04, 0x74, 0x65, 0x73, 0x74, 0x30, 0x82,
-    0x01, 0x22, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
-    0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0F, 0x00, 0x30, 0x82,
-    0x01, 0x0A, 0x02, 0x82, 0x01, 0x01, 0x00, 0xBA, 0x88, 0x51, 0xA8, 0x44,
-    0x8E, 0x16, 0xD6, 0x41, 0xFD, 0x6E, 0xB6, 0x88, 0x06, 0x36, 0x10, 0x3D,
-    0x3C, 0x13, 0xD9, 0xEA, 0xE4, 0x35, 0x4A, 0xB4, 0xEC, 0xF5, 0x68, 0x57,
-    0x6C, 0x24, 0x7B, 0xC1, 0xC7, 0x25, 0xA8, 0xE0, 0xD8, 0x1F, 0xBD, 0xB1,
-    0x9C, 0x06, 0x9B, 0x6E, 0x1A, 0x86, 0xF2, 0x6B, 0xE2, 0xAF, 0x5A, 0x75,
-    0x6B, 0x6A, 0x64, 0x71, 0x08, 0x7A, 0xA5, 0x5A, 0xA7, 0x45, 0x87, 0xF7,
-    0x1C, 0xD5, 0x24, 0x9C, 0x02, 0x7E, 0xCD, 0x43, 0xFC, 0x1E, 0x69, 0xD0,
-    0x38, 0x20, 0x29, 0x93, 0xAB, 0x20, 0xC3, 0x49, 0xE4, 0xDB, 0xB9, 0x4C,
-    0xC2, 0x6B, 0x6C, 0x0E, 0xED, 0x15, 0x82, 0x0F, 0xF1, 0x7E, 0xAD, 0x69,
-    0x1A, 0xB1, 0xD3, 0x02, 0x3A, 0x8B, 0x2A, 0x41, 0xEE, 0xA7, 0x70, 0xE0,
-    0x0F, 0x0D, 0x8D, 0xFD, 0x66, 0x0B, 0x2B, 0xB0, 0x24, 0x92, 0xA4, 0x7D,
-    0xB9, 0x88, 0x61, 0x79, 0x90, 0xB1, 0x57, 0x90, 0x3D, 0xD2, 0x3B, 0xC5,
-    0xE0, 0xB8, 0x48, 0x1F, 0xA8, 0x37, 0xD3, 0x88, 0x43, 0xEF, 0x27, 0x16,
-    0xD8, 0x55, 0xB7, 0x66, 0x5A, 0xAA, 0x7E, 0x02, 0x90, 0x2F, 0x3A, 0x7B,
-    0x10, 0x80, 0x06, 0x24, 0xCC, 0x1C, 0x6C, 0x97, 0xAD, 0x96, 0x61, 0x5B,
-    0xB7, 0xE2, 0x96, 0x12, 0xC0, 0x75, 0x31, 0xA3, 0x0C, 0x91, 0xDD, 0xB4,
-    0xCA, 0xF7, 0xFC, 0xAD, 0x1D, 0x25, 0xD3, 0x09, 0xEF, 0xB9, 0x17, 0x0E,
-    0xA7, 0x68, 0xE1, 0xB3, 0x7B, 0x2F, 0x22, 0x6F, 0x69, 0xE3, 0xB4, 0x8A,
-    0x95, 0x61, 0x1D, 0xEE, 0x26, 0xD6, 0x25, 0x9D, 0xAB, 0x91, 0x08, 0x4E,
-    0x36, 0xCB, 0x1C, 0x24, 0x04, 0x2C, 0xBF, 0x16, 0x8B, 0x2F, 0xE5, 0xF1,
-    0x8F, 0x99, 0x17, 0x31, 0xB8, 0xB3, 0xFE, 0x49, 0x23, 0xFA, 0x72, 0x51,
-    0xC4, 0x31, 0xD5, 0x03, 0xAC, 0xDA, 0x18, 0x0A, 0x35, 0xED, 0x8D, 0x02,
-    0x03, 0x01, 0x00, 0x01, 0x30, 0x0B, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86,
-    0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x03, 0x48, 0x00, 0x30, 0x45, 0x02, 0x20,
-    0x5C, 0x75, 0x51, 0x9F, 0x13, 0x11, 0x50, 0xCD, 0x5D, 0x8A, 0xDE, 0x20,
-    0xA3, 0xBC, 0x06, 0x30, 0x91, 0xFF, 0xB2, 0x73, 0x75, 0x5F, 0x31, 0x64,
-    0xEC, 0xFD, 0xCB, 0x42, 0x80, 0x0A, 0x70, 0xE6, 0x02, 0x21, 0x00, 0x82,
-    0x12, 0xF7, 0xE5, 0xEA, 0x40, 0x27, 0xFD, 0xF7, 0xC0, 0x0E, 0x25, 0xF3,
-    0x3E, 0x34, 0x95, 0x80, 0xB9, 0xA3, 0x38, 0xE0, 0x56, 0x68, 0xDA, 0xE5,
-    0xC1, 0xF5, 0x37, 0xC7, 0xB5, 0xCE, 0x0D};
-
-struct PasswordPair {
-  const char *mInitialPassword;
-  const char *mSecondPassword;
-};
-
-class SoftokenPasswordChangeTest
-    : public SoftokenTest,
-      public ::testing::WithParamInterface<PasswordPair> {};
-
-TEST_P(SoftokenPasswordChangeTest, KeepTrustAfterPasswordChange) {
-  const PasswordPair &passwords = GetParam();
-  ScopedPK11SlotInfo slot(PK11_GetInternalKeySlot());
-  ASSERT_TRUE(slot);
-  // Set a password.
-  EXPECT_EQ(SECSuccess,
-            PK11_InitPin(slot.get(), nullptr, passwords.mInitialPassword));
-  SECItem certDERItem = {siBuffer, certDER, sizeof(certDER)};
-  // Import a certificate.
-  ScopedCERTCertificate cert(CERT_NewTempCertificate(
-      CERT_GetDefaultCertDB(), &certDERItem, nullptr, true, true));
-  EXPECT_TRUE(cert);
-  SECStatus result =
-      PK11_ImportCert(slot.get(), cert.get(), CK_INVALID_HANDLE, "test", false);
-  EXPECT_EQ(SECSuccess, result);
-  // Set a trust value.
-  CERTCertTrust trust = {CERTDB_TRUSTED_CLIENT_CA | CERTDB_NS_TRUSTED_CA |
-                             CERTDB_TRUSTED_CA | CERTDB_VALID_CA,
-                         0, 0};
-  result = CERT_ChangeCertTrust(nullptr, cert.get(), &trust);
-  EXPECT_EQ(SECSuccess, result);
-  // Release the certificate to ensure we get it from the DB rather than an
-  // in-memory cache, below.
-  cert = nullptr;
-  // Change the password.
-  result = PK11_ChangePW(slot.get(), passwords.mInitialPassword,
-                         passwords.mSecondPassword);
-  EXPECT_EQ(SECSuccess, result);
-  // Look up the certificate again.
-  ScopedCERTCertificate newCert(
-      PK11_FindCertFromDERCertItem(slot.get(), &certDERItem, nullptr));
-  EXPECT_TRUE(newCert.get());
-  // The trust should be the same as before.
-  CERTCertTrust newTrust = {0, 0, 0};
-  result = CERT_GetCertTrust(newCert.get(), &newTrust);
-  EXPECT_EQ(SECSuccess, result);
-  EXPECT_EQ(trust.sslFlags, newTrust.sslFlags);
-  EXPECT_EQ(trust.emailFlags, newTrust.emailFlags);
-  EXPECT_EQ(trust.objectSigningFlags, newTrust.objectSigningFlags);
-}
-
-static const PasswordPair PASSWORD_CHANGE_TESTS[] = {
-    {"password", ""},           // non-empty to empty password
-    {"", "password"},           // empty to non-empty password
-    {"password", "password2"},  // non-empty to non-empty password
-};
-
-INSTANTIATE_TEST_CASE_P(SoftokenPasswordChangeTests, SoftokenPasswordChangeTest,
-                        ::testing::ValuesIn(PASSWORD_CHANGE_TESTS));
-
-class SoftokenNoDBTest : public ::testing::Test {};
-
-TEST_F(SoftokenNoDBTest, NeedUserInitNoDB) {
-  ASSERT_EQ(SECSuccess, NSS_NoDB_Init("."));
-  ScopedPK11SlotInfo slot(PK11_GetInternalKeySlot());
-  ASSERT_TRUE(slot);
-  EXPECT_EQ(PR_FALSE, PK11_NeedUserInit(slot.get()));
-
-  // When shutting down in here we have to release the slot first.
-  slot = nullptr;
-  ASSERT_EQ(SECSuccess, NSS_Shutdown());
-}
-
-}  // namespace nss_test
-
-int main(int argc, char **argv) {
-  ::testing::InitGoogleTest(&argc, argv);
-
-  return RUN_ALL_TESTS();
-}
diff --git a/security/nss/gtests/softoken_gtest/softoken_gtest.gyp b/security/nss/gtests/softoken_gtest/softoken_gtest.gyp
deleted file mode 100644
index cff0ea414..000000000
--- a/security/nss/gtests/softoken_gtest/softoken_gtest.gyp
+++ /dev/null
@@ -1,51 +0,0 @@
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-{
-  'includes': [
-    '../../coreconf/config.gypi',
-    '../common/gtest.gypi',
-  ],
-  'targets': [
-    {
-      'target_name': 'softoken_gtest',
-      'type': 'executable',
-      'sources': [
-        'softoken_gtest.cc',
-      ],
-      'dependencies': [
-        '<(DEPTH)/exports.gyp:nss_exports',
-        '<(DEPTH)/lib/util/util.gyp:nssutil3',
-        '<(DEPTH)/gtests/google_test/google_test.gyp:gtest',
-      ],
-      'conditions': [
-        [ 'test_build==1', {
-          'dependencies': [
-            '<(DEPTH)/lib/nss/nss.gyp:nss_static',
-            '<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap_static',
-            '<(DEPTH)/lib/cryptohi/cryptohi.gyp:cryptohi',
-            '<(DEPTH)/lib/certhigh/certhigh.gyp:certhi',
-            '<(DEPTH)/lib/certdb/certdb.gyp:certdb',
-            '<(DEPTH)/lib/base/base.gyp:nssb',
-            '<(DEPTH)/lib/dev/dev.gyp:nssdev',
-            '<(DEPTH)/lib/pki/pki.gyp:nsspki',
-            '<(DEPTH)/lib/ssl/ssl.gyp:ssl',
-          ],
-        }, {
-          'dependencies': [
-            '<(DEPTH)/lib/nss/nss.gyp:nss3',
-            '<(DEPTH)/lib/ssl/ssl.gyp:ssl3',
-          ],
-        }],
-      ],
-    }
-  ],
-  'target_defaults': {
-    'include_dirs': [
-      '../../lib/util'
-    ]
-  },
-  'variables': {
-    'module': 'nss'
-  }
-}
diff --git a/security/nss/gtests/ssl_gtest/Makefile b/security/nss/gtests/ssl_gtest/Makefile
index 95c111aeb..a9a9290e0 100644
--- a/security/nss/gtests/ssl_gtest/Makefile
+++ b/security/nss/gtests/ssl_gtest/Makefile
@@ -29,6 +29,10 @@ include ../common/gtest.mk
 
 CFLAGS += -I$(CORE_DEPTH)/lib/ssl
 
+ifdef NSS_SSL_ENABLE_ZLIB
+include $(CORE_DEPTH)/coreconf/zlib.mk
+endif
+
 ifdef NSS_DISABLE_TLS_1_3
 NSS_DISABLE_TLS_1_3=1
 # Run parameterized tests only, for which we can easily exclude TLS 1.3
diff --git a/security/nss/gtests/ssl_gtest/bloomfilter_unittest.cc b/security/nss/gtests/ssl_gtest/bloomfilter_unittest.cc
deleted file mode 100644
index 110cfa13a..000000000
--- a/security/nss/gtests/ssl_gtest/bloomfilter_unittest.cc
+++ /dev/null
@@ -1,108 +0,0 @@
-/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/* vim: set ts=2 et sw=2 tw=80: */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this file,
- * You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-extern "C" {
-#include "sslbloom.h"
-}
-
-#include "gtest_utils.h"
-
-namespace nss_test {
-
-// Some random-ish inputs to test with.  These don't result in collisions in any
-// of the configurations that are tested below.
-static const uint8_t kHashes1[] = {
-    0x79, 0x53, 0xb8, 0xdd, 0x6b, 0x98, 0xce, 0x00, 0xb7, 0xdc, 0xe8,
-    0x03, 0x70, 0x8c, 0xe3, 0xac, 0x06, 0x8b, 0x22, 0xfd, 0x0e, 0x34,
-    0x48, 0xe6, 0xe5, 0xe0, 0x8a, 0xd6, 0x16, 0x18, 0xe5, 0x48};
-static const uint8_t kHashes2[] = {
-    0xc6, 0xdd, 0x6e, 0xc4, 0x76, 0xb8, 0x55, 0xf2, 0xa4, 0xfc, 0x59,
-    0x04, 0xa4, 0x90, 0xdc, 0xa7, 0xa7, 0x0d, 0x94, 0x8f, 0xc2, 0xdc,
-    0x15, 0x6d, 0x48, 0x93, 0x9d, 0x05, 0xbb, 0x9a, 0xbc, 0xc1};
-
-typedef struct {
-  unsigned int k;
-  unsigned int bits;
-} BloomFilterConfig;
-
-class BloomFilterTest
-    : public ::testing::Test,
-      public ::testing::WithParamInterface<BloomFilterConfig> {
- public:
-  BloomFilterTest() : filter_() {}
-
-  void SetUp() { Init(); }
-
-  void TearDown() { sslBloom_Destroy(&filter_); }
-
- protected:
-  void Init() {
-    if (filter_.filter) {
-      sslBloom_Destroy(&filter_);
-    }
-    ASSERT_EQ(SECSuccess,
-              sslBloom_Init(&filter_, GetParam().k, GetParam().bits));
-  }
-
-  bool Check(const uint8_t* hashes) {
-    return sslBloom_Check(&filter_, hashes) ? true : false;
-  }
-
-  void Add(const uint8_t* hashes, bool expect_collision = false) {
-    EXPECT_EQ(expect_collision, sslBloom_Add(&filter_, hashes) ? true : false);
-    EXPECT_TRUE(Check(hashes));
-  }
-
-  sslBloomFilter filter_;
-};
-
-TEST_P(BloomFilterTest, InitOnly) {}
-
-TEST_P(BloomFilterTest, AddToEmpty) {
-  EXPECT_FALSE(Check(kHashes1));
-  Add(kHashes1);
-}
-
-TEST_P(BloomFilterTest, AddTwo) {
-  Add(kHashes1);
-  Add(kHashes2);
-}
-
-TEST_P(BloomFilterTest, AddOneTwice) {
-  Add(kHashes1);
-  Add(kHashes1, true);
-}
-
-TEST_P(BloomFilterTest, Zero) {
-  Add(kHashes1);
-  sslBloom_Zero(&filter_);
-  EXPECT_FALSE(Check(kHashes1));
-  EXPECT_FALSE(Check(kHashes2));
-}
-
-TEST_P(BloomFilterTest, Fill) {
-  sslBloom_Fill(&filter_);
-  EXPECT_TRUE(Check(kHashes1));
-  EXPECT_TRUE(Check(kHashes2));
-}
-
-static const BloomFilterConfig kBloomFilterConfigurations[] = {
-    {1, 1},    // 1 hash, 1 bit input - high chance of collision.
-    {1, 2},    // 1 hash, 2 bits - smaller than the basic unit size.
-    {1, 3},    // 1 hash, 3 bits - same as basic unit size.
-    {1, 4},    // 1 hash, 4 bits - 2 octets each.
-    {3, 10},   // 3 hashes over a reasonable number of bits.
-    {3, 3},    // Test that we can read multiple bits.
-    {4, 15},   // A credible filter.
-    {2, 18},   // A moderately large allocation.
-    {16, 16},  // Insane, use all of the bits from the hashes.
-    {16, 9},   // This also uses all of the bits from the hashes.
-};
-
-INSTANTIATE_TEST_CASE_P(BloomFilterConfigurations, BloomFilterTest,
-                        ::testing::ValuesIn(kBloomFilterConfigurations));
-
-}  // namespace nspr_test
diff --git a/security/nss/gtests/ssl_gtest/libssl_internals.c b/security/nss/gtests/ssl_gtest/libssl_internals.c
index 887d85278..97b8354ae 100644
--- a/security/nss/gtests/ssl_gtest/libssl_internals.c
+++ b/security/nss/gtests/ssl_gtest/libssl_internals.c
@@ -34,17 +34,18 @@ SECStatus SSLInt_UpdateSSLv2ClientRandom(PRFileDesc *fd, uint8_t *rnd,
     return SECFailure;
   }
 
+  ssl3_InitState(ss);
   ssl3_RestartHandshakeHashes(ss);
 
   // Ensure we don't overrun hs.client_random.
   rnd_len = PR_MIN(SSL3_RANDOM_LENGTH, rnd_len);
 
-  // Zero the client_random.
-  PORT_Memset(ss->ssl3.hs.client_random, 0, SSL3_RANDOM_LENGTH);
+  // Zero the client_random struct.
+  PORT_Memset(&ss->ssl3.hs.client_random, 0, SSL3_RANDOM_LENGTH);
 
   // Copy over the challenge bytes.
   size_t offset = SSL3_RANDOM_LENGTH - rnd_len;
-  PORT_Memcpy(ss->ssl3.hs.client_random + offset, rnd, rnd_len);
+  PORT_Memcpy(&ss->ssl3.hs.client_random.rand[offset], rnd, rnd_len);
 
   // Rehash the SSLv2 client hello message.
   return ssl3_UpdateHandshakeHashes(ss, msg, msg_len);
@@ -72,11 +73,10 @@ SECStatus SSLInt_SetMTU(PRFileDesc *fd, PRUint16 mtu) {
     return SECFailure;
   }
   ss->ssl3.mtu = mtu;
-  ss->ssl3.hs.rtRetries = 0; /* Avoid DTLS shrinking the MTU any more. */
   return SECSuccess;
 }
 
-PRInt32 SSLInt_CountCipherSpecs(PRFileDesc *fd) {
+PRInt32 SSLInt_CountTls13CipherSpecs(PRFileDesc *fd) {
   PRCList *cur_p;
   PRInt32 ct = 0;
 
@@ -92,7 +92,7 @@ PRInt32 SSLInt_CountCipherSpecs(PRFileDesc *fd) {
   return ct;
 }
 
-void SSLInt_PrintCipherSpecs(const char *label, PRFileDesc *fd) {
+void SSLInt_PrintTls13CipherSpecs(PRFileDesc *fd) {
   PRCList *cur_p;
 
   sslSocket *ss = ssl_FindSocket(fd);
@@ -100,31 +100,27 @@ void SSLInt_PrintCipherSpecs(const char *label, PRFileDesc *fd) {
     return;
   }
 
-  fprintf(stderr, "Cipher specs for %s\n", label);
+  fprintf(stderr, "Cipher specs\n");
   for (cur_p = PR_NEXT_LINK(&ss->ssl3.hs.cipherSpecs);
        cur_p != &ss->ssl3.hs.cipherSpecs; cur_p = PR_NEXT_LINK(cur_p)) {
     ssl3CipherSpec *spec = (ssl3CipherSpec *)cur_p;
-    fprintf(stderr, "  %s spec epoch=%d (%s) refct=%d\n", SPEC_DIR(spec),
-            spec->epoch, spec->phase, spec->refCt);
+    fprintf(stderr, "  %s\n", spec->phase);
   }
 }
 
-/* Force a timer expiry by backdating when all active timers were started. We
- * could set the remaining time to 0 but then backoff would not work properly if
- * we decide to test it. */
-SECStatus SSLInt_ShiftDtlsTimers(PRFileDesc *fd, PRIntervalTime shift) {
-  size_t i;
+/* Force a timer expiry by backdating when the timer was started.
+ * We could set the remaining time to 0 but then backoff would not
+ * work properly if we decide to test it. */
+void SSLInt_ForceTimerExpiry(PRFileDesc *fd) {
   sslSocket *ss = ssl_FindSocket(fd);
   if (!ss) {
-    return SECFailure;
+    return;
   }
 
-  for (i = 0; i < PR_ARRAY_SIZE(ss->ssl3.hs.timers); ++i) {
-    if (ss->ssl3.hs.timers[i].cb) {
-      ss->ssl3.hs.timers[i].started -= shift;
-    }
-  }
-  return SECSuccess;
+  if (!ss->ssl3.hs.rtTimerCb) return;
+
+  ss->ssl3.hs.rtTimerStarted =
+      PR_IntervalNow() - PR_MillisecondsToInterval(ss->ssl3.hs.rtTimeoutMs + 1);
 }
 
 #define CHECK_SECRET(secret)                  \
@@ -140,6 +136,7 @@ PRBool SSLInt_CheckSecretsDestroyed(PRFileDesc *fd) {
   }
 
   CHECK_SECRET(currentSecret);
+  CHECK_SECRET(resumptionMasterSecret);
   CHECK_SECRET(dheSecret);
   CHECK_SECRET(clientEarlyTrafficSecret);
   CHECK_SECRET(clientHsTrafficSecret);
@@ -229,7 +226,28 @@ PRBool SSLInt_SendAlert(PRFileDesc *fd, uint8_t level, uint8_t type) {
   return PR_TRUE;
 }
 
+PRBool SSLInt_SendNewSessionTicket(PRFileDesc *fd) {
+  sslSocket *ss = ssl_FindSocket(fd);
+  if (!ss) {
+    return PR_FALSE;
+  }
+
+  ssl_GetSSL3HandshakeLock(ss);
+  ssl_GetXmitBufLock(ss);
+
+  SECStatus rv = tls13_SendNewSessionTicket(ss);
+  if (rv == SECSuccess) {
+    rv = ssl3_FlushHandshake(ss, 0);
+  }
+
+  ssl_ReleaseXmitBufLock(ss);
+  ssl_ReleaseSSL3HandshakeLock(ss);
+
+  return rv == SECSuccess;
+}
+
 SECStatus SSLInt_AdvanceReadSeqNum(PRFileDesc *fd, PRUint64 to) {
+  PRUint64 epoch;
   sslSocket *ss;
   ssl3CipherSpec *spec;
 
@@ -237,40 +255,43 @@ SECStatus SSLInt_AdvanceReadSeqNum(PRFileDesc *fd, PRUint64 to) {
   if (!ss) {
     return SECFailure;
   }
-  if (to >= RECORD_SEQ_MAX) {
+  if (to >= (1ULL << 48)) {
     PORT_SetError(SEC_ERROR_INVALID_ARGS);
     return SECFailure;
   }
   ssl_GetSpecWriteLock(ss);
   spec = ss->ssl3.crSpec;
-  spec->seqNum = to;
+  epoch = spec->read_seq_num >> 48;
+  spec->read_seq_num = (epoch << 48) | to;
 
   /* For DTLS, we need to fix the record sequence number.  For this, we can just
    * scrub the entire structure on the assumption that the new sequence number
    * is far enough past the last received sequence number. */
-  if (spec->seqNum <= spec->recvdRecords.right + DTLS_RECVD_RECORDS_WINDOW) {
+  if (to <= spec->recvdRecords.right + DTLS_RECVD_RECORDS_WINDOW) {
     PORT_SetError(SEC_ERROR_INVALID_ARGS);
     return SECFailure;
   }
-  dtls_RecordSetRecvd(&spec->recvdRecords, spec->seqNum);
+  dtls_RecordSetRecvd(&spec->recvdRecords, to);
 
   ssl_ReleaseSpecWriteLock(ss);
   return SECSuccess;
 }
 
 SECStatus SSLInt_AdvanceWriteSeqNum(PRFileDesc *fd, PRUint64 to) {
+  PRUint64 epoch;
   sslSocket *ss;
 
   ss = ssl_FindSocket(fd);
   if (!ss) {
     return SECFailure;
   }
-  if (to >= RECORD_SEQ_MAX) {
+  if (to >= (1ULL << 48)) {
     PORT_SetError(SEC_ERROR_INVALID_ARGS);
     return SECFailure;
   }
   ssl_GetSpecWriteLock(ss);
-  ss->ssl3.cwSpec->seqNum = to;
+  epoch = ss->ssl3.cwSpec->write_seq_num >> 48;
+  ss->ssl3.cwSpec->write_seq_num = (epoch << 48) | to;
   ssl_ReleaseSpecWriteLock(ss);
   return SECSuccess;
 }
@@ -284,9 +305,9 @@ SECStatus SSLInt_AdvanceWriteSeqByAWindow(PRFileDesc *fd, PRInt32 extra) {
     return SECFailure;
   }
   ssl_GetSpecReadLock(ss);
-  to = ss->ssl3.cwSpec->seqNum + DTLS_RECVD_RECORDS_WINDOW + extra;
+  to = ss->ssl3.cwSpec->write_seq_num + DTLS_RECVD_RECORDS_WINDOW + extra;
   ssl_ReleaseSpecReadLock(ss);
-  return SSLInt_AdvanceWriteSeqNum(fd, to);
+  return SSLInt_AdvanceWriteSeqNum(fd, to & RECORD_SEQ_MAX);
 }
 
 SSLKEAType SSLInt_GetKEAType(SSLNamedGroup group) {
@@ -312,20 +333,46 @@ SECStatus SSLInt_SetCipherSpecChangeFunc(PRFileDesc *fd,
   return SECSuccess;
 }
 
-PK11SymKey *SSLInt_CipherSpecToKey(const ssl3CipherSpec *spec) {
-  return spec->keyMaterial.key;
+static ssl3KeyMaterial *GetKeyingMaterial(PRBool isServer,
+                                          ssl3CipherSpec *spec) {
+  return isServer ? &spec->server : &spec->client;
 }
 
-SSLCipherAlgorithm SSLInt_CipherSpecToAlgorithm(const ssl3CipherSpec *spec) {
-  return spec->cipherDef->calg;
+PK11SymKey *SSLInt_CipherSpecToKey(PRBool isServer, ssl3CipherSpec *spec) {
+  return GetKeyingMaterial(isServer, spec)->write_key;
 }
 
-const PRUint8 *SSLInt_CipherSpecToIv(const ssl3CipherSpec *spec) {
-  return spec->keyMaterial.iv;
+SSLCipherAlgorithm SSLInt_CipherSpecToAlgorithm(PRBool isServer,
+                                                ssl3CipherSpec *spec) {
+  return spec->cipher_def->calg;
 }
 
-PRUint16 SSLInt_CipherSpecToEpoch(const ssl3CipherSpec *spec) {
-  return spec->epoch;
+unsigned char *SSLInt_CipherSpecToIv(PRBool isServer, ssl3CipherSpec *spec) {
+  return GetKeyingMaterial(isServer, spec)->write_iv;
+}
+
+SECStatus SSLInt_EnableShortHeaders(PRFileDesc *fd) {
+  sslSocket *ss;
+
+  ss = ssl_FindSocket(fd);
+  if (!ss) {
+    return SECFailure;
+  }
+
+  ss->opt.enableShortHeaders = PR_TRUE;
+  return SECSuccess;
+}
+
+SECStatus SSLInt_UsingShortHeaders(PRFileDesc *fd, PRBool *result) {
+  sslSocket *ss;
+
+  ss = ssl_FindSocket(fd);
+  if (!ss) {
+    return SECFailure;
+  }
+
+  *result = ss->ssl3.hs.shortHeaders;
+  return SECSuccess;
 }
 
 void SSLInt_SetTicketLifetime(uint32_t lifetime) {
@@ -358,21 +405,3 @@ SECStatus SSLInt_SetSocketMaxEarlyDataSize(PRFileDesc *fd, uint32_t size) {
 
   return SECSuccess;
 }
-
-void SSLInt_RolloverAntiReplay(void) {
-  tls13_AntiReplayRollover(ssl_TimeUsec());
-}
-
-SECStatus SSLInt_GetEpochs(PRFileDesc *fd, PRUint16 *readEpoch,
-                           PRUint16 *writeEpoch) {
-  sslSocket *ss = ssl_FindSocket(fd);
-  if (!ss || !readEpoch || !writeEpoch) {
-    return SECFailure;
-  }
-
-  ssl_GetSpecReadLock(ss);
-  *readEpoch = ss->ssl3.crSpec->epoch;
-  *writeEpoch = ss->ssl3.cwSpec->epoch;
-  ssl_ReleaseSpecReadLock(ss);
-  return SECSuccess;
-}
diff --git a/security/nss/gtests/ssl_gtest/libssl_internals.h b/security/nss/gtests/ssl_gtest/libssl_internals.h
index 95d4afdaf..33709c4b4 100644
--- a/security/nss/gtests/ssl_gtest/libssl_internals.h
+++ b/security/nss/gtests/ssl_gtest/libssl_internals.h
@@ -24,9 +24,9 @@ SECStatus SSLInt_UpdateSSLv2ClientRandom(PRFileDesc *fd, uint8_t *rnd,
 PRBool SSLInt_ExtensionNegotiated(PRFileDesc *fd, PRUint16 ext);
 void SSLInt_ClearSelfEncryptKey();
 void SSLInt_SetSelfEncryptMacKey(PK11SymKey *key);
-PRInt32 SSLInt_CountCipherSpecs(PRFileDesc *fd);
-void SSLInt_PrintCipherSpecs(const char *label, PRFileDesc *fd);
-SECStatus SSLInt_ShiftDtlsTimers(PRFileDesc *fd, PRIntervalTime shift);
+PRInt32 SSLInt_CountTls13CipherSpecs(PRFileDesc *fd);
+void SSLInt_PrintTls13CipherSpecs(PRFileDesc *fd);
+void SSLInt_ForceTimerExpiry(PRFileDesc *fd);
 SECStatus SSLInt_SetMTU(PRFileDesc *fd, PRUint16 mtu);
 PRBool SSLInt_CheckSecretsDestroyed(PRFileDesc *fd);
 PRBool SSLInt_DamageClientHsTrafficSecret(PRFileDesc *fd);
@@ -35,23 +35,23 @@ PRBool SSLInt_DamageEarlyTrafficSecret(PRFileDesc *fd);
 SECStatus SSLInt_Set0RttAlpn(PRFileDesc *fd, PRUint8 *data, unsigned int len);
 PRBool SSLInt_HasCertWithAuthType(PRFileDesc *fd, SSLAuthType authType);
 PRBool SSLInt_SendAlert(PRFileDesc *fd, uint8_t level, uint8_t type);
+PRBool SSLInt_SendNewSessionTicket(PRFileDesc *fd);
 SECStatus SSLInt_AdvanceWriteSeqNum(PRFileDesc *fd, PRUint64 to);
 SECStatus SSLInt_AdvanceReadSeqNum(PRFileDesc *fd, PRUint64 to);
 SECStatus SSLInt_AdvanceWriteSeqByAWindow(PRFileDesc *fd, PRInt32 extra);
 SSLKEAType SSLInt_GetKEAType(SSLNamedGroup group);
-SECStatus SSLInt_GetEpochs(PRFileDesc *fd, PRUint16 *readEpoch,
-                           PRUint16 *writeEpoch);
 
 SECStatus SSLInt_SetCipherSpecChangeFunc(PRFileDesc *fd,
                                          sslCipherSpecChangedFunc func,
                                          void *arg);
-PRUint16 SSLInt_CipherSpecToEpoch(const ssl3CipherSpec *spec);
-PK11SymKey *SSLInt_CipherSpecToKey(const ssl3CipherSpec *spec);
-SSLCipherAlgorithm SSLInt_CipherSpecToAlgorithm(const ssl3CipherSpec *spec);
-const PRUint8 *SSLInt_CipherSpecToIv(const ssl3CipherSpec *spec);
+PK11SymKey *SSLInt_CipherSpecToKey(PRBool isServer, ssl3CipherSpec *spec);
+SSLCipherAlgorithm SSLInt_CipherSpecToAlgorithm(PRBool isServer,
+                                                ssl3CipherSpec *spec);
+unsigned char *SSLInt_CipherSpecToIv(PRBool isServer, ssl3CipherSpec *spec);
+SECStatus SSLInt_EnableShortHeaders(PRFileDesc *fd);
+SECStatus SSLInt_UsingShortHeaders(PRFileDesc *fd, PRBool *result);
 void SSLInt_SetTicketLifetime(uint32_t lifetime);
 void SSLInt_SetMaxEarlyDataSize(uint32_t size);
 SECStatus SSLInt_SetSocketMaxEarlyDataSize(PRFileDesc *fd, uint32_t size);
-void SSLInt_RolloverAntiReplay(void);
 
 #endif  // ndef libssl_internals_h_
diff --git a/security/nss/gtests/ssl_gtest/manifest.mn b/security/nss/gtests/ssl_gtest/manifest.mn
index 5d893bab3..cc729c0f1 100644
--- a/security/nss/gtests/ssl_gtest/manifest.mn
+++ b/security/nss/gtests/ssl_gtest/manifest.mn
@@ -12,13 +12,11 @@ CSRCS = \
       $(NULL)
 
 CPPSRCS = \
-      bloomfilter_unittest.cc \
       ssl_0rtt_unittest.cc \
       ssl_agent_unittest.cc \
       ssl_auth_unittest.cc \
       ssl_cert_ext_unittest.cc \
       ssl_ciphersuite_unittest.cc \
-      ssl_custext_unittest.cc \
       ssl_damage_unittest.cc \
       ssl_dhe_unittest.cc \
       ssl_drop_unittest.cc \
@@ -31,16 +29,11 @@ CPPSRCS = \
       ssl_gather_unittest.cc \
       ssl_gtest.cc \
       ssl_hrr_unittest.cc \
-      ssl_keylog_unittest.cc \
-      ssl_keyupdate_unittest.cc \
       ssl_loopback_unittest.cc \
-      ssl_misc_unittest.cc \
       ssl_record_unittest.cc \
       ssl_resumption_unittest.cc \
-      ssl_renegotiation_unittest.cc \
       ssl_skip_unittest.cc \
       ssl_staticrsa_unittest.cc \
-      ssl_tls13compat_unittest.cc \
       ssl_v2_client_hello_unittest.cc \
       ssl_version_unittest.cc \
       ssl_versionpolicy_unittest.cc \
diff --git a/security/nss/gtests/ssl_gtest/ssl_0rtt_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_0rtt_unittest.cc
index a60295490..85b7011a1 100644
--- a/security/nss/gtests/ssl_gtest/ssl_0rtt_unittest.cc
+++ b/security/nss/gtests/ssl_gtest/ssl_0rtt_unittest.cc
@@ -7,7 +7,6 @@
 #include "secerr.h"
 #include "ssl.h"
 #include "sslerr.h"
-#include "sslexp.h"
 #include "sslproto.h"
 
 extern "C" {
@@ -45,93 +44,6 @@ TEST_P(TlsConnectTls13, ZeroRttServerRejectByOption) {
   SendReceive();
 }
 
-TEST_P(TlsConnectTls13, ZeroRttApparentReplayAfterRestart) {
-  // The test fixtures call SSL_SetupAntiReplay() in SetUp().  This results in
-  // 0-RTT being rejected until at least one window passes.  SetupFor0Rtt()
-  // forces a rollover of the anti-replay filters, which clears this state.
-  // Here, we do the setup manually here without that forced rollover.
-
-  ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
-  ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
-  server_->Set0RttEnabled(true);  // So we signal that we allow 0-RTT.
-  Connect();
-  SendReceive();  // Need to read so that we absorb the session ticket.
-  CheckKeys();
-
-  Reset();
-  StartConnect();
-  client_->Set0RttEnabled(true);
-  server_->Set0RttEnabled(true);
-  ExpectResumption(RESUME_TICKET);
-  ZeroRttSendReceive(true, false);
-  Handshake();
-  CheckConnected();
-  SendReceive();
-}
-
-class TlsZeroRttReplayTest : public TlsConnectTls13 {
- private:
-  class SaveFirstPacket : public PacketFilter {
-   public:
-    PacketFilter::Action Filter(const DataBuffer& input,
-                                DataBuffer* output) override {
-      if (!packet_.len() && input.len()) {
-        packet_ = input;
-      }
-      return KEEP;
-    }
-
-    const DataBuffer& packet() const { return packet_; }
-
-   private:
-    DataBuffer packet_;
-  };
-
- protected:
-  void RunTest(bool rollover) {
-    // Run the initial handshake
-    SetupForZeroRtt();
-
-    // Now run a true 0-RTT handshake, but capture the first packet.
-    auto first_packet = std::make_shared<SaveFirstPacket>();
-    client_->SetPacketFilter(first_packet);
-    client_->Set0RttEnabled(true);
-    server_->Set0RttEnabled(true);
-    ExpectResumption(RESUME_TICKET);
-    ZeroRttSendReceive(true, true);
-    Handshake();
-    EXPECT_LT(0U, first_packet->packet().len());
-    ExpectEarlyDataAccepted(true);
-    CheckConnected();
-    SendReceive();
-
-    if (rollover) {
-      SSLInt_RolloverAntiReplay();
-    }
-
-    // Now replay that packet against the server.
-    Reset();
-    server_->StartConnect();
-    server_->Set0RttEnabled(true);
-
-    // Capture the early_data extension, which should not appear.
-    auto early_data_ext =
-        std::make_shared<TlsExtensionCapture>(ssl_tls13_early_data_xtn);
-    server_->SetPacketFilter(early_data_ext);
-
-    // Finally, replay the ClientHello and force the server to consume it.  Stop
-    // after the server sends its first flight; the client will not be able to
-    // complete this handshake.
-    server_->adapter()->PacketReceived(first_packet->packet());
-    server_->Handshake();
-    EXPECT_FALSE(early_data_ext->captured());
-  }
-};
-
-TEST_P(TlsZeroRttReplayTest, ZeroRttReplay) { RunTest(false); }
-
-TEST_P(TlsZeroRttReplayTest, ZeroRttReplayAfterRollover) { RunTest(true); }
-
 // Test that we don't try to send 0-RTT data when the server sent
 // us a ticket without the 0-RTT flags.
 TEST_P(TlsConnectTls13, ZeroRttOptionsSetLate) {
@@ -140,7 +52,8 @@ TEST_P(TlsConnectTls13, ZeroRttOptionsSetLate) {
   SendReceive();  // Need to read so that we absorb the session ticket.
   CheckKeys(ssl_kea_ecdh, ssl_auth_rsa_sign);
   Reset();
-  StartConnect();
+  server_->StartConnect();
+  client_->StartConnect();
   // Now turn on 0-RTT but too late for the ticket.
   client_->Set0RttEnabled(true);
   server_->Set0RttEnabled(true);
@@ -167,7 +80,8 @@ TEST_P(TlsConnectTls13, ZeroRttServerForgetTicket) {
 TEST_P(TlsConnectTls13, ZeroRttServerOnly) {
   ExpectResumption(RESUME_NONE);
   server_->Set0RttEnabled(true);
-  StartConnect();
+  client_->StartConnect();
+  server_->StartConnect();
 
   // Client sends ordinary ClientHello.
   client_->Handshake();
@@ -185,61 +99,6 @@ TEST_P(TlsConnectTls13, ZeroRttServerOnly) {
   CheckKeys();
 }
 
-// A small sleep after sending the ClientHello means that the ticket age that
-// arrives at the server is too low.  With a small tolerance for variation in
-// ticket age (which is determined by the |window| parameter that is passed to
-// SSL_SetupAntiReplay()), the server then rejects early data.
-TEST_P(TlsConnectTls13, ZeroRttRejectOldTicket) {
-  SetupForZeroRtt();
-  client_->Set0RttEnabled(true);
-  server_->Set0RttEnabled(true);
-  EXPECT_EQ(SECSuccess, SSL_SetupAntiReplay(1, 1, 3));
-  SSLInt_RolloverAntiReplay();  // Make sure to flush replay state.
-  SSLInt_RolloverAntiReplay();
-  ExpectResumption(RESUME_TICKET);
-  ZeroRttSendReceive(true, false, []() {
-    PR_Sleep(PR_MillisecondsToInterval(10));
-    return true;
-  });
-  Handshake();
-  ExpectEarlyDataAccepted(false);
-  CheckConnected();
-  SendReceive();
-}
-
-// In this test, we falsely inflate the estimate of the RTT by delaying the
-// ServerHello on the first handshake.  This results in the server estimating a
-// higher value of the ticket age than the client ultimately provides.  Add a
-// small tolerance for variation in ticket age and the ticket will appear to
-// arrive prematurely, causing the server to reject early data.
-TEST_P(TlsConnectTls13, ZeroRttRejectPrematureTicket) {
-  ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
-  ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
-  server_->Set0RttEnabled(true);
-  StartConnect();
-  client_->Handshake();  // ClientHello
-  server_->Handshake();  // ServerHello
-  PR_Sleep(PR_MillisecondsToInterval(10));
-  Handshake();  // Remainder of handshake
-  CheckConnected();
-  SendReceive();
-  CheckKeys();
-
-  Reset();
-  client_->Set0RttEnabled(true);
-  server_->Set0RttEnabled(true);
-  EXPECT_EQ(SECSuccess, SSL_SetupAntiReplay(1, 1, 3));
-  SSLInt_RolloverAntiReplay();  // Make sure to flush replay state.
-  SSLInt_RolloverAntiReplay();
-  ExpectResumption(RESUME_TICKET);
-  ExpectEarlyDataAccepted(false);
-  StartConnect();
-  ZeroRttSendReceive(true, false);
-  Handshake();
-  CheckConnected();
-  SendReceive();
-}
-
 TEST_P(TlsConnectTls13, TestTls13ZeroRttAlpn) {
   EnableAlpn();
   SetupForZeroRtt();
@@ -258,14 +117,6 @@ TEST_P(TlsConnectTls13, TestTls13ZeroRttAlpn) {
   CheckAlpn("a");
 }
 
-// NOTE: In this test and those below, the client always sends
-// post-ServerHello alerts with the handshake keys, even if the server
-// has accepted 0-RTT.  In some cases, as with errors in
-// EncryptedExtensions, the client can't know the server's behavior,
-// and in others it's just simpler.  What the server is expecting
-// depends on whether it accepted 0-RTT or not. Eventually, we may
-// make the server trial decrypt.
-//
 // Have the server negotiate a different ALPN value, and therefore
 // reject 0-RTT.
 TEST_P(TlsConnectTls13, TestTls13ZeroRttAlpnChangeServer) {
@@ -304,17 +155,12 @@ TEST_P(TlsConnectTls13, TestTls13ZeroRttNoAlpnServer) {
     client_->CheckAlpn(SSL_NEXT_PROTO_EARLY_VALUE, "a");
     EXPECT_EQ(SECSuccess, SSLInt_Set0RttAlpn(client_->ssl_fd(), b, sizeof(b)));
     client_->CheckAlpn(SSL_NEXT_PROTO_EARLY_VALUE, "b");
-    client_->ExpectSendAlert(kTlsAlertIllegalParameter);
+    ExpectAlert(client_, kTlsAlertIllegalParameter);
     return true;
   });
-  if (variant_ == ssl_variant_stream) {
-    server_->ExpectSendAlert(kTlsAlertBadRecordMac);
-    Handshake();
-    server_->CheckErrorCode(SSL_ERROR_BAD_MAC_READ);
-  } else {
-    client_->Handshake();
-  }
+  Handshake();
   client_->CheckErrorCode(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
+  server_->CheckErrorCode(SSL_ERROR_ILLEGAL_PARAMETER_ALERT);
 }
 
 // Set up with no ALPN and then set the client so it thinks it has ALPN.
@@ -329,17 +175,12 @@ TEST_P(TlsConnectTls13, TestTls13ZeroRttNoAlpnClient) {
     PRUint8 b[] = {'b'};
     EXPECT_EQ(SECSuccess, SSLInt_Set0RttAlpn(client_->ssl_fd(), b, 1));
     client_->CheckAlpn(SSL_NEXT_PROTO_EARLY_VALUE, "b");
-    client_->ExpectSendAlert(kTlsAlertIllegalParameter);
+    ExpectAlert(client_, kTlsAlertIllegalParameter);
     return true;
   });
-  if (variant_ == ssl_variant_stream) {
-    server_->ExpectSendAlert(kTlsAlertBadRecordMac);
-    Handshake();
-    server_->CheckErrorCode(SSL_ERROR_BAD_MAC_READ);
-  } else {
-    client_->Handshake();
-  }
+  Handshake();
   client_->CheckErrorCode(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
+  server_->CheckErrorCode(SSL_ERROR_ILLEGAL_PARAMETER_ALERT);
 }
 
 // Remove the old ALPN value and so the client will not offer early data.
@@ -377,7 +218,9 @@ TEST_P(TlsConnectTls13, TestTls13ZeroRttDowngrade) {
                            SSL_LIBRARY_VERSION_TLS_1_3);
   server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_2,
                            SSL_LIBRARY_VERSION_TLS_1_2);
-  StartConnect();
+  client_->StartConnect();
+  server_->StartConnect();
+
   // We will send the early data xtn without sending actual early data. Thus
   // a 1.2 server shouldn't fail until the client sends an alert because the
   // client sends end_of_early_data only after reading the server's flight.
@@ -418,7 +261,9 @@ TEST_P(TlsConnectTls13, TestTls13ZeroRttDowngradeEarlyData) {
                            SSL_LIBRARY_VERSION_TLS_1_3);
   server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_2,
                            SSL_LIBRARY_VERSION_TLS_1_2);
-  StartConnect();
+  client_->StartConnect();
+  server_->StartConnect();
+
   // Send the early data xtn in the CH, followed by early app data. The server
   // will fail right after sending its flight, when receiving the early data.
   client_->Set0RttEnabled(true);
@@ -465,6 +310,7 @@ TEST_P(TlsConnectTls13, SendTooMuchEarlyData) {
   server_->Set0RttEnabled(true);
   ExpectResumption(RESUME_TICKET);
 
+  ExpectAlert(client_, kTlsAlertEndOfEarlyData);
   client_->Handshake();
   CheckEarlyDataLimit(client_, short_size);
 
@@ -518,6 +364,7 @@ TEST_P(TlsConnectTls13, ReceiveTooMuchEarlyData) {
   server_->Set0RttEnabled(true);
   ExpectResumption(RESUME_TICKET);
 
+  client_->ExpectSendAlert(kTlsAlertEndOfEarlyData);
   client_->Handshake();  // Send ClientHello
   CheckEarlyDataLimit(client_, limit);
 
@@ -552,86 +399,4 @@ TEST_P(TlsConnectTls13, ReceiveTooMuchEarlyData) {
   }
 }
 
-class PacketCoalesceFilter : public PacketFilter {
- public:
-  PacketCoalesceFilter() : packet_data_() {}
-
-  void SendCoalesced(std::shared_ptr<TlsAgent> agent) {
-    agent->SendDirect(packet_data_);
-  }
-
- protected:
-  PacketFilter::Action Filter(const DataBuffer& input,
-                              DataBuffer* output) override {
-    packet_data_.Write(packet_data_.len(), input);
-    return DROP;
-  }
-
- private:
-  DataBuffer packet_data_;
-};
-
-TEST_P(TlsConnectTls13, ZeroRttOrdering) {
-  SetupForZeroRtt();
-  client_->Set0RttEnabled(true);
-  server_->Set0RttEnabled(true);
-  ExpectResumption(RESUME_TICKET);
-
-  // Send out the ClientHello.
-  client_->Handshake();
-
-  // Now, coalesce the next three things from the client: early data, second
-  // flight and 1-RTT data.
-  auto coalesce = std::make_shared<PacketCoalesceFilter>();
-  client_->SetPacketFilter(coalesce);
-
-  // Send (and hold) early data.
-  static const std::vector<uint8_t> early_data = {3, 2, 1};
-  EXPECT_EQ(static_cast<PRInt32>(early_data.size()),
-            PR_Write(client_->ssl_fd(), early_data.data(), early_data.size()));
-
-  // Send (and hold) the second client handshake flight.
-  // The client sends EndOfEarlyData after seeing the server Finished.
-  server_->Handshake();
-  client_->Handshake();
-
-  // Send (and hold) 1-RTT data.
-  static const std::vector<uint8_t> late_data = {7, 8, 9, 10};
-  EXPECT_EQ(static_cast<PRInt32>(late_data.size()),
-            PR_Write(client_->ssl_fd(), late_data.data(), late_data.size()));
-
-  // Now release them all at once.
-  coalesce->SendCoalesced(client_);
-
-  // Now ensure that the three steps are exposed in the right order on the
-  // server: delivery of early data, handshake callback, delivery of 1-RTT.
-  size_t step = 0;
-  server_->SetHandshakeCallback([&step](TlsAgent*) {
-    EXPECT_EQ(1U, step);
-    ++step;
-  });
-
-  std::vector<uint8_t> buf(10);
-  PRInt32 read = PR_Read(server_->ssl_fd(), buf.data(), buf.size());
-  ASSERT_EQ(static_cast<PRInt32>(early_data.size()), read);
-  buf.resize(read);
-  EXPECT_EQ(early_data, buf);
-  EXPECT_EQ(0U, step);
-  ++step;
-
-  // The third read should be after the handshake callback and should return the
-  // data that was sent after the handshake completed.
-  buf.resize(10);
-  read = PR_Read(server_->ssl_fd(), buf.data(), buf.size());
-  ASSERT_EQ(static_cast<PRInt32>(late_data.size()), read);
-  buf.resize(read);
-  EXPECT_EQ(late_data, buf);
-  EXPECT_EQ(2U, step);
-}
-
-#ifndef NSS_DISABLE_TLS_1_3
-INSTANTIATE_TEST_CASE_P(Tls13ZeroRttReplayTest, TlsZeroRttReplayTest,
-                        TlsConnectTestBase::kTlsVariantsAll);
-#endif
-
 }  // namespace nss_test
diff --git a/security/nss/gtests/ssl_gtest/ssl_agent_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_agent_unittest.cc
index 0aa9a4c78..5035a338d 100644
--- a/security/nss/gtests/ssl_gtest/ssl_agent_unittest.cc
+++ b/security/nss/gtests/ssl_gtest/ssl_agent_unittest.cc
@@ -31,7 +31,7 @@ const static uint8_t kCannedTls13ClientHello[] = {
     0x00, 0x00, 0xa0, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x09, 0x00, 0x00, 0x06,
     0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00,
     0x0a, 0x00, 0x12, 0x00, 0x10, 0x00, 0x17, 0x00, 0x18, 0x00, 0x19, 0x01,
-    0x00, 0x01, 0x01, 0x01, 0x02, 0x01, 0x03, 0x01, 0x04, 0x00, 0x33, 0x00,
+    0x00, 0x01, 0x01, 0x01, 0x02, 0x01, 0x03, 0x01, 0x04, 0x00, 0x28, 0x00,
     0x47, 0x00, 0x45, 0x00, 0x17, 0x00, 0x41, 0x04, 0x86, 0x4a, 0xb9, 0xdc,
     0x6a, 0x38, 0xa7, 0xce, 0xe7, 0xc2, 0x4f, 0xa6, 0x28, 0xb9, 0xdc, 0x65,
     0xbf, 0x73, 0x47, 0x3c, 0x9c, 0x65, 0x8c, 0x47, 0x6d, 0x57, 0x22, 0x8a,
@@ -44,14 +44,13 @@ const static uint8_t kCannedTls13ClientHello[] = {
     0x02, 0x05, 0x02, 0x06, 0x02, 0x02, 0x02};
 
 const static uint8_t kCannedTls13ServerHello[] = {
-    0x03, 0x03, 0x9c, 0xbc, 0x14, 0x9b, 0x0e, 0x2e, 0xfa, 0x0d, 0xf3,
-    0xf0, 0x5c, 0x70, 0x7a, 0xe0, 0xd1, 0x9b, 0x3e, 0x5a, 0x44, 0x6b,
-    0xdf, 0xe5, 0xc2, 0x28, 0x64, 0xf7, 0x00, 0xc1, 0x9c, 0x08, 0x76,
-    0x08, 0x00, 0x13, 0x01, 0x00, 0x00, 0x2e, 0x00, 0x33, 0x00, 0x24,
-    0x00, 0x1d, 0x00, 0x20, 0xc2, 0xcf, 0x23, 0x17, 0x64, 0x23, 0x03,
-    0xf0, 0xfb, 0x45, 0x98, 0x26, 0xd1, 0x65, 0x24, 0xa1, 0x6c, 0xa9,
-    0x80, 0x8f, 0x2c, 0xac, 0x0a, 0xea, 0x53, 0x3a, 0xcb, 0xe3, 0x08,
-    0x84, 0xae, 0x19, 0x00, 0x2b, 0x00, 0x02, 0x7f, kD13};
+    0x7f, kD13, 0x9c, 0xbc, 0x14, 0x9b, 0x0e, 0x2e, 0xfa, 0x0d, 0xf3, 0xf0,
+    0x5c, 0x70, 0x7a, 0xe0, 0xd1, 0x9b, 0x3e, 0x5a, 0x44, 0x6b, 0xdf, 0xe5,
+    0xc2, 0x28, 0x64, 0xf7, 0x00, 0xc1, 0x9c, 0x08, 0x76, 0x08, 0x13, 0x01,
+    0x00, 0x28, 0x00, 0x28, 0x00, 0x24, 0x00, 0x1d, 0x00, 0x20, 0xc2, 0xcf,
+    0x23, 0x17, 0x64, 0x23, 0x03, 0xf0, 0xfb, 0x45, 0x98, 0x26, 0xd1, 0x65,
+    0x24, 0xa1, 0x6c, 0xa9, 0x80, 0x8f, 0x2c, 0xac, 0x0a, 0xea, 0x53, 0x3a,
+    0xcb, 0xe3, 0x08, 0x84, 0xae, 0x19};
 static const char *k0RttData = "ABCDEF";
 
 TEST_P(TlsAgentTest, EarlyFinished) {
diff --git a/security/nss/gtests/ssl_gtest/ssl_auth_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_auth_unittest.cc
index dbcdd92ea..dbcbc9aa3 100644
--- a/security/nss/gtests/ssl_gtest/ssl_auth_unittest.cc
+++ b/security/nss/gtests/ssl_gtest/ssl_auth_unittest.cc
@@ -29,25 +29,7 @@ TEST_P(TlsConnectGeneric, ServerAuthBigRsa) {
 }
 
 TEST_P(TlsConnectGeneric, ServerAuthRsaChain) {
-  Reset("rsa_chain");
-  Connect();
-  CheckKeys();
-  size_t chain_length;
-  EXPECT_TRUE(client_->GetPeerChainLength(&chain_length));
-  EXPECT_EQ(2UL, chain_length);
-}
-
-TEST_P(TlsConnectGeneric, ServerAuthRsaPssChain) {
-  Reset("rsa_pss_chain");
-  Connect();
-  CheckKeys();
-  size_t chain_length;
-  EXPECT_TRUE(client_->GetPeerChainLength(&chain_length));
-  EXPECT_EQ(2UL, chain_length);
-}
-
-TEST_P(TlsConnectGeneric, ServerAuthRsaCARsaPssChain) {
-  Reset("rsa_ca_rsa_pss_chain");
+  Reset(TlsAgent::kServerRsaChain);
   Connect();
   CheckKeys();
   size_t chain_length;
@@ -159,11 +141,13 @@ TEST_P(TlsConnectTls12, ClientAuthBigRsaCheckSigAlg) {
 
 class TlsZeroCertificateRequestSigAlgsFilter : public TlsHandshakeFilter {
  public:
-  TlsZeroCertificateRequestSigAlgsFilter()
-      : TlsHandshakeFilter({kTlsHandshakeCertificateRequest}) {}
   virtual PacketFilter::Action FilterHandshake(
       const TlsHandshakeFilter::HandshakeHeader& header,
       const DataBuffer& input, DataBuffer* output) {
+    if (header.handshake_type() != kTlsHandshakeCertificateRequest) {
+      return KEEP;
+    }
+
     TlsParser parser(input);
     std::cerr << "Zeroing CertReq.supported_signature_algorithms" << std::endl;
 
@@ -597,7 +581,8 @@ class EnforceNoActivity : public PacketFilter {
 TEST_P(TlsConnectGenericPre13, AuthCompleteDelayed) {
   client_->SetAuthCertificateCallback(AuthCompleteBlock);
 
-  StartConnect();
+  server_->StartConnect();
+  client_->StartConnect();
   client_->Handshake();  // Send ClientHello
   server_->Handshake();  // Send ServerHello
   client_->Handshake();  // Send ClientKeyExchange and Finished
@@ -625,7 +610,8 @@ TEST_P(TlsConnectGenericPre13, AuthCompleteDelayed) {
 TEST_P(TlsConnectTls13, AuthCompleteDelayed) {
   client_->SetAuthCertificateCallback(AuthCompleteBlock);
 
-  StartConnect();
+  server_->StartConnect();
+  client_->StartConnect();
   client_->Handshake();  // Send ClientHello
   server_->Handshake();  // Send ServerHello
   EXPECT_EQ(TlsAgent::STATE_CONNECTING, client_->state());
diff --git a/security/nss/gtests/ssl_gtest/ssl_cert_ext_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_cert_ext_unittest.cc
index 36ee104af..3463782e0 100644
--- a/security/nss/gtests/ssl_gtest/ssl_cert_ext_unittest.cc
+++ b/security/nss/gtests/ssl_gtest/ssl_cert_ext_unittest.cc
@@ -82,8 +82,9 @@ TEST_P(TlsConnectGenericPre13, SignedCertificateTimestampsLegacy) {
                             ssl_kea_rsa));
   EXPECT_EQ(SECSuccess, SSL_SetSignedCertTimestamps(server_->ssl_fd(),
                                                     &kSctItem, ssl_kea_rsa));
-
-  client_->SetOption(SSL_ENABLE_SIGNED_CERT_TIMESTAMPS, PR_TRUE);
+  EXPECT_EQ(SECSuccess,
+            SSL_OptionSet(client_->ssl_fd(), SSL_ENABLE_SIGNED_CERT_TIMESTAMPS,
+                          PR_TRUE));
   SignedCertificateTimestampsExtractor timestamps_extractor(client_);
 
   Connect();
@@ -95,7 +96,9 @@ TEST_P(TlsConnectGeneric, SignedCertificateTimestampsSuccess) {
   EnsureTlsSetup();
   EXPECT_TRUE(
       server_->ConfigServerCert(TlsAgent::kServerRsa, true, &kExtraSctData));
-  client_->SetOption(SSL_ENABLE_SIGNED_CERT_TIMESTAMPS, PR_TRUE);
+  EXPECT_EQ(SECSuccess,
+            SSL_OptionSet(client_->ssl_fd(), SSL_ENABLE_SIGNED_CERT_TIMESTAMPS,
+                          PR_TRUE));
   SignedCertificateTimestampsExtractor timestamps_extractor(client_);
 
   Connect();
@@ -117,7 +120,9 @@ TEST_P(TlsConnectGeneric, SignedCertificateTimestampsInactiveClient) {
 
 TEST_P(TlsConnectGeneric, SignedCertificateTimestampsInactiveServer) {
   EnsureTlsSetup();
-  client_->SetOption(SSL_ENABLE_SIGNED_CERT_TIMESTAMPS, PR_TRUE);
+  EXPECT_EQ(SECSuccess,
+            SSL_OptionSet(client_->ssl_fd(), SSL_ENABLE_SIGNED_CERT_TIMESTAMPS,
+                          PR_TRUE));
   SignedCertificateTimestampsExtractor timestamps_extractor(client_);
 
   Connect();
@@ -168,14 +173,16 @@ TEST_P(TlsConnectGeneric, OcspNotRequested) {
 // Even if the client asks, the server has nothing unless it is configured.
 TEST_P(TlsConnectGeneric, OcspNotProvided) {
   EnsureTlsSetup();
-  client_->SetOption(SSL_ENABLE_OCSP_STAPLING, PR_TRUE);
+  EXPECT_EQ(SECSuccess, SSL_OptionSet(client_->ssl_fd(),
+                                      SSL_ENABLE_OCSP_STAPLING, PR_TRUE));
   client_->SetAuthCertificateCallback(CheckNoOCSP);
   Connect();
 }
 
 TEST_P(TlsConnectGenericPre13, OcspMangled) {
   EnsureTlsSetup();
-  client_->SetOption(SSL_ENABLE_OCSP_STAPLING, PR_TRUE);
+  EXPECT_EQ(SECSuccess, SSL_OptionSet(client_->ssl_fd(),
+                                      SSL_ENABLE_OCSP_STAPLING, PR_TRUE));
   EXPECT_TRUE(
       server_->ConfigServerCert(TlsAgent::kServerRsa, true, &kOcspExtraData));
 
@@ -190,7 +197,8 @@ TEST_P(TlsConnectGenericPre13, OcspMangled) {
 
 TEST_P(TlsConnectGeneric, OcspSuccess) {
   EnsureTlsSetup();
-  client_->SetOption(SSL_ENABLE_OCSP_STAPLING, PR_TRUE);
+  EXPECT_EQ(SECSuccess, SSL_OptionSet(client_->ssl_fd(),
+                                      SSL_ENABLE_OCSP_STAPLING, PR_TRUE));
   auto capture_ocsp =
       std::make_shared<TlsExtensionCapture>(ssl_cert_status_xtn);
   server_->SetPacketFilter(capture_ocsp);
@@ -217,7 +225,8 @@ TEST_P(TlsConnectGeneric, OcspSuccess) {
 
 TEST_P(TlsConnectGeneric, OcspHugeSuccess) {
   EnsureTlsSetup();
-  client_->SetOption(SSL_ENABLE_OCSP_STAPLING, PR_TRUE);
+  EXPECT_EQ(SECSuccess, SSL_OptionSet(client_->ssl_fd(),
+                                      SSL_ENABLE_OCSP_STAPLING, PR_TRUE));
 
   uint8_t hugeOcspValue[16385];
   memset(hugeOcspValue, 0xa1, sizeof(hugeOcspValue));
diff --git a/security/nss/gtests/ssl_gtest/ssl_ciphersuite_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_ciphersuite_unittest.cc
index 810656868..85c30b2bf 100644
--- a/security/nss/gtests/ssl_gtest/ssl_ciphersuite_unittest.cc
+++ b/security/nss/gtests/ssl_gtest/ssl_ciphersuite_unittest.cc
@@ -31,11 +31,11 @@ class TlsCipherSuiteTestBase : public TlsConnectTestBase {
  public:
   TlsCipherSuiteTestBase(SSLProtocolVariant variant, uint16_t version,
                          uint16_t cipher_suite, SSLNamedGroup group,
-                         SSLSignatureScheme sig_scheme)
+                         SSLSignatureScheme signature_scheme)
       : TlsConnectTestBase(variant, version),
         cipher_suite_(cipher_suite),
         group_(group),
-        sig_scheme_(sig_scheme),
+        signature_scheme_(signature_scheme),
         csinfo_({0}) {
     SECStatus rv =
         SSL_GetCipherSuiteInfo(cipher_suite_, &csinfo_, sizeof(csinfo_));
@@ -60,14 +60,14 @@ class TlsCipherSuiteTestBase : public TlsConnectTestBase {
       server_->ConfigNamedGroups(groups);
       kea_type_ = SSLInt_GetKEAType(group_);
 
-      client_->SetSignatureSchemes(&sig_scheme_, 1);
-      server_->SetSignatureSchemes(&sig_scheme_, 1);
+      client_->SetSignatureSchemes(&signature_scheme_, 1);
+      server_->SetSignatureSchemes(&signature_scheme_, 1);
     }
   }
 
   virtual void SetupCertificate() {
     if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) {
-      switch (sig_scheme_) {
+      switch (signature_scheme_) {
         case ssl_sig_rsa_pkcs1_sha256:
         case ssl_sig_rsa_pkcs1_sha384:
         case ssl_sig_rsa_pkcs1_sha512:
@@ -93,7 +93,8 @@ class TlsCipherSuiteTestBase : public TlsConnectTestBase {
           auth_type_ = ssl_auth_ecdsa;
           break;
         default:
-          ADD_FAILURE() << "Unsupported signature scheme: " << sig_scheme_;
+          ASSERT_TRUE(false) << "Unsupported signature scheme: "
+                             << signature_scheme_;
           break;
       }
     } else {
@@ -186,7 +187,7 @@ class TlsCipherSuiteTestBase : public TlsConnectTestBase {
   SSLAuthType auth_type_;
   SSLKEAType kea_type_;
   SSLNamedGroup group_;
-  SSLSignatureScheme sig_scheme_;
+  SSLSignatureScheme signature_scheme_;
   SSLCipherSuiteInfo csinfo_;
 };
 
@@ -235,29 +236,27 @@ TEST_P(TlsCipherSuiteTest, ResumeCipherSuite) {
   ConnectAndCheckCipherSuite();
 }
 
+// This only works for stream ciphers because we modify the sequence number -
+// which is included explicitly in the DTLS record header - and that trips a
+// different error code.  Note that the message that the client sends would not
+// decrypt (the nonce/IV wouldn't match), but the record limit is hit before
+// attempting to decrypt a record.
 TEST_P(TlsCipherSuiteTest, ReadLimit) {
   SetupCertificate();
   EnableSingleCipher();
   ConnectAndCheckCipherSuite();
-  if (version_ < SSL_LIBRARY_VERSION_TLS_1_3) {
-    uint64_t last = last_safe_write();
-    EXPECT_EQ(SECSuccess, SSLInt_AdvanceWriteSeqNum(client_->ssl_fd(), last));
-    EXPECT_EQ(SECSuccess, SSLInt_AdvanceReadSeqNum(server_->ssl_fd(), last));
+  EXPECT_EQ(SECSuccess,
+            SSLInt_AdvanceWriteSeqNum(client_->ssl_fd(), last_safe_write()));
+  EXPECT_EQ(SECSuccess,
+            SSLInt_AdvanceReadSeqNum(server_->ssl_fd(), last_safe_write()));
 
-    client_->SendData(10, 10);
-    server_->ReadBytes();  // This should be OK.
-  } else {
-    // In TLS 1.3, reading or writing triggers a KeyUpdate.  That would mean
-    // that the sequence numbers would reset and we wouldn't hit the limit.  So
-    // we move the sequence number to one less than the limit directly and don't
-    // test sending and receiving just before the limit.
-    uint64_t last = record_limit() - 1;
-    EXPECT_EQ(SECSuccess, SSLInt_AdvanceReadSeqNum(server_->ssl_fd(), last));
-  }
+  client_->SendData(10, 10);
+  server_->ReadBytes();  // This should be OK.
 
-  // The payload needs to be big enough to pass for encrypted.  The code checks
-  // the limit before it tries to decrypt.
-  static const uint8_t payload[32] = {6};
+  // The payload needs to be big enough to pass for encrypted.  In the extreme
+  // case (TLS 1.3), this means 1 for payload, 1 for content type and 16 for
+  // authentication tag.
+  static const uint8_t payload[18] = {6};
   DataBuffer record;
   uint64_t epoch;
   if (variant_ == ssl_variant_datagram) {
@@ -272,17 +271,13 @@ TEST_P(TlsCipherSuiteTest, ReadLimit) {
   TlsAgentTestBase::MakeRecord(variant_, kTlsApplicationDataType, version_,
                                payload, sizeof(payload), &record,
                                (epoch << 48) | record_limit());
-  client_->SendDirect(record);
+  server_->adapter()->PacketReceived(record);
   server_->ExpectReadWriteError();
   server_->ReadBytes();
   EXPECT_EQ(SSL_ERROR_TOO_MANY_RECORDS, server_->error_code());
 }
 
 TEST_P(TlsCipherSuiteTest, WriteLimit) {
-  // This asserts in TLS 1.3 because we expect an automatic update.
-  if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) {
-    return;
-  }
   SetupCertificate();
   EnableSingleCipher();
   ConnectAndCheckCipherSuite();
diff --git a/security/nss/gtests/ssl_gtest/ssl_custext_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_custext_unittest.cc
deleted file mode 100644
index dad944a1f..000000000
--- a/security/nss/gtests/ssl_gtest/ssl_custext_unittest.cc
+++ /dev/null
@@ -1,503 +0,0 @@
-/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/* vim: set ts=2 et sw=2 tw=80: */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this file,
- * You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "ssl.h"
-#include "ssl3prot.h"
-#include "sslerr.h"
-#include "sslproto.h"
-#include "sslexp.h"
-
-#include <memory>
-
-#include "tls_connect.h"
-
-namespace nss_test {
-
-static void IncrementCounterArg(void *arg) {
-  if (arg) {
-    auto *called = reinterpret_cast<size_t *>(arg);
-    ++*called;
-  }
-}
-
-PRBool NoopExtensionWriter(PRFileDesc *fd, SSLHandshakeType message,
-                           PRUint8 *data, unsigned int *len,
-                           unsigned int maxLen, void *arg) {
-  IncrementCounterArg(arg);
-  return PR_FALSE;
-}
-
-PRBool EmptyExtensionWriter(PRFileDesc *fd, SSLHandshakeType message,
-                            PRUint8 *data, unsigned int *len,
-                            unsigned int maxLen, void *arg) {
-  IncrementCounterArg(arg);
-  return PR_TRUE;
-}
-
-SECStatus NoopExtensionHandler(PRFileDesc *fd, SSLHandshakeType message,
-                               const PRUint8 *data, unsigned int len,
-                               SSLAlertDescription *alert, void *arg) {
-  return SECSuccess;
-}
-
-// All of the (current) set of supported extensions, plus a few extra.
-static const uint16_t kManyExtensions[] = {
-    ssl_server_name_xtn,
-    ssl_cert_status_xtn,
-    ssl_supported_groups_xtn,
-    ssl_ec_point_formats_xtn,
-    ssl_signature_algorithms_xtn,
-    ssl_signature_algorithms_cert_xtn,
-    ssl_use_srtp_xtn,
-    ssl_app_layer_protocol_xtn,
-    ssl_signed_cert_timestamp_xtn,
-    ssl_padding_xtn,
-    ssl_extended_master_secret_xtn,
-    ssl_session_ticket_xtn,
-    ssl_tls13_key_share_xtn,
-    ssl_tls13_pre_shared_key_xtn,
-    ssl_tls13_early_data_xtn,
-    ssl_tls13_supported_versions_xtn,
-    ssl_tls13_cookie_xtn,
-    ssl_tls13_psk_key_exchange_modes_xtn,
-    ssl_tls13_ticket_early_data_info_xtn,
-    ssl_tls13_certificate_authorities_xtn,
-    ssl_next_proto_nego_xtn,
-    ssl_renegotiation_info_xtn,
-    ssl_tls13_short_header_xtn,
-    1,
-    0xffff};
-// The list here includes all extensions we expect to use (SSL_MAX_EXTENSIONS),
-// plus the deprecated values (see sslt.h), and two extra dummy values.
-PR_STATIC_ASSERT((SSL_MAX_EXTENSIONS + 5) == PR_ARRAY_SIZE(kManyExtensions));
-
-void InstallManyWriters(std::shared_ptr<TlsAgent> agent,
-                        SSLExtensionWriter writer, size_t *installed = nullptr,
-                        size_t *called = nullptr) {
-  for (size_t i = 0; i < PR_ARRAY_SIZE(kManyExtensions); ++i) {
-    SSLExtensionSupport support = ssl_ext_none;
-    SECStatus rv = SSL_GetExtensionSupport(kManyExtensions[i], &support);
-    ASSERT_EQ(SECSuccess, rv) << "SSL_GetExtensionSupport cannot fail";
-
-    rv = SSL_InstallExtensionHooks(agent->ssl_fd(), kManyExtensions[i], writer,
-                                   called, NoopExtensionHandler, nullptr);
-    if (support == ssl_ext_native_only) {
-      EXPECT_EQ(SECFailure, rv);
-      EXPECT_EQ(SEC_ERROR_INVALID_ARGS, PORT_GetError());
-    } else {
-      if (installed) {
-        ++*installed;
-      }
-      EXPECT_EQ(SECSuccess, rv);
-    }
-  }
-}
-
-TEST_F(TlsConnectStreamTls13, CustomExtensionAllNoopClient) {
-  EnsureTlsSetup();
-  size_t installed = 0;
-  size_t called = 0;
-  InstallManyWriters(client_, NoopExtensionWriter, &installed, &called);
-  EXPECT_LT(0U, installed);
-  Connect();
-  EXPECT_EQ(installed, called);
-}
-
-TEST_F(TlsConnectStreamTls13, CustomExtensionAllNoopServer) {
-  EnsureTlsSetup();
-  size_t installed = 0;
-  size_t called = 0;
-  InstallManyWriters(server_, NoopExtensionWriter, &installed, &called);
-  EXPECT_LT(0U, installed);
-  Connect();
-  // Extension writers are all called for each of ServerHello,
-  // EncryptedExtensions, and Certificate.
-  EXPECT_EQ(installed * 3, called);
-}
-
-TEST_F(TlsConnectStreamTls13, CustomExtensionEmptyWriterClient) {
-  EnsureTlsSetup();
-  InstallManyWriters(client_, EmptyExtensionWriter);
-  InstallManyWriters(server_, EmptyExtensionWriter);
-  Connect();
-}
-
-TEST_F(TlsConnectStreamTls13, CustomExtensionEmptyWriterServer) {
-  EnsureTlsSetup();
-  InstallManyWriters(server_, EmptyExtensionWriter);
-  // Sending extensions that the client doesn't expect leads to extensions
-  // appearing even if the client didn't send one, or in the wrong messages.
-  client_->ExpectSendAlert(kTlsAlertUnsupportedExtension);
-  server_->ExpectSendAlert(kTlsAlertBadRecordMac);
-  ConnectExpectFail();
-}
-
-// Install an writer to disable sending of a natively-supported extension.
-TEST_F(TlsConnectStreamTls13, CustomExtensionWriterDisable) {
-  EnsureTlsSetup();
-
-  // This option enables sending the extension via the native support.
-  SECStatus rv = SSL_OptionSet(client_->ssl_fd(),
-                               SSL_ENABLE_SIGNED_CERT_TIMESTAMPS, PR_TRUE);
-  EXPECT_EQ(SECSuccess, rv);
-
-  // This installs an override that doesn't do anything.  You have to specify
-  // something; passing all nullptr values removes an existing handler.
-  rv = SSL_InstallExtensionHooks(
-      client_->ssl_fd(), ssl_signed_cert_timestamp_xtn, NoopExtensionWriter,
-      nullptr, NoopExtensionHandler, nullptr);
-  EXPECT_EQ(SECSuccess, rv);
-  auto capture =
-      std::make_shared<TlsExtensionCapture>(ssl_signed_cert_timestamp_xtn);
-  client_->SetPacketFilter(capture);
-
-  Connect();
-  // So nothing will be sent.
-  EXPECT_FALSE(capture->captured());
-}
-
-// An extension that is unlikely to be parsed as valid.
-static uint8_t kNonsenseExtension[] = {91, 82, 73, 64, 55, 46, 37, 28, 19};
-
-static PRBool NonsenseExtensionWriter(PRFileDesc *fd, SSLHandshakeType message,
-                                      PRUint8 *data, unsigned int *len,
-                                      unsigned int maxLen, void *arg) {
-  TlsAgent *agent = reinterpret_cast<TlsAgent *>(arg);
-  EXPECT_NE(nullptr, agent);
-  EXPECT_NE(nullptr, data);
-  EXPECT_NE(nullptr, len);
-  EXPECT_EQ(0U, *len);
-  EXPECT_LT(0U, maxLen);
-  EXPECT_EQ(agent->ssl_fd(), fd);
-
-  if (message != ssl_hs_client_hello && message != ssl_hs_server_hello &&
-      message != ssl_hs_encrypted_extensions) {
-    return PR_FALSE;
-  }
-
-  *len = static_cast<unsigned int>(sizeof(kNonsenseExtension));
-  EXPECT_GE(maxLen, *len);
-  if (maxLen < *len) {
-    return PR_FALSE;
-  }
-  PORT_Memcpy(data, kNonsenseExtension, *len);
-  return PR_TRUE;
-}
-
-// Override the extension handler for an natively-supported and produce
-// nonsense, which results in a handshake failure.
-TEST_F(TlsConnectStreamTls13, CustomExtensionOverride) {
-  EnsureTlsSetup();
-
-  // This option enables sending the extension via the native support.
-  SECStatus rv = SSL_OptionSet(client_->ssl_fd(),
-                               SSL_ENABLE_SIGNED_CERT_TIMESTAMPS, PR_TRUE);
-  EXPECT_EQ(SECSuccess, rv);
-
-  // This installs an override that sends nonsense.
-  rv = SSL_InstallExtensionHooks(
-      client_->ssl_fd(), ssl_signed_cert_timestamp_xtn, NonsenseExtensionWriter,
-      client_.get(), NoopExtensionHandler, nullptr);
-  EXPECT_EQ(SECSuccess, rv);
-
-  // Capture it to see what we got.
-  auto capture =
-      std::make_shared<TlsExtensionCapture>(ssl_signed_cert_timestamp_xtn);
-  client_->SetPacketFilter(capture);
-
-  ConnectExpectAlert(server_, kTlsAlertDecodeError);
-
-  EXPECT_TRUE(capture->captured());
-  EXPECT_EQ(DataBuffer(kNonsenseExtension, sizeof(kNonsenseExtension)),
-            capture->extension());
-}
-
-static SECStatus NonsenseExtensionHandler(PRFileDesc *fd,
-                                          SSLHandshakeType message,
-                                          const PRUint8 *data, unsigned int len,
-                                          SSLAlertDescription *alert,
-                                          void *arg) {
-  TlsAgent *agent = reinterpret_cast<TlsAgent *>(arg);
-  EXPECT_EQ(agent->ssl_fd(), fd);
-  if (agent->role() == TlsAgent::SERVER) {
-    EXPECT_EQ(ssl_hs_client_hello, message);
-  } else {
-    EXPECT_TRUE(message == ssl_hs_server_hello ||
-                message == ssl_hs_encrypted_extensions);
-  }
-  EXPECT_EQ(DataBuffer(kNonsenseExtension, sizeof(kNonsenseExtension)),
-            DataBuffer(data, len));
-  EXPECT_NE(nullptr, alert);
-  return SECSuccess;
-}
-
-// Send nonsense in an extension from client to server.
-TEST_F(TlsConnectStreamTls13, CustomExtensionClientToServer) {
-  EnsureTlsSetup();
-
-  // This installs an override that sends nonsense.
-  const uint16_t extension_code = 0xffe5;
-  SECStatus rv = SSL_InstallExtensionHooks(
-      client_->ssl_fd(), extension_code, NonsenseExtensionWriter, client_.get(),
-      NoopExtensionHandler, nullptr);
-  EXPECT_EQ(SECSuccess, rv);
-
-  // Capture it to see what we got.
-  auto capture = std::make_shared<TlsExtensionCapture>(extension_code);
-  client_->SetPacketFilter(capture);
-
-  // Handle it so that the handshake completes.
-  rv = SSL_InstallExtensionHooks(server_->ssl_fd(), extension_code,
-                                 NoopExtensionWriter, nullptr,
-                                 NonsenseExtensionHandler, server_.get());
-  EXPECT_EQ(SECSuccess, rv);
-
-  Connect();
-
-  EXPECT_TRUE(capture->captured());
-  EXPECT_EQ(DataBuffer(kNonsenseExtension, sizeof(kNonsenseExtension)),
-            capture->extension());
-}
-
-static PRBool NonsenseExtensionWriterSH(PRFileDesc *fd,
-                                        SSLHandshakeType message, PRUint8 *data,
-                                        unsigned int *len, unsigned int maxLen,
-                                        void *arg) {
-  if (message == ssl_hs_server_hello) {
-    return NonsenseExtensionWriter(fd, message, data, len, maxLen, arg);
-  }
-  return PR_FALSE;
-}
-
-// Send nonsense in an extension from server to client, in ServerHello.
-TEST_F(TlsConnectStreamTls13, CustomExtensionServerToClientSH) {
-  EnsureTlsSetup();
-
-  // This installs an override that sends nothing but expects nonsense.
-  const uint16_t extension_code = 0xff5e;
-  SECStatus rv = SSL_InstallExtensionHooks(
-      client_->ssl_fd(), extension_code, EmptyExtensionWriter, nullptr,
-      NonsenseExtensionHandler, client_.get());
-  EXPECT_EQ(SECSuccess, rv);
-
-  // Have the server send nonsense.
-  rv = SSL_InstallExtensionHooks(server_->ssl_fd(), extension_code,
-                                 NonsenseExtensionWriterSH, server_.get(),
-                                 NoopExtensionHandler, nullptr);
-  EXPECT_EQ(SECSuccess, rv);
-
-  // Capture the extension from the ServerHello only and check it.
-  auto capture = std::make_shared<TlsExtensionCapture>(extension_code);
-  capture->SetHandshakeTypes({kTlsHandshakeServerHello});
-  server_->SetPacketFilter(capture);
-
-  Connect();
-
-  EXPECT_TRUE(capture->captured());
-  EXPECT_EQ(DataBuffer(kNonsenseExtension, sizeof(kNonsenseExtension)),
-            capture->extension());
-}
-
-static PRBool NonsenseExtensionWriterEE(PRFileDesc *fd,
-                                        SSLHandshakeType message, PRUint8 *data,
-                                        unsigned int *len, unsigned int maxLen,
-                                        void *arg) {
-  if (message == ssl_hs_encrypted_extensions) {
-    return NonsenseExtensionWriter(fd, message, data, len, maxLen, arg);
-  }
-  return PR_FALSE;
-}
-
-// Send nonsense in an extension from server to client, in EncryptedExtensions.
-TEST_F(TlsConnectStreamTls13, CustomExtensionServerToClientEE) {
-  EnsureTlsSetup();
-
-  // This installs an override that sends nothing but expects nonsense.
-  const uint16_t extension_code = 0xff5e;
-  SECStatus rv = SSL_InstallExtensionHooks(
-      client_->ssl_fd(), extension_code, EmptyExtensionWriter, nullptr,
-      NonsenseExtensionHandler, client_.get());
-  EXPECT_EQ(SECSuccess, rv);
-
-  // Have the server send nonsense.
-  rv = SSL_InstallExtensionHooks(server_->ssl_fd(), extension_code,
-                                 NonsenseExtensionWriterEE, server_.get(),
-                                 NoopExtensionHandler, nullptr);
-  EXPECT_EQ(SECSuccess, rv);
-
-  // Capture the extension from the EncryptedExtensions only and check it.
-  auto capture = std::make_shared<TlsExtensionCapture>(extension_code);
-  capture->SetHandshakeTypes({kTlsHandshakeEncryptedExtensions});
-  server_->SetTlsRecordFilter(capture);
-
-  Connect();
-
-  EXPECT_TRUE(capture->captured());
-  EXPECT_EQ(DataBuffer(kNonsenseExtension, sizeof(kNonsenseExtension)),
-            capture->extension());
-}
-
-TEST_F(TlsConnectStreamTls13, CustomExtensionUnsolicitedServer) {
-  EnsureTlsSetup();
-
-  const uint16_t extension_code = 0xff5e;
-  SECStatus rv = SSL_InstallExtensionHooks(
-      server_->ssl_fd(), extension_code, NonsenseExtensionWriter, server_.get(),
-      NoopExtensionHandler, nullptr);
-  EXPECT_EQ(SECSuccess, rv);
-
-  // Capture it to see what we got.
-  auto capture = std::make_shared<TlsExtensionCapture>(extension_code);
-  server_->SetPacketFilter(capture);
-
-  client_->ExpectSendAlert(kTlsAlertUnsupportedExtension);
-  server_->ExpectSendAlert(kTlsAlertBadRecordMac);
-  ConnectExpectFail();
-
-  EXPECT_TRUE(capture->captured());
-  EXPECT_EQ(DataBuffer(kNonsenseExtension, sizeof(kNonsenseExtension)),
-            capture->extension());
-}
-
-SECStatus RejectExtensionHandler(PRFileDesc *fd, SSLHandshakeType message,
-                                 const PRUint8 *data, unsigned int len,
-                                 SSLAlertDescription *alert, void *arg) {
-  return SECFailure;
-}
-
-TEST_F(TlsConnectStreamTls13, CustomExtensionServerReject) {
-  EnsureTlsSetup();
-
-  // This installs an override that sends nonsense.
-  const uint16_t extension_code = 0xffe7;
-  SECStatus rv = SSL_InstallExtensionHooks(client_->ssl_fd(), extension_code,
-                                           EmptyExtensionWriter, nullptr,
-                                           NoopExtensionHandler, nullptr);
-  EXPECT_EQ(SECSuccess, rv);
-
-  // Reject the extension for no good reason.
-  rv = SSL_InstallExtensionHooks(server_->ssl_fd(), extension_code,
-                                 NoopExtensionWriter, nullptr,
-                                 RejectExtensionHandler, nullptr);
-  EXPECT_EQ(SECSuccess, rv);
-
-  ConnectExpectAlert(server_, kTlsAlertHandshakeFailure);
-}
-
-// Send nonsense in an extension from client to server.
-TEST_F(TlsConnectStreamTls13, CustomExtensionClientReject) {
-  EnsureTlsSetup();
-
-  // This installs an override that sends nothing but expects nonsense.
-  const uint16_t extension_code = 0xff58;
-  SECStatus rv = SSL_InstallExtensionHooks(client_->ssl_fd(), extension_code,
-                                           EmptyExtensionWriter, nullptr,
-                                           RejectExtensionHandler, nullptr);
-  EXPECT_EQ(SECSuccess, rv);
-
-  // Have the server send nonsense.
-  rv = SSL_InstallExtensionHooks(server_->ssl_fd(), extension_code,
-                                 EmptyExtensionWriter, nullptr,
-                                 NoopExtensionHandler, nullptr);
-  EXPECT_EQ(SECSuccess, rv);
-
-  client_->ExpectSendAlert(kTlsAlertHandshakeFailure);
-  server_->ExpectSendAlert(kTlsAlertBadRecordMac);
-  ConnectExpectFail();
-}
-
-static const uint8_t kCustomAlert = 0xf6;
-
-SECStatus AlertExtensionHandler(PRFileDesc *fd, SSLHandshakeType message,
-                                const PRUint8 *data, unsigned int len,
-                                SSLAlertDescription *alert, void *arg) {
-  *alert = kCustomAlert;
-  return SECFailure;
-}
-
-TEST_F(TlsConnectStreamTls13, CustomExtensionServerRejectAlert) {
-  EnsureTlsSetup();
-
-  // This installs an override that sends nonsense.
-  const uint16_t extension_code = 0xffea;
-  SECStatus rv = SSL_InstallExtensionHooks(client_->ssl_fd(), extension_code,
-                                           EmptyExtensionWriter, nullptr,
-                                           NoopExtensionHandler, nullptr);
-  EXPECT_EQ(SECSuccess, rv);
-
-  // Reject the extension for no good reason.
-  rv = SSL_InstallExtensionHooks(server_->ssl_fd(), extension_code,
-                                 NoopExtensionWriter, nullptr,
-                                 AlertExtensionHandler, nullptr);
-  EXPECT_EQ(SECSuccess, rv);
-
-  ConnectExpectAlert(server_, kCustomAlert);
-}
-
-// Send nonsense in an extension from client to server.
-TEST_F(TlsConnectStreamTls13, CustomExtensionClientRejectAlert) {
-  EnsureTlsSetup();
-
-  // This installs an override that sends nothing but expects nonsense.
-  const uint16_t extension_code = 0xff5a;
-  SECStatus rv = SSL_InstallExtensionHooks(client_->ssl_fd(), extension_code,
-                                           EmptyExtensionWriter, nullptr,
-                                           AlertExtensionHandler, nullptr);
-  EXPECT_EQ(SECSuccess, rv);
-
-  // Have the server send nonsense.
-  rv = SSL_InstallExtensionHooks(server_->ssl_fd(), extension_code,
-                                 EmptyExtensionWriter, nullptr,
-                                 NoopExtensionHandler, nullptr);
-  EXPECT_EQ(SECSuccess, rv);
-
-  client_->ExpectSendAlert(kCustomAlert);
-  server_->ExpectSendAlert(kTlsAlertBadRecordMac);
-  ConnectExpectFail();
-}
-
-// Configure a custom extension hook badly.
-TEST_F(TlsConnectStreamTls13, CustomExtensionOnlyWriter) {
-  EnsureTlsSetup();
-
-  // This installs an override that sends nothing but expects nonsense.
-  SECStatus rv =
-      SSL_InstallExtensionHooks(client_->ssl_fd(), 0xff6c, EmptyExtensionWriter,
-                                nullptr, nullptr, nullptr);
-  EXPECT_EQ(SECFailure, rv);
-  EXPECT_EQ(SEC_ERROR_INVALID_ARGS, PORT_GetError());
-}
-
-TEST_F(TlsConnectStreamTls13, CustomExtensionOnlyHandler) {
-  EnsureTlsSetup();
-
-  // This installs an override that sends nothing but expects nonsense.
-  SECStatus rv =
-      SSL_InstallExtensionHooks(client_->ssl_fd(), 0xff6d, nullptr, nullptr,
-                                NoopExtensionHandler, nullptr);
-  EXPECT_EQ(SECFailure, rv);
-  EXPECT_EQ(SEC_ERROR_INVALID_ARGS, PORT_GetError());
-}
-
-TEST_F(TlsConnectStreamTls13, CustomExtensionOverrunBuffer) {
-  EnsureTlsSetup();
-  // This doesn't actually overrun the buffer, but it says that it does.
-  auto overrun_writer = [](PRFileDesc *fd, SSLHandshakeType message,
-                           PRUint8 *data, unsigned int *len,
-                           unsigned int maxLen, void *arg) -> PRBool {
-    *len = maxLen + 1;
-    return PR_TRUE;
-  };
-  SECStatus rv =
-      SSL_InstallExtensionHooks(client_->ssl_fd(), 0xff71, overrun_writer,
-                                nullptr, NoopExtensionHandler, nullptr);
-  EXPECT_EQ(SECSuccess, rv);
-  client_->StartConnect();
-  client_->Handshake();
-  client_->CheckErrorCode(SEC_ERROR_APPLICATION_CALLBACK_ERROR);
-}
-
-}  // namespace "nss_test"
diff --git a/security/nss/gtests/ssl_gtest/ssl_damage_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_damage_unittest.cc
index d1668b823..69fd00331 100644
--- a/security/nss/gtests/ssl_gtest/ssl_damage_unittest.cc
+++ b/security/nss/gtests/ssl_gtest/ssl_damage_unittest.cc
@@ -29,7 +29,8 @@ TEST_F(TlsConnectTest, DamageSecretHandleClientFinished) {
                            SSL_LIBRARY_VERSION_TLS_1_3);
   server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
                            SSL_LIBRARY_VERSION_TLS_1_3);
-  StartConnect();
+  server_->StartConnect();
+  client_->StartConnect();
   client_->Handshake();
   server_->Handshake();
   std::cerr << "Damaging HS secret" << std::endl;
@@ -50,12 +51,16 @@ TEST_F(TlsConnectTest, DamageSecretHandleServerFinished) {
                            SSL_LIBRARY_VERSION_TLS_1_3);
   server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
                            SSL_LIBRARY_VERSION_TLS_1_3);
+  client_->ExpectSendAlert(kTlsAlertDecryptError);
+  // The server can't read the client's alert, so it also sends an alert.
+  server_->ExpectSendAlert(kTlsAlertBadRecordMac);
   server_->SetPacketFilter(std::make_shared<AfterRecordN>(
       server_, client_,
       0,  // ServerHello.
       [this]() { SSLInt_DamageServerHsTrafficSecret(client_->ssl_fd()); }));
-  ConnectExpectAlert(client_, kTlsAlertDecryptError);
+  ConnectExpectFail();
   client_->CheckErrorCode(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE);
+  server_->CheckErrorCode(SSL_ERROR_BAD_MAC_READ);
 }
 
 TEST_P(TlsConnectGenericPre13, DamageServerSignature) {
@@ -74,7 +79,16 @@ TEST_P(TlsConnectTls13, DamageServerSignature) {
   auto filter =
       std::make_shared<TlsLastByteDamager>(kTlsHandshakeCertificateVerify);
   server_->SetTlsRecordFilter(filter);
-  ConnectExpectAlert(client_, kTlsAlertDecryptError);
+  filter->EnableDecryption();
+  client_->ExpectSendAlert(kTlsAlertDecryptError);
+  // The server can't read the client's alert, so it also sends an alert.
+  if (variant_ == ssl_variant_stream) {
+    server_->ExpectSendAlert(kTlsAlertBadRecordMac);
+    ConnectExpectFail();
+    server_->CheckErrorCode(SSL_ERROR_BAD_MAC_READ);
+  } else {
+    ConnectExpectFailOneSide(TlsAgent::CLIENT);
+  }
   client_->CheckErrorCode(SEC_ERROR_BAD_SIGNATURE);
 }
 
@@ -86,9 +100,11 @@ TEST_P(TlsConnectGeneric, DamageClientSignature) {
       std::make_shared<TlsLastByteDamager>(kTlsHandshakeCertificateVerify);
   client_->SetTlsRecordFilter(filter);
   server_->ExpectSendAlert(kTlsAlertDecryptError);
+  filter->EnableDecryption();
   // Do these handshakes by hand to avoid race condition on
   // the client processing the server's alert.
-  StartConnect();
+  client_->StartConnect();
+  server_->StartConnect();
   client_->Handshake();
   server_->Handshake();
   client_->Handshake();
diff --git a/security/nss/gtests/ssl_gtest/ssl_dhe_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_dhe_unittest.cc
index 4aa3bb639..97943303a 100644
--- a/security/nss/gtests/ssl_gtest/ssl_dhe_unittest.cc
+++ b/security/nss/gtests/ssl_gtest/ssl_dhe_unittest.cc
@@ -59,7 +59,8 @@ TEST_P(TlsConnectTls13, SharesForBothEcdheAndDhe) {
 
 TEST_P(TlsConnectGeneric, ConnectFfdheClient) {
   EnableOnlyDheCiphers();
-  client_->SetOption(SSL_REQUIRE_DH_NAMED_GROUPS, PR_TRUE);
+  EXPECT_EQ(SECSuccess, SSL_OptionSet(client_->ssl_fd(),
+                                      SSL_REQUIRE_DH_NAMED_GROUPS, PR_TRUE));
   auto groups_capture =
       std::make_shared<TlsExtensionCapture>(ssl_supported_groups_xtn);
   auto shares_capture =
@@ -89,7 +90,8 @@ TEST_P(TlsConnectGeneric, ConnectFfdheClient) {
 // because the client automatically sends the supported groups extension.
 TEST_P(TlsConnectGenericPre13, ConnectFfdheServer) {
   EnableOnlyDheCiphers();
-  server_->SetOption(SSL_REQUIRE_DH_NAMED_GROUPS, PR_TRUE);
+  EXPECT_EQ(SECSuccess, SSL_OptionSet(server_->ssl_fd(),
+                                      SSL_REQUIRE_DH_NAMED_GROUPS, PR_TRUE));
 
   if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) {
     Connect();
@@ -103,11 +105,14 @@ TEST_P(TlsConnectGenericPre13, ConnectFfdheServer) {
 
 class TlsDheServerKeyExchangeDamager : public TlsHandshakeFilter {
  public:
-  TlsDheServerKeyExchangeDamager()
-      : TlsHandshakeFilter({kTlsHandshakeServerKeyExchange}) {}
+  TlsDheServerKeyExchangeDamager() {}
   virtual PacketFilter::Action FilterHandshake(
       const TlsHandshakeFilter::HandshakeHeader& header,
       const DataBuffer& input, DataBuffer* output) {
+    if (header.handshake_type() != kTlsHandshakeServerKeyExchange) {
+      return KEEP;
+    }
+
     // Damage the first octet of dh_p.  Anything other than the known prime will
     // be rejected as "weak" when we have SSL_REQUIRE_DH_NAMED_GROUPS enabled.
     *output = input;
@@ -121,7 +126,8 @@ class TlsDheServerKeyExchangeDamager : public TlsHandshakeFilter {
 // the signature until everything else has been checked.
 TEST_P(TlsConnectGenericPre13, DamageServerKeyShare) {
   EnableOnlyDheCiphers();
-  client_->SetOption(SSL_REQUIRE_DH_NAMED_GROUPS, PR_TRUE);
+  EXPECT_EQ(SECSuccess, SSL_OptionSet(client_->ssl_fd(),
+                                      SSL_REQUIRE_DH_NAMED_GROUPS, PR_TRUE));
   server_->SetPacketFilter(std::make_shared<TlsDheServerKeyExchangeDamager>());
 
   ConnectExpectAlert(client_, kTlsAlertIllegalParameter);
@@ -141,8 +147,7 @@ class TlsDheSkeChangeY : public TlsHandshakeFilter {
     kYZeroPad
   };
 
-  TlsDheSkeChangeY(uint8_t handshake_type, ChangeYTo change)
-      : TlsHandshakeFilter({handshake_type}), change_Y_(change) {}
+  TlsDheSkeChangeY(ChangeYTo change) : change_Y_(change) {}
 
  protected:
   void ChangeY(const DataBuffer& input, DataBuffer* output, size_t offset,
@@ -208,9 +213,7 @@ class TlsDheSkeChangeY : public TlsHandshakeFilter {
 class TlsDheSkeChangeYServer : public TlsDheSkeChangeY {
  public:
   TlsDheSkeChangeYServer(ChangeYTo change, bool modify)
-      : TlsDheSkeChangeY(kTlsHandshakeServerKeyExchange, change),
-        modify_(modify),
-        p_() {}
+      : TlsDheSkeChangeY(change), modify_(modify), p_() {}
 
   const DataBuffer& prime() const { return p_; }
 
@@ -218,6 +221,10 @@ class TlsDheSkeChangeYServer : public TlsDheSkeChangeY {
   virtual PacketFilter::Action FilterHandshake(
       const TlsHandshakeFilter::HandshakeHeader& header,
       const DataBuffer& input, DataBuffer* output) override {
+    if (header.handshake_type() != kTlsHandshakeServerKeyExchange) {
+      return KEEP;
+    }
+
     size_t offset = 2;
     // Read dh_p
     uint32_t dh_len = 0;
@@ -247,13 +254,16 @@ class TlsDheSkeChangeYClient : public TlsDheSkeChangeY {
   TlsDheSkeChangeYClient(
       ChangeYTo change,
       std::shared_ptr<const TlsDheSkeChangeYServer> server_filter)
-      : TlsDheSkeChangeY(kTlsHandshakeClientKeyExchange, change),
-        server_filter_(server_filter) {}
+      : TlsDheSkeChangeY(change), server_filter_(server_filter) {}
 
  protected:
   virtual PacketFilter::Action FilterHandshake(
       const TlsHandshakeFilter::HandshakeHeader& header,
       const DataBuffer& input, DataBuffer* output) override {
+    if (header.handshake_type() != kTlsHandshakeClientKeyExchange) {
+      return KEEP;
+    }
+
     ChangeY(input, output, 0, server_filter_->prime());
     return CHANGE;
   }
@@ -279,7 +289,8 @@ class TlsDamageDHYTest
 TEST_P(TlsDamageDHYTest, DamageServerY) {
   EnableOnlyDheCiphers();
   if (std::get<3>(GetParam())) {
-    client_->SetOption(SSL_REQUIRE_DH_NAMED_GROUPS, PR_TRUE);
+    EXPECT_EQ(SECSuccess, SSL_OptionSet(client_->ssl_fd(),
+                                        SSL_REQUIRE_DH_NAMED_GROUPS, PR_TRUE));
   }
   TlsDheSkeChangeY::ChangeYTo change = std::get<2>(GetParam());
   server_->SetPacketFilter(
@@ -309,7 +320,8 @@ TEST_P(TlsDamageDHYTest, DamageServerY) {
 TEST_P(TlsDamageDHYTest, DamageClientY) {
   EnableOnlyDheCiphers();
   if (std::get<3>(GetParam())) {
-    client_->SetOption(SSL_REQUIRE_DH_NAMED_GROUPS, PR_TRUE);
+    EXPECT_EQ(SECSuccess, SSL_OptionSet(client_->ssl_fd(),
+                                        SSL_REQUIRE_DH_NAMED_GROUPS, PR_TRUE));
   }
   // The filter on the server is required to capture the prime.
   auto server_filter =
@@ -358,10 +370,13 @@ INSTANTIATE_TEST_CASE_P(
 
 class TlsDheSkeMakePEven : public TlsHandshakeFilter {
  public:
-  TlsDheSkeMakePEven() : TlsHandshakeFilter({kTlsHandshakeServerKeyExchange}) {}
   virtual PacketFilter::Action FilterHandshake(
       const TlsHandshakeFilter::HandshakeHeader& header,
       const DataBuffer& input, DataBuffer* output) {
+    if (header.handshake_type() != kTlsHandshakeServerKeyExchange) {
+      return KEEP;
+    }
+
     // Find the end of dh_p
     uint32_t dh_len = 0;
     EXPECT_TRUE(input.Read(0, 2, &dh_len));
@@ -389,10 +404,13 @@ TEST_P(TlsConnectGenericPre13, MakeDhePEven) {
 
 class TlsDheSkeZeroPadP : public TlsHandshakeFilter {
  public:
-  TlsDheSkeZeroPadP() : TlsHandshakeFilter({kTlsHandshakeServerKeyExchange}) {}
   virtual PacketFilter::Action FilterHandshake(
       const TlsHandshakeFilter::HandshakeHeader& header,
       const DataBuffer& input, DataBuffer* output) {
+    if (header.handshake_type() != kTlsHandshakeServerKeyExchange) {
+      return KEEP;
+    }
+
     *output = input;
     uint32_t dh_len = 0;
     EXPECT_TRUE(input.Read(0, 2, &dh_len));
@@ -427,7 +445,8 @@ TEST_P(TlsConnectGenericPre13, PadDheP) {
 // Note: This test case can take ages to generate the weak DH key.
 TEST_P(TlsConnectGenericPre13, WeakDHGroup) {
   EnableOnlyDheCiphers();
-  client_->SetOption(SSL_REQUIRE_DH_NAMED_GROUPS, PR_TRUE);
+  EXPECT_EQ(SECSuccess, SSL_OptionSet(client_->ssl_fd(),
+                                      SSL_REQUIRE_DH_NAMED_GROUPS, PR_TRUE));
   EXPECT_EQ(SECSuccess,
             SSL_EnableWeakDHEPrimeGroup(server_->ssl_fd(), PR_TRUE));
 
@@ -477,7 +496,8 @@ TEST_P(TlsConnectTls13, NamedGroupMismatch13) {
 // custom group in contrast to the previous test.
 TEST_P(TlsConnectGenericPre13, RequireNamedGroupsMismatchPre13) {
   EnableOnlyDheCiphers();
-  client_->SetOption(SSL_REQUIRE_DH_NAMED_GROUPS, PR_TRUE);
+  EXPECT_EQ(SECSuccess, SSL_OptionSet(client_->ssl_fd(),
+                                      SSL_REQUIRE_DH_NAMED_GROUPS, PR_TRUE));
   static const std::vector<SSLNamedGroup> server_groups = {ssl_grp_ffdhe_3072};
   static const std::vector<SSLNamedGroup> client_groups = {ssl_grp_ec_secp256r1,
                                                            ssl_grp_ffdhe_2048};
@@ -505,7 +525,8 @@ TEST_P(TlsConnectGenericPre13, PreferredFfdhe) {
 
 TEST_P(TlsConnectGenericPre13, MismatchDHE) {
   EnableOnlyDheCiphers();
-  client_->SetOption(SSL_REQUIRE_DH_NAMED_GROUPS, PR_TRUE);
+  EXPECT_EQ(SECSuccess, SSL_OptionSet(client_->ssl_fd(),
+                                      SSL_REQUIRE_DH_NAMED_GROUPS, PR_TRUE));
   static const SSLDHEGroupType serverGroups[] = {ssl_ff_dhe_3072_group};
   EXPECT_EQ(SECSuccess, SSL_DHEGroupPrefSet(server_->ssl_fd(), serverGroups,
                                             PR_ARRAY_SIZE(serverGroups)));
@@ -523,8 +544,7 @@ TEST_P(TlsConnectTls13, ResumeFfdhe) {
   ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
   Connect();
   SendReceive();  // Need to read so that we absorb the session ticket.
-  CheckKeys(ssl_kea_dh, ssl_grp_ffdhe_2048, ssl_auth_rsa_sign,
-            ssl_sig_rsa_pss_sha256);
+  CheckKeys(ssl_kea_dh, ssl_auth_rsa_sign);
 
   Reset();
   ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
@@ -537,8 +557,7 @@ TEST_P(TlsConnectTls13, ResumeFfdhe) {
   server_->SetPacketFilter(serverCapture);
   ExpectResumption(RESUME_TICKET);
   Connect();
-  CheckKeys(ssl_kea_dh, ssl_grp_ffdhe_2048, ssl_auth_rsa_sign,
-            ssl_sig_rsa_pss_sha256);
+  CheckKeys(ssl_kea_dh, ssl_grp_ffdhe_2048, ssl_auth_rsa_sign, ssl_sig_none);
   ASSERT_LT(0UL, clientCapture->extension().len());
   ASSERT_LT(0UL, serverCapture->extension().len());
 }
@@ -546,15 +565,16 @@ TEST_P(TlsConnectTls13, ResumeFfdhe) {
 class TlsDheSkeChangeSignature : public TlsHandshakeFilter {
  public:
   TlsDheSkeChangeSignature(uint16_t version, const uint8_t* data, size_t len)
-      : TlsHandshakeFilter({kTlsHandshakeServerKeyExchange}),
-        version_(version),
-        data_(data),
-        len_(len) {}
+      : version_(version), data_(data), len_(len) {}
 
  protected:
   virtual PacketFilter::Action FilterHandshake(const HandshakeHeader& header,
                                                const DataBuffer& input,
                                                DataBuffer* output) {
+    if (header.handshake_type() != kTlsHandshakeServerKeyExchange) {
+      return KEEP;
+    }
+
     TlsParser parser(input);
     EXPECT_TRUE(parser.SkipVariable(2));  // dh_p
     EXPECT_TRUE(parser.SkipVariable(2));  // dh_g
diff --git a/security/nss/gtests/ssl_gtest/ssl_drop_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_drop_unittest.cc
index c059e9938..3cc3b0e62 100644
--- a/security/nss/gtests/ssl_gtest/ssl_drop_unittest.cc
+++ b/security/nss/gtests/ssl_gtest/ssl_drop_unittest.cc
@@ -6,7 +6,6 @@
 
 #include "secerr.h"
 #include "ssl.h"
-#include "sslexp.h"
 
 extern "C" {
 // This is not something that should make you happy.
@@ -21,13 +20,13 @@ extern "C" {
 
 namespace nss_test {
 
-TEST_P(TlsConnectDatagramPre13, DropClientFirstFlightOnce) {
+TEST_P(TlsConnectDatagram, DropClientFirstFlightOnce) {
   client_->SetPacketFilter(std::make_shared<SelectiveDropFilter>(0x1));
   Connect();
   SendReceive();
 }
 
-TEST_P(TlsConnectDatagramPre13, DropServerFirstFlightOnce) {
+TEST_P(TlsConnectDatagram, DropServerFirstFlightOnce) {
   server_->SetPacketFilter(std::make_shared<SelectiveDropFilter>(0x1));
   Connect();
   SendReceive();
@@ -36,760 +35,36 @@ TEST_P(TlsConnectDatagramPre13, DropServerFirstFlightOnce) {
 // This drops the first transmission from both the client and server of all
 // flights that they send.  Note: In DTLS 1.3, the shorter handshake means that
 // this will also drop some application data, so we can't call SendReceive().
-TEST_P(TlsConnectDatagramPre13, DropAllFirstTransmissions) {
+TEST_P(TlsConnectDatagram, DropAllFirstTransmissions) {
   client_->SetPacketFilter(std::make_shared<SelectiveDropFilter>(0x15));
   server_->SetPacketFilter(std::make_shared<SelectiveDropFilter>(0x5));
   Connect();
 }
 
 // This drops the server's first flight three times.
-TEST_P(TlsConnectDatagramPre13, DropServerFirstFlightThrice) {
+TEST_P(TlsConnectDatagram, DropServerFirstFlightThrice) {
   server_->SetPacketFilter(std::make_shared<SelectiveDropFilter>(0x7));
   Connect();
 }
 
 // This drops the client's second flight once
-TEST_P(TlsConnectDatagramPre13, DropClientSecondFlightOnce) {
+TEST_P(TlsConnectDatagram, DropClientSecondFlightOnce) {
   client_->SetPacketFilter(std::make_shared<SelectiveDropFilter>(0x2));
   Connect();
 }
 
 // This drops the client's second flight three times.
-TEST_P(TlsConnectDatagramPre13, DropClientSecondFlightThrice) {
+TEST_P(TlsConnectDatagram, DropClientSecondFlightThrice) {
   client_->SetPacketFilter(std::make_shared<SelectiveDropFilter>(0xe));
   Connect();
 }
 
 // This drops the server's second flight three times.
-TEST_P(TlsConnectDatagramPre13, DropServerSecondFlightThrice) {
+TEST_P(TlsConnectDatagram, DropServerSecondFlightThrice) {
   server_->SetPacketFilter(std::make_shared<SelectiveDropFilter>(0xe));
   Connect();
 }
 
-class TlsDropDatagram13 : public TlsConnectDatagram13 {
- public:
-  TlsDropDatagram13()
-      : client_filters_(),
-        server_filters_(),
-        expected_client_acks_(0),
-        expected_server_acks_(1) {}
-
-  void SetUp() {
-    TlsConnectDatagram13::SetUp();
-    ConfigureSessionCache(RESUME_NONE, RESUME_NONE);
-    SetFilters();
-  }
-
-  void SetFilters() {
-    EnsureTlsSetup();
-    client_->SetPacketFilter(client_filters_.chain_);
-    client_filters_.ack_->SetAgent(client_.get());
-    client_filters_.ack_->EnableDecryption();
-    server_->SetPacketFilter(server_filters_.chain_);
-    server_filters_.ack_->SetAgent(server_.get());
-    server_filters_.ack_->EnableDecryption();
-  }
-
-  void HandshakeAndAck(const std::shared_ptr<TlsAgent>& agent) {
-    agent->Handshake();  // Read flight.
-    ShiftDtlsTimers();
-    agent->Handshake();  // Generate ACK.
-  }
-
-  void ShrinkPostServerHelloMtu() {
-    // Abuse the custom extension mechanism to modify the MTU so that the
-    // Certificate message is split into two pieces.
-    ASSERT_EQ(
-        SECSuccess,
-        SSL_InstallExtensionHooks(
-            server_->ssl_fd(), 1,
-            [](PRFileDesc* fd, SSLHandshakeType message, PRUint8* data,
-               unsigned int* len, unsigned int maxLen, void* arg) -> PRBool {
-              SSLInt_SetMTU(fd, 500);  // Splits the certificate.
-              return PR_FALSE;
-            },
-            nullptr,
-            [](PRFileDesc* fd, SSLHandshakeType message, const PRUint8* data,
-               unsigned int len, SSLAlertDescription* alert,
-               void* arg) -> SECStatus { return SECSuccess; },
-            nullptr));
-  }
-
- protected:
-  class DropAckChain {
-   public:
-    DropAckChain()
-        : records_(std::make_shared<TlsRecordRecorder>()),
-          ack_(std::make_shared<TlsRecordRecorder>(content_ack)),
-          drop_(std::make_shared<SelectiveRecordDropFilter>(0, false)),
-          chain_(std::make_shared<ChainedPacketFilter>(
-              ChainedPacketFilterInit({records_, ack_, drop_}))) {}
-
-    const TlsRecord& record(size_t i) const { return records_->record(i); }
-
-    std::shared_ptr<TlsRecordRecorder> records_;
-    std::shared_ptr<TlsRecordRecorder> ack_;
-    std::shared_ptr<SelectiveRecordDropFilter> drop_;
-    std::shared_ptr<PacketFilter> chain_;
-  };
-
-  void CheckAcks(const DropAckChain& chain, size_t index,
-                 std::vector<uint64_t> acks) {
-    const DataBuffer& buf = chain.ack_->record(index).buffer;
-    size_t offset = 0;
-
-    EXPECT_EQ(acks.size() * 8, buf.len());
-    if ((acks.size() * 8) != buf.len()) {
-      while (offset < buf.len()) {
-        uint64_t ack;
-        ASSERT_TRUE(buf.Read(offset, 8, &ack));
-        offset += 8;
-        std::cerr << "Ack=0x" << std::hex << ack << std::dec << std::endl;
-      }
-      return;
-    }
-
-    for (size_t i = 0; i < acks.size(); ++i) {
-      uint64_t a = acks[i];
-      uint64_t ack;
-      ASSERT_TRUE(buf.Read(offset, 8, &ack));
-      offset += 8;
-      if (a != ack) {
-        ADD_FAILURE() << "Wrong ack " << i << " expected=0x" << std::hex << a
-                      << " got=0x" << ack << std::dec;
-      }
-    }
-  }
-
-  void CheckedHandshakeSendReceive() {
-    Handshake();
-    CheckPostHandshake();
-  }
-
-  void CheckPostHandshake() {
-    CheckConnected();
-    SendReceive();
-    EXPECT_EQ(expected_client_acks_, client_filters_.ack_->count());
-    EXPECT_EQ(expected_server_acks_, server_filters_.ack_->count());
-  }
-
- protected:
-  DropAckChain client_filters_;
-  DropAckChain server_filters_;
-  size_t expected_client_acks_;
-  size_t expected_server_acks_;
-};
-
-// All of these tests produce a minimum one ACK, from the server
-// to the client upon receiving the client Finished.
-// Dropping complete first and second flights does not produce
-// ACKs
-TEST_F(TlsDropDatagram13, DropClientFirstFlightOnce) {
-  client_filters_.drop_->Reset({0});
-  StartConnect();
-  client_->Handshake();
-  server_->Handshake();
-  CheckedHandshakeSendReceive();
-  CheckAcks(server_filters_, 0, {0x0002000000000000ULL});
-}
-
-TEST_F(TlsDropDatagram13, DropServerFirstFlightOnce) {
-  server_filters_.drop_->Reset(0xff);
-  StartConnect();
-  client_->Handshake();
-  // Send the first flight, all dropped.
-  server_->Handshake();
-  server_filters_.drop_->Disable();
-  CheckedHandshakeSendReceive();
-  CheckAcks(server_filters_, 0, {0x0002000000000000ULL});
-}
-
-// Dropping the server's first record also does not produce
-// an ACK because the next record is ignored.
-// TODO(ekr@rtfm.com): We should generate an empty ACK.
-TEST_F(TlsDropDatagram13, DropServerFirstRecordOnce) {
-  server_filters_.drop_->Reset({0});
-  StartConnect();
-  client_->Handshake();
-  server_->Handshake();
-  Handshake();
-  CheckedHandshakeSendReceive();
-  CheckAcks(server_filters_, 0, {0x0002000000000000ULL});
-}
-
-// Dropping the second packet of the server's flight should
-// produce an ACK.
-TEST_F(TlsDropDatagram13, DropServerSecondRecordOnce) {
-  server_filters_.drop_->Reset({1});
-  StartConnect();
-  client_->Handshake();
-  server_->Handshake();
-  HandshakeAndAck(client_);
-  expected_client_acks_ = 1;
-  CheckedHandshakeSendReceive();
-  CheckAcks(client_filters_, 0, {0});
-  CheckAcks(server_filters_, 0, {0x0002000000000000ULL});
-}
-
-// Drop the server ACK and verify that the client retransmits
-// the ClientHello.
-TEST_F(TlsDropDatagram13, DropServerAckOnce) {
-  StartConnect();
-  client_->Handshake();
-  server_->Handshake();
-  // At this point the server has sent it's first flight,
-  // so make it drop the ACK.
-  server_filters_.drop_->Reset({0});
-  client_->Handshake();  // Send the client Finished.
-  server_->Handshake();  // Receive the Finished and send the ACK.
-  EXPECT_EQ(TlsAgent::STATE_CONNECTED, client_->state());
-  EXPECT_EQ(TlsAgent::STATE_CONNECTED, server_->state());
-  // Wait for the DTLS timeout to make sure we retransmit the
-  // Finished.
-  ShiftDtlsTimers();
-  client_->Handshake();  // Retransmit the Finished.
-  server_->Handshake();  // Read the Finished and send an ACK.
-  uint8_t buf[1];
-  PRInt32 rv = PR_Read(client_->ssl_fd(), buf, sizeof(buf));
-  expected_server_acks_ = 2;
-  EXPECT_GT(0, rv);
-  EXPECT_EQ(PR_WOULD_BLOCK_ERROR, PORT_GetError());
-  CheckPostHandshake();
-  // There should be two copies of the finished ACK
-  CheckAcks(server_filters_, 0, {0x0002000000000000ULL});
-  CheckAcks(server_filters_, 0, {0x0002000000000000ULL});
-}
-
-// Drop the client certificate verify.
-TEST_F(TlsDropDatagram13, DropClientCertVerify) {
-  StartConnect();
-  client_->SetupClientAuth();
-  server_->RequestClientAuth(true);
-  client_->Handshake();
-  server_->Handshake();
-  // Have the client drop Cert Verify
-  client_filters_.drop_->Reset({1});
-  expected_server_acks_ = 2;
-  CheckedHandshakeSendReceive();
-  // Ack of the Cert.
-  CheckAcks(server_filters_, 0, {0x0002000000000000ULL});
-  // Ack of the whole client handshake.
-  CheckAcks(
-      server_filters_, 1,
-      {0x0002000000000000ULL,  // CH (we drop everything after this on client)
-       0x0002000000000003ULL,  // CT (2)
-       0x0002000000000004ULL}  // FIN (2)
-      );
-}
-
-// Shrink the MTU down so that certs get split and drop the first piece.
-TEST_F(TlsDropDatagram13, DropFirstHalfOfServerCertificate) {
-  server_filters_.drop_->Reset({2});
-  StartConnect();
-  ShrinkPostServerHelloMtu();
-  client_->Handshake();
-  server_->Handshake();
-  // Check that things got split.
-  EXPECT_EQ(6UL,
-            server_filters_.records_->count());  // SH, EE, CT1, CT2, CV, FIN
-  size_t ct1_size = server_filters_.record(2).buffer.len();
-  server_filters_.records_->Clear();
-  expected_client_acks_ = 1;
-  HandshakeAndAck(client_);
-  server_->Handshake();                               // Retransmit
-  EXPECT_EQ(3UL, server_filters_.records_->count());  // CT2, CV, FIN
-  // Check that the first record is CT1 (which is identical to the same
-  // as the previous CT1).
-  EXPECT_EQ(ct1_size, server_filters_.record(0).buffer.len());
-  CheckedHandshakeSendReceive();
-  CheckAcks(client_filters_, 0,
-            {0,                      // SH
-             0x0002000000000000ULL,  // EE
-             0x0002000000000002ULL}  // CT2
-            );
-  CheckAcks(server_filters_, 0, {0x0002000000000000ULL});
-}
-
-// Shrink the MTU down so that certs get split and drop the second piece.
-TEST_F(TlsDropDatagram13, DropSecondHalfOfServerCertificate) {
-  server_filters_.drop_->Reset({3});
-  StartConnect();
-  ShrinkPostServerHelloMtu();
-  client_->Handshake();
-  server_->Handshake();
-  // Check that things got split.
-  EXPECT_EQ(6UL,
-            server_filters_.records_->count());  // SH, EE, CT1, CT2, CV, FIN
-  size_t ct1_size = server_filters_.record(3).buffer.len();
-  server_filters_.records_->Clear();
-  expected_client_acks_ = 1;
-  HandshakeAndAck(client_);
-  server_->Handshake();                               // Retransmit
-  EXPECT_EQ(3UL, server_filters_.records_->count());  // CT1, CV, FIN
-  // Check that the first record is CT1
-  EXPECT_EQ(ct1_size, server_filters_.record(0).buffer.len());
-  CheckedHandshakeSendReceive();
-  CheckAcks(client_filters_, 0,
-            {
-                0,                      // SH
-                0x0002000000000000ULL,  // EE
-                0x0002000000000001ULL,  // CT1
-            });
-  CheckAcks(server_filters_, 0, {0x0002000000000000ULL});
-}
-
-// In this test, the Certificate message is sent four times, we drop all or part
-// of the first three attempts:
-// 1. Without fragmentation so that we can see how big it is - we drop that.
-// 2. In two pieces - we drop half AND the resulting ACK.
-// 3. In three pieces - we drop the middle piece.
-//
-// After that we let all the ACKs through and allow the handshake to complete
-// without further interference.
-//
-// This allows us to test that ranges of handshake messages are sent correctly
-// even when there are overlapping acknowledgments; that ACKs with duplicate or
-// overlapping message ranges are handled properly; and that extra
-// retransmissions are handled properly.
-class TlsFragmentationAndRecoveryTest : public TlsDropDatagram13 {
- public:
-  TlsFragmentationAndRecoveryTest() : cert_len_(0) {}
-
- protected:
-  void RunTest(size_t dropped_half) {
-    FirstFlightDropCertificate();
-
-    SecondAttemptDropHalf(dropped_half);
-    size_t dropped_half_size = server_record_len(dropped_half);
-    size_t second_flight_count = server_filters_.records_->count();
-
-    ThirdAttemptDropMiddle();
-    size_t repaired_third_size = server_record_len((dropped_half == 0) ? 0 : 2);
-    size_t third_flight_count = server_filters_.records_->count();
-
-    AckAndCompleteRetransmission();
-    size_t final_server_flight_count = server_filters_.records_->count();
-    EXPECT_LE(3U, final_server_flight_count);  // CT(sixth), CV, Fin
-    CheckSizeOfSixth(dropped_half_size, repaired_third_size);
-
-    SendDelayedAck();
-    // Same number of messages as the last flight.
-    EXPECT_EQ(final_server_flight_count, server_filters_.records_->count());
-    // Double check that the Certificate size is still correct.
-    CheckSizeOfSixth(dropped_half_size, repaired_third_size);
-
-    CompleteHandshake(final_server_flight_count);
-
-    // This is the ACK for the first attempt to send a whole certificate.
-    std::vector<uint64_t> client_acks = {
-        0,                     // SH
-        0x0002000000000000ULL  // EE
-    };
-    CheckAcks(client_filters_, 0, client_acks);
-    // And from the second attempt for the half was kept (we delayed this ACK).
-    client_acks.push_back(0x0002000000000000ULL + second_flight_count +
-                          ~dropped_half % 2);
-    CheckAcks(client_filters_, 1, client_acks);
-    // And the third attempt where the first and last thirds got through.
-    client_acks.push_back(0x0002000000000000ULL + second_flight_count +
-                          third_flight_count - 1);
-    client_acks.push_back(0x0002000000000000ULL + second_flight_count +
-                          third_flight_count + 1);
-    CheckAcks(client_filters_, 2, client_acks);
-    CheckAcks(server_filters_, 0, {0x0002000000000000ULL});
-  }
-
- private:
-  void FirstFlightDropCertificate() {
-    StartConnect();
-    client_->Handshake();
-
-    // Note: 1 << N is the Nth packet, starting from zero.
-    server_filters_.drop_->Reset(1 << 2);  // Drop Cert0.
-    server_->Handshake();
-    EXPECT_EQ(5U, server_filters_.records_->count());  // SH, EE, CT, CV, Fin
-    cert_len_ = server_filters_.records_->record(2).buffer.len();
-
-    HandshakeAndAck(client_);
-    EXPECT_EQ(2U, client_filters_.records_->count());
-  }
-
-  // Lower the MTU so that the server has to split the certificate in two
-  // pieces.  The server resends Certificate (in two), plus CV and Fin.
-  void SecondAttemptDropHalf(size_t dropped_half) {
-    ASSERT_LE(0U, dropped_half);
-    ASSERT_GT(2U, dropped_half);
-    server_filters_.records_->Clear();
-    server_filters_.drop_->Reset({dropped_half});  // Drop Cert1[half]
-    SplitServerMtu(2);
-    server_->Handshake();
-    EXPECT_LE(4U, server_filters_.records_->count());  // CT x2, CV, Fin
-
-    // Generate and capture the ACK from the client.
-    client_filters_.drop_->Reset({0});
-    HandshakeAndAck(client_);
-    EXPECT_EQ(3U, client_filters_.records_->count());
-  }
-
-  // Lower the MTU again so that the server sends Certificate cut into three
-  // pieces.  Drop the middle piece.
-  void ThirdAttemptDropMiddle() {
-    server_filters_.records_->Clear();
-    server_filters_.drop_->Reset({1});  // Drop Cert2[1] (of 3)
-    SplitServerMtu(3);
-    // Because we dropped the client ACK, the server retransmits on a timer.
-    ShiftDtlsTimers();
-    server_->Handshake();
-    EXPECT_LE(5U, server_filters_.records_->count());  // CT x3, CV, Fin
-  }
-
-  void AckAndCompleteRetransmission() {
-    // Generate ACKs.
-    HandshakeAndAck(client_);
-    // The server should send the final sixth of the certificate: the client has
-    // acknowledged the first half and the last third.  Also send CV and Fin.
-    server_filters_.records_->Clear();
-    server_->Handshake();
-  }
-
-  void CheckSizeOfSixth(size_t size_of_half, size_t size_of_third) {
-    // Work out if the final sixth is the right size.  We get the records with
-    // overheads added, which obscures the length of the payload.  We want to
-    // ensure that the server only sent the missing sixth of the Certificate.
-    //
-    // We captured |size_of_half + overhead| and |size_of_third + overhead| and
-    // want to calculate |size_of_third - size_of_third + overhead|.  We can't
-    // calculate |overhead|, but it is is (currently) always a handshake message
-    // header, a content type, and an authentication tag:
-    static const size_t record_overhead = 12 + 1 + 16;
-    EXPECT_EQ(size_of_half - size_of_third + record_overhead,
-              server_filters_.records_->record(0).buffer.len());
-  }
-
-  void SendDelayedAck() {
-    // Send the ACK we held back.  The reordered ACK doesn't add new
-    // information,
-    // but triggers an extra retransmission of the missing records again (even
-    // though the client has all that it needs).
-    client_->SendRecordDirect(client_filters_.records_->record(2));
-    server_filters_.records_->Clear();
-    server_->Handshake();
-  }
-
-  void CompleteHandshake(size_t extra_retransmissions) {
-    // All this messing around shouldn't cause a failure...
-    Handshake();
-    // ...but it leaves a mess.  Add an extra few calls to Handshake() for the
-    // client so that it absorbs the extra retransmissions.
-    for (size_t i = 0; i < extra_retransmissions; ++i) {
-      client_->Handshake();
-    }
-    CheckConnected();
-  }
-
-  // Split the server MTU so that the Certificate is split into |count| pieces.
-  // The calculation doesn't need to be perfect as long as the Certificate
-  // message is split into the right number of pieces.
-  void SplitServerMtu(size_t count) {
-    // Set the MTU based on the formula:
-    // bare_size = cert_len_ - actual_overhead
-    // MTU = ceil(bare_size / count) + pessimistic_overhead
-    //
-    // actual_overhead is the amount of actual overhead on the record we
-    // captured, which is (note that our length doesn't include the header):
-    static const size_t actual_overhead = 12 +  // handshake message header
-                                          1 +   // content type
-                                          16;   // authentication tag
-    size_t bare_size = cert_len_ - actual_overhead;
-
-    // pessimistic_overhead is the amount of expansion that NSS assumes will be
-    // added to each handshake record.  Right now, that is DTLS_MIN_FRAGMENT:
-    static const size_t pessimistic_overhead =
-        12 +  // handshake message header
-        1 +   // content type
-        13 +  // record header length
-        64;   // maximum record expansion: IV, MAC and block cipher expansion
-
-    size_t mtu = (bare_size + count - 1) / count + pessimistic_overhead;
-    if (g_ssl_gtest_verbose) {
-      std::cerr << "server: set MTU to " << mtu << std::endl;
-    }
-    EXPECT_EQ(SECSuccess, SSLInt_SetMTU(server_->ssl_fd(), mtu));
-  }
-
-  size_t server_record_len(size_t index) const {
-    return server_filters_.records_->record(index).buffer.len();
-  }
-
-  size_t cert_len_;
-};
-
-TEST_F(TlsFragmentationAndRecoveryTest, DropFirstHalf) { RunTest(0); }
-
-TEST_F(TlsFragmentationAndRecoveryTest, DropSecondHalf) { RunTest(1); }
-
-TEST_F(TlsDropDatagram13, NoDropsDuringZeroRtt) {
-  SetupForZeroRtt();
-  SetFilters();
-  std::cerr << "Starting second handshake" << std::endl;
-  client_->Set0RttEnabled(true);
-  server_->Set0RttEnabled(true);
-  ExpectResumption(RESUME_TICKET);
-  ZeroRttSendReceive(true, true);
-  Handshake();
-  ExpectEarlyDataAccepted(true);
-  CheckConnected();
-  SendReceive();
-  CheckAcks(server_filters_, 0, {0x0002000000000000ULL});
-}
-
-TEST_F(TlsDropDatagram13, DropEEDuringZeroRtt) {
-  SetupForZeroRtt();
-  SetFilters();
-  std::cerr << "Starting second handshake" << std::endl;
-  client_->Set0RttEnabled(true);
-  server_->Set0RttEnabled(true);
-  ExpectResumption(RESUME_TICKET);
-  server_filters_.drop_->Reset({1});
-  ZeroRttSendReceive(true, true);
-  HandshakeAndAck(client_);
-  Handshake();
-  ExpectEarlyDataAccepted(true);
-  CheckConnected();
-  SendReceive();
-  CheckAcks(client_filters_, 0, {0});
-  CheckAcks(server_filters_, 0, {0x0002000000000000ULL});
-}
-
-class TlsReorderDatagram13 : public TlsDropDatagram13 {
- public:
-  TlsReorderDatagram13() {}
-
-  // Send records from the records buffer in the given order.
-  void ReSend(TlsAgent::Role side, std::vector<size_t> indices) {
-    std::shared_ptr<TlsAgent> agent;
-    std::shared_ptr<TlsRecordRecorder> records;
-
-    if (side == TlsAgent::CLIENT) {
-      agent = client_;
-      records = client_filters_.records_;
-    } else {
-      agent = server_;
-      records = server_filters_.records_;
-    }
-
-    for (auto i : indices) {
-      agent->SendRecordDirect(records->record(i));
-    }
-  }
-};
-
-// Reorder the server records so that EE comes at the end
-// of the flight and will still produce an ACK.
-TEST_F(TlsDropDatagram13, ReorderServerEE) {
-  server_filters_.drop_->Reset({1});
-  StartConnect();
-  client_->Handshake();
-  server_->Handshake();
-  // We dropped EE, now reinject.
-  server_->SendRecordDirect(server_filters_.record(1));
-  expected_client_acks_ = 1;
-  HandshakeAndAck(client_);
-  CheckedHandshakeSendReceive();
-  CheckAcks(client_filters_, 0,
-            {
-                0,                   // SH
-                0x0002000000000000,  // EE
-            });
-  CheckAcks(server_filters_, 0, {0x0002000000000000ULL});
-}
-
-// The client sends an out of order non-handshake message
-// but with the handshake key.
-class TlsSendCipherSpecCapturer {
- public:
-  TlsSendCipherSpecCapturer(std::shared_ptr<TlsAgent>& agent)
-      : send_cipher_specs_() {
-    SSLInt_SetCipherSpecChangeFunc(agent->ssl_fd(), CipherSpecChanged,
-                                   (void*)this);
-  }
-
-  std::shared_ptr<TlsCipherSpec> spec(size_t i) {
-    if (i >= send_cipher_specs_.size()) {
-      return nullptr;
-    }
-    return send_cipher_specs_[i];
-  }
-
- private:
-  static void CipherSpecChanged(void* arg, PRBool sending,
-                                ssl3CipherSpec* newSpec) {
-    if (!sending) {
-      return;
-    }
-
-    auto self = static_cast<TlsSendCipherSpecCapturer*>(arg);
-
-    auto spec = std::make_shared<TlsCipherSpec>();
-    bool ret = spec->Init(SSLInt_CipherSpecToEpoch(newSpec),
-                          SSLInt_CipherSpecToAlgorithm(newSpec),
-                          SSLInt_CipherSpecToKey(newSpec),
-                          SSLInt_CipherSpecToIv(newSpec));
-    EXPECT_EQ(true, ret);
-    self->send_cipher_specs_.push_back(spec);
-  }
-
-  std::vector<std::shared_ptr<TlsCipherSpec>> send_cipher_specs_;
-};
-
-TEST_F(TlsDropDatagram13, SendOutOfOrderAppWithHandshakeKey) {
-  StartConnect();
-  TlsSendCipherSpecCapturer capturer(client_);
-  client_->Handshake();
-  server_->Handshake();
-  client_->Handshake();
-  EXPECT_EQ(TlsAgent::STATE_CONNECTED, client_->state());
-  server_->Handshake();
-  EXPECT_EQ(TlsAgent::STATE_CONNECTED, server_->state());
-  // After the client sends Finished, inject an app data record
-  // with the handshake key. This should produce an alert.
-  uint8_t buf[] = {'a', 'b', 'c'};
-  auto spec = capturer.spec(0);
-  ASSERT_NE(nullptr, spec.get());
-  ASSERT_EQ(2, spec->epoch());
-  ASSERT_TRUE(client_->SendEncryptedRecord(
-      spec, SSL_LIBRARY_VERSION_DTLS_1_2_WIRE, 0x0002000000000002,
-      kTlsApplicationDataType, DataBuffer(buf, sizeof(buf))));
-
-  // Now have the server consume the bogus message.
-  server_->ExpectSendAlert(illegal_parameter, kTlsAlertFatal);
-  server_->Handshake();
-  EXPECT_EQ(TlsAgent::STATE_ERROR, server_->state());
-  EXPECT_EQ(SSL_ERROR_RX_UNKNOWN_RECORD_TYPE, PORT_GetError());
-}
-
-TEST_F(TlsDropDatagram13, SendOutOfOrderHsNonsenseWithHandshakeKey) {
-  StartConnect();
-  TlsSendCipherSpecCapturer capturer(client_);
-  client_->Handshake();
-  server_->Handshake();
-  client_->Handshake();
-  EXPECT_EQ(TlsAgent::STATE_CONNECTED, client_->state());
-  server_->Handshake();
-  EXPECT_EQ(TlsAgent::STATE_CONNECTED, server_->state());
-  // Inject a new bogus handshake record, which the server responds
-  // to by just ACKing the original one (we ignore the contents).
-  uint8_t buf[] = {'a', 'b', 'c'};
-  auto spec = capturer.spec(0);
-  ASSERT_NE(nullptr, spec.get());
-  ASSERT_EQ(2, spec->epoch());
-  ASSERT_TRUE(client_->SendEncryptedRecord(
-      spec, SSL_LIBRARY_VERSION_DTLS_1_2_WIRE, 0x0002000000000002,
-      kTlsHandshakeType, DataBuffer(buf, sizeof(buf))));
-  server_->Handshake();
-  EXPECT_EQ(2UL, server_filters_.ack_->count());
-  CheckAcks(server_filters_, 0, {0x0002000000000000ULL});
-  CheckAcks(server_filters_, 1, {0x0002000000000000ULL});
-}
-
-// Shrink the MTU down so that certs get split and then swap the first and
-// second pieces of the server certificate.
-TEST_F(TlsReorderDatagram13, ReorderServerCertificate) {
-  StartConnect();
-  ShrinkPostServerHelloMtu();
-  client_->Handshake();
-  // Drop the entire handshake flight so we can reorder.
-  server_filters_.drop_->Reset(0xff);
-  server_->Handshake();
-  // Check that things got split.
-  EXPECT_EQ(6UL,
-            server_filters_.records_->count());  // CH, EE, CT1, CT2, CV, FIN
-  // Now re-send things in a different order.
-  ReSend(TlsAgent::SERVER, std::vector<size_t>{0, 1, 3, 2, 4, 5});
-  // Clear.
-  server_filters_.drop_->Disable();
-  server_filters_.records_->Clear();
-  // Wait for client to send ACK.
-  ShiftDtlsTimers();
-  CheckedHandshakeSendReceive();
-  EXPECT_EQ(2UL, server_filters_.records_->count());  // ACK + Data
-  CheckAcks(server_filters_, 0, {0x0002000000000000ULL});
-}
-
-TEST_F(TlsReorderDatagram13, DataAfterEOEDDuringZeroRtt) {
-  SetupForZeroRtt();
-  SetFilters();
-  std::cerr << "Starting second handshake" << std::endl;
-  client_->Set0RttEnabled(true);
-  server_->Set0RttEnabled(true);
-  ExpectResumption(RESUME_TICKET);
-  // Send the client's first flight of zero RTT data.
-  ZeroRttSendReceive(true, true);
-  // Now send another client application data record but
-  // capture it.
-  client_filters_.records_->Clear();
-  client_filters_.drop_->Reset(0xff);
-  const char* k0RttData = "123456";
-  const PRInt32 k0RttDataLen = static_cast<PRInt32>(strlen(k0RttData));
-  PRInt32 rv =
-      PR_Write(client_->ssl_fd(), k0RttData, k0RttDataLen);  // 0-RTT write.
-  EXPECT_EQ(k0RttDataLen, rv);
-  EXPECT_EQ(1UL, client_filters_.records_->count());  // data
-  server_->Handshake();
-  client_->Handshake();
-  ExpectEarlyDataAccepted(true);
-  // The server still hasn't received anything at this point.
-  EXPECT_EQ(3UL, client_filters_.records_->count());  // data, EOED, FIN
-  EXPECT_EQ(TlsAgent::STATE_CONNECTED, client_->state());
-  EXPECT_EQ(TlsAgent::STATE_CONNECTING, server_->state());
-  // Now re-send the client's messages: EOED, data, FIN
-  ReSend(TlsAgent::CLIENT, std::vector<size_t>({1, 0, 2}));
-  server_->Handshake();
-  CheckConnected();
-  CheckAcks(server_filters_, 0, {0x0002000000000000ULL});
-  uint8_t buf[8];
-  rv = PR_Read(server_->ssl_fd(), buf, sizeof(buf));
-  EXPECT_EQ(-1, rv);
-  EXPECT_EQ(PR_WOULD_BLOCK_ERROR, PORT_GetError());
-}
-
-TEST_F(TlsReorderDatagram13, DataAfterFinDuringZeroRtt) {
-  SetupForZeroRtt();
-  SetFilters();
-  std::cerr << "Starting second handshake" << std::endl;
-  client_->Set0RttEnabled(true);
-  server_->Set0RttEnabled(true);
-  ExpectResumption(RESUME_TICKET);
-  // Send the client's first flight of zero RTT data.
-  ZeroRttSendReceive(true, true);
-  // Now send another client application data record but
-  // capture it.
-  client_filters_.records_->Clear();
-  client_filters_.drop_->Reset(0xff);
-  const char* k0RttData = "123456";
-  const PRInt32 k0RttDataLen = static_cast<PRInt32>(strlen(k0RttData));
-  PRInt32 rv =
-      PR_Write(client_->ssl_fd(), k0RttData, k0RttDataLen);  // 0-RTT write.
-  EXPECT_EQ(k0RttDataLen, rv);
-  EXPECT_EQ(1UL, client_filters_.records_->count());  // data
-  server_->Handshake();
-  client_->Handshake();
-  ExpectEarlyDataAccepted(true);
-  // The server still hasn't received anything at this point.
-  EXPECT_EQ(3UL, client_filters_.records_->count());  // EOED, FIN, Data
-  EXPECT_EQ(TlsAgent::STATE_CONNECTED, client_->state());
-  EXPECT_EQ(TlsAgent::STATE_CONNECTING, server_->state());
-  // Now re-send the client's messages: EOED, FIN, Data
-  ReSend(TlsAgent::CLIENT, std::vector<size_t>({1, 2, 0}));
-  server_->Handshake();
-  CheckConnected();
-  CheckAcks(server_filters_, 0, {0x0002000000000000ULL});
-  uint8_t buf[8];
-  rv = PR_Read(server_->ssl_fd(), buf, sizeof(buf));
-  EXPECT_EQ(-1, rv);
-  EXPECT_EQ(PR_WOULD_BLOCK_ERROR, PORT_GetError());
-}
-
 static void GetCipherAndLimit(uint16_t version, uint16_t* cipher,
                               uint64_t* limit = nullptr) {
   uint64_t l;
@@ -836,6 +111,7 @@ TEST_P(TlsConnectDatagram12Plus, MissAWindow) {
   GetCipherAndLimit(version_, &cipher);
   server_->EnableSingleCipher(cipher);
   Connect();
+
   EXPECT_EQ(SECSuccess, SSLInt_AdvanceWriteSeqByAWindow(client_->ssl_fd(), 0));
   SendReceive();
 }
@@ -853,7 +129,5 @@ TEST_P(TlsConnectDatagram12Plus, MissAWindowAndOne) {
 
 INSTANTIATE_TEST_CASE_P(Datagram12Plus, TlsConnectDatagram12Plus,
                         TlsConnectTestBase::kTlsV12Plus);
-INSTANTIATE_TEST_CASE_P(DatagramPre13, TlsConnectDatagramPre13,
-                        TlsConnectTestBase::kTlsV11V12);
 
 }  // namespace nss_test
diff --git a/security/nss/gtests/ssl_gtest/ssl_ecdh_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_ecdh_unittest.cc
index e0f8b1f55..1e406b6c2 100644
--- a/security/nss/gtests/ssl_gtest/ssl_ecdh_unittest.cc
+++ b/security/nss/gtests/ssl_gtest/ssl_ecdh_unittest.cc
@@ -193,9 +193,7 @@ TEST_P(TlsConnectGenericPre13, P384PriorityFromModelSocket) {
 
 class TlsKeyExchangeGroupCapture : public TlsHandshakeFilter {
  public:
-  TlsKeyExchangeGroupCapture()
-      : TlsHandshakeFilter({kTlsHandshakeServerKeyExchange}),
-        group_(ssl_grp_none) {}
+  TlsKeyExchangeGroupCapture() : group_(ssl_grp_none) {}
 
   SSLNamedGroup group() const { return group_; }
 
@@ -203,6 +201,10 @@ class TlsKeyExchangeGroupCapture : public TlsHandshakeFilter {
   virtual PacketFilter::Action FilterHandshake(const HandshakeHeader &header,
                                                const DataBuffer &input,
                                                DataBuffer *output) {
+    if (header.handshake_type() != kTlsHandshakeServerKeyExchange) {
+      return KEEP;
+    }
+
     uint32_t value = 0;
     EXPECT_TRUE(input.Read(0, 1, &value));
     EXPECT_EQ(3U, value) << "curve type has to be 3";
@@ -516,12 +518,16 @@ TEST_P(TlsKeyExchangeTest13, MultipleClientShares) {
 // Replace the point in the client key exchange message with an empty one
 class ECCClientKEXFilter : public TlsHandshakeFilter {
  public:
-  ECCClientKEXFilter() : TlsHandshakeFilter({kTlsHandshakeClientKeyExchange}) {}
+  ECCClientKEXFilter() {}
 
  protected:
   virtual PacketFilter::Action FilterHandshake(const HandshakeHeader &header,
                                                const DataBuffer &input,
                                                DataBuffer *output) {
+    if (header.handshake_type() != kTlsHandshakeClientKeyExchange) {
+      return KEEP;
+    }
+
     // Replace the client key exchange message with an empty point
     output->Allocate(1);
     output->Write(0, 0U, 1);  // set point length 0
@@ -532,16 +538,20 @@ class ECCClientKEXFilter : public TlsHandshakeFilter {
 // Replace the point in the server key exchange message with an empty one
 class ECCServerKEXFilter : public TlsHandshakeFilter {
  public:
-  ECCServerKEXFilter() : TlsHandshakeFilter({kTlsHandshakeServerKeyExchange}) {}
+  ECCServerKEXFilter() {}
 
  protected:
   virtual PacketFilter::Action FilterHandshake(const HandshakeHeader &header,
                                                const DataBuffer &input,
                                                DataBuffer *output) {
+    if (header.handshake_type() != kTlsHandshakeServerKeyExchange) {
+      return KEEP;
+    }
+
     // Replace the server key exchange message with an empty point
     output->Allocate(4);
     output->Write(0, 3U, 1);  // named curve
-    uint32_t curve = 0;
+    uint32_t curve;
     EXPECT_TRUE(input.Read(1, 2, &curve));  // get curve id
     output->Write(1, curve, 2);             // write curve id
     output->Write(3, 0U, 1);                // point length 0
diff --git a/security/nss/gtests/ssl_gtest/ssl_exporter_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_exporter_unittest.cc
index c42883eb7..be407b42e 100644
--- a/security/nss/gtests/ssl_gtest/ssl_exporter_unittest.cc
+++ b/security/nss/gtests/ssl_gtest/ssl_exporter_unittest.cc
@@ -118,6 +118,7 @@ int32_t RegularExporterShouldFail(TlsAgent* agent, const SECItem* srvNameArr,
 
 TEST_P(TlsConnectTls13, EarlyExporter) {
   SetupForZeroRtt();
+  ExpectAlert(client_, kTlsAlertEndOfEarlyData);
   client_->Set0RttEnabled(true);
   server_->Set0RttEnabled(true);
   ExpectResumption(RESUME_TICKET);
diff --git a/security/nss/gtests/ssl_gtest/ssl_extension_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_extension_unittest.cc
index 4142ab07a..d15139419 100644
--- a/security/nss/gtests/ssl_gtest/ssl_extension_unittest.cc
+++ b/security/nss/gtests/ssl_gtest/ssl_extension_unittest.cc
@@ -61,14 +61,60 @@ class TlsExtensionDamager : public TlsExtensionFilter {
   size_t index_;
 };
 
+class TlsExtensionInjector : public TlsHandshakeFilter {
+ public:
+  TlsExtensionInjector(uint16_t ext, DataBuffer& data)
+      : extension_(ext), data_(data) {}
+
+  virtual PacketFilter::Action FilterHandshake(const HandshakeHeader& header,
+                                               const DataBuffer& input,
+                                               DataBuffer* output) {
+    TlsParser parser(input);
+    if (!TlsExtensionFilter::FindExtensions(&parser, header)) {
+      return KEEP;
+    }
+    size_t offset = parser.consumed();
+
+    *output = input;
+
+    // Increase the size of the extensions.
+    uint16_t ext_len;
+    memcpy(&ext_len, output->data() + offset, sizeof(ext_len));
+    ext_len = htons(ntohs(ext_len) + data_.len() + 4);
+    memcpy(output->data() + offset, &ext_len, sizeof(ext_len));
+
+    // Insert the extension type and length.
+    DataBuffer type_length;
+    type_length.Allocate(4);
+    type_length.Write(0, extension_, 2);
+    type_length.Write(2, data_.len(), 2);
+    output->Splice(type_length, offset + 2);
+
+    // Insert the payload.
+    if (data_.len() > 0) {
+      output->Splice(data_, offset + 6);
+    }
+
+    return CHANGE;
+  }
+
+ private:
+  const uint16_t extension_;
+  const DataBuffer data_;
+};
+
 class TlsExtensionAppender : public TlsHandshakeFilter {
  public:
   TlsExtensionAppender(uint8_t handshake_type, uint16_t ext, DataBuffer& data)
-      : TlsHandshakeFilter({handshake_type}), extension_(ext), data_(data) {}
+      : handshake_type_(handshake_type), extension_(ext), data_(data) {}
 
   virtual PacketFilter::Action FilterHandshake(const HandshakeHeader& header,
                                                const DataBuffer& input,
                                                DataBuffer* output) {
+    if (header.handshake_type() != handshake_type_) {
+      return KEEP;
+    }
+
     TlsParser parser(input);
     if (!TlsExtensionFilter::FindExtensions(&parser, header)) {
       return KEEP;
@@ -113,6 +159,7 @@ class TlsExtensionAppender : public TlsHandshakeFilter {
     return true;
   }
 
+  const uint8_t handshake_type_;
   const uint16_t extension_;
   const DataBuffer data_;
 };
@@ -153,7 +200,8 @@ class TlsExtensionTestBase : public TlsConnectTestBase {
     client_->ConfigNamedGroups(client_groups);
     server_->ConfigNamedGroups(server_groups);
     EnsureTlsSetup();
-    StartConnect();
+    client_->StartConnect();
+    server_->StartConnect();
     client_->Handshake();  // Send ClientHello
     server_->Handshake();  // Send HRR.
     client_->SetPacketFilter(std::make_shared<TlsExtensionDropper>(type));
@@ -961,6 +1009,7 @@ class TlsBogusExtensionTest : public TlsConnectTestBase,
         std::make_shared<TlsExtensionAppender>(message, extension, empty);
     if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) {
       server_->SetTlsRecordFilter(filter);
+      filter->EnableDecryption();
     } else {
       server_->SetPacketFilter(filter);
     }
@@ -983,20 +1032,17 @@ class TlsBogusExtensionTestPre13 : public TlsBogusExtensionTest {
 class TlsBogusExtensionTest13 : public TlsBogusExtensionTest {
  protected:
   void ConnectAndFail(uint8_t message) override {
-    if (message != kTlsHandshakeServerHello) {
+    if (message == kTlsHandshakeHelloRetryRequest) {
       ConnectExpectAlert(client_, kTlsAlertUnsupportedExtension);
       return;
     }
 
-    FailWithAlert(kTlsAlertUnsupportedExtension);
-  }
-
-  void FailWithAlert(uint8_t alert) {
-    StartConnect();
+    client_->StartConnect();
+    server_->StartConnect();
     client_->Handshake();  // ClientHello
     server_->Handshake();  // ServerHello
 
-    client_->ExpectSendAlert(alert);
+    client_->ExpectSendAlert(kTlsAlertUnsupportedExtension);
     client_->Handshake();
     if (variant_ == ssl_variant_stream) {
       server_->ExpectSendAlert(kTlsAlertBadRecordMac);
@@ -1021,12 +1067,9 @@ TEST_P(TlsBogusExtensionTest13, AddBogusExtensionCertificate) {
   Run(kTlsHandshakeCertificate);
 }
 
-// It's perfectly valid to set unknown extensions in CertificateRequest.
 TEST_P(TlsBogusExtensionTest13, AddBogusExtensionCertificateRequest) {
   server_->RequestClientAuth(false);
-  AddFilter(kTlsHandshakeCertificateRequest, 0xff);
-  ConnectExpectAlert(client_, kTlsAlertDecryptError);
-  client_->CheckErrorCode(SEC_ERROR_BAD_SIGNATURE);
+  Run(kTlsHandshakeCertificateRequest);
 }
 
 TEST_P(TlsBogusExtensionTest13, AddBogusExtensionHelloRetryRequest) {
@@ -1036,6 +1079,10 @@ TEST_P(TlsBogusExtensionTest13, AddBogusExtensionHelloRetryRequest) {
   Run(kTlsHandshakeHelloRetryRequest);
 }
 
+TEST_P(TlsBogusExtensionTest13, AddVersionExtensionServerHello) {
+  Run(kTlsHandshakeServerHello, ssl_tls13_supported_versions_xtn);
+}
+
 TEST_P(TlsBogusExtensionTest13, AddVersionExtensionEncryptedExtensions) {
   Run(kTlsHandshakeEncryptedExtensions, ssl_tls13_supported_versions_xtn);
 }
@@ -1049,6 +1096,13 @@ TEST_P(TlsBogusExtensionTest13, AddVersionExtensionCertificateRequest) {
   Run(kTlsHandshakeCertificateRequest, ssl_tls13_supported_versions_xtn);
 }
 
+TEST_P(TlsBogusExtensionTest13, AddVersionExtensionHelloRetryRequest) {
+  static const std::vector<SSLNamedGroup> groups = {ssl_grp_ec_secp384r1};
+  server_->ConfigNamedGroups(groups);
+
+  Run(kTlsHandshakeHelloRetryRequest, ssl_tls13_supported_versions_xtn);
+}
+
 // NewSessionTicket allows unknown extensions AND it isn't protected by the
 // Finished.  So adding an unknown extension doesn't cause an error.
 TEST_P(TlsBogusExtensionTest13, AddBogusExtensionNewSessionTicket) {
diff --git a/security/nss/gtests/ssl_gtest/ssl_fragment_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_fragment_unittest.cc
index 64b824786..44cacce46 100644
--- a/security/nss/gtests/ssl_gtest/ssl_fragment_unittest.cc
+++ b/security/nss/gtests/ssl_gtest/ssl_fragment_unittest.cc
@@ -51,16 +51,10 @@ class RecordFragmenter : public PacketFilter {
       while (parser.remaining()) {
         TlsHandshakeFilter::HandshakeHeader handshake_header;
         DataBuffer handshake_body;
-        bool complete = false;
-        if (!handshake_header.Parse(&parser, record_header, DataBuffer(),
-                                    &handshake_body, &complete)) {
+        if (!handshake_header.Parse(&parser, record_header, &handshake_body)) {
           ADD_FAILURE() << "couldn't parse handshake header";
           return false;
         }
-        if (!complete) {
-          ADD_FAILURE() << "don't want to deal with fragmented messages";
-          return false;
-        }
 
         DataBuffer record_fragment;
         // We can't fragment handshake records that are too small.
@@ -88,7 +82,7 @@ class RecordFragmenter : public PacketFilter {
       while (parser.remaining()) {
         TlsRecordHeader header;
         DataBuffer record;
-        if (!header.Parse(0, &parser, &record)) {
+        if (!header.Parse(&parser, &record)) {
           ADD_FAILURE() << "bad record header";
           return false;
         }
diff --git a/security/nss/gtests/ssl_gtest/ssl_fuzz_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_fuzz_unittest.cc
index ab4c0eab7..1587b66de 100644
--- a/security/nss/gtests/ssl_gtest/ssl_fuzz_unittest.cc
+++ b/security/nss/gtests/ssl_gtest/ssl_fuzz_unittest.cc
@@ -47,9 +47,9 @@ class TlsApplicationDataRecorder : public TlsRecordFilter {
 
 // Ensure that ssl_Time() returns a constant value.
 FUZZ_F(TlsFuzzTest, SSL_Time_Constant) {
-  PRUint32 now = ssl_TimeSec();
+  PRUint32 now = ssl_Time();
   PR_Sleep(PR_SecondsToInterval(2));
-  EXPECT_EQ(ssl_TimeSec(), now);
+  EXPECT_EQ(ssl_Time(), now);
 }
 
 // Check that due to the deterministic PRNG we derive
@@ -215,6 +215,58 @@ FUZZ_P(TlsConnectGeneric, SessionTicketResumption) {
   SendReceive();
 }
 
+class TlsSessionTicketMacDamager : public TlsExtensionFilter {
+ public:
+  TlsSessionTicketMacDamager() {}
+  virtual PacketFilter::Action FilterExtension(uint16_t extension_type,
+                                               const DataBuffer& input,
+                                               DataBuffer* output) {
+    if (extension_type != ssl_session_ticket_xtn &&
+        extension_type != ssl_tls13_pre_shared_key_xtn) {
+      return KEEP;
+    }
+
+    *output = input;
+
+    // Handle everything before TLS 1.3.
+    if (extension_type == ssl_session_ticket_xtn) {
+      // Modify the last byte of the MAC.
+      output->data()[output->len() - 1] ^= 0xff;
+    }
+
+    // Handle TLS 1.3.
+    if (extension_type == ssl_tls13_pre_shared_key_xtn) {
+      TlsParser parser(input);
+
+      uint32_t ids_len;
+      EXPECT_TRUE(parser.Read(&ids_len, 2) && ids_len > 0);
+
+      uint32_t ticket_len;
+      EXPECT_TRUE(parser.Read(&ticket_len, 2) && ticket_len > 0);
+
+      // Modify the last byte of the MAC.
+      output->data()[2 + 2 + ticket_len - 1] ^= 0xff;
+    }
+
+    return CHANGE;
+  }
+};
+
+// Check that session ticket resumption works with a bad MAC.
+FUZZ_P(TlsConnectGeneric, SessionTicketResumptionBadMac) {
+  ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
+  Connect();
+  SendReceive();
+
+  Reset();
+  ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
+  ExpectResumption(RESUME_TICKET);
+
+  client_->SetPacketFilter(std::make_shared<TlsSessionTicketMacDamager>());
+  Connect();
+  SendReceive();
+}
+
 // Check that session tickets are not encrypted.
 FUZZ_P(TlsConnectGeneric, UnencryptedSessionTickets) {
   ConfigureSessionCache(RESUME_TICKET, RESUME_TICKET);
@@ -224,13 +276,10 @@ FUZZ_P(TlsConnectGeneric, UnencryptedSessionTickets) {
   server_->SetPacketFilter(i1);
   Connect();
 
-  std::cerr << "ticket" << i1->buffer() << std::endl;
   size_t offset = 4; /* lifetime */
   if (version_ == SSL_LIBRARY_VERSION_TLS_1_3) {
-    offset += 4; /* ticket_age_add */
-    uint32_t nonce_len = 0;
-    EXPECT_TRUE(i1->buffer().Read(offset, 1, &nonce_len));
-    offset += 1 + nonce_len;
+    offset += 1 + 1 + /* ke_modes */
+              1 + 1;  /* auth_modes */
   }
   offset += 2 + /* ticket length */
             2;  /* TLS_EX_SESS_TICKET_VERSION */
diff --git a/security/nss/gtests/ssl_gtest/ssl_gtest.cc b/security/nss/gtests/ssl_gtest/ssl_gtest.cc
index 2fff9d7cb..cd10076b8 100644
--- a/security/nss/gtests/ssl_gtest/ssl_gtest.cc
+++ b/security/nss/gtests/ssl_gtest/ssl_gtest.cc
@@ -6,7 +6,6 @@
 #include <cstdlib>
 
 #include "test_io.h"
-#include "databuffer.h"
 
 #define GTEST_HAS_RTTI 0
 #include "gtest/gtest.h"
@@ -29,7 +28,6 @@ int main(int argc, char** argv) {
       ++i;
     } else if (!strcmp(argv[i], "-v")) {
       g_ssl_gtest_verbose = true;
-      nss_test::DataBuffer::SetLogLimit(16384);
     }
   }
 
diff --git a/security/nss/gtests/ssl_gtest/ssl_gtest.gyp b/security/nss/gtests/ssl_gtest/ssl_gtest.gyp
index e2a8d830a..8cd7d1009 100644
--- a/security/nss/gtests/ssl_gtest/ssl_gtest.gyp
+++ b/security/nss/gtests/ssl_gtest/ssl_gtest.gyp
@@ -11,7 +11,6 @@
       'target_name': 'ssl_gtest',
       'type': 'executable',
       'sources': [
-        'bloomfilter_unittest.cc',
         'libssl_internals.c',
         'selfencrypt_unittest.cc',
         'ssl_0rtt_unittest.cc',
@@ -19,7 +18,6 @@
         'ssl_auth_unittest.cc',
         'ssl_cert_ext_unittest.cc',
         'ssl_ciphersuite_unittest.cc',
-        'ssl_custext_unittest.cc',
         'ssl_damage_unittest.cc',
         'ssl_dhe_unittest.cc',
         'ssl_drop_unittest.cc',
@@ -32,16 +30,11 @@
         'ssl_gather_unittest.cc',
         'ssl_gtest.cc',
         'ssl_hrr_unittest.cc',
-        'ssl_keylog_unittest.cc',
-        'ssl_keyupdate_unittest.cc',
         'ssl_loopback_unittest.cc',
-        'ssl_misc_unittest.cc',
         'ssl_record_unittest.cc',
         'ssl_resumption_unittest.cc',
-        'ssl_renegotiation_unittest.cc',
         'ssl_skip_unittest.cc',
         'ssl_staticrsa_unittest.cc',
-        'ssl_tls13compat_unittest.cc',
         'ssl_v2_client_hello_unittest.cc',
         'ssl_version_unittest.cc',
         'ssl_versionpolicy_unittest.cc',
diff --git a/security/nss/gtests/ssl_gtest/ssl_hrr_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_hrr_unittest.cc
index 93e19a720..39055f641 100644
--- a/security/nss/gtests/ssl_gtest/ssl_hrr_unittest.cc
+++ b/security/nss/gtests/ssl_gtest/ssl_hrr_unittest.cc
@@ -187,590 +187,6 @@ TEST_P(TlsConnectTls13, RetryWithSameKeyShare) {
   EXPECT_EQ(SSL_ERROR_ILLEGAL_PARAMETER_ALERT, client_->error_code());
 }
 
-// Here we modify the second ClientHello so that the client retries with the
-// same shares, even though the server wanted something else.
-TEST_P(TlsConnectTls13, RetryWithTwoShares) {
-  EnsureTlsSetup();
-  EXPECT_EQ(SECSuccess, SSL_SendAdditionalKeyShares(client_->ssl_fd(), 1));
-  client_->SetPacketFilter(std::make_shared<KeyShareReplayer>());
-
-  static const std::vector<SSLNamedGroup> groups = {ssl_grp_ec_secp384r1,
-                                                    ssl_grp_ec_secp521r1};
-  server_->ConfigNamedGroups(groups);
-  ConnectExpectAlert(server_, kTlsAlertIllegalParameter);
-  EXPECT_EQ(SSL_ERROR_BAD_2ND_CLIENT_HELLO, server_->error_code());
-  EXPECT_EQ(SSL_ERROR_ILLEGAL_PARAMETER_ALERT, client_->error_code());
-}
-
-TEST_P(TlsConnectTls13, RetryCallbackAccept) {
-  EnsureTlsSetup();
-
-  auto accept_hello = [](PRBool firstHello, const PRUint8* clientToken,
-                         unsigned int clientTokenLen, PRUint8* appToken,
-                         unsigned int* appTokenLen, unsigned int appTokenMax,
-                         void* arg) {
-    auto* called = reinterpret_cast<bool*>(arg);
-    *called = true;
-
-    EXPECT_TRUE(firstHello);
-    EXPECT_EQ(0U, clientTokenLen);
-    return ssl_hello_retry_accept;
-  };
-
-  bool cb_run = false;
-  EXPECT_EQ(SECSuccess, SSL_HelloRetryRequestCallback(server_->ssl_fd(),
-                                                      accept_hello, &cb_run));
-  Connect();
-  EXPECT_TRUE(cb_run);
-}
-
-TEST_P(TlsConnectTls13, RetryCallbackAcceptGroupMismatch) {
-  EnsureTlsSetup();
-
-  auto accept_hello_twice = [](PRBool firstHello, const PRUint8* clientToken,
-                               unsigned int clientTokenLen, PRUint8* appToken,
-                               unsigned int* appTokenLen,
-                               unsigned int appTokenMax, void* arg) {
-    auto* called = reinterpret_cast<size_t*>(arg);
-    ++*called;
-
-    EXPECT_EQ(0U, clientTokenLen);
-    return ssl_hello_retry_accept;
-  };
-
-  auto capture = std::make_shared<TlsExtensionCapture>(ssl_tls13_cookie_xtn);
-  capture->SetHandshakeTypes({kTlsHandshakeHelloRetryRequest});
-  server_->SetPacketFilter(capture);
-
-  static const std::vector<SSLNamedGroup> groups = {ssl_grp_ec_secp384r1};
-  server_->ConfigNamedGroups(groups);
-
-  size_t cb_run = 0;
-  EXPECT_EQ(SECSuccess, SSL_HelloRetryRequestCallback(
-                            server_->ssl_fd(), accept_hello_twice, &cb_run));
-  Connect();
-  EXPECT_EQ(2U, cb_run);
-  EXPECT_TRUE(capture->captured()) << "expected a cookie in HelloRetryRequest";
-}
-
-TEST_P(TlsConnectTls13, RetryCallbackFail) {
-  EnsureTlsSetup();
-
-  auto fail_hello = [](PRBool firstHello, const PRUint8* clientToken,
-                       unsigned int clientTokenLen, PRUint8* appToken,
-                       unsigned int* appTokenLen, unsigned int appTokenMax,
-                       void* arg) {
-    auto* called = reinterpret_cast<bool*>(arg);
-    *called = true;
-
-    EXPECT_TRUE(firstHello);
-    EXPECT_EQ(0U, clientTokenLen);
-    return ssl_hello_retry_fail;
-  };
-
-  bool cb_run = false;
-  EXPECT_EQ(SECSuccess, SSL_HelloRetryRequestCallback(server_->ssl_fd(),
-                                                      fail_hello, &cb_run));
-  ConnectExpectAlert(server_, kTlsAlertHandshakeFailure);
-  server_->CheckErrorCode(SSL_ERROR_APPLICATION_ABORT);
-  EXPECT_TRUE(cb_run);
-}
-
-// Asking for retry twice isn't allowed.
-TEST_P(TlsConnectTls13, RetryCallbackRequestHrrTwice) {
-  EnsureTlsSetup();
-
-  auto bad_callback = [](PRBool firstHello, const PRUint8* clientToken,
-                         unsigned int clientTokenLen, PRUint8* appToken,
-                         unsigned int* appTokenLen, unsigned int appTokenMax,
-                         void* arg) -> SSLHelloRetryRequestAction {
-    return ssl_hello_retry_request;
-  };
-  EXPECT_EQ(SECSuccess, SSL_HelloRetryRequestCallback(server_->ssl_fd(),
-                                                      bad_callback, NULL));
-  ConnectExpectAlert(server_, kTlsAlertInternalError);
-  server_->CheckErrorCode(SSL_ERROR_APP_CALLBACK_ERROR);
-}
-
-// Accepting the CH and modifying the token isn't allowed.
-TEST_P(TlsConnectTls13, RetryCallbackAcceptAndSetToken) {
-  EnsureTlsSetup();
-
-  auto bad_callback = [](PRBool firstHello, const PRUint8* clientToken,
-                         unsigned int clientTokenLen, PRUint8* appToken,
-                         unsigned int* appTokenLen, unsigned int appTokenMax,
-                         void* arg) -> SSLHelloRetryRequestAction {
-    *appTokenLen = 1;
-    return ssl_hello_retry_accept;
-  };
-  EXPECT_EQ(SECSuccess, SSL_HelloRetryRequestCallback(server_->ssl_fd(),
-                                                      bad_callback, NULL));
-  ConnectExpectAlert(server_, kTlsAlertInternalError);
-  server_->CheckErrorCode(SSL_ERROR_APP_CALLBACK_ERROR);
-}
-
-// As above, but with reject.
-TEST_P(TlsConnectTls13, RetryCallbackRejectAndSetToken) {
-  EnsureTlsSetup();
-
-  auto bad_callback = [](PRBool firstHello, const PRUint8* clientToken,
-                         unsigned int clientTokenLen, PRUint8* appToken,
-                         unsigned int* appTokenLen, unsigned int appTokenMax,
-                         void* arg) -> SSLHelloRetryRequestAction {
-    *appTokenLen = 1;
-    return ssl_hello_retry_fail;
-  };
-  EXPECT_EQ(SECSuccess, SSL_HelloRetryRequestCallback(server_->ssl_fd(),
-                                                      bad_callback, NULL));
-  ConnectExpectAlert(server_, kTlsAlertInternalError);
-  server_->CheckErrorCode(SSL_ERROR_APP_CALLBACK_ERROR);
-}
-
-// This is a (pretend) buffer overflow.
-TEST_P(TlsConnectTls13, RetryCallbackSetTooLargeToken) {
-  EnsureTlsSetup();
-
-  auto bad_callback = [](PRBool firstHello, const PRUint8* clientToken,
-                         unsigned int clientTokenLen, PRUint8* appToken,
-                         unsigned int* appTokenLen, unsigned int appTokenMax,
-                         void* arg) -> SSLHelloRetryRequestAction {
-    *appTokenLen = appTokenMax + 1;
-    return ssl_hello_retry_accept;
-  };
-  EXPECT_EQ(SECSuccess, SSL_HelloRetryRequestCallback(server_->ssl_fd(),
-                                                      bad_callback, NULL));
-  ConnectExpectAlert(server_, kTlsAlertInternalError);
-  server_->CheckErrorCode(SSL_ERROR_APP_CALLBACK_ERROR);
-}
-
-SSLHelloRetryRequestAction RetryHello(PRBool firstHello,
-                                      const PRUint8* clientToken,
-                                      unsigned int clientTokenLen,
-                                      PRUint8* appToken,
-                                      unsigned int* appTokenLen,
-                                      unsigned int appTokenMax, void* arg) {
-  auto* called = reinterpret_cast<size_t*>(arg);
-  ++*called;
-
-  EXPECT_EQ(0U, clientTokenLen);
-  return firstHello ? ssl_hello_retry_request : ssl_hello_retry_accept;
-}
-
-TEST_P(TlsConnectTls13, RetryCallbackRetry) {
-  EnsureTlsSetup();
-
-  auto capture_hrr = std::make_shared<TlsInspectorRecordHandshakeMessage>(
-      ssl_hs_hello_retry_request);
-  auto capture_key_share =
-      std::make_shared<TlsExtensionCapture>(ssl_tls13_key_share_xtn);
-  capture_key_share->SetHandshakeTypes({kTlsHandshakeHelloRetryRequest});
-  std::vector<std::shared_ptr<PacketFilter>> chain = {capture_hrr,
-                                                      capture_key_share};
-  server_->SetPacketFilter(std::make_shared<ChainedPacketFilter>(chain));
-
-  size_t cb_called = 0;
-  EXPECT_EQ(SECSuccess, SSL_HelloRetryRequestCallback(server_->ssl_fd(),
-                                                      RetryHello, &cb_called));
-
-  // Do the first message exchange.
-  StartConnect();
-  client_->Handshake();
-  server_->Handshake();
-
-  EXPECT_EQ(1U, cb_called) << "callback should be called once here";
-  EXPECT_LT(0U, capture_hrr->buffer().len()) << "HelloRetryRequest expected";
-  EXPECT_FALSE(capture_key_share->captured())
-      << "no key_share extension expected";
-
-  auto capture_cookie =
-      std::make_shared<TlsExtensionCapture>(ssl_tls13_cookie_xtn);
-  client_->SetPacketFilter(capture_cookie);
-
-  Handshake();
-  CheckConnected();
-  EXPECT_EQ(2U, cb_called);
-  EXPECT_TRUE(capture_cookie->captured()) << "should have a cookie";
-}
-
-static size_t CountShares(const DataBuffer& key_share) {
-  size_t count = 0;
-  uint32_t len = 0;
-  size_t offset = 2;
-
-  EXPECT_TRUE(key_share.Read(0, 2, &len));
-  EXPECT_EQ(key_share.len() - 2, len);
-  while (offset < key_share.len()) {
-    offset += 2;  // Skip KeyShareEntry.group
-    EXPECT_TRUE(key_share.Read(offset, 2, &len));
-    offset += 2 + len;  // Skip KeyShareEntry.key_exchange
-    ++count;
-  }
-  return count;
-}
-
-TEST_P(TlsConnectTls13, RetryCallbackRetryWithAdditionalShares) {
-  EnsureTlsSetup();
-  EXPECT_EQ(SECSuccess, SSL_SendAdditionalKeyShares(client_->ssl_fd(), 1));
-
-  auto capture_server =
-      std::make_shared<TlsExtensionCapture>(ssl_tls13_key_share_xtn);
-  capture_server->SetHandshakeTypes({kTlsHandshakeHelloRetryRequest});
-  server_->SetPacketFilter(capture_server);
-
-  size_t cb_called = 0;
-  EXPECT_EQ(SECSuccess, SSL_HelloRetryRequestCallback(server_->ssl_fd(),
-                                                      RetryHello, &cb_called));
-
-  // Do the first message exchange.
-  StartConnect();
-  client_->Handshake();
-  server_->Handshake();
-
-  EXPECT_EQ(1U, cb_called) << "callback should be called once here";
-  EXPECT_FALSE(capture_server->captured())
-      << "no key_share extension expected from server";
-
-  auto capture_client_2nd =
-      std::make_shared<TlsExtensionCapture>(ssl_tls13_key_share_xtn);
-  client_->SetPacketFilter(capture_client_2nd);
-
-  Handshake();
-  CheckConnected();
-  EXPECT_EQ(2U, cb_called);
-  EXPECT_TRUE(capture_client_2nd->captured()) << "client should send key_share";
-  EXPECT_EQ(2U, CountShares(capture_client_2nd->extension()))
-      << "client should still send two shares";
-}
-
-// The callback should be run even if we have another reason to send
-// HelloRetryRequest.  In this case, the server sends HRR because the server
-// wants a P-384 key share and the client didn't offer one.
-TEST_P(TlsConnectTls13, RetryCallbackRetryWithGroupMismatch) {
-  EnsureTlsSetup();
-
-  auto capture_cookie =
-      std::make_shared<TlsExtensionCapture>(ssl_tls13_cookie_xtn);
-  capture_cookie->SetHandshakeTypes({kTlsHandshakeHelloRetryRequest});
-  auto capture_key_share =
-      std::make_shared<TlsExtensionCapture>(ssl_tls13_key_share_xtn);
-  capture_key_share->SetHandshakeTypes({kTlsHandshakeHelloRetryRequest});
-  server_->SetPacketFilter(std::make_shared<ChainedPacketFilter>(
-      ChainedPacketFilterInit{capture_cookie, capture_key_share}));
-
-  static const std::vector<SSLNamedGroup> groups = {ssl_grp_ec_secp384r1};
-  server_->ConfigNamedGroups(groups);
-
-  size_t cb_called = 0;
-  EXPECT_EQ(SECSuccess, SSL_HelloRetryRequestCallback(server_->ssl_fd(),
-                                                      RetryHello, &cb_called));
-  Connect();
-  EXPECT_EQ(2U, cb_called);
-  EXPECT_TRUE(capture_cookie->captured()) << "cookie expected";
-  EXPECT_TRUE(capture_key_share->captured()) << "key_share expected";
-}
-
-static const uint8_t kApplicationToken[] = {0x92, 0x44, 0x00};
-
-SSLHelloRetryRequestAction RetryHelloWithToken(
-    PRBool firstHello, const PRUint8* clientToken, unsigned int clientTokenLen,
-    PRUint8* appToken, unsigned int* appTokenLen, unsigned int appTokenMax,
-    void* arg) {
-  auto* called = reinterpret_cast<size_t*>(arg);
-  ++*called;
-
-  if (firstHello) {
-    memcpy(appToken, kApplicationToken, sizeof(kApplicationToken));
-    *appTokenLen = sizeof(kApplicationToken);
-    return ssl_hello_retry_request;
-  }
-
-  EXPECT_EQ(DataBuffer(kApplicationToken, sizeof(kApplicationToken)),
-            DataBuffer(clientToken, static_cast<size_t>(clientTokenLen)));
-  return ssl_hello_retry_accept;
-}
-
-TEST_P(TlsConnectTls13, RetryCallbackRetryWithToken) {
-  EnsureTlsSetup();
-
-  auto capture_key_share =
-      std::make_shared<TlsExtensionCapture>(ssl_tls13_key_share_xtn);
-  capture_key_share->SetHandshakeTypes({kTlsHandshakeHelloRetryRequest});
-  server_->SetPacketFilter(capture_key_share);
-
-  size_t cb_called = 0;
-  EXPECT_EQ(SECSuccess,
-            SSL_HelloRetryRequestCallback(server_->ssl_fd(),
-                                          RetryHelloWithToken, &cb_called));
-  Connect();
-  EXPECT_EQ(2U, cb_called);
-  EXPECT_FALSE(capture_key_share->captured()) << "no key share expected";
-}
-
-TEST_P(TlsConnectTls13, RetryCallbackRetryWithTokenAndGroupMismatch) {
-  EnsureTlsSetup();
-
-  static const std::vector<SSLNamedGroup> groups = {ssl_grp_ec_secp384r1};
-  server_->ConfigNamedGroups(groups);
-
-  auto capture_key_share =
-      std::make_shared<TlsExtensionCapture>(ssl_tls13_key_share_xtn);
-  capture_key_share->SetHandshakeTypes({kTlsHandshakeHelloRetryRequest});
-  server_->SetPacketFilter(capture_key_share);
-
-  size_t cb_called = 0;
-  EXPECT_EQ(SECSuccess,
-            SSL_HelloRetryRequestCallback(server_->ssl_fd(),
-                                          RetryHelloWithToken, &cb_called));
-  Connect();
-  EXPECT_EQ(2U, cb_called);
-  EXPECT_TRUE(capture_key_share->captured()) << "key share expected";
-}
-
-SSLHelloRetryRequestAction CheckTicketToken(
-    PRBool firstHello, const PRUint8* clientToken, unsigned int clientTokenLen,
-    PRUint8* appToken, unsigned int* appTokenLen, unsigned int appTokenMax,
-    void* arg) {
-  auto* called = reinterpret_cast<bool*>(arg);
-  *called = true;
-
-  EXPECT_TRUE(firstHello);
-  EXPECT_EQ(DataBuffer(kApplicationToken, sizeof(kApplicationToken)),
-            DataBuffer(clientToken, static_cast<size_t>(clientTokenLen)));
-  return ssl_hello_retry_accept;
-}
-
-// Stream because SSL_SendSessionTicket only supports that.
-TEST_F(TlsConnectStreamTls13, RetryCallbackWithSessionTicketToken) {
-  ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
-  Connect();
-  EXPECT_EQ(SECSuccess,
-            SSL_SendSessionTicket(server_->ssl_fd(), kApplicationToken,
-                                  sizeof(kApplicationToken)));
-  SendReceive();
-
-  Reset();
-  ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
-  ExpectResumption(RESUME_TICKET);
-
-  bool cb_run = false;
-  EXPECT_EQ(SECSuccess, SSL_HelloRetryRequestCallback(
-                            server_->ssl_fd(), CheckTicketToken, &cb_run));
-  Connect();
-  EXPECT_TRUE(cb_run);
-}
-
-void TriggerHelloRetryRequest(std::shared_ptr<TlsAgent>& client,
-                              std::shared_ptr<TlsAgent>& server) {
-  size_t cb_called = 0;
-  EXPECT_EQ(SECSuccess, SSL_HelloRetryRequestCallback(server->ssl_fd(),
-                                                      RetryHello, &cb_called));
-
-  // Start the handshake.
-  client->StartConnect();
-  server->StartConnect();
-  client->Handshake();
-  server->Handshake();
-  EXPECT_EQ(1U, cb_called);
-}
-
-TEST_P(TlsConnectTls13, RetryStateless) {
-  ConfigureSelfEncrypt();
-  EnsureTlsSetup();
-
-  TriggerHelloRetryRequest(client_, server_);
-  MakeNewServer();
-
-  Handshake();
-  SendReceive();
-}
-
-TEST_P(TlsConnectTls13, RetryStatefulDropCookie) {
-  ConfigureSelfEncrypt();
-  EnsureTlsSetup();
-
-  TriggerHelloRetryRequest(client_, server_);
-  client_->SetPacketFilter(
-      std::make_shared<TlsExtensionDropper>(ssl_tls13_cookie_xtn));
-
-  ExpectAlert(server_, kTlsAlertMissingExtension);
-  Handshake();
-  client_->CheckErrorCode(SSL_ERROR_MISSING_EXTENSION_ALERT);
-  server_->CheckErrorCode(SSL_ERROR_MISSING_COOKIE_EXTENSION);
-}
-
-// Stream only because DTLS drops bad packets.
-TEST_F(TlsConnectStreamTls13, RetryStatelessDamageFirstClientHello) {
-  ConfigureSelfEncrypt();
-  EnsureTlsSetup();
-
-  auto damage_ch = std::make_shared<TlsExtensionInjector>(0xfff3, DataBuffer());
-  client_->SetPacketFilter(damage_ch);
-
-  TriggerHelloRetryRequest(client_, server_);
-  MakeNewServer();
-
-  // Key exchange fails when the handshake continues because client and server
-  // disagree about the transcript.
-  client_->ExpectSendAlert(kTlsAlertBadRecordMac);
-  server_->ExpectSendAlert(kTlsAlertBadRecordMac);
-  Handshake();
-  server_->CheckErrorCode(SSL_ERROR_BAD_MAC_READ);
-  client_->CheckErrorCode(SSL_ERROR_BAD_MAC_READ);
-}
-
-TEST_F(TlsConnectStreamTls13, RetryStatelessDamageSecondClientHello) {
-  ConfigureSelfEncrypt();
-  EnsureTlsSetup();
-
-  TriggerHelloRetryRequest(client_, server_);
-  MakeNewServer();
-
-  auto damage_ch = std::make_shared<TlsExtensionInjector>(0xfff3, DataBuffer());
-  client_->SetPacketFilter(damage_ch);
-
-  // Key exchange fails when the handshake continues because client and server
-  // disagree about the transcript.
-  client_->ExpectSendAlert(kTlsAlertBadRecordMac);
-  server_->ExpectSendAlert(kTlsAlertBadRecordMac);
-  Handshake();
-  server_->CheckErrorCode(SSL_ERROR_BAD_MAC_READ);
-  client_->CheckErrorCode(SSL_ERROR_BAD_MAC_READ);
-}
-
-// Read the cipher suite from the HRR and disable it on the identified agent.
-static void DisableSuiteFromHrr(
-    std::shared_ptr<TlsAgent>& agent,
-    std::shared_ptr<TlsInspectorRecordHandshakeMessage>& capture_hrr) {
-  uint32_t tmp;
-  size_t offset = 2 + 32;  // skip version + server_random
-  ASSERT_TRUE(
-      capture_hrr->buffer().Read(offset, 1, &tmp));  // session_id length
-  EXPECT_EQ(0U, tmp);
-  offset += 1 + tmp;
-  ASSERT_TRUE(capture_hrr->buffer().Read(offset, 2, &tmp));  // suite
-  EXPECT_EQ(
-      SECSuccess,
-      SSL_CipherPrefSet(agent->ssl_fd(), static_cast<uint16_t>(tmp), PR_FALSE));
-}
-
-TEST_P(TlsConnectTls13, RetryStatelessDisableSuiteClient) {
-  ConfigureSelfEncrypt();
-  EnsureTlsSetup();
-
-  auto capture_hrr = std::make_shared<TlsInspectorRecordHandshakeMessage>(
-      ssl_hs_hello_retry_request);
-  server_->SetPacketFilter(capture_hrr);
-
-  TriggerHelloRetryRequest(client_, server_);
-  MakeNewServer();
-
-  DisableSuiteFromHrr(client_, capture_hrr);
-
-  // The client thinks that the HelloRetryRequest is bad, even though its
-  // because it changed its mind about the cipher suite.
-  ExpectAlert(client_, kTlsAlertIllegalParameter);
-  Handshake();
-  client_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP);
-  server_->CheckErrorCode(SSL_ERROR_ILLEGAL_PARAMETER_ALERT);
-}
-
-TEST_P(TlsConnectTls13, RetryStatelessDisableSuiteServer) {
-  ConfigureSelfEncrypt();
-  EnsureTlsSetup();
-
-  auto capture_hrr = std::make_shared<TlsInspectorRecordHandshakeMessage>(
-      ssl_hs_hello_retry_request);
-  server_->SetPacketFilter(capture_hrr);
-
-  TriggerHelloRetryRequest(client_, server_);
-  MakeNewServer();
-
-  DisableSuiteFromHrr(server_, capture_hrr);
-
-  ExpectAlert(server_, kTlsAlertIllegalParameter);
-  Handshake();
-  server_->CheckErrorCode(SSL_ERROR_BAD_2ND_CLIENT_HELLO);
-  client_->CheckErrorCode(SSL_ERROR_ILLEGAL_PARAMETER_ALERT);
-}
-
-TEST_P(TlsConnectTls13, RetryStatelessDisableGroupClient) {
-  ConfigureSelfEncrypt();
-  EnsureTlsSetup();
-
-  TriggerHelloRetryRequest(client_, server_);
-  MakeNewServer();
-
-  static const std::vector<SSLNamedGroup> groups = {ssl_grp_ec_secp384r1};
-  client_->ConfigNamedGroups(groups);
-
-  // We're into undefined behavior on the client side, but - at the point this
-  // test was written - the client here doesn't amend its key shares because the
-  // server doesn't ask it to.  The server notices that the key share (x25519)
-  // doesn't match the negotiated group (P-384) and objects.
-  ExpectAlert(server_, kTlsAlertIllegalParameter);
-  Handshake();
-  server_->CheckErrorCode(SSL_ERROR_BAD_2ND_CLIENT_HELLO);
-  client_->CheckErrorCode(SSL_ERROR_ILLEGAL_PARAMETER_ALERT);
-}
-
-TEST_P(TlsConnectTls13, RetryStatelessDisableGroupServer) {
-  ConfigureSelfEncrypt();
-  EnsureTlsSetup();
-
-  TriggerHelloRetryRequest(client_, server_);
-  MakeNewServer();
-
-  static const std::vector<SSLNamedGroup> groups = {ssl_grp_ec_secp384r1};
-  server_->ConfigNamedGroups(groups);
-
-  ExpectAlert(server_, kTlsAlertIllegalParameter);
-  Handshake();
-  server_->CheckErrorCode(SSL_ERROR_BAD_2ND_CLIENT_HELLO);
-  client_->CheckErrorCode(SSL_ERROR_ILLEGAL_PARAMETER_ALERT);
-}
-
-TEST_P(TlsConnectTls13, RetryStatelessBadCookie) {
-  ConfigureSelfEncrypt();
-  EnsureTlsSetup();
-
-  TriggerHelloRetryRequest(client_, server_);
-
-  // Now replace the self-encrypt MAC key with a garbage key.
-  static const uint8_t bad_hmac_key[32] = {0};
-  SECItem key_item = {siBuffer, const_cast<uint8_t*>(bad_hmac_key),
-                      sizeof(bad_hmac_key)};
-  ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
-  PK11SymKey* hmac_key =
-      PK11_ImportSymKey(slot.get(), CKM_SHA256_HMAC, PK11_OriginUnwrap,
-                        CKA_SIGN, &key_item, nullptr);
-  ASSERT_NE(nullptr, hmac_key);
-  SSLInt_SetSelfEncryptMacKey(hmac_key);  // Passes ownership.
-
-  MakeNewServer();
-
-  ExpectAlert(server_, kTlsAlertIllegalParameter);
-  Handshake();
-  server_->CheckErrorCode(SSL_ERROR_BAD_2ND_CLIENT_HELLO);
-  client_->CheckErrorCode(SSL_ERROR_ILLEGAL_PARAMETER_ALERT);
-}
-
-// Stream because the server doesn't consume the alert and terminate.
-TEST_F(TlsConnectStreamTls13, RetryWithDifferentCipherSuite) {
-  EnsureTlsSetup();
-  // Force a HelloRetryRequest.
-  static const std::vector<SSLNamedGroup> groups = {ssl_grp_ec_secp384r1};
-  server_->ConfigNamedGroups(groups);
-  // Then switch out the default suite (TLS_AES_128_GCM_SHA256).
-  server_->SetPacketFilter(std::make_shared<SelectedCipherSuiteReplacer>(
-      TLS_CHACHA20_POLY1305_SHA256));
-
-  client_->ExpectSendAlert(kTlsAlertIllegalParameter);
-  server_->ExpectSendAlert(kTlsAlertBadRecordMac);
-  ConnectExpectFail();
-  EXPECT_EQ(SSL_ERROR_RX_MALFORMED_SERVER_HELLO, client_->error_code());
-  EXPECT_EQ(SSL_ERROR_BAD_MAC_READ, server_->error_code());
-}
-
 // This tests that the second attempt at sending a ClientHello (after receiving
 // a HelloRetryRequest) is correctly retransmitted.
 TEST_F(TlsConnectDatagram13, DropClientSecondFlightWithHelloRetry) {
@@ -817,54 +233,6 @@ TEST_P(TlsKeyExchange13, ConnectEcdhePreferenceMismatchHrrExtraShares) {
   CheckKEXDetails(client_groups, client_groups);
 }
 
-// The callback should be run even if we have another reason to send
-// HelloRetryRequest.  In this case, the server sends HRR because the server
-// wants an X25519 key share and the client didn't offer one.
-TEST_P(TlsKeyExchange13,
-       RetryCallbackRetryWithGroupMismatchAndAdditionalShares) {
-  EnsureKeyShareSetup();
-
-  static const std::vector<SSLNamedGroup> client_groups = {
-      ssl_grp_ec_secp256r1, ssl_grp_ec_secp384r1, ssl_grp_ec_curve25519};
-  client_->ConfigNamedGroups(client_groups);
-  static const std::vector<SSLNamedGroup> server_groups = {
-      ssl_grp_ec_curve25519};
-  server_->ConfigNamedGroups(server_groups);
-  EXPECT_EQ(SECSuccess, SSL_SendAdditionalKeyShares(client_->ssl_fd(), 1));
-
-  auto capture_server =
-      std::make_shared<TlsExtensionCapture>(ssl_tls13_key_share_xtn);
-  capture_server->SetHandshakeTypes({kTlsHandshakeHelloRetryRequest});
-  server_->SetPacketFilter(std::make_shared<ChainedPacketFilter>(
-      ChainedPacketFilterInit{capture_hrr_, capture_server}));
-
-  size_t cb_called = 0;
-  EXPECT_EQ(SECSuccess, SSL_HelloRetryRequestCallback(server_->ssl_fd(),
-                                                      RetryHello, &cb_called));
-
-  // Do the first message exchange.
-  StartConnect();
-  client_->Handshake();
-  server_->Handshake();
-
-  EXPECT_EQ(1U, cb_called) << "callback should be called once here";
-  EXPECT_TRUE(capture_server->captured()) << "key_share extension expected";
-
-  uint32_t server_group = 0;
-  EXPECT_TRUE(capture_server->extension().Read(0, 2, &server_group));
-  EXPECT_EQ(ssl_grp_ec_curve25519, static_cast<SSLNamedGroup>(server_group));
-
-  Handshake();
-  CheckConnected();
-  EXPECT_EQ(2U, cb_called);
-  EXPECT_TRUE(shares_capture2_->captured()) << "client should send shares";
-
-  CheckKeys();
-  static const std::vector<SSLNamedGroup> client_shares(
-      client_groups.begin(), client_groups.begin() + 2);
-  CheckKEXDetails(client_groups, client_shares, server_groups[0]);
-}
-
 TEST_F(TlsConnectTest, Select12AfterHelloRetryRequest) {
   EnsureTlsSetup();
   client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_2,
@@ -877,7 +245,8 @@ TEST_F(TlsConnectTest, Select12AfterHelloRetryRequest) {
   static const std::vector<SSLNamedGroup> server_groups = {
       ssl_grp_ec_secp384r1, ssl_grp_ec_secp521r1};
   server_->ConfigNamedGroups(server_groups);
-  StartConnect();
+  client_->StartConnect();
+  server_->StartConnect();
 
   client_->Handshake();
   server_->Handshake();
@@ -907,30 +276,15 @@ class HelloRetryRequestAgentTest : public TlsAgentTestClient {
   void MakeCannedHrr(const uint8_t* body, size_t len, DataBuffer* hrr_record,
                      uint32_t seq_num = 0) const {
     DataBuffer hrr_data;
-    const uint8_t ssl_hello_retry_random[] = {
-        0xCF, 0x21, 0xAD, 0x74, 0xE5, 0x9A, 0x61, 0x11, 0xBE, 0x1D, 0x8C,
-        0x02, 0x1E, 0x65, 0xB8, 0x91, 0xC2, 0xA2, 0x11, 0x16, 0x7A, 0xBB,
-        0x8C, 0x5E, 0x07, 0x9E, 0x09, 0xE2, 0xC8, 0xA8, 0x33, 0x9C};
-
-    hrr_data.Allocate(len + 6);
+    hrr_data.Allocate(len + 4);
     size_t i = 0;
-    i = hrr_data.Write(i, 0x0303, 2);
-    i = hrr_data.Write(i, ssl_hello_retry_random,
-                       sizeof(ssl_hello_retry_random));
-    i = hrr_data.Write(i, static_cast<uint32_t>(0), 1);  // session_id
-    i = hrr_data.Write(i, TLS_AES_128_GCM_SHA256, 2);
-    i = hrr_data.Write(i, ssl_compression_null, 1);
-    // Add extensions.  First a length, which includes the supported version.
-    i = hrr_data.Write(i, static_cast<uint32_t>(len) + 6, 2);
-    // Now the supported version.
-    i = hrr_data.Write(i, ssl_tls13_supported_versions_xtn, 2);
-    i = hrr_data.Write(i, 2, 2);
     i = hrr_data.Write(i, 0x7f00 | TLS_1_3_DRAFT_VERSION, 2);
+    i = hrr_data.Write(i, static_cast<uint32_t>(len), 2);
     if (len) {
       hrr_data.Write(i, body, len);
     }
     DataBuffer hrr;
-    MakeHandshakeMessage(kTlsHandshakeServerHello, hrr_data.data(),
+    MakeHandshakeMessage(kTlsHandshakeHelloRetryRequest, hrr_data.data(),
                          hrr_data.len(), &hrr, seq_num);
     MakeRecord(kTlsHandshakeType, SSL_LIBRARY_VERSION_TLS_1_3, hrr.data(),
                hrr.len(), hrr_record, seq_num);
@@ -980,6 +334,28 @@ TEST_P(HelloRetryRequestAgentTest, HandleNoopHelloRetryRequest) {
                  SSL_ERROR_RX_MALFORMED_HELLO_RETRY_REQUEST);
 }
 
+TEST_P(HelloRetryRequestAgentTest, HandleHelloRetryRequestCookie) {
+  const uint8_t canned_cookie_hrr[] = {
+      static_cast<uint8_t>(ssl_tls13_cookie_xtn >> 8),
+      static_cast<uint8_t>(ssl_tls13_cookie_xtn),
+      0,
+      5,  // length of cookie extension
+      0,
+      3,  // cookie value length
+      0xc0,
+      0x0c,
+      0x13};
+  DataBuffer hrr;
+  MakeCannedHrr(canned_cookie_hrr, sizeof(canned_cookie_hrr), &hrr);
+  auto capture = std::make_shared<TlsExtensionCapture>(ssl_tls13_cookie_xtn);
+  agent_->SetPacketFilter(capture);
+  ProcessMessage(hrr, TlsAgent::STATE_CONNECTING);
+  const size_t cookie_pos = 2 + 2;  // cookie_xtn, extension len
+  DataBuffer cookie(canned_cookie_hrr + cookie_pos,
+                    sizeof(canned_cookie_hrr) - cookie_pos);
+  EXPECT_EQ(cookie, capture->extension());
+}
+
 INSTANTIATE_TEST_CASE_P(HelloRetryRequestAgentTests, HelloRetryRequestAgentTest,
                         ::testing::Combine(TlsConnectTestBase::kTlsVariantsAll,
                                            TlsConnectTestBase::kTlsV13));
diff --git a/security/nss/gtests/ssl_gtest/ssl_keylog_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_keylog_unittest.cc
deleted file mode 100644
index 8ed342305..000000000
--- a/security/nss/gtests/ssl_gtest/ssl_keylog_unittest.cc
+++ /dev/null
@@ -1,118 +0,0 @@
-/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/* vim: set ts=2 et sw=2 tw=80: */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this file,
- * You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#ifdef NSS_ALLOW_SSLKEYLOGFILE
-
-#include <cstdlib>
-#include <fstream>
-#include <sstream>
-
-#include "gtest_utils.h"
-#include "tls_connect.h"
-
-namespace nss_test {
-
-static const std::string keylog_file_path = "keylog.txt";
-static const std::string keylog_env = "SSLKEYLOGFILE=" + keylog_file_path;
-
-class KeyLogFileTest : public TlsConnectGeneric {
- public:
-  void SetUp() {
-    TlsConnectTestBase::SetUp();
-    // Remove previous results (if any).
-    (void)remove(keylog_file_path.c_str());
-    PR_SetEnv(keylog_env.c_str());
-  }
-
-  void CheckKeyLog() {
-    std::ifstream f(keylog_file_path);
-    std::map<std::string, size_t> labels;
-    std::set<std::string> client_randoms;
-    for (std::string line; std::getline(f, line);) {
-      if (line[0] == '#') {
-        continue;
-      }
-
-      std::istringstream iss(line);
-      std::string label, client_random, secret;
-      iss >> label >> client_random >> secret;
-
-      ASSERT_EQ(64U, client_random.size());
-      client_randoms.insert(client_random);
-      labels[label]++;
-    }
-
-    if (version_ < SSL_LIBRARY_VERSION_TLS_1_3) {
-      ASSERT_EQ(1U, client_randoms.size());
-    } else {
-      /* two handshakes for 0-RTT */
-      ASSERT_EQ(2U, client_randoms.size());
-    }
-
-    // Every entry occurs twice (one log from server, one from client).
-    if (version_ < SSL_LIBRARY_VERSION_TLS_1_3) {
-      ASSERT_EQ(2U, labels["CLIENT_RANDOM"]);
-    } else {
-      ASSERT_EQ(2U, labels["CLIENT_EARLY_TRAFFIC_SECRET"]);
-      ASSERT_EQ(2U, labels["EARLY_EXPORTER_SECRET"]);
-      ASSERT_EQ(4U, labels["CLIENT_HANDSHAKE_TRAFFIC_SECRET"]);
-      ASSERT_EQ(4U, labels["SERVER_HANDSHAKE_TRAFFIC_SECRET"]);
-      ASSERT_EQ(4U, labels["CLIENT_TRAFFIC_SECRET_0"]);
-      ASSERT_EQ(4U, labels["SERVER_TRAFFIC_SECRET_0"]);
-      ASSERT_EQ(4U, labels["EXPORTER_SECRET"]);
-    }
-  }
-
-  void ConnectAndCheck() {
-    // This is a child process, ensure that error messages immediately
-    // propagate or else it will not be visible.
-    ::testing::GTEST_FLAG(throw_on_failure) = true;
-
-    if (version_ == SSL_LIBRARY_VERSION_TLS_1_3) {
-      SetupForZeroRtt();
-      client_->Set0RttEnabled(true);
-      server_->Set0RttEnabled(true);
-      ExpectResumption(RESUME_TICKET);
-      ZeroRttSendReceive(true, true);
-      Handshake();
-      ExpectEarlyDataAccepted(true);
-      CheckConnected();
-      SendReceive();
-    } else {
-      Connect();
-    }
-    CheckKeyLog();
-    _exit(0);
-  }
-};
-
-// Tests are run in a separate process to ensure that NSS is not initialized yet
-// and can process the SSLKEYLOGFILE environment variable.
-
-TEST_P(KeyLogFileTest, KeyLogFile) {
-  testing::GTEST_FLAG(death_test_style) = "threadsafe";
-
-  ASSERT_EXIT(ConnectAndCheck(), ::testing::ExitedWithCode(0), "");
-}
-
-INSTANTIATE_TEST_CASE_P(
-    KeyLogFileDTLS12, KeyLogFileTest,
-    ::testing::Combine(TlsConnectTestBase::kTlsVariantsDatagram,
-                       TlsConnectTestBase::kTlsV11V12));
-INSTANTIATE_TEST_CASE_P(
-    KeyLogFileTLS12, KeyLogFileTest,
-    ::testing::Combine(TlsConnectTestBase::kTlsVariantsStream,
-                       TlsConnectTestBase::kTlsV10ToV12));
-#ifndef NSS_DISABLE_TLS_1_3
-INSTANTIATE_TEST_CASE_P(
-    KeyLogFileTLS13, KeyLogFileTest,
-    ::testing::Combine(TlsConnectTestBase::kTlsVariantsStream,
-                       TlsConnectTestBase::kTlsV13));
-#endif
-
-}  // namespace nss_test
-
-#endif  // NSS_ALLOW_SSLKEYLOGFILE
diff --git a/security/nss/gtests/ssl_gtest/ssl_keyupdate_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_keyupdate_unittest.cc
deleted file mode 100644
index d03775c25..000000000
--- a/security/nss/gtests/ssl_gtest/ssl_keyupdate_unittest.cc
+++ /dev/null
@@ -1,178 +0,0 @@
-/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/* vim: set ts=2 et sw=2 tw=80: */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this file,
- * You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "secerr.h"
-#include "ssl.h"
-#include "sslerr.h"
-#include "sslproto.h"
-
-extern "C" {
-// This is not something that should make you happy.
-#include "libssl_internals.h"
-}
-
-#include "gtest_utils.h"
-#include "scoped_ptrs.h"
-#include "tls_connect.h"
-#include "tls_filter.h"
-#include "tls_parser.h"
-
-namespace nss_test {
-
-// All stream only tests; DTLS isn't supported yet.
-
-TEST_F(TlsConnectTest, KeyUpdateClient) {
-  ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
-  Connect();
-  EXPECT_EQ(SECSuccess, SSL_KeyUpdate(client_->ssl_fd(), PR_FALSE));
-  SendReceive(50);
-  SendReceive(60);
-  CheckEpochs(4, 3);
-}
-
-TEST_F(TlsConnectTest, KeyUpdateClientRequestUpdate) {
-  ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
-  Connect();
-  EXPECT_EQ(SECSuccess, SSL_KeyUpdate(client_->ssl_fd(), PR_TRUE));
-  // SendReceive() only gives each peer one chance to read.  This isn't enough
-  // when the read on one side generates another handshake message.  A second
-  // read gives each peer an extra chance to consume the KeyUpdate.
-  SendReceive(50);
-  SendReceive(60);  // Cumulative count.
-  CheckEpochs(4, 4);
-}
-
-TEST_F(TlsConnectTest, KeyUpdateServer) {
-  ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
-  Connect();
-  EXPECT_EQ(SECSuccess, SSL_KeyUpdate(server_->ssl_fd(), PR_FALSE));
-  SendReceive(50);
-  SendReceive(60);
-  CheckEpochs(3, 4);
-}
-
-TEST_F(TlsConnectTest, KeyUpdateServerRequestUpdate) {
-  ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
-  Connect();
-  EXPECT_EQ(SECSuccess, SSL_KeyUpdate(server_->ssl_fd(), PR_TRUE));
-  SendReceive(50);
-  SendReceive(60);
-  CheckEpochs(4, 4);
-}
-
-TEST_F(TlsConnectTest, KeyUpdateConsecutiveRequests) {
-  ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
-  Connect();
-  EXPECT_EQ(SECSuccess, SSL_KeyUpdate(server_->ssl_fd(), PR_TRUE));
-  EXPECT_EQ(SECSuccess, SSL_KeyUpdate(server_->ssl_fd(), PR_TRUE));
-  SendReceive(50);
-  SendReceive(60);
-  // The server should have updated twice, but the client should have declined
-  // to respond to the second request from the server, since it doesn't send
-  // anything in between those two requests.
-  CheckEpochs(4, 5);
-}
-
-// Check that a local update can be immediately followed by a remotely triggered
-// update even if there is no use of the keys.
-TEST_F(TlsConnectTest, KeyUpdateLocalUpdateThenConsecutiveRequests) {
-  ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
-  Connect();
-  // This should trigger an update on the client.
-  EXPECT_EQ(SECSuccess, SSL_KeyUpdate(client_->ssl_fd(), PR_FALSE));
-  // The client should update for the first request.
-  EXPECT_EQ(SECSuccess, SSL_KeyUpdate(server_->ssl_fd(), PR_TRUE));
-  // ...but not the second.
-  EXPECT_EQ(SECSuccess, SSL_KeyUpdate(server_->ssl_fd(), PR_TRUE));
-  SendReceive(50);
-  SendReceive(60);
-  // Both should have updated twice.
-  CheckEpochs(5, 5);
-}
-
-TEST_F(TlsConnectTest, KeyUpdateMultiple) {
-  ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
-  Connect();
-  EXPECT_EQ(SECSuccess, SSL_KeyUpdate(server_->ssl_fd(), PR_FALSE));
-  EXPECT_EQ(SECSuccess, SSL_KeyUpdate(server_->ssl_fd(), PR_TRUE));
-  EXPECT_EQ(SECSuccess, SSL_KeyUpdate(server_->ssl_fd(), PR_FALSE));
-  EXPECT_EQ(SECSuccess, SSL_KeyUpdate(client_->ssl_fd(), PR_FALSE));
-  SendReceive(50);
-  SendReceive(60);
-  CheckEpochs(5, 6);
-}
-
-// Both ask the other for an update, and both should react.
-TEST_F(TlsConnectTest, KeyUpdateBothRequest) {
-  ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
-  Connect();
-  EXPECT_EQ(SECSuccess, SSL_KeyUpdate(client_->ssl_fd(), PR_TRUE));
-  EXPECT_EQ(SECSuccess, SSL_KeyUpdate(server_->ssl_fd(), PR_TRUE));
-  SendReceive(50);
-  SendReceive(60);
-  CheckEpochs(5, 5);
-}
-
-// If the sequence number exceeds the number of writes before an automatic
-// update (currently 3/4 of the max records for the cipher suite), then the
-// stack should send an update automatically (but not request one).
-TEST_F(TlsConnectTest, KeyUpdateAutomaticOnWrite) {
-  ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
-  ConnectWithCipherSuite(TLS_AES_128_GCM_SHA256);
-
-  // Set this to one below the write threshold.
-  uint64_t threshold = (0x5aULL << 28) * 3 / 4;
-  EXPECT_EQ(SECSuccess,
-            SSLInt_AdvanceWriteSeqNum(client_->ssl_fd(), threshold));
-  EXPECT_EQ(SECSuccess, SSLInt_AdvanceReadSeqNum(server_->ssl_fd(), threshold));
-
-  // This should be OK.
-  client_->SendData(10);
-  server_->ReadBytes();
-
-  // This should cause the client to update.
-  client_->SendData(10);
-  server_->ReadBytes();
-
-  SendReceive(100);
-  CheckEpochs(4, 3);
-}
-
-// If the sequence number exceeds a certain number of reads (currently 7/8 of
-// the max records for the cipher suite), then the stack should send AND request
-// an update automatically.  However, the sender (client) will be above its
-// automatic update threshold, so the KeyUpdate - that it sends with the old
-// cipher spec - will exceed the receiver (server) automatic update threshold.
-// The receiver gets a packet with a sequence number over its automatic read
-// update threshold.  Even though the sender has updated, the code that checks
-// the sequence numbers at the receiver doesn't know this and it will request an
-// update.  This causes two updates: one from the sender (without requesting a
-// response) and one from the receiver (which does request a response).
-TEST_F(TlsConnectTest, KeyUpdateAutomaticOnRead) {
-  ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
-  ConnectWithCipherSuite(TLS_AES_128_GCM_SHA256);
-
-  // Move to right at the read threshold.  Unlike the write test, we can't send
-  // packets because that would cause the client to update, which would spoil
-  // the test.
-  uint64_t threshold = ((0x5aULL << 28) * 7 / 8) + 1;
-  EXPECT_EQ(SECSuccess,
-            SSLInt_AdvanceWriteSeqNum(client_->ssl_fd(), threshold));
-  EXPECT_EQ(SECSuccess, SSLInt_AdvanceReadSeqNum(server_->ssl_fd(), threshold));
-
-  // This should cause the client to update, but not early enough to prevent the
-  // server from updating also.
-  client_->SendData(10);
-  server_->ReadBytes();
-
-  // Need two SendReceive() calls to ensure that the update that the server
-  // requested is properly generated and consumed.
-  SendReceive(70);
-  SendReceive(80);
-  CheckEpochs(5, 4);
-}
-
-}  // namespace nss_test
diff --git a/security/nss/gtests/ssl_gtest/ssl_loopback_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_loopback_unittest.cc
index 4bc6e60ab..77703dd8e 100644
--- a/security/nss/gtests/ssl_gtest/ssl_loopback_unittest.cc
+++ b/security/nss/gtests/ssl_gtest/ssl_loopback_unittest.cc
@@ -6,7 +6,6 @@
 
 #include <functional>
 #include <memory>
-#include <vector>
 #include "secerr.h"
 #include "ssl.h"
 #include "sslerr.h"
@@ -85,13 +84,13 @@ class TlsAlertRecorder : public TlsRecordFilter {
 };
 
 class HelloTruncator : public TlsHandshakeFilter {
- public:
-  HelloTruncator()
-      : TlsHandshakeFilter(
-            {kTlsHandshakeClientHello, kTlsHandshakeServerHello}) {}
   PacketFilter::Action FilterHandshake(const HandshakeHeader& header,
                                        const DataBuffer& input,
                                        DataBuffer* output) override {
+    if (header.handshake_type() != kTlsHandshakeClientHello &&
+        header.handshake_type() != kTlsHandshakeServerHello) {
+      return KEEP;
+    }
     output->Assign(input.data(), input.len() - 1);
     return CHANGE;
   }
@@ -103,9 +102,9 @@ TEST_P(TlsConnectGeneric, CaptureAlertServer) {
   auto alert_recorder = std::make_shared<TlsAlertRecorder>();
   server_->SetPacketFilter(alert_recorder);
 
-  ConnectExpectAlert(server_, kTlsAlertDecodeError);
+  ConnectExpectAlert(server_, kTlsAlertIllegalParameter);
   EXPECT_EQ(kTlsAlertFatal, alert_recorder->level());
-  EXPECT_EQ(kTlsAlertDecodeError, alert_recorder->description());
+  EXPECT_EQ(kTlsAlertIllegalParameter, alert_recorder->description());
 }
 
 TEST_P(TlsConnectGenericPre13, CaptureAlertClient) {
@@ -124,7 +123,8 @@ TEST_P(TlsConnectTls13, CaptureAlertClient) {
   auto alert_recorder = std::make_shared<TlsAlertRecorder>();
   client_->SetPacketFilter(alert_recorder);
 
-  StartConnect();
+  server_->StartConnect();
+  client_->StartConnect();
 
   client_->Handshake();
   client_->ExpectSendAlert(kTlsAlertDecodeError);
@@ -166,107 +166,26 @@ TEST_P(TlsConnectDatagram, ConnectSrtp) {
   SendReceive();
 }
 
-TEST_P(TlsConnectGeneric, ConnectSendReceive) {
-  Connect();
-  SendReceive();
-}
-
-class SaveTlsRecord : public TlsRecordFilter {
- public:
-  SaveTlsRecord(size_t index) : index_(index), count_(0), contents_() {}
-
-  const DataBuffer& contents() const { return contents_; }
-
- protected:
-  PacketFilter::Action FilterRecord(const TlsRecordHeader& header,
-                                    const DataBuffer& data,
-                                    DataBuffer* changed) override {
-    if (count_++ == index_) {
-      contents_ = data;
-    }
-    return KEEP;
-  }
-
- private:
-  const size_t index_;
-  size_t count_;
-  DataBuffer contents_;
-};
-
-// Check that decrypting filters work and can read any record.
-// This test (currently) only works in TLS 1.3 where we can decrypt.
-TEST_F(TlsConnectStreamTls13, DecryptRecordClient) {
-  EnsureTlsSetup();
-  // 0 = ClientHello, 1 = Finished, 2 = SendReceive, 3 = SendBuffer
-  auto saved = std::make_shared<SaveTlsRecord>(3);
-  client_->SetTlsRecordFilter(saved);
-  Connect();
-  SendReceive();
-
-  static const uint8_t data[] = {0xde, 0xad, 0xdc};
-  DataBuffer buf(data, sizeof(data));
-  client_->SendBuffer(buf);
-  EXPECT_EQ(buf, saved->contents());
-}
-
-TEST_F(TlsConnectStreamTls13, DecryptRecordServer) {
-  EnsureTlsSetup();
-  // Disable tickets so that we are sure to not get NewSessionTicket.
-  EXPECT_EQ(SECSuccess, SSL_OptionSet(server_->ssl_fd(),
-                                      SSL_ENABLE_SESSION_TICKETS, PR_FALSE));
-  // 0 = ServerHello, 1 = other handshake, 2 = SendReceive, 3 = SendBuffer
-  auto saved = std::make_shared<SaveTlsRecord>(3);
-  server_->SetTlsRecordFilter(saved);
+// 1.3 is disabled in the next few tests because we don't
+// presently support resumption in 1.3.
+TEST_P(TlsConnectStreamPre13, ConnectAndClientRenegotiate) {
   Connect();
-  SendReceive();
-
-  static const uint8_t data[] = {0xde, 0xad, 0xd5};
-  DataBuffer buf(data, sizeof(data));
-  server_->SendBuffer(buf);
-  EXPECT_EQ(buf, saved->contents());
+  server_->PrepareForRenegotiate();
+  client_->StartRenegotiate();
+  Handshake();
+  CheckConnected();
 }
 
-class DropTlsRecord : public TlsRecordFilter {
- public:
-  DropTlsRecord(size_t index) : index_(index), count_(0) {}
-
- protected:
-  PacketFilter::Action FilterRecord(const TlsRecordHeader& header,
-                                    const DataBuffer& data,
-                                    DataBuffer* changed) override {
-    if (count_++ == index_) {
-      return DROP;
-    }
-    return KEEP;
-  }
-
- private:
-  const size_t index_;
-  size_t count_;
-};
-
-// Test that decrypting filters work correctly and are able to drop records.
-TEST_F(TlsConnectStreamTls13, DropRecordServer) {
-  EnsureTlsSetup();
-  // Disable session tickets so that the server doesn't send an extra record.
-  EXPECT_EQ(SECSuccess, SSL_OptionSet(server_->ssl_fd(),
-                                      SSL_ENABLE_SESSION_TICKETS, PR_FALSE));
-
-  // 0 = ServerHello, 1 = other handshake, 2 = first write
-  server_->SetTlsRecordFilter(std::make_shared<DropTlsRecord>(2));
+TEST_P(TlsConnectStreamPre13, ConnectAndServerRenegotiate) {
   Connect();
-  server_->SendData(23, 23);  // This should be dropped, so it won't be counted.
-  server_->ResetSentBytes();
-  SendReceive();
+  client_->PrepareForRenegotiate();
+  server_->StartRenegotiate();
+  Handshake();
+  CheckConnected();
 }
 
-TEST_F(TlsConnectStreamTls13, DropRecordClient) {
-  EnsureTlsSetup();
-  // 0 = ClientHello, 1 = Finished, 2 = first write
-  client_->SetTlsRecordFilter(std::make_shared<DropTlsRecord>(2));
+TEST_P(TlsConnectGeneric, ConnectSendReceive) {
   Connect();
-  client_->SendData(26, 26);  // This should be dropped, so it won't be counted.
-  client_->ResetSentBytes();
   SendReceive();
 }
 
@@ -305,70 +224,29 @@ TEST_P(TlsConnectStream, ShortRead) {
   ASSERT_EQ(50U, client_->received_bytes());
 }
 
-// We enable compression via the API but it's disabled internally,
-// so we should never get it.
-TEST_P(TlsConnectGeneric, ConnectWithCompressionEnabled) {
+TEST_P(TlsConnectGeneric, ConnectWithCompressionMaybe) {
   EnsureTlsSetup();
-  client_->SetOption(SSL_ENABLE_DEFLATE, PR_TRUE);
-  server_->SetOption(SSL_ENABLE_DEFLATE, PR_TRUE);
+  client_->EnableCompression();
+  server_->EnableCompression();
   Connect();
-  EXPECT_FALSE(client_->is_compressed());
+  EXPECT_EQ(client_->version() < SSL_LIBRARY_VERSION_TLS_1_3 &&
+                variant_ != ssl_variant_datagram,
+            client_->is_compressed());
   SendReceive();
 }
 
-class TlsHolddownTest : public TlsConnectDatagram {
- protected:
-  // This causes all timers to run to completion.  It advances the clock and
-  // handshakes on both peers until both peers have no more timers pending,
-  // which should happen at the end of a handshake.  This is necessary to ensure
-  // that the relatively long holddown timer expires, but that any other timers
-  // also expire and run correctly.
-  void RunAllTimersDown() {
-    while (true) {
-      PRIntervalTime time;
-      SECStatus rv = DTLS_GetHandshakeTimeout(client_->ssl_fd(), &time);
-      if (rv != SECSuccess) {
-        rv = DTLS_GetHandshakeTimeout(server_->ssl_fd(), &time);
-        if (rv != SECSuccess) {
-          break;  // Neither peer has an outstanding timer.
-        }
-      }
-
-      if (g_ssl_gtest_verbose) {
-        std::cerr << "Shifting timers" << std::endl;
-      }
-      ShiftDtlsTimers();
-      Handshake();
-    }
-  }
-};
-
-TEST_P(TlsHolddownTest, TestDtlsHolddownExpiry) {
+TEST_P(TlsConnectDatagram, TestDtlsHolddownExpiry) {
   Connect();
-  std::cerr << "Expiring holddown timer" << std::endl;
-  RunAllTimersDown();
+  std::cerr << "Expiring holddown timer\n";
+  SSLInt_ForceTimerExpiry(client_->ssl_fd());
+  SSLInt_ForceTimerExpiry(server_->ssl_fd());
   SendReceive();
   if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) {
     // One for send, one for receive.
-    EXPECT_EQ(2, SSLInt_CountCipherSpecs(client_->ssl_fd()));
+    EXPECT_EQ(2, SSLInt_CountTls13CipherSpecs(client_->ssl_fd()));
   }
 }
 
-TEST_P(TlsHolddownTest, TestDtlsHolddownExpiryResumption) {
-  ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
-  Connect();
-  SendReceive();
-
-  Reset();
-  ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
-  ExpectResumption(RESUME_TICKET);
-  Connect();
-  RunAllTimersDown();
-  SendReceive();
-  // One for send, one for receive.
-  EXPECT_EQ(2, SSLInt_CountCipherSpecs(client_->ssl_fd()));
-}
-
 class TlsPreCCSHeaderInjector : public TlsRecordFilter {
  public:
   TlsPreCCSHeaderInjector() {}
@@ -396,7 +274,8 @@ TEST_P(TlsConnectStreamPre13, ClientFinishedHeaderBeforeCCS) {
 
 TEST_P(TlsConnectStreamPre13, ServerFinishedHeaderBeforeCCS) {
   server_->SetPacketFilter(std::make_shared<TlsPreCCSHeaderInjector>());
-  StartConnect();
+  client_->StartConnect();
+  server_->StartConnect();
   ExpectAlert(client_, kTlsAlertUnexpectedMessage);
   Handshake();
   EXPECT_EQ(TlsAgent::STATE_ERROR, client_->state());
@@ -427,65 +306,21 @@ TEST_P(TlsConnectTls13, AlertWrongLevel) {
 
 TEST_F(TlsConnectStreamTls13, Tls13FailedWriteSecondFlight) {
   EnsureTlsSetup();
-  StartConnect();
+  client_->StartConnect();
+  server_->StartConnect();
   client_->Handshake();
   server_->Handshake();  // Send first flight.
-  client_->adapter()->SetWriteError(PR_IO_ERROR);
+  client_->adapter()->CloseWrites();
   client_->Handshake();  // This will get an error, but shouldn't crash.
   client_->CheckErrorCode(SSL_ERROR_SOCKET_WRITE_FAILURE);
 }
 
-TEST_P(TlsConnectDatagram, BlockedWrite) {
-  Connect();
-
-  // Mark the socket as blocked.
-  client_->adapter()->SetWriteError(PR_WOULD_BLOCK_ERROR);
-  static const uint8_t data[] = {1, 2, 3};
-  int32_t rv = PR_Write(client_->ssl_fd(), data, sizeof(data));
-  EXPECT_GT(0, rv);
-  EXPECT_EQ(PR_WOULD_BLOCK_ERROR, PORT_GetError());
-
-  // Remove the write error and though the previous write failed, future reads
-  // and writes should just work as if it never happened.
-  client_->adapter()->SetWriteError(0);
-  SendReceive();
-}
-
-TEST_F(TlsConnectTest, ConnectSSLv3) {
-  ConfigureVersion(SSL_LIBRARY_VERSION_3_0);
-  EnableOnlyStaticRsaCiphers();
+TEST_F(TlsConnectStreamTls13, NegotiateShortHeaders) {
+  client_->SetShortHeadersEnabled();
+  server_->SetShortHeadersEnabled();
+  client_->ExpectShortHeaders();
+  server_->ExpectShortHeaders();
   Connect();
-  CheckKeys(ssl_kea_rsa, ssl_grp_none, ssl_auth_rsa_decrypt, ssl_sig_none);
-}
-
-TEST_F(TlsConnectTest, ConnectSSLv3ClientAuth) {
-  ConfigureVersion(SSL_LIBRARY_VERSION_3_0);
-  EnableOnlyStaticRsaCiphers();
-  client_->SetupClientAuth();
-  server_->RequestClientAuth(true);
-  Connect();
-  CheckKeys(ssl_kea_rsa, ssl_grp_none, ssl_auth_rsa_decrypt, ssl_sig_none);
-}
-
-static size_t ExpectedCbcLen(size_t in, size_t hmac = 20, size_t block = 16) {
-  // MAC-then-Encrypt expansion formula:
-  return ((in + hmac + (block - 1)) / block) * block;
-}
-
-TEST_F(TlsConnectTest, OneNRecordSplitting) {
-  ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_0);
-  EnsureTlsSetup();
-  ConnectWithCipherSuite(TLS_RSA_WITH_AES_128_CBC_SHA);
-  auto records = std::make_shared<TlsRecordRecorder>();
-  server_->SetPacketFilter(records);
-  // This should be split into 1, 16384 and 20.
-  DataBuffer big_buffer;
-  big_buffer.Allocate(1 + 16384 + 20);
-  server_->SendBuffer(big_buffer);
-  ASSERT_EQ(3U, records->count());
-  EXPECT_EQ(ExpectedCbcLen(1), records->record(0).buffer.len());
-  EXPECT_EQ(ExpectedCbcLen(16384), records->record(1).buffer.len());
-  EXPECT_EQ(ExpectedCbcLen(20), records->record(2).buffer.len());
 }
 
 INSTANTIATE_TEST_CASE_P(
@@ -501,8 +336,6 @@ INSTANTIATE_TEST_CASE_P(StreamOnly, TlsConnectStream,
                         TlsConnectTestBase::kTlsVAll);
 INSTANTIATE_TEST_CASE_P(DatagramOnly, TlsConnectDatagram,
                         TlsConnectTestBase::kTlsV11Plus);
-INSTANTIATE_TEST_CASE_P(DatagramHolddown, TlsHolddownTest,
-                        TlsConnectTestBase::kTlsV11Plus);
 
 INSTANTIATE_TEST_CASE_P(
     Pre12Stream, TlsConnectPre12,
diff --git a/security/nss/gtests/ssl_gtest/ssl_misc_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_misc_unittest.cc
deleted file mode 100644
index 2b1b92dcd..000000000
--- a/security/nss/gtests/ssl_gtest/ssl_misc_unittest.cc
+++ /dev/null
@@ -1,20 +0,0 @@
-/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/* vim: set ts=2 et sw=2 tw=80: */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this file,
- * You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "sslexp.h"
-
-#include "gtest_utils.h"
-
-namespace nss_test {
-
-class MiscTest : public ::testing::Test {};
-
-TEST_F(MiscTest, NonExistentExperimentalAPI) {
-  EXPECT_EQ(nullptr, SSL_GetExperimentalAPI("blah"));
-  EXPECT_EQ(SSL_ERROR_UNSUPPORTED_EXPERIMENTAL_API, PORT_GetError());
-}
-
-}  // namespace nss_test
diff --git a/security/nss/gtests/ssl_gtest/ssl_record_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_record_unittest.cc
index d1d496f49..ef81b222c 100644
--- a/security/nss/gtests/ssl_gtest/ssl_record_unittest.cc
+++ b/security/nss/gtests/ssl_gtest/ssl_record_unittest.cc
@@ -10,8 +10,6 @@
 
 #include "databuffer.h"
 #include "gtest_utils.h"
-#include "tls_connect.h"
-#include "tls_filter.h"
 
 namespace nss_test {
 
@@ -53,8 +51,8 @@ class TlsPaddingTest
               << " total length=" << plaintext_.len() << std::endl;
     std::cerr << "Plaintext: " << plaintext_ << std::endl;
     sslBuffer s;
-    s.buf = const_cast<unsigned char*>(
-        static_cast<const unsigned char*>(plaintext_.data()));
+    s.buf = const_cast<unsigned char *>(
+        static_cast<const unsigned char *>(plaintext_.data()));
     s.len = plaintext_.len();
     SECStatus rv = ssl_RemoveTLSCBCPadding(&s, kMacSize);
     if (expect_success) {
@@ -101,73 +99,6 @@ TEST_P(TlsPaddingTest, LastByteOfPadWrong) {
   }
 }
 
-class RecordReplacer : public TlsRecordFilter {
- public:
-  RecordReplacer(size_t size)
-      : TlsRecordFilter(), enabled_(false), size_(size) {}
-
-  PacketFilter::Action FilterRecord(const TlsRecordHeader& header,
-                                    const DataBuffer& data,
-                                    DataBuffer* changed) override {
-    if (!enabled_) {
-      return KEEP;
-    }
-
-    EXPECT_EQ(kTlsApplicationDataType, header.content_type());
-    changed->Allocate(size_);
-
-    for (size_t i = 0; i < size_; ++i) {
-      changed->data()[i] = i & 0xff;
-    }
-
-    enabled_ = false;
-    return CHANGE;
-  }
-
-  void Enable() { enabled_ = true; }
-
- private:
-  bool enabled_;
-  size_t size_;
-};
-
-TEST_F(TlsConnectStreamTls13, LargeRecord) {
-  EnsureTlsSetup();
-
-  const size_t record_limit = 16384;
-  auto replacer = std::make_shared<RecordReplacer>(record_limit);
-  client_->SetTlsRecordFilter(replacer);
-  Connect();
-
-  replacer->Enable();
-  client_->SendData(10);
-  WAIT_(server_->received_bytes() == record_limit, 2000);
-  ASSERT_EQ(record_limit, server_->received_bytes());
-}
-
-TEST_F(TlsConnectStreamTls13, TooLargeRecord) {
-  EnsureTlsSetup();
-
-  const size_t record_limit = 16384;
-  auto replacer = std::make_shared<RecordReplacer>(record_limit + 1);
-  client_->SetTlsRecordFilter(replacer);
-  Connect();
-
-  replacer->Enable();
-  ExpectAlert(server_, kTlsAlertRecordOverflow);
-  client_->SendData(10);  // This is expanded.
-
-  uint8_t buf[record_limit + 2];
-  PRInt32 rv = PR_Read(server_->ssl_fd(), buf, sizeof(buf));
-  EXPECT_GT(0, rv);
-  EXPECT_EQ(SSL_ERROR_RX_RECORD_TOO_LONG, PORT_GetError());
-
-  // Read the server alert.
-  rv = PR_Read(client_->ssl_fd(), buf, sizeof(buf));
-  EXPECT_GT(0, rv);
-  EXPECT_EQ(SSL_ERROR_RECORD_OVERFLOW_ALERT, PORT_GetError());
-}
-
 const static size_t kContentSizesArr[] = {
     1, kMacSize - 1, kMacSize, 30, 31, 32, 36, 256, 257, 287, 288};
 
diff --git a/security/nss/gtests/ssl_gtest/ssl_renegotiation_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_renegotiation_unittest.cc
deleted file mode 100644
index a902a5f7f..000000000
--- a/security/nss/gtests/ssl_gtest/ssl_renegotiation_unittest.cc
+++ /dev/null
@@ -1,212 +0,0 @@
-/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/* vim: set ts=2 et sw=2 tw=80: */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this file,
- * You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include <functional>
-#include <memory>
-#include "secerr.h"
-#include "ssl.h"
-#include "sslerr.h"
-#include "sslproto.h"
-
-#include "gtest_utils.h"
-#include "tls_connect.h"
-
-namespace nss_test {
-
-// 1.3 is disabled in the next few tests because we don't
-// presently support resumption in 1.3.
-TEST_P(TlsConnectStreamPre13, RenegotiateClient) {
-  Connect();
-  server_->PrepareForRenegotiate();
-  client_->StartRenegotiate();
-  Handshake();
-  CheckConnected();
-}
-
-TEST_P(TlsConnectStreamPre13, RenegotiateServer) {
-  Connect();
-  client_->PrepareForRenegotiate();
-  server_->StartRenegotiate();
-  Handshake();
-  CheckConnected();
-}
-
-// The renegotiation options shouldn't cause an error if TLS 1.3 is chosen.
-TEST_F(TlsConnectTest, RenegotiationConfigTls13) {
-  EnsureTlsSetup();
-  ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
-  server_->SetOption(SSL_ENABLE_RENEGOTIATION, SSL_RENEGOTIATE_UNRESTRICTED);
-  server_->SetOption(SSL_REQUIRE_SAFE_NEGOTIATION, PR_TRUE);
-  Connect();
-  SendReceive();
-  CheckKeys();
-}
-
-TEST_P(TlsConnectStream, ConnectTls10AndServerRenegotiateHigher) {
-  if (version_ == SSL_LIBRARY_VERSION_TLS_1_0) {
-    return;
-  }
-  // Set the client so it will accept any version from 1.0
-  // to |version_|.
-  client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_0, version_);
-  server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_0,
-                           SSL_LIBRARY_VERSION_TLS_1_0);
-  // Reset version so that the checks succeed.
-  uint16_t test_version = version_;
-  version_ = SSL_LIBRARY_VERSION_TLS_1_0;
-  Connect();
-
-  // Now renegotiate, with the server being set to do
-  // |version_|.
-  client_->PrepareForRenegotiate();
-  server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_0, test_version);
-  // Reset version and cipher suite so that the preinfo callback
-  // doesn't fail.
-  server_->ResetPreliminaryInfo();
-  server_->StartRenegotiate();
-
-  if (test_version >= SSL_LIBRARY_VERSION_TLS_1_3) {
-    ExpectAlert(server_, kTlsAlertUnexpectedMessage);
-  } else {
-    ExpectAlert(server_, kTlsAlertProtocolVersion);
-  }
-
-  Handshake();
-  if (test_version >= SSL_LIBRARY_VERSION_TLS_1_3) {
-    // In TLS 1.3, the server detects this problem.
-    client_->CheckErrorCode(SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT);
-    server_->CheckErrorCode(SSL_ERROR_RENEGOTIATION_NOT_ALLOWED);
-  } else {
-    client_->CheckErrorCode(SSL_ERROR_PROTOCOL_VERSION_ALERT);
-    server_->CheckErrorCode(SSL_ERROR_UNSUPPORTED_VERSION);
-  }
-}
-
-TEST_P(TlsConnectStream, ConnectTls10AndClientRenegotiateHigher) {
-  if (version_ == SSL_LIBRARY_VERSION_TLS_1_0) {
-    return;
-  }
-  // Set the client so it will accept any version from 1.0
-  // to |version_|.
-  client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_0, version_);
-  server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_0,
-                           SSL_LIBRARY_VERSION_TLS_1_0);
-  // Reset version so that the checks succeed.
-  uint16_t test_version = version_;
-  version_ = SSL_LIBRARY_VERSION_TLS_1_0;
-  Connect();
-
-  // Now renegotiate, with the server being set to do
-  // |version_|.
-  server_->PrepareForRenegotiate();
-  server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_0, test_version);
-  // Reset version and cipher suite so that the preinfo callback
-  // doesn't fail.
-  server_->ResetPreliminaryInfo();
-  client_->StartRenegotiate();
-  if (test_version >= SSL_LIBRARY_VERSION_TLS_1_3) {
-    ExpectAlert(server_, kTlsAlertUnexpectedMessage);
-  } else {
-    ExpectAlert(server_, kTlsAlertProtocolVersion);
-  }
-  Handshake();
-  if (test_version >= SSL_LIBRARY_VERSION_TLS_1_3) {
-    // In TLS 1.3, the server detects this problem.
-    client_->CheckErrorCode(SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT);
-    server_->CheckErrorCode(SSL_ERROR_RENEGOTIATION_NOT_ALLOWED);
-  } else {
-    client_->CheckErrorCode(SSL_ERROR_PROTOCOL_VERSION_ALERT);
-    server_->CheckErrorCode(SSL_ERROR_UNSUPPORTED_VERSION);
-  }
-}
-
-TEST_P(TlsConnectStream, ConnectAndServerRenegotiateLower) {
-  if (version_ == SSL_LIBRARY_VERSION_TLS_1_0) {
-    return;
-  }
-  Connect();
-
-  // Now renegotiate with the server set to TLS 1.0.
-  client_->PrepareForRenegotiate();
-  server_->PrepareForRenegotiate();
-  client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_0, version_);
-  // Reset version and cipher suite so that the preinfo callback
-  // doesn't fail.
-  server_->ResetPreliminaryInfo();
-
-  SECStatus rv = SSL_ReHandshake(server_->ssl_fd(), PR_TRUE);
-  if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) {
-    EXPECT_EQ(SECFailure, rv);
-    return;
-  }
-  ASSERT_EQ(SECSuccess, rv);
-
-  // Now, before handshaking, tweak the server configuration.
-  server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_0,
-                           SSL_LIBRARY_VERSION_TLS_1_0);
-
-  // The server should catch the own error.
-  ExpectAlert(server_, kTlsAlertProtocolVersion);
-
-  Handshake();
-  client_->CheckErrorCode(SSL_ERROR_PROTOCOL_VERSION_ALERT);
-  server_->CheckErrorCode(SSL_ERROR_UNSUPPORTED_VERSION);
-}
-
-TEST_P(TlsConnectStream, ConnectAndServerWontRenegotiateLower) {
-  if (version_ == SSL_LIBRARY_VERSION_TLS_1_0) {
-    return;
-  }
-  Connect();
-
-  // Now renegotiate with the server set to TLS 1.0.
-  client_->PrepareForRenegotiate();
-  server_->PrepareForRenegotiate();
-  client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_0, version_);
-  server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_0,
-                           SSL_LIBRARY_VERSION_TLS_1_0);
-  // Reset version and cipher suite so that the preinfo callback
-  // doesn't fail.
-  server_->ResetPreliminaryInfo();
-
-  EXPECT_EQ(SECFailure, SSL_ReHandshake(server_->ssl_fd(), PR_TRUE));
-}
-
-TEST_P(TlsConnectStream, ConnectAndClientWontRenegotiateLower) {
-  if (version_ == SSL_LIBRARY_VERSION_TLS_1_0) {
-    return;
-  }
-  Connect();
-
-  // Now renegotiate with the client set to TLS 1.0.
-  client_->PrepareForRenegotiate();
-  server_->PrepareForRenegotiate();
-  server_->ResetPreliminaryInfo();
-  client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_0,
-                           SSL_LIBRARY_VERSION_TLS_1_0);
-  // The client will refuse to renegotiate down.
-  EXPECT_EQ(SECFailure, SSL_ReHandshake(client_->ssl_fd(), PR_TRUE));
-}
-
-TEST_F(TlsConnectTest, Tls13RejectsRehandshakeClient) {
-  EnsureTlsSetup();
-  ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
-  Connect();
-  SECStatus rv = SSL_ReHandshake(client_->ssl_fd(), PR_TRUE);
-  EXPECT_EQ(SECFailure, rv);
-  EXPECT_EQ(SSL_ERROR_RENEGOTIATION_NOT_ALLOWED, PORT_GetError());
-}
-
-TEST_F(TlsConnectTest, Tls13RejectsRehandshakeServer) {
-  EnsureTlsSetup();
-  ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
-  Connect();
-  SECStatus rv = SSL_ReHandshake(server_->ssl_fd(), PR_TRUE);
-  EXPECT_EQ(SECFailure, rv);
-  EXPECT_EQ(SSL_ERROR_RENEGOTIATION_NOT_ALLOWED, PORT_GetError());
-}
-
-}  // namespace nss_test
diff --git a/security/nss/gtests/ssl_gtest/ssl_resumption_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_resumption_unittest.cc
index a413caf2c..ce0e3ca8d 100644
--- a/security/nss/gtests/ssl_gtest/ssl_resumption_unittest.cc
+++ b/security/nss/gtests/ssl_gtest/ssl_resumption_unittest.cc
@@ -9,7 +9,6 @@
 #include "secerr.h"
 #include "ssl.h"
 #include "sslerr.h"
-#include "sslexp.h"
 #include "sslproto.h"
 
 extern "C" {
@@ -247,7 +246,8 @@ TEST_P(TlsConnectGeneric, ConnectWithExpiredTicketAtServer) {
                              : ssl_session_ticket_xtn;
   auto capture = std::make_shared<TlsExtensionCapture>(xtn);
   client_->SetPacketFilter(capture);
-  StartConnect();
+  client_->StartConnect();
+  server_->StartConnect();
   client_->Handshake();
   EXPECT_TRUE(capture->captured());
   EXPECT_LT(0U, capture->extension().len());
@@ -355,7 +355,10 @@ TEST_P(TlsConnectGenericPre13, ConnectEcdheTwiceReuseKey) {
 
 // This test parses the ServerKeyExchange, which isn't in 1.3
 TEST_P(TlsConnectGenericPre13, ConnectEcdheTwiceNewKey) {
-  server_->SetOption(SSL_REUSE_SERVER_ECDHE_KEY, PR_FALSE);
+  server_->EnsureTlsSetup();
+  SECStatus rv =
+      SSL_OptionSet(server_->ssl_fd(), SSL_REUSE_SERVER_ECDHE_KEY, PR_FALSE);
+  EXPECT_EQ(SECSuccess, rv);
   auto i1 = std::make_shared<TlsInspectorRecordHandshakeMessage>(
       kTlsHandshakeServerKeyExchange);
   server_->SetPacketFilter(i1);
@@ -366,7 +369,9 @@ TEST_P(TlsConnectGenericPre13, ConnectEcdheTwiceNewKey) {
 
   // Restart
   Reset();
-  server_->SetOption(SSL_REUSE_SERVER_ECDHE_KEY, PR_FALSE);
+  server_->EnsureTlsSetup();
+  rv = SSL_OptionSet(server_->ssl_fd(), SSL_REUSE_SERVER_ECDHE_KEY, PR_FALSE);
+  EXPECT_EQ(SECSuccess, rv);
   auto i2 = std::make_shared<TlsInspectorRecordHandshakeMessage>(
       kTlsHandshakeServerKeyExchange);
   server_->SetPacketFilter(i2);
@@ -396,8 +401,7 @@ TEST_P(TlsConnectTls13, TestTls13ResumeDifferentGroup) {
   client_->ConfigNamedGroups(kFFDHEGroups);
   server_->ConfigNamedGroups(kFFDHEGroups);
   Connect();
-  CheckKeys(ssl_kea_dh, ssl_grp_ffdhe_2048, ssl_auth_rsa_sign,
-            ssl_sig_rsa_pss_sha256);
+  CheckKeys(ssl_kea_dh, ssl_grp_ffdhe_2048, ssl_auth_rsa_sign, ssl_sig_none);
 }
 
 // We need to enable different cipher suites at different times in the following
@@ -457,6 +461,36 @@ TEST_P(TlsConnectGeneric, TestResumeServerDifferentCipher) {
   CheckKeys();
 }
 
+class SelectedCipherSuiteReplacer : public TlsHandshakeFilter {
+ public:
+  SelectedCipherSuiteReplacer(uint16_t suite) : cipher_suite_(suite) {}
+
+ protected:
+  PacketFilter::Action FilterHandshake(const HandshakeHeader& header,
+                                       const DataBuffer& input,
+                                       DataBuffer* output) override {
+    if (header.handshake_type() != kTlsHandshakeServerHello) {
+      return KEEP;
+    }
+
+    *output = input;
+    uint32_t temp = 0;
+    EXPECT_TRUE(input.Read(0, 2, &temp));
+    // Cipher suite is after version(2) and random(32).
+    size_t pos = 34;
+    if (temp < SSL_LIBRARY_VERSION_TLS_1_3) {
+      // In old versions, we have to skip a session_id too.
+      EXPECT_TRUE(input.Read(pos, 1, &temp));
+      pos += 1 + temp;
+    }
+    output->Write(pos, static_cast<uint32_t>(cipher_suite_), 2);
+    return CHANGE;
+  }
+
+ private:
+  uint16_t cipher_suite_;
+};
+
 // Test that the client doesn't tolerate the server picking a different cipher
 // suite for resumption.
 TEST_P(TlsConnectStream, TestResumptionOverrideCipher) {
@@ -490,13 +524,16 @@ TEST_P(TlsConnectStream, TestResumptionOverrideCipher) {
 
 class SelectedVersionReplacer : public TlsHandshakeFilter {
  public:
-  SelectedVersionReplacer(uint16_t version)
-      : TlsHandshakeFilter({kTlsHandshakeServerHello}), version_(version) {}
+  SelectedVersionReplacer(uint16_t version) : version_(version) {}
 
  protected:
   PacketFilter::Action FilterHandshake(const HandshakeHeader& header,
                                        const DataBuffer& input,
                                        DataBuffer* output) override {
+    if (header.handshake_type() != kTlsHandshakeServerHello) {
+      return KEEP;
+    }
+
     *output = input;
     output->Write(0, static_cast<uint32_t>(version_), 2);
     return CHANGE;
@@ -572,7 +609,7 @@ TEST_F(TlsConnectTest, TestTls13ResumptionTwice) {
   Connect();
   SendReceive();
   CheckKeys(ssl_kea_ecdh, ssl_grp_ec_curve25519, ssl_auth_rsa_sign,
-            ssl_sig_rsa_pss_sha256);
+            ssl_sig_none);
   // The filter will go away when we reset, so save the captured extension.
   DataBuffer initialTicket(c1->extension());
   ASSERT_LT(0U, initialTicket.len());
@@ -590,7 +627,7 @@ TEST_F(TlsConnectTest, TestTls13ResumptionTwice) {
   Connect();
   SendReceive();
   CheckKeys(ssl_kea_ecdh, ssl_grp_ec_curve25519, ssl_auth_rsa_sign,
-            ssl_sig_rsa_pss_sha256);
+            ssl_sig_none);
   ASSERT_LT(0U, c2->extension().len());
 
   ScopedCERTCertificate cert2(SSL_PeerCertificate(client_->ssl_fd()));
@@ -615,158 +652,18 @@ TEST_F(TlsConnectTest, TestTls13ResumptionDuplicateNST) {
 
   // Clear the session ticket keys to invalidate the old ticket.
   SSLInt_ClearSelfEncryptKey();
-  SSL_SendSessionTicket(server_->ssl_fd(), NULL, 0);
-
-  SendReceive();  // Need to read so that we absorb the session tickets.
-  CheckKeys();
-
-  // Resume the connection.
-  Reset();
-  ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
-  ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
-  ExpectResumption(RESUME_TICKET);
-  Connect();
-  SendReceive();
-}
-
-// Check that the value captured in a NewSessionTicket message matches the value
-// captured from a pre_shared_key extension.
-void NstTicketMatchesPskIdentity(const DataBuffer& nst, const DataBuffer& psk) {
-  uint32_t len;
-
-  size_t offset = 4 + 4;  // Skip ticket_lifetime and ticket_age_add.
-  ASSERT_TRUE(nst.Read(offset, 1, &len));
-  offset += 1 + len;  // Skip ticket_nonce.
-
-  ASSERT_TRUE(nst.Read(offset, 2, &len));
-  offset += 2;  // Skip the ticket length.
-  ASSERT_LE(offset + len, nst.len());
-  DataBuffer nst_ticket(nst.data() + offset, static_cast<size_t>(len));
-
-  offset = 2;  // Skip the identities length.
-  ASSERT_TRUE(psk.Read(offset, 2, &len));
-  offset += 2;  // Skip the identity length.
-  ASSERT_LE(offset + len, psk.len());
-  DataBuffer psk_ticket(psk.data() + offset, static_cast<size_t>(len));
-
-  EXPECT_EQ(nst_ticket, psk_ticket);
-}
-
-TEST_F(TlsConnectTest, TestTls13ResumptionDuplicateNSTWithToken) {
-  ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
-  ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
-
-  auto nst_capture = std::make_shared<TlsInspectorRecordHandshakeMessage>(
-      ssl_hs_new_session_ticket);
-  server_->SetTlsRecordFilter(nst_capture);
-  Connect();
-
-  // Clear the session ticket keys to invalidate the old ticket.
-  SSLInt_ClearSelfEncryptKey();
-  nst_capture->Reset();
-  uint8_t token[] = {0x20, 0x20, 0xff, 0x00};
-  EXPECT_EQ(SECSuccess,
-            SSL_SendSessionTicket(server_->ssl_fd(), token, sizeof(token)));
+  SSLInt_SendNewSessionTicket(server_->ssl_fd());
 
   SendReceive();  // Need to read so that we absorb the session tickets.
   CheckKeys();
-  EXPECT_LT(0U, nst_capture->buffer().len());
 
   // Resume the connection.
   Reset();
   ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
   ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
   ExpectResumption(RESUME_TICKET);
-
-  auto psk_capture =
-      std::make_shared<TlsExtensionCapture>(ssl_tls13_pre_shared_key_xtn);
-  client_->SetPacketFilter(psk_capture);
   Connect();
   SendReceive();
-
-  NstTicketMatchesPskIdentity(nst_capture->buffer(), psk_capture->extension());
-}
-
-// Disable SSL_ENABLE_SESSION_TICKETS but ensure that tickets can still be sent
-// by invoking SSL_SendSessionTicket directly (and that the ticket is usable).
-TEST_F(TlsConnectTest, SendSessionTicketWithTicketsDisabled) {
-  ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
-  ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
-
-  EXPECT_EQ(SECSuccess, SSL_OptionSet(server_->ssl_fd(),
-                                      SSL_ENABLE_SESSION_TICKETS, PR_FALSE));
-
-  auto nst_capture = std::make_shared<TlsInspectorRecordHandshakeMessage>(
-      ssl_hs_new_session_ticket);
-  server_->SetTlsRecordFilter(nst_capture);
-  Connect();
-
-  EXPECT_EQ(0U, nst_capture->buffer().len()) << "expect nothing captured yet";
-
-  EXPECT_EQ(SECSuccess, SSL_SendSessionTicket(server_->ssl_fd(), NULL, 0));
-  EXPECT_LT(0U, nst_capture->buffer().len()) << "should capture now";
-
-  SendReceive();  // Ensure that the client reads the ticket.
-
-  // Resume the connection.
-  Reset();
-  ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
-  ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
-  ExpectResumption(RESUME_TICKET);
-
-  auto psk_capture =
-      std::make_shared<TlsExtensionCapture>(ssl_tls13_pre_shared_key_xtn);
-  client_->SetPacketFilter(psk_capture);
-  Connect();
-  SendReceive();
-
-  NstTicketMatchesPskIdentity(nst_capture->buffer(), psk_capture->extension());
-}
-
-// Test calling SSL_SendSessionTicket in inappropriate conditions.
-TEST_F(TlsConnectTest, SendSessionTicketInappropriate) {
-  ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
-  ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_2);
-
-  EXPECT_EQ(SECFailure, SSL_SendSessionTicket(client_->ssl_fd(), NULL, 0))
-      << "clients can't send tickets";
-  EXPECT_EQ(SEC_ERROR_INVALID_ARGS, PORT_GetError());
-
-  StartConnect();
-
-  EXPECT_EQ(SECFailure, SSL_SendSessionTicket(server_->ssl_fd(), NULL, 0))
-      << "no ticket before the handshake has started";
-  EXPECT_EQ(SEC_ERROR_INVALID_ARGS, PORT_GetError());
-  Handshake();
-  EXPECT_EQ(SECFailure, SSL_SendSessionTicket(server_->ssl_fd(), NULL, 0))
-      << "no special tickets in TLS 1.2";
-  EXPECT_EQ(SEC_ERROR_INVALID_ARGS, PORT_GetError());
-}
-
-TEST_F(TlsConnectTest, SendSessionTicketMassiveToken) {
-  ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
-  ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
-  Connect();
-  // It should be safe to set length with a NULL token because the length should
-  // be checked before reading token.
-  EXPECT_EQ(SECFailure, SSL_SendSessionTicket(server_->ssl_fd(), NULL, 0x1ffff))
-      << "this is clearly too big";
-  EXPECT_EQ(SEC_ERROR_INVALID_ARGS, PORT_GetError());
-
-  static const uint8_t big_token[0xffff] = {1};
-  EXPECT_EQ(SECFailure, SSL_SendSessionTicket(server_->ssl_fd(), big_token,
-                                              sizeof(big_token)))
-      << "this is too big, but that's not immediately obvious";
-  EXPECT_EQ(SEC_ERROR_INVALID_ARGS, PORT_GetError());
-}
-
-TEST_F(TlsConnectDatagram13, SendSessionTicketDtls) {
-  ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
-  ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
-  Connect();
-  EXPECT_EQ(SECFailure, SSL_SendSessionTicket(server_->ssl_fd(), NULL, 0))
-      << "no extra tickets in DTLS until we have Ack support";
-  EXPECT_EQ(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_VERSION, PORT_GetError());
 }
 
 TEST_F(TlsConnectTest, TestTls13ResumptionDowngrade) {
@@ -822,84 +719,13 @@ TEST_F(TlsConnectTest, TestTls13ResumptionForcedDowngrade) {
       TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256));
   filters.push_back(
       std::make_shared<SelectedVersionReplacer>(SSL_LIBRARY_VERSION_TLS_1_2));
-
-  // Drop a bunch of extensions so that we get past the SH processing.  The
-  // version extension says TLS 1.3, which is counter to our goal, the others
-  // are not permitted in TLS 1.2 handshakes.
-  filters.push_back(
-      std::make_shared<TlsExtensionDropper>(ssl_tls13_supported_versions_xtn));
-  filters.push_back(
-      std::make_shared<TlsExtensionDropper>(ssl_tls13_key_share_xtn));
-  filters.push_back(
-      std::make_shared<TlsExtensionDropper>(ssl_tls13_pre_shared_key_xtn));
   server_->SetPacketFilter(std::make_shared<ChainedPacketFilter>(filters));
 
-  // The client here generates an unexpected_message alert when it receives an
-  // encrypted handshake message from the server (EncryptedExtension).  The
-  // client expects to receive an unencrypted TLS 1.2 Certificate message.
-  // The server can't decrypt the alert.
-  client_->ExpectSendAlert(kTlsAlertUnexpectedMessage);
+  client_->ExpectSendAlert(kTlsAlertDecodeError);
   server_->ExpectSendAlert(kTlsAlertBadRecordMac);  // Server can't read
   ConnectExpectFail();
-  client_->CheckErrorCode(SSL_ERROR_RX_UNEXPECTED_APPLICATION_DATA);
+  client_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_SERVER_HELLO);
   server_->CheckErrorCode(SSL_ERROR_BAD_MAC_READ);
 }
 
-TEST_P(TlsConnectGeneric, ReConnectTicket) {
-  ConfigureSessionCache(RESUME_BOTH, RESUME_BOTH);
-  server_->EnableSingleCipher(ChooseOneCipher(version_));
-  Connect();
-  SendReceive();
-  CheckKeys(ssl_kea_ecdh, ssl_grp_ec_curve25519, ssl_auth_rsa_sign,
-            ssl_sig_rsa_pss_sha256);
-  // Resume
-  Reset();
-  ConfigureSessionCache(RESUME_BOTH, RESUME_BOTH);
-  ExpectResumption(RESUME_TICKET);
-  Connect();
-  // Only the client knows this.
-  CheckKeysResumption(ssl_kea_ecdh, ssl_grp_none, ssl_grp_ec_curve25519,
-                      ssl_auth_rsa_sign, ssl_sig_rsa_pss_sha256);
-}
-
-TEST_P(TlsConnectGenericPre13, ReConnectCache) {
-  ConfigureSessionCache(RESUME_SESSIONID, RESUME_SESSIONID);
-  server_->EnableSingleCipher(ChooseOneCipher(version_));
-  Connect();
-  SendReceive();
-  CheckKeys(ssl_kea_ecdh, ssl_grp_ec_curve25519, ssl_auth_rsa_sign,
-            ssl_sig_rsa_pss_sha256);
-  // Resume
-  Reset();
-  ExpectResumption(RESUME_SESSIONID);
-  Connect();
-  CheckKeysResumption(ssl_kea_ecdh, ssl_grp_none, ssl_grp_ec_curve25519,
-                      ssl_auth_rsa_sign, ssl_sig_rsa_pss_sha256);
-}
-
-TEST_P(TlsConnectGeneric, ReConnectAgainTicket) {
-  ConfigureSessionCache(RESUME_BOTH, RESUME_BOTH);
-  server_->EnableSingleCipher(ChooseOneCipher(version_));
-  Connect();
-  SendReceive();
-  CheckKeys(ssl_kea_ecdh, ssl_grp_ec_curve25519, ssl_auth_rsa_sign,
-            ssl_sig_rsa_pss_sha256);
-  // Resume
-  Reset();
-  ConfigureSessionCache(RESUME_BOTH, RESUME_BOTH);
-  ExpectResumption(RESUME_TICKET);
-  Connect();
-  // Only the client knows this.
-  CheckKeysResumption(ssl_kea_ecdh, ssl_grp_none, ssl_grp_ec_curve25519,
-                      ssl_auth_rsa_sign, ssl_sig_rsa_pss_sha256);
-  // Resume connection again
-  Reset();
-  ConfigureSessionCache(RESUME_BOTH, RESUME_BOTH);
-  ExpectResumption(RESUME_TICKET, 2);
-  Connect();
-  // Only the client knows this.
-  CheckKeysResumption(ssl_kea_ecdh, ssl_grp_none, ssl_grp_ec_curve25519,
-                      ssl_auth_rsa_sign, ssl_sig_rsa_pss_sha256);
-}
-
 }  // namespace nss_test
diff --git a/security/nss/gtests/ssl_gtest/ssl_skip_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_skip_unittest.cc
index 335bfecfa..a130ef77f 100644
--- a/security/nss/gtests/ssl_gtest/ssl_skip_unittest.cc
+++ b/security/nss/gtests/ssl_gtest/ssl_skip_unittest.cc
@@ -43,14 +43,7 @@ class TlsHandshakeSkipFilter : public TlsRecordFilter {
       size_t start = parser.consumed();
       TlsHandshakeFilter::HandshakeHeader header;
       DataBuffer ignored;
-      bool complete = false;
-      if (!header.Parse(&parser, record_header, DataBuffer(), &ignored,
-                        &complete)) {
-        ADD_FAILURE() << "Error parsing handshake header";
-        return KEEP;
-      }
-      if (!complete) {
-        ADD_FAILURE() << "Don't want to deal with fragmented input";
+      if (!header.Parse(&parser, record_header, &ignored)) {
         return KEEP;
       }
 
@@ -108,15 +101,26 @@ class Tls13SkipTest : public TlsConnectTestBase,
   void ServerSkipTest(std::shared_ptr<TlsRecordFilter> filter, int32_t error) {
     EnsureTlsSetup();
     server_->SetTlsRecordFilter(filter);
-    ExpectAlert(client_, kTlsAlertUnexpectedMessage);
-    ConnectExpectFail();
+    filter->EnableDecryption();
+    client_->ExpectSendAlert(kTlsAlertUnexpectedMessage);
+    if (variant_ == ssl_variant_stream) {
+      server_->ExpectSendAlert(kTlsAlertBadRecordMac);
+      ConnectExpectFail();
+    } else {
+      ConnectExpectFailOneSide(TlsAgent::CLIENT);
+    }
     client_->CheckErrorCode(error);
-    server_->CheckErrorCode(SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT);
+    if (variant_ == ssl_variant_stream) {
+      server_->CheckErrorCode(SSL_ERROR_BAD_MAC_READ);
+    } else {
+      ASSERT_EQ(TlsAgent::STATE_CONNECTING, server_->state());
+    }
   }
 
   void ClientSkipTest(std::shared_ptr<TlsRecordFilter> filter, int32_t error) {
     EnsureTlsSetup();
     client_->SetTlsRecordFilter(filter);
+    filter->EnableDecryption();
     server_->ExpectSendAlert(kTlsAlertUnexpectedMessage);
     ConnectExpectFailOneSide(TlsAgent::SERVER);
 
@@ -167,10 +171,11 @@ TEST_P(TlsSkipTest, SkipServerKeyExchangeEcdsa) {
 }
 
 TEST_P(TlsSkipTest, SkipCertAndKeyExch) {
-  auto chain = std::make_shared<ChainedPacketFilter>(ChainedPacketFilterInit{
-      std::make_shared<TlsHandshakeSkipFilter>(kTlsHandshakeCertificate),
-      std::make_shared<TlsHandshakeSkipFilter>(
-          kTlsHandshakeServerKeyExchange)});
+  auto chain = std::make_shared<ChainedPacketFilter>();
+  chain->Add(
+      std::make_shared<TlsHandshakeSkipFilter>(kTlsHandshakeCertificate));
+  chain->Add(
+      std::make_shared<TlsHandshakeSkipFilter>(kTlsHandshakeServerKeyExchange));
   ServerSkipTest(chain);
   client_->CheckErrorCode(SSL_ERROR_RX_UNEXPECTED_HELLO_DONE);
 }
diff --git a/security/nss/gtests/ssl_gtest/ssl_staticrsa_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_staticrsa_unittest.cc
index e7fe44d92..8db1f30e1 100644
--- a/security/nss/gtests/ssl_gtest/ssl_staticrsa_unittest.cc
+++ b/security/nss/gtests/ssl_gtest/ssl_staticrsa_unittest.cc
@@ -71,7 +71,7 @@ TEST_P(TlsConnectGenericPre13, ConnectStaticRSABogusPMSVersionIgnore) {
   EnableOnlyStaticRsaCiphers();
   client_->SetPacketFilter(
       std::make_shared<TlsInspectorClientHelloVersionChanger>(server_));
-  server_->SetOption(SSL_ROLLBACK_DETECTION, PR_FALSE);
+  server_->DisableRollbackDetection();
   Connect();
 }
 
@@ -102,7 +102,7 @@ TEST_P(TlsConnectStreamPre13,
   EnableExtendedMasterSecret();
   client_->SetPacketFilter(
       std::make_shared<TlsInspectorClientHelloVersionChanger>(server_));
-  server_->SetOption(SSL_ROLLBACK_DETECTION, PR_FALSE);
+  server_->DisableRollbackDetection();
   Connect();
 }
 
diff --git a/security/nss/gtests/ssl_gtest/ssl_tls13compat_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_tls13compat_unittest.cc
deleted file mode 100644
index 75cee52fc..000000000
--- a/security/nss/gtests/ssl_gtest/ssl_tls13compat_unittest.cc
+++ /dev/null
@@ -1,337 +0,0 @@
-/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/* vim: set ts=2 et sw=2 tw=80: */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this file,
- * You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include <memory>
-#include <vector>
-#include "ssl.h"
-#include "sslerr.h"
-#include "sslproto.h"
-
-#include "gtest_utils.h"
-#include "tls_connect.h"
-#include "tls_filter.h"
-#include "tls_parser.h"
-
-namespace nss_test {
-
-class Tls13CompatTest : public TlsConnectStreamTls13 {
- protected:
-  void EnableCompatMode() {
-    client_->SetOption(SSL_ENABLE_TLS13_COMPAT_MODE, PR_TRUE);
-  }
-
-  void InstallFilters() {
-    EnsureTlsSetup();
-    client_recorders_.Install(client_);
-    server_recorders_.Install(server_);
-  }
-
-  void CheckRecordVersions() {
-    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0,
-              client_recorders_.records_->record(0).header.version());
-    CheckRecordsAreTls12("client", client_recorders_.records_, 1);
-    CheckRecordsAreTls12("server", server_recorders_.records_, 0);
-  }
-
-  void CheckHelloVersions() {
-    uint32_t ver;
-    ASSERT_TRUE(server_recorders_.hello_->buffer().Read(0, 2, &ver));
-    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, static_cast<uint16_t>(ver));
-    ASSERT_TRUE(client_recorders_.hello_->buffer().Read(0, 2, &ver));
-    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, static_cast<uint16_t>(ver));
-  }
-
-  void CheckForCCS(bool expected_client, bool expected_server) {
-    client_recorders_.CheckForCCS(expected_client);
-    server_recorders_.CheckForCCS(expected_server);
-  }
-
-  void CheckForRegularHandshake() {
-    CheckRecordVersions();
-    CheckHelloVersions();
-    EXPECT_EQ(0U, client_recorders_.session_id_length());
-    EXPECT_EQ(0U, server_recorders_.session_id_length());
-    CheckForCCS(false, false);
-  }
-
-  void CheckForCompatHandshake() {
-    CheckRecordVersions();
-    CheckHelloVersions();
-    EXPECT_EQ(32U, client_recorders_.session_id_length());
-    EXPECT_EQ(32U, server_recorders_.session_id_length());
-    CheckForCCS(true, true);
-  }
-
- private:
-  struct Recorders {
-    Recorders()
-        : records_(new TlsRecordRecorder()),
-          hello_(new TlsInspectorRecordHandshakeMessage(std::set<uint8_t>(
-              {kTlsHandshakeClientHello, kTlsHandshakeServerHello}))) {}
-
-    uint8_t session_id_length() const {
-      // session_id is always after version (2) and random (32).
-      uint32_t len = 0;
-      EXPECT_TRUE(hello_->buffer().Read(2 + 32, 1, &len));
-      return static_cast<uint8_t>(len);
-    }
-
-    void CheckForCCS(bool expected) const {
-      EXPECT_LT(0U, records_->count());
-      for (size_t i = 0; i < records_->count(); ++i) {
-        // Only the second record can be a CCS.
-        bool expected_match = expected && (i == 1);
-        EXPECT_EQ(expected_match,
-                  kTlsChangeCipherSpecType ==
-                      records_->record(i).header.content_type());
-      }
-    }
-
-    void Install(std::shared_ptr<TlsAgent>& agent) {
-      agent->SetPacketFilter(std::make_shared<ChainedPacketFilter>(
-          ChainedPacketFilterInit({records_, hello_})));
-    }
-
-    std::shared_ptr<TlsRecordRecorder> records_;
-    std::shared_ptr<TlsInspectorRecordHandshakeMessage> hello_;
-  };
-
-  void CheckRecordsAreTls12(const std::string& agent,
-                            const std::shared_ptr<TlsRecordRecorder>& records,
-                            size_t start) {
-    EXPECT_LE(start, records->count());
-    for (size_t i = start; i < records->count(); ++i) {
-      EXPECT_EQ(SSL_LIBRARY_VERSION_TLS_1_2,
-                records->record(i).header.version())
-          << agent << ": record " << i << " has wrong version";
-    }
-  }
-
-  Recorders client_recorders_;
-  Recorders server_recorders_;
-};
-
-TEST_F(Tls13CompatTest, Disabled) {
-  InstallFilters();
-  Connect();
-  CheckForRegularHandshake();
-}
-
-TEST_F(Tls13CompatTest, Enabled) {
-  EnableCompatMode();
-  InstallFilters();
-  Connect();
-  CheckForCompatHandshake();
-}
-
-TEST_F(Tls13CompatTest, EnabledZeroRtt) {
-  SetupForZeroRtt();
-  EnableCompatMode();
-  InstallFilters();
-
-  client_->Set0RttEnabled(true);
-  server_->Set0RttEnabled(true);
-  ExpectResumption(RESUME_TICKET);
-  ZeroRttSendReceive(true, true);
-  CheckForCCS(true, true);
-  Handshake();
-  ExpectEarlyDataAccepted(true);
-  CheckConnected();
-
-  CheckForCompatHandshake();
-}
-
-TEST_F(Tls13CompatTest, EnabledHrr) {
-  EnableCompatMode();
-  InstallFilters();
-
-  // Force a HelloRetryRequest.  The server sends CCS immediately.
-  server_->ConfigNamedGroups({ssl_grp_ec_secp384r1});
-  client_->StartConnect();
-  server_->StartConnect();
-  client_->Handshake();
-  server_->Handshake();
-  CheckForCCS(false, true);
-
-  Handshake();
-  CheckConnected();
-  CheckForCompatHandshake();
-}
-
-TEST_F(Tls13CompatTest, EnabledStatelessHrr) {
-  EnableCompatMode();
-  InstallFilters();
-
-  // Force a HelloRetryRequest
-  server_->ConfigNamedGroups({ssl_grp_ec_secp384r1});
-  client_->StartConnect();
-  server_->StartConnect();
-  client_->Handshake();
-  server_->Handshake();
-  CheckForCCS(false, true);
-
-  // A new server should just work, but not send another CCS.
-  MakeNewServer();
-  InstallFilters();
-  server_->ConfigNamedGroups({ssl_grp_ec_secp384r1});
-
-  Handshake();
-  CheckConnected();
-  CheckForCompatHandshake();
-}
-
-TEST_F(Tls13CompatTest, EnabledHrrZeroRtt) {
-  SetupForZeroRtt();
-  EnableCompatMode();
-  InstallFilters();
-  server_->ConfigNamedGroups({ssl_grp_ec_secp384r1});
-
-  // With 0-RTT, the client sends CCS immediately.  With HRR, the server sends
-  // CCS immediately too.
-  client_->Set0RttEnabled(true);
-  server_->Set0RttEnabled(true);
-  ExpectResumption(RESUME_TICKET);
-  ZeroRttSendReceive(true, false);
-  CheckForCCS(true, true);
-
-  Handshake();
-  ExpectEarlyDataAccepted(false);
-  CheckConnected();
-  CheckForCompatHandshake();
-}
-
-static const uint8_t kCannedCcs[] = {
-    kTlsChangeCipherSpecType,
-    SSL_LIBRARY_VERSION_TLS_1_2 >> 8,
-    SSL_LIBRARY_VERSION_TLS_1_2 & 0xff,
-    0,
-    1,  // length
-    1   // change_cipher_spec_choice
-};
-
-// A ChangeCipherSpec is ignored by a server because we have to tolerate it for
-// compatibility mode.  That doesn't mean that we have to tolerate it
-// unconditionally.  If we negotiate 1.3, we expect to see a cookie extension.
-TEST_F(TlsConnectStreamTls13, ChangeCipherSpecBeforeClientHello13) {
-  EnsureTlsSetup();
-  server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_2,
-                           SSL_LIBRARY_VERSION_TLS_1_3);
-  client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_2,
-                           SSL_LIBRARY_VERSION_TLS_1_3);
-  // Client sends CCS before starting the handshake.
-  client_->SendDirect(DataBuffer(kCannedCcs, sizeof(kCannedCcs)));
-  ConnectExpectAlert(server_, kTlsAlertUnexpectedMessage);
-  server_->CheckErrorCode(SSL_ERROR_RX_UNEXPECTED_CHANGE_CIPHER);
-  client_->CheckErrorCode(SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT);
-}
-
-// A ChangeCipherSpec is ignored by a server because we have to tolerate it for
-// compatibility mode.  That doesn't mean that we have to tolerate it
-// unconditionally.  If we negotiate 1.3, we expect to see a cookie extension.
-TEST_F(TlsConnectStreamTls13, ChangeCipherSpecBeforeClientHelloTwice) {
-  EnsureTlsSetup();
-  server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_2,
-                           SSL_LIBRARY_VERSION_TLS_1_3);
-  client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_2,
-                           SSL_LIBRARY_VERSION_TLS_1_3);
-  // Client sends CCS before starting the handshake.
-  client_->SendDirect(DataBuffer(kCannedCcs, sizeof(kCannedCcs)));
-  client_->SendDirect(DataBuffer(kCannedCcs, sizeof(kCannedCcs)));
-  ConnectExpectAlert(server_, kTlsAlertUnexpectedMessage);
-  server_->CheckErrorCode(SSL_ERROR_RX_UNEXPECTED_CHANGE_CIPHER);
-  client_->CheckErrorCode(SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT);
-}
-
-// If we negotiate 1.2, we abort.
-TEST_F(TlsConnectStreamTls13, ChangeCipherSpecBeforeClientHello12) {
-  EnsureTlsSetup();
-  server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_2,
-                           SSL_LIBRARY_VERSION_TLS_1_3);
-  client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_2,
-                           SSL_LIBRARY_VERSION_TLS_1_2);
-  // Client sends CCS before starting the handshake.
-  client_->SendDirect(DataBuffer(kCannedCcs, sizeof(kCannedCcs)));
-  ConnectExpectAlert(server_, kTlsAlertUnexpectedMessage);
-  server_->CheckErrorCode(SSL_ERROR_RX_UNEXPECTED_CHANGE_CIPHER);
-  client_->CheckErrorCode(SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT);
-}
-
-TEST_F(TlsConnectDatagram13, CompatModeDtlsClient) {
-  EnsureTlsSetup();
-  client_->SetOption(SSL_ENABLE_TLS13_COMPAT_MODE, PR_TRUE);
-  auto client_records = std::make_shared<TlsRecordRecorder>();
-  client_->SetPacketFilter(client_records);
-  auto server_records = std::make_shared<TlsRecordRecorder>();
-  server_->SetPacketFilter(server_records);
-  Connect();
-
-  ASSERT_EQ(2U, client_records->count());  // CH, Fin
-  EXPECT_EQ(kTlsHandshakeType, client_records->record(0).header.content_type());
-  EXPECT_EQ(kTlsApplicationDataType,
-            client_records->record(1).header.content_type());
-
-  ASSERT_EQ(6U, server_records->count());  // SH, EE, CT, CV, Fin, Ack
-  EXPECT_EQ(kTlsHandshakeType, server_records->record(0).header.content_type());
-  for (size_t i = 1; i < server_records->count(); ++i) {
-    EXPECT_EQ(kTlsApplicationDataType,
-              server_records->record(i).header.content_type());
-  }
-}
-
-class AddSessionIdFilter : public TlsHandshakeFilter {
- public:
-  AddSessionIdFilter() : TlsHandshakeFilter({ssl_hs_client_hello}) {}
-
- protected:
-  PacketFilter::Action FilterHandshake(const HandshakeHeader& header,
-                                       const DataBuffer& input,
-                                       DataBuffer* output) override {
-    uint32_t session_id_len = 0;
-    EXPECT_TRUE(input.Read(2 + 32, 1, &session_id_len));
-    EXPECT_EQ(0U, session_id_len);
-    uint8_t session_id[33] = {32};  // 32 for length, the rest zero.
-    *output = input;
-    output->Splice(session_id, sizeof(session_id), 34, 1);
-    return CHANGE;
-  }
-};
-
-// Adding a session ID to a DTLS ClientHello should not trigger compatibility
-// mode.  It should be ignored instead.
-TEST_F(TlsConnectDatagram13, CompatModeDtlsServer) {
-  EnsureTlsSetup();
-  auto client_records = std::make_shared<TlsRecordRecorder>();
-  client_->SetPacketFilter(
-      std::make_shared<ChainedPacketFilter>(ChainedPacketFilterInit(
-          {client_records, std::make_shared<AddSessionIdFilter>()})));
-  auto server_hello = std::make_shared<TlsInspectorRecordHandshakeMessage>(
-      kTlsHandshakeServerHello);
-  auto server_records = std::make_shared<TlsRecordRecorder>();
-  server_->SetPacketFilter(std::make_shared<ChainedPacketFilter>(
-      ChainedPacketFilterInit({server_records, server_hello})));
-  StartConnect();
-  client_->Handshake();
-  server_->Handshake();
-  // The client will consume the ServerHello, but discard everything else
-  // because it doesn't decrypt.  And don't wait around for the client to ACK.
-  client_->Handshake();
-
-  ASSERT_EQ(1U, client_records->count());
-  EXPECT_EQ(kTlsHandshakeType, client_records->record(0).header.content_type());
-
-  ASSERT_EQ(5U, server_records->count());  // SH, EE, CT, CV, Fin
-  EXPECT_EQ(kTlsHandshakeType, server_records->record(0).header.content_type());
-  for (size_t i = 1; i < server_records->count(); ++i) {
-    EXPECT_EQ(kTlsApplicationDataType,
-              server_records->record(i).header.content_type());
-  }
-
-  uint32_t session_id_len = 0;
-  EXPECT_TRUE(server_hello->buffer().Read(2 + 32, 1, &session_id_len));
-  EXPECT_EQ(0U, session_id_len);
-}
-
-}  // nss_test
diff --git a/security/nss/gtests/ssl_gtest/ssl_v2_client_hello_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_v2_client_hello_unittest.cc
index 2f8ddd6fe..110e3e0b6 100644
--- a/security/nss/gtests/ssl_gtest/ssl_v2_client_hello_unittest.cc
+++ b/security/nss/gtests/ssl_gtest/ssl_v2_client_hello_unittest.cc
@@ -153,6 +153,13 @@ class SSLv2ClientHelloTestF : public TlsConnectTestBase {
     client_->SetPacketFilter(filter_);
   }
 
+  void RequireSafeRenegotiation() {
+    server_->EnsureTlsSetup();
+    SECStatus rv =
+        SSL_OptionSet(server_->ssl_fd(), SSL_REQUIRE_SAFE_NEGOTIATION, PR_TRUE);
+    EXPECT_EQ(rv, SECSuccess);
+  }
+
   void SetExpectedVersion(uint16_t version) {
     TlsConnectTestBase::SetExpectedVersion(version);
     filter_->SetVersion(version);
@@ -312,7 +319,7 @@ TEST_P(SSLv2ClientHelloTest, BigClientRandom) {
 // Connection must fail if we require safe renegotiation but the client doesn't
 // include TLS_EMPTY_RENEGOTIATION_INFO_SCSV in the list of cipher suites.
 TEST_P(SSLv2ClientHelloTest, RequireSafeRenegotiation) {
-  server_->SetOption(SSL_REQUIRE_SAFE_NEGOTIATION, PR_TRUE);
+  RequireSafeRenegotiation();
   SetAvailableCipherSuite(TLS_DHE_RSA_WITH_AES_128_CBC_SHA);
   ConnectExpectAlert(server_, kTlsAlertHandshakeFailure);
   EXPECT_EQ(SSL_ERROR_UNSAFE_NEGOTIATION, server_->error_code());
@@ -321,7 +328,7 @@ TEST_P(SSLv2ClientHelloTest, RequireSafeRenegotiation) {
 // Connection must succeed when requiring safe renegotiation and the client
 // includes TLS_EMPTY_RENEGOTIATION_INFO_SCSV in the list of cipher suites.
 TEST_P(SSLv2ClientHelloTest, RequireSafeRenegotiationWithSCSV) {
-  server_->SetOption(SSL_REQUIRE_SAFE_NEGOTIATION, PR_TRUE);
+  RequireSafeRenegotiation();
   std::vector<uint16_t> cipher_suites = {TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
                                          TLS_EMPTY_RENEGOTIATION_INFO_SCSV};
   SetAvailableCipherSuites(cipher_suites);
diff --git a/security/nss/gtests/ssl_gtest/ssl_version_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_version_unittest.cc
index 9db293b07..379a67e35 100644
--- a/security/nss/gtests/ssl_gtest/ssl_version_unittest.cc
+++ b/security/nss/gtests/ssl_gtest/ssl_version_unittest.cc
@@ -128,12 +128,12 @@ TEST_F(TlsConnectTest, TestFallbackFromTls13) {
 #endif
 
 TEST_P(TlsConnectGeneric, TestFallbackSCSVVersionMatch) {
-  client_->SetOption(SSL_ENABLE_FALLBACK_SCSV, PR_TRUE);
+  client_->SetFallbackSCSVEnabled(true);
   Connect();
 }
 
 TEST_P(TlsConnectGenericPre13, TestFallbackSCSVVersionMismatch) {
-  client_->SetOption(SSL_ENABLE_FALLBACK_SCSV, PR_TRUE);
+  client_->SetFallbackSCSVEnabled(true);
   server_->SetVersionRange(version_, version_ + 1);
   ConnectExpectAlert(server_, kTlsAlertInappropriateFallback);
   client_->CheckErrorCode(SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT);
@@ -155,10 +155,107 @@ TEST_F(TlsConnectTest, DisallowSSLv3HelloWithTLSv13Enabled) {
   EXPECT_EQ(SECFailure, rv);
 }
 
+TEST_P(TlsConnectStream, ConnectTls10AndServerRenegotiateHigher) {
+  if (version_ == SSL_LIBRARY_VERSION_TLS_1_0) {
+    return;
+  }
+  // Set the client so it will accept any version from 1.0
+  // to |version_|.
+  client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_0, version_);
+  server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_0,
+                           SSL_LIBRARY_VERSION_TLS_1_0);
+  // Reset version so that the checks succeed.
+  uint16_t test_version = version_;
+  version_ = SSL_LIBRARY_VERSION_TLS_1_0;
+  Connect();
+
+  // Now renegotiate, with the server being set to do
+  // |version_|.
+  client_->PrepareForRenegotiate();
+  server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_0, test_version);
+  // Reset version and cipher suite so that the preinfo callback
+  // doesn't fail.
+  server_->ResetPreliminaryInfo();
+  server_->StartRenegotiate();
+
+  if (test_version >= SSL_LIBRARY_VERSION_TLS_1_3) {
+    ExpectAlert(server_, kTlsAlertUnexpectedMessage);
+  } else {
+    ExpectAlert(client_, kTlsAlertIllegalParameter);
+  }
+
+  Handshake();
+  if (test_version >= SSL_LIBRARY_VERSION_TLS_1_3) {
+    // In TLS 1.3, the server detects this problem.
+    client_->CheckErrorCode(SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT);
+    server_->CheckErrorCode(SSL_ERROR_RENEGOTIATION_NOT_ALLOWED);
+  } else {
+    client_->CheckErrorCode(SSL_ERROR_UNSUPPORTED_VERSION);
+    server_->CheckErrorCode(SSL_ERROR_ILLEGAL_PARAMETER_ALERT);
+  }
+}
+
+TEST_P(TlsConnectStream, ConnectTls10AndClientRenegotiateHigher) {
+  if (version_ == SSL_LIBRARY_VERSION_TLS_1_0) {
+    return;
+  }
+  // Set the client so it will accept any version from 1.0
+  // to |version_|.
+  client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_0, version_);
+  server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_0,
+                           SSL_LIBRARY_VERSION_TLS_1_0);
+  // Reset version so that the checks succeed.
+  uint16_t test_version = version_;
+  version_ = SSL_LIBRARY_VERSION_TLS_1_0;
+  Connect();
+
+  // Now renegotiate, with the server being set to do
+  // |version_|.
+  server_->PrepareForRenegotiate();
+  server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_0, test_version);
+  // Reset version and cipher suite so that the preinfo callback
+  // doesn't fail.
+  server_->ResetPreliminaryInfo();
+  client_->StartRenegotiate();
+  if (test_version >= SSL_LIBRARY_VERSION_TLS_1_3) {
+    ExpectAlert(server_, kTlsAlertUnexpectedMessage);
+  } else {
+    ExpectAlert(client_, kTlsAlertIllegalParameter);
+  }
+  Handshake();
+  if (test_version >= SSL_LIBRARY_VERSION_TLS_1_3) {
+    // In TLS 1.3, the server detects this problem.
+    client_->CheckErrorCode(SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT);
+    server_->CheckErrorCode(SSL_ERROR_RENEGOTIATION_NOT_ALLOWED);
+  } else {
+    client_->CheckErrorCode(SSL_ERROR_UNSUPPORTED_VERSION);
+    server_->CheckErrorCode(SSL_ERROR_ILLEGAL_PARAMETER_ALERT);
+  }
+}
+
+TEST_F(TlsConnectTest, Tls13RejectsRehandshakeClient) {
+  EnsureTlsSetup();
+  ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
+  Connect();
+  SECStatus rv = SSL_ReHandshake(client_->ssl_fd(), PR_TRUE);
+  EXPECT_EQ(SECFailure, rv);
+  EXPECT_EQ(SSL_ERROR_RENEGOTIATION_NOT_ALLOWED, PORT_GetError());
+}
+
+TEST_F(TlsConnectTest, Tls13RejectsRehandshakeServer) {
+  EnsureTlsSetup();
+  ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
+  Connect();
+  SECStatus rv = SSL_ReHandshake(server_->ssl_fd(), PR_TRUE);
+  EXPECT_EQ(SECFailure, rv);
+  EXPECT_EQ(SSL_ERROR_RENEGOTIATION_NOT_ALLOWED, PORT_GetError());
+}
+
 TEST_P(TlsConnectGeneric, AlertBeforeServerHello) {
   EnsureTlsSetup();
   client_->ExpectReceiveAlert(kTlsAlertUnrecognizedName, kTlsAlertWarning);
-  StartConnect();
+  client_->StartConnect();
+  server_->StartConnect();
   client_->Handshake();  // Send ClientHello.
   static const uint8_t kWarningAlert[] = {kTlsAlertWarning,
                                           kTlsAlertUnrecognizedName};
@@ -217,20 +314,20 @@ TEST_F(TlsConnectStreamTls13, Tls14ClientHelloWithSupportedVersions) {
   client_->SetPacketFilter(
       std::make_shared<TlsInspectorClientHelloVersionSetter>(
           SSL_LIBRARY_VERSION_TLS_1_3 + 1));
-  auto capture =
-      std::make_shared<TlsExtensionCapture>(ssl_tls13_supported_versions_xtn);
+  auto capture = std::make_shared<TlsInspectorRecordHandshakeMessage>(
+      kTlsHandshakeServerHello);
   server_->SetPacketFilter(capture);
   client_->ExpectSendAlert(kTlsAlertBadRecordMac);
   server_->ExpectSendAlert(kTlsAlertBadRecordMac);
   ConnectExpectFail();
   client_->CheckErrorCode(SSL_ERROR_BAD_MAC_READ);
   server_->CheckErrorCode(SSL_ERROR_BAD_MAC_READ);
-
-  ASSERT_EQ(2U, capture->extension().len());
-  uint32_t version = 0;
-  ASSERT_TRUE(capture->extension().Read(0, 2, &version));
+  const DataBuffer& server_hello = capture->buffer();
+  ASSERT_GT(server_hello.len(), 2U);
+  uint32_t ver;
+  ASSERT_TRUE(server_hello.Read(0, 2, &ver));
   // This way we don't need to change with new draft version.
-  ASSERT_LT(static_cast<uint32_t>(SSL_LIBRARY_VERSION_TLS_1_2), version);
+  ASSERT_LT(static_cast<uint32_t>(SSL_LIBRARY_VERSION_TLS_1_2), ver);
 }
 
 }  // namespace nss_test
diff --git a/security/nss/gtests/ssl_gtest/test_io.cc b/security/nss/gtests/ssl_gtest/test_io.cc
index adcdbfbaf..b9f0c672e 100644
--- a/security/nss/gtests/ssl_gtest/test_io.cc
+++ b/security/nss/gtests/ssl_gtest/test_io.cc
@@ -98,13 +98,8 @@ int32_t DummyPrSocket::Recv(PRFileDesc *f, void *buf, int32_t buflen,
 }
 
 int32_t DummyPrSocket::Write(PRFileDesc *f, const void *buf, int32_t length) {
-  if (write_error_) {
-    PR_SetError(write_error_, 0);
-    return -1;
-  }
-
   auto peer = peer_.lock();
-  if (!peer) {
+  if (!peer || !writeable_) {
     PR_SetError(PR_IO_ERROR, 0);
     return -1;
   }
@@ -114,7 +109,7 @@ int32_t DummyPrSocket::Write(PRFileDesc *f, const void *buf, int32_t length) {
   DataBuffer filtered;
   PacketFilter::Action action = PacketFilter::KEEP;
   if (filter_) {
-    action = filter_->Process(packet, &filtered);
+    action = filter_->Filter(packet, &filtered);
   }
   switch (action) {
     case PacketFilter::CHANGE:
diff --git a/security/nss/gtests/ssl_gtest/test_io.h b/security/nss/gtests/ssl_gtest/test_io.h
index 469d90a7c..ac2497222 100644
--- a/security/nss/gtests/ssl_gtest/test_io.h
+++ b/security/nss/gtests/ssl_gtest/test_io.h
@@ -33,17 +33,8 @@ class PacketFilter {
     CHANGE,  // change the packet to a different value
     DROP     // drop the packet
   };
-  PacketFilter(bool enabled = true) : enabled_(enabled) {}
-  virtual ~PacketFilter() {}
 
-  virtual Action Process(const DataBuffer& input, DataBuffer* output) {
-    if (!enabled_) {
-      return KEEP;
-    }
-    return Filter(input, output);
-  }
-  void Enable() { enabled_ = true; }
-  void Disable() { enabled_ = false; }
+  virtual ~PacketFilter() {}
 
   // The packet filter takes input and has the option of mutating it.
   //
@@ -52,9 +43,6 @@ class PacketFilter {
   // case the value in *output is ignored.  A Filter can return DROP, in which
   // case the packet is dropped (and *output is ignored).
   virtual Action Filter(const DataBuffer& input, DataBuffer* output) = 0;
-
- private:
-  bool enabled_;
 };
 
 class DummyPrSocket : public DummyIOLayerMethods {
@@ -65,7 +53,7 @@ class DummyPrSocket : public DummyIOLayerMethods {
         peer_(),
         input_(),
         filter_(nullptr),
-        write_error_(0) {}
+        writeable_(true) {}
   virtual ~DummyPrSocket() {}
 
   // Create a file descriptor that will reference this object.  The fd must not
@@ -83,7 +71,7 @@ class DummyPrSocket : public DummyIOLayerMethods {
   int32_t Recv(PRFileDesc* f, void* buf, int32_t buflen, int32_t flags,
                PRIntervalTime to) override;
   int32_t Write(PRFileDesc* f, const void* buf, int32_t length) override;
-  void SetWriteError(PRErrorCode code) { write_error_ = code; }
+  void CloseWrites() { writeable_ = false; }
 
   SSLProtocolVariant variant() const { return variant_; }
   bool readable() const { return !input_.empty(); }
@@ -110,7 +98,7 @@ class DummyPrSocket : public DummyIOLayerMethods {
   std::weak_ptr<DummyPrSocket> peer_;
   std::queue<Packet> input_;
   std::shared_ptr<PacketFilter> filter_;
-  PRErrorCode write_error_;
+  bool writeable_;
 };
 
 // Marker interface.
diff --git a/security/nss/gtests/ssl_gtest/tls_agent.cc b/security/nss/gtests/ssl_gtest/tls_agent.cc
index 3b939bba8..d6d91f7f7 100644
--- a/security/nss/gtests/ssl_gtest/tls_agent.cc
+++ b/security/nss/gtests/ssl_gtest/tls_agent.cc
@@ -10,7 +10,6 @@
 #include "pk11func.h"
 #include "ssl.h"
 #include "sslerr.h"
-#include "sslexp.h"
 #include "sslproto.h"
 #include "tls_parser.h"
 
@@ -36,6 +35,7 @@ const std::string TlsAgent::kServerRsa = "rsa";    // both sign and encrypt
 const std::string TlsAgent::kServerRsaSign = "rsa_sign";
 const std::string TlsAgent::kServerRsaPss = "rsa_pss";
 const std::string TlsAgent::kServerRsaDecrypt = "rsa_decrypt";
+const std::string TlsAgent::kServerRsaChain = "rsa_chain";
 const std::string TlsAgent::kServerEcdsa256 = "ecdsa256";
 const std::string TlsAgent::kServerEcdsa384 = "ecdsa384";
 const std::string TlsAgent::kServerEcdsa521 = "ecdsa521";
@@ -73,6 +73,7 @@ TlsAgent::TlsAgent(const std::string& name, Role role,
       handshake_callback_(),
       auth_certificate_callback_(),
       sni_callback_(),
+      expect_short_headers_(false),
       skip_version_checks_(false) {
   memset(&info_, 0, sizeof(info_));
   memset(&csinfo_, 0, sizeof(csinfo_));
@@ -92,11 +93,11 @@ TlsAgent::~TlsAgent() {
   // Add failures manually, if any, so we don't throw in a destructor.
   if (expected_received_alert_ != kTlsAlertCloseNotify ||
       expected_received_alert_level_ != kTlsAlertWarning) {
-    ADD_FAILURE() << "Wrong expected_received_alert status: " << role_str();
+    ADD_FAILURE() << "Wrong expected_received_alert status";
   }
   if (expected_sent_alert_ != kTlsAlertCloseNotify ||
       expected_sent_alert_level_ != kTlsAlertWarning) {
-    ADD_FAILURE() << "Wrong expected_sent_alert status: " << role_str();
+    ADD_FAILURE() << "Wrong expected_sent_alert status";
   }
 }
 
@@ -257,10 +258,13 @@ void TlsAgent::CheckCipherSuite(uint16_t cipher_suite) {
 }
 
 void TlsAgent::RequestClientAuth(bool requireAuth) {
+  EXPECT_TRUE(EnsureTlsSetup());
   ASSERT_EQ(SERVER, role_);
 
-  SetOption(SSL_REQUEST_CERTIFICATE, PR_TRUE);
-  SetOption(SSL_REQUIRE_CERTIFICATE, requireAuth ? PR_TRUE : PR_FALSE);
+  EXPECT_EQ(SECSuccess,
+            SSL_OptionSet(ssl_fd(), SSL_REQUEST_CERTIFICATE, PR_TRUE));
+  EXPECT_EQ(SECSuccess, SSL_OptionSet(ssl_fd(), SSL_REQUIRE_CERTIFICATE,
+                                      requireAuth ? PR_TRUE : PR_FALSE));
 
   EXPECT_EQ(SECSuccess, SSL_AuthCertificateHook(
                             ssl_fd(), &TlsAgent::ClientAuthenticated, this));
@@ -372,8 +376,42 @@ void TlsAgent::ConfigNamedGroups(const std::vector<SSLNamedGroup>& groups) {
   EXPECT_EQ(SECSuccess, rv);
 }
 
+void TlsAgent::SetSessionTicketsEnabled(bool en) {
+  EXPECT_TRUE(EnsureTlsSetup());
+
+  SECStatus rv = SSL_OptionSet(ssl_fd(), SSL_ENABLE_SESSION_TICKETS,
+                               en ? PR_TRUE : PR_FALSE);
+  EXPECT_EQ(SECSuccess, rv);
+}
+
+void TlsAgent::SetSessionCacheEnabled(bool en) {
+  EXPECT_TRUE(EnsureTlsSetup());
+
+  SECStatus rv = SSL_OptionSet(ssl_fd(), SSL_NO_CACHE, en ? PR_FALSE : PR_TRUE);
+  EXPECT_EQ(SECSuccess, rv);
+}
+
 void TlsAgent::Set0RttEnabled(bool en) {
-  SetOption(SSL_ENABLE_0RTT_DATA, en ? PR_TRUE : PR_FALSE);
+  EXPECT_TRUE(EnsureTlsSetup());
+
+  SECStatus rv =
+      SSL_OptionSet(ssl_fd(), SSL_ENABLE_0RTT_DATA, en ? PR_TRUE : PR_FALSE);
+  EXPECT_EQ(SECSuccess, rv);
+}
+
+void TlsAgent::SetFallbackSCSVEnabled(bool en) {
+  EXPECT_TRUE(role_ == CLIENT && EnsureTlsSetup());
+
+  SECStatus rv = SSL_OptionSet(ssl_fd(), SSL_ENABLE_FALLBACK_SCSV,
+                               en ? PR_TRUE : PR_FALSE);
+  EXPECT_EQ(SECSuccess, rv);
+}
+
+void TlsAgent::SetShortHeadersEnabled() {
+  EXPECT_TRUE(EnsureTlsSetup());
+
+  SECStatus rv = SSLInt_EnableShortHeaders(ssl_fd());
+  EXPECT_EQ(SECSuccess, rv);
 }
 
 void TlsAgent::SetVersionRange(uint16_t minver, uint16_t maxver) {
@@ -399,6 +437,8 @@ void TlsAgent::SetServerKeyBits(uint16_t bits) { server_key_bits_ = bits; }
 
 void TlsAgent::ExpectReadWriteError() { expect_readwrite_error_ = true; }
 
+void TlsAgent::ExpectShortHeaders() { expect_short_headers_ = true; }
+
 void TlsAgent::SkipVersionChecks() { skip_version_checks_ = true; }
 
 void TlsAgent::SetSignatureSchemes(const SSLSignatureScheme* schemes,
@@ -477,12 +517,6 @@ void TlsAgent::CheckKEA(SSLKEAType kea_type, SSLNamedGroup kea_group,
   }
 }
 
-void TlsAgent::CheckOriginalKEA(SSLNamedGroup kea_group) const {
-  if (kea_group != ssl_grp_ffdhe_custom) {
-    EXPECT_EQ(kea_group, info_.originalKeaGroup);
-  }
-}
-
 void TlsAgent::CheckAuthType(SSLAuthType auth_type,
                              SSLSignatureScheme sig_scheme) const {
   EXPECT_EQ(STATE_CONNECTED, state_);
@@ -535,7 +569,8 @@ void TlsAgent::EnableFalseStart() {
   falsestart_enabled_ = true;
   EXPECT_EQ(SECSuccess, SSL_SetCanFalseStartCallback(
                             ssl_fd(), CanFalseStartCallback, this));
-  SetOption(SSL_ENABLE_FALSE_START, PR_TRUE);
+  EXPECT_EQ(SECSuccess,
+            SSL_OptionSet(ssl_fd(), SSL_ENABLE_FALSE_START, PR_TRUE));
 }
 
 void TlsAgent::ExpectResumption() { expect_resumption_ = true; }
@@ -543,7 +578,7 @@ void TlsAgent::ExpectResumption() { expect_resumption_ = true; }
 void TlsAgent::EnableAlpn(const uint8_t* val, size_t len) {
   EXPECT_TRUE(EnsureTlsSetup());
 
-  SetOption(SSL_ENABLE_ALPN, PR_TRUE);
+  EXPECT_EQ(SECSuccess, SSL_OptionSet(ssl_fd(), SSL_ENABLE_ALPN, PR_TRUE));
   EXPECT_EQ(SECSuccess, SSL_SetNextProtoNego(ssl_fd(), val, len));
 }
 
@@ -587,8 +622,12 @@ void TlsAgent::CheckErrorCode(int32_t expected) const {
 }
 
 static uint8_t GetExpectedAlertLevel(uint8_t alert) {
-  if (alert == kTlsAlertCloseNotify) {
-    return kTlsAlertWarning;
+  switch (alert) {
+    case kTlsAlertCloseNotify:
+    case kTlsAlertEndOfEarlyData:
+      return kTlsAlertWarning;
+    default:
+      break;
   }
   return kTlsAlertFatal;
 }
@@ -691,50 +730,6 @@ void TlsAgent::ResetPreliminaryInfo() {
   expected_cipher_suite_ = 0;
 }
 
-void TlsAgent::ValidateCipherSpecs() {
-  PRInt32 cipherSpecs = SSLInt_CountCipherSpecs(ssl_fd());
-  // We use one ciphersuite in each direction.
-  PRInt32 expected = 2;
-  if (variant_ == ssl_variant_datagram) {
-    // For DTLS 1.3, the client retains the cipher spec for early data and the
-    // handshake so that it can retransmit EndOfEarlyData and its final flight.
-    // It also retains the handshake read cipher spec so that it can read ACKs
-    // from the server. The server retains the handshake read cipher spec so it
-    // can read the client's retransmitted Finished.
-    if (expected_version_ >= SSL_LIBRARY_VERSION_TLS_1_3) {
-      if (role_ == CLIENT) {
-        expected = info_.earlyDataAccepted ? 5 : 4;
-      } else {
-        expected = 3;
-      }
-    } else {
-      // For DTLS 1.1 and 1.2, the last endpoint to send maintains a cipher spec
-      // until the holddown timer runs down.
-      if (expect_resumption_) {
-        if (role_ == CLIENT) {
-          expected = 3;
-        }
-      } else {
-        if (role_ == SERVER) {
-          expected = 3;
-        }
-      }
-    }
-  }
-  // This function will be run before the handshake completes if false start is
-  // enabled.  In that case, the client will still be reading cleartext, but
-  // will have a spec prepared for reading ciphertext.  With DTLS, the client
-  // will also have a spec retained for retransmission of handshake messages.
-  if (role_ == CLIENT && falsestart_enabled_ && !handshake_callback_called_) {
-    EXPECT_GT(SSL_LIBRARY_VERSION_TLS_1_3, expected_version_);
-    expected = (variant_ == ssl_variant_datagram) ? 4 : 3;
-  }
-  EXPECT_EQ(expected, cipherSpecs);
-  if (expected != cipherSpecs) {
-    SSLInt_PrintCipherSpecs(role_str().c_str(), ssl_fd());
-  }
-}
-
 void TlsAgent::Connected() {
   if (state_ == STATE_CONNECTED) {
     return;
@@ -748,8 +743,6 @@ void TlsAgent::Connected() {
   EXPECT_EQ(SECSuccess, rv);
   EXPECT_EQ(sizeof(info_), info_.length);
 
-  EXPECT_EQ(expect_resumption_, info_.resumed == PR_TRUE);
-
   // Preliminary values are exposed through callbacks during the handshake.
   // If either expected values were set or the callbacks were called, check
   // that the final values are correct.
@@ -760,13 +753,32 @@ void TlsAgent::Connected() {
   EXPECT_EQ(SECSuccess, rv);
   EXPECT_EQ(sizeof(csinfo_), csinfo_.length);
 
-  ValidateCipherSpecs();
+  if (expected_version_ >= SSL_LIBRARY_VERSION_TLS_1_3) {
+    PRInt32 cipherSuites = SSLInt_CountTls13CipherSpecs(ssl_fd());
+    // We use one ciphersuite in each direction, plus one that's kept around
+    // by DTLS for retransmission.
+    PRInt32 expected =
+        ((variant_ == ssl_variant_datagram) && (role_ == CLIENT)) ? 3 : 2;
+    EXPECT_EQ(expected, cipherSuites);
+    if (expected != cipherSuites) {
+      SSLInt_PrintTls13CipherSpecs(ssl_fd());
+    }
+  }
 
+  PRBool short_headers;
+  rv = SSLInt_UsingShortHeaders(ssl_fd(), &short_headers);
+  EXPECT_EQ(SECSuccess, rv);
+  EXPECT_EQ((PRBool)expect_short_headers_, short_headers);
   SetState(STATE_CONNECTED);
 }
 
 void TlsAgent::EnableExtendedMasterSecret() {
-  SetOption(SSL_ENABLE_EXTENDED_MASTER_SECRET, PR_TRUE);
+  ASSERT_TRUE(EnsureTlsSetup());
+
+  SECStatus rv =
+      SSL_OptionSet(ssl_fd(), SSL_ENABLE_EXTENDED_MASTER_SECRET, PR_TRUE);
+
+  ASSERT_EQ(SECSuccess, rv);
 }
 
 void TlsAgent::CheckExtendedMasterSecret(bool expected) {
@@ -789,6 +801,21 @@ void TlsAgent::CheckSecretsDestroyed() {
   ASSERT_EQ(PR_TRUE, SSLInt_CheckSecretsDestroyed(ssl_fd()));
 }
 
+void TlsAgent::DisableRollbackDetection() {
+  ASSERT_TRUE(EnsureTlsSetup());
+
+  SECStatus rv = SSL_OptionSet(ssl_fd(), SSL_ROLLBACK_DETECTION, PR_FALSE);
+
+  ASSERT_EQ(SECSuccess, rv);
+}
+
+void TlsAgent::EnableCompression() {
+  ASSERT_TRUE(EnsureTlsSetup());
+
+  SECStatus rv = SSL_OptionSet(ssl_fd(), SSL_ENABLE_DEFLATE, PR_TRUE);
+  ASSERT_EQ(SECSuccess, rv);
+}
+
 void TlsAgent::SetDowngradeCheckVersion(uint16_t version) {
   ASSERT_TRUE(EnsureTlsSetup());
 
@@ -856,14 +883,6 @@ void TlsAgent::SendDirect(const DataBuffer& buf) {
   }
 }
 
-void TlsAgent::SendRecordDirect(const TlsRecord& record) {
-  DataBuffer buf;
-
-  auto rv = record.header.Write(&buf, 0, record.buffer);
-  EXPECT_EQ(record.header.header_length() + record.buffer.len(), rv);
-  SendDirect(buf);
-}
-
 static bool ErrorIsNonFatal(PRErrorCode code) {
   return code == PR_WOULD_BLOCK_ERROR || code == SSL_ERROR_RX_SHORT_DTLS_READ;
 }
@@ -899,27 +918,6 @@ void TlsAgent::SendBuffer(const DataBuffer& buf) {
   }
 }
 
-bool TlsAgent::SendEncryptedRecord(const std::shared_ptr<TlsCipherSpec>& spec,
-                                   uint16_t wireVersion, uint64_t seq,
-                                   uint8_t ct, const DataBuffer& buf) {
-  LOGV("Writing " << buf.len() << " bytes");
-  // Ensure we are a TLS 1.3 cipher agent.
-  EXPECT_GE(expected_version_, SSL_LIBRARY_VERSION_TLS_1_3);
-  TlsRecordHeader header(wireVersion, kTlsApplicationDataType, seq);
-  DataBuffer padded = buf;
-  padded.Write(padded.len(), ct, 1);
-  DataBuffer ciphertext;
-  if (!spec->Protect(header, padded, &ciphertext)) {
-    return false;
-  }
-
-  DataBuffer record;
-  auto rv = header.Write(&record, 0, ciphertext);
-  EXPECT_EQ(header.header_length() + ciphertext.len(), rv);
-  SendDirect(record);
-  return true;
-}
-
 void TlsAgent::ReadBytes(size_t amount) {
   uint8_t block[16384];
 
@@ -953,20 +951,23 @@ void TlsAgent::ReadBytes(size_t amount) {
 
 void TlsAgent::ResetSentBytes() { send_ctr_ = 0; }
 
-void TlsAgent::SetOption(int32_t option, int value) {
-  ASSERT_TRUE(EnsureTlsSetup());
-  EXPECT_EQ(SECSuccess, SSL_OptionSet(ssl_fd(), option, value));
-}
-
 void TlsAgent::ConfigureSessionCache(SessionResumptionMode mode) {
-  SetOption(SSL_NO_CACHE, mode & RESUME_SESSIONID ? PR_FALSE : PR_TRUE);
-  SetOption(SSL_ENABLE_SESSION_TICKETS,
-            mode & RESUME_TICKET ? PR_TRUE : PR_FALSE);
+  EXPECT_TRUE(EnsureTlsSetup());
+
+  SECStatus rv = SSL_OptionSet(ssl_fd(), SSL_NO_CACHE,
+                               mode & RESUME_SESSIONID ? PR_FALSE : PR_TRUE);
+  EXPECT_EQ(SECSuccess, rv);
+
+  rv = SSL_OptionSet(ssl_fd(), SSL_ENABLE_SESSION_TICKETS,
+                     mode & RESUME_TICKET ? PR_TRUE : PR_FALSE);
+  EXPECT_EQ(SECSuccess, rv);
 }
 
 void TlsAgent::DisableECDHEServerKeyReuse() {
+  ASSERT_TRUE(EnsureTlsSetup());
   ASSERT_EQ(TlsAgent::SERVER, role_);
-  SetOption(SSL_REUSE_SERVER_ECDHE_KEY, PR_FALSE);
+  SECStatus rv = SSL_OptionSet(ssl_fd(), SSL_REUSE_SERVER_ECDHE_KEY, PR_FALSE);
+  EXPECT_EQ(SECSuccess, rv);
 }
 
 static const std::string kTlsRolesAllArr[] = {"CLIENT", "SERVER"};
diff --git a/security/nss/gtests/ssl_gtest/tls_agent.h b/security/nss/gtests/ssl_gtest/tls_agent.h
index b3fd892ae..4bccb9a84 100644
--- a/security/nss/gtests/ssl_gtest/tls_agent.h
+++ b/security/nss/gtests/ssl_gtest/tls_agent.h
@@ -66,6 +66,7 @@ class TlsAgent : public PollTarget {
   static const std::string kServerRsaSign;
   static const std::string kServerRsaPss;
   static const std::string kServerRsaDecrypt;
+  static const std::string kServerRsaChain;  // A cert that requires a chain.
   static const std::string kServerEcdsa256;
   static const std::string kServerEcdsa384;
   static const std::string kServerEcdsa521;
@@ -80,11 +81,9 @@ class TlsAgent : public PollTarget {
     adapter_->SetPeer(peer->adapter_);
   }
 
-  // Set a filter that can access plaintext (TLS 1.3 only).
   void SetTlsRecordFilter(std::shared_ptr<TlsRecordFilter> filter) {
     filter->SetAgent(this);
     adapter_->SetPacketFilter(filter);
-    filter->EnableDecryption();
   }
 
   void SetPacketFilter(std::shared_ptr<PacketFilter> filter) {
@@ -96,7 +95,6 @@ class TlsAgent : public PollTarget {
   void StartConnect(PRFileDesc* model = nullptr);
   void CheckKEA(SSLKEAType kea_type, SSLNamedGroup group,
                 size_t kea_size = 0) const;
-  void CheckOriginalKEA(SSLNamedGroup kea_group) const;
   void CheckAuthType(SSLAuthType auth_type,
                      SSLSignatureScheme sig_scheme) const;
 
@@ -123,10 +121,12 @@ class TlsAgent : public PollTarget {
   void SetupClientAuth();
   void RequestClientAuth(bool requireAuth);
 
-  void SetOption(int32_t option, int value);
   void ConfigureSessionCache(SessionResumptionMode mode);
+  void SetSessionTicketsEnabled(bool en);
+  void SetSessionCacheEnabled(bool en);
   void Set0RttEnabled(bool en);
   void SetFallbackSCSVEnabled(bool en);
+  void SetShortHeadersEnabled();
   void SetVersionRange(uint16_t minver, uint16_t maxver);
   void GetVersionRange(uint16_t* minver, uint16_t* maxver);
   void CheckPreliminaryInfo();
@@ -136,6 +136,7 @@ class TlsAgent : public PollTarget {
   void ExpectReadWriteError();
   void EnableFalseStart();
   void ExpectResumption();
+  void ExpectShortHeaders();
   void SkipVersionChecks();
   void SetSignatureSchemes(const SSLSignatureScheme* schemes, size_t count);
   void EnableAlpn(const uint8_t* val, size_t len);
@@ -148,17 +149,15 @@ class TlsAgent : public PollTarget {
   // Send data on the socket, encrypting it.
   void SendData(size_t bytes, size_t blocksize = 1024);
   void SendBuffer(const DataBuffer& buf);
-  bool SendEncryptedRecord(const std::shared_ptr<TlsCipherSpec>& spec,
-                           uint16_t wireVersion, uint64_t seq, uint8_t ct,
-                           const DataBuffer& buf);
   // Send data directly to the underlying socket, skipping the TLS layer.
   void SendDirect(const DataBuffer& buf);
-  void SendRecordDirect(const TlsRecord& record);
   void ReadBytes(size_t max = 16384U);
   void ResetSentBytes();  // Hack to test drops.
   void EnableExtendedMasterSecret();
   void CheckExtendedMasterSecret(bool expected);
   void CheckEarlyDataAccepted(bool expected);
+  void DisableRollbackDetection();
+  void EnableCompression();
   void SetDowngradeCheckVersion(uint16_t version);
   void CheckSecretsDestroyed();
   void ConfigNamedGroups(const std::vector<SSLNamedGroup>& groups);
@@ -171,8 +170,6 @@ class TlsAgent : public PollTarget {
   Role role() const { return role_; }
   std::string role_str() const { return role_ == SERVER ? "server" : "client"; }
 
-  SSLProtocolVariant variant() const { return variant_; }
-
   State state() const { return state_; }
 
   const CERTCertificate* peer_cert() const {
@@ -256,7 +253,6 @@ class TlsAgent : public PollTarget {
   const static char* states[];
 
   void SetState(State state);
-  void ValidateCipherSpecs();
 
   // Dummy auth certificate hook.
   static SECStatus AuthCertificateHook(void* arg, PRFileDesc* fd,
@@ -392,6 +388,7 @@ class TlsAgent : public PollTarget {
   HandshakeCallbackFunction handshake_callback_;
   AuthCertificateCallbackFunction auth_certificate_callback_;
   SniCallbackFunction sni_callback_;
+  bool expect_short_headers_;
   bool skip_version_checks_;
 };
 
diff --git a/security/nss/gtests/ssl_gtest/tls_connect.cc b/security/nss/gtests/ssl_gtest/tls_connect.cc
index 0af5123e9..c8de5a1fe 100644
--- a/security/nss/gtests/ssl_gtest/tls_connect.cc
+++ b/security/nss/gtests/ssl_gtest/tls_connect.cc
@@ -5,7 +5,6 @@
  * You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "tls_connect.h"
-#include "sslexp.h"
 extern "C" {
 #include "libssl_internals.h"
 }
@@ -89,8 +88,6 @@ std::string VersionString(uint16_t version) {
   switch (version) {
     case 0:
       return "(no version)";
-    case SSL_LIBRARY_VERSION_3_0:
-      return "1.0";
     case SSL_LIBRARY_VERSION_TLS_1_0:
       return "1.0";
     case SSL_LIBRARY_VERSION_TLS_1_1:
@@ -115,7 +112,6 @@ TlsConnectTestBase::TlsConnectTestBase(SSLProtocolVariant variant,
       server_model_(nullptr),
       version_(version),
       expected_resumption_mode_(RESUME_NONE),
-      expected_resumptions_(0),
       session_ids_(),
       expect_extended_master_secret_(false),
       expect_early_data_accepted_(false),
@@ -165,22 +161,6 @@ void TlsConnectTestBase::CheckShares(
   EXPECT_EQ(shares.len(), i);
 }
 
-void TlsConnectTestBase::CheckEpochs(uint16_t client_epoch,
-                                     uint16_t server_epoch) const {
-  uint16_t read_epoch = 0;
-  uint16_t write_epoch = 0;
-
-  EXPECT_EQ(SECSuccess,
-            SSLInt_GetEpochs(client_->ssl_fd(), &read_epoch, &write_epoch));
-  EXPECT_EQ(server_epoch, read_epoch) << "client read epoch";
-  EXPECT_EQ(client_epoch, write_epoch) << "client write epoch";
-
-  EXPECT_EQ(SECSuccess,
-            SSLInt_GetEpochs(server_->ssl_fd(), &read_epoch, &write_epoch));
-  EXPECT_EQ(client_epoch, read_epoch) << "server read epoch";
-  EXPECT_EQ(server_epoch, write_epoch) << "server write epoch";
-}
-
 void TlsConnectTestBase::ClearStats() {
   // Clear statistics.
   SSL3Statistics* stats = SSL_GetStatistics();
@@ -198,7 +178,6 @@ void TlsConnectTestBase::SetUp() {
   SSLInt_ClearSelfEncryptKey();
   SSLInt_SetTicketLifetime(30);
   SSLInt_SetMaxEarlyDataSize(1024);
-  SSL_SetupAntiReplay(1 * PR_USEC_PER_SEC, 1, 3);
   ClearStats();
   Init();
 }
@@ -240,27 +219,12 @@ void TlsConnectTestBase::Reset(const std::string& server_name,
   Init();
 }
 
-void TlsConnectTestBase::MakeNewServer() {
-  auto replacement = std::make_shared<TlsAgent>(
-      server_->name(), TlsAgent::SERVER, server_->variant());
-  server_ = replacement;
-  if (version_) {
-    server_->SetVersionRange(version_, version_);
-  }
-  client_->SetPeer(server_);
-  server_->SetPeer(client_);
-  server_->StartConnect();
-}
-
-void TlsConnectTestBase::ExpectResumption(SessionResumptionMode expected,
-                                          uint8_t num_resumptions) {
+void TlsConnectTestBase::ExpectResumption(SessionResumptionMode expected) {
   expected_resumption_mode_ = expected;
   if (expected != RESUME_NONE) {
     client_->ExpectResumption();
     server_->ExpectResumption();
-    expected_resumptions_ = num_resumptions;
   }
-  EXPECT_EQ(expected_resumptions_ == 0, expected == RESUME_NONE);
 }
 
 void TlsConnectTestBase::EnsureTlsSetup() {
@@ -294,11 +258,6 @@ void TlsConnectTestBase::Connect() {
   CheckConnected();
 }
 
-void TlsConnectTestBase::StartConnect() {
-  server_->StartConnect(server_model_ ? server_model_->ssl_fd() : nullptr);
-  client_->StartConnect(client_model_ ? client_model_->ssl_fd() : nullptr);
-}
-
 void TlsConnectTestBase::ConnectWithCipherSuite(uint16_t cipher_suite) {
   EnsureTlsSetup();
   client_->EnableSingleCipher(cipher_suite);
@@ -315,19 +274,6 @@ void TlsConnectTestBase::ConnectWithCipherSuite(uint16_t cipher_suite) {
 }
 
 void TlsConnectTestBase::CheckConnected() {
-  // Have the client read handshake twice to make sure we get the
-  // NST and the ACK.
-  if (client_->version() >= SSL_LIBRARY_VERSION_TLS_1_3 &&
-      variant_ == ssl_variant_datagram) {
-    client_->Handshake();
-    client_->Handshake();
-    auto suites = SSLInt_CountCipherSpecs(client_->ssl_fd());
-    // Verify that we dropped the client's retransmission cipher suites.
-    EXPECT_EQ(2, suites) << "Client has the wrong number of suites";
-    if (suites != 2) {
-      SSLInt_PrintCipherSpecs("client", client_->ssl_fd());
-    }
-  }
   EXPECT_EQ(client_->version(), server_->version());
   if (!skip_version_checks_) {
     // Check the version is as expected
@@ -368,12 +314,10 @@ void TlsConnectTestBase::CheckConnected() {
 void TlsConnectTestBase::CheckKeys(SSLKEAType kea_type, SSLNamedGroup kea_group,
                                    SSLAuthType auth_type,
                                    SSLSignatureScheme sig_scheme) const {
-  if (kea_group != ssl_grp_none) {
-    client_->CheckKEA(kea_type, kea_group);
-    server_->CheckKEA(kea_type, kea_group);
-  }
-  server_->CheckAuthType(auth_type, sig_scheme);
+  client_->CheckKEA(kea_type, kea_group);
+  server_->CheckKEA(kea_type, kea_group);
   client_->CheckAuthType(auth_type, sig_scheme);
+  server_->CheckAuthType(auth_type, sig_scheme);
 }
 
 void TlsConnectTestBase::CheckKeys(SSLKEAType kea_type,
@@ -428,19 +372,9 @@ void TlsConnectTestBase::CheckKeys() const {
   CheckKeys(ssl_kea_ecdh, ssl_auth_rsa_sign);
 }
 
-void TlsConnectTestBase::CheckKeysResumption(SSLKEAType kea_type,
-                                             SSLNamedGroup kea_group,
-                                             SSLNamedGroup original_kea_group,
-                                             SSLAuthType auth_type,
-                                             SSLSignatureScheme sig_scheme) {
-  CheckKeys(kea_type, kea_group, auth_type, sig_scheme);
-  EXPECT_TRUE(expected_resumption_mode_ != RESUME_NONE);
-  client_->CheckOriginalKEA(original_kea_group);
-  server_->CheckOriginalKEA(original_kea_group);
-}
-
 void TlsConnectTestBase::ConnectExpectFail() {
-  StartConnect();
+  server_->StartConnect();
+  client_->StartConnect();
   Handshake();
   ASSERT_EQ(TlsAgent::STATE_ERROR, client_->state());
   ASSERT_EQ(TlsAgent::STATE_ERROR, server_->state());
@@ -461,7 +395,8 @@ void TlsConnectTestBase::ConnectExpectAlert(std::shared_ptr<TlsAgent>& sender,
 }
 
 void TlsConnectTestBase::ConnectExpectFailOneSide(TlsAgent::Role failing_side) {
-  StartConnect();
+  server_->StartConnect();
+  client_->StartConnect();
   client_->SetServerKeyBits(server_->server_key_bits());
   client_->Handshake();
   server_->Handshake();
@@ -520,33 +455,29 @@ void TlsConnectTestBase::EnableSomeEcdhCiphers() {
   }
 }
 
-void TlsConnectTestBase::ConfigureSelfEncrypt() {
-  ScopedCERTCertificate cert;
-  ScopedSECKEYPrivateKey privKey;
-  ASSERT_TRUE(
-      TlsAgent::LoadCertificate(TlsAgent::kServerRsaDecrypt, &cert, &privKey));
-
-  ScopedSECKEYPublicKey pubKey(CERT_ExtractPublicKey(cert.get()));
-  ASSERT_TRUE(pubKey);
-
-  EXPECT_EQ(SECSuccess,
-            SSL_SetSessionTicketKeyPair(pubKey.get(), privKey.get()));
-}
-
 void TlsConnectTestBase::ConfigureSessionCache(SessionResumptionMode client,
                                                SessionResumptionMode server) {
   client_->ConfigureSessionCache(client);
   server_->ConfigureSessionCache(server);
   if ((server & RESUME_TICKET) != 0) {
-    ConfigureSelfEncrypt();
+    ScopedCERTCertificate cert;
+    ScopedSECKEYPrivateKey privKey;
+    ASSERT_TRUE(TlsAgent::LoadCertificate(TlsAgent::kServerRsaDecrypt, &cert,
+                                          &privKey));
+
+    ScopedSECKEYPublicKey pubKey(CERT_ExtractPublicKey(cert.get()));
+    ASSERT_TRUE(pubKey);
+
+    EXPECT_EQ(SECSuccess,
+              SSL_SetSessionTicketKeyPair(pubKey.get(), privKey.get()));
   }
 }
 
 void TlsConnectTestBase::CheckResumption(SessionResumptionMode expected) {
   EXPECT_NE(RESUME_BOTH, expected);
 
-  int resume_count = expected ? expected_resumptions_ : 0;
-  int stateless_count = (expected & RESUME_TICKET) ? expected_resumptions_ : 0;
+  int resume_count = expected ? 1 : 0;
+  int stateless_count = (expected & RESUME_TICKET) ? 1 : 0;
 
   // Note: hch == server counter; hsh == client counter.
   SSL3Statistics* stats = SSL_GetStatistics();
@@ -559,7 +490,7 @@ void TlsConnectTestBase::CheckResumption(SessionResumptionMode expected) {
   if (expected != RESUME_NONE) {
     if (client_->version() < SSL_LIBRARY_VERSION_TLS_1_3) {
       // Check that the last two session ids match.
-      ASSERT_EQ(1U + expected_resumptions_, session_ids_.size());
+      ASSERT_EQ(2U, session_ids_.size());
       EXPECT_EQ(session_ids_[session_ids_.size() - 1],
                 session_ids_[session_ids_.size() - 2]);
     } else {
@@ -609,28 +540,31 @@ void TlsConnectTestBase::CheckSrtp() const {
   server_->CheckSrtp();
 }
 
-void TlsConnectTestBase::SendReceive(size_t total) {
-  ASSERT_GT(total, client_->received_bytes());
-  ASSERT_GT(total, server_->received_bytes());
-  client_->SendData(total - server_->received_bytes());
-  server_->SendData(total - client_->received_bytes());
-  Receive(total);  // Receive() is cumulative
+void TlsConnectTestBase::SendReceive() {
+  client_->SendData(50);
+  server_->SendData(50);
+  Receive(50);
 }
 
 // Do a first connection so we can do 0-RTT on the second one.
 void TlsConnectTestBase::SetupForZeroRtt() {
-  // If we don't do this, then all 0-RTT attempts will be rejected.
-  SSLInt_RolloverAntiReplay();
-
   ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
-  ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
+  client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
+                           SSL_LIBRARY_VERSION_TLS_1_3);
+  server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
+                           SSL_LIBRARY_VERSION_TLS_1_3);
   server_->Set0RttEnabled(true);  // So we signal that we allow 0-RTT.
   Connect();
   SendReceive();  // Need to read so that we absorb the session ticket.
   CheckKeys();
 
   Reset();
-  StartConnect();
+  client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
+                           SSL_LIBRARY_VERSION_TLS_1_3);
+  server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
+                           SSL_LIBRARY_VERSION_TLS_1_3);
+  server_->StartConnect();
+  client_->StartConnect();
 }
 
 // Do a first connection so we can do resumption
@@ -650,6 +584,10 @@ void TlsConnectTestBase::ZeroRttSendReceive(
   const char* k0RttData = "ABCDEF";
   const PRInt32 k0RttDataLen = static_cast<PRInt32>(strlen(k0RttData));
 
+  if (expect_writable && expect_readable) {
+    ExpectAlert(client_, kTlsAlertEndOfEarlyData);
+  }
+
   client_->Handshake();  // Send ClientHello.
   if (post_clienthello_check) {
     if (!post_clienthello_check()) return;
@@ -661,7 +599,7 @@ void TlsConnectTestBase::ZeroRttSendReceive(
   } else {
     EXPECT_EQ(SECFailure, rv);
   }
-  server_->Handshake();  // Consume ClientHello
+  server_->Handshake();  // Consume ClientHello, EE, Finished.
 
   std::vector<uint8_t> buf(k0RttDataLen);
   rv = PR_Read(server_->ssl_fd(), buf.data(), k0RttDataLen);  // 0-RTT read
@@ -715,30 +653,6 @@ void TlsConnectTestBase::SkipVersionChecks() {
   server_->SkipVersionChecks();
 }
 
-// Shift the DTLS timers, to the minimum time necessary to let the next timer
-// run on either client or server.  This allows tests to skip waiting without
-// having timers run out of order.
-void TlsConnectTestBase::ShiftDtlsTimers() {
-  PRIntervalTime time_shift = PR_INTERVAL_NO_TIMEOUT;
-  PRIntervalTime time;
-  SECStatus rv = DTLS_GetHandshakeTimeout(client_->ssl_fd(), &time);
-  if (rv == SECSuccess) {
-    time_shift = time;
-  }
-  rv = DTLS_GetHandshakeTimeout(server_->ssl_fd(), &time);
-  if (rv == SECSuccess &&
-      (time < time_shift || time_shift == PR_INTERVAL_NO_TIMEOUT)) {
-    time_shift = time;
-  }
-
-  if (time_shift == PR_INTERVAL_NO_TIMEOUT) {
-    return;
-  }
-
-  EXPECT_EQ(SECSuccess, SSLInt_ShiftDtlsTimers(client_->ssl_fd(), time_shift));
-  EXPECT_EQ(SECSuccess, SSLInt_ShiftDtlsTimers(server_->ssl_fd(), time_shift));
-}
-
 TlsConnectGeneric::TlsConnectGeneric()
     : TlsConnectTestBase(std::get<0>(GetParam()), std::get<1>(GetParam())) {}
 
@@ -777,15 +691,11 @@ void TlsKeyExchangeTest::ConfigNamedGroups(
 }
 
 std::vector<SSLNamedGroup> TlsKeyExchangeTest::GetGroupDetails(
-    const std::shared_ptr<TlsExtensionCapture>& capture) {
-  EXPECT_TRUE(capture->captured());
-  const DataBuffer& ext = capture->extension();
-
+    const DataBuffer& ext) {
   uint32_t tmp = 0;
   EXPECT_TRUE(ext.Read(0, 2, &tmp));
   EXPECT_EQ(ext.len() - 2, static_cast<size_t>(tmp));
   EXPECT_TRUE(ext.len() % 2 == 0);
-
   std::vector<SSLNamedGroup> groups;
   for (size_t i = 1; i < ext.len() / 2; i += 1) {
     EXPECT_TRUE(ext.Read(2 * i, 2, &tmp));
@@ -795,14 +705,10 @@ std::vector<SSLNamedGroup> TlsKeyExchangeTest::GetGroupDetails(
 }
 
 std::vector<SSLNamedGroup> TlsKeyExchangeTest::GetShareDetails(
-    const std::shared_ptr<TlsExtensionCapture>& capture) {
-  EXPECT_TRUE(capture->captured());
-  const DataBuffer& ext = capture->extension();
-
+    const DataBuffer& ext) {
   uint32_t tmp = 0;
   EXPECT_TRUE(ext.Read(0, 2, &tmp));
   EXPECT_EQ(ext.len() - 2, static_cast<size_t>(tmp));
-
   std::vector<SSLNamedGroup> shares;
   size_t i = 2;
   while (i < ext.len()) {
@@ -818,15 +724,17 @@ std::vector<SSLNamedGroup> TlsKeyExchangeTest::GetShareDetails(
 void TlsKeyExchangeTest::CheckKEXDetails(
     const std::vector<SSLNamedGroup>& expected_groups,
     const std::vector<SSLNamedGroup>& expected_shares, bool expect_hrr) {
-  std::vector<SSLNamedGroup> groups = GetGroupDetails(groups_capture_);
+  std::vector<SSLNamedGroup> groups =
+      GetGroupDetails(groups_capture_->extension());
   EXPECT_EQ(expected_groups, groups);
 
   if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) {
     ASSERT_LT(0U, expected_shares.size());
-    std::vector<SSLNamedGroup> shares = GetShareDetails(shares_capture_);
+    std::vector<SSLNamedGroup> shares =
+        GetShareDetails(shares_capture_->extension());
     EXPECT_EQ(expected_shares, shares);
   } else {
-    EXPECT_FALSE(shares_capture_->captured());
+    EXPECT_EQ(0U, shares_capture_->extension().len());
   }
 
   EXPECT_EQ(expect_hrr, capture_hrr_->buffer().len() != 0);
@@ -848,6 +756,8 @@ void TlsKeyExchangeTest::CheckKEXDetails(
     EXPECT_NE(expected_share2, it);
   }
   std::vector<SSLNamedGroup> expected_shares2 = {expected_share2};
-  EXPECT_EQ(expected_shares2, GetShareDetails(shares_capture2_));
+  std::vector<SSLNamedGroup> shares =
+      GetShareDetails(shares_capture2_->extension());
+  EXPECT_EQ(expected_shares2, shares);
 }
 }  // namespace nss_test
diff --git a/security/nss/gtests/ssl_gtest/tls_connect.h b/security/nss/gtests/ssl_gtest/tls_connect.h
index c650dda1d..73e8dc81a 100644
--- a/security/nss/gtests/ssl_gtest/tls_connect.h
+++ b/security/nss/gtests/ssl_gtest/tls_connect.h
@@ -61,11 +61,7 @@ class TlsConnectTestBase : public ::testing::Test {
   // Reset, and update the certificate names on both peers
   void Reset(const std::string& server_name,
              const std::string& client_name = "client");
-  // Replace the server.
-  void MakeNewServer();
 
-  // Set up
-  void StartConnect();
   // Run the handshake.
   void Handshake();
   // Connect and check that it works.
@@ -85,28 +81,20 @@ class TlsConnectTestBase : public ::testing::Test {
   void CheckKeys(SSLKEAType kea_type, SSLAuthType auth_type) const;
   // This version assumes defaults.
   void CheckKeys() const;
-  // Check that keys on resumed sessions.
-  void CheckKeysResumption(SSLKEAType kea_type, SSLNamedGroup kea_group,
-                           SSLNamedGroup original_kea_group,
-                           SSLAuthType auth_type,
-                           SSLSignatureScheme sig_scheme);
   void CheckGroups(const DataBuffer& groups,
                    std::function<void(SSLNamedGroup)> check_group);
   void CheckShares(const DataBuffer& shares,
                    std::function<void(SSLNamedGroup)> check_group);
-  void CheckEpochs(uint16_t client_epoch, uint16_t server_epoch) const;
 
   void ConfigureVersion(uint16_t version);
   void SetExpectedVersion(uint16_t version);
   // Expect resumption of a particular type.
-  void ExpectResumption(SessionResumptionMode expected,
-                        uint8_t num_resumed = 1);
+  void ExpectResumption(SessionResumptionMode expected);
   void DisableAllCiphers();
   void EnableOnlyStaticRsaCiphers();
   void EnableOnlyDheCiphers();
   void EnableSomeEcdhCiphers();
   void EnableExtendedMasterSecret();
-  void ConfigureSelfEncrypt();
   void ConfigureSessionCache(SessionResumptionMode client,
                              SessionResumptionMode server);
   void EnableAlpn();
@@ -115,7 +103,7 @@ class TlsConnectTestBase : public ::testing::Test {
   void CheckAlpn(const std::string& val);
   void EnableSrtp();
   void CheckSrtp() const;
-  void SendReceive(size_t total = 50);
+  void SendReceive();
   void SetupForZeroRtt();
   void SetupForResume();
   void ZeroRttSendReceive(
@@ -127,9 +115,6 @@ class TlsConnectTestBase : public ::testing::Test {
   void DisableECDHEServerKeyReuse();
   void SkipVersionChecks();
 
-  // Move the DTLS timers for both endpoints to pop the next timer.
-  void ShiftDtlsTimers();
-
  protected:
   SSLProtocolVariant variant_;
   std::shared_ptr<TlsAgent> client_;
@@ -138,7 +123,6 @@ class TlsConnectTestBase : public ::testing::Test {
   std::unique_ptr<TlsAgent> server_model_;
   uint16_t version_;
   SessionResumptionMode expected_resumption_mode_;
-  uint8_t expected_resumptions_;
   std::vector<std::vector<uint8_t>> session_ids_;
 
   // A simple value of "a", "b".  Note that the preferred value of "a" is placed
@@ -260,11 +244,6 @@ class TlsConnectDatagram13 : public TlsConnectTestBase {
       : TlsConnectTestBase(ssl_variant_datagram, SSL_LIBRARY_VERSION_TLS_1_3) {}
 };
 
-class TlsConnectDatagramPre13 : public TlsConnectDatagram {
- public:
-  TlsConnectDatagramPre13() {}
-};
-
 // A variant that is used only with Pre13.
 class TlsConnectGenericPre13 : public TlsConnectGeneric {};
 
@@ -277,10 +256,8 @@ class TlsKeyExchangeTest : public TlsConnectGeneric {
 
   void EnsureKeyShareSetup();
   void ConfigNamedGroups(const std::vector<SSLNamedGroup>& groups);
-  std::vector<SSLNamedGroup> GetGroupDetails(
-      const std::shared_ptr<TlsExtensionCapture>& capture);
-  std::vector<SSLNamedGroup> GetShareDetails(
-      const std::shared_ptr<TlsExtensionCapture>& capture);
+  std::vector<SSLNamedGroup> GetGroupDetails(const DataBuffer& ext);
+  std::vector<SSLNamedGroup> GetShareDetails(const DataBuffer& ext);
   void CheckKEXDetails(const std::vector<SSLNamedGroup>& expectedGroups,
                        const std::vector<SSLNamedGroup>& expectedShares);
   void CheckKEXDetails(const std::vector<SSLNamedGroup>& expectedGroups,
diff --git a/security/nss/gtests/ssl_gtest/tls_filter.cc b/security/nss/gtests/ssl_gtest/tls_filter.cc
index 89f201295..76d9aaaff 100644
--- a/security/nss/gtests/ssl_gtest/tls_filter.cc
+++ b/security/nss/gtests/ssl_gtest/tls_filter.cc
@@ -12,7 +12,6 @@ extern "C" {
 #include "libssl_internals.h"
 }
 
-#include <cassert>
 #include <iostream>
 #include "gtest_utils.h"
 #include "tls_agent.h"
@@ -58,22 +57,17 @@ void TlsRecordFilter::CipherSpecChanged(void* arg, PRBool sending,
   PRBool isServer = self->agent()->role() == TlsAgent::SERVER;
 
   if (g_ssl_gtest_verbose) {
-    std::cerr << (isServer ? "server" : "client") << ": "
-              << (sending ? "send" : "receive")
-              << " cipher spec changed:  " << newSpec->epoch << " ("
-              << newSpec->phase << ")" << std::endl;
-  }
-  if (!sending) {
-    return;
+    std::cerr << "Cipher spec changed. Role="
+              << (isServer ? "server" : "client")
+              << " direction=" << (sending ? "send" : "receive") << std::endl;
   }
+  if (!sending) return;
 
-  self->in_sequence_number_ = 0;
-  self->out_sequence_number_ = 0;
-  self->dropped_record_ = false;
   self->cipher_spec_.reset(new TlsCipherSpec());
-  bool ret = self->cipher_spec_->Init(
-      SSLInt_CipherSpecToEpoch(newSpec), SSLInt_CipherSpecToAlgorithm(newSpec),
-      SSLInt_CipherSpecToKey(newSpec), SSLInt_CipherSpecToIv(newSpec));
+  bool ret =
+      self->cipher_spec_->Init(SSLInt_CipherSpecToAlgorithm(isServer, newSpec),
+                               SSLInt_CipherSpecToKey(isServer, newSpec),
+                               SSLInt_CipherSpecToIv(isServer, newSpec));
   EXPECT_EQ(true, ret);
 }
 
@@ -89,23 +83,11 @@ PacketFilter::Action TlsRecordFilter::Filter(const DataBuffer& input,
     TlsRecordHeader header;
     DataBuffer record;
 
-    if (!header.Parse(in_sequence_number_, &parser, &record)) {
+    if (!header.Parse(&parser, &record)) {
       ADD_FAILURE() << "not a valid record";
       return KEEP;
     }
 
-    // Track the sequence number, which is necessary for stream mode (the
-    // sequence number is in the header for datagram).
-    //
-    // This isn't perfectly robust.  If there is a change from an active cipher
-    // spec to another active cipher spec (KeyUpdate for instance) AND writes
-    // are consolidated across that change AND packets were dropped from the
-    // older epoch, we will not correctly re-encrypt records in the old epoch to
-    // update their sequence numbers.
-    if (cipher_spec_ && header.content_type() == kTlsApplicationDataType) {
-      ++in_sequence_number_;
-    }
-
     if (FilterRecord(header, record, &offset, output) != KEEP) {
       changed = true;
     } else {
@@ -138,49 +120,30 @@ PacketFilter::Action TlsRecordFilter::FilterRecord(
                                  header.sequence_number()};
 
   PacketFilter::Action action = FilterRecord(real_header, plaintext, &filtered);
-  // In stream mode, even if something doesn't change we need to re-encrypt if
-  // previous packets were dropped.
   if (action == KEEP) {
-    if (header.is_dtls() || !dropped_record_) {
-      return KEEP;
-    }
-    filtered = plaintext;
+    return KEEP;
   }
 
   if (action == DROP) {
-    std::cerr << "record drop: " << header << ":" << record << std::endl;
-    dropped_record_ = true;
+    std::cerr << "record drop: " << record << std::endl;
     return DROP;
   }
 
   EXPECT_GT(0x10000U, filtered.len());
-  if (action != KEEP) {
-    std::cerr << "record old: " << plaintext << std::endl;
-    std::cerr << "record new: " << filtered << std::endl;
-  }
-
-  uint64_t seq_num;
-  if (header.is_dtls() || !cipher_spec_ ||
-      header.content_type() != kTlsApplicationDataType) {
-    seq_num = header.sequence_number();
-  } else {
-    seq_num = out_sequence_number_++;
-  }
-  TlsRecordHeader out_header = {header.version(), header.content_type(),
-                                seq_num};
+  std::cerr << "record old: " << plaintext << std::endl;
+  std::cerr << "record new: " << filtered << std::endl;
 
   DataBuffer ciphertext;
-  bool rv = Protect(out_header, inner_content_type, filtered, &ciphertext);
+  bool rv = Protect(header, inner_content_type, filtered, &ciphertext);
   EXPECT_TRUE(rv);
   if (!rv) {
     return KEEP;
   }
-  *offset = out_header.Write(output, *offset, ciphertext);
+  *offset = header.Write(output, *offset, ciphertext);
   return CHANGE;
 }
 
-bool TlsRecordHeader::Parse(uint64_t sequence_number, TlsParser* parser,
-                            DataBuffer* body) {
+bool TlsRecordHeader::Parse(TlsParser* parser, DataBuffer* body) {
   if (!parser->Read(&content_type_)) {
     return false;
   }
@@ -191,7 +154,7 @@ bool TlsRecordHeader::Parse(uint64_t sequence_number, TlsParser* parser,
   }
   version_ = version;
 
-  // If this is DTLS, overwrite the sequence number.
+  sequence_number_ = 0;
   if (IsDtls(version)) {
     uint32_t tmp;
     if (!parser->Read(&tmp, 4)) {
@@ -202,8 +165,6 @@ bool TlsRecordHeader::Parse(uint64_t sequence_number, TlsParser* parser,
       return false;
     }
     sequence_number_ |= static_cast<uint64_t>(tmp);
-  } else {
-    sequence_number_ = sequence_number;
   }
   return parser->ReadVariable(body, 2);
 }
@@ -232,9 +193,7 @@ bool TlsRecordFilter::Unprotect(const TlsRecordHeader& header,
     return true;
   }
 
-  if (!cipher_spec_->Unprotect(header, ciphertext, plaintext)) {
-    return false;
-  }
+  if (!cipher_spec_->Unprotect(header, ciphertext, plaintext)) return false;
 
   size_t len = plaintext->len();
   while (len > 0 && !plaintext->data()[len - 1]) {
@@ -247,11 +206,6 @@ bool TlsRecordFilter::Unprotect(const TlsRecordHeader& header,
 
   *inner_content_type = plaintext->data()[len - 1];
   plaintext->Truncate(len - 1);
-  if (g_ssl_gtest_verbose) {
-    std::cerr << "unprotect: " << std::hex << header.sequence_number()
-              << std::dec << " type=" << static_cast<int>(*inner_content_type)
-              << " " << *plaintext << std::endl;
-  }
 
   return true;
 }
@@ -264,44 +218,16 @@ bool TlsRecordFilter::Protect(const TlsRecordHeader& header,
     *ciphertext = plaintext;
     return true;
   }
-  if (g_ssl_gtest_verbose) {
-    std::cerr << "protect: " << header.sequence_number() << std::endl;
-  }
   DataBuffer padded = plaintext;
   padded.Write(padded.len(), inner_content_type, 1);
   return cipher_spec_->Protect(header, padded, ciphertext);
 }
 
-bool IsHelloRetry(const DataBuffer& body) {
-  static const uint8_t ssl_hello_retry_random[] = {
-      0xCF, 0x21, 0xAD, 0x74, 0xE5, 0x9A, 0x61, 0x11, 0xBE, 0x1D, 0x8C,
-      0x02, 0x1E, 0x65, 0xB8, 0x91, 0xC2, 0xA2, 0x11, 0x16, 0x7A, 0xBB,
-      0x8C, 0x5E, 0x07, 0x9E, 0x09, 0xE2, 0xC8, 0xA8, 0x33, 0x9C};
-  return memcmp(body.data() + 2, ssl_hello_retry_random,
-                sizeof(ssl_hello_retry_random)) == 0;
-}
-
-bool TlsHandshakeFilter::IsFilteredType(const HandshakeHeader& header,
-                                        const DataBuffer& body) {
-  if (handshake_types_.empty()) {
-    return true;
-  }
-
-  uint8_t type = header.handshake_type();
-  if (type == kTlsHandshakeServerHello) {
-    if (IsHelloRetry(body)) {
-      type = kTlsHandshakeHelloRetryRequest;
-    }
-  }
-  return handshake_types_.count(type) > 0U;
-}
-
 PacketFilter::Action TlsHandshakeFilter::FilterRecord(
     const TlsRecordHeader& record_header, const DataBuffer& input,
     DataBuffer* output) {
   // Check that the first byte is as requested.
-  if ((record_header.content_type() != kTlsHandshakeType) &&
-      (record_header.content_type() != kTlsAltHandshakeType)) {
+  if (record_header.content_type() != kTlsHandshakeType) {
     return KEEP;
   }
 
@@ -313,29 +239,12 @@ PacketFilter::Action TlsHandshakeFilter::FilterRecord(
   while (parser.remaining()) {
     HandshakeHeader header;
     DataBuffer handshake;
-    bool complete = false;
-    if (!header.Parse(&parser, record_header, preceding_fragment_, &handshake,
-                      &complete)) {
+    if (!header.Parse(&parser, record_header, &handshake)) {
       return KEEP;
     }
 
-    if (!complete) {
-      EXPECT_TRUE(record_header.is_dtls());
-      // Save the fragment and drop it from this record.  Fragments are
-      // coalesced with the last fragment of the handshake message.
-      changed = true;
-      preceding_fragment_.Assign(handshake);
-      continue;
-    }
-    preceding_fragment_.Truncate(0);
-
     DataBuffer filtered;
-    PacketFilter::Action action;
-    if (!IsFilteredType(header, handshake)) {
-      action = KEEP;
-    } else {
-      action = FilterHandshake(header, handshake, &filtered);
-    }
+    PacketFilter::Action action = FilterHandshake(header, handshake, &filtered);
     if (action == DROP) {
       changed = true;
       std::cerr << "handshake drop: " << handshake << std::endl;
@@ -349,8 +258,6 @@ PacketFilter::Action TlsHandshakeFilter::FilterRecord(
       std::cerr << "handshake old: " << handshake << std::endl;
       std::cerr << "handshake new: " << filtered << std::endl;
       source = &filtered;
-    } else if (preceding_fragment_.len()) {
-      changed = true;
     }
 
     offset = header.Write(output, offset, *source);
@@ -360,16 +267,12 @@ PacketFilter::Action TlsHandshakeFilter::FilterRecord(
 }
 
 bool TlsHandshakeFilter::HandshakeHeader::ReadLength(
-    TlsParser* parser, const TlsRecordHeader& header, uint32_t expected_offset,
-    uint32_t* length, bool* last_fragment) {
-  uint32_t message_length;
-  if (!parser->Read(&message_length, 3)) {
+    TlsParser* parser, const TlsRecordHeader& header, uint32_t* length) {
+  if (!parser->Read(length, 3)) {
     return false;  // malformed
   }
 
   if (!header.is_dtls()) {
-    *last_fragment = true;
-    *length = message_length;
     return true;  // nothing left to do
   }
 
@@ -380,50 +283,32 @@ bool TlsHandshakeFilter::HandshakeHeader::ReadLength(
   }
   message_seq_ = message_seq_tmp;
 
-  uint32_t offset = 0;
-  if (!parser->Read(&offset, 3)) {
-    return false;
-  }
-  // We only parse if the fragments are all complete and in order.
-  if (offset != expected_offset) {
-    EXPECT_NE(0U, header.epoch())
-        << "Received out of order handshake fragment for epoch 0";
+  uint32_t fragment_offset;
+  if (!parser->Read(&fragment_offset, 3)) {
     return false;
   }
 
-  // For DTLS, we return the length of just this fragment.
-  if (!parser->Read(length, 3)) {
+  uint32_t fragment_length;
+  if (!parser->Read(&fragment_length, 3)) {
     return false;
   }
 
-  // It's a fragment if the entire message is longer than what we have.
-  *last_fragment = message_length == (*length + offset);
-  return true;
+  // All current tests where we are using this code don't fragment.
+  return (fragment_offset == 0 && fragment_length == *length);
 }
 
 bool TlsHandshakeFilter::HandshakeHeader::Parse(
-    TlsParser* parser, const TlsRecordHeader& record_header,
-    const DataBuffer& preceding_fragment, DataBuffer* body, bool* complete) {
-  *complete = false;
-
+    TlsParser* parser, const TlsRecordHeader& record_header, DataBuffer* body) {
   version_ = record_header.version();
   if (!parser->Read(&handshake_type_)) {
     return false;  // malformed
   }
-
   uint32_t length;
-  if (!ReadLength(parser, record_header, preceding_fragment.len(), &length,
-                  complete)) {
+  if (!ReadLength(parser, record_header, &length)) {
     return false;
   }
 
-  if (!parser->Read(body, length)) {
-    return false;
-  }
-  if (preceding_fragment.len()) {
-    body->Splice(preceding_fragment, 0);
-  }
-  return true;
+  return parser->Read(body, length);
 }
 
 size_t TlsHandshakeFilter::HandshakeHeader::WriteFragment(
@@ -460,23 +345,20 @@ PacketFilter::Action TlsInspectorRecordHandshakeMessage::FilterHandshake(
     return KEEP;
   }
 
-  buffer_ = input;
+  if (header.handshake_type() == handshake_type_) {
+    buffer_ = input;
+  }
   return KEEP;
 }
 
 PacketFilter::Action TlsInspectorReplaceHandshakeMessage::FilterHandshake(
     const HandshakeHeader& header, const DataBuffer& input,
     DataBuffer* output) {
-  *output = buffer_;
-  return CHANGE;
-}
-
-PacketFilter::Action TlsRecordRecorder::FilterRecord(
-    const TlsRecordHeader& header, const DataBuffer& input,
-    DataBuffer* output) {
-  if (!filter_ || (header.content_type() == ct_)) {
-    records_.push_back({header, input});
+  if (header.handshake_type() == handshake_type_) {
+    *output = buffer_;
+    return CHANGE;
   }
+
   return KEEP;
 }
 
@@ -487,30 +369,15 @@ PacketFilter::Action TlsConversationRecorder::FilterRecord(
   return KEEP;
 }
 
-PacketFilter::Action TlsHeaderRecorder::FilterRecord(
-    const TlsRecordHeader& header, const DataBuffer& input,
-    DataBuffer* output) {
-  headers_.push_back(header);
-  return KEEP;
-}
-
-const TlsRecordHeader* TlsHeaderRecorder::header(size_t index) {
-  if (index > headers_.size() + 1) {
-    return nullptr;
-  }
-  return &headers_[index];
-}
-
 PacketFilter::Action ChainedPacketFilter::Filter(const DataBuffer& input,
                                                  DataBuffer* output) {
   DataBuffer in(input);
   bool changed = false;
   for (auto it = filters_.begin(); it != filters_.end(); ++it) {
-    PacketFilter::Action action = (*it)->Process(in, output);
+    PacketFilter::Action action = (*it)->Filter(in, output);
     if (action == DROP) {
       return DROP;
     }
-
     if (action == CHANGE) {
       in = *output;
       changed = true;
@@ -563,6 +430,15 @@ bool FindServerHelloExtensions(TlsParser* parser, const TlsVersioned& header) {
   return true;
 }
 
+static bool FindHelloRetryExtensions(TlsParser* parser,
+                                     const TlsVersioned& header) {
+  // TODO for -19 add cipher suite
+  if (!parser->Skip(2)) {  // version
+    return false;
+  }
+  return true;
+}
+
 bool FindEncryptedExtensions(TlsParser* parser, const TlsVersioned& header) {
   return true;
 }
@@ -572,6 +448,13 @@ static bool FindCertReqExtensions(TlsParser* parser,
   if (!parser->SkipVariable(1)) {  // request context
     return false;
   }
+  // TODO remove the next two for -19
+  if (!parser->SkipVariable(2)) {  // signature_algorithms
+    return false;
+  }
+  if (!parser->SkipVariable(2)) {  // certificate_authorities
+    return false;
+  }
   return true;
 }
 
@@ -595,9 +478,6 @@ static bool FindNewSessionTicketExtensions(TlsParser* parser,
   if (!parser->Skip(8)) {  // lifetime, age add
     return false;
   }
-  if (!parser->SkipVariable(1)) {  // ticket_nonce
-    return false;
-  }
   if (!parser->SkipVariable(2)) {  // ticket
     return false;
   }
@@ -607,6 +487,7 @@ static bool FindNewSessionTicketExtensions(TlsParser* parser,
 static const std::map<uint16_t, TlsExtensionFinder> kExtensionFinders = {
     {kTlsHandshakeClientHello, FindClientHelloExtensions},
     {kTlsHandshakeServerHello, FindServerHelloExtensions},
+    {kTlsHandshakeHelloRetryRequest, FindHelloRetryExtensions},
     {kTlsHandshakeEncryptedExtensions, FindEncryptedExtensions},
     {kTlsHandshakeCertificateRequest, FindCertReqExtensions},
     {kTlsHandshakeCertificate, FindCertificateExtensions},
@@ -624,6 +505,10 @@ bool TlsExtensionFilter::FindExtensions(TlsParser* parser,
 PacketFilter::Action TlsExtensionFilter::FilterHandshake(
     const HandshakeHeader& header, const DataBuffer& input,
     DataBuffer* output) {
+  if (handshake_types_.count(header.handshake_type()) == 0) {
+    return KEEP;
+  }
+
   TlsParser parser(input);
   if (!FindExtensions(&parser, header)) {
     return KEEP;
@@ -725,38 +610,6 @@ PacketFilter::Action TlsExtensionDropper::FilterExtension(
   return KEEP;
 }
 
-PacketFilter::Action TlsExtensionInjector::FilterHandshake(
-    const HandshakeHeader& header, const DataBuffer& input,
-    DataBuffer* output) {
-  TlsParser parser(input);
-  if (!TlsExtensionFilter::FindExtensions(&parser, header)) {
-    return KEEP;
-  }
-  size_t offset = parser.consumed();
-
-  *output = input;
-
-  // Increase the size of the extensions.
-  uint16_t ext_len;
-  memcpy(&ext_len, output->data() + offset, sizeof(ext_len));
-  ext_len = htons(ntohs(ext_len) + data_.len() + 4);
-  memcpy(output->data() + offset, &ext_len, sizeof(ext_len));
-
-  // Insert the extension type and length.
-  DataBuffer type_length;
-  type_length.Allocate(4);
-  type_length.Write(0, extension_, 2);
-  type_length.Write(2, data_.len(), 2);
-  output->Splice(type_length, offset + 2);
-
-  // Insert the payload.
-  if (data_.len() > 0) {
-    output->Splice(data_, offset + 6);
-  }
-
-  return CHANGE;
-}
-
 PacketFilter::Action AfterRecordN::FilterRecord(const TlsRecordHeader& header,
                                                 const DataBuffer& body,
                                                 DataBuffer* out) {
@@ -775,8 +628,10 @@ PacketFilter::Action AfterRecordN::FilterRecord(const TlsRecordHeader& header,
 PacketFilter::Action TlsInspectorClientHelloVersionChanger::FilterHandshake(
     const HandshakeHeader& header, const DataBuffer& input,
     DataBuffer* output) {
-  EXPECT_EQ(SECSuccess,
-            SSLInt_IncrementClientHandshakeVersion(server_.lock()->ssl_fd()));
+  if (header.handshake_type() == kTlsHandshakeClientKeyExchange) {
+    EXPECT_EQ(SECSuccess,
+              SSLInt_IncrementClientHandshakeVersion(server_.lock()->ssl_fd()));
+  }
   return KEEP;
 }
 
@@ -788,49 +643,15 @@ PacketFilter::Action SelectiveDropFilter::Filter(const DataBuffer& input,
   return ((1 << counter_++) & pattern_) ? DROP : KEEP;
 }
 
-PacketFilter::Action SelectiveRecordDropFilter::FilterRecord(
-    const TlsRecordHeader& header, const DataBuffer& data,
-    DataBuffer* changed) {
-  if (counter_ >= 32) {
-    return KEEP;
-  }
-  return ((1 << counter_++) & pattern_) ? DROP : KEEP;
-}
-
-/* static */ uint32_t SelectiveRecordDropFilter::ToPattern(
-    std::initializer_list<size_t> records) {
-  uint32_t pattern = 0;
-  for (auto it = records.begin(); it != records.end(); ++it) {
-    EXPECT_GT(32U, *it);
-    assert(*it < 32U);
-    pattern |= 1 << *it;
-  }
-  return pattern;
-}
-
 PacketFilter::Action TlsInspectorClientHelloVersionSetter::FilterHandshake(
     const HandshakeHeader& header, const DataBuffer& input,
     DataBuffer* output) {
-  *output = input;
-  output->Write(0, version_, 2);
-  return CHANGE;
-}
-
-PacketFilter::Action SelectedCipherSuiteReplacer::FilterHandshake(
-    const HandshakeHeader& header, const DataBuffer& input,
-    DataBuffer* output) {
-  *output = input;
-  uint32_t temp = 0;
-  EXPECT_TRUE(input.Read(0, 2, &temp));
-  // Cipher suite is after version(2) and random(32).
-  size_t pos = 34;
-  if (temp < SSL_LIBRARY_VERSION_TLS_1_3) {
-    // In old versions, we have to skip a session_id too.
-    EXPECT_TRUE(input.Read(pos, 1, &temp));
-    pos += 1 + temp;
-  }
-  output->Write(pos, static_cast<uint32_t>(cipher_suite_), 2);
-  return CHANGE;
+  if (header.handshake_type() == kTlsHandshakeClientHello) {
+    *output = input;
+    output->Write(0, version_, 2);
+    return CHANGE;
+  }
+  return KEEP;
 }
 
 }  // namespace nss_test
diff --git a/security/nss/gtests/ssl_gtest/tls_filter.h b/security/nss/gtests/ssl_gtest/tls_filter.h
index 1db3b90f6..e4030e23f 100644
--- a/security/nss/gtests/ssl_gtest/tls_filter.h
+++ b/security/nss/gtests/ssl_gtest/tls_filter.h
@@ -50,13 +50,10 @@ class TlsRecordHeader : public TlsVersioned {
 
   uint8_t content_type() const { return content_type_; }
   uint64_t sequence_number() const { return sequence_number_; }
-  uint16_t epoch() const {
-    return static_cast<uint16_t>(sequence_number_ >> 48);
-  }
-  size_t header_length() const { return is_dtls() ? 13 : 5; }
+  size_t header_length() const { return is_dtls() ? 11 : 3; }
 
   // Parse the header; return true if successful; body in an outparam if OK.
-  bool Parse(uint64_t sequence_number, TlsParser* parser, DataBuffer* body);
+  bool Parse(TlsParser* parser, DataBuffer* body);
   // Write the header and body to a buffer at the given offset.
   // Return the offset of the end of the write.
   size_t Write(DataBuffer* buffer, size_t offset, const DataBuffer& body) const;
@@ -66,21 +63,10 @@ class TlsRecordHeader : public TlsVersioned {
   uint64_t sequence_number_;
 };
 
-struct TlsRecord {
-  const TlsRecordHeader header;
-  const DataBuffer buffer;
-};
-
 // Abstract filter that operates on entire (D)TLS records.
 class TlsRecordFilter : public PacketFilter {
  public:
-  TlsRecordFilter()
-      : agent_(nullptr),
-        count_(0),
-        cipher_spec_(),
-        dropped_record_(false),
-        in_sequence_number_(0),
-        out_sequence_number_(0) {}
+  TlsRecordFilter() : agent_(nullptr), count_(0), cipher_spec_() {}
 
   void SetAgent(const TlsAgent* agent) { agent_ = agent; }
   const TlsAgent* agent() const { return agent_; }
@@ -129,21 +115,14 @@ class TlsRecordFilter : public PacketFilter {
   const TlsAgent* agent_;
   size_t count_;
   std::unique_ptr<TlsCipherSpec> cipher_spec_;
-  // Whether we dropped a record since the cipher spec changed.
-  bool dropped_record_;
-  // The sequence number we use for reading records as they are written.
-  uint64_t in_sequence_number_;
-  // The sequence number we use for writing modified records.
-  uint64_t out_sequence_number_;
 };
 
-inline std::ostream& operator<<(std::ostream& stream, const TlsVersioned& v) {
+inline std::ostream& operator<<(std::ostream& stream, TlsVersioned v) {
   v.WriteStream(stream);
   return stream;
 }
 
-inline std::ostream& operator<<(std::ostream& stream,
-                                const TlsRecordHeader& hdr) {
+inline std::ostream& operator<<(std::ostream& stream, TlsRecordHeader& hdr) {
   hdr.WriteStream(stream);
   stream << ' ';
   switch (hdr.content_type()) {
@@ -154,17 +133,13 @@ inline std::ostream& operator<<(std::ostream& stream,
       stream << "Alert";
       break;
     case kTlsHandshakeType:
-    case kTlsAltHandshakeType:
       stream << "Handshake";
       break;
     case kTlsApplicationDataType:
       stream << "Data";
       break;
-    case kTlsAckType:
-      stream << "ACK";
-      break;
     default:
-      stream << '<' << static_cast<int>(hdr.content_type()) << '>';
+      stream << '<' << hdr.content_type() << '>';
       break;
   }
   return stream << ' ' << std::hex << hdr.sequence_number() << std::dec;
@@ -175,16 +150,7 @@ inline std::ostream& operator<<(std::ostream& stream,
 // records and that they don't span records or anything crazy like that.
 class TlsHandshakeFilter : public TlsRecordFilter {
  public:
-  TlsHandshakeFilter() : handshake_types_(), preceding_fragment_() {}
-  TlsHandshakeFilter(const std::set<uint8_t>& types)
-      : handshake_types_(types), preceding_fragment_() {}
-
-  // This filter can be set to be selective based on handshake message type.  If
-  // this function isn't used (or the set is empty), then all handshake messages
-  // will be filtered.
-  void SetHandshakeTypes(const std::set<uint8_t>& types) {
-    handshake_types_ = types;
-  }
+  TlsHandshakeFilter() {}
 
   class HandshakeHeader : public TlsVersioned {
    public:
@@ -192,8 +158,7 @@ class TlsHandshakeFilter : public TlsRecordFilter {
 
     uint8_t handshake_type() const { return handshake_type_; }
     bool Parse(TlsParser* parser, const TlsRecordHeader& record_header,
-               const DataBuffer& preceding_fragment, DataBuffer* body,
-               bool* complete);
+               DataBuffer* body);
     size_t Write(DataBuffer* buffer, size_t offset,
                  const DataBuffer& body) const;
     size_t WriteFragment(DataBuffer* buffer, size_t offset,
@@ -204,8 +169,7 @@ class TlsHandshakeFilter : public TlsRecordFilter {
     // Reads the length from the record header.
     // This also reads the DTLS fragment information and checks it.
     bool ReadLength(TlsParser* parser, const TlsRecordHeader& header,
-                    uint32_t expected_offset, uint32_t* length,
-                    bool* last_fragment);
+                    uint32_t* length);
 
     uint8_t handshake_type_;
     uint16_t message_seq_;
@@ -221,30 +185,22 @@ class TlsHandshakeFilter : public TlsRecordFilter {
                                                DataBuffer* output) = 0;
 
  private:
-  bool IsFilteredType(const HandshakeHeader& header,
-                      const DataBuffer& handshake);
-
-  std::set<uint8_t> handshake_types_;
-  DataBuffer preceding_fragment_;
 };
 
 // Make a copy of the first instance of a handshake message.
 class TlsInspectorRecordHandshakeMessage : public TlsHandshakeFilter {
  public:
   TlsInspectorRecordHandshakeMessage(uint8_t handshake_type)
-      : TlsHandshakeFilter({handshake_type}), buffer_() {}
-  TlsInspectorRecordHandshakeMessage(const std::set<uint8_t>& handshake_types)
-      : TlsHandshakeFilter(handshake_types), buffer_() {}
+      : handshake_type_(handshake_type), buffer_() {}
 
   virtual PacketFilter::Action FilterHandshake(const HandshakeHeader& header,
                                                const DataBuffer& input,
                                                DataBuffer* output);
 
-  void Reset() { buffer_.Truncate(0); }
-
   const DataBuffer& buffer() const { return buffer_; }
 
  private:
+  uint8_t handshake_type_;
   DataBuffer buffer_;
 };
 
@@ -253,39 +209,17 @@ class TlsInspectorReplaceHandshakeMessage : public TlsHandshakeFilter {
  public:
   TlsInspectorReplaceHandshakeMessage(uint8_t handshake_type,
                                       const DataBuffer& replacement)
-      : TlsHandshakeFilter({handshake_type}), buffer_(replacement) {}
+      : handshake_type_(handshake_type), buffer_(replacement) {}
 
   virtual PacketFilter::Action FilterHandshake(const HandshakeHeader& header,
                                                const DataBuffer& input,
                                                DataBuffer* output);
 
  private:
+  uint8_t handshake_type_;
   DataBuffer buffer_;
 };
 
-// Make a copy of each record of a given type.
-class TlsRecordRecorder : public TlsRecordFilter {
- public:
-  TlsRecordRecorder(uint8_t ct) : filter_(true), ct_(ct), records_() {}
-  TlsRecordRecorder()
-      : filter_(false),
-        ct_(content_handshake),  // dummy (<optional> is C++14)
-        records_() {}
-  virtual PacketFilter::Action FilterRecord(const TlsRecordHeader& header,
-                                            const DataBuffer& input,
-                                            DataBuffer* output);
-
-  size_t count() const { return records_.size(); }
-  void Clear() { records_.clear(); }
-
-  const TlsRecord& record(size_t i) const { return records_[i]; }
-
- private:
-  bool filter_;
-  uint8_t ct_;
-  std::vector<TlsRecord> records_;
-};
-
 // Make a copy of the complete conversation.
 class TlsConversationRecorder : public TlsRecordFilter {
  public:
@@ -296,31 +230,15 @@ class TlsConversationRecorder : public TlsRecordFilter {
                                             DataBuffer* output);
 
  private:
-  DataBuffer buffer_;
+  DataBuffer& buffer_;
 };
 
-// Make a copy of the records
-class TlsHeaderRecorder : public TlsRecordFilter {
- public:
-  virtual PacketFilter::Action FilterRecord(const TlsRecordHeader& header,
-                                            const DataBuffer& input,
-                                            DataBuffer* output);
-  const TlsRecordHeader* header(size_t index);
-
- private:
-  std::vector<TlsRecordHeader> headers_;
-};
-
-typedef std::initializer_list<std::shared_ptr<PacketFilter>>
-    ChainedPacketFilterInit;
-
 // Runs multiple packet filters in series.
 class ChainedPacketFilter : public PacketFilter {
  public:
   ChainedPacketFilter() {}
   ChainedPacketFilter(const std::vector<std::shared_ptr<PacketFilter>> filters)
       : filters_(filters.begin(), filters.end()) {}
-  ChainedPacketFilter(ChainedPacketFilterInit il) : filters_(il) {}
   virtual ~ChainedPacketFilter() {}
 
   virtual PacketFilter::Action Filter(const DataBuffer& input,
@@ -338,13 +256,13 @@ typedef std::function<bool(TlsParser* parser, const TlsVersioned& header)>
 
 class TlsExtensionFilter : public TlsHandshakeFilter {
  public:
-  TlsExtensionFilter()
-      : TlsHandshakeFilter({kTlsHandshakeClientHello, kTlsHandshakeServerHello,
-                            kTlsHandshakeHelloRetryRequest,
-                            kTlsHandshakeEncryptedExtensions}) {}
+  TlsExtensionFilter() : handshake_types_() {
+    handshake_types_.insert(kTlsHandshakeClientHello);
+    handshake_types_.insert(kTlsHandshakeServerHello);
+  }
 
   TlsExtensionFilter(const std::set<uint8_t>& types)
-      : TlsHandshakeFilter(types) {}
+      : handshake_types_(types) {}
 
   static bool FindExtensions(TlsParser* parser, const HandshakeHeader& header);
 
@@ -361,6 +279,8 @@ class TlsExtensionFilter : public TlsHandshakeFilter {
   PacketFilter::Action FilterExtensions(TlsParser* parser,
                                         const DataBuffer& input,
                                         DataBuffer* output);
+
+  std::set<uint8_t> handshake_types_;
 };
 
 class TlsExtensionCapture : public TlsExtensionFilter {
@@ -406,21 +326,6 @@ class TlsExtensionDropper : public TlsExtensionFilter {
   uint16_t extension_;
 };
 
-class TlsExtensionInjector : public TlsHandshakeFilter {
- public:
-  TlsExtensionInjector(uint16_t ext, const DataBuffer& data)
-      : extension_(ext), data_(data) {}
-
- protected:
-  PacketFilter::Action FilterHandshake(const HandshakeHeader& header,
-                                       const DataBuffer& input,
-                                       DataBuffer* output) override;
-
- private:
-  const uint16_t extension_;
-  const DataBuffer data_;
-};
-
 class TlsAgent;
 typedef std::function<void(void)> VoidFunction;
 
@@ -447,7 +352,7 @@ class AfterRecordN : public TlsRecordFilter {
 class TlsInspectorClientHelloVersionChanger : public TlsHandshakeFilter {
  public:
   TlsInspectorClientHelloVersionChanger(std::shared_ptr<TlsAgent>& server)
-      : TlsHandshakeFilter({kTlsHandshakeClientKeyExchange}), server_(server) {}
+      : server_(server) {}
 
   virtual PacketFilter::Action FilterHandshake(const HandshakeHeader& header,
                                                const DataBuffer& input,
@@ -472,47 +377,10 @@ class SelectiveDropFilter : public PacketFilter {
   uint8_t counter_;
 };
 
-// This class selectively drops complete records. The difference from
-// SelectiveDropFilter is that if multiple DTLS records are in the same
-// datagram, we just drop one.
-class SelectiveRecordDropFilter : public TlsRecordFilter {
- public:
-  SelectiveRecordDropFilter(uint32_t pattern, bool enabled = true)
-      : pattern_(pattern), counter_(0) {
-    if (!enabled) {
-      Disable();
-    }
-  }
-  SelectiveRecordDropFilter(std::initializer_list<size_t> records)
-      : SelectiveRecordDropFilter(ToPattern(records), true) {}
-
-  void Reset(uint32_t pattern) {
-    counter_ = 0;
-    PacketFilter::Enable();
-    pattern_ = pattern;
-  }
-
-  void Reset(std::initializer_list<size_t> records) {
-    Reset(ToPattern(records));
-  }
-
- protected:
-  PacketFilter::Action FilterRecord(const TlsRecordHeader& header,
-                                    const DataBuffer& data,
-                                    DataBuffer* changed) override;
-
- private:
-  static uint32_t ToPattern(std::initializer_list<size_t> records);
-
-  uint32_t pattern_;
-  uint8_t counter_;
-};
-
 // Set the version number in the ClientHello.
 class TlsInspectorClientHelloVersionSetter : public TlsHandshakeFilter {
  public:
-  TlsInspectorClientHelloVersionSetter(uint16_t version)
-      : TlsHandshakeFilter({kTlsHandshakeClientHello}), version_(version) {}
+  TlsInspectorClientHelloVersionSetter(uint16_t version) : version_(version) {}
 
   virtual PacketFilter::Action FilterHandshake(const HandshakeHeader& header,
                                                const DataBuffer& input,
@@ -543,20 +411,6 @@ class TlsLastByteDamager : public TlsHandshakeFilter {
   uint8_t type_;
 };
 
-class SelectedCipherSuiteReplacer : public TlsHandshakeFilter {
- public:
-  SelectedCipherSuiteReplacer(uint16_t suite)
-      : TlsHandshakeFilter({kTlsHandshakeServerHello}), cipher_suite_(suite) {}
-
- protected:
-  PacketFilter::Action FilterHandshake(const HandshakeHeader& header,
-                                       const DataBuffer& input,
-                                       DataBuffer* output) override;
-
- private:
-  uint16_t cipher_suite_;
-};
-
 }  // namespace nss_test
 
 #endif
diff --git a/security/nss/gtests/ssl_gtest/tls_hkdf_unittest.cc b/security/nss/gtests/ssl_gtest/tls_hkdf_unittest.cc
index 45f6cf2bd..51ff938b1 100644
--- a/security/nss/gtests/ssl_gtest/tls_hkdf_unittest.cc
+++ b/security/nss/gtests/ssl_gtest/tls_hkdf_unittest.cc
@@ -241,13 +241,13 @@ TEST_P(TlsHkdfTest, HkdfExpandLabel) {
       {/* ssl_hash_md5    */},
       {/* ssl_hash_sha1   */},
       {/* ssl_hash_sha224 */},
-      {0xc6, 0xdd, 0x6e, 0xc4, 0x76, 0xb8, 0x55, 0xf2, 0xa4, 0xfc, 0x59,
-       0x04, 0xa4, 0x90, 0xdc, 0xa7, 0xa7, 0x0d, 0x94, 0x8f, 0xc2, 0xdc,
-       0x15, 0x6d, 0x48, 0x93, 0x9d, 0x05, 0xbb, 0x9a, 0xbc, 0xc1},
-      {0x41, 0xea, 0x77, 0x09, 0x8c, 0x90, 0x04, 0x10, 0xec, 0xbc, 0x37, 0xd8,
-       0x5b, 0x54, 0xcd, 0x7b, 0x08, 0x15, 0x13, 0x20, 0xed, 0x1e, 0x3f, 0x54,
-       0x74, 0xf7, 0x8b, 0x06, 0x38, 0x28, 0x06, 0x37, 0x75, 0x23, 0xa2, 0xb7,
-       0x34, 0xb1, 0x72, 0x2e, 0x59, 0x6d, 0x5a, 0x31, 0xf5, 0x53, 0xab, 0x99}};
+      {0x34, 0x7c, 0x67, 0x80, 0xff, 0x0b, 0xba, 0xd7, 0x1c, 0x28, 0x3b,
+       0x16, 0xeb, 0x2f, 0x9c, 0xf6, 0x2d, 0x24, 0xe6, 0xcd, 0xb6, 0x13,
+       0xd5, 0x17, 0x76, 0x54, 0x8c, 0xb0, 0x7d, 0xcd, 0xe7, 0x4c},
+      {0x4b, 0x1e, 0x5e, 0xc1, 0x49, 0x30, 0x78, 0xea, 0x35, 0xbd, 0x3f, 0x01,
+       0x04, 0xe6, 0x1a, 0xea, 0x14, 0xcc, 0x18, 0x2a, 0xd1, 0xc4, 0x76, 0x21,
+       0xc4, 0x64, 0xc0, 0x4e, 0x4b, 0x36, 0x16, 0x05, 0x6f, 0x04, 0xab, 0xe9,
+       0x43, 0xb1, 0x2d, 0xa8, 0xa7, 0x17, 0x9a, 0x5f, 0x09, 0x91, 0x7d, 0x1f}};
 
   const DataBuffer expected_data(tv[hash_type_], kHashLength[hash_type_]);
   HkdfExpandLabel(&k1_, hash_type_, kSessionHash, kHashLength[hash_type_],
diff --git a/security/nss/gtests/ssl_gtest/tls_protect.cc b/security/nss/gtests/ssl_gtest/tls_protect.cc
index 6c945f66e..efcd89e14 100644
--- a/security/nss/gtests/ssl_gtest/tls_protect.cc
+++ b/security/nss/gtests/ssl_gtest/tls_protect.cc
@@ -32,6 +32,7 @@ void AeadCipher::FormatNonce(uint64_t seq, uint8_t *nonce) {
   }
 
   DataBuffer d(nonce, 12);
+  std::cerr << "Nonce " << d << std::endl;
 }
 
 bool AeadCipher::AeadInner(bool decrypt, void *params, size_t param_length,
@@ -91,9 +92,8 @@ bool AeadCipherChacha20Poly1305::Aead(bool decrypt, uint64_t seq,
                    in, inlen, out, outlen, maxlen);
 }
 
-bool TlsCipherSpec::Init(uint16_t epoch, SSLCipherAlgorithm cipher,
-                         PK11SymKey *key, const uint8_t *iv) {
-  epoch_ = epoch;
+bool TlsCipherSpec::Init(SSLCipherAlgorithm cipher, PK11SymKey *key,
+                         const uint8_t *iv) {
   switch (cipher) {
     case ssl_calg_aes_gcm:
       aead_.reset(new AeadCipherAesGcm());
diff --git a/security/nss/gtests/ssl_gtest/tls_protect.h b/security/nss/gtests/ssl_gtest/tls_protect.h
index 93ffd6322..4efbd6e6b 100644
--- a/security/nss/gtests/ssl_gtest/tls_protect.h
+++ b/security/nss/gtests/ssl_gtest/tls_protect.h
@@ -20,7 +20,7 @@ class TlsRecordHeader;
 class AeadCipher {
  public:
   AeadCipher(CK_MECHANISM_TYPE mech) : mech_(mech), key_(nullptr) {}
-  virtual ~AeadCipher();
+  ~AeadCipher();
 
   bool Init(PK11SymKey *key, const uint8_t *iv);
   virtual bool Aead(bool decrypt, uint64_t seq, const uint8_t *in, size_t inlen,
@@ -58,19 +58,16 @@ class AeadCipherAesGcm : public AeadCipher {
 // Our analog of ssl3CipherSpec
 class TlsCipherSpec {
  public:
-  TlsCipherSpec() : epoch_(0), aead_() {}
+  TlsCipherSpec() : aead_() {}
 
-  bool Init(uint16_t epoch, SSLCipherAlgorithm cipher, PK11SymKey *key,
-            const uint8_t *iv);
+  bool Init(SSLCipherAlgorithm cipher, PK11SymKey *key, const uint8_t *iv);
 
   bool Protect(const TlsRecordHeader &header, const DataBuffer &plaintext,
                DataBuffer *ciphertext);
   bool Unprotect(const TlsRecordHeader &header, const DataBuffer &ciphertext,
                  DataBuffer *plaintext);
-  uint16_t epoch() const { return epoch_; }
 
  private:
-  uint16_t epoch_;
   std::unique_ptr<AeadCipher> aead_;
 };
 
diff --git a/security/nss/gtests/util_gtest/manifest.mn b/security/nss/gtests/util_gtest/manifest.mn
index a90e8431e..edede657f 100644
--- a/security/nss/gtests/util_gtest/manifest.mn
+++ b/security/nss/gtests/util_gtest/manifest.mn
@@ -10,8 +10,6 @@ CPPSRCS = \
 	util_utf8_unittest.cc \
 	util_b64_unittest.cc \
 	util_pkcs11uri_unittest.cc \
-	util_aligned_malloc_unittest.cc \
-	util_memcmpzero_unittest.cc \
 	$(NULL)
 
 INCLUDES += \
diff --git a/security/nss/gtests/util_gtest/util_aligned_malloc_unittest.cc b/security/nss/gtests/util_gtest/util_aligned_malloc_unittest.cc
deleted file mode 100644
index 9745ca7d3..000000000
--- a/security/nss/gtests/util_gtest/util_aligned_malloc_unittest.cc
+++ /dev/null
@@ -1,82 +0,0 @@
-/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/* vim: set ts=2 et sw=2 tw=80: */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this file,
- * You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "gtest/gtest.h"
-#include "scoped_ptrs_util.h"
-
-namespace nss_test {
-
-struct SomeContext {
-  uint8_t some_buf[13];
-  void *mem;
-};
-
-template <class T>
-struct ScopedDelete {
-  void operator()(T *ptr) {
-    if (ptr) {
-      PORT_Free(ptr->mem);
-    }
-  }
-};
-typedef std::unique_ptr<SomeContext, ScopedDelete<SomeContext> >
-    ScopedSomeContext;
-
-class AlignedMallocTest : public ::testing::Test,
-                          public ::testing::WithParamInterface<size_t> {
- protected:
-  ScopedSomeContext test_align_new(size_t alignment) {
-    ScopedSomeContext ctx(PORT_ZNewAligned(SomeContext, alignment, mem));
-    return ctx;
-  };
-  ScopedSomeContext test_align_alloc(size_t alignment) {
-    void *mem = nullptr;
-    ScopedSomeContext ctx((SomeContext *)PORT_ZAllocAligned(sizeof(SomeContext),
-                                                            alignment, &mem));
-    if (ctx) {
-      ctx->mem = mem;
-    }
-    return ctx;
-  }
-};
-
-TEST_P(AlignedMallocTest, TestNew) {
-  size_t alignment = GetParam();
-  ScopedSomeContext ctx = test_align_new(alignment);
-  EXPECT_TRUE(ctx.get());
-  EXPECT_EQ(0U, (uintptr_t)ctx.get() % alignment);
-}
-
-TEST_P(AlignedMallocTest, TestAlloc) {
-  size_t alignment = GetParam();
-  ScopedSomeContext ctx = test_align_alloc(alignment);
-  EXPECT_TRUE(ctx.get());
-  EXPECT_EQ(0U, (uintptr_t)ctx.get() % alignment);
-}
-
-class AlignedMallocTestBadSize : public AlignedMallocTest {};
-
-TEST_P(AlignedMallocTestBadSize, TestNew) {
-  size_t alignment = GetParam();
-  ScopedSomeContext ctx = test_align_new(alignment);
-  EXPECT_FALSE(ctx.get());
-}
-
-TEST_P(AlignedMallocTestBadSize, TestAlloc) {
-  size_t alignment = GetParam();
-  ScopedSomeContext ctx = test_align_alloc(alignment);
-  EXPECT_FALSE(ctx.get());
-}
-
-static const size_t kSizes[] = {1, 2, 4, 8, 16, 32, 64};
-static const size_t kBadSizes[] = {0, 7, 17, 24, 56};
-
-INSTANTIATE_TEST_CASE_P(AllAligned, AlignedMallocTest,
-                        ::testing::ValuesIn(kSizes));
-INSTANTIATE_TEST_CASE_P(AllAlignedBadSize, AlignedMallocTestBadSize,
-                        ::testing::ValuesIn(kBadSizes));
-
-}  // namespace nss_test
diff --git a/security/nss/gtests/util_gtest/util_gtest.gyp b/security/nss/gtests/util_gtest/util_gtest.gyp
index 1c54329b2..7abd71b2f 100644
--- a/security/nss/gtests/util_gtest/util_gtest.gyp
+++ b/security/nss/gtests/util_gtest/util_gtest.gyp
@@ -14,8 +14,6 @@
         'util_utf8_unittest.cc',
         'util_b64_unittest.cc',
         'util_pkcs11uri_unittest.cc',
-        'util_aligned_malloc_unittest.cc',
-        'util_memcmpzero_unittest.cc',
         '<(DEPTH)/gtests/common/gtests.cc',
       ],
       'dependencies': [
diff --git a/security/nss/gtests/util_gtest/util_memcmpzero_unittest.cc b/security/nss/gtests/util_gtest/util_memcmpzero_unittest.cc
deleted file mode 100644
index 29cac3f67..000000000
--- a/security/nss/gtests/util_gtest/util_memcmpzero_unittest.cc
+++ /dev/null
@@ -1,45 +0,0 @@
-/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/* vim: set ts=2 et sw=2 tw=80: */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this file,
- * You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "gtest/gtest.h"
-#include "scoped_ptrs_util.h"
-
-namespace nss_test {
-
-class MemcmpZeroTest : public ::testing::Test {
- protected:
-  unsigned int test_memcmp_zero(const std::vector<uint8_t> &mem) {
-    return NSS_SecureMemcmpZero(mem.data(), mem.size());
-  };
-};
-
-TEST_F(MemcmpZeroTest, TestMemcmpZeroTrue) {
-  unsigned int rv = test_memcmp_zero(std::vector<uint8_t>(37, 0));
-  EXPECT_EQ(0U, rv);
-}
-
-TEST_F(MemcmpZeroTest, TestMemcmpZeroFalse5) {
-  std::vector<uint8_t> vec(37, 0);
-  vec[5] = 1;
-  unsigned int rv = test_memcmp_zero(vec);
-  EXPECT_NE(0U, rv);
-}
-
-TEST_F(MemcmpZeroTest, TestMemcmpZeroFalse37) {
-  std::vector<uint8_t> vec(37, 0);
-  vec[vec.size() - 1] = 0xFF;
-  unsigned int rv = test_memcmp_zero(vec);
-  EXPECT_NE(0U, rv);
-}
-
-TEST_F(MemcmpZeroTest, TestMemcmpZeroFalse0) {
-  std::vector<uint8_t> vec(37, 0);
-  vec[0] = 1;
-  unsigned int rv = test_memcmp_zero(vec);
-  EXPECT_NE(0U, rv);
-}
-
-}  // namespace nss_test
diff --git a/security/nss/help.txt b/security/nss/help.txt
deleted file mode 100644
index 03ed36e6c..000000000
--- a/security/nss/help.txt
+++ /dev/null
@@ -1,48 +0,0 @@
-Usage: build.sh [-hcv] [-cc] [-j <n>] [--nspr] [--gyp|-g] [--opt|-o] [-m32]
-                [--test] [--pprof] [--scan-build[=output]] [--ct-verif]
-                [--asan] [--ubsan] [--msan] [--sancov[=edge|bb|func|...]]
-                [--disable-tests] [--fuzz[=tls|oss]] [--system-sqlite]
-                [--no-zdefs] [--with-nspr] [--system-nspr] [--enable-libpkix]
-                [--enable-fips]
-
-This script builds NSS with gyp and ninja.
-
-This build system is still under development.  It does not yet support all
-the features or platforms that NSS supports.
-
-NSS build tool options:
-
-    -h               display this help and exit
-    -c               clean before build
-    -cc              clean without building
-    -v               verbose build
-    -j <n>           run at most <n> concurrent jobs
-    --nspr           force a rebuild of NSPR
-    --gyp|-g         force a rerun of gyp
-    --opt|-o         do an opt build
-    -m32             do a 32-bit build on a 64-bit system
-    --clang          build with clang and clang++
-    --gcc            build with gcc and g++
-    --test           ignore map files and export everything we have
-    --fuzz           build fuzzing targets (this always enables test builds)
-                     --fuzz=tls to enable TLS fuzzing mode
-                     --fuzz=oss to build for OSS-Fuzz
-    --pprof          build with gperftool support
-    --ct-verif       build with valgrind for ct-verif
-    --scan-build     run the build with scan-build (scan-build has to be in the path)
-                     --scan-build=/out/path sets the output path for scan-build
-    --asan           do an asan build
-    --ubsan          do an ubsan build
-                     --ubsan=bool,shift,... sets specific UB sanitizers
-    --msan           do an msan build
-    --sancov         do sanitize coverage builds
-                     --sancov=func sets coverage to function level for example
-    --disable-tests  don't build tests and corresponding cmdline utils
-    --system-sqlite  use system sqlite
-    --no-zdefs       don't set -Wl,-z,defs
-    --with-nspr      don't build NSPR but use the one at the given location, e.g.
-                     --with-nspr=/path/to/nspr/include:/path/to/nspr/lib
-    --system-nspr    use system nspr. This requires an installation of NSPR and
-                     might not work on all systems.
-    --enable-libpkix make libpkix part of the build.
-    --enable-fips    don't disable FIPS checks.
diff --git a/security/nss/lib/certdb/alg1485.c b/security/nss/lib/certdb/alg1485.c
index 9a69c5bc5..38b2fe4b5 100644
--- a/security/nss/lib/certdb/alg1485.c
+++ b/security/nss/lib/certdb/alg1485.c
@@ -703,19 +703,14 @@ CERT_GetOidString(const SECItem* oid)
         return NULL;
     }
 
-    /* If the OID has length 1, we bail. */
-    if (oid->len < 2) {
-        return NULL;
-    }
-
     /* first will point to the next sequence of bytes to decode */
     first = (PRUint8*)oid->data;
     /* stop points to one past the legitimate data */
     stop = &first[oid->len];
 
     /*
-     * Check for our pseudo-encoded single-digit OIDs
-     */
+   * Check for our pseudo-encoded single-digit OIDs
+   */
     if ((*first == 0x80) && (2 == oid->len)) {
         /* Funky encoding.  The second byte is the number */
         rvString = PR_smprintf("%lu", (PRUint32)first[1]);
@@ -733,10 +728,6 @@ CERT_GetOidString(const SECItem* oid)
                 break;
             }
         }
-        /* There's no first bit set, so this isn't valid. Bail.*/
-        if (last == stop) {
-            goto unsupported;
-        }
         bytesBeforeLast = (unsigned int)(last - first);
         if (bytesBeforeLast <= 3U) { /* 0-28 bit number */
             PRUint32 n = 0;
@@ -757,12 +748,12 @@ CERT_GetOidString(const SECItem* oid)
                 CASE(2, 0x7f);
                 CASE(1, 0x7f);
                 case 0:
-                    n |= last[0] & 0x7f;
+                    n |=
+                        last[0] & 0x7f;
                     break;
             }
-            if (last[0] & 0x80) {
+            if (last[0] & 0x80)
                 goto unsupported;
-            }
 
             if (!rvString) {
                 /* This is the first number.. decompose it */
@@ -1314,7 +1305,8 @@ CERT_GetCertificateEmailAddress(CERTCertificate* cert)
                     }
                 } else if (current->type == certRFC822Name) {
                     rawEmailAddr =
-                        (char*)PORT_ArenaZAlloc(cert->arena, current->name.other.len + 1);
+                        (char*)PORT_ArenaZAlloc(cert->arena, current->name.other.len +
+                                                                 1);
                     if (!rawEmailAddr) {
                         goto finish;
                     }
diff --git a/security/nss/lib/certdb/cert.h b/security/nss/lib/certdb/cert.h
index c76a5a9b0..4224da108 100644
--- a/security/nss/lib/certdb/cert.h
+++ b/security/nss/lib/certdb/cert.h
@@ -504,8 +504,6 @@ extern CERTCertificate *CERT_FindCertByKeyID(CERTCertDBHandle *handle,
 */
 extern CERTCertificate *CERT_FindCertByIssuerAndSN(
     CERTCertDBHandle *handle, CERTIssuerAndSN *issuerAndSN);
-extern CERTCertificate *CERT_FindCertByIssuerAndSNCX(
-    CERTCertDBHandle *handle, CERTIssuerAndSN *issuerAndSN, void *wincx);
 
 /*
 ** Find a certificate in the database by a subject key ID
@@ -549,9 +547,6 @@ CERTCertificate *CERT_FindCertByEmailAddr(CERTCertDBHandle *handle,
 */
 CERTCertificate *CERT_FindCertByNicknameOrEmailAddr(CERTCertDBHandle *handle,
                                                     const char *name);
-CERTCertificate *CERT_FindCertByNicknameOrEmailAddrCX(CERTCertDBHandle *handle,
-                                                      const char *name,
-                                                      void *wincx);
 
 /*
 ** Find a certificate in the database by a email address or nickname
@@ -560,9 +555,6 @@ CERTCertificate *CERT_FindCertByNicknameOrEmailAddrCX(CERTCertDBHandle *handle,
 */
 CERTCertificate *CERT_FindCertByNicknameOrEmailAddrForUsage(
     CERTCertDBHandle *handle, const char *name, SECCertUsage lookingForUsage);
-CERTCertificate *CERT_FindCertByNicknameOrEmailAddrForUsageCX(
-    CERTCertDBHandle *handle, const char *name, SECCertUsage lookingForUsage,
-    void *wincx);
 
 /*
 ** Find a certificate in the database by a digest of a subject public key
diff --git a/security/nss/lib/certdb/certdb.c b/security/nss/lib/certdb/certdb.c
index 1a676a720..7864edc08 100644
--- a/security/nss/lib/certdb/certdb.c
+++ b/security/nss/lib/certdb/certdb.c
@@ -1192,7 +1192,6 @@ CERT_CheckKeyUsage(CERTCertificate *cert, unsigned int requiredUsage)
             case rsaKey:
                 requiredUsage |= KU_KEY_ENCIPHERMENT;
                 break;
-            case rsaPssKey:
             case dsaKey:
                 requiredUsage |= KU_DIGITAL_SIGNATURE;
                 break;
diff --git a/security/nss/lib/certdb/crl.c b/security/nss/lib/certdb/crl.c
index d1c48dfba..87469085e 100644
--- a/security/nss/lib/certdb/crl.c
+++ b/security/nss/lib/certdb/crl.c
@@ -1294,7 +1294,8 @@ DPCache_AddCRL(CRLDPCache* cache, CachedCrl* newcrl, PRBool* added)
         }
     }
 
-    newcrls = (CachedCrl**)PORT_Realloc(cache->crls, (cache->ncrls + 1) * sizeof(CachedCrl*));
+    newcrls = (CachedCrl**)PORT_Realloc(cache->crls, (cache->ncrls + 1) *
+                                                         sizeof(CachedCrl*));
     if (!newcrls) {
         return SECFailure;
     }
diff --git a/security/nss/lib/certdb/stanpcertdb.c b/security/nss/lib/certdb/stanpcertdb.c
index beaa66040..4d42bd50d 100644
--- a/security/nss/lib/certdb/stanpcertdb.c
+++ b/security/nss/lib/certdb/stanpcertdb.c
@@ -457,15 +457,15 @@ __CERT_NewTempCertificate(CERTCertDBHandle *handle, SECItem *derCert,
     return CERT_NewTempCertificate(handle, derCert, nickname, isperm, copyDER);
 }
 
-static CERTCertificate *
-common_FindCertByIssuerAndSN(CERTCertDBHandle *handle,
-                             CERTIssuerAndSN *issuerAndSN,
-                             void *wincx)
+/* maybe all the wincx's should be some const for internal token login? */
+CERTCertificate *
+CERT_FindCertByIssuerAndSN(CERTCertDBHandle *handle,
+                           CERTIssuerAndSN *issuerAndSN)
 {
     PK11SlotInfo *slot;
     CERTCertificate *cert;
 
-    cert = PK11_FindCertByIssuerAndSN(&slot, issuerAndSN, wincx);
+    cert = PK11_FindCertByIssuerAndSN(&slot, issuerAndSN, NULL);
     if (cert && slot) {
         PK11_FreeSlot(slot);
     }
@@ -473,23 +473,6 @@ common_FindCertByIssuerAndSN(CERTCertDBHandle *handle,
     return cert;
 }
 
-/* maybe all the wincx's should be some const for internal token login? */
-CERTCertificate *
-CERT_FindCertByIssuerAndSN(CERTCertDBHandle *handle,
-                           CERTIssuerAndSN *issuerAndSN)
-{
-    return common_FindCertByIssuerAndSN(handle, issuerAndSN, NULL);
-}
-
-/* maybe all the wincx's should be some const for internal token login? */
-CERTCertificate *
-CERT_FindCertByIssuerAndSNCX(CERTCertDBHandle *handle,
-                             CERTIssuerAndSN *issuerAndSN,
-                             void *wincx)
-{
-    return common_FindCertByIssuerAndSN(handle, issuerAndSN, wincx);
-}
-
 static NSSCertificate *
 get_best_temp_or_perm(NSSCertificate *ct, NSSCertificate *cp)
 {
@@ -604,8 +587,7 @@ CERT_FindCertByDERCert(CERTCertDBHandle *handle, SECItem *derCert)
 static CERTCertificate *
 common_FindCertByNicknameOrEmailAddrForUsage(CERTCertDBHandle *handle,
                                              const char *name, PRBool anyUsage,
-                                             SECCertUsage lookingForUsage,
-                                             void *wincx)
+                                             SECCertUsage lookingForUsage)
 {
     NSSCryptoContext *cc;
     NSSCertificate *c, *ct;
@@ -638,7 +620,7 @@ common_FindCertByNicknameOrEmailAddrForUsage(CERTCertDBHandle *handle,
     }
 
     if (anyUsage) {
-        cert = PK11_FindCertFromNickname(name, wincx);
+        cert = PK11_FindCertFromNickname(name, NULL);
     } else {
         if (ct) {
             /* Does ct really have the required usage? */
@@ -650,7 +632,7 @@ common_FindCertByNicknameOrEmailAddrForUsage(CERTCertDBHandle *handle,
             }
         }
 
-        certlist = PK11_FindCertsFromNickname(name, wincx);
+        certlist = PK11_FindCertsFromNickname(name, NULL);
         if (certlist) {
             SECStatus rv =
                 CERT_FilterCertListByUsage(certlist, lookingForUsage, PR_FALSE);
@@ -677,15 +659,7 @@ CERTCertificate *
 CERT_FindCertByNicknameOrEmailAddr(CERTCertDBHandle *handle, const char *name)
 {
     return common_FindCertByNicknameOrEmailAddrForUsage(handle, name, PR_TRUE,
-                                                        0, NULL);
-}
-
-CERTCertificate *
-CERT_FindCertByNicknameOrEmailAddrCX(CERTCertDBHandle *handle, const char *name,
-                                     void *wincx)
-{
-    return common_FindCertByNicknameOrEmailAddrForUsage(handle, name, PR_TRUE,
-                                                        0, wincx);
+                                                        0);
 }
 
 CERTCertificate *
@@ -694,17 +668,7 @@ CERT_FindCertByNicknameOrEmailAddrForUsage(CERTCertDBHandle *handle,
                                            SECCertUsage lookingForUsage)
 {
     return common_FindCertByNicknameOrEmailAddrForUsage(handle, name, PR_FALSE,
-                                                        lookingForUsage, NULL);
-}
-
-CERTCertificate *
-CERT_FindCertByNicknameOrEmailAddrForUsageCX(CERTCertDBHandle *handle,
-                                             const char *name,
-                                             SECCertUsage lookingForUsage,
-                                             void *wincx)
-{
-    return common_FindCertByNicknameOrEmailAddrForUsage(handle, name, PR_FALSE,
-                                                        lookingForUsage, wincx);
+                                                        lookingForUsage);
 }
 
 static void
diff --git a/security/nss/lib/ckfw/builtins/certdata.txt b/security/nss/lib/ckfw/builtins/certdata.txt
index 5d2baf3a5..45b659b7a 100644
--- a/security/nss/lib/ckfw/builtins/certdata.txt
+++ b/security/nss/lib/ckfw/builtins/certdata.txt
@@ -69,6 +69,34 @@ CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Mozilla Builtin Roots"
 
+# Distrust "Distrust a pb.com certificate that does not comply with the baseline requirements."
+# Issuer: OU=Equifax Secure Certificate Authority,O=Equifax,C=US
+# Serial Number: 1407252 (0x157914)
+# Subject: CN=*.pb.com,OU=Meters,O=Pitney Bowes,L=Danbury,ST=Connecticut,C=US
+# Not Valid Before: Mon Feb 01 14:54:04 2010
+# Not Valid After : Tue Sep 30 00:00:00 2014
+# Fingerprint (MD5): 8F:46:BE:99:47:6F:93:DC:5C:01:54:50:D0:4A:BD:AC
+# Fingerprint (SHA1): 30:F1:82:CA:1A:5E:4E:4F:F3:6E:D0:E6:38:18:B8:B9:41:CB:5F:8C
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Distrust a pb.com certificate that does not comply with the baseline requirements."
+CKA_ISSUER MULTILINE_OCTAL
+\060\116\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\020\060\016\006\003\125\004\012\023\007\105\161\165\151\146\141
+\170\061\055\060\053\006\003\125\004\013\023\044\105\161\165\151
+\146\141\170\040\123\145\143\165\162\145\040\103\145\162\164\151
+\146\151\143\141\164\145\040\101\165\164\150\157\162\151\164\171
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\003\025\171\024
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
 #
 # Certificate "GlobalSign Root CA"
 #
@@ -2398,7 +2426,7 @@ END
 CKA_SERIAL_NUMBER MULTILINE_OCTAL
 \002\003\001\000\040
 END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
@@ -3656,7 +3684,7 @@ END
 CKA_SERIAL_NUMBER MULTILINE_OCTAL
 \002\001\000
 END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
@@ -3815,7 +3843,7 @@ END
 CKA_SERIAL_NUMBER MULTILINE_OCTAL
 \002\001\000
 END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
@@ -4265,6 +4293,213 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
+# Certificate "StartCom Certification Authority"
+#
+# Issuer: CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL
+# Serial Number: 1 (0x1)
+# Subject: CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL
+# Not Valid Before: Sun Sep 17 19:46:36 2006
+# Not Valid After : Wed Sep 17 19:46:36 2036
+# Fingerprint (MD5): 22:4D:8F:8A:FC:F7:35:C2:BB:57:34:90:7B:8B:22:16
+# Fingerprint (SHA1): 3E:2B:F7:F2:03:1B:96:F3:8C:E6:C4:D8:A8:5D:3E:2D:58:47:6A:0F
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "StartCom Certification Authority"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\175\061\013\060\011\006\003\125\004\006\023\002\111\114\061
+\026\060\024\006\003\125\004\012\023\015\123\164\141\162\164\103
+\157\155\040\114\164\144\056\061\053\060\051\006\003\125\004\013
+\023\042\123\145\143\165\162\145\040\104\151\147\151\164\141\154
+\040\103\145\162\164\151\146\151\143\141\164\145\040\123\151\147
+\156\151\156\147\061\051\060\047\006\003\125\004\003\023\040\123
+\164\141\162\164\103\157\155\040\103\145\162\164\151\146\151\143
+\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\175\061\013\060\011\006\003\125\004\006\023\002\111\114\061
+\026\060\024\006\003\125\004\012\023\015\123\164\141\162\164\103
+\157\155\040\114\164\144\056\061\053\060\051\006\003\125\004\013
+\023\042\123\145\143\165\162\145\040\104\151\147\151\164\141\154
+\040\103\145\162\164\151\146\151\143\141\164\145\040\123\151\147
+\156\151\156\147\061\051\060\047\006\003\125\004\003\023\040\123
+\164\141\162\164\103\157\155\040\103\145\162\164\151\146\151\143
+\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\001
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\007\311\060\202\005\261\240\003\002\001\002\002\001\001
+\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060
+\175\061\013\060\011\006\003\125\004\006\023\002\111\114\061\026
+\060\024\006\003\125\004\012\023\015\123\164\141\162\164\103\157
+\155\040\114\164\144\056\061\053\060\051\006\003\125\004\013\023
+\042\123\145\143\165\162\145\040\104\151\147\151\164\141\154\040
+\103\145\162\164\151\146\151\143\141\164\145\040\123\151\147\156
+\151\156\147\061\051\060\047\006\003\125\004\003\023\040\123\164
+\141\162\164\103\157\155\040\103\145\162\164\151\146\151\143\141
+\164\151\157\156\040\101\165\164\150\157\162\151\164\171\060\036
+\027\015\060\066\060\071\061\067\061\071\064\066\063\066\132\027
+\015\063\066\060\071\061\067\061\071\064\066\063\066\132\060\175
+\061\013\060\011\006\003\125\004\006\023\002\111\114\061\026\060
+\024\006\003\125\004\012\023\015\123\164\141\162\164\103\157\155
+\040\114\164\144\056\061\053\060\051\006\003\125\004\013\023\042
+\123\145\143\165\162\145\040\104\151\147\151\164\141\154\040\103
+\145\162\164\151\146\151\143\141\164\145\040\123\151\147\156\151
+\156\147\061\051\060\047\006\003\125\004\003\023\040\123\164\141
+\162\164\103\157\155\040\103\145\162\164\151\146\151\143\141\164
+\151\157\156\040\101\165\164\150\157\162\151\164\171\060\202\002
+\042\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000
+\003\202\002\017\000\060\202\002\012\002\202\002\001\000\301\210
+\333\011\274\154\106\174\170\237\225\173\265\063\220\362\162\142
+\326\301\066\040\042\044\136\316\351\167\362\103\012\242\006\144
+\244\314\216\066\370\070\346\043\360\156\155\261\074\335\162\243
+\205\034\241\323\075\264\063\053\323\057\257\376\352\260\101\131
+\147\266\304\006\175\012\236\164\205\326\171\114\200\067\172\337
+\071\005\122\131\367\364\033\106\103\244\322\205\205\322\303\161
+\363\165\142\064\272\054\212\177\036\217\356\355\064\320\021\307
+\226\315\122\075\272\063\326\335\115\336\013\073\112\113\237\302
+\046\057\372\265\026\034\162\065\167\312\074\135\346\312\341\046
+\213\032\066\166\134\001\333\164\024\045\376\355\265\240\210\017
+\335\170\312\055\037\007\227\060\001\055\162\171\372\106\326\023
+\052\250\271\246\253\203\111\035\345\362\357\335\344\001\216\030
+\012\217\143\123\026\205\142\251\016\031\072\314\265\146\246\302
+\153\164\007\344\053\341\166\076\264\155\330\366\104\341\163\142
+\037\073\304\276\240\123\126\045\154\121\011\367\252\253\312\277
+\166\375\155\233\363\235\333\277\075\146\274\014\126\252\257\230
+\110\225\072\113\337\247\130\120\331\070\165\251\133\352\103\014
+\002\377\231\353\350\154\115\160\133\051\145\234\335\252\135\314
+\257\001\061\354\014\353\322\215\350\352\234\173\346\156\367\047
+\146\014\032\110\327\156\102\343\077\336\041\076\173\341\015\160
+\373\143\252\250\154\032\124\264\134\045\172\311\242\311\213\026
+\246\273\054\176\027\136\005\115\130\156\022\035\001\356\022\020
+\015\306\062\177\030\377\374\364\372\315\156\221\350\066\111\276
+\032\110\151\213\302\226\115\032\022\262\151\027\301\012\220\326
+\372\171\042\110\277\272\173\151\370\160\307\372\172\067\330\330
+\015\322\166\117\127\377\220\267\343\221\322\335\357\302\140\267
+\147\072\335\376\252\234\360\324\213\177\162\042\316\306\237\227
+\266\370\257\212\240\020\250\331\373\030\306\266\265\134\122\074
+\211\266\031\052\163\001\012\017\003\263\022\140\362\172\057\201
+\333\243\156\377\046\060\227\365\213\335\211\127\266\255\075\263
+\257\053\305\267\166\002\360\245\326\053\232\206\024\052\162\366
+\343\063\214\135\011\113\023\337\273\214\164\023\122\113\002\003
+\001\000\001\243\202\002\122\060\202\002\116\060\014\006\003\125
+\035\023\004\005\060\003\001\001\377\060\013\006\003\125\035\017
+\004\004\003\002\001\256\060\035\006\003\125\035\016\004\026\004
+\024\116\013\357\032\244\100\133\245\027\151\207\060\312\064\150
+\103\320\101\256\362\060\144\006\003\125\035\037\004\135\060\133
+\060\054\240\052\240\050\206\046\150\164\164\160\072\057\057\143
+\145\162\164\056\163\164\141\162\164\143\157\155\056\157\162\147
+\057\163\146\163\143\141\055\143\162\154\056\143\162\154\060\053
+\240\051\240\047\206\045\150\164\164\160\072\057\057\143\162\154
+\056\163\164\141\162\164\143\157\155\056\157\162\147\057\163\146
+\163\143\141\055\143\162\154\056\143\162\154\060\202\001\135\006
+\003\125\035\040\004\202\001\124\060\202\001\120\060\202\001\114
+\006\013\053\006\001\004\001\201\265\067\001\001\001\060\202\001
+\073\060\057\006\010\053\006\001\005\005\007\002\001\026\043\150
+\164\164\160\072\057\057\143\145\162\164\056\163\164\141\162\164
+\143\157\155\056\157\162\147\057\160\157\154\151\143\171\056\160
+\144\146\060\065\006\010\053\006\001\005\005\007\002\001\026\051
+\150\164\164\160\072\057\057\143\145\162\164\056\163\164\141\162
+\164\143\157\155\056\157\162\147\057\151\156\164\145\162\155\145
+\144\151\141\164\145\056\160\144\146\060\201\320\006\010\053\006
+\001\005\005\007\002\002\060\201\303\060\047\026\040\123\164\141
+\162\164\040\103\157\155\155\145\162\143\151\141\154\040\050\123
+\164\141\162\164\103\157\155\051\040\114\164\144\056\060\003\002
+\001\001\032\201\227\114\151\155\151\164\145\144\040\114\151\141
+\142\151\154\151\164\171\054\040\162\145\141\144\040\164\150\145
+\040\163\145\143\164\151\157\156\040\052\114\145\147\141\154\040
+\114\151\155\151\164\141\164\151\157\156\163\052\040\157\146\040
+\164\150\145\040\123\164\141\162\164\103\157\155\040\103\145\162
+\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157
+\162\151\164\171\040\120\157\154\151\143\171\040\141\166\141\151
+\154\141\142\154\145\040\141\164\040\150\164\164\160\072\057\057
+\143\145\162\164\056\163\164\141\162\164\143\157\155\056\157\162
+\147\057\160\157\154\151\143\171\056\160\144\146\060\021\006\011
+\140\206\110\001\206\370\102\001\001\004\004\003\002\000\007\060
+\070\006\011\140\206\110\001\206\370\102\001\015\004\053\026\051
+\123\164\141\162\164\103\157\155\040\106\162\145\145\040\123\123
+\114\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040
+\101\165\164\150\157\162\151\164\171\060\015\006\011\052\206\110
+\206\367\015\001\001\005\005\000\003\202\002\001\000\026\154\231
+\364\146\014\064\365\320\205\136\175\012\354\332\020\116\070\034
+\136\337\246\045\005\113\221\062\301\350\073\361\075\335\104\011
+\133\007\111\212\051\313\146\002\267\261\232\367\045\230\011\074
+\216\033\341\335\066\207\053\113\273\150\323\071\146\075\240\046
+\307\362\071\221\035\121\253\202\173\176\325\316\132\344\342\003
+\127\160\151\227\010\371\136\130\246\012\337\214\006\232\105\026
+\026\070\012\136\127\366\142\307\172\002\005\346\274\036\265\362
+\236\364\251\051\203\370\262\024\343\156\050\207\104\303\220\032
+\336\070\251\074\254\103\115\144\105\316\335\050\251\134\362\163
+\173\004\370\027\350\253\261\363\056\134\144\156\163\061\072\022
+\270\274\263\021\344\175\217\201\121\232\073\215\211\364\115\223
+\146\173\074\003\355\323\232\035\232\363\145\120\365\240\320\165
+\237\057\257\360\352\202\103\230\370\151\234\211\171\304\103\216
+\106\162\343\144\066\022\257\367\045\036\070\211\220\167\176\303
+\153\152\271\303\313\104\113\254\170\220\213\347\307\054\036\113
+\021\104\310\064\122\047\315\012\135\237\205\301\211\325\032\170
+\362\225\020\123\062\335\200\204\146\165\331\265\150\050\373\141
+\056\276\204\250\070\300\231\022\206\245\036\147\144\255\006\056
+\057\251\160\205\307\226\017\174\211\145\365\216\103\124\016\253
+\335\245\200\071\224\140\300\064\311\226\160\054\243\022\365\037
+\110\173\275\034\176\153\267\235\220\364\042\073\256\370\374\052
+\312\372\202\122\240\357\257\113\125\223\353\301\265\360\042\213
+\254\064\116\046\042\004\241\207\054\165\112\267\345\175\023\327
+\270\014\144\300\066\322\311\057\206\022\214\043\011\301\033\202
+\073\163\111\243\152\127\207\224\345\326\170\305\231\103\143\343
+\115\340\167\055\341\145\231\162\151\004\032\107\011\346\017\001
+\126\044\373\037\277\016\171\251\130\056\271\304\011\001\176\225
+\272\155\000\006\076\262\352\112\020\071\330\320\053\365\277\354
+\165\277\227\002\305\011\033\010\334\125\067\342\201\373\067\204
+\103\142\040\312\347\126\113\145\352\376\154\301\044\223\044\241
+\064\353\005\377\232\042\256\233\175\077\361\145\121\012\246\060
+\152\263\364\210\034\200\015\374\162\212\350\203\136
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "StartCom Certification Authority"
+# Issuer: CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL
+# Serial Number: 1 (0x1)
+# Subject: CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL
+# Not Valid Before: Sun Sep 17 19:46:36 2006
+# Not Valid After : Wed Sep 17 19:46:36 2036
+# Fingerprint (MD5): 22:4D:8F:8A:FC:F7:35:C2:BB:57:34:90:7B:8B:22:16
+# Fingerprint (SHA1): 3E:2B:F7:F2:03:1B:96:F3:8C:E6:C4:D8:A8:5D:3E:2D:58:47:6A:0F
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "StartCom Certification Authority"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\076\053\367\362\003\033\226\363\214\346\304\330\250\135\076\055
+\130\107\152\017
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\042\115\217\212\374\367\065\302\273\127\064\220\173\213\042\026
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\175\061\013\060\011\006\003\125\004\006\023\002\111\114\061
+\026\060\024\006\003\125\004\012\023\015\123\164\141\162\164\103
+\157\155\040\114\164\144\056\061\053\060\051\006\003\125\004\013
+\023\042\123\145\143\165\162\145\040\104\151\147\151\164\141\154
+\040\103\145\162\164\151\146\151\143\141\164\145\040\123\151\147
+\156\151\156\147\061\051\060\047\006\003\125\004\003\023\040\123
+\164\141\162\164\103\157\155\040\103\145\162\164\151\146\151\143
+\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\001
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
 # Certificate "Taiwan GRCA"
 #
 # Issuer: O=Government Root Certification Authority,C=TW
@@ -5110,6 +5345,149 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
+# Certificate "DST ACES CA X6"
+#
+# Issuer: CN=DST ACES CA X6,OU=DST ACES,O=Digital Signature Trust,C=US
+# Serial Number:0d:5e:99:0a:d6:9d:b7:78:ec:d8:07:56:3b:86:15:d9
+# Subject: CN=DST ACES CA X6,OU=DST ACES,O=Digital Signature Trust,C=US
+# Not Valid Before: Thu Nov 20 21:19:58 2003
+# Not Valid After : Mon Nov 20 21:19:58 2017
+# Fingerprint (MD5): 21:D8:4C:82:2B:99:09:33:A2:EB:14:24:8D:8E:5F:E8
+# Fingerprint (SHA1): 40:54:DA:6F:1C:3F:40:74:AC:ED:0F:EC:CD:DB:79:D1:53:FB:90:1D
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "DST ACES CA X6"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\133\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\040\060\036\006\003\125\004\012\023\027\104\151\147\151\164\141
+\154\040\123\151\147\156\141\164\165\162\145\040\124\162\165\163
+\164\061\021\060\017\006\003\125\004\013\023\010\104\123\124\040
+\101\103\105\123\061\027\060\025\006\003\125\004\003\023\016\104
+\123\124\040\101\103\105\123\040\103\101\040\130\066
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\133\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\040\060\036\006\003\125\004\012\023\027\104\151\147\151\164\141
+\154\040\123\151\147\156\141\164\165\162\145\040\124\162\165\163
+\164\061\021\060\017\006\003\125\004\013\023\010\104\123\124\040
+\101\103\105\123\061\027\060\025\006\003\125\004\003\023\016\104
+\123\124\040\101\103\105\123\040\103\101\040\130\066
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\015\136\231\012\326\235\267\170\354\330\007\126\073\206
+\025\331
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\004\011\060\202\002\361\240\003\002\001\002\002\020\015
+\136\231\012\326\235\267\170\354\330\007\126\073\206\025\331\060
+\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\133
+\061\013\060\011\006\003\125\004\006\023\002\125\123\061\040\060
+\036\006\003\125\004\012\023\027\104\151\147\151\164\141\154\040
+\123\151\147\156\141\164\165\162\145\040\124\162\165\163\164\061
+\021\060\017\006\003\125\004\013\023\010\104\123\124\040\101\103
+\105\123\061\027\060\025\006\003\125\004\003\023\016\104\123\124
+\040\101\103\105\123\040\103\101\040\130\066\060\036\027\015\060
+\063\061\061\062\060\062\061\061\071\065\070\132\027\015\061\067
+\061\061\062\060\062\061\061\071\065\070\132\060\133\061\013\060
+\011\006\003\125\004\006\023\002\125\123\061\040\060\036\006\003
+\125\004\012\023\027\104\151\147\151\164\141\154\040\123\151\147
+\156\141\164\165\162\145\040\124\162\165\163\164\061\021\060\017
+\006\003\125\004\013\023\010\104\123\124\040\101\103\105\123\061
+\027\060\025\006\003\125\004\003\023\016\104\123\124\040\101\103
+\105\123\040\103\101\040\130\066\060\202\001\042\060\015\006\011
+\052\206\110\206\367\015\001\001\001\005\000\003\202\001\017\000
+\060\202\001\012\002\202\001\001\000\271\075\365\054\311\224\334
+\165\212\225\135\143\350\204\167\166\146\271\131\221\134\106\335
+\222\076\237\371\016\003\264\075\141\222\275\043\046\265\143\356
+\222\322\236\326\074\310\015\220\137\144\201\261\250\010\015\114
+\330\371\323\005\050\122\264\001\045\305\225\034\014\176\076\020
+\204\165\317\301\031\221\143\317\350\250\221\210\271\103\122\273
+\200\261\125\211\213\061\372\320\267\166\276\101\075\060\232\244
+\042\045\027\163\350\036\342\323\254\052\275\133\070\041\325\052
+\113\327\125\175\343\072\125\275\327\155\153\002\127\153\346\107
+\174\010\310\202\272\336\247\207\075\241\155\270\060\126\302\263
+\002\201\137\055\365\342\232\060\030\050\270\146\323\313\001\226
+\157\352\212\105\125\326\340\235\377\147\053\027\002\246\116\032
+\152\021\013\176\267\173\347\230\326\214\166\157\301\073\333\120
+\223\176\345\320\216\037\067\270\275\272\306\237\154\351\174\063
+\362\062\074\046\107\372\047\044\002\311\176\035\133\210\102\023
+\152\065\174\175\065\351\056\146\221\162\223\325\062\046\304\164
+\365\123\243\263\135\232\366\011\313\002\003\001\000\001\243\201
+\310\060\201\305\060\017\006\003\125\035\023\001\001\377\004\005
+\060\003\001\001\377\060\016\006\003\125\035\017\001\001\377\004
+\004\003\002\001\306\060\037\006\003\125\035\021\004\030\060\026
+\201\024\160\153\151\055\157\160\163\100\164\162\165\163\164\144
+\163\164\056\143\157\155\060\142\006\003\125\035\040\004\133\060
+\131\060\127\006\012\140\206\110\001\145\003\002\001\001\001\060
+\111\060\107\006\010\053\006\001\005\005\007\002\001\026\073\150
+\164\164\160\072\057\057\167\167\167\056\164\162\165\163\164\144
+\163\164\056\143\157\155\057\143\145\162\164\151\146\151\143\141
+\164\145\163\057\160\157\154\151\143\171\057\101\103\105\123\055
+\151\156\144\145\170\056\150\164\155\154\060\035\006\003\125\035
+\016\004\026\004\024\011\162\006\116\030\103\017\345\326\314\303
+\152\213\061\173\170\217\250\203\270\060\015\006\011\052\206\110
+\206\367\015\001\001\005\005\000\003\202\001\001\000\243\330\216
+\326\262\333\316\005\347\062\315\001\323\004\003\345\166\344\126
+\053\234\231\220\350\010\060\154\337\175\075\356\345\277\265\044
+\100\204\111\341\321\050\256\304\302\072\123\060\210\361\365\167
+\156\121\312\372\377\231\257\044\137\033\240\375\362\254\204\312
+\337\251\360\137\004\056\255\026\277\041\227\020\201\075\343\377
+\207\215\062\334\224\345\107\212\136\152\023\311\224\225\075\322
+\356\310\064\225\320\200\324\255\062\010\200\124\074\340\275\122
+\123\327\122\174\262\151\077\177\172\317\152\164\312\372\004\052
+\234\114\132\006\245\351\040\255\105\146\017\151\361\335\277\351
+\343\062\213\372\340\301\206\115\162\074\056\330\223\170\012\052
+\370\330\322\047\075\031\211\137\132\173\212\073\314\014\332\121
+\256\307\013\367\053\260\067\005\354\274\127\043\342\070\322\233
+\150\363\126\022\210\117\102\174\270\061\304\265\333\344\310\041
+\064\351\110\021\065\356\372\307\222\127\305\237\064\344\307\366
+\367\016\013\114\234\150\170\173\161\061\307\353\036\340\147\101
+\363\267\240\247\315\345\172\063\066\152\372\232\053
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "DST ACES CA X6"
+# Issuer: CN=DST ACES CA X6,OU=DST ACES,O=Digital Signature Trust,C=US
+# Serial Number:0d:5e:99:0a:d6:9d:b7:78:ec:d8:07:56:3b:86:15:d9
+# Subject: CN=DST ACES CA X6,OU=DST ACES,O=Digital Signature Trust,C=US
+# Not Valid Before: Thu Nov 20 21:19:58 2003
+# Not Valid After : Mon Nov 20 21:19:58 2017
+# Fingerprint (MD5): 21:D8:4C:82:2B:99:09:33:A2:EB:14:24:8D:8E:5F:E8
+# Fingerprint (SHA1): 40:54:DA:6F:1C:3F:40:74:AC:ED:0F:EC:CD:DB:79:D1:53:FB:90:1D
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "DST ACES CA X6"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\100\124\332\157\034\077\100\164\254\355\017\354\315\333\171\321
+\123\373\220\035
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\041\330\114\202\053\231\011\063\242\353\024\044\215\216\137\350
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\133\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\040\060\036\006\003\125\004\012\023\027\104\151\147\151\164\141
+\154\040\123\151\147\156\141\164\165\162\145\040\124\162\165\163
+\164\061\021\060\017\006\003\125\004\013\023\010\104\123\124\040
+\101\103\105\123\061\027\060\025\006\003\125\004\003\023\016\104
+\123\124\040\101\103\105\123\040\103\101\040\130\066
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\015\136\231\012\326\235\267\170\354\330\007\126\073\206
+\025\331
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
 # Certificate "SwissSign Platinum CA - G2"
 #
 # Issuer: CN=SwissSign Platinum CA - G2,O=SwissSign AG,C=CH
@@ -6774,6 +7152,311 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
+# Certificate "MD5 Collisions Forged Rogue CA 25c3"
+#
+# Issuer: CN=Equifax Secure Global eBusiness CA-1,O=Equifax Secure Inc.,C=US
+# Serial Number: 66 (0x42)
+# Subject: CN=MD5 Collisions Inc. (http://www.phreedom.org/md5)
+# Not Valid Before: Sat Jul 31 00:00:01 2004
+# Not Valid After : Thu Sep 02 00:00:01 2004
+# Fingerprint (MD5): 16:7A:13:15:B9:17:39:A3:F1:05:6A:E6:3E:D9:3A:38
+# Fingerprint (SHA1): 64:23:13:7E:5C:53:D6:4A:A6:64:85:ED:36:54:F5:AB:05:5A:8B:8A
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "MD5 Collisions Forged Rogue CA 25c3"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\074\061\072\060\070\006\003\125\004\003\023\061\115\104\065
+\040\103\157\154\154\151\163\151\157\156\163\040\111\156\143\056
+\040\050\150\164\164\160\072\057\057\167\167\167\056\160\150\162
+\145\145\144\157\155\056\157\162\147\057\155\144\065\051
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\132\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\034\060\032\006\003\125\004\012\023\023\105\161\165\151\146\141
+\170\040\123\145\143\165\162\145\040\111\156\143\056\061\055\060
+\053\006\003\125\004\003\023\044\105\161\165\151\146\141\170\040
+\123\145\143\165\162\145\040\107\154\157\142\141\154\040\145\102
+\165\163\151\156\145\163\163\040\103\101\055\061
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\102
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\004\062\060\202\003\233\240\003\002\001\002\002\001\102
+\060\015\006\011\052\206\110\206\367\015\001\001\004\005\000\060
+\132\061\013\060\011\006\003\125\004\006\023\002\125\123\061\034
+\060\032\006\003\125\004\012\023\023\105\161\165\151\146\141\170
+\040\123\145\143\165\162\145\040\111\156\143\056\061\055\060\053
+\006\003\125\004\003\023\044\105\161\165\151\146\141\170\040\123
+\145\143\165\162\145\040\107\154\157\142\141\154\040\145\102\165
+\163\151\156\145\163\163\040\103\101\055\061\060\036\027\015\060
+\064\060\067\063\061\060\060\060\060\060\061\132\027\015\060\064
+\060\071\060\062\060\060\060\060\060\061\132\060\074\061\072\060
+\070\006\003\125\004\003\023\061\115\104\065\040\103\157\154\154
+\151\163\151\157\156\163\040\111\156\143\056\040\050\150\164\164
+\160\072\057\057\167\167\167\056\160\150\162\145\145\144\157\155
+\056\157\162\147\057\155\144\065\051\060\201\237\060\015\006\011
+\052\206\110\206\367\015\001\001\001\005\000\003\201\215\000\060
+\201\211\002\201\201\000\272\246\131\311\054\050\326\052\260\370
+\355\237\106\244\244\067\356\016\031\150\131\321\263\003\231\121
+\326\026\232\136\067\153\025\340\016\113\365\204\144\370\243\333
+\101\157\065\325\233\025\037\333\304\070\122\160\201\227\136\217
+\240\265\367\176\071\360\062\254\036\255\104\322\263\372\110\303
+\316\221\233\354\364\234\174\341\132\365\310\067\153\232\203\336
+\347\312\040\227\061\102\163\025\221\150\364\210\257\371\050\050
+\305\351\017\163\260\027\113\023\114\231\165\320\104\346\176\010
+\154\032\362\117\033\101\002\003\001\000\001\243\202\002\044\060
+\202\002\040\060\013\006\003\125\035\017\004\004\003\002\001\306
+\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001
+\377\060\035\006\003\125\035\016\004\026\004\024\247\004\140\037
+\253\162\103\010\305\177\010\220\125\126\034\326\316\346\070\353
+\060\037\006\003\125\035\043\004\030\060\026\200\024\276\250\240
+\164\162\120\153\104\267\311\043\330\373\250\377\263\127\153\150
+\154\060\202\001\276\006\011\140\206\110\001\206\370\102\001\015
+\004\202\001\257\026\202\001\253\063\000\000\000\047\136\071\340
+\211\141\017\116\243\305\105\013\066\273\001\321\123\252\303\010
+\217\157\370\117\076\207\207\104\021\334\140\340\337\222\125\371
+\270\163\033\124\223\305\237\320\106\304\140\266\065\142\315\271
+\257\034\250\151\032\311\133\074\226\067\300\355\147\357\273\376
+\300\213\234\120\057\051\275\203\042\236\216\010\372\254\023\160
+\242\130\177\142\142\212\021\367\211\366\337\266\147\131\163\026
+\373\143\026\212\264\221\070\316\056\365\266\276\114\244\224\111
+\344\145\021\012\102\025\311\301\060\342\151\325\105\175\245\046
+\273\271\141\354\142\144\360\071\341\347\274\150\330\120\121\236
+\035\140\323\321\243\247\012\370\003\040\241\160\001\027\221\066
+\117\002\160\061\206\203\335\367\017\330\007\035\021\263\023\004
+\245\334\360\256\120\261\050\016\143\151\052\014\202\157\217\107
+\063\337\154\242\006\222\361\117\105\276\331\060\066\243\053\214
+\326\167\256\065\143\177\116\114\232\223\110\066\331\237\002\003
+\001\000\001\243\201\275\060\201\272\060\016\006\003\125\035\017
+\001\001\377\004\004\003\002\004\360\060\035\006\003\125\035\016
+\004\026\004\024\315\246\203\372\245\140\067\367\226\067\027\051
+\336\101\170\361\207\211\125\347\060\073\006\003\125\035\037\004
+\064\060\062\060\060\240\056\240\054\206\052\150\164\164\160\072
+\057\057\143\162\154\056\147\145\157\164\162\165\163\164\056\143
+\157\155\057\143\162\154\163\057\147\154\157\142\141\154\143\141
+\061\056\143\162\154\060\037\006\003\125\035\043\004\030\060\026
+\200\024\276\250\240\164\162\120\153\104\267\311\043\330\373\250
+\377\263\127\153\150\154\060\035\006\003\125\035\045\004\026\060
+\024\006\010\053\006\001\005\005\007\003\001\006\010\053\006\001
+\005\005\007\003\002\060\014\006\003\125\035\023\001\001\377\004
+\002\060\000\060\015\006\011\052\206\110\206\367\015\001\001\004
+\005\000\003\201\201\000\247\041\002\215\321\016\242\200\167\045
+\375\103\140\025\217\354\357\220\107\324\204\102\025\046\021\034
+\315\302\074\020\051\251\266\337\253\127\165\221\332\345\053\263
+\220\105\034\060\143\126\077\212\331\120\372\355\130\154\300\145
+\254\146\127\336\034\306\166\073\365\000\016\216\105\316\177\114
+\220\354\053\306\315\263\264\217\142\320\376\267\305\046\162\104
+\355\366\230\133\256\313\321\225\365\332\010\276\150\106\261\165
+\310\354\035\217\036\172\224\361\252\123\170\242\105\256\124\352
+\321\236\164\310\166\147
+END
+
+# Trust for Certificate "MD5 Collisions Forged Rogue CA 25c3"
+# Issuer: CN=Equifax Secure Global eBusiness CA-1,O=Equifax Secure Inc.,C=US
+# Serial Number: 66 (0x42)
+# Subject: CN=MD5 Collisions Inc. (http://www.phreedom.org/md5)
+# Not Valid Before: Sat Jul 31 00:00:01 2004
+# Not Valid After : Thu Sep 02 00:00:01 2004
+# Fingerprint (MD5): 16:7A:13:15:B9:17:39:A3:F1:05:6A:E6:3E:D9:3A:38
+# Fingerprint (SHA1): 64:23:13:7E:5C:53:D6:4A:A6:64:85:ED:36:54:F5:AB:05:5A:8B:8A
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "MD5 Collisions Forged Rogue CA 25c3"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\144\043\023\176\134\123\326\112\246\144\205\355\066\124\365\253
+\005\132\213\212
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\026\172\023\025\271\027\071\243\361\005\152\346\076\331\072\070
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\132\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\034\060\032\006\003\125\004\012\023\023\105\161\165\151\146\141
+\170\040\123\145\143\165\162\145\040\111\156\143\056\061\055\060
+\053\006\003\125\004\003\023\044\105\161\165\151\146\141\170\040
+\123\145\143\165\162\145\040\107\154\157\142\141\154\040\145\102
+\165\163\151\156\145\163\163\040\103\101\055\061
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\102
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+# Distrust "Distrusted AC DG Tresor SSL"
+# Issuer: CN=AC DGTPE Signature Authentification,O=DGTPE,C=FR
+# Serial Number: 204199 (0x31da7)
+# Subject: CN=AC DG Tr..sor SSL,O=DG Tr..sor,C=FR
+# Not Valid Before: Thu Jul 18 10:05:28 2013
+# Not Valid After : Fri Jul 18 10:05:28 2014
+# Fingerprint (MD5): 3A:EA:9E:FC:00:0C:E2:06:6C:E0:AC:39:C1:31:DE:C8
+# Fingerprint (SHA1): 5C:E3:39:46:5F:41:A1:E4:23:14:9F:65:54:40:95:40:4D:E6:EB:E2
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Distrusted AC DG Tresor SSL"
+CKA_ISSUER MULTILINE_OCTAL
+\060\113\061\013\060\011\006\003\125\004\006\023\002\106\122\061
+\016\060\014\006\003\125\004\012\023\005\104\107\124\120\105\061
+\054\060\052\006\003\125\004\003\023\043\101\103\040\104\107\124
+\120\105\040\123\151\147\156\141\164\165\162\145\040\101\165\164
+\150\145\156\164\151\146\151\143\141\164\151\157\156
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\003\003\035\247
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Security Communication EV RootCA1"
+#
+# Issuer: OU=Security Communication EV RootCA1,O="SECOM Trust Systems CO.,LTD.",C=JP
+# Serial Number: 0 (0x0)
+# Subject: OU=Security Communication EV RootCA1,O="SECOM Trust Systems CO.,LTD.",C=JP
+# Not Valid Before: Wed Jun 06 02:12:32 2007
+# Not Valid After : Sat Jun 06 02:12:32 2037
+# Fingerprint (MD5): 22:2D:A6:01:EA:7C:0A:F7:F0:6C:56:43:3F:77:76:D3
+# Fingerprint (SHA1): FE:B8:C4:32:DC:F9:76:9A:CE:AE:3D:D8:90:8F:FD:28:86:65:64:7D
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Security Communication EV RootCA1"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\140\061\013\060\011\006\003\125\004\006\023\002\112\120\061
+\045\060\043\006\003\125\004\012\023\034\123\105\103\117\115\040
+\124\162\165\163\164\040\123\171\163\164\145\155\163\040\103\117
+\056\054\114\124\104\056\061\052\060\050\006\003\125\004\013\023
+\041\123\145\143\165\162\151\164\171\040\103\157\155\155\165\156
+\151\143\141\164\151\157\156\040\105\126\040\122\157\157\164\103
+\101\061
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\140\061\013\060\011\006\003\125\004\006\023\002\112\120\061
+\045\060\043\006\003\125\004\012\023\034\123\105\103\117\115\040
+\124\162\165\163\164\040\123\171\163\164\145\155\163\040\103\117
+\056\054\114\124\104\056\061\052\060\050\006\003\125\004\013\023
+\041\123\145\143\165\162\151\164\171\040\103\157\155\155\165\156
+\151\143\141\164\151\157\156\040\105\126\040\122\157\157\164\103
+\101\061
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\000
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\003\175\060\202\002\145\240\003\002\001\002\002\001\000
+\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060
+\140\061\013\060\011\006\003\125\004\006\023\002\112\120\061\045
+\060\043\006\003\125\004\012\023\034\123\105\103\117\115\040\124
+\162\165\163\164\040\123\171\163\164\145\155\163\040\103\117\056
+\054\114\124\104\056\061\052\060\050\006\003\125\004\013\023\041
+\123\145\143\165\162\151\164\171\040\103\157\155\155\165\156\151
+\143\141\164\151\157\156\040\105\126\040\122\157\157\164\103\101
+\061\060\036\027\015\060\067\060\066\060\066\060\062\061\062\063
+\062\132\027\015\063\067\060\066\060\066\060\062\061\062\063\062
+\132\060\140\061\013\060\011\006\003\125\004\006\023\002\112\120
+\061\045\060\043\006\003\125\004\012\023\034\123\105\103\117\115
+\040\124\162\165\163\164\040\123\171\163\164\145\155\163\040\103
+\117\056\054\114\124\104\056\061\052\060\050\006\003\125\004\013
+\023\041\123\145\143\165\162\151\164\171\040\103\157\155\155\165
+\156\151\143\141\164\151\157\156\040\105\126\040\122\157\157\164
+\103\101\061\060\202\001\042\060\015\006\011\052\206\110\206\367
+\015\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002
+\202\001\001\000\274\177\354\127\233\044\340\376\234\272\102\171
+\251\210\212\372\200\340\365\007\051\103\352\216\012\064\066\215
+\034\372\247\265\071\170\377\227\165\367\057\344\252\153\004\204
+\104\312\246\342\150\216\375\125\120\142\017\244\161\016\316\007
+\070\055\102\205\120\255\074\226\157\213\325\242\016\317\336\111
+\211\075\326\144\056\070\345\036\154\265\127\212\236\357\110\016
+\315\172\151\026\207\104\265\220\344\006\235\256\241\004\227\130
+\171\357\040\112\202\153\214\042\277\354\037\017\351\204\161\355
+\361\016\344\270\030\023\314\126\066\135\321\232\036\121\153\071
+\156\140\166\210\064\013\363\263\321\260\235\312\141\342\144\035
+\301\106\007\270\143\335\036\063\145\263\216\011\125\122\075\265
+\275\377\007\353\255\141\125\030\054\251\151\230\112\252\100\305
+\063\024\145\164\000\371\221\336\257\003\110\305\100\124\334\017
+\204\220\150\040\305\222\226\334\056\345\002\105\252\300\137\124
+\370\155\352\111\317\135\154\113\257\357\232\302\126\134\306\065
+\126\102\152\060\137\302\253\366\342\075\077\263\311\021\217\061
+\114\327\237\111\002\003\001\000\001\243\102\060\100\060\035\006
+\003\125\035\016\004\026\004\024\065\112\365\115\257\077\327\202
+\070\254\253\161\145\027\165\214\235\125\223\346\060\016\006\003
+\125\035\017\001\001\377\004\004\003\002\001\006\060\017\006\003
+\125\035\023\001\001\377\004\005\060\003\001\001\377\060\015\006
+\011\052\206\110\206\367\015\001\001\005\005\000\003\202\001\001
+\000\250\207\351\354\370\100\147\135\303\301\146\307\100\113\227
+\374\207\023\220\132\304\357\240\312\137\213\267\247\267\361\326
+\265\144\267\212\263\270\033\314\332\373\254\146\210\101\316\350
+\374\344\333\036\210\246\355\047\120\033\002\060\044\106\171\376
+\004\207\160\227\100\163\321\300\301\127\031\232\151\245\047\231
+\253\235\142\204\366\121\301\054\311\043\025\330\050\267\253\045
+\023\265\106\341\206\002\377\046\214\304\210\222\035\126\376\031
+\147\362\125\344\200\243\153\234\253\167\341\121\161\015\040\333
+\020\232\333\275\166\171\007\167\231\050\255\232\136\332\261\117
+\104\054\065\216\245\226\307\375\203\360\130\306\171\326\230\174
+\250\215\376\206\076\007\026\222\341\173\347\035\354\063\166\176
+\102\056\112\205\371\221\211\150\204\003\201\245\233\232\276\343
+\067\305\124\253\126\073\030\055\101\244\014\370\102\333\231\240
+\340\162\157\273\135\341\026\117\123\012\144\371\116\364\277\116
+\124\275\170\154\210\352\277\234\023\044\302\160\151\242\177\017
+\310\074\255\010\311\260\230\100\243\052\347\210\203\355\167\217
+\164
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "Security Communication EV RootCA1"
+# Issuer: OU=Security Communication EV RootCA1,O="SECOM Trust Systems CO.,LTD.",C=JP
+# Serial Number: 0 (0x0)
+# Subject: OU=Security Communication EV RootCA1,O="SECOM Trust Systems CO.,LTD.",C=JP
+# Not Valid Before: Wed Jun 06 02:12:32 2007
+# Not Valid After : Sat Jun 06 02:12:32 2037
+# Fingerprint (MD5): 22:2D:A6:01:EA:7C:0A:F7:F0:6C:56:43:3F:77:76:D3
+# Fingerprint (SHA1): FE:B8:C4:32:DC:F9:76:9A:CE:AE:3D:D8:90:8F:FD:28:86:65:64:7D
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Security Communication EV RootCA1"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\376\270\304\062\334\371\166\232\316\256\075\330\220\217\375\050
+\206\145\144\175
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\042\055\246\001\352\174\012\367\360\154\126\103\077\167\166\323
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\140\061\013\060\011\006\003\125\004\006\023\002\112\120\061
+\045\060\043\006\003\125\004\012\023\034\123\105\103\117\115\040
+\124\162\165\163\164\040\123\171\163\164\145\155\163\040\103\117
+\056\054\114\124\104\056\061\052\060\050\006\003\125\004\013\023
+\041\123\145\143\165\162\151\164\171\040\103\157\155\155\165\156
+\151\143\141\164\151\157\156\040\105\126\040\122\157\157\164\103
+\101\061
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\000
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
 # Certificate "OISTE WISeKey Global Root GA CA"
 #
 # Issuer: CN=OISTE WISeKey Global Root GA CA,OU=OISTE Foundation Endorsed,OU=Copyright (c) 2005,O=WISeKey,C=CH
@@ -7968,6 +8651,203 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
+# Certificate "TUBITAK UEKAE Kok Sertifika Hizmet Saglayicisi - Surum 3"
+#
+# Issuer: CN=T..B..TAK UEKAE K..k Sertifika Hizmet Sa..lay..c..s.. - S..r..m ...,OU=Kamu Sertifikasyon Merkezi,OU=Ulusal Elektronik ve Kriptoloji Ara..t..rma Enstit..s.. - UEKAE,O=T..rkiye Bilimsel ve Teknolojik Ara..t..rma Kurumu - T..B..TAK,L=Gebze - Kocaeli,C=TR
+# Serial Number: 17 (0x11)
+# Subject: CN=T..B..TAK UEKAE K..k Sertifika Hizmet Sa..lay..c..s.. - S..r..m ...,OU=Kamu Sertifikasyon Merkezi,OU=Ulusal Elektronik ve Kriptoloji Ara..t..rma Enstit..s.. - UEKAE,O=T..rkiye Bilimsel ve Teknolojik Ara..t..rma Kurumu - T..B..TAK,L=Gebze - Kocaeli,C=TR
+# Not Valid Before: Fri Aug 24 11:37:07 2007
+# Not Valid After : Mon Aug 21 11:37:07 2017
+# Fingerprint (MD5): ED:41:F5:8C:50:C5:2B:9C:73:E6:EE:6C:EB:C2:A8:26
+# Fingerprint (SHA1): 1B:4B:39:61:26:27:6B:64:91:A2:68:6D:D7:02:43:21:2D:1F:1D:96
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "T\xc3\x9c\x42\xC4\xB0TAK UEKAE K\xC3\xB6k Sertifika Hizmet Sa\xC4\x9Flay\xc4\xb1\x63\xc4\xb1s\xc4\xb1 - S\xC3\xBCr\xC3\xBCm 3"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\202\001\053\061\013\060\011\006\003\125\004\006\023\002\124
+\122\061\030\060\026\006\003\125\004\007\014\017\107\145\142\172
+\145\040\055\040\113\157\143\141\145\154\151\061\107\060\105\006
+\003\125\004\012\014\076\124\303\274\162\153\151\171\145\040\102
+\151\154\151\155\163\145\154\040\166\145\040\124\145\153\156\157
+\154\157\152\151\153\040\101\162\141\305\237\164\304\261\162\155
+\141\040\113\165\162\165\155\165\040\055\040\124\303\234\102\304
+\260\124\101\113\061\110\060\106\006\003\125\004\013\014\077\125
+\154\165\163\141\154\040\105\154\145\153\164\162\157\156\151\153
+\040\166\145\040\113\162\151\160\164\157\154\157\152\151\040\101
+\162\141\305\237\164\304\261\162\155\141\040\105\156\163\164\151
+\164\303\274\163\303\274\040\055\040\125\105\113\101\105\061\043
+\060\041\006\003\125\004\013\014\032\113\141\155\165\040\123\145
+\162\164\151\146\151\153\141\163\171\157\156\040\115\145\162\153
+\145\172\151\061\112\060\110\006\003\125\004\003\014\101\124\303
+\234\102\304\260\124\101\113\040\125\105\113\101\105\040\113\303
+\266\153\040\123\145\162\164\151\146\151\153\141\040\110\151\172
+\155\145\164\040\123\141\304\237\154\141\171\304\261\143\304\261
+\163\304\261\040\055\040\123\303\274\162\303\274\155\040\063
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\202\001\053\061\013\060\011\006\003\125\004\006\023\002\124
+\122\061\030\060\026\006\003\125\004\007\014\017\107\145\142\172
+\145\040\055\040\113\157\143\141\145\154\151\061\107\060\105\006
+\003\125\004\012\014\076\124\303\274\162\153\151\171\145\040\102
+\151\154\151\155\163\145\154\040\166\145\040\124\145\153\156\157
+\154\157\152\151\153\040\101\162\141\305\237\164\304\261\162\155
+\141\040\113\165\162\165\155\165\040\055\040\124\303\234\102\304
+\260\124\101\113\061\110\060\106\006\003\125\004\013\014\077\125
+\154\165\163\141\154\040\105\154\145\153\164\162\157\156\151\153
+\040\166\145\040\113\162\151\160\164\157\154\157\152\151\040\101
+\162\141\305\237\164\304\261\162\155\141\040\105\156\163\164\151
+\164\303\274\163\303\274\040\055\040\125\105\113\101\105\061\043
+\060\041\006\003\125\004\013\014\032\113\141\155\165\040\123\145
+\162\164\151\146\151\153\141\163\171\157\156\040\115\145\162\153
+\145\172\151\061\112\060\110\006\003\125\004\003\014\101\124\303
+\234\102\304\260\124\101\113\040\125\105\113\101\105\040\113\303
+\266\153\040\123\145\162\164\151\146\151\153\141\040\110\151\172
+\155\145\164\040\123\141\304\237\154\141\171\304\261\143\304\261
+\163\304\261\040\055\040\123\303\274\162\303\274\155\040\063
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\021
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\027\060\202\003\377\240\003\002\001\002\002\001\021
+\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060
+\202\001\053\061\013\060\011\006\003\125\004\006\023\002\124\122
+\061\030\060\026\006\003\125\004\007\014\017\107\145\142\172\145
+\040\055\040\113\157\143\141\145\154\151\061\107\060\105\006\003
+\125\004\012\014\076\124\303\274\162\153\151\171\145\040\102\151
+\154\151\155\163\145\154\040\166\145\040\124\145\153\156\157\154
+\157\152\151\153\040\101\162\141\305\237\164\304\261\162\155\141
+\040\113\165\162\165\155\165\040\055\040\124\303\234\102\304\260
+\124\101\113\061\110\060\106\006\003\125\004\013\014\077\125\154
+\165\163\141\154\040\105\154\145\153\164\162\157\156\151\153\040
+\166\145\040\113\162\151\160\164\157\154\157\152\151\040\101\162
+\141\305\237\164\304\261\162\155\141\040\105\156\163\164\151\164
+\303\274\163\303\274\040\055\040\125\105\113\101\105\061\043\060
+\041\006\003\125\004\013\014\032\113\141\155\165\040\123\145\162
+\164\151\146\151\153\141\163\171\157\156\040\115\145\162\153\145
+\172\151\061\112\060\110\006\003\125\004\003\014\101\124\303\234
+\102\304\260\124\101\113\040\125\105\113\101\105\040\113\303\266
+\153\040\123\145\162\164\151\146\151\153\141\040\110\151\172\155
+\145\164\040\123\141\304\237\154\141\171\304\261\143\304\261\163
+\304\261\040\055\040\123\303\274\162\303\274\155\040\063\060\036
+\027\015\060\067\060\070\062\064\061\061\063\067\060\067\132\027
+\015\061\067\060\070\062\061\061\061\063\067\060\067\132\060\202
+\001\053\061\013\060\011\006\003\125\004\006\023\002\124\122\061
+\030\060\026\006\003\125\004\007\014\017\107\145\142\172\145\040
+\055\040\113\157\143\141\145\154\151\061\107\060\105\006\003\125
+\004\012\014\076\124\303\274\162\153\151\171\145\040\102\151\154
+\151\155\163\145\154\040\166\145\040\124\145\153\156\157\154\157
+\152\151\153\040\101\162\141\305\237\164\304\261\162\155\141\040
+\113\165\162\165\155\165\040\055\040\124\303\234\102\304\260\124
+\101\113\061\110\060\106\006\003\125\004\013\014\077\125\154\165
+\163\141\154\040\105\154\145\153\164\162\157\156\151\153\040\166
+\145\040\113\162\151\160\164\157\154\157\152\151\040\101\162\141
+\305\237\164\304\261\162\155\141\040\105\156\163\164\151\164\303
+\274\163\303\274\040\055\040\125\105\113\101\105\061\043\060\041
+\006\003\125\004\013\014\032\113\141\155\165\040\123\145\162\164
+\151\146\151\153\141\163\171\157\156\040\115\145\162\153\145\172
+\151\061\112\060\110\006\003\125\004\003\014\101\124\303\234\102
+\304\260\124\101\113\040\125\105\113\101\105\040\113\303\266\153
+\040\123\145\162\164\151\146\151\153\141\040\110\151\172\155\145
+\164\040\123\141\304\237\154\141\171\304\261\143\304\261\163\304
+\261\040\055\040\123\303\274\162\303\274\155\040\063\060\202\001
+\042\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000
+\003\202\001\017\000\060\202\001\012\002\202\001\001\000\212\155
+\113\377\020\210\072\303\366\176\224\350\352\040\144\160\256\041
+\201\276\072\173\074\333\361\035\122\177\131\372\363\042\114\225
+\240\220\274\110\116\021\253\373\267\265\215\172\203\050\214\046
+\106\330\116\225\100\207\141\237\305\236\155\201\207\127\154\212
+\073\264\146\352\314\100\374\343\252\154\262\313\001\333\062\277
+\322\353\205\317\241\015\125\303\133\070\127\160\270\165\306\171
+\321\024\060\355\033\130\133\153\357\065\362\241\041\116\305\316
+\174\231\137\154\271\270\042\223\120\247\315\114\160\152\276\152
+\005\177\023\234\053\036\352\376\107\316\004\245\157\254\223\056
+\174\053\237\236\171\023\221\350\352\236\312\070\165\216\142\260
+\225\223\052\345\337\351\136\227\156\040\137\137\204\172\104\071
+\031\100\034\272\125\053\373\060\262\201\357\204\343\334\354\230
+\070\071\003\205\010\251\124\003\005\051\360\311\217\213\352\013
+\206\145\031\021\323\351\011\043\336\150\223\003\311\066\034\041
+\156\316\214\146\361\231\060\330\327\263\303\035\370\201\056\250
+\275\202\013\146\376\202\313\341\340\032\202\303\100\201\002\003
+\001\000\001\243\102\060\100\060\035\006\003\125\035\016\004\026
+\004\024\275\210\207\311\217\366\244\012\013\252\353\305\376\221
+\043\235\253\112\212\062\060\016\006\003\125\035\017\001\001\377
+\004\004\003\002\001\006\060\017\006\003\125\035\023\001\001\377
+\004\005\060\003\001\001\377\060\015\006\011\052\206\110\206\367
+\015\001\001\005\005\000\003\202\001\001\000\035\174\372\111\217
+\064\351\267\046\222\026\232\005\164\347\113\320\155\071\154\303
+\046\366\316\270\061\274\304\337\274\052\370\067\221\030\334\004
+\310\144\231\053\030\155\200\003\131\311\256\370\130\320\076\355
+\303\043\237\151\074\206\070\034\236\357\332\047\170\321\204\067
+\161\212\074\113\071\317\176\105\006\326\055\330\212\115\170\022
+\326\255\302\323\313\322\320\101\363\046\066\112\233\225\154\014
+\356\345\321\103\047\146\301\210\367\172\263\040\154\352\260\151
+\053\307\040\350\014\003\304\101\005\231\342\077\344\153\370\240
+\206\201\307\204\306\037\325\113\201\022\262\026\041\054\023\241
+\200\262\136\014\112\023\236\040\330\142\100\253\220\352\144\112
+\057\254\015\001\022\171\105\250\057\207\031\150\310\342\205\307
+\060\262\165\371\070\077\262\300\223\264\153\342\003\104\316\147
+\240\337\211\326\255\214\166\243\023\303\224\141\053\153\331\154
+\301\007\012\042\007\205\154\205\044\106\251\276\077\213\170\204
+\202\176\044\014\235\375\201\067\343\045\250\355\066\116\225\054
+\311\234\220\332\354\251\102\074\255\266\002
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "TUBITAK UEKAE Kok Sertifika Hizmet Saglayicisi - Surum 3"
+# Issuer: CN=T..B..TAK UEKAE K..k Sertifika Hizmet Sa..lay..c..s.. - S..r..m ...,OU=Kamu Sertifikasyon Merkezi,OU=Ulusal Elektronik ve Kriptoloji Ara..t..rma Enstit..s.. - UEKAE,O=T..rkiye Bilimsel ve Teknolojik Ara..t..rma Kurumu - T..B..TAK,L=Gebze - Kocaeli,C=TR
+# Serial Number: 17 (0x11)
+# Subject: CN=T..B..TAK UEKAE K..k Sertifika Hizmet Sa..lay..c..s.. - S..r..m ...,OU=Kamu Sertifikasyon Merkezi,OU=Ulusal Elektronik ve Kriptoloji Ara..t..rma Enstit..s.. - UEKAE,O=T..rkiye Bilimsel ve Teknolojik Ara..t..rma Kurumu - T..B..TAK,L=Gebze - Kocaeli,C=TR
+# Not Valid Before: Fri Aug 24 11:37:07 2007
+# Not Valid After : Mon Aug 21 11:37:07 2017
+# Fingerprint (MD5): ED:41:F5:8C:50:C5:2B:9C:73:E6:EE:6C:EB:C2:A8:26
+# Fingerprint (SHA1): 1B:4B:39:61:26:27:6B:64:91:A2:68:6D:D7:02:43:21:2D:1F:1D:96
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "T\xc3\x9c\x42\xC4\xB0TAK UEKAE K\xC3\xB6k Sertifika Hizmet Sa\xC4\x9Flay\xc4\xb1\x63\xc4\xb1s\xc4\xb1 - S\xC3\xBCr\xC3\xBCm 3"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\033\113\071\141\046\047\153\144\221\242\150\155\327\002\103\041
+\055\037\035\226
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\355\101\365\214\120\305\053\234\163\346\356\154\353\302\250\046
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\202\001\053\061\013\060\011\006\003\125\004\006\023\002\124
+\122\061\030\060\026\006\003\125\004\007\014\017\107\145\142\172
+\145\040\055\040\113\157\143\141\145\154\151\061\107\060\105\006
+\003\125\004\012\014\076\124\303\274\162\153\151\171\145\040\102
+\151\154\151\155\163\145\154\040\166\145\040\124\145\153\156\157
+\154\157\152\151\153\040\101\162\141\305\237\164\304\261\162\155
+\141\040\113\165\162\165\155\165\040\055\040\124\303\234\102\304
+\260\124\101\113\061\110\060\106\006\003\125\004\013\014\077\125
+\154\165\163\141\154\040\105\154\145\153\164\162\157\156\151\153
+\040\166\145\040\113\162\151\160\164\157\154\157\152\151\040\101
+\162\141\305\237\164\304\261\162\155\141\040\105\156\163\164\151
+\164\303\274\163\303\274\040\055\040\125\105\113\101\105\061\043
+\060\041\006\003\125\004\013\014\032\113\141\155\165\040\123\145
+\162\164\151\146\151\153\141\163\171\157\156\040\115\145\162\153
+\145\172\151\061\112\060\110\006\003\125\004\003\014\101\124\303
+\234\102\304\260\124\101\113\040\125\105\113\101\105\040\113\303
+\266\153\040\123\145\162\164\151\146\151\153\141\040\110\151\172
+\155\145\164\040\123\141\304\237\154\141\171\304\261\143\304\261
+\163\304\261\040\055\040\123\303\274\162\303\274\155\040\063
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\021
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
 # Certificate "certSIGN ROOT CA"
 #
 # Issuer: OU=certSIGN ROOT CA,O=certSIGN,C=RO
@@ -9581,6 +10461,172 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
+# Certificate "ACEDICOM Root"
+#
+# Issuer: C=ES,O=EDICOM,OU=PKI,CN=ACEDICOM Root
+# Serial Number:61:8d:c7:86:3b:01:82:05
+# Subject: C=ES,O=EDICOM,OU=PKI,CN=ACEDICOM Root
+# Not Valid Before: Fri Apr 18 16:24:22 2008
+# Not Valid After : Thu Apr 13 16:24:22 2028
+# Fingerprint (MD5): 42:81:A0:E2:1C:E3:55:10:DE:55:89:42:65:96:22:E6
+# Fingerprint (SHA1): E0:B4:32:2E:B2:F6:A5:68:B6:54:53:84:48:18:4A:50:36:87:43:84
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "ACEDICOM Root"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\104\061\026\060\024\006\003\125\004\003\014\015\101\103\105
+\104\111\103\117\115\040\122\157\157\164\061\014\060\012\006\003
+\125\004\013\014\003\120\113\111\061\017\060\015\006\003\125\004
+\012\014\006\105\104\111\103\117\115\061\013\060\011\006\003\125
+\004\006\023\002\105\123
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\104\061\026\060\024\006\003\125\004\003\014\015\101\103\105
+\104\111\103\117\115\040\122\157\157\164\061\014\060\012\006\003
+\125\004\013\014\003\120\113\111\061\017\060\015\006\003\125\004
+\012\014\006\105\104\111\103\117\115\061\013\060\011\006\003\125
+\004\006\023\002\105\123
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\010\141\215\307\206\073\001\202\005
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\265\060\202\003\235\240\003\002\001\002\002\010\141
+\215\307\206\073\001\202\005\060\015\006\011\052\206\110\206\367
+\015\001\001\005\005\000\060\104\061\026\060\024\006\003\125\004
+\003\014\015\101\103\105\104\111\103\117\115\040\122\157\157\164
+\061\014\060\012\006\003\125\004\013\014\003\120\113\111\061\017
+\060\015\006\003\125\004\012\014\006\105\104\111\103\117\115\061
+\013\060\011\006\003\125\004\006\023\002\105\123\060\036\027\015
+\060\070\060\064\061\070\061\066\062\064\062\062\132\027\015\062
+\070\060\064\061\063\061\066\062\064\062\062\132\060\104\061\026
+\060\024\006\003\125\004\003\014\015\101\103\105\104\111\103\117
+\115\040\122\157\157\164\061\014\060\012\006\003\125\004\013\014
+\003\120\113\111\061\017\060\015\006\003\125\004\012\014\006\105
+\104\111\103\117\115\061\013\060\011\006\003\125\004\006\023\002
+\105\123\060\202\002\042\060\015\006\011\052\206\110\206\367\015
+\001\001\001\005\000\003\202\002\017\000\060\202\002\012\002\202
+\002\001\000\377\222\225\341\150\006\166\264\054\310\130\110\312
+\375\200\124\051\125\143\044\377\220\145\233\020\165\173\303\152
+\333\142\002\001\362\030\206\265\174\132\070\261\344\130\271\373
+\323\330\055\237\275\062\067\277\054\025\155\276\265\364\041\322
+\023\221\331\007\255\001\005\326\363\275\167\316\137\102\201\012
+\371\152\343\203\000\250\053\056\125\023\143\201\312\107\034\173
+\134\026\127\172\033\203\140\004\072\076\145\303\315\001\336\336
+\244\326\014\272\216\336\331\004\356\027\126\042\233\217\143\375
+\115\026\013\267\173\167\214\371\045\265\321\155\231\022\056\117
+\032\270\346\352\004\222\256\075\021\271\121\102\075\207\260\061
+\205\257\171\132\234\376\347\116\136\222\117\103\374\253\072\255
+\245\022\046\146\271\342\014\327\230\316\324\130\245\225\100\012
+\267\104\235\023\164\053\302\245\353\042\025\230\020\330\213\305
+\004\237\035\217\140\345\006\033\233\317\271\171\240\075\242\043
+\077\102\077\153\372\034\003\173\060\215\316\154\300\277\346\033
+\137\277\147\270\204\031\325\025\357\173\313\220\066\061\142\311
+\274\002\253\106\137\233\376\032\150\224\064\075\220\216\255\366
+\344\035\011\177\112\210\070\077\276\147\375\064\226\365\035\274
+\060\164\313\070\356\325\154\253\324\374\364\000\267\000\133\205
+\062\026\166\063\351\330\243\231\235\005\000\252\026\346\363\201
+\175\157\175\252\206\155\255\025\164\323\304\242\161\252\364\024
+\175\347\062\270\037\274\325\361\116\275\157\027\002\071\327\016
+\225\102\072\307\000\076\351\046\143\021\352\013\321\112\377\030
+\235\262\327\173\057\072\331\226\373\350\036\222\256\023\125\310
+\331\047\366\334\110\033\260\044\301\205\343\167\235\232\244\363
+\014\021\035\015\310\264\024\356\265\202\127\011\277\040\130\177
+\057\042\043\330\160\313\171\154\311\113\362\251\052\310\374\207
+\053\327\032\120\370\047\350\057\103\343\072\275\330\127\161\375
+\316\246\122\133\371\335\115\355\345\366\157\211\355\273\223\234
+\166\041\165\360\222\114\051\367\057\234\001\056\376\120\106\236
+\144\014\024\263\007\133\305\302\163\154\361\007\134\105\044\024
+\065\256\203\361\152\115\211\172\372\263\330\055\146\360\066\207
+\365\053\123\002\003\001\000\001\243\201\252\060\201\247\060\017
+\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060
+\037\006\003\125\035\043\004\030\060\026\200\024\246\263\341\053
+\053\111\266\327\163\241\252\224\365\001\347\163\145\114\254\120
+\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001\206
+\060\035\006\003\125\035\016\004\026\004\024\246\263\341\053\053
+\111\266\327\163\241\252\224\365\001\347\163\145\114\254\120\060
+\104\006\003\125\035\040\004\075\060\073\060\071\006\004\125\035
+\040\000\060\061\060\057\006\010\053\006\001\005\005\007\002\001
+\026\043\150\164\164\160\072\057\057\141\143\145\144\151\143\157
+\155\056\145\144\151\143\157\155\147\162\157\165\160\056\143\157
+\155\057\144\157\143\060\015\006\011\052\206\110\206\367\015\001
+\001\005\005\000\003\202\002\001\000\316\054\013\122\121\142\046
+\175\014\047\203\217\305\366\332\240\150\173\117\222\136\352\244
+\163\062\021\123\104\262\104\313\235\354\017\171\102\263\020\246
+\307\015\235\313\266\372\077\072\174\352\277\210\123\033\074\367
+\202\372\005\065\063\341\065\250\127\300\347\375\215\117\077\223
+\062\117\170\146\003\167\007\130\351\225\310\176\076\320\171\000
+\214\362\033\121\063\233\274\224\351\072\173\156\122\055\062\236
+\043\244\105\373\266\056\023\260\213\030\261\335\316\325\035\247
+\102\177\125\276\373\133\273\107\324\374\044\315\004\256\226\005
+\025\326\254\316\060\363\312\013\305\272\342\042\340\246\255\042
+\344\002\356\164\021\177\114\377\170\035\065\332\346\002\064\353
+\030\022\141\167\006\011\026\143\352\030\255\242\207\037\362\307
+\200\011\011\165\116\020\250\217\075\206\270\165\021\300\044\142
+\212\226\173\112\105\351\354\131\305\276\153\203\346\341\350\254
+\265\060\036\376\005\007\200\371\341\043\015\120\217\005\230\377
+\054\137\350\073\266\255\317\201\265\041\207\312\010\052\043\047
+\060\040\053\317\355\224\133\254\262\172\322\307\050\241\212\013
+\233\115\112\054\155\205\077\011\162\074\147\342\331\334\007\272
+\353\145\173\132\001\143\326\220\133\117\027\146\075\177\013\031
+\243\223\143\020\122\052\237\024\026\130\342\334\245\364\241\026
+\213\016\221\213\201\312\233\131\372\330\153\221\007\145\125\137
+\122\037\257\072\373\220\335\151\245\133\234\155\016\054\266\372
+\316\254\245\174\062\112\147\100\334\060\064\043\335\327\004\043
+\146\360\374\125\200\247\373\146\031\202\065\147\142\160\071\136
+\157\307\352\220\100\104\010\036\270\262\326\333\356\131\247\015
+\030\171\064\274\124\030\136\123\312\064\121\355\105\012\346\216
+\307\202\066\076\247\070\143\251\060\054\027\020\140\222\237\125
+\207\022\131\020\302\017\147\151\021\314\116\036\176\112\232\255
+\257\100\250\165\254\126\220\164\270\240\234\245\171\157\334\351
+\032\310\151\005\351\272\372\003\263\174\344\340\116\302\316\235
+\350\266\106\015\156\176\127\072\147\224\302\313\037\234\167\112
+\147\116\151\206\103\223\070\373\266\333\117\203\221\324\140\176
+\113\076\053\070\007\125\230\136\244
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "ACEDICOM Root"
+# Issuer: C=ES,O=EDICOM,OU=PKI,CN=ACEDICOM Root
+# Serial Number:61:8d:c7:86:3b:01:82:05
+# Subject: C=ES,O=EDICOM,OU=PKI,CN=ACEDICOM Root
+# Not Valid Before: Fri Apr 18 16:24:22 2008
+# Not Valid After : Thu Apr 13 16:24:22 2028
+# Fingerprint (MD5): 42:81:A0:E2:1C:E3:55:10:DE:55:89:42:65:96:22:E6
+# Fingerprint (SHA1): E0:B4:32:2E:B2:F6:A5:68:B6:54:53:84:48:18:4A:50:36:87:43:84
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "ACEDICOM Root"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\340\264\062\056\262\366\245\150\266\124\123\204\110\030\112\120
+\066\207\103\204
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\102\201\240\342\034\343\125\020\336\125\211\102\145\226\042\346
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\104\061\026\060\024\006\003\125\004\003\014\015\101\103\105
+\104\111\103\117\115\040\122\157\157\164\061\014\060\012\006\003
+\125\004\013\014\003\120\113\111\061\017\060\015\006\003\125\004
+\012\014\006\105\104\111\103\117\115\061\013\060\011\006\003\125
+\004\006\023\002\105\123
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\010\141\215\307\206\073\001\202\005
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+
+#
 # Certificate "Microsec e-Szigno Root CA 2009"
 #
 # Issuer: E=info@e-szigno.hu,CN=Microsec e-Szigno Root CA 2009,O=Microsec Ltd.,L=Budapest,C=HU
@@ -10621,6 +11667,1725 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
+# Certificate "Bogus Mozilla Addons"
+#
+# Issuer: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Serial Number:00:92:39:d5:34:8f:40:d1:69:5a:74:54:70:e1:f2:3f:43
+# Subject: CN=addons.mozilla.org,OU=PlatinumSSL,OU=Hosted by GTI Group Corporation,OU=Tech Dept.,O=Google Ltd.,STREET=Sea Village 10,L=English,ST=Florida,postalCode=38477,C=US
+# Not Valid Before: Tue Mar 15 00:00:00 2011
+# Not Valid After : Fri Mar 14 23:59:59 2014
+# Fingerprint (MD5): 84:C5:18:67:1F:2A:1A:90:BE:E2:B1:18:4F:03:00:32
+# Fingerprint (SHA1): 30:5F:8B:D1:7A:A2:CB:C4:83:A4:C4:1B:19:A3:9A:0C:75:DA:39:D6
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Bogus Mozilla Addons"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\342\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\016\060\014\006\003\125\004\021\023\005\063\070\064\067\067
+\061\020\060\016\006\003\125\004\010\023\007\106\154\157\162\151
+\144\141\061\020\060\016\006\003\125\004\007\023\007\105\156\147
+\154\151\163\150\061\027\060\025\006\003\125\004\011\023\016\123
+\145\141\040\126\151\154\154\141\147\145\040\061\060\061\024\060
+\022\006\003\125\004\012\023\013\107\157\157\147\154\145\040\114
+\164\144\056\061\023\060\021\006\003\125\004\013\023\012\124\145
+\143\150\040\104\145\160\164\056\061\050\060\046\006\003\125\004
+\013\023\037\110\157\163\164\145\144\040\142\171\040\107\124\111
+\040\107\162\157\165\160\040\103\157\162\160\157\162\141\164\151
+\157\156\061\024\060\022\006\003\125\004\013\023\013\120\154\141
+\164\151\156\165\155\123\123\114\061\033\060\031\006\003\125\004
+\003\023\022\141\144\144\157\156\163\056\155\157\172\151\154\154
+\141\056\157\162\147
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
+\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
+\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
+\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
+\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
+\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
+\164\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125
+\004\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163
+\164\055\110\141\162\144\167\141\162\145
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\021\000\222\071\325\064\217\100\321\151\132\164\124\160\341
+\362\077\103
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\370\060\202\004\340\240\003\002\001\002\002\021\000
+\222\071\325\064\217\100\321\151\132\164\124\160\341\362\077\103
+\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060
+\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060\025
+\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153\145
+\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023\025
+\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116\145
+\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023\030
+\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162\164
+\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125\004
+\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163\164
+\055\110\141\162\144\167\141\162\145\060\036\027\015\061\061\060
+\063\061\065\060\060\060\060\060\060\132\027\015\061\064\060\063
+\061\064\062\063\065\071\065\071\132\060\201\342\061\013\060\011
+\006\003\125\004\006\023\002\125\123\061\016\060\014\006\003\125
+\004\021\023\005\063\070\064\067\067\061\020\060\016\006\003\125
+\004\010\023\007\106\154\157\162\151\144\141\061\020\060\016\006
+\003\125\004\007\023\007\105\156\147\154\151\163\150\061\027\060
+\025\006\003\125\004\011\023\016\123\145\141\040\126\151\154\154
+\141\147\145\040\061\060\061\024\060\022\006\003\125\004\012\023
+\013\107\157\157\147\154\145\040\114\164\144\056\061\023\060\021
+\006\003\125\004\013\023\012\124\145\143\150\040\104\145\160\164
+\056\061\050\060\046\006\003\125\004\013\023\037\110\157\163\164
+\145\144\040\142\171\040\107\124\111\040\107\162\157\165\160\040
+\103\157\162\160\157\162\141\164\151\157\156\061\024\060\022\006
+\003\125\004\013\023\013\120\154\141\164\151\156\165\155\123\123
+\114\061\033\060\031\006\003\125\004\003\023\022\141\144\144\157
+\156\163\056\155\157\172\151\154\154\141\056\157\162\147\060\202
+\001\042\060\015\006\011\052\206\110\206\367\015\001\001\001\005
+\000\003\202\001\017\000\060\202\001\012\002\202\001\001\000\253
+\306\155\066\363\025\163\170\203\163\316\164\205\325\256\354\262
+\360\340\044\037\023\203\270\040\254\273\232\376\210\273\253\241
+\035\013\037\105\000\252\111\267\065\067\014\152\357\107\114\271
+\321\276\343\127\022\004\215\222\307\266\354\001\274\266\332\307
+\201\070\040\255\162\205\346\016\374\201\154\007\255\150\166\070
+\305\104\327\314\306\112\305\227\076\144\364\121\346\360\176\262
+\354\126\367\045\202\115\111\230\313\026\230\335\043\361\211\221
+\321\027\227\100\231\046\326\342\242\053\136\337\275\211\362\033
+\032\123\055\314\120\101\172\320\075\052\014\125\160\024\001\351
+\130\111\020\172\013\223\202\213\341\036\355\072\200\020\202\316
+\226\212\064\360\314\327\323\271\264\120\207\125\124\011\270\235
+\102\050\125\000\345\214\065\124\277\335\045\221\106\267\015\345
+\135\203\250\345\213\373\204\344\074\256\166\332\304\103\053\133
+\164\013\370\276\135\150\361\170\133\265\316\175\361\135\231\100
+\332\312\356\070\201\120\276\230\241\154\270\044\255\363\257\214
+\017\327\021\050\054\204\030\114\175\265\331\217\060\265\033\002
+\003\001\000\001\243\202\001\360\060\202\001\354\060\037\006\003
+\125\035\043\004\030\060\026\200\024\241\162\137\046\033\050\230
+\103\225\135\007\067\325\205\226\235\113\322\303\105\060\035\006
+\003\125\035\016\004\026\004\024\335\200\322\124\075\367\114\160
+\312\243\260\335\064\172\062\344\350\073\132\073\060\016\006\003
+\125\035\017\001\001\377\004\004\003\002\005\240\060\014\006\003
+\125\035\023\001\001\377\004\002\060\000\060\035\006\003\125\035
+\045\004\026\060\024\006\010\053\006\001\005\005\007\003\001\006
+\010\053\006\001\005\005\007\003\002\060\106\006\003\125\035\040
+\004\077\060\075\060\073\006\014\053\006\001\004\001\262\061\001
+\002\001\003\004\060\053\060\051\006\010\053\006\001\005\005\007
+\002\001\026\035\150\164\164\160\163\072\057\057\163\145\143\165
+\162\145\056\143\157\155\157\144\157\056\143\157\155\057\103\120
+\123\060\173\006\003\125\035\037\004\164\060\162\060\070\240\066
+\240\064\206\062\150\164\164\160\072\057\057\143\162\154\056\143
+\157\155\157\144\157\143\141\056\143\157\155\057\125\124\116\055
+\125\123\105\122\106\151\162\163\164\055\110\141\162\144\167\141
+\162\145\056\143\162\154\060\066\240\064\240\062\206\060\150\164
+\164\160\072\057\057\143\162\154\056\143\157\155\157\144\157\056
+\156\145\164\057\125\124\116\055\125\123\105\122\106\151\162\163
+\164\055\110\141\162\144\167\141\162\145\056\143\162\154\060\161
+\006\010\053\006\001\005\005\007\001\001\004\145\060\143\060\073
+\006\010\053\006\001\005\005\007\060\002\206\057\150\164\164\160
+\072\057\057\143\162\164\056\143\157\155\157\144\157\143\141\056
+\143\157\155\057\125\124\116\101\144\144\124\162\165\163\164\123
+\145\162\166\145\162\103\101\056\143\162\164\060\044\006\010\053
+\006\001\005\005\007\060\001\206\030\150\164\164\160\072\057\057
+\157\143\163\160\056\143\157\155\157\144\157\143\141\056\143\157
+\155\060\065\006\003\125\035\021\004\056\060\054\202\022\141\144
+\144\157\156\163\056\155\157\172\151\154\154\141\056\157\162\147
+\202\026\167\167\167\056\141\144\144\157\156\163\056\155\157\172
+\151\154\154\141\056\157\162\147\060\015\006\011\052\206\110\206
+\367\015\001\001\005\005\000\003\202\001\001\000\063\073\143\025
+\374\261\354\024\054\223\335\165\224\336\201\132\331\116\231\276
+\373\112\244\071\125\115\241\100\172\336\023\052\207\251\067\317
+\350\325\373\255\321\173\155\157\214\040\207\202\124\346\127\111
+\274\040\050\204\315\326\001\331\223\213\027\156\043\146\345\204
+\310\200\077\306\241\160\200\344\354\115\035\371\374\221\132\163
+\142\051\232\367\040\034\141\340\213\071\237\312\274\176\215\335
+\274\331\261\343\237\236\337\025\123\221\041\122\013\331\032\043
+\017\146\066\333\254\223\226\112\243\245\042\317\051\367\242\231
+\250\366\266\331\100\256\331\176\266\366\130\056\233\254\066\312
+\144\217\145\122\334\206\234\202\253\156\120\113\332\137\372\005
+\000\210\060\016\336\215\126\277\201\107\215\075\006\342\262\142
+\222\147\217\236\310\232\262\345\006\270\160\044\270\167\174\043
+\012\070\303\171\010\330\261\121\235\254\225\021\307\100\027\236
+\243\034\217\362\021\247\150\047\332\111\005\204\030\174\130\055
+\001\147\134\345\237\241\051\273\112\071\105\057\277\021\252\171
+\242\355\264\324\265\145\103\267\223\106\212\323
+END
+
+# Trust for Certificate "Bogus Mozilla Addons"
+# Issuer: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Serial Number:00:92:39:d5:34:8f:40:d1:69:5a:74:54:70:e1:f2:3f:43
+# Subject: CN=addons.mozilla.org,OU=PlatinumSSL,OU=Hosted by GTI Group Corporation,OU=Tech Dept.,O=Google Ltd.,STREET=Sea Village 10,L=English,ST=Florida,postalCode=38477,C=US
+# Not Valid Before: Tue Mar 15 00:00:00 2011
+# Not Valid After : Fri Mar 14 23:59:59 2014
+# Fingerprint (MD5): 84:C5:18:67:1F:2A:1A:90:BE:E2:B1:18:4F:03:00:32
+# Fingerprint (SHA1): 30:5F:8B:D1:7A:A2:CB:C4:83:A4:C4:1B:19:A3:9A:0C:75:DA:39:D6
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Bogus Mozilla Addons"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\060\137\213\321\172\242\313\304\203\244\304\033\031\243\232\014
+\165\332\071\326
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\204\305\030\147\037\052\032\220\276\342\261\030\117\003\000\062
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
+\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
+\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
+\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
+\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
+\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
+\164\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125
+\004\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163
+\164\055\110\141\162\144\167\141\162\145
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\021\000\222\071\325\064\217\100\321\151\132\164\124\160\341
+\362\077\103
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Bogus Global Trustee"
+#
+# Issuer: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Serial Number:00:d8:f3:5f:4e:b7:87:2b:2d:ab:06:92:e3:15:38:2f:b0
+# Subject: CN=global trustee,OU=PlatinumSSL,OU=Hosted by GTI Group Corporation,OU=Global Trustee,O=Global Trustee,STREET=Sea Village 10,L=Tampa,ST=Florida,postalCode=38477,C=US
+# Not Valid Before: Tue Mar 15 00:00:00 2011
+# Not Valid After : Fri Mar 14 23:59:59 2014
+# Fingerprint (MD5): FE:0D:01:6E:71:CB:8C:D8:3F:0E:0C:CD:49:35:B8:57
+# Fingerprint (SHA1): 61:79:3F:CB:FA:4F:90:08:30:9B:BA:5F:F1:2D:2C:B2:9C:D4:15:1A
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Bogus Global Trustee"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\343\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\016\060\014\006\003\125\004\021\023\005\063\070\064\067\067
+\061\020\060\016\006\003\125\004\010\023\007\106\154\157\162\151
+\144\141\061\016\060\014\006\003\125\004\007\023\005\124\141\155
+\160\141\061\027\060\025\006\003\125\004\011\023\016\123\145\141
+\040\126\151\154\154\141\147\145\040\061\060\061\027\060\025\006
+\003\125\004\012\023\016\107\154\157\142\141\154\040\124\162\165
+\163\164\145\145\061\027\060\025\006\003\125\004\013\023\016\107
+\154\157\142\141\154\040\124\162\165\163\164\145\145\061\050\060
+\046\006\003\125\004\013\023\037\110\157\163\164\145\144\040\142
+\171\040\107\124\111\040\107\162\157\165\160\040\103\157\162\160
+\157\162\141\164\151\157\156\061\024\060\022\006\003\125\004\013
+\023\013\120\154\141\164\151\156\165\155\123\123\114\061\027\060
+\025\006\003\125\004\003\023\016\147\154\157\142\141\154\040\164
+\162\165\163\164\145\145
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
+\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
+\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
+\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
+\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
+\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
+\164\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125
+\004\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163
+\164\055\110\141\162\144\167\141\162\145
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\021\000\330\363\137\116\267\207\053\055\253\006\222\343\025
+\070\057\260
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\006\335\060\202\005\305\240\003\002\001\002\002\021\000
+\330\363\137\116\267\207\053\055\253\006\222\343\025\070\057\260
+\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060
+\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060\025
+\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153\145
+\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023\025
+\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116\145
+\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023\030
+\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162\164
+\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125\004
+\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163\164
+\055\110\141\162\144\167\141\162\145\060\036\027\015\061\061\060
+\063\061\065\060\060\060\060\060\060\132\027\015\061\064\060\063
+\061\064\062\063\065\071\065\071\132\060\201\343\061\013\060\011
+\006\003\125\004\006\023\002\125\123\061\016\060\014\006\003\125
+\004\021\023\005\063\070\064\067\067\061\020\060\016\006\003\125
+\004\010\023\007\106\154\157\162\151\144\141\061\016\060\014\006
+\003\125\004\007\023\005\124\141\155\160\141\061\027\060\025\006
+\003\125\004\011\023\016\123\145\141\040\126\151\154\154\141\147
+\145\040\061\060\061\027\060\025\006\003\125\004\012\023\016\107
+\154\157\142\141\154\040\124\162\165\163\164\145\145\061\027\060
+\025\006\003\125\004\013\023\016\107\154\157\142\141\154\040\124
+\162\165\163\164\145\145\061\050\060\046\006\003\125\004\013\023
+\037\110\157\163\164\145\144\040\142\171\040\107\124\111\040\107
+\162\157\165\160\040\103\157\162\160\157\162\141\164\151\157\156
+\061\024\060\022\006\003\125\004\013\023\013\120\154\141\164\151
+\156\165\155\123\123\114\061\027\060\025\006\003\125\004\003\023
+\016\147\154\157\142\141\154\040\164\162\165\163\164\145\145\060
+\202\002\042\060\015\006\011\052\206\110\206\367\015\001\001\001
+\005\000\003\202\002\017\000\060\202\002\012\002\202\002\001\000
+\331\164\362\252\101\035\337\365\302\026\103\111\134\051\277\266
+\211\164\051\274\234\215\014\106\117\131\176\262\101\027\146\064
+\014\145\211\341\154\045\343\206\012\236\042\105\042\214\335\235
+\346\243\225\336\334\210\002\125\134\343\133\221\165\353\046\151
+\143\271\056\306\312\056\047\337\210\272\002\040\156\376\271\013
+\051\327\247\326\327\110\032\034\316\335\037\251\047\016\142\117
+\241\226\036\335\124\072\064\143\112\166\365\167\175\131\147\330
+\020\324\265\017\072\103\042\230\333\364\011\304\012\160\316\335
+\220\324\057\357\164\023\303\315\302\211\071\142\025\235\346\164
+\250\350\233\360\143\156\234\211\266\016\255\233\367\314\202\350
+\350\055\270\013\332\042\354\111\205\007\210\231\230\077\364\164
+\251\011\367\201\174\227\013\131\231\030\162\213\333\224\202\053
+\247\350\252\153\227\277\210\176\165\260\213\105\105\014\307\250
+\011\352\033\101\130\060\073\137\170\145\025\064\322\344\074\064
+\015\035\330\144\074\212\245\126\111\231\050\055\113\362\317\315
+\331\156\111\144\233\251\171\220\167\125\251\010\033\255\032\164
+\236\340\003\223\012\011\267\255\247\264\134\357\203\154\267\232
+\264\306\150\100\200\035\102\321\156\171\233\251\031\041\232\234
+\371\206\055\000\321\064\376\340\266\371\125\266\365\046\305\225
+\026\245\174\163\237\012\051\211\254\072\230\367\233\164\147\267
+\220\267\135\011\043\152\152\355\054\020\356\123\012\020\360\026
+\037\127\263\261\015\171\221\031\260\353\315\060\077\240\024\137
+\263\306\375\134\063\247\260\377\230\260\125\214\271\245\362\157
+\107\044\111\041\151\314\102\242\121\000\100\205\214\202\202\253
+\062\245\313\232\334\320\331\030\015\337\031\364\257\203\015\301
+\076\061\333\044\110\266\165\200\241\341\311\167\144\036\247\345
+\213\177\025\115\113\247\302\320\355\171\225\136\221\061\354\030
+\377\116\237\110\024\352\165\272\041\316\051\166\351\037\116\121
+\207\056\263\314\004\140\272\043\037\037\145\262\012\270\325\156
+\217\113\102\211\107\251\201\220\133\053\262\266\256\346\240\160
+\173\170\220\012\172\305\345\347\305\373\012\366\057\151\214\214
+\037\127\340\006\231\377\021\325\122\062\040\227\047\230\356\145
+\002\003\001\000\001\243\202\001\324\060\202\001\320\060\037\006
+\003\125\035\043\004\030\060\026\200\024\241\162\137\046\033\050
+\230\103\225\135\007\067\325\205\226\235\113\322\303\105\060\035
+\006\003\125\035\016\004\026\004\024\267\303\336\032\103\355\101
+\227\251\217\051\170\234\003\271\254\100\102\000\254\060\016\006
+\003\125\035\017\001\001\377\004\004\003\002\005\240\060\014\006
+\003\125\035\023\001\001\377\004\002\060\000\060\035\006\003\125
+\035\045\004\026\060\024\006\010\053\006\001\005\005\007\003\001
+\006\010\053\006\001\005\005\007\003\002\060\106\006\003\125\035
+\040\004\077\060\075\060\073\006\014\053\006\001\004\001\262\061
+\001\002\001\003\004\060\053\060\051\006\010\053\006\001\005\005
+\007\002\001\026\035\150\164\164\160\163\072\057\057\163\145\143
+\165\162\145\056\143\157\155\157\144\157\056\143\157\155\057\103
+\120\123\060\173\006\003\125\035\037\004\164\060\162\060\070\240
+\066\240\064\206\062\150\164\164\160\072\057\057\143\162\154\056
+\143\157\155\157\144\157\143\141\056\143\157\155\057\125\124\116
+\055\125\123\105\122\106\151\162\163\164\055\110\141\162\144\167
+\141\162\145\056\143\162\154\060\066\240\064\240\062\206\060\150
+\164\164\160\072\057\057\143\162\154\056\143\157\155\157\144\157
+\056\156\145\164\057\125\124\116\055\125\123\105\122\106\151\162
+\163\164\055\110\141\162\144\167\141\162\145\056\143\162\154\060
+\161\006\010\053\006\001\005\005\007\001\001\004\145\060\143\060
+\073\006\010\053\006\001\005\005\007\060\002\206\057\150\164\164
+\160\072\057\057\143\162\164\056\143\157\155\157\144\157\143\141
+\056\143\157\155\057\125\124\116\101\144\144\124\162\165\163\164
+\123\145\162\166\145\162\103\101\056\143\162\164\060\044\006\010
+\053\006\001\005\005\007\060\001\206\030\150\164\164\160\072\057
+\057\157\143\163\160\056\143\157\155\157\144\157\143\141\056\143
+\157\155\060\031\006\003\125\035\021\004\022\060\020\202\016\147
+\154\157\142\141\154\040\164\162\165\163\164\145\145\060\015\006
+\011\052\206\110\206\367\015\001\001\005\005\000\003\202\001\001
+\000\217\272\165\272\071\324\046\323\160\017\304\263\002\247\305
+\022\043\161\311\376\143\351\243\142\170\044\104\117\324\271\021
+\076\037\307\050\347\125\153\356\364\341\000\221\206\212\311\011
+\153\237\056\244\105\071\321\141\142\136\223\245\005\105\170\237
+\140\022\054\364\154\145\145\015\314\106\064\213\050\272\240\306
+\364\231\161\144\363\042\166\254\117\363\142\311\247\063\132\007
+\037\075\311\206\200\334\333\004\057\207\047\350\277\110\104\201
+\300\360\111\043\156\037\345\344\003\206\044\023\242\205\142\174
+\130\004\312\346\215\023\162\012\272\126\104\242\017\274\373\240
+\075\015\052\177\373\236\251\011\075\267\132\324\212\215\341\045
+\350\244\011\204\160\255\022\104\271\317\271\063\172\272\134\346
+\113\246\273\005\006\230\377\362\230\122\173\167\200\047\112\331
+\342\372\271\122\324\373\373\346\326\055\236\217\301\025\104\215
+\233\164\057\356\224\132\116\323\304\213\212\254\103\235\163\366
+\256\014\207\211\255\207\311\311\307\335\272\024\140\172\370\265
+\065\235\302\215\306\226\201\015\251\122\212\051\100\004\351\031
+\264
+END
+
+# Trust for Certificate "Bogus Global Trustee"
+# Issuer: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Serial Number:00:d8:f3:5f:4e:b7:87:2b:2d:ab:06:92:e3:15:38:2f:b0
+# Subject: CN=global trustee,OU=PlatinumSSL,OU=Hosted by GTI Group Corporation,OU=Global Trustee,O=Global Trustee,STREET=Sea Village 10,L=Tampa,ST=Florida,postalCode=38477,C=US
+# Not Valid Before: Tue Mar 15 00:00:00 2011
+# Not Valid After : Fri Mar 14 23:59:59 2014
+# Fingerprint (MD5): FE:0D:01:6E:71:CB:8C:D8:3F:0E:0C:CD:49:35:B8:57
+# Fingerprint (SHA1): 61:79:3F:CB:FA:4F:90:08:30:9B:BA:5F:F1:2D:2C:B2:9C:D4:15:1A
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Bogus Global Trustee"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\141\171\077\313\372\117\220\010\060\233\272\137\361\055\054\262
+\234\324\025\032
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\376\015\001\156\161\313\214\330\077\016\014\315\111\065\270\127
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
+\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
+\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
+\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
+\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
+\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
+\164\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125
+\004\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163
+\164\055\110\141\162\144\167\141\162\145
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\021\000\330\363\137\116\267\207\053\055\253\006\222\343\025
+\070\057\260
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Bogus GMail"
+#
+# Issuer: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Serial Number:04:7e:cb:e9:fc:a5:5f:7b:d0:9e:ae:36:e1:0c:ae:1e
+# Subject: CN=mail.google.com,OU=PlatinumSSL,OU=Hosted by GTI Group Corporation,OU=Tech Dept.,O=Google Ltd.,STREET=Sea Village 10,L=English,ST=Florida,postalCode=38477,C=US
+# Not Valid Before: Tue Mar 15 00:00:00 2011
+# Not Valid After : Fri Mar 14 23:59:59 2014
+# Fingerprint (MD5): 4C:77:1F:EB:CA:31:C1:29:98:E9:2C:10:B3:AF:49:1C
+# Fingerprint (SHA1): 64:31:72:30:36:FD:26:DE:A5:02:79:2F:A5:95:92:24:93:03:0F:97
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Bogus GMail"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\337\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\016\060\014\006\003\125\004\021\023\005\063\070\064\067\067
+\061\020\060\016\006\003\125\004\010\023\007\106\154\157\162\151
+\144\141\061\020\060\016\006\003\125\004\007\023\007\105\156\147
+\154\151\163\150\061\027\060\025\006\003\125\004\011\023\016\123
+\145\141\040\126\151\154\154\141\147\145\040\061\060\061\024\060
+\022\006\003\125\004\012\023\013\107\157\157\147\154\145\040\114
+\164\144\056\061\023\060\021\006\003\125\004\013\023\012\124\145
+\143\150\040\104\145\160\164\056\061\050\060\046\006\003\125\004
+\013\023\037\110\157\163\164\145\144\040\142\171\040\107\124\111
+\040\107\162\157\165\160\040\103\157\162\160\157\162\141\164\151
+\157\156\061\024\060\022\006\003\125\004\013\023\013\120\154\141
+\164\151\156\165\155\123\123\114\061\030\060\026\006\003\125\004
+\003\023\017\155\141\151\154\056\147\157\157\147\154\145\056\143
+\157\155
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
+\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
+\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
+\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
+\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
+\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
+\164\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125
+\004\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163
+\164\055\110\141\162\144\167\141\162\145
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\004\176\313\351\374\245\137\173\320\236\256\066\341\014
+\256\036
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\356\060\202\004\326\240\003\002\001\002\002\020\004
+\176\313\351\374\245\137\173\320\236\256\066\341\014\256\036\060
+\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\201
+\227\061\013\060\011\006\003\125\004\006\023\002\125\123\061\013
+\060\011\006\003\125\004\010\023\002\125\124\061\027\060\025\006
+\003\125\004\007\023\016\123\141\154\164\040\114\141\153\145\040
+\103\151\164\171\061\036\060\034\006\003\125\004\012\023\025\124
+\150\145\040\125\123\105\122\124\122\125\123\124\040\116\145\164
+\167\157\162\153\061\041\060\037\006\003\125\004\013\023\030\150
+\164\164\160\072\057\057\167\167\167\056\165\163\145\162\164\162
+\165\163\164\056\143\157\155\061\037\060\035\006\003\125\004\003
+\023\026\125\124\116\055\125\123\105\122\106\151\162\163\164\055
+\110\141\162\144\167\141\162\145\060\036\027\015\061\061\060\063
+\061\065\060\060\060\060\060\060\132\027\015\061\064\060\063\061
+\064\062\063\065\071\065\071\132\060\201\337\061\013\060\011\006
+\003\125\004\006\023\002\125\123\061\016\060\014\006\003\125\004
+\021\023\005\063\070\064\067\067\061\020\060\016\006\003\125\004
+\010\023\007\106\154\157\162\151\144\141\061\020\060\016\006\003
+\125\004\007\023\007\105\156\147\154\151\163\150\061\027\060\025
+\006\003\125\004\011\023\016\123\145\141\040\126\151\154\154\141
+\147\145\040\061\060\061\024\060\022\006\003\125\004\012\023\013
+\107\157\157\147\154\145\040\114\164\144\056\061\023\060\021\006
+\003\125\004\013\023\012\124\145\143\150\040\104\145\160\164\056
+\061\050\060\046\006\003\125\004\013\023\037\110\157\163\164\145
+\144\040\142\171\040\107\124\111\040\107\162\157\165\160\040\103
+\157\162\160\157\162\141\164\151\157\156\061\024\060\022\006\003
+\125\004\013\023\013\120\154\141\164\151\156\165\155\123\123\114
+\061\030\060\026\006\003\125\004\003\023\017\155\141\151\154\056
+\147\157\157\147\154\145\056\143\157\155\060\202\001\042\060\015
+\006\011\052\206\110\206\367\015\001\001\001\005\000\003\202\001
+\017\000\060\202\001\012\002\202\001\001\000\260\163\360\362\004
+\356\302\242\106\312\064\052\252\273\140\043\321\021\166\037\037
+\072\320\145\203\116\232\105\250\103\160\205\166\360\037\207\000
+\002\037\156\073\027\027\304\265\351\031\106\242\222\045\215\142
+\052\264\143\060\037\271\205\370\065\341\026\132\166\111\314\120
+\110\123\071\131\211\326\204\002\373\232\354\033\307\121\325\166
+\225\220\324\072\052\270\246\336\002\115\006\373\315\355\245\106
+\101\137\125\164\345\354\176\100\334\120\234\265\344\065\135\036
+\150\040\370\351\336\243\152\050\277\101\322\241\263\342\045\215
+\014\033\312\075\223\014\030\256\337\305\274\375\274\202\272\150
+\000\327\026\062\161\237\145\265\021\332\150\131\320\246\127\144
+\033\311\376\230\345\365\245\145\352\341\333\356\364\263\235\263
+\216\352\207\256\026\322\036\240\174\174\151\077\051\026\205\001
+\123\247\154\361\140\253\335\242\374\045\107\324\062\321\022\335
+\367\110\022\340\374\234\242\167\230\351\211\231\270\370\070\361
+\214\006\302\172\043\066\155\233\235\315\060\310\307\064\027\036
+\273\175\102\310\253\347\025\026\366\163\265\002\003\001\000\001
+\243\202\001\352\060\202\001\346\060\037\006\003\125\035\043\004
+\030\060\026\200\024\241\162\137\046\033\050\230\103\225\135\007
+\067\325\205\226\235\113\322\303\105\060\035\006\003\125\035\016
+\004\026\004\024\030\052\242\310\324\172\077\173\255\004\213\275
+\157\236\020\106\023\170\161\235\060\016\006\003\125\035\017\001
+\001\377\004\004\003\002\005\240\060\014\006\003\125\035\023\001
+\001\377\004\002\060\000\060\035\006\003\125\035\045\004\026\060
+\024\006\010\053\006\001\005\005\007\003\001\006\010\053\006\001
+\005\005\007\003\002\060\106\006\003\125\035\040\004\077\060\075
+\060\073\006\014\053\006\001\004\001\262\061\001\002\001\003\004
+\060\053\060\051\006\010\053\006\001\005\005\007\002\001\026\035
+\150\164\164\160\163\072\057\057\163\145\143\165\162\145\056\143
+\157\155\157\144\157\056\143\157\155\057\103\120\123\060\173\006
+\003\125\035\037\004\164\060\162\060\070\240\066\240\064\206\062
+\150\164\164\160\072\057\057\143\162\154\056\143\157\155\157\144
+\157\143\141\056\143\157\155\057\125\124\116\055\125\123\105\122
+\106\151\162\163\164\055\110\141\162\144\167\141\162\145\056\143
+\162\154\060\066\240\064\240\062\206\060\150\164\164\160\072\057
+\057\143\162\154\056\143\157\155\157\144\157\056\156\145\164\057
+\125\124\116\055\125\123\105\122\106\151\162\163\164\055\110\141
+\162\144\167\141\162\145\056\143\162\154\060\161\006\010\053\006
+\001\005\005\007\001\001\004\145\060\143\060\073\006\010\053\006
+\001\005\005\007\060\002\206\057\150\164\164\160\072\057\057\143
+\162\164\056\143\157\155\157\144\157\143\141\056\143\157\155\057
+\125\124\116\101\144\144\124\162\165\163\164\123\145\162\166\145
+\162\103\101\056\143\162\164\060\044\006\010\053\006\001\005\005
+\007\060\001\206\030\150\164\164\160\072\057\057\157\143\163\160
+\056\143\157\155\157\144\157\143\141\056\143\157\155\060\057\006
+\003\125\035\021\004\050\060\046\202\017\155\141\151\154\056\147
+\157\157\147\154\145\056\143\157\155\202\023\167\167\167\056\155
+\141\151\154\056\147\157\157\147\154\145\056\143\157\155\060\015
+\006\011\052\206\110\206\367\015\001\001\005\005\000\003\202\001
+\001\000\147\006\010\012\047\305\223\156\002\362\336\027\077\320
+\323\033\174\377\265\315\172\307\167\307\276\337\022\312\031\336
+\260\023\127\014\003\221\304\171\122\317\177\267\136\125\040\204
+\111\335\365\320\051\057\016\004\332\131\236\016\023\237\364\300
+\062\233\377\241\021\044\052\227\243\362\077\075\052\153\250\255
+\214\031\165\225\016\035\045\375\117\304\172\025\303\035\307\023
+\100\310\015\276\227\140\162\246\376\045\276\217\354\325\246\206
+\303\041\134\131\122\331\152\013\134\237\113\336\265\371\354\342
+\364\305\314\142\123\166\211\145\344\051\332\267\277\226\340\140
+\215\015\267\011\125\326\100\125\035\301\362\226\041\165\257\211
+\206\037\135\201\227\051\050\036\051\327\226\301\040\003\062\173
+\000\073\152\067\027\132\243\263\032\157\062\073\156\361\243\135
+\253\253\314\052\313\060\014\037\065\043\213\151\104\134\352\254
+\050\140\355\253\153\143\236\366\222\274\275\232\132\046\114\305
+\230\270\016\031\076\374\005\061\343\026\331\375\220\005\003\206
+\306\127\001\037\177\170\240\317\063\152\252\146\153\042\320\247
+\111\043
+END
+
+# Trust for Certificate "Bogus GMail"
+# Issuer: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Serial Number:04:7e:cb:e9:fc:a5:5f:7b:d0:9e:ae:36:e1:0c:ae:1e
+# Subject: CN=mail.google.com,OU=PlatinumSSL,OU=Hosted by GTI Group Corporation,OU=Tech Dept.,O=Google Ltd.,STREET=Sea Village 10,L=English,ST=Florida,postalCode=38477,C=US
+# Not Valid Before: Tue Mar 15 00:00:00 2011
+# Not Valid After : Fri Mar 14 23:59:59 2014
+# Fingerprint (MD5): 4C:77:1F:EB:CA:31:C1:29:98:E9:2C:10:B3:AF:49:1C
+# Fingerprint (SHA1): 64:31:72:30:36:FD:26:DE:A5:02:79:2F:A5:95:92:24:93:03:0F:97
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Bogus GMail"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\144\061\162\060\066\375\046\336\245\002\171\057\245\225\222\044
+\223\003\017\227
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\114\167\037\353\312\061\301\051\230\351\054\020\263\257\111\034
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
+\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
+\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
+\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
+\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
+\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
+\164\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125
+\004\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163
+\164\055\110\141\162\144\167\141\162\145
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\004\176\313\351\374\245\137\173\320\236\256\066\341\014
+\256\036
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Bogus Google"
+#
+# Issuer: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Serial Number:00:f5:c8:6a:f3:61:62:f1:3a:64:f5:4f:6d:c9:58:7c:06
+# Subject: CN=www.google.com,OU=PlatinumSSL,OU=Hosted by GTI Group Corporation,OU=Tech Dept.,O=Google Ltd.,STREET=Sea Village 10,L=English,ST=Florida,postalCode=38477,C=US
+# Not Valid Before: Tue Mar 15 00:00:00 2011
+# Not Valid After : Fri Mar 14 23:59:59 2014
+# Fingerprint (MD5): 01:73:A9:58:F0:BC:C9:BE:94:2B:1A:4C:98:24:E3:B8
+# Fingerprint (SHA1): 19:16:A2:AF:34:6D:39:9F:50:31:3C:39:32:00:F1:41:40:45:66:16
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Bogus Google"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\336\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\016\060\014\006\003\125\004\021\023\005\063\070\064\067\067
+\061\020\060\016\006\003\125\004\010\023\007\106\154\157\162\151
+\144\141\061\020\060\016\006\003\125\004\007\023\007\105\156\147
+\154\151\163\150\061\027\060\025\006\003\125\004\011\023\016\123
+\145\141\040\126\151\154\154\141\147\145\040\061\060\061\024\060
+\022\006\003\125\004\012\023\013\107\157\157\147\154\145\040\114
+\164\144\056\061\023\060\021\006\003\125\004\013\023\012\124\145
+\143\150\040\104\145\160\164\056\061\050\060\046\006\003\125\004
+\013\023\037\110\157\163\164\145\144\040\142\171\040\107\124\111
+\040\107\162\157\165\160\040\103\157\162\160\157\162\141\164\151
+\157\156\061\024\060\022\006\003\125\004\013\023\013\120\154\141
+\164\151\156\165\155\123\123\114\061\027\060\025\006\003\125\004
+\003\023\016\167\167\167\056\147\157\157\147\154\145\056\143\157
+\155
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
+\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
+\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
+\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
+\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
+\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
+\164\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125
+\004\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163
+\164\055\110\141\162\144\167\141\162\145
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\021\000\365\310\152\363\141\142\361\072\144\365\117\155\311
+\130\174\006
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\344\060\202\004\314\240\003\002\001\002\002\021\000
+\365\310\152\363\141\142\361\072\144\365\117\155\311\130\174\006
+\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060
+\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060\025
+\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153\145
+\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023\025
+\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116\145
+\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023\030
+\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162\164
+\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125\004
+\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163\164
+\055\110\141\162\144\167\141\162\145\060\036\027\015\061\061\060
+\063\061\065\060\060\060\060\060\060\132\027\015\061\064\060\063
+\061\064\062\063\065\071\065\071\132\060\201\336\061\013\060\011
+\006\003\125\004\006\023\002\125\123\061\016\060\014\006\003\125
+\004\021\023\005\063\070\064\067\067\061\020\060\016\006\003\125
+\004\010\023\007\106\154\157\162\151\144\141\061\020\060\016\006
+\003\125\004\007\023\007\105\156\147\154\151\163\150\061\027\060
+\025\006\003\125\004\011\023\016\123\145\141\040\126\151\154\154
+\141\147\145\040\061\060\061\024\060\022\006\003\125\004\012\023
+\013\107\157\157\147\154\145\040\114\164\144\056\061\023\060\021
+\006\003\125\004\013\023\012\124\145\143\150\040\104\145\160\164
+\056\061\050\060\046\006\003\125\004\013\023\037\110\157\163\164
+\145\144\040\142\171\040\107\124\111\040\107\162\157\165\160\040
+\103\157\162\160\157\162\141\164\151\157\156\061\024\060\022\006
+\003\125\004\013\023\013\120\154\141\164\151\156\165\155\123\123
+\114\061\027\060\025\006\003\125\004\003\023\016\167\167\167\056
+\147\157\157\147\154\145\056\143\157\155\060\202\001\042\060\015
+\006\011\052\206\110\206\367\015\001\001\001\005\000\003\202\001
+\017\000\060\202\001\012\002\202\001\001\000\260\163\360\362\004
+\356\302\242\106\312\064\052\252\273\140\043\321\021\166\037\037
+\072\320\145\203\116\232\105\250\103\160\205\166\360\037\207\000
+\002\037\156\073\027\027\304\265\351\031\106\242\222\045\215\142
+\052\264\143\060\037\271\205\370\065\341\026\132\166\111\314\120
+\110\123\071\131\211\326\204\002\373\232\354\033\307\121\325\166
+\225\220\324\072\052\270\246\336\002\115\006\373\315\355\245\106
+\101\137\125\164\345\354\176\100\334\120\234\265\344\065\135\036
+\150\040\370\351\336\243\152\050\277\101\322\241\263\342\045\215
+\014\033\312\075\223\014\030\256\337\305\274\375\274\202\272\150
+\000\327\026\062\161\237\145\265\021\332\150\131\320\246\127\144
+\033\311\376\230\345\365\245\145\352\341\333\356\364\263\235\263
+\216\352\207\256\026\322\036\240\174\174\151\077\051\026\205\001
+\123\247\154\361\140\253\335\242\374\045\107\324\062\321\022\335
+\367\110\022\340\374\234\242\167\230\351\211\231\270\370\070\361
+\214\006\302\172\043\066\155\233\235\315\060\310\307\064\027\036
+\273\175\102\310\253\347\025\026\366\163\265\002\003\001\000\001
+\243\202\001\340\060\202\001\334\060\037\006\003\125\035\043\004
+\030\060\026\200\024\241\162\137\046\033\050\230\103\225\135\007
+\067\325\205\226\235\113\322\303\105\060\035\006\003\125\035\016
+\004\026\004\024\030\052\242\310\324\172\077\173\255\004\213\275
+\157\236\020\106\023\170\161\235\060\016\006\003\125\035\017\001
+\001\377\004\004\003\002\005\240\060\014\006\003\125\035\023\001
+\001\377\004\002\060\000\060\035\006\003\125\035\045\004\026\060
+\024\006\010\053\006\001\005\005\007\003\001\006\010\053\006\001
+\005\005\007\003\002\060\106\006\003\125\035\040\004\077\060\075
+\060\073\006\014\053\006\001\004\001\262\061\001\002\001\003\004
+\060\053\060\051\006\010\053\006\001\005\005\007\002\001\026\035
+\150\164\164\160\163\072\057\057\163\145\143\165\162\145\056\143
+\157\155\157\144\157\056\143\157\155\057\103\120\123\060\173\006
+\003\125\035\037\004\164\060\162\060\070\240\066\240\064\206\062
+\150\164\164\160\072\057\057\143\162\154\056\143\157\155\157\144
+\157\143\141\056\143\157\155\057\125\124\116\055\125\123\105\122
+\106\151\162\163\164\055\110\141\162\144\167\141\162\145\056\143
+\162\154\060\066\240\064\240\062\206\060\150\164\164\160\072\057
+\057\143\162\154\056\143\157\155\157\144\157\056\156\145\164\057
+\125\124\116\055\125\123\105\122\106\151\162\163\164\055\110\141
+\162\144\167\141\162\145\056\143\162\154\060\161\006\010\053\006
+\001\005\005\007\001\001\004\145\060\143\060\073\006\010\053\006
+\001\005\005\007\060\002\206\057\150\164\164\160\072\057\057\143
+\162\164\056\143\157\155\157\144\157\143\141\056\143\157\155\057
+\125\124\116\101\144\144\124\162\165\163\164\123\145\162\166\145
+\162\103\101\056\143\162\164\060\044\006\010\053\006\001\005\005
+\007\060\001\206\030\150\164\164\160\072\057\057\157\143\163\160
+\056\143\157\155\157\144\157\143\141\056\143\157\155\060\045\006
+\003\125\035\021\004\036\060\034\202\016\167\167\167\056\147\157
+\157\147\154\145\056\143\157\155\202\012\147\157\157\147\154\145
+\056\143\157\155\060\015\006\011\052\206\110\206\367\015\001\001
+\005\005\000\003\202\001\001\000\161\300\231\077\136\366\275\063
+\377\236\026\313\250\277\335\160\371\322\123\073\066\256\311\027
+\310\256\136\115\335\142\367\267\323\076\167\243\376\300\173\062
+\265\311\224\005\122\120\362\137\075\171\204\111\117\135\154\260
+\327\131\275\324\154\210\372\374\305\145\206\353\050\122\242\102
+\366\174\274\152\307\007\056\045\321\220\142\040\306\215\121\302
+\054\105\071\116\003\332\367\030\350\314\012\072\331\105\330\154
+\156\064\213\142\234\116\025\371\103\356\345\227\300\077\255\065
+\023\305\053\006\307\101\375\342\367\176\105\255\233\321\341\146
+\355\370\172\113\224\071\172\057\353\350\077\103\330\065\326\126
+\372\164\347\155\346\355\254\145\204\376\320\115\006\022\336\332
+\131\000\074\011\134\317\210\113\350\075\264\025\041\222\314\155
+\246\121\342\216\227\361\364\202\106\313\304\123\136\332\134\235
+\145\222\001\145\211\000\345\266\231\377\046\100\361\057\031\061
+\010\032\261\147\125\206\015\256\065\063\206\274\227\110\222\327
+\226\140\370\316\374\226\353\207\304\163\314\224\233\130\133\363
+\172\244\047\023\326\117\364\151
+END
+
+# Trust for Certificate "Bogus Google"
+# Issuer: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Serial Number:00:f5:c8:6a:f3:61:62:f1:3a:64:f5:4f:6d:c9:58:7c:06
+# Subject: CN=www.google.com,OU=PlatinumSSL,OU=Hosted by GTI Group Corporation,OU=Tech Dept.,O=Google Ltd.,STREET=Sea Village 10,L=English,ST=Florida,postalCode=38477,C=US
+# Not Valid Before: Tue Mar 15 00:00:00 2011
+# Not Valid After : Fri Mar 14 23:59:59 2014
+# Fingerprint (MD5): 01:73:A9:58:F0:BC:C9:BE:94:2B:1A:4C:98:24:E3:B8
+# Fingerprint (SHA1): 19:16:A2:AF:34:6D:39:9F:50:31:3C:39:32:00:F1:41:40:45:66:16
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Bogus Google"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\031\026\242\257\064\155\071\237\120\061\074\071\062\000\361\101
+\100\105\146\026
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\001\163\251\130\360\274\311\276\224\053\032\114\230\044\343\270
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
+\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
+\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
+\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
+\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
+\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
+\164\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125
+\004\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163
+\164\055\110\141\162\144\167\141\162\145
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\021\000\365\310\152\363\141\142\361\072\144\365\117\155\311
+\130\174\006
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Bogus Skype"
+#
+# Issuer: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Serial Number:00:e9:02:8b:95:78:e4:15:dc:1a:71:0a:2b:88:15:44:47
+# Subject: CN=login.skype.com,OU=PlatinumSSL,OU=Hosted by GTI Group Corporation,OU=Tech Dept.,O=Google Ltd.,STREET=Sea Village 10,L=English,ST=Florida,postalCode=38477,C=US
+# Not Valid Before: Tue Mar 15 00:00:00 2011
+# Not Valid After : Fri Mar 14 23:59:59 2014
+# Fingerprint (MD5): 85:A4:B4:C4:69:21:DF:A1:6A:0D:58:56:58:4B:33:44
+# Fingerprint (SHA1): 47:1C:94:9A:81:43:DB:5A:D5:CD:F1:C9:72:86:4A:25:04:FA:23:C9
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Bogus Skype"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\337\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\016\060\014\006\003\125\004\021\023\005\063\070\064\067\067
+\061\020\060\016\006\003\125\004\010\023\007\106\154\157\162\151
+\144\141\061\020\060\016\006\003\125\004\007\023\007\105\156\147
+\154\151\163\150\061\027\060\025\006\003\125\004\011\023\016\123
+\145\141\040\126\151\154\154\141\147\145\040\061\060\061\024\060
+\022\006\003\125\004\012\023\013\107\157\157\147\154\145\040\114
+\164\144\056\061\023\060\021\006\003\125\004\013\023\012\124\145
+\143\150\040\104\145\160\164\056\061\050\060\046\006\003\125\004
+\013\023\037\110\157\163\164\145\144\040\142\171\040\107\124\111
+\040\107\162\157\165\160\040\103\157\162\160\157\162\141\164\151
+\157\156\061\024\060\022\006\003\125\004\013\023\013\120\154\141
+\164\151\156\165\155\123\123\114\061\030\060\026\006\003\125\004
+\003\023\017\154\157\147\151\156\056\163\153\171\160\145\056\143
+\157\155
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
+\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
+\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
+\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
+\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
+\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
+\164\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125
+\004\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163
+\164\055\110\141\162\144\167\141\162\145
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\021\000\351\002\213\225\170\344\025\334\032\161\012\053\210
+\025\104\107
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\357\060\202\004\327\240\003\002\001\002\002\021\000
+\351\002\213\225\170\344\025\334\032\161\012\053\210\025\104\107
+\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060
+\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060\025
+\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153\145
+\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023\025
+\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116\145
+\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023\030
+\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162\164
+\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125\004
+\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163\164
+\055\110\141\162\144\167\141\162\145\060\036\027\015\061\061\060
+\063\061\065\060\060\060\060\060\060\132\027\015\061\064\060\063
+\061\064\062\063\065\071\065\071\132\060\201\337\061\013\060\011
+\006\003\125\004\006\023\002\125\123\061\016\060\014\006\003\125
+\004\021\023\005\063\070\064\067\067\061\020\060\016\006\003\125
+\004\010\023\007\106\154\157\162\151\144\141\061\020\060\016\006
+\003\125\004\007\023\007\105\156\147\154\151\163\150\061\027\060
+\025\006\003\125\004\011\023\016\123\145\141\040\126\151\154\154
+\141\147\145\040\061\060\061\024\060\022\006\003\125\004\012\023
+\013\107\157\157\147\154\145\040\114\164\144\056\061\023\060\021
+\006\003\125\004\013\023\012\124\145\143\150\040\104\145\160\164
+\056\061\050\060\046\006\003\125\004\013\023\037\110\157\163\164
+\145\144\040\142\171\040\107\124\111\040\107\162\157\165\160\040
+\103\157\162\160\157\162\141\164\151\157\156\061\024\060\022\006
+\003\125\004\013\023\013\120\154\141\164\151\156\165\155\123\123
+\114\061\030\060\026\006\003\125\004\003\023\017\154\157\147\151
+\156\056\163\153\171\160\145\056\143\157\155\060\202\001\042\060
+\015\006\011\052\206\110\206\367\015\001\001\001\005\000\003\202
+\001\017\000\060\202\001\012\002\202\001\001\000\260\170\231\206
+\016\242\163\043\324\132\303\111\353\261\066\214\174\312\204\256
+\074\257\070\210\050\231\215\055\130\023\261\227\170\076\122\040
+\147\254\133\163\230\154\062\125\311\160\321\331\252\025\350\056
+\046\205\201\274\126\344\274\200\143\333\116\327\365\002\276\121
+\143\036\074\333\337\327\000\135\132\271\345\173\152\352\070\040
+\262\073\266\356\165\124\204\371\246\312\070\160\335\277\260\377
+\245\205\135\264\101\376\335\075\331\052\341\060\103\032\230\171
+\223\240\137\340\147\154\225\372\076\172\256\161\173\343\155\210
+\102\077\045\324\356\276\150\150\254\255\254\140\340\040\243\071
+\203\271\133\050\243\223\155\241\275\166\012\343\353\256\207\047
+\016\124\217\264\110\014\232\124\364\135\216\067\120\334\136\244
+\213\153\113\334\246\363\064\276\167\131\042\210\377\031\053\155
+\166\144\163\332\014\207\007\053\232\067\072\320\342\214\366\066
+\062\153\232\171\314\322\073\223\157\032\115\154\346\301\235\100
+\254\055\164\303\276\352\134\163\145\001\051\261\052\277\160\131
+\301\316\306\303\242\310\105\137\272\147\075\017\002\003\001\000
+\001\243\202\001\352\060\202\001\346\060\037\006\003\125\035\043
+\004\030\060\026\200\024\241\162\137\046\033\050\230\103\225\135
+\007\067\325\205\226\235\113\322\303\105\060\035\006\003\125\035
+\016\004\026\004\024\325\216\132\121\023\264\051\015\061\266\034
+\215\076\121\121\061\012\063\252\201\060\016\006\003\125\035\017
+\001\001\377\004\004\003\002\005\240\060\014\006\003\125\035\023
+\001\001\377\004\002\060\000\060\035\006\003\125\035\045\004\026
+\060\024\006\010\053\006\001\005\005\007\003\001\006\010\053\006
+\001\005\005\007\003\002\060\106\006\003\125\035\040\004\077\060
+\075\060\073\006\014\053\006\001\004\001\262\061\001\002\001\003
+\004\060\053\060\051\006\010\053\006\001\005\005\007\002\001\026
+\035\150\164\164\160\163\072\057\057\163\145\143\165\162\145\056
+\143\157\155\157\144\157\056\143\157\155\057\103\120\123\060\173
+\006\003\125\035\037\004\164\060\162\060\070\240\066\240\064\206
+\062\150\164\164\160\072\057\057\143\162\154\056\143\157\155\157
+\144\157\143\141\056\143\157\155\057\125\124\116\055\125\123\105
+\122\106\151\162\163\164\055\110\141\162\144\167\141\162\145\056
+\143\162\154\060\066\240\064\240\062\206\060\150\164\164\160\072
+\057\057\143\162\154\056\143\157\155\157\144\157\056\156\145\164
+\057\125\124\116\055\125\123\105\122\106\151\162\163\164\055\110
+\141\162\144\167\141\162\145\056\143\162\154\060\161\006\010\053
+\006\001\005\005\007\001\001\004\145\060\143\060\073\006\010\053
+\006\001\005\005\007\060\002\206\057\150\164\164\160\072\057\057
+\143\162\164\056\143\157\155\157\144\157\143\141\056\143\157\155
+\057\125\124\116\101\144\144\124\162\165\163\164\123\145\162\166
+\145\162\103\101\056\143\162\164\060\044\006\010\053\006\001\005
+\005\007\060\001\206\030\150\164\164\160\072\057\057\157\143\163
+\160\056\143\157\155\157\144\157\143\141\056\143\157\155\060\057
+\006\003\125\035\021\004\050\060\046\202\017\154\157\147\151\156
+\056\163\153\171\160\145\056\143\157\155\202\023\167\167\167\056
+\154\157\147\151\156\056\163\153\171\160\145\056\143\157\155\060
+\015\006\011\052\206\110\206\367\015\001\001\005\005\000\003\202
+\001\001\000\010\362\201\165\221\273\316\022\004\030\302\115\132
+\373\106\220\012\124\104\364\362\335\007\201\360\037\246\172\157
+\237\317\270\016\054\117\234\304\232\365\250\366\272\244\311\172
+\135\261\342\132\312\074\372\140\250\150\076\313\272\055\342\315
+\326\266\344\222\074\151\255\127\352\250\057\070\020\204\162\345
+\150\161\355\276\353\156\030\357\143\172\276\347\044\377\300\143
+\375\130\073\114\201\222\330\051\253\216\065\135\327\323\011\153
+\205\323\325\163\005\104\342\345\273\203\123\020\313\362\317\267
+\156\341\151\267\241\222\144\305\317\315\202\273\066\240\070\255
+\327\044\337\123\374\077\142\267\267\325\307\127\343\223\061\160
+\216\044\211\206\312\143\053\071\272\135\331\152\140\354\241\116
+\212\376\123\370\136\222\337\057\134\046\027\155\003\175\002\017
+\017\252\103\147\155\260\142\277\176\123\335\314\354\170\163\225
+\345\245\366\000\243\004\375\077\004\052\263\230\305\267\003\034
+\333\311\120\253\260\005\035\036\276\126\264\317\076\102\023\224
+\236\371\347\001\201\245\170\157\014\172\166\254\005\206\354\254
+\302\021\254
+END
+
+# Trust for Certificate "Bogus Skype"
+# Issuer: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Serial Number:00:e9:02:8b:95:78:e4:15:dc:1a:71:0a:2b:88:15:44:47
+# Subject: CN=login.skype.com,OU=PlatinumSSL,OU=Hosted by GTI Group Corporation,OU=Tech Dept.,O=Google Ltd.,STREET=Sea Village 10,L=English,ST=Florida,postalCode=38477,C=US
+# Not Valid Before: Tue Mar 15 00:00:00 2011
+# Not Valid After : Fri Mar 14 23:59:59 2014
+# Fingerprint (MD5): 85:A4:B4:C4:69:21:DF:A1:6A:0D:58:56:58:4B:33:44
+# Fingerprint (SHA1): 47:1C:94:9A:81:43:DB:5A:D5:CD:F1:C9:72:86:4A:25:04:FA:23:C9
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Bogus Skype"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\107\034\224\232\201\103\333\132\325\315\361\311\162\206\112\045
+\004\372\043\311
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\205\244\264\304\151\041\337\241\152\015\130\126\130\113\063\104
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
+\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
+\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
+\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
+\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
+\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
+\164\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125
+\004\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163
+\164\055\110\141\162\144\167\141\162\145
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\021\000\351\002\213\225\170\344\025\334\032\161\012\053\210
+\025\104\107
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Bogus Yahoo 1"
+#
+# Issuer: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Serial Number:00:d7:55:8f:da:f5:f1:10:5b:b2:13:28:2b:70:77:29:a3
+# Subject: CN=login.yahoo.com,OU=PlatinumSSL,OU=Hosted by GTI Group Corporation,OU=Tech Dept.,O=Google Ltd.,STREET=Sea Village 10,L=English,ST=Florida,postalCode=38477,C=US
+# Not Valid Before: Tue Mar 15 00:00:00 2011
+# Not Valid After : Fri Mar 14 23:59:59 2014
+# Fingerprint (MD5): 0C:1F:BE:D3:FC:09:6E:E6:6E:C2:66:39:75:86:6B:EB
+# Fingerprint (SHA1): 63:FE:AE:96:0B:AA:91:E3:43:CE:2B:D8:B7:17:98:C7:6B:DB:77:D0
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Bogus Yahoo 1"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\337\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\016\060\014\006\003\125\004\021\023\005\063\070\064\067\067
+\061\020\060\016\006\003\125\004\010\023\007\106\154\157\162\151
+\144\141\061\020\060\016\006\003\125\004\007\023\007\105\156\147
+\154\151\163\150\061\027\060\025\006\003\125\004\011\023\016\123
+\145\141\040\126\151\154\154\141\147\145\040\061\060\061\024\060
+\022\006\003\125\004\012\023\013\107\157\157\147\154\145\040\114
+\164\144\056\061\023\060\021\006\003\125\004\013\023\012\124\145
+\143\150\040\104\145\160\164\056\061\050\060\046\006\003\125\004
+\013\023\037\110\157\163\164\145\144\040\142\171\040\107\124\111
+\040\107\162\157\165\160\040\103\157\162\160\157\162\141\164\151
+\157\156\061\024\060\022\006\003\125\004\013\023\013\120\154\141
+\164\151\156\165\155\123\123\114\061\030\060\026\006\003\125\004
+\003\023\017\154\157\147\151\156\056\171\141\150\157\157\056\143
+\157\155
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
+\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
+\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
+\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
+\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
+\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
+\164\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125
+\004\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163
+\164\055\110\141\162\144\167\141\162\145
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\021\000\327\125\217\332\365\361\020\133\262\023\050\053\160
+\167\051\243
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\357\060\202\004\327\240\003\002\001\002\002\021\000
+\327\125\217\332\365\361\020\133\262\023\050\053\160\167\051\243
+\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060
+\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060\025
+\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153\145
+\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023\025
+\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116\145
+\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023\030
+\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162\164
+\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125\004
+\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163\164
+\055\110\141\162\144\167\141\162\145\060\036\027\015\061\061\060
+\063\061\065\060\060\060\060\060\060\132\027\015\061\064\060\063
+\061\064\062\063\065\071\065\071\132\060\201\337\061\013\060\011
+\006\003\125\004\006\023\002\125\123\061\016\060\014\006\003\125
+\004\021\023\005\063\070\064\067\067\061\020\060\016\006\003\125
+\004\010\023\007\106\154\157\162\151\144\141\061\020\060\016\006
+\003\125\004\007\023\007\105\156\147\154\151\163\150\061\027\060
+\025\006\003\125\004\011\023\016\123\145\141\040\126\151\154\154
+\141\147\145\040\061\060\061\024\060\022\006\003\125\004\012\023
+\013\107\157\157\147\154\145\040\114\164\144\056\061\023\060\021
+\006\003\125\004\013\023\012\124\145\143\150\040\104\145\160\164
+\056\061\050\060\046\006\003\125\004\013\023\037\110\157\163\164
+\145\144\040\142\171\040\107\124\111\040\107\162\157\165\160\040
+\103\157\162\160\157\162\141\164\151\157\156\061\024\060\022\006
+\003\125\004\013\023\013\120\154\141\164\151\156\165\155\123\123
+\114\061\030\060\026\006\003\125\004\003\023\017\154\157\147\151
+\156\056\171\141\150\157\157\056\143\157\155\060\202\001\042\060
+\015\006\011\052\206\110\206\367\015\001\001\001\005\000\003\202
+\001\017\000\060\202\001\012\002\202\001\001\000\241\244\005\075
+\355\205\105\223\212\030\115\306\003\000\127\342\100\167\360\034
+\353\320\031\337\042\135\010\177\321\007\074\101\211\106\027\243
+\011\372\374\370\251\004\321\226\217\253\327\117\074\371\255\030
+\251\164\201\304\127\012\072\046\026\316\142\076\274\077\154\041
+\356\223\215\313\015\240\037\232\226\320\217\255\365\223\223\202
+\356\162\014\241\165\025\243\173\204\126\270\255\377\122\021\161
+\204\274\072\060\013\176\230\250\341\250\077\067\122\320\361\174
+\157\220\330\105\012\254\071\162\152\141\325\273\303\214\371\302
+\314\337\375\072\161\271\257\274\334\072\334\014\266\261\322\321
+\211\273\101\266\362\336\127\325\025\337\374\375\342\061\305\337
+\312\301\330\217\054\277\360\016\133\161\340\064\161\303\305\115
+\175\172\324\372\355\060\113\057\352\266\056\236\223\074\342\072
+\370\102\242\032\356\334\337\315\017\251\366\171\204\032\216\154
+\002\266\206\345\277\121\152\146\370\363\234\323\131\014\173\245
+\231\170\315\174\231\372\306\226\107\330\062\324\164\166\016\167
+\113\040\164\244\267\211\165\222\112\264\133\125\002\003\001\000
+\001\243\202\001\352\060\202\001\346\060\037\006\003\125\035\043
+\004\030\060\026\200\024\241\162\137\046\033\050\230\103\225\135
+\007\067\325\205\226\235\113\322\303\105\060\035\006\003\125\035
+\016\004\026\004\024\206\111\105\374\063\031\063\324\004\355\047
+\141\356\350\001\311\014\177\057\176\060\016\006\003\125\035\017
+\001\001\377\004\004\003\002\005\240\060\014\006\003\125\035\023
+\001\001\377\004\002\060\000\060\035\006\003\125\035\045\004\026
+\060\024\006\010\053\006\001\005\005\007\003\001\006\010\053\006
+\001\005\005\007\003\002\060\106\006\003\125\035\040\004\077\060
+\075\060\073\006\014\053\006\001\004\001\262\061\001\002\001\003
+\004\060\053\060\051\006\010\053\006\001\005\005\007\002\001\026
+\035\150\164\164\160\163\072\057\057\163\145\143\165\162\145\056
+\143\157\155\157\144\157\056\143\157\155\057\103\120\123\060\173
+\006\003\125\035\037\004\164\060\162\060\070\240\066\240\064\206
+\062\150\164\164\160\072\057\057\143\162\154\056\143\157\155\157
+\144\157\143\141\056\143\157\155\057\125\124\116\055\125\123\105
+\122\106\151\162\163\164\055\110\141\162\144\167\141\162\145\056
+\143\162\154\060\066\240\064\240\062\206\060\150\164\164\160\072
+\057\057\143\162\154\056\143\157\155\157\144\157\056\156\145\164
+\057\125\124\116\055\125\123\105\122\106\151\162\163\164\055\110
+\141\162\144\167\141\162\145\056\143\162\154\060\161\006\010\053
+\006\001\005\005\007\001\001\004\145\060\143\060\073\006\010\053
+\006\001\005\005\007\060\002\206\057\150\164\164\160\072\057\057
+\143\162\164\056\143\157\155\157\144\157\143\141\056\143\157\155
+\057\125\124\116\101\144\144\124\162\165\163\164\123\145\162\166
+\145\162\103\101\056\143\162\164\060\044\006\010\053\006\001\005
+\005\007\060\001\206\030\150\164\164\160\072\057\057\157\143\163
+\160\056\143\157\155\157\144\157\143\141\056\143\157\155\060\057
+\006\003\125\035\021\004\050\060\046\202\017\154\157\147\151\156
+\056\171\141\150\157\157\056\143\157\155\202\023\167\167\167\056
+\154\157\147\151\156\056\171\141\150\157\157\056\143\157\155\060
+\015\006\011\052\206\110\206\367\015\001\001\005\005\000\003\202
+\001\001\000\075\127\311\110\044\134\356\144\201\365\256\276\125
+\051\026\377\052\057\204\355\331\370\243\003\310\060\146\273\310
+\324\201\055\041\367\010\367\254\226\102\232\101\165\172\272\135
+\020\043\313\222\102\141\372\212\332\155\145\064\031\345\251\326
+\055\023\170\327\201\104\222\251\156\200\143\025\313\376\065\037
+\002\321\212\024\260\250\314\224\040\073\250\032\360\135\066\120
+\333\015\256\351\144\344\366\215\151\175\060\310\024\027\000\112
+\345\246\065\373\175\015\042\235\171\166\122\054\274\227\006\210
+\232\025\364\163\346\361\365\230\245\315\007\104\221\270\247\150
+\147\105\322\162\021\140\342\161\267\120\125\342\212\251\015\326
+\222\356\004\052\213\060\240\242\005\106\064\155\222\306\073\252
+\115\240\320\253\001\031\012\062\267\350\343\317\361\322\227\111
+\173\254\244\227\367\360\127\256\143\167\232\177\226\332\115\375
+\276\334\007\066\343\045\275\211\171\216\051\022\023\213\210\007
+\373\153\333\244\315\263\055\047\351\324\312\140\327\205\123\373
+\164\306\134\065\214\160\037\371\262\267\222\047\040\307\224\325
+\147\024\060
+END
+
+# Trust for Certificate "Bogus Yahoo 1"
+# Issuer: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Serial Number:00:d7:55:8f:da:f5:f1:10:5b:b2:13:28:2b:70:77:29:a3
+# Subject: CN=login.yahoo.com,OU=PlatinumSSL,OU=Hosted by GTI Group Corporation,OU=Tech Dept.,O=Google Ltd.,STREET=Sea Village 10,L=English,ST=Florida,postalCode=38477,C=US
+# Not Valid Before: Tue Mar 15 00:00:00 2011
+# Not Valid After : Fri Mar 14 23:59:59 2014
+# Fingerprint (MD5): 0C:1F:BE:D3:FC:09:6E:E6:6E:C2:66:39:75:86:6B:EB
+# Fingerprint (SHA1): 63:FE:AE:96:0B:AA:91:E3:43:CE:2B:D8:B7:17:98:C7:6B:DB:77:D0
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Bogus Yahoo 1"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\143\376\256\226\013\252\221\343\103\316\053\330\267\027\230\307
+\153\333\167\320
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\014\037\276\323\374\011\156\346\156\302\146\071\165\206\153\353
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
+\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
+\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
+\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
+\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
+\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
+\164\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125
+\004\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163
+\164\055\110\141\162\144\167\141\162\145
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\021\000\327\125\217\332\365\361\020\133\262\023\050\053\160
+\167\051\243
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Bogus Yahoo 2"
+#
+# Issuer: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Serial Number:39:2a:43:4f:0e:07:df:1f:8a:a3:05:de:34:e0:c2:29
+# Subject: CN=login.yahoo.com,OU=PlatinumSSL,OU=Hosted by GTI Group Corporation,OU=Tech Dept.,O=Google Ltd.,STREET=Sea Village 10,L=English,ST=Florida,postalCode=38477,C=US
+# Not Valid Before: Tue Mar 15 00:00:00 2011
+# Not Valid After : Fri Mar 14 23:59:59 2014
+# Fingerprint (MD5): 72:DC:C8:72:6C:53:3B:B2:FD:CC:5D:19:BD:AF:A6:31
+# Fingerprint (SHA1): D0:18:B6:2D:C5:18:90:72:47:DF:50:92:5B:B0:9A:CF:4A:5C:B3:AD
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Bogus Yahoo 2"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\337\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\016\060\014\006\003\125\004\021\023\005\063\070\064\067\067
+\061\020\060\016\006\003\125\004\010\023\007\106\154\157\162\151
+\144\141\061\020\060\016\006\003\125\004\007\023\007\105\156\147
+\154\151\163\150\061\027\060\025\006\003\125\004\011\023\016\123
+\145\141\040\126\151\154\154\141\147\145\040\061\060\061\024\060
+\022\006\003\125\004\012\023\013\107\157\157\147\154\145\040\114
+\164\144\056\061\023\060\021\006\003\125\004\013\023\012\124\145
+\143\150\040\104\145\160\164\056\061\050\060\046\006\003\125\004
+\013\023\037\110\157\163\164\145\144\040\142\171\040\107\124\111
+\040\107\162\157\165\160\040\103\157\162\160\157\162\141\164\151
+\157\156\061\024\060\022\006\003\125\004\013\023\013\120\154\141
+\164\151\156\165\155\123\123\114\061\030\060\026\006\003\125\004
+\003\023\017\154\157\147\151\156\056\171\141\150\157\157\056\143
+\157\155
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
+\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
+\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
+\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
+\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
+\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
+\164\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125
+\004\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163
+\164\055\110\141\162\144\167\141\162\145
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\071\052\103\117\016\007\337\037\212\243\005\336\064\340
+\302\051
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\331\060\202\004\301\240\003\002\001\002\002\020\071
+\052\103\117\016\007\337\037\212\243\005\336\064\340\302\051\060
+\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\201
+\227\061\013\060\011\006\003\125\004\006\023\002\125\123\061\013
+\060\011\006\003\125\004\010\023\002\125\124\061\027\060\025\006
+\003\125\004\007\023\016\123\141\154\164\040\114\141\153\145\040
+\103\151\164\171\061\036\060\034\006\003\125\004\012\023\025\124
+\150\145\040\125\123\105\122\124\122\125\123\124\040\116\145\164
+\167\157\162\153\061\041\060\037\006\003\125\004\013\023\030\150
+\164\164\160\072\057\057\167\167\167\056\165\163\145\162\164\162
+\165\163\164\056\143\157\155\061\037\060\035\006\003\125\004\003
+\023\026\125\124\116\055\125\123\105\122\106\151\162\163\164\055
+\110\141\162\144\167\141\162\145\060\036\027\015\061\061\060\063
+\061\065\060\060\060\060\060\060\132\027\015\061\064\060\063\061
+\064\062\063\065\071\065\071\132\060\201\337\061\013\060\011\006
+\003\125\004\006\023\002\125\123\061\016\060\014\006\003\125\004
+\021\023\005\063\070\064\067\067\061\020\060\016\006\003\125\004
+\010\023\007\106\154\157\162\151\144\141\061\020\060\016\006\003
+\125\004\007\023\007\105\156\147\154\151\163\150\061\027\060\025
+\006\003\125\004\011\023\016\123\145\141\040\126\151\154\154\141
+\147\145\040\061\060\061\024\060\022\006\003\125\004\012\023\013
+\107\157\157\147\154\145\040\114\164\144\056\061\023\060\021\006
+\003\125\004\013\023\012\124\145\143\150\040\104\145\160\164\056
+\061\050\060\046\006\003\125\004\013\023\037\110\157\163\164\145
+\144\040\142\171\040\107\124\111\040\107\162\157\165\160\040\103
+\157\162\160\157\162\141\164\151\157\156\061\024\060\022\006\003
+\125\004\013\023\013\120\154\141\164\151\156\165\155\123\123\114
+\061\030\060\026\006\003\125\004\003\023\017\154\157\147\151\156
+\056\171\141\150\157\157\056\143\157\155\060\202\001\042\060\015
+\006\011\052\206\110\206\367\015\001\001\001\005\000\003\202\001
+\017\000\060\202\001\012\002\202\001\001\000\241\244\005\075\355
+\205\105\223\212\030\115\306\003\000\127\342\100\167\360\034\353
+\320\031\337\042\135\010\177\321\007\074\101\211\106\027\243\011
+\372\374\370\251\004\321\226\217\253\327\117\074\371\255\030\251
+\164\201\304\127\012\072\046\026\316\142\076\274\077\154\041\356
+\223\215\313\015\240\037\232\226\320\217\255\365\223\223\202\356
+\162\014\241\165\025\243\173\204\126\270\255\377\122\021\161\204
+\274\072\060\013\176\230\250\341\250\077\067\122\320\361\174\157
+\220\330\105\012\254\071\162\152\141\325\273\303\214\371\302\314
+\337\375\072\161\271\257\274\334\072\334\014\266\261\322\321\211
+\273\101\266\362\336\127\325\025\337\374\375\342\061\305\337\312
+\301\330\217\054\277\360\016\133\161\340\064\161\303\305\115\175
+\172\324\372\355\060\113\057\352\266\056\236\223\074\342\072\370
+\102\242\032\356\334\337\315\017\251\366\171\204\032\216\154\002
+\266\206\345\277\121\152\146\370\363\234\323\131\014\173\245\231
+\170\315\174\231\372\306\226\107\330\062\324\164\166\016\167\113
+\040\164\244\267\211\165\222\112\264\133\125\002\003\001\000\001
+\243\202\001\325\060\202\001\321\060\037\006\003\125\035\043\004
+\030\060\026\200\024\241\162\137\046\033\050\230\103\225\135\007
+\067\325\205\226\235\113\322\303\105\060\035\006\003\125\035\016
+\004\026\004\024\206\111\105\374\063\031\063\324\004\355\047\141
+\356\350\001\311\014\177\057\176\060\016\006\003\125\035\017\001
+\001\377\004\004\003\002\005\240\060\014\006\003\125\035\023\001
+\001\377\004\002\060\000\060\035\006\003\125\035\045\004\026\060
+\024\006\010\053\006\001\005\005\007\003\001\006\010\053\006\001
+\005\005\007\003\002\060\106\006\003\125\035\040\004\077\060\075
+\060\073\006\014\053\006\001\004\001\262\061\001\002\001\003\004
+\060\053\060\051\006\010\053\006\001\005\005\007\002\001\026\035
+\150\164\164\160\163\072\057\057\163\145\143\165\162\145\056\143
+\157\155\157\144\157\056\143\157\155\057\103\120\123\060\173\006
+\003\125\035\037\004\164\060\162\060\070\240\066\240\064\206\062
+\150\164\164\160\072\057\057\143\162\154\056\143\157\155\157\144
+\157\143\141\056\143\157\155\057\125\124\116\055\125\123\105\122
+\106\151\162\163\164\055\110\141\162\144\167\141\162\145\056\143
+\162\154\060\066\240\064\240\062\206\060\150\164\164\160\072\057
+\057\143\162\154\056\143\157\155\157\144\157\056\156\145\164\057
+\125\124\116\055\125\123\105\122\106\151\162\163\164\055\110\141
+\162\144\167\141\162\145\056\143\162\154\060\161\006\010\053\006
+\001\005\005\007\001\001\004\145\060\143\060\073\006\010\053\006
+\001\005\005\007\060\002\206\057\150\164\164\160\072\057\057\143
+\162\164\056\143\157\155\157\144\157\143\141\056\143\157\155\057
+\125\124\116\101\144\144\124\162\165\163\164\123\145\162\166\145
+\162\103\101\056\143\162\164\060\044\006\010\053\006\001\005\005
+\007\060\001\206\030\150\164\164\160\072\057\057\157\143\163\160
+\056\143\157\155\157\144\157\143\141\056\143\157\155\060\032\006
+\003\125\035\021\004\023\060\021\202\017\154\157\147\151\156\056
+\171\141\150\157\157\056\143\157\155\060\015\006\011\052\206\110
+\206\367\015\001\001\005\005\000\003\202\001\001\000\127\142\341
+\167\353\374\037\277\210\123\257\130\323\324\326\155\147\060\027
+\100\276\340\037\144\336\207\025\314\340\244\126\251\321\237\371
+\001\376\002\261\261\352\342\137\356\161\026\061\371\010\325\302
+\327\232\233\262\132\070\327\251\177\351\207\153\061\371\013\254
+\331\375\120\161\340\333\202\222\017\201\234\215\167\351\353\056
+\352\324\043\101\207\354\055\262\170\263\216\261\147\322\356\161
+\003\010\022\231\263\002\051\157\336\213\336\301\251\003\012\132
+\063\034\075\021\003\306\110\014\230\234\025\056\331\246\205\122
+\347\005\212\256\060\043\353\355\050\154\140\351\055\177\217\107
+\213\057\320\334\346\273\017\176\137\362\110\201\216\120\004\143
+\261\121\200\165\232\251\266\020\034\020\137\157\030\157\340\016
+\226\105\316\356\361\265\040\333\357\332\156\310\225\343\366\105
+\375\312\374\245\137\111\155\006\036\322\336\141\075\025\175\067
+\345\034\065\216\006\302\153\367\264\250\050\054\061\313\252\264
+\247\227\117\235\212\366\257\176\067\271\173\075\337\222\146\213
+\217\116\235\306\066\347\134\246\253\022\017\326\317
+END
+
+# Trust for Certificate "Bogus Yahoo 2"
+# Issuer: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Serial Number:39:2a:43:4f:0e:07:df:1f:8a:a3:05:de:34:e0:c2:29
+# Subject: CN=login.yahoo.com,OU=PlatinumSSL,OU=Hosted by GTI Group Corporation,OU=Tech Dept.,O=Google Ltd.,STREET=Sea Village 10,L=English,ST=Florida,postalCode=38477,C=US
+# Not Valid Before: Tue Mar 15 00:00:00 2011
+# Not Valid After : Fri Mar 14 23:59:59 2014
+# Fingerprint (MD5): 72:DC:C8:72:6C:53:3B:B2:FD:CC:5D:19:BD:AF:A6:31
+# Fingerprint (SHA1): D0:18:B6:2D:C5:18:90:72:47:DF:50:92:5B:B0:9A:CF:4A:5C:B3:AD
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Bogus Yahoo 2"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\320\030\266\055\305\030\220\162\107\337\120\222\133\260\232\317
+\112\134\263\255
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\162\334\310\162\154\123\073\262\375\314\135\031\275\257\246\061
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
+\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
+\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
+\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
+\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
+\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
+\164\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125
+\004\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163
+\164\055\110\141\162\144\167\141\162\145
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\071\052\103\117\016\007\337\037\212\243\005\336\064\340
+\302\051
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Bogus Yahoo 3"
+#
+# Issuer: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Serial Number:3e:75:ce:d4:6b:69:30:21:21:88:30:ae:86:a8:2a:71
+# Subject: CN=login.yahoo.com,OU=PlatinumSSL,OU=Hosted by GTI Group Corporation,OU=Tech Dept.,O=Google Ltd.,STREET=Sea Village 10,L=English,ST=Florida,postalCode=38477,C=US
+# Not Valid Before: Tue Mar 15 00:00:00 2011
+# Not Valid After : Fri Mar 14 23:59:59 2014
+# Fingerprint (MD5): 4A:DC:3C:67:ED:21:CD:5B:CE:5D:C8:11:E4:9E:CF:3D
+# Fingerprint (SHA1): 80:96:2A:E4:D6:C5:B4:42:89:4E:95:A1:3E:4A:69:9E:07:D6:94:CF
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Bogus Yahoo 3"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\337\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\016\060\014\006\003\125\004\021\023\005\063\070\064\067\067
+\061\020\060\016\006\003\125\004\010\023\007\106\154\157\162\151
+\144\141\061\020\060\016\006\003\125\004\007\023\007\105\156\147
+\154\151\163\150\061\027\060\025\006\003\125\004\011\023\016\123
+\145\141\040\126\151\154\154\141\147\145\040\061\060\061\024\060
+\022\006\003\125\004\012\023\013\107\157\157\147\154\145\040\114
+\164\144\056\061\023\060\021\006\003\125\004\013\023\012\124\145
+\143\150\040\104\145\160\164\056\061\050\060\046\006\003\125\004
+\013\023\037\110\157\163\164\145\144\040\142\171\040\107\124\111
+\040\107\162\157\165\160\040\103\157\162\160\157\162\141\164\151
+\157\156\061\024\060\022\006\003\125\004\013\023\013\120\154\141
+\164\151\156\165\155\123\123\114\061\030\060\026\006\003\125\004
+\003\023\017\154\157\147\151\156\056\171\141\150\157\157\056\143
+\157\155
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
+\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
+\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
+\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
+\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
+\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
+\164\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125
+\004\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163
+\164\055\110\141\162\144\167\141\162\145
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\076\165\316\324\153\151\060\041\041\210\060\256\206\250
+\052\161
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\331\060\202\004\301\240\003\002\001\002\002\020\076
+\165\316\324\153\151\060\041\041\210\060\256\206\250\052\161\060
+\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\201
+\227\061\013\060\011\006\003\125\004\006\023\002\125\123\061\013
+\060\011\006\003\125\004\010\023\002\125\124\061\027\060\025\006
+\003\125\004\007\023\016\123\141\154\164\040\114\141\153\145\040
+\103\151\164\171\061\036\060\034\006\003\125\004\012\023\025\124
+\150\145\040\125\123\105\122\124\122\125\123\124\040\116\145\164
+\167\157\162\153\061\041\060\037\006\003\125\004\013\023\030\150
+\164\164\160\072\057\057\167\167\167\056\165\163\145\162\164\162
+\165\163\164\056\143\157\155\061\037\060\035\006\003\125\004\003
+\023\026\125\124\116\055\125\123\105\122\106\151\162\163\164\055
+\110\141\162\144\167\141\162\145\060\036\027\015\061\061\060\063
+\061\065\060\060\060\060\060\060\132\027\015\061\064\060\063\061
+\064\062\063\065\071\065\071\132\060\201\337\061\013\060\011\006
+\003\125\004\006\023\002\125\123\061\016\060\014\006\003\125\004
+\021\023\005\063\070\064\067\067\061\020\060\016\006\003\125\004
+\010\023\007\106\154\157\162\151\144\141\061\020\060\016\006\003
+\125\004\007\023\007\105\156\147\154\151\163\150\061\027\060\025
+\006\003\125\004\011\023\016\123\145\141\040\126\151\154\154\141
+\147\145\040\061\060\061\024\060\022\006\003\125\004\012\023\013
+\107\157\157\147\154\145\040\114\164\144\056\061\023\060\021\006
+\003\125\004\013\023\012\124\145\143\150\040\104\145\160\164\056
+\061\050\060\046\006\003\125\004\013\023\037\110\157\163\164\145
+\144\040\142\171\040\107\124\111\040\107\162\157\165\160\040\103
+\157\162\160\157\162\141\164\151\157\156\061\024\060\022\006\003
+\125\004\013\023\013\120\154\141\164\151\156\165\155\123\123\114
+\061\030\060\026\006\003\125\004\003\023\017\154\157\147\151\156
+\056\171\141\150\157\157\056\143\157\155\060\202\001\042\060\015
+\006\011\052\206\110\206\367\015\001\001\001\005\000\003\202\001
+\017\000\060\202\001\012\002\202\001\001\000\241\244\005\075\355
+\205\105\223\212\030\115\306\003\000\127\342\100\167\360\034\353
+\320\031\337\042\135\010\177\321\007\074\101\211\106\027\243\011
+\372\374\370\251\004\321\226\217\253\327\117\074\371\255\030\251
+\164\201\304\127\012\072\046\026\316\142\076\274\077\154\041\356
+\223\215\313\015\240\037\232\226\320\217\255\365\223\223\202\356
+\162\014\241\165\025\243\173\204\126\270\255\377\122\021\161\204
+\274\072\060\013\176\230\250\341\250\077\067\122\320\361\174\157
+\220\330\105\012\254\071\162\152\141\325\273\303\214\371\302\314
+\337\375\072\161\271\257\274\334\072\334\014\266\261\322\321\211
+\273\101\266\362\336\127\325\025\337\374\375\342\061\305\337\312
+\301\330\217\054\277\360\016\133\161\340\064\161\303\305\115\175
+\172\324\372\355\060\113\057\352\266\056\236\223\074\342\072\370
+\102\242\032\356\334\337\315\017\251\366\171\204\032\216\154\002
+\266\206\345\277\121\152\146\370\363\234\323\131\014\173\245\231
+\170\315\174\231\372\306\226\107\330\062\324\164\166\016\167\113
+\040\164\244\267\211\165\222\112\264\133\125\002\003\001\000\001
+\243\202\001\325\060\202\001\321\060\037\006\003\125\035\043\004
+\030\060\026\200\024\241\162\137\046\033\050\230\103\225\135\007
+\067\325\205\226\235\113\322\303\105\060\035\006\003\125\035\016
+\004\026\004\024\206\111\105\374\063\031\063\324\004\355\047\141
+\356\350\001\311\014\177\057\176\060\016\006\003\125\035\017\001
+\001\377\004\004\003\002\005\240\060\014\006\003\125\035\023\001
+\001\377\004\002\060\000\060\035\006\003\125\035\045\004\026\060
+\024\006\010\053\006\001\005\005\007\003\001\006\010\053\006\001
+\005\005\007\003\002\060\106\006\003\125\035\040\004\077\060\075
+\060\073\006\014\053\006\001\004\001\262\061\001\002\001\003\004
+\060\053\060\051\006\010\053\006\001\005\005\007\002\001\026\035
+\150\164\164\160\163\072\057\057\163\145\143\165\162\145\056\143
+\157\155\157\144\157\056\143\157\155\057\103\120\123\060\173\006
+\003\125\035\037\004\164\060\162\060\070\240\066\240\064\206\062
+\150\164\164\160\072\057\057\143\162\154\056\143\157\155\157\144
+\157\143\141\056\143\157\155\057\125\124\116\055\125\123\105\122
+\106\151\162\163\164\055\110\141\162\144\167\141\162\145\056\143
+\162\154\060\066\240\064\240\062\206\060\150\164\164\160\072\057
+\057\143\162\154\056\143\157\155\157\144\157\056\156\145\164\057
+\125\124\116\055\125\123\105\122\106\151\162\163\164\055\110\141
+\162\144\167\141\162\145\056\143\162\154\060\161\006\010\053\006
+\001\005\005\007\001\001\004\145\060\143\060\073\006\010\053\006
+\001\005\005\007\060\002\206\057\150\164\164\160\072\057\057\143
+\162\164\056\143\157\155\157\144\157\143\141\056\143\157\155\057
+\125\124\116\101\144\144\124\162\165\163\164\123\145\162\166\145
+\162\103\101\056\143\162\164\060\044\006\010\053\006\001\005\005
+\007\060\001\206\030\150\164\164\160\072\057\057\157\143\163\160
+\056\143\157\155\157\144\157\143\141\056\143\157\155\060\032\006
+\003\125\035\021\004\023\060\021\202\017\154\157\147\151\156\056
+\171\141\150\157\157\056\143\157\155\060\015\006\011\052\206\110
+\206\367\015\001\001\005\005\000\003\202\001\001\000\123\151\230
+\216\050\116\234\053\133\035\314\153\167\050\075\273\372\245\116
+\176\126\051\244\352\020\342\364\346\055\006\321\204\333\043\316
+\227\363\150\266\017\072\336\025\013\044\035\221\343\154\056\060
+\267\351\160\260\303\106\200\360\323\261\121\277\117\326\170\240
+\374\254\306\317\061\004\143\342\064\125\005\112\075\366\060\272
+\363\063\345\272\322\226\363\325\261\266\223\211\032\244\150\276
+\176\355\143\264\032\110\300\123\344\243\360\071\014\062\222\307
+\103\015\032\161\355\320\106\223\277\223\142\154\063\113\315\066
+\015\151\136\273\154\226\231\041\151\304\113\147\162\333\154\152
+\270\367\150\355\305\217\255\143\145\225\012\114\340\371\017\176
+\067\075\252\324\223\272\147\011\303\245\244\015\003\132\155\325
+\013\376\360\100\024\264\366\270\151\174\155\302\062\113\237\265
+\032\347\106\256\114\132\053\252\172\136\220\127\225\372\333\146
+\002\040\036\152\151\146\025\234\302\266\365\274\120\265\375\105
+\307\037\150\264\107\131\254\304\033\050\223\116\122\123\022\003
+\130\113\161\203\237\146\346\254\171\110\376\376\107
+END
+
+# Trust for Certificate "Bogus Yahoo 3"
+# Issuer: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Serial Number:3e:75:ce:d4:6b:69:30:21:21:88:30:ae:86:a8:2a:71
+# Subject: CN=login.yahoo.com,OU=PlatinumSSL,OU=Hosted by GTI Group Corporation,OU=Tech Dept.,O=Google Ltd.,STREET=Sea Village 10,L=English,ST=Florida,postalCode=38477,C=US
+# Not Valid Before: Tue Mar 15 00:00:00 2011
+# Not Valid After : Fri Mar 14 23:59:59 2014
+# Fingerprint (MD5): 4A:DC:3C:67:ED:21:CD:5B:CE:5D:C8:11:E4:9E:CF:3D
+# Fingerprint (SHA1): 80:96:2A:E4:D6:C5:B4:42:89:4E:95:A1:3E:4A:69:9E:07:D6:94:CF
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Bogus Yahoo 3"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\200\226\052\344\326\305\264\102\211\116\225\241\076\112\151\236
+\007\326\224\317
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\112\334\074\147\355\041\315\133\316\135\310\021\344\236\317\075
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
+\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
+\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
+\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
+\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
+\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
+\164\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125
+\004\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163
+\164\055\110\141\162\144\167\141\162\145
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\076\165\316\324\153\151\060\041\041\210\060\256\206\250
+\052\161
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Bogus live.com"
+#
+# Issuer: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Serial Number:00:b0:b7:13:3e:d0:96:f9:b5:6f:ae:91:c8:74:bd:3a:c0
+# Subject: CN=login.live.com,OU=PlatinumSSL,OU=Hosted by GTI Group Corporation,OU=Tech Dept.,O=Google Ltd.,STREET=Sea Village 10,L=English,ST=Florida,postalCode=38477,C=US
+# Not Valid Before: Tue Mar 15 00:00:00 2011
+# Not Valid After : Fri Mar 14 23:59:59 2014
+# Fingerprint (MD5): D0:D4:39:E3:CC:5C:52:DD:08:CD:E9:AB:E8:11:59:D4
+# Fingerprint (SHA1): CE:A5:86:B2:CE:59:3E:C7:D9:39:89:83:37:C5:78:14:70:8A:B2:BE
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Bogus live.com"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\336\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\016\060\014\006\003\125\004\021\023\005\063\070\064\067\067
+\061\020\060\016\006\003\125\004\010\023\007\106\154\157\162\151
+\144\141\061\020\060\016\006\003\125\004\007\023\007\105\156\147
+\154\151\163\150\061\027\060\025\006\003\125\004\011\023\016\123
+\145\141\040\126\151\154\154\141\147\145\040\061\060\061\024\060
+\022\006\003\125\004\012\023\013\107\157\157\147\154\145\040\114
+\164\144\056\061\023\060\021\006\003\125\004\013\023\012\124\145
+\143\150\040\104\145\160\164\056\061\050\060\046\006\003\125\004
+\013\023\037\110\157\163\164\145\144\040\142\171\040\107\124\111
+\040\107\162\157\165\160\040\103\157\162\160\157\162\141\164\151
+\157\156\061\024\060\022\006\003\125\004\013\023\013\120\154\141
+\164\151\156\165\155\123\123\114\061\027\060\025\006\003\125\004
+\003\023\016\154\157\147\151\156\056\154\151\166\145\056\143\157
+\155
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
+\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
+\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
+\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
+\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
+\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
+\164\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125
+\004\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163
+\164\055\110\141\162\144\167\141\162\145
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\021\000\260\267\023\076\320\226\371\265\157\256\221\310\164
+\275\072\300
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\354\060\202\004\324\240\003\002\001\002\002\021\000
+\260\267\023\076\320\226\371\265\157\256\221\310\164\275\072\300
+\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060
+\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060\025
+\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153\145
+\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023\025
+\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116\145
+\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023\030
+\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162\164
+\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125\004
+\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163\164
+\055\110\141\162\144\167\141\162\145\060\036\027\015\061\061\060
+\063\061\065\060\060\060\060\060\060\132\027\015\061\064\060\063
+\061\064\062\063\065\071\065\071\132\060\201\336\061\013\060\011
+\006\003\125\004\006\023\002\125\123\061\016\060\014\006\003\125
+\004\021\023\005\063\070\064\067\067\061\020\060\016\006\003\125
+\004\010\023\007\106\154\157\162\151\144\141\061\020\060\016\006
+\003\125\004\007\023\007\105\156\147\154\151\163\150\061\027\060
+\025\006\003\125\004\011\023\016\123\145\141\040\126\151\154\154
+\141\147\145\040\061\060\061\024\060\022\006\003\125\004\012\023
+\013\107\157\157\147\154\145\040\114\164\144\056\061\023\060\021
+\006\003\125\004\013\023\012\124\145\143\150\040\104\145\160\164
+\056\061\050\060\046\006\003\125\004\013\023\037\110\157\163\164
+\145\144\040\142\171\040\107\124\111\040\107\162\157\165\160\040
+\103\157\162\160\157\162\141\164\151\157\156\061\024\060\022\006
+\003\125\004\013\023\013\120\154\141\164\151\156\165\155\123\123
+\114\061\027\060\025\006\003\125\004\003\023\016\154\157\147\151
+\156\056\154\151\166\145\056\143\157\155\060\202\001\042\060\015
+\006\011\052\206\110\206\367\015\001\001\001\005\000\003\202\001
+\017\000\060\202\001\012\002\202\001\001\000\363\374\053\057\357
+\341\255\131\360\102\074\302\361\202\277\054\101\223\321\366\230
+\063\225\114\274\142\361\225\130\010\266\351\173\167\110\260\323
+\334\027\077\274\156\346\354\036\354\215\027\376\034\044\306\076
+\147\075\222\225\242\060\300\247\127\040\317\160\210\227\112\005
+\223\171\223\102\227\057\076\377\304\024\024\050\242\023\066\264
+\370\356\276\035\274\170\135\141\223\137\353\210\327\321\344\053
+\232\315\130\342\007\105\237\117\270\271\100\152\063\054\133\041
+\003\132\112\224\362\172\227\131\033\250\265\102\330\203\000\252
+\064\314\247\166\320\107\003\137\005\257\073\341\271\241\064\045
+\267\154\137\232\060\204\230\302\302\327\362\270\102\112\020\125
+\275\372\123\201\135\215\150\146\105\054\122\176\345\304\004\303
+\124\347\303\071\332\172\112\305\271\230\202\040\341\054\140\127
+\277\272\362\106\000\274\137\072\334\343\063\227\370\112\230\271
+\354\063\117\055\140\154\025\222\246\201\112\013\351\354\166\160
+\064\061\027\160\346\160\113\216\213\323\165\313\170\111\253\146
+\233\206\237\217\251\304\001\350\312\033\347\002\003\001\000\001
+\243\202\001\350\060\202\001\344\060\037\006\003\125\035\043\004
+\030\060\026\200\024\241\162\137\046\033\050\230\103\225\135\007
+\067\325\205\226\235\113\322\303\105\060\035\006\003\125\035\016
+\004\026\004\024\324\144\366\251\350\245\176\327\277\143\122\003
+\203\123\333\305\101\215\352\200\060\016\006\003\125\035\017\001
+\001\377\004\004\003\002\005\240\060\014\006\003\125\035\023\001
+\001\377\004\002\060\000\060\035\006\003\125\035\045\004\026\060
+\024\006\010\053\006\001\005\005\007\003\001\006\010\053\006\001
+\005\005\007\003\002\060\106\006\003\125\035\040\004\077\060\075
+\060\073\006\014\053\006\001\004\001\262\061\001\002\001\003\004
+\060\053\060\051\006\010\053\006\001\005\005\007\002\001\026\035
+\150\164\164\160\163\072\057\057\163\145\143\165\162\145\056\143
+\157\155\157\144\157\056\143\157\155\057\103\120\123\060\173\006
+\003\125\035\037\004\164\060\162\060\070\240\066\240\064\206\062
+\150\164\164\160\072\057\057\143\162\154\056\143\157\155\157\144
+\157\143\141\056\143\157\155\057\125\124\116\055\125\123\105\122
+\106\151\162\163\164\055\110\141\162\144\167\141\162\145\056\143
+\162\154\060\066\240\064\240\062\206\060\150\164\164\160\072\057
+\057\143\162\154\056\143\157\155\157\144\157\056\156\145\164\057
+\125\124\116\055\125\123\105\122\106\151\162\163\164\055\110\141
+\162\144\167\141\162\145\056\143\162\154\060\161\006\010\053\006
+\001\005\005\007\001\001\004\145\060\143\060\073\006\010\053\006
+\001\005\005\007\060\002\206\057\150\164\164\160\072\057\057\143
+\162\164\056\143\157\155\157\144\157\143\141\056\143\157\155\057
+\125\124\116\101\144\144\124\162\165\163\164\123\145\162\166\145
+\162\103\101\056\143\162\164\060\044\006\010\053\006\001\005\005
+\007\060\001\206\030\150\164\164\160\072\057\057\157\143\163\160
+\056\143\157\155\157\144\157\143\141\056\143\157\155\060\055\006
+\003\125\035\021\004\046\060\044\202\016\154\157\147\151\156\056
+\154\151\166\145\056\143\157\155\202\022\167\167\167\056\154\157
+\147\151\156\056\154\151\166\145\056\143\157\155\060\015\006\011
+\052\206\110\206\367\015\001\001\005\005\000\003\202\001\001\000
+\124\343\244\232\044\322\363\035\102\255\033\360\036\253\373\332
+\325\252\351\317\132\263\036\127\173\061\362\156\127\113\061\257
+\063\273\266\015\025\307\136\131\001\316\104\265\267\277\011\311
+\325\334\151\204\351\305\032\267\360\076\324\300\044\275\051\137
+\264\351\326\130\353\105\021\211\064\064\323\021\353\064\316\052
+\117\000\075\366\162\357\151\146\300\237\232\254\176\160\120\254
+\125\107\332\276\103\133\354\213\310\305\043\204\311\237\266\122
+\010\317\221\033\057\200\151\346\064\063\346\263\237\244\345\015
+\232\025\371\127\374\013\251\101\013\365\377\130\101\222\042\047
+\146\022\006\307\052\330\131\247\306\337\104\022\117\300\250\177
+\247\101\310\310\151\377\272\005\056\227\255\073\320\353\363\025
+\155\176\033\345\272\335\064\276\042\021\354\150\230\063\201\002
+\152\013\023\125\171\061\165\116\072\310\266\023\275\227\157\067
+\012\013\055\210\016\336\147\220\302\263\312\040\312\232\121\364
+\144\076\333\364\056\105\362\307\107\027\250\364\372\220\132\177
+\200\246\202\254\344\154\201\106\273\122\205\040\044\370\200\352
+END
+
+# Trust for Certificate "Bogus live.com"
+# Issuer: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Serial Number:00:b0:b7:13:3e:d0:96:f9:b5:6f:ae:91:c8:74:bd:3a:c0
+# Subject: CN=login.live.com,OU=PlatinumSSL,OU=Hosted by GTI Group Corporation,OU=Tech Dept.,O=Google Ltd.,STREET=Sea Village 10,L=English,ST=Florida,postalCode=38477,C=US
+# Not Valid Before: Tue Mar 15 00:00:00 2011
+# Not Valid After : Fri Mar 14 23:59:59 2014
+# Fingerprint (MD5): D0:D4:39:E3:CC:5C:52:DD:08:CD:E9:AB:E8:11:59:D4
+# Fingerprint (SHA1): CE:A5:86:B2:CE:59:3E:C7:D9:39:89:83:37:C5:78:14:70:8A:B2:BE
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Bogus live.com"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\316\245\206\262\316\131\076\307\331\071\211\203\067\305\170\024
+\160\212\262\276
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\320\324\071\343\314\134\122\335\010\315\351\253\350\021\131\324
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
+\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
+\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
+\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
+\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
+\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
+\164\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125
+\004\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163
+\164\055\110\141\162\144\167\141\162\145
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\021\000\260\267\023\076\320\226\371\265\157\256\221\310\164
+\275\072\300
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
 # Certificate "Go Daddy Root Certificate Authority - G2"
 #
 # Issuer: CN=Go Daddy Root Certificate Authority - G2,O="GoDaddy.com, Inc.",L=Scottsdale,ST=Arizona,C=US
@@ -11728,6 +14493,175 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
+# Certificate "Certinomis - Autorité Racine"
+#
+# Issuer: CN=Certinomis - Autorit.. Racine,OU=0002 433998903,O=Certinomis,C=FR
+# Serial Number: 1 (0x1)
+# Subject: CN=Certinomis - Autorit.. Racine,OU=0002 433998903,O=Certinomis,C=FR
+# Not Valid Before: Wed Sep 17 08:28:59 2008
+# Not Valid After : Sun Sep 17 08:28:59 2028
+# Fingerprint (MD5): 7F:30:78:8C:03:E3:CA:C9:0A:E2:C9:EA:1E:AA:55:1A
+# Fingerprint (SHA1): 2E:14:DA:EC:28:F0:FA:1E:8E:38:9A:4E:AB:EB:26:C0:0A:D3:83:C3
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Certinomis - Autorité Racine"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\143\061\013\060\011\006\003\125\004\006\023\002\106\122\061
+\023\060\021\006\003\125\004\012\023\012\103\145\162\164\151\156
+\157\155\151\163\061\027\060\025\006\003\125\004\013\023\016\060
+\060\060\062\040\064\063\063\071\071\070\071\060\063\061\046\060
+\044\006\003\125\004\003\014\035\103\145\162\164\151\156\157\155
+\151\163\040\055\040\101\165\164\157\162\151\164\303\251\040\122
+\141\143\151\156\145
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\143\061\013\060\011\006\003\125\004\006\023\002\106\122\061
+\023\060\021\006\003\125\004\012\023\012\103\145\162\164\151\156
+\157\155\151\163\061\027\060\025\006\003\125\004\013\023\016\060
+\060\060\062\040\064\063\063\071\071\070\071\060\063\061\046\060
+\044\006\003\125\004\003\014\035\103\145\162\164\151\156\157\155
+\151\163\040\055\040\101\165\164\157\162\151\164\303\251\040\122
+\141\143\151\156\145
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\001
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\234\060\202\003\204\240\003\002\001\002\002\001\001
+\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060
+\143\061\013\060\011\006\003\125\004\006\023\002\106\122\061\023
+\060\021\006\003\125\004\012\023\012\103\145\162\164\151\156\157
+\155\151\163\061\027\060\025\006\003\125\004\013\023\016\060\060
+\060\062\040\064\063\063\071\071\070\071\060\063\061\046\060\044
+\006\003\125\004\003\014\035\103\145\162\164\151\156\157\155\151
+\163\040\055\040\101\165\164\157\162\151\164\303\251\040\122\141
+\143\151\156\145\060\036\027\015\060\070\060\071\061\067\060\070
+\062\070\065\071\132\027\015\062\070\060\071\061\067\060\070\062
+\070\065\071\132\060\143\061\013\060\011\006\003\125\004\006\023
+\002\106\122\061\023\060\021\006\003\125\004\012\023\012\103\145
+\162\164\151\156\157\155\151\163\061\027\060\025\006\003\125\004
+\013\023\016\060\060\060\062\040\064\063\063\071\071\070\071\060
+\063\061\046\060\044\006\003\125\004\003\014\035\103\145\162\164
+\151\156\157\155\151\163\040\055\040\101\165\164\157\162\151\164
+\303\251\040\122\141\143\151\156\145\060\202\002\042\060\015\006
+\011\052\206\110\206\367\015\001\001\001\005\000\003\202\002\017
+\000\060\202\002\012\002\202\002\001\000\235\205\237\206\323\343
+\257\307\262\153\156\063\340\236\267\102\064\125\235\371\201\276
+\143\330\043\166\016\227\124\315\231\114\032\361\071\307\210\330
+\027\120\014\236\141\332\300\116\125\336\347\132\270\172\116\167
+\207\015\345\270\353\372\236\136\173\036\304\317\050\164\307\223
+\365\024\306\042\050\004\371\221\303\253\047\163\152\016\056\115
+\363\056\050\037\160\337\125\057\116\355\307\161\157\011\162\056
+\355\325\062\227\320\361\130\167\321\140\274\116\136\333\232\204
+\366\107\141\105\053\366\120\246\177\152\161\047\110\204\065\236
+\254\376\151\251\236\172\136\065\045\372\264\247\111\065\167\226
+\247\066\133\341\315\337\043\160\330\135\114\245\010\203\361\246
+\044\070\023\250\354\057\250\241\147\307\246\055\206\107\356\212
+\374\354\233\016\164\364\053\111\002\173\220\165\214\374\231\071
+\001\071\326\112\211\345\236\166\253\076\226\050\070\046\213\335
+\215\214\300\366\001\036\157\245\061\022\070\175\225\302\161\356
+\355\164\256\344\066\242\103\165\325\361\000\233\342\344\327\314
+\102\003\113\170\172\345\175\273\270\256\056\040\223\323\344\141
+\337\161\341\166\147\227\077\266\337\152\163\132\144\042\345\102
+\333\317\201\003\223\330\364\343\020\340\162\366\000\160\254\360
+\301\172\017\005\177\317\064\151\105\265\223\344\031\333\122\026
+\043\005\211\016\215\110\344\045\157\263\170\277\142\365\007\372
+\225\044\302\226\262\350\243\043\302\135\003\374\303\323\345\174
+\311\165\043\327\364\365\274\336\344\337\315\200\277\221\210\175
+\247\023\264\071\272\054\272\275\321\153\314\363\245\050\355\104
+\236\175\122\243\157\226\056\031\176\034\363\133\307\026\216\273
+\140\175\167\146\107\124\202\000\021\140\154\062\301\250\070\033
+\353\156\230\023\326\356\070\365\360\237\016\357\376\061\201\301
+\322\044\225\057\123\172\151\242\360\017\206\105\216\130\202\053
+\114\042\324\136\240\347\175\046\047\110\337\045\106\215\112\050
+\174\206\236\371\233\032\131\271\145\277\005\335\266\102\135\075
+\346\000\110\202\136\040\367\021\202\336\312\330\237\346\067\107
+\046\036\353\170\367\141\303\101\144\130\002\101\371\332\340\321
+\370\371\350\375\122\070\266\365\211\337\002\003\001\000\001\243
+\133\060\131\060\017\006\003\125\035\023\001\001\377\004\005\060
+\003\001\001\377\060\016\006\003\125\035\017\001\001\377\004\004
+\003\002\001\006\060\035\006\003\125\035\016\004\026\004\024\015
+\214\266\141\332\104\270\321\024\175\303\276\175\136\110\360\316
+\312\152\260\060\027\006\003\125\035\040\004\020\060\016\060\014
+\006\012\052\201\172\001\126\002\002\000\001\001\060\015\006\011
+\052\206\110\206\367\015\001\001\005\005\000\003\202\002\001\000
+\044\076\140\006\176\035\357\072\076\333\352\257\034\232\054\001
+\013\364\305\265\331\111\061\364\135\101\215\211\014\116\377\154
+\242\375\377\342\006\310\071\237\361\132\251\335\042\130\025\250
+\212\323\261\346\062\011\202\003\154\327\077\010\307\370\271\272
+\000\155\271\326\374\122\062\135\244\177\244\061\224\273\266\114
+\070\177\050\060\065\377\237\043\123\267\266\356\024\160\000\100
+\053\332\107\253\064\176\136\247\126\060\141\053\213\103\254\375
+\266\210\050\365\153\266\076\140\112\272\102\220\064\147\215\352
+\353\137\105\124\073\027\254\213\344\306\145\017\356\320\214\135
+\146\071\316\062\247\330\020\227\300\176\064\234\237\224\363\366
+\206\037\317\033\163\255\224\171\207\150\160\303\063\245\160\347
+\330\325\070\224\157\143\171\353\277\012\016\010\347\305\057\017
+\102\240\053\024\100\377\041\340\005\305\047\341\204\021\023\272
+\326\206\035\101\013\023\043\211\323\311\013\350\212\272\172\243
+\243\163\067\065\200\175\022\270\063\167\100\070\300\372\136\060
+\322\362\266\243\261\326\242\225\227\201\233\122\355\151\114\377
+\200\344\123\333\124\133\003\155\124\137\261\270\357\044\275\157
+\237\021\303\307\144\302\017\050\142\205\146\136\032\173\262\267
+\357\256\065\311\031\063\250\270\047\333\063\125\277\150\341\165
+\110\104\126\373\315\323\110\273\107\211\072\254\151\365\200\306
+\344\104\120\057\124\304\252\103\305\061\061\130\275\226\305\352
+\165\154\232\165\261\115\370\367\227\377\226\026\362\227\115\350
+\366\363\021\371\072\175\212\070\156\004\313\341\323\105\025\252
+\245\321\035\235\135\143\350\044\346\066\024\342\207\255\033\131
+\365\104\233\373\327\167\174\037\001\160\142\241\040\032\242\305
+\032\050\364\041\003\356\056\331\301\200\352\271\331\202\326\133
+\166\302\313\073\265\322\000\360\243\016\341\255\156\100\367\333
+\240\264\320\106\256\025\327\104\302\115\065\371\322\013\362\027
+\366\254\146\325\044\262\117\321\034\231\300\156\365\175\353\164
+\004\270\371\115\167\011\327\264\317\007\060\011\361\270\000\126
+\331\027\026\026\012\053\206\337\217\001\031\032\345\273\202\143
+\377\276\013\166\026\136\067\067\346\330\164\227\242\231\105\171
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "Certinomis - Autorité Racine"
+# Issuer: CN=Certinomis - Autorit.. Racine,OU=0002 433998903,O=Certinomis,C=FR
+# Serial Number: 1 (0x1)
+# Subject: CN=Certinomis - Autorit.. Racine,OU=0002 433998903,O=Certinomis,C=FR
+# Not Valid Before: Wed Sep 17 08:28:59 2008
+# Not Valid After : Sun Sep 17 08:28:59 2028
+# Fingerprint (MD5): 7F:30:78:8C:03:E3:CA:C9:0A:E2:C9:EA:1E:AA:55:1A
+# Fingerprint (SHA1): 2E:14:DA:EC:28:F0:FA:1E:8E:38:9A:4E:AB:EB:26:C0:0A:D3:83:C3
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Certinomis - Autorité Racine"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\056\024\332\354\050\360\372\036\216\070\232\116\253\353\046\300
+\012\323\203\303
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\177\060\170\214\003\343\312\311\012\342\311\352\036\252\125\032
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\143\061\013\060\011\006\003\125\004\006\023\002\106\122\061
+\023\060\021\006\003\125\004\012\023\012\103\145\162\164\151\156
+\157\155\151\163\061\027\060\025\006\003\125\004\013\023\016\060
+\060\060\062\040\064\063\063\071\071\070\071\060\063\061\046\060
+\044\006\003\125\004\003\014\035\103\145\162\164\151\156\157\155
+\151\163\040\055\040\101\165\164\157\162\151\164\303\251\040\122
+\141\143\151\156\145
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\001
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
 # Certificate "TWCA Root Certification Authority"
 #
 # Issuer: CN=TWCA Root Certification Authority,OU=Root CA,O=TAIWAN-CA,C=TW
@@ -12032,6 +14966,605 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
+# Certificate "Explicitly Distrust DigiNotar Services 1024 CA"
+#
+# Issuer: E=info@diginotar.nl,CN=DigiNotar Services 1024 CA,O=DigiNotar,C=NL
+# Serial Number: 268435455 (0xfffffff)
+# Subject: E=info@diginotar.nl,CN=DigiNotar Services 1024 CA,O=DigiNotar,C=NL
+# Not Valid Before: Thu Jul 26 15:59:01 2007
+# Not Valid After : Mon Aug 26 16:29:01 2013
+# Fingerprint (MD5): 2F:16:68:97:4C:68:4F:CE:52:8A:EC:53:8F:93:49:F8
+# Fingerprint (SHA1): 12:3B:EA:CA:66:67:77:61:E0:EB:68:F2:FE:ED:A2:0F:20:05:55:70
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Explicitly Distrust DigiNotar Services 1024 CA"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\150\061\013\060\011\006\003\125\004\006\023\002\116\114\061
+\022\060\020\006\003\125\004\012\023\011\104\151\147\151\116\157
+\164\141\162\061\043\060\041\006\003\125\004\003\023\032\104\151
+\147\151\116\157\164\141\162\040\123\145\162\166\151\143\145\163
+\040\061\060\062\064\040\103\101\061\040\060\036\006\011\052\206
+\110\206\367\015\001\011\001\026\021\151\156\146\157\100\144\151
+\147\151\156\157\164\141\162\056\156\154
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\150\061\013\060\011\006\003\125\004\006\023\002\116\114\061
+\022\060\020\006\003\125\004\012\023\011\104\151\147\151\116\157
+\164\141\162\061\043\060\041\006\003\125\004\003\023\032\104\151
+\147\151\116\157\164\141\162\040\123\145\162\166\151\143\145\163
+\040\061\060\062\064\040\103\101\061\040\060\036\006\011\052\206
+\110\206\367\015\001\011\001\026\021\151\156\146\157\100\144\151
+\147\151\156\157\164\141\162\056\156\154
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\004\017\377\377\377
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\003\161\060\202\002\332\240\003\002\001\002\002\004\017
+\377\377\377\060\015\006\011\052\206\110\206\367\015\001\001\005
+\005\000\060\150\061\013\060\011\006\003\125\004\006\023\002\116
+\114\061\022\060\020\006\003\125\004\012\023\011\104\151\147\151
+\116\157\164\141\162\061\043\060\041\006\003\125\004\003\023\032
+\104\151\147\151\116\157\164\141\162\040\123\145\162\166\151\143
+\145\163\040\061\060\062\064\040\103\101\061\040\060\036\006\011
+\052\206\110\206\367\015\001\011\001\026\021\151\156\146\157\100
+\144\151\147\151\156\157\164\141\162\056\156\154\060\036\027\015
+\060\067\060\067\062\066\061\065\065\071\060\061\132\027\015\061
+\063\060\070\062\066\061\066\062\071\060\061\132\060\150\061\013
+\060\011\006\003\125\004\006\023\002\116\114\061\022\060\020\006
+\003\125\004\012\023\011\104\151\147\151\116\157\164\141\162\061
+\043\060\041\006\003\125\004\003\023\032\104\151\147\151\116\157
+\164\141\162\040\123\145\162\166\151\143\145\163\040\061\060\062
+\064\040\103\101\061\040\060\036\006\011\052\206\110\206\367\015
+\001\011\001\026\021\151\156\146\157\100\144\151\147\151\156\157
+\164\141\162\056\156\154\060\201\237\060\015\006\011\052\206\110
+\206\367\015\001\001\001\005\000\003\201\215\000\060\201\211\002
+\201\201\000\332\233\115\135\074\371\321\342\213\306\306\010\040
+\305\331\036\110\354\146\130\147\171\142\053\101\143\364\211\215
+\150\332\257\270\224\066\213\031\044\244\240\223\322\231\017\262
+\255\055\065\115\315\057\152\341\371\233\031\053\274\004\032\176
+\055\075\122\144\315\361\076\147\017\211\056\350\362\117\256\246
+\010\241\205\376\241\251\011\346\306\253\076\103\374\257\172\003
+\221\332\246\071\246\141\356\230\117\030\250\323\263\257\146\202
+\351\237\274\335\162\371\006\004\275\022\331\030\044\347\253\223
+\123\213\131\002\003\001\000\001\243\202\001\046\060\202\001\042
+\060\022\006\003\125\035\023\001\001\377\004\010\060\006\001\001
+\377\002\001\000\060\047\006\003\125\035\045\004\040\060\036\006
+\010\053\006\001\005\005\007\003\001\006\010\053\006\001\005\005
+\007\003\002\006\010\053\006\001\005\005\007\003\004\060\021\006
+\003\125\035\040\004\012\060\010\060\006\006\004\125\035\040\000
+\060\063\006\010\053\006\001\005\005\007\001\001\004\047\060\045
+\060\043\006\010\053\006\001\005\005\007\060\001\206\027\150\164
+\164\160\072\057\057\157\143\163\160\056\145\156\164\162\165\163
+\164\056\156\145\164\060\063\006\003\125\035\037\004\054\060\052
+\060\050\240\046\240\044\206\042\150\164\164\160\072\057\057\143
+\162\154\056\145\156\164\162\165\163\164\056\156\145\164\057\163
+\145\162\166\145\162\061\056\143\162\154\060\035\006\003\125\035
+\016\004\026\004\024\376\334\224\111\014\157\357\134\177\306\361
+\022\231\117\026\111\255\373\202\145\060\013\006\003\125\035\017
+\004\004\003\002\001\006\060\037\006\003\125\035\043\004\030\060
+\026\200\024\360\027\142\023\125\075\263\377\012\000\153\373\120
+\204\227\363\355\142\320\032\060\031\006\011\052\206\110\206\366
+\175\007\101\000\004\014\060\012\033\004\126\067\056\061\003\002
+\000\201\060\015\006\011\052\206\110\206\367\015\001\001\005\005
+\000\003\201\201\000\143\164\152\067\251\077\226\234\146\310\130
+\254\011\311\357\365\145\224\177\243\002\304\070\061\275\135\043
+\207\354\324\126\262\311\262\156\344\005\006\374\354\365\372\210
+\160\131\324\356\346\335\265\172\240\243\140\057\002\014\253\336
+\022\135\257\360\065\113\252\212\107\221\032\365\205\054\102\307
+\035\357\225\103\263\136\270\225\223\245\332\305\050\252\255\162
+\055\061\255\231\153\154\377\214\041\047\257\255\232\221\053\307
+\335\130\303\156\007\305\237\171\322\307\214\125\277\114\307\047
+\136\121\026\053\076
+END
+
+# Trust for Certificate "Explicitly Distrust DigiNotar Services 1024 CA"
+# Issuer: E=info@diginotar.nl,CN=DigiNotar Services 1024 CA,O=DigiNotar,C=NL
+# Serial Number: 268435455 (0xfffffff)
+# Subject: E=info@diginotar.nl,CN=DigiNotar Services 1024 CA,O=DigiNotar,C=NL
+# Not Valid Before: Thu Jul 26 15:59:01 2007
+# Not Valid After : Mon Aug 26 16:29:01 2013
+# Fingerprint (MD5): 2F:16:68:97:4C:68:4F:CE:52:8A:EC:53:8F:93:49:F8
+# Fingerprint (SHA1): 12:3B:EA:CA:66:67:77:61:E0:EB:68:F2:FE:ED:A2:0F:20:05:55:70
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Explicitly Distrust DigiNotar Services 1024 CA"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\022\073\352\312\146\147\167\141\340\353\150\362\376\355\242\017
+\040\005\125\160
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\057\026\150\227\114\150\117\316\122\212\354\123\217\223\111\370
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\150\061\013\060\011\006\003\125\004\006\023\002\116\114\061
+\022\060\020\006\003\125\004\012\023\011\104\151\147\151\116\157
+\164\141\162\061\043\060\041\006\003\125\004\003\023\032\104\151
+\147\151\116\157\164\141\162\040\123\145\162\166\151\143\145\163
+\040\061\060\062\064\040\103\101\061\040\060\036\006\011\052\206
+\110\206\367\015\001\011\001\026\021\151\156\146\157\100\144\151
+\147\151\156\157\164\141\162\056\156\154
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\004\017\377\377\377
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Explicitly Distrust DigiNotar Cyber CA"
+#
+# Issuer: E=info@diginotar.nl,CN=DigiNotar Cyber CA,O=DigiNotar,C=NL
+# Serial Number: 268435455 (0xfffffff)
+# Subject: E=info@diginotar.nl,CN=DigiNotar Cyber CA,O=DigiNotar,C=NL
+# Not Valid Before: Wed Oct 04 10:54:12 2006
+# Not Valid After : Tue Oct 04 10:53:12 2011
+# Fingerprint (MD5): BC:BD:89:12:B4:FF:E5:F9:26:47:C8:60:36:5B:D9:54
+# Fingerprint (SHA1): A5:8E:A0:EC:F6:44:56:35:19:1D:68:5B:C7:A0:E4:1C:B0:4D:79:2E
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Explicitly Distrust DigiNotar Cyber CA"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\140\061\013\060\011\006\003\125\004\006\023\002\116\114\061
+\022\060\020\006\003\125\004\012\023\011\104\151\147\151\116\157
+\164\141\162\061\033\060\031\006\003\125\004\003\023\022\104\151
+\147\151\116\157\164\141\162\040\103\171\142\145\162\040\103\101
+\061\040\060\036\006\011\052\206\110\206\367\015\001\011\001\026
+\021\151\156\146\157\100\144\151\147\151\156\157\164\141\162\056
+\156\154
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\140\061\013\060\011\006\003\125\004\006\023\002\116\114\061
+\022\060\020\006\003\125\004\012\023\011\104\151\147\151\116\157
+\164\141\162\061\033\060\031\006\003\125\004\003\023\022\104\151
+\147\151\116\157\164\141\162\040\103\171\142\145\162\040\103\101
+\061\040\060\036\006\011\052\206\110\206\367\015\001\011\001\026
+\021\151\156\146\157\100\144\151\147\151\156\157\164\141\162\056
+\156\154
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\004\017\377\377\377
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\105\060\202\004\256\240\003\002\001\002\002\004\017
+\377\377\377\060\015\006\011\052\206\110\206\367\015\001\001\005
+\005\000\060\140\061\013\060\011\006\003\125\004\006\023\002\116
+\114\061\022\060\020\006\003\125\004\012\023\011\104\151\147\151
+\116\157\164\141\162\061\033\060\031\006\003\125\004\003\023\022
+\104\151\147\151\116\157\164\141\162\040\103\171\142\145\162\040
+\103\101\061\040\060\036\006\011\052\206\110\206\367\015\001\011
+\001\026\021\151\156\146\157\100\144\151\147\151\156\157\164\141
+\162\056\156\154\060\036\027\015\060\066\061\060\060\064\061\060
+\065\064\061\062\132\027\015\061\061\061\060\060\064\061\060\065
+\063\061\062\132\060\140\061\013\060\011\006\003\125\004\006\023
+\002\116\114\061\022\060\020\006\003\125\004\012\023\011\104\151
+\147\151\116\157\164\141\162\061\033\060\031\006\003\125\004\003
+\023\022\104\151\147\151\116\157\164\141\162\040\103\171\142\145
+\162\040\103\101\061\040\060\036\006\011\052\206\110\206\367\015
+\001\011\001\026\021\151\156\146\157\100\144\151\147\151\156\157
+\164\141\162\056\156\154\060\202\002\042\060\015\006\011\052\206
+\110\206\367\015\001\001\001\005\000\003\202\002\017\000\060\202
+\002\012\002\202\002\001\000\322\316\025\012\055\250\136\204\147
+\255\375\276\357\106\307\310\271\317\163\374\364\064\271\371\054
+\103\347\140\023\075\172\343\262\317\073\147\154\220\255\300\271
+\077\204\122\360\065\102\334\164\334\050\073\275\122\264\247\254
+\162\105\027\306\360\211\353\264\252\045\362\135\113\136\321\331
+\207\272\326\175\174\365\316\062\237\020\063\305\261\112\273\136
+\221\061\302\320\351\101\302\221\144\176\011\101\073\333\213\010
+\067\152\252\312\122\336\265\071\036\300\210\003\245\077\213\231
+\023\141\103\265\233\202\263\356\040\157\317\241\104\242\352\057
+\153\100\237\217\053\127\255\241\123\302\205\042\151\235\240\077
+\121\337\013\101\221\015\245\341\250\252\134\111\010\135\275\336
+\160\101\261\017\311\143\153\323\177\064\164\002\057\064\132\170
+\165\034\150\172\201\147\212\363\332\100\360\140\143\364\222\040
+\327\003\246\075\243\036\147\304\204\033\101\245\311\214\346\275
+\352\110\266\005\026\010\263\067\022\132\367\141\074\367\070\157
+\056\227\340\157\126\070\124\323\050\265\255\024\156\056\113\144
+\265\047\145\267\165\045\011\266\007\075\225\126\002\012\202\140
+\262\163\105\340\063\046\121\164\232\271\324\120\034\366\115\133
+\133\122\122\023\132\246\177\247\016\341\350\101\124\147\230\214
+\207\325\311\323\154\313\323\124\222\006\011\064\101\367\201\157
+\077\236\311\174\165\125\260\347\301\263\167\350\303\304\000\065
+\225\100\160\020\112\005\336\045\273\237\131\245\144\274\107\140
+\277\140\343\166\213\023\125\335\341\164\172\271\317\044\246\152
+\177\336\144\042\104\130\150\202\152\020\371\075\345\076\033\271
+\275\374\042\364\140\004\211\273\125\155\050\125\372\336\216\215
+\033\041\024\327\067\213\064\173\115\366\262\262\020\317\063\261
+\175\034\142\231\110\313\053\154\166\226\125\277\031\015\035\037
+\273\145\252\033\216\231\265\306\050\220\345\202\055\170\120\040
+\232\375\171\057\044\177\360\211\051\151\364\175\315\163\276\263
+\355\116\301\321\355\122\136\217\367\270\327\215\207\255\262\331
+\033\121\022\377\126\263\341\257\064\175\134\244\170\210\020\236
+\235\003\306\245\252\242\044\121\367\111\024\305\261\356\131\103
+\225\337\253\150\050\060\077\002\003\001\000\001\243\202\001\206
+\060\202\001\202\060\022\006\003\125\035\023\001\001\377\004\010
+\060\006\001\001\377\002\001\001\060\123\006\003\125\035\040\004
+\114\060\112\060\110\006\011\053\006\001\004\001\261\076\001\000
+\060\073\060\071\006\010\053\006\001\005\005\007\002\001\026\055
+\150\164\164\160\072\057\057\167\167\167\056\160\165\142\154\151
+\143\055\164\162\165\163\164\056\143\157\155\057\103\120\123\057
+\117\155\156\151\122\157\157\164\056\150\164\155\154\060\016\006
+\003\125\035\017\001\001\377\004\004\003\002\001\006\060\201\240
+\006\003\125\035\043\004\201\230\060\201\225\200\024\246\014\035
+\237\141\377\007\027\265\277\070\106\333\103\060\325\216\260\122
+\006\241\171\244\167\060\165\061\013\060\011\006\003\125\004\006
+\023\002\125\123\061\030\060\026\006\003\125\004\012\023\017\107
+\124\105\040\103\157\162\160\157\162\141\164\151\157\156\061\047
+\060\045\006\003\125\004\013\023\036\107\124\105\040\103\171\142
+\145\162\124\162\165\163\164\040\123\157\154\165\164\151\157\156
+\163\054\040\111\156\143\056\061\043\060\041\006\003\125\004\003
+\023\032\107\124\105\040\103\171\142\145\162\124\162\165\163\164
+\040\107\154\157\142\141\154\040\122\157\157\164\202\002\001\245
+\060\105\006\003\125\035\037\004\076\060\074\060\072\240\070\240
+\066\206\064\150\164\164\160\072\057\057\167\167\167\056\160\165
+\142\154\151\143\055\164\162\165\163\164\056\143\157\155\057\143
+\147\151\055\142\151\156\057\103\122\114\057\062\060\061\070\057
+\143\144\160\056\143\162\154\060\035\006\003\125\035\016\004\026
+\004\024\253\371\150\337\317\112\067\327\173\105\214\137\162\336
+\100\104\303\145\273\302\060\015\006\011\052\206\110\206\367\015
+\001\001\005\005\000\003\201\201\000\217\150\153\245\133\007\272
+\104\146\016\034\250\134\060\173\063\344\012\046\004\374\357\236
+\032\070\326\056\241\037\320\231\107\302\165\144\044\375\236\073
+\050\166\271\046\050\141\221\014\155\054\370\004\237\174\120\001
+\325\343\151\257\357\025\322\105\233\044\011\052\146\005\117\045
+\201\312\135\276\252\301\131\047\256\063\216\202\367\337\164\260
+\125\263\216\370\347\067\310\156\252\126\104\366\275\123\201\043
+\226\075\264\372\062\212\123\146\104\045\242\045\306\246\074\045
+\214\360\340\050\006\042\267\046\101
+END
+
+# Trust for Certificate "Explicitly Distrust DigiNotar Cyber CA"
+# Issuer: E=info@diginotar.nl,CN=DigiNotar Cyber CA,O=DigiNotar,C=NL
+# Serial Number: 268435455 (0xfffffff)
+# Subject: E=info@diginotar.nl,CN=DigiNotar Cyber CA,O=DigiNotar,C=NL
+# Not Valid Before: Wed Oct 04 10:54:12 2006
+# Not Valid After : Tue Oct 04 10:53:12 2011
+# Fingerprint (MD5): BC:BD:89:12:B4:FF:E5:F9:26:47:C8:60:36:5B:D9:54
+# Fingerprint (SHA1): A5:8E:A0:EC:F6:44:56:35:19:1D:68:5B:C7:A0:E4:1C:B0:4D:79:2E
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Explicitly Distrust DigiNotar Cyber CA"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\245\216\240\354\366\104\126\065\031\035\150\133\307\240\344\034
+\260\115\171\056
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\274\275\211\022\264\377\345\371\046\107\310\140\066\133\331\124
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\140\061\013\060\011\006\003\125\004\006\023\002\116\114\061
+\022\060\020\006\003\125\004\012\023\011\104\151\147\151\116\157
+\164\141\162\061\033\060\031\006\003\125\004\003\023\022\104\151
+\147\151\116\157\164\141\162\040\103\171\142\145\162\040\103\101
+\061\040\060\036\006\011\052\206\110\206\367\015\001\011\001\026
+\021\151\156\146\157\100\144\151\147\151\156\157\164\141\162\056
+\156\154
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\004\017\377\377\377
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Explicitly Distrust DigiNotar Cyber CA 2nd"
+#
+# Issuer: CN=DigiNotar Cyber CA,O=DigiNotar,C=NL
+# Serial Number: 268435455 (0xfffffff)
+# Subject: CN=DigiNotar Cyber CA,O=DigiNotar,C=NL
+# Not Valid Before: Wed Sep 27 10:53:53 2006
+# Not Valid After : Fri Sep 20 09:44:07 2013
+# Fingerprint (MD5): F0:AE:A9:3D:F2:2C:88:DC:7C:85:1B:96:7D:5A:1C:11
+# Fingerprint (SHA1): 88:1E:45:05:0F:98:D9:59:FB:0A:35:F9:4C:0E:28:97:55:16:29:B3
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Explicitly Distrust DigiNotar Cyber CA 2nd"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\076\061\013\060\011\006\003\125\004\006\023\002\116\114\061
+\022\060\020\006\003\125\004\012\023\011\104\151\147\151\116\157
+\164\141\162\061\033\060\031\006\003\125\004\003\023\022\104\151
+\147\151\116\157\164\141\162\040\103\171\142\145\162\040\103\101
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\076\061\013\060\011\006\003\125\004\006\023\002\116\114\061
+\022\060\020\006\003\125\004\012\023\011\104\151\147\151\116\157
+\164\141\162\061\033\060\031\006\003\125\004\003\023\022\104\151
+\147\151\116\157\164\141\162\040\103\171\142\145\162\040\103\101
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\004\017\377\377\377
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\001\060\202\004\152\240\003\002\001\002\002\004\017
+\377\377\377\060\015\006\011\052\206\110\206\367\015\001\001\005
+\005\000\060\076\061\013\060\011\006\003\125\004\006\023\002\116
+\114\061\022\060\020\006\003\125\004\012\023\011\104\151\147\151
+\116\157\164\141\162\061\033\060\031\006\003\125\004\003\023\022
+\104\151\147\151\116\157\164\141\162\040\103\171\142\145\162\040
+\103\101\060\036\027\015\060\066\060\071\062\067\061\060\065\063
+\065\063\132\027\015\061\063\060\071\062\060\060\071\064\064\060
+\067\132\060\076\061\013\060\011\006\003\125\004\006\023\002\116
+\114\061\022\060\020\006\003\125\004\012\023\011\104\151\147\151
+\116\157\164\141\162\061\033\060\031\006\003\125\004\003\023\022
+\104\151\147\151\116\157\164\141\162\040\103\171\142\145\162\040
+\103\101\060\202\002\042\060\015\006\011\052\206\110\206\367\015
+\001\001\001\005\000\003\202\002\017\000\060\202\002\012\002\202
+\002\001\000\322\316\025\012\055\250\136\204\147\255\375\276\357
+\106\307\310\271\317\163\374\364\064\271\371\054\103\347\140\023
+\075\172\343\262\317\073\147\154\220\255\300\271\077\204\122\360
+\065\102\334\164\334\050\073\275\122\264\247\254\162\105\027\306
+\360\211\353\264\252\045\362\135\113\136\321\331\207\272\326\175
+\174\365\316\062\237\020\063\305\261\112\273\136\221\061\302\320
+\351\101\302\221\144\176\011\101\073\333\213\010\067\152\252\312
+\122\336\265\071\036\300\210\003\245\077\213\231\023\141\103\265
+\233\202\263\356\040\157\317\241\104\242\352\057\153\100\237\217
+\053\127\255\241\123\302\205\042\151\235\240\077\121\337\013\101
+\221\015\245\341\250\252\134\111\010\135\275\336\160\101\261\017
+\311\143\153\323\177\064\164\002\057\064\132\170\165\034\150\172
+\201\147\212\363\332\100\360\140\143\364\222\040\327\003\246\075
+\243\036\147\304\204\033\101\245\311\214\346\275\352\110\266\005
+\026\010\263\067\022\132\367\141\074\367\070\157\056\227\340\157
+\126\070\124\323\050\265\255\024\156\056\113\144\265\047\145\267
+\165\045\011\266\007\075\225\126\002\012\202\140\262\163\105\340
+\063\046\121\164\232\271\324\120\034\366\115\133\133\122\122\023
+\132\246\177\247\016\341\350\101\124\147\230\214\207\325\311\323
+\154\313\323\124\222\006\011\064\101\367\201\157\077\236\311\174
+\165\125\260\347\301\263\167\350\303\304\000\065\225\100\160\020
+\112\005\336\045\273\237\131\245\144\274\107\140\277\140\343\166
+\213\023\125\335\341\164\172\271\317\044\246\152\177\336\144\042
+\104\130\150\202\152\020\371\075\345\076\033\271\275\374\042\364
+\140\004\211\273\125\155\050\125\372\336\216\215\033\041\024\327
+\067\213\064\173\115\366\262\262\020\317\063\261\175\034\142\231
+\110\313\053\154\166\226\125\277\031\015\035\037\273\145\252\033
+\216\231\265\306\050\220\345\202\055\170\120\040\232\375\171\057
+\044\177\360\211\051\151\364\175\315\163\276\263\355\116\301\321
+\355\122\136\217\367\270\327\215\207\255\262\331\033\121\022\377
+\126\263\341\257\064\175\134\244\170\210\020\236\235\003\306\245
+\252\242\044\121\367\111\024\305\261\356\131\103\225\337\253\150
+\050\060\077\002\003\001\000\001\243\202\001\206\060\202\001\202
+\060\022\006\003\125\035\023\001\001\377\004\010\060\006\001\001
+\377\002\001\001\060\123\006\003\125\035\040\004\114\060\112\060
+\110\006\011\053\006\001\004\001\261\076\001\000\060\073\060\071
+\006\010\053\006\001\005\005\007\002\001\026\055\150\164\164\160
+\072\057\057\167\167\167\056\160\165\142\154\151\143\055\164\162
+\165\163\164\056\143\157\155\057\103\120\123\057\117\155\156\151
+\122\157\157\164\056\150\164\155\154\060\016\006\003\125\035\017
+\001\001\377\004\004\003\002\001\006\060\201\240\006\003\125\035
+\043\004\201\230\060\201\225\200\024\246\014\035\237\141\377\007
+\027\265\277\070\106\333\103\060\325\216\260\122\006\241\171\244
+\167\060\165\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\030\060\026\006\003\125\004\012\023\017\107\124\105\040\103
+\157\162\160\157\162\141\164\151\157\156\061\047\060\045\006\003
+\125\004\013\023\036\107\124\105\040\103\171\142\145\162\124\162
+\165\163\164\040\123\157\154\165\164\151\157\156\163\054\040\111
+\156\143\056\061\043\060\041\006\003\125\004\003\023\032\107\124
+\105\040\103\171\142\145\162\124\162\165\163\164\040\107\154\157
+\142\141\154\040\122\157\157\164\202\002\001\245\060\105\006\003
+\125\035\037\004\076\060\074\060\072\240\070\240\066\206\064\150
+\164\164\160\072\057\057\167\167\167\056\160\165\142\154\151\143
+\055\164\162\165\163\164\056\143\157\155\057\143\147\151\055\142
+\151\156\057\103\122\114\057\062\060\061\070\057\143\144\160\056
+\143\162\154\060\035\006\003\125\035\016\004\026\004\024\253\371
+\150\337\317\112\067\327\173\105\214\137\162\336\100\104\303\145
+\273\302\060\015\006\011\052\206\110\206\367\015\001\001\005\005
+\000\003\201\201\000\011\312\142\017\215\273\112\340\324\172\065
+\053\006\055\321\050\141\266\254\001\373\203\111\274\256\324\057
+\055\206\256\031\203\245\326\035\023\342\027\276\376\062\164\351
+\172\024\070\312\224\136\367\051\001\151\161\033\221\032\375\243
+\273\252\035\312\173\342\026\375\241\243\016\363\014\137\262\341
+\040\061\224\053\136\222\166\355\372\351\265\043\246\277\012\073
+\003\251\157\122\140\124\315\137\351\267\057\174\242\047\375\101
+\203\165\266\015\373\170\046\363\261\105\351\062\225\052\032\065
+\041\225\305\242\165
+END
+
+# Trust for Certificate "Explicitly Distrust DigiNotar Cyber CA 2nd"
+# Issuer: CN=DigiNotar Cyber CA,O=DigiNotar,C=NL
+# Serial Number: 268435455 (0xfffffff)
+# Subject: CN=DigiNotar Cyber CA,O=DigiNotar,C=NL
+# Not Valid Before: Wed Sep 27 10:53:53 2006
+# Not Valid After : Fri Sep 20 09:44:07 2013
+# Fingerprint (MD5): F0:AE:A9:3D:F2:2C:88:DC:7C:85:1B:96:7D:5A:1C:11
+# Fingerprint (SHA1): 88:1E:45:05:0F:98:D9:59:FB:0A:35:F9:4C:0E:28:97:55:16:29:B3
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Explicitly Distrust DigiNotar Cyber CA 2nd"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\210\036\105\005\017\230\331\131\373\012\065\371\114\016\050\227
+\125\026\051\263
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\360\256\251\075\362\054\210\334\174\205\033\226\175\132\034\021
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\076\061\013\060\011\006\003\125\004\006\023\002\116\114\061
+\022\060\020\006\003\125\004\012\023\011\104\151\147\151\116\157
+\164\141\162\061\033\060\031\006\003\125\004\003\023\022\104\151
+\147\151\116\157\164\141\162\040\103\171\142\145\162\040\103\101
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\004\017\377\377\377
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Explicitly Distrusted DigiNotar PKIoverheid"
+#
+# Issuer: CN=DigiNotar PKIoverheid CA Overheid en Bedrijven,O=DigiNotar B.V.,C=NL
+# Serial Number: 268435455 (0xfffffff)
+# Subject: CN=DigiNotar PKIoverheid CA Overheid en Bedrijven,O=DigiNotar B.V.,C=NL
+# Not Valid Before: Thu Jul 05 08:42:08 2007
+# Not Valid After : Mon Jul 27 08:39:47 2015
+# Fingerprint (MD5): A3:CF:B3:FF:F9:4F:A7:B1:EB:3A:75:58:4E:2E:9F:EA
+# Fingerprint (SHA1): A7:A8:C9:AC:F4:5F:90:92:76:86:B8:C0:A2:0E:93:58:7D:DE:30:E4
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Explicitly Distrusted DigiNotar PKIoverheid"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\137\061\013\060\011\006\003\125\004\006\023\002\116\114\061
+\027\060\025\006\003\125\004\012\023\016\104\151\147\151\116\157
+\164\141\162\040\102\056\126\056\061\067\060\065\006\003\125\004
+\003\023\056\104\151\147\151\116\157\164\141\162\040\120\113\111
+\157\166\145\162\150\145\151\144\040\103\101\040\117\166\145\162
+\150\145\151\144\040\145\156\040\102\145\144\162\151\152\166\145
+\156
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\137\061\013\060\011\006\003\125\004\006\023\002\116\114\061
+\027\060\025\006\003\125\004\012\023\016\104\151\147\151\116\157
+\164\141\162\040\102\056\126\056\061\067\060\065\006\003\125\004
+\003\023\056\104\151\147\151\116\157\164\141\162\040\120\113\111
+\157\166\145\162\150\145\151\144\040\103\101\040\117\166\145\162
+\150\145\151\144\040\145\156\040\102\145\144\162\151\152\166\145
+\156
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\004\017\377\377\377
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\004\216\060\202\003\166\240\003\002\001\002\002\004\017
+\377\377\377\060\015\006\011\052\206\110\206\367\015\001\001\005
+\005\000\060\137\061\013\060\011\006\003\125\004\006\023\002\116
+\114\061\027\060\025\006\003\125\004\012\023\016\104\151\147\151
+\116\157\164\141\162\040\102\056\126\056\061\067\060\065\006\003
+\125\004\003\023\056\104\151\147\151\116\157\164\141\162\040\120
+\113\111\157\166\145\162\150\145\151\144\040\103\101\040\117\166
+\145\162\150\145\151\144\040\145\156\040\102\145\144\162\151\152
+\166\145\156\060\036\027\015\060\067\060\067\060\065\060\070\064
+\062\060\070\132\027\015\061\065\060\067\062\067\060\070\063\071
+\064\067\132\060\137\061\013\060\011\006\003\125\004\006\023\002
+\116\114\061\027\060\025\006\003\125\004\012\023\016\104\151\147
+\151\116\157\164\141\162\040\102\056\126\056\061\067\060\065\006
+\003\125\004\003\023\056\104\151\147\151\116\157\164\141\162\040
+\120\113\111\157\166\145\162\150\145\151\144\040\103\101\040\117
+\166\145\162\150\145\151\144\040\145\156\040\102\145\144\162\151
+\152\166\145\156\060\202\001\042\060\015\006\011\052\206\110\206
+\367\015\001\001\001\005\000\003\202\001\017\000\060\202\001\012
+\002\202\001\001\000\334\275\322\247\116\152\012\273\073\242\205
+\341\177\000\255\276\264\060\150\230\007\315\240\172\304\224\317
+\161\371\212\067\344\123\353\127\166\314\213\346\154\376\356\207
+\125\310\076\273\004\071\000\247\200\170\254\133\117\176\364\275
+\270\124\270\161\073\007\061\111\071\223\124\174\040\073\171\053
+\217\273\141\220\175\261\254\346\037\220\056\235\105\001\251\144
+\055\115\303\057\271\347\120\325\116\052\134\253\166\166\067\106
+\327\171\354\102\231\367\242\354\244\211\160\334\070\053\207\246
+\252\044\346\235\222\044\033\276\366\375\324\057\031\027\172\346
+\062\007\224\124\005\123\103\351\154\274\257\107\313\274\313\375
+\275\073\104\022\201\361\153\113\273\355\264\317\253\045\117\030
+\322\314\002\374\243\117\265\102\063\313\131\315\011\334\323\120
+\375\240\166\214\254\176\146\212\102\366\255\034\222\363\266\373
+\024\106\353\115\327\057\060\340\155\356\133\066\276\104\164\267
+\040\005\127\205\115\350\000\031\242\366\014\346\256\241\300\102
+\337\247\254\202\135\307\150\267\030\346\211\113\232\153\372\316
+\171\371\363\054\247\002\003\001\000\001\243\202\001\120\060\202
+\001\114\060\110\006\003\125\035\040\004\101\060\077\060\075\006
+\004\125\035\040\000\060\065\060\063\006\010\053\006\001\005\005
+\007\002\001\026\047\150\164\164\160\072\057\057\167\167\167\056
+\144\151\147\151\156\157\164\141\162\056\156\154\057\143\160\163
+\057\160\153\151\157\166\145\162\150\145\151\144\060\017\006\003
+\125\035\023\001\001\377\004\005\060\003\001\001\377\060\016\006
+\003\125\035\017\001\001\377\004\004\003\002\001\006\060\201\200
+\006\003\125\035\043\004\171\060\167\200\024\013\206\326\017\167
+\243\150\261\373\144\011\303\210\156\134\004\034\127\351\075\241
+\131\244\127\060\125\061\013\060\011\006\003\125\004\006\023\002
+\116\114\061\036\060\034\006\003\125\004\012\023\025\123\164\141
+\141\164\040\144\145\162\040\116\145\144\145\162\154\141\156\144
+\145\156\061\046\060\044\006\003\125\004\003\023\035\123\164\141
+\141\164\040\144\145\162\040\116\145\144\145\162\154\141\156\144
+\145\156\040\122\157\157\164\040\103\101\202\004\000\230\232\171
+\060\075\006\003\125\035\037\004\066\060\064\060\062\240\060\240
+\056\206\054\150\164\164\160\072\057\057\143\162\154\056\160\153
+\151\157\166\145\162\150\145\151\144\056\156\154\057\104\157\155
+\117\166\114\141\164\145\163\164\103\122\114\056\143\162\154\060
+\035\006\003\125\035\016\004\026\004\024\114\010\311\215\166\361
+\230\307\076\337\074\327\057\165\015\261\166\171\227\314\060\015
+\006\011\052\206\110\206\367\015\001\001\005\005\000\003\202\001
+\001\000\014\224\207\032\277\115\343\205\342\356\327\330\143\171
+\016\120\337\306\204\133\322\273\331\365\061\012\032\065\227\164
+\337\024\372\052\017\076\355\240\343\010\366\325\116\133\257\246
+\256\045\342\105\153\042\017\267\124\050\176\222\336\215\024\154
+\321\034\345\156\164\004\234\267\357\064\104\105\337\311\203\035
+\031\037\300\051\151\337\211\325\077\302\260\123\155\345\116\027
+\344\163\141\043\023\046\161\103\375\114\131\313\303\337\042\252
+\041\053\331\277\225\021\032\212\244\342\253\247\135\113\157\051
+\365\122\321\344\322\025\261\213\376\360\003\317\247\175\351\231
+\207\070\263\015\163\024\344\162\054\341\316\365\255\006\110\144
+\372\323\051\271\242\330\273\364\325\013\245\100\104\103\216\240
+\277\316\132\245\122\114\144\323\027\061\141\314\350\244\212\350
+\344\210\373\351\345\057\006\063\063\233\224\146\146\261\253\120
+\072\241\011\201\164\123\132\047\271\246\322\045\317\323\303\247
+\377\226\320\057\352\340\036\215\122\351\030\034\040\012\107\240
+\226\126\016\100\220\121\104\254\032\375\361\356\205\037\367\102
+\132\145
+END
+
+# Trust for Certificate "Explicitly Distrusted DigiNotar PKIoverheid"
+# Issuer: CN=DigiNotar PKIoverheid CA Overheid en Bedrijven,O=DigiNotar B.V.,C=NL
+# Serial Number: 268435455 (0xfffffff)
+# Subject: CN=DigiNotar PKIoverheid CA Overheid en Bedrijven,O=DigiNotar B.V.,C=NL
+# Not Valid Before: Thu Jul 05 08:42:08 2007
+# Not Valid After : Mon Jul 27 08:39:47 2015
+# Fingerprint (MD5): A3:CF:B3:FF:F9:4F:A7:B1:EB:3A:75:58:4E:2E:9F:EA
+# Fingerprint (SHA1): A7:A8:C9:AC:F4:5F:90:92:76:86:B8:C0:A2:0E:93:58:7D:DE:30:E4
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Explicitly Distrusted DigiNotar PKIoverheid"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\247\250\311\254\364\137\220\222\166\206\270\300\242\016\223\130
+\175\336\060\344
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\243\317\263\377\371\117\247\261\353\072\165\130\116\056\237\352
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\137\061\013\060\011\006\003\125\004\006\023\002\116\114\061
+\027\060\025\006\003\125\004\012\023\016\104\151\147\151\116\157
+\164\141\162\040\102\056\126\056\061\067\060\065\006\003\125\004
+\003\023\056\104\151\147\151\116\157\164\141\162\040\120\113\111
+\157\166\145\162\150\145\151\144\040\103\101\040\117\166\145\162
+\150\145\151\144\040\145\156\040\102\145\144\162\151\152\166\145
+\156
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\004\017\377\377\377
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
 # Certificate "Explicitly Distrusted DigiNotar PKIoverheid G2"
 #
 # Issuer: CN=DigiNotar PKIoverheid CA Organisatie - G2,O=DigiNotar B.V.,C=NL
@@ -12213,6 +15746,315 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
+# Certificate "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (cyb)"
+#
+# Issuer: CN=GTE CyberTrust Global Root,OU="GTE CyberTrust Solutions, Inc.",O=GTE Corporation,C=US
+# Serial Number:07:ff:ff:ff:ff:ff
+# Subject: CN=Digisign Server ID (Enrich),OU=457608-K,O=Digicert Sdn. Bhd.,C=MY
+# Not Valid Before: Tue Jul 17 15:17:49 2007
+# Not Valid After : Tue Jul 17 15:16:55 2012
+# Fingerprint (MD5): D2:DE:AE:50:A4:98:2D:6F:37:B7:86:52:C8:2D:4B:6A
+# Fingerprint (SHA1): 55:50:AF:EC:BF:E8:C3:AD:C4:0B:E3:AD:0C:A7:E4:15:8C:39:59:4F
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (cyb)"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\143\061\013\060\011\006\003\125\004\006\023\002\115\131\061
+\033\060\031\006\003\125\004\012\023\022\104\151\147\151\143\145
+\162\164\040\123\144\156\056\040\102\150\144\056\061\021\060\017
+\006\003\125\004\013\023\010\064\065\067\066\060\070\055\113\061
+\044\060\042\006\003\125\004\003\023\033\104\151\147\151\163\151
+\147\156\040\123\145\162\166\145\162\040\111\104\040\050\105\156
+\162\151\143\150\051
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\165\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\030\060\026\006\003\125\004\012\023\017\107\124\105\040\103\157
+\162\160\157\162\141\164\151\157\156\061\047\060\045\006\003\125
+\004\013\023\036\107\124\105\040\103\171\142\145\162\124\162\165
+\163\164\040\123\157\154\165\164\151\157\156\163\054\040\111\156
+\143\056\061\043\060\041\006\003\125\004\003\023\032\107\124\105
+\040\103\171\142\145\162\124\162\165\163\164\040\107\154\157\142
+\141\154\040\122\157\157\164
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\006\007\377\377\377\377\377
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\003\315\060\202\003\066\240\003\002\001\002\002\006\007
+\377\377\377\377\377\060\015\006\011\052\206\110\206\367\015\001
+\001\005\005\000\060\165\061\013\060\011\006\003\125\004\006\023
+\002\125\123\061\030\060\026\006\003\125\004\012\023\017\107\124
+\105\040\103\157\162\160\157\162\141\164\151\157\156\061\047\060
+\045\006\003\125\004\013\023\036\107\124\105\040\103\171\142\145
+\162\124\162\165\163\164\040\123\157\154\165\164\151\157\156\163
+\054\040\111\156\143\056\061\043\060\041\006\003\125\004\003\023
+\032\107\124\105\040\103\171\142\145\162\124\162\165\163\164\040
+\107\154\157\142\141\154\040\122\157\157\164\060\036\027\015\060
+\067\060\067\061\067\061\065\061\067\064\071\132\027\015\061\062
+\060\067\061\067\061\065\061\066\065\065\132\060\143\061\013\060
+\011\006\003\125\004\006\023\002\115\131\061\033\060\031\006\003
+\125\004\012\023\022\104\151\147\151\143\145\162\164\040\123\144
+\156\056\040\102\150\144\056\061\021\060\017\006\003\125\004\013
+\023\010\064\065\067\066\060\070\055\113\061\044\060\042\006\003
+\125\004\003\023\033\104\151\147\151\163\151\147\156\040\123\145
+\162\166\145\162\040\111\104\040\050\105\156\162\151\143\150\051
+\060\201\237\060\015\006\011\052\206\110\206\367\015\001\001\001
+\005\000\003\201\215\000\060\201\211\002\201\201\000\255\250\144
+\113\115\207\307\204\131\271\373\220\106\240\246\211\300\361\376
+\325\332\124\202\067\015\231\053\105\046\012\350\126\260\177\312
+\250\364\216\107\204\001\202\051\343\263\152\265\221\363\373\225
+\205\274\162\250\144\350\012\100\234\305\364\161\256\173\173\152
+\007\352\220\024\117\215\211\257\224\253\262\006\324\002\152\173
+\230\037\131\271\072\315\124\372\040\337\262\052\012\351\270\335
+\151\220\300\051\323\116\320\227\355\146\314\305\031\111\006\177
+\372\136\054\174\173\205\033\062\102\337\173\225\045\002\003\001
+\000\001\243\202\001\170\060\202\001\164\060\022\006\003\125\035
+\023\001\001\377\004\010\060\006\001\001\377\002\001\000\060\134
+\006\003\125\035\040\004\125\060\123\060\110\006\011\053\006\001
+\004\001\261\076\001\000\060\073\060\071\006\010\053\006\001\005
+\005\007\002\001\026\055\150\164\164\160\072\057\057\143\171\142
+\145\162\164\162\165\163\164\056\157\155\156\151\162\157\157\164
+\056\143\157\155\057\162\145\160\157\163\151\164\157\162\171\056
+\143\146\155\060\007\006\005\140\203\112\001\001\060\016\006\003
+\125\035\017\001\001\377\004\004\003\002\001\346\060\201\211\006
+\003\125\035\043\004\201\201\060\177\241\171\244\167\060\165\061
+\013\060\011\006\003\125\004\006\023\002\125\123\061\030\060\026
+\006\003\125\004\012\023\017\107\124\105\040\103\157\162\160\157
+\162\141\164\151\157\156\061\047\060\045\006\003\125\004\013\023
+\036\107\124\105\040\103\171\142\145\162\124\162\165\163\164\040
+\123\157\154\165\164\151\157\156\163\054\040\111\156\143\056\061
+\043\060\041\006\003\125\004\003\023\032\107\124\105\040\103\171
+\142\145\162\124\162\165\163\164\040\107\154\157\142\141\154\040
+\122\157\157\164\202\002\001\245\060\105\006\003\125\035\037\004
+\076\060\074\060\072\240\070\240\066\206\064\150\164\164\160\072
+\057\057\167\167\167\056\160\165\142\154\151\143\055\164\162\165
+\163\164\056\143\157\155\057\143\147\151\055\142\151\156\057\103
+\122\114\057\062\060\061\070\057\143\144\160\056\143\162\154\060
+\035\006\003\125\035\016\004\026\004\024\306\026\223\116\026\027
+\354\026\256\214\224\166\363\206\155\305\164\156\204\167\060\015
+\006\011\052\206\110\206\367\015\001\001\005\005\000\003\201\201
+\000\166\000\173\246\170\053\146\035\216\136\066\306\244\216\005
+\362\043\222\174\223\147\323\364\300\012\175\213\055\331\352\325
+\157\032\363\341\112\051\132\042\204\115\120\057\113\014\362\377
+\205\302\173\125\324\104\202\276\155\254\147\216\274\264\037\222
+\234\121\200\032\024\366\156\253\141\210\013\255\034\177\367\113
+\120\121\326\145\033\246\107\161\025\136\260\161\363\065\024\362
+\067\275\143\310\325\360\223\132\064\137\330\075\350\135\367\305
+\036\300\345\317\037\206\044\251\074\007\146\315\301\322\066\143
+\131
+END
+
+# Trust for Certificate "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (cyb)"
+# Issuer: CN=GTE CyberTrust Global Root,OU="GTE CyberTrust Solutions, Inc.",O=GTE Corporation,C=US
+# Serial Number:07:ff:ff:ff:ff:ff
+# Subject: CN=Digisign Server ID (Enrich),OU=457608-K,O=Digicert Sdn. Bhd.,C=MY
+# Not Valid Before: Tue Jul 17 15:17:49 2007
+# Not Valid After : Tue Jul 17 15:16:55 2012
+# Fingerprint (MD5): D2:DE:AE:50:A4:98:2D:6F:37:B7:86:52:C8:2D:4B:6A
+# Fingerprint (SHA1): 55:50:AF:EC:BF:E8:C3:AD:C4:0B:E3:AD:0C:A7:E4:15:8C:39:59:4F
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (cyb)"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\125\120\257\354\277\350\303\255\304\013\343\255\014\247\344\025
+\214\071\131\117
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\322\336\256\120\244\230\055\157\067\267\206\122\310\055\113\152
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\165\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\030\060\026\006\003\125\004\012\023\017\107\124\105\040\103\157
+\162\160\157\162\141\164\151\157\156\061\047\060\045\006\003\125
+\004\013\023\036\107\124\105\040\103\171\142\145\162\124\162\165
+\163\164\040\123\157\154\165\164\151\157\156\163\054\040\111\156
+\143\056\061\043\060\041\006\003\125\004\003\023\032\107\124\105
+\040\103\171\142\145\162\124\162\165\163\164\040\107\154\157\142
+\141\154\040\122\157\157\164
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\006\007\377\377\377\377\377
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (en)"
+#
+# Issuer: CN=Entrust.net Certification Authority (2048),OU=(c) 1999 Entrust.net Limited,OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.),O=Entrust.net
+# Serial Number:07:ff:ff:ff:ff:ff
+# Subject: CN=Digisign Server ID - (Enrich),OU=457608-K,O=Digicert Sdn. Bhd.,C=MY
+# Not Valid Before: Fri Jul 16 17:23:38 2010
+# Not Valid After : Thu Jul 16 17:53:38 2015
+# Fingerprint (MD5): D7:69:61:7F:35:0F:9C:46:A3:AA:EB:F8:55:FC:84:F2
+# Fingerprint (SHA1): 6B:3C:3B:80:AD:CA:A6:BA:8A:9F:54:A6:7A:ED:12:69:05:6D:31:26
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (en)"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\145\061\013\060\011\006\003\125\004\006\023\002\115\131\061
+\033\060\031\006\003\125\004\012\023\022\104\151\147\151\143\145
+\162\164\040\123\144\156\056\040\102\150\144\056\061\021\060\017
+\006\003\125\004\013\023\010\064\065\067\066\060\070\055\113\061
+\046\060\044\006\003\125\004\003\023\035\104\151\147\151\163\151
+\147\156\040\123\145\162\166\145\162\040\111\104\040\055\040\050
+\105\156\162\151\143\150\051
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\264\061\024\060\022\006\003\125\004\012\023\013\105\156
+\164\162\165\163\164\056\156\145\164\061\100\060\076\006\003\125
+\004\013\024\067\167\167\167\056\145\156\164\162\165\163\164\056
+\156\145\164\057\103\120\123\137\062\060\064\070\040\151\156\143
+\157\162\160\056\040\142\171\040\162\145\146\056\040\050\154\151
+\155\151\164\163\040\154\151\141\142\056\051\061\045\060\043\006
+\003\125\004\013\023\034\050\143\051\040\061\071\071\071\040\105
+\156\164\162\165\163\164\056\156\145\164\040\114\151\155\151\164
+\145\144\061\063\060\061\006\003\125\004\003\023\052\105\156\164
+\162\165\163\164\056\156\145\164\040\103\145\162\164\151\146\151
+\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171
+\040\050\062\060\064\070\051
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\006\007\377\377\377\377\377
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\004\320\060\202\003\270\240\003\002\001\002\002\006\007
+\377\377\377\377\377\060\015\006\011\052\206\110\206\367\015\001
+\001\005\005\000\060\201\264\061\024\060\022\006\003\125\004\012
+\023\013\105\156\164\162\165\163\164\056\156\145\164\061\100\060
+\076\006\003\125\004\013\024\067\167\167\167\056\145\156\164\162
+\165\163\164\056\156\145\164\057\103\120\123\137\062\060\064\070
+\040\151\156\143\157\162\160\056\040\142\171\040\162\145\146\056
+\040\050\154\151\155\151\164\163\040\154\151\141\142\056\051\061
+\045\060\043\006\003\125\004\013\023\034\050\143\051\040\061\071
+\071\071\040\105\156\164\162\165\163\164\056\156\145\164\040\114
+\151\155\151\164\145\144\061\063\060\061\006\003\125\004\003\023
+\052\105\156\164\162\165\163\164\056\156\145\164\040\103\145\162
+\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157
+\162\151\164\171\040\050\062\060\064\070\051\060\036\027\015\061
+\060\060\067\061\066\061\067\062\063\063\070\132\027\015\061\065
+\060\067\061\066\061\067\065\063\063\070\132\060\145\061\013\060
+\011\006\003\125\004\006\023\002\115\131\061\033\060\031\006\003
+\125\004\012\023\022\104\151\147\151\143\145\162\164\040\123\144
+\156\056\040\102\150\144\056\061\021\060\017\006\003\125\004\013
+\023\010\064\065\067\066\060\070\055\113\061\046\060\044\006\003
+\125\004\003\023\035\104\151\147\151\163\151\147\156\040\123\145
+\162\166\145\162\040\111\104\040\055\040\050\105\156\162\151\143
+\150\051\060\202\001\042\060\015\006\011\052\206\110\206\367\015
+\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002\202
+\001\001\000\305\211\344\364\015\006\100\222\131\307\032\263\065
+\321\016\114\052\063\371\370\257\312\236\177\356\271\247\155\140
+\364\124\350\157\325\233\363\033\143\061\004\150\162\321\064\026
+\214\264\027\054\227\336\163\305\330\220\025\240\032\053\365\313
+\263\110\206\104\360\035\210\114\316\101\102\032\357\365\014\336
+\376\100\332\071\040\367\006\125\072\152\235\106\301\322\157\245
+\262\310\127\076\051\243\234\340\351\205\167\146\350\230\247\044
+\176\276\300\131\040\345\104\157\266\127\330\276\316\302\145\167
+\130\306\141\101\321\164\004\310\177\111\102\305\162\251\162\026
+\356\214\335\022\135\264\112\324\321\257\120\267\330\252\165\166
+\150\255\076\135\252\060\155\141\250\253\020\133\076\023\277\063
+\340\257\104\235\070\042\133\357\114\057\246\161\046\025\046\312
+\050\214\331\372\216\216\251\242\024\065\342\233\044\210\264\364
+\177\205\235\203\117\007\241\266\024\220\066\304\064\034\215\046
+\141\155\023\157\170\276\350\217\047\307\113\204\226\243\206\150
+\014\043\276\013\354\214\224\000\251\004\212\023\220\367\337\205
+\154\014\261\002\003\001\000\001\243\202\001\064\060\202\001\060
+\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001\006
+\060\022\006\003\125\035\023\001\001\377\004\010\060\006\001\001
+\377\002\001\000\060\047\006\003\125\035\045\004\040\060\036\006
+\010\053\006\001\005\005\007\003\001\006\010\053\006\001\005\005
+\007\003\002\006\010\053\006\001\005\005\007\003\004\060\063\006
+\010\053\006\001\005\005\007\001\001\004\047\060\045\060\043\006
+\010\053\006\001\005\005\007\060\001\206\027\150\164\164\160\072
+\057\057\157\143\163\160\056\145\156\164\162\165\163\164\056\156
+\145\164\060\104\006\003\125\035\040\004\075\060\073\060\071\006
+\005\140\203\112\001\001\060\060\060\056\006\010\053\006\001\005
+\005\007\002\001\026\042\150\164\164\160\072\057\057\167\167\167
+\056\144\151\147\151\143\145\162\164\056\143\157\155\056\155\171
+\057\143\160\163\056\150\164\155\060\062\006\003\125\035\037\004
+\053\060\051\060\047\240\045\240\043\206\041\150\164\164\160\072
+\057\057\143\162\154\056\145\156\164\162\165\163\164\056\156\145
+\164\057\062\060\064\070\143\141\056\143\162\154\060\021\006\003
+\125\035\016\004\012\004\010\114\116\314\045\050\003\051\201\060
+\037\006\003\125\035\043\004\030\060\026\200\024\125\344\201\321
+\021\200\276\330\211\271\010\243\061\371\241\044\011\026\271\160
+\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\003
+\202\001\001\000\227\114\357\112\072\111\254\162\374\060\040\153
+\264\051\133\247\305\225\004\220\371\062\325\302\205\152\336\003
+\241\067\371\211\000\260\132\254\125\176\333\103\065\377\311\001
+\370\121\276\314\046\312\310\152\244\304\124\076\046\036\347\014
+\243\315\227\147\224\335\246\102\353\134\315\217\071\171\153\063
+\171\041\006\171\372\202\104\025\231\314\301\267\071\323\106\142
+\174\262\160\353\157\316\040\252\076\031\267\351\164\202\234\264
+\245\113\115\141\000\067\344\207\322\362\024\072\144\174\270\251
+\173\141\340\223\042\347\325\237\076\107\346\066\166\240\123\330
+\000\003\072\017\265\063\376\226\312\323\322\202\072\056\335\327
+\110\341\344\247\151\314\034\351\231\112\347\312\160\105\327\013
+\007\016\232\165\033\320\057\222\157\366\244\007\303\275\034\113
+\246\204\266\175\250\232\251\322\247\051\361\013\127\151\036\227
+\127\046\354\053\103\254\324\105\203\005\000\351\343\360\106\100
+\007\372\352\261\121\163\223\034\245\335\123\021\067\310\052\247
+\025\047\035\264\252\314\177\252\061\060\374\270\105\237\110\011
+\355\020\342\305
+END
+
+# Trust for Certificate "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (en)"
+# Issuer: CN=Entrust.net Certification Authority (2048),OU=(c) 1999 Entrust.net Limited,OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.),O=Entrust.net
+# Serial Number:07:ff:ff:ff:ff:ff
+# Subject: CN=Digisign Server ID - (Enrich),OU=457608-K,O=Digicert Sdn. Bhd.,C=MY
+# Not Valid Before: Fri Jul 16 17:23:38 2010
+# Not Valid After : Thu Jul 16 17:53:38 2015
+# Fingerprint (MD5): D7:69:61:7F:35:0F:9C:46:A3:AA:EB:F8:55:FC:84:F2
+# Fingerprint (SHA1): 6B:3C:3B:80:AD:CA:A6:BA:8A:9F:54:A6:7A:ED:12:69:05:6D:31:26
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (en)"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\153\074\073\200\255\312\246\272\212\237\124\246\172\355\022\151
+\005\155\061\046
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\327\151\141\177\065\017\234\106\243\252\353\370\125\374\204\362
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\264\061\024\060\022\006\003\125\004\012\023\013\105\156
+\164\162\165\163\164\056\156\145\164\061\100\060\076\006\003\125
+\004\013\024\067\167\167\167\056\145\156\164\162\165\163\164\056
+\156\145\164\057\103\120\123\137\062\060\064\070\040\151\156\143
+\157\162\160\056\040\142\171\040\162\145\146\056\040\050\154\151
+\155\151\164\163\040\154\151\141\142\056\051\061\045\060\043\006
+\003\125\004\013\023\034\050\143\051\040\061\071\071\071\040\105
+\156\164\162\165\163\164\056\156\145\164\040\114\151\155\151\164
+\145\144\061\063\060\061\006\003\125\004\003\023\052\105\156\164
+\162\165\163\164\056\156\145\164\040\103\145\162\164\151\146\151
+\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171
+\040\050\062\060\064\070\051
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\006\007\377\377\377\377\377
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+
+#
 # Certificate "Security Communication RootCA2"
 #
 # Issuer: OU=Security Communication RootCA2,O="SECOM Trust Systems CO.,LTD.",C=JP
@@ -13058,6 +16900,372 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
+# Certificate "StartCom Certification Authority"
+#
+# Issuer: CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL
+# Serial Number: 45 (0x2d)
+# Subject: CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL
+# Not Valid Before: Sun Sep 17 19:46:37 2006
+# Not Valid After : Wed Sep 17 19:46:36 2036
+# Fingerprint (MD5): C9:3B:0D:84:41:FC:A4:76:79:23:08:57:DE:10:19:16
+# Fingerprint (SHA1): A3:F1:33:3F:E2:42:BF:CF:C5:D1:4E:8F:39:42:98:40:68:10:D1:A0
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "StartCom Certification Authority"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\175\061\013\060\011\006\003\125\004\006\023\002\111\114\061
+\026\060\024\006\003\125\004\012\023\015\123\164\141\162\164\103
+\157\155\040\114\164\144\056\061\053\060\051\006\003\125\004\013
+\023\042\123\145\143\165\162\145\040\104\151\147\151\164\141\154
+\040\103\145\162\164\151\146\151\143\141\164\145\040\123\151\147
+\156\151\156\147\061\051\060\047\006\003\125\004\003\023\040\123
+\164\141\162\164\103\157\155\040\103\145\162\164\151\146\151\143
+\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\175\061\013\060\011\006\003\125\004\006\023\002\111\114\061
+\026\060\024\006\003\125\004\012\023\015\123\164\141\162\164\103
+\157\155\040\114\164\144\056\061\053\060\051\006\003\125\004\013
+\023\042\123\145\143\165\162\145\040\104\151\147\151\164\141\154
+\040\103\145\162\164\151\146\151\143\141\164\145\040\123\151\147
+\156\151\156\147\061\051\060\047\006\003\125\004\003\023\040\123
+\164\141\162\164\103\157\155\040\103\145\162\164\151\146\151\143
+\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\055
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\007\207\060\202\005\157\240\003\002\001\002\002\001\055
+\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060
+\175\061\013\060\011\006\003\125\004\006\023\002\111\114\061\026
+\060\024\006\003\125\004\012\023\015\123\164\141\162\164\103\157
+\155\040\114\164\144\056\061\053\060\051\006\003\125\004\013\023
+\042\123\145\143\165\162\145\040\104\151\147\151\164\141\154\040
+\103\145\162\164\151\146\151\143\141\164\145\040\123\151\147\156
+\151\156\147\061\051\060\047\006\003\125\004\003\023\040\123\164
+\141\162\164\103\157\155\040\103\145\162\164\151\146\151\143\141
+\164\151\157\156\040\101\165\164\150\157\162\151\164\171\060\036
+\027\015\060\066\060\071\061\067\061\071\064\066\063\067\132\027
+\015\063\066\060\071\061\067\061\071\064\066\063\066\132\060\175
+\061\013\060\011\006\003\125\004\006\023\002\111\114\061\026\060
+\024\006\003\125\004\012\023\015\123\164\141\162\164\103\157\155
+\040\114\164\144\056\061\053\060\051\006\003\125\004\013\023\042
+\123\145\143\165\162\145\040\104\151\147\151\164\141\154\040\103
+\145\162\164\151\146\151\143\141\164\145\040\123\151\147\156\151
+\156\147\061\051\060\047\006\003\125\004\003\023\040\123\164\141
+\162\164\103\157\155\040\103\145\162\164\151\146\151\143\141\164
+\151\157\156\040\101\165\164\150\157\162\151\164\171\060\202\002
+\042\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000
+\003\202\002\017\000\060\202\002\012\002\202\002\001\000\301\210
+\333\011\274\154\106\174\170\237\225\173\265\063\220\362\162\142
+\326\301\066\040\042\044\136\316\351\167\362\103\012\242\006\144
+\244\314\216\066\370\070\346\043\360\156\155\261\074\335\162\243
+\205\034\241\323\075\264\063\053\323\057\257\376\352\260\101\131
+\147\266\304\006\175\012\236\164\205\326\171\114\200\067\172\337
+\071\005\122\131\367\364\033\106\103\244\322\205\205\322\303\161
+\363\165\142\064\272\054\212\177\036\217\356\355\064\320\021\307
+\226\315\122\075\272\063\326\335\115\336\013\073\112\113\237\302
+\046\057\372\265\026\034\162\065\167\312\074\135\346\312\341\046
+\213\032\066\166\134\001\333\164\024\045\376\355\265\240\210\017
+\335\170\312\055\037\007\227\060\001\055\162\171\372\106\326\023
+\052\250\271\246\253\203\111\035\345\362\357\335\344\001\216\030
+\012\217\143\123\026\205\142\251\016\031\072\314\265\146\246\302
+\153\164\007\344\053\341\166\076\264\155\330\366\104\341\163\142
+\037\073\304\276\240\123\126\045\154\121\011\367\252\253\312\277
+\166\375\155\233\363\235\333\277\075\146\274\014\126\252\257\230
+\110\225\072\113\337\247\130\120\331\070\165\251\133\352\103\014
+\002\377\231\353\350\154\115\160\133\051\145\234\335\252\135\314
+\257\001\061\354\014\353\322\215\350\352\234\173\346\156\367\047
+\146\014\032\110\327\156\102\343\077\336\041\076\173\341\015\160
+\373\143\252\250\154\032\124\264\134\045\172\311\242\311\213\026
+\246\273\054\176\027\136\005\115\130\156\022\035\001\356\022\020
+\015\306\062\177\030\377\374\364\372\315\156\221\350\066\111\276
+\032\110\151\213\302\226\115\032\022\262\151\027\301\012\220\326
+\372\171\042\110\277\272\173\151\370\160\307\372\172\067\330\330
+\015\322\166\117\127\377\220\267\343\221\322\335\357\302\140\267
+\147\072\335\376\252\234\360\324\213\177\162\042\316\306\237\227
+\266\370\257\212\240\020\250\331\373\030\306\266\265\134\122\074
+\211\266\031\052\163\001\012\017\003\263\022\140\362\172\057\201
+\333\243\156\377\046\060\227\365\213\335\211\127\266\255\075\263
+\257\053\305\267\166\002\360\245\326\053\232\206\024\052\162\366
+\343\063\214\135\011\113\023\337\273\214\164\023\122\113\002\003
+\001\000\001\243\202\002\020\060\202\002\014\060\017\006\003\125
+\035\023\001\001\377\004\005\060\003\001\001\377\060\016\006\003
+\125\035\017\001\001\377\004\004\003\002\001\006\060\035\006\003
+\125\035\016\004\026\004\024\116\013\357\032\244\100\133\245\027
+\151\207\060\312\064\150\103\320\101\256\362\060\037\006\003\125
+\035\043\004\030\060\026\200\024\116\013\357\032\244\100\133\245
+\027\151\207\060\312\064\150\103\320\101\256\362\060\202\001\132
+\006\003\125\035\040\004\202\001\121\060\202\001\115\060\202\001
+\111\006\013\053\006\001\004\001\201\265\067\001\001\001\060\202
+\001\070\060\056\006\010\053\006\001\005\005\007\002\001\026\042
+\150\164\164\160\072\057\057\167\167\167\056\163\164\141\162\164
+\163\163\154\056\143\157\155\057\160\157\154\151\143\171\056\160
+\144\146\060\064\006\010\053\006\001\005\005\007\002\001\026\050
+\150\164\164\160\072\057\057\167\167\167\056\163\164\141\162\164
+\163\163\154\056\143\157\155\057\151\156\164\145\162\155\145\144
+\151\141\164\145\056\160\144\146\060\201\317\006\010\053\006\001
+\005\005\007\002\002\060\201\302\060\047\026\040\123\164\141\162
+\164\040\103\157\155\155\145\162\143\151\141\154\040\050\123\164
+\141\162\164\103\157\155\051\040\114\164\144\056\060\003\002\001
+\001\032\201\226\114\151\155\151\164\145\144\040\114\151\141\142
+\151\154\151\164\171\054\040\162\145\141\144\040\164\150\145\040
+\163\145\143\164\151\157\156\040\052\114\145\147\141\154\040\114
+\151\155\151\164\141\164\151\157\156\163\052\040\157\146\040\164
+\150\145\040\123\164\141\162\164\103\157\155\040\103\145\162\164
+\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162
+\151\164\171\040\120\157\154\151\143\171\040\141\166\141\151\154
+\141\142\154\145\040\141\164\040\150\164\164\160\072\057\057\167
+\167\167\056\163\164\141\162\164\163\163\154\056\143\157\155\057
+\160\157\154\151\143\171\056\160\144\146\060\021\006\011\140\206
+\110\001\206\370\102\001\001\004\004\003\002\000\007\060\070\006
+\011\140\206\110\001\206\370\102\001\015\004\053\026\051\123\164
+\141\162\164\103\157\155\040\106\162\145\145\040\123\123\114\040
+\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101\165
+\164\150\157\162\151\164\171\060\015\006\011\052\206\110\206\367
+\015\001\001\013\005\000\003\202\002\001\000\216\217\347\334\224
+\171\174\361\205\177\237\111\157\153\312\135\373\214\376\004\305
+\301\142\321\175\102\212\274\123\267\224\003\146\060\077\261\347
+\012\247\120\040\125\045\177\166\172\024\015\353\004\016\100\346
+\076\330\210\253\007\047\203\251\165\246\067\163\307\375\113\322
+\115\255\027\100\310\106\276\073\177\121\374\303\266\005\061\334
+\315\205\042\116\161\267\362\161\136\260\032\306\272\223\213\170
+\222\112\205\370\170\017\203\376\057\255\054\367\344\244\273\055
+\320\347\015\072\270\076\316\366\170\366\256\107\044\312\243\065
+\066\316\307\306\207\230\332\354\373\351\262\316\047\233\210\303
+\004\241\366\013\131\150\257\311\333\020\017\115\366\144\143\134
+\245\022\157\222\262\223\224\307\210\027\016\223\266\176\142\213
+\220\177\253\116\237\374\343\165\024\117\052\062\337\133\015\340
+\365\173\223\015\253\241\317\207\341\245\004\105\350\074\022\245
+\011\305\260\321\267\123\363\140\024\272\205\151\152\041\174\037
+\165\141\027\040\027\173\154\073\101\051\134\341\254\132\321\315
+\214\233\353\140\035\031\354\367\345\260\332\371\171\030\245\105
+\077\111\103\127\322\335\044\325\054\243\375\221\215\047\265\345
+\353\024\006\232\114\173\041\273\072\255\060\006\030\300\330\301
+\153\054\177\131\134\135\221\261\160\042\127\353\212\153\110\112
+\325\017\051\354\306\100\300\057\210\114\150\001\027\167\364\044
+\031\117\275\372\341\262\040\041\113\335\032\330\051\175\252\270
+\336\124\354\041\125\200\154\036\365\060\310\243\020\345\262\346
+\052\024\061\303\205\055\214\230\261\206\132\117\211\131\055\271
+\307\367\034\310\212\177\300\235\005\112\346\102\117\142\243\155
+\051\244\037\205\253\333\345\201\310\255\052\075\114\135\133\204
+\046\161\304\205\136\161\044\312\245\033\154\330\141\323\032\340
+\124\333\316\272\251\062\265\042\366\163\101\011\135\270\027\135
+\016\017\231\220\326\107\332\157\012\072\142\050\024\147\202\331
+\361\320\200\131\233\313\061\330\233\017\214\167\116\265\150\212
+\362\154\366\044\016\055\154\160\305\163\321\336\024\320\161\217
+\266\323\173\002\366\343\270\324\011\156\153\236\165\204\071\346
+\177\045\245\362\110\000\300\244\001\332\077
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "StartCom Certification Authority"
+# Issuer: CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL
+# Serial Number: 45 (0x2d)
+# Subject: CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL
+# Not Valid Before: Sun Sep 17 19:46:37 2006
+# Not Valid After : Wed Sep 17 19:46:36 2036
+# Fingerprint (MD5): C9:3B:0D:84:41:FC:A4:76:79:23:08:57:DE:10:19:16
+# Fingerprint (SHA1): A3:F1:33:3F:E2:42:BF:CF:C5:D1:4E:8F:39:42:98:40:68:10:D1:A0
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "StartCom Certification Authority"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\243\361\063\077\342\102\277\317\305\321\116\217\071\102\230\100
+\150\020\321\240
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\311\073\015\204\101\374\244\166\171\043\010\127\336\020\031\026
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\175\061\013\060\011\006\003\125\004\006\023\002\111\114\061
+\026\060\024\006\003\125\004\012\023\015\123\164\141\162\164\103
+\157\155\040\114\164\144\056\061\053\060\051\006\003\125\004\013
+\023\042\123\145\143\165\162\145\040\104\151\147\151\164\141\154
+\040\103\145\162\164\151\146\151\143\141\164\145\040\123\151\147
+\156\151\156\147\061\051\060\047\006\003\125\004\003\023\040\123
+\164\141\162\164\103\157\155\040\103\145\162\164\151\146\151\143
+\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\055
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "StartCom Certification Authority G2"
+#
+# Issuer: CN=StartCom Certification Authority G2,O=StartCom Ltd.,C=IL
+# Serial Number: 59 (0x3b)
+# Subject: CN=StartCom Certification Authority G2,O=StartCom Ltd.,C=IL
+# Not Valid Before: Fri Jan 01 01:00:01 2010
+# Not Valid After : Sat Dec 31 23:59:01 2039
+# Fingerprint (MD5): 78:4B:FB:9E:64:82:0A:D3:B8:4C:62:F3:64:F2:90:64
+# Fingerprint (SHA1): 31:F1:FD:68:22:63:20:EE:C6:3B:3F:9D:EA:4A:3E:53:7C:7C:39:17
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "StartCom Certification Authority G2"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\123\061\013\060\011\006\003\125\004\006\023\002\111\114\061
+\026\060\024\006\003\125\004\012\023\015\123\164\141\162\164\103
+\157\155\040\114\164\144\056\061\054\060\052\006\003\125\004\003
+\023\043\123\164\141\162\164\103\157\155\040\103\145\162\164\151
+\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151
+\164\171\040\107\062
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\123\061\013\060\011\006\003\125\004\006\023\002\111\114\061
+\026\060\024\006\003\125\004\012\023\015\123\164\141\162\164\103
+\157\155\040\114\164\144\056\061\054\060\052\006\003\125\004\003
+\023\043\123\164\141\162\164\103\157\155\040\103\145\162\164\151
+\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151
+\164\171\040\107\062
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\073
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\143\060\202\003\113\240\003\002\001\002\002\001\073
+\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060
+\123\061\013\060\011\006\003\125\004\006\023\002\111\114\061\026
+\060\024\006\003\125\004\012\023\015\123\164\141\162\164\103\157
+\155\040\114\164\144\056\061\054\060\052\006\003\125\004\003\023
+\043\123\164\141\162\164\103\157\155\040\103\145\162\164\151\146
+\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164
+\171\040\107\062\060\036\027\015\061\060\060\061\060\061\060\061
+\060\060\060\061\132\027\015\063\071\061\062\063\061\062\063\065
+\071\060\061\132\060\123\061\013\060\011\006\003\125\004\006\023
+\002\111\114\061\026\060\024\006\003\125\004\012\023\015\123\164
+\141\162\164\103\157\155\040\114\164\144\056\061\054\060\052\006
+\003\125\004\003\023\043\123\164\141\162\164\103\157\155\040\103
+\145\162\164\151\146\151\143\141\164\151\157\156\040\101\165\164
+\150\157\162\151\164\171\040\107\062\060\202\002\042\060\015\006
+\011\052\206\110\206\367\015\001\001\001\005\000\003\202\002\017
+\000\060\202\002\012\002\202\002\001\000\266\211\066\133\007\267
+\040\066\275\202\273\341\026\040\003\225\172\257\016\243\125\311
+\045\231\112\305\320\126\101\207\220\115\041\140\244\024\207\073
+\315\375\262\076\264\147\003\152\355\341\017\113\300\221\205\160
+\105\340\102\236\336\051\043\324\001\015\240\020\171\270\333\003
+\275\363\251\057\321\306\340\017\313\236\212\024\012\270\275\366
+\126\142\361\305\162\266\062\045\331\262\363\275\145\305\015\054
+\156\325\222\157\030\213\000\101\024\202\157\100\040\046\172\050
+\017\365\036\177\047\367\224\261\067\075\267\307\221\367\342\001
+\354\375\224\211\341\314\156\323\066\326\012\031\171\256\327\064
+\202\145\377\174\102\273\266\335\013\246\064\257\113\140\376\177
+\103\111\006\213\214\103\270\126\362\331\177\041\103\027\352\247
+\110\225\001\165\165\352\053\245\103\225\352\025\204\235\010\215
+\046\156\125\233\253\334\322\071\322\061\035\140\342\254\314\126
+\105\044\365\034\124\253\356\206\335\226\062\205\370\114\117\350
+\225\166\266\005\335\066\043\147\274\377\025\342\312\073\346\246
+\354\073\354\046\021\064\110\215\366\200\053\032\043\002\353\212
+\034\072\166\052\173\126\026\034\162\052\263\252\343\140\245\000
+\237\004\233\342\157\036\024\130\133\245\154\213\130\074\303\272
+\116\072\134\367\341\226\053\076\357\007\274\244\345\135\314\115
+\237\015\341\334\252\273\341\156\032\354\217\341\266\114\115\171
+\162\135\027\065\013\035\327\301\107\332\226\044\340\320\162\250
+\132\137\146\055\020\334\057\052\023\256\046\376\012\034\031\314
+\320\076\013\234\310\011\056\371\133\226\172\107\234\351\172\363
+\005\120\164\225\163\236\060\011\363\227\202\136\346\217\071\010
+\036\131\345\065\024\102\023\377\000\234\367\276\252\120\317\342
+\121\110\327\270\157\257\370\116\176\063\230\222\024\142\072\165
+\143\317\173\372\336\202\073\251\273\071\342\304\275\054\000\016
+\310\027\254\023\357\115\045\216\330\263\220\057\251\332\051\175
+\035\257\164\072\262\047\300\301\036\076\165\243\026\251\257\172
+\042\135\237\023\032\317\247\240\353\343\206\012\323\375\346\226
+\225\327\043\310\067\335\304\174\252\066\254\230\032\022\261\340
+\116\350\261\073\365\326\157\361\060\327\002\003\001\000\001\243
+\102\060\100\060\017\006\003\125\035\023\001\001\377\004\005\060
+\003\001\001\377\060\016\006\003\125\035\017\001\001\377\004\004
+\003\002\001\006\060\035\006\003\125\035\016\004\026\004\024\113
+\305\264\100\153\255\034\263\245\034\145\156\106\066\211\207\005
+\014\016\266\060\015\006\011\052\206\110\206\367\015\001\001\013
+\005\000\003\202\002\001\000\163\127\077\054\325\225\062\176\067
+\333\226\222\353\031\136\176\123\347\101\354\021\266\107\357\265
+\336\355\164\134\305\361\216\111\340\374\156\231\023\315\237\212
+\332\315\072\012\330\072\132\011\077\137\064\320\057\003\322\146
+\035\032\275\234\220\067\310\014\216\007\132\224\105\106\052\346
+\276\172\332\241\251\244\151\022\222\260\175\066\324\104\207\327
+\121\361\051\143\326\165\315\026\344\047\211\035\370\302\062\110
+\375\333\231\320\217\137\124\164\314\254\147\064\021\142\331\014
+\012\067\207\321\243\027\110\216\322\027\035\366\327\375\333\145
+\353\375\250\324\365\326\117\244\133\165\350\305\322\140\262\333
+\011\176\045\213\173\272\122\222\236\076\350\305\167\241\074\340
+\112\163\153\141\317\206\334\103\377\377\041\376\043\135\044\112
+\365\323\155\017\142\004\005\127\202\332\156\244\063\045\171\113
+\056\124\031\213\314\054\075\060\351\321\006\377\350\062\106\276
+\265\063\166\167\250\001\135\226\301\301\325\276\256\045\300\311
+\036\012\011\040\210\241\016\311\363\157\115\202\124\000\040\247
+\322\217\344\071\124\027\056\215\036\270\033\273\033\275\232\116
+\073\020\064\334\234\210\123\357\242\061\133\130\117\221\142\310
+\302\232\232\315\025\135\070\251\326\276\370\023\265\237\022\151
+\362\120\142\254\373\027\067\364\356\270\165\147\140\020\373\203
+\120\371\104\265\165\234\100\027\262\376\375\171\135\156\130\130
+\137\060\374\000\256\257\063\301\016\116\154\272\247\246\241\177
+\062\333\070\340\261\162\027\012\053\221\354\152\143\046\355\211
+\324\170\314\164\036\005\370\153\376\214\152\166\071\051\256\145
+\043\022\225\010\042\034\227\316\133\006\356\014\342\273\274\037
+\104\223\366\330\070\105\005\041\355\344\255\253\022\266\003\244
+\102\056\055\304\011\072\003\147\151\204\232\341\131\220\212\050
+\205\325\135\164\261\321\016\040\130\233\023\245\260\143\246\355
+\173\107\375\105\125\060\244\356\232\324\346\342\207\357\230\311
+\062\202\021\051\042\274\000\012\061\136\055\017\300\216\351\153
+\262\217\056\006\330\321\221\307\306\022\364\114\375\060\027\303
+\301\332\070\133\343\251\352\346\241\272\171\357\163\330\266\123
+\127\055\366\320\341\327\110
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "StartCom Certification Authority G2"
+# Issuer: CN=StartCom Certification Authority G2,O=StartCom Ltd.,C=IL
+# Serial Number: 59 (0x3b)
+# Subject: CN=StartCom Certification Authority G2,O=StartCom Ltd.,C=IL
+# Not Valid Before: Fri Jan 01 01:00:01 2010
+# Not Valid After : Sat Dec 31 23:59:01 2039
+# Fingerprint (MD5): 78:4B:FB:9E:64:82:0A:D3:B8:4C:62:F3:64:F2:90:64
+# Fingerprint (SHA1): 31:F1:FD:68:22:63:20:EE:C6:3B:3F:9D:EA:4A:3E:53:7C:7C:39:17
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "StartCom Certification Authority G2"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\061\361\375\150\042\143\040\356\306\073\077\235\352\112\076\123
+\174\174\071\027
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\170\113\373\236\144\202\012\323\270\114\142\363\144\362\220\144
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\123\061\013\060\011\006\003\125\004\006\023\002\111\114\061
+\026\060\024\006\003\125\004\012\023\015\123\164\141\162\164\103
+\157\155\040\114\164\144\056\061\054\060\052\006\003\125\004\003
+\023\043\123\164\141\162\164\103\157\155\040\103\145\162\164\151
+\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151
+\164\171\040\107\062
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\073
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
 # Certificate "Buypass Class 2 Root CA"
 #
 # Issuer: CN=Buypass Class 2 Root CA,O=Buypass AS-983163327,C=NO
@@ -13739,6 +17947,172 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
+# Certificate "TURKTRUST Certificate Services Provider Root 2007"
+#
+# Issuer: O=T..RKTRUST Bilgi ..leti..im ve Bili..im G..venli..i Hizmetleri A...,L=Ankara,C=TR,CN=T..RKTRUST Elektronik Sertifika Hizmet Sa..lay..c..s..
+# Serial Number: 1 (0x1)
+# Subject: O=T..RKTRUST Bilgi ..leti..im ve Bili..im G..venli..i Hizmetleri A...,L=Ankara,C=TR,CN=T..RKTRUST Elektronik Sertifika Hizmet Sa..lay..c..s..
+# Not Valid Before: Tue Dec 25 18:37:19 2007
+# Not Valid After : Fri Dec 22 18:37:19 2017
+# Fingerprint (MD5): 2B:70:20:56:86:82:A0:18:C8:07:53:12:28:70:21:72
+# Fingerprint (SHA1): F1:7F:6F:B6:31:DC:99:E3:A3:C8:7F:FE:1C:F1:81:10:88:D9:60:33
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "TURKTRUST Certificate Services Provider Root 2007"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\277\061\077\060\075\006\003\125\004\003\014\066\124\303
+\234\122\113\124\122\125\123\124\040\105\154\145\153\164\162\157
+\156\151\153\040\123\145\162\164\151\146\151\153\141\040\110\151
+\172\155\145\164\040\123\141\304\237\154\141\171\304\261\143\304
+\261\163\304\261\061\013\060\011\006\003\125\004\006\023\002\124
+\122\061\017\060\015\006\003\125\004\007\014\006\101\156\153\141
+\162\141\061\136\060\134\006\003\125\004\012\014\125\124\303\234
+\122\113\124\122\125\123\124\040\102\151\154\147\151\040\304\260
+\154\145\164\151\305\237\151\155\040\166\145\040\102\151\154\151
+\305\237\151\155\040\107\303\274\166\145\156\154\151\304\237\151
+\040\110\151\172\155\145\164\154\145\162\151\040\101\056\305\236
+\056\040\050\143\051\040\101\162\141\154\304\261\153\040\062\060
+\060\067
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\277\061\077\060\075\006\003\125\004\003\014\066\124\303
+\234\122\113\124\122\125\123\124\040\105\154\145\153\164\162\157
+\156\151\153\040\123\145\162\164\151\146\151\153\141\040\110\151
+\172\155\145\164\040\123\141\304\237\154\141\171\304\261\143\304
+\261\163\304\261\061\013\060\011\006\003\125\004\006\023\002\124
+\122\061\017\060\015\006\003\125\004\007\014\006\101\156\153\141
+\162\141\061\136\060\134\006\003\125\004\012\014\125\124\303\234
+\122\113\124\122\125\123\124\040\102\151\154\147\151\040\304\260
+\154\145\164\151\305\237\151\155\040\166\145\040\102\151\154\151
+\305\237\151\155\040\107\303\274\166\145\156\154\151\304\237\151
+\040\110\151\172\155\145\164\154\145\162\151\040\101\056\305\236
+\056\040\050\143\051\040\101\162\141\154\304\261\153\040\062\060
+\060\067
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\001
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\004\075\060\202\003\045\240\003\002\001\002\002\001\001
+\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060
+\201\277\061\077\060\075\006\003\125\004\003\014\066\124\303\234
+\122\113\124\122\125\123\124\040\105\154\145\153\164\162\157\156
+\151\153\040\123\145\162\164\151\146\151\153\141\040\110\151\172
+\155\145\164\040\123\141\304\237\154\141\171\304\261\143\304\261
+\163\304\261\061\013\060\011\006\003\125\004\006\023\002\124\122
+\061\017\060\015\006\003\125\004\007\014\006\101\156\153\141\162
+\141\061\136\060\134\006\003\125\004\012\014\125\124\303\234\122
+\113\124\122\125\123\124\040\102\151\154\147\151\040\304\260\154
+\145\164\151\305\237\151\155\040\166\145\040\102\151\154\151\305
+\237\151\155\040\107\303\274\166\145\156\154\151\304\237\151\040
+\110\151\172\155\145\164\154\145\162\151\040\101\056\305\236\056
+\040\050\143\051\040\101\162\141\154\304\261\153\040\062\060\060
+\067\060\036\027\015\060\067\061\062\062\065\061\070\063\067\061
+\071\132\027\015\061\067\061\062\062\062\061\070\063\067\061\071
+\132\060\201\277\061\077\060\075\006\003\125\004\003\014\066\124
+\303\234\122\113\124\122\125\123\124\040\105\154\145\153\164\162
+\157\156\151\153\040\123\145\162\164\151\146\151\153\141\040\110
+\151\172\155\145\164\040\123\141\304\237\154\141\171\304\261\143
+\304\261\163\304\261\061\013\060\011\006\003\125\004\006\023\002
+\124\122\061\017\060\015\006\003\125\004\007\014\006\101\156\153
+\141\162\141\061\136\060\134\006\003\125\004\012\014\125\124\303
+\234\122\113\124\122\125\123\124\040\102\151\154\147\151\040\304
+\260\154\145\164\151\305\237\151\155\040\166\145\040\102\151\154
+\151\305\237\151\155\040\107\303\274\166\145\156\154\151\304\237
+\151\040\110\151\172\155\145\164\154\145\162\151\040\101\056\305
+\236\056\040\050\143\051\040\101\162\141\154\304\261\153\040\062
+\060\060\067\060\202\001\042\060\015\006\011\052\206\110\206\367
+\015\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002
+\202\001\001\000\253\267\076\012\214\310\245\130\025\346\212\357
+\047\075\112\264\350\045\323\315\063\302\040\334\031\356\210\077
+\115\142\360\335\023\167\217\141\251\052\265\324\362\271\061\130
+\051\073\057\077\152\234\157\163\166\045\356\064\040\200\356\352
+\267\360\304\012\315\053\206\224\311\343\140\261\104\122\262\132
+\051\264\221\227\203\330\267\246\024\057\051\111\242\363\005\006
+\373\264\117\332\241\154\232\146\237\360\103\011\312\352\162\217
+\353\000\327\065\071\327\126\027\107\027\060\364\276\277\077\302
+\150\257\066\100\301\251\364\251\247\350\020\153\010\212\367\206
+\036\334\232\052\025\006\366\243\360\364\340\307\024\324\121\177
+\317\264\333\155\257\107\226\027\233\167\161\330\247\161\235\044
+\014\366\224\077\205\061\022\117\272\356\116\202\270\271\076\217
+\043\067\136\314\242\252\165\367\030\157\011\323\256\247\124\050
+\064\373\341\340\073\140\175\240\276\171\211\206\310\237\055\371
+\012\113\304\120\242\347\375\171\026\307\172\013\030\317\316\114
+\357\175\326\007\157\230\361\257\261\301\172\327\201\065\270\252
+\027\264\340\313\002\003\001\000\001\243\102\060\100\060\035\006
+\003\125\035\016\004\026\004\024\051\305\220\253\045\257\021\344
+\141\277\243\377\210\141\221\346\016\376\234\201\060\016\006\003
+\125\035\017\001\001\377\004\004\003\002\001\006\060\017\006\003
+\125\035\023\001\001\377\004\005\060\003\001\001\377\060\015\006
+\011\052\206\110\206\367\015\001\001\005\005\000\003\202\001\001
+\000\020\015\332\370\072\354\050\321\024\225\202\261\022\054\121
+\172\101\045\066\114\237\354\077\037\204\235\145\124\134\250\026
+\002\100\372\156\032\067\204\357\162\235\206\012\125\235\126\050
+\254\146\054\320\072\126\223\064\007\045\255\010\260\217\310\017
+\011\131\312\235\230\034\345\124\370\271\105\177\152\227\157\210
+\150\115\112\006\046\067\210\002\016\266\306\326\162\231\316\153
+\167\332\142\061\244\126\037\256\137\215\167\332\135\366\210\374
+\032\331\236\265\201\360\062\270\343\210\320\234\363\152\240\271
+\233\024\131\065\066\117\317\363\216\136\135\027\255\025\225\330
+\335\262\325\025\156\000\116\263\113\317\146\224\344\340\315\265
+\005\332\143\127\213\345\263\252\333\300\056\034\220\104\333\032
+\135\030\244\356\276\004\133\231\325\161\137\125\145\144\142\325
+\242\233\004\131\206\310\142\167\347\174\202\105\152\075\027\277
+\354\235\165\014\256\243\157\132\323\057\230\066\364\360\365\031
+\253\021\135\310\246\343\052\130\152\102\011\303\275\222\046\146
+\062\015\135\010\125\164\377\214\230\320\012\246\204\152\321\071
+\175
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "TURKTRUST Certificate Services Provider Root 2007"
+# Issuer: O=T..RKTRUST Bilgi ..leti..im ve Bili..im G..venli..i Hizmetleri A...,L=Ankara,C=TR,CN=T..RKTRUST Elektronik Sertifika Hizmet Sa..lay..c..s..
+# Serial Number: 1 (0x1)
+# Subject: O=T..RKTRUST Bilgi ..leti..im ve Bili..im G..venli..i Hizmetleri A...,L=Ankara,C=TR,CN=T..RKTRUST Elektronik Sertifika Hizmet Sa..lay..c..s..
+# Not Valid Before: Tue Dec 25 18:37:19 2007
+# Not Valid After : Fri Dec 22 18:37:19 2017
+# Fingerprint (MD5): 2B:70:20:56:86:82:A0:18:C8:07:53:12:28:70:21:72
+# Fingerprint (SHA1): F1:7F:6F:B6:31:DC:99:E3:A3:C8:7F:FE:1C:F1:81:10:88:D9:60:33
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "TURKTRUST Certificate Services Provider Root 2007"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\361\177\157\266\061\334\231\343\243\310\177\376\034\361\201\020
+\210\331\140\063
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\053\160\040\126\206\202\240\030\310\007\123\022\050\160\041\162
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\277\061\077\060\075\006\003\125\004\003\014\066\124\303
+\234\122\113\124\122\125\123\124\040\105\154\145\153\164\162\157
+\156\151\153\040\123\145\162\164\151\146\151\153\141\040\110\151
+\172\155\145\164\040\123\141\304\237\154\141\171\304\261\143\304
+\261\163\304\261\061\013\060\011\006\003\125\004\006\023\002\124
+\122\061\017\060\015\006\003\125\004\007\014\006\101\156\153\141
+\162\141\061\136\060\134\006\003\125\004\012\014\125\124\303\234
+\122\113\124\122\125\123\124\040\102\151\154\147\151\040\304\260
+\154\145\164\151\305\237\151\155\040\166\145\040\102\151\154\151
+\305\237\151\155\040\107\303\274\166\145\156\154\151\304\237\151
+\040\110\151\172\155\145\164\154\145\162\151\040\101\056\305\236
+\056\040\050\143\051\040\101\162\141\154\304\261\153\040\062\060
+\060\067
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\001
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
 # Certificate "D-TRUST Root Class 3 CA 2 2009"
 #
 # Issuer: CN=D-TRUST Root Class 3 CA 2 2009,O=D-Trust GmbH,C=DE
@@ -14025,6 +18399,269 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
+# Certificate "PSCProcert"
+#
+# Issuer: E=acraiz@suscerte.gob.ve,OU=Superintendencia de Servicios de Certificacion Electronica,O=Sistema Nacional de Certificacion Electronica,ST=Distrito Capital,L=Caracas,C=VE,CN=Autoridad de Certificacion Raiz del Estado Venezolano
+# Serial Number: 11 (0xb)
+# Subject: CN=PSCProcert,C=VE,O=Sistema Nacional de Certificacion Electronica,OU=Proveedor de Certificados PROCERT,ST=Miranda,L=Chacao,E=contacto@procert.net.ve
+# Not Valid Before: Tue Dec 28 16:51:00 2010
+# Not Valid After : Fri Dec 25 23:59:59 2020
+# Fingerprint (MD5): E6:24:E9:12:01:AE:0C:DE:8E:85:C4:CE:A3:12:DD:EC
+# Fingerprint (SHA1): 70:C1:8D:74:B4:28:81:0A:E4:FD:A5:75:D7:01:9F:99:B0:3D:50:74
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "PSCProcert"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\321\061\046\060\044\006\011\052\206\110\206\367\015\001
+\011\001\026\027\143\157\156\164\141\143\164\157\100\160\162\157
+\143\145\162\164\056\156\145\164\056\166\145\061\017\060\015\006
+\003\125\004\007\023\006\103\150\141\143\141\157\061\020\060\016
+\006\003\125\004\010\023\007\115\151\162\141\156\144\141\061\052
+\060\050\006\003\125\004\013\023\041\120\162\157\166\145\145\144
+\157\162\040\144\145\040\103\145\162\164\151\146\151\143\141\144
+\157\163\040\120\122\117\103\105\122\124\061\066\060\064\006\003
+\125\004\012\023\055\123\151\163\164\145\155\141\040\116\141\143
+\151\157\156\141\154\040\144\145\040\103\145\162\164\151\146\151
+\143\141\143\151\157\156\040\105\154\145\143\164\162\157\156\151
+\143\141\061\013\060\011\006\003\125\004\006\023\002\126\105\061
+\023\060\021\006\003\125\004\003\023\012\120\123\103\120\162\157
+\143\145\162\164
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\202\001\036\061\076\060\074\006\003\125\004\003\023\065\101
+\165\164\157\162\151\144\141\144\040\144\145\040\103\145\162\164
+\151\146\151\143\141\143\151\157\156\040\122\141\151\172\040\144
+\145\154\040\105\163\164\141\144\157\040\126\145\156\145\172\157
+\154\141\156\157\061\013\060\011\006\003\125\004\006\023\002\126
+\105\061\020\060\016\006\003\125\004\007\023\007\103\141\162\141
+\143\141\163\061\031\060\027\006\003\125\004\010\023\020\104\151
+\163\164\162\151\164\157\040\103\141\160\151\164\141\154\061\066
+\060\064\006\003\125\004\012\023\055\123\151\163\164\145\155\141
+\040\116\141\143\151\157\156\141\154\040\144\145\040\103\145\162
+\164\151\146\151\143\141\143\151\157\156\040\105\154\145\143\164
+\162\157\156\151\143\141\061\103\060\101\006\003\125\004\013\023
+\072\123\165\160\145\162\151\156\164\145\156\144\145\156\143\151
+\141\040\144\145\040\123\145\162\166\151\143\151\157\163\040\144
+\145\040\103\145\162\164\151\146\151\143\141\143\151\157\156\040
+\105\154\145\143\164\162\157\156\151\143\141\061\045\060\043\006
+\011\052\206\110\206\367\015\001\011\001\026\026\141\143\162\141
+\151\172\100\163\165\163\143\145\162\164\145\056\147\157\142\056
+\166\145
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\013
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\011\206\060\202\007\156\240\003\002\001\002\002\001\013
+\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060
+\202\001\036\061\076\060\074\006\003\125\004\003\023\065\101\165
+\164\157\162\151\144\141\144\040\144\145\040\103\145\162\164\151
+\146\151\143\141\143\151\157\156\040\122\141\151\172\040\144\145
+\154\040\105\163\164\141\144\157\040\126\145\156\145\172\157\154
+\141\156\157\061\013\060\011\006\003\125\004\006\023\002\126\105
+\061\020\060\016\006\003\125\004\007\023\007\103\141\162\141\143
+\141\163\061\031\060\027\006\003\125\004\010\023\020\104\151\163
+\164\162\151\164\157\040\103\141\160\151\164\141\154\061\066\060
+\064\006\003\125\004\012\023\055\123\151\163\164\145\155\141\040
+\116\141\143\151\157\156\141\154\040\144\145\040\103\145\162\164
+\151\146\151\143\141\143\151\157\156\040\105\154\145\143\164\162
+\157\156\151\143\141\061\103\060\101\006\003\125\004\013\023\072
+\123\165\160\145\162\151\156\164\145\156\144\145\156\143\151\141
+\040\144\145\040\123\145\162\166\151\143\151\157\163\040\144\145
+\040\103\145\162\164\151\146\151\143\141\143\151\157\156\040\105
+\154\145\143\164\162\157\156\151\143\141\061\045\060\043\006\011
+\052\206\110\206\367\015\001\011\001\026\026\141\143\162\141\151
+\172\100\163\165\163\143\145\162\164\145\056\147\157\142\056\166
+\145\060\036\027\015\061\060\061\062\062\070\061\066\065\061\060
+\060\132\027\015\062\060\061\062\062\065\062\063\065\071\065\071
+\132\060\201\321\061\046\060\044\006\011\052\206\110\206\367\015
+\001\011\001\026\027\143\157\156\164\141\143\164\157\100\160\162
+\157\143\145\162\164\056\156\145\164\056\166\145\061\017\060\015
+\006\003\125\004\007\023\006\103\150\141\143\141\157\061\020\060
+\016\006\003\125\004\010\023\007\115\151\162\141\156\144\141\061
+\052\060\050\006\003\125\004\013\023\041\120\162\157\166\145\145
+\144\157\162\040\144\145\040\103\145\162\164\151\146\151\143\141
+\144\157\163\040\120\122\117\103\105\122\124\061\066\060\064\006
+\003\125\004\012\023\055\123\151\163\164\145\155\141\040\116\141
+\143\151\157\156\141\154\040\144\145\040\103\145\162\164\151\146
+\151\143\141\143\151\157\156\040\105\154\145\143\164\162\157\156
+\151\143\141\061\013\060\011\006\003\125\004\006\023\002\126\105
+\061\023\060\021\006\003\125\004\003\023\012\120\123\103\120\162
+\157\143\145\162\164\060\202\002\042\060\015\006\011\052\206\110
+\206\367\015\001\001\001\005\000\003\202\002\017\000\060\202\002
+\012\002\202\002\001\000\325\267\364\243\224\063\241\106\251\125
+\141\111\015\250\207\163\136\221\055\160\301\006\032\224\332\075
+\354\025\102\301\365\214\256\152\027\361\212\255\374\200\225\352
+\203\104\242\133\172\125\316\117\247\245\325\272\270\037\240\047
+\300\120\123\076\215\271\300\016\270\025\334\326\154\370\236\370
+\004\045\337\200\217\020\205\335\175\057\173\200\335\127\000\144
+\043\370\156\311\276\225\117\341\165\354\340\176\136\225\315\261
+\357\276\172\102\330\311\054\323\353\032\032\042\213\267\177\006
+\211\345\074\365\022\300\273\323\013\231\137\220\174\216\055\057
+\167\063\222\112\041\106\250\251\010\254\361\366\021\002\331\225
+\026\236\215\057\226\346\002\335\165\302\024\052\132\326\311\175
+\045\302\301\374\252\147\205\342\354\276\321\174\074\372\257\325
+\156\377\123\101\324\365\062\070\261\342\137\304\371\216\020\357
+\006\251\002\211\377\343\014\156\227\340\337\235\333\041\320\364
+\076\010\151\154\330\324\344\066\370\203\266\262\066\217\234\357
+\072\067\026\175\277\242\151\327\073\133\162\320\257\252\077\134
+\146\223\254\012\042\141\266\322\240\231\310\124\223\135\250\266
+\321\275\135\012\136\167\224\242\055\300\202\216\274\312\003\052
+\064\256\163\361\324\265\014\275\276\147\233\124\353\341\372\240
+\132\354\070\176\076\301\314\242\307\104\061\165\352\077\345\007
+\322\253\241\045\226\366\346\344\240\135\067\030\071\141\000\063
+\135\106\324\000\304\264\312\074\361\242\243\076\363\072\377\151
+\060\056\100\335\366\237\234\046\311\226\067\255\347\071\242\277
+\352\151\333\125\042\225\123\052\224\265\337\255\026\070\201\165
+\146\343\307\054\033\223\234\252\214\243\312\331\154\074\027\155
+\234\334\174\123\340\040\047\103\066\371\022\341\074\134\275\146
+\277\242\151\043\070\270\231\140\231\016\126\123\072\234\176\024
+\214\260\006\157\361\206\166\220\257\375\257\376\220\306\217\237
+\177\213\222\043\234\347\025\166\217\325\213\224\023\162\151\373
+\053\141\143\210\357\346\244\136\346\243\027\152\130\107\313\161
+\117\024\013\136\310\002\010\046\242\313\351\257\153\212\031\307
+\313\024\126\365\341\332\265\331\374\277\163\070\332\371\347\257
+\156\244\067\342\007\047\002\003\001\000\001\243\202\003\027\060
+\202\003\023\060\022\006\003\125\035\023\001\001\377\004\010\060
+\006\001\001\377\002\001\001\060\067\006\003\125\035\022\004\060
+\060\056\202\017\163\165\163\143\145\162\164\145\056\147\157\142
+\056\166\145\240\033\006\005\140\206\136\002\002\240\022\014\020
+\122\111\106\055\107\055\062\060\060\060\064\060\063\066\055\060
+\060\035\006\003\125\035\016\004\026\004\024\101\017\031\070\252
+\231\177\102\013\244\327\047\230\124\242\027\114\055\121\124\060
+\202\001\120\006\003\125\035\043\004\202\001\107\060\202\001\103
+\200\024\255\273\042\035\306\340\322\001\250\375\166\120\122\223
+\355\230\301\115\256\323\241\202\001\046\244\202\001\042\060\202
+\001\036\061\076\060\074\006\003\125\004\003\023\065\101\165\164
+\157\162\151\144\141\144\040\144\145\040\103\145\162\164\151\146
+\151\143\141\143\151\157\156\040\122\141\151\172\040\144\145\154
+\040\105\163\164\141\144\157\040\126\145\156\145\172\157\154\141
+\156\157\061\013\060\011\006\003\125\004\006\023\002\126\105\061
+\020\060\016\006\003\125\004\007\023\007\103\141\162\141\143\141
+\163\061\031\060\027\006\003\125\004\010\023\020\104\151\163\164
+\162\151\164\157\040\103\141\160\151\164\141\154\061\066\060\064
+\006\003\125\004\012\023\055\123\151\163\164\145\155\141\040\116
+\141\143\151\157\156\141\154\040\144\145\040\103\145\162\164\151
+\146\151\143\141\143\151\157\156\040\105\154\145\143\164\162\157
+\156\151\143\141\061\103\060\101\006\003\125\004\013\023\072\123
+\165\160\145\162\151\156\164\145\156\144\145\156\143\151\141\040
+\144\145\040\123\145\162\166\151\143\151\157\163\040\144\145\040
+\103\145\162\164\151\146\151\143\141\143\151\157\156\040\105\154
+\145\143\164\162\157\156\151\143\141\061\045\060\043\006\011\052
+\206\110\206\367\015\001\011\001\026\026\141\143\162\141\151\172
+\100\163\165\163\143\145\162\164\145\056\147\157\142\056\166\145
+\202\001\012\060\016\006\003\125\035\017\001\001\377\004\004\003
+\002\001\006\060\115\006\003\125\035\021\004\106\060\104\202\016
+\160\162\157\143\145\162\164\056\156\145\164\056\166\145\240\025
+\006\005\140\206\136\002\001\240\014\014\012\120\123\103\055\060
+\060\060\060\060\062\240\033\006\005\140\206\136\002\002\240\022
+\014\020\122\111\106\055\112\055\063\061\066\063\065\063\067\063
+\055\067\060\166\006\003\125\035\037\004\157\060\155\060\106\240
+\104\240\102\206\100\150\164\164\160\072\057\057\167\167\167\056
+\163\165\163\143\145\162\164\145\056\147\157\142\056\166\145\057
+\154\143\162\057\103\105\122\124\111\106\111\103\101\104\117\055
+\122\101\111\132\055\123\110\101\063\070\064\103\122\114\104\105
+\122\056\143\162\154\060\043\240\041\240\037\206\035\154\144\141
+\160\072\057\057\141\143\162\141\151\172\056\163\165\163\143\145
+\162\164\145\056\147\157\142\056\166\145\060\067\006\010\053\006
+\001\005\005\007\001\001\004\053\060\051\060\047\006\010\053\006
+\001\005\005\007\060\001\206\033\150\164\164\160\072\057\057\157
+\143\163\160\056\163\165\163\143\145\162\164\145\056\147\157\142
+\056\166\145\060\101\006\003\125\035\040\004\072\060\070\060\066
+\006\006\140\206\136\003\001\002\060\054\060\052\006\010\053\006
+\001\005\005\007\002\001\026\036\150\164\164\160\072\057\057\167
+\167\167\056\163\165\163\143\145\162\164\145\056\147\157\142\056
+\166\145\057\144\160\143\060\015\006\011\052\206\110\206\367\015
+\001\001\013\005\000\003\202\002\001\000\053\131\353\042\231\273
+\204\252\117\336\220\306\321\206\161\043\236\113\003\221\107\160
+\273\300\222\140\354\340\324\347\155\306\323\355\147\203\167\122
+\325\362\345\167\247\066\262\343\124\276\331\273\012\233\021\357
+\141\364\306\231\063\231\365\257\000\071\215\203\277\246\275\065
+\176\054\134\061\064\157\154\333\363\144\001\230\252\224\054\101
+\335\025\206\312\153\051\116\026\300\111\374\327\203\110\023\007
+\121\204\061\122\210\273\206\027\307\153\057\212\040\255\305\013
+\217\160\076\052\273\033\161\217\271\244\240\375\330\225\331\257
+\131\277\045\053\230\351\143\223\057\140\036\304\252\370\167\365
+\213\154\057\355\176\056\265\117\100\015\356\274\127\167\347\331
+\266\324\077\225\047\072\040\325\345\256\253\154\065\237\301\241
+\035\131\334\204\201\356\115\007\342\110\266\236\113\225\055\101
+\261\341\350\336\176\057\005\036\150\356\277\273\220\145\072\310
+\356\352\261\030\067\034\142\223\244\240\061\354\161\154\221\346
+\244\171\211\132\024\247\024\120\005\114\244\000\127\060\054\301
+\265\141\226\334\076\036\204\257\071\102\317\345\320\054\261\044
+\274\337\100\303\355\177\143\112\275\341\117\022\144\206\225\363
+\260\347\310\267\341\123\275\222\346\363\014\226\271\353\350\346
+\222\355\247\201\011\024\013\374\225\172\317\217\326\064\117\066
+\022\334\136\321\064\165\306\106\200\057\225\004\214\307\206\304
+\250\046\211\250\077\031\233\201\273\121\244\112\206\253\013\021
+\017\261\256\143\123\155\050\352\335\063\126\070\034\262\255\200
+\323\327\162\275\232\154\231\143\350\000\273\101\166\005\267\133
+\231\030\212\303\270\022\134\126\317\126\014\175\350\342\317\355
+\274\164\107\373\356\323\027\116\042\117\126\377\120\363\056\346
+\071\246\202\326\161\312\336\267\325\272\150\010\355\231\314\375
+\242\222\313\151\270\235\371\012\244\246\076\117\223\050\052\141
+\154\007\046\000\377\226\137\150\206\270\270\316\312\125\340\253
+\261\075\177\230\327\063\016\132\075\330\170\302\304\140\057\307
+\142\360\141\221\322\070\260\366\236\125\333\100\200\005\022\063
+\316\035\222\233\321\151\263\377\277\361\222\012\141\065\077\335
+\376\206\364\274\340\032\161\263\142\246
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "PSCProcert"
+# Issuer: E=acraiz@suscerte.gob.ve,OU=Superintendencia de Servicios de Certificacion Electronica,O=Sistema Nacional de Certificacion Electronica,ST=Distrito Capital,L=Caracas,C=VE,CN=Autoridad de Certificacion Raiz del Estado Venezolano
+# Serial Number: 11 (0xb)
+# Subject: CN=PSCProcert,C=VE,O=Sistema Nacional de Certificacion Electronica,OU=Proveedor de Certificados PROCERT,ST=Miranda,L=Chacao,E=contacto@procert.net.ve
+# Not Valid Before: Tue Dec 28 16:51:00 2010
+# Not Valid After : Fri Dec 25 23:59:59 2020
+# Fingerprint (MD5): E6:24:E9:12:01:AE:0C:DE:8E:85:C4:CE:A3:12:DD:EC
+# Fingerprint (SHA1): 70:C1:8D:74:B4:28:81:0A:E4:FD:A5:75:D7:01:9F:99:B0:3D:50:74
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "PSCProcert"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\160\301\215\164\264\050\201\012\344\375\245\165\327\001\237\231
+\260\075\120\164
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\346\044\351\022\001\256\014\336\216\205\304\316\243\022\335\354
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\202\001\036\061\076\060\074\006\003\125\004\003\023\065\101
+\165\164\157\162\151\144\141\144\040\144\145\040\103\145\162\164
+\151\146\151\143\141\143\151\157\156\040\122\141\151\172\040\144
+\145\154\040\105\163\164\141\144\157\040\126\145\156\145\172\157
+\154\141\156\157\061\013\060\011\006\003\125\004\006\023\002\126
+\105\061\020\060\016\006\003\125\004\007\023\007\103\141\162\141
+\143\141\163\061\031\060\027\006\003\125\004\010\023\020\104\151
+\163\164\162\151\164\157\040\103\141\160\151\164\141\154\061\066
+\060\064\006\003\125\004\012\023\055\123\151\163\164\145\155\141
+\040\116\141\143\151\157\156\141\154\040\144\145\040\103\145\162
+\164\151\146\151\143\141\143\151\157\156\040\105\154\145\143\164
+\162\157\156\151\143\141\061\103\060\101\006\003\125\004\013\023
+\072\123\165\160\145\162\151\156\164\145\156\144\145\156\143\151
+\141\040\144\145\040\123\145\162\166\151\143\151\157\163\040\144
+\145\040\103\145\162\164\151\146\151\143\141\143\151\157\156\040
+\105\154\145\143\164\162\157\156\151\143\141\061\045\060\043\006
+\011\052\206\110\206\367\015\001\011\001\026\026\141\143\162\141
+\151\172\100\163\165\163\143\145\162\164\145\056\147\157\142\056
+\166\145
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\013
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
 # Certificate "Swisscom Root CA 2"
 #
 # Issuer: CN=Swisscom Root CA 2,OU=Digital Certificate Services,O=Swisscom,C=ch
@@ -14200,6 +18837,169 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
+# Certificate "CA Disig Root R1"
+#
+# Issuer: CN=CA Disig Root R1,O=Disig a.s.,L=Bratislava,C=SK
+# Serial Number:00:c3:03:9a:ee:50:90:6e:28
+# Subject: CN=CA Disig Root R1,O=Disig a.s.,L=Bratislava,C=SK
+# Not Valid Before: Thu Jul 19 09:06:56 2012
+# Not Valid After : Sat Jul 19 09:06:56 2042
+# Fingerprint (MD5): BE:EC:11:93:9A:F5:69:21:BC:D7:C1:C0:67:89:CC:2A
+# Fingerprint (SHA1): 8E:1C:74:F8:A6:20:B9:E5:8A:F4:61:FA:EC:2B:47:56:51:1A:52:C6
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "CA Disig Root R1"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\122\061\013\060\011\006\003\125\004\006\023\002\123\113\061
+\023\060\021\006\003\125\004\007\023\012\102\162\141\164\151\163
+\154\141\166\141\061\023\060\021\006\003\125\004\012\023\012\104
+\151\163\151\147\040\141\056\163\056\061\031\060\027\006\003\125
+\004\003\023\020\103\101\040\104\151\163\151\147\040\122\157\157
+\164\040\122\061
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\122\061\013\060\011\006\003\125\004\006\023\002\123\113\061
+\023\060\021\006\003\125\004\007\023\012\102\162\141\164\151\163
+\154\141\166\141\061\023\060\021\006\003\125\004\012\023\012\104
+\151\163\151\147\040\141\056\163\056\061\031\060\027\006\003\125
+\004\003\023\020\103\101\040\104\151\163\151\147\040\122\157\157
+\164\040\122\061
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\011\000\303\003\232\356\120\220\156\050
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\151\060\202\003\121\240\003\002\001\002\002\011\000
+\303\003\232\356\120\220\156\050\060\015\006\011\052\206\110\206
+\367\015\001\001\005\005\000\060\122\061\013\060\011\006\003\125
+\004\006\023\002\123\113\061\023\060\021\006\003\125\004\007\023
+\012\102\162\141\164\151\163\154\141\166\141\061\023\060\021\006
+\003\125\004\012\023\012\104\151\163\151\147\040\141\056\163\056
+\061\031\060\027\006\003\125\004\003\023\020\103\101\040\104\151
+\163\151\147\040\122\157\157\164\040\122\061\060\036\027\015\061
+\062\060\067\061\071\060\071\060\066\065\066\132\027\015\064\062
+\060\067\061\071\060\071\060\066\065\066\132\060\122\061\013\060
+\011\006\003\125\004\006\023\002\123\113\061\023\060\021\006\003
+\125\004\007\023\012\102\162\141\164\151\163\154\141\166\141\061
+\023\060\021\006\003\125\004\012\023\012\104\151\163\151\147\040
+\141\056\163\056\061\031\060\027\006\003\125\004\003\023\020\103
+\101\040\104\151\163\151\147\040\122\157\157\164\040\122\061\060
+\202\002\042\060\015\006\011\052\206\110\206\367\015\001\001\001
+\005\000\003\202\002\017\000\060\202\002\012\002\202\002\001\000
+\252\303\170\367\334\230\243\247\132\136\167\030\262\335\004\144
+\017\143\375\233\226\011\200\325\350\252\245\342\234\046\224\072
+\350\231\163\214\235\337\327\337\203\363\170\117\100\341\177\322
+\247\322\345\312\023\223\347\355\306\167\137\066\265\224\257\350
+\070\216\333\233\345\174\273\314\215\353\165\163\341\044\315\346
+\247\055\031\056\330\326\212\153\024\353\010\142\012\330\334\263
+\000\115\303\043\174\137\103\010\043\062\022\334\355\014\255\300
+\175\017\245\172\102\331\132\160\331\277\247\327\001\034\366\233
+\253\216\267\112\206\170\240\036\126\061\256\357\202\012\200\101
+\367\033\311\256\253\062\046\324\054\153\355\175\153\344\342\136
+\042\012\105\313\204\061\115\254\376\333\321\107\272\371\140\227
+\071\261\145\307\336\373\231\344\012\042\261\055\115\345\110\046
+\151\253\342\252\363\373\374\222\051\062\351\263\076\115\037\047
+\241\315\216\271\027\373\045\076\311\156\363\167\332\015\022\366
+\135\307\273\066\020\325\124\326\363\340\342\107\110\346\336\024
+\332\141\122\257\046\264\365\161\117\311\327\322\006\337\143\312
+\377\041\350\131\006\340\010\325\204\025\123\367\103\345\174\305
+\240\211\230\153\163\306\150\316\145\336\275\177\005\367\261\356
+\366\127\241\140\225\305\314\352\223\072\276\231\256\233\002\243
+\255\311\026\265\316\335\136\231\170\176\032\071\176\262\300\005
+\244\300\202\245\243\107\236\214\352\134\266\274\147\333\346\052
+\115\322\004\334\243\256\105\367\274\213\234\034\247\326\325\003
+\334\010\313\056\026\312\134\100\063\350\147\303\056\347\246\104
+\352\021\105\034\065\145\055\036\105\141\044\033\202\056\245\235
+\063\135\145\370\101\371\056\313\224\077\037\243\014\061\044\104
+\355\307\136\255\120\272\306\101\233\254\360\027\145\300\370\135
+\157\133\240\012\064\074\356\327\352\210\237\230\371\257\116\044
+\372\227\262\144\166\332\253\364\355\343\303\140\357\325\371\002
+\310\055\237\203\257\147\151\006\247\061\125\325\317\113\157\377
+\004\005\307\130\254\137\026\033\345\322\243\353\061\333\037\063
+\025\115\320\362\245\123\365\313\341\075\116\150\055\330\022\335
+\252\362\346\115\233\111\345\305\050\241\272\260\132\306\240\265
+\002\003\001\000\001\243\102\060\100\060\017\006\003\125\035\023
+\001\001\377\004\005\060\003\001\001\377\060\016\006\003\125\035
+\017\001\001\377\004\004\003\002\001\006\060\035\006\003\125\035
+\016\004\026\004\024\211\012\264\070\223\032\346\253\356\233\221
+\030\371\365\074\076\065\320\323\202\060\015\006\011\052\206\110
+\206\367\015\001\001\005\005\000\003\202\002\001\000\062\213\366
+\235\112\311\276\024\345\214\254\070\312\072\011\324\033\316\206
+\263\335\353\324\272\050\276\022\256\105\054\004\164\254\023\121
+\305\130\030\146\115\202\332\325\334\223\300\047\341\276\174\237
+\122\236\022\126\366\325\234\251\364\165\234\372\067\022\217\034
+\223\354\127\376\007\017\253\325\022\367\017\256\141\136\126\200
+\111\365\374\060\365\233\117\037\101\057\034\204\323\211\307\342
+\332\002\166\355\011\317\154\301\270\034\203\034\026\372\224\315
+\175\240\310\030\322\310\235\156\365\275\151\324\155\075\065\350
+\036\242\117\140\327\007\051\374\262\243\244\235\156\025\222\126
+\031\114\012\260\351\174\322\031\115\102\106\354\275\375\366\127
+\133\335\230\176\244\115\314\162\003\203\130\135\357\223\072\101
+\172\143\252\174\072\250\365\254\244\321\335\242\055\266\052\374
+\237\001\216\342\020\261\304\312\344\147\333\125\045\031\077\375
+\350\066\176\263\341\341\201\257\021\026\213\120\227\140\031\202
+\000\300\153\115\163\270\321\023\007\076\352\266\061\117\360\102
+\232\155\342\021\164\345\224\254\215\204\225\074\041\257\305\332
+\107\310\337\071\142\142\313\133\120\013\327\201\100\005\234\233
+\355\272\266\213\036\004\157\226\040\071\355\244\175\051\333\110
+\316\202\334\324\002\215\035\004\061\132\307\113\360\154\141\122
+\327\264\121\302\201\154\315\341\373\247\241\322\222\166\317\261
+\017\067\130\244\362\122\161\147\077\014\210\170\200\211\301\310
+\265\037\222\143\276\247\172\212\126\054\032\250\246\234\265\135
+\263\143\320\023\040\241\353\221\154\320\215\175\257\337\013\344
+\027\271\206\236\070\261\224\014\130\214\340\125\252\073\143\155
+\232\211\140\270\144\052\222\306\067\364\176\103\103\267\163\350
+\001\347\177\227\017\327\362\173\031\375\032\327\217\311\372\205
+\153\172\235\236\211\266\246\050\231\223\210\100\367\076\315\121
+\243\312\352\357\171\107\041\265\376\062\342\307\303\121\157\276
+\200\164\360\244\303\072\362\117\351\137\337\031\012\362\073\023
+\103\254\061\244\263\347\353\374\030\326\001\251\363\052\217\066
+\016\353\264\261\274\267\114\311\153\277\241\363\331\364\355\342
+\360\343\355\144\236\075\057\226\122\117\200\123\213
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "CA Disig Root R1"
+# Issuer: CN=CA Disig Root R1,O=Disig a.s.,L=Bratislava,C=SK
+# Serial Number:00:c3:03:9a:ee:50:90:6e:28
+# Subject: CN=CA Disig Root R1,O=Disig a.s.,L=Bratislava,C=SK
+# Not Valid Before: Thu Jul 19 09:06:56 2012
+# Not Valid After : Sat Jul 19 09:06:56 2042
+# Fingerprint (MD5): BE:EC:11:93:9A:F5:69:21:BC:D7:C1:C0:67:89:CC:2A
+# Fingerprint (SHA1): 8E:1C:74:F8:A6:20:B9:E5:8A:F4:61:FA:EC:2B:47:56:51:1A:52:C6
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "CA Disig Root R1"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\216\034\164\370\246\040\271\345\212\364\141\372\354\053\107\126
+\121\032\122\306
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\276\354\021\223\232\365\151\041\274\327\301\300\147\211\314\052
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\122\061\013\060\011\006\003\125\004\006\023\002\123\113\061
+\023\060\021\006\003\125\004\007\023\012\102\162\141\164\151\163
+\154\141\166\141\061\023\060\021\006\003\125\004\012\023\012\104
+\151\163\151\147\040\141\056\163\056\061\031\060\027\006\003\125
+\004\003\023\020\103\101\040\104\151\163\151\147\040\122\157\157
+\164\040\122\061
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\011\000\303\003\232\356\120\220\156\050
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
 # Certificate "CA Disig Root R2"
 #
 # Issuer: CN=CA Disig Root R2,O=Disig a.s.,L=Bratislava,C=SK
@@ -16517,6 +21317,333 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
+# Certificate "WoSign"
+#
+# Issuer: CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN
+# Serial Number:5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
+# Subject: CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN
+# Not Valid Before: Sat Aug 08 01:00:01 2009
+# Not Valid After : Mon Aug 08 01:00:01 2039
+# Fingerprint (SHA-256): 4B:22:D5:A6:AE:C9:9F:3C:DB:79:AA:5E:C0:68:38:47:9C:D5:EC:BA:71:64:F7:F2:2D:C1:D6:5F:63:D8:57:08
+# Fingerprint (SHA1): B9:42:94:BF:91:EA:8F:B6:4B:E6:10:97:C7:FB:00:13:59:B6:76:CB
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "WoSign"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\125\061\013\060\011\006\003\125\004\006\023\002\103\116\061
+\032\060\030\006\003\125\004\012\023\021\127\157\123\151\147\156
+\040\103\101\040\114\151\155\151\164\145\144\061\052\060\050\006
+\003\125\004\003\023\041\103\145\162\164\151\146\151\143\141\164
+\151\157\156\040\101\165\164\150\157\162\151\164\171\040\157\146
+\040\127\157\123\151\147\156
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\125\061\013\060\011\006\003\125\004\006\023\002\103\116\061
+\032\060\030\006\003\125\004\012\023\021\127\157\123\151\147\156
+\040\103\101\040\114\151\155\151\164\145\144\061\052\060\050\006
+\003\125\004\003\023\041\103\145\162\164\151\146\151\143\141\164
+\151\157\156\040\101\165\164\150\157\162\151\164\171\040\157\146
+\040\127\157\123\151\147\156
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\136\150\326\021\161\224\143\120\126\000\150\363\076\311
+\305\221
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\166\060\202\003\136\240\003\002\001\002\002\020\136
+\150\326\021\161\224\143\120\126\000\150\363\076\311\305\221\060
+\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\125
+\061\013\060\011\006\003\125\004\006\023\002\103\116\061\032\060
+\030\006\003\125\004\012\023\021\127\157\123\151\147\156\040\103
+\101\040\114\151\155\151\164\145\144\061\052\060\050\006\003\125
+\004\003\023\041\103\145\162\164\151\146\151\143\141\164\151\157
+\156\040\101\165\164\150\157\162\151\164\171\040\157\146\040\127
+\157\123\151\147\156\060\036\027\015\060\071\060\070\060\070\060
+\061\060\060\060\061\132\027\015\063\071\060\070\060\070\060\061
+\060\060\060\061\132\060\125\061\013\060\011\006\003\125\004\006
+\023\002\103\116\061\032\060\030\006\003\125\004\012\023\021\127
+\157\123\151\147\156\040\103\101\040\114\151\155\151\164\145\144
+\061\052\060\050\006\003\125\004\003\023\041\103\145\162\164\151
+\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151
+\164\171\040\157\146\040\127\157\123\151\147\156\060\202\002\042
+\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000\003
+\202\002\017\000\060\202\002\012\002\202\002\001\000\275\312\215
+\254\270\221\025\126\227\173\153\134\172\302\336\153\331\241\260
+\303\020\043\372\247\241\262\314\061\372\076\331\246\051\157\026
+\075\340\153\370\270\100\137\333\071\250\000\172\213\240\115\124
+\175\302\042\170\374\216\011\270\250\205\327\314\225\227\113\164
+\330\236\176\360\000\344\016\211\256\111\050\104\032\020\231\062
+\017\045\210\123\244\015\263\017\022\010\026\013\003\161\047\034
+\177\341\333\322\375\147\150\304\005\135\012\016\135\160\327\330
+\227\240\274\123\101\232\221\215\364\236\066\146\172\176\126\301
+\220\137\346\261\150\040\066\244\214\044\054\054\107\013\131\166
+\146\060\265\276\336\355\217\370\235\323\273\001\060\346\362\363
+\016\340\054\222\200\363\205\371\050\212\264\124\056\232\355\367
+\166\374\025\150\026\353\112\154\353\056\022\217\324\317\376\014
+\307\134\035\013\176\005\062\276\136\260\011\052\102\325\311\116
+\220\263\131\015\273\172\176\315\325\010\132\264\177\330\034\151
+\021\371\047\017\173\006\257\124\203\030\173\341\335\124\172\121
+\150\156\167\374\306\277\122\112\146\106\241\262\147\032\273\243
+\117\167\240\276\135\377\374\126\013\103\162\167\220\312\236\371
+\362\071\365\015\251\364\352\327\347\263\020\057\060\102\067\041
+\314\060\160\311\206\230\017\314\130\115\203\273\175\345\032\245
+\067\215\266\254\062\227\000\072\143\161\044\036\236\067\304\377
+\164\324\067\300\342\376\210\106\140\021\335\010\077\120\066\253
+\270\172\244\225\142\152\156\260\312\152\041\132\151\363\363\373
+\035\160\071\225\363\247\156\246\201\211\241\210\305\073\161\312
+\243\122\356\203\273\375\240\167\364\344\157\347\102\333\155\112
+\231\212\064\110\274\027\334\344\200\010\042\266\362\061\300\077
+\004\076\353\237\040\171\326\270\006\144\144\002\061\327\251\315
+\122\373\204\105\151\011\000\052\334\125\213\304\006\106\113\300
+\112\035\011\133\071\050\375\251\253\316\000\371\056\110\113\046
+\346\060\114\245\130\312\264\104\202\117\347\221\036\063\303\260
+\223\377\021\374\201\322\312\037\161\051\335\166\117\222\045\257
+\035\201\267\017\057\214\303\006\314\057\047\243\112\344\016\231
+\272\174\036\105\037\177\252\031\105\226\375\374\075\002\003\001
+\000\001\243\102\060\100\060\016\006\003\125\035\017\001\001\377
+\004\004\003\002\001\006\060\017\006\003\125\035\023\001\001\377
+\004\005\060\003\001\001\377\060\035\006\003\125\035\016\004\026
+\004\024\341\146\317\016\321\361\263\113\267\006\040\024\376\207
+\022\325\366\376\373\076\060\015\006\011\052\206\110\206\367\015
+\001\001\005\005\000\003\202\002\001\000\250\313\162\100\262\166
+\301\176\173\374\255\144\343\062\173\314\074\266\135\106\323\365
+\054\342\160\135\310\056\330\006\175\230\321\013\041\240\211\131
+\044\001\235\371\257\011\175\012\043\202\064\325\374\174\162\231
+\271\243\327\124\364\352\122\160\016\305\365\326\073\341\072\011
+\062\346\041\071\223\275\263\025\352\117\152\364\365\213\077\057
+\174\215\130\056\305\341\071\240\076\307\075\112\163\236\100\172
+\300\053\141\251\147\311\363\044\271\263\155\125\054\132\035\236
+\045\162\316\013\255\252\307\125\142\013\276\373\143\263\141\104
+\043\243\313\341\032\016\367\232\006\115\336\324\043\116\041\226
+\133\071\133\127\035\057\135\010\136\011\171\377\174\227\265\115
+\203\256\015\326\346\243\171\340\063\320\231\226\002\060\247\076
+\377\322\243\103\077\005\132\006\352\104\002\332\174\370\110\320
+\063\251\371\007\307\225\341\365\076\365\135\161\272\362\225\251
+\164\210\141\131\343\277\312\132\023\272\162\264\214\135\066\207
+\351\246\305\074\023\277\336\320\104\046\356\267\354\056\160\372
+\327\235\267\254\345\305\100\132\346\327\154\173\054\303\126\233
+\107\315\013\316\372\033\264\041\327\267\146\270\364\045\060\213
+\134\015\271\352\147\262\364\155\256\325\241\236\117\330\237\351
+\047\002\260\035\006\326\217\343\373\110\022\237\177\021\241\020
+\076\114\121\072\226\260\321\023\361\307\330\046\256\072\312\221
+\304\151\235\337\001\051\144\121\157\150\332\024\354\010\101\227
+\220\215\320\262\200\362\317\302\075\277\221\150\305\200\147\036
+\304\140\023\125\325\141\231\127\174\272\225\017\141\111\072\312
+\165\274\311\012\223\077\147\016\022\362\050\342\061\033\300\127
+\026\337\010\174\031\301\176\017\037\205\036\012\066\174\133\176
+\047\274\172\277\340\333\364\332\122\275\336\014\124\160\061\221
+\103\225\310\274\360\076\335\011\176\060\144\120\355\177\001\244
+\063\147\115\150\117\276\025\357\260\366\002\021\242\033\023\045
+\072\334\302\131\361\343\134\106\273\147\054\002\106\352\036\110
+\246\346\133\331\265\274\121\242\222\226\333\252\306\067\042\246
+\376\314\040\164\243\055\251\056\153\313\300\202\021\041\265\223
+\171\356\104\206\276\327\036\344\036\373
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "WoSign"
+# Issuer: CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN
+# Serial Number:5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
+# Subject: CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN
+# Not Valid Before: Sat Aug 08 01:00:01 2009
+# Not Valid After : Mon Aug 08 01:00:01 2039
+# Fingerprint (SHA-256): 4B:22:D5:A6:AE:C9:9F:3C:DB:79:AA:5E:C0:68:38:47:9C:D5:EC:BA:71:64:F7:F2:2D:C1:D6:5F:63:D8:57:08
+# Fingerprint (SHA1): B9:42:94:BF:91:EA:8F:B6:4B:E6:10:97:C7:FB:00:13:59:B6:76:CB
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "WoSign"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\271\102\224\277\221\352\217\266\113\346\020\227\307\373\000\023
+\131\266\166\313
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\241\362\371\265\322\310\172\164\270\363\005\361\327\341\204\215
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\125\061\013\060\011\006\003\125\004\006\023\002\103\116\061
+\032\060\030\006\003\125\004\012\023\021\127\157\123\151\147\156
+\040\103\101\040\114\151\155\151\164\145\144\061\052\060\050\006
+\003\125\004\003\023\041\103\145\162\164\151\146\151\143\141\164
+\151\157\156\040\101\165\164\150\157\162\151\164\171\040\157\146
+\040\127\157\123\151\147\156
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\136\150\326\021\161\224\143\120\126\000\150\363\076\311
+\305\221
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "WoSign China"
+#
+# Issuer: CN=CA ...............,O=WoSign CA Limited,C=CN
+# Serial Number:50:70:6b:cd:d8:13:fc:1b:4e:3b:33:72:d2:11:48:8d
+# Subject: CN=CA ...............,O=WoSign CA Limited,C=CN
+# Not Valid Before: Sat Aug 08 01:00:01 2009
+# Not Valid After : Mon Aug 08 01:00:01 2039
+# Fingerprint (SHA-256): D6:F0:34:BD:94:AA:23:3F:02:97:EC:A4:24:5B:28:39:73:E4:47:AA:59:0F:31:0C:77:F4:8F:DF:83:11:22:54
+# Fingerprint (SHA1): 16:32:47:8D:89:F9:21:3A:92:00:85:63:F5:A4:A7:D3:12:40:8A:D6
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "WoSign China"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\106\061\013\060\011\006\003\125\004\006\023\002\103\116\061
+\032\060\030\006\003\125\004\012\023\021\127\157\123\151\147\156
+\040\103\101\040\114\151\155\151\164\145\144\061\033\060\031\006
+\003\125\004\003\014\022\103\101\040\346\262\203\351\200\232\346
+\240\271\350\257\201\344\271\246
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\106\061\013\060\011\006\003\125\004\006\023\002\103\116\061
+\032\060\030\006\003\125\004\012\023\021\127\157\123\151\147\156
+\040\103\101\040\114\151\155\151\164\145\144\061\033\060\031\006
+\003\125\004\003\014\022\103\101\040\346\262\203\351\200\232\346
+\240\271\350\257\201\344\271\246
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\120\160\153\315\330\023\374\033\116\073\063\162\322\021
+\110\215
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\130\060\202\003\100\240\003\002\001\002\002\020\120
+\160\153\315\330\023\374\033\116\073\063\162\322\021\110\215\060
+\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060\106
+\061\013\060\011\006\003\125\004\006\023\002\103\116\061\032\060
+\030\006\003\125\004\012\023\021\127\157\123\151\147\156\040\103
+\101\040\114\151\155\151\164\145\144\061\033\060\031\006\003\125
+\004\003\014\022\103\101\040\346\262\203\351\200\232\346\240\271
+\350\257\201\344\271\246\060\036\027\015\060\071\060\070\060\070
+\060\061\060\060\060\061\132\027\015\063\071\060\070\060\070\060
+\061\060\060\060\061\132\060\106\061\013\060\011\006\003\125\004
+\006\023\002\103\116\061\032\060\030\006\003\125\004\012\023\021
+\127\157\123\151\147\156\040\103\101\040\114\151\155\151\164\145
+\144\061\033\060\031\006\003\125\004\003\014\022\103\101\040\346
+\262\203\351\200\232\346\240\271\350\257\201\344\271\246\060\202
+\002\042\060\015\006\011\052\206\110\206\367\015\001\001\001\005
+\000\003\202\002\017\000\060\202\002\012\002\202\002\001\000\320
+\111\041\036\045\374\207\301\052\302\254\333\166\206\006\116\347
+\320\164\064\334\355\145\065\374\120\326\210\077\244\360\177\353
+\017\137\171\057\211\261\375\274\143\130\067\223\233\070\370\267
+\133\251\372\330\161\307\264\274\200\227\215\154\113\361\120\325
+\052\051\252\250\031\172\226\346\225\216\164\355\227\012\127\165
+\364\005\333\155\013\071\271\001\177\252\366\326\332\154\346\005
+\340\244\115\122\374\333\320\164\267\021\214\173\215\117\377\207
+\203\256\377\005\003\023\127\120\067\376\214\226\122\020\114\137
+\277\224\161\151\331\226\076\014\103\117\276\060\300\237\071\164
+\117\006\105\135\243\326\126\071\150\007\314\207\117\120\167\223
+\161\331\104\010\261\212\064\351\211\254\333\233\116\341\331\344
+\122\105\214\056\024\037\221\153\031\035\150\051\054\126\304\342
+\036\023\127\144\360\141\343\271\021\337\260\341\127\240\033\255
+\327\137\321\257\333\053\055\077\320\150\216\017\352\237\017\213
+\065\130\033\023\034\364\336\065\241\012\135\326\352\337\022\157
+\300\373\151\007\106\162\334\201\366\004\043\027\340\115\165\341
+\162\157\260\050\353\233\341\341\203\241\237\112\135\257\314\233
+\372\002\040\266\030\142\167\221\073\243\325\145\255\334\174\220
+\167\034\104\101\244\112\213\353\225\162\351\366\011\144\334\250
+\055\237\164\170\350\301\242\011\143\234\357\240\333\117\235\225
+\253\040\117\267\260\367\207\134\246\240\344\067\070\307\134\343
+\065\017\054\255\243\200\242\354\056\135\300\317\355\213\005\302
+\346\163\156\366\211\325\365\322\106\216\352\155\143\033\036\212
+\311\175\246\370\234\353\345\325\143\205\115\163\146\151\021\376
+\310\016\364\301\307\146\111\123\176\344\031\153\361\351\172\131
+\243\155\176\305\027\346\047\306\357\033\333\157\374\015\115\006
+\001\264\016\134\060\106\125\140\257\070\145\072\312\107\272\254
+\054\314\106\037\262\106\226\077\363\355\046\005\356\167\241\152
+\153\176\055\155\130\134\112\324\216\147\270\361\332\325\106\212
+\047\371\021\362\311\102\376\116\336\337\037\134\304\244\206\207
+\026\063\241\247\027\030\245\015\344\005\345\053\302\053\013\242
+\225\220\271\375\140\074\116\211\076\347\234\356\037\273\001\002
+\003\001\000\001\243\102\060\100\060\016\006\003\125\035\017\001
+\001\377\004\004\003\002\001\006\060\017\006\003\125\035\023\001
+\001\377\004\005\060\003\001\001\377\060\035\006\003\125\035\016
+\004\026\004\024\340\115\277\334\233\101\135\023\350\144\360\247
+\351\025\244\341\201\301\272\061\060\015\006\011\052\206\110\206
+\367\015\001\001\013\005\000\003\202\002\001\000\152\212\160\070
+\131\266\332\213\030\310\276\052\323\266\031\325\146\051\172\135
+\315\133\057\163\034\046\116\243\175\157\253\267\051\115\246\351
+\245\021\203\247\071\163\257\020\104\222\346\045\135\117\141\372
+\310\006\276\116\113\357\376\363\061\376\306\174\160\012\101\130
+\332\350\231\113\226\311\170\274\230\174\002\051\355\011\200\346
+\012\072\202\002\052\342\311\057\310\126\031\046\356\170\034\043
+\375\367\223\145\116\347\363\230\230\257\315\335\331\236\100\210
+\061\050\072\253\056\013\260\254\014\044\372\172\046\230\363\022
+\141\020\364\135\027\367\176\342\170\227\124\342\214\350\051\272
+\214\020\062\275\335\063\153\070\206\176\071\075\016\003\162\247
+\135\171\217\105\212\131\256\133\041\156\061\106\325\131\215\317
+\025\137\335\061\045\317\333\140\326\201\104\162\051\002\127\366
+\226\324\326\377\352\051\333\071\305\270\054\212\032\215\316\313
+\347\102\061\206\005\150\016\236\024\335\000\220\272\151\105\010
+\333\156\220\201\206\247\052\005\077\346\204\071\370\267\371\127
+\137\114\244\171\132\020\014\136\325\153\377\065\137\005\121\036
+\154\243\165\251\317\120\203\323\174\364\146\367\202\215\075\014
+\175\350\337\173\250\016\033\054\234\256\100\160\207\332\355\247
+\026\202\132\276\065\154\040\116\042\141\331\274\121\172\315\172
+\141\334\113\021\371\376\147\064\317\056\004\146\141\134\127\227
+\043\214\363\206\033\110\337\052\257\247\301\377\330\216\076\003
+\273\330\052\260\372\024\045\262\121\153\206\103\205\056\007\043
+\026\200\215\114\373\264\143\073\314\303\164\355\033\243\036\376
+\065\017\137\174\035\026\206\365\016\303\225\361\057\257\135\045
+\073\121\346\327\166\101\070\321\113\003\071\050\245\036\221\162
+\324\175\253\227\063\304\323\076\340\151\266\050\171\240\011\215
+\034\321\377\101\162\110\006\374\232\056\347\040\371\233\242\336
+\211\355\256\074\011\257\312\127\263\222\211\160\100\344\057\117
+\302\160\203\100\327\044\054\153\347\011\037\323\325\307\301\010
+\364\333\016\073\034\007\013\103\021\204\041\206\351\200\324\165
+\330\253\361\002\142\301\261\176\125\141\317\023\327\046\260\327
+\234\313\051\213\070\112\013\016\220\215\272\241
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "WoSign China"
+# Issuer: CN=CA ...............,O=WoSign CA Limited,C=CN
+# Serial Number:50:70:6b:cd:d8:13:fc:1b:4e:3b:33:72:d2:11:48:8d
+# Subject: CN=CA ...............,O=WoSign CA Limited,C=CN
+# Not Valid Before: Sat Aug 08 01:00:01 2009
+# Not Valid After : Mon Aug 08 01:00:01 2039
+# Fingerprint (SHA-256): D6:F0:34:BD:94:AA:23:3F:02:97:EC:A4:24:5B:28:39:73:E4:47:AA:59:0F:31:0C:77:F4:8F:DF:83:11:22:54
+# Fingerprint (SHA1): 16:32:47:8D:89:F9:21:3A:92:00:85:63:F5:A4:A7:D3:12:40:8A:D6
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "WoSign China"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\026\062\107\215\211\371\041\072\222\000\205\143\365\244\247\323
+\022\100\212\326
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\170\203\133\122\026\166\304\044\073\203\170\350\254\332\232\223
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\106\061\013\060\011\006\003\125\004\006\023\002\103\116\061
+\032\060\030\006\003\125\004\012\023\021\127\157\123\151\147\156
+\040\103\101\040\114\151\155\151\164\145\144\061\033\060\031\006
+\003\125\004\003\014\022\103\101\040\346\262\203\351\200\232\346
+\240\271\350\257\201\344\271\246
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\120\160\153\315\330\023\374\033\116\073\063\162\322\021
+\110\215
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
 # Certificate "COMODO RSA Certification Authority"
 #
 # Issuer: CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB
@@ -17231,6 +22358,188 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
+# Certificate "VeriSign-C3SSA-G2-temporary-intermediate-after-1024bit-removal"
+#
+# Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU="(c) 2006 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
+# Serial Number:2f:00:6e:cd:17:70:66:e7:5f:a3:82:0a:79:1f:05:ae
+# Subject: CN=VeriSign Class 3 Secure Server CA - G2,OU=Terms of use at https://www.verisign.com/rpa (c)09,OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
+# Not Valid Before: Thu Mar 26 00:00:00 2009
+# Not Valid After : Sun Mar 24 23:59:59 2019
+# Fingerprint (SHA-256): 0A:41:51:D5:E5:8B:84:B8:AC:E5:3A:5C:12:12:2A:C9:59:CD:69:91:FB:B3:8E:99:B5:76:C0:AB:DA:C3:58:14
+# Fingerprint (SHA1): 76:44:59:78:1B:AC:B0:47:63:A5:D0:A1:58:91:65:26:1F:29:8E:3B
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "VeriSign-C3SSA-G2-temporary-intermediate-after-1024bit-removal"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\265\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123
+\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125
+\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165
+\163\164\040\116\145\164\167\157\162\153\061\073\060\071\006\003
+\125\004\013\023\062\124\145\162\155\163\040\157\146\040\165\163
+\145\040\141\164\040\150\164\164\160\163\072\057\057\167\167\167
+\056\166\145\162\151\163\151\147\156\056\143\157\155\057\162\160
+\141\040\050\143\051\060\071\061\057\060\055\006\003\125\004\003
+\023\046\126\145\162\151\123\151\147\156\040\103\154\141\163\163
+\040\063\040\123\145\143\165\162\145\040\123\145\162\166\145\162
+\040\103\101\040\055\040\107\062
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\312\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123
+\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125
+\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165
+\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003
+\125\004\013\023\061\050\143\051\040\062\060\060\066\040\126\145
+\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106
+\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163
+\145\040\157\156\154\171\061\105\060\103\006\003\125\004\003\023
+\074\126\145\162\151\123\151\147\156\040\103\154\141\163\163\040
+\063\040\120\165\142\154\151\143\040\120\162\151\155\141\162\171
+\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101
+\165\164\150\157\162\151\164\171\040\055\040\107\065
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\057\000\156\315\027\160\146\347\137\243\202\012\171\037
+\005\256
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\071\060\202\004\041\240\003\002\001\002\002\020\057
+\000\156\315\027\160\146\347\137\243\202\012\171\037\005\256\060
+\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\201
+\312\061\013\060\011\006\003\125\004\006\023\002\125\123\061\027
+\060\025\006\003\125\004\012\023\016\126\145\162\151\123\151\147
+\156\054\040\111\156\143\056\061\037\060\035\006\003\125\004\013
+\023\026\126\145\162\151\123\151\147\156\040\124\162\165\163\164
+\040\116\145\164\167\157\162\153\061\072\060\070\006\003\125\004
+\013\023\061\050\143\051\040\062\060\060\066\040\126\145\162\151
+\123\151\147\156\054\040\111\156\143\056\040\055\040\106\157\162
+\040\141\165\164\150\157\162\151\172\145\144\040\165\163\145\040
+\157\156\154\171\061\105\060\103\006\003\125\004\003\023\074\126
+\145\162\151\123\151\147\156\040\103\154\141\163\163\040\063\040
+\120\165\142\154\151\143\040\120\162\151\155\141\162\171\040\103
+\145\162\164\151\146\151\143\141\164\151\157\156\040\101\165\164
+\150\157\162\151\164\171\040\055\040\107\065\060\036\027\015\060
+\071\060\063\062\066\060\060\060\060\060\060\132\027\015\061\071
+\060\063\062\064\062\063\065\071\065\071\132\060\201\265\061\013
+\060\011\006\003\125\004\006\023\002\125\123\061\027\060\025\006
+\003\125\004\012\023\016\126\145\162\151\123\151\147\156\054\040
+\111\156\143\056\061\037\060\035\006\003\125\004\013\023\026\126
+\145\162\151\123\151\147\156\040\124\162\165\163\164\040\116\145
+\164\167\157\162\153\061\073\060\071\006\003\125\004\013\023\062
+\124\145\162\155\163\040\157\146\040\165\163\145\040\141\164\040
+\150\164\164\160\163\072\057\057\167\167\167\056\166\145\162\151
+\163\151\147\156\056\143\157\155\057\162\160\141\040\050\143\051
+\060\071\061\057\060\055\006\003\125\004\003\023\046\126\145\162
+\151\123\151\147\156\040\103\154\141\163\163\040\063\040\123\145
+\143\165\162\145\040\123\145\162\166\145\162\040\103\101\040\055
+\040\107\062\060\202\001\042\060\015\006\011\052\206\110\206\367
+\015\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002
+\202\001\001\000\324\126\217\127\073\067\050\246\100\143\322\225
+\325\005\164\332\265\031\152\226\326\161\127\057\342\300\064\214
+\240\225\263\214\341\067\044\363\056\355\103\105\005\216\211\327
+\372\332\112\265\370\076\215\116\307\371\111\120\105\067\100\237
+\164\252\240\121\125\141\361\140\204\211\245\236\200\215\057\260
+\041\252\105\202\304\317\264\024\177\107\025\040\050\202\260\150
+\022\300\256\134\007\327\366\131\314\313\142\126\134\115\111\377
+\046\210\253\124\121\072\057\112\332\016\230\342\211\162\271\374
+\367\150\074\304\037\071\172\313\027\201\363\014\255\017\334\141
+\142\033\020\013\004\036\051\030\161\136\142\313\103\336\276\061
+\272\161\002\031\116\046\251\121\332\214\144\151\003\336\234\375
+\175\375\173\141\274\374\204\174\210\134\264\303\173\355\137\053
+\106\022\361\375\000\001\232\213\133\351\243\005\056\217\056\133
+\336\363\033\170\370\146\221\010\300\136\316\325\260\066\312\324
+\250\173\240\175\371\060\172\277\370\335\031\121\053\040\272\376
+\247\317\241\116\260\147\365\200\252\053\203\056\322\216\124\211
+\216\036\051\013\002\003\001\000\001\243\202\001\054\060\202\001
+\050\060\022\006\003\125\035\023\001\001\377\004\010\060\006\001
+\001\377\002\001\000\060\016\006\003\125\035\017\001\001\377\004
+\004\003\002\001\006\060\051\006\003\125\035\021\004\042\060\040
+\244\036\060\034\061\032\060\030\006\003\125\004\003\023\021\103
+\154\141\163\163\063\103\101\062\060\064\070\055\061\055\065\062
+\060\035\006\003\125\035\016\004\026\004\024\245\357\013\021\316
+\300\101\003\243\112\145\220\110\262\034\340\127\055\175\107\060
+\146\006\003\125\035\040\004\137\060\135\060\133\006\013\140\206
+\110\001\206\370\105\001\007\027\003\060\114\060\043\006\010\053
+\006\001\005\005\007\002\001\026\027\150\164\164\160\163\072\057
+\057\144\056\163\171\155\143\142\056\143\157\155\057\143\160\163
+\060\045\006\010\053\006\001\005\005\007\002\002\060\031\032\027
+\150\164\164\160\163\072\057\057\144\056\163\171\155\143\142\056
+\143\157\155\057\162\160\141\060\057\006\003\125\035\037\004\050
+\060\046\060\044\240\042\240\040\206\036\150\164\164\160\072\057
+\057\163\056\163\171\155\143\142\056\143\157\155\057\160\143\141
+\063\055\147\065\056\143\162\154\060\037\006\003\125\035\043\004
+\030\060\026\200\024\177\323\145\247\302\335\354\273\360\060\011
+\363\103\071\372\002\257\063\061\063\060\015\006\011\052\206\110
+\206\367\015\001\001\005\005\000\003\202\001\001\000\053\216\024
+\314\354\206\010\140\067\213\154\145\211\045\041\336\057\122\242
+\007\236\130\323\263\026\170\001\231\121\225\264\023\167\314\167
+\335\013\134\201\067\326\276\366\142\326\004\067\013\030\163\232
+\323\366\301\242\036\155\234\273\214\021\346\076\022\136\007\137
+\013\203\134\164\002\340\120\364\261\046\033\155\306\350\351\277
+\115\271\001\025\031\354\120\232\371\021\360\201\130\103\054\115
+\021\100\263\132\106\010\246\136\163\241\210\022\065\214\377\003
+\072\275\326\235\372\347\334\226\271\032\144\076\304\375\331\012
+\266\145\236\272\245\250\130\374\073\042\360\242\127\356\212\127
+\107\234\167\307\045\341\254\064\005\115\363\202\176\101\043\272
+\264\127\363\347\306\001\145\327\115\211\231\034\151\115\136\170
+\366\353\162\161\075\262\304\225\001\237\135\014\267\057\045\246
+\134\171\101\357\236\304\147\074\241\235\177\161\072\320\225\227
+\354\170\102\164\230\156\276\076\150\114\127\074\250\223\101\207
+\013\344\271\257\221\373\120\114\014\272\300\044\047\321\025\333
+\145\110\041\012\057\327\334\176\240\314\145\176\171
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "VeriSign-C3SSA-G2-temporary-intermediate-after-1024bit-removal"
+# Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU="(c) 2006 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
+# Serial Number:2f:00:6e:cd:17:70:66:e7:5f:a3:82:0a:79:1f:05:ae
+# Subject: CN=VeriSign Class 3 Secure Server CA - G2,OU=Terms of use at https://www.verisign.com/rpa (c)09,OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
+# Not Valid Before: Thu Mar 26 00:00:00 2009
+# Not Valid After : Sun Mar 24 23:59:59 2019
+# Fingerprint (SHA-256): 0A:41:51:D5:E5:8B:84:B8:AC:E5:3A:5C:12:12:2A:C9:59:CD:69:91:FB:B3:8E:99:B5:76:C0:AB:DA:C3:58:14
+# Fingerprint (SHA1): 76:44:59:78:1B:AC:B0:47:63:A5:D0:A1:58:91:65:26:1F:29:8E:3B
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "VeriSign-C3SSA-G2-temporary-intermediate-after-1024bit-removal"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\166\104\131\170\033\254\260\107\143\245\320\241\130\221\145\046
+\037\051\216\073
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\277\022\155\372\174\325\133\046\171\072\215\252\021\357\057\134
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\312\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123
+\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125
+\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165
+\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003
+\125\004\013\023\061\050\143\051\040\062\060\060\066\040\126\145
+\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106
+\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163
+\145\040\157\156\154\171\061\105\060\103\006\003\125\004\003\023
+\074\126\145\162\151\123\151\147\156\040\103\154\141\163\163\040
+\063\040\120\165\142\154\151\143\040\120\162\151\155\141\162\171
+\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101
+\165\164\150\157\162\151\164\171\040\055\040\107\065
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\057\000\156\315\027\160\146\347\137\243\202\012\171\037
+\005\256
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
 # Certificate "Staat der Nederlanden Root CA - G3"
 #
 # Issuer: CN=Staat der Nederlanden Root CA - G3,O=Staat der Nederlanden,C=NL
@@ -18509,6 +23818,149 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
+# Certificate "Explicitly Distrusted MCSHOLDING CA"
+#
+# Issuer: CN=CNNIC ROOT,O=CNNIC,C=CN
+# Serial Number: 1228079246 (0x4933008e)
+# Subject: CN=MCSHOLDING TEST,O=MCSHOLDING,C=EG
+# Not Valid Before: Thu Mar 19 06:20:09 2015
+# Not Valid After : Fri Apr 03 06:20:09 2015
+# Fingerprint (SHA-256): 27:40:D9:56:B1:12:7B:79:1A:A1:B3:CC:64:4A:4D:BE:DB:A7:61:86:A2:36:38:B9:51:02:35:1A:83:4E:A8:61
+# Fingerprint (SHA1): E1:F3:59:1E:76:98:65:C4:E4:47:AC:C3:7E:AF:C9:E2:BF:E4:C5:76
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Explicitly Distrusted MCSHOLDING CA"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\074\061\013\060\011\006\003\125\004\006\023\002\105\107\061
+\023\060\021\006\003\125\004\012\014\012\115\103\123\110\117\114
+\104\111\116\107\061\030\060\026\006\003\125\004\003\014\017\115
+\103\123\110\117\114\104\111\116\107\040\124\105\123\124
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\062\061\013\060\011\006\003\125\004\006\023\002\103\116\061
+\016\060\014\006\003\125\004\012\023\005\103\116\116\111\103\061
+\023\060\021\006\003\125\004\003\023\012\103\116\116\111\103\040
+\122\117\117\124
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\004\111\063\000\216
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\004\222\060\202\003\172\240\003\002\001\002\002\004\111
+\063\000\216\060\015\006\011\052\206\110\206\367\015\001\001\013
+\005\000\060\062\061\013\060\011\006\003\125\004\006\023\002\103
+\116\061\016\060\014\006\003\125\004\012\023\005\103\116\116\111
+\103\061\023\060\021\006\003\125\004\003\023\012\103\116\116\111
+\103\040\122\117\117\124\060\036\027\015\061\065\060\063\061\071
+\060\066\062\060\060\071\132\027\015\061\065\060\064\060\063\060
+\066\062\060\060\071\132\060\074\061\013\060\011\006\003\125\004
+\006\023\002\105\107\061\023\060\021\006\003\125\004\012\014\012
+\115\103\123\110\117\114\104\111\116\107\061\030\060\026\006\003
+\125\004\003\014\017\115\103\123\110\117\114\104\111\116\107\040
+\124\105\123\124\060\202\001\042\060\015\006\011\052\206\110\206
+\367\015\001\001\001\005\000\003\202\001\017\000\060\202\001\012
+\002\202\001\001\000\245\371\165\014\006\256\356\014\021\315\226
+\063\115\153\316\300\112\014\075\135\353\322\113\011\177\347\107
+\054\254\161\000\371\010\257\064\361\243\152\307\374\346\253\316
+\320\276\312\315\052\230\230\271\320\216\063\111\007\141\040\321
+\132\064\316\203\024\006\171\216\032\277\333\344\240\070\072\356
+\224\271\243\240\130\072\211\024\254\140\076\003\324\307\315\073
+\034\260\232\210\032\111\020\251\260\262\375\345\350\341\004\342
+\352\202\155\376\014\121\105\221\255\165\042\256\377\117\220\013
+\300\123\145\167\076\036\302\126\265\066\306\326\205\314\016\203
+\032\063\037\166\231\133\053\227\053\213\327\321\024\025\114\235
+\131\327\200\057\244\242\205\325\210\066\002\140\125\312\130\337
+\223\374\112\142\007\226\323\304\372\277\215\001\047\227\057\246
+\134\164\361\072\102\156\135\171\024\060\061\032\074\331\262\127
+\115\340\270\077\017\151\061\242\235\145\231\331\326\061\207\265
+\230\046\337\360\313\273\025\300\044\023\142\122\032\153\313\105
+\007\227\343\304\224\136\311\015\107\054\351\317\351\364\217\376
+\065\341\062\347\061\002\003\001\000\001\243\202\001\244\060\202
+\001\240\060\166\006\010\053\006\001\005\005\007\001\001\004\152
+\060\150\060\051\006\010\053\006\001\005\005\007\060\001\206\035
+\150\164\164\160\072\057\057\157\143\163\160\143\156\156\151\143
+\162\157\157\164\056\143\156\156\151\143\056\143\156\060\073\006
+\010\053\006\001\005\005\007\060\002\206\057\150\164\164\160\072
+\057\057\167\167\167\056\143\156\156\151\143\056\143\156\057\144
+\157\167\156\154\157\141\144\057\143\145\162\164\057\103\116\116
+\111\103\122\117\117\124\056\143\145\162\060\037\006\003\125\035
+\043\004\030\060\026\200\024\145\362\061\255\052\367\367\335\122
+\226\012\307\002\301\016\357\246\325\073\021\060\017\006\003\125
+\035\023\001\001\377\004\005\060\003\001\001\377\060\077\006\003
+\125\035\040\004\070\060\066\060\064\006\012\053\006\001\004\001
+\201\351\014\001\006\060\046\060\044\006\010\053\006\001\005\005
+\007\002\001\026\030\150\164\164\160\072\057\057\167\167\167\056
+\143\156\156\151\143\056\143\156\057\143\160\163\057\060\201\206
+\006\003\125\035\037\004\177\060\175\060\102\240\100\240\076\244
+\074\060\072\061\013\060\011\006\003\125\004\006\023\002\103\116
+\061\016\060\014\006\003\125\004\012\014\005\103\116\116\111\103
+\061\014\060\012\006\003\125\004\013\014\003\143\162\154\061\015
+\060\013\006\003\125\004\003\014\004\143\162\154\061\060\067\240
+\065\240\063\206\061\150\164\164\160\072\057\057\143\162\154\056
+\143\156\156\151\143\056\143\156\057\144\157\167\156\154\157\141
+\144\057\162\157\157\164\163\150\141\062\143\162\154\057\103\122
+\114\061\056\143\162\154\060\013\006\003\125\035\017\004\004\003
+\002\001\006\060\035\006\003\125\035\016\004\026\004\024\104\244
+\211\253\024\137\075\157\040\074\252\174\372\031\256\364\110\140
+\005\265\060\015\006\011\052\206\110\206\367\015\001\001\013\005
+\000\003\202\001\001\000\134\264\365\123\233\117\271\340\204\211
+\061\276\236\056\352\236\041\113\245\217\155\241\246\363\057\110
+\353\351\333\255\036\061\200\320\171\073\020\357\232\044\367\223
+\033\065\363\032\302\307\302\054\012\177\157\133\361\137\163\221
+\004\373\015\171\015\351\032\006\326\203\375\116\140\235\154\222
+\103\114\352\144\230\104\253\327\373\107\320\257\037\144\114\342
+\335\167\150\026\302\054\241\240\201\227\000\102\037\176\040\170
+\350\306\120\035\013\177\025\223\131\130\100\024\204\360\247\220
+\153\066\005\147\352\177\042\155\273\321\245\046\115\263\060\244
+\130\324\133\265\032\214\120\214\270\015\341\240\007\263\017\130
+\316\327\005\265\175\065\171\157\242\333\014\000\052\150\044\214
+\176\234\301\166\111\272\174\146\021\336\362\107\316\376\320\316
+\125\276\010\332\362\171\046\052\025\071\316\153\030\246\337\330
+\207\050\231\224\016\055\150\241\232\316\122\066\234\053\354\264
+\150\263\154\025\254\313\160\102\362\304\101\245\310\374\041\170
+\123\167\062\040\251\041\114\162\342\323\262\311\166\033\030\130
+\102\013\102\222\263\344
+END
+
+# Distrust "Explicitly Distrusted MCSHOLDING CA"
+# Issuer: CN=CNNIC ROOT,O=CNNIC,C=CN
+# Serial Number: 1228079246 (0x4933008e)
+# Subject: CN=MCSHOLDING TEST,O=MCSHOLDING,C=EG
+# Not Valid Before: Thu Mar 19 06:20:09 2015
+# Not Valid After : Fri Apr 03 06:20:09 2015
+# Fingerprint (SHA-256): 27:40:D9:56:B1:12:7B:79:1A:A1:B3:CC:64:4A:4D:BE:DB:A7:61:86:A2:36:38:B9:51:02:35:1A:83:4E:A8:61
+# Fingerprint (SHA1): E1:F3:59:1E:76:98:65:C4:E4:47:AC:C3:7E:AF:C9:E2:BF:E4:C5:76
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Explicitly Distrusted MCSHOLDING CA"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\341\363\131\036\166\230\145\304\344\107\254\303\176\257\311\342
+\277\344\305\166
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\366\212\253\024\076\326\060\045\267\111\015\167\205\160\231\313
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\062\061\013\060\011\006\003\125\004\006\023\002\103\116\061
+\016\060\014\006\003\125\004\012\023\005\103\116\116\111\103\061
+\023\060\021\006\003\125\004\003\023\012\103\116\116\111\103\040
+\122\117\117\124
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\004\111\063\000\216
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
 # Certificate "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5"
 #
 # Issuer: CN=T..RKTRUST Elektronik Sertifika Hizmet Sa..lay..c..s.. H5,O=T..RKTRUST Bilgi ..leti..im ve Bili..im G..venli..i Hizmetleri A....,L=Ankara,C=TR
@@ -18977,6 +24429,248 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
+# Certificate "Certification Authority of WoSign G2"
+#
+# Issuer: CN=Certification Authority of WoSign G2,O=WoSign CA Limited,C=CN
+# Serial Number:6b:25:da:8a:88:9d:7c:bc:0f:05:b3:b1:7a:61:45:44
+# Subject: CN=Certification Authority of WoSign G2,O=WoSign CA Limited,C=CN
+# Not Valid Before: Sat Nov 08 00:58:58 2014
+# Not Valid After : Tue Nov 08 00:58:58 2044
+# Fingerprint (SHA-256): D4:87:A5:6F:83:B0:74:82:E8:5E:96:33:94:C1:EC:C2:C9:E5:1D:09:03:EE:94:6B:02:C3:01:58:1E:D9:9E:16
+# Fingerprint (SHA1): FB:ED:DC:90:65:B7:27:20:37:BC:55:0C:9C:56:DE:BB:F2:78:94:E1
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Certification Authority of WoSign G2"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\130\061\013\060\011\006\003\125\004\006\023\002\103\116\061
+\032\060\030\006\003\125\004\012\023\021\127\157\123\151\147\156
+\040\103\101\040\114\151\155\151\164\145\144\061\055\060\053\006
+\003\125\004\003\023\044\103\145\162\164\151\146\151\143\141\164
+\151\157\156\040\101\165\164\150\157\162\151\164\171\040\157\146
+\040\127\157\123\151\147\156\040\107\062
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\130\061\013\060\011\006\003\125\004\006\023\002\103\116\061
+\032\060\030\006\003\125\004\012\023\021\127\157\123\151\147\156
+\040\103\101\040\114\151\155\151\164\145\144\061\055\060\053\006
+\003\125\004\003\023\044\103\145\162\164\151\146\151\143\141\164
+\151\157\156\040\101\165\164\150\157\162\151\164\171\040\157\146
+\040\127\157\123\151\147\156\040\107\062
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\153\045\332\212\210\235\174\274\017\005\263\261\172\141
+\105\104
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\003\174\060\202\002\144\240\003\002\001\002\002\020\153
+\045\332\212\210\235\174\274\017\005\263\261\172\141\105\104\060
+\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060\130
+\061\013\060\011\006\003\125\004\006\023\002\103\116\061\032\060
+\030\006\003\125\004\012\023\021\127\157\123\151\147\156\040\103
+\101\040\114\151\155\151\164\145\144\061\055\060\053\006\003\125
+\004\003\023\044\103\145\162\164\151\146\151\143\141\164\151\157
+\156\040\101\165\164\150\157\162\151\164\171\040\157\146\040\127
+\157\123\151\147\156\040\107\062\060\036\027\015\061\064\061\061
+\060\070\060\060\065\070\065\070\132\027\015\064\064\061\061\060
+\070\060\060\065\070\065\070\132\060\130\061\013\060\011\006\003
+\125\004\006\023\002\103\116\061\032\060\030\006\003\125\004\012
+\023\021\127\157\123\151\147\156\040\103\101\040\114\151\155\151
+\164\145\144\061\055\060\053\006\003\125\004\003\023\044\103\145
+\162\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150
+\157\162\151\164\171\040\157\146\040\127\157\123\151\147\156\040
+\107\062\060\202\001\042\060\015\006\011\052\206\110\206\367\015
+\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002\202
+\001\001\000\276\305\304\240\042\200\111\117\277\331\207\021\306
+\123\341\273\017\275\140\177\257\366\202\016\037\334\260\216\075
+\227\340\120\074\217\072\357\146\073\105\007\233\040\370\343\327
+\045\206\065\220\026\242\135\157\060\031\010\207\013\177\006\262
+\235\142\217\336\257\222\245\140\324\053\200\232\122\077\365\232
+\203\351\064\132\313\331\325\142\134\346\016\340\337\006\230\016
+\200\174\312\264\035\023\210\153\016\250\044\167\003\320\356\133
+\363\312\151\221\065\071\126\305\155\343\367\075\117\136\223\070
+\044\312\030\351\044\313\222\003\335\314\034\075\011\160\344\040
+\344\361\256\254\273\163\151\243\143\072\017\105\017\241\112\232
+\302\321\143\254\313\020\370\075\346\116\050\267\353\304\225\261
+\254\375\136\253\372\101\313\135\235\113\334\364\174\166\357\147
+\177\000\172\215\322\240\032\134\115\042\341\265\332\335\166\263
+\324\166\337\136\270\213\230\310\024\124\314\153\027\222\267\340
+\112\277\111\224\141\013\070\220\217\135\044\154\045\173\073\171
+\331\342\176\235\255\237\230\241\006\374\170\024\140\127\370\356
+\200\167\261\002\003\001\000\001\243\102\060\100\060\016\006\003
+\125\035\017\001\001\377\004\004\003\002\001\006\060\017\006\003
+\125\035\023\001\001\377\004\005\060\003\001\001\377\060\035\006
+\003\125\035\016\004\026\004\024\372\140\251\353\145\305\335\026
+\024\010\116\014\017\215\233\340\367\144\257\147\060\015\006\011
+\052\206\110\206\367\015\001\001\013\005\000\003\202\001\001\000
+\127\303\172\066\202\234\215\230\342\253\100\252\107\217\307\247
+\133\355\174\347\075\146\132\073\061\273\337\363\026\063\221\374
+\174\173\245\302\246\146\343\252\260\267\047\230\077\111\327\140
+\147\147\077\066\117\112\313\361\024\372\132\207\050\034\355\217
+\101\062\306\225\371\175\332\275\173\133\302\260\041\343\217\106
+\334\041\070\103\164\114\373\060\370\027\162\301\062\374\310\221
+\027\304\314\130\067\116\013\314\132\367\041\065\050\203\154\140
+\055\104\353\122\214\120\075\265\154\022\327\372\011\273\154\262
+\112\261\305\211\344\374\323\122\330\141\027\376\172\224\204\217
+\171\266\063\131\272\017\304\013\342\160\240\113\170\056\372\310
+\237\375\257\221\145\012\170\070\025\345\227\027\024\335\371\340
+\054\064\370\070\320\204\042\000\300\024\121\030\053\002\334\060
+\132\360\350\001\174\065\072\043\257\010\344\257\252\216\050\102
+\111\056\360\365\231\064\276\355\017\113\030\341\322\044\074\273
+\135\107\267\041\362\215\321\012\231\216\343\156\076\255\160\340
+\217\271\312\314\156\201\061\366\173\234\172\171\344\147\161\030
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "Certification Authority of WoSign G2"
+# Issuer: CN=Certification Authority of WoSign G2,O=WoSign CA Limited,C=CN
+# Serial Number:6b:25:da:8a:88:9d:7c:bc:0f:05:b3:b1:7a:61:45:44
+# Subject: CN=Certification Authority of WoSign G2,O=WoSign CA Limited,C=CN
+# Not Valid Before: Sat Nov 08 00:58:58 2014
+# Not Valid After : Tue Nov 08 00:58:58 2044
+# Fingerprint (SHA-256): D4:87:A5:6F:83:B0:74:82:E8:5E:96:33:94:C1:EC:C2:C9:E5:1D:09:03:EE:94:6B:02:C3:01:58:1E:D9:9E:16
+# Fingerprint (SHA1): FB:ED:DC:90:65:B7:27:20:37:BC:55:0C:9C:56:DE:BB:F2:78:94:E1
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Certification Authority of WoSign G2"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\373\355\334\220\145\267\047\040\067\274\125\014\234\126\336\273
+\362\170\224\341
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\310\034\175\031\252\313\161\223\362\120\370\122\250\036\272\140
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\130\061\013\060\011\006\003\125\004\006\023\002\103\116\061
+\032\060\030\006\003\125\004\012\023\021\127\157\123\151\147\156
+\040\103\101\040\114\151\155\151\164\145\144\061\055\060\053\006
+\003\125\004\003\023\044\103\145\162\164\151\146\151\143\141\164
+\151\157\156\040\101\165\164\150\157\162\151\164\171\040\157\146
+\040\127\157\123\151\147\156\040\107\062
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\153\045\332\212\210\235\174\274\017\005\263\261\172\141
+\105\104
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "CA WoSign ECC Root"
+#
+# Issuer: CN=CA WoSign ECC Root,O=WoSign CA Limited,C=CN
+# Serial Number:68:4a:58:70:80:6b:f0:8f:02:fa:f6:de:e8:b0:90:90
+# Subject: CN=CA WoSign ECC Root,O=WoSign CA Limited,C=CN
+# Not Valid Before: Sat Nov 08 00:58:58 2014
+# Not Valid After : Tue Nov 08 00:58:58 2044
+# Fingerprint (SHA-256): 8B:45:DA:1C:06:F7:91:EB:0C:AB:F2:6B:E5:88:F5:FB:23:16:5C:2E:61:4B:F8:85:56:2D:0D:CE:50:B2:9B:02
+# Fingerprint (SHA1): D2:7A:D2:BE:ED:94:C0:A1:3C:C7:25:21:EA:5D:71:BE:81:19:F3:2B
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "CA WoSign ECC Root"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\106\061\013\060\011\006\003\125\004\006\023\002\103\116\061
+\032\060\030\006\003\125\004\012\023\021\127\157\123\151\147\156
+\040\103\101\040\114\151\155\151\164\145\144\061\033\060\031\006
+\003\125\004\003\023\022\103\101\040\127\157\123\151\147\156\040
+\105\103\103\040\122\157\157\164
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\106\061\013\060\011\006\003\125\004\006\023\002\103\116\061
+\032\060\030\006\003\125\004\012\023\021\127\157\123\151\147\156
+\040\103\101\040\114\151\155\151\164\145\144\061\033\060\031\006
+\003\125\004\003\023\022\103\101\040\127\157\123\151\147\156\040
+\105\103\103\040\122\157\157\164
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\150\112\130\160\200\153\360\217\002\372\366\336\350\260
+\220\220
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\002\011\060\202\001\217\240\003\002\001\002\002\020\150
+\112\130\160\200\153\360\217\002\372\366\336\350\260\220\220\060
+\012\006\010\052\206\110\316\075\004\003\003\060\106\061\013\060
+\011\006\003\125\004\006\023\002\103\116\061\032\060\030\006\003
+\125\004\012\023\021\127\157\123\151\147\156\040\103\101\040\114
+\151\155\151\164\145\144\061\033\060\031\006\003\125\004\003\023
+\022\103\101\040\127\157\123\151\147\156\040\105\103\103\040\122
+\157\157\164\060\036\027\015\061\064\061\061\060\070\060\060\065
+\070\065\070\132\027\015\064\064\061\061\060\070\060\060\065\070
+\065\070\132\060\106\061\013\060\011\006\003\125\004\006\023\002
+\103\116\061\032\060\030\006\003\125\004\012\023\021\127\157\123
+\151\147\156\040\103\101\040\114\151\155\151\164\145\144\061\033
+\060\031\006\003\125\004\003\023\022\103\101\040\127\157\123\151
+\147\156\040\105\103\103\040\122\157\157\164\060\166\060\020\006
+\007\052\206\110\316\075\002\001\006\005\053\201\004\000\042\003
+\142\000\004\341\375\216\270\103\044\253\226\173\205\302\272\013
+\255\215\340\072\343\044\271\322\261\276\210\072\312\277\112\270
+\371\357\054\057\257\121\120\074\107\165\154\370\224\267\233\374
+\050\036\305\124\314\143\235\026\113\123\301\347\040\253\315\254
+\045\322\177\217\302\301\132\202\136\060\213\172\124\316\003\265
+\221\177\252\224\320\321\212\110\314\202\005\046\241\325\121\022
+\326\173\066\243\102\060\100\060\016\006\003\125\035\017\001\001
+\377\004\004\003\002\001\006\060\017\006\003\125\035\023\001\001
+\377\004\005\060\003\001\001\377\060\035\006\003\125\035\016\004
+\026\004\024\252\375\325\132\243\366\207\213\062\205\375\321\062
+\133\200\105\223\363\003\270\060\012\006\010\052\206\110\316\075
+\004\003\003\003\150\000\060\145\002\061\000\344\244\204\260\201
+\325\075\260\164\254\224\244\350\016\075\000\164\114\241\227\153
+\371\015\121\074\241\331\073\364\015\253\251\237\276\116\162\312
+\205\324\331\354\265\062\105\030\157\253\255\002\060\175\307\367
+\151\143\057\241\341\230\357\023\020\321\171\077\321\376\352\073
+\177\336\126\364\220\261\025\021\330\262\042\025\320\057\303\046
+\056\153\361\221\262\220\145\364\232\346\220\356\112
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "CA WoSign ECC Root"
+# Issuer: CN=CA WoSign ECC Root,O=WoSign CA Limited,C=CN
+# Serial Number:68:4a:58:70:80:6b:f0:8f:02:fa:f6:de:e8:b0:90:90
+# Subject: CN=CA WoSign ECC Root,O=WoSign CA Limited,C=CN
+# Not Valid Before: Sat Nov 08 00:58:58 2014
+# Not Valid After : Tue Nov 08 00:58:58 2044
+# Fingerprint (SHA-256): 8B:45:DA:1C:06:F7:91:EB:0C:AB:F2:6B:E5:88:F5:FB:23:16:5C:2E:61:4B:F8:85:56:2D:0D:CE:50:B2:9B:02
+# Fingerprint (SHA1): D2:7A:D2:BE:ED:94:C0:A1:3C:C7:25:21:EA:5D:71:BE:81:19:F3:2B
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "CA WoSign ECC Root"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\322\172\322\276\355\224\300\241\074\307\045\041\352\135\161\276
+\201\031\363\053
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\200\306\123\356\141\202\050\162\360\377\041\271\027\312\262\040
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\106\061\013\060\011\006\003\125\004\006\023\002\103\116\061
+\032\060\030\006\003\125\004\012\023\021\127\157\123\151\147\156
+\040\103\101\040\114\151\155\151\164\145\144\061\033\060\031\006
+\003\125\004\003\023\022\103\101\040\127\157\123\151\147\156\040
+\105\103\103\040\122\157\157\164
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\150\112\130\160\200\153\360\217\002\372\366\336\350\260
+\220\220
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
 # Certificate "SZAFIR ROOT CA2"
 #
 # Issuer: CN=SZAFIR ROOT CA2,O=Krajowa Izba Rozliczeniowa S.A.,C=PL
@@ -22179,1284 +27873,3 @@ CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-
-#
-# Certificate "GDCA TrustAUTH R5 ROOT"
-#
-# Issuer: CN=GDCA TrustAUTH R5 ROOT,O="GUANG DONG CERTIFICATE AUTHORITY CO.,LTD.",C=CN
-# Serial Number:7d:09:97:fe:f0:47:ea:7a
-# Subject: CN=GDCA TrustAUTH R5 ROOT,O="GUANG DONG CERTIFICATE AUTHORITY CO.,LTD.",C=CN
-# Not Valid Before: Wed Nov 26 05:13:15 2014
-# Not Valid After : Mon Dec 31 15:59:59 2040
-# Fingerprint (SHA-256): BF:FF:8F:D0:44:33:48:7D:6A:8A:A6:0C:1A:29:76:7A:9F:C2:BB:B0:5E:42:0F:71:3A:13:B9:92:89:1D:38:93
-# Fingerprint (SHA1): 0F:36:38:5B:81:1A:25:C3:9B:31:4E:83:CA:E9:34:66:70:CC:74:B4
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "GDCA TrustAUTH R5 ROOT"
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-CKA_SUBJECT MULTILINE_OCTAL
-\060\142\061\013\060\011\006\003\125\004\006\023\002\103\116\061
-\062\060\060\006\003\125\004\012\014\051\107\125\101\116\107\040
-\104\117\116\107\040\103\105\122\124\111\106\111\103\101\124\105
-\040\101\125\124\110\117\122\111\124\131\040\103\117\056\054\114
-\124\104\056\061\037\060\035\006\003\125\004\003\014\026\107\104
-\103\101\040\124\162\165\163\164\101\125\124\110\040\122\065\040
-\122\117\117\124
-END
-CKA_ID UTF8 "0"
-CKA_ISSUER MULTILINE_OCTAL
-\060\142\061\013\060\011\006\003\125\004\006\023\002\103\116\061
-\062\060\060\006\003\125\004\012\014\051\107\125\101\116\107\040
-\104\117\116\107\040\103\105\122\124\111\106\111\103\101\124\105
-\040\101\125\124\110\117\122\111\124\131\040\103\117\056\054\114
-\124\104\056\061\037\060\035\006\003\125\004\003\014\026\107\104
-\103\101\040\124\162\165\163\164\101\125\124\110\040\122\065\040
-\122\117\117\124
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\010\175\011\227\376\360\107\352\172
-END
-CKA_VALUE MULTILINE_OCTAL
-\060\202\005\210\060\202\003\160\240\003\002\001\002\002\010\175
-\011\227\376\360\107\352\172\060\015\006\011\052\206\110\206\367
-\015\001\001\013\005\000\060\142\061\013\060\011\006\003\125\004
-\006\023\002\103\116\061\062\060\060\006\003\125\004\012\014\051
-\107\125\101\116\107\040\104\117\116\107\040\103\105\122\124\111
-\106\111\103\101\124\105\040\101\125\124\110\117\122\111\124\131
-\040\103\117\056\054\114\124\104\056\061\037\060\035\006\003\125
-\004\003\014\026\107\104\103\101\040\124\162\165\163\164\101\125
-\124\110\040\122\065\040\122\117\117\124\060\036\027\015\061\064
-\061\061\062\066\060\065\061\063\061\065\132\027\015\064\060\061
-\062\063\061\061\065\065\071\065\071\132\060\142\061\013\060\011
-\006\003\125\004\006\023\002\103\116\061\062\060\060\006\003\125
-\004\012\014\051\107\125\101\116\107\040\104\117\116\107\040\103
-\105\122\124\111\106\111\103\101\124\105\040\101\125\124\110\117
-\122\111\124\131\040\103\117\056\054\114\124\104\056\061\037\060
-\035\006\003\125\004\003\014\026\107\104\103\101\040\124\162\165
-\163\164\101\125\124\110\040\122\065\040\122\117\117\124\060\202
-\002\042\060\015\006\011\052\206\110\206\367\015\001\001\001\005
-\000\003\202\002\017\000\060\202\002\012\002\202\002\001\000\331
-\243\026\360\310\164\164\167\233\357\063\015\073\006\176\125\374
-\265\140\217\166\206\022\102\175\126\146\076\210\202\355\162\143
-\016\236\213\335\064\054\002\121\121\303\031\375\131\124\204\311
-\361\153\263\114\260\351\350\106\135\070\306\242\247\056\021\127
-\272\202\025\242\234\217\155\260\231\112\012\362\353\211\160\143
-\116\171\304\267\133\275\242\135\261\362\101\002\053\255\251\072
-\243\354\171\012\354\137\072\343\375\357\200\074\255\064\233\032
-\253\210\046\173\126\242\202\206\037\353\065\211\203\177\137\256
-\051\116\075\266\156\354\256\301\360\047\233\256\343\364\354\357
-\256\177\367\206\075\162\172\353\245\373\131\116\247\353\225\214
-\042\071\171\341\055\010\217\314\274\221\270\101\367\024\301\043
-\251\303\255\232\105\104\263\262\327\054\315\306\051\342\120\020
-\256\134\313\202\216\027\030\066\175\227\346\210\232\260\115\064
-\011\364\054\271\132\146\052\260\027\233\236\036\166\235\112\146
-\061\101\337\077\373\305\006\357\033\266\176\032\106\066\367\144
-\143\073\343\071\030\043\347\147\165\024\325\165\127\222\067\275
-\276\152\033\046\120\362\066\046\006\220\305\160\001\144\155\166
-\146\341\221\333\156\007\300\141\200\056\262\056\057\214\160\247
-\321\073\074\263\221\344\156\266\304\073\160\362\154\222\227\011
-\315\107\175\030\300\363\273\236\017\326\213\256\007\266\132\017
-\316\013\014\107\247\345\076\270\275\175\307\233\065\240\141\227
-\072\101\165\027\314\053\226\167\052\222\041\036\331\225\166\040
-\147\150\317\015\275\337\326\037\011\152\232\342\314\163\161\244
-\057\175\022\200\267\123\060\106\136\113\124\231\017\147\311\245
-\310\362\040\301\202\354\235\021\337\302\002\373\032\073\321\355
-\040\232\357\145\144\222\020\015\052\342\336\160\361\030\147\202
-\214\141\336\270\274\321\057\234\373\017\320\053\355\033\166\271
-\344\071\125\370\370\241\035\270\252\200\000\114\202\347\262\177
-\011\270\274\060\240\057\015\365\122\236\216\367\222\263\012\000
-\035\000\124\227\006\340\261\007\331\307\017\134\145\175\074\155
-\131\127\344\355\245\215\351\100\123\237\025\113\240\161\366\032
-\041\343\332\160\006\041\130\024\207\205\167\171\252\202\171\002
-\003\001\000\001\243\102\060\100\060\035\006\003\125\035\016\004
-\026\004\024\342\311\100\237\115\316\350\232\241\174\317\016\077
-\145\305\051\210\152\031\121\060\017\006\003\125\035\023\001\001
-\377\004\005\060\003\001\001\377\060\016\006\003\125\035\017\001
-\001\377\004\004\003\002\001\206\060\015\006\011\052\206\110\206
-\367\015\001\001\013\005\000\003\202\002\001\000\321\111\127\340
-\247\314\150\130\272\001\017\053\031\315\215\260\141\105\254\021
-\355\143\120\151\370\037\177\276\026\217\375\235\353\013\252\062
-\107\166\322\147\044\355\275\174\063\062\227\052\307\005\206\146
-\015\027\175\024\025\033\324\353\375\037\232\366\136\227\151\267
-\032\045\244\012\263\221\077\137\066\254\213\354\127\250\076\347
-\201\212\030\127\071\205\164\032\102\307\351\133\023\137\217\371
-\010\351\222\164\215\365\107\322\253\073\326\373\170\146\116\066
-\175\371\351\222\351\004\336\375\111\143\374\155\373\024\161\223
-\147\057\107\112\267\271\377\036\052\163\160\106\060\277\132\362
-\057\171\245\341\215\014\331\371\262\143\067\214\067\145\205\160
-\152\134\133\011\162\271\255\143\074\261\335\370\374\062\277\067
-\206\344\273\216\230\047\176\272\037\026\341\160\021\362\003\337
-\045\142\062\047\046\030\062\204\237\377\000\072\023\272\232\115
-\364\117\270\024\160\042\261\312\053\220\316\051\301\160\364\057
-\235\177\362\220\036\326\132\337\267\106\374\346\206\372\313\340
-\040\166\172\272\246\313\365\174\336\142\245\261\213\356\336\202
-\146\212\116\072\060\037\077\200\313\255\047\272\014\136\327\320
-\261\126\312\167\161\262\265\165\241\120\251\100\103\027\302\050
-\331\317\122\213\133\310\143\324\102\076\240\063\172\106\056\367
-\012\040\106\124\176\152\117\061\361\201\176\102\164\070\145\163
-\047\356\306\174\270\216\327\245\072\327\230\241\234\214\020\125
-\323\333\113\354\100\220\362\315\156\127\322\142\016\174\127\223
-\261\247\155\315\235\203\273\052\347\345\266\073\161\130\255\375
-\321\105\274\132\221\356\123\025\157\323\105\011\165\156\272\220
-\135\036\004\317\067\337\036\250\146\261\214\346\040\152\357\374
-\110\116\164\230\102\257\051\157\056\152\307\373\175\321\146\061
-\042\314\206\000\176\146\203\014\102\364\275\064\222\303\032\352
-\117\312\176\162\115\013\160\214\246\110\273\246\241\024\366\373
-\130\104\231\024\256\252\013\223\151\240\051\045\112\245\313\053
-\335\212\146\007\026\170\025\127\161\033\354\365\107\204\363\236
-\061\067\172\325\177\044\255\344\274\375\375\314\156\203\350\014
-\250\267\101\154\007\335\275\074\206\227\057\322
-END
-CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
-
-# Trust for "GDCA TrustAUTH R5 ROOT"
-# Issuer: CN=GDCA TrustAUTH R5 ROOT,O="GUANG DONG CERTIFICATE AUTHORITY CO.,LTD.",C=CN
-# Serial Number:7d:09:97:fe:f0:47:ea:7a
-# Subject: CN=GDCA TrustAUTH R5 ROOT,O="GUANG DONG CERTIFICATE AUTHORITY CO.,LTD.",C=CN
-# Not Valid Before: Wed Nov 26 05:13:15 2014
-# Not Valid After : Mon Dec 31 15:59:59 2040
-# Fingerprint (SHA-256): BF:FF:8F:D0:44:33:48:7D:6A:8A:A6:0C:1A:29:76:7A:9F:C2:BB:B0:5E:42:0F:71:3A:13:B9:92:89:1D:38:93
-# Fingerprint (SHA1): 0F:36:38:5B:81:1A:25:C3:9B:31:4E:83:CA:E9:34:66:70:CC:74:B4
-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "GDCA TrustAUTH R5 ROOT"
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\017\066\070\133\201\032\045\303\233\061\116\203\312\351\064\146
-\160\314\164\264
-END
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\143\314\331\075\064\065\134\157\123\243\342\010\160\110\037\264
-END
-CKA_ISSUER MULTILINE_OCTAL
-\060\142\061\013\060\011\006\003\125\004\006\023\002\103\116\061
-\062\060\060\006\003\125\004\012\014\051\107\125\101\116\107\040
-\104\117\116\107\040\103\105\122\124\111\106\111\103\101\124\105
-\040\101\125\124\110\117\122\111\124\131\040\103\117\056\054\114
-\124\104\056\061\037\060\035\006\003\125\004\003\014\026\107\104
-\103\101\040\124\162\165\163\164\101\125\124\110\040\122\065\040
-\122\117\117\124
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\010\175\011\227\376\360\107\352\172
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-
-#
-# Certificate "TrustCor RootCert CA-1"
-#
-# Issuer: CN=TrustCor RootCert CA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA
-# Serial Number:00:da:9b:ec:71:f3:03:b0:19
-# Subject: CN=TrustCor RootCert CA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA
-# Not Valid Before: Thu Feb 04 12:32:16 2016
-# Not Valid After : Mon Dec 31 17:23:16 2029
-# Fingerprint (SHA-256): D4:0E:9C:86:CD:8F:E4:68:C1:77:69:59:F4:9E:A7:74:FA:54:86:84:B6:C4:06:F3:90:92:61:F4:DC:E2:57:5C
-# Fingerprint (SHA1): FF:BD:CD:E7:82:C8:43:5E:3C:6F:26:86:5C:CA:A8:3A:45:5B:C3:0A
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "TrustCor RootCert CA-1"
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-CKA_SUBJECT MULTILINE_OCTAL
-\060\201\244\061\013\060\011\006\003\125\004\006\023\002\120\101
-\061\017\060\015\006\003\125\004\010\014\006\120\141\156\141\155
-\141\061\024\060\022\006\003\125\004\007\014\013\120\141\156\141
-\155\141\040\103\151\164\171\061\044\060\042\006\003\125\004\012
-\014\033\124\162\165\163\164\103\157\162\040\123\171\163\164\145
-\155\163\040\123\056\040\144\145\040\122\056\114\056\061\047\060
-\045\006\003\125\004\013\014\036\124\162\165\163\164\103\157\162
-\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164
-\150\157\162\151\164\171\061\037\060\035\006\003\125\004\003\014
-\026\124\162\165\163\164\103\157\162\040\122\157\157\164\103\145
-\162\164\040\103\101\055\061
-END
-CKA_ID UTF8 "0"
-CKA_ISSUER MULTILINE_OCTAL
-\060\201\244\061\013\060\011\006\003\125\004\006\023\002\120\101
-\061\017\060\015\006\003\125\004\010\014\006\120\141\156\141\155
-\141\061\024\060\022\006\003\125\004\007\014\013\120\141\156\141
-\155\141\040\103\151\164\171\061\044\060\042\006\003\125\004\012
-\014\033\124\162\165\163\164\103\157\162\040\123\171\163\164\145
-\155\163\040\123\056\040\144\145\040\122\056\114\056\061\047\060
-\045\006\003\125\004\013\014\036\124\162\165\163\164\103\157\162
-\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164
-\150\157\162\151\164\171\061\037\060\035\006\003\125\004\003\014
-\026\124\162\165\163\164\103\157\162\040\122\157\157\164\103\145
-\162\164\040\103\101\055\061
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\011\000\332\233\354\161\363\003\260\031
-END
-CKA_VALUE MULTILINE_OCTAL
-\060\202\004\060\060\202\003\030\240\003\002\001\002\002\011\000
-\332\233\354\161\363\003\260\031\060\015\006\011\052\206\110\206
-\367\015\001\001\013\005\000\060\201\244\061\013\060\011\006\003
-\125\004\006\023\002\120\101\061\017\060\015\006\003\125\004\010
-\014\006\120\141\156\141\155\141\061\024\060\022\006\003\125\004
-\007\014\013\120\141\156\141\155\141\040\103\151\164\171\061\044
-\060\042\006\003\125\004\012\014\033\124\162\165\163\164\103\157
-\162\040\123\171\163\164\145\155\163\040\123\056\040\144\145\040
-\122\056\114\056\061\047\060\045\006\003\125\004\013\014\036\124
-\162\165\163\164\103\157\162\040\103\145\162\164\151\146\151\143
-\141\164\145\040\101\165\164\150\157\162\151\164\171\061\037\060
-\035\006\003\125\004\003\014\026\124\162\165\163\164\103\157\162
-\040\122\157\157\164\103\145\162\164\040\103\101\055\061\060\036
-\027\015\061\066\060\062\060\064\061\062\063\062\061\066\132\027
-\015\062\071\061\062\063\061\061\067\062\063\061\066\132\060\201
-\244\061\013\060\011\006\003\125\004\006\023\002\120\101\061\017
-\060\015\006\003\125\004\010\014\006\120\141\156\141\155\141\061
-\024\060\022\006\003\125\004\007\014\013\120\141\156\141\155\141
-\040\103\151\164\171\061\044\060\042\006\003\125\004\012\014\033
-\124\162\165\163\164\103\157\162\040\123\171\163\164\145\155\163
-\040\123\056\040\144\145\040\122\056\114\056\061\047\060\045\006
-\003\125\004\013\014\036\124\162\165\163\164\103\157\162\040\103
-\145\162\164\151\146\151\143\141\164\145\040\101\165\164\150\157
-\162\151\164\171\061\037\060\035\006\003\125\004\003\014\026\124
-\162\165\163\164\103\157\162\040\122\157\157\164\103\145\162\164
-\040\103\101\055\061\060\202\001\042\060\015\006\011\052\206\110
-\206\367\015\001\001\001\005\000\003\202\001\017\000\060\202\001
-\012\002\202\001\001\000\277\216\267\225\342\302\046\022\153\063
-\031\307\100\130\012\253\131\252\215\000\243\374\200\307\120\173
-\216\324\040\046\272\062\022\330\043\124\111\045\020\042\230\235
-\106\322\301\311\236\116\033\056\054\016\070\363\032\045\150\034
-\246\132\005\346\036\213\110\277\230\226\164\076\151\312\351\265
-\170\245\006\274\325\000\136\011\012\362\047\172\122\374\055\325
-\261\352\264\211\141\044\363\032\023\333\251\317\122\355\014\044
-\272\271\236\354\176\000\164\372\223\255\154\051\222\256\121\264
-\273\323\127\277\263\363\250\215\234\364\044\113\052\326\231\236
-\364\236\376\300\176\102\072\347\013\225\123\332\267\150\016\220
-\114\373\160\077\217\112\054\224\363\046\335\143\151\251\224\330
-\020\116\305\107\010\220\231\033\027\115\271\154\156\357\140\225
-\021\216\041\200\265\275\240\163\330\320\262\167\304\105\352\132
-\046\373\146\166\166\370\006\037\141\155\017\125\305\203\267\020
-\126\162\006\007\245\363\261\032\003\005\144\016\235\132\212\326
-\206\160\033\044\336\376\050\212\053\320\152\260\374\172\242\334
-\262\171\016\213\145\017\002\003\001\000\001\243\143\060\141\060
-\035\006\003\125\035\016\004\026\004\024\356\153\111\074\172\077
-\015\343\261\011\267\212\310\253\031\237\163\063\120\347\060\037
-\006\003\125\035\043\004\030\060\026\200\024\356\153\111\074\172
-\077\015\343\261\011\267\212\310\253\031\237\163\063\120\347\060
-\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377
-\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001\206
-\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\003
-\202\001\001\000\045\030\324\221\217\023\356\217\036\035\021\123
-\332\055\104\051\031\240\036\153\061\236\115\016\236\255\075\134
-\101\157\225\053\044\241\171\230\072\070\066\373\273\146\236\110
-\377\220\220\357\075\324\270\233\264\207\165\077\040\233\316\162
-\317\241\125\301\115\144\242\031\006\241\007\063\014\013\051\345
-\361\352\253\243\354\265\012\164\220\307\175\162\362\327\134\237
-\221\357\221\213\267\334\355\146\242\317\216\146\073\274\237\072
-\002\340\047\335\026\230\300\225\324\012\244\344\201\232\165\224
-\065\234\220\137\210\067\006\255\131\225\012\260\321\147\323\031
-\312\211\347\062\132\066\034\076\202\250\132\223\276\306\320\144
-\221\266\317\331\266\030\317\333\176\322\145\243\246\304\216\027
-\061\301\373\176\166\333\323\205\343\130\262\167\172\166\073\154
-\057\120\034\347\333\366\147\171\037\365\202\225\232\007\247\024
-\257\217\334\050\041\147\011\322\326\115\132\034\031\034\216\167
-\134\303\224\044\075\062\153\113\176\324\170\224\203\276\067\115
-\316\137\307\036\116\074\340\211\063\225\013\017\245\062\326\074
-\132\171\054\031
-END
-CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
-
-# Trust for "TrustCor RootCert CA-1"
-# Issuer: CN=TrustCor RootCert CA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA
-# Serial Number:00:da:9b:ec:71:f3:03:b0:19
-# Subject: CN=TrustCor RootCert CA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA
-# Not Valid Before: Thu Feb 04 12:32:16 2016
-# Not Valid After : Mon Dec 31 17:23:16 2029
-# Fingerprint (SHA-256): D4:0E:9C:86:CD:8F:E4:68:C1:77:69:59:F4:9E:A7:74:FA:54:86:84:B6:C4:06:F3:90:92:61:F4:DC:E2:57:5C
-# Fingerprint (SHA1): FF:BD:CD:E7:82:C8:43:5E:3C:6F:26:86:5C:CA:A8:3A:45:5B:C3:0A
-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "TrustCor RootCert CA-1"
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\377\275\315\347\202\310\103\136\074\157\046\206\134\312\250\072
-\105\133\303\012
-END
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\156\205\361\334\032\000\323\042\325\262\262\254\153\067\005\105
-END
-CKA_ISSUER MULTILINE_OCTAL
-\060\201\244\061\013\060\011\006\003\125\004\006\023\002\120\101
-\061\017\060\015\006\003\125\004\010\014\006\120\141\156\141\155
-\141\061\024\060\022\006\003\125\004\007\014\013\120\141\156\141
-\155\141\040\103\151\164\171\061\044\060\042\006\003\125\004\012
-\014\033\124\162\165\163\164\103\157\162\040\123\171\163\164\145
-\155\163\040\123\056\040\144\145\040\122\056\114\056\061\047\060
-\045\006\003\125\004\013\014\036\124\162\165\163\164\103\157\162
-\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164
-\150\157\162\151\164\171\061\037\060\035\006\003\125\004\003\014
-\026\124\162\165\163\164\103\157\162\040\122\157\157\164\103\145
-\162\164\040\103\101\055\061
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\011\000\332\233\354\161\363\003\260\031
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-
-#
-# Certificate "TrustCor RootCert CA-2"
-#
-# Issuer: CN=TrustCor RootCert CA-2,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA
-# Serial Number:25:a1:df:ca:33:cb:59:02
-# Subject: CN=TrustCor RootCert CA-2,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA
-# Not Valid Before: Thu Feb 04 12:32:23 2016
-# Not Valid After : Sun Dec 31 17:26:39 2034
-# Fingerprint (SHA-256): 07:53:E9:40:37:8C:1B:D5:E3:83:6E:39:5D:AE:A5:CB:83:9E:50:46:F1:BD:0E:AE:19:51:CF:10:FE:C7:C9:65
-# Fingerprint (SHA1): B8:BE:6D:CB:56:F1:55:B9:63:D4:12:CA:4E:06:34:C7:94:B2:1C:C0
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "TrustCor RootCert CA-2"
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-CKA_SUBJECT MULTILINE_OCTAL
-\060\201\244\061\013\060\011\006\003\125\004\006\023\002\120\101
-\061\017\060\015\006\003\125\004\010\014\006\120\141\156\141\155
-\141\061\024\060\022\006\003\125\004\007\014\013\120\141\156\141
-\155\141\040\103\151\164\171\061\044\060\042\006\003\125\004\012
-\014\033\124\162\165\163\164\103\157\162\040\123\171\163\164\145
-\155\163\040\123\056\040\144\145\040\122\056\114\056\061\047\060
-\045\006\003\125\004\013\014\036\124\162\165\163\164\103\157\162
-\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164
-\150\157\162\151\164\171\061\037\060\035\006\003\125\004\003\014
-\026\124\162\165\163\164\103\157\162\040\122\157\157\164\103\145
-\162\164\040\103\101\055\062
-END
-CKA_ID UTF8 "0"
-CKA_ISSUER MULTILINE_OCTAL
-\060\201\244\061\013\060\011\006\003\125\004\006\023\002\120\101
-\061\017\060\015\006\003\125\004\010\014\006\120\141\156\141\155
-\141\061\024\060\022\006\003\125\004\007\014\013\120\141\156\141
-\155\141\040\103\151\164\171\061\044\060\042\006\003\125\004\012
-\014\033\124\162\165\163\164\103\157\162\040\123\171\163\164\145
-\155\163\040\123\056\040\144\145\040\122\056\114\056\061\047\060
-\045\006\003\125\004\013\014\036\124\162\165\163\164\103\157\162
-\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164
-\150\157\162\151\164\171\061\037\060\035\006\003\125\004\003\014
-\026\124\162\165\163\164\103\157\162\040\122\157\157\164\103\145
-\162\164\040\103\101\055\062
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\010\045\241\337\312\063\313\131\002
-END
-CKA_VALUE MULTILINE_OCTAL
-\060\202\006\057\060\202\004\027\240\003\002\001\002\002\010\045
-\241\337\312\063\313\131\002\060\015\006\011\052\206\110\206\367
-\015\001\001\013\005\000\060\201\244\061\013\060\011\006\003\125
-\004\006\023\002\120\101\061\017\060\015\006\003\125\004\010\014
-\006\120\141\156\141\155\141\061\024\060\022\006\003\125\004\007
-\014\013\120\141\156\141\155\141\040\103\151\164\171\061\044\060
-\042\006\003\125\004\012\014\033\124\162\165\163\164\103\157\162
-\040\123\171\163\164\145\155\163\040\123\056\040\144\145\040\122
-\056\114\056\061\047\060\045\006\003\125\004\013\014\036\124\162
-\165\163\164\103\157\162\040\103\145\162\164\151\146\151\143\141
-\164\145\040\101\165\164\150\157\162\151\164\171\061\037\060\035
-\006\003\125\004\003\014\026\124\162\165\163\164\103\157\162\040
-\122\157\157\164\103\145\162\164\040\103\101\055\062\060\036\027
-\015\061\066\060\062\060\064\061\062\063\062\062\063\132\027\015
-\063\064\061\062\063\061\061\067\062\066\063\071\132\060\201\244
-\061\013\060\011\006\003\125\004\006\023\002\120\101\061\017\060
-\015\006\003\125\004\010\014\006\120\141\156\141\155\141\061\024
-\060\022\006\003\125\004\007\014\013\120\141\156\141\155\141\040
-\103\151\164\171\061\044\060\042\006\003\125\004\012\014\033\124
-\162\165\163\164\103\157\162\040\123\171\163\164\145\155\163\040
-\123\056\040\144\145\040\122\056\114\056\061\047\060\045\006\003
-\125\004\013\014\036\124\162\165\163\164\103\157\162\040\103\145
-\162\164\151\146\151\143\141\164\145\040\101\165\164\150\157\162
-\151\164\171\061\037\060\035\006\003\125\004\003\014\026\124\162
-\165\163\164\103\157\162\040\122\157\157\164\103\145\162\164\040
-\103\101\055\062\060\202\002\042\060\015\006\011\052\206\110\206
-\367\015\001\001\001\005\000\003\202\002\017\000\060\202\002\012
-\002\202\002\001\000\247\040\156\302\052\242\142\044\225\220\166
-\310\070\176\200\322\253\301\233\145\005\224\364\301\012\020\325
-\002\254\355\237\223\307\207\310\260\047\053\102\014\075\012\076
-\101\132\236\165\335\215\312\340\233\354\150\062\244\151\222\150
-\214\013\201\016\126\240\076\032\335\054\045\024\202\057\227\323
-\144\106\364\124\251\334\072\124\055\061\053\231\202\362\331\052
-\327\357\161\000\270\061\244\276\172\044\007\303\102\040\362\212
-\324\222\004\033\145\126\114\154\324\373\266\141\132\107\043\264
-\330\151\264\267\072\320\164\074\014\165\241\214\116\166\241\351
-\333\052\245\073\372\316\260\377\176\152\050\375\047\034\310\261
-\351\051\361\127\156\144\264\320\301\025\155\016\276\056\016\106
-\310\136\364\121\376\357\016\143\072\073\161\272\317\157\131\312
-\014\343\233\135\111\270\114\342\127\261\230\212\102\127\234\166
-\357\357\275\321\150\250\322\364\011\273\167\065\276\045\202\010
-\304\026\054\104\040\126\251\104\021\167\357\135\264\035\252\136
-\153\076\213\062\366\007\057\127\004\222\312\365\376\235\302\351
-\350\263\216\114\113\002\061\331\344\074\110\202\047\367\030\202
-\166\110\072\161\261\023\241\071\325\056\305\064\302\035\142\205
-\337\003\376\115\364\257\075\337\134\133\215\372\160\341\245\176
-\047\307\206\056\152\217\022\306\204\136\103\121\120\234\031\233
-\170\346\374\366\355\107\176\173\075\146\357\023\023\210\137\074
-\241\143\373\371\254\207\065\237\363\202\236\244\077\012\234\061
-\151\213\231\244\210\112\216\156\146\115\357\026\304\017\171\050
-\041\140\015\205\026\175\327\124\070\361\222\126\375\265\063\114
-\203\334\327\020\237\113\375\306\370\102\275\272\174\163\002\340
-\377\175\315\133\341\324\254\141\173\127\325\112\173\133\324\205
-\130\047\135\277\370\053\140\254\240\046\256\024\041\047\306\167
-\232\063\200\074\136\106\077\367\303\261\243\206\063\306\350\136
-\015\271\065\054\252\106\301\205\002\165\200\240\353\044\373\025
-\252\344\147\177\156\167\077\364\004\212\057\174\173\343\027\141
-\360\335\011\251\040\310\276\011\244\320\176\104\303\262\060\112
-\070\252\251\354\030\232\007\202\053\333\270\234\030\255\332\340
-\106\027\254\317\135\002\003\001\000\001\243\143\060\141\060\035
-\006\003\125\035\016\004\026\004\024\331\376\041\100\156\224\236
-\274\233\075\234\175\230\040\031\345\214\060\142\262\060\037\006
-\003\125\035\043\004\030\060\026\200\024\331\376\041\100\156\224
-\236\274\233\075\234\175\230\040\031\345\214\060\142\262\060\017
-\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060
-\016\006\003\125\035\017\001\001\377\004\004\003\002\001\206\060
-\015\006\011\052\206\110\206\367\015\001\001\013\005\000\003\202
-\002\001\000\236\105\236\014\073\266\357\341\072\310\174\321\000
-\075\317\342\352\006\265\262\072\273\006\113\150\172\320\043\227
-\164\247\054\360\010\330\171\132\327\132\204\212\330\022\232\033
-\331\175\134\115\160\305\245\371\253\345\243\211\211\335\001\372
-\354\335\371\351\222\227\333\260\106\102\363\323\142\252\225\376
-\061\147\024\151\130\220\012\252\013\356\067\043\307\120\121\264
-\365\176\236\343\173\367\344\314\102\062\055\111\014\313\377\111
-\014\233\036\064\375\156\156\226\212\171\003\266\157\333\011\313
-\375\137\145\024\067\341\070\365\363\141\026\130\344\265\155\015
-\013\004\033\077\120\055\177\263\307\172\032\026\200\140\370\212
-\037\351\033\052\306\371\272\001\032\151\277\322\130\307\124\127
-\010\217\341\071\140\167\113\254\131\204\032\210\361\335\313\117
-\170\327\347\341\063\055\374\356\101\372\040\260\276\313\367\070
-\224\300\341\320\205\017\273\355\054\163\253\355\376\222\166\032
-\144\177\133\015\063\011\007\063\173\006\077\021\244\134\160\074
-\205\300\317\343\220\250\203\167\372\333\346\305\214\150\147\020
-\147\245\122\055\360\304\231\217\177\277\321\153\342\265\107\326
-\331\320\205\231\115\224\233\017\113\215\356\000\132\107\035\021
-\003\254\101\030\257\207\267\157\014\072\217\312\317\334\003\301
-\242\011\310\345\375\200\136\310\140\102\001\033\032\123\132\273
-\067\246\267\274\272\204\351\036\154\032\324\144\332\324\103\376
-\223\213\113\362\054\171\026\020\324\223\013\210\217\241\330\206
-\024\106\221\107\233\050\044\357\127\122\116\134\102\234\252\367
-\111\354\047\350\100\036\263\246\211\042\162\234\365\015\063\264
-\130\243\060\073\335\324\152\124\223\276\032\115\363\223\224\367
-\374\204\013\077\204\040\134\064\003\104\305\332\255\274\012\301
-\002\317\036\345\224\331\363\216\133\330\114\360\235\354\141\027
-\273\024\062\124\014\002\051\223\036\222\206\366\177\357\347\222
-\005\016\131\335\231\010\056\056\372\234\000\122\323\305\146\051
-\344\247\227\104\244\016\050\201\023\065\305\366\157\144\346\101
-\304\325\057\314\064\105\045\317\101\000\226\075\112\056\302\226
-\230\117\116\112\234\227\267\333\037\222\062\310\377\017\121\156
-\326\354\011
-END
-CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
-
-# Trust for "TrustCor RootCert CA-2"
-# Issuer: CN=TrustCor RootCert CA-2,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA
-# Serial Number:25:a1:df:ca:33:cb:59:02
-# Subject: CN=TrustCor RootCert CA-2,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA
-# Not Valid Before: Thu Feb 04 12:32:23 2016
-# Not Valid After : Sun Dec 31 17:26:39 2034
-# Fingerprint (SHA-256): 07:53:E9:40:37:8C:1B:D5:E3:83:6E:39:5D:AE:A5:CB:83:9E:50:46:F1:BD:0E:AE:19:51:CF:10:FE:C7:C9:65
-# Fingerprint (SHA1): B8:BE:6D:CB:56:F1:55:B9:63:D4:12:CA:4E:06:34:C7:94:B2:1C:C0
-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "TrustCor RootCert CA-2"
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\270\276\155\313\126\361\125\271\143\324\022\312\116\006\064\307
-\224\262\034\300
-END
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\242\341\370\030\013\272\105\325\307\101\052\273\067\122\105\144
-END
-CKA_ISSUER MULTILINE_OCTAL
-\060\201\244\061\013\060\011\006\003\125\004\006\023\002\120\101
-\061\017\060\015\006\003\125\004\010\014\006\120\141\156\141\155
-\141\061\024\060\022\006\003\125\004\007\014\013\120\141\156\141
-\155\141\040\103\151\164\171\061\044\060\042\006\003\125\004\012
-\014\033\124\162\165\163\164\103\157\162\040\123\171\163\164\145
-\155\163\040\123\056\040\144\145\040\122\056\114\056\061\047\060
-\045\006\003\125\004\013\014\036\124\162\165\163\164\103\157\162
-\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164
-\150\157\162\151\164\171\061\037\060\035\006\003\125\004\003\014
-\026\124\162\165\163\164\103\157\162\040\122\157\157\164\103\145
-\162\164\040\103\101\055\062
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\010\045\241\337\312\063\313\131\002
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-
-#
-# Certificate "TrustCor ECA-1"
-#
-# Issuer: CN=TrustCor ECA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA
-# Serial Number:00:84:82:2c:5f:1c:62:d0:40
-# Subject: CN=TrustCor ECA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA
-# Not Valid Before: Thu Feb 04 12:32:33 2016
-# Not Valid After : Mon Dec 31 17:28:07 2029
-# Fingerprint (SHA-256): 5A:88:5D:B1:9C:01:D9:12:C5:75:93:88:93:8C:AF:BB:DF:03:1A:B2:D4:8E:91:EE:15:58:9B:42:97:1D:03:9C
-# Fingerprint (SHA1): 58:D1:DF:95:95:67:6B:63:C0:F0:5B:1C:17:4D:8B:84:0B:C8:78:BD
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "TrustCor ECA-1"
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-CKA_SUBJECT MULTILINE_OCTAL
-\060\201\234\061\013\060\011\006\003\125\004\006\023\002\120\101
-\061\017\060\015\006\003\125\004\010\014\006\120\141\156\141\155
-\141\061\024\060\022\006\003\125\004\007\014\013\120\141\156\141
-\155\141\040\103\151\164\171\061\044\060\042\006\003\125\004\012
-\014\033\124\162\165\163\164\103\157\162\040\123\171\163\164\145
-\155\163\040\123\056\040\144\145\040\122\056\114\056\061\047\060
-\045\006\003\125\004\013\014\036\124\162\165\163\164\103\157\162
-\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164
-\150\157\162\151\164\171\061\027\060\025\006\003\125\004\003\014
-\016\124\162\165\163\164\103\157\162\040\105\103\101\055\061
-END
-CKA_ID UTF8 "0"
-CKA_ISSUER MULTILINE_OCTAL
-\060\201\234\061\013\060\011\006\003\125\004\006\023\002\120\101
-\061\017\060\015\006\003\125\004\010\014\006\120\141\156\141\155
-\141\061\024\060\022\006\003\125\004\007\014\013\120\141\156\141
-\155\141\040\103\151\164\171\061\044\060\042\006\003\125\004\012
-\014\033\124\162\165\163\164\103\157\162\040\123\171\163\164\145
-\155\163\040\123\056\040\144\145\040\122\056\114\056\061\047\060
-\045\006\003\125\004\013\014\036\124\162\165\163\164\103\157\162
-\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164
-\150\157\162\151\164\171\061\027\060\025\006\003\125\004\003\014
-\016\124\162\165\163\164\103\157\162\040\105\103\101\055\061
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\011\000\204\202\054\137\034\142\320\100
-END
-CKA_VALUE MULTILINE_OCTAL
-\060\202\004\040\060\202\003\010\240\003\002\001\002\002\011\000
-\204\202\054\137\034\142\320\100\060\015\006\011\052\206\110\206
-\367\015\001\001\013\005\000\060\201\234\061\013\060\011\006\003
-\125\004\006\023\002\120\101\061\017\060\015\006\003\125\004\010
-\014\006\120\141\156\141\155\141\061\024\060\022\006\003\125\004
-\007\014\013\120\141\156\141\155\141\040\103\151\164\171\061\044
-\060\042\006\003\125\004\012\014\033\124\162\165\163\164\103\157
-\162\040\123\171\163\164\145\155\163\040\123\056\040\144\145\040
-\122\056\114\056\061\047\060\045\006\003\125\004\013\014\036\124
-\162\165\163\164\103\157\162\040\103\145\162\164\151\146\151\143
-\141\164\145\040\101\165\164\150\157\162\151\164\171\061\027\060
-\025\006\003\125\004\003\014\016\124\162\165\163\164\103\157\162
-\040\105\103\101\055\061\060\036\027\015\061\066\060\062\060\064
-\061\062\063\062\063\063\132\027\015\062\071\061\062\063\061\061
-\067\062\070\060\067\132\060\201\234\061\013\060\011\006\003\125
-\004\006\023\002\120\101\061\017\060\015\006\003\125\004\010\014
-\006\120\141\156\141\155\141\061\024\060\022\006\003\125\004\007
-\014\013\120\141\156\141\155\141\040\103\151\164\171\061\044\060
-\042\006\003\125\004\012\014\033\124\162\165\163\164\103\157\162
-\040\123\171\163\164\145\155\163\040\123\056\040\144\145\040\122
-\056\114\056\061\047\060\045\006\003\125\004\013\014\036\124\162
-\165\163\164\103\157\162\040\103\145\162\164\151\146\151\143\141
-\164\145\040\101\165\164\150\157\162\151\164\171\061\027\060\025
-\006\003\125\004\003\014\016\124\162\165\163\164\103\157\162\040
-\105\103\101\055\061\060\202\001\042\060\015\006\011\052\206\110
-\206\367\015\001\001\001\005\000\003\202\001\017\000\060\202\001
-\012\002\202\001\001\000\317\217\340\021\265\237\250\166\166\333
-\337\017\124\357\163\143\051\202\255\107\306\243\153\355\376\137
-\063\370\103\121\351\032\063\221\061\027\240\164\304\324\247\001
-\346\262\222\076\152\235\355\016\371\164\230\100\323\077\003\200
-\006\202\100\350\261\342\247\121\247\035\203\046\153\253\336\372
-\027\221\053\330\306\254\036\261\236\031\001\325\227\246\352\015
-\267\304\125\037\047\174\322\010\325\166\037\051\025\207\100\071
-\335\070\105\021\165\320\232\247\064\340\277\315\310\122\035\271
-\107\176\015\270\273\306\014\366\163\127\026\132\176\103\221\037
-\125\072\306\155\104\004\252\234\251\234\247\114\211\027\203\256
-\243\004\136\122\200\213\036\022\045\021\031\327\014\175\175\061
-\104\101\352\333\257\260\034\357\201\320\054\305\232\041\233\075
-\355\102\073\120\046\362\354\316\161\141\006\142\041\124\116\177
-\301\235\076\177\040\214\200\313\052\330\227\142\310\203\063\221
-\175\260\242\132\017\127\350\073\314\362\045\262\324\174\057\354
-\115\306\241\072\025\172\347\266\135\065\365\366\110\112\066\105
-\146\324\272\230\130\301\002\003\001\000\001\243\143\060\141\060
-\035\006\003\125\035\016\004\026\004\024\104\236\110\365\314\155
-\110\324\240\113\177\376\131\044\057\203\227\231\232\206\060\037
-\006\003\125\035\043\004\030\060\026\200\024\104\236\110\365\314
-\155\110\324\240\113\177\376\131\044\057\203\227\231\232\206\060
-\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377
-\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001\206
-\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\003
-\202\001\001\000\005\076\065\134\025\160\233\311\307\163\141\157
-\162\053\324\302\217\362\103\135\002\316\304\224\271\224\021\203
-\147\135\342\147\154\165\166\277\273\014\252\066\306\255\107\223
-\143\334\036\176\326\336\056\376\351\031\062\070\003\177\024\366
-\000\163\054\131\261\041\006\341\373\254\030\225\014\243\377\231
-\226\367\053\047\233\325\044\314\035\335\301\072\340\230\104\260
-\304\344\076\167\261\163\251\144\054\366\034\001\174\077\135\105
-\205\300\205\347\045\217\225\334\027\363\074\237\032\156\260\312
-\343\035\052\351\114\143\372\044\141\142\326\332\176\266\034\154
-\365\002\035\324\052\335\125\220\353\052\021\107\074\056\136\164
-\262\202\042\245\175\123\037\105\354\047\221\175\347\042\026\350
-\300\150\066\330\306\361\117\200\104\062\371\341\321\321\035\252
-\336\250\253\234\004\257\255\040\016\144\230\115\245\153\300\110
-\130\226\151\115\334\007\214\121\223\242\337\237\017\075\213\140
-\264\202\215\252\010\116\142\105\340\371\013\322\340\340\074\133
-\336\134\161\047\045\302\346\003\201\213\020\123\343\307\125\242
-\264\237\327\346
-END
-CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
-
-# Trust for "TrustCor ECA-1"
-# Issuer: CN=TrustCor ECA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA
-# Serial Number:00:84:82:2c:5f:1c:62:d0:40
-# Subject: CN=TrustCor ECA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA
-# Not Valid Before: Thu Feb 04 12:32:33 2016
-# Not Valid After : Mon Dec 31 17:28:07 2029
-# Fingerprint (SHA-256): 5A:88:5D:B1:9C:01:D9:12:C5:75:93:88:93:8C:AF:BB:DF:03:1A:B2:D4:8E:91:EE:15:58:9B:42:97:1D:03:9C
-# Fingerprint (SHA1): 58:D1:DF:95:95:67:6B:63:C0:F0:5B:1C:17:4D:8B:84:0B:C8:78:BD
-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "TrustCor ECA-1"
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\130\321\337\225\225\147\153\143\300\360\133\034\027\115\213\204
-\013\310\170\275
-END
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\047\222\043\035\012\365\100\174\351\346\153\235\330\365\347\154
-END
-CKA_ISSUER MULTILINE_OCTAL
-\060\201\234\061\013\060\011\006\003\125\004\006\023\002\120\101
-\061\017\060\015\006\003\125\004\010\014\006\120\141\156\141\155
-\141\061\024\060\022\006\003\125\004\007\014\013\120\141\156\141
-\155\141\040\103\151\164\171\061\044\060\042\006\003\125\004\012
-\014\033\124\162\165\163\164\103\157\162\040\123\171\163\164\145
-\155\163\040\123\056\040\144\145\040\122\056\114\056\061\047\060
-\045\006\003\125\004\013\014\036\124\162\165\163\164\103\157\162
-\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164
-\150\157\162\151\164\171\061\027\060\025\006\003\125\004\003\014
-\016\124\162\165\163\164\103\157\162\040\105\103\101\055\061
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\011\000\204\202\054\137\034\142\320\100
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-
-#
-# Certificate "SSL.com Root Certification Authority RSA"
-#
-# Issuer: CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US
-# Serial Number:7b:2c:9b:d3:16:80:32:99
-# Subject: CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US
-# Not Valid Before: Fri Feb 12 17:39:39 2016
-# Not Valid After : Tue Feb 12 17:39:39 2041
-# Fingerprint (SHA-256): 85:66:6A:56:2E:E0:BE:5C:E9:25:C1:D8:89:0A:6F:76:A8:7E:C1:6D:4D:7D:5F:29:EA:74:19:CF:20:12:3B:69
-# Fingerprint (SHA1): B7:AB:33:08:D1:EA:44:77:BA:14:80:12:5A:6F:BD:A9:36:49:0C:BB
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "SSL.com Root Certification Authority RSA"
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-CKA_SUBJECT MULTILINE_OCTAL
-\060\174\061\013\060\011\006\003\125\004\006\023\002\125\123\061
-\016\060\014\006\003\125\004\010\014\005\124\145\170\141\163\061
-\020\060\016\006\003\125\004\007\014\007\110\157\165\163\164\157
-\156\061\030\060\026\006\003\125\004\012\014\017\123\123\114\040
-\103\157\162\160\157\162\141\164\151\157\156\061\061\060\057\006
-\003\125\004\003\014\050\123\123\114\056\143\157\155\040\122\157
-\157\164\040\103\145\162\164\151\146\151\143\141\164\151\157\156
-\040\101\165\164\150\157\162\151\164\171\040\122\123\101
-END
-CKA_ID UTF8 "0"
-CKA_ISSUER MULTILINE_OCTAL
-\060\174\061\013\060\011\006\003\125\004\006\023\002\125\123\061
-\016\060\014\006\003\125\004\010\014\005\124\145\170\141\163\061
-\020\060\016\006\003\125\004\007\014\007\110\157\165\163\164\157
-\156\061\030\060\026\006\003\125\004\012\014\017\123\123\114\040
-\103\157\162\160\157\162\141\164\151\157\156\061\061\060\057\006
-\003\125\004\003\014\050\123\123\114\056\143\157\155\040\122\157
-\157\164\040\103\145\162\164\151\146\151\143\141\164\151\157\156
-\040\101\165\164\150\157\162\151\164\171\040\122\123\101
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\010\173\054\233\323\026\200\062\231
-END
-CKA_VALUE MULTILINE_OCTAL
-\060\202\005\335\060\202\003\305\240\003\002\001\002\002\010\173
-\054\233\323\026\200\062\231\060\015\006\011\052\206\110\206\367
-\015\001\001\013\005\000\060\174\061\013\060\011\006\003\125\004
-\006\023\002\125\123\061\016\060\014\006\003\125\004\010\014\005
-\124\145\170\141\163\061\020\060\016\006\003\125\004\007\014\007
-\110\157\165\163\164\157\156\061\030\060\026\006\003\125\004\012
-\014\017\123\123\114\040\103\157\162\160\157\162\141\164\151\157
-\156\061\061\060\057\006\003\125\004\003\014\050\123\123\114\056
-\143\157\155\040\122\157\157\164\040\103\145\162\164\151\146\151
-\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171
-\040\122\123\101\060\036\027\015\061\066\060\062\061\062\061\067
-\063\071\063\071\132\027\015\064\061\060\062\061\062\061\067\063
-\071\063\071\132\060\174\061\013\060\011\006\003\125\004\006\023
-\002\125\123\061\016\060\014\006\003\125\004\010\014\005\124\145
-\170\141\163\061\020\060\016\006\003\125\004\007\014\007\110\157
-\165\163\164\157\156\061\030\060\026\006\003\125\004\012\014\017
-\123\123\114\040\103\157\162\160\157\162\141\164\151\157\156\061
-\061\060\057\006\003\125\004\003\014\050\123\123\114\056\143\157
-\155\040\122\157\157\164\040\103\145\162\164\151\146\151\143\141
-\164\151\157\156\040\101\165\164\150\157\162\151\164\171\040\122
-\123\101\060\202\002\042\060\015\006\011\052\206\110\206\367\015
-\001\001\001\005\000\003\202\002\017\000\060\202\002\012\002\202
-\002\001\000\371\017\335\243\053\175\313\320\052\376\354\147\205
-\246\347\056\033\272\167\341\343\365\257\244\354\372\112\135\221
-\304\127\107\153\030\167\153\166\362\375\223\344\075\017\302\026
-\236\013\146\303\126\224\236\027\203\205\316\126\357\362\026\375
-\000\142\365\042\011\124\350\145\027\116\101\271\340\117\106\227
-\252\033\310\270\156\142\136\151\261\137\333\052\002\176\374\154
-\312\363\101\330\355\320\350\374\077\141\110\355\260\003\024\035
-\020\016\113\031\340\273\116\354\206\145\377\066\363\136\147\002
-\013\235\206\125\141\375\172\070\355\376\342\031\000\267\157\241
-\120\142\165\164\074\240\372\310\045\222\264\156\172\042\307\370
-\036\241\343\262\335\221\061\253\053\035\004\377\245\112\004\067
-\351\205\244\063\053\375\342\326\125\064\174\031\244\112\150\307
-\262\250\323\267\312\241\223\210\353\301\227\274\214\371\035\331
-\042\204\044\164\307\004\075\152\251\051\223\314\353\270\133\341
-\376\137\045\252\064\130\310\301\043\124\235\033\230\021\303\070
-\234\176\075\206\154\245\017\100\206\174\002\364\134\002\117\050
-\313\256\161\237\017\072\310\063\376\021\045\065\352\374\272\305
-\140\075\331\174\030\325\262\251\323\165\170\003\162\042\312\072
-\303\037\357\054\345\056\251\372\236\054\266\121\106\375\257\003
-\326\352\140\150\352\205\026\066\153\205\351\036\300\263\335\304
-\044\334\200\052\201\101\155\224\076\310\340\311\201\101\000\236
-\136\277\177\305\010\230\242\030\054\102\100\263\371\157\070\047
-\113\116\200\364\075\201\107\340\210\174\352\034\316\265\165\134
-\121\056\034\053\177\032\162\050\347\000\265\321\164\306\327\344
-\237\255\007\223\266\123\065\065\374\067\344\303\366\135\026\276
-\041\163\336\222\012\370\240\143\152\274\226\222\152\076\370\274
-\145\125\233\336\365\015\211\046\004\374\045\032\246\045\151\313
-\302\155\312\174\342\131\137\227\254\353\357\056\310\274\327\033
-\131\074\053\314\362\031\310\223\153\047\143\031\317\374\351\046
-\370\312\161\233\177\223\376\064\147\204\116\231\353\374\263\170
-\011\063\160\272\146\246\166\355\033\163\353\032\245\015\304\042
-\023\040\224\126\012\116\054\154\116\261\375\317\234\011\272\242
-\063\355\207\002\003\001\000\001\243\143\060\141\060\035\006\003
-\125\035\016\004\026\004\024\335\004\011\007\242\365\172\175\122
-\123\022\222\225\356\070\200\045\015\246\131\060\017\006\003\125
-\035\023\001\001\377\004\005\060\003\001\001\377\060\037\006\003
-\125\035\043\004\030\060\026\200\024\335\004\011\007\242\365\172
-\175\122\123\022\222\225\356\070\200\045\015\246\131\060\016\006
-\003\125\035\017\001\001\377\004\004\003\002\001\206\060\015\006
-\011\052\206\110\206\367\015\001\001\013\005\000\003\202\002\001
-\000\040\030\021\224\051\373\046\235\034\036\036\160\141\361\225
-\162\223\161\044\255\150\223\130\216\062\257\033\263\160\003\374
-\045\053\164\205\220\075\170\152\364\271\213\245\227\073\265\030
-\221\273\036\247\371\100\133\221\371\125\231\257\036\021\320\134
-\035\247\146\343\261\224\007\014\062\071\246\352\033\260\171\330
-\035\234\160\104\343\212\335\304\371\225\037\212\070\103\077\001
-\205\245\107\247\075\106\262\274\345\042\150\367\173\234\330\054
-\076\012\041\310\055\063\254\277\305\201\231\061\164\301\165\161
-\305\276\261\360\043\105\364\235\153\374\031\143\235\243\274\004
-\306\030\013\045\273\123\211\017\263\200\120\336\105\356\104\177
-\253\224\170\144\230\323\366\050\335\207\330\160\145\164\373\016
-\271\023\353\247\017\141\251\062\226\314\336\273\355\143\114\030
-\273\251\100\367\240\124\156\040\210\161\165\030\352\172\264\064
-\162\340\043\047\167\134\266\220\352\206\045\100\253\357\063\017
-\313\237\202\276\242\040\373\366\265\055\032\346\302\205\261\164
-\017\373\310\145\002\244\122\001\107\335\111\042\301\277\330\353
-\153\254\176\336\354\143\063\025\267\043\010\217\306\017\215\101
-\132\335\216\305\271\217\345\105\077\170\333\272\322\033\100\261
-\376\161\115\077\340\201\242\272\136\264\354\025\340\223\335\010
-\037\176\341\125\231\013\041\336\223\236\012\373\346\243\111\275
-\066\060\376\347\167\262\240\165\227\265\055\201\210\027\145\040
-\367\332\220\000\237\311\122\314\062\312\065\174\365\075\017\330
-\053\327\365\046\154\311\006\064\226\026\352\160\131\032\062\171
-\171\013\266\210\177\017\122\110\075\277\154\330\242\104\056\321
-\116\267\162\130\323\211\023\225\376\104\253\370\327\213\033\156
-\234\274\054\240\133\325\152\000\257\137\067\341\325\372\020\013
-\230\234\206\347\046\217\316\360\354\156\212\127\013\200\343\116
-\262\300\240\143\141\220\272\125\150\067\164\152\266\222\333\237
-\241\206\042\266\145\047\016\354\266\237\102\140\344\147\302\265
-\332\101\013\304\323\213\141\033\274\372\037\221\053\327\104\007
-\136\272\051\254\331\305\351\357\123\110\132\353\200\361\050\130
-\041\315\260\006\125\373\047\077\123\220\160\251\004\036\127\047
-\271
-END
-CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
-
-# Trust for "SSL.com Root Certification Authority RSA"
-# Issuer: CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US
-# Serial Number:7b:2c:9b:d3:16:80:32:99
-# Subject: CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US
-# Not Valid Before: Fri Feb 12 17:39:39 2016
-# Not Valid After : Tue Feb 12 17:39:39 2041
-# Fingerprint (SHA-256): 85:66:6A:56:2E:E0:BE:5C:E9:25:C1:D8:89:0A:6F:76:A8:7E:C1:6D:4D:7D:5F:29:EA:74:19:CF:20:12:3B:69
-# Fingerprint (SHA1): B7:AB:33:08:D1:EA:44:77:BA:14:80:12:5A:6F:BD:A9:36:49:0C:BB
-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "SSL.com Root Certification Authority RSA"
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\267\253\063\010\321\352\104\167\272\024\200\022\132\157\275\251
-\066\111\014\273
-END
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\206\151\022\300\160\361\354\254\254\302\325\274\245\133\241\051
-END
-CKA_ISSUER MULTILINE_OCTAL
-\060\174\061\013\060\011\006\003\125\004\006\023\002\125\123\061
-\016\060\014\006\003\125\004\010\014\005\124\145\170\141\163\061
-\020\060\016\006\003\125\004\007\014\007\110\157\165\163\164\157
-\156\061\030\060\026\006\003\125\004\012\014\017\123\123\114\040
-\103\157\162\160\157\162\141\164\151\157\156\061\061\060\057\006
-\003\125\004\003\014\050\123\123\114\056\143\157\155\040\122\157
-\157\164\040\103\145\162\164\151\146\151\143\141\164\151\157\156
-\040\101\165\164\150\157\162\151\164\171\040\122\123\101
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\010\173\054\233\323\026\200\062\231
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-
-#
-# Certificate "SSL.com Root Certification Authority ECC"
-#
-# Issuer: CN=SSL.com Root Certification Authority ECC,O=SSL Corporation,L=Houston,ST=Texas,C=US
-# Serial Number:75:e6:df:cb:c1:68:5b:a8
-# Subject: CN=SSL.com Root Certification Authority ECC,O=SSL Corporation,L=Houston,ST=Texas,C=US
-# Not Valid Before: Fri Feb 12 18:14:03 2016
-# Not Valid After : Tue Feb 12 18:14:03 2041
-# Fingerprint (SHA-256): 34:17:BB:06:CC:60:07:DA:1B:96:1C:92:0B:8A:B4:CE:3F:AD:82:0E:4A:A3:0B:9A:CB:C4:A7:4E:BD:CE:BC:65
-# Fingerprint (SHA1): C3:19:7C:39:24:E6:54:AF:1B:C4:AB:20:95:7A:E2:C3:0E:13:02:6A
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "SSL.com Root Certification Authority ECC"
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-CKA_SUBJECT MULTILINE_OCTAL
-\060\174\061\013\060\011\006\003\125\004\006\023\002\125\123\061
-\016\060\014\006\003\125\004\010\014\005\124\145\170\141\163\061
-\020\060\016\006\003\125\004\007\014\007\110\157\165\163\164\157
-\156\061\030\060\026\006\003\125\004\012\014\017\123\123\114\040
-\103\157\162\160\157\162\141\164\151\157\156\061\061\060\057\006
-\003\125\004\003\014\050\123\123\114\056\143\157\155\040\122\157
-\157\164\040\103\145\162\164\151\146\151\143\141\164\151\157\156
-\040\101\165\164\150\157\162\151\164\171\040\105\103\103
-END
-CKA_ID UTF8 "0"
-CKA_ISSUER MULTILINE_OCTAL
-\060\174\061\013\060\011\006\003\125\004\006\023\002\125\123\061
-\016\060\014\006\003\125\004\010\014\005\124\145\170\141\163\061
-\020\060\016\006\003\125\004\007\014\007\110\157\165\163\164\157
-\156\061\030\060\026\006\003\125\004\012\014\017\123\123\114\040
-\103\157\162\160\157\162\141\164\151\157\156\061\061\060\057\006
-\003\125\004\003\014\050\123\123\114\056\143\157\155\040\122\157
-\157\164\040\103\145\162\164\151\146\151\143\141\164\151\157\156
-\040\101\165\164\150\157\162\151\164\171\040\105\103\103
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\010\165\346\337\313\301\150\133\250
-END
-CKA_VALUE MULTILINE_OCTAL
-\060\202\002\215\060\202\002\024\240\003\002\001\002\002\010\165
-\346\337\313\301\150\133\250\060\012\006\010\052\206\110\316\075
-\004\003\002\060\174\061\013\060\011\006\003\125\004\006\023\002
-\125\123\061\016\060\014\006\003\125\004\010\014\005\124\145\170
-\141\163\061\020\060\016\006\003\125\004\007\014\007\110\157\165
-\163\164\157\156\061\030\060\026\006\003\125\004\012\014\017\123
-\123\114\040\103\157\162\160\157\162\141\164\151\157\156\061\061
-\060\057\006\003\125\004\003\014\050\123\123\114\056\143\157\155
-\040\122\157\157\164\040\103\145\162\164\151\146\151\143\141\164
-\151\157\156\040\101\165\164\150\157\162\151\164\171\040\105\103
-\103\060\036\027\015\061\066\060\062\061\062\061\070\061\064\060
-\063\132\027\015\064\061\060\062\061\062\061\070\061\064\060\063
-\132\060\174\061\013\060\011\006\003\125\004\006\023\002\125\123
-\061\016\060\014\006\003\125\004\010\014\005\124\145\170\141\163
-\061\020\060\016\006\003\125\004\007\014\007\110\157\165\163\164
-\157\156\061\030\060\026\006\003\125\004\012\014\017\123\123\114
-\040\103\157\162\160\157\162\141\164\151\157\156\061\061\060\057
-\006\003\125\004\003\014\050\123\123\114\056\143\157\155\040\122
-\157\157\164\040\103\145\162\164\151\146\151\143\141\164\151\157
-\156\040\101\165\164\150\157\162\151\164\171\040\105\103\103\060
-\166\060\020\006\007\052\206\110\316\075\002\001\006\005\053\201
-\004\000\042\003\142\000\004\105\156\251\120\304\246\043\066\236
-\137\050\215\027\313\226\042\144\077\334\172\216\035\314\010\263
-\242\161\044\272\216\111\271\004\033\107\226\130\253\055\225\310
-\355\236\010\065\310\047\353\211\214\123\130\353\142\212\376\360
-\133\017\153\061\122\143\101\073\211\315\354\354\266\215\031\323
-\064\007\334\273\306\006\177\302\105\225\354\313\177\250\043\340
-\011\351\201\372\363\107\323\243\143\060\141\060\035\006\003\125
-\035\016\004\026\004\024\202\321\205\163\060\347\065\004\323\216
-\002\222\373\345\244\321\304\041\350\315\060\017\006\003\125\035
-\023\001\001\377\004\005\060\003\001\001\377\060\037\006\003\125
-\035\043\004\030\060\026\200\024\202\321\205\163\060\347\065\004
-\323\216\002\222\373\345\244\321\304\041\350\315\060\016\006\003
-\125\035\017\001\001\377\004\004\003\002\001\206\060\012\006\010
-\052\206\110\316\075\004\003\002\003\147\000\060\144\002\060\157
-\347\353\131\021\244\140\317\141\260\226\173\355\005\371\057\023
-\221\334\355\345\374\120\153\021\106\106\263\034\041\000\142\273
-\276\303\347\350\315\007\231\371\015\013\135\162\076\304\252\002
-\060\037\274\272\013\342\060\044\373\174\155\200\125\012\231\076
-\200\015\063\345\146\243\263\243\273\245\325\213\217\011\054\246
-\135\176\342\360\007\010\150\155\322\174\151\156\137\337\345\152
-\145
-END
-CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
-
-# Trust for "SSL.com Root Certification Authority ECC"
-# Issuer: CN=SSL.com Root Certification Authority ECC,O=SSL Corporation,L=Houston,ST=Texas,C=US
-# Serial Number:75:e6:df:cb:c1:68:5b:a8
-# Subject: CN=SSL.com Root Certification Authority ECC,O=SSL Corporation,L=Houston,ST=Texas,C=US
-# Not Valid Before: Fri Feb 12 18:14:03 2016
-# Not Valid After : Tue Feb 12 18:14:03 2041
-# Fingerprint (SHA-256): 34:17:BB:06:CC:60:07:DA:1B:96:1C:92:0B:8A:B4:CE:3F:AD:82:0E:4A:A3:0B:9A:CB:C4:A7:4E:BD:CE:BC:65
-# Fingerprint (SHA1): C3:19:7C:39:24:E6:54:AF:1B:C4:AB:20:95:7A:E2:C3:0E:13:02:6A
-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "SSL.com Root Certification Authority ECC"
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\303\031\174\071\044\346\124\257\033\304\253\040\225\172\342\303
-\016\023\002\152
-END
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\056\332\344\071\177\234\217\067\321\160\237\046\027\121\072\216
-END
-CKA_ISSUER MULTILINE_OCTAL
-\060\174\061\013\060\011\006\003\125\004\006\023\002\125\123\061
-\016\060\014\006\003\125\004\010\014\005\124\145\170\141\163\061
-\020\060\016\006\003\125\004\007\014\007\110\157\165\163\164\157
-\156\061\030\060\026\006\003\125\004\012\014\017\123\123\114\040
-\103\157\162\160\157\162\141\164\151\157\156\061\061\060\057\006
-\003\125\004\003\014\050\123\123\114\056\143\157\155\040\122\157
-\157\164\040\103\145\162\164\151\146\151\143\141\164\151\157\156
-\040\101\165\164\150\157\162\151\164\171\040\105\103\103
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\010\165\346\337\313\301\150\133\250
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-
-#
-# Certificate "SSL.com EV Root Certification Authority RSA R2"
-#
-# Issuer: CN=SSL.com EV Root Certification Authority RSA R2,O=SSL Corporation,L=Houston,ST=Texas,C=US
-# Serial Number:56:b6:29:cd:34:bc:78:f6
-# Subject: CN=SSL.com EV Root Certification Authority RSA R2,O=SSL Corporation,L=Houston,ST=Texas,C=US
-# Not Valid Before: Wed May 31 18:14:37 2017
-# Not Valid After : Fri May 30 18:14:37 2042
-# Fingerprint (SHA-256): 2E:7B:F1:6C:C2:24:85:A7:BB:E2:AA:86:96:75:07:61:B0:AE:39:BE:3B:2F:E9:D0:CC:6D:4E:F7:34:91:42:5C
-# Fingerprint (SHA1): 74:3A:F0:52:9B:D0:32:A0:F4:4A:83:CD:D4:BA:A9:7B:7C:2E:C4:9A
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "SSL.com EV Root Certification Authority RSA R2"
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-CKA_SUBJECT MULTILINE_OCTAL
-\060\201\202\061\013\060\011\006\003\125\004\006\023\002\125\123
-\061\016\060\014\006\003\125\004\010\014\005\124\145\170\141\163
-\061\020\060\016\006\003\125\004\007\014\007\110\157\165\163\164
-\157\156\061\030\060\026\006\003\125\004\012\014\017\123\123\114
-\040\103\157\162\160\157\162\141\164\151\157\156\061\067\060\065
-\006\003\125\004\003\014\056\123\123\114\056\143\157\155\040\105
-\126\040\122\157\157\164\040\103\145\162\164\151\146\151\143\141
-\164\151\157\156\040\101\165\164\150\157\162\151\164\171\040\122
-\123\101\040\122\062
-END
-CKA_ID UTF8 "0"
-CKA_ISSUER MULTILINE_OCTAL
-\060\201\202\061\013\060\011\006\003\125\004\006\023\002\125\123
-\061\016\060\014\006\003\125\004\010\014\005\124\145\170\141\163
-\061\020\060\016\006\003\125\004\007\014\007\110\157\165\163\164
-\157\156\061\030\060\026\006\003\125\004\012\014\017\123\123\114
-\040\103\157\162\160\157\162\141\164\151\157\156\061\067\060\065
-\006\003\125\004\003\014\056\123\123\114\056\143\157\155\040\105
-\126\040\122\157\157\164\040\103\145\162\164\151\146\151\143\141
-\164\151\157\156\040\101\165\164\150\157\162\151\164\171\040\122
-\123\101\040\122\062
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\010\126\266\051\315\064\274\170\366
-END
-CKA_VALUE MULTILINE_OCTAL
-\060\202\005\353\060\202\003\323\240\003\002\001\002\002\010\126
-\266\051\315\064\274\170\366\060\015\006\011\052\206\110\206\367
-\015\001\001\013\005\000\060\201\202\061\013\060\011\006\003\125
-\004\006\023\002\125\123\061\016\060\014\006\003\125\004\010\014
-\005\124\145\170\141\163\061\020\060\016\006\003\125\004\007\014
-\007\110\157\165\163\164\157\156\061\030\060\026\006\003\125\004
-\012\014\017\123\123\114\040\103\157\162\160\157\162\141\164\151
-\157\156\061\067\060\065\006\003\125\004\003\014\056\123\123\114
-\056\143\157\155\040\105\126\040\122\157\157\164\040\103\145\162
-\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157
-\162\151\164\171\040\122\123\101\040\122\062\060\036\027\015\061
-\067\060\065\063\061\061\070\061\064\063\067\132\027\015\064\062
-\060\065\063\060\061\070\061\064\063\067\132\060\201\202\061\013
-\060\011\006\003\125\004\006\023\002\125\123\061\016\060\014\006
-\003\125\004\010\014\005\124\145\170\141\163\061\020\060\016\006
-\003\125\004\007\014\007\110\157\165\163\164\157\156\061\030\060
-\026\006\003\125\004\012\014\017\123\123\114\040\103\157\162\160
-\157\162\141\164\151\157\156\061\067\060\065\006\003\125\004\003
-\014\056\123\123\114\056\143\157\155\040\105\126\040\122\157\157
-\164\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040
-\101\165\164\150\157\162\151\164\171\040\122\123\101\040\122\062
-\060\202\002\042\060\015\006\011\052\206\110\206\367\015\001\001
-\001\005\000\003\202\002\017\000\060\202\002\012\002\202\002\001
-\000\217\066\145\100\341\326\115\300\327\264\351\106\332\153\352
-\063\107\315\114\371\175\175\276\275\055\075\360\333\170\341\206
-\245\331\272\011\127\150\355\127\076\240\320\010\101\203\347\050
-\101\044\037\343\162\025\320\001\032\373\136\160\043\262\313\237
-\071\343\317\305\116\306\222\155\046\306\173\273\263\332\047\235
-\012\206\351\201\067\005\376\360\161\161\354\303\034\351\143\242
-\027\024\235\357\033\147\323\205\125\002\002\326\111\311\314\132
-\341\261\367\157\062\237\311\324\073\210\101\250\234\275\313\253
-\333\155\173\011\037\242\114\162\220\332\053\010\374\317\074\124
-\316\147\017\250\317\135\226\031\013\304\343\162\353\255\321\175
-\035\047\357\222\353\020\277\133\353\073\257\317\200\335\301\322
-\226\004\133\172\176\244\251\074\070\166\244\142\216\240\071\136
-\352\167\317\135\000\131\217\146\054\076\007\242\243\005\046\021
-\151\227\352\205\267\017\226\013\113\310\100\341\120\272\056\212
-\313\367\017\232\042\347\177\232\067\023\315\362\115\023\153\041
-\321\300\314\042\362\241\106\366\104\151\234\312\141\065\007\000
-\157\326\141\010\021\352\272\270\366\351\263\140\345\115\271\354
-\237\024\146\311\127\130\333\315\207\151\370\212\206\022\003\107
-\277\146\023\166\254\167\175\064\044\205\203\315\327\252\234\220
-\032\237\041\054\177\170\267\144\270\330\350\246\364\170\263\125
-\313\204\322\062\304\170\256\243\217\141\335\316\010\123\255\354
-\210\374\025\344\232\015\346\237\032\167\316\114\217\270\024\025
-\075\142\234\206\070\006\000\146\022\344\131\166\132\123\300\002
-\230\242\020\053\150\104\173\216\171\316\063\112\166\252\133\201
-\026\033\265\212\330\320\000\173\136\142\264\011\326\206\143\016
-\246\005\225\111\272\050\213\210\223\262\064\034\330\244\125\156
-\267\034\320\336\231\125\073\043\364\042\340\371\051\146\046\354
-\040\120\167\333\112\013\217\276\345\002\140\160\101\136\324\256
-\120\071\042\024\046\313\262\073\163\164\125\107\007\171\201\071
-\250\060\023\104\345\004\212\256\226\023\045\102\017\271\123\304
-\233\374\315\344\034\336\074\372\253\326\006\112\037\147\246\230
-\060\034\335\054\333\334\030\225\127\146\306\377\134\213\126\365
-\167\002\003\001\000\001\243\143\060\141\060\017\006\003\125\035
-\023\001\001\377\004\005\060\003\001\001\377\060\037\006\003\125
-\035\043\004\030\060\026\200\024\371\140\273\324\343\325\064\366
-\270\365\006\200\045\247\163\333\106\151\250\236\060\035\006\003
-\125\035\016\004\026\004\024\371\140\273\324\343\325\064\366\270
-\365\006\200\045\247\163\333\106\151\250\236\060\016\006\003\125
-\035\017\001\001\377\004\004\003\002\001\206\060\015\006\011\052
-\206\110\206\367\015\001\001\013\005\000\003\202\002\001\000\126
-\263\216\313\012\235\111\216\277\244\304\221\273\146\027\005\121
-\230\165\373\345\120\054\172\236\361\024\372\253\323\212\076\377
-\221\051\217\143\213\330\264\251\124\001\015\276\223\206\057\371
-\112\155\307\136\365\127\371\312\125\034\022\276\107\017\066\305
-\337\152\267\333\165\302\107\045\177\271\361\143\370\150\055\125
-\004\321\362\215\260\244\317\274\074\136\037\170\347\245\240\040
-\160\260\004\305\267\367\162\247\336\042\015\275\063\045\106\214
-\144\222\046\343\076\056\143\226\332\233\214\075\370\030\011\327
-\003\314\175\206\202\340\312\004\007\121\120\327\377\222\325\014
-\357\332\206\237\231\327\353\267\257\150\342\071\046\224\272\150
-\267\277\203\323\352\172\147\075\142\147\256\045\345\162\350\342
-\344\354\256\022\366\113\053\074\237\351\260\100\363\070\124\263
-\375\267\150\310\332\306\217\121\074\262\373\221\334\034\347\233
-\235\341\267\015\162\217\342\244\304\251\170\371\353\024\254\306
-\103\005\302\145\071\050\030\002\303\202\262\235\005\276\145\355
-\226\137\145\164\074\373\011\065\056\173\234\023\375\033\017\135
-\307\155\201\072\126\017\314\073\341\257\002\057\042\254\106\312
-\106\074\240\034\114\326\104\264\136\056\134\025\146\011\341\046
-\051\376\306\122\141\272\261\163\377\303\014\234\345\154\152\224
-\077\024\312\100\026\225\204\363\131\251\254\137\114\141\223\155
-\321\073\314\242\225\014\042\246\147\147\104\056\271\331\322\212
-\101\263\146\013\132\373\175\043\245\362\032\260\377\336\233\203
-\224\056\321\077\337\222\267\221\257\005\073\145\307\240\154\261
-\315\142\022\303\220\033\343\045\316\064\274\157\167\166\261\020
-\303\367\005\032\300\326\257\164\142\110\027\167\222\151\220\141
-\034\336\225\200\164\124\217\030\034\303\363\003\320\277\244\103
-\165\206\123\030\172\012\056\011\034\066\237\221\375\202\212\042
-\113\321\016\120\045\335\313\003\014\027\311\203\000\010\116\065
-\115\212\213\355\360\002\224\146\054\104\177\313\225\047\226\027
-\255\011\060\254\266\161\027\156\213\027\366\034\011\324\055\073
-\230\245\161\323\124\023\331\140\363\365\113\146\117\372\361\356
-\040\022\215\264\254\127\261\105\143\241\254\166\251\302\373
-END
-CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
-
-# Trust for "SSL.com EV Root Certification Authority RSA R2"
-# Issuer: CN=SSL.com EV Root Certification Authority RSA R2,O=SSL Corporation,L=Houston,ST=Texas,C=US
-# Serial Number:56:b6:29:cd:34:bc:78:f6
-# Subject: CN=SSL.com EV Root Certification Authority RSA R2,O=SSL Corporation,L=Houston,ST=Texas,C=US
-# Not Valid Before: Wed May 31 18:14:37 2017
-# Not Valid After : Fri May 30 18:14:37 2042
-# Fingerprint (SHA-256): 2E:7B:F1:6C:C2:24:85:A7:BB:E2:AA:86:96:75:07:61:B0:AE:39:BE:3B:2F:E9:D0:CC:6D:4E:F7:34:91:42:5C
-# Fingerprint (SHA1): 74:3A:F0:52:9B:D0:32:A0:F4:4A:83:CD:D4:BA:A9:7B:7C:2E:C4:9A
-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "SSL.com EV Root Certification Authority RSA R2"
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\164\072\360\122\233\320\062\240\364\112\203\315\324\272\251\173
-\174\056\304\232
-END
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\341\036\061\130\032\256\124\123\002\366\027\152\021\173\115\225
-END
-CKA_ISSUER MULTILINE_OCTAL
-\060\201\202\061\013\060\011\006\003\125\004\006\023\002\125\123
-\061\016\060\014\006\003\125\004\010\014\005\124\145\170\141\163
-\061\020\060\016\006\003\125\004\007\014\007\110\157\165\163\164
-\157\156\061\030\060\026\006\003\125\004\012\014\017\123\123\114
-\040\103\157\162\160\157\162\141\164\151\157\156\061\067\060\065
-\006\003\125\004\003\014\056\123\123\114\056\143\157\155\040\105
-\126\040\122\157\157\164\040\103\145\162\164\151\146\151\143\141
-\164\151\157\156\040\101\165\164\150\157\162\151\164\171\040\122
-\123\101\040\122\062
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\010\126\266\051\315\064\274\170\366
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-
-#
-# Certificate "SSL.com EV Root Certification Authority ECC"
-#
-# Issuer: CN=SSL.com EV Root Certification Authority ECC,O=SSL Corporation,L=Houston,ST=Texas,C=US
-# Serial Number:2c:29:9c:5b:16:ed:05:95
-# Subject: CN=SSL.com EV Root Certification Authority ECC,O=SSL Corporation,L=Houston,ST=Texas,C=US
-# Not Valid Before: Fri Feb 12 18:15:23 2016
-# Not Valid After : Tue Feb 12 18:15:23 2041
-# Fingerprint (SHA-256): 22:A2:C1:F7:BD:ED:70:4C:C1:E7:01:B5:F4:08:C3:10:88:0F:E9:56:B5:DE:2A:4A:44:F9:9C:87:3A:25:A7:C8
-# Fingerprint (SHA1): 4C:DD:51:A3:D1:F5:20:32:14:B0:C6:C5:32:23:03:91:C7:46:42:6D
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "SSL.com EV Root Certification Authority ECC"
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-CKA_SUBJECT MULTILINE_OCTAL
-\060\177\061\013\060\011\006\003\125\004\006\023\002\125\123\061
-\016\060\014\006\003\125\004\010\014\005\124\145\170\141\163\061
-\020\060\016\006\003\125\004\007\014\007\110\157\165\163\164\157
-\156\061\030\060\026\006\003\125\004\012\014\017\123\123\114\040
-\103\157\162\160\157\162\141\164\151\157\156\061\064\060\062\006
-\003\125\004\003\014\053\123\123\114\056\143\157\155\040\105\126
-\040\122\157\157\164\040\103\145\162\164\151\146\151\143\141\164
-\151\157\156\040\101\165\164\150\157\162\151\164\171\040\105\103
-\103
-END
-CKA_ID UTF8 "0"
-CKA_ISSUER MULTILINE_OCTAL
-\060\177\061\013\060\011\006\003\125\004\006\023\002\125\123\061
-\016\060\014\006\003\125\004\010\014\005\124\145\170\141\163\061
-\020\060\016\006\003\125\004\007\014\007\110\157\165\163\164\157
-\156\061\030\060\026\006\003\125\004\012\014\017\123\123\114\040
-\103\157\162\160\157\162\141\164\151\157\156\061\064\060\062\006
-\003\125\004\003\014\053\123\123\114\056\143\157\155\040\105\126
-\040\122\157\157\164\040\103\145\162\164\151\146\151\143\141\164
-\151\157\156\040\101\165\164\150\157\162\151\164\171\040\105\103
-\103
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\010\054\051\234\133\026\355\005\225
-END
-CKA_VALUE MULTILINE_OCTAL
-\060\202\002\224\060\202\002\032\240\003\002\001\002\002\010\054
-\051\234\133\026\355\005\225\060\012\006\010\052\206\110\316\075
-\004\003\002\060\177\061\013\060\011\006\003\125\004\006\023\002
-\125\123\061\016\060\014\006\003\125\004\010\014\005\124\145\170
-\141\163\061\020\060\016\006\003\125\004\007\014\007\110\157\165
-\163\164\157\156\061\030\060\026\006\003\125\004\012\014\017\123
-\123\114\040\103\157\162\160\157\162\141\164\151\157\156\061\064
-\060\062\006\003\125\004\003\014\053\123\123\114\056\143\157\155
-\040\105\126\040\122\157\157\164\040\103\145\162\164\151\146\151
-\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171
-\040\105\103\103\060\036\027\015\061\066\060\062\061\062\061\070
-\061\065\062\063\132\027\015\064\061\060\062\061\062\061\070\061
-\065\062\063\132\060\177\061\013\060\011\006\003\125\004\006\023
-\002\125\123\061\016\060\014\006\003\125\004\010\014\005\124\145
-\170\141\163\061\020\060\016\006\003\125\004\007\014\007\110\157
-\165\163\164\157\156\061\030\060\026\006\003\125\004\012\014\017
-\123\123\114\040\103\157\162\160\157\162\141\164\151\157\156\061
-\064\060\062\006\003\125\004\003\014\053\123\123\114\056\143\157
-\155\040\105\126\040\122\157\157\164\040\103\145\162\164\151\146
-\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164
-\171\040\105\103\103\060\166\060\020\006\007\052\206\110\316\075
-\002\001\006\005\053\201\004\000\042\003\142\000\004\252\022\107
-\220\230\033\373\357\303\100\007\203\040\116\361\060\202\242\006
-\321\362\222\206\141\362\366\041\150\312\000\304\307\352\103\000
-\124\206\334\375\037\337\000\270\101\142\134\334\160\026\062\336
-\037\231\324\314\305\007\310\010\037\141\026\007\121\075\175\134
-\007\123\343\065\070\214\337\315\237\331\056\015\112\266\031\056
-\132\160\132\006\355\276\360\241\260\312\320\011\051\243\143\060
-\141\060\035\006\003\125\035\016\004\026\004\024\133\312\136\345
-\336\322\201\252\315\250\055\144\121\266\331\162\233\227\346\117
-\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001
-\377\060\037\006\003\125\035\043\004\030\060\026\200\024\133\312
-\136\345\336\322\201\252\315\250\055\144\121\266\331\162\233\227
-\346\117\060\016\006\003\125\035\017\001\001\377\004\004\003\002
-\001\206\060\012\006\010\052\206\110\316\075\004\003\002\003\150
-\000\060\145\002\061\000\212\346\100\211\067\353\351\325\023\331
-\312\324\153\044\363\260\075\207\106\130\032\354\261\337\157\373
-\126\272\160\153\307\070\314\350\261\214\117\017\367\361\147\166
-\016\203\320\036\121\217\002\060\075\366\043\050\046\114\306\140
-\207\223\046\233\262\065\036\272\326\367\074\321\034\316\372\045
-\074\246\032\201\025\133\363\022\017\154\356\145\212\311\207\250
-\371\007\340\142\232\214\134\112
-END
-CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
-
-# Trust for "SSL.com EV Root Certification Authority ECC"
-# Issuer: CN=SSL.com EV Root Certification Authority ECC,O=SSL Corporation,L=Houston,ST=Texas,C=US
-# Serial Number:2c:29:9c:5b:16:ed:05:95
-# Subject: CN=SSL.com EV Root Certification Authority ECC,O=SSL Corporation,L=Houston,ST=Texas,C=US
-# Not Valid Before: Fri Feb 12 18:15:23 2016
-# Not Valid After : Tue Feb 12 18:15:23 2041
-# Fingerprint (SHA-256): 22:A2:C1:F7:BD:ED:70:4C:C1:E7:01:B5:F4:08:C3:10:88:0F:E9:56:B5:DE:2A:4A:44:F9:9C:87:3A:25:A7:C8
-# Fingerprint (SHA1): 4C:DD:51:A3:D1:F5:20:32:14:B0:C6:C5:32:23:03:91:C7:46:42:6D
-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "SSL.com EV Root Certification Authority ECC"
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\114\335\121\243\321\365\040\062\024\260\306\305\062\043\003\221
-\307\106\102\155
-END
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\131\123\042\145\203\102\001\124\300\316\102\271\132\174\362\220
-END
-CKA_ISSUER MULTILINE_OCTAL
-\060\177\061\013\060\011\006\003\125\004\006\023\002\125\123\061
-\016\060\014\006\003\125\004\010\014\005\124\145\170\141\163\061
-\020\060\016\006\003\125\004\007\014\007\110\157\165\163\164\157
-\156\061\030\060\026\006\003\125\004\012\014\017\123\123\114\040
-\103\157\162\160\157\162\141\164\151\157\156\061\064\060\062\006
-\003\125\004\003\014\053\123\123\114\056\143\157\155\040\105\126
-\040\122\157\157\164\040\103\145\162\164\151\146\151\143\141\164
-\151\157\156\040\101\165\164\150\157\162\151\164\171\040\105\103
-\103
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\010\054\051\234\133\026\355\005\225
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
diff --git a/security/nss/lib/ckfw/builtins/nssckbi.h b/security/nss/lib/ckfw/builtins/nssckbi.h
index 0189369b1..498751d13 100644
--- a/security/nss/lib/ckfw/builtins/nssckbi.h
+++ b/security/nss/lib/ckfw/builtins/nssckbi.h
@@ -46,8 +46,8 @@
  * It's recommend to switch back to 0 after having reached version 98/99.
  */
 #define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 2
-#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 22
-#define NSS_BUILTINS_LIBRARY_VERSION "2.22"
+#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 16
+#define NSS_BUILTINS_LIBRARY_VERSION "2.16"
 
 /* These version numbers detail the semantic changes to the ckfw engine. */
 #define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1
diff --git a/security/nss/lib/ckfw/capi/cfind.c b/security/nss/lib/ckfw/capi/cfind.c
index 9c4d4f1e7..9ea7fca61 100644
--- a/security/nss/lib/ckfw/capi/cfind.c
+++ b/security/nss/lib/ckfw/capi/cfind.c
@@ -331,7 +331,8 @@ collect_class(
                     nss_ZFreeIf(keyProvInfo);
 
                     if (provName &&
-                        (strncmp(provName, "Microsoft", sizeof("Microsoft") - 1) != 0)) {
+                        (strncmp(provName, "Microsoft", sizeof("Microsoft") -
+                                                            1) != 0)) {
                         continue;
                     }
                 } else {
diff --git a/security/nss/lib/cryptohi/cryptohi.h b/security/nss/lib/cryptohi/cryptohi.h
index e529fa34f..f658daa9e 100644
--- a/security/nss/lib/cryptohi/cryptohi.h
+++ b/security/nss/lib/cryptohi/cryptohi.h
@@ -60,14 +60,6 @@ extern SECItem *DSAU_DecodeDerSigToLen(const SECItem *item, unsigned int len);
 extern SGNContext *SGN_NewContext(SECOidTag alg, SECKEYPrivateKey *privKey);
 
 /*
-** Create a new signature context from an algorithmID.
-**      "alg" the signature algorithm to use
-**	"privKey" the private key to use
-*/
-extern SGNContext *SGN_NewContextWithAlgorithmID(SECAlgorithmID *alg,
-                                                 SECKEYPrivateKey *privKey);
-
-/*
 ** Destroy a signature-context object
 **	"cx" the object
 **	"freeit" if PR_TRUE then free the object as well as its sub-objects
@@ -114,21 +106,6 @@ extern SECStatus SEC_SignData(SECItem *result,
                               SECKEYPrivateKey *pk, SECOidTag algid);
 
 /*
-** Sign a single block of data using private key encryption and given
-** signature/hash algorithm with parameters from an algorithmID.
-**	"result" the final signature data (memory is allocated)
-**	"buf" the input data to sign
-**	"len" the amount of data to sign
-**	"pk" the private key to encrypt with
-**	"algid" the signature/hash algorithm to sign with
-**		(must be compatible with the key type).
-*/
-extern SECStatus SEC_SignDataWithAlgorithmID(SECItem *result,
-                                             const unsigned char *buf, int len,
-                                             SECKEYPrivateKey *pk,
-                                             SECAlgorithmID *algid);
-
-/*
 ** Sign a pre-digested block of data using private key encryption, encoding
 **  The given signature/hash algorithm.
 **	"result" the final signature data (memory is allocated)
@@ -155,27 +132,6 @@ extern SECStatus SEC_DerSignData(PLArenaPool *arena, SECItem *result,
                                  SECKEYPrivateKey *pk, SECOidTag algid);
 
 /*
-** DER sign a single block of data using private key encryption and
-** the given signature/hash algorithm with parameters from an
-** algorithmID. This routine first computes a digital signature using
-** SEC_SignData, then wraps it with an CERTSignedData and then der
-** encodes the result.
-**	"arena" is the memory arena to use to allocate data from
-** 	"result" the final der encoded data (memory is allocated)
-** 	"buf" the input data to sign
-** 	"len" the amount of data to sign
-** 	"pk" the private key to encrypt with
-**	"algid" the signature/hash algorithm to sign with
-**		(must be compatible with the key type).
-*/
-extern SECStatus SEC_DerSignDataWithAlgorithmID(PLArenaPool *arena,
-                                                SECItem *result,
-                                                const unsigned char *buf,
-                                                int len,
-                                                SECKEYPrivateKey *pk,
-                                                SECAlgorithmID *algid);
-
-/*
 ** Destroy a signed-data object.
 **	"sd" the object
 **	"freeit" if PR_TRUE then free the object as well as its sub-objects
@@ -190,23 +146,6 @@ extern void SEC_DestroySignedData(CERTSignedData *sd, PRBool freeit);
 extern SECOidTag SEC_GetSignatureAlgorithmOidTag(KeyType keyType,
                                                  SECOidTag hashAlgTag);
 
-/*
-** Create algorithm parameters for signing. Return a new item
-** allocated from arena, or NULL on failure.
-**	"arena" is the memory arena to use to allocate data from
-**	"result" the encoded parameters (memory is allocated)
-**	"signAlgTag" is the signing algorithm
-**	"hashAlgTag" is the preferred hash algorithm
-**	"params" is the default parameters
-**	"key" is the private key
-*/
-extern SECItem *SEC_CreateSignatureAlgorithmParameters(PLArenaPool *arena,
-                                                       SECItem *result,
-                                                       SECOidTag signAlgTag,
-                                                       SECOidTag hashAlgTag,
-                                                       const SECItem *params,
-                                                       const SECKEYPrivateKey *key);
-
 /****************************************/
 /*
 ** Signature verification operations
diff --git a/security/nss/lib/cryptohi/keyi.h b/security/nss/lib/cryptohi/keyi.h
index ee11fc905..f8f5f7f7d 100644
--- a/security/nss/lib/cryptohi/keyi.h
+++ b/security/nss/lib/cryptohi/keyi.h
@@ -17,9 +17,6 @@ KeyType seckey_GetKeyType(SECOidTag pubKeyOid);
 SECStatus sec_DecodeSigAlg(const SECKEYPublicKey *key, SECOidTag sigAlg,
                            const SECItem *param, SECOidTag *encalg, SECOidTag *hashalg);
 
-SECStatus sec_RSAPSSParamsToMechanism(CK_RSA_PKCS_PSS_PARAMS *mech,
-                                      const SECKEYRSAPSSParams *params);
-
 SEC_END_PROTOS
 
 #endif /* _KEYHI_H_ */
diff --git a/security/nss/lib/cryptohi/seckey.c b/security/nss/lib/cryptohi/seckey.c
index 0f9353f3b..9ea48b767 100644
--- a/security/nss/lib/cryptohi/seckey.c
+++ b/security/nss/lib/cryptohi/seckey.c
@@ -221,7 +221,8 @@ SECKEY_CreateECPrivateKey(SECKEYECParams *param, SECKEYPublicKey **pubk, void *c
                                             PK11_ATTR_SESSION |
                                                 PK11_ATTR_INSENSITIVE |
                                                 PK11_ATTR_PUBLIC,
-                                            CKF_DERIVE, CKF_DERIVE | CKF_SIGN,
+                                            CKF_DERIVE, CKF_DERIVE |
+                                                            CKF_SIGN,
                                             cx);
     if (!privk)
         privk = PK11_GenerateKeyPairWithOpFlags(slot, CKM_EC_KEY_PAIR_GEN,
@@ -229,7 +230,8 @@ SECKEY_CreateECPrivateKey(SECKEYECParams *param, SECKEYPublicKey **pubk, void *c
                                                 PK11_ATTR_SESSION |
                                                     PK11_ATTR_SENSITIVE |
                                                     PK11_ATTR_PRIVATE,
-                                                CKF_DERIVE, CKF_DERIVE | CKF_SIGN,
+                                                CKF_DERIVE, CKF_DERIVE |
+                                                                CKF_SIGN,
                                                 cx);
 
     PK11_FreeSlot(slot);
@@ -1046,7 +1048,6 @@ SECKEY_SignatureLen(const SECKEYPublicKey *pubk)
 
     switch (pubk->keyType) {
         case rsaKey:
-        case rsaPssKey:
             b0 = pubk->u.rsa.modulus.data[0];
             return b0 ? pubk->u.rsa.modulus.len : pubk->u.rsa.modulus.len - 1;
         case dsaKey:
@@ -1973,118 +1974,3 @@ SECKEY_GetECCOid(const SECKEYECParams *params)
 
     return oidData->offset;
 }
-
-static CK_MECHANISM_TYPE
-sec_GetHashMechanismByOidTag(SECOidTag tag)
-{
-    switch (tag) {
-        case SEC_OID_SHA512:
-            return CKM_SHA512;
-        case SEC_OID_SHA384:
-            return CKM_SHA384;
-        case SEC_OID_SHA256:
-            return CKM_SHA256;
-        case SEC_OID_SHA224:
-            return CKM_SHA224;
-        case SEC_OID_SHA1:
-            return CKM_SHA_1;
-        default:
-            PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
-            return CKM_INVALID_MECHANISM;
-    }
-}
-
-static CK_RSA_PKCS_MGF_TYPE
-sec_GetMgfTypeByOidTag(SECOidTag tag)
-{
-    switch (tag) {
-        case SEC_OID_SHA512:
-            return CKG_MGF1_SHA512;
-        case SEC_OID_SHA384:
-            return CKG_MGF1_SHA384;
-        case SEC_OID_SHA256:
-            return CKG_MGF1_SHA256;
-        case SEC_OID_SHA224:
-            return CKG_MGF1_SHA224;
-        case SEC_OID_SHA1:
-            return CKG_MGF1_SHA1;
-        default:
-            PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
-            return 0;
-    }
-}
-
-SECStatus
-sec_RSAPSSParamsToMechanism(CK_RSA_PKCS_PSS_PARAMS *mech,
-                            const SECKEYRSAPSSParams *params)
-{
-    SECStatus rv = SECSuccess;
-    SECOidTag hashAlgTag;
-    unsigned long saltLength;
-    unsigned long trailerField;
-
-    PORT_Memset(mech, 0, sizeof(CK_RSA_PKCS_PSS_PARAMS));
-
-    if (params->hashAlg) {
-        hashAlgTag = SECOID_GetAlgorithmTag(params->hashAlg);
-    } else {
-        hashAlgTag = SEC_OID_SHA1; /* default, SHA-1 */
-    }
-    mech->hashAlg = sec_GetHashMechanismByOidTag(hashAlgTag);
-    if (mech->hashAlg == CKM_INVALID_MECHANISM) {
-        return SECFailure;
-    }
-
-    if (params->maskAlg) {
-        SECAlgorithmID maskHashAlg;
-        SECOidTag maskHashAlgTag;
-        PORTCheapArenaPool tmpArena;
-
-        if (SECOID_GetAlgorithmTag(params->maskAlg) != SEC_OID_PKCS1_MGF1) {
-            /* only MGF1 is known to PKCS#11 */
-            PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
-            return SECFailure;
-        }
-
-        PORT_InitCheapArena(&tmpArena, DER_DEFAULT_CHUNKSIZE);
-        rv = SEC_QuickDERDecodeItem(&tmpArena.arena, &maskHashAlg,
-                                    SEC_ASN1_GET(SECOID_AlgorithmIDTemplate),
-                                    &params->maskAlg->parameters);
-        PORT_DestroyCheapArena(&tmpArena);
-        if (rv != SECSuccess) {
-            return rv;
-        }
-        maskHashAlgTag = SECOID_GetAlgorithmTag(&maskHashAlg);
-        mech->mgf = sec_GetMgfTypeByOidTag(maskHashAlgTag);
-        if (mech->mgf == 0) {
-            return SECFailure;
-        }
-    } else {
-        mech->mgf = CKG_MGF1_SHA1; /* default, MGF1 with SHA-1 */
-    }
-
-    if (params->saltLength.data) {
-        rv = SEC_ASN1DecodeInteger((SECItem *)&params->saltLength, &saltLength);
-        if (rv != SECSuccess) {
-            return rv;
-        }
-    } else {
-        saltLength = 20; /* default, 20 */
-    }
-    mech->sLen = saltLength;
-
-    if (params->trailerField.data) {
-        rv = SEC_ASN1DecodeInteger((SECItem *)&params->trailerField, &trailerField);
-        if (rv != SECSuccess) {
-            return rv;
-        }
-        if (trailerField != 1) {
-            /* the value must be 1, which represents the trailer field
-             * with hexadecimal value 0xBC */
-            PORT_SetError(SEC_ERROR_INVALID_ARGS);
-            return SECFailure;
-        }
-    }
-
-    return rv;
-}
diff --git a/security/nss/lib/cryptohi/secsign.c b/security/nss/lib/cryptohi/secsign.c
index dc10f2fa6..d06cb2e85 100644
--- a/security/nss/lib/cryptohi/secsign.c
+++ b/security/nss/lib/cryptohi/secsign.c
@@ -22,11 +22,10 @@ struct SGNContextStr {
     void *hashcx;
     const SECHashObject *hashobj;
     SECKEYPrivateKey *key;
-    SECItem *params;
 };
 
-static SGNContext *
-sgn_NewContext(SECOidTag alg, SECItem *params, SECKEYPrivateKey *key)
+SGNContext *
+SGN_NewContext(SECOidTag alg, SECKEYPrivateKey *key)
 {
     SGNContext *cx;
     SECOidTag hashalg, signalg;
@@ -41,7 +40,7 @@ sgn_NewContext(SECOidTag alg, SECItem *params, SECKEYPrivateKey *key)
      * it may just support CKM_SHA1_RSA_PKCS and/or CKM_MD5_RSA_PKCS.
      */
     /* we have a private key, not a public key, so don't pass it in */
-    rv = sec_DecodeSigAlg(NULL, alg, params, &signalg, &hashalg);
+    rv = sec_DecodeSigAlg(NULL, alg, NULL, &signalg, &hashalg);
     if (rv != SECSuccess) {
         PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
         return 0;
@@ -50,8 +49,7 @@ sgn_NewContext(SECOidTag alg, SECItem *params, SECKEYPrivateKey *key)
 
     /* verify our key type */
     if (key->keyType != keyType &&
-        !((key->keyType == dsaKey) && (keyType == fortezzaKey)) &&
-        !((key->keyType == rsaKey) && (keyType == rsaPssKey))) {
+        !((key->keyType == dsaKey) && (keyType == fortezzaKey))) {
         PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
         return 0;
     }
@@ -61,24 +59,10 @@ sgn_NewContext(SECOidTag alg, SECItem *params, SECKEYPrivateKey *key)
         cx->hashalg = hashalg;
         cx->signalg = signalg;
         cx->key = key;
-        cx->params = params;
     }
     return cx;
 }
 
-SGNContext *
-SGN_NewContext(SECOidTag alg, SECKEYPrivateKey *key)
-{
-    return sgn_NewContext(alg, NULL, key);
-}
-
-SGNContext *
-SGN_NewContextWithAlgorithmID(SECAlgorithmID *alg, SECKEYPrivateKey *key)
-{
-    SECOidTag tag = SECOID_GetAlgorithmTag(alg);
-    return sgn_NewContext(tag, &alg->parameters, key);
-}
-
 void
 SGN_DestroyContext(SGNContext *cx, PRBool freeit)
 {
@@ -164,7 +148,6 @@ SGN_End(SGNContext *cx, SECItem *result)
 
     result->data = 0;
     digder.data = 0;
-    sigitem.data = 0;
 
     /* Finish up digest function */
     if (cx->hashcx == NULL) {
@@ -173,8 +156,7 @@ SGN_End(SGNContext *cx, SECItem *result)
     }
     (*cx->hashobj->end)(cx->hashcx, digest, &part1, sizeof(digest));
 
-    if (privKey->keyType == rsaKey &&
-        cx->signalg != SEC_OID_PKCS1_RSA_PSS_SIGNATURE) {
+    if (privKey->keyType == rsaKey) {
 
         arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
         if (!arena) {
@@ -218,65 +200,26 @@ SGN_End(SGNContext *cx, SECItem *result)
         goto loser;
     }
 
-    if (cx->signalg == SEC_OID_PKCS1_RSA_PSS_SIGNATURE) {
-        CK_RSA_PKCS_PSS_PARAMS mech;
-        SECItem mechItem = { siBuffer, (unsigned char *)&mech, sizeof(mech) };
-
-        PORT_Memset(&mech, 0, sizeof(mech));
-
-        if (cx->params && cx->params->data) {
-            SECKEYRSAPSSParams params;
-
-            arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-            if (!arena) {
-                rv = SECFailure;
-                goto loser;
-            }
-
-            PORT_Memset(&params, 0, sizeof(params));
-            rv = SEC_QuickDERDecodeItem(arena, &params,
-                                        SECKEY_RSAPSSParamsTemplate,
-                                        cx->params);
-            if (rv != SECSuccess) {
-                goto loser;
-            }
-            rv = sec_RSAPSSParamsToMechanism(&mech, &params);
-            if (rv != SECSuccess) {
-                goto loser;
-            }
-        } else {
-            mech.hashAlg = CKM_SHA_1;
-            mech.mgf = CKG_MGF1_SHA1;
-            mech.sLen = digder.len;
-        }
-        rv = PK11_SignWithMechanism(privKey, CKM_RSA_PKCS_PSS, &mechItem,
-                                    &sigitem, &digder);
-        if (rv != SECSuccess) {
-            goto loser;
-        }
-    } else {
-        rv = PK11_Sign(privKey, &sigitem, &digder);
-        if (rv != SECSuccess) {
-            goto loser;
-        }
+    rv = PK11_Sign(privKey, &sigitem, &digder);
+    if (rv != SECSuccess) {
+        PORT_Free(sigitem.data);
+        sigitem.data = NULL;
+        goto loser;
     }
 
     if ((cx->signalg == SEC_OID_ANSIX9_DSA_SIGNATURE) ||
         (cx->signalg == SEC_OID_ANSIX962_EC_PUBLIC_KEY)) {
         /* DSAU_EncodeDerSigWithLen works for DSA and ECDSA */
         rv = DSAU_EncodeDerSigWithLen(result, &sigitem, sigitem.len);
+        PORT_Free(sigitem.data);
         if (rv != SECSuccess)
             goto loser;
-        SECITEM_FreeItem(&sigitem, PR_FALSE);
     } else {
         result->len = sigitem.len;
         result->data = sigitem.data;
     }
 
 loser:
-    if (rv != SECSuccess) {
-        SECITEM_FreeItem(&sigitem, PR_FALSE);
-    }
     SGN_DestroyDigestInfo(di);
     if (arena != NULL) {
         PORT_FreeArena(arena, PR_FALSE);
@@ -286,14 +229,18 @@ loser:
 
 /************************************************************************/
 
-static SECStatus
-sec_SignData(SECItem *res, const unsigned char *buf, int len,
-             SECKEYPrivateKey *pk, SECOidTag algid, SECItem *params)
+/*
+** Sign a block of data returning in result a bunch of bytes that are the
+** signature. Returns zero on success, an error code on failure.
+*/
+SECStatus
+SEC_SignData(SECItem *res, const unsigned char *buf, int len,
+             SECKEYPrivateKey *pk, SECOidTag algid)
 {
     SECStatus rv;
     SGNContext *sgn;
 
-    sgn = sgn_NewContext(algid, params, pk);
+    sgn = SGN_NewContext(algid, pk);
 
     if (sgn == NULL)
         return SECFailure;
@@ -313,25 +260,6 @@ loser:
     return rv;
 }
 
-/*
-** Sign a block of data returning in result a bunch of bytes that are the
-** signature. Returns zero on success, an error code on failure.
-*/
-SECStatus
-SEC_SignData(SECItem *res, const unsigned char *buf, int len,
-             SECKEYPrivateKey *pk, SECOidTag algid)
-{
-    return sec_SignData(res, buf, len, pk, algid, NULL);
-}
-
-SECStatus
-SEC_SignDataWithAlgorithmID(SECItem *res, const unsigned char *buf, int len,
-                            SECKEYPrivateKey *pk, SECAlgorithmID *algid)
-{
-    SECOidTag tag = SECOID_GetAlgorithmTag(algid);
-    return sec_SignData(res, buf, len, pk, tag, &algid->parameters);
-}
-
 /************************************************************************/
 
 DERTemplate CERTSignedDataTemplate[] =
@@ -366,10 +294,10 @@ const SEC_ASN1Template CERT_SignedDataTemplate[] =
 
 SEC_ASN1_CHOOSER_IMPLEMENT(CERT_SignedDataTemplate)
 
-static SECStatus
-sec_DerSignData(PLArenaPool *arena, SECItem *result,
+SECStatus
+SEC_DerSignData(PLArenaPool *arena, SECItem *result,
                 const unsigned char *buf, int len, SECKEYPrivateKey *pk,
-                SECOidTag algID, SECItem *params)
+                SECOidTag algID)
 {
     SECItem it;
     CERTSignedData sd;
@@ -411,7 +339,7 @@ sec_DerSignData(PLArenaPool *arena, SECItem *result,
     }
 
     /* Sign input buffer */
-    rv = sec_SignData(&it, buf, len, pk, algID, params);
+    rv = SEC_SignData(&it, buf, len, pk, algID);
     if (rv)
         goto loser;
 
@@ -421,7 +349,7 @@ sec_DerSignData(PLArenaPool *arena, SECItem *result,
     sd.data.len = len;
     sd.signature.data = it.data;
     sd.signature.len = it.len << 3; /* convert to bit string */
-    rv = SECOID_SetAlgorithmID(arena, &sd.signatureAlgorithm, algID, params);
+    rv = SECOID_SetAlgorithmID(arena, &sd.signatureAlgorithm, algID, 0);
     if (rv)
         goto loser;
 
@@ -435,24 +363,6 @@ loser:
 }
 
 SECStatus
-SEC_DerSignData(PLArenaPool *arena, SECItem *result,
-                const unsigned char *buf, int len, SECKEYPrivateKey *pk,
-                SECOidTag algID)
-{
-    return sec_DerSignData(arena, result, buf, len, pk, algID, NULL);
-}
-
-SECStatus
-SEC_DerSignDataWithAlgorithmID(PLArenaPool *arena, SECItem *result,
-                               const unsigned char *buf, int len,
-                               SECKEYPrivateKey *pk,
-                               SECAlgorithmID *algID)
-{
-    SECOidTag tag = SECOID_GetAlgorithmTag(algID);
-    return sec_DerSignData(arena, result, buf, len, pk, tag, &algID->parameters);
-}
-
-SECStatus
 SGN_Digest(SECKEYPrivateKey *privKey,
            SECOidTag algtag, SECItem *result, SECItem *digest)
 {
@@ -599,243 +509,3 @@ SEC_GetSignatureAlgorithmOidTag(KeyType keyType, SECOidTag hashAlgTag)
     }
     return sigTag;
 }
-
-static SECItem *
-sec_CreateRSAPSSParameters(PLArenaPool *arena,
-                           SECItem *result,
-                           SECOidTag hashAlgTag,
-                           const SECItem *params,
-                           const SECKEYPrivateKey *key)
-{
-    SECKEYRSAPSSParams pssParams;
-    int modBytes, hashLength;
-    unsigned long saltLength;
-    PRBool defaultSHA1 = PR_FALSE;
-    SECStatus rv;
-
-    if (key->keyType != rsaKey && key->keyType != rsaPssKey) {
-        PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
-        return NULL;
-    }
-
-    PORT_Memset(&pssParams, 0, sizeof(pssParams));
-
-    if (params && params->data) {
-        /* The parameters field should either be empty or contain
-         * valid RSA-PSS parameters */
-        PORT_Assert(!(params->len == 2 &&
-                      params->data[0] == SEC_ASN1_NULL &&
-                      params->data[1] == 0));
-        rv = SEC_QuickDERDecodeItem(arena, &pssParams,
-                                    SECKEY_RSAPSSParamsTemplate,
-                                    params);
-        if (rv != SECSuccess) {
-            return NULL;
-        }
-        defaultSHA1 = PR_TRUE;
-    }
-
-    if (pssParams.trailerField.data) {
-        unsigned long trailerField;
-
-        rv = SEC_ASN1DecodeInteger((SECItem *)&pssParams.trailerField,
-                                   &trailerField);
-        if (rv != SECSuccess) {
-            return NULL;
-        }
-        if (trailerField != 1) {
-            PORT_SetError(SEC_ERROR_INVALID_ARGS);
-            return NULL;
-        }
-    }
-
-    modBytes = PK11_GetPrivateModulusLen((SECKEYPrivateKey *)key);
-
-    /* Determine the hash algorithm to use, based on hashAlgTag and
-     * pssParams.hashAlg; there are four cases */
-    if (hashAlgTag != SEC_OID_UNKNOWN) {
-        SECOidTag tag = SEC_OID_UNKNOWN;
-
-        if (pssParams.hashAlg) {
-            tag = SECOID_GetAlgorithmTag(pssParams.hashAlg);
-        } else if (defaultSHA1) {
-            tag = SEC_OID_SHA1;
-        }
-
-        if (tag != SEC_OID_UNKNOWN && tag != hashAlgTag) {
-            PORT_SetError(SEC_ERROR_INVALID_ARGS);
-            return NULL;
-        }
-    } else if (hashAlgTag == SEC_OID_UNKNOWN) {
-        if (pssParams.hashAlg) {
-            hashAlgTag = SECOID_GetAlgorithmTag(pssParams.hashAlg);
-        } else if (defaultSHA1) {
-            hashAlgTag = SEC_OID_SHA1;
-        } else {
-            /* Find a suitable hash algorithm based on the NIST recommendation */
-            if (modBytes <= 384) { /* 128, in NIST 800-57, Part 1 */
-                hashAlgTag = SEC_OID_SHA256;
-            } else if (modBytes <= 960) { /* 192, NIST 800-57, Part 1 */
-                hashAlgTag = SEC_OID_SHA384;
-            } else {
-                hashAlgTag = SEC_OID_SHA512;
-            }
-        }
-    }
-
-    if (hashAlgTag != SEC_OID_SHA1 && hashAlgTag != SEC_OID_SHA224 &&
-        hashAlgTag != SEC_OID_SHA256 && hashAlgTag != SEC_OID_SHA384 &&
-        hashAlgTag != SEC_OID_SHA512) {
-        PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
-        return NULL;
-    }
-
-    /* Now that the hash algorithm is decided, check if it matches the
-     * existing parameters if any */
-    if (pssParams.maskAlg) {
-        SECAlgorithmID maskHashAlg;
-
-        if (SECOID_GetAlgorithmTag(pssParams.maskAlg) != SEC_OID_PKCS1_MGF1) {
-            PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
-            return NULL;
-        }
-
-        if (pssParams.maskAlg->parameters.data == NULL) {
-            PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
-            return NULL;
-        }
-
-        PORT_Memset(&maskHashAlg, 0, sizeof(maskHashAlg));
-        rv = SEC_QuickDERDecodeItem(arena, &maskHashAlg,
-                                    SEC_ASN1_GET(SECOID_AlgorithmIDTemplate),
-                                    &pssParams.maskAlg->parameters);
-        if (rv != SECSuccess) {
-            return NULL;
-        }
-
-        /* Following the recommendation in RFC 4055, assume the hash
-         * algorithm identical to pssParam.hashAlg */
-        if (SECOID_GetAlgorithmTag(&maskHashAlg) != hashAlgTag) {
-            PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
-            return NULL;
-        }
-    } else if (defaultSHA1) {
-        if (hashAlgTag != SEC_OID_SHA1) {
-            PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
-            return NULL;
-        }
-    }
-
-    hashLength = HASH_ResultLenByOidTag(hashAlgTag);
-
-    if (pssParams.saltLength.data) {
-        rv = SEC_ASN1DecodeInteger((SECItem *)&pssParams.saltLength,
-                                   &saltLength);
-        if (rv != SECSuccess) {
-            return NULL;
-        }
-
-        /* The specified salt length is too long */
-        if (saltLength > modBytes - hashLength - 2) {
-            PORT_SetError(SEC_ERROR_INVALID_ARGS);
-            return NULL;
-        }
-    } else if (defaultSHA1) {
-        saltLength = 20;
-    }
-
-    /* Fill in the parameters */
-    if (pssParams.hashAlg) {
-        if (hashAlgTag == SEC_OID_SHA1) {
-            /* Omit hashAlg if the the algorithm is SHA-1 (default) */
-            pssParams.hashAlg = NULL;
-        }
-    } else {
-        if (hashAlgTag != SEC_OID_SHA1) {
-            pssParams.hashAlg = PORT_ArenaZAlloc(arena, sizeof(SECAlgorithmID));
-            if (!pssParams.hashAlg) {
-                return NULL;
-            }
-            rv = SECOID_SetAlgorithmID(arena, pssParams.hashAlg, hashAlgTag,
-                                       NULL);
-            if (rv != SECSuccess) {
-                return NULL;
-            }
-        }
-    }
-
-    if (pssParams.maskAlg) {
-        if (hashAlgTag == SEC_OID_SHA1) {
-            /* Omit maskAlg if the the algorithm is SHA-1 (default) */
-            pssParams.maskAlg = NULL;
-        }
-    } else {
-        if (hashAlgTag != SEC_OID_SHA1) {
-            SECItem *hashAlgItem;
-
-            PORT_Assert(pssParams.hashAlg != NULL);
-
-            hashAlgItem = SEC_ASN1EncodeItem(arena, NULL, pssParams.hashAlg,
-                                             SEC_ASN1_GET(SECOID_AlgorithmIDTemplate));
-            if (!hashAlgItem) {
-                return NULL;
-            }
-            pssParams.maskAlg = PORT_ArenaZAlloc(arena, sizeof(SECAlgorithmID));
-            if (!pssParams.maskAlg) {
-                return NULL;
-            }
-            rv = SECOID_SetAlgorithmID(arena, pssParams.maskAlg,
-                                       SEC_OID_PKCS1_MGF1, hashAlgItem);
-            if (rv != SECSuccess) {
-                return NULL;
-            }
-        }
-    }
-
-    if (pssParams.saltLength.data) {
-        if (saltLength == 20) {
-            /* Omit the salt length if it is the default */
-            pssParams.saltLength.data = NULL;
-        }
-    } else {
-        /* Find a suitable length from the hash algorithm and modulus bits */
-        saltLength = PR_MIN(hashLength, modBytes - hashLength - 2);
-
-        if (saltLength != 20 &&
-            !SEC_ASN1EncodeInteger(arena, &pssParams.saltLength, saltLength)) {
-            return NULL;
-        }
-    }
-
-    if (pssParams.trailerField.data) {
-        /* Omit trailerField if the value is 1 (default) */
-        pssParams.trailerField.data = NULL;
-    }
-
-    return SEC_ASN1EncodeItem(arena, result,
-                              &pssParams, SECKEY_RSAPSSParamsTemplate);
-}
-
-SECItem *
-SEC_CreateSignatureAlgorithmParameters(PLArenaPool *arena,
-                                       SECItem *result,
-                                       SECOidTag signAlgTag,
-                                       SECOidTag hashAlgTag,
-                                       const SECItem *params,
-                                       const SECKEYPrivateKey *key)
-{
-    switch (signAlgTag) {
-        case SEC_OID_PKCS1_RSA_PSS_SIGNATURE:
-            return sec_CreateRSAPSSParameters(arena, result,
-                                              hashAlgTag, params, key);
-
-        default:
-            if (params == NULL)
-                return NULL;
-            if (result == NULL)
-                result = SECITEM_AllocItem(arena, NULL, 0);
-            if (SECITEM_CopyItem(arena, result, params) != SECSuccess)
-                return NULL;
-            return result;
-    }
-}
diff --git a/security/nss/lib/cryptohi/secvfy.c b/security/nss/lib/cryptohi/secvfy.c
index 83c9c579d..2ac21abd4 100644
--- a/security/nss/lib/cryptohi/secvfy.c
+++ b/security/nss/lib/cryptohi/secvfy.c
@@ -136,8 +136,6 @@ struct VFYContextStr {
         unsigned char dsasig[DSA_MAX_SIGNATURE_LEN];
         /* the full ECDSA signature */
         unsigned char ecdsasig[2 * MAX_ECKEY_LEN];
-        /* the full RSA signature, only used in RSA-PSS */
-        unsigned char rsasig[(RSA_MAX_MODULUS_BITS + 7) / 8];
     } u;
     unsigned int pkcs1RSADigestInfoLen;
     /* the encoded DigestInfo from a RSA PKCS#1 signature */
@@ -150,7 +148,6 @@ struct VFYContextStr {
                           * VFY_CreateContext call.  If false, the
                           * signature must be provided with a
                           * VFY_EndWithSignature call. */
-    SECItem *params;
 };
 
 static SECStatus
@@ -253,37 +250,8 @@ sec_DecodeSigAlg(const SECKEYPublicKey *key, SECOidTag sigAlg,
             *hashalg = SEC_OID_SHA1;
             break;
         case SEC_OID_PKCS1_RSA_ENCRYPTION:
-            *hashalg = SEC_OID_UNKNOWN; /* get it from the RSA signature */
-            break;
         case SEC_OID_PKCS1_RSA_PSS_SIGNATURE:
-            if (param && param->data) {
-                SECKEYRSAPSSParams pssParam;
-                arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-                if (arena == NULL) {
-                    return SECFailure;
-                }
-                PORT_Memset(&pssParam, 0, sizeof pssParam);
-                rv = SEC_QuickDERDecodeItem(arena, &pssParam,
-                                            SECKEY_RSAPSSParamsTemplate,
-                                            param);
-                if (rv != SECSuccess) {
-                    PORT_FreeArena(arena, PR_FALSE);
-                    return rv;
-                }
-                if (pssParam.hashAlg) {
-                    *hashalg = SECOID_GetAlgorithmTag(pssParam.hashAlg);
-                } else {
-                    *hashalg = SEC_OID_SHA1; /* default, SHA-1 */
-                }
-                PORT_FreeArena(arena, PR_FALSE);
-                /* only accept hash algorithms */
-                if (HASH_GetHashTypeByOidTag(*hashalg) == HASH_AlgNULL) {
-                    /* error set by HASH_GetHashTypeByOidTag */
-                    return SECFailure;
-                }
-            } else {
-                *hashalg = SEC_OID_SHA1; /* default, SHA-1 */
-            }
+            *hashalg = SEC_OID_UNKNOWN; /* get it from the RSA signature */
             break;
 
         case SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE:
@@ -466,20 +434,6 @@ vfy_CreateContext(const SECKEYPublicKey *key, const SECItem *sig,
                                             cx->key,
                                             sig, wincx);
                 break;
-            case rsaPssKey:
-                sigLen = SECKEY_SignatureLen(key);
-                if (sigLen == 0) {
-                    /* error set by SECKEY_SignatureLen */
-                    rv = SECFailure;
-                    break;
-                }
-                if (sig->len != sigLen) {
-                    PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
-                    rv = SECFailure;
-                    break;
-                }
-                PORT_Memcpy(cx->u.buffer, sig->data, sigLen);
-                break;
             case dsaKey:
             case ecKey:
                 sigLen = SECKEY_SignatureLen(key);
@@ -542,7 +496,6 @@ VFYContext *
 VFY_CreateContextWithAlgorithmID(const SECKEYPublicKey *key, const SECItem *sig,
                                  const SECAlgorithmID *sigAlgorithm, SECOidTag *hash, void *wincx)
 {
-    VFYContext *cx;
     SECOidTag encAlg, hashAlg;
     SECStatus rv = sec_DecodeSigAlg(key,
                                     SECOID_GetAlgorithmTag((SECAlgorithmID *)sigAlgorithm),
@@ -550,13 +503,7 @@ VFY_CreateContextWithAlgorithmID(const SECKEYPublicKey *key, const SECItem *sig,
     if (rv != SECSuccess) {
         return NULL;
     }
-
-    cx = vfy_CreateContext(key, sig, encAlg, hashAlg, hash, wincx);
-    if (sigAlgorithm->parameters.data) {
-        cx->params = SECITEM_DupItem(&sigAlgorithm->parameters);
-    }
-
-    return cx;
+    return vfy_CreateContext(key, sig, encAlg, hashAlg, hash, wincx);
 }
 
 void
@@ -573,9 +520,6 @@ VFY_DestroyContext(VFYContext *cx, PRBool freeit)
         if (cx->pkcs1RSADigestInfo) {
             PORT_Free(cx->pkcs1RSADigestInfo);
         }
-        if (cx->params) {
-            SECITEM_FreeItem(cx->params, PR_TRUE);
-        }
         if (freeit) {
             PORT_ZFree(cx, sizeof(VFYContext));
         }
@@ -618,7 +562,7 @@ VFY_EndWithSignature(VFYContext *cx, SECItem *sig)
 {
     unsigned char final[HASH_LENGTH_MAX];
     unsigned part;
-    SECItem hash, rsasig, dsasig; /* dsasig is also used for ECDSA */
+    SECItem hash, dsasig; /* dsasig is also used for ECDSA */
     SECStatus rv;
 
     if ((cx->hasSignature == PR_FALSE) && (sig == NULL)) {
@@ -654,70 +598,25 @@ VFY_EndWithSignature(VFYContext *cx, SECItem *sig)
                 return SECFailure;
             }
             break;
-        case rsaKey:
-            if (cx->encAlg == SEC_OID_PKCS1_RSA_PSS_SIGNATURE) {
-                CK_RSA_PKCS_PSS_PARAMS mech;
-                SECItem mechItem = { siBuffer, (unsigned char *)&mech, sizeof(mech) };
-                SECKEYRSAPSSParams params;
-                PLArenaPool *arena;
-
-                arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-                if (arena == NULL) {
-                    return SECFailure;
-                }
-
-                PORT_Memset(&params, 0, sizeof(params));
-                rv = SEC_QuickDERDecodeItem(arena, &params,
-                                            SECKEY_RSAPSSParamsTemplate,
-                                            cx->params);
-                if (rv != SECSuccess) {
-                    PORT_FreeArena(arena, PR_FALSE);
-                    return SECFailure;
-                }
-                rv = sec_RSAPSSParamsToMechanism(&mech, &params);
-                PORT_FreeArena(arena, PR_FALSE);
+        case rsaKey: {
+            SECItem digest;
+            digest.data = final;
+            digest.len = part;
+            if (sig) {
+                SECOidTag hashid;
+                PORT_Assert(cx->hashAlg != SEC_OID_UNKNOWN);
+                rv = recoverPKCS1DigestInfo(cx->hashAlg, &hashid,
+                                            &cx->pkcs1RSADigestInfo,
+                                            &cx->pkcs1RSADigestInfoLen,
+                                            cx->key,
+                                            sig, cx->wincx);
+                PORT_Assert(cx->hashAlg == hashid);
                 if (rv != SECSuccess) {
                     return SECFailure;
                 }
-                rsasig.data = cx->u.buffer;
-                rsasig.len = SECKEY_SignatureLen(cx->key);
-                if (rsasig.len == 0) {
-                    return SECFailure;
-                }
-                if (sig) {
-                    if (sig->len != rsasig.len) {
-                        PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
-                        return SECFailure;
-                    }
-                    PORT_Memcpy(rsasig.data, sig->data, rsasig.len);
-                }
-                hash.data = final;
-                hash.len = part;
-                if (PK11_VerifyWithMechanism(cx->key, CKM_RSA_PKCS_PSS, &mechItem,
-                                             &rsasig, &hash, cx->wincx) != SECSuccess) {
-                    PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
-                    return SECFailure;
-                }
-            } else {
-                SECItem digest;
-                digest.data = final;
-                digest.len = part;
-                if (sig) {
-                    SECOidTag hashid;
-                    PORT_Assert(cx->hashAlg != SEC_OID_UNKNOWN);
-                    rv = recoverPKCS1DigestInfo(cx->hashAlg, &hashid,
-                                                &cx->pkcs1RSADigestInfo,
-                                                &cx->pkcs1RSADigestInfoLen,
-                                                cx->key,
-                                                sig, cx->wincx);
-                    PORT_Assert(cx->hashAlg == hashid);
-                    if (rv != SECSuccess) {
-                        return SECFailure;
-                    }
-                }
-                return verifyPKCS1DigestInfo(cx, &digest);
             }
-            break;
+            return verifyPKCS1DigestInfo(cx, &digest);
+        }
         default:
             PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
             return SECFailure; /* shouldn't happen */
@@ -823,7 +722,7 @@ VFY_VerifyDigestWithAlgorithmID(const SECItem *digest,
 static SECStatus
 vfy_VerifyData(const unsigned char *buf, int len, const SECKEYPublicKey *key,
                const SECItem *sig, SECOidTag encAlg, SECOidTag hashAlg,
-               const SECItem *params, SECOidTag *hash, void *wincx)
+               SECOidTag *hash, void *wincx)
 {
     SECStatus rv;
     VFYContext *cx;
@@ -831,9 +730,6 @@ vfy_VerifyData(const unsigned char *buf, int len, const SECKEYPublicKey *key,
     cx = vfy_CreateContext(key, sig, encAlg, hashAlg, hash, wincx);
     if (cx == NULL)
         return SECFailure;
-    if (params) {
-        cx->params = SECITEM_DupItem(params);
-    }
 
     rv = VFY_Begin(cx);
     if (rv == SECSuccess) {
@@ -852,7 +748,7 @@ VFY_VerifyDataDirect(const unsigned char *buf, int len,
                      SECOidTag encAlg, SECOidTag hashAlg,
                      SECOidTag *hash, void *wincx)
 {
-    return vfy_VerifyData(buf, len, key, sig, encAlg, hashAlg, NULL, hash, wincx);
+    return vfy_VerifyData(buf, len, key, sig, encAlg, hashAlg, hash, wincx);
 }
 
 SECStatus
@@ -864,7 +760,7 @@ VFY_VerifyData(const unsigned char *buf, int len, const SECKEYPublicKey *key,
     if (rv != SECSuccess) {
         return rv;
     }
-    return vfy_VerifyData(buf, len, key, sig, encAlg, hashAlg, NULL, NULL, wincx);
+    return vfy_VerifyData(buf, len, key, sig, encAlg, hashAlg, NULL, wincx);
 }
 
 SECStatus
@@ -881,6 +777,5 @@ VFY_VerifyDataWithAlgorithmID(const unsigned char *buf, int len,
     if (rv != SECSuccess) {
         return rv;
     }
-    return vfy_VerifyData(buf, len, key, sig, encAlg, hashAlg,
-                          &sigAlgorithm->parameters, hash, wincx);
+    return vfy_VerifyData(buf, len, key, sig, encAlg, hashAlg, hash, wincx);
 }
diff --git a/security/nss/lib/dbm/src/h_page.c b/security/nss/lib/dbm/src/h_page.c
index e5623224b..bf1252aeb 100644
--- a/security/nss/lib/dbm/src/h_page.c
+++ b/security/nss/lib/dbm/src/h_page.c
@@ -426,9 +426,6 @@ ugly_split(HTAB *hashp, uint32 obucket, BUFHEAD *old_bufp,
     last_bfp = NULL;
     scopyto = (uint16)copyto; /* ANSI */
 
-    if (ino[0] < 1) {
-        return DATABASE_CORRUPTED_ERROR;
-    }
     n = ino[0] - 1;
     while (n < ino[0]) {
 
@@ -466,13 +463,7 @@ ugly_split(HTAB *hashp, uint32 obucket, BUFHEAD *old_bufp,
              * Fix up the old page -- the extra 2 are the fields
              * which contained the overflow information.
              */
-            if (ino[0] < (moved + 2)) {
-                return DATABASE_CORRUPTED_ERROR;
-            }
             ino[0] -= (moved + 2);
-            if (scopyto < sizeof(uint16) * (ino[0] + 3)) {
-                return DATABASE_CORRUPTED_ERROR;
-            }
             FREESPACE(ino) =
                 scopyto - sizeof(uint16) * (ino[0] + 3);
             OFFSET(ino) = scopyto;
@@ -495,14 +486,8 @@ ugly_split(HTAB *hashp, uint32 obucket, BUFHEAD *old_bufp,
         for (n = 1; (n < ino[0]) && (ino[n + 1] >= REAL_KEY); n += 2) {
             cino = (char *)ino;
             key.data = (uint8 *)cino + ino[n];
-            if (off < ino[n]) {
-                return DATABASE_CORRUPTED_ERROR;
-            }
             key.size = off - ino[n];
             val.data = (uint8 *)cino + ino[n + 1];
-            if (ino[n] < ino[n + 1]) {
-                return DATABASE_CORRUPTED_ERROR;
-            }
             val.size = ino[n] - ino[n + 1];
             off = ino[n + 1];
 
diff --git a/security/nss/lib/dbm/src/hash.c b/security/nss/lib/dbm/src/hash.c
index 98b1c07c7..b80aad4d3 100644
--- a/security/nss/lib/dbm/src/hash.c
+++ b/security/nss/lib/dbm/src/hash.c
@@ -704,7 +704,8 @@ hash_put(
         return (DBM_ERROR);
     }
 
-    rv = hash_access(hashp, flag == R_NOOVERWRITE ? HASH_PUTNEW : HASH_PUT,
+    rv = hash_access(hashp, flag == R_NOOVERWRITE ? HASH_PUTNEW
+                                                  : HASH_PUT,
                      (DBT *)key, (DBT *)data);
 
     if (rv == DATABASE_CORRUPTED_ERROR) {
diff --git a/security/nss/lib/dev/devutil.c b/security/nss/lib/dev/devutil.c
index 42ce03c97..b8f82c810 100644
--- a/security/nss/lib/dev/devutil.c
+++ b/security/nss/lib/dev/devutil.c
@@ -32,21 +32,15 @@ nssCryptokiObject_Create(
         /* a failure here indicates a device error */
         return (nssCryptokiObject *)NULL;
     }
-    if (cert_template[0].ulValueLen == 0) {
-        nss_ZFreeIf(cert_template[1].pValue);
-        return (nssCryptokiObject *)NULL;
-    }
     object = nss_ZNEW(NULL, nssCryptokiObject);
     if (!object) {
-        nss_ZFreeIf(cert_template[0].pValue);
-        nss_ZFreeIf(cert_template[1].pValue);
         return (nssCryptokiObject *)NULL;
     }
     object->handle = h;
     object->token = nssToken_AddRef(t);
     isTokenObject = (CK_BBOOL *)cert_template[0].pValue;
     object->isTokenObject = *isTokenObject;
-    nss_ZFreeIf(cert_template[0].pValue);
+    nss_ZFreeIf(isTokenObject);
     NSS_CK_ATTRIBUTE_TO_UTF8(&cert_template[1], object->label);
     return object;
 }
diff --git a/security/nss/lib/freebl/Makefile b/security/nss/lib/freebl/Makefile
index 0b3daa275..914a0119c 100644
--- a/security/nss/lib/freebl/Makefile
+++ b/security/nss/lib/freebl/Makefile
@@ -110,9 +110,7 @@ endif
 # NSS_X86_OR_X64 means the target is either x86 or x64
 ifeq (,$(filter-out i386 x386 x86 x86_64,$(CPU_ARCH)))
         DEFINES += -DNSS_X86_OR_X64
-        EXTRA_SRCS += gcm-x86.c aes-x86.c
-$(OBJDIR)/gcm-x86.o: CFLAGS += -mpclmul -maes
-$(OBJDIR)/aes-x86.o: CFLAGS += -mpclmul -maes
+        CFLAGS += -mpclmul -maes
 ifneq (,$(USE_64)$(USE_X32))
         DEFINES += -DNSS_X64
 else
@@ -492,6 +490,8 @@ else
 endif # Solaris for non-sparc family CPUs
 endif # target == SunO
 
+# poly1305-donna-x64-sse2-incremental-source.c requires __int128 support
+# in GCC 4.6.0.
 ifdef USE_64
     ifdef CC_IS_CLANG
             HAVE_INT128_SUPPORT = 1
@@ -508,41 +508,38 @@ ifdef USE_64
     endif
 endif
 
-ifndef HAVE_INT128_SUPPORT
-    DEFINES += -DKRML_NOUINT128
-endif
-
 ifndef NSS_DISABLE_CHACHAPOLY
     ifeq ($(CPU_ARCH),x86_64)
         ifdef HAVE_INT128_SUPPORT
-            EXTRA_SRCS += Hacl_Poly1305_64.c
+            EXTRA_SRCS += poly1305-donna-x64-sse2-incremental-source.c
         else
             EXTRA_SRCS += poly1305.c
         endif
 
         ifneq (1,$(CC_IS_GCC))
             EXTRA_SRCS += chacha20.c
-            VERIFIED_SRCS += Hacl_Chacha20.c
         else
             EXTRA_SRCS += chacha20_vec.c
         endif
     else
         EXTRA_SRCS += poly1305.c
         EXTRA_SRCS += chacha20.c
-        VERIFIED_SRCS += Hacl_Chacha20.c
     endif # x86_64
 endif # NSS_DISABLE_CHACHAPOLY
 
-ifeq (,$(filter-out i386 x386 x86 x86_64 aarch64,$(CPU_ARCH)))
+ifeq (,$(filter-out i386 x386 x86 x86_64,$(CPU_ARCH)))
     # All intel architectures get the 64 bit version
     # With custom uint128 if necessary (faster than generic 32 bit version).
     ECL_SRCS += curve25519_64.c
-    VERIFIED_SRCS += Hacl_Curve25519.c FStar.c
 else
     # All non intel architectures get the generic 32 bit implementation (slow!)
     ECL_SRCS += curve25519_32.c
 endif
 
+ifndef HAVE_INT128_SUPPORT
+    ECL_SRCS += uint128.c
+endif
+
 #######################################################################
 # (5) Execute "global" rules. (OPTIONAL)                              #
 #######################################################################
@@ -566,12 +563,12 @@ rijndael_tables:
 	         $(DEFINES) $(INCLUDES) $(OBJDIR)/libfreebl.a
 	$(OBJDIR)/make_rijndael_tab
 
-vpath %.h mpi ecl verified
-vpath %.c mpi ecl verified
+vpath %.h mpi ecl
+vpath %.c mpi ecl
 vpath %.S mpi ecl
 vpath %.s mpi ecl
 vpath %.asm mpi ecl
-INCLUDES += -Impi -Iecl -Iverified
+INCLUDES += -Impi -Iecl
 
 
 DEFINES += -DMP_API_COMPATIBLE
@@ -590,6 +587,8 @@ ECL_OBJS += $(addprefix $(OBJDIR)/$(PROG_PREFIX), $(ECL_USERS:.c=$(OBJ_SUFFIX)))
 
 $(ECL_OBJS): $(ECL_HDRS)
 
+
+
 $(OBJDIR)/sysrand$(OBJ_SUFFIX): sysrand.c unix_rand.c win_rand.c
 
 $(OBJDIR)/$(PROG_PREFIX)mpprime$(OBJ_SUFFIX): primes.c
diff --git a/security/nss/lib/freebl/aes-x86.c b/security/nss/lib/freebl/aes-x86.c
deleted file mode 100644
index 830b4782f..000000000
--- a/security/nss/lib/freebl/aes-x86.c
+++ /dev/null
@@ -1,157 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#ifdef FREEBL_NO_DEPEND
-#include "stubs.h"
-#endif
-#include "rijndael.h"
-#include "secerr.h"
-
-#include <wmmintrin.h> /* aes-ni */
-
-#define EXPAND_KEY128(k, rcon, res)                   \
-    tmp_key = _mm_aeskeygenassist_si128(k, rcon);     \
-    tmp_key = _mm_shuffle_epi32(tmp_key, 0xFF);       \
-    tmp = _mm_xor_si128(k, _mm_slli_si128(k, 4));     \
-    tmp = _mm_xor_si128(tmp, _mm_slli_si128(tmp, 4)); \
-    tmp = _mm_xor_si128(tmp, _mm_slli_si128(tmp, 4)); \
-    res = _mm_xor_si128(tmp, tmp_key)
-
-static void
-native_key_expansion128(AESContext *cx, const unsigned char *key)
-{
-    __m128i *keySchedule = cx->keySchedule;
-    pre_align __m128i tmp_key post_align;
-    pre_align __m128i tmp post_align;
-    keySchedule[0] = _mm_loadu_si128((__m128i *)key);
-    EXPAND_KEY128(keySchedule[0], 0x01, keySchedule[1]);
-    EXPAND_KEY128(keySchedule[1], 0x02, keySchedule[2]);
-    EXPAND_KEY128(keySchedule[2], 0x04, keySchedule[3]);
-    EXPAND_KEY128(keySchedule[3], 0x08, keySchedule[4]);
-    EXPAND_KEY128(keySchedule[4], 0x10, keySchedule[5]);
-    EXPAND_KEY128(keySchedule[5], 0x20, keySchedule[6]);
-    EXPAND_KEY128(keySchedule[6], 0x40, keySchedule[7]);
-    EXPAND_KEY128(keySchedule[7], 0x80, keySchedule[8]);
-    EXPAND_KEY128(keySchedule[8], 0x1B, keySchedule[9]);
-    EXPAND_KEY128(keySchedule[9], 0x36, keySchedule[10]);
-}
-
-#define EXPAND_KEY192_PART1(res, k0, kt, rcon)                                \
-    tmp2 = _mm_slli_si128(k0, 4);                                             \
-    tmp1 = _mm_xor_si128(k0, tmp2);                                           \
-    tmp2 = _mm_slli_si128(tmp2, 4);                                           \
-    tmp1 = _mm_xor_si128(_mm_xor_si128(tmp1, tmp2), _mm_slli_si128(tmp2, 4)); \
-    tmp2 = _mm_aeskeygenassist_si128(kt, rcon);                               \
-    res = _mm_xor_si128(tmp1, _mm_shuffle_epi32(tmp2, 0x55))
-
-#define EXPAND_KEY192_PART2(res, k1, k2)             \
-    tmp2 = _mm_xor_si128(k1, _mm_slli_si128(k1, 4)); \
-    res = _mm_xor_si128(tmp2, _mm_shuffle_epi32(k2, 0xFF))
-
-#define EXPAND_KEY192(k0, res1, res2, res3, carry, rcon1, rcon2)         \
-    EXPAND_KEY192_PART1(tmp3, k0, res1, rcon1);                          \
-    EXPAND_KEY192_PART2(carry, res1, tmp3);                              \
-    res1 = _mm_castpd_si128(_mm_shuffle_pd(_mm_castsi128_pd(res1),       \
-                                           _mm_castsi128_pd(tmp3), 0));  \
-    res2 = _mm_castpd_si128(_mm_shuffle_pd(_mm_castsi128_pd(tmp3),       \
-                                           _mm_castsi128_pd(carry), 1)); \
-    EXPAND_KEY192_PART1(res3, tmp3, carry, rcon2)
-
-static void
-native_key_expansion192(AESContext *cx, const unsigned char *key)
-{
-    __m128i *keySchedule = cx->keySchedule;
-    pre_align __m128i tmp1 post_align;
-    pre_align __m128i tmp2 post_align;
-    pre_align __m128i tmp3 post_align;
-    pre_align __m128i carry post_align;
-    keySchedule[0] = _mm_loadu_si128((__m128i *)key);
-    keySchedule[1] = _mm_loadu_si128((__m128i *)(key + 16));
-    EXPAND_KEY192(keySchedule[0], keySchedule[1], keySchedule[2],
-                  keySchedule[3], carry, 0x1, 0x2);
-    EXPAND_KEY192_PART2(keySchedule[4], carry, keySchedule[3]);
-    EXPAND_KEY192(keySchedule[3], keySchedule[4], keySchedule[5],
-                  keySchedule[6], carry, 0x4, 0x8);
-    EXPAND_KEY192_PART2(keySchedule[7], carry, keySchedule[6]);
-    EXPAND_KEY192(keySchedule[6], keySchedule[7], keySchedule[8],
-                  keySchedule[9], carry, 0x10, 0x20);
-    EXPAND_KEY192_PART2(keySchedule[10], carry, keySchedule[9]);
-    EXPAND_KEY192(keySchedule[9], keySchedule[10], keySchedule[11],
-                  keySchedule[12], carry, 0x40, 0x80);
-}
-
-#define EXPAND_KEY256_PART(res, rconx, k1x, k2x, X)                           \
-    tmp_key = _mm_shuffle_epi32(_mm_aeskeygenassist_si128(k2x, rconx), X);    \
-    tmp2 = _mm_slli_si128(k1x, 4);                                            \
-    tmp1 = _mm_xor_si128(k1x, tmp2);                                          \
-    tmp2 = _mm_slli_si128(tmp2, 4);                                           \
-    tmp1 = _mm_xor_si128(_mm_xor_si128(tmp1, tmp2), _mm_slli_si128(tmp2, 4)); \
-    res = _mm_xor_si128(tmp1, tmp_key);
-
-#define EXPAND_KEY256(res1, res2, k1, k2, rcon)   \
-    EXPAND_KEY256_PART(res1, rcon, k1, k2, 0xFF); \
-    EXPAND_KEY256_PART(res2, 0x00, k2, res1, 0xAA)
-
-static void
-native_key_expansion256(AESContext *cx, const unsigned char *key)
-{
-    __m128i *keySchedule = cx->keySchedule;
-    pre_align __m128i tmp_key post_align;
-    pre_align __m128i tmp1 post_align;
-    pre_align __m128i tmp2 post_align;
-    keySchedule[0] = _mm_loadu_si128((__m128i *)key);
-    keySchedule[1] = _mm_loadu_si128((__m128i *)(key + 16));
-    EXPAND_KEY256(keySchedule[2], keySchedule[3], keySchedule[0],
-                  keySchedule[1], 0x01);
-    EXPAND_KEY256(keySchedule[4], keySchedule[5], keySchedule[2],
-                  keySchedule[3], 0x02);
-    EXPAND_KEY256(keySchedule[6], keySchedule[7], keySchedule[4],
-                  keySchedule[5], 0x04);
-    EXPAND_KEY256(keySchedule[8], keySchedule[9], keySchedule[6],
-                  keySchedule[7], 0x08);
-    EXPAND_KEY256(keySchedule[10], keySchedule[11], keySchedule[8],
-                  keySchedule[9], 0x10);
-    EXPAND_KEY256(keySchedule[12], keySchedule[13], keySchedule[10],
-                  keySchedule[11], 0x20);
-    EXPAND_KEY256_PART(keySchedule[14], 0x40, keySchedule[12],
-                       keySchedule[13], 0xFF);
-}
-
-/*
- * AES key expansion using aes-ni instructions.
- */
-void
-rijndael_native_key_expansion(AESContext *cx, const unsigned char *key,
-                              unsigned int Nk)
-{
-    switch (Nk) {
-        case 4:
-            native_key_expansion128(cx, key);
-            return;
-        case 6:
-            native_key_expansion192(cx, key);
-            return;
-        case 8:
-            native_key_expansion256(cx, key);
-            return;
-        default:
-            /* This shouldn't happen (checked by the caller). */
-            return;
-    }
-}
-
-void
-rijndael_native_encryptBlock(AESContext *cx,
-                             unsigned char *output,
-                             const unsigned char *input)
-{
-    int i;
-    pre_align __m128i m post_align = _mm_loadu_si128((__m128i *)input);
-    m = _mm_xor_si128(m, cx->keySchedule[0]);
-    for (i = 1; i < cx->Nr; ++i) {
-        m = _mm_aesenc_si128(m, cx->keySchedule[i]);
-    }
-    m = _mm_aesenclast_si128(m, cx->keySchedule[cx->Nr]);
-    _mm_storeu_si128((__m128i *)output, m);
-}
diff --git a/security/nss/lib/freebl/blake2b.c b/security/nss/lib/freebl/blake2b.c
deleted file mode 100644
index 4099c67e0..000000000
--- a/security/nss/lib/freebl/blake2b.c
+++ /dev/null
@@ -1,430 +0,0 @@
-/*
- * blake2b.c - definitions for the blake2b hash function
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#ifdef FREEBL_NO_DEPEND
-#include "stubs.h"
-#endif
-
-#include "secerr.h"
-#include "blapi.h"
-#include "blake2b.h"
-#include "crypto_primitives.h"
-
-/**
- * This contains the BLAKE2b initialization vectors.
- */
-static const uint64_t iv[8] = {
-    0x6a09e667f3bcc908ULL, 0xbb67ae8584caa73bULL, 0x3c6ef372fe94f82bULL,
-    0xa54ff53a5f1d36f1ULL, 0x510e527fade682d1ULL, 0x9b05688c2b3e6c1fULL,
-    0x1f83d9abfb41bd6bULL, 0x5be0cd19137e2179ULL
-};
-
-/**
- * This contains the table of permutations for blake2b compression function.
- */
-static const uint8_t sigma[12][16] = {
-    { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 },
-    { 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 },
-    { 11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4 },
-    { 7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8 },
-    { 9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13 },
-    { 2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9 },
-    { 12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11 },
-    { 13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10 },
-    { 6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5 },
-    { 10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13, 0 },
-    { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 },
-    { 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 }
-};
-
-/**
- * This function increments the blake2b ctx counter.
- */
-void
-blake2b_IncrementCounter(BLAKE2BContext* ctx, const uint64_t inc)
-{
-    ctx->t[0] += inc;
-    ctx->t[1] += ctx->t[0] < inc;
-}
-
-/**
- * This macro implements the blake2b mixing function which mixes two 8-byte
- * words from the message into the hash.
- */
-#define G(a, b, c, d, x, y) \
-    a += b + x;             \
-    d = ROTR64(d ^ a, 32);  \
-    c += d;                 \
-    b = ROTR64(b ^ c, 24);  \
-    a += b + y;             \
-    d = ROTR64(d ^ a, 16);  \
-    c += d;                 \
-    b = ROTR64(b ^ c, 63)
-
-#define ROUND(i)                                                   \
-    G(v[0], v[4], v[8], v[12], m[sigma[i][0]], m[sigma[i][1]]);    \
-    G(v[1], v[5], v[9], v[13], m[sigma[i][2]], m[sigma[i][3]]);    \
-    G(v[2], v[6], v[10], v[14], m[sigma[i][4]], m[sigma[i][5]]);   \
-    G(v[3], v[7], v[11], v[15], m[sigma[i][6]], m[sigma[i][7]]);   \
-    G(v[0], v[5], v[10], v[15], m[sigma[i][8]], m[sigma[i][9]]);   \
-    G(v[1], v[6], v[11], v[12], m[sigma[i][10]], m[sigma[i][11]]); \
-    G(v[2], v[7], v[8], v[13], m[sigma[i][12]], m[sigma[i][13]]);  \
-    G(v[3], v[4], v[9], v[14], m[sigma[i][14]], m[sigma[i][15]])
-
-/**
- * The blake2b compression function which takes a full 128-byte chunk of the
- * input message and mixes it into the ongoing ctx array, i.e., permute the
- * ctx while xoring in the block of data.
- */
-void
-blake2b_Compress(BLAKE2BContext* ctx, const uint8_t* block)
-{
-    size_t i;
-    uint64_t v[16], m[16];
-
-    PORT_Memcpy(m, block, BLAKE2B_BLOCK_LENGTH);
-#if !defined(IS_LITTLE_ENDIAN)
-    for (i = 0; i < 16; ++i) {
-        m[i] = FREEBL_HTONLL(m[i]);
-    }
-#endif
-
-    PORT_Memcpy(v, ctx->h, 8 * 8);
-    PORT_Memcpy(v + 8, iv, 8 * 8);
-
-    v[12] ^= ctx->t[0];
-    v[13] ^= ctx->t[1];
-    v[14] ^= ctx->f;
-
-    ROUND(0);
-    ROUND(1);
-    ROUND(2);
-    ROUND(3);
-    ROUND(4);
-    ROUND(5);
-    ROUND(6);
-    ROUND(7);
-    ROUND(8);
-    ROUND(9);
-    ROUND(10);
-    ROUND(11);
-
-    for (i = 0; i < 8; i++) {
-        ctx->h[i] ^= v[i] ^ v[i + 8];
-    }
-}
-
-/**
- * This function can be used for both keyed and unkeyed version.
- */
-BLAKE2BContext*
-BLAKE2B_NewContext()
-{
-    return PORT_ZNew(BLAKE2BContext);
-}
-
-/**
- * Zero and free the context and can be used for both keyed and unkeyed version.
- */
-void
-BLAKE2B_DestroyContext(BLAKE2BContext* ctx, PRBool freeit)
-{
-    PORT_Memset(ctx, 0, sizeof(*ctx));
-    if (freeit) {
-        PORT_Free(ctx);
-    }
-}
-
-/**
- * This function initializes blake2b ctx and can be used for both keyed and
- * unkeyed version. It also checks ctx and sets error states.
- */
-static SECStatus
-blake2b_Begin(BLAKE2BContext* ctx, uint8_t outlen, const uint8_t* key,
-              size_t keylen)
-{
-    PORT_Assert(ctx != NULL);
-    if (!ctx) {
-        goto failure;
-    }
-    if (outlen == 0 || outlen > BLAKE2B512_LENGTH) {
-        goto failure;
-    }
-    if (key && keylen > BLAKE2B_KEY_SIZE) {
-        goto failure;
-    }
-    /* Note: key can be null if it's unkeyed. */
-    if ((key == NULL && keylen > 0) || keylen > BLAKE2B_KEY_SIZE ||
-        (key != NULL && keylen == 0)) {
-        goto failure;
-    }
-
-    /* Mix key size(keylen) and desired hash length(outlen) into h0 */
-    uint64_t param = outlen ^ (keylen << 8) ^ (1 << 16) ^ (1 << 24);
-    PORT_Memcpy(ctx->h, iv, 8 * 8);
-    ctx->h[0] ^= param;
-    ctx->outlen = outlen;
-
-    /* This updates the context for only the keyed version */
-    if (keylen > 0 && keylen <= BLAKE2B_KEY_SIZE && key) {
-        uint8_t block[BLAKE2B_BLOCK_LENGTH] = { 0 };
-        PORT_Memcpy(block, key, keylen);
-        BLAKE2B_Update(ctx, block, BLAKE2B_BLOCK_LENGTH);
-        PORT_Memset(block, 0, BLAKE2B_BLOCK_LENGTH);
-    }
-
-    return SECSuccess;
-
-failure:
-    PORT_Memset(&ctx, 0, sizeof(ctx));
-    PORT_SetError(SEC_ERROR_INVALID_ARGS);
-    return SECFailure;
-}
-
-SECStatus
-BLAKE2B_Begin(BLAKE2BContext* ctx)
-{
-    return blake2b_Begin(ctx, BLAKE2B512_LENGTH, NULL, 0);
-}
-
-SECStatus
-BLAKE2B_MAC_Begin(BLAKE2BContext* ctx, const PRUint8* key, const size_t keylen)
-{
-    PORT_Assert(key != NULL);
-    if (!key) {
-        PORT_SetError(SEC_ERROR_INVALID_ARGS);
-        return SECFailure;
-    }
-    return blake2b_Begin(ctx, BLAKE2B512_LENGTH, (const uint8_t*)key, keylen);
-}
-
-static void
-blake2b_IncrementCompress(BLAKE2BContext* ctx, size_t blockLength,
-                          const unsigned char* input)
-{
-    blake2b_IncrementCounter(ctx, blockLength);
-    blake2b_Compress(ctx, input);
-}
-
-/**
- * This function updates blake2b ctx and can be used for both keyed and unkeyed
- * version.
- */
-SECStatus
-BLAKE2B_Update(BLAKE2BContext* ctx, const unsigned char* in,
-               unsigned int inlen)
-{
-    size_t left = ctx->buflen;
-    size_t fill = BLAKE2B_BLOCK_LENGTH - left;
-
-    /* Nothing to do if there's nothing. */
-    if (inlen == 0) {
-        return SECSuccess;
-    }
-
-    PORT_Assert(ctx != NULL);
-    PORT_Assert(in != NULL);
-    PORT_Assert(left <= BLAKE2B_BLOCK_LENGTH);
-    if (!ctx || !in) {
-        PORT_SetError(SEC_ERROR_INVALID_ARGS);
-        return SECFailure;
-    }
-
-    /* Is this a reused context? */
-    if (ctx->f) {
-        PORT_SetError(SEC_ERROR_INVALID_ARGS);
-        return SECFailure;
-    }
-
-    if (inlen > fill) {
-        if (ctx->buflen) {
-            /* There's some remaining data in ctx->buf that we have to prepend
-             * to in. */
-            PORT_Memcpy(ctx->buf + left, in, fill);
-            ctx->buflen = 0;
-            blake2b_IncrementCompress(ctx, BLAKE2B_BLOCK_LENGTH, ctx->buf);
-            in += fill;
-            inlen -= fill;
-        }
-        while (inlen > BLAKE2B_BLOCK_LENGTH) {
-            blake2b_IncrementCompress(ctx, BLAKE2B_BLOCK_LENGTH, in);
-            in += BLAKE2B_BLOCK_LENGTH;
-            inlen -= BLAKE2B_BLOCK_LENGTH;
-        }
-    }
-
-    /* Store the remaining data from in in ctx->buf to process later.
-     * Note that ctx->buflen can be BLAKE2B_BLOCK_LENGTH. We can't process that
-     * here because we have to update ctx->f before compressing the last block.
-     */
-    PORT_Assert(inlen <= BLAKE2B_BLOCK_LENGTH);
-    PORT_Memcpy(ctx->buf + ctx->buflen, in, inlen);
-    ctx->buflen += inlen;
-
-    return SECSuccess;
-}
-
-/**
- * This function finalizes ctx, pads final block and stores hash.
- * It can be used for both keyed and unkeyed version.
- */
-SECStatus
-BLAKE2B_End(BLAKE2BContext* ctx, unsigned char* out,
-            unsigned int* digestLen, size_t maxDigestLen)
-{
-    size_t i;
-    unsigned int outlen = PR_MIN(BLAKE2B512_LENGTH, maxDigestLen);
-
-    /* Argument checks */
-    if (!ctx || !out) {
-        PORT_SetError(SEC_ERROR_INVALID_ARGS);
-        return SECFailure;
-    }
-
-    /* Sanity check against outlen in context. */
-    if (ctx->outlen < outlen) {
-        PORT_SetError(SEC_ERROR_INVALID_ARGS);
-        return SECFailure;
-    }
-
-    /* Is this a reused context? */
-    if (ctx->f != 0) {
-        PORT_SetError(SEC_ERROR_INVALID_ARGS);
-        return SECFailure;
-    }
-
-    /* Process the remaining data from ctx->buf (padded with 0). */
-    blake2b_IncrementCounter(ctx, ctx->buflen);
-    /* BLAKE2B_BLOCK_LENGTH - ctx->buflen can be 0. */
-    PORT_Memset(ctx->buf + ctx->buflen, 0, BLAKE2B_BLOCK_LENGTH - ctx->buflen);
-    ctx->f = UINT64_MAX;
-    blake2b_Compress(ctx, ctx->buf);
-
-    /* Write out the blake2b context(ctx). */
-    for (i = 0; i < outlen; ++i) {
-        out[i] = ctx->h[i / 8] >> ((i % 8) * 8);
-    }
-
-    if (digestLen) {
-        *digestLen = outlen;
-    }
-
-    return SECSuccess;
-}
-
-SECStatus
-blake2b_HashBuf(uint8_t* output, const uint8_t* input, uint8_t outlen,
-                size_t inlen, const uint8_t* key, size_t keylen)
-{
-    SECStatus rv = SECFailure;
-    BLAKE2BContext ctx = { { 0 } };
-
-    if (inlen != 0) {
-        PORT_Assert(input != NULL);
-        if (input == NULL) {
-            PORT_SetError(SEC_ERROR_INVALID_ARGS);
-            goto done;
-        }
-    }
-
-    PORT_Assert(output != NULL);
-    if (output == NULL) {
-        PORT_SetError(SEC_ERROR_INVALID_ARGS);
-        goto done;
-    }
-
-    if (blake2b_Begin(&ctx, outlen, key, keylen) != SECSuccess) {
-        goto done;
-    }
-
-    if (BLAKE2B_Update(&ctx, input, inlen) != SECSuccess) {
-        goto done;
-    }
-
-    if (BLAKE2B_End(&ctx, output, NULL, outlen) != SECSuccess) {
-        goto done;
-    }
-    rv = SECSuccess;
-
-done:
-    PORT_Memset(&ctx, 0, sizeof ctx);
-    return rv;
-}
-
-SECStatus
-BLAKE2B_Hash(unsigned char* dest, const char* src)
-{
-    return blake2b_HashBuf(dest, (const unsigned char*)src, BLAKE2B512_LENGTH,
-                           PORT_Strlen(src), NULL, 0);
-}
-
-SECStatus
-BLAKE2B_HashBuf(unsigned char* output, const unsigned char* input, PRUint32 inlen)
-{
-    return blake2b_HashBuf(output, input, BLAKE2B512_LENGTH, inlen, NULL, 0);
-}
-
-SECStatus
-BLAKE2B_MAC_HashBuf(unsigned char* output, const unsigned char* input,
-                    unsigned int inlen, const unsigned char* key,
-                    unsigned int keylen)
-{
-    PORT_Assert(key != NULL);
-    if (!key && keylen <= BLAKE2B_KEY_SIZE) {
-        PORT_SetError(SEC_ERROR_INVALID_ARGS);
-        return SECFailure;
-    }
-    return blake2b_HashBuf(output, input, BLAKE2B512_LENGTH, inlen, key, keylen);
-}
-
-unsigned int
-BLAKE2B_FlattenSize(BLAKE2BContext* ctx)
-{
-    return sizeof(BLAKE2BContext);
-}
-
-SECStatus
-BLAKE2B_Flatten(BLAKE2BContext* ctx, unsigned char* space)
-{
-    PORT_Assert(space != NULL);
-    if (!space) {
-        PORT_SetError(SEC_ERROR_INVALID_ARGS);
-        return SECFailure;
-    }
-    PORT_Memcpy(space, ctx, sizeof(BLAKE2BContext));
-    return SECSuccess;
-}
-
-BLAKE2BContext*
-BLAKE2B_Resurrect(unsigned char* space, void* arg)
-{
-    PORT_Assert(space != NULL);
-    if (!space) {
-        PORT_SetError(SEC_ERROR_INVALID_ARGS);
-        return NULL;
-    }
-    BLAKE2BContext* ctx = BLAKE2B_NewContext();
-    if (ctx == NULL) {
-        PORT_SetError(SEC_ERROR_INVALID_ARGS);
-        return NULL;
-    }
-
-    PORT_Memcpy(ctx, space, sizeof(BLAKE2BContext));
-    return ctx;
-}
-
-void
-BLAKE2B_Clone(BLAKE2BContext* dest, BLAKE2BContext* src)
-{
-    PORT_Assert(dest != NULL);
-    PORT_Assert(src != NULL);
-    if (!dest || !src) {
-        PORT_SetError(SEC_ERROR_INVALID_ARGS);
-        return;
-    }
-    PORT_Memcpy(dest, src, sizeof(BLAKE2BContext));
-}
diff --git a/security/nss/lib/freebl/blake2b.h b/security/nss/lib/freebl/blake2b.h
deleted file mode 100644
index d19a49f0e..000000000
--- a/security/nss/lib/freebl/blake2b.h
+++ /dev/null
@@ -1,23 +0,0 @@
-/*
- * blake2b.h - header file for blake2b hash function
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#ifndef BLAKE_H
-#define BLAKE_H
-
-#include <stddef.h>
-#include <stdint.h>
-
-struct Blake2bContextStr {
-    uint64_t h[8];                     /* chained state */
-    uint64_t t[2];                     /* total number of bytes */
-    uint64_t f;                        /* last block flag */
-    uint8_t buf[BLAKE2B_BLOCK_LENGTH]; /* input buffer */
-    size_t buflen;                     /* size of remaining bytes in buf */
-    size_t outlen;                     /* digest size */
-};
-
-#endif /* BLAKE_H */
diff --git a/security/nss/lib/freebl/blapi.h b/security/nss/lib/freebl/blapi.h
index ca2149972..31e471ac4 100644
--- a/security/nss/lib/freebl/blapi.h
+++ b/security/nss/lib/freebl/blapi.h
@@ -1402,84 +1402,6 @@ TLS_P_hash(HASH_HashType hashAlg, const SECItem *secret, const char *label,
 
 /******************************************/
 /*
-** Implements the Blake2b hash function.
-*/
-
-/*
-** Hash a null terminated string "src" into "dest" using Blake2b
-*/
-extern SECStatus BLAKE2B_Hash(unsigned char *dest, const char *src);
-
-/*
-** Hash a non-null terminated string "src" into "dest" using Blake2b
-*/
-extern SECStatus BLAKE2B_HashBuf(unsigned char *output,
-                                 const unsigned char *input, PRUint32 inlen);
-
-extern SECStatus BLAKE2B_MAC_HashBuf(unsigned char *output,
-                                     const unsigned char *input,
-                                     unsigned int inlen,
-                                     const unsigned char *key,
-                                     unsigned int keylen);
-
-/*
-** Create a new Blake2b context
-*/
-extern BLAKE2BContext *BLAKE2B_NewContext();
-
-/*
-** Destroy a Blake2b secure hash context.
-**  "ctx" the context
-**  "freeit" if PR_TRUE then free the object as well as its sub-objects
-*/
-extern void BLAKE2B_DestroyContext(BLAKE2BContext *ctx, PRBool freeit);
-
-/*
-** Reset a Blake2b context, preparing it for a fresh round of hashing
-*/
-extern SECStatus BLAKE2B_Begin(BLAKE2BContext *ctx);
-
-extern SECStatus BLAKE2B_MAC_Begin(BLAKE2BContext *ctx, const PRUint8 *key,
-                                   const size_t keylen);
-
-/*
-** Update the Blake hash function with more data.
-*/
-extern SECStatus BLAKE2B_Update(BLAKE2BContext *ctx, const unsigned char *in,
-                                unsigned int inlen);
-
-/*
-** Finish the Blake hash function. Produce the digested results in "digest"
-*/
-extern SECStatus BLAKE2B_End(BLAKE2BContext *ctx, unsigned char *out,
-                             unsigned int *digestLen, size_t maxDigestLen);
-
-/*
- * Return the size of a buffer needed to flatten the Blake2b Context into
- *    "ctx" the context
- *  returns size;
- */
-extern unsigned int BLAKE2B_FlattenSize(BLAKE2BContext *ctx);
-
-/*
- * Flatten the Blake2b Context into a buffer:
- *    "ctx" the context
- *    "space" the buffer to flatten to
- *  returns status;
- */
-extern SECStatus BLAKE2B_Flatten(BLAKE2BContext *ctx, unsigned char *space);
-
-/*
- * Resurrect a flattened context into a Blake2b Context
- *    "space" the buffer of the flattend buffer
- *    "arg" ptr to void used by cryptographic resurrect
- *  returns resurected context
- */
-extern BLAKE2BContext *BLAKE2B_Resurrect(unsigned char *space, void *arg);
-extern void BLAKE2B_Clone(BLAKE2BContext *dest, BLAKE2BContext *src);
-
-/******************************************/
-/*
 ** Pseudo Random Number Generation.  FIPS compliance desirable.
 */
 
diff --git a/security/nss/lib/freebl/blapii.h b/security/nss/lib/freebl/blapii.h
index bcf62e9f3..b1be7bedf 100644
--- a/security/nss/lib/freebl/blapii.h
+++ b/security/nss/lib/freebl/blapii.h
@@ -22,10 +22,8 @@ typedef void (*freeblDestroyFunc)(void *cx, PRBool freeit);
 
 SEC_BEGIN_PROTOS
 
-#ifndef NSS_FIPS_DISABLED
 SECStatus BL_FIPSEntryOK(PRBool freeblOnly);
 PRBool BL_POSTRan(PRBool freeblOnly);
-#endif
 
 #if defined(XP_UNIX) && !defined(NO_FORK_CHECK)
 
diff --git a/security/nss/lib/freebl/blapit.h b/security/nss/lib/freebl/blapit.h
index c718c6f27..2a17b5f46 100644
--- a/security/nss/lib/freebl/blapit.h
+++ b/security/nss/lib/freebl/blapit.h
@@ -91,27 +91,25 @@ typedef int __BLAPI_DEPRECATED __attribute__((deprecated));
 /*
  * Number of bytes each hash algorithm produces
  */
-#define MD2_LENGTH 16        /* Bytes */
-#define MD5_LENGTH 16        /* Bytes */
-#define SHA1_LENGTH 20       /* Bytes */
-#define SHA256_LENGTH 32     /* bytes */
-#define SHA384_LENGTH 48     /* bytes */
-#define SHA512_LENGTH 64     /* bytes */
-#define BLAKE2B512_LENGTH 64 /* Bytes */
+#define MD2_LENGTH 16    /* Bytes */
+#define MD5_LENGTH 16    /* Bytes */
+#define SHA1_LENGTH 20   /* Bytes */
+#define SHA256_LENGTH 32 /* bytes */
+#define SHA384_LENGTH 48 /* bytes */
+#define SHA512_LENGTH 64 /* bytes */
 #define HASH_LENGTH_MAX SHA512_LENGTH
 
 /*
  * Input block size for each hash algorithm.
  */
 
-#define MD2_BLOCK_LENGTH 64      /* bytes */
-#define MD5_BLOCK_LENGTH 64      /* bytes */
-#define SHA1_BLOCK_LENGTH 64     /* bytes */
-#define SHA224_BLOCK_LENGTH 64   /* bytes */
-#define SHA256_BLOCK_LENGTH 64   /* bytes */
-#define SHA384_BLOCK_LENGTH 128  /* bytes */
-#define SHA512_BLOCK_LENGTH 128  /* bytes */
-#define BLAKE2B_BLOCK_LENGTH 128 /* Bytes */
+#define MD2_BLOCK_LENGTH 64     /* bytes */
+#define MD5_BLOCK_LENGTH 64     /* bytes */
+#define SHA1_BLOCK_LENGTH 64    /* bytes */
+#define SHA224_BLOCK_LENGTH 64  /* bytes */
+#define SHA256_BLOCK_LENGTH 64  /* bytes */
+#define SHA384_BLOCK_LENGTH 128 /* bytes */
+#define SHA512_BLOCK_LENGTH 128 /* bytes */
 #define HASH_BLOCK_LENGTH_MAX SHA512_BLOCK_LENGTH
 
 #define AES_KEY_WRAP_IV_BYTES 8
@@ -129,8 +127,6 @@ typedef int __BLAPI_DEPRECATED __attribute__((deprecated));
 
 #define NSS_FREEBL_DEFAULT_CHUNKSIZE 2048
 
-#define BLAKE2B_KEY_SIZE 64
-
 /*
  * These values come from the initial key size limits from the PKCS #11
  * module. They may be arbitrarily adjusted to any value freebl supports.
@@ -217,7 +213,6 @@ struct SHA512ContextStr;
 struct AESKeyWrapContextStr;
 struct SEEDContextStr;
 struct ChaCha20Poly1305ContextStr;
-struct Blake2bContextStr;
 
 typedef struct DESContextStr DESContext;
 typedef struct RC2ContextStr RC2Context;
@@ -237,7 +232,6 @@ typedef struct SHA512ContextStr SHA384Context;
 typedef struct AESKeyWrapContextStr AESKeyWrapContext;
 typedef struct SEEDContextStr SEEDContext;
 typedef struct ChaCha20Poly1305ContextStr ChaCha20Poly1305Context;
-typedef struct Blake2bContextStr BLAKE2BContext;
 
 /***************************************************************************
 ** RSA Public and Private Key structures
diff --git a/security/nss/lib/freebl/chacha20.c b/security/nss/lib/freebl/chacha20.c
index 15ed67b5b..f55d1e670 100644
--- a/security/nss/lib/freebl/chacha20.c
+++ b/security/nss/lib/freebl/chacha20.c
@@ -7,13 +7,113 @@
 #include <string.h>
 #include <stdio.h>
 
+#include "prtypes.h"
+#include "secport.h"
 #include "chacha20.h"
-#include "verified/Hacl_Chacha20.h"
+
+#if defined(_MSC_VER)
+#pragma intrinsic(_lrotl)
+#define ROTL32(x, n) _lrotl(x, n)
+#else
+#define ROTL32(x, n) ((x << n) | (x >> ((8 * sizeof x) - n)))
+#endif
+
+#define ROTATE(v, c) ROTL32((v), (c))
+
+#define U32TO8_LITTLE(p, v)          \
+    {                                \
+        (p)[0] = ((v)) & 0xff;       \
+        (p)[1] = ((v) >> 8) & 0xff;  \
+        (p)[2] = ((v) >> 16) & 0xff; \
+        (p)[3] = ((v) >> 24) & 0xff; \
+    }
+#define U8TO32_LITTLE(p)                                \
+    (((PRUint32)((p)[0])) | ((PRUint32)((p)[1]) << 8) | \
+     ((PRUint32)((p)[2]) << 16) | ((PRUint32)((p)[3]) << 24))
+
+#define QUARTERROUND(x, a, b, c, d) \
+    x[a] = x[a] + x[b];             \
+    x[d] = ROTATE(x[d] ^ x[a], 16); \
+    x[c] = x[c] + x[d];             \
+    x[b] = ROTATE(x[b] ^ x[c], 12); \
+    x[a] = x[a] + x[b];             \
+    x[d] = ROTATE(x[d] ^ x[a], 8);  \
+    x[c] = x[c] + x[d];             \
+    x[b] = ROTATE(x[b] ^ x[c], 7);
+
+static void
+ChaChaCore(unsigned char output[64], const PRUint32 input[16], int num_rounds)
+{
+    PRUint32 x[16];
+    int i;
+
+    PORT_Memcpy(x, input, sizeof(PRUint32) * 16);
+    for (i = num_rounds; i > 0; i -= 2) {
+        QUARTERROUND(x, 0, 4, 8, 12)
+        QUARTERROUND(x, 1, 5, 9, 13)
+        QUARTERROUND(x, 2, 6, 10, 14)
+        QUARTERROUND(x, 3, 7, 11, 15)
+        QUARTERROUND(x, 0, 5, 10, 15)
+        QUARTERROUND(x, 1, 6, 11, 12)
+        QUARTERROUND(x, 2, 7, 8, 13)
+        QUARTERROUND(x, 3, 4, 9, 14)
+    }
+
+    for (i = 0; i < 16; ++i) {
+        x[i] = x[i] + input[i];
+    }
+    for (i = 0; i < 16; ++i) {
+        U32TO8_LITTLE(output + 4 * i, x[i]);
+    }
+}
+
+static const unsigned char sigma[16] = "expand 32-byte k";
 
 void
 ChaCha20XOR(unsigned char *out, const unsigned char *in, unsigned int inLen,
             const unsigned char key[32], const unsigned char nonce[12],
             uint32_t counter)
 {
-    Hacl_Chacha20_chacha20(out, (uint8_t *)in, inLen, (uint8_t *)key, (uint8_t *)nonce, counter);
+    unsigned char block[64];
+    PRUint32 input[16];
+    unsigned int i;
+
+    input[4] = U8TO32_LITTLE(key + 0);
+    input[5] = U8TO32_LITTLE(key + 4);
+    input[6] = U8TO32_LITTLE(key + 8);
+    input[7] = U8TO32_LITTLE(key + 12);
+
+    input[8] = U8TO32_LITTLE(key + 16);
+    input[9] = U8TO32_LITTLE(key + 20);
+    input[10] = U8TO32_LITTLE(key + 24);
+    input[11] = U8TO32_LITTLE(key + 28);
+
+    input[0] = U8TO32_LITTLE(sigma + 0);
+    input[1] = U8TO32_LITTLE(sigma + 4);
+    input[2] = U8TO32_LITTLE(sigma + 8);
+    input[3] = U8TO32_LITTLE(sigma + 12);
+
+    input[12] = counter;
+    input[13] = U8TO32_LITTLE(nonce + 0);
+    input[14] = U8TO32_LITTLE(nonce + 4);
+    input[15] = U8TO32_LITTLE(nonce + 8);
+
+    while (inLen >= 64) {
+        ChaChaCore(block, input, 20);
+        for (i = 0; i < 64; i++) {
+            out[i] = in[i] ^ block[i];
+        }
+
+        input[12]++;
+        inLen -= 64;
+        in += 64;
+        out += 64;
+    }
+
+    if (inLen > 0) {
+        ChaChaCore(block, input, 20);
+        for (i = 0; i < inLen; i++) {
+            out[i] = in[i] ^ block[i];
+        }
+    }
 }
diff --git a/security/nss/lib/freebl/chacha20poly1305.c b/security/nss/lib/freebl/chacha20poly1305.c
index 991fa0ca3..cd265e1ff 100644
--- a/security/nss/lib/freebl/chacha20poly1305.c
+++ b/security/nss/lib/freebl/chacha20poly1305.c
@@ -14,11 +14,7 @@
 #include "blapit.h"
 
 #ifndef NSS_DISABLE_CHACHAPOLY
-#if defined(HAVE_INT128_SUPPORT) && (defined(NSS_X86_OR_X64) || defined(__aarch64__))
-#include "verified/Hacl_Poly1305_64.h"
-#else
 #include "poly1305.h"
-#endif
 #include "chacha20.h"
 #include "chacha20poly1305.h"
 #endif
@@ -26,49 +22,6 @@
 /* Poly1305Do writes the Poly1305 authenticator of the given additional data
  * and ciphertext to |out|. */
 #ifndef NSS_DISABLE_CHACHAPOLY
-
-#if defined(HAVE_INT128_SUPPORT) && (defined(NSS_X86_OR_X64) || defined(__aarch64__))
-
-static void
-Poly1305PadUpdate(Hacl_Impl_Poly1305_64_State_poly1305_state state, unsigned char *block, const unsigned char *p, const unsigned int pLen)
-{
-    unsigned int pRemLen = pLen % 16;
-    Hacl_Poly1305_64_update(state, (uint8_t *)p, (pLen / 16));
-    if (pRemLen > 0) {
-        memcpy(block, p + (pLen - pRemLen), pRemLen);
-        Hacl_Poly1305_64_update(state, block, 1);
-    }
-}
-
-static void
-Poly1305Do(unsigned char *out, const unsigned char *ad, unsigned int adLen,
-           const unsigned char *ciphertext, unsigned int ciphertextLen,
-           const unsigned char key[32])
-{
-    uint64_t tmp1[6U] = { 0U };
-    Hacl_Impl_Poly1305_64_State_poly1305_state state = Hacl_Poly1305_64_mk_state(tmp1, tmp1 + 3);
-
-    unsigned char block[16] = { 0 };
-    Hacl_Poly1305_64_init(state, (uint8_t *)key);
-
-    Poly1305PadUpdate(state, block, ad, adLen);
-    memset(block, 0, 16);
-    Poly1305PadUpdate(state, block, ciphertext, ciphertextLen);
-
-    unsigned int i;
-    unsigned int j;
-    for (i = 0, j = adLen; i < 8; i++, j >>= 8) {
-        block[i] = j;
-    }
-    for (i = 8, j = ciphertextLen; i < 16; i++, j >>= 8) {
-        block[i] = j;
-    }
-
-    Hacl_Poly1305_64_update(state, block, 1);
-    Hacl_Poly1305_64_finish(state, out, (uint8_t *)(key + 16));
-}
-#else
-
 static void
 Poly1305Do(unsigned char *out, const unsigned char *ad, unsigned int adLen,
            const unsigned char *ciphertext, unsigned int ciphertextLen,
@@ -103,9 +56,7 @@ Poly1305Do(unsigned char *out, const unsigned char *ad, unsigned int adLen,
     Poly1305Update(&state, lengthBytes, sizeof(lengthBytes));
     Poly1305Finish(&state, out);
 }
-
-#endif /* HAVE_INT128_SUPPORT */
-#endif /* NSS_DISABLE_CHACHAPOLY */
+#endif
 
 SECStatus
 ChaCha20Poly1305_InitContext(ChaCha20Poly1305Context *ctx,
diff --git a/security/nss/lib/freebl/config.mk b/security/nss/lib/freebl/config.mk
index f15077096..918a66363 100644
--- a/security/nss/lib/freebl/config.mk
+++ b/security/nss/lib/freebl/config.mk
@@ -90,12 +90,7 @@ EXTRA_SHARED_LIBS += \
 endif
 endif
 
-ifeq ($(OS_ARCH), Linux)
-CFLAGS += -std=gnu99
-endif
-
 ifeq ($(OS_ARCH), Darwin)
-CFLAGS += -std=gnu99
 EXTRA_SHARED_LIBS += -dylib_file @executable_path/libplc4.dylib:$(DIST)/lib/libplc4.dylib -dylib_file @executable_path/libplds4.dylib:$(DIST)/lib/libplds4.dylib
 endif
 
diff --git a/security/nss/lib/freebl/crypto_primitives.c b/security/nss/lib/freebl/crypto_primitives.c
deleted file mode 100644
index 49c8ca5ca..000000000
--- a/security/nss/lib/freebl/crypto_primitives.c
+++ /dev/null
@@ -1,36 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#ifdef FREEBL_NO_DEPEND
-#include "stubs.h"
-#endif
-
-/* This file holds useful functions and macros for crypto code. */
-#include "crypto_primitives.h"
-
-/*
- * FREEBL_HTONLL(x): swap bytes in a 64-bit integer.
- */
-#if defined(__GNUC__) && (defined(__x86_64__) || defined(__x86_64))
-
-__inline__ PRUint64
-swap8b(PRUint64 value)
-{
-    __asm__("bswapq %0"
-            : "+r"(value));
-    return (value);
-}
-
-#elif !defined(_MSC_VER)
-
-PRUint64
-swap8b(PRUint64 x)
-{
-    PRUint64 t1 = x;
-    t1 = ((t1 & SHA_MASK8) << 8) | ((t1 >> 8) & SHA_MASK8);
-    t1 = ((t1 & SHA_MASK16) << 16) | ((t1 >> 16) & SHA_MASK16);
-    return (t1 >> 32) | (t1 << 32);
-}
-
-#endif
diff --git a/security/nss/lib/freebl/crypto_primitives.h b/security/nss/lib/freebl/crypto_primitives.h
deleted file mode 100644
index f19601f4b..000000000
--- a/security/nss/lib/freebl/crypto_primitives.h
+++ /dev/null
@@ -1,51 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-/* This file holds useful functions and macros for crypto code. */
-
-#ifdef FREEBL_NO_DEPEND
-#include "stubs.h"
-#endif
-
-#include <stdlib.h>
-#include "prtypes.h"
-
-/* Unfortunately this isn't always set when it should be. */
-#if defined(HAVE_LONG_LONG)
-
-/*
- * ROTR64/ROTL64(x, n): rotate a 64-bit integer x by n bites to the right/left.
- */
-#if defined(_MSC_VER)
-#pragma intrinsic(_rotr64, _rotl64)
-#define ROTR64(x, n) _rotr64((x), (n))
-#define ROTL64(x, n) _rotl64((x), (n))
-#else
-#define ROTR64(x, n) (((x) >> (n)) | ((x) << (64 - (n))))
-#define ROTL64(x, n) (((x) << (n)) | ((x) >> (64 - (n))))
-#endif
-
-/*
- * FREEBL_HTONLL(x): swap bytes in a 64-bit integer.
- */
-#if defined(_MSC_VER)
-
-#pragma intrinsic(_byteswap_uint64)
-#define FREEBL_HTONLL(x) _byteswap_uint64(x)
-
-#elif defined(__GNUC__) && (defined(__x86_64__) || defined(__x86_64))
-
-PRUint64 swap8b(PRUint64 value);
-#define FREEBL_HTONLL(x) swap8b(x)
-
-#else
-
-#define SHA_MASK16 0x0000FFFF0000FFFFULL
-#define SHA_MASK8 0x00FF00FF00FF00FFULL
-PRUint64 swap8b(PRUint64 x);
-#define FREEBL_HTONLL(x) swap8b(x)
-
-#endif /* _MSC_VER */
-
-#endif /* HAVE_LONG_LONG */
\ No newline at end of file
diff --git a/security/nss/lib/freebl/det_rng.c b/security/nss/lib/freebl/det_rng.c
index 53d48bc7c..04fce30e8 100644
--- a/security/nss/lib/freebl/det_rng.c
+++ b/security/nss/lib/freebl/det_rng.c
@@ -8,22 +8,19 @@
 #include "nssilock.h"
 #include "seccomon.h"
 #include "secerr.h"
-#include "prinit.h"
 
 #define GLOBAL_BYTES_SIZE 100
 static PRUint8 globalBytes[GLOBAL_BYTES_SIZE];
 static unsigned long globalNumCalls = 0;
 static PZLock *rng_lock = NULL;
-static PRCallOnceType coRNGInit;
-static const PRCallOnceType pristineCallOnce;
 
-static PRStatus
-rng_init(void)
+SECStatus
+RNG_RNGInit(void)
 {
     rng_lock = PZ_NewLock(nssILockOther);
     if (!rng_lock) {
         PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-        return PR_FAILURE;
+        return SECFailure;
     }
     /* --- LOCKED --- */
     PZ_Lock(rng_lock);
@@ -31,17 +28,6 @@ rng_init(void)
     PZ_Unlock(rng_lock);
     /* --- UNLOCKED --- */
 
-    return PR_SUCCESS;
-}
-
-SECStatus
-RNG_RNGInit(void)
-{
-    /* Allow only one call to initialize the context */
-    if (PR_CallOnce(&coRNGInit, rng_init) != PR_SUCCESS) {
-        return SECFailure;
-    }
-
     return SECSuccess;
 }
 
@@ -111,11 +97,8 @@ RNG_GenerateGlobalRandomBytes(void *dest, size_t len)
 void
 RNG_RNGShutdown(void)
 {
-    if (rng_lock) {
-        PZ_DestroyLock(rng_lock);
-        rng_lock = NULL;
-    }
-    coRNGInit = pristineCallOnce;
+    PZ_DestroyLock(rng_lock);
+    rng_lock = NULL;
 }
 
 /* Test functions are not implemented! */
diff --git a/security/nss/lib/freebl/ec.c b/security/nss/lib/freebl/ec.c
index b28815ade..669c9b147 100644
--- a/security/nss/lib/freebl/ec.c
+++ b/security/nss/lib/freebl/ec.c
@@ -15,6 +15,8 @@
 #include "ec.h"
 #include "ecl.h"
 
+#ifndef NSS_DISABLE_ECC
+
 static const ECMethod kMethods[] = {
     { ECCurve25519,
       ec_Curve25519_pt_mul,
@@ -181,6 +183,7 @@ cleanup:
 
     return rv;
 }
+#endif /* NSS_DISABLE_ECC */
 
 /* Generates a new EC key pair. The private key is a supplied
  * value and the public key is the result of performing a scalar
@@ -191,6 +194,7 @@ ec_NewKey(ECParams *ecParams, ECPrivateKey **privKey,
           const unsigned char *privKeyBytes, int privKeyLen)
 {
     SECStatus rv = SECFailure;
+#ifndef NSS_DISABLE_ECC
     PLArenaPool *arena;
     ECPrivateKey *key;
     mp_int k;
@@ -305,6 +309,9 @@ cleanup:
     printf("ec_NewKey returning %s\n",
            (rv == SECSuccess) ? "success" : "failure");
 #endif
+#else
+    PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
+#endif /* NSS_DISABLE_ECC */
 
     return rv;
 }
@@ -319,10 +326,15 @@ EC_NewKeyFromSeed(ECParams *ecParams, ECPrivateKey **privKey,
                   const unsigned char *seed, int seedlen)
 {
     SECStatus rv = SECFailure;
+#ifndef NSS_DISABLE_ECC
     rv = ec_NewKey(ecParams, privKey, seed, seedlen);
+#else
+    PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
+#endif /* NSS_DISABLE_ECC */
     return rv;
 }
 
+#ifndef NSS_DISABLE_ECC
 /* Generate a random private key using the algorithm A.4.1 of ANSI X9.62,
  * modified a la FIPS 186-2 Change Notice 1 to eliminate the bias in the
  * random number generator.
@@ -379,6 +391,7 @@ cleanup:
     }
     return privKeyBytes;
 }
+#endif /* NSS_DISABLE_ECC */
 
 /* Generates a new EC key pair. The private key is a random value and
  * the public key is the result of performing a scalar point multiplication
@@ -388,6 +401,7 @@ SECStatus
 EC_NewKey(ECParams *ecParams, ECPrivateKey **privKey)
 {
     SECStatus rv = SECFailure;
+#ifndef NSS_DISABLE_ECC
     int len;
     unsigned char *privKeyBytes = NULL;
 
@@ -411,6 +425,9 @@ cleanup:
     printf("EC_NewKey returning %s\n",
            (rv == SECSuccess) ? "success" : "failure");
 #endif
+#else
+    PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
+#endif /* NSS_DISABLE_ECC */
 
     return rv;
 }
@@ -424,6 +441,7 @@ cleanup:
 SECStatus
 EC_ValidatePublicKey(ECParams *ecParams, SECItem *publicValue)
 {
+#ifndef NSS_DISABLE_ECC
     mp_int Px, Py;
     ECGroup *group = NULL;
     SECStatus rv = SECFailure;
@@ -507,6 +525,10 @@ cleanup:
         rv = SECFailure;
     }
     return rv;
+#else
+    PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
+    return SECFailure;
+#endif /* NSS_DISABLE_ECC */
 }
 
 /*
@@ -527,6 +549,7 @@ ECDH_Derive(SECItem *publicValue,
             SECItem *derivedSecret)
 {
     SECStatus rv = SECFailure;
+#ifndef NSS_DISABLE_ECC
     unsigned int len = 0;
     SECItem pointQ = { siBuffer, NULL, 0 };
     mp_int k; /* to hold the private value */
@@ -566,11 +589,7 @@ ECDH_Derive(SECItem *publicValue,
             PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
             return SECFailure;
         }
-        rv = method->mul(derivedSecret, privateValue, publicValue);
-        if (rv != SECSuccess) {
-            SECITEM_ZfreeItem(derivedSecret, PR_FALSE);
-        }
-        return rv;
+        return method->mul(derivedSecret, privateValue, publicValue);
     }
 
     /*
@@ -635,6 +654,9 @@ cleanup:
     if (pointQ.data) {
         PORT_ZFree(pointQ.data, pointQ.len);
     }
+#else
+    PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
+#endif /* NSS_DISABLE_ECC */
 
     return rv;
 }
@@ -648,6 +670,7 @@ ECDSA_SignDigestWithSeed(ECPrivateKey *key, SECItem *signature,
                          const SECItem *digest, const unsigned char *kb, const int kblen)
 {
     SECStatus rv = SECFailure;
+#ifndef NSS_DISABLE_ECC
     mp_int x1;
     mp_int d, k; /* private key, random integer */
     mp_int r, s; /* tuple (r, s) is the signature */
@@ -876,6 +899,9 @@ cleanup:
     printf("ECDSA signing with seed %s\n",
            (rv == SECSuccess) ? "succeeded" : "failed");
 #endif
+#else
+    PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
+#endif /* NSS_DISABLE_ECC */
 
     return rv;
 }
@@ -888,6 +914,7 @@ SECStatus
 ECDSA_SignDigest(ECPrivateKey *key, SECItem *signature, const SECItem *digest)
 {
     SECStatus rv = SECFailure;
+#ifndef NSS_DISABLE_ECC
     int len;
     unsigned char *kBytes = NULL;
 
@@ -914,6 +941,9 @@ cleanup:
     printf("ECDSA signing %s\n",
            (rv == SECSuccess) ? "succeeded" : "failed");
 #endif
+#else
+    PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
+#endif /* NSS_DISABLE_ECC */
 
     return rv;
 }
@@ -931,6 +961,7 @@ ECDSA_VerifyDigest(ECPublicKey *key, const SECItem *signature,
                    const SECItem *digest)
 {
     SECStatus rv = SECFailure;
+#ifndef NSS_DISABLE_ECC
     mp_int r_, s_;       /* tuple (r', s') is received signature) */
     mp_int c, u1, u2, v; /* intermediate values used in verification */
     mp_int x1;
@@ -1130,6 +1161,9 @@ cleanup:
     printf("ECDSA verification %s\n",
            (rv == SECSuccess) ? "succeeded" : "failed");
 #endif
+#else
+    PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
+#endif /* NSS_DISABLE_ECC */
 
     return rv;
 }
diff --git a/security/nss/lib/freebl/ecdecode.c b/security/nss/lib/freebl/ecdecode.c
index 652ad42d5..54b3e111b 100644
--- a/security/nss/lib/freebl/ecdecode.c
+++ b/security/nss/lib/freebl/ecdecode.c
@@ -2,6 +2,8 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
+#ifndef NSS_DISABLE_ECC
+
 #ifdef FREEBL_NO_DEPEND
 #include "stubs.h"
 #endif
@@ -250,3 +252,5 @@ EC_GetPointSize(const ECParams *params)
     }
     return curveParams->pointSize - 1;
 }
+
+#endif /* NSS_DISABLE_ECC */
diff --git a/security/nss/lib/freebl/ecl/curve25519_64.c b/security/nss/lib/freebl/ecl/curve25519_64.c
index a2e4296bb..65f6bd41b 100644
--- a/security/nss/lib/freebl/ecl/curve25519_64.c
+++ b/security/nss/lib/freebl/ecl/curve25519_64.c
@@ -2,13 +2,513 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
+/*
+ * Derived from public domain C code by Adan Langley and Daniel J. Bernstein
+ */
+
+#include "uint128.h"
+
 #include "ecl-priv.h"
-#include "../verified/Hacl_Curve25519.h"
+#include "mpi.h"
+
+#include <stdint.h>
+#include <stdio.h>
+#include <string.h>
+
+typedef uint8_t u8;
+typedef uint64_t felem;
+
+/* Sum two numbers: output += in */
+static void
+fsum(felem *output, const felem *in)
+{
+    unsigned i;
+    for (i = 0; i < 5; ++i) {
+        output[i] += in[i];
+    }
+}
+
+/* Find the difference of two numbers: output = in - output
+ * (note the order of the arguments!)
+ */
+static void
+fdifference_backwards(felem *ioutput, const felem *iin)
+{
+    static const int64_t twotothe51 = ((int64_t)1l << 51);
+    const int64_t *in = (const int64_t *)iin;
+    int64_t *out = (int64_t *)ioutput;
+
+    out[0] = in[0] - out[0];
+    out[1] = in[1] - out[1];
+    out[2] = in[2] - out[2];
+    out[3] = in[3] - out[3];
+    out[4] = in[4] - out[4];
+
+    // An arithmetic shift right of 63 places turns a positive number to 0 and a
+    // negative number to all 1's. This gives us a bitmask that lets us avoid
+    // side-channel prone branches.
+    int64_t t;
+
+#define NEGCHAIN(a, b)        \
+    t = out[a] >> 63;         \
+    out[a] += twotothe51 & t; \
+    out[b] -= 1 & t;
+
+#define NEGCHAIN19(a, b)      \
+    t = out[a] >> 63;         \
+    out[a] += twotothe51 & t; \
+    out[b] -= 19 & t;
+
+    NEGCHAIN(0, 1);
+    NEGCHAIN(1, 2);
+    NEGCHAIN(2, 3);
+    NEGCHAIN(3, 4);
+    NEGCHAIN19(4, 0);
+    NEGCHAIN(0, 1);
+    NEGCHAIN(1, 2);
+    NEGCHAIN(2, 3);
+    NEGCHAIN(3, 4);
+}
+
+/* Multiply a number by a scalar: output = in * scalar */
+static void
+fscalar_product(felem *output, const felem *in,
+                const felem scalar)
+{
+    uint128_t tmp, tmp2;
+
+    tmp = mul6464(in[0], scalar);
+    output[0] = mask51(tmp);
+
+    tmp2 = mul6464(in[1], scalar);
+    tmp = add128(tmp2, rshift128(tmp, 51));
+    output[1] = mask51(tmp);
+
+    tmp2 = mul6464(in[2], scalar);
+    tmp = add128(tmp2, rshift128(tmp, 51));
+    output[2] = mask51(tmp);
+
+    tmp2 = mul6464(in[3], scalar);
+    tmp = add128(tmp2, rshift128(tmp, 51));
+    output[3] = mask51(tmp);
+
+    tmp2 = mul6464(in[4], scalar);
+    tmp = add128(tmp2, rshift128(tmp, 51));
+    output[4] = mask51(tmp);
+
+    output[0] += mask_lower(rshift128(tmp, 51)) * 19;
+}
+
+/* Multiply two numbers: output = in2 * in
+ *
+ * output must be distinct to both inputs. The inputs are reduced coefficient
+ * form, the output is not.
+ */
+static void
+fmul(felem *output, const felem *in2, const felem *in)
+{
+    uint128_t t0, t1, t2, t3, t4, t5, t6, t7, t8;
+
+    t0 = mul6464(in[0], in2[0]);
+    t1 = add128(mul6464(in[1], in2[0]), mul6464(in[0], in2[1]));
+    t2 = add128(add128(mul6464(in[0], in2[2]),
+                       mul6464(in[2], in2[0])),
+                mul6464(in[1], in2[1]));
+    t3 = add128(add128(add128(mul6464(in[0], in2[3]),
+                              mul6464(in[3], in2[0])),
+                       mul6464(in[1], in2[2])),
+                mul6464(in[2], in2[1]));
+    t4 = add128(add128(add128(add128(mul6464(in[0], in2[4]),
+                                     mul6464(in[4], in2[0])),
+                              mul6464(in[3], in2[1])),
+                       mul6464(in[1], in2[3])),
+                mul6464(in[2], in2[2]));
+    t5 = add128(add128(add128(mul6464(in[4], in2[1]),
+                              mul6464(in[1], in2[4])),
+                       mul6464(in[2], in2[3])),
+                mul6464(in[3], in2[2]));
+    t6 = add128(add128(mul6464(in[4], in2[2]),
+                       mul6464(in[2], in2[4])),
+                mul6464(in[3], in2[3]));
+    t7 = add128(mul6464(in[3], in2[4]), mul6464(in[4], in2[3]));
+    t8 = mul6464(in[4], in2[4]);
+
+    t0 = add128(t0, mul12819(t5));
+    t1 = add128(t1, mul12819(t6));
+    t2 = add128(t2, mul12819(t7));
+    t3 = add128(t3, mul12819(t8));
+
+    t1 = add128(t1, rshift128(t0, 51));
+    t0 = mask51full(t0);
+    t2 = add128(t2, rshift128(t1, 51));
+    t1 = mask51full(t1);
+    t3 = add128(t3, rshift128(t2, 51));
+    t4 = add128(t4, rshift128(t3, 51));
+    t0 = add128(t0, mul12819(rshift128(t4, 51)));
+    t1 = add128(t1, rshift128(t0, 51));
+    t2 = mask51full(t2);
+    t2 = add128(t2, rshift128(t1, 51));
+
+    output[0] = mask51(t0);
+    output[1] = mask51(t1);
+    output[2] = mask_lower(t2);
+    output[3] = mask51(t3);
+    output[4] = mask51(t4);
+}
+
+static void
+fsquare(felem *output, const felem *in)
+{
+    uint128_t t0, t1, t2, t3, t4, t5, t6, t7, t8;
+
+    t0 = mul6464(in[0], in[0]);
+    t1 = lshift128(mul6464(in[0], in[1]), 1);
+    t2 = add128(lshift128(mul6464(in[0], in[2]), 1),
+                mul6464(in[1], in[1]));
+    t3 = add128(lshift128(mul6464(in[0], in[3]), 1),
+                lshift128(mul6464(in[1], in[2]), 1));
+    t4 = add128(add128(lshift128(mul6464(in[0], in[4]), 1),
+                       lshift128(mul6464(in[3], in[1]), 1)),
+                mul6464(in[2], in[2]));
+    t5 = add128(lshift128(mul6464(in[4], in[1]), 1),
+                lshift128(mul6464(in[2], in[3]), 1));
+    t6 = add128(lshift128(mul6464(in[4], in[2]), 1),
+                mul6464(in[3], in[3]));
+    t7 = lshift128(mul6464(in[3], in[4]), 1);
+    t8 = mul6464(in[4], in[4]);
+
+    t0 = add128(t0, mul12819(t5));
+    t1 = add128(t1, mul12819(t6));
+    t2 = add128(t2, mul12819(t7));
+    t3 = add128(t3, mul12819(t8));
+
+    t1 = add128(t1, rshift128(t0, 51));
+    t0 = mask51full(t0);
+    t2 = add128(t2, rshift128(t1, 51));
+    t1 = mask51full(t1);
+    t3 = add128(t3, rshift128(t2, 51));
+    t4 = add128(t4, rshift128(t3, 51));
+    t0 = add128(t0, mul12819(rshift128(t4, 51)));
+    t1 = add128(t1, rshift128(t0, 51));
+
+    output[0] = mask51(t0);
+    output[1] = mask_lower(t1);
+    output[2] = mask51(t2);
+    output[3] = mask51(t3);
+    output[4] = mask51(t4);
+}
+
+/* Take a 32-byte number and expand it into polynomial form */
+static void NO_SANITIZE_ALIGNMENT
+fexpand(felem *output, const u8 *in)
+{
+    output[0] = *((const uint64_t *)(in)) & MASK51;
+    output[1] = (*((const uint64_t *)(in + 6)) >> 3) & MASK51;
+    output[2] = (*((const uint64_t *)(in + 12)) >> 6) & MASK51;
+    output[3] = (*((const uint64_t *)(in + 19)) >> 1) & MASK51;
+    output[4] = (*((const uint64_t *)(in + 24)) >> 12) & MASK51;
+}
+
+/* Take a fully reduced polynomial form number and contract it into a
+ * 32-byte array
+ */
+static void
+fcontract(u8 *output, const felem *input)
+{
+    uint128_t t0 = init128x(input[0]);
+    uint128_t t1 = init128x(input[1]);
+    uint128_t t2 = init128x(input[2]);
+    uint128_t t3 = init128x(input[3]);
+    uint128_t t4 = init128x(input[4]);
+    uint128_t tmp = init128x(19);
+
+    t1 = add128(t1, rshift128(t0, 51));
+    t0 = mask51full(t0);
+    t2 = add128(t2, rshift128(t1, 51));
+    t1 = mask51full(t1);
+    t3 = add128(t3, rshift128(t2, 51));
+    t2 = mask51full(t2);
+    t4 = add128(t4, rshift128(t3, 51));
+    t3 = mask51full(t3);
+    t0 = add128(t0, mul12819(rshift128(t4, 51)));
+    t4 = mask51full(t4);
+
+    t1 = add128(t1, rshift128(t0, 51));
+    t0 = mask51full(t0);
+    t2 = add128(t2, rshift128(t1, 51));
+    t1 = mask51full(t1);
+    t3 = add128(t3, rshift128(t2, 51));
+    t2 = mask51full(t2);
+    t4 = add128(t4, rshift128(t3, 51));
+    t3 = mask51full(t3);
+    t0 = add128(t0, mul12819(rshift128(t4, 51)));
+    t4 = mask51full(t4);
+
+    /* now t is between 0 and 2^255-1, properly carried. */
+    /* case 1: between 0 and 2^255-20. case 2: between 2^255-19 and 2^255-1. */
+
+    t0 = add128(t0, tmp);
+
+    t1 = add128(t1, rshift128(t0, 51));
+    t0 = mask51full(t0);
+    t2 = add128(t2, rshift128(t1, 51));
+    t1 = mask51full(t1);
+    t3 = add128(t3, rshift128(t2, 51));
+    t2 = mask51full(t2);
+    t4 = add128(t4, rshift128(t3, 51));
+    t3 = mask51full(t3);
+    t0 = add128(t0, mul12819(rshift128(t4, 51)));
+    t4 = mask51full(t4);
+
+    /* now between 19 and 2^255-1 in both cases, and offset by 19. */
+
+    t0 = add128(t0, init128x(0x8000000000000 - 19));
+    tmp = init128x(0x8000000000000 - 1);
+    t1 = add128(t1, tmp);
+    t2 = add128(t2, tmp);
+    t3 = add128(t3, tmp);
+    t4 = add128(t4, tmp);
+
+    /* now between 2^255 and 2^256-20, and offset by 2^255. */
+
+    t1 = add128(t1, rshift128(t0, 51));
+    t0 = mask51full(t0);
+    t2 = add128(t2, rshift128(t1, 51));
+    t1 = mask51full(t1);
+    t3 = add128(t3, rshift128(t2, 51));
+    t2 = mask51full(t2);
+    t4 = add128(t4, rshift128(t3, 51));
+    t3 = mask51full(t3);
+    t4 = mask51full(t4);
+
+    *((uint64_t *)(output)) = mask_lower(t0) | mask_lower(t1) << 51;
+    *((uint64_t *)(output + 8)) = (mask_lower(t1) >> 13) | (mask_lower(t2) << 38);
+    *((uint64_t *)(output + 16)) = (mask_lower(t2) >> 26) | (mask_lower(t3) << 25);
+    *((uint64_t *)(output + 24)) = (mask_lower(t3) >> 39) | (mask_lower(t4) << 12);
+}
+
+/* Input: Q, Q', Q-Q'
+ * Output: 2Q, Q+Q'
+ *
+ *   x2 z3: long form
+ *   x3 z3: long form
+ *   x z: short form, destroyed
+ *   xprime zprime: short form, destroyed
+ *   qmqp: short form, preserved
+ */
+static void
+fmonty(felem *x2, felem *z2,         /* output 2Q */
+       felem *x3, felem *z3,         /* output Q + Q' */
+       felem *x, felem *z,           /* input Q */
+       felem *xprime, felem *zprime, /* input Q' */
+       const felem *qmqp /* input Q - Q' */)
+{
+    felem origx[5], origxprime[5], zzz[5], xx[5], zz[5], xxprime[5], zzprime[5],
+        zzzprime[5];
+
+    memcpy(origx, x, 5 * sizeof(felem));
+    fsum(x, z);
+    fdifference_backwards(z, origx); // does x - z
+
+    memcpy(origxprime, xprime, sizeof(felem) * 5);
+    fsum(xprime, zprime);
+    fdifference_backwards(zprime, origxprime);
+    fmul(xxprime, xprime, z);
+    fmul(zzprime, x, zprime);
+    memcpy(origxprime, xxprime, sizeof(felem) * 5);
+    fsum(xxprime, zzprime);
+    fdifference_backwards(zzprime, origxprime);
+    fsquare(x3, xxprime);
+    fsquare(zzzprime, zzprime);
+    fmul(z3, zzzprime, qmqp);
+
+    fsquare(xx, x);
+    fsquare(zz, z);
+    fmul(x2, xx, zz);
+    fdifference_backwards(zz, xx); // does zz = xx - zz
+    fscalar_product(zzz, zz, 121665);
+    fsum(zzz, xx);
+    fmul(z2, zz, zzz);
+}
+
+// -----------------------------------------------------------------------------
+// Maybe swap the contents of two felem arrays (@a and @b), each @len elements
+// long. Perform the swap iff @swap is non-zero.
+//
+// This function performs the swap without leaking any side-channel
+// information.
+// -----------------------------------------------------------------------------
+static void
+swap_conditional(felem *a, felem *b, unsigned len, felem iswap)
+{
+    unsigned i;
+    const felem swap = 1 + ~iswap;
+
+    for (i = 0; i < len; ++i) {
+        const felem x = swap & (a[i] ^ b[i]);
+        a[i] ^= x;
+        b[i] ^= x;
+    }
+}
+
+/* Calculates nQ where Q is the x-coordinate of a point on the curve
+ *
+ *   resultx/resultz: the x coordinate of the resulting curve point (short form)
+ *   n: a 32-byte number
+ *   q: a point of the curve (short form)
+ */
+static void
+cmult(felem *resultx, felem *resultz, const u8 *n, const felem *q)
+{
+    felem a[5] = { 0 }, b[5] = { 1 }, c[5] = { 1 }, d[5] = { 0 };
+    felem *nqpqx = a, *nqpqz = b, *nqx = c, *nqz = d, *t;
+    felem e[5] = { 0 }, f[5] = { 1 }, g[5] = { 0 }, h[5] = { 1 };
+    felem *nqpqx2 = e, *nqpqz2 = f, *nqx2 = g, *nqz2 = h;
+
+    unsigned i, j;
+
+    memcpy(nqpqx, q, sizeof(felem) * 5);
+
+    for (i = 0; i < 32; ++i) {
+        u8 byte = n[31 - i];
+        for (j = 0; j < 8; ++j) {
+            const felem bit = byte >> 7;
+
+            swap_conditional(nqx, nqpqx, 5, bit);
+            swap_conditional(nqz, nqpqz, 5, bit);
+            fmonty(nqx2, nqz2, nqpqx2, nqpqz2, nqx, nqz, nqpqx, nqpqz, q);
+            swap_conditional(nqx2, nqpqx2, 5, bit);
+            swap_conditional(nqz2, nqpqz2, 5, bit);
+
+            t = nqx;
+            nqx = nqx2;
+            nqx2 = t;
+            t = nqz;
+            nqz = nqz2;
+            nqz2 = t;
+            t = nqpqx;
+            nqpqx = nqpqx2;
+            nqpqx2 = t;
+            t = nqpqz;
+            nqpqz = nqpqz2;
+            nqpqz2 = t;
+
+            byte <<= 1;
+        }
+    }
+
+    memcpy(resultx, nqx, sizeof(felem) * 5);
+    memcpy(resultz, nqz, sizeof(felem) * 5);
+}
+
+// -----------------------------------------------------------------------------
+// Shamelessly copied from djb's code
+// -----------------------------------------------------------------------------
+static void
+crecip(felem *out, const felem *z)
+{
+    felem z2[5];
+    felem z9[5];
+    felem z11[5];
+    felem z2_5_0[5];
+    felem z2_10_0[5];
+    felem z2_20_0[5];
+    felem z2_50_0[5];
+    felem z2_100_0[5];
+    felem t0[5];
+    felem t1[5];
+    int i;
+
+    /* 2 */ fsquare(z2, z);
+    /* 4 */ fsquare(t1, z2);
+    /* 8 */ fsquare(t0, t1);
+    /* 9 */ fmul(z9, t0, z);
+    /* 11 */ fmul(z11, z9, z2);
+    /* 22 */ fsquare(t0, z11);
+    /* 2^5 - 2^0 = 31 */ fmul(z2_5_0, t0, z9);
+
+    /* 2^6 - 2^1 */ fsquare(t0, z2_5_0);
+    /* 2^7 - 2^2 */ fsquare(t1, t0);
+    /* 2^8 - 2^3 */ fsquare(t0, t1);
+    /* 2^9 - 2^4 */ fsquare(t1, t0);
+    /* 2^10 - 2^5 */ fsquare(t0, t1);
+    /* 2^10 - 2^0 */ fmul(z2_10_0, t0, z2_5_0);
+
+    /* 2^11 - 2^1 */ fsquare(t0, z2_10_0);
+    /* 2^12 - 2^2 */ fsquare(t1, t0);
+    /* 2^20 - 2^10 */ for (i = 2; i < 10; i += 2) {
+        fsquare(t0, t1);
+        fsquare(t1, t0);
+    }
+    /* 2^20 - 2^0 */ fmul(z2_20_0, t1, z2_10_0);
+
+    /* 2^21 - 2^1 */ fsquare(t0, z2_20_0);
+    /* 2^22 - 2^2 */ fsquare(t1, t0);
+    /* 2^40 - 2^20 */ for (i = 2; i < 20; i += 2) {
+        fsquare(t0, t1);
+        fsquare(t1, t0);
+    }
+    /* 2^40 - 2^0 */ fmul(t0, t1, z2_20_0);
+
+    /* 2^41 - 2^1 */ fsquare(t1, t0);
+    /* 2^42 - 2^2 */ fsquare(t0, t1);
+    /* 2^50 - 2^10 */ for (i = 2; i < 10; i += 2) {
+        fsquare(t1, t0);
+        fsquare(t0, t1);
+    }
+    /* 2^50 - 2^0 */ fmul(z2_50_0, t0, z2_10_0);
+
+    /* 2^51 - 2^1 */ fsquare(t0, z2_50_0);
+    /* 2^52 - 2^2 */ fsquare(t1, t0);
+    /* 2^100 - 2^50 */ for (i = 2; i < 50; i += 2) {
+        fsquare(t0, t1);
+        fsquare(t1, t0);
+    }
+    /* 2^100 - 2^0 */ fmul(z2_100_0, t1, z2_50_0);
+
+    /* 2^101 - 2^1 */ fsquare(t1, z2_100_0);
+    /* 2^102 - 2^2 */ fsquare(t0, t1);
+    /* 2^200 - 2^100 */ for (i = 2; i < 100; i += 2) {
+        fsquare(t1, t0);
+        fsquare(t0, t1);
+    }
+    /* 2^200 - 2^0 */ fmul(t1, t0, z2_100_0);
+
+    /* 2^201 - 2^1 */ fsquare(t0, t1);
+    /* 2^202 - 2^2 */ fsquare(t1, t0);
+    /* 2^250 - 2^50 */ for (i = 2; i < 50; i += 2) {
+        fsquare(t0, t1);
+        fsquare(t1, t0);
+    }
+    /* 2^250 - 2^0 */ fmul(t0, t1, z2_50_0);
+
+    /* 2^251 - 2^1 */ fsquare(t1, t0);
+    /* 2^252 - 2^2 */ fsquare(t0, t1);
+    /* 2^253 - 2^3 */ fsquare(t1, t0);
+    /* 2^254 - 2^4 */ fsquare(t0, t1);
+    /* 2^255 - 2^5 */ fsquare(t1, t0);
+    /* 2^255 - 21 */ fmul(out, t1, z11);
+}
 
 SECStatus
-ec_Curve25519_mul(uint8_t *mypublic, const uint8_t *secret, const uint8_t *basepoint)
+ec_Curve25519_mul(uint8_t *mypublic, const uint8_t *secret,
+                  const uint8_t *basepoint)
 {
-    // Note: this cast is safe because HaCl* state has a post-condition that only "mypublic" changed.
-    Hacl_Curve25519_crypto_scalarmult(mypublic, (uint8_t *)secret, (uint8_t *)basepoint);
+    felem bp[5], x[5], z[5], zmone[5];
+    uint8_t e[32];
+    int i;
+
+    for (i = 0; i < 32; ++i) {
+        e[i] = secret[i];
+    }
+    e[0] &= 248;
+    e[31] &= 127;
+    e[31] |= 64;
+    fexpand(bp, basepoint);
+    cmult(x, z, e, bp);
+    crecip(zmone, z);
+    fmul(z, x, zmone);
+    fcontract(mypublic, z);
+
     return 0;
 }
diff --git a/security/nss/lib/freebl/ecl/ecp_25519.c b/security/nss/lib/freebl/ecl/ecp_25519.c
index 38bd34c50..1e7875fff 100644
--- a/security/nss/lib/freebl/ecl/ecp_25519.c
+++ b/security/nss/lib/freebl/ecl/ecp_25519.c
@@ -115,9 +115,5 @@ ec_Curve25519_pt_mul(SECItem *X, SECItem *k, SECItem *P)
         px = P->data;
     }
 
-    SECStatus rv = ec_Curve25519_mul(X->data, k->data, px);
-    if (NSS_SecureMemcmpZero(X->data, X->len) == 0) {
-        return SECFailure;
-    }
-    return rv;
+    return ec_Curve25519_mul(X->data, k->data, px);
 }
diff --git a/security/nss/lib/freebl/exports.gyp b/security/nss/lib/freebl/exports.gyp
index ca0b6dafd..aded6bfb6 100644
--- a/security/nss/lib/freebl/exports.gyp
+++ b/security/nss/lib/freebl/exports.gyp
@@ -29,7 +29,6 @@
           'files': [
             'alghmac.h',
             'blapi.h',
-            'blake2b.h',
             'chacha20poly1305.h',
             'ec.h',
             'ecl/ecl-curve.h',
diff --git a/security/nss/lib/freebl/fipsfreebl.c b/security/nss/lib/freebl/fipsfreebl.c
index 2328a677f..094513560 100644
--- a/security/nss/lib/freebl/fipsfreebl.c
+++ b/security/nss/lib/freebl/fipsfreebl.c
@@ -6,7 +6,6 @@
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 /* $Id: fipstest.c,v 1.31 2012/06/28 17:55:06 rrelyea%redhat.com Exp $ */
 
-#ifndef NSS_FIPS_DISABLED
 #ifdef FREEBL_NO_DEPEND
 #include "stubs.h"
 #endif
@@ -16,7 +15,9 @@
 #include "secerr.h"
 #include "prtypes.h"
 
+#ifdef NSS_ENABLE_ECC
 #include "ec.h" /* Required for ECDSA */
+#endif
 
 /*
  * different platforms have different ways of calling and initial entry point
@@ -1076,6 +1077,8 @@ rsa_loser:
     return (SECFailure);
 }
 
+#ifdef NSS_ENABLE_ECC
+
 static SECStatus
 freebl_fips_ECDSA_Test(ECParams *ecparams,
                        const PRUint8 *knownSignature,
@@ -1272,6 +1275,8 @@ freebl_fips_ECDSA_PowerUpSelfTest()
     return (SECSuccess);
 }
 
+#endif /* NSS_ENABLE_ECC */
+
 static SECStatus
 freebl_fips_DSA_PowerUpSelfTest(void)
 {
@@ -1554,11 +1559,13 @@ freebl_fipsPowerUpSelfTest(unsigned int tests)
         if (rv != SECSuccess)
             return rv;
 
+#ifdef NSS_ENABLE_ECC
         /* ECDSA Power-Up SelfTest(s). */
         rv = freebl_fips_ECDSA_PowerUpSelfTest();
 
         if (rv != SECSuccess)
             return rv;
+#endif
     }
     /* Passed Power-Up SelfTest(s). */
     return (SECSuccess);
@@ -1582,6 +1589,9 @@ static PRBool self_tests_freebl_ran = PR_FALSE;
 static PRBool self_tests_ran = PR_FALSE;
 static PRBool self_tests_freebl_success = PR_FALSE;
 static PRBool self_tests_success = PR_FALSE;
+#if defined(DEBUG)
+static PRBool fips_mode_available = PR_FALSE;
+#endif
 
 /*
  * accessors for freebl
@@ -1634,6 +1644,7 @@ bl_startup_tests(void)
 
     PORT_Assert(self_tests_freebl_ran == PR_FALSE);
     PORT_Assert(self_tests_success == PR_FALSE);
+    PORT_Assert(fips_mode_available == PR_FALSE);
     self_tests_freebl_ran = PR_TRUE;      /* we are running the tests */
     self_tests_success = PR_FALSE;        /* force it just in case */
     self_tests_freebl_success = PR_FALSE; /* force it just in case */
@@ -1702,4 +1713,3 @@ BL_FIPSEntryOK(PRBool freebl_only)
     PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
     return SECFailure;
 }
-#endif
diff --git a/security/nss/lib/freebl/freebl.gyp b/security/nss/lib/freebl/freebl.gyp
index 8b6a546e7..8c0d0dcd5 100644
--- a/security/nss/lib/freebl/freebl.gyp
+++ b/security/nss/lib/freebl/freebl.gyp
@@ -23,37 +23,6 @@
       ]
     },
     {
-      'target_name': 'gcm-aes-x86_c_lib',
-      'type': 'static_library',
-      'sources': [
-        'gcm-x86.c', 'aes-x86.c'
-      ],
-      'dependencies': [
-        '<(DEPTH)/exports.gyp:nss_exports'
-      ],
-      # Enable isa option for pclmul and aes-ni; supported since gcc 4.4.
-      # This is only supported by x84/x64. It's not needed for Windows,
-      # unless clang-cl is used.
-      'cflags_mozilla': [
-        '-mpclmul', '-maes'
-      ],
-      'conditions': [
-        [ 'OS=="linux" or OS=="android" or OS=="dragonfly" or OS=="freebsd" or OS=="netbsd" or OS=="openbsd"', {
-          'cflags': [
-            '-mpclmul', '-maes'
-          ],
-        }],
-        # macOS build doesn't use cflags.
-        [ 'OS=="mac"', {
-          'xcode_settings': {
-            'OTHER_CFLAGS': [
-              '-mpclmul', '-maes'
-            ],
-          },
-        }]
-      ]
-    },
-    {
       'target_name': 'freebl',
       'type': 'static_library',
       'sources': [
@@ -76,11 +45,6 @@
         '<(DEPTH)/exports.gyp:nss_exports',
       ],
       'conditions': [
-        [ 'target_arch=="ia32" or target_arch=="x64"', {
-          'dependencies': [
-            'gcm-aes-x86_c_lib'
-          ],
-        }],
         [ 'OS=="linux"', {
           'defines!': [
             'FREEBL_NO_DEPEND',
@@ -112,11 +76,6 @@
         '<(DEPTH)/exports.gyp:nss_exports',
       ],
       'conditions': [
-        [ 'target_arch=="ia32" or target_arch=="x64"', {
-          'dependencies': [
-            'gcm-aes-x86_c_lib'
-          ]
-        }],
         [ 'OS!="linux" and OS!="android"', {
           'conditions': [
             [ 'moz_fold_libs==0', {
@@ -183,8 +142,7 @@
   'target_defaults': {
     'include_dirs': [
       'mpi',
-      'ecl',
-      'verified',
+      'ecl'
     ],
     'defines': [
       'SHLIB_SUFFIX=\"<(dll_suffix)\"',
@@ -195,12 +153,19 @@
       'MP_API_COMPATIBLE'
     ],
     'conditions': [
+      [ 'target_arch=="ia32" or target_arch=="x64"', {
+        'cflags_mozilla': [
+          '-mpclmul',
+          '-maes',
+        ],
+      }],
       [ 'OS=="mac"', {
         'xcode_settings': {
           # I'm not sure since when this is supported.
           # But I hope that doesn't matter. We also assume this is x86/x64.
           'OTHER_CFLAGS': [
-            '-std=gnu99',
+            '-mpclmul',
+            '-maes',
           ],
         },
       }],
@@ -256,24 +221,17 @@
               'HAVE_INT128_SUPPORT',
             ],
           }, {
-            'defines': [
-              'KRML_NOUINT128',
+            'sources': [
+              'ecl/uint128.c',
             ],
           }],
         ],
-      }, {
-        'defines': [
-          'KRML_NOUINT128',
-        ],
       }],
       [ 'OS=="linux"', {
         'defines': [
           'FREEBL_LOWHASH',
           'FREEBL_NO_DEPEND',
         ],
-        'cflags': [
-          '-std=gnu99',
-        ],
       }],
       [ 'OS=="linux" or OS=="android"', {
         'conditions': [
@@ -301,6 +259,14 @@
               'MP_USE_UINT_DIGIT',
             ],
           }],
+          [ 'target_arch=="ia32" or target_arch=="x64"', {
+            'cflags': [
+              # enable isa option for pclmul am aes-ni; supported since gcc 4.4
+              # This is only support by x84/x64. It's not needed for Windows.
+              '-mpclmul',
+              '-maes',
+            ],
+          }],
           [ 'target_arch=="arm"', {
             'defines': [
               'MP_ASSEMBLY_MULTIPLY',
diff --git a/security/nss/lib/freebl/freebl_base.gypi b/security/nss/lib/freebl/freebl_base.gypi
index 44e28963b..027aa2702 100644
--- a/security/nss/lib/freebl/freebl_base.gypi
+++ b/security/nss/lib/freebl/freebl_base.gypi
@@ -8,10 +8,8 @@
     'alghmac.c',
     'arcfive.c',
     'arcfour.c',
-    'blake2b.c',
     'camellia.c',
     'chacha20poly1305.c',
-    'crypto_primitives.c',
     'ctr.c',
     'cts.c',
     'des.c',
@@ -100,6 +98,10 @@
       ],
     }],
     [ 'OS=="win"', {
+      'sources': [
+        #TODO: building with mingw should not need this.
+        'ecl/uint128.c',
+      ],
       'libraries': [
         'advapi32.lib',
       ],
@@ -130,53 +132,29 @@
         }],
       ],
     }],
-    ['target_arch=="ia32" or target_arch=="x64" or target_arch=="arm64" or target_arch=="aarch64"', {
+    ['target_arch=="ia32" or target_arch=="x64"', {
       'sources': [
-        # All intel and 64-bit ARM architectures get the 64 bit version.
+        # All intel architectures get the 64 bit version
         'ecl/curve25519_64.c',
-        'verified/Hacl_Curve25519.c',
-        'verified/FStar.c',
       ],
     }, {
       'sources': [
-        # All other architectures get the generic 32 bit implementation (slow!)
+        # All non intel architectures get the generic 32 bit implementation (slow!)
         'ecl/curve25519_32.c',
       ],
     }],
+    #TODO uint128.c
     [ 'disable_chachapoly==0', {
       'conditions': [
-        [ 'OS!="win"', {
-          'conditions': [
-            [ 'target_arch=="x64"', {
-              'sources': [
-                'chacha20_vec.c',
-                'verified/Hacl_Poly1305_64.c',
-              ],
-            }, {
-              # !Windows & !x64
-              'conditions': [
-                [ 'target_arch=="arm64" or target_arch=="aarch64"', {
-                  'sources': [
-                    'chacha20.c',
-                    'verified/Hacl_Chacha20.c',
-                    'verified/Hacl_Poly1305_64.c',
-                  ],
-                }, {
-                  # !Windows & !x64 & !arm64 & !aarch64
-                  'sources': [
-                    'chacha20.c',
-                    'verified/Hacl_Chacha20.c',
-                    'poly1305.c',
-                  ],
-                }],
-              ],
-            }],
+        [ 'OS!="win" and target_arch=="x64"', {
+          'sources': [
+            'chacha20_vec.c',
+            'poly1305-donna-x64-sse2-incremental-source.c',
           ],
         }, {
-          # Windows
+          # not x64
           'sources': [
             'chacha20.c',
-            'verified/Hacl_Chacha20.c',
             'poly1305.c',
           ],
         }],
diff --git a/security/nss/lib/freebl/gcm-x86.c b/security/nss/lib/freebl/gcm-x86.c
deleted file mode 100644
index e34d63394..000000000
--- a/security/nss/lib/freebl/gcm-x86.c
+++ /dev/null
@@ -1,127 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#ifdef FREEBL_NO_DEPEND
-#include "stubs.h"
-#endif
-#include "gcm.h"
-#include "secerr.h"
-
-#include <wmmintrin.h> /* clmul */
-
-#define WRITE64(x, bytes)   \
-    (bytes)[0] = (x) >> 56; \
-    (bytes)[1] = (x) >> 48; \
-    (bytes)[2] = (x) >> 40; \
-    (bytes)[3] = (x) >> 32; \
-    (bytes)[4] = (x) >> 24; \
-    (bytes)[5] = (x) >> 16; \
-    (bytes)[6] = (x) >> 8;  \
-    (bytes)[7] = (x);
-
-SECStatus
-gcm_HashWrite_hw(gcmHashContext *ghash, unsigned char *outbuf)
-{
-    uint64_t tmp_out[2];
-    _mm_storeu_si128((__m128i *)tmp_out, ghash->x);
-    /* maxout must be larger than 16 byte (checked by the caller). */
-    WRITE64(tmp_out[0], outbuf + 8);
-    WRITE64(tmp_out[1], outbuf);
-    return SECSuccess;
-}
-
-SECStatus
-gcm_HashMult_hw(gcmHashContext *ghash, const unsigned char *buf,
-                unsigned int count)
-{
-    size_t i;
-    pre_align __m128i z_high post_align;
-    pre_align __m128i z_low post_align;
-    pre_align __m128i C post_align;
-    pre_align __m128i D post_align;
-    pre_align __m128i E post_align;
-    pre_align __m128i F post_align;
-    pre_align __m128i bin post_align;
-    pre_align __m128i Ci post_align;
-    pre_align __m128i tmp post_align;
-
-    for (i = 0; i < count; i++, buf += 16) {
-        bin = _mm_set_epi16(((uint16_t)buf[0] << 8) | buf[1],
-                            ((uint16_t)buf[2] << 8) | buf[3],
-                            ((uint16_t)buf[4] << 8) | buf[5],
-                            ((uint16_t)buf[6] << 8) | buf[7],
-                            ((uint16_t)buf[8] << 8) | buf[9],
-                            ((uint16_t)buf[10] << 8) | buf[11],
-                            ((uint16_t)buf[12] << 8) | buf[13],
-                            ((uint16_t)buf[14] << 8) | buf[15]);
-        Ci = _mm_xor_si128(bin, ghash->x);
-
-        /* Do binary mult ghash->X = Ci * ghash->H. */
-        C = _mm_clmulepi64_si128(Ci, ghash->h, 0x00);
-        D = _mm_clmulepi64_si128(Ci, ghash->h, 0x11);
-        E = _mm_clmulepi64_si128(Ci, ghash->h, 0x01);
-        F = _mm_clmulepi64_si128(Ci, ghash->h, 0x10);
-        tmp = _mm_xor_si128(E, F);
-        z_high = _mm_xor_si128(tmp, _mm_slli_si128(D, 8));
-        z_high = _mm_unpackhi_epi64(z_high, D);
-        z_low = _mm_xor_si128(_mm_slli_si128(tmp, 8), C);
-        z_low = _mm_unpackhi_epi64(_mm_slli_si128(C, 8), z_low);
-
-        /* Shift one to the left (multiply by x) as gcm spec is stupid. */
-        C = _mm_slli_si128(z_low, 8);
-        E = _mm_srli_epi64(C, 63);
-        D = _mm_slli_si128(z_high, 8);
-        F = _mm_srli_epi64(D, 63);
-        /* Carry over */
-        C = _mm_srli_si128(z_low, 8);
-        D = _mm_srli_epi64(C, 63);
-        z_low = _mm_or_si128(_mm_slli_epi64(z_low, 1), E);
-        z_high = _mm_or_si128(_mm_or_si128(_mm_slli_epi64(z_high, 1), F), D);
-
-        /* Reduce */
-        C = _mm_slli_si128(z_low, 8);
-        /* D = z_low << 127 */
-        D = _mm_slli_epi64(C, 63);
-        /* E = z_low << 126 */
-        E = _mm_slli_epi64(C, 62);
-        /* F = z_low << 121 */
-        F = _mm_slli_epi64(C, 57);
-        /* z_low ^= (z_low << 127) ^ (z_low << 126) ^ (z_low << 121); */
-        z_low = _mm_xor_si128(_mm_xor_si128(_mm_xor_si128(z_low, D), E), F);
-        C = _mm_srli_si128(z_low, 8);
-        /* D = z_low >> 1 */
-        D = _mm_slli_epi64(C, 63);
-        D = _mm_or_si128(_mm_srli_epi64(z_low, 1), D);
-        /* E = z_low >> 2 */
-        E = _mm_slli_epi64(C, 62);
-        E = _mm_or_si128(_mm_srli_epi64(z_low, 2), E);
-        /* F = z_low >> 7 */
-        F = _mm_slli_epi64(C, 57);
-        F = _mm_or_si128(_mm_srli_epi64(z_low, 7), F);
-        /* ghash->x ^= z_low ^ (z_low >> 1) ^ (z_low >> 2) ^ (z_low >> 7); */
-        ghash->x = _mm_xor_si128(_mm_xor_si128(
-                                     _mm_xor_si128(_mm_xor_si128(z_high, z_low), D), E),
-                                 F);
-    }
-    return SECSuccess;
-}
-
-SECStatus
-gcm_HashInit_hw(gcmHashContext *ghash)
-{
-    ghash->ghash_mul = gcm_HashMult_hw;
-    ghash->x = _mm_setzero_si128();
-    /* MSVC requires __m64 to load epi64. */
-    ghash->h = _mm_set_epi32(ghash->h_high >> 32, (uint32_t)ghash->h_high,
-                             ghash->h_low >> 32, (uint32_t)ghash->h_low);
-    ghash->hw = PR_TRUE;
-    return SECSuccess;
-}
-
-SECStatus
-gcm_HashZeroX_hw(gcmHashContext *ghash)
-{
-    ghash->x = _mm_setzero_si128();
-    return SECSuccess;
-}
diff --git a/security/nss/lib/freebl/gcm.c b/security/nss/lib/freebl/gcm.c
index f1e16da78..0fdb0fd48 100644
--- a/security/nss/lib/freebl/gcm.c
+++ b/security/nss/lib/freebl/gcm.c
@@ -17,50 +17,18 @@
 
 #include <limits.h>
 
+#ifdef NSS_X86_OR_X64
+#include <wmmintrin.h> /* clmul */
+#endif
+
 /* Forward declarations */
-SECStatus gcm_HashInit_hw(gcmHashContext *ghash);
-SECStatus gcm_HashWrite_hw(gcmHashContext *ghash, unsigned char *outbuf);
 SECStatus gcm_HashMult_hw(gcmHashContext *ghash, const unsigned char *buf,
                           unsigned int count);
-SECStatus gcm_HashZeroX_hw(gcmHashContext *ghash);
 SECStatus gcm_HashMult_sftw(gcmHashContext *ghash, const unsigned char *buf,
                             unsigned int count);
 SECStatus gcm_HashMult_sftw32(gcmHashContext *ghash, const unsigned char *buf,
                               unsigned int count);
 
-/* Stub definitions for the above *_hw functions, which shouldn't be
- * used unless NSS_X86_OR_X64 is defined */
-#ifndef NSS_X86_OR_X64
-SECStatus
-gcm_HashWrite_hw(gcmHashContext *ghash, unsigned char *outbuf)
-{
-    PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-    return SECFailure;
-}
-
-SECStatus
-gcm_HashMult_hw(gcmHashContext *ghash, const unsigned char *buf,
-                unsigned int count)
-{
-    PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-    return SECFailure;
-}
-
-SECStatus
-gcm_HashInit_hw(gcmHashContext *ghash)
-{
-    PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-    return SECFailure;
-}
-
-SECStatus
-gcm_HashZeroX_hw(gcmHashContext *ghash)
-{
-    PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-    return SECFailure;
-}
-#endif /* NSS_X86_OR_X64 */
-
 uint64_t
 get64(const unsigned char *bytes)
 {
@@ -78,8 +46,6 @@ get64(const unsigned char *bytes)
 SECStatus
 gcmHash_InitContext(gcmHashContext *ghash, const unsigned char *H, PRBool sw)
 {
-    SECStatus rv = SECSuccess;
-
     ghash->cLen = 0;
     ghash->bufLen = 0;
     PORT_Memset(ghash->counterBuf, 0, sizeof(ghash->counterBuf));
@@ -87,7 +53,17 @@ gcmHash_InitContext(gcmHashContext *ghash, const unsigned char *H, PRBool sw)
     ghash->h_low = get64(H + 8);
     ghash->h_high = get64(H);
     if (clmul_support() && !sw) {
-        rv = gcm_HashInit_hw(ghash);
+#ifdef NSS_X86_OR_X64
+        ghash->ghash_mul = gcm_HashMult_hw;
+        ghash->x = _mm_setzero_si128();
+        /* MSVC requires __m64 to load epi64. */
+        ghash->h = _mm_set_epi32(ghash->h_high >> 32, (uint32_t)ghash->h_high,
+                                 ghash->h_low >> 32, (uint32_t)ghash->h_low);
+        ghash->hw = PR_TRUE;
+#else
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+#endif /* NSS_X86_OR_X64 */
     } else {
 /* We fall back to the software implementation if we can't use / don't
          * want to use pclmul. */
@@ -99,7 +75,7 @@ gcmHash_InitContext(gcmHashContext *ghash, const unsigned char *H, PRBool sw)
         ghash->x_high = ghash->x_low = 0;
         ghash->hw = PR_FALSE;
     }
-    return rv;
+    return SECSuccess;
 }
 
 #ifdef HAVE_INT128_SUPPORT
@@ -307,17 +283,102 @@ gcm_HashMult_sftw32(gcmHashContext *ghash, const unsigned char *buf,
 }
 #endif /* HAVE_INT128_SUPPORT */
 
+SECStatus
+gcm_HashMult_hw(gcmHashContext *ghash, const unsigned char *buf,
+                unsigned int count)
+{
+#ifdef NSS_X86_OR_X64
+    size_t i;
+    pre_align __m128i z_high post_align;
+    pre_align __m128i z_low post_align;
+    pre_align __m128i C post_align;
+    pre_align __m128i D post_align;
+    pre_align __m128i E post_align;
+    pre_align __m128i F post_align;
+    pre_align __m128i bin post_align;
+    pre_align __m128i Ci post_align;
+    pre_align __m128i tmp post_align;
+
+    for (i = 0; i < count; i++, buf += 16) {
+        bin = _mm_set_epi16(((uint16_t)buf[0] << 8) | buf[1],
+                            ((uint16_t)buf[2] << 8) | buf[3],
+                            ((uint16_t)buf[4] << 8) | buf[5],
+                            ((uint16_t)buf[6] << 8) | buf[7],
+                            ((uint16_t)buf[8] << 8) | buf[9],
+                            ((uint16_t)buf[10] << 8) | buf[11],
+                            ((uint16_t)buf[12] << 8) | buf[13],
+                            ((uint16_t)buf[14] << 8) | buf[15]);
+        Ci = _mm_xor_si128(bin, ghash->x);
+
+        /* Do binary mult ghash->X = Ci * ghash->H. */
+        C = _mm_clmulepi64_si128(Ci, ghash->h, 0x00);
+        D = _mm_clmulepi64_si128(Ci, ghash->h, 0x11);
+        E = _mm_clmulepi64_si128(Ci, ghash->h, 0x01);
+        F = _mm_clmulepi64_si128(Ci, ghash->h, 0x10);
+        tmp = _mm_xor_si128(E, F);
+        z_high = _mm_xor_si128(tmp, _mm_slli_si128(D, 8));
+        z_high = _mm_unpackhi_epi64(z_high, D);
+        z_low = _mm_xor_si128(_mm_slli_si128(tmp, 8), C);
+        z_low = _mm_unpackhi_epi64(_mm_slli_si128(C, 8), z_low);
+
+        /* Shift one to the left (multiply by x) as gcm spec is stupid. */
+        C = _mm_slli_si128(z_low, 8);
+        E = _mm_srli_epi64(C, 63);
+        D = _mm_slli_si128(z_high, 8);
+        F = _mm_srli_epi64(D, 63);
+        /* Carry over */
+        C = _mm_srli_si128(z_low, 8);
+        D = _mm_srli_epi64(C, 63);
+        z_low = _mm_or_si128(_mm_slli_epi64(z_low, 1), E);
+        z_high = _mm_or_si128(_mm_or_si128(_mm_slli_epi64(z_high, 1), F), D);
+
+        /* Reduce */
+        C = _mm_slli_si128(z_low, 8);
+        /* D = z_low << 127 */
+        D = _mm_slli_epi64(C, 63);
+        /* E = z_low << 126 */
+        E = _mm_slli_epi64(C, 62);
+        /* F = z_low << 121 */
+        F = _mm_slli_epi64(C, 57);
+        /* z_low ^= (z_low << 127) ^ (z_low << 126) ^ (z_low << 121); */
+        z_low = _mm_xor_si128(_mm_xor_si128(_mm_xor_si128(z_low, D), E), F);
+        C = _mm_srli_si128(z_low, 8);
+        /* D = z_low >> 1 */
+        D = _mm_slli_epi64(C, 63);
+        D = _mm_or_si128(_mm_srli_epi64(z_low, 1), D);
+        /* E = z_low >> 2 */
+        E = _mm_slli_epi64(C, 62);
+        E = _mm_or_si128(_mm_srli_epi64(z_low, 2), E);
+        /* F = z_low >> 7 */
+        F = _mm_slli_epi64(C, 57);
+        F = _mm_or_si128(_mm_srli_epi64(z_low, 7), F);
+        /* ghash->x ^= z_low ^ (z_low >> 1) ^ (z_low >> 2) ^ (z_low >> 7); */
+        ghash->x = _mm_xor_si128(_mm_xor_si128(
+                                     _mm_xor_si128(_mm_xor_si128(z_high, z_low), D), E),
+                                 F);
+    }
+    return SECSuccess;
+#else
+    PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+    return SECFailure;
+#endif /* NSS_X86_OR_X64 */
+}
+
 static SECStatus
 gcm_zeroX(gcmHashContext *ghash)
 {
-    SECStatus rv = SECSuccess;
-
     if (ghash->hw) {
-        rv = gcm_HashZeroX_hw(ghash);
+#ifdef NSS_X86_OR_X64
+        ghash->x = _mm_setzero_si128();
+        return SECSuccess;
+#else
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+#endif /* NSS_X86_OR_X64 */
     }
 
     ghash->x_high = ghash->x_low = 0;
-    return rv;
+    return SECSuccess;
 }
 
 /*
@@ -442,10 +503,15 @@ gcmHash_Final(gcmHashContext *ghash, unsigned char *outbuf,
     }
 
     if (ghash->hw) {
-        rv = gcm_HashWrite_hw(ghash, T);
-        if (rv != SECSuccess) {
-            goto cleanup;
-        }
+#ifdef NSS_X86_OR_X64
+        uint64_t tmp_out[2];
+        _mm_storeu_si128((__m128i *)tmp_out, ghash->x);
+        WRITE64(tmp_out[0], T + 8);
+        WRITE64(tmp_out[1], T);
+#else
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+#endif /* NSS_X86_OR_X64 */
     } else {
         WRITE64(ghash->x_low, T + 8);
         WRITE64(ghash->x_high, T);
@@ -529,7 +595,14 @@ GCM_CreateContext(void *context, freeblCipherFunc cipher,
     if (gcm == NULL) {
         return NULL;
     }
-    ghash = PORT_ZNewAligned(gcmHashContext, 16, mem);
+    /* aligned_alloc is C11 so we have to do it the old way. */
+    ghash = PORT_ZAlloc(sizeof(gcmHashContext) + 15);
+    if (ghash == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        goto loser;
+    }
+    ghash->mem = ghash;
+    ghash = (gcmHashContext *)(((uintptr_t)ghash + 15) & ~(uintptr_t)0x0F);
 
     /* first plug in the ghash context */
     gcm->ghash_context = ghash;
diff --git a/security/nss/lib/freebl/gcm.h b/security/nss/lib/freebl/gcm.h
index 42ef0f717..0c707a081 100644
--- a/security/nss/lib/freebl/gcm.h
+++ b/security/nss/lib/freebl/gcm.h
@@ -9,21 +9,7 @@
 #include <stdint.h>
 
 #ifdef NSS_X86_OR_X64
-/* GCC <= 4.8 doesn't support including emmintrin.h without enabling SSE2 */
-#if !defined(__clang__) && defined(__GNUC__) && defined(__GNUC_MINOR__) && \
-    (__GNUC__ < 4 || (__GNUC__ == 4 && __GNUC_MINOR__ <= 8))
-#pragma GCC push_options
-#pragma GCC target("sse2")
-#undef NSS_DISABLE_SSE2
-#define NSS_DISABLE_SSE2 1
-#endif /* GCC <= 4.8 */
-
 #include <emmintrin.h> /* __m128i */
-
-#ifdef NSS_DISABLE_SSE2
-#undef NSS_DISABLE_SSE2
-#pragma GCC pop_options
-#endif /* NSS_DISABLE_SSE2 */
 #endif
 
 SEC_BEGIN_PROTOS
diff --git a/security/nss/lib/freebl/ldvector.c b/security/nss/lib/freebl/ldvector.c
index d39965256..2447a0c9f 100644
--- a/security/nss/lib/freebl/ldvector.c
+++ b/security/nss/lib/freebl/ldvector.c
@@ -298,25 +298,9 @@ static const struct FREEBLVectorStr vector =
 
       /* End of Version 3.018 */
 
-      EC_GetPointSize,
+      EC_GetPointSize
 
       /* End of Version 3.019 */
-
-      BLAKE2B_Hash,
-      BLAKE2B_HashBuf,
-      BLAKE2B_MAC_HashBuf,
-      BLAKE2B_NewContext,
-      BLAKE2B_DestroyContext,
-      BLAKE2B_Begin,
-      BLAKE2B_MAC_Begin,
-      BLAKE2B_Update,
-      BLAKE2B_End,
-      BLAKE2B_FlattenSize,
-      BLAKE2B_Flatten,
-      BLAKE2B_Resurrect
-
-      /* End of Version 3.020 */
-
     };
 
 const FREEBLVector*
@@ -336,12 +320,8 @@ FREEBL_GetVector(void)
         return NULL;
     }
 #endif
-
-#ifndef NSS_FIPS_DISABLED
-    /* In FIPS mode make sure the Full self tests have been run before
-     * continuing. */
+    /* make sure the Full self tests have been run before continuing */
     BL_POSTRan(PR_FALSE);
-#endif
 
     return &vector;
 }
diff --git a/security/nss/lib/freebl/loader.c b/security/nss/lib/freebl/loader.c
index fe5e0a668..792171b08 100644
--- a/security/nss/lib/freebl/loader.c
+++ b/security/nss/lib/freebl/loader.c
@@ -2124,114 +2124,3 @@ EC_GetPointSize(const ECParams *params)
         return SECFailure;
     return (vector->p_EC_GetPointSize)(params);
 }
-
-SECStatus
-BLAKE2B_Hash(unsigned char *dest, const char *src)
-{
-    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) {
-        return SECFailure;
-    }
-    return (vector->p_BLAKE2B_Hash)(dest, src);
-}
-
-SECStatus
-BLAKE2B_HashBuf(unsigned char *output, const unsigned char *input, PRUint32 inlen)
-{
-    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) {
-        return SECFailure;
-    }
-    return (vector->p_BLAKE2B_HashBuf)(output, input, inlen);
-}
-
-SECStatus
-BLAKE2B_MAC_HashBuf(unsigned char *output, const unsigned char *input,
-                    unsigned int inlen, const unsigned char *key,
-                    unsigned int keylen)
-{
-    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) {
-        return SECFailure;
-    }
-    return (vector->p_BLAKE2B_MAC_HashBuf)(output, input, inlen, key, keylen);
-}
-
-BLAKE2BContext *
-BLAKE2B_NewContext(void)
-{
-    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) {
-        return NULL;
-    }
-    return (vector->p_BLAKE2B_NewContext)();
-}
-
-void
-BLAKE2B_DestroyContext(BLAKE2BContext *BLAKE2BContext, PRBool freeit)
-{
-    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) {
-        return;
-    }
-    (vector->p_BLAKE2B_DestroyContext)(BLAKE2BContext, freeit);
-}
-
-SECStatus
-BLAKE2B_Begin(BLAKE2BContext *ctx)
-{
-    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) {
-        return SECFailure;
-    }
-    return (vector->p_BLAKE2B_Begin)(ctx);
-}
-
-SECStatus
-BLAKE2B_MAC_Begin(BLAKE2BContext *ctx, const PRUint8 *key, const size_t keylen)
-{
-    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) {
-        return SECFailure;
-    }
-    return (vector->p_BLAKE2B_MAC_Begin)(ctx, key, keylen);
-}
-
-SECStatus
-BLAKE2B_Update(BLAKE2BContext *ctx, const unsigned char *in, unsigned int inlen)
-{
-    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) {
-        return SECFailure;
-    }
-    return (vector->p_BLAKE2B_Update)(ctx, in, inlen);
-}
-
-SECStatus
-BLAKE2B_End(BLAKE2BContext *ctx, unsigned char *out,
-            unsigned int *digestLen, size_t maxDigestLen)
-{
-    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) {
-        return SECFailure;
-    }
-    return (vector->p_BLAKE2B_End)(ctx, out, digestLen, maxDigestLen);
-}
-
-unsigned int
-BLAKE2B_FlattenSize(BLAKE2BContext *ctx)
-{
-    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) {
-        return 0;
-    }
-    return (vector->p_BLAKE2B_FlattenSize)(ctx);
-}
-
-SECStatus
-BLAKE2B_Flatten(BLAKE2BContext *ctx, unsigned char *space)
-{
-    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) {
-        return SECFailure;
-    }
-    return (vector->p_BLAKE2B_Flatten)(ctx, space);
-}
-
-BLAKE2BContext *
-BLAKE2B_Resurrect(unsigned char *space, void *arg)
-{
-    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) {
-        return NULL;
-    }
-    return (vector->p_BLAKE2B_Resurrect)(space, arg);
-}
diff --git a/security/nss/lib/freebl/loader.h b/security/nss/lib/freebl/loader.h
index ff10cf9ba..ed392cc47 100644
--- a/security/nss/lib/freebl/loader.h
+++ b/security/nss/lib/freebl/loader.h
@@ -10,7 +10,7 @@
 
 #include "blapi.h"
 
-#define FREEBL_VERSION 0x0314
+#define FREEBL_VERSION 0x0313
 
 struct FREEBLVectorStr {
 
@@ -736,29 +736,6 @@ struct FREEBLVectorStr {
 
     /* Version 3.019 came to here */
 
-    SECStatus (*p_BLAKE2B_Hash)(unsigned char *dest, const char *src);
-    SECStatus (*p_BLAKE2B_HashBuf)(unsigned char *output,
-                                   const unsigned char *input, PRUint32 inlen);
-    SECStatus (*p_BLAKE2B_MAC_HashBuf)(unsigned char *output,
-                                       const unsigned char *input,
-                                       unsigned int inlen,
-                                       const unsigned char *key,
-                                       unsigned int keylen);
-    BLAKE2BContext *(*p_BLAKE2B_NewContext)();
-    void (*p_BLAKE2B_DestroyContext)(BLAKE2BContext *ctx, PRBool freeit);
-    SECStatus (*p_BLAKE2B_Begin)(BLAKE2BContext *ctx);
-    SECStatus (*p_BLAKE2B_MAC_Begin)(BLAKE2BContext *ctx, const PRUint8 *key,
-                                     const size_t keylen);
-    SECStatus (*p_BLAKE2B_Update)(BLAKE2BContext *ctx, const unsigned char *in,
-                                  unsigned int inlen);
-    SECStatus (*p_BLAKE2B_End)(BLAKE2BContext *ctx, unsigned char *out,
-                               unsigned int *digestLen, size_t maxDigestLen);
-    unsigned int (*p_BLAKE2B_FlattenSize)(BLAKE2BContext *ctx);
-    SECStatus (*p_BLAKE2B_Flatten)(BLAKE2BContext *ctx, unsigned char *space);
-    BLAKE2BContext *(*p_BLAKE2B_Resurrect)(unsigned char *space, void *arg);
-
-    /* Version 3.020 came to here */
-
     /* Add new function pointers at the end of this struct and bump
      * FREEBL_VERSION at the beginning of this file. */
 };
diff --git a/security/nss/lib/freebl/manifest.mn b/security/nss/lib/freebl/manifest.mn
index e4c9ab0b7..bf8144218 100644
--- a/security/nss/lib/freebl/manifest.mn
+++ b/security/nss/lib/freebl/manifest.mn
@@ -1,10 +1,10 @@
-#
+# 
 # This Source Code Form is subject to the terms of the Mozilla Public
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
 # NOTE: any ifdefs in this file must be defined on the gmake command line
-# (if anywhere).  They cannot come from Makefile or config.mk
+# (if anywhere).  They cannot come from Makefile or config.mk 
 
 CORE_DEPTH = ../..
 
@@ -75,7 +75,7 @@ DEFINES += -DSHLIB_SUFFIX=\"$(DLL_SUFFIX)\" -DSHLIB_PREFIX=\"$(DLL_PREFIX)\" \
 	-DSHLIB_VERSION=\"$(LIBRARY_VERSION)\" \
 	-DSOFTOKEN_SHLIB_VERSION=\"$(SOFTOKEN_LIBRARY_VERSION)\"
 
-REQUIRES =
+REQUIRES = 
 
 EXPORTS = \
 	blapit.h \
@@ -86,7 +86,6 @@ EXPORTS = \
 
 PRIVATE_EXPORTS = \
 	alghmac.h \
-	blake2b.h \
 	blapi.h \
 	chacha20poly1305.h \
 	hmacct.h \
@@ -103,13 +102,16 @@ MPI_SRCS = mpprime.c mpmontg.c mplogic.c mpi.c mp_gf2m.c
 
 
 ECL_HDRS = ecl-exp.h ecl.h ecp.h ecl-priv.h
+ifndef NSS_DISABLE_ECC
 ECL_SRCS = ecl.c ecl_mult.c ecl_gf.c \
 	ecp_aff.c ecp_jac.c ecp_mont.c \
 	ec_naf.c ecp_jm.c ecp_256.c ecp_384.c ecp_521.c \
 	ecp_256_32.c ecp_25519.c
+else
+ECL_SRCS = $(NULL)
+endif
 SHA_SRCS = sha_fast.c
 MPCPU_SRCS = mpcpucache.c
-VERIFIED_SRCS = $(NULL)
 
 CSRCS = \
 	freeblver.c \
@@ -124,8 +126,6 @@ CSRCS = \
 	alg2268.c \
 	arcfour.c \
 	arcfive.c \
-    crypto_primitives.c \
-	blake2b.c \
 	desblapi.c \
 	des.c \
 	drbg.c \
@@ -153,7 +153,6 @@ CSRCS = \
 	$(MPI_SRCS) \
 	$(MPCPU_SRCS) \
 	$(ECL_SRCS) \
-	$(VERIFIED_SRCS) \
 	$(STUBS_SRCS) \
 	$(LOWHASH_SRCS) \
 	$(EXTRA_SRCS) \
@@ -163,7 +162,6 @@ ALL_CSRCS := $(CSRCS)
 
 ALL_HDRS =  \
 	alghmac.h \
-	blake2b.h \
 	blapi.h \
 	blapit.h \
 	des.h \
@@ -180,6 +178,12 @@ ALL_HDRS =  \
 	$(NULL)
 
 
+ifdef AES_GEN_TBL
+DEFINES += -DRIJNDAEL_GENERATE_TABLES
+else 
+ifdef AES_GEN_TBL_M
+DEFINES += -DRIJNDAEL_GENERATE_TABLES_MACRO
+else
 ifdef AES_GEN_VAL
 DEFINES += -DRIJNDAEL_GENERATE_VALUES
 else
@@ -189,3 +193,5 @@ else
 DEFINES += -DRIJNDAEL_INCLUDE_TABLES
 endif
 endif
+endif
+endif
diff --git a/security/nss/lib/freebl/mpi/README b/security/nss/lib/freebl/mpi/README
index cf4302758..776ba713a 100644
--- a/security/nss/lib/freebl/mpi/README
+++ b/security/nss/lib/freebl/mpi/README
@@ -53,7 +53,7 @@ to change are:
     single digit.  This is just a printf() format string, so you
     can adjust it appropriately.
 
-(3) The macros DIGIT_MAX and MP_WORD_MAX, which specify the
+(3) The macros DIGIT_MAX and MP_WORD_MAX, which specify the 
     largest value expressible in an mp_digit and an mp_word,
     respectively.
 
@@ -345,7 +345,7 @@ returns values of x and y satisfying Bezout's identity.  This is used
 by mp_invmod() to find modular inverses.  However, if you do not need
 these values, you will find that mp_gcd() is MUCH more efficient,
 since it doesn't need all the intermediate values that mp_xgcd()
-requires in order to compute x and y.
+requires in order to compute x and y. 
 
 The mp_gcd() (and mp_xgcd()) functions use the binary (extended) GCD
 algorithm due to Josef Stein.
@@ -361,7 +361,7 @@ mp_read_radix(mp, str, r)  - convert a string in radix r to an mp_int
 mp_read_raw(mp, s, len)    - convert a string of bytes to an mp_int
 mp_radix_size(mp, r)       - return length of buffer needed by mp_toradix()
 mp_raw_size(mp)            - return length of buffer needed by mp_toraw()
-mp_toradix(mp, str, r)     - convert an mp_int to a string of radix r
+mp_toradix(mp, str, r)     - convert an mp_int to a string of radix r 
                              digits
 mp_toraw(mp, str)          - convert an mp_int to a string of bytes
 mp_tovalue(ch, r)          - convert ch to its value when taken as
@@ -387,7 +387,7 @@ The mp_read_radix() and mp_toradix() functions support bases from 2 to
 than this, you will need to write them yourself (that's why mp_div_d()
 is provided, after all).
 
-Note:   mp_read_radix() will accept as digits either capital or
+Note:   mp_read_radix() will accept as digits either capital or 
 ----    lower-case letters.  However, the current implementation of
         mp_toradix() only outputs upper-case letters, when writing
         bases betwee 10 and 36.  The underlying code supports using
@@ -448,14 +448,14 @@ Note:  The mpp_random() and mpp_random_size() functions use the C
        to change.
 
 mpp_divis_vector(a, v, s, w)  - is a divisible by any of the s digits
-                                in v?  If so, let w be the index of
+                                in v?  If so, let w be the index of 
                                 that digit
 
 mpp_divis_primes(a, np)       - is a divisible by any of the first np
-                                primes?  If so, set np to the prime
+                                primes?  If so, set np to the prime 
                                 which divided a.
 
-mpp_fermat(a, d)              - test if w^a = w (mod a).  If so,
+mpp_fermat(a, d)              - test if w^a = w (mod a).  If so, 
                                 returns MP_YES, otherwise MP_NO.
 
 mpp_pprime(a, nt)             - perform nt iterations of the Rabin-
@@ -486,7 +486,7 @@ The file 'mpi-config.h' defines several configurable parameters for
 the library, which you can adjust to suit your application.  At the
 time of this writing, the available options are:
 
-MP_IOFUNC       - Define true to include the mp_print() function,
+MP_IOFUNC       - Define true to include the mp_print() function, 
                   which is moderately useful for debugging.  This
                   implicitly includes <stdio.h>.
 
@@ -502,14 +502,21 @@ MP_LOGTAB       - If true, the file "logtab.h" is included, which
                   the library includes <math.h> and uses log().  This
                   typically forces you to link against math libraries.
 
+MP_MEMSET       - If true, use memset() to zero buffers.  If you run
+                  into weird alignment related bugs, set this to zero
+                  and an explicit loop will be used.
+
+MP_MEMCPY       - If true, use memcpy() to copy buffers.  If you run
+                  into weird alignment bugs, set this to zero and an
+                  explicit loop will be used.
 
 MP_ARGCHK       - Set to 0, 1, or 2.  This defines how the argument
-                  checking macro, ARGCHK(), gets expanded.  If this
-                  is set to zero, ARGCHK() expands to nothing; no
+                  checking macro, ARGCHK(), gets expanded.  If this 
+                  is set to zero, ARGCHK() expands to nothing; no 
                   argument checks are performed.  If this is 1, the
                   ARGCHK() macro expands to code that returns MP_BADARG
-                  or similar at runtime.  If it is 2, ARGCHK() expands
-                  to an assert() call that aborts the program on a
+                  or similar at runtime.  If it is 2, ARGCHK() expands 
+                  to an assert() call that aborts the program on a 
                   bad input.
 
 MP_DEBUG        - Turns on debugging output.  This is probably not at
@@ -521,14 +528,14 @@ MP_DEFPREC      - The default precision of a newly-created mp_int, in
                   the mp_set_prec() function, but this is its initial
                   value.
 
-MP_SQUARE       - If this is set to a nonzero value, the mp_sqr()
+MP_SQUARE       - If this is set to a nonzero value, the mp_sqr() 
                   function will use an alternate algorithm that takes
                   advantage of the redundant inner product computation
                   when both multiplicands are identical.  Unfortunately,
                   with some compilers this is actually SLOWER than just
                   calling mp_mul() with the same argument twice.  So
                   if you set MP_SQUARE to zero, mp_sqr() will be expan-
-                  ded into a call to mp_mul().  This applies to all
+                  ded into a call to mp_mul().  This applies to all 
                   the uses of mp_sqr(), including mp_sqrmod() and the
                   internal calls to s_mp_sqr() inside mpi.c
 
@@ -561,7 +568,7 @@ CFLAGS=-ansi -pedantic -Wall -O2
 
 If all goes well, the library should compile without warnings using
 this combination.  You should, of course, make whatever adjustments
-you find necessary.
+you find necessary.  
 
 The MPI library distribution comes with several additional programs
 which are intended to demonstrate the use of the library, and provide
@@ -573,7 +580,7 @@ directory) for manipulating large numbers.  These include:
 basecvt.c       A radix-conversion program, supporting bases from
                 2 to 64 inclusive.
 
-bbsrand.c       A BBS (quadratic residue) pseudo-random number
+bbsrand.c       A BBS (quadratic residue) pseudo-random number 
                 generator.  The file 'bbsrand.c' is just the driver
                 for the program; the real code lives in the files
                 'bbs_rand.h' and 'bbs_rand.c'
@@ -619,7 +626,7 @@ Acknowledgements:
 ----------------
 
 The algorithms used in this library were drawn primarily from Volume
-2 of Donald Knuth's magnum opus, _The Art of Computer Programming_,
+2 of Donald Knuth's magnum opus, _The Art of Computer Programming_, 
 "Semi-Numerical Methods".  Barrett's algorithm for modular reduction
 came from Menezes, Oorschot, and Vanstone's _Handbook of Applied
 Cryptography_, Chapter 14.
diff --git a/security/nss/lib/freebl/mpi/mpi-config.h b/security/nss/lib/freebl/mpi/mpi-config.h
index 0cc868a14..c6f72b206 100644
--- a/security/nss/lib/freebl/mpi/mpi-config.h
+++ b/security/nss/lib/freebl/mpi/mpi-config.h
@@ -28,6 +28,14 @@
 #define MP_LOGTAB 1 /* use table of logs instead of log()? */
 #endif
 
+#ifndef MP_MEMSET
+#define MP_MEMSET 1 /* use memset() to zero buffers?       */
+#endif
+
+#ifndef MP_MEMCPY
+#define MP_MEMCPY 1 /* use memcpy() to copy buffers?       */
+#endif
+
 #ifndef MP_ARGCHK
 /*
   0 = no parameter checks
diff --git a/security/nss/lib/freebl/mpi/mpi.c b/security/nss/lib/freebl/mpi/mpi.c
index ae404019d..f7784c8d9 100644
--- a/security/nss/lib/freebl/mpi/mpi.c
+++ b/security/nss/lib/freebl/mpi/mpi.c
@@ -2782,7 +2782,15 @@ s_mp_pad(mp_int *mp, mp_size min)
 void
 s_mp_setz(mp_digit *dp, mp_size count)
 {
+#if MP_MEMSET == 0
+    int ix;
+
+    for (ix = 0; ix < count; ix++)
+        dp[ix] = 0;
+#else
     memset(dp, 0, count * sizeof(mp_digit));
+#endif
+
 } /* end s_mp_setz() */
 
 /* }}} */
@@ -2793,7 +2801,14 @@ s_mp_setz(mp_digit *dp, mp_size count)
 void
 s_mp_copy(const mp_digit *sp, mp_digit *dp, mp_size count)
 {
+#if MP_MEMCPY == 0
+    int ix;
+
+    for (ix = 0; ix < count; ix++)
+        dp[ix] = sp[ix];
+#else
     memcpy(dp, sp, count * sizeof(mp_digit));
+#endif
 } /* end s_mp_copy() */
 
 /* }}} */
diff --git a/security/nss/lib/freebl/nsslowhash.c b/security/nss/lib/freebl/nsslowhash.c
index 22f97810f..5ed039689 100644
--- a/security/nss/lib/freebl/nsslowhash.c
+++ b/security/nss/lib/freebl/nsslowhash.c
@@ -22,7 +22,6 @@ struct NSSLOWHASHContextStr {
     void *hashCtxt;
 };
 
-#ifndef NSS_FIPS_DISABLED
 static int
 nsslow_GetFIPSEnabled(void)
 {
@@ -41,10 +40,9 @@ nsslow_GetFIPSEnabled(void)
         return 0;
     if (d != '1')
         return 0;
-#endif /* LINUX */
+#endif
     return 1;
 }
-#endif /* NSS_FIPS_DISABLED */
 
 static NSSLOWInitContext dummyContext = { 0 };
 static PRBool post_failed = PR_TRUE;
@@ -56,7 +54,6 @@ NSSLOW_Init(void)
     (void)FREEBL_InitStubs();
 #endif
 
-#ifndef NSS_FIPS_DISABLED
     /* make sure the FIPS product is installed if we are trying to
      * go into FIPS mode */
     if (nsslow_GetFIPSEnabled()) {
@@ -66,7 +63,6 @@ NSSLOW_Init(void)
             return NULL;
         }
     }
-#endif
     post_failed = PR_FALSE;
 
     return &dummyContext;
diff --git a/security/nss/lib/freebl/poly1305.h b/security/nss/lib/freebl/poly1305.h
index 125f49b3b..0a463483f 100644
--- a/security/nss/lib/freebl/poly1305.h
+++ b/security/nss/lib/freebl/poly1305.h
@@ -8,8 +8,6 @@
 #ifndef FREEBL_POLY1305_H_
 #define FREEBL_POLY1305_H_
 
-#include "stddef.h"
-
 typedef unsigned char poly1305_state[512];
 
 /* Poly1305Init sets up |state| so that it can be used to calculate an
diff --git a/security/nss/lib/freebl/rijndael.c b/security/nss/lib/freebl/rijndael.c
index 5de27de9c..e4ad60388 100644
--- a/security/nss/lib/freebl/rijndael.c
+++ b/security/nss/lib/freebl/rijndael.c
@@ -27,39 +27,16 @@
 #include "intel-gcm.h"
 #endif /* INTEL_GCM */
 
-/* Forward declarations */
-void rijndael_native_key_expansion(AESContext *cx, const unsigned char *key,
-                                   unsigned int Nk);
-void rijndael_native_encryptBlock(AESContext *cx,
-                                  unsigned char *output,
-                                  const unsigned char *input);
-
-/* Stub definitions for the above rijndael_native_* functions, which
- * shouldn't be used unless NSS_X86_OR_X64 is defined */
-#ifndef NSS_X86_OR_X64
-void
-rijndael_native_key_expansion(AESContext *cx, const unsigned char *key,
-                              unsigned int Nk)
-{
-    PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-    PORT_Assert(0);
-}
-
-void
-rijndael_native_encryptBlock(AESContext *cx,
-                             unsigned char *output,
-                             const unsigned char *input)
-{
-    PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-    PORT_Assert(0);
-}
-#endif /* NSS_X86_OR_X64 */
-
 /*
- * There are currently three ways to build this code, varying in performance
+ * There are currently five ways to build this code, varying in performance
  * and code size.
  *
  * RIJNDAEL_INCLUDE_TABLES         Include all tables from rijndael32.tab
+ * RIJNDAEL_GENERATE_TABLES        Generate tables on first
+ *                                 encryption/decryption, then store them;
+ *                                 use the function gfm
+ * RIJNDAEL_GENERATE_TABLES_MACRO  Same as above, but use macros to do
+ *                                 the generation
  * RIJNDAEL_GENERATE_VALUES        Do not store tables, generate the table
  *                                 values "on-the-fly", using gfm
  * RIJNDAEL_GENERATE_VALUES_MACRO  Same as above, but use macros
@@ -131,7 +108,8 @@ rijndael_native_encryptBlock(AESContext *cx,
     ((a & 0x80) ? ((a << 1) ^ 0x1b) : (a << 1))
 
 /* Choose GFM method (macros or function) */
-#if defined(RIJNDAEL_GENERATE_VALUES_MACRO)
+#if defined(RIJNDAEL_GENERATE_TABLES_MACRO) || \
+    defined(RIJNDAEL_GENERATE_VALUES_MACRO)
 
 /*
  * Galois field GF(2**8) multipliers, in macro form
@@ -155,7 +133,7 @@ rijndael_native_encryptBlock(AESContext *cx,
 #define GFM0E(a) \
     (GFM02(a) ^ GFM04(a) ^ GFM08(a)) /* a * 0E = a * (02 + 04 + 08) */
 
-#else /* RIJNDAEL_GENERATE_VALUES */
+#else /* RIJNDAEL_GENERATE_TABLES or RIJNDAEL_GENERATE_VALUES */
 
 /* GF_MULTIPLY
  *
@@ -266,7 +244,7 @@ gen_TInvXi(PRUint8 tx, PRUint8 i)
 #define IMXC1(b) G_IMXC1(b)
 #define IMXC2(b) G_IMXC2(b)
 #define IMXC3(b) G_IMXC3(b)
-#else /* RIJNDAEL_GENERATE_VALUES_MACRO */
+#elif defined(RIJNDAEL_GENERATE_VALUES_MACRO)
 /* generate values for the tables with macros */
 #define T0(i) G_T0(i)
 #define T1(i) G_T1(i)
@@ -280,10 +258,84 @@ gen_TInvXi(PRUint8 tx, PRUint8 i)
 #define IMXC1(b) G_IMXC1(b)
 #define IMXC2(b) G_IMXC2(b)
 #define IMXC3(b) G_IMXC3(b)
+#else /* RIJNDAEL_GENERATE_TABLES or RIJNDAEL_GENERATE_TABLES_MACRO */
+/* Generate T and T**-1 table values and store, then index */
+/* The inverse mix column tables are still generated */
+#define T0(i) rijndaelTables->T0[i]
+#define T1(i) rijndaelTables->T1[i]
+#define T2(i) rijndaelTables->T2[i]
+#define T3(i) rijndaelTables->T3[i]
+#define TInv0(i) rijndaelTables->TInv0[i]
+#define TInv1(i) rijndaelTables->TInv1[i]
+#define TInv2(i) rijndaelTables->TInv2[i]
+#define TInv3(i) rijndaelTables->TInv3[i]
+#define IMXC0(b) G_IMXC0(b)
+#define IMXC1(b) G_IMXC1(b)
+#define IMXC2(b) G_IMXC2(b)
+#define IMXC3(b) G_IMXC3(b)
 #endif /* choose T-table indexing method */
 
 #endif /* not RIJNDAEL_INCLUDE_TABLES */
 
+#if defined(RIJNDAEL_GENERATE_TABLES) || \
+    defined(RIJNDAEL_GENERATE_TABLES_MACRO)
+
+/* Code to generate and store the tables */
+
+struct rijndael_tables_str {
+    PRUint32 T0[256];
+    PRUint32 T1[256];
+    PRUint32 T2[256];
+    PRUint32 T3[256];
+    PRUint32 TInv0[256];
+    PRUint32 TInv1[256];
+    PRUint32 TInv2[256];
+    PRUint32 TInv3[256];
+};
+
+static struct rijndael_tables_str *rijndaelTables = NULL;
+static PRCallOnceType coRTInit = { 0, 0, 0 };
+static PRStatus
+init_rijndael_tables(void)
+{
+    PRUint32 i;
+    PRUint8 si01, si02, si03, si04, si08, si09, si0B, si0D, si0E;
+    struct rijndael_tables_str *rts;
+    rts = (struct rijndael_tables_str *)
+        PORT_Alloc(sizeof(struct rijndael_tables_str));
+    if (!rts)
+        return PR_FAILURE;
+    for (i = 0; i < 256; i++) {
+        /* The forward values */
+        si01 = SBOX(i);
+        si02 = XTIME(si01);
+        si03 = si02 ^ si01;
+        rts->T0[i] = WORD4(si02, si01, si01, si03);
+        rts->T1[i] = WORD4(si03, si02, si01, si01);
+        rts->T2[i] = WORD4(si01, si03, si02, si01);
+        rts->T3[i] = WORD4(si01, si01, si03, si02);
+        /* The inverse values */
+        si01 = SINV(i);
+        si02 = XTIME(si01);
+        si04 = XTIME(si02);
+        si08 = XTIME(si04);
+        si03 = si02 ^ si01;
+        si09 = si08 ^ si01;
+        si0B = si08 ^ si03;
+        si0D = si09 ^ si04;
+        si0E = si08 ^ si04 ^ si02;
+        rts->TInv0[i] = WORD4(si0E, si09, si0D, si0B);
+        rts->TInv1[i] = WORD4(si0B, si0E, si09, si0D);
+        rts->TInv2[i] = WORD4(si0D, si0B, si0E, si09);
+        rts->TInv3[i] = WORD4(si09, si0D, si0B, si0E);
+    }
+    /* wait until all the values are in to set */
+    rijndaelTables = rts;
+    return PR_SUCCESS;
+}
+
+#endif /* code to generate tables */
+
 /**************************************************************************
  *
  * Stuff related to the Rijndael key schedule
@@ -337,6 +389,162 @@ rijndael_key_expansion7(AESContext *cx, const unsigned char *key, unsigned int N
     }
 }
 
+#if defined(NSS_X86_OR_X64)
+#define EXPAND_KEY128(k, rcon, res)                   \
+    tmp_key = _mm_aeskeygenassist_si128(k, rcon);     \
+    tmp_key = _mm_shuffle_epi32(tmp_key, 0xFF);       \
+    tmp = _mm_xor_si128(k, _mm_slli_si128(k, 4));     \
+    tmp = _mm_xor_si128(tmp, _mm_slli_si128(tmp, 4)); \
+    tmp = _mm_xor_si128(tmp, _mm_slli_si128(tmp, 4)); \
+    res = _mm_xor_si128(tmp, tmp_key)
+
+static void
+native_key_expansion128(AESContext *cx, const unsigned char *key)
+{
+    __m128i *keySchedule = cx->keySchedule;
+    pre_align __m128i tmp_key post_align;
+    pre_align __m128i tmp post_align;
+    keySchedule[0] = _mm_loadu_si128((__m128i *)key);
+    EXPAND_KEY128(keySchedule[0], 0x01, keySchedule[1]);
+    EXPAND_KEY128(keySchedule[1], 0x02, keySchedule[2]);
+    EXPAND_KEY128(keySchedule[2], 0x04, keySchedule[3]);
+    EXPAND_KEY128(keySchedule[3], 0x08, keySchedule[4]);
+    EXPAND_KEY128(keySchedule[4], 0x10, keySchedule[5]);
+    EXPAND_KEY128(keySchedule[5], 0x20, keySchedule[6]);
+    EXPAND_KEY128(keySchedule[6], 0x40, keySchedule[7]);
+    EXPAND_KEY128(keySchedule[7], 0x80, keySchedule[8]);
+    EXPAND_KEY128(keySchedule[8], 0x1B, keySchedule[9]);
+    EXPAND_KEY128(keySchedule[9], 0x36, keySchedule[10]);
+}
+
+#define EXPAND_KEY192_PART1(res, k0, kt, rcon)                                \
+    tmp2 = _mm_slli_si128(k0, 4);                                             \
+    tmp1 = _mm_xor_si128(k0, tmp2);                                           \
+    tmp2 = _mm_slli_si128(tmp2, 4);                                           \
+    tmp1 = _mm_xor_si128(_mm_xor_si128(tmp1, tmp2), _mm_slli_si128(tmp2, 4)); \
+    tmp2 = _mm_aeskeygenassist_si128(kt, rcon);                               \
+    res = _mm_xor_si128(tmp1, _mm_shuffle_epi32(tmp2, 0x55))
+
+#define EXPAND_KEY192_PART2(res, k1, k2)             \
+    tmp2 = _mm_xor_si128(k1, _mm_slli_si128(k1, 4)); \
+    res = _mm_xor_si128(tmp2, _mm_shuffle_epi32(k2, 0xFF))
+
+#define EXPAND_KEY192(k0, res1, res2, res3, carry, rcon1, rcon2)         \
+    EXPAND_KEY192_PART1(tmp3, k0, res1, rcon1);                          \
+    EXPAND_KEY192_PART2(carry, res1, tmp3);                              \
+    res1 = _mm_castpd_si128(_mm_shuffle_pd(_mm_castsi128_pd(res1),       \
+                                           _mm_castsi128_pd(tmp3), 0));  \
+    res2 = _mm_castpd_si128(_mm_shuffle_pd(_mm_castsi128_pd(tmp3),       \
+                                           _mm_castsi128_pd(carry), 1)); \
+    EXPAND_KEY192_PART1(res3, tmp3, carry, rcon2)
+
+static void
+native_key_expansion192(AESContext *cx, const unsigned char *key)
+{
+    __m128i *keySchedule = cx->keySchedule;
+    pre_align __m128i tmp1 post_align;
+    pre_align __m128i tmp2 post_align;
+    pre_align __m128i tmp3 post_align;
+    pre_align __m128i carry post_align;
+    keySchedule[0] = _mm_loadu_si128((__m128i *)key);
+    keySchedule[1] = _mm_loadu_si128((__m128i *)(key + 16));
+    EXPAND_KEY192(keySchedule[0], keySchedule[1], keySchedule[2],
+                  keySchedule[3], carry, 0x1, 0x2);
+    EXPAND_KEY192_PART2(keySchedule[4], carry, keySchedule[3]);
+    EXPAND_KEY192(keySchedule[3], keySchedule[4], keySchedule[5],
+                  keySchedule[6], carry, 0x4, 0x8);
+    EXPAND_KEY192_PART2(keySchedule[7], carry, keySchedule[6]);
+    EXPAND_KEY192(keySchedule[6], keySchedule[7], keySchedule[8],
+                  keySchedule[9], carry, 0x10, 0x20);
+    EXPAND_KEY192_PART2(keySchedule[10], carry, keySchedule[9]);
+    EXPAND_KEY192(keySchedule[9], keySchedule[10], keySchedule[11],
+                  keySchedule[12], carry, 0x40, 0x80);
+}
+
+#define EXPAND_KEY256_PART(res, rconx, k1x, k2x, X)                           \
+    tmp_key = _mm_shuffle_epi32(_mm_aeskeygenassist_si128(k2x, rconx), X);    \
+    tmp2 = _mm_slli_si128(k1x, 4);                                            \
+    tmp1 = _mm_xor_si128(k1x, tmp2);                                          \
+    tmp2 = _mm_slli_si128(tmp2, 4);                                           \
+    tmp1 = _mm_xor_si128(_mm_xor_si128(tmp1, tmp2), _mm_slli_si128(tmp2, 4)); \
+    res = _mm_xor_si128(tmp1, tmp_key);
+
+#define EXPAND_KEY256(res1, res2, k1, k2, rcon)   \
+    EXPAND_KEY256_PART(res1, rcon, k1, k2, 0xFF); \
+    EXPAND_KEY256_PART(res2, 0x00, k2, res1, 0xAA)
+
+static void
+native_key_expansion256(AESContext *cx, const unsigned char *key)
+{
+    __m128i *keySchedule = cx->keySchedule;
+    pre_align __m128i tmp_key post_align;
+    pre_align __m128i tmp1 post_align;
+    pre_align __m128i tmp2 post_align;
+    keySchedule[0] = _mm_loadu_si128((__m128i *)key);
+    keySchedule[1] = _mm_loadu_si128((__m128i *)(key + 16));
+    EXPAND_KEY256(keySchedule[2], keySchedule[3], keySchedule[0],
+                  keySchedule[1], 0x01);
+    EXPAND_KEY256(keySchedule[4], keySchedule[5], keySchedule[2],
+                  keySchedule[3], 0x02);
+    EXPAND_KEY256(keySchedule[6], keySchedule[7], keySchedule[4],
+                  keySchedule[5], 0x04);
+    EXPAND_KEY256(keySchedule[8], keySchedule[9], keySchedule[6],
+                  keySchedule[7], 0x08);
+    EXPAND_KEY256(keySchedule[10], keySchedule[11], keySchedule[8],
+                  keySchedule[9], 0x10);
+    EXPAND_KEY256(keySchedule[12], keySchedule[13], keySchedule[10],
+                  keySchedule[11], 0x20);
+    EXPAND_KEY256_PART(keySchedule[14], 0x40, keySchedule[12],
+                       keySchedule[13], 0xFF);
+}
+
+#endif /* NSS_X86_OR_X64 */
+
+/*
+ * AES key expansion using aes-ni instructions.
+ */
+static void
+native_key_expansion(AESContext *cx, const unsigned char *key, unsigned int Nk)
+{
+#ifdef NSS_X86_OR_X64
+    switch (Nk) {
+        case 4:
+            native_key_expansion128(cx, key);
+            return;
+        case 6:
+            native_key_expansion192(cx, key);
+            return;
+        case 8:
+            native_key_expansion256(cx, key);
+            return;
+        default:
+            /* This shouldn't happen. */
+            PORT_Assert(0);
+    }
+#else
+    PORT_Assert(0);
+#endif /* NSS_X86_OR_X64 */
+}
+
+static void
+native_encryptBlock(AESContext *cx,
+                    unsigned char *output,
+                    const unsigned char *input)
+{
+#ifdef NSS_X86_OR_X64
+    int i;
+    pre_align __m128i m post_align = _mm_loadu_si128((__m128i *)input);
+    m = _mm_xor_si128(m, cx->keySchedule[0]);
+    for (i = 1; i < cx->Nr; ++i) {
+        m = _mm_aesenc_si128(m, cx->keySchedule[i]);
+    }
+    m = _mm_aesenclast_si128(m, cx->keySchedule[cx->Nr]);
+    _mm_storeu_si128((__m128i *)output, m);
+#else
+    PORT_Assert(0);
+#endif /* NSS_X86_OR_X64 */
+}
+
 /* rijndael_key_expansion
  *
  * Generate the expanded key from the key input by the user.
@@ -702,7 +910,7 @@ rijndael_encryptECB(AESContext *cx, unsigned char *output,
 
     if (aesni_support()) {
         /* Use hardware acceleration for normal AES parameters. */
-        encryptor = &rijndael_native_encryptBlock;
+        encryptor = &native_encryptBlock;
     } else {
         encryptor = &rijndael_encryptBlock128;
     }
@@ -809,7 +1017,14 @@ rijndael_decryptCBC(AESContext *cx, unsigned char *output,
 AESContext *
 AES_AllocateContext(void)
 {
-    return PORT_ZNewAligned(AESContext, 16, mem);
+    /* aligned_alloc is C11 so we have to do it the old way. */
+    AESContext *ctx = PORT_ZAlloc(sizeof(AESContext) + 15);
+    if (ctx == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return NULL;
+    }
+    ctx->mem = ctx;
+    return (AESContext *)(((uintptr_t)ctx + 15) & ~(uintptr_t)0x0F);
 }
 
 /*
@@ -892,13 +1107,22 @@ aes_InitContext(AESContext *cx, const unsigned char *key, unsigned int keysize,
     } else
 #endif
     {
+
+#if defined(RIJNDAEL_GENERATE_TABLES) || \
+    defined(RIJNDAEL_GENERATE_TABLES_MACRO)
+        if (rijndaelTables == NULL) {
+            if (PR_CallOnce(&coRTInit, init_rijndael_tables) != PR_SUCCESS) {
+                return SECFailure;
+            }
+        }
+#endif
         /* Generate expanded key */
         if (encrypt) {
             if (use_hw_aes && (cx->mode == NSS_AES_GCM || cx->mode == NSS_AES ||
                                cx->mode == NSS_AES_CTR)) {
                 PORT_Assert(keysize == 16 || keysize == 24 || keysize == 32);
                 /* Prepare hardware key for normal AES parameters. */
-                rijndael_native_key_expansion(cx, key, Nk);
+                native_key_expansion(cx, key, Nk);
             } else {
                 rijndael_key_expansion(cx, key, Nk);
             }
diff --git a/security/nss/lib/freebl/rijndael.h b/security/nss/lib/freebl/rijndael.h
index 1b63a323d..1f4a8a9f7 100644
--- a/security/nss/lib/freebl/rijndael.h
+++ b/security/nss/lib/freebl/rijndael.h
@@ -8,22 +8,8 @@
 #include "blapii.h"
 #include <stdint.h>
 
-#if defined(NSS_X86_OR_X64)
-/* GCC <= 4.8 doesn't support including emmintrin.h without enabling SSE2 */
-#if !defined(__clang__) && defined(__GNUC__) && defined(__GNUC_MINOR__) && \
-    (__GNUC__ < 4 || (__GNUC__ == 4 && __GNUC_MINOR__ <= 8))
-#pragma GCC push_options
-#pragma GCC target("sse2")
-#undef NSS_DISABLE_SSE2
-#define NSS_DISABLE_SSE2 1
-#endif /* GCC <= 4.8 */
-
-#include <emmintrin.h> /* __m128i */
-
-#ifdef NSS_DISABLE_SSE2
-#undef NSS_DISABLE_SSE2
-#pragma GCC pop_options
-#endif /* NSS_DISABLE_SSE2 */
+#ifdef NSS_X86_OR_X64
+#include <wmmintrin.h> /* aes-ni */
 #endif
 
 typedef void AESBlockFunc(AESContext *cx,
diff --git a/security/nss/lib/freebl/rsa.c b/security/nss/lib/freebl/rsa.c
index a08636de6..7354d9317 100644
--- a/security/nss/lib/freebl/rsa.c
+++ b/security/nss/lib/freebl/rsa.c
@@ -276,10 +276,7 @@ RSAPrivateKey *
 RSA_NewKey(int keySizeInBits, SECItem *publicExponent)
 {
     unsigned int primeLen;
-    mp_int p = { 0, 0, 0, NULL };
-    mp_int q = { 0, 0, 0, NULL };
-    mp_int e = { 0, 0, 0, NULL };
-    mp_int d = { 0, 0, 0, NULL };
+    mp_int p, q, e, d;
     int kiter;
     int max_attempts;
     mp_err err = MP_OKAY;
@@ -293,46 +290,34 @@ RSA_NewKey(int keySizeInBits, SECItem *publicExponent)
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
         return NULL;
     }
-    /* 1.  Set the public exponent and check if it's uneven and greater than 2.*/
-    MP_DIGITS(&e) = 0;
-    CHECK_MPI_OK(mp_init(&e));
-    SECITEM_TO_MPINT(*publicExponent, &e);
-    if (mp_iseven(&e) || !(mp_cmp_d(&e, 2) > 0)) {
-        PORT_SetError(SEC_ERROR_INVALID_ARGS);
-        goto cleanup;
-    }
-#ifndef NSS_FIPS_DISABLED
-    /* Check that the exponent is not smaller than 65537  */
-    if (mp_cmp_d(&e, 0x10001) < 0) {
-        PORT_SetError(SEC_ERROR_INVALID_ARGS);
-        goto cleanup;
-    }
-#endif
-
-    /* 2. Allocate arena & key */
+    /* 1. Allocate arena & key */
     arena = PORT_NewArena(NSS_FREEBL_DEFAULT_CHUNKSIZE);
     if (!arena) {
         PORT_SetError(SEC_ERROR_NO_MEMORY);
-        goto cleanup;
+        return NULL;
     }
     key = PORT_ArenaZNew(arena, RSAPrivateKey);
     if (!key) {
         PORT_SetError(SEC_ERROR_NO_MEMORY);
-        goto cleanup;
+        PORT_FreeArena(arena, PR_TRUE);
+        return NULL;
     }
     key->arena = arena;
     /* length of primes p and q (in bytes) */
     primeLen = keySizeInBits / (2 * PR_BITS_PER_BYTE);
     MP_DIGITS(&p) = 0;
     MP_DIGITS(&q) = 0;
+    MP_DIGITS(&e) = 0;
     MP_DIGITS(&d) = 0;
     CHECK_MPI_OK(mp_init(&p));
     CHECK_MPI_OK(mp_init(&q));
+    CHECK_MPI_OK(mp_init(&e));
     CHECK_MPI_OK(mp_init(&d));
-    /* 3.  Set the version number (PKCS1 v1.5 says it should be zero) */
+    /* 2.  Set the version number (PKCS1 v1.5 says it should be zero) */
     SECITEM_AllocItem(arena, &key->version, 1);
     key->version.data[0] = 0;
-
+    /* 3.  Set the public exponent */
+    SECITEM_TO_MPINT(*publicExponent, &e);
     kiter = 0;
     max_attempts = 5 * (keySizeInBits / 2); /* FIPS 186-4 B.3.3 steps 4.7 and 5.8 */
     do {
diff --git a/security/nss/lib/freebl/sha512.c b/security/nss/lib/freebl/sha512.c
index c1cfb7376..528f884b2 100644
--- a/security/nss/lib/freebl/sha512.c
+++ b/security/nss/lib/freebl/sha512.c
@@ -19,7 +19,6 @@
 #include "secport.h" /* for PORT_XXX */
 #include "blapi.h"
 #include "sha256.h" /* for struct SHA256ContextStr */
-#include "crypto_primitives.h"
 
 /* ============= Common constants and defines ======================= */
 
@@ -649,6 +648,15 @@ SHA224_Clone(SHA224Context *dest, SHA224Context *src)
 
 /* common #defines for SHA512 and SHA384 */
 #if defined(HAVE_LONG_LONG)
+#if defined(_MSC_VER)
+#pragma intrinsic(_rotr64, _rotl64)
+#define ROTR64(x, n) _rotr64(x, n)
+#define ROTL64(x, n) _rotl64(x, n)
+#else
+#define ROTR64(x, n) ((x >> n) | (x << (64 - n)))
+#define ROTL64(x, n) ((x << n) | (x >> (64 - n)))
+#endif
+
 #define S0(x) (ROTR64(x, 28) ^ ROTR64(x, 34) ^ ROTR64(x, 39))
 #define S1(x) (ROTR64(x, 14) ^ ROTR64(x, 18) ^ ROTR64(x, 41))
 #define s0(x) (ROTR64(x, 1) ^ ROTR64(x, 8) ^ SHR(x, 7))
@@ -662,7 +670,36 @@ SHA224_Clone(SHA224Context *dest, SHA224Context *src)
 #define ULLC(hi, lo) 0x##hi##lo##ULL
 #endif
 
-#define BYTESWAP8(x) x = FREEBL_HTONLL(x)
+#if defined(IS_LITTLE_ENDIAN)
+#if defined(_MSC_VER)
+#pragma intrinsic(_byteswap_uint64)
+#define SHA_HTONLL(x) _byteswap_uint64(x)
+
+#elif defined(__GNUC__) && (defined(__x86_64__) || defined(__x86_64))
+static __inline__ PRUint64
+swap8b(PRUint64 value)
+{
+    __asm__("bswapq %0"
+            : "+r"(value));
+    return (value);
+}
+#define SHA_HTONLL(x) swap8b(x)
+
+#else
+#define SHA_MASK16 ULLC(0000FFFF, 0000FFFF)
+#define SHA_MASK8 ULLC(00FF00FF, 00FF00FF)
+static PRUint64
+swap8b(PRUint64 x)
+{
+    PRUint64 t1 = x;
+    t1 = ((t1 & SHA_MASK8) << 8) | ((t1 >> 8) & SHA_MASK8);
+    t1 = ((t1 & SHA_MASK16) << 16) | ((t1 >> 16) & SHA_MASK16);
+    return (t1 >> 32) | (t1 << 32);
+}
+#define SHA_HTONLL(x) swap8b(x)
+#endif
+#define BYTESWAP8(x) x = SHA_HTONLL(x)
+#endif /* defined(IS_LITTLE_ENDIAN) */
 
 #else /* no long long */
 
@@ -671,8 +708,8 @@ SHA224_Clone(SHA224Context *dest, SHA224Context *src)
     {                        \
         0x##lo##U, 0x##hi##U \
     }
-#define FREEBL_HTONLL(x) (BYTESWAP4(x.lo), BYTESWAP4(x.hi), \
-                          x.hi ^= x.lo ^= x.hi ^= x.lo, x)
+#define SHA_HTONLL(x) (BYTESWAP4(x.lo), BYTESWAP4(x.hi), \
+                       x.hi ^= x.lo ^= x.hi ^= x.lo, x)
 #define BYTESWAP8(x)     \
     do {                 \
         PRUint32 tmp;    \
diff --git a/security/nss/lib/freebl/shvfy.c b/security/nss/lib/freebl/shvfy.c
index 98db4614b..bd9cd1c94 100644
--- a/security/nss/lib/freebl/shvfy.c
+++ b/security/nss/lib/freebl/shvfy.c
@@ -19,8 +19,6 @@
 #include "pqg.h"
 #include "blapii.h"
 
-#ifndef NSS_FIPS_DISABLED
-
 /*
  * Most modern version of Linux support a speed optimization scheme where an
  * application called prelink modifies programs and shared libraries to quickly
@@ -539,23 +537,3 @@ BLAPI_VerifySelf(const char *name)
     }
     return blapi_SHVerify(name, (PRFuncPtr)decodeInt, PR_TRUE);
 }
-
-#else /* NSS_FIPS_DISABLED */
-
-PRBool
-BLAPI_SHVerifyFile(const char *shName)
-{
-    return PR_FALSE;
-}
-PRBool
-BLAPI_SHVerify(const char *name, PRFuncPtr addr)
-{
-    return PR_FALSE;
-}
-PRBool
-BLAPI_VerifySelf(const char *name)
-{
-    return PR_FALSE;
-}
-
-#endif /* NSS_FIPS_DISABLED */
diff --git a/security/nss/lib/freebl/stubs.c b/security/nss/lib/freebl/stubs.c
index 4d41ef975..8e0784935 100644
--- a/security/nss/lib/freebl/stubs.c
+++ b/security/nss/lib/freebl/stubs.c
@@ -38,11 +38,6 @@
 #include <blapi.h>
 #include <private/pprio.h>
 
-/* Android API < 21 doesn't define RTLD_NOLOAD */
-#ifndef RTLD_NOLOAD
-#define RTLD_NOLOAD 0
-#endif
-
 #define FREEBL_NO_WEAK 1
 
 #define WEAK __attribute__((weak))
@@ -141,11 +136,6 @@ STUB_DECLARE(int, PORT_GetError_Util, (void));
 STUB_DECLARE(PLArenaPool *, PORT_NewArena_Util, (unsigned long chunksize));
 STUB_DECLARE(void, PORT_SetError_Util, (int value));
 STUB_DECLARE(void *, PORT_ZAlloc_Util, (size_t len));
-STUB_DECLARE(void *, PORT_ZAllocAligned_Util, (size_t bytes, size_t alignment,
-                                               void **mem));
-STUB_DECLARE(void *, PORT_ZAllocAlignedOffset_Util, (size_t bytes,
-                                                     size_t alignment,
-                                                     size_t offset));
 STUB_DECLARE(void, PORT_ZFree_Util, (void *ptr, size_t len));
 
 STUB_DECLARE(void, PR_Assert, (const char *s, const char *file, PRIntn ln));
@@ -184,14 +174,11 @@ STUB_DECLARE(void, SECITEM_FreeItem_Util, (SECItem * zap, PRBool freeit));
 STUB_DECLARE(void, SECITEM_ZfreeItem_Util, (SECItem * zap, PRBool freeit));
 STUB_DECLARE(SECOidTag, SECOID_FindOIDTag_Util, (const SECItem *oid));
 STUB_DECLARE(int, NSS_SecureMemcmp, (const void *a, const void *b, size_t n));
-STUB_DECLARE(unsigned int, NSS_SecureMemcmpZero, (const void *mem, size_t n));
 
 #define PORT_ZNew_stub(type) (type *)PORT_ZAlloc_stub(sizeof(type))
 #define PORT_New_stub(type) (type *)PORT_Alloc_stub(sizeof(type))
 #define PORT_ZNewArray_stub(type, num) \
     (type *)PORT_ZAlloc_stub(sizeof(type) * (num))
-#define PORT_ZNewAligned_stub(type, alignment, mem) \
-    (type *)PORT_ZAllocAlignedOffset_stub(sizeof(type), alignment, offsetof(type, mem))
 
 /*
  * NOTE: in order to support hashing only the memory allocation stubs,
@@ -227,52 +214,6 @@ PORT_ZAlloc_stub(size_t len)
     return ptr;
 }
 
-/* aligned_alloc is C11. This is an alternative to get aligned memory. */
-extern void *
-PORT_ZAllocAligned_stub(size_t bytes, size_t alignment, void **mem)
-{
-    STUB_SAFE_CALL3(PORT_ZAllocAligned_Util, bytes, alignment, mem);
-
-    /* This only works if alignement is a power of 2. */
-    if ((alignment == 0) || (alignment & (alignment - 1))) {
-        return NULL;
-    }
-
-    size_t x = alignment - 1;
-    size_t len = (bytes ? bytes : 1) + x;
-
-    if (!mem) {
-        return NULL;
-    }
-
-    /* Always allocate a non-zero amount of bytes */
-    *mem = malloc(len);
-    if (!*mem) {
-        return NULL;
-    }
-
-    memset(*mem, 0, len);
-    return (void *)(((uintptr_t)*mem + x) & ~(uintptr_t)x);
-}
-
-extern void *
-PORT_ZAllocAlignedOffset_stub(size_t size, size_t alignment, size_t offset)
-{
-    STUB_SAFE_CALL3(PORT_ZAllocAlignedOffset_Util, size, alignment, offset);
-    if (offset > size) {
-        return NULL;
-    }
-
-    void *mem = NULL;
-    void *v = PORT_ZAllocAligned_stub(size, alignment, &mem);
-    if (!v) {
-        return NULL;
-    }
-
-    *((void **)((uintptr_t)v + offset)) = mem;
-    return v;
-}
-
 extern void
 PORT_ZFree_stub(void *ptr, size_t len)
 {
@@ -649,13 +590,6 @@ NSS_SecureMemcmp_stub(const void *a, const void *b, size_t n)
     abort();
 }
 
-extern unsigned int
-NSS_SecureMemcmpZero_stub(const void *mem, size_t n)
-{
-    STUB_SAFE_CALL2(NSS_SecureMemcmpZero, mem, n);
-    abort();
-}
-
 #ifdef FREEBL_NO_WEAK
 
 static const char *nsprLibName = SHLIB_PREFIX "nspr4." SHLIB_SUFFIX;
@@ -708,7 +642,6 @@ freebl_InitNSSUtil(void *lib)
     STUB_FETCH_FUNCTION(SECITEM_ZfreeItem_Util);
     STUB_FETCH_FUNCTION(SECOID_FindOIDTag_Util);
     STUB_FETCH_FUNCTION(NSS_SecureMemcmp);
-    STUB_FETCH_FUNCTION(NSS_SecureMemcmpZero);
     return SECSuccess;
 }
 
diff --git a/security/nss/lib/freebl/stubs.h b/security/nss/lib/freebl/stubs.h
index e63cf7a5d..25ec394ec 100644
--- a/security/nss/lib/freebl/stubs.h
+++ b/security/nss/lib/freebl/stubs.h
@@ -30,8 +30,6 @@
 #define PORT_SetError PORT_SetError_stub
 #define PORT_ZAlloc PORT_ZAlloc_stub
 #define PORT_ZFree PORT_ZFree_stub
-#define PORT_ZAllocAligned PORT_ZAllocAligned_stub
-#define PORT_ZAllocAlignedOffset PORT_ZAllocAlignedOffset_stub
 
 #define SECITEM_AllocItem SECITEM_AllocItem_stub
 #define SECITEM_CompareItem SECITEM_CompareItem_stub
@@ -40,7 +38,6 @@
 #define SECITEM_ZfreeItem SECITEM_ZfreeItem_stub
 #define SECOID_FindOIDTag SECOID_FindOIDTag_stub
 #define NSS_SecureMemcmp NSS_SecureMemcmp_stub
-#define NSS_SecureMemcmpZero NSS_SecureMemcmpZero_stub
 
 #define PR_Assert PR_Assert_stub
 #define PR_Access PR_Access_stub
diff --git a/security/nss/lib/freebl/verified/FStar.c b/security/nss/lib/freebl/verified/FStar.c
deleted file mode 100644
index 4e5f6d50d..000000000
--- a/security/nss/lib/freebl/verified/FStar.c
+++ /dev/null
@@ -1,255 +0,0 @@
-/* Copyright 2016-2017 INRIA and Microsoft Corporation
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/* This file was auto-generated by KreMLin! */
-
-#include "FStar.h"
-
-static uint64_t
-FStar_UInt128_constant_time_carry(uint64_t a, uint64_t b)
-{
-    return (a ^ ((a ^ b) | ((a - b) ^ b))) >> (uint32_t)63U;
-}
-
-static uint64_t
-FStar_UInt128_carry(uint64_t a, uint64_t b)
-{
-    return FStar_UInt128_constant_time_carry(a, b);
-}
-
-FStar_UInt128_uint128
-FStar_UInt128_add(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
-{
-    return (
-        (FStar_UInt128_uint128){
-            .low = a.low + b.low,
-            .high = a.high + b.high + FStar_UInt128_carry(a.low + b.low, b.low) });
-}
-
-FStar_UInt128_uint128
-FStar_UInt128_add_mod(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
-{
-    return (
-        (FStar_UInt128_uint128){
-            .low = a.low + b.low,
-            .high = a.high + b.high + FStar_UInt128_carry(a.low + b.low, b.low) });
-}
-
-FStar_UInt128_uint128
-FStar_UInt128_sub(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
-{
-    return (
-        (FStar_UInt128_uint128){
-            .low = a.low - b.low,
-            .high = a.high - b.high - FStar_UInt128_carry(a.low, a.low - b.low) });
-}
-
-static FStar_UInt128_uint128
-FStar_UInt128_sub_mod_impl(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
-{
-    return (
-        (FStar_UInt128_uint128){
-            .low = a.low - b.low,
-            .high = a.high - b.high - FStar_UInt128_carry(a.low, a.low - b.low) });
-}
-
-FStar_UInt128_uint128
-FStar_UInt128_sub_mod(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
-{
-    return FStar_UInt128_sub_mod_impl(a, b);
-}
-
-FStar_UInt128_uint128
-FStar_UInt128_logand(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
-{
-    return ((FStar_UInt128_uint128){.low = a.low & b.low, .high = a.high & b.high });
-}
-
-FStar_UInt128_uint128
-FStar_UInt128_logxor(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
-{
-    return ((FStar_UInt128_uint128){.low = a.low ^ b.low, .high = a.high ^ b.high });
-}
-
-FStar_UInt128_uint128
-FStar_UInt128_logor(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
-{
-    return ((FStar_UInt128_uint128){.low = a.low | b.low, .high = a.high | b.high });
-}
-
-FStar_UInt128_uint128
-FStar_UInt128_lognot(FStar_UInt128_uint128 a)
-{
-    return ((FStar_UInt128_uint128){.low = ~a.low, .high = ~a.high });
-}
-
-static uint32_t FStar_UInt128_u32_64 = (uint32_t)64U;
-
-static uint64_t
-FStar_UInt128_add_u64_shift_left(uint64_t hi, uint64_t lo, uint32_t s)
-{
-    return (hi << s) + (lo >> (FStar_UInt128_u32_64 - s));
-}
-
-static uint64_t
-FStar_UInt128_add_u64_shift_left_respec(uint64_t hi, uint64_t lo, uint32_t s)
-{
-    return FStar_UInt128_add_u64_shift_left(hi, lo, s);
-}
-
-static FStar_UInt128_uint128
-FStar_UInt128_shift_left_small(FStar_UInt128_uint128 a, uint32_t s)
-{
-    if (s == (uint32_t)0U)
-        return a;
-    else
-        return (
-            (FStar_UInt128_uint128){
-                .low = a.low << s,
-                .high = FStar_UInt128_add_u64_shift_left_respec(a.high, a.low, s) });
-}
-
-static FStar_UInt128_uint128
-FStar_UInt128_shift_left_large(FStar_UInt128_uint128 a, uint32_t s)
-{
-    return ((FStar_UInt128_uint128){.low = (uint64_t)0U, .high = a.low << (s - FStar_UInt128_u32_64) });
-}
-
-FStar_UInt128_uint128
-FStar_UInt128_shift_left(FStar_UInt128_uint128 a, uint32_t s)
-{
-    if (s < FStar_UInt128_u32_64)
-        return FStar_UInt128_shift_left_small(a, s);
-    else
-        return FStar_UInt128_shift_left_large(a, s);
-}
-
-static uint64_t
-FStar_UInt128_add_u64_shift_right(uint64_t hi, uint64_t lo, uint32_t s)
-{
-    return (lo >> s) + (hi << (FStar_UInt128_u32_64 - s));
-}
-
-static uint64_t
-FStar_UInt128_add_u64_shift_right_respec(uint64_t hi, uint64_t lo, uint32_t s)
-{
-    return FStar_UInt128_add_u64_shift_right(hi, lo, s);
-}
-
-static FStar_UInt128_uint128
-FStar_UInt128_shift_right_small(FStar_UInt128_uint128 a, uint32_t s)
-{
-    if (s == (uint32_t)0U)
-        return a;
-    else
-        return (
-            (FStar_UInt128_uint128){
-                .low = FStar_UInt128_add_u64_shift_right_respec(a.high, a.low, s),
-                .high = a.high >> s });
-}
-
-static FStar_UInt128_uint128
-FStar_UInt128_shift_right_large(FStar_UInt128_uint128 a, uint32_t s)
-{
-    return ((FStar_UInt128_uint128){.low = a.high >> (s - FStar_UInt128_u32_64), .high = (uint64_t)0U });
-}
-
-FStar_UInt128_uint128
-FStar_UInt128_shift_right(FStar_UInt128_uint128 a, uint32_t s)
-{
-    if (s < FStar_UInt128_u32_64)
-        return FStar_UInt128_shift_right_small(a, s);
-    else
-        return FStar_UInt128_shift_right_large(a, s);
-}
-
-FStar_UInt128_uint128
-FStar_UInt128_eq_mask(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
-{
-    return (
-        (FStar_UInt128_uint128){
-            .low = FStar_UInt64_eq_mask(a.low, b.low) & FStar_UInt64_eq_mask(a.high, b.high),
-            .high = FStar_UInt64_eq_mask(a.low, b.low) & FStar_UInt64_eq_mask(a.high, b.high) });
-}
-
-FStar_UInt128_uint128
-FStar_UInt128_gte_mask(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
-{
-    return (
-        (FStar_UInt128_uint128){
-            .low = (FStar_UInt64_gte_mask(a.high, b.high) & ~FStar_UInt64_eq_mask(a.high, b.high)) | (FStar_UInt64_eq_mask(a.high, b.high) & FStar_UInt64_gte_mask(a.low, b.low)),
-            .high = (FStar_UInt64_gte_mask(a.high, b.high) & ~FStar_UInt64_eq_mask(a.high, b.high)) | (FStar_UInt64_eq_mask(a.high, b.high) & FStar_UInt64_gte_mask(a.low, b.low)) });
-}
-
-FStar_UInt128_uint128
-FStar_UInt128_uint64_to_uint128(uint64_t a)
-{
-    return ((FStar_UInt128_uint128){.low = a, .high = (uint64_t)0U });
-}
-
-uint64_t
-FStar_UInt128_uint128_to_uint64(FStar_UInt128_uint128 a)
-{
-    return a.low;
-}
-
-static uint64_t FStar_UInt128_u64_l32_mask = (uint64_t)0xffffffffU;
-
-static uint64_t
-FStar_UInt128_u64_mod_32(uint64_t a)
-{
-    return a & FStar_UInt128_u64_l32_mask;
-}
-
-static uint32_t FStar_UInt128_u32_32 = (uint32_t)32U;
-
-static K___uint64_t_uint64_t_uint64_t_uint64_t
-FStar_UInt128_mul_wide_impl_t_(uint64_t x, uint64_t y)
-{
-    return (
-        (K___uint64_t_uint64_t_uint64_t_uint64_t){
-            .fst = FStar_UInt128_u64_mod_32(x),
-            .snd = FStar_UInt128_u64_mod_32(FStar_UInt128_u64_mod_32(x) * FStar_UInt128_u64_mod_32(y)),
-            .thd = x >> FStar_UInt128_u32_32,
-            .f3 = (x >> FStar_UInt128_u32_32) * FStar_UInt128_u64_mod_32(y) + (FStar_UInt128_u64_mod_32(x) * FStar_UInt128_u64_mod_32(y) >> FStar_UInt128_u32_32) });
-}
-
-static uint64_t
-FStar_UInt128_u32_combine_(uint64_t hi, uint64_t lo)
-{
-    return lo + (hi << FStar_UInt128_u32_32);
-}
-
-static FStar_UInt128_uint128
-FStar_UInt128_mul_wide_impl(uint64_t x, uint64_t y)
-{
-    K___uint64_t_uint64_t_uint64_t_uint64_t scrut = FStar_UInt128_mul_wide_impl_t_(x, y);
-    uint64_t u1 = scrut.fst;
-    uint64_t w3 = scrut.snd;
-    uint64_t x_ = scrut.thd;
-    uint64_t t_ = scrut.f3;
-    return (
-        (FStar_UInt128_uint128){
-            .low = FStar_UInt128_u32_combine_(u1 * (y >> FStar_UInt128_u32_32) + FStar_UInt128_u64_mod_32(t_),
-                                              w3),
-            .high = x_ * (y >> FStar_UInt128_u32_32) + (t_ >> FStar_UInt128_u32_32) +
-                    ((u1 * (y >> FStar_UInt128_u32_32) + FStar_UInt128_u64_mod_32(t_)) >> FStar_UInt128_u32_32) });
-}
-
-FStar_UInt128_uint128
-FStar_UInt128_mul_wide(uint64_t x, uint64_t y)
-{
-    return FStar_UInt128_mul_wide_impl(x, y);
-}
diff --git a/security/nss/lib/freebl/verified/FStar.h b/security/nss/lib/freebl/verified/FStar.h
deleted file mode 100644
index 7b105b8f2..000000000
--- a/security/nss/lib/freebl/verified/FStar.h
+++ /dev/null
@@ -1,69 +0,0 @@
-/* Copyright 2016-2017 INRIA and Microsoft Corporation
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/* This file was auto-generated by KreMLin! */
-#ifndef __FStar_H
-#define __FStar_H
-
-#include "kremlib_base.h"
-
-typedef struct
-{
-    uint64_t low;
-    uint64_t high;
-} FStar_UInt128_uint128;
-
-typedef FStar_UInt128_uint128 FStar_UInt128_t;
-
-extern void FStar_UInt128_constant_time_carry_ok(uint64_t x0, uint64_t x1);
-
-FStar_UInt128_uint128 FStar_UInt128_add(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b);
-
-FStar_UInt128_uint128 FStar_UInt128_add_mod(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b);
-
-FStar_UInt128_uint128 FStar_UInt128_sub(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b);
-
-FStar_UInt128_uint128 FStar_UInt128_sub_mod(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b);
-
-FStar_UInt128_uint128 FStar_UInt128_logand(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b);
-
-FStar_UInt128_uint128 FStar_UInt128_logxor(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b);
-
-FStar_UInt128_uint128 FStar_UInt128_logor(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b);
-
-FStar_UInt128_uint128 FStar_UInt128_lognot(FStar_UInt128_uint128 a);
-
-FStar_UInt128_uint128 FStar_UInt128_shift_left(FStar_UInt128_uint128 a, uint32_t s);
-
-FStar_UInt128_uint128 FStar_UInt128_shift_right(FStar_UInt128_uint128 a, uint32_t s);
-
-FStar_UInt128_uint128 FStar_UInt128_eq_mask(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b);
-
-FStar_UInt128_uint128 FStar_UInt128_gte_mask(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b);
-
-FStar_UInt128_uint128 FStar_UInt128_uint64_to_uint128(uint64_t a);
-
-uint64_t FStar_UInt128_uint128_to_uint64(FStar_UInt128_uint128 a);
-
-typedef struct
-{
-    uint64_t fst;
-    uint64_t snd;
-    uint64_t thd;
-    uint64_t f3;
-} K___uint64_t_uint64_t_uint64_t_uint64_t;
-
-FStar_UInt128_uint128 FStar_UInt128_mul_wide(uint64_t x, uint64_t y);
-#endif
diff --git a/security/nss/lib/freebl/verified/Hacl_Chacha20.c b/security/nss/lib/freebl/verified/Hacl_Chacha20.c
deleted file mode 100644
index 45a743035..000000000
--- a/security/nss/lib/freebl/verified/Hacl_Chacha20.c
+++ /dev/null
@@ -1,270 +0,0 @@
-/* Copyright 2016-2017 INRIA and Microsoft Corporation
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include "Hacl_Chacha20.h"
-
-static void
-Hacl_Lib_LoadStore32_uint32s_from_le_bytes(uint32_t *output, uint8_t *input, uint32_t len)
-{
-    for (uint32_t i = (uint32_t)0U; i < len; i = i + (uint32_t)1U) {
-        uint8_t *x0 = input + (uint32_t)4U * i;
-        uint32_t inputi = load32_le(x0);
-        output[i] = inputi;
-    }
-}
-
-static void
-Hacl_Lib_LoadStore32_uint32s_to_le_bytes(uint8_t *output, uint32_t *input, uint32_t len)
-{
-    for (uint32_t i = (uint32_t)0U; i < len; i = i + (uint32_t)1U) {
-        uint32_t hd1 = input[i];
-        uint8_t *x0 = output + (uint32_t)4U * i;
-        store32_le(x0, hd1);
-    }
-}
-
-inline static uint32_t
-Hacl_Impl_Chacha20_rotate_left(uint32_t a, uint32_t s)
-{
-    return a << s | a >> ((uint32_t)32U - s);
-}
-
-inline static void
-Hacl_Impl_Chacha20_quarter_round(uint32_t *st, uint32_t a, uint32_t b, uint32_t c, uint32_t d)
-{
-    uint32_t sa = st[a];
-    uint32_t sb0 = st[b];
-    st[a] = sa + sb0;
-    uint32_t sd = st[d];
-    uint32_t sa10 = st[a];
-    uint32_t sda = sd ^ sa10;
-    st[d] = Hacl_Impl_Chacha20_rotate_left(sda, (uint32_t)16U);
-    uint32_t sa0 = st[c];
-    uint32_t sb1 = st[d];
-    st[c] = sa0 + sb1;
-    uint32_t sd0 = st[b];
-    uint32_t sa11 = st[c];
-    uint32_t sda0 = sd0 ^ sa11;
-    st[b] = Hacl_Impl_Chacha20_rotate_left(sda0, (uint32_t)12U);
-    uint32_t sa2 = st[a];
-    uint32_t sb2 = st[b];
-    st[a] = sa2 + sb2;
-    uint32_t sd1 = st[d];
-    uint32_t sa12 = st[a];
-    uint32_t sda1 = sd1 ^ sa12;
-    st[d] = Hacl_Impl_Chacha20_rotate_left(sda1, (uint32_t)8U);
-    uint32_t sa3 = st[c];
-    uint32_t sb = st[d];
-    st[c] = sa3 + sb;
-    uint32_t sd2 = st[b];
-    uint32_t sa1 = st[c];
-    uint32_t sda2 = sd2 ^ sa1;
-    st[b] = Hacl_Impl_Chacha20_rotate_left(sda2, (uint32_t)7U);
-}
-
-inline static void
-Hacl_Impl_Chacha20_double_round(uint32_t *st)
-{
-    Hacl_Impl_Chacha20_quarter_round(st, (uint32_t)0U, (uint32_t)4U, (uint32_t)8U, (uint32_t)12U);
-    Hacl_Impl_Chacha20_quarter_round(st, (uint32_t)1U, (uint32_t)5U, (uint32_t)9U, (uint32_t)13U);
-    Hacl_Impl_Chacha20_quarter_round(st, (uint32_t)2U, (uint32_t)6U, (uint32_t)10U, (uint32_t)14U);
-    Hacl_Impl_Chacha20_quarter_round(st, (uint32_t)3U, (uint32_t)7U, (uint32_t)11U, (uint32_t)15U);
-    Hacl_Impl_Chacha20_quarter_round(st, (uint32_t)0U, (uint32_t)5U, (uint32_t)10U, (uint32_t)15U);
-    Hacl_Impl_Chacha20_quarter_round(st, (uint32_t)1U, (uint32_t)6U, (uint32_t)11U, (uint32_t)12U);
-    Hacl_Impl_Chacha20_quarter_round(st, (uint32_t)2U, (uint32_t)7U, (uint32_t)8U, (uint32_t)13U);
-    Hacl_Impl_Chacha20_quarter_round(st, (uint32_t)3U, (uint32_t)4U, (uint32_t)9U, (uint32_t)14U);
-}
-
-inline static void
-Hacl_Impl_Chacha20_rounds(uint32_t *st)
-{
-    for (uint32_t i = (uint32_t)0U; i < (uint32_t)10U; i = i + (uint32_t)1U)
-        Hacl_Impl_Chacha20_double_round(st);
-}
-
-inline static void
-Hacl_Impl_Chacha20_sum_states(uint32_t *st, uint32_t *st_)
-{
-    for (uint32_t i = (uint32_t)0U; i < (uint32_t)16U; i = i + (uint32_t)1U) {
-        uint32_t xi = st[i];
-        uint32_t yi = st_[i];
-        st[i] = xi + yi;
-    }
-}
-
-inline static void
-Hacl_Impl_Chacha20_copy_state(uint32_t *st, uint32_t *st_)
-{
-    memcpy(st, st_, (uint32_t)16U * sizeof st_[0U]);
-}
-
-inline static void
-Hacl_Impl_Chacha20_chacha20_core(uint32_t *k, uint32_t *st, uint32_t ctr)
-{
-    st[12U] = ctr;
-    Hacl_Impl_Chacha20_copy_state(k, st);
-    Hacl_Impl_Chacha20_rounds(k);
-    Hacl_Impl_Chacha20_sum_states(k, st);
-}
-
-inline static void
-Hacl_Impl_Chacha20_chacha20_block(uint8_t *stream_block, uint32_t *st, uint32_t ctr)
-{
-    uint32_t st_[16U] = { 0U };
-    Hacl_Impl_Chacha20_chacha20_core(st_, st, ctr);
-    Hacl_Lib_LoadStore32_uint32s_to_le_bytes(stream_block, st_, (uint32_t)16U);
-}
-
-inline static void
-Hacl_Impl_Chacha20_init(uint32_t *st, uint8_t *k, uint8_t *n1)
-{
-    uint32_t *stcst = st;
-    uint32_t *stk = st + (uint32_t)4U;
-    uint32_t *stc = st + (uint32_t)12U;
-    uint32_t *stn = st + (uint32_t)13U;
-    stcst[0U] = (uint32_t)0x61707865U;
-    stcst[1U] = (uint32_t)0x3320646eU;
-    stcst[2U] = (uint32_t)0x79622d32U;
-    stcst[3U] = (uint32_t)0x6b206574U;
-    Hacl_Lib_LoadStore32_uint32s_from_le_bytes(stk, k, (uint32_t)8U);
-    stc[0U] = (uint32_t)0U;
-    Hacl_Lib_LoadStore32_uint32s_from_le_bytes(stn, n1, (uint32_t)3U);
-}
-
-static void
-Hacl_Impl_Chacha20_update(uint8_t *output, uint8_t *plain, uint32_t *st, uint32_t ctr)
-{
-    uint32_t b[48U] = { 0U };
-    uint32_t *k = b;
-    uint32_t *ib = b + (uint32_t)16U;
-    uint32_t *ob = b + (uint32_t)32U;
-    Hacl_Impl_Chacha20_chacha20_core(k, st, ctr);
-    Hacl_Lib_LoadStore32_uint32s_from_le_bytes(ib, plain, (uint32_t)16U);
-    for (uint32_t i = (uint32_t)0U; i < (uint32_t)16U; i = i + (uint32_t)1U) {
-        uint32_t xi = ib[i];
-        uint32_t yi = k[i];
-        ob[i] = xi ^ yi;
-    }
-    Hacl_Lib_LoadStore32_uint32s_to_le_bytes(output, ob, (uint32_t)16U);
-}
-
-static void
-Hacl_Impl_Chacha20_update_last(
-    uint8_t *output,
-    uint8_t *plain,
-    uint32_t len,
-    uint32_t *st,
-    uint32_t ctr)
-{
-    uint8_t block[64U] = { 0U };
-    Hacl_Impl_Chacha20_chacha20_block(block, st, ctr);
-    uint8_t *mask = block;
-    for (uint32_t i = (uint32_t)0U; i < len; i = i + (uint32_t)1U) {
-        uint8_t xi = plain[i];
-        uint8_t yi = mask[i];
-        output[i] = xi ^ yi;
-    }
-}
-
-static void
-Hacl_Impl_Chacha20_chacha20_counter_mode_blocks(
-    uint8_t *output,
-    uint8_t *plain,
-    uint32_t num_blocks,
-    uint32_t *st,
-    uint32_t ctr)
-{
-    for (uint32_t i = (uint32_t)0U; i < num_blocks; i = i + (uint32_t)1U) {
-        uint8_t *b = plain + (uint32_t)64U * i;
-        uint8_t *o = output + (uint32_t)64U * i;
-        Hacl_Impl_Chacha20_update(o, b, st, ctr + i);
-    }
-}
-
-static void
-Hacl_Impl_Chacha20_chacha20_counter_mode(
-    uint8_t *output,
-    uint8_t *plain,
-    uint32_t len,
-    uint32_t *st,
-    uint32_t ctr)
-{
-    uint32_t blocks_len = len >> (uint32_t)6U;
-    uint32_t part_len = len & (uint32_t)0x3fU;
-    uint8_t *output_ = output;
-    uint8_t *plain_ = plain;
-    uint8_t *output__ = output + (uint32_t)64U * blocks_len;
-    uint8_t *plain__ = plain + (uint32_t)64U * blocks_len;
-    Hacl_Impl_Chacha20_chacha20_counter_mode_blocks(output_, plain_, blocks_len, st, ctr);
-    if (part_len > (uint32_t)0U)
-        Hacl_Impl_Chacha20_update_last(output__, plain__, part_len, st, ctr + blocks_len);
-}
-
-static void
-Hacl_Impl_Chacha20_chacha20(
-    uint8_t *output,
-    uint8_t *plain,
-    uint32_t len,
-    uint8_t *k,
-    uint8_t *n1,
-    uint32_t ctr)
-{
-    uint32_t buf[16U] = { 0U };
-    uint32_t *st = buf;
-    Hacl_Impl_Chacha20_init(st, k, n1);
-    Hacl_Impl_Chacha20_chacha20_counter_mode(output, plain, len, st, ctr);
-}
-
-void
-Hacl_Chacha20_chacha20_key_block(uint8_t *block, uint8_t *k, uint8_t *n1, uint32_t ctr)
-{
-    uint32_t buf[16U] = { 0U };
-    uint32_t *st = buf;
-    Hacl_Impl_Chacha20_init(st, k, n1);
-    Hacl_Impl_Chacha20_chacha20_block(block, st, ctr);
-}
-
-/*
-  This function implements Chacha20
-
-  val chacha20 :
-  output:uint8_p ->
-  plain:uint8_p{ disjoint output plain } ->
-  len:uint32_t{ v len = length output /\ v len = length plain } ->
-  key:uint8_p{ length key = 32 } ->
-  nonce:uint8_p{ length nonce = 12 } ->
-  ctr:uint32_t{ v ctr + length plain / 64 < pow2 32 } ->
-  Stack unit
-    (requires
-      fun h -> live h output /\ live h plain /\ live h nonce /\ live h key)
-    (ensures
-      fun h0 _ h1 ->
-        live h1 output /\ live h0 plain /\ modifies_1 output h0 h1 /\
-        live h0 nonce /\
-        live h0 key /\
-        h1.[ output ] ==
-        chacha20_encrypt_bytes h0.[ key ] h0.[ nonce ] (v ctr) h0.[ plain ])
-*/
-void
-Hacl_Chacha20_chacha20(
-    uint8_t *output,
-    uint8_t *plain,
-    uint32_t len,
-    uint8_t *k,
-    uint8_t *n1,
-    uint32_t ctr)
-{
-    Hacl_Impl_Chacha20_chacha20(output, plain, len, k, n1, ctr);
-}
diff --git a/security/nss/lib/freebl/verified/Hacl_Chacha20.h b/security/nss/lib/freebl/verified/Hacl_Chacha20.h
deleted file mode 100644
index f97e44b74..000000000
--- a/security/nss/lib/freebl/verified/Hacl_Chacha20.h
+++ /dev/null
@@ -1,81 +0,0 @@
-/* Copyright 2016-2017 INRIA and Microsoft Corporation
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include "kremlib.h"
-#ifndef __Hacl_Chacha20_H
-#define __Hacl_Chacha20_H
-
-typedef uint32_t Hacl_Impl_Xor_Lemmas_u32;
-
-typedef uint8_t Hacl_Impl_Xor_Lemmas_u8;
-
-typedef uint8_t *Hacl_Lib_LoadStore32_uint8_p;
-
-typedef uint32_t Hacl_Impl_Chacha20_u32;
-
-typedef uint32_t Hacl_Impl_Chacha20_h32;
-
-typedef uint8_t *Hacl_Impl_Chacha20_uint8_p;
-
-typedef uint32_t *Hacl_Impl_Chacha20_state;
-
-typedef uint32_t Hacl_Impl_Chacha20_idx;
-
-typedef struct
-{
-    void *k;
-    void *n;
-} Hacl_Impl_Chacha20_log_t_;
-
-typedef void *Hacl_Impl_Chacha20_log_t;
-
-typedef uint32_t Hacl_Lib_Create_h32;
-
-typedef uint8_t *Hacl_Chacha20_uint8_p;
-
-typedef uint32_t Hacl_Chacha20_uint32_t;
-
-void Hacl_Chacha20_chacha20_key_block(uint8_t *block, uint8_t *k, uint8_t *n1, uint32_t ctr);
-
-/*
-  This function implements Chacha20
-
-  val chacha20 :
-  output:uint8_p ->
-  plain:uint8_p{ disjoint output plain } ->
-  len:uint32_t{ v len = length output /\ v len = length plain } ->
-  key:uint8_p{ length key = 32 } ->
-  nonce:uint8_p{ length nonce = 12 } ->
-  ctr:uint32_t{ v ctr + length plain / 64 < pow2 32 } ->
-  Stack unit
-    (requires
-      fun h -> live h output /\ live h plain /\ live h nonce /\ live h key)
-    (ensures
-      fun h0 _ h1 ->
-        live h1 output /\ live h0 plain /\ modifies_1 output h0 h1 /\
-        live h0 nonce /\
-        live h0 key /\
-        h1.[ output ] ==
-        chacha20_encrypt_bytes h0.[ key ] h0.[ nonce ] (v ctr) h0.[ plain ])
-*/
-void
-Hacl_Chacha20_chacha20(
-    uint8_t *output,
-    uint8_t *plain,
-    uint32_t len,
-    uint8_t *k,
-    uint8_t *n1,
-    uint32_t ctr);
-#endif
diff --git a/security/nss/lib/freebl/verified/Hacl_Curve25519.c b/security/nss/lib/freebl/verified/Hacl_Curve25519.c
deleted file mode 100644
index f2dcddc57..000000000
--- a/security/nss/lib/freebl/verified/Hacl_Curve25519.c
+++ /dev/null
@@ -1,845 +0,0 @@
-/* Copyright 2016-2017 INRIA and Microsoft Corporation
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include "Hacl_Curve25519.h"
-
-static void
-Hacl_Bignum_Modulo_carry_top(uint64_t *b)
-{
-    uint64_t b4 = b[4U];
-    uint64_t b0 = b[0U];
-    uint64_t b4_ = b4 & (uint64_t)0x7ffffffffffffU;
-    uint64_t b0_ = b0 + (uint64_t)19U * (b4 >> (uint32_t)51U);
-    b[4U] = b4_;
-    b[0U] = b0_;
-}
-
-inline static void
-Hacl_Bignum_Fproduct_copy_from_wide_(uint64_t *output, FStar_UInt128_t *input)
-{
-    {
-        FStar_UInt128_t xi = input[0U];
-        output[0U] = FStar_UInt128_uint128_to_uint64(xi);
-    }
-    {
-        FStar_UInt128_t xi = input[1U];
-        output[1U] = FStar_UInt128_uint128_to_uint64(xi);
-    }
-    {
-        FStar_UInt128_t xi = input[2U];
-        output[2U] = FStar_UInt128_uint128_to_uint64(xi);
-    }
-    {
-        FStar_UInt128_t xi = input[3U];
-        output[3U] = FStar_UInt128_uint128_to_uint64(xi);
-    }
-    {
-        FStar_UInt128_t xi = input[4U];
-        output[4U] = FStar_UInt128_uint128_to_uint64(xi);
-    }
-}
-
-inline static void
-Hacl_Bignum_Fproduct_sum_scalar_multiplication_(
-    FStar_UInt128_t *output,
-    uint64_t *input,
-    uint64_t s)
-{
-    {
-        FStar_UInt128_t xi = output[0U];
-        uint64_t yi = input[0U];
-        output[0U] = FStar_UInt128_add_mod(xi, FStar_UInt128_mul_wide(yi, s));
-    }
-    {
-        FStar_UInt128_t xi = output[1U];
-        uint64_t yi = input[1U];
-        output[1U] = FStar_UInt128_add_mod(xi, FStar_UInt128_mul_wide(yi, s));
-    }
-    {
-        FStar_UInt128_t xi = output[2U];
-        uint64_t yi = input[2U];
-        output[2U] = FStar_UInt128_add_mod(xi, FStar_UInt128_mul_wide(yi, s));
-    }
-    {
-        FStar_UInt128_t xi = output[3U];
-        uint64_t yi = input[3U];
-        output[3U] = FStar_UInt128_add_mod(xi, FStar_UInt128_mul_wide(yi, s));
-    }
-    {
-        FStar_UInt128_t xi = output[4U];
-        uint64_t yi = input[4U];
-        output[4U] = FStar_UInt128_add_mod(xi, FStar_UInt128_mul_wide(yi, s));
-    }
-}
-
-inline static void
-Hacl_Bignum_Fproduct_carry_wide_(FStar_UInt128_t *tmp)
-{
-    {
-        uint32_t ctr = (uint32_t)0U;
-        FStar_UInt128_t tctr = tmp[ctr];
-        FStar_UInt128_t tctrp1 = tmp[ctr + (uint32_t)1U];
-        uint64_t r0 = FStar_UInt128_uint128_to_uint64(tctr) & (uint64_t)0x7ffffffffffffU;
-        FStar_UInt128_t c = FStar_UInt128_shift_right(tctr, (uint32_t)51U);
-        tmp[ctr] = FStar_UInt128_uint64_to_uint128(r0);
-        tmp[ctr + (uint32_t)1U] = FStar_UInt128_add(tctrp1, c);
-    }
-    {
-        uint32_t ctr = (uint32_t)1U;
-        FStar_UInt128_t tctr = tmp[ctr];
-        FStar_UInt128_t tctrp1 = tmp[ctr + (uint32_t)1U];
-        uint64_t r0 = FStar_UInt128_uint128_to_uint64(tctr) & (uint64_t)0x7ffffffffffffU;
-        FStar_UInt128_t c = FStar_UInt128_shift_right(tctr, (uint32_t)51U);
-        tmp[ctr] = FStar_UInt128_uint64_to_uint128(r0);
-        tmp[ctr + (uint32_t)1U] = FStar_UInt128_add(tctrp1, c);
-    }
-    {
-        uint32_t ctr = (uint32_t)2U;
-        FStar_UInt128_t tctr = tmp[ctr];
-        FStar_UInt128_t tctrp1 = tmp[ctr + (uint32_t)1U];
-        uint64_t r0 = FStar_UInt128_uint128_to_uint64(tctr) & (uint64_t)0x7ffffffffffffU;
-        FStar_UInt128_t c = FStar_UInt128_shift_right(tctr, (uint32_t)51U);
-        tmp[ctr] = FStar_UInt128_uint64_to_uint128(r0);
-        tmp[ctr + (uint32_t)1U] = FStar_UInt128_add(tctrp1, c);
-    }
-    {
-        uint32_t ctr = (uint32_t)3U;
-        FStar_UInt128_t tctr = tmp[ctr];
-        FStar_UInt128_t tctrp1 = tmp[ctr + (uint32_t)1U];
-        uint64_t r0 = FStar_UInt128_uint128_to_uint64(tctr) & (uint64_t)0x7ffffffffffffU;
-        FStar_UInt128_t c = FStar_UInt128_shift_right(tctr, (uint32_t)51U);
-        tmp[ctr] = FStar_UInt128_uint64_to_uint128(r0);
-        tmp[ctr + (uint32_t)1U] = FStar_UInt128_add(tctrp1, c);
-    }
-}
-
-inline static void
-Hacl_Bignum_Fmul_shift_reduce(uint64_t *output)
-{
-    uint64_t tmp = output[4U];
-    {
-        uint32_t ctr = (uint32_t)5U - (uint32_t)0U - (uint32_t)1U;
-        uint64_t z = output[ctr - (uint32_t)1U];
-        output[ctr] = z;
-    }
-    {
-        uint32_t ctr = (uint32_t)5U - (uint32_t)1U - (uint32_t)1U;
-        uint64_t z = output[ctr - (uint32_t)1U];
-        output[ctr] = z;
-    }
-    {
-        uint32_t ctr = (uint32_t)5U - (uint32_t)2U - (uint32_t)1U;
-        uint64_t z = output[ctr - (uint32_t)1U];
-        output[ctr] = z;
-    }
-    {
-        uint32_t ctr = (uint32_t)5U - (uint32_t)3U - (uint32_t)1U;
-        uint64_t z = output[ctr - (uint32_t)1U];
-        output[ctr] = z;
-    }
-    output[0U] = tmp;
-    uint64_t b0 = output[0U];
-    output[0U] = (uint64_t)19U * b0;
-}
-
-static void
-Hacl_Bignum_Fmul_mul_shift_reduce_(FStar_UInt128_t *output, uint64_t *input, uint64_t *input21)
-{
-    {
-        uint64_t input2i = input21[0U];
-        Hacl_Bignum_Fproduct_sum_scalar_multiplication_(output, input, input2i);
-        Hacl_Bignum_Fmul_shift_reduce(input);
-    }
-    {
-        uint64_t input2i = input21[1U];
-        Hacl_Bignum_Fproduct_sum_scalar_multiplication_(output, input, input2i);
-        Hacl_Bignum_Fmul_shift_reduce(input);
-    }
-    {
-        uint64_t input2i = input21[2U];
-        Hacl_Bignum_Fproduct_sum_scalar_multiplication_(output, input, input2i);
-        Hacl_Bignum_Fmul_shift_reduce(input);
-    }
-    {
-        uint64_t input2i = input21[3U];
-        Hacl_Bignum_Fproduct_sum_scalar_multiplication_(output, input, input2i);
-        Hacl_Bignum_Fmul_shift_reduce(input);
-    }
-    uint32_t i = (uint32_t)4U;
-    uint64_t input2i = input21[i];
-    Hacl_Bignum_Fproduct_sum_scalar_multiplication_(output, input, input2i);
-}
-
-inline static void
-Hacl_Bignum_Fmul_fmul(uint64_t *output, uint64_t *input, uint64_t *input21)
-{
-    uint64_t tmp[5U] = { 0U };
-    memcpy(tmp, input, (uint32_t)5U * sizeof input[0U]);
-    KRML_CHECK_SIZE(FStar_UInt128_uint64_to_uint128((uint64_t)0U), (uint32_t)5U);
-    FStar_UInt128_t t[5U];
-    for (uint32_t _i = 0U; _i < (uint32_t)5U; ++_i)
-        t[_i] = FStar_UInt128_uint64_to_uint128((uint64_t)0U);
-    Hacl_Bignum_Fmul_mul_shift_reduce_(t, tmp, input21);
-    Hacl_Bignum_Fproduct_carry_wide_(t);
-    FStar_UInt128_t b4 = t[4U];
-    FStar_UInt128_t b0 = t[0U];
-    FStar_UInt128_t
-        b4_ = FStar_UInt128_logand(b4, FStar_UInt128_uint64_to_uint128((uint64_t)0x7ffffffffffffU));
-    FStar_UInt128_t
-        b0_ =
-            FStar_UInt128_add(b0,
-                              FStar_UInt128_mul_wide((uint64_t)19U,
-                                                     FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(b4, (uint32_t)51U))));
-    t[4U] = b4_;
-    t[0U] = b0_;
-    Hacl_Bignum_Fproduct_copy_from_wide_(output, t);
-    uint64_t i0 = output[0U];
-    uint64_t i1 = output[1U];
-    uint64_t i0_ = i0 & (uint64_t)0x7ffffffffffffU;
-    uint64_t i1_ = i1 + (i0 >> (uint32_t)51U);
-    output[0U] = i0_;
-    output[1U] = i1_;
-}
-
-inline static void
-Hacl_Bignum_Fsquare_fsquare__(FStar_UInt128_t *tmp, uint64_t *output)
-{
-    uint64_t r0 = output[0U];
-    uint64_t r1 = output[1U];
-    uint64_t r2 = output[2U];
-    uint64_t r3 = output[3U];
-    uint64_t r4 = output[4U];
-    uint64_t d0 = r0 * (uint64_t)2U;
-    uint64_t d1 = r1 * (uint64_t)2U;
-    uint64_t d2 = r2 * (uint64_t)2U * (uint64_t)19U;
-    uint64_t d419 = r4 * (uint64_t)19U;
-    uint64_t d4 = d419 * (uint64_t)2U;
-    FStar_UInt128_t
-        s0 =
-            FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_mul_wide(r0, r0),
-                                                FStar_UInt128_mul_wide(d4, r1)),
-                              FStar_UInt128_mul_wide(d2, r3));
-    FStar_UInt128_t
-        s1 =
-            FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_mul_wide(d0, r1),
-                                                FStar_UInt128_mul_wide(d4, r2)),
-                              FStar_UInt128_mul_wide(r3 * (uint64_t)19U, r3));
-    FStar_UInt128_t
-        s2 =
-            FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_mul_wide(d0, r2),
-                                                FStar_UInt128_mul_wide(r1, r1)),
-                              FStar_UInt128_mul_wide(d4, r3));
-    FStar_UInt128_t
-        s3 =
-            FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_mul_wide(d0, r3),
-                                                FStar_UInt128_mul_wide(d1, r2)),
-                              FStar_UInt128_mul_wide(r4, d419));
-    FStar_UInt128_t
-        s4 =
-            FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_mul_wide(d0, r4),
-                                                FStar_UInt128_mul_wide(d1, r3)),
-                              FStar_UInt128_mul_wide(r2, r2));
-    tmp[0U] = s0;
-    tmp[1U] = s1;
-    tmp[2U] = s2;
-    tmp[3U] = s3;
-    tmp[4U] = s4;
-}
-
-inline static void
-Hacl_Bignum_Fsquare_fsquare_(FStar_UInt128_t *tmp, uint64_t *output)
-{
-    Hacl_Bignum_Fsquare_fsquare__(tmp, output);
-    Hacl_Bignum_Fproduct_carry_wide_(tmp);
-    FStar_UInt128_t b4 = tmp[4U];
-    FStar_UInt128_t b0 = tmp[0U];
-    FStar_UInt128_t
-        b4_ = FStar_UInt128_logand(b4, FStar_UInt128_uint64_to_uint128((uint64_t)0x7ffffffffffffU));
-    FStar_UInt128_t
-        b0_ =
-            FStar_UInt128_add(b0,
-                              FStar_UInt128_mul_wide((uint64_t)19U,
-                                                     FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(b4, (uint32_t)51U))));
-    tmp[4U] = b4_;
-    tmp[0U] = b0_;
-    Hacl_Bignum_Fproduct_copy_from_wide_(output, tmp);
-    uint64_t i0 = output[0U];
-    uint64_t i1 = output[1U];
-    uint64_t i0_ = i0 & (uint64_t)0x7ffffffffffffU;
-    uint64_t i1_ = i1 + (i0 >> (uint32_t)51U);
-    output[0U] = i0_;
-    output[1U] = i1_;
-}
-
-static void
-Hacl_Bignum_Fsquare_fsquare_times_(uint64_t *input, FStar_UInt128_t *tmp, uint32_t count1)
-{
-    Hacl_Bignum_Fsquare_fsquare_(tmp, input);
-    for (uint32_t i = (uint32_t)1U; i < count1; i = i + (uint32_t)1U)
-        Hacl_Bignum_Fsquare_fsquare_(tmp, input);
-}
-
-inline static void
-Hacl_Bignum_Fsquare_fsquare_times(uint64_t *output, uint64_t *input, uint32_t count1)
-{
-    KRML_CHECK_SIZE(FStar_UInt128_uint64_to_uint128((uint64_t)0U), (uint32_t)5U);
-    FStar_UInt128_t t[5U];
-    for (uint32_t _i = 0U; _i < (uint32_t)5U; ++_i)
-        t[_i] = FStar_UInt128_uint64_to_uint128((uint64_t)0U);
-    memcpy(output, input, (uint32_t)5U * sizeof input[0U]);
-    Hacl_Bignum_Fsquare_fsquare_times_(output, t, count1);
-}
-
-inline static void
-Hacl_Bignum_Fsquare_fsquare_times_inplace(uint64_t *output, uint32_t count1)
-{
-    KRML_CHECK_SIZE(FStar_UInt128_uint64_to_uint128((uint64_t)0U), (uint32_t)5U);
-    FStar_UInt128_t t[5U];
-    for (uint32_t _i = 0U; _i < (uint32_t)5U; ++_i)
-        t[_i] = FStar_UInt128_uint64_to_uint128((uint64_t)0U);
-    Hacl_Bignum_Fsquare_fsquare_times_(output, t, count1);
-}
-
-inline static void
-Hacl_Bignum_Crecip_crecip(uint64_t *out, uint64_t *z)
-{
-    uint64_t buf[20U] = { 0U };
-    uint64_t *a = buf;
-    uint64_t *t00 = buf + (uint32_t)5U;
-    uint64_t *b0 = buf + (uint32_t)10U;
-    Hacl_Bignum_Fsquare_fsquare_times(a, z, (uint32_t)1U);
-    Hacl_Bignum_Fsquare_fsquare_times(t00, a, (uint32_t)2U);
-    Hacl_Bignum_Fmul_fmul(b0, t00, z);
-    Hacl_Bignum_Fmul_fmul(a, b0, a);
-    Hacl_Bignum_Fsquare_fsquare_times(t00, a, (uint32_t)1U);
-    Hacl_Bignum_Fmul_fmul(b0, t00, b0);
-    Hacl_Bignum_Fsquare_fsquare_times(t00, b0, (uint32_t)5U);
-    uint64_t *t01 = buf + (uint32_t)5U;
-    uint64_t *b1 = buf + (uint32_t)10U;
-    uint64_t *c0 = buf + (uint32_t)15U;
-    Hacl_Bignum_Fmul_fmul(b1, t01, b1);
-    Hacl_Bignum_Fsquare_fsquare_times(t01, b1, (uint32_t)10U);
-    Hacl_Bignum_Fmul_fmul(c0, t01, b1);
-    Hacl_Bignum_Fsquare_fsquare_times(t01, c0, (uint32_t)20U);
-    Hacl_Bignum_Fmul_fmul(t01, t01, c0);
-    Hacl_Bignum_Fsquare_fsquare_times_inplace(t01, (uint32_t)10U);
-    Hacl_Bignum_Fmul_fmul(b1, t01, b1);
-    Hacl_Bignum_Fsquare_fsquare_times(t01, b1, (uint32_t)50U);
-    uint64_t *a0 = buf;
-    uint64_t *t0 = buf + (uint32_t)5U;
-    uint64_t *b = buf + (uint32_t)10U;
-    uint64_t *c = buf + (uint32_t)15U;
-    Hacl_Bignum_Fmul_fmul(c, t0, b);
-    Hacl_Bignum_Fsquare_fsquare_times(t0, c, (uint32_t)100U);
-    Hacl_Bignum_Fmul_fmul(t0, t0, c);
-    Hacl_Bignum_Fsquare_fsquare_times_inplace(t0, (uint32_t)50U);
-    Hacl_Bignum_Fmul_fmul(t0, t0, b);
-    Hacl_Bignum_Fsquare_fsquare_times_inplace(t0, (uint32_t)5U);
-    Hacl_Bignum_Fmul_fmul(out, t0, a0);
-}
-
-inline static void
-Hacl_Bignum_fsum(uint64_t *a, uint64_t *b)
-{
-    {
-        uint64_t xi = a[0U];
-        uint64_t yi = b[0U];
-        a[0U] = xi + yi;
-    }
-    {
-        uint64_t xi = a[1U];
-        uint64_t yi = b[1U];
-        a[1U] = xi + yi;
-    }
-    {
-        uint64_t xi = a[2U];
-        uint64_t yi = b[2U];
-        a[2U] = xi + yi;
-    }
-    {
-        uint64_t xi = a[3U];
-        uint64_t yi = b[3U];
-        a[3U] = xi + yi;
-    }
-    {
-        uint64_t xi = a[4U];
-        uint64_t yi = b[4U];
-        a[4U] = xi + yi;
-    }
-}
-
-inline static void
-Hacl_Bignum_fdifference(uint64_t *a, uint64_t *b)
-{
-    uint64_t tmp[5U] = { 0U };
-    memcpy(tmp, b, (uint32_t)5U * sizeof b[0U]);
-    uint64_t b0 = tmp[0U];
-    uint64_t b1 = tmp[1U];
-    uint64_t b2 = tmp[2U];
-    uint64_t b3 = tmp[3U];
-    uint64_t b4 = tmp[4U];
-    tmp[0U] = b0 + (uint64_t)0x3fffffffffff68U;
-    tmp[1U] = b1 + (uint64_t)0x3ffffffffffff8U;
-    tmp[2U] = b2 + (uint64_t)0x3ffffffffffff8U;
-    tmp[3U] = b3 + (uint64_t)0x3ffffffffffff8U;
-    tmp[4U] = b4 + (uint64_t)0x3ffffffffffff8U;
-    {
-        uint64_t xi = a[0U];
-        uint64_t yi = tmp[0U];
-        a[0U] = yi - xi;
-    }
-    {
-        uint64_t xi = a[1U];
-        uint64_t yi = tmp[1U];
-        a[1U] = yi - xi;
-    }
-    {
-        uint64_t xi = a[2U];
-        uint64_t yi = tmp[2U];
-        a[2U] = yi - xi;
-    }
-    {
-        uint64_t xi = a[3U];
-        uint64_t yi = tmp[3U];
-        a[3U] = yi - xi;
-    }
-    {
-        uint64_t xi = a[4U];
-        uint64_t yi = tmp[4U];
-        a[4U] = yi - xi;
-    }
-}
-
-inline static void
-Hacl_Bignum_fscalar(uint64_t *output, uint64_t *b, uint64_t s)
-{
-    KRML_CHECK_SIZE(FStar_UInt128_uint64_to_uint128((uint64_t)0U), (uint32_t)5U);
-    FStar_UInt128_t tmp[5U];
-    for (uint32_t _i = 0U; _i < (uint32_t)5U; ++_i)
-        tmp[_i] = FStar_UInt128_uint64_to_uint128((uint64_t)0U);
-    {
-        uint64_t xi = b[0U];
-        tmp[0U] = FStar_UInt128_mul_wide(xi, s);
-    }
-    {
-        uint64_t xi = b[1U];
-        tmp[1U] = FStar_UInt128_mul_wide(xi, s);
-    }
-    {
-        uint64_t xi = b[2U];
-        tmp[2U] = FStar_UInt128_mul_wide(xi, s);
-    }
-    {
-        uint64_t xi = b[3U];
-        tmp[3U] = FStar_UInt128_mul_wide(xi, s);
-    }
-    {
-        uint64_t xi = b[4U];
-        tmp[4U] = FStar_UInt128_mul_wide(xi, s);
-    }
-    Hacl_Bignum_Fproduct_carry_wide_(tmp);
-    FStar_UInt128_t b4 = tmp[4U];
-    FStar_UInt128_t b0 = tmp[0U];
-    FStar_UInt128_t
-        b4_ = FStar_UInt128_logand(b4, FStar_UInt128_uint64_to_uint128((uint64_t)0x7ffffffffffffU));
-    FStar_UInt128_t
-        b0_ =
-            FStar_UInt128_add(b0,
-                              FStar_UInt128_mul_wide((uint64_t)19U,
-                                                     FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(b4, (uint32_t)51U))));
-    tmp[4U] = b4_;
-    tmp[0U] = b0_;
-    Hacl_Bignum_Fproduct_copy_from_wide_(output, tmp);
-}
-
-inline static void
-Hacl_Bignum_fmul(uint64_t *output, uint64_t *a, uint64_t *b)
-{
-    Hacl_Bignum_Fmul_fmul(output, a, b);
-}
-
-inline static void
-Hacl_Bignum_crecip(uint64_t *output, uint64_t *input)
-{
-    Hacl_Bignum_Crecip_crecip(output, input);
-}
-
-static void
-Hacl_EC_Point_swap_conditional_step(uint64_t *a, uint64_t *b, uint64_t swap1, uint32_t ctr)
-{
-    uint32_t i = ctr - (uint32_t)1U;
-    uint64_t ai = a[i];
-    uint64_t bi = b[i];
-    uint64_t x = swap1 & (ai ^ bi);
-    uint64_t ai1 = ai ^ x;
-    uint64_t bi1 = bi ^ x;
-    a[i] = ai1;
-    b[i] = bi1;
-}
-
-static void
-Hacl_EC_Point_swap_conditional_(uint64_t *a, uint64_t *b, uint64_t swap1, uint32_t ctr)
-{
-    if (!(ctr == (uint32_t)0U)) {
-        Hacl_EC_Point_swap_conditional_step(a, b, swap1, ctr);
-        uint32_t i = ctr - (uint32_t)1U;
-        Hacl_EC_Point_swap_conditional_(a, b, swap1, i);
-    }
-}
-
-static void
-Hacl_EC_Point_swap_conditional(uint64_t *a, uint64_t *b, uint64_t iswap)
-{
-    uint64_t swap1 = (uint64_t)0U - iswap;
-    Hacl_EC_Point_swap_conditional_(a, b, swap1, (uint32_t)5U);
-    Hacl_EC_Point_swap_conditional_(a + (uint32_t)5U, b + (uint32_t)5U, swap1, (uint32_t)5U);
-}
-
-static void
-Hacl_EC_Point_copy(uint64_t *output, uint64_t *input)
-{
-    memcpy(output, input, (uint32_t)5U * sizeof input[0U]);
-    memcpy(output + (uint32_t)5U,
-           input + (uint32_t)5U,
-           (uint32_t)5U * sizeof(input + (uint32_t)5U)[0U]);
-}
-
-static void
-Hacl_EC_AddAndDouble_fmonty(
-    uint64_t *pp,
-    uint64_t *ppq,
-    uint64_t *p,
-    uint64_t *pq,
-    uint64_t *qmqp)
-{
-    uint64_t *qx = qmqp;
-    uint64_t *x2 = pp;
-    uint64_t *z2 = pp + (uint32_t)5U;
-    uint64_t *x3 = ppq;
-    uint64_t *z3 = ppq + (uint32_t)5U;
-    uint64_t *x = p;
-    uint64_t *z = p + (uint32_t)5U;
-    uint64_t *xprime = pq;
-    uint64_t *zprime = pq + (uint32_t)5U;
-    uint64_t buf[40U] = { 0U };
-    uint64_t *origx = buf;
-    uint64_t *origxprime = buf + (uint32_t)5U;
-    uint64_t *xxprime0 = buf + (uint32_t)25U;
-    uint64_t *zzprime0 = buf + (uint32_t)30U;
-    memcpy(origx, x, (uint32_t)5U * sizeof x[0U]);
-    Hacl_Bignum_fsum(x, z);
-    Hacl_Bignum_fdifference(z, origx);
-    memcpy(origxprime, xprime, (uint32_t)5U * sizeof xprime[0U]);
-    Hacl_Bignum_fsum(xprime, zprime);
-    Hacl_Bignum_fdifference(zprime, origxprime);
-    Hacl_Bignum_fmul(xxprime0, xprime, z);
-    Hacl_Bignum_fmul(zzprime0, x, zprime);
-    uint64_t *origxprime0 = buf + (uint32_t)5U;
-    uint64_t *xx0 = buf + (uint32_t)15U;
-    uint64_t *zz0 = buf + (uint32_t)20U;
-    uint64_t *xxprime = buf + (uint32_t)25U;
-    uint64_t *zzprime = buf + (uint32_t)30U;
-    uint64_t *zzzprime = buf + (uint32_t)35U;
-    memcpy(origxprime0, xxprime, (uint32_t)5U * sizeof xxprime[0U]);
-    Hacl_Bignum_fsum(xxprime, zzprime);
-    Hacl_Bignum_fdifference(zzprime, origxprime0);
-    Hacl_Bignum_Fsquare_fsquare_times(x3, xxprime, (uint32_t)1U);
-    Hacl_Bignum_Fsquare_fsquare_times(zzzprime, zzprime, (uint32_t)1U);
-    Hacl_Bignum_fmul(z3, zzzprime, qx);
-    Hacl_Bignum_Fsquare_fsquare_times(xx0, x, (uint32_t)1U);
-    Hacl_Bignum_Fsquare_fsquare_times(zz0, z, (uint32_t)1U);
-    uint64_t *zzz = buf + (uint32_t)10U;
-    uint64_t *xx = buf + (uint32_t)15U;
-    uint64_t *zz = buf + (uint32_t)20U;
-    Hacl_Bignum_fmul(x2, xx, zz);
-    Hacl_Bignum_fdifference(zz, xx);
-    uint64_t scalar = (uint64_t)121665U;
-    Hacl_Bignum_fscalar(zzz, zz, scalar);
-    Hacl_Bignum_fsum(zzz, xx);
-    Hacl_Bignum_fmul(z2, zzz, zz);
-}
-
-static void
-Hacl_EC_Ladder_SmallLoop_cmult_small_loop_step(
-    uint64_t *nq,
-    uint64_t *nqpq,
-    uint64_t *nq2,
-    uint64_t *nqpq2,
-    uint64_t *q,
-    uint8_t byt)
-{
-    uint64_t bit = (uint64_t)(byt >> (uint32_t)7U);
-    Hacl_EC_Point_swap_conditional(nq, nqpq, bit);
-    Hacl_EC_AddAndDouble_fmonty(nq2, nqpq2, nq, nqpq, q);
-    uint64_t bit0 = (uint64_t)(byt >> (uint32_t)7U);
-    Hacl_EC_Point_swap_conditional(nq2, nqpq2, bit0);
-}
-
-static void
-Hacl_EC_Ladder_SmallLoop_cmult_small_loop_double_step(
-    uint64_t *nq,
-    uint64_t *nqpq,
-    uint64_t *nq2,
-    uint64_t *nqpq2,
-    uint64_t *q,
-    uint8_t byt)
-{
-    Hacl_EC_Ladder_SmallLoop_cmult_small_loop_step(nq, nqpq, nq2, nqpq2, q, byt);
-    uint8_t byt1 = byt << (uint32_t)1U;
-    Hacl_EC_Ladder_SmallLoop_cmult_small_loop_step(nq2, nqpq2, nq, nqpq, q, byt1);
-}
-
-static void
-Hacl_EC_Ladder_SmallLoop_cmult_small_loop(
-    uint64_t *nq,
-    uint64_t *nqpq,
-    uint64_t *nq2,
-    uint64_t *nqpq2,
-    uint64_t *q,
-    uint8_t byt,
-    uint32_t i)
-{
-    if (!(i == (uint32_t)0U)) {
-        uint32_t i_ = i - (uint32_t)1U;
-        Hacl_EC_Ladder_SmallLoop_cmult_small_loop_double_step(nq, nqpq, nq2, nqpq2, q, byt);
-        uint8_t byt_ = byt << (uint32_t)2U;
-        Hacl_EC_Ladder_SmallLoop_cmult_small_loop(nq, nqpq, nq2, nqpq2, q, byt_, i_);
-    }
-}
-
-static void
-Hacl_EC_Ladder_BigLoop_cmult_big_loop(
-    uint8_t *n1,
-    uint64_t *nq,
-    uint64_t *nqpq,
-    uint64_t *nq2,
-    uint64_t *nqpq2,
-    uint64_t *q,
-    uint32_t i)
-{
-    if (!(i == (uint32_t)0U)) {
-        uint32_t i1 = i - (uint32_t)1U;
-        uint8_t byte = n1[i1];
-        Hacl_EC_Ladder_SmallLoop_cmult_small_loop(nq, nqpq, nq2, nqpq2, q, byte, (uint32_t)4U);
-        Hacl_EC_Ladder_BigLoop_cmult_big_loop(n1, nq, nqpq, nq2, nqpq2, q, i1);
-    }
-}
-
-static void
-Hacl_EC_Ladder_cmult(uint64_t *result, uint8_t *n1, uint64_t *q)
-{
-    uint64_t point_buf[40U] = { 0U };
-    uint64_t *nq = point_buf;
-    uint64_t *nqpq = point_buf + (uint32_t)10U;
-    uint64_t *nq2 = point_buf + (uint32_t)20U;
-    uint64_t *nqpq2 = point_buf + (uint32_t)30U;
-    Hacl_EC_Point_copy(nqpq, q);
-    nq[0U] = (uint64_t)1U;
-    Hacl_EC_Ladder_BigLoop_cmult_big_loop(n1, nq, nqpq, nq2, nqpq2, q, (uint32_t)32U);
-    Hacl_EC_Point_copy(result, nq);
-}
-
-static void
-Hacl_EC_Format_fexpand(uint64_t *output, uint8_t *input)
-{
-    uint64_t i0 = load64_le(input);
-    uint8_t *x00 = input + (uint32_t)6U;
-    uint64_t i1 = load64_le(x00);
-    uint8_t *x01 = input + (uint32_t)12U;
-    uint64_t i2 = load64_le(x01);
-    uint8_t *x02 = input + (uint32_t)19U;
-    uint64_t i3 = load64_le(x02);
-    uint8_t *x0 = input + (uint32_t)24U;
-    uint64_t i4 = load64_le(x0);
-    uint64_t output0 = i0 & (uint64_t)0x7ffffffffffffU;
-    uint64_t output1 = i1 >> (uint32_t)3U & (uint64_t)0x7ffffffffffffU;
-    uint64_t output2 = i2 >> (uint32_t)6U & (uint64_t)0x7ffffffffffffU;
-    uint64_t output3 = i3 >> (uint32_t)1U & (uint64_t)0x7ffffffffffffU;
-    uint64_t output4 = i4 >> (uint32_t)12U & (uint64_t)0x7ffffffffffffU;
-    output[0U] = output0;
-    output[1U] = output1;
-    output[2U] = output2;
-    output[3U] = output3;
-    output[4U] = output4;
-}
-
-static void
-Hacl_EC_Format_fcontract_first_carry_pass(uint64_t *input)
-{
-    uint64_t t0 = input[0U];
-    uint64_t t1 = input[1U];
-    uint64_t t2 = input[2U];
-    uint64_t t3 = input[3U];
-    uint64_t t4 = input[4U];
-    uint64_t t1_ = t1 + (t0 >> (uint32_t)51U);
-    uint64_t t0_ = t0 & (uint64_t)0x7ffffffffffffU;
-    uint64_t t2_ = t2 + (t1_ >> (uint32_t)51U);
-    uint64_t t1__ = t1_ & (uint64_t)0x7ffffffffffffU;
-    uint64_t t3_ = t3 + (t2_ >> (uint32_t)51U);
-    uint64_t t2__ = t2_ & (uint64_t)0x7ffffffffffffU;
-    uint64_t t4_ = t4 + (t3_ >> (uint32_t)51U);
-    uint64_t t3__ = t3_ & (uint64_t)0x7ffffffffffffU;
-    input[0U] = t0_;
-    input[1U] = t1__;
-    input[2U] = t2__;
-    input[3U] = t3__;
-    input[4U] = t4_;
-}
-
-static void
-Hacl_EC_Format_fcontract_first_carry_full(uint64_t *input)
-{
-    Hacl_EC_Format_fcontract_first_carry_pass(input);
-    Hacl_Bignum_Modulo_carry_top(input);
-}
-
-static void
-Hacl_EC_Format_fcontract_second_carry_pass(uint64_t *input)
-{
-    uint64_t t0 = input[0U];
-    uint64_t t1 = input[1U];
-    uint64_t t2 = input[2U];
-    uint64_t t3 = input[3U];
-    uint64_t t4 = input[4U];
-    uint64_t t1_ = t1 + (t0 >> (uint32_t)51U);
-    uint64_t t0_ = t0 & (uint64_t)0x7ffffffffffffU;
-    uint64_t t2_ = t2 + (t1_ >> (uint32_t)51U);
-    uint64_t t1__ = t1_ & (uint64_t)0x7ffffffffffffU;
-    uint64_t t3_ = t3 + (t2_ >> (uint32_t)51U);
-    uint64_t t2__ = t2_ & (uint64_t)0x7ffffffffffffU;
-    uint64_t t4_ = t4 + (t3_ >> (uint32_t)51U);
-    uint64_t t3__ = t3_ & (uint64_t)0x7ffffffffffffU;
-    input[0U] = t0_;
-    input[1U] = t1__;
-    input[2U] = t2__;
-    input[3U] = t3__;
-    input[4U] = t4_;
-}
-
-static void
-Hacl_EC_Format_fcontract_second_carry_full(uint64_t *input)
-{
-    Hacl_EC_Format_fcontract_second_carry_pass(input);
-    Hacl_Bignum_Modulo_carry_top(input);
-    uint64_t i0 = input[0U];
-    uint64_t i1 = input[1U];
-    uint64_t i0_ = i0 & (uint64_t)0x7ffffffffffffU;
-    uint64_t i1_ = i1 + (i0 >> (uint32_t)51U);
-    input[0U] = i0_;
-    input[1U] = i1_;
-}
-
-static void
-Hacl_EC_Format_fcontract_trim(uint64_t *input)
-{
-    uint64_t a0 = input[0U];
-    uint64_t a1 = input[1U];
-    uint64_t a2 = input[2U];
-    uint64_t a3 = input[3U];
-    uint64_t a4 = input[4U];
-    uint64_t mask0 = FStar_UInt64_gte_mask(a0, (uint64_t)0x7ffffffffffedU);
-    uint64_t mask1 = FStar_UInt64_eq_mask(a1, (uint64_t)0x7ffffffffffffU);
-    uint64_t mask2 = FStar_UInt64_eq_mask(a2, (uint64_t)0x7ffffffffffffU);
-    uint64_t mask3 = FStar_UInt64_eq_mask(a3, (uint64_t)0x7ffffffffffffU);
-    uint64_t mask4 = FStar_UInt64_eq_mask(a4, (uint64_t)0x7ffffffffffffU);
-    uint64_t mask = (((mask0 & mask1) & mask2) & mask3) & mask4;
-    uint64_t a0_ = a0 - ((uint64_t)0x7ffffffffffedU & mask);
-    uint64_t a1_ = a1 - ((uint64_t)0x7ffffffffffffU & mask);
-    uint64_t a2_ = a2 - ((uint64_t)0x7ffffffffffffU & mask);
-    uint64_t a3_ = a3 - ((uint64_t)0x7ffffffffffffU & mask);
-    uint64_t a4_ = a4 - ((uint64_t)0x7ffffffffffffU & mask);
-    input[0U] = a0_;
-    input[1U] = a1_;
-    input[2U] = a2_;
-    input[3U] = a3_;
-    input[4U] = a4_;
-}
-
-static void
-Hacl_EC_Format_fcontract_store(uint8_t *output, uint64_t *input)
-{
-    uint64_t t0 = input[0U];
-    uint64_t t1 = input[1U];
-    uint64_t t2 = input[2U];
-    uint64_t t3 = input[3U];
-    uint64_t t4 = input[4U];
-    uint64_t o0 = t1 << (uint32_t)51U | t0;
-    uint64_t o1 = t2 << (uint32_t)38U | t1 >> (uint32_t)13U;
-    uint64_t o2 = t3 << (uint32_t)25U | t2 >> (uint32_t)26U;
-    uint64_t o3 = t4 << (uint32_t)12U | t3 >> (uint32_t)39U;
-    uint8_t *b0 = output;
-    uint8_t *b1 = output + (uint32_t)8U;
-    uint8_t *b2 = output + (uint32_t)16U;
-    uint8_t *b3 = output + (uint32_t)24U;
-    store64_le(b0, o0);
-    store64_le(b1, o1);
-    store64_le(b2, o2);
-    store64_le(b3, o3);
-}
-
-static void
-Hacl_EC_Format_fcontract(uint8_t *output, uint64_t *input)
-{
-    Hacl_EC_Format_fcontract_first_carry_full(input);
-    Hacl_EC_Format_fcontract_second_carry_full(input);
-    Hacl_EC_Format_fcontract_trim(input);
-    Hacl_EC_Format_fcontract_store(output, input);
-}
-
-static void
-Hacl_EC_Format_scalar_of_point(uint8_t *scalar, uint64_t *point)
-{
-    uint64_t *x = point;
-    uint64_t *z = point + (uint32_t)5U;
-    uint64_t buf[10U] = { 0U };
-    uint64_t *zmone = buf;
-    uint64_t *sc = buf + (uint32_t)5U;
-    Hacl_Bignum_crecip(zmone, z);
-    Hacl_Bignum_fmul(sc, x, zmone);
-    Hacl_EC_Format_fcontract(scalar, sc);
-}
-
-void
-Hacl_EC_crypto_scalarmult(uint8_t *mypublic, uint8_t *secret, uint8_t *basepoint)
-{
-    uint64_t buf0[10U] = { 0U };
-    uint64_t *x0 = buf0;
-    uint64_t *z = buf0 + (uint32_t)5U;
-    Hacl_EC_Format_fexpand(x0, basepoint);
-    z[0U] = (uint64_t)1U;
-    uint64_t *q = buf0;
-    uint8_t e[32U] = { 0U };
-    memcpy(e, secret, (uint32_t)32U * sizeof secret[0U]);
-    uint8_t e0 = e[0U];
-    uint8_t e31 = e[31U];
-    uint8_t e01 = e0 & (uint8_t)248U;
-    uint8_t e311 = e31 & (uint8_t)127U;
-    uint8_t e312 = e311 | (uint8_t)64U;
-    e[0U] = e01;
-    e[31U] = e312;
-    uint8_t *scalar = e;
-    uint64_t buf[15U] = { 0U };
-    uint64_t *nq = buf;
-    uint64_t *x = nq;
-    x[0U] = (uint64_t)1U;
-    Hacl_EC_Ladder_cmult(nq, scalar, q);
-    Hacl_EC_Format_scalar_of_point(mypublic, nq);
-}
-
-void
-Hacl_Curve25519_crypto_scalarmult(uint8_t *mypublic, uint8_t *secret, uint8_t *basepoint)
-{
-    Hacl_EC_crypto_scalarmult(mypublic, secret, basepoint);
-}
diff --git a/security/nss/lib/freebl/verified/Hacl_Curve25519.h b/security/nss/lib/freebl/verified/Hacl_Curve25519.h
deleted file mode 100644
index 0e443f177..000000000
--- a/security/nss/lib/freebl/verified/Hacl_Curve25519.h
+++ /dev/null
@@ -1,57 +0,0 @@
-/* Copyright 2016-2017 INRIA and Microsoft Corporation
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include "kremlib.h"
-#ifndef __Hacl_Curve25519_H
-#define __Hacl_Curve25519_H
-
-typedef uint64_t Hacl_Bignum_Constants_limb;
-
-typedef FStar_UInt128_t Hacl_Bignum_Constants_wide;
-
-typedef uint64_t Hacl_Bignum_Parameters_limb;
-
-typedef FStar_UInt128_t Hacl_Bignum_Parameters_wide;
-
-typedef uint32_t Hacl_Bignum_Parameters_ctr;
-
-typedef uint64_t *Hacl_Bignum_Parameters_felem;
-
-typedef FStar_UInt128_t *Hacl_Bignum_Parameters_felem_wide;
-
-typedef void *Hacl_Bignum_Parameters_seqelem;
-
-typedef void *Hacl_Bignum_Parameters_seqelem_wide;
-
-typedef FStar_UInt128_t Hacl_Bignum_Wide_t;
-
-typedef uint64_t Hacl_Bignum_Limb_t;
-
-extern void Hacl_Bignum_lemma_diff(Prims_int x0, Prims_int x1, Prims_pos x2);
-
-typedef uint64_t *Hacl_EC_Point_point;
-
-typedef uint8_t *Hacl_EC_Ladder_SmallLoop_uint8_p;
-
-typedef uint8_t *Hacl_EC_Ladder_uint8_p;
-
-typedef uint8_t *Hacl_EC_Format_uint8_p;
-
-void Hacl_EC_crypto_scalarmult(uint8_t *mypublic, uint8_t *secret, uint8_t *basepoint);
-
-typedef uint8_t *Hacl_Curve25519_uint8_p;
-
-void Hacl_Curve25519_crypto_scalarmult(uint8_t *mypublic, uint8_t *secret, uint8_t *basepoint);
-#endif
diff --git a/security/nss/lib/freebl/verified/Hacl_Poly1305_64.c b/security/nss/lib/freebl/verified/Hacl_Poly1305_64.c
deleted file mode 100644
index 984031ae2..000000000
--- a/security/nss/lib/freebl/verified/Hacl_Poly1305_64.c
+++ /dev/null
@@ -1,485 +0,0 @@
-/* Copyright 2016-2017 INRIA and Microsoft Corporation
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include "Hacl_Poly1305_64.h"
-
-inline static void
-Hacl_Bignum_Modulo_reduce(uint64_t *b)
-{
-    uint64_t b0 = b[0U];
-    b[0U] = (b0 << (uint32_t)4U) + (b0 << (uint32_t)2U);
-}
-
-inline static void
-Hacl_Bignum_Modulo_carry_top(uint64_t *b)
-{
-    uint64_t b2 = b[2U];
-    uint64_t b0 = b[0U];
-    uint64_t b2_42 = b2 >> (uint32_t)42U;
-    b[2U] = b2 & (uint64_t)0x3ffffffffffU;
-    b[0U] = (b2_42 << (uint32_t)2U) + b2_42 + b0;
-}
-
-inline static void
-Hacl_Bignum_Modulo_carry_top_wide(FStar_UInt128_t *b)
-{
-    FStar_UInt128_t b2 = b[2U];
-    FStar_UInt128_t b0 = b[0U];
-    FStar_UInt128_t
-        b2_ = FStar_UInt128_logand(b2, FStar_UInt128_uint64_to_uint128((uint64_t)0x3ffffffffffU));
-    uint64_t b2_42 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(b2, (uint32_t)42U));
-    FStar_UInt128_t
-        b0_ = FStar_UInt128_add(b0, FStar_UInt128_uint64_to_uint128((b2_42 << (uint32_t)2U) + b2_42));
-    b[2U] = b2_;
-    b[0U] = b0_;
-}
-
-inline static void
-Hacl_Bignum_Fproduct_copy_from_wide_(uint64_t *output, FStar_UInt128_t *input)
-{
-    for (uint32_t i = (uint32_t)0U; i < (uint32_t)3U; i = i + (uint32_t)1U) {
-        FStar_UInt128_t xi = input[i];
-        output[i] = FStar_UInt128_uint128_to_uint64(xi);
-    }
-}
-
-inline static void
-Hacl_Bignum_Fproduct_sum_scalar_multiplication_(
-    FStar_UInt128_t *output,
-    uint64_t *input,
-    uint64_t s)
-{
-    for (uint32_t i = (uint32_t)0U; i < (uint32_t)3U; i = i + (uint32_t)1U) {
-        FStar_UInt128_t xi = output[i];
-        uint64_t yi = input[i];
-        output[i] = FStar_UInt128_add_mod(xi, FStar_UInt128_mul_wide(yi, s));
-    }
-}
-
-inline static void
-Hacl_Bignum_Fproduct_carry_wide_(FStar_UInt128_t *tmp)
-{
-    for (uint32_t i = (uint32_t)0U; i < (uint32_t)2U; i = i + (uint32_t)1U) {
-        uint32_t ctr = i;
-        FStar_UInt128_t tctr = tmp[ctr];
-        FStar_UInt128_t tctrp1 = tmp[ctr + (uint32_t)1U];
-        uint64_t r0 = FStar_UInt128_uint128_to_uint64(tctr) & (uint64_t)0xfffffffffffU;
-        FStar_UInt128_t c = FStar_UInt128_shift_right(tctr, (uint32_t)44U);
-        tmp[ctr] = FStar_UInt128_uint64_to_uint128(r0);
-        tmp[ctr + (uint32_t)1U] = FStar_UInt128_add(tctrp1, c);
-    }
-}
-
-inline static void
-Hacl_Bignum_Fproduct_carry_limb_(uint64_t *tmp)
-{
-    for (uint32_t i = (uint32_t)0U; i < (uint32_t)2U; i = i + (uint32_t)1U) {
-        uint32_t ctr = i;
-        uint64_t tctr = tmp[ctr];
-        uint64_t tctrp1 = tmp[ctr + (uint32_t)1U];
-        uint64_t r0 = tctr & (uint64_t)0xfffffffffffU;
-        uint64_t c = tctr >> (uint32_t)44U;
-        tmp[ctr] = r0;
-        tmp[ctr + (uint32_t)1U] = tctrp1 + c;
-    }
-}
-
-inline static void
-Hacl_Bignum_Fmul_shift_reduce(uint64_t *output)
-{
-    uint64_t tmp = output[2U];
-    for (uint32_t i = (uint32_t)0U; i < (uint32_t)2U; i = i + (uint32_t)1U) {
-        uint32_t ctr = (uint32_t)3U - i - (uint32_t)1U;
-        uint64_t z = output[ctr - (uint32_t)1U];
-        output[ctr] = z;
-    }
-    output[0U] = tmp;
-    Hacl_Bignum_Modulo_reduce(output);
-}
-
-static void
-Hacl_Bignum_Fmul_mul_shift_reduce_(FStar_UInt128_t *output, uint64_t *input, uint64_t *input2)
-{
-    for (uint32_t i = (uint32_t)0U; i < (uint32_t)2U; i = i + (uint32_t)1U) {
-        uint64_t input2i = input2[i];
-        Hacl_Bignum_Fproduct_sum_scalar_multiplication_(output, input, input2i);
-        Hacl_Bignum_Fmul_shift_reduce(input);
-    }
-    uint32_t i = (uint32_t)2U;
-    uint64_t input2i = input2[i];
-    Hacl_Bignum_Fproduct_sum_scalar_multiplication_(output, input, input2i);
-}
-
-inline static void
-Hacl_Bignum_Fmul_fmul(uint64_t *output, uint64_t *input, uint64_t *input2)
-{
-    uint64_t tmp[3U] = { 0U };
-    memcpy(tmp, input, (uint32_t)3U * sizeof input[0U]);
-    KRML_CHECK_SIZE(FStar_UInt128_uint64_to_uint128((uint64_t)0U), (uint32_t)3U);
-    FStar_UInt128_t t[3U];
-    for (uint32_t _i = 0U; _i < (uint32_t)3U; ++_i)
-        t[_i] = FStar_UInt128_uint64_to_uint128((uint64_t)0U);
-    Hacl_Bignum_Fmul_mul_shift_reduce_(t, tmp, input2);
-    Hacl_Bignum_Fproduct_carry_wide_(t);
-    Hacl_Bignum_Modulo_carry_top_wide(t);
-    Hacl_Bignum_Fproduct_copy_from_wide_(output, t);
-    uint64_t i0 = output[0U];
-    uint64_t i1 = output[1U];
-    uint64_t i0_ = i0 & (uint64_t)0xfffffffffffU;
-    uint64_t i1_ = i1 + (i0 >> (uint32_t)44U);
-    output[0U] = i0_;
-    output[1U] = i1_;
-}
-
-inline static void
-Hacl_Bignum_AddAndMultiply_add_and_multiply(uint64_t *acc, uint64_t *block, uint64_t *r)
-{
-    for (uint32_t i = (uint32_t)0U; i < (uint32_t)3U; i = i + (uint32_t)1U) {
-        uint64_t xi = acc[i];
-        uint64_t yi = block[i];
-        acc[i] = xi + yi;
-    }
-    Hacl_Bignum_Fmul_fmul(acc, acc, r);
-}
-
-inline static void
-Hacl_Impl_Poly1305_64_poly1305_update(
-    Hacl_Impl_Poly1305_64_State_poly1305_state st,
-    uint8_t *m)
-{
-    Hacl_Impl_Poly1305_64_State_poly1305_state scrut0 = st;
-    uint64_t *h = scrut0.h;
-    uint64_t *acc = h;
-    Hacl_Impl_Poly1305_64_State_poly1305_state scrut = st;
-    uint64_t *r = scrut.r;
-    uint64_t *r3 = r;
-    uint64_t tmp[3U] = { 0U };
-    FStar_UInt128_t m0 = load128_le(m);
-    uint64_t r0 = FStar_UInt128_uint128_to_uint64(m0) & (uint64_t)0xfffffffffffU;
-    uint64_t
-        r1 =
-            FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(m0, (uint32_t)44U)) & (uint64_t)0xfffffffffffU;
-    uint64_t r2 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(m0, (uint32_t)88U));
-    tmp[0U] = r0;
-    tmp[1U] = r1;
-    tmp[2U] = r2;
-    uint64_t b2 = tmp[2U];
-    uint64_t b2_ = (uint64_t)0x10000000000U | b2;
-    tmp[2U] = b2_;
-    Hacl_Bignum_AddAndMultiply_add_and_multiply(acc, tmp, r3);
-}
-
-inline static void
-Hacl_Impl_Poly1305_64_poly1305_process_last_block_(
-    uint8_t *block,
-    Hacl_Impl_Poly1305_64_State_poly1305_state st,
-    uint8_t *m,
-    uint64_t rem_)
-{
-    uint64_t tmp[3U] = { 0U };
-    FStar_UInt128_t m0 = load128_le(block);
-    uint64_t r0 = FStar_UInt128_uint128_to_uint64(m0) & (uint64_t)0xfffffffffffU;
-    uint64_t
-        r1 =
-            FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(m0, (uint32_t)44U)) & (uint64_t)0xfffffffffffU;
-    uint64_t r2 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(m0, (uint32_t)88U));
-    tmp[0U] = r0;
-    tmp[1U] = r1;
-    tmp[2U] = r2;
-    Hacl_Impl_Poly1305_64_State_poly1305_state scrut0 = st;
-    uint64_t *h = scrut0.h;
-    Hacl_Impl_Poly1305_64_State_poly1305_state scrut = st;
-    uint64_t *r = scrut.r;
-    Hacl_Bignum_AddAndMultiply_add_and_multiply(h, tmp, r);
-}
-
-inline static void
-Hacl_Impl_Poly1305_64_poly1305_process_last_block(
-    Hacl_Impl_Poly1305_64_State_poly1305_state st,
-    uint8_t *m,
-    uint64_t rem_)
-{
-    uint8_t zero1 = (uint8_t)0U;
-    KRML_CHECK_SIZE(zero1, (uint32_t)16U);
-    uint8_t block[16U];
-    for (uint32_t _i = 0U; _i < (uint32_t)16U; ++_i)
-        block[_i] = zero1;
-    uint32_t i0 = (uint32_t)rem_;
-    uint32_t i = (uint32_t)rem_;
-    memcpy(block, m, i * sizeof m[0U]);
-    block[i0] = (uint8_t)1U;
-    Hacl_Impl_Poly1305_64_poly1305_process_last_block_(block, st, m, rem_);
-}
-
-static void
-Hacl_Impl_Poly1305_64_poly1305_last_pass(uint64_t *acc)
-{
-    Hacl_Bignum_Fproduct_carry_limb_(acc);
-    Hacl_Bignum_Modulo_carry_top(acc);
-    uint64_t a0 = acc[0U];
-    uint64_t a10 = acc[1U];
-    uint64_t a20 = acc[2U];
-    uint64_t a0_ = a0 & (uint64_t)0xfffffffffffU;
-    uint64_t r0 = a0 >> (uint32_t)44U;
-    uint64_t a1_ = (a10 + r0) & (uint64_t)0xfffffffffffU;
-    uint64_t r1 = (a10 + r0) >> (uint32_t)44U;
-    uint64_t a2_ = a20 + r1;
-    acc[0U] = a0_;
-    acc[1U] = a1_;
-    acc[2U] = a2_;
-    Hacl_Bignum_Modulo_carry_top(acc);
-    uint64_t i0 = acc[0U];
-    uint64_t i1 = acc[1U];
-    uint64_t i0_ = i0 & (uint64_t)0xfffffffffffU;
-    uint64_t i1_ = i1 + (i0 >> (uint32_t)44U);
-    acc[0U] = i0_;
-    acc[1U] = i1_;
-    uint64_t a00 = acc[0U];
-    uint64_t a1 = acc[1U];
-    uint64_t a2 = acc[2U];
-    uint64_t mask0 = FStar_UInt64_gte_mask(a00, (uint64_t)0xffffffffffbU);
-    uint64_t mask1 = FStar_UInt64_eq_mask(a1, (uint64_t)0xfffffffffffU);
-    uint64_t mask2 = FStar_UInt64_eq_mask(a2, (uint64_t)0x3ffffffffffU);
-    uint64_t mask = (mask0 & mask1) & mask2;
-    uint64_t a0_0 = a00 - ((uint64_t)0xffffffffffbU & mask);
-    uint64_t a1_0 = a1 - ((uint64_t)0xfffffffffffU & mask);
-    uint64_t a2_0 = a2 - ((uint64_t)0x3ffffffffffU & mask);
-    acc[0U] = a0_0;
-    acc[1U] = a1_0;
-    acc[2U] = a2_0;
-}
-
-static Hacl_Impl_Poly1305_64_State_poly1305_state
-Hacl_Impl_Poly1305_64_mk_state(uint64_t *r, uint64_t *h)
-{
-    return ((Hacl_Impl_Poly1305_64_State_poly1305_state){.r = r, .h = h });
-}
-
-static void
-Hacl_Standalone_Poly1305_64_poly1305_blocks(
-    Hacl_Impl_Poly1305_64_State_poly1305_state st,
-    uint8_t *m,
-    uint64_t len1)
-{
-    if (!(len1 == (uint64_t)0U)) {
-        uint8_t *block = m;
-        uint8_t *tail1 = m + (uint32_t)16U;
-        Hacl_Impl_Poly1305_64_poly1305_update(st, block);
-        uint64_t len2 = len1 - (uint64_t)1U;
-        Hacl_Standalone_Poly1305_64_poly1305_blocks(st, tail1, len2);
-    }
-}
-
-static void
-Hacl_Standalone_Poly1305_64_poly1305_partial(
-    Hacl_Impl_Poly1305_64_State_poly1305_state st,
-    uint8_t *input,
-    uint64_t len1,
-    uint8_t *kr)
-{
-    Hacl_Impl_Poly1305_64_State_poly1305_state scrut = st;
-    uint64_t *r = scrut.r;
-    uint64_t *x0 = r;
-    FStar_UInt128_t k1 = load128_le(kr);
-    FStar_UInt128_t
-        k_clamped =
-            FStar_UInt128_logand(k1,
-                                 FStar_UInt128_logor(FStar_UInt128_shift_left(FStar_UInt128_uint64_to_uint128((uint64_t)0x0ffffffc0ffffffcU),
-                                                                              (uint32_t)64U),
-                                                     FStar_UInt128_uint64_to_uint128((uint64_t)0x0ffffffc0fffffffU)));
-    uint64_t r0 = FStar_UInt128_uint128_to_uint64(k_clamped) & (uint64_t)0xfffffffffffU;
-    uint64_t
-        r1 =
-            FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(k_clamped, (uint32_t)44U)) & (uint64_t)0xfffffffffffU;
-    uint64_t
-        r2 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(k_clamped, (uint32_t)88U));
-    x0[0U] = r0;
-    x0[1U] = r1;
-    x0[2U] = r2;
-    Hacl_Impl_Poly1305_64_State_poly1305_state scrut0 = st;
-    uint64_t *h = scrut0.h;
-    uint64_t *x00 = h;
-    x00[0U] = (uint64_t)0U;
-    x00[1U] = (uint64_t)0U;
-    x00[2U] = (uint64_t)0U;
-    Hacl_Standalone_Poly1305_64_poly1305_blocks(st, input, len1);
-}
-
-static void
-Hacl_Standalone_Poly1305_64_poly1305_complete(
-    Hacl_Impl_Poly1305_64_State_poly1305_state st,
-    uint8_t *m,
-    uint64_t len1,
-    uint8_t *k1)
-{
-    uint8_t *kr = k1;
-    uint64_t len16 = len1 >> (uint32_t)4U;
-    uint64_t rem16 = len1 & (uint64_t)0xfU;
-    uint8_t *part_input = m;
-    uint8_t *last_block = m + (uint32_t)((uint64_t)16U * len16);
-    Hacl_Standalone_Poly1305_64_poly1305_partial(st, part_input, len16, kr);
-    if (!(rem16 == (uint64_t)0U))
-        Hacl_Impl_Poly1305_64_poly1305_process_last_block(st, last_block, rem16);
-    Hacl_Impl_Poly1305_64_State_poly1305_state scrut = st;
-    uint64_t *h = scrut.h;
-    uint64_t *acc = h;
-    Hacl_Impl_Poly1305_64_poly1305_last_pass(acc);
-}
-
-static void
-Hacl_Standalone_Poly1305_64_crypto_onetimeauth_(
-    uint8_t *output,
-    uint8_t *input,
-    uint64_t len1,
-    uint8_t *k1)
-{
-    uint64_t buf[6U] = { 0U };
-    uint64_t *r = buf;
-    uint64_t *h = buf + (uint32_t)3U;
-    Hacl_Impl_Poly1305_64_State_poly1305_state st = Hacl_Impl_Poly1305_64_mk_state(r, h);
-    uint8_t *key_s = k1 + (uint32_t)16U;
-    Hacl_Standalone_Poly1305_64_poly1305_complete(st, input, len1, k1);
-    Hacl_Impl_Poly1305_64_State_poly1305_state scrut = st;
-    uint64_t *h3 = scrut.h;
-    uint64_t *acc = h3;
-    FStar_UInt128_t k_ = load128_le(key_s);
-    uint64_t h0 = acc[0U];
-    uint64_t h1 = acc[1U];
-    uint64_t h2 = acc[2U];
-    FStar_UInt128_t
-        acc_ =
-            FStar_UInt128_logor(FStar_UInt128_shift_left(FStar_UInt128_uint64_to_uint128(h2
-                                                                                             << (uint32_t)24U |
-                                                                                         h1 >> (uint32_t)20U),
-                                                         (uint32_t)64U),
-                                FStar_UInt128_uint64_to_uint128(h1 << (uint32_t)44U | h0));
-    FStar_UInt128_t mac_ = FStar_UInt128_add_mod(acc_, k_);
-    store128_le(output, mac_);
-}
-
-static void
-Hacl_Standalone_Poly1305_64_crypto_onetimeauth(
-    uint8_t *output,
-    uint8_t *input,
-    uint64_t len1,
-    uint8_t *k1)
-{
-    Hacl_Standalone_Poly1305_64_crypto_onetimeauth_(output, input, len1, k1);
-}
-
-Hacl_Impl_Poly1305_64_State_poly1305_state
-Hacl_Poly1305_64_mk_state(uint64_t *r, uint64_t *acc)
-{
-    return Hacl_Impl_Poly1305_64_mk_state(r, acc);
-}
-
-void
-Hacl_Poly1305_64_init(Hacl_Impl_Poly1305_64_State_poly1305_state st, uint8_t *k1)
-{
-    Hacl_Impl_Poly1305_64_State_poly1305_state scrut = st;
-    uint64_t *r = scrut.r;
-    uint64_t *x0 = r;
-    FStar_UInt128_t k10 = load128_le(k1);
-    FStar_UInt128_t
-        k_clamped =
-            FStar_UInt128_logand(k10,
-                                 FStar_UInt128_logor(FStar_UInt128_shift_left(FStar_UInt128_uint64_to_uint128((uint64_t)0x0ffffffc0ffffffcU),
-                                                                              (uint32_t)64U),
-                                                     FStar_UInt128_uint64_to_uint128((uint64_t)0x0ffffffc0fffffffU)));
-    uint64_t r0 = FStar_UInt128_uint128_to_uint64(k_clamped) & (uint64_t)0xfffffffffffU;
-    uint64_t
-        r1 =
-            FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(k_clamped, (uint32_t)44U)) & (uint64_t)0xfffffffffffU;
-    uint64_t
-        r2 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(k_clamped, (uint32_t)88U));
-    x0[0U] = r0;
-    x0[1U] = r1;
-    x0[2U] = r2;
-    Hacl_Impl_Poly1305_64_State_poly1305_state scrut0 = st;
-    uint64_t *h = scrut0.h;
-    uint64_t *x00 = h;
-    x00[0U] = (uint64_t)0U;
-    x00[1U] = (uint64_t)0U;
-    x00[2U] = (uint64_t)0U;
-}
-
-void
-Hacl_Poly1305_64_update_block(Hacl_Impl_Poly1305_64_State_poly1305_state st, uint8_t *m)
-{
-    Hacl_Impl_Poly1305_64_poly1305_update(st, m);
-}
-
-void
-Hacl_Poly1305_64_update(
-    Hacl_Impl_Poly1305_64_State_poly1305_state st,
-    uint8_t *m,
-    uint32_t num_blocks)
-{
-    if (!(num_blocks == (uint32_t)0U)) {
-        uint8_t *block = m;
-        uint8_t *m_ = m + (uint32_t)16U;
-        uint32_t n1 = num_blocks - (uint32_t)1U;
-        Hacl_Poly1305_64_update_block(st, block);
-        Hacl_Poly1305_64_update(st, m_, n1);
-    }
-}
-
-void
-Hacl_Poly1305_64_update_last(
-    Hacl_Impl_Poly1305_64_State_poly1305_state st,
-    uint8_t *m,
-    uint32_t len1)
-{
-    if (!((uint64_t)len1 == (uint64_t)0U))
-        Hacl_Impl_Poly1305_64_poly1305_process_last_block(st, m, (uint64_t)len1);
-    Hacl_Impl_Poly1305_64_State_poly1305_state scrut = st;
-    uint64_t *h = scrut.h;
-    uint64_t *acc = h;
-    Hacl_Impl_Poly1305_64_poly1305_last_pass(acc);
-}
-
-void
-Hacl_Poly1305_64_finish(
-    Hacl_Impl_Poly1305_64_State_poly1305_state st,
-    uint8_t *mac,
-    uint8_t *k1)
-{
-    Hacl_Impl_Poly1305_64_State_poly1305_state scrut = st;
-    uint64_t *h = scrut.h;
-    uint64_t *acc = h;
-    FStar_UInt128_t k_ = load128_le(k1);
-    uint64_t h0 = acc[0U];
-    uint64_t h1 = acc[1U];
-    uint64_t h2 = acc[2U];
-    FStar_UInt128_t
-        acc_ =
-            FStar_UInt128_logor(FStar_UInt128_shift_left(FStar_UInt128_uint64_to_uint128(h2
-                                                                                             << (uint32_t)24U |
-                                                                                         h1 >> (uint32_t)20U),
-                                                         (uint32_t)64U),
-                                FStar_UInt128_uint64_to_uint128(h1 << (uint32_t)44U | h0));
-    FStar_UInt128_t mac_ = FStar_UInt128_add_mod(acc_, k_);
-    store128_le(mac, mac_);
-}
-
-void
-Hacl_Poly1305_64_crypto_onetimeauth(
-    uint8_t *output,
-    uint8_t *input,
-    uint64_t len1,
-    uint8_t *k1)
-{
-    Hacl_Standalone_Poly1305_64_crypto_onetimeauth(output, input, len1, k1);
-}
diff --git a/security/nss/lib/freebl/verified/Hacl_Poly1305_64.h b/security/nss/lib/freebl/verified/Hacl_Poly1305_64.h
deleted file mode 100644
index 0aa9a0de3..000000000
--- a/security/nss/lib/freebl/verified/Hacl_Poly1305_64.h
+++ /dev/null
@@ -1,99 +0,0 @@
-/* Copyright 2016-2017 INRIA and Microsoft Corporation
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include "kremlib.h"
-#ifndef __Hacl_Poly1305_64_H
-#define __Hacl_Poly1305_64_H
-
-typedef uint64_t Hacl_Bignum_Constants_limb;
-
-typedef FStar_UInt128_t Hacl_Bignum_Constants_wide;
-
-typedef FStar_UInt128_t Hacl_Bignum_Wide_t;
-
-typedef uint64_t Hacl_Bignum_Limb_t;
-
-typedef void *Hacl_Impl_Poly1305_64_State_log_t;
-
-typedef uint8_t *Hacl_Impl_Poly1305_64_State_uint8_p;
-
-typedef uint64_t *Hacl_Impl_Poly1305_64_State_bigint;
-
-typedef void *Hacl_Impl_Poly1305_64_State_seqelem;
-
-typedef uint64_t *Hacl_Impl_Poly1305_64_State_elemB;
-
-typedef uint8_t *Hacl_Impl_Poly1305_64_State_wordB;
-
-typedef uint8_t *Hacl_Impl_Poly1305_64_State_wordB_16;
-
-typedef struct
-{
-    uint64_t *r;
-    uint64_t *h;
-} Hacl_Impl_Poly1305_64_State_poly1305_state;
-
-typedef void *Hacl_Impl_Poly1305_64_log_t;
-
-typedef uint64_t *Hacl_Impl_Poly1305_64_bigint;
-
-typedef uint8_t *Hacl_Impl_Poly1305_64_uint8_p;
-
-typedef uint64_t *Hacl_Impl_Poly1305_64_elemB;
-
-typedef uint8_t *Hacl_Impl_Poly1305_64_wordB;
-
-typedef uint8_t *Hacl_Impl_Poly1305_64_wordB_16;
-
-typedef uint8_t *Hacl_Poly1305_64_uint8_p;
-
-typedef uint64_t Hacl_Poly1305_64_uint64_t;
-
-typedef uint8_t *Hacl_Poly1305_64_key;
-
-typedef Hacl_Impl_Poly1305_64_State_poly1305_state Hacl_Poly1305_64_state;
-
-Hacl_Impl_Poly1305_64_State_poly1305_state
-Hacl_Poly1305_64_mk_state(uint64_t *r, uint64_t *acc);
-
-void Hacl_Poly1305_64_init(Hacl_Impl_Poly1305_64_State_poly1305_state st, uint8_t *k1);
-
-void Hacl_Poly1305_64_update_block(Hacl_Impl_Poly1305_64_State_poly1305_state st, uint8_t *m);
-
-void
-Hacl_Poly1305_64_update(
-    Hacl_Impl_Poly1305_64_State_poly1305_state st,
-    uint8_t *m,
-    uint32_t num_blocks);
-
-void
-Hacl_Poly1305_64_update_last(
-    Hacl_Impl_Poly1305_64_State_poly1305_state st,
-    uint8_t *m,
-    uint32_t len1);
-
-void
-Hacl_Poly1305_64_finish(
-    Hacl_Impl_Poly1305_64_State_poly1305_state st,
-    uint8_t *mac,
-    uint8_t *k1);
-
-void
-Hacl_Poly1305_64_crypto_onetimeauth(
-    uint8_t *output,
-    uint8_t *input,
-    uint64_t len1,
-    uint8_t *k1);
-#endif
diff --git a/security/nss/lib/freebl/verified/kremlib.h b/security/nss/lib/freebl/verified/kremlib.h
deleted file mode 100644
index c12164e74..000000000
--- a/security/nss/lib/freebl/verified/kremlib.h
+++ /dev/null
@@ -1,672 +0,0 @@
-/* Copyright 2016-2017 INRIA and Microsoft Corporation
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef __KREMLIB_H
-#define __KREMLIB_H
-
-#include "kremlib_base.h"
-
-/* For tests only: we might need this function to be forward-declared, because
- * the dependency on WasmSupport appears very late, after SimplifyWasm, and
- * sadly, after the topological order has been done. */
-void WasmSupport_check_buffer_size(uint32_t s);
-
-/******************************************************************************/
-/* Stubs to ease compilation of non-Low* code                                 */
-/******************************************************************************/
-
-/* Some types that KreMLin has no special knowledge of; many of them appear in
- * signatures of ghost functions, meaning that it suffices to give them (any)
- * definition. */
-typedef void *FStar_Seq_Base_seq, *Prims_prop, *FStar_HyperStack_mem,
-    *FStar_Set_set, *Prims_st_pre_h, *FStar_Heap_heap, *Prims_all_pre_h,
-    *FStar_TSet_set, *Prims_list, *FStar_Map_t, *FStar_UInt63_t_,
-    *FStar_Int63_t_, *FStar_UInt63_t, *FStar_Int63_t, *FStar_UInt_uint_t,
-    *FStar_Int_int_t, *FStar_HyperStack_stackref, *FStar_Bytes_bytes,
-    *FStar_HyperHeap_rid, *FStar_Heap_aref, *FStar_Monotonic_Heap_heap,
-    *FStar_Monotonic_Heap_aref, *FStar_Monotonic_HyperHeap_rid,
-    *FStar_Monotonic_HyperStack_mem, *FStar_Char_char_;
-
-typedef const char *Prims_string;
-
-/* For "bare" targets that do not have a C stdlib, the user might want to use
- * [-add-include '"mydefinitions.h"'] and override these. */
-#ifndef KRML_HOST_PRINTF
-#define KRML_HOST_PRINTF printf
-#endif
-
-#ifndef KRML_HOST_EXIT
-#define KRML_HOST_EXIT exit
-#endif
-
-#ifndef KRML_HOST_MALLOC
-#define KRML_HOST_MALLOC malloc
-#endif
-
-/* In statement position, exiting is easy. */
-#define KRML_EXIT                                                                  \
-    do {                                                                           \
-        KRML_HOST_PRINTF("Unimplemented function at %s:%d\n", __FILE__, __LINE__); \
-        KRML_HOST_EXIT(254);                                                       \
-    } while (0)
-
-/* In expression position, use the comma-operator and a malloc to return an
- * expression of the right size. KreMLin passes t as the parameter to the macro.
- */
-#define KRML_EABORT(t, msg)                                                     \
-    (KRML_HOST_PRINTF("KreMLin abort at %s:%d\n%s\n", __FILE__, __LINE__, msg), \
-     KRML_HOST_EXIT(255), *((t *)KRML_HOST_MALLOC(sizeof(t))))
-
-/* In FStar.Buffer.fst, the size of arrays is uint32_t, but it's a number of
- * *elements*. Do an ugly, run-time check (some of which KreMLin can eliminate).
- */
-#define KRML_CHECK_SIZE(elt, size)                                            \
-    if (((size_t)size) > SIZE_MAX / sizeof(elt)) {                            \
-        KRML_HOST_PRINTF(                                                     \
-            "Maximum allocatable size exceeded, aborting before overflow at " \
-            "%s:%d\n",                                                        \
-            __FILE__, __LINE__);                                              \
-        KRML_HOST_EXIT(253);                                                  \
-    }
-
-/* A series of GCC atrocities to trace function calls (kremlin's [-d c-calls]
- * option). Useful when trying to debug, say, Wasm, to compare traces. */
-/* clang-format off */
-#ifdef __GNUC__
-#define KRML_FORMAT(X) _Generic((X),                                           \
-  uint8_t : "0x%08" PRIx8,                                                     \
-  uint16_t: "0x%08" PRIx16,                                                    \
-  uint32_t: "0x%08" PRIx32,                                                    \
-  uint64_t: "0x%08" PRIx64,                                                    \
-  int8_t  : "0x%08" PRIx8,                                                     \
-  int16_t : "0x%08" PRIx16,                                                    \
-  int32_t : "0x%08" PRIx32,                                                    \
-  int64_t : "0x%08" PRIx64,                                                    \
-  default : "%s")
-
-#define KRML_FORMAT_ARG(X) _Generic((X),                                       \
-  uint8_t : X,                                                                 \
-  uint16_t: X,                                                                 \
-  uint32_t: X,                                                                 \
-  uint64_t: X,                                                                 \
-  int8_t  : X,                                                                 \
-  int16_t : X,                                                                 \
-  int32_t : X,                                                                 \
-  int64_t : X,                                                                 \
-  default : "unknown")
-/* clang-format on */
-
-#define KRML_DEBUG_RETURN(X)                                        \
-    ({                                                              \
-        __auto_type _ret = (X);                                     \
-        KRML_HOST_PRINTF("returning: ");                            \
-        KRML_HOST_PRINTF(KRML_FORMAT(_ret), KRML_FORMAT_ARG(_ret)); \
-        KRML_HOST_PRINTF(" \n");                                    \
-        _ret;                                                       \
-    })
-#endif
-
-#define FStar_Buffer_eqb(b1, b2, n) \
-    (memcmp((b1), (b2), (n) * sizeof((b1)[0])) == 0)
-
-/* Stubs to make ST happy. Important note: you must generate a use of the macro
- * argument, otherwise, you may have FStar_ST_recall(f) as the only use of f;
- * KreMLin will think that this is a valid use, but then the C compiler, after
- * macro expansion, will error out. */
-#define FStar_HyperHeap_root 0
-#define FStar_Pervasives_Native_fst(x) (x).fst
-#define FStar_Pervasives_Native_snd(x) (x).snd
-#define FStar_Seq_Base_createEmpty(x) 0
-#define FStar_Seq_Base_create(len, init) 0
-#define FStar_Seq_Base_upd(s, i, e) 0
-#define FStar_Seq_Base_eq(l1, l2) 0
-#define FStar_Seq_Base_length(l1) 0
-#define FStar_Seq_Base_append(x, y) 0
-#define FStar_Seq_Base_slice(x, y, z) 0
-#define FStar_Seq_Properties_snoc(x, y) 0
-#define FStar_Seq_Properties_cons(x, y) 0
-#define FStar_Seq_Base_index(x, y) 0
-#define FStar_HyperStack_is_eternal_color(x) 0
-#define FStar_Monotonic_HyperHeap_root 0
-#define FStar_Buffer_to_seq_full(x) 0
-#define FStar_Buffer_recall(x)
-#define FStar_HyperStack_ST_op_Colon_Equals(x, v) KRML_EXIT
-#define FStar_HyperStack_ST_op_Bang(x) 0
-#define FStar_HyperStack_ST_salloc(x) 0
-#define FStar_HyperStack_ST_ralloc(x, y) 0
-#define FStar_HyperStack_ST_new_region(x) (0)
-#define FStar_Monotonic_RRef_m_alloc(x) \
-    {                                   \
-        0                               \
-    }
-
-#define FStar_HyperStack_ST_recall(x) \
-    do {                              \
-        (void)(x);                    \
-    } while (0)
-
-#define FStar_HyperStack_ST_recall_region(x) \
-    do {                                     \
-        (void)(x);                           \
-    } while (0)
-
-#define FStar_Monotonic_RRef_m_recall(x1, x2) \
-    do {                                      \
-        (void)(x1);                           \
-        (void)(x2);                           \
-    } while (0)
-
-#define FStar_Monotonic_RRef_m_write(x1, x2, x3, x4, x5) \
-    do {                                                 \
-        (void)(x1);                                      \
-        (void)(x2);                                      \
-        (void)(x3);                                      \
-        (void)(x4);                                      \
-        (void)(x5);                                      \
-    } while (0)
-
-/******************************************************************************/
-/* Endian-ness macros that can only be implemented in C                       */
-/******************************************************************************/
-
-/* ... for Linux */
-#if defined(__linux__) || defined(__CYGWIN__)
-#include <endian.h>
-
-/* ... for OSX */
-#elif defined(__APPLE__)
-#include <libkern/OSByteOrder.h>
-#define htole64(x) OSSwapHostToLittleInt64(x)
-#define le64toh(x) OSSwapLittleToHostInt64(x)
-#define htobe64(x) OSSwapHostToBigInt64(x)
-#define be64toh(x) OSSwapBigToHostInt64(x)
-
-#define htole16(x) OSSwapHostToLittleInt16(x)
-#define le16toh(x) OSSwapLittleToHostInt16(x)
-#define htobe16(x) OSSwapHostToBigInt16(x)
-#define be16toh(x) OSSwapBigToHostInt16(x)
-
-#define htole32(x) OSSwapHostToLittleInt32(x)
-#define le32toh(x) OSSwapLittleToHostInt32(x)
-#define htobe32(x) OSSwapHostToBigInt32(x)
-#define be32toh(x) OSSwapBigToHostInt32(x)
-
-/* ... for Solaris */
-#elif defined(__sun__)
-#include <sys/byteorder.h>
-#define htole64(x) LE_64(x)
-#define le64toh(x) LE_64(x)
-#define htobe64(x) BE_64(x)
-#define be64toh(x) BE_64(x)
-
-#define htole16(x) LE_16(x)
-#define le16toh(x) LE_16(x)
-#define htobe16(x) BE_16(x)
-#define be16toh(x) BE_16(x)
-
-#define htole32(x) LE_32(x)
-#define le32toh(x) LE_32(x)
-#define htobe32(x) BE_32(x)
-#define be32toh(x) BE_32(x)
-
-/* ... for the BSDs */
-#elif defined(__FreeBSD__) || defined(__NetBSD__) || defined(__DragonFly__)
-#include <sys/endian.h>
-#elif defined(__OpenBSD__)
-#include <endian.h>
-
-/* ... for Windows (MSVC)... not targeting XBOX 360! */
-#elif defined(_MSC_VER)
-
-#include <stdlib.h>
-#define htobe16(x) _byteswap_ushort(x)
-#define htole16(x) (x)
-#define be16toh(x) _byteswap_ushort(x)
-#define le16toh(x) (x)
-
-#define htobe32(x) _byteswap_ulong(x)
-#define htole32(x) (x)
-#define be32toh(x) _byteswap_ulong(x)
-#define le32toh(x) (x)
-
-#define htobe64(x) _byteswap_uint64(x)
-#define htole64(x) (x)
-#define be64toh(x) _byteswap_uint64(x)
-#define le64toh(x) (x)
-
-/* ... for Windows (GCC-like, e.g. mingw or clang) */
-#elif (defined(_WIN32) || defined(_WIN64)) && \
-    (defined(__GNUC__) || defined(__clang__))
-
-#define htobe16(x) __builtin_bswap16(x)
-#define htole16(x) (x)
-#define be16toh(x) __builtin_bswap16(x)
-#define le16toh(x) (x)
-
-#define htobe32(x) __builtin_bswap32(x)
-#define htole32(x) (x)
-#define be32toh(x) __builtin_bswap32(x)
-#define le32toh(x) (x)
-
-#define htobe64(x) __builtin_bswap64(x)
-#define htole64(x) (x)
-#define be64toh(x) __builtin_bswap64(x)
-#define le64toh(x) (x)
-
-/* ... generic big-endian fallback code */
-#elif defined(__BYTE_ORDER__) && __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__
-
-/* byte swapping code inspired by:
- * https://github.com/rweather/arduinolibs/blob/master/libraries/Crypto/utility/EndianUtil.h
- * */
-
-#define htobe32(x) (x)
-#define be32toh(x) (x)
-#define htole32(x)                                                      \
-    (__extension__({                                                    \
-        uint32_t _temp = (x);                                           \
-        ((_temp >> 24) & 0x000000FF) | ((_temp >> 8) & 0x0000FF00) |    \
-            ((_temp << 8) & 0x00FF0000) | ((_temp << 24) & 0xFF000000); \
-    }))
-#define le32toh(x) (htole32((x)))
-
-#define htobe64(x) (x)
-#define be64toh(x) (x)
-#define htole64(x)                                           \
-    (__extension__({                                         \
-        uint64_t __temp = (x);                               \
-        uint32_t __low = htobe32((uint32_t)__temp);          \
-        uint32_t __high = htobe32((uint32_t)(__temp >> 32)); \
-        (((uint64_t)__low) << 32) | __high;                  \
-    }))
-#define le64toh(x) (htole64((x)))
-
-/* ... generic little-endian fallback code */
-#elif defined(__BYTE_ORDER__) && __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__
-
-#define htole32(x) (x)
-#define le32toh(x) (x)
-#define htobe32(x)                                                      \
-    (__extension__({                                                    \
-        uint32_t _temp = (x);                                           \
-        ((_temp >> 24) & 0x000000FF) | ((_temp >> 8) & 0x0000FF00) |    \
-            ((_temp << 8) & 0x00FF0000) | ((_temp << 24) & 0xFF000000); \
-    }))
-#define be32toh(x) (htobe32((x)))
-
-#define htole64(x) (x)
-#define le64toh(x) (x)
-#define htobe64(x)                                           \
-    (__extension__({                                         \
-        uint64_t __temp = (x);                               \
-        uint32_t __low = htobe32((uint32_t)__temp);          \
-        uint32_t __high = htobe32((uint32_t)(__temp >> 32)); \
-        (((uint64_t)__low) << 32) | __high;                  \
-    }))
-#define be64toh(x) (htobe64((x)))
-
-/* ... couldn't determine endian-ness of the target platform */
-#else
-#error "Please define __BYTE_ORDER__!"
-
-#endif /* defined(__linux__) || ... */
-
-/* Loads and stores. These avoid undefined behavior due to unaligned memory
- * accesses, via memcpy. */
-
-inline static uint16_t
-load16(uint8_t *b)
-{
-    uint16_t x;
-    memcpy(&x, b, 2);
-    return x;
-}
-
-inline static uint32_t
-load32(uint8_t *b)
-{
-    uint32_t x;
-    memcpy(&x, b, 4);
-    return x;
-}
-
-inline static uint64_t
-load64(uint8_t *b)
-{
-    uint64_t x;
-    memcpy(&x, b, 8);
-    return x;
-}
-
-inline static void
-store16(uint8_t *b, uint16_t i)
-{
-    memcpy(b, &i, 2);
-}
-
-inline static void
-store32(uint8_t *b, uint32_t i)
-{
-    memcpy(b, &i, 4);
-}
-
-inline static void
-store64(uint8_t *b, uint64_t i)
-{
-    memcpy(b, &i, 8);
-}
-
-#define load16_le(b) (le16toh(load16(b)))
-#define store16_le(b, i) (store16(b, htole16(i)))
-#define load16_be(b) (be16toh(load16(b)))
-#define store16_be(b, i) (store16(b, htobe16(i)))
-
-#define load32_le(b) (le32toh(load32(b)))
-#define store32_le(b, i) (store32(b, htole32(i)))
-#define load32_be(b) (be32toh(load32(b)))
-#define store32_be(b, i) (store32(b, htobe32(i)))
-
-#define load64_le(b) (le64toh(load64(b)))
-#define store64_le(b, i) (store64(b, htole64(i)))
-#define load64_be(b) (be64toh(load64(b)))
-#define store64_be(b, i) (store64(b, htobe64(i)))
-
-/******************************************************************************/
-/* Checked integers to ease the compilation of non-Low* code                  */
-/******************************************************************************/
-
-typedef int32_t Prims_pos, Prims_nat, Prims_nonzero, Prims_int,
-    krml_checked_int_t;
-
-inline static bool
-Prims_op_GreaterThanOrEqual(int32_t x, int32_t y)
-{
-    return x >= y;
-}
-
-inline static bool
-Prims_op_LessThanOrEqual(int32_t x, int32_t y)
-{
-    return x <= y;
-}
-
-inline static bool
-Prims_op_GreaterThan(int32_t x, int32_t y)
-{
-    return x > y;
-}
-
-inline static bool
-Prims_op_LessThan(int32_t x, int32_t y)
-{
-    return x < y;
-}
-
-#define RETURN_OR(x)                                                            \
-    do {                                                                        \
-        int64_t __ret = x;                                                      \
-        if (__ret < INT32_MIN || INT32_MAX < __ret) {                           \
-            KRML_HOST_PRINTF("Prims.{int,nat,pos} integer overflow at %s:%d\n", \
-                             __FILE__, __LINE__);                               \
-            KRML_HOST_EXIT(252);                                                \
-        }                                                                       \
-        return (int32_t)__ret;                                                  \
-    } while (0)
-
-inline static int32_t
-Prims_pow2(int32_t x)
-{
-    RETURN_OR((int64_t)1 << (int64_t)x);
-}
-
-inline static int32_t
-Prims_op_Multiply(int32_t x, int32_t y)
-{
-    RETURN_OR((int64_t)x * (int64_t)y);
-}
-
-inline static int32_t
-Prims_op_Addition(int32_t x, int32_t y)
-{
-    RETURN_OR((int64_t)x + (int64_t)y);
-}
-
-inline static int32_t
-Prims_op_Subtraction(int32_t x, int32_t y)
-{
-    RETURN_OR((int64_t)x - (int64_t)y);
-}
-
-inline static int32_t
-Prims_op_Division(int32_t x, int32_t y)
-{
-    RETURN_OR((int64_t)x / (int64_t)y);
-}
-
-inline static int32_t
-Prims_op_Modulus(int32_t x, int32_t y)
-{
-    RETURN_OR((int64_t)x % (int64_t)y);
-}
-
-inline static int8_t
-FStar_UInt8_uint_to_t(int8_t x)
-{
-    return x;
-}
-inline static int16_t
-FStar_UInt16_uint_to_t(int16_t x)
-{
-    return x;
-}
-inline static int32_t
-FStar_UInt32_uint_to_t(int32_t x)
-{
-    return x;
-}
-inline static int64_t
-FStar_UInt64_uint_to_t(int64_t x)
-{
-    return x;
-}
-
-inline static int8_t
-FStar_UInt8_v(int8_t x)
-{
-    return x;
-}
-inline static int16_t
-FStar_UInt16_v(int16_t x)
-{
-    return x;
-}
-inline static int32_t
-FStar_UInt32_v(int32_t x)
-{
-    return x;
-}
-inline static int64_t
-FStar_UInt64_v(int64_t x)
-{
-    return x;
-}
-
-/* Platform-specific 128-bit arithmetic. These are static functions in a header,
- * so that each translation unit gets its own copy and the C compiler can
- * optimize. */
-#ifndef KRML_NOUINT128
-typedef unsigned __int128 FStar_UInt128_t, FStar_UInt128_t_, uint128_t;
-
-static inline void
-print128(const char *where, uint128_t n)
-{
-    KRML_HOST_PRINTF("%s: [%" PRIu64 ",%" PRIu64 "]\n", where,
-                     (uint64_t)(n >> 64), (uint64_t)n);
-}
-
-static inline uint128_t
-load128_le(uint8_t *b)
-{
-    uint128_t l = (uint128_t)load64_le(b);
-    uint128_t h = (uint128_t)load64_le(b + 8);
-    return (h << 64 | l);
-}
-
-static inline void
-store128_le(uint8_t *b, uint128_t n)
-{
-    store64_le(b, (uint64_t)n);
-    store64_le(b + 8, (uint64_t)(n >> 64));
-}
-
-static inline uint128_t
-load128_be(uint8_t *b)
-{
-    uint128_t h = (uint128_t)load64_be(b);
-    uint128_t l = (uint128_t)load64_be(b + 8);
-    return (h << 64 | l);
-}
-
-static inline void
-store128_be(uint8_t *b, uint128_t n)
-{
-    store64_be(b, (uint64_t)(n >> 64));
-    store64_be(b + 8, (uint64_t)n);
-}
-
-#define FStar_UInt128_add(x, y) ((x) + (y))
-#define FStar_UInt128_mul(x, y) ((x) * (y))
-#define FStar_UInt128_add_mod(x, y) ((x) + (y))
-#define FStar_UInt128_sub(x, y) ((x) - (y))
-#define FStar_UInt128_sub_mod(x, y) ((x) - (y))
-#define FStar_UInt128_logand(x, y) ((x) & (y))
-#define FStar_UInt128_logor(x, y) ((x) | (y))
-#define FStar_UInt128_logxor(x, y) ((x) ^ (y))
-#define FStar_UInt128_lognot(x) (~(x))
-#define FStar_UInt128_shift_left(x, y) ((x) << (y))
-#define FStar_UInt128_shift_right(x, y) ((x) >> (y))
-#define FStar_UInt128_uint64_to_uint128(x) ((uint128_t)(x))
-#define FStar_UInt128_uint128_to_uint64(x) ((uint64_t)(x))
-#define FStar_UInt128_mul_wide(x, y) ((uint128_t)(x) * (y))
-#define FStar_UInt128_op_Hat_Hat(x, y) ((x) ^ (y))
-
-static inline uint128_t
-FStar_UInt128_eq_mask(uint128_t x, uint128_t y)
-{
-    uint64_t mask =
-        FStar_UInt64_eq_mask((uint64_t)(x >> 64), (uint64_t)(y >> 64)) &
-        FStar_UInt64_eq_mask(x, y);
-    return ((uint128_t)mask) << 64 | mask;
-}
-
-static inline uint128_t
-FStar_UInt128_gte_mask(uint128_t x, uint128_t y)
-{
-    uint64_t mask =
-        (FStar_UInt64_gte_mask(x >> 64, y >> 64) &
-         ~(FStar_UInt64_eq_mask(x >> 64, y >> 64))) |
-        (FStar_UInt64_eq_mask(x >> 64, y >> 64) & FStar_UInt64_gte_mask(x, y));
-    return ((uint128_t)mask) << 64 | mask;
-}
-
-#else /* !defined(KRML_NOUINT128) */
-
-/* This is a bad circular dependency... should fix it properly. */
-#include "FStar.h"
-
-typedef FStar_UInt128_uint128 FStar_UInt128_t_, uint128_t;
-
-/* A series of definitions written using pointers. */
-static inline void
-print128_(const char *where, uint128_t *n)
-{
-    KRML_HOST_PRINTF("%s: [0x%08" PRIx64 ",0x%08" PRIx64 "]\n", where, n->high, n->low);
-}
-
-static inline void
-load128_le_(uint8_t *b, uint128_t *r)
-{
-    r->low = load64_le(b);
-    r->high = load64_le(b + 8);
-}
-
-static inline void
-store128_le_(uint8_t *b, uint128_t *n)
-{
-    store64_le(b, n->low);
-    store64_le(b + 8, n->high);
-}
-
-static inline void
-load128_be_(uint8_t *b, uint128_t *r)
-{
-    r->high = load64_be(b);
-    r->low = load64_be(b + 8);
-}
-
-static inline void
-store128_be_(uint8_t *b, uint128_t *n)
-{
-    store64_be(b, n->high);
-    store64_be(b + 8, n->low);
-}
-
-#ifndef KRML_NOSTRUCT_PASSING
-
-static inline void
-print128(const char *where, uint128_t n)
-{
-    print128_(where, &n);
-}
-
-static inline uint128_t
-load128_le(uint8_t *b)
-{
-    uint128_t r;
-    load128_le_(b, &r);
-    return r;
-}
-
-static inline void
-store128_le(uint8_t *b, uint128_t n)
-{
-    store128_le_(b, &n);
-}
-
-static inline uint128_t
-load128_be(uint8_t *b)
-{
-    uint128_t r;
-    load128_be_(b, &r);
-    return r;
-}
-
-static inline void
-store128_be(uint8_t *b, uint128_t n)
-{
-    store128_be_(b, &n);
-}
-
-#else /* !defined(KRML_STRUCT_PASSING) */
-
-#define print128 print128_
-#define load128_le load128_le_
-#define store128_le store128_le_
-#define load128_be load128_be_
-#define store128_be store128_be_
-
-#endif /* KRML_STRUCT_PASSING */
-#endif /* KRML_UINT128 */
-#endif /* __KREMLIB_H */
diff --git a/security/nss/lib/freebl/verified/kremlib_base.h b/security/nss/lib/freebl/verified/kremlib_base.h
deleted file mode 100644
index 61bac11d4..000000000
--- a/security/nss/lib/freebl/verified/kremlib_base.h
+++ /dev/null
@@ -1,191 +0,0 @@
-/* Copyright 2016-2017 INRIA and Microsoft Corporation
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef __KREMLIB_BASE_H
-#define __KREMLIB_BASE_H
-
-#include <inttypes.h>
-#include <stdbool.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
-
-/******************************************************************************/
-/* Some macros to ease compatibility                                          */
-/******************************************************************************/
-
-/* Define __cdecl and friends when using GCC, so that we can safely compile code
- * that contains __cdecl on all platforms. Note that this is in a separate
- * header so that Dafny-generated code can include just this file. */
-#ifndef _MSC_VER
-/* Use the gcc predefined macros if on a platform/architectures that set them.
- * Otherwise define them to be empty. */
-#ifndef __cdecl
-#define __cdecl
-#endif
-#ifndef __stdcall
-#define __stdcall
-#endif
-#ifndef __fastcall
-#define __fastcall
-#endif
-#endif
-
-#ifdef __GNUC__
-#define inline __inline__
-#endif
-
-/* GCC-specific attribute syntax; everyone else gets the standard C inline
- * attribute. */
-#ifdef __GNU_C__
-#ifndef __clang__
-#define force_inline inline __attribute__((always_inline))
-#else
-#define force_inline inline
-#endif
-#else
-#define force_inline inline
-#endif
-
-/******************************************************************************/
-/* Implementing C.fst                                                         */
-/******************************************************************************/
-
-/* Uppercase issue; we have to define lowercase versions of the C macros (as we
- * have no way to refer to an uppercase *variable* in F*). */
-extern int exit_success;
-extern int exit_failure;
-
-/* This one allows the user to write C.EXIT_SUCCESS. */
-typedef int exit_code;
-
-void print_string(const char *s);
-void print_bytes(uint8_t *b, uint32_t len);
-
-/* The universal null pointer defined in C.Nullity.fst */
-#define C_Nullity_null(X) 0
-
-/* If some globals need to be initialized before the main, then kremlin will
- * generate and try to link last a function with this type: */
-void kremlinit_globals(void);
-
-/******************************************************************************/
-/* Implementation of machine integers (possibly of 128-bit integers)          */
-/******************************************************************************/
-
-/* Integer types */
-typedef uint64_t FStar_UInt64_t, FStar_UInt64_t_;
-typedef int64_t FStar_Int64_t, FStar_Int64_t_;
-typedef uint32_t FStar_UInt32_t, FStar_UInt32_t_;
-typedef int32_t FStar_Int32_t, FStar_Int32_t_;
-typedef uint16_t FStar_UInt16_t, FStar_UInt16_t_;
-typedef int16_t FStar_Int16_t, FStar_Int16_t_;
-typedef uint8_t FStar_UInt8_t, FStar_UInt8_t_;
-typedef int8_t FStar_Int8_t, FStar_Int8_t_;
-
-static inline uint32_t
-rotate32_left(uint32_t x, uint32_t n)
-{
-    /*  assert (n<32); */
-    return (x << n) | (x >> (32 - n));
-}
-static inline uint32_t
-rotate32_right(uint32_t x, uint32_t n)
-{
-    /*  assert (n<32); */
-    return (x >> n) | (x << (32 - n));
-}
-
-/* Constant time comparisons */
-static inline uint8_t
-FStar_UInt8_eq_mask(uint8_t x, uint8_t y)
-{
-    x = ~(x ^ y);
-    x &= x << 4;
-    x &= x << 2;
-    x &= x << 1;
-    return (int8_t)x >> 7;
-}
-
-static inline uint8_t
-FStar_UInt8_gte_mask(uint8_t x, uint8_t y)
-{
-    return ~(uint8_t)(((int32_t)x - y) >> 31);
-}
-
-static inline uint16_t
-FStar_UInt16_eq_mask(uint16_t x, uint16_t y)
-{
-    x = ~(x ^ y);
-    x &= x << 8;
-    x &= x << 4;
-    x &= x << 2;
-    x &= x << 1;
-    return (int16_t)x >> 15;
-}
-
-static inline uint16_t
-FStar_UInt16_gte_mask(uint16_t x, uint16_t y)
-{
-    return ~(uint16_t)(((int32_t)x - y) >> 31);
-}
-
-static inline uint32_t
-FStar_UInt32_eq_mask(uint32_t x, uint32_t y)
-{
-    x = ~(x ^ y);
-    x &= x << 16;
-    x &= x << 8;
-    x &= x << 4;
-    x &= x << 2;
-    x &= x << 1;
-    return ((int32_t)x) >> 31;
-}
-
-static inline uint32_t
-FStar_UInt32_gte_mask(uint32_t x, uint32_t y)
-{
-    return ~((uint32_t)(((int64_t)x - y) >> 63));
-}
-
-static inline uint64_t
-FStar_UInt64_eq_mask(uint64_t x, uint64_t y)
-{
-    x = ~(x ^ y);
-    x &= x << 32;
-    x &= x << 16;
-    x &= x << 8;
-    x &= x << 4;
-    x &= x << 2;
-    x &= x << 1;
-    return ((int64_t)x) >> 63;
-}
-
-static inline uint64_t
-FStar_UInt64_gte_mask(uint64_t x, uint64_t y)
-{
-    uint64_t low63 =
-        ~((uint64_t)((int64_t)((int64_t)(x & UINT64_C(0x7fffffffffffffff)) -
-                               (int64_t)(y & UINT64_C(0x7fffffffffffffff))) >>
-                     63));
-    uint64_t high_bit =
-        ~((uint64_t)((int64_t)((int64_t)(x & UINT64_C(0x8000000000000000)) -
-                               (int64_t)(y & UINT64_C(0x8000000000000000))) >>
-                     63));
-    return low63 & high_bit;
-}
-
-#endif
diff --git a/security/nss/lib/freebl/verified/specs/Spec.CTR.fst b/security/nss/lib/freebl/verified/specs/Spec.CTR.fst
deleted file mode 100644
index e411cd353..000000000
--- a/security/nss/lib/freebl/verified/specs/Spec.CTR.fst
+++ /dev/null
@@ -1,98 +0,0 @@
-/* Copyright 2016-2017 INRIA and Microsoft Corporation
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-module Spec.CTR
-
-module ST = FStar.HyperStack.ST
-
-open FStar.Mul
-open FStar.Seq
-open Spec.Lib
-
-#reset-options "--initial_fuel 0 --max_fuel 0 --initial_ifuel 0 --max_ifuel 0"
-
-type block_cipher_ctx = {
-     keylen: nat ;
-     blocklen: (x:nat{x>0});
-     noncelen: nat;
-     counterbits: nat;
-     incr: pos}
-
-type key (c:block_cipher_ctx) = lbytes c.keylen
-type nonce (c:block_cipher_ctx) = lbytes c.noncelen
-type block (c:block_cipher_ctx) = lbytes (c.blocklen*c.incr)
-type counter (c:block_cipher_ctx) = UInt.uint_t c.counterbits
-type block_cipher (c:block_cipher_ctx) =  key c -> nonce c -> counter c -> block c
-
-val xor: #len:nat -> x:lbytes len -> y:lbytes len -> Tot (lbytes len)
-let xor #len x y = map2 FStar.UInt8.(fun x y -> x ^^ y) x y
-
-
-val counter_mode_blocks:
-  ctx: block_cipher_ctx ->
-  bc: block_cipher ctx ->
-  k:key ctx -> n:nonce ctx -> c:counter ctx ->
-  plain:seq UInt8.t{c + ctx.incr * (length plain / ctx.blocklen) < pow2 ctx.counterbits /\
-    length plain % (ctx.blocklen * ctx.incr) = 0} ->
-  Tot (lbytes (length plain))
-      (decreases (length plain))
-#reset-options "--z3rlimit 200 --max_fuel 0"
-let rec counter_mode_blocks ctx block_enc key nonce counter plain =
-  let len  = length plain in
-  let len' = len / (ctx.blocklen * ctx.incr) in
-  Math.Lemmas.lemma_div_mod len (ctx.blocklen * ctx.incr) ;
-  if len = 0 then Seq.createEmpty #UInt8.t
-  else (
-    let prefix, block = split plain (len - ctx.blocklen * ctx.incr) in    
-      (* TODO: move to a single lemma for clarify *)
-      Math.Lemmas.lemma_mod_plus (length prefix) 1 (ctx.blocklen * ctx.incr);
-      Math.Lemmas.lemma_div_le (length prefix) len ctx.blocklen;
-      Spec.CTR.Lemmas.lemma_div len (ctx.blocklen * ctx.incr);
-      (* End TODO *)
-    let cipher        = counter_mode_blocks ctx block_enc key nonce counter prefix in
-    let mask          = block_enc key nonce (counter + (len / ctx.blocklen - 1) * ctx.incr) in
-    let eb            = xor block mask in
-    cipher @| eb
-  )
-
-
-val counter_mode:
-  ctx: block_cipher_ctx ->
-  bc: block_cipher ctx ->
-  k:key ctx -> n:nonce ctx -> c:counter ctx ->
-  plain:seq UInt8.t{c + ctx.incr * (length plain / ctx.blocklen) < pow2 ctx.counterbits} ->
-  Tot (lbytes (length plain))
-      (decreases (length plain))
-#reset-options "--z3rlimit 200 --max_fuel 0"
-let counter_mode ctx block_enc key nonce counter plain =
-  let len = length plain in
-  let blocks_len = (ctx.incr * ctx.blocklen) * (len / (ctx.blocklen * ctx.incr)) in
-  let part_len   = len % (ctx.blocklen * ctx.incr) in
-    (* TODO: move to a single lemma for clarify *)
-    Math.Lemmas.lemma_div_mod len (ctx.blocklen * ctx.incr);
-    Math.Lemmas.multiple_modulo_lemma (len / (ctx.blocklen * ctx.incr)) (ctx.blocklen * ctx.incr);
-    Math.Lemmas.lemma_div_le (blocks_len) len ctx.blocklen;
-    (* End TODO *)
-  let blocks, last_block = split plain blocks_len in
-  let cipher_blocks = counter_mode_blocks ctx block_enc key nonce counter blocks in
-  let cipher_last_block =
-    if part_len > 0
-    then (* encrypt final partial block(s) *)
-      let mask = block_enc key nonce (counter+ctx.incr*(length plain / ctx.blocklen)) in
-      let mask = slice mask 0 part_len in
-      assert(length last_block = part_len);
-      xor #part_len last_block mask
-    else createEmpty in
-  cipher_blocks @| cipher_last_block
diff --git a/security/nss/lib/freebl/verified/specs/Spec.Chacha20.fst b/security/nss/lib/freebl/verified/specs/Spec.Chacha20.fst
deleted file mode 100644
index 0bdc69725..000000000
--- a/security/nss/lib/freebl/verified/specs/Spec.Chacha20.fst
+++ /dev/null
@@ -1,169 +0,0 @@
-/* Copyright 2016-2017 INRIA and Microsoft Corporation
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-module Spec.Chacha20
-
-module ST = FStar.HyperStack.ST
-
-open FStar.Mul
-open FStar.Seq
-open FStar.UInt32
-open FStar.Endianness
-open Spec.Lib
-open Spec.Chacha20.Lemmas
-open Seq.Create
-
-#set-options "--max_fuel 0 --z3rlimit 100"
-
-(* Constants *)
-let keylen = 32   (* in bytes *)
-let blocklen = 64 (* in bytes *)
-let noncelen = 12 (* in bytes *)
-
-type key = lbytes keylen
-type block = lbytes blocklen
-type nonce = lbytes noncelen
-type counter = UInt.uint_t 32
-
-// using @ as a functional substitute for ;
-// internally, blocks are represented as 16 x 4-byte integers
-type state = m:seq UInt32.t {length m = 16}
-type idx = n:nat{n < 16}
-type shuffle = state -> Tot state
-
-let line (a:idx) (b:idx) (d:idx) (s:t{0 < v s /\ v s < 32}) (m:state) : Tot state =
-  let m = m.[a] <- (m.[a] +%^ m.[b]) in
-  let m = m.[d] <- ((m.[d] ^^ m.[a]) <<< s) in m
-
-let quarter_round a b c d : shuffle =
-  line a b d 16ul @
-  line c d b 12ul @
-  line a b d 8ul  @
-  line c d b 7ul
-
-let column_round : shuffle =
-  quarter_round 0 4 8  12 @
-  quarter_round 1 5 9  13 @
-  quarter_round 2 6 10 14 @
-  quarter_round 3 7 11 15
-
-let diagonal_round : shuffle =
-  quarter_round 0 5 10 15 @
-  quarter_round 1 6 11 12 @
-  quarter_round 2 7 8  13 @
-  quarter_round 3 4 9  14
-
-let double_round: shuffle =
-    column_round @ diagonal_round (* 2 rounds *)
-
-let rounds : shuffle =
-    iter 10 double_round (* 20 rounds *)
-
-let chacha20_core (s:state) : Tot state =
-    let s' = rounds s in
-    Spec.Loops.seq_map2 (fun x y -> x +%^ y) s' s
-
-(* state initialization *)
-let c0 = 0x61707865ul
-let c1 = 0x3320646eul
-let c2 = 0x79622d32ul
-let c3 = 0x6b206574ul
-
-let setup (k:key) (n:nonce) (c:counter): Tot state =
-  create_4 c0 c1 c2 c3          @|
-  uint32s_from_le 8 k           @|
-  create_1 (UInt32.uint_to_t c) @|
-  uint32s_from_le 3 n
-
-let chacha20_block (k:key) (n:nonce) (c:counter): Tot block =
-    let st  = setup k n c in
-    let st' = chacha20_core st in
-    uint32s_to_le 16 st'
-
-let chacha20_ctx: Spec.CTR.block_cipher_ctx =
-    let open Spec.CTR in
-    {
-    keylen = keylen;
-    blocklen = blocklen;
-    noncelen = noncelen;
-    counterbits = 32;
-    incr = 1
-    }
-
-let chacha20_cipher: Spec.CTR.block_cipher chacha20_ctx = chacha20_block
-
-let chacha20_encrypt_bytes key nonce counter m =
-    Spec.CTR.counter_mode chacha20_ctx chacha20_cipher key nonce counter m
-
-
-unfold let test_plaintext = [
-    0x4cuy; 0x61uy; 0x64uy; 0x69uy; 0x65uy; 0x73uy; 0x20uy; 0x61uy;
-    0x6euy; 0x64uy; 0x20uy; 0x47uy; 0x65uy; 0x6euy; 0x74uy; 0x6cuy;
-    0x65uy; 0x6duy; 0x65uy; 0x6euy; 0x20uy; 0x6fuy; 0x66uy; 0x20uy;
-    0x74uy; 0x68uy; 0x65uy; 0x20uy; 0x63uy; 0x6cuy; 0x61uy; 0x73uy;
-    0x73uy; 0x20uy; 0x6fuy; 0x66uy; 0x20uy; 0x27uy; 0x39uy; 0x39uy;
-    0x3auy; 0x20uy; 0x49uy; 0x66uy; 0x20uy; 0x49uy; 0x20uy; 0x63uy;
-    0x6fuy; 0x75uy; 0x6cuy; 0x64uy; 0x20uy; 0x6fuy; 0x66uy; 0x66uy;
-    0x65uy; 0x72uy; 0x20uy; 0x79uy; 0x6fuy; 0x75uy; 0x20uy; 0x6fuy;
-    0x6euy; 0x6cuy; 0x79uy; 0x20uy; 0x6fuy; 0x6euy; 0x65uy; 0x20uy;
-    0x74uy; 0x69uy; 0x70uy; 0x20uy; 0x66uy; 0x6fuy; 0x72uy; 0x20uy;
-    0x74uy; 0x68uy; 0x65uy; 0x20uy; 0x66uy; 0x75uy; 0x74uy; 0x75uy;
-    0x72uy; 0x65uy; 0x2cuy; 0x20uy; 0x73uy; 0x75uy; 0x6euy; 0x73uy;
-    0x63uy; 0x72uy; 0x65uy; 0x65uy; 0x6euy; 0x20uy; 0x77uy; 0x6fuy;
-    0x75uy; 0x6cuy; 0x64uy; 0x20uy; 0x62uy; 0x65uy; 0x20uy; 0x69uy;
-    0x74uy; 0x2euy
-]
-
-unfold let test_ciphertext = [
-    0x6euy; 0x2euy; 0x35uy; 0x9auy; 0x25uy; 0x68uy; 0xf9uy; 0x80uy;
-    0x41uy; 0xbauy; 0x07uy; 0x28uy; 0xdduy; 0x0duy; 0x69uy; 0x81uy;
-    0xe9uy; 0x7euy; 0x7auy; 0xecuy; 0x1duy; 0x43uy; 0x60uy; 0xc2uy;
-    0x0auy; 0x27uy; 0xafuy; 0xccuy; 0xfduy; 0x9fuy; 0xaeuy; 0x0buy;
-    0xf9uy; 0x1buy; 0x65uy; 0xc5uy; 0x52uy; 0x47uy; 0x33uy; 0xabuy;
-    0x8fuy; 0x59uy; 0x3duy; 0xabuy; 0xcduy; 0x62uy; 0xb3uy; 0x57uy;
-    0x16uy; 0x39uy; 0xd6uy; 0x24uy; 0xe6uy; 0x51uy; 0x52uy; 0xabuy;
-    0x8fuy; 0x53uy; 0x0cuy; 0x35uy; 0x9fuy; 0x08uy; 0x61uy; 0xd8uy;
-    0x07uy; 0xcauy; 0x0duy; 0xbfuy; 0x50uy; 0x0duy; 0x6auy; 0x61uy;
-    0x56uy; 0xa3uy; 0x8euy; 0x08uy; 0x8auy; 0x22uy; 0xb6uy; 0x5euy;
-    0x52uy; 0xbcuy; 0x51uy; 0x4duy; 0x16uy; 0xccuy; 0xf8uy; 0x06uy;
-    0x81uy; 0x8cuy; 0xe9uy; 0x1auy; 0xb7uy; 0x79uy; 0x37uy; 0x36uy;
-    0x5auy; 0xf9uy; 0x0buy; 0xbfuy; 0x74uy; 0xa3uy; 0x5buy; 0xe6uy;
-    0xb4uy; 0x0buy; 0x8euy; 0xeduy; 0xf2uy; 0x78uy; 0x5euy; 0x42uy;
-    0x87uy; 0x4duy
-]
-
-unfold let test_key = [
-    0uy;   1uy;  2uy;  3uy;  4uy;  5uy;  6uy;  7uy;
-    8uy;   9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy;
-    16uy; 17uy; 18uy; 19uy; 20uy; 21uy; 22uy; 23uy;
-    24uy; 25uy; 26uy; 27uy; 28uy; 29uy; 30uy; 31uy
-    ]
-unfold let test_nonce = [
-    0uy; 0uy; 0uy; 0uy; 0uy; 0uy; 0uy; 0x4auy; 0uy; 0uy; 0uy; 0uy
-    ]
-
-unfold let test_counter = 1
-
-let test() =
-  assert_norm(List.Tot.length test_plaintext = 114);
-  assert_norm(List.Tot.length test_ciphertext = 114);
-  assert_norm(List.Tot.length test_key = 32);
-  assert_norm(List.Tot.length test_nonce = 12);
-  let test_plaintext = createL test_plaintext in
-  let test_ciphertext = createL test_ciphertext in
-  let test_key = createL test_key in
-  let test_nonce = createL test_nonce in
-  chacha20_encrypt_bytes test_key test_nonce test_counter test_plaintext
-  = test_ciphertext
diff --git a/security/nss/lib/freebl/verified/specs/Spec.Curve25519.fst b/security/nss/lib/freebl/verified/specs/Spec.Curve25519.fst
deleted file mode 100644
index af4035b09..000000000
--- a/security/nss/lib/freebl/verified/specs/Spec.Curve25519.fst
+++ /dev/null
@@ -1,168 +0,0 @@
-/* Copyright 2016-2017 INRIA and Microsoft Corporation
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-module Spec.Curve25519
-
-module ST = FStar.HyperStack.ST
-
-open FStar.Mul
-open FStar.Seq
-open FStar.UInt8
-open FStar.Endianness
-open Spec.Lib
-open Spec.Curve25519.Lemmas
-
-#reset-options "--initial_fuel 0 --max_fuel 0 --z3rlimit 20"
-
-(* Field types and parameters *)
-let prime = pow2 255 - 19
-type elem : Type0 = e:int{e >= 0 /\ e < prime}
-let fadd e1 e2 = (e1 + e2) % prime
-let fsub e1 e2 = (e1 - e2) % prime
-let fmul e1 e2 = (e1 * e2) % prime
-let zero : elem = 0
-let one  : elem = 1
-let ( +@ ) = fadd
-let ( *@ ) = fmul
-
-(** Exponentiation *)
-let rec ( ** ) (e:elem) (n:pos) : Tot elem (decreases n) =
-  if n = 1 then e
-  else
-    if n % 2 = 0 then op_Star_Star (e `fmul` e) (n / 2)
-    else e `fmul` (op_Star_Star (e `fmul` e) ((n-1)/2))
-
-(* Type aliases *)
-type scalar = lbytes 32
-type serialized_point = lbytes 32
-type proj_point = | Proj: x:elem -> z:elem -> proj_point
-
-let decodeScalar25519 (k:scalar) =
-  let k   = k.[0] <- (k.[0] &^ 248uy)          in
-  let k   = k.[31] <- ((k.[31] &^ 127uy) |^ 64uy) in k
-
-let decodePoint (u:serialized_point) =
-  (little_endian u % pow2 255) % prime
-
-let add_and_double qx nq nqp1 =
-  let x_1 = qx in
-  let x_2, z_2 = nq.x, nq.z in
-  let x_3, z_3 = nqp1.x, nqp1.z in
-  let a  = x_2 `fadd` z_2 in
-  let aa = a**2 in
-  let b  = x_2 `fsub` z_2 in
-  let bb = b**2 in
-  let e = aa `fsub` bb in
-  let c = x_3 `fadd` z_3 in
-  let d = x_3 `fsub` z_3 in
-  let da = d `fmul` a in
-  let cb = c `fmul` b in
-  let x_3 = (da `fadd` cb)**2 in
-  let z_3 = x_1 `fmul` ((da `fsub` cb)**2) in
-  let x_2 = aa `fmul` bb in
-  let z_2 = e `fmul` (aa `fadd` (121665 `fmul` e)) in
-  Proj x_2 z_2, Proj x_3 z_3
-
-let ith_bit (k:scalar) (i:nat{i < 256}) =
-  let q = i / 8 in let r = i % 8 in
-  (v (k.[q]) / pow2 r) % 2
-
-let rec montgomery_ladder_ (init:elem) x xp1 (k:scalar) (ctr:nat{ctr<=256})
-  : Tot proj_point (decreases ctr) =
-  if ctr = 0 then x
-  else (
-    let ctr' = ctr - 1 in
-    let (x', xp1') =
-      if ith_bit k ctr' = 1 then (
-        let nqp2, nqp1 = add_and_double init xp1 x in
-        nqp1, nqp2
-      ) else add_and_double init x xp1 in
-    montgomery_ladder_ init x' xp1' k ctr'
-  )
-
-let montgomery_ladder (init:elem) (k:scalar) : Tot proj_point =
-  montgomery_ladder_ init (Proj one zero) (Proj init one) k 256
-
-let encodePoint (p:proj_point) : Tot serialized_point =
-  let p = p.x `fmul` (p.z ** (prime - 2)) in
-  little_bytes 32ul p
-
-let scalarmult (k:scalar) (u:serialized_point) : Tot serialized_point =
-  let k = decodeScalar25519 k in
-  let u = decodePoint u in
-  let res = montgomery_ladder u k in
-  encodePoint res
-
-
-(* ********************* *)
-(* RFC 7748 Test Vectors *)
-(* ********************* *)
-
-let scalar1 = [
-  0xa5uy; 0x46uy; 0xe3uy; 0x6buy; 0xf0uy; 0x52uy; 0x7cuy; 0x9duy;
-  0x3buy; 0x16uy; 0x15uy; 0x4buy; 0x82uy; 0x46uy; 0x5euy; 0xdduy;
-  0x62uy; 0x14uy; 0x4cuy; 0x0auy; 0xc1uy; 0xfcuy; 0x5auy; 0x18uy;
-  0x50uy; 0x6auy; 0x22uy; 0x44uy; 0xbauy; 0x44uy; 0x9auy; 0xc4uy
-]
-
-let scalar2 = [
-  0x4buy; 0x66uy; 0xe9uy; 0xd4uy; 0xd1uy; 0xb4uy; 0x67uy; 0x3cuy;
-  0x5auy; 0xd2uy; 0x26uy; 0x91uy; 0x95uy; 0x7duy; 0x6auy; 0xf5uy;
-  0xc1uy; 0x1buy; 0x64uy; 0x21uy; 0xe0uy; 0xeauy; 0x01uy; 0xd4uy;
-  0x2cuy; 0xa4uy; 0x16uy; 0x9euy; 0x79uy; 0x18uy; 0xbauy; 0x0duy
-]
-
-let input1 = [
-  0xe6uy; 0xdbuy; 0x68uy; 0x67uy; 0x58uy; 0x30uy; 0x30uy; 0xdbuy;
-  0x35uy; 0x94uy; 0xc1uy; 0xa4uy; 0x24uy; 0xb1uy; 0x5fuy; 0x7cuy;
-  0x72uy; 0x66uy; 0x24uy; 0xecuy; 0x26uy; 0xb3uy; 0x35uy; 0x3buy;
-  0x10uy; 0xa9uy; 0x03uy; 0xa6uy; 0xd0uy; 0xabuy; 0x1cuy; 0x4cuy
-]
-
-let input2 = [
-  0xe5uy; 0x21uy; 0x0fuy; 0x12uy; 0x78uy; 0x68uy; 0x11uy; 0xd3uy;
-  0xf4uy; 0xb7uy; 0x95uy; 0x9duy; 0x05uy; 0x38uy; 0xaeuy; 0x2cuy;
-  0x31uy; 0xdbuy; 0xe7uy; 0x10uy; 0x6fuy; 0xc0uy; 0x3cuy; 0x3euy;
-  0xfcuy; 0x4cuy; 0xd5uy; 0x49uy; 0xc7uy; 0x15uy; 0xa4uy; 0x93uy
-]
-
-let expected1 = [
-  0xc3uy; 0xdauy; 0x55uy; 0x37uy; 0x9duy; 0xe9uy; 0xc6uy; 0x90uy;
-  0x8euy; 0x94uy; 0xeauy; 0x4duy; 0xf2uy; 0x8duy; 0x08uy; 0x4fuy;
-  0x32uy; 0xecuy; 0xcfuy; 0x03uy; 0x49uy; 0x1cuy; 0x71uy; 0xf7uy;
-  0x54uy; 0xb4uy; 0x07uy; 0x55uy; 0x77uy; 0xa2uy; 0x85uy; 0x52uy
-]
-let expected2 = [
-  0x95uy; 0xcbuy; 0xdeuy; 0x94uy; 0x76uy; 0xe8uy; 0x90uy; 0x7duy;
-  0x7auy; 0xaduy; 0xe4uy; 0x5cuy; 0xb4uy; 0xb8uy; 0x73uy; 0xf8uy;
-  0x8buy; 0x59uy; 0x5auy; 0x68uy; 0x79uy; 0x9fuy; 0xa1uy; 0x52uy;
-  0xe6uy; 0xf8uy; 0xf7uy; 0x64uy; 0x7auy; 0xacuy; 0x79uy; 0x57uy
-]
-
-let test () =
-  assert_norm(List.Tot.length scalar1 = 32);
-  assert_norm(List.Tot.length scalar2 = 32);
-  assert_norm(List.Tot.length input1 = 32);
-  assert_norm(List.Tot.length input2 = 32);
-  assert_norm(List.Tot.length expected1 = 32);
-  assert_norm(List.Tot.length expected2 = 32);
-  let scalar1 = createL scalar1 in
-  let scalar2 = createL scalar2 in
-  let input1 = createL input1 in
-  let input2 = createL input2 in
-  let expected1 = createL expected1 in
-  let expected2 = createL expected2 in
-  scalarmult scalar1 input1 = expected1
-  && scalarmult scalar2 input2 = expected2
diff --git a/security/nss/lib/freebl/verified/specs/Spec.Poly1305.fst b/security/nss/lib/freebl/verified/specs/Spec.Poly1305.fst
deleted file mode 100644
index f9d8a4cb2..000000000
--- a/security/nss/lib/freebl/verified/specs/Spec.Poly1305.fst
+++ /dev/null
@@ -1,107 +0,0 @@
-/* Copyright 2016-2017 INRIA and Microsoft Corporation
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-module Spec.Poly1305
-
-module ST = FStar.HyperStack.ST
-
-open FStar.Math.Lib
-open FStar.Mul
-open FStar.Seq
-open FStar.UInt8
-open FStar.Endianness
-open Spec.Poly1305.Lemmas
-
-#set-options "--initial_fuel 0 --max_fuel 0 --initial_ifuel 0 --max_ifuel 0"
-
-(* Field types and parameters *)
-let prime = pow2 130 - 5
-type elem = e:int{e >= 0 /\ e < prime}
-let fadd (e1:elem) (e2:elem) = (e1 + e2) % prime
-let fmul (e1:elem) (e2:elem) = (e1 * e2) % prime
-let zero : elem = 0
-let one  : elem = 1
-let op_Plus_At = fadd
-let op_Star_At = fmul
-(* Type aliases *)
-let op_Amp_Bar = UInt.logand #128
-type word = w:bytes{length w <= 16}
-type word_16 = w:bytes{length w = 16}
-type tag = word_16
-type key = lbytes 32
-type text = seq word
-
-(* Specification code *)
-let encode (w:word) =
-  (pow2 (8 * length w)) `fadd` (little_endian w)
-
-let rec poly (txt:text) (r:e:elem) : Tot elem (decreases (length txt)) =
-  if length txt = 0 then zero
-  else
-    let a = poly (Seq.tail txt) r in
-    let n = encode (Seq.head txt) in
-    (n `fadd` a) `fmul` r
-
-let encode_r (rb:word_16) =
-  (little_endian rb) &| 0x0ffffffc0ffffffc0ffffffc0fffffff
-
-let finish (a:elem) (s:word_16) : Tot tag =
-  let n = (a + little_endian s) % pow2 128 in
-  little_bytes 16ul n
-
-let rec encode_bytes (txt:bytes) : Tot text (decreases (length txt)) =
-  if length txt = 0 then createEmpty
-  else
-    let w, txt = split txt (min (length txt) 16) in
-    append_last (encode_bytes txt) w
-
-let poly1305 (msg:bytes) (k:key) : Tot tag =
-  let text = encode_bytes msg in
-  let r = encode_r (slice k 0 16) in
-  let s = slice k 16 32 in
-  finish (poly text r) s
-
-
-(* ********************* *)
-(* RFC 7539 Test Vectors *)
-(* ********************* *)
-
-#reset-options "--initial_fuel 0 --max_fuel 0 --z3rlimit 20"
-
-unfold let msg = [
-  0x43uy; 0x72uy; 0x79uy; 0x70uy; 0x74uy; 0x6fuy; 0x67uy; 0x72uy;
-  0x61uy; 0x70uy; 0x68uy; 0x69uy; 0x63uy; 0x20uy; 0x46uy; 0x6fuy;
-  0x72uy; 0x75uy; 0x6duy; 0x20uy; 0x52uy; 0x65uy; 0x73uy; 0x65uy;
-  0x61uy; 0x72uy; 0x63uy; 0x68uy; 0x20uy; 0x47uy; 0x72uy; 0x6fuy;
-  0x75uy; 0x70uy ]
-
-unfold let k = [
-  0x85uy; 0xd6uy; 0xbeuy; 0x78uy; 0x57uy; 0x55uy; 0x6duy; 0x33uy;
-  0x7fuy; 0x44uy; 0x52uy; 0xfeuy; 0x42uy; 0xd5uy; 0x06uy; 0xa8uy;
-  0x01uy; 0x03uy; 0x80uy; 0x8auy; 0xfbuy; 0x0duy; 0xb2uy; 0xfduy;
-  0x4auy; 0xbfuy; 0xf6uy; 0xafuy; 0x41uy; 0x49uy; 0xf5uy; 0x1buy ]
-
-unfold let expected = [
-  0xa8uy; 0x06uy; 0x1duy; 0xc1uy; 0x30uy; 0x51uy; 0x36uy; 0xc6uy;
-  0xc2uy; 0x2buy; 0x8buy; 0xafuy; 0x0cuy; 0x01uy; 0x27uy; 0xa9uy ]
-
-let test () : Tot bool =
-  assert_norm(List.Tot.length msg      = 34);
-  assert_norm(List.Tot.length k        = 32);
-  assert_norm(List.Tot.length expected = 16);
-  let msg      = createL msg in
-  let k        = createL k   in
-  let expected = createL expected in
-  poly1305 msg k = expected
diff --git a/security/nss/lib/nss/nss.def b/security/nss/lib/nss/nss.def
index 4f0ade4d0..e1453cc84 100644
--- a/security/nss/lib/nss/nss.def
+++ b/security/nss/lib/nss/nss.def
@@ -1115,21 +1115,3 @@ PK11_GetTokenURI;
 ;+    local:
 ;+       *;
 ;+};
-;+NSS_3.33 { 	# NSS 3.33 release
-;+    global:
-CERT_FindCertByIssuerAndSNCX;
-CERT_FindCertByNicknameOrEmailAddrCX;
-CERT_FindCertByNicknameOrEmailAddrForUsageCX;
-;+    local:
-;+       *;
-;+};
-;+NSS_3.34 { 	# NSS 3.34 release
-;+    global:
-PK11_CreateManagedGenericObject;
-SGN_NewContextWithAlgorithmID;
-SEC_SignDataWithAlgorithmID;
-SEC_DerSignDataWithAlgorithmID;
-SEC_CreateSignatureAlgorithmParameters;
-;+    local:
-;+       *;
-;+};
diff --git a/security/nss/lib/nss/nss.h b/security/nss/lib/nss/nss.h
index 62cf36730..8238faca7 100644
--- a/security/nss/lib/nss/nss.h
+++ b/security/nss/lib/nss/nss.h
@@ -22,10 +22,10 @@
  * The format of the version string should be
  *     "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
  */
-#define NSS_VERSION "3.35" _NSS_CUSTOMIZED
+#define NSS_VERSION "3.32.1" _NSS_CUSTOMIZED
 #define NSS_VMAJOR 3
-#define NSS_VMINOR 35
-#define NSS_VPATCH 0
+#define NSS_VMINOR 32
+#define NSS_VPATCH 1
 #define NSS_VBUILD 0
 #define NSS_BETA PR_FALSE
 
@@ -291,15 +291,6 @@ SECStatus NSS_UnregisterShutdown(NSS_ShutdownFunc sFunc, void *appData);
 #define NSS_DTLS_VERSION_MIN_POLICY 0x00a
 #define NSS_DTLS_VERSION_MAX_POLICY 0x00b
 
-/* Until NSS 3.30, the PKCS#12 implementation used BMPString encoding
- * for all passwords.  This changed to use UTF-8 for non-PKCS#12 PBEs
- * in NSS 3.31.
- *
- * For backward compatibility, this option reverts the behavior to the
- * old NSS versions.  This option might be removed in the future NSS
- * releases; don't rely on it. */
-#define __NSS_PKCS12_DECODE_FORCE_UNICODE 0x00c
-
 /*
  * Set and get global options for the NSS library.
  */
diff --git a/security/nss/lib/nss/nssoptions.c b/security/nss/lib/nss/nssoptions.c
index 1339cede8..fc97d6278 100644
--- a/security/nss/lib/nss/nssoptions.c
+++ b/security/nss/lib/nss/nssoptions.c
@@ -23,7 +23,6 @@ struct nssOps {
     PRInt32 tlsVersionMaxPolicy;
     PRInt32 dtlsVersionMinPolicy;
     PRInt32 dtlsVersionMaxPolicy;
-    PRInt32 pkcs12DecodeForceUnicode;
 };
 
 static struct nssOps nss_ops = {
@@ -34,7 +33,6 @@ static struct nssOps nss_ops = {
     0xffff, /* set TLS max to more than the largest legal SSL value */
     1,
     0xffff,
-    PR_FALSE
 };
 
 SECStatus
@@ -64,9 +62,6 @@ NSS_OptionSet(PRInt32 which, PRInt32 value)
         case NSS_DTLS_VERSION_MAX_POLICY:
             nss_ops.dtlsVersionMaxPolicy = value;
             break;
-        case __NSS_PKCS12_DECODE_FORCE_UNICODE:
-            nss_ops.pkcs12DecodeForceUnicode = value;
-            break;
         default:
             rv = SECFailure;
     }
@@ -101,9 +96,6 @@ NSS_OptionGet(PRInt32 which, PRInt32 *value)
         case NSS_DTLS_VERSION_MAX_POLICY:
             *value = nss_ops.dtlsVersionMaxPolicy;
             break;
-        case __NSS_PKCS12_DECODE_FORCE_UNICODE:
-            *value = nss_ops.pkcs12DecodeForceUnicode;
-            break;
         default:
             rv = SECFailure;
     }
diff --git a/security/nss/lib/nss/utilwrap.c b/security/nss/lib/nss/utilwrap.c
index 48e147d88..938d95c0f 100644
--- a/security/nss/lib/nss/utilwrap.c
+++ b/security/nss/lib/nss/utilwrap.c
@@ -75,8 +75,6 @@
 #undef PORT_UCS2_ASCIIConversion
 #undef PORT_UCS2_UTF8Conversion
 #undef PORT_ZAlloc
-#undef PORT_ZAllocAligned
-#undef PORT_ZAllocAlignedOffset
 #undef PORT_ZFree
 #undef SEC_ASN1Decode
 #undef SEC_ASN1DecodeInteger
@@ -146,18 +144,6 @@ PORT_ZAlloc(size_t bytes)
     return PORT_ZAlloc_Util(bytes);
 }
 
-void *
-PORT_ZAllocAligned(size_t bytes, size_t alignment, void **mem)
-{
-    return PORT_ZAllocAligned_Util(bytes, alignment, mem);
-}
-
-void *
-PORT_ZAllocAlignedOffset(size_t bytes, size_t alignment, size_t offset)
-{
-    return PORT_ZAllocAlignedOffset_Util(bytes, alignment, offset);
-}
-
 void
 PORT_Free(void *ptr)
 {
diff --git a/security/nss/lib/pk11wrap/pk11load.c b/security/nss/lib/pk11wrap/pk11load.c
index d1f6ec442..91339fad8 100644
--- a/security/nss/lib/pk11wrap/pk11load.c
+++ b/security/nss/lib/pk11wrap/pk11load.c
@@ -64,7 +64,8 @@ secmodUnlockMutext(CK_VOID_PTR mutext)
 static SECMODModuleID nextModuleID = 1;
 static const CK_C_INITIALIZE_ARGS secmodLockFunctions = {
     secmodCreateMutext, secmodDestroyMutext, secmodLockMutext,
-    secmodUnlockMutext, CKF_LIBRARY_CANT_CREATE_OS_THREADS | CKF_OS_LOCKING_OK,
+    secmodUnlockMutext, CKF_LIBRARY_CANT_CREATE_OS_THREADS |
+                            CKF_OS_LOCKING_OK,
     NULL
 };
 static const CK_C_INITIALIZE_ARGS secmodNoLockArgs = {
diff --git a/security/nss/lib/pk11wrap/pk11merge.c b/security/nss/lib/pk11wrap/pk11merge.c
index b2101b819..8c4c5129a 100644
--- a/security/nss/lib/pk11wrap/pk11merge.c
+++ b/security/nss/lib/pk11wrap/pk11merge.c
@@ -68,11 +68,8 @@ pk11_copyAttributes(PLArenaPool *arena,
                              copyTemplate, copyTemplateCount);
     /* if we have missing attributes, just skip them and create the object */
     if (crv == CKR_ATTRIBUTE_TYPE_INVALID) {
-        CK_ULONG i, j;
+        int i, j;
         newTemplate = PORT_NewArray(CK_ATTRIBUTE, copyTemplateCount);
-        if (!newTemplate) {
-            return SECFailure;
-        }
         /* remove the unknown attributes. If we don't have enough attributes
 	 * PK11_CreateNewObject() will fail */
         for (i = 0, j = 0; i < copyTemplateCount; i++) {
@@ -1261,7 +1258,6 @@ pk11_newMergeLogNode(PLArenaPool *arena,
     /* initialize it */
     obj->slot = slot;
     obj->objectID = id;
-    obj->owner = PR_FALSE;
 
     newLog->object = obj;
     newLog->error = error;
diff --git a/security/nss/lib/pk11wrap/pk11obj.c b/security/nss/lib/pk11wrap/pk11obj.c
index b97caddd4..47c56154d 100644
--- a/security/nss/lib/pk11wrap/pk11obj.c
+++ b/security/nss/lib/pk11wrap/pk11obj.c
@@ -201,6 +201,7 @@ PK11_GetAttributes(PLArenaPool *arena, PK11SlotInfo *slot,
     /* make pedantic happy... note that it's only used arena != NULL */
     void *mark = NULL;
     CK_RV crv;
+    PORT_Assert(slot->session != CK_INVALID_SESSION);
     if (slot->session == CK_INVALID_SESSION)
         return CKR_SESSION_HANDLE_INVALID;
 
@@ -1505,7 +1506,6 @@ PK11_FindGenericObjects(PK11SlotInfo *slot, CK_OBJECT_CLASS objClass)
         /* initialize it */
         obj->slot = PK11_ReferenceSlot(slot);
         obj->objectID = objectIDs[i];
-        obj->owner = PR_FALSE;
         obj->next = NULL;
         obj->prev = NULL;
 
@@ -1586,9 +1586,6 @@ PK11_DestroyGenericObject(PK11GenericObject *object)
 
     PK11_UnlinkGenericObject(object);
     if (object->slot) {
-        if (object->owner) {
-            PK11_DestroyObject(object->slot, object->objectID);
-        }
         PK11_FreeSlot(object->slot);
     }
     PORT_Free(object);
@@ -1630,9 +1627,8 @@ PK11_DestroyGenericObjects(PK11GenericObject *objects)
  * Hand Create a new object and return the Generic object for our new object.
  */
 PK11GenericObject *
-pk11_CreateGenericObjectHelper(PK11SlotInfo *slot,
-                               const CK_ATTRIBUTE *pTemplate,
-                               int count, PRBool token, PRBool owner)
+PK11_CreateGenericObject(PK11SlotInfo *slot, const CK_ATTRIBUTE *pTemplate,
+                         int count, PRBool token)
 {
     CK_OBJECT_HANDLE objectID;
     PK11GenericObject *obj;
@@ -1656,40 +1652,11 @@ pk11_CreateGenericObjectHelper(PK11SlotInfo *slot,
     /* initialize it */
     obj->slot = PK11_ReferenceSlot(slot);
     obj->objectID = objectID;
-    obj->owner = owner;
     obj->next = NULL;
     obj->prev = NULL;
     return obj;
 }
 
-/* This is the classic interface. Applications would call this function to
- * create new object that would not be destroyed later. This lead to resource
- * leaks (and thus memory leaks in the PKCS #11 module).  To solve this we have
- * a new interface that automatically marks objects created on the fly to be 
- * destroyed later. 
- * The old interface is preserved because applications like Mozilla purposefully
- * leak the reference to be found later with PK11_FindGenericObjects. New 
- * applications should use the new interface PK11_CreateManagedGenericObject */
-PK11GenericObject *
-PK11_CreateGenericObject(PK11SlotInfo *slot, const CK_ATTRIBUTE *pTemplate,
-                         int count, PRBool token)
-{
-    return pk11_CreateGenericObjectHelper(slot, pTemplate, count, token,
-                                          PR_FALSE);
-}
-
-/* Use this interface. It will automatically destroy any temporary objects 
- * (token = PR_FALSE) when the PK11GenericObject is freed. Permanent objects still 
- * need to be destroyed by hand with PK11_DestroyTokenObject.
- */
-PK11GenericObject *
-PK11_CreateManagedGenericObject(PK11SlotInfo *slot,
-                                const CK_ATTRIBUTE *pTemplate, int count, PRBool token)
-{
-    return pk11_CreateGenericObjectHelper(slot, pTemplate, count, token,
-                                          !token);
-}
-
 /*
  * Change an attribute on a raw object
  */
diff --git a/security/nss/lib/pk11wrap/pk11pars.c b/security/nss/lib/pk11wrap/pk11pars.c
index fc30222b3..ee20789cc 100644
--- a/security/nss/lib/pk11wrap/pk11pars.c
+++ b/security/nss/lib/pk11wrap/pk11pars.c
@@ -413,7 +413,8 @@ static const policyFlagDef policyFlagList[] = {
     /* add other signatures in the future */
     { CIPHER_NAME("SIGNATURE"), NSS_USE_ALG_IN_CERT_SIGNATURE },
     /* enable everything */
-    { CIPHER_NAME("ALL"), NSS_USE_ALG_IN_SSL | NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE },
+    { CIPHER_NAME("ALL"), NSS_USE_ALG_IN_SSL | NSS_USE_ALG_IN_SSL_KX |
+                              NSS_USE_ALG_IN_CERT_SIGNATURE },
     { CIPHER_NAME("NONE"), 0 }
 };
 
diff --git a/security/nss/lib/pk11wrap/pk11pbe.c b/security/nss/lib/pk11wrap/pk11pbe.c
index 5f68f399e..bea9333f6 100644
--- a/security/nss/lib/pk11wrap/pk11pbe.c
+++ b/security/nss/lib/pk11wrap/pk11pbe.c
@@ -367,24 +367,7 @@ sec_pkcs5v2_key_length(SECAlgorithmID *algid, SECAlgorithmID *cipherAlgId)
         cipherAlg = SECOID_GetAlgorithmTag(cipherAlgId);
 
     if (sec_pkcs5_is_algorithm_v2_aes_algorithm(cipherAlg)) {
-        /* Previously, the PKCS#12 files created with the old NSS
-         * releases encoded the maximum key size of AES (that is 32)
-         * in the keyLength field of PBKDF2-params. That resulted in
-         * always performing AES-256 even if AES-128-CBC or
-         * AES-192-CBC is specified in the encryptionScheme field of
-         * PBES2-params. This is wrong, but for compatibility reasons,
-         * check the keyLength field and use the value if it is 32.
-         */
-        if (p5_param.keyLength.data != NULL) {
-            length = DER_GetInteger(&p5_param.keyLength);
-        }
-        /* If the keyLength field is present and contains a value
-         * other than 32, that means the file is created outside of
-         * NSS, which we don't care about. Note that the following
-         * also handles the case when the field is absent. */
-        if (length != 32) {
-            length = sec_pkcs5v2_aes_key_length(cipherAlg);
-        }
+        length = sec_pkcs5v2_aes_key_length(cipherAlg);
     } else if (p5_param.keyLength.data != NULL) {
         length = DER_GetInteger(&p5_param.keyLength);
     } else {
diff --git a/security/nss/lib/pk11wrap/pk11pk12.c b/security/nss/lib/pk11wrap/pk11pk12.c
index 035143af8..d753b87e5 100644
--- a/security/nss/lib/pk11wrap/pk11pk12.c
+++ b/security/nss/lib/pk11wrap/pk11pk12.c
@@ -153,6 +153,7 @@ const SEC_ASN1Template SECKEY_DHPrivateKeyExportTemplate[] = {
     { SEC_ASN1_INTEGER, offsetof(SECKEYRawPrivateKey, u.dh.prime) },
 };
 
+#ifndef NSS_DISABLE_ECC
 SEC_ASN1_MKSUB(SEC_BitStringTemplate)
 SEC_ASN1_MKSUB(SEC_ObjectIDTemplate)
 
@@ -177,6 +178,7 @@ const SEC_ASN1Template SECKEY_ECPrivateKeyExportTemplate[] = {
       SEC_ASN1_SUB(SEC_BitStringTemplate) },
     { 0 }
 };
+#endif /* NSS_DISABLE_ECC */
 
 const SEC_ASN1Template SECKEY_EncryptedPrivateKeyInfoTemplate[] = {
     { SEC_ASN1_SEQUENCE,
@@ -344,13 +346,16 @@ PK11_ImportAndReturnPrivateKey(PK11SlotInfo *slot, SECKEYRawPrivateKey *lpk,
     switch (lpk->keyType) {
         case rsaKey:
             keyType = CKK_RSA;
-            PK11_SETATTRS(attrs, CKA_UNWRAP, (keyUsage & KU_KEY_ENCIPHERMENT) ? &cktrue : &ckfalse,
+            PK11_SETATTRS(attrs, CKA_UNWRAP, (keyUsage & KU_KEY_ENCIPHERMENT) ? &cktrue
+                                                                              : &ckfalse,
                           sizeof(CK_BBOOL));
             attrs++;
-            PK11_SETATTRS(attrs, CKA_DECRYPT, (keyUsage & KU_DATA_ENCIPHERMENT) ? &cktrue : &ckfalse,
+            PK11_SETATTRS(attrs, CKA_DECRYPT, (keyUsage & KU_DATA_ENCIPHERMENT) ? &cktrue
+                                                                                : &ckfalse,
                           sizeof(CK_BBOOL));
             attrs++;
-            PK11_SETATTRS(attrs, CKA_SIGN, (keyUsage & KU_DIGITAL_SIGNATURE) ? &cktrue : &ckfalse,
+            PK11_SETATTRS(attrs, CKA_SIGN, (keyUsage & KU_DIGITAL_SIGNATURE) ? &cktrue
+                                                                             : &ckfalse,
                           sizeof(CK_BBOOL));
             attrs++;
             PK11_SETATTRS(attrs, CKA_SIGN_RECOVER,
@@ -477,6 +482,7 @@ PK11_ImportAndReturnPrivateKey(PK11SlotInfo *slot, SECKEYRawPrivateKey *lpk,
                           lpk->u.dh.privateValue.len);
             attrs++;
             break;
+#ifndef NSS_DISABLE_ECC
         case ecKey:
             keyType = CKK_EC;
             if (lpk->u.ec.publicValue.len == 0) {
@@ -488,7 +494,8 @@ PK11_ImportAndReturnPrivateKey(PK11SlotInfo *slot, SECKEYRawPrivateKey *lpk,
                               lpk->u.ec.publicValue.len);
                 attrs++;
             }
-            PK11_SETATTRS(attrs, CKA_SIGN, (keyUsage & KU_DIGITAL_SIGNATURE) ? &cktrue : &ckfalse,
+            PK11_SETATTRS(attrs, CKA_SIGN, (keyUsage & KU_DIGITAL_SIGNATURE) ? &cktrue
+                                                                             : &ckfalse,
                           sizeof(CK_BBOOL));
             attrs++;
             PK11_SETATTRS(attrs, CKA_SIGN_RECOVER,
@@ -496,7 +503,8 @@ PK11_ImportAndReturnPrivateKey(PK11SlotInfo *slot, SECKEYRawPrivateKey *lpk,
                                                             : &ckfalse,
                           sizeof(CK_BBOOL));
             attrs++;
-            PK11_SETATTRS(attrs, CKA_DERIVE, (keyUsage & KU_KEY_AGREEMENT) ? &cktrue : &ckfalse,
+            PK11_SETATTRS(attrs, CKA_DERIVE, (keyUsage & KU_KEY_AGREEMENT) ? &cktrue
+                                                                           : &ckfalse,
                           sizeof(CK_BBOOL));
             attrs++;
             ck_id = PK11_MakeIDFromPubKey(&lpk->u.ec.publicValue);
@@ -517,6 +525,7 @@ PK11_ImportAndReturnPrivateKey(PK11SlotInfo *slot, SECKEYRawPrivateKey *lpk,
                           lpk->u.ec.publicValue.len);
             attrs++;
             break;
+#endif /* NSS_DISABLE_ECC */
         default:
             PORT_SetError(SEC_ERROR_BAD_KEY);
             goto loser;
@@ -597,6 +606,7 @@ PK11_ImportPrivateKeyInfoAndReturnKey(PK11SlotInfo *slot,
             paramDest = NULL;
             lpk->keyType = dhKey;
             break;
+#ifndef NSS_DISABLE_ECC
         case SEC_OID_ANSIX962_EC_PUBLIC_KEY:
             prepare_ec_priv_key_export_for_asn1(lpk);
             keyTemplate = SECKEY_ECPrivateKeyExportTemplate;
@@ -604,6 +614,7 @@ PK11_ImportPrivateKeyInfoAndReturnKey(PK11SlotInfo *slot,
             paramDest = NULL;
             lpk->keyType = ecKey;
             break;
+#endif /* NSS_DISABLE_ECC */
 
         default:
             keyTemplate = NULL;
@@ -622,6 +633,7 @@ PK11_ImportPrivateKeyInfoAndReturnKey(PK11SlotInfo *slot,
         goto loser;
     }
 
+#ifndef NSS_DISABLE_ECC
     if (lpk->keyType == ecKey) {
         /* Convert length in bits to length in bytes. */
         lpk->u.ec.publicValue.len >>= 3;
@@ -633,6 +645,7 @@ PK11_ImportPrivateKeyInfoAndReturnKey(PK11SlotInfo *slot,
             goto loser;
         }
     }
+#endif /* NSS_DISABLE_ECC */
 
     if (paramDest && paramTemplate) {
         rv = SEC_ASN1DecodeItem(arena, paramDest, paramTemplate,
diff --git a/security/nss/lib/pk11wrap/pk11pub.h b/security/nss/lib/pk11wrap/pk11pub.h
index dbd8da092..edfe82f5a 100644
--- a/security/nss/lib/pk11wrap/pk11pub.h
+++ b/security/nss/lib/pk11wrap/pk11pub.h
@@ -831,10 +831,6 @@ SECStatus PK11_LinkGenericObject(PK11GenericObject *list,
                                  PK11GenericObject *object);
 SECStatus PK11_DestroyGenericObjects(PK11GenericObject *object);
 SECStatus PK11_DestroyGenericObject(PK11GenericObject *object);
-PK11GenericObject *PK11_CreateManagedGenericObject(PK11SlotInfo *slot,
-                                                   const CK_ATTRIBUTE *pTemplate,
-                                                   int count, PRBool token);
-/* deprecated */
 PK11GenericObject *PK11_CreateGenericObject(PK11SlotInfo *slot,
                                             const CK_ATTRIBUTE *pTemplate,
                                             int count, PRBool token);
diff --git a/security/nss/lib/pk11wrap/pk11skey.c b/security/nss/lib/pk11wrap/pk11skey.c
index cf2a40a2f..1ef53e1d7 100644
--- a/security/nss/lib/pk11wrap/pk11skey.c
+++ b/security/nss/lib/pk11wrap/pk11skey.c
@@ -182,10 +182,6 @@ PK11_FreeSymKey(PK11SymKey *symKey)
     PK11SlotInfo *slot;
     PRBool freeit = PR_TRUE;
 
-    if (!symKey) {
-        return;
-    }
-
     if (PR_ATOMIC_DECREMENT(&symKey->refCount) == 0) {
         PK11SymKey *parent = symKey->parent;
 
diff --git a/security/nss/lib/pk11wrap/pk11slot.c b/security/nss/lib/pk11wrap/pk11slot.c
index c39abe17e..0a6ed6c08 100644
--- a/security/nss/lib/pk11wrap/pk11slot.c
+++ b/security/nss/lib/pk11wrap/pk11slot.c
@@ -1182,7 +1182,7 @@ PK11_InitToken(PK11SlotInfo *slot, PRBool loadCerts)
 
     /* set the slot flags to the current token values */
     slot->series++; /* allow other objects to detect that the
-                     * slot is different */
+                      * slot is different */
     slot->flags = slot->tokenInfo.flags;
     slot->needLogin = ((slot->tokenInfo.flags & CKF_LOGIN_REQUIRED) ? PR_TRUE : PR_FALSE);
     slot->readOnly = ((slot->tokenInfo.flags & CKF_WRITE_PROTECTED) ? PR_TRUE : PR_FALSE);
@@ -1471,9 +1471,6 @@ PK11_InitSlot(SECMODModule *mod, CK_SLOT_ID slotID, PK11SlotInfo *slot)
             slot->hasRootCerts = PR_TRUE;
         }
     }
-    if ((slotInfo.flags & CKF_USER_PIN_INITIALIZED) != 0) {
-        slot->flags |= CKF_USER_PIN_INITIALIZED;
-    }
 }
 
 /*********************************************************************
diff --git a/security/nss/lib/pk11wrap/pk11util.c b/security/nss/lib/pk11wrap/pk11util.c
index e316f1f1a..a962e9bb3 100644
--- a/security/nss/lib/pk11wrap/pk11util.c
+++ b/security/nss/lib/pk11wrap/pk11util.c
@@ -437,11 +437,6 @@ SECMOD_DeleteInternalModule(const char *name)
         return rv;
     }
 
-#ifdef NSS_FIPS_DISABLED
-    PORT_SetError(PR_OPERATION_NOT_SUPPORTED_ERROR);
-    return rv;
-#endif
-
     SECMOD_GetWriteLock(moduleLock);
     for (mlpp = &modules, mlp = modules;
          mlp != NULL; mlpp = &mlp->next, mlp = *mlpp) {
@@ -960,11 +955,7 @@ SECMOD_DestroyModuleList(SECMODModuleList *list)
 PRBool
 SECMOD_CanDeleteInternalModule(void)
 {
-#ifdef NSS_FIPS_DISABLED
-    return PR_FALSE;
-#else
     return (PRBool)(pendingModule == NULL);
-#endif
 }
 
 /*
diff --git a/security/nss/lib/pk11wrap/secmodti.h b/security/nss/lib/pk11wrap/secmodti.h
index 260e6387d..63c207929 100644
--- a/security/nss/lib/pk11wrap/secmodti.h
+++ b/security/nss/lib/pk11wrap/secmodti.h
@@ -175,7 +175,6 @@ struct PK11GenericObjectStr {
     PK11GenericObject *next;
     PK11SlotInfo *slot;
     CK_OBJECT_HANDLE objectID;
-    PRBool owner;
 };
 
 #define MAX_TEMPL_ATTRS 16 /* maximum attributes in template */
diff --git a/security/nss/lib/pkcs12/p12d.c b/security/nss/lib/pkcs12/p12d.c
index dfe7015df..57333ac37 100644
--- a/security/nss/lib/pkcs12/p12d.c
+++ b/security/nss/lib/pkcs12/p12d.c
@@ -3,7 +3,6 @@
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "nssrenam.h"
-#include "nss.h"
 #include "p12t.h"
 #include "p12.h"
 #include "plarena.h"
@@ -127,7 +126,6 @@ struct SEC_PKCS12DecoderContextStr {
     SECKEYGetPasswordKey pwfn;
     void *pwfnarg;
     PRBool swapUnicodeBytes;
-    PRBool forceUnicode;
 
     /* import information */
     PRBool bagsVerified;
@@ -194,18 +192,8 @@ sec_pkcs12_decoder_get_decrypt_key(void *arg, SECAlgorithmID *algid)
     }
 
     algorithm = SECOID_GetAlgorithmTag(algid);
-
-    if (p12dcx->forceUnicode) {
-        if (SECITEM_CopyItem(NULL, &pwitem, p12dcx->pwitem) != SECSuccess) {
-            PK11_FreeSlot(slot);
-            return NULL;
-        }
-    } else {
-        if (!sec_pkcs12_decode_password(NULL, &pwitem, algorithm, p12dcx->pwitem)) {
-            PK11_FreeSlot(slot);
-            return NULL;
-        }
-    }
+    if (!sec_pkcs12_decode_password(NULL, &pwitem, algorithm, p12dcx->pwitem))
+        return NULL;
 
     bulkKey = PK11_PBEKeyGen(slot, algid, &pwitem, PR_FALSE, p12dcx->wincx);
     /* some tokens can't generate PBE keys on their own, generate the
@@ -1176,8 +1164,6 @@ SEC_PKCS12DecoderStart(SECItem *pwitem, PK11SlotInfo *slot, void *wincx,
 {
     SEC_PKCS12DecoderContext *p12dcx;
     PLArenaPool *arena;
-    PRInt32 forceUnicode = PR_FALSE;
-    SECStatus rv;
 
     arena = PORT_NewArena(2048); /* different size? */
     if (!arena) {
@@ -1210,11 +1196,6 @@ SEC_PKCS12DecoderStart(SECItem *pwitem, PK11SlotInfo *slot, void *wincx,
 #else
     p12dcx->swapUnicodeBytes = PR_FALSE;
 #endif
-    rv = NSS_OptionGet(__NSS_PKCS12_DECODE_FORCE_UNICODE, &forceUnicode);
-    if (rv != SECSuccess) {
-        goto loser;
-    }
-    p12dcx->forceUnicode = forceUnicode;
     p12dcx->errorValue = 0;
     p12dcx->error = PR_FALSE;
 
@@ -2447,7 +2428,7 @@ sec_pkcs12_get_public_value_and_type(SECKEYPublicKey *pubKey, KeyType *type);
 static SECStatus
 sec_pkcs12_add_key(sec_PKCS12SafeBag *key, SECKEYPublicKey *pubKey,
                    unsigned int keyUsage,
-                   SECItem *nickName, PRBool forceUnicode, void *wincx)
+                   SECItem *nickName, void *wincx)
 {
     SECStatus rv;
     SECItem *publicValue = NULL;
@@ -2485,21 +2466,9 @@ sec_pkcs12_add_key(sec_PKCS12SafeBag *key, SECKEYPublicKey *pubKey,
                 &key->safeBagContent.pkcs8ShroudedKeyBag->algorithm;
             SECOidTag algorithm = SECOID_GetAlgorithmTag(algid);
 
-            if (forceUnicode) {
-                if (SECITEM_CopyItem(NULL, &pwitem, key->pwitem) != SECSuccess) {
-                    key->error = SEC_ERROR_PKCS12_UNABLE_TO_IMPORT_KEY;
-                    key->problem = PR_TRUE;
-                    return SECFailure;
-                }
-            } else {
-                if (!sec_pkcs12_decode_password(NULL, &pwitem, algorithm,
-                                                key->pwitem)) {
-                    key->error = SEC_ERROR_PKCS12_UNABLE_TO_IMPORT_KEY;
-                    key->problem = PR_TRUE;
-                    return SECFailure;
-                }
-            }
-
+            if (!sec_pkcs12_decode_password(NULL, &pwitem, algorithm,
+                                            key->pwitem))
+                return SECFailure;
             rv = PK11_ImportEncryptedPrivateKeyInfo(key->slot,
                                                     key->safeBagContent.pkcs8ShroudedKeyBag,
                                                     &pwitem, nickName, publicValue,
@@ -2954,8 +2923,7 @@ sec_pkcs12_get_public_value_and_type(SECKEYPublicKey *pubKey,
  * two passes in sec_pkcs12_validate_bags.
  */
 static SECStatus
-sec_pkcs12_install_bags(sec_PKCS12SafeBag **safeBags, PRBool forceUnicode,
-                        void *wincx)
+sec_pkcs12_install_bags(sec_PKCS12SafeBag **safeBags, void *wincx)
 {
     sec_PKCS12SafeBag **keyList;
     int i;
@@ -3008,8 +2976,7 @@ sec_pkcs12_install_bags(sec_PKCS12SafeBag **safeBags, PRBool forceUnicode,
                 key->problem = PR_TRUE;
                 rv = SECFailure;
             } else {
-                rv = sec_pkcs12_add_key(key, pubKey, keyUsage, nickName,
-                                        forceUnicode, wincx);
+                rv = sec_pkcs12_add_key(key, pubKey, keyUsage, nickName, wincx);
             }
             if (pubKey) {
                 SECKEY_DestroyPublicKey(pubKey);
@@ -3086,9 +3053,6 @@ sec_pkcs12_install_bags(sec_PKCS12SafeBag **safeBags, PRBool forceUnicode,
 SECStatus
 SEC_PKCS12DecoderImportBags(SEC_PKCS12DecoderContext *p12dcx)
 {
-    PRBool forceUnicode = PR_FALSE;
-    SECStatus rv;
-
     if (!p12dcx || p12dcx->error) {
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
         return SECFailure;
@@ -3098,16 +3062,7 @@ SEC_PKCS12DecoderImportBags(SEC_PKCS12DecoderContext *p12dcx)
         return SECFailure;
     }
 
-    /* We need to check the option here as well as in
-     * SEC_PKCS12DecoderStart, because different PBE's could be used
-     * for PKCS #7 and PKCS #8 */
-    rv = NSS_OptionGet(__NSS_PKCS12_DECODE_FORCE_UNICODE, &forceUnicode);
-    if (rv != SECSuccess) {
-        return SECFailure;
-    }
-
-    return sec_pkcs12_install_bags(p12dcx->safeBags, forceUnicode,
-                                   p12dcx->wincx);
+    return sec_pkcs12_install_bags(p12dcx->safeBags, p12dcx->wincx);
 }
 
 PRBool
diff --git a/security/nss/lib/pkcs12/p12local.c b/security/nss/lib/pkcs12/p12local.c
index 53e3aa6bb..a94c08be1 100644
--- a/security/nss/lib/pkcs12/p12local.c
+++ b/security/nss/lib/pkcs12/p12local.c
@@ -267,7 +267,8 @@ sec_pkcs12_generate_key_from_password(SECOidTag algorithm,
         return NULL;
     }
 
-    pre_hash = (unsigned char *)PORT_ArenaZAlloc(poolp, sizeof(char) * (salt->len + password->len));
+    pre_hash = (unsigned char *)PORT_ArenaZAlloc(poolp, sizeof(char) *
+                                                            (salt->len + password->len));
     if (pre_hash == NULL) {
         PORT_SetError(SEC_ERROR_NO_MEMORY);
         goto loser;
diff --git a/security/nss/lib/pkcs7/p7create.c b/security/nss/lib/pkcs7/p7create.c
index a79d5aa26..96ada5c0f 100644
--- a/security/nss/lib/pkcs7/p7create.c
+++ b/security/nss/lib/pkcs7/p7create.c
@@ -18,13 +18,7 @@
 #include "secder.h"
 #include "secpkcs5.h"
 
-const int NSS_PBE_DEFAULT_ITERATION_COUNT = /* used in p12e.c too */
-#ifdef DEBUG
-    10000
-#else
-    1000000
-#endif
-    ;
+const int NSS_PBE_DEFAULT_ITERATION_COUNT = 2000; /* used in p12e.c too */
 
 static SECStatus
 sec_pkcs7_init_content_info(SEC_PKCS7ContentInfo *cinfo, PLArenaPool *poolp,
diff --git a/security/nss/lib/pki/pki3hack.c b/security/nss/lib/pki/pki3hack.c
index fb3110a23..548853970 100644
--- a/security/nss/lib/pki/pki3hack.c
+++ b/security/nss/lib/pki/pki3hack.c
@@ -180,18 +180,16 @@ STAN_RemoveModuleFromDefaultTrustDomain(
     NSSTrustDomain *td;
     int i;
     td = STAN_GetDefaultTrustDomain();
+    NSSRWLock_LockWrite(td->tokensLock);
     for (i = 0; i < module->slotCount; i++) {
         token = PK11Slot_GetNSSToken(module->slots[i]);
         if (token) {
             nssToken_NotifyCertsNotVisible(token);
-            NSSRWLock_LockWrite(td->tokensLock);
             nssList_Remove(td->tokenList, token);
-            NSSRWLock_UnlockWrite(td->tokensLock);
             PK11Slot_SetNSSToken(module->slots[i], NULL);
             nssToken_Destroy(token);
         }
     }
-    NSSRWLock_LockWrite(td->tokensLock);
     nssListIterator_Destroy(td->tokens);
     td->tokens = nssList_CreateIterator(td->tokenList);
     NSSRWLock_UnlockWrite(td->tokensLock);
diff --git a/security/nss/lib/smime/cmsdecode.c b/security/nss/lib/smime/cmsdecode.c
index 62b4ebfe5..d96511171 100644
--- a/security/nss/lib/smime/cmsdecode.c
+++ b/security/nss/lib/smime/cmsdecode.c
@@ -87,7 +87,8 @@ nss_cms_decoder_notify(void *arg, PRBool before, void *dest, int depth)
 /* XXX error handling: need to set p7dcx->error */
 
 #ifdef CMSDEBUG
-    fprintf(stderr, "%6.6s, dest = 0x%08x, depth = %d\n", before ? "before" : "after",
+    fprintf(stderr, "%6.6s, dest = 0x%08x, depth = %d\n", before ? "before"
+                                                                 : "after",
             dest, depth);
 #endif
 
diff --git a/security/nss/lib/smime/cmsencode.c b/security/nss/lib/smime/cmsencode.c
index 0d723e865..a4414e008 100644
--- a/security/nss/lib/smime/cmsencode.c
+++ b/security/nss/lib/smime/cmsencode.c
@@ -134,7 +134,8 @@ nss_cms_encoder_notify(void *arg, PRBool before, void *dest, int depth)
     rootcinfo = &(p7ecx->cmsg->contentInfo);
 
 #ifdef CMSDEBUG
-    fprintf(stderr, "%6.6s, dest = 0x%08x, depth = %d\n", before ? "before" : "after",
+    fprintf(stderr, "%6.6s, dest = 0x%08x, depth = %d\n", before ? "before"
+                                                                 : "after",
             dest, depth);
 #endif
 
diff --git a/security/nss/lib/softoken/fipstest.c b/security/nss/lib/softoken/fipstest.c
index 0cca74d6e..3563bd2d2 100644
--- a/security/nss/lib/softoken/fipstest.c
+++ b/security/nss/lib/softoken/fipstest.c
@@ -5,7 +5,6 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
-#ifndef NSS_FIPS_DISABLED
 #include "seccomon.h"
 #include "blapi.h"
 #include "softoken.h"
@@ -653,11 +652,3 @@ sftk_FIPSEntryOK()
     }
     return CKR_OK;
 }
-#else
-#include "pkcs11t.h"
-CK_RV
-sftk_FIPSEntryOK()
-{
-    return CKR_DEVICE_ERROR;
-}
-#endif /* NSS_FIPS_DISABLED */
diff --git a/security/nss/lib/softoken/fipstokn.c b/security/nss/lib/softoken/fipstokn.c
index ca7d7998a..fd4fd4207 100644
--- a/security/nss/lib/softoken/fipstokn.c
+++ b/security/nss/lib/softoken/fipstokn.c
@@ -540,10 +540,7 @@ FC_GetTokenInfo(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo)
 
     crv = NSC_GetTokenInfo(slotID, pInfo);
     if (crv == CKR_OK) {
-        /* use the global database to figure out if we are running in 
-         * FIPS 140 Level 1 or Level 2 */
-        if (slotID == FIPS_SLOT_ID &&
-            (pInfo->flags & CKF_LOGIN_REQUIRED) == 0) {
+        if ((pInfo->flags & CKF_LOGIN_REQUIRED) == 0) {
             isLevel2 = PR_FALSE;
         }
     }
@@ -619,8 +616,7 @@ FC_InitPIN(CK_SESSION_HANDLE hSession,
      * we need to make sure the pin meets FIPS requirements */
     if ((ulPinLen == 0) || ((rv = sftk_newPinCheck(pPin, ulPinLen)) == CKR_OK)) {
         rv = NSC_InitPIN(hSession, pPin, ulPinLen);
-        if ((rv == CKR_OK) &&
-            (sftk_SlotIDFromSessionHandle(hSession) == FIPS_SLOT_ID)) {
+        if (rv == CKR_OK) {
             isLevel2 = (ulPinLen > 0) ? PR_TRUE : PR_FALSE;
         }
     }
@@ -648,8 +644,7 @@ FC_SetPIN(CK_SESSION_HANDLE hSession, CK_CHAR_PTR pOldPin,
     if ((rv = sftk_fipsCheck()) == CKR_OK &&
         (rv = sftk_newPinCheck(pNewPin, usNewLen)) == CKR_OK) {
         rv = NSC_SetPIN(hSession, pOldPin, usOldLen, pNewPin, usNewLen);
-        if ((rv == CKR_OK) &&
-            (sftk_SlotIDFromSessionHandle(hSession) == FIPS_SLOT_ID)) {
+        if (rv == CKR_OK) {
             /* if we set the password in level1 we now go
              * to level2. NOTE: we don't allow the user to
              * go from level2 to level1 */
@@ -710,23 +705,11 @@ FC_GetSessionInfo(CK_SESSION_HANDLE hSession,
 
     rv = NSC_GetSessionInfo(hSession, pInfo);
     if (rv == CKR_OK) {
-        /* handle the case where the auxilary slot doesn't require login.
-         * piggy back on the main token's login state */
-        if (isLoggedIn &&
-            ((pInfo->state == CKS_RO_PUBLIC_SESSION) ||
-             (pInfo->state == CKS_RW_PUBLIC_SESSION))) {
-            CK_RV crv;
-            CK_TOKEN_INFO tInfo;
-            crv = NSC_GetTokenInfo(sftk_SlotIDFromSessionHandle(hSession),
-                                   &tInfo);
-            /* if the token doesn't login, use our global login state */
-            if ((crv == CKR_OK) && ((tInfo.flags & CKF_LOGIN_REQUIRED) == 0)) {
-                if (pInfo->state == CKS_RO_PUBLIC_SESSION) {
-                    pInfo->state = CKS_RO_USER_FUNCTIONS;
-                } else {
-                    pInfo->state = CKS_RW_USER_FUNCTIONS;
-                }
-            }
+        if ((isLoggedIn) && (pInfo->state == CKS_RO_PUBLIC_SESSION)) {
+            pInfo->state = CKS_RO_USER_FUNCTIONS;
+        }
+        if ((isLoggedIn) && (pInfo->state == CKS_RW_PUBLIC_SESSION)) {
+            pInfo->state = CKS_RW_USER_FUNCTIONS;
         }
     }
     return rv;
diff --git a/security/nss/lib/softoken/legacydb/keydb.c b/security/nss/lib/softoken/legacydb/keydb.c
index b4aa7754b..178e333ec 100644
--- a/security/nss/lib/softoken/legacydb/keydb.c
+++ b/security/nss/lib/softoken/legacydb/keydb.c
@@ -1137,10 +1137,12 @@ nsslowkey_KeyForCertExists(NSSLOWKEYDBHandle *handle, NSSLOWCERTCertificate *cer
             namekey.data = pubkey->u.dh.publicValue.data;
             namekey.size = pubkey->u.dh.publicValue.len;
             break;
+#ifndef NSS_DISABLE_ECC
         case NSSLOWKEYECKey:
             namekey.data = pubkey->u.ec.publicValue.data;
             namekey.size = pubkey->u.ec.publicValue.len;
             break;
+#endif /* NSS_DISABLE_ECC */
         default:
             /* XXX We don't do Fortezza or DH yet. */
             return PR_FALSE;
@@ -1465,10 +1467,12 @@ seckey_encrypt_private_key(PLArenaPool *permarena, NSSLOWKEYPrivateKey *pk,
     SECItem *der_item = NULL;
     SECItem *cipherText = NULL;
     SECItem *dummy = NULL;
+#ifndef NSS_DISABLE_ECC
 #ifdef EC_DEBUG
     SECItem *fordebug = NULL;
 #endif
     int savelen;
+#endif
 
     temparena = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE);
     if (temparena == NULL)
@@ -1544,6 +1548,7 @@ seckey_encrypt_private_key(PLArenaPool *permarena, NSSLOWKEYPrivateKey *pk,
                 goto loser;
             }
             break;
+#ifndef NSS_DISABLE_ECC
         case NSSLOWKEYECKey:
             lg_prepare_low_ec_priv_key_for_asn1(pk);
             /* Public value is encoded as a bit string so adjust length
@@ -1584,6 +1589,7 @@ seckey_encrypt_private_key(PLArenaPool *permarena, NSSLOWKEYPrivateKey *pk,
 #endif
 
             break;
+#endif /* NSS_DISABLE_ECC */
         default:
             /* We don't support DH or Fortezza private keys yet */
             PORT_Assert(PR_FALSE);
@@ -1803,6 +1809,7 @@ seckey_decrypt_private_key(SECItem *epki,
                                                 lg_nsslowkey_DHPrivateKeyTemplate,
                                                 &newPrivateKey);
                     break;
+#ifndef NSS_DISABLE_ECC
                 case SEC_OID_ANSIX962_EC_PUBLIC_KEY:
                     pk->keyType = NSSLOWKEYECKey;
                     lg_prepare_low_ec_priv_key_for_asn1(pk);
@@ -1842,6 +1849,7 @@ seckey_decrypt_private_key(SECItem *epki,
                     }
 
                     break;
+#endif /* NSS_DISABLE_ECC */
                 default:
                     rv = SECFailure;
                     break;
diff --git a/security/nss/lib/softoken/legacydb/lgattr.c b/security/nss/lib/softoken/legacydb/lgattr.c
index 542b0c968..5c2cbdbc6 100644
--- a/security/nss/lib/softoken/legacydb/lgattr.c
+++ b/security/nss/lib/softoken/legacydb/lgattr.c
@@ -133,7 +133,7 @@ lg_CopyAttribute(CK_ATTRIBUTE *attr, CK_ATTRIBUTE_TYPE type,
         attr->ulValueLen = (CK_ULONG)-1;
         return CKR_BUFFER_TOO_SMALL;
     }
-    if (len > 0 && value != NULL) {
+    if (value != NULL) {
         PORT_Memcpy(attr->pValue, value, len);
     }
     attr->ulValueLen = len;
@@ -421,9 +421,11 @@ lg_GetPubItem(NSSLOWKEYPublicKey *pubKey)
         case NSSLOWKEYDHKey:
             pubItem = &pubKey->u.dh.publicValue;
             break;
+#ifndef NSS_DISABLE_ECC
         case NSSLOWKEYECKey:
             pubItem = &pubKey->u.ec.publicValue;
             break;
+#endif /* NSS_DISABLE_ECC */
         default:
             break;
     }
@@ -542,6 +544,7 @@ lg_FindDHPublicKeyAttribute(NSSLOWKEYPublicKey *key, CK_ATTRIBUTE_TYPE type,
     return lg_invalidAttribute(attribute);
 }
 
+#ifndef NSS_DISABLE_ECC
 static CK_RV
 lg_FindECPublicKeyAttribute(NSSLOWKEYPublicKey *key, CK_ATTRIBUTE_TYPE type,
                             CK_ATTRIBUTE *attribute)
@@ -591,6 +594,7 @@ lg_FindECPublicKeyAttribute(NSSLOWKEYPublicKey *key, CK_ATTRIBUTE_TYPE type,
     }
     return lg_invalidAttribute(attribute);
 }
+#endif /* NSS_DISABLE_ECC */
 
 static CK_RV
 lg_FindPublicKeyAttribute(LGObjectCache *obj, CK_ATTRIBUTE_TYPE type,
@@ -641,8 +645,10 @@ lg_FindPublicKeyAttribute(LGObjectCache *obj, CK_ATTRIBUTE_TYPE type,
             return lg_FindDSAPublicKeyAttribute(key, type, attribute);
         case NSSLOWKEYDHKey:
             return lg_FindDHPublicKeyAttribute(key, type, attribute);
+#ifndef NSS_DISABLE_ECC
         case NSSLOWKEYECKey:
             return lg_FindECPublicKeyAttribute(key, type, attribute);
+#endif /* NSS_DISABLE_ECC */
         default:
             break;
     }
@@ -929,6 +935,7 @@ lg_FindDHPrivateKeyAttribute(NSSLOWKEYPrivateKey *key, CK_ATTRIBUTE_TYPE type,
     return lg_invalidAttribute(attribute);
 }
 
+#ifndef NSS_DISABLE_ECC
 static CK_RV
 lg_FindECPrivateKeyAttribute(NSSLOWKEYPrivateKey *key, CK_ATTRIBUTE_TYPE type,
                              CK_ATTRIBUTE *attribute, SDB *sdbpw)
@@ -966,6 +973,7 @@ lg_FindECPrivateKeyAttribute(NSSLOWKEYPrivateKey *key, CK_ATTRIBUTE_TYPE type,
     }
     return lg_invalidAttribute(attribute);
 }
+#endif /* NSS_DISABLE_ECC */
 
 static CK_RV
 lg_FindPrivateKeyAttribute(LGObjectCache *obj, CK_ATTRIBUTE_TYPE type,
@@ -1012,8 +1020,10 @@ lg_FindPrivateKeyAttribute(LGObjectCache *obj, CK_ATTRIBUTE_TYPE type,
             return lg_FindDSAPrivateKeyAttribute(key, type, attribute, obj->sdb);
         case NSSLOWKEYDHKey:
             return lg_FindDHPrivateKeyAttribute(key, type, attribute, obj->sdb);
+#ifndef NSS_DISABLE_ECC
         case NSSLOWKEYECKey:
             return lg_FindECPrivateKeyAttribute(key, type, attribute, obj->sdb);
+#endif /* NSS_DISABLE_ECC */
         default:
             break;
     }
diff --git a/security/nss/lib/softoken/legacydb/lgcreate.c b/security/nss/lib/softoken/legacydb/lgcreate.c
index f2b2aa634..a0d2b2e57 100644
--- a/security/nss/lib/softoken/legacydb/lgcreate.c
+++ b/security/nss/lib/softoken/legacydb/lgcreate.c
@@ -398,17 +398,21 @@ lg_createPublicKeyObject(SDB *sdb, CK_KEY_TYPE key_type,
     NSSLOWKEYPrivateKey *priv;
     SECItem pubKeySpace = { siBuffer, NULL, 0 };
     SECItem *pubKey;
+#ifndef NSS_DISABLE_ECC
     SECItem pubKey2Space = { siBuffer, NULL, 0 };
     PLArenaPool *arena = NULL;
+#endif /* NSS_DISABLE_ECC */
     NSSLOWKEYDBHandle *keyHandle = NULL;
 
     switch (key_type) {
         case CKK_RSA:
             pubKeyAttr = CKA_MODULUS;
             break;
+#ifndef NSS_DISABLE_ECC
         case CKK_EC:
             pubKeyAttr = CKA_EC_POINT;
             break;
+#endif /* NSS_DISABLE_ECC */
         case CKK_DSA:
         case CKK_DH:
             break;
@@ -421,6 +425,7 @@ lg_createPublicKeyObject(SDB *sdb, CK_KEY_TYPE key_type,
     if (crv != CKR_OK)
         return crv;
 
+#ifndef NSS_DISABLE_ECC
     if (key_type == CKK_EC) {
         SECStatus rv;
         /*
@@ -443,6 +448,7 @@ lg_createPublicKeyObject(SDB *sdb, CK_KEY_TYPE key_type,
             pubKey = &pubKey2Space;
         }
     }
+#endif /* NSS_DISABLE_ECC */
 
     PORT_Assert(pubKey->data);
     if (pubKey->data == NULL) {
@@ -463,12 +469,14 @@ lg_createPublicKeyObject(SDB *sdb, CK_KEY_TYPE key_type,
     /* make sure the associated private key already exists */
     /* only works if we are logged in */
     priv = nsslowkey_FindKeyByPublicKey(keyHandle, pubKey, sdb /*password*/);
+#ifndef NSS_DISABLE_ECC
     if (priv == NULL && pubKey == &pubKey2Space) {
         /* no match on the decoded key, match the original pubkey */
         pubKey = &pubKeySpace;
         priv = nsslowkey_FindKeyByPublicKey(keyHandle, pubKey,
                                             sdb /*password*/);
     }
+#endif
     if (priv == NULL) {
         /* the legacy database can only 'store' public keys which already
          * have their corresponding private keys in the database */
@@ -482,9 +490,10 @@ lg_createPublicKeyObject(SDB *sdb, CK_KEY_TYPE key_type,
 
 done:
     PORT_Free(pubKeySpace.data);
-    if (arena) {
+#ifndef NSS_DISABLE_ECC
+    if (arena)
         PORT_FreeArena(arena, PR_FALSE);
-    }
+#endif
 
     return crv;
 }
@@ -604,6 +613,7 @@ lg_mkPrivKey(SDB *sdb, const CK_ATTRIBUTE *templ, CK_ULONG count,
             }
             break;
 
+#ifndef NSS_DISABLE_ECC
         case CKK_EC:
             privKey->keyType = NSSLOWKEYECKey;
             crv = lg_Attribute2SSecItem(arena, CKA_EC_PARAMS, templ, count,
@@ -636,6 +646,7 @@ lg_mkPrivKey(SDB *sdb, const CK_ATTRIBUTE *templ, CK_ULONG count,
             if (rv != SECSuccess)
                 crv = CKR_HOST_MEMORY;
             break;
+#endif /* NSS_DISABLE_ECC */
 
         default:
             crv = CKR_KEY_TYPE_INCONSISTENT;
diff --git a/security/nss/lib/softoken/legacydb/lgfips.c b/security/nss/lib/softoken/legacydb/lgfips.c
index b991dcf8e..b017424db 100644
--- a/security/nss/lib/softoken/legacydb/lgfips.c
+++ b/security/nss/lib/softoken/legacydb/lgfips.c
@@ -6,8 +6,6 @@
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 /* $Id: fipstest.c,v 1.31 2012/06/28 17:55:06 rrelyea%redhat.com Exp $ */
 
-#ifndef NSS_FIPS_DISABLED
-
 #include "seccomon.h"
 #include "lgdb.h"
 #include "blapi.h"
@@ -115,5 +113,3 @@ lg_FIPSEntryOK()
 #endif
     return lg_self_tests_success;
 }
-
-#endif /* NSS_FIPS_DISABLED */
diff --git a/security/nss/lib/softoken/legacydb/lginit.c b/security/nss/lib/softoken/legacydb/lginit.c
index 4f0b53f52..6913eea50 100644
--- a/security/nss/lib/softoken/legacydb/lginit.c
+++ b/security/nss/lib/softoken/legacydb/lginit.c
@@ -586,15 +586,11 @@ legacy_Open(const char *configdir, const char *certPrefix,
 #define NSS_VERSION_VARIABLE __nss_dbm_version
 #include "verref.h"
 
-#ifndef NSS_FIPS_DISABLED
     if (flags & SDB_FIPS) {
-        /* We shouldn't get here when FIPS is not enabled on the database. But
-         * we also don't care when this NSS build doesn't support FIPS. */
         if (!lg_FIPSEntryOK()) {
             return CKR_DEVICE_ERROR;
         }
     }
-#endif
 
     rv = SECOID_Init();
     if (SECSuccess != rv) {
diff --git a/security/nss/lib/softoken/legacydb/lowcert.c b/security/nss/lib/softoken/legacydb/lowcert.c
index 5a349f0aa..2906120ee 100644
--- a/security/nss/lib/softoken/legacydb/lowcert.c
+++ b/security/nss/lib/softoken/legacydb/lowcert.c
@@ -823,6 +823,7 @@ nsslowcert_ExtractPublicKey(NSSLOWCERTCertificate *cert)
             if (rv == SECSuccess)
                 return pubk;
             break;
+#ifndef NSS_DISABLE_ECC
         case SEC_OID_ANSIX962_EC_PUBLIC_KEY:
             pubk->keyType = NSSLOWKEYECKey;
             /* Since PKCS#11 directly takes the DER encoding of EC params
@@ -844,6 +845,7 @@ nsslowcert_ExtractPublicKey(NSSLOWCERTCertificate *cert)
             if (rv == SECSuccess)
                 return pubk;
             break;
+#endif /* NSS_DISABLE_ECC */
         default:
             rv = SECFailure;
             break;
diff --git a/security/nss/lib/softoken/legacydb/lowkey.c b/security/nss/lib/softoken/legacydb/lowkey.c
index a9b7cce3d..7de4197a1 100644
--- a/security/nss/lib/softoken/legacydb/lowkey.c
+++ b/security/nss/lib/softoken/legacydb/lowkey.c
@@ -99,6 +99,8 @@ const SEC_ASN1Template lg_nsslowkey_DHPrivateKeyTemplate[] = {
     { 0 }
 };
 
+#ifndef NSS_DISABLE_ECC
+
 /* NOTE: The SECG specification allows the private key structure
  * to contain curve parameters but recommends that they be stored
  * in the PrivateKeyAlgorithmIdentifier field of the PrivateKeyInfo
@@ -191,6 +193,7 @@ LGEC_CopyParams(PLArenaPool *arena, ECParams *dstParams,
 loser:
     return SECFailure;
 }
+#endif /* NSS_DISABLE_ECC */
 /*
  * See bugzilla bug 125359
  * Since NSS (via PKCS#11) wants to handle big integers as unsigned ints,
@@ -240,6 +243,7 @@ lg_prepare_low_dh_priv_key_for_asn1(NSSLOWKEYPrivateKey *key)
     key->u.dh.privateValue.type = siUnsignedInteger;
 }
 
+#ifndef NSS_DISABLE_ECC
 void
 lg_prepare_low_ecparams_for_asn1(ECParams *params)
 {
@@ -256,6 +260,7 @@ lg_prepare_low_ec_priv_key_for_asn1(NSSLOWKEYPrivateKey *key)
     key->u.ec.privateValue.type = siUnsignedInteger;
     key->u.ec.publicValue.type = siUnsignedInteger;
 }
+#endif /* NSS_DISABLE_ECC */
 
 void
 lg_nsslowkey_DestroyPrivateKey(NSSLOWKEYPrivateKey *privk)
@@ -357,6 +362,7 @@ lg_nsslowkey_ConvertToPublicKey(NSSLOWKEYPrivateKey *privk)
                     return pubk;
             }
             break;
+#ifndef NSS_DISABLE_ECC
         case NSSLOWKEYECKey:
             pubk = (NSSLOWKEYPublicKey *)PORT_ArenaZAlloc(arena,
                                                           sizeof(NSSLOWKEYPublicKey));
@@ -377,6 +383,7 @@ lg_nsslowkey_ConvertToPublicKey(NSSLOWKEYPrivateKey *privk)
                     return pubk;
             }
             break;
+#endif /* NSS_DISABLE_ECC */
         /* No Fortezza in Low Key implementations (Fortezza keys aren't
          * stored in our data base */
         default:
diff --git a/security/nss/lib/softoken/legacydb/lowkeyi.h b/security/nss/lib/softoken/legacydb/lowkeyi.h
index 4a5bcfa91..5136b56a5 100644
--- a/security/nss/lib/softoken/legacydb/lowkeyi.h
+++ b/security/nss/lib/softoken/legacydb/lowkeyi.h
@@ -26,8 +26,10 @@ extern void lg_prepare_low_rsa_priv_key_for_asn1(NSSLOWKEYPrivateKey *key);
 extern void lg_prepare_low_pqg_params_for_asn1(PQGParams *params);
 extern void lg_prepare_low_dsa_priv_key_for_asn1(NSSLOWKEYPrivateKey *key);
 extern void lg_prepare_low_dh_priv_key_for_asn1(NSSLOWKEYPrivateKey *key);
+#ifndef NSS_DISABLE_ECC
 extern void lg_prepare_low_ec_priv_key_for_asn1(NSSLOWKEYPrivateKey *key);
 extern void lg_prepare_low_ecparams_for_asn1(ECParams *params);
+#endif /* NSS_DISABLE_ECC */
 
 typedef char *(*NSSLOWKEYDBNameFunc)(void *arg, int dbVersion);
 
@@ -132,6 +134,7 @@ extern char *
 nsslowkey_FindKeyNicknameByPublicKey(NSSLOWKEYDBHandle *handle,
                                      SECItem *modulus, SDB *sdb);
 
+#ifndef NSS_DISABLE_ECC
 /*
  * smaller version of EC_FillParams. In this code, we only need
  * oid and DER data.
@@ -142,7 +145,7 @@ SECStatus LGEC_FillParams(PLArenaPool *arena, const SECItem *encodedParams,
 /* Copy all of the fields from srcParams into dstParams */
 SECStatus LGEC_CopyParams(PLArenaPool *arena, ECParams *dstParams,
                           const ECParams *srcParams);
-
+#endif
 SEC_END_PROTOS
 
 #endif /* _LOWKEYI_H_ */
diff --git a/security/nss/lib/softoken/legacydb/lowkeyti.h b/security/nss/lib/softoken/legacydb/lowkeyti.h
index 2fd5d4e29..ef92689e0 100644
--- a/security/nss/lib/softoken/legacydb/lowkeyti.h
+++ b/security/nss/lib/softoken/legacydb/lowkeyti.h
@@ -42,8 +42,10 @@ extern const SEC_ASN1Template lg_nsslowkey_RSAPrivateKeyTemplate2[];
 extern const SEC_ASN1Template lg_nsslowkey_DSAPrivateKeyTemplate[];
 extern const SEC_ASN1Template lg_nsslowkey_DHPrivateKeyTemplate[];
 extern const SEC_ASN1Template lg_nsslowkey_DHPrivateKeyExportTemplate[];
+#ifndef NSS_DISABLE_ECC
 #define NSSLOWKEY_EC_PRIVATE_KEY_VERSION 1 /* as per SECG 1 C.4 */
 extern const SEC_ASN1Template lg_nsslowkey_ECPrivateKeyTemplate[];
+#endif /* NSS_DISABLE_ECC */
 
 extern const SEC_ASN1Template lg_nsslowkey_PrivateKeyInfoTemplate[];
 extern const SEC_ASN1Template nsslowkey_EncryptedPrivateKeyInfoTemplate[];
diff --git a/security/nss/lib/softoken/legacydb/pcertdb.c b/security/nss/lib/softoken/legacydb/pcertdb.c
index 2e8b650ee..f1444bf04 100644
--- a/security/nss/lib/softoken/legacydb/pcertdb.c
+++ b/security/nss/lib/softoken/legacydb/pcertdb.c
@@ -1854,8 +1854,6 @@ DecodeDBSMimeEntry(certDBEntrySMime *entry, SECItem *dbentry, char *emailAddr)
                     &dbentry->data[DB_SMIME_ENTRY_HEADER_LEN +
                                    entry->subjectName.len],
                     entry->smimeOptions.len);
-    } else {
-        entry->smimeOptions.data = NULL;
     }
     if (entry->optionsDate.len) {
         entry->optionsDate.data =
@@ -1870,8 +1868,6 @@ DecodeDBSMimeEntry(certDBEntrySMime *entry, SECItem *dbentry, char *emailAddr)
                                    entry->subjectName.len +
                                    entry->smimeOptions.len],
                     entry->optionsDate.len);
-    } else {
-        entry->optionsDate.data = NULL;
     }
 
     /* both options and options date must either exist or not exist */
@@ -2018,7 +2014,7 @@ nsslowcert_ReadDBSMimeEntry(NSSLOWCERTCertDBHandle *handle, char *emailAddr)
 {
     PLArenaPool *arena = NULL;
     PLArenaPool *tmparena = NULL;
-    certDBEntrySMime *entry = NULL;
+    certDBEntrySMime *entry;
     SECItem dbkey;
     SECItem dbentry;
     SECStatus rv;
@@ -2035,8 +2031,8 @@ nsslowcert_ReadDBSMimeEntry(NSSLOWCERTCertDBHandle *handle, char *emailAddr)
         goto loser;
     }
 
-    entry = (certDBEntrySMime *)PORT_ArenaZAlloc(arena,
-                                                 sizeof(certDBEntrySMime));
+    entry = (certDBEntrySMime *)PORT_ArenaAlloc(arena,
+                                                sizeof(certDBEntrySMime));
     if (entry == NULL) {
         PORT_SetError(SEC_ERROR_NO_MEMORY);
         goto loser;
diff --git a/security/nss/lib/softoken/lowkey.c b/security/nss/lib/softoken/lowkey.c
index 295d55f40..73b1dc971 100644
--- a/security/nss/lib/softoken/lowkey.c
+++ b/security/nss/lib/softoken/lowkey.c
@@ -8,7 +8,10 @@
 #include "base64.h"
 #include "secasn1.h"
 #include "secerr.h"
+
+#ifndef NSS_DISABLE_ECC
 #include "softoken.h"
+#endif
 
 SEC_ASN1_MKSUB(SEC_AnyTemplate)
 SEC_ASN1_MKSUB(SEC_BitStringTemplate)
@@ -87,6 +90,8 @@ const SEC_ASN1Template nsslowkey_DHPrivateKeyTemplate[] = {
     { 0 }
 };
 
+#ifndef NSS_DISABLE_ECC
+
 /* NOTE: The SECG specification allows the private key structure
  * to contain curve parameters but recommends that they be stored
  * in the PrivateKeyAlgorithmIdentifier field of the PrivateKeyInfo
@@ -112,6 +117,7 @@ const SEC_ASN1Template nsslowkey_ECPrivateKeyTemplate[] = {
       SEC_ASN1_SUB(SEC_BitStringTemplate) },
     { 0 }
 };
+#endif /* NSS_DISABLE_ECC */
 /*
  * See bugzilla bug 125359
  * Since NSS (via PKCS#11) wants to handle big integers as unsigned ints,
@@ -167,6 +173,7 @@ prepare_low_dh_priv_key_for_asn1(NSSLOWKEYPrivateKey *key)
     key->u.dh.privateValue.type = siUnsignedInteger;
 }
 
+#ifndef NSS_DISABLE_ECC
 void
 prepare_low_ecparams_for_asn1(ECParams *params)
 {
@@ -183,6 +190,7 @@ prepare_low_ec_priv_key_for_asn1(NSSLOWKEYPrivateKey *key)
     key->u.ec.privateValue.type = siUnsignedInteger;
     key->u.ec.publicValue.type = siUnsignedInteger;
 }
+#endif /* NSS_DISABLE_ECC */
 
 void
 nsslowkey_DestroyPrivateKey(NSSLOWKEYPrivateKey *privk)
@@ -317,6 +325,7 @@ nsslowkey_ConvertToPublicKey(NSSLOWKEYPrivateKey *privk)
                     return pubk;
             }
             break;
+#ifndef NSS_DISABLE_ECC
         case NSSLOWKEYECKey:
             pubk = (NSSLOWKEYPublicKey *)PORT_ArenaZAlloc(arena,
                                                           sizeof(NSSLOWKEYPublicKey));
@@ -337,6 +346,7 @@ nsslowkey_ConvertToPublicKey(NSSLOWKEYPrivateKey *privk)
                     return pubk;
             }
             break;
+#endif /* NSS_DISABLE_ECC */
         /* No Fortezza in Low Key implementations (Fortezza keys aren't
          * stored in our data base */
         default:
@@ -453,6 +463,7 @@ nsslowkey_CopyPrivateKey(NSSLOWKEYPrivateKey *privKey)
             if (rv != SECSuccess)
                 break;
             break;
+#ifndef NSS_DISABLE_ECC
         case NSSLOWKEYECKey:
             rv = SECITEM_CopyItem(poolp, &(returnKey->u.ec.version),
                                   &(privKey->u.ec.version));
@@ -473,6 +484,7 @@ nsslowkey_CopyPrivateKey(NSSLOWKEYPrivateKey *privKey)
             if (rv != SECSuccess)
                 break;
             break;
+#endif /* NSS_DISABLE_ECC */
         default:
             rv = SECFailure;
     }
diff --git a/security/nss/lib/softoken/lowkeyi.h b/security/nss/lib/softoken/lowkeyi.h
index f9ba3a75f..a5878c2f6 100644
--- a/security/nss/lib/softoken/lowkeyi.h
+++ b/security/nss/lib/softoken/lowkeyi.h
@@ -25,8 +25,10 @@ extern void prepare_low_pqg_params_for_asn1(PQGParams *params);
 extern void prepare_low_dsa_priv_key_for_asn1(NSSLOWKEYPrivateKey *key);
 extern void prepare_low_dsa_priv_key_export_for_asn1(NSSLOWKEYPrivateKey *key);
 extern void prepare_low_dh_priv_key_for_asn1(NSSLOWKEYPrivateKey *key);
+#ifndef NSS_DISABLE_ECC
 extern void prepare_low_ec_priv_key_for_asn1(NSSLOWKEYPrivateKey *key);
 extern void prepare_low_ecparams_for_asn1(ECParams *params);
+#endif /* NSS_DISABLE_ECC */
 
 /*
 ** Destroy a private key object.
diff --git a/security/nss/lib/softoken/lowkeyti.h b/security/nss/lib/softoken/lowkeyti.h
index c048b33e7..2ef16405f 100644
--- a/security/nss/lib/softoken/lowkeyti.h
+++ b/security/nss/lib/softoken/lowkeyti.h
@@ -20,8 +20,10 @@ extern const SEC_ASN1Template nsslowkey_DSAPrivateKeyTemplate[];
 extern const SEC_ASN1Template nsslowkey_DSAPrivateKeyExportTemplate[];
 extern const SEC_ASN1Template nsslowkey_DHPrivateKeyTemplate[];
 extern const SEC_ASN1Template nsslowkey_DHPrivateKeyExportTemplate[];
+#ifndef NSS_DISABLE_ECC
 #define NSSLOWKEY_EC_PRIVATE_KEY_VERSION 1 /* as per SECG 1 C.4 */
 extern const SEC_ASN1Template nsslowkey_ECPrivateKeyTemplate[];
+#endif /* NSS_DISABLE_ECC */
 
 extern const SEC_ASN1Template nsslowkey_PrivateKeyInfoTemplate[];
 extern const SEC_ASN1Template nsslowkey_EncryptedPrivateKeyInfoTemplate[];
diff --git a/security/nss/lib/softoken/pkcs11.c b/security/nss/lib/softoken/pkcs11.c
index 77882a274..a594fd501 100644
--- a/security/nss/lib/softoken/pkcs11.c
+++ b/security/nss/lib/softoken/pkcs11.c
@@ -282,11 +282,13 @@ static const struct mechanismList mechanisms[] = {
     /* no diffie hellman yet */
     { CKM_DH_PKCS_KEY_PAIR_GEN, { DH_MIN_P_BITS, DH_MAX_P_BITS, CKF_GENERATE_KEY_PAIR }, PR_TRUE },
     { CKM_DH_PKCS_DERIVE, { DH_MIN_P_BITS, DH_MAX_P_BITS, CKF_DERIVE }, PR_TRUE },
+#ifndef NSS_DISABLE_ECC
     /* -------------------- Elliptic Curve Operations --------------------- */
     { CKM_EC_KEY_PAIR_GEN, { EC_MIN_KEY_BITS, EC_MAX_KEY_BITS, CKF_GENERATE_KEY_PAIR | CKF_EC_BPNU }, PR_TRUE },
     { CKM_ECDH1_DERIVE, { EC_MIN_KEY_BITS, EC_MAX_KEY_BITS, CKF_DERIVE | CKF_EC_BPNU }, PR_TRUE },
     { CKM_ECDSA, { EC_MIN_KEY_BITS, EC_MAX_KEY_BITS, CKF_SN_VR | CKF_EC_BPNU }, PR_TRUE },
     { CKM_ECDSA_SHA1, { EC_MIN_KEY_BITS, EC_MAX_KEY_BITS, CKF_SN_VR | CKF_EC_BPNU }, PR_TRUE },
+#endif /* NSS_DISABLE_ECC */
     /* ------------------------- RC2 Operations --------------------------- */
     { CKM_RC2_KEY_GEN, { 1, 128, CKF_GENERATE }, PR_TRUE },
     { CKM_RC2_ECB, { 1, 128, CKF_EN_DE_WR_UN }, PR_TRUE },
@@ -421,20 +423,11 @@ static const struct mechanismList mechanisms[] = {
 #endif
     /* --------------------- Secret Key Operations ------------------------ */
     { CKM_GENERIC_SECRET_KEY_GEN, { 1, 32, CKF_GENERATE }, PR_TRUE },
-    { CKM_CONCATENATE_BASE_AND_KEY, { 1, 32, CKF_DERIVE }, PR_FALSE },
-    { CKM_CONCATENATE_BASE_AND_DATA, { 1, 32, CKF_DERIVE }, PR_FALSE },
-    { CKM_CONCATENATE_DATA_AND_BASE, { 1, 32, CKF_DERIVE }, PR_FALSE },
-    { CKM_XOR_BASE_AND_DATA, { 1, 32, CKF_DERIVE }, PR_FALSE },
+    { CKM_CONCATENATE_BASE_AND_KEY, { 1, 32, CKF_GENERATE }, PR_FALSE },
+    { CKM_CONCATENATE_BASE_AND_DATA, { 1, 32, CKF_GENERATE }, PR_FALSE },
+    { CKM_CONCATENATE_DATA_AND_BASE, { 1, 32, CKF_GENERATE }, PR_FALSE },
+    { CKM_XOR_BASE_AND_DATA, { 1, 32, CKF_GENERATE }, PR_FALSE },
     { CKM_EXTRACT_KEY_FROM_KEY, { 1, 32, CKF_DERIVE }, PR_FALSE },
-    { CKM_DES3_ECB_ENCRYPT_DATA, { 1, 32, CKF_DERIVE }, PR_FALSE },
-    { CKM_DES3_CBC_ENCRYPT_DATA, { 1, 32, CKF_DERIVE }, PR_FALSE },
-    { CKM_AES_ECB_ENCRYPT_DATA, { 1, 32, CKF_DERIVE }, PR_FALSE },
-    { CKM_AES_CBC_ENCRYPT_DATA, { 1, 32, CKF_DERIVE }, PR_FALSE },
-    { CKM_CAMELLIA_ECB_ENCRYPT_DATA, { 1, 32, CKF_DERIVE }, PR_FALSE },
-    { CKM_CAMELLIA_CBC_ENCRYPT_DATA, { 1, 32, CKF_DERIVE }, PR_FALSE },
-    { CKM_SEED_ECB_ENCRYPT_DATA, { 1, 32, CKF_DERIVE }, PR_FALSE },
-    { CKM_SEED_CBC_ENCRYPT_DATA, { 1, 32, CKF_DERIVE }, PR_FALSE },
-
     /* ---------------------- SSL Key Derivations ------------------------- */
     { CKM_SSL3_PRE_MASTER_KEY_GEN, { 48, 48, CKF_GENERATE }, PR_FALSE },
     { CKM_SSL3_MASTER_KEY_DERIVE, { 48, 48, CKF_DERIVE }, PR_FALSE },
@@ -938,6 +931,7 @@ sftk_handlePublicKeyObject(SFTKSession *session, SFTKObject *object,
             recover = CK_FALSE;
             wrap = CK_FALSE;
             break;
+#ifndef NSS_DISABLE_ECC
         case CKK_EC:
             if (!sftk_hasAttribute(object, CKA_EC_PARAMS)) {
                 return CKR_TEMPLATE_INCOMPLETE;
@@ -951,6 +945,7 @@ sftk_handlePublicKeyObject(SFTKSession *session, SFTKObject *object,
             recover = CK_FALSE;
             wrap = CK_FALSE;
             break;
+#endif /* NSS_DISABLE_ECC */
         default:
             return CKR_ATTRIBUTE_VALUE_INVALID;
     }
@@ -1119,6 +1114,7 @@ sftk_handlePrivateKeyObject(SFTKSession *session, SFTKObject *object, CK_KEY_TYP
             recover = CK_FALSE;
             wrap = CK_FALSE;
             break;
+#ifndef NSS_DISABLE_ECC
         case CKK_EC:
             if (!sftk_hasAttribute(object, CKA_EC_PARAMS)) {
                 return CKR_TEMPLATE_INCOMPLETE;
@@ -1131,6 +1127,7 @@ sftk_handlePrivateKeyObject(SFTKSession *session, SFTKObject *object, CK_KEY_TYP
             recover = CK_FALSE;
             wrap = CK_FALSE;
             break;
+#endif /* NSS_DISABLE_ECC */
         case CKK_NSS_JPAKE_ROUND1:
             if (!sftk_hasAttribute(object, CKA_PRIME) ||
                 !sftk_hasAttribute(object, CKA_SUBPRIME) ||
@@ -1781,6 +1778,7 @@ sftk_GetPubKey(SFTKObject *object, CK_KEY_TYPE key_type,
             crv = sftk_Attribute2SSecItem(arena, &pubKey->u.dh.publicValue,
                                           object, CKA_VALUE);
             break;
+#ifndef NSS_DISABLE_ECC
         case CKK_EC:
             pubKey->keyType = NSSLOWKEYECKey;
             crv = sftk_Attribute2SSecItem(arena,
@@ -1839,6 +1837,7 @@ sftk_GetPubKey(SFTKObject *object, CK_KEY_TYPE key_type,
                 crv = CKR_ATTRIBUTE_VALUE_INVALID;
             }
             break;
+#endif /* NSS_DISABLE_ECC */
         default:
             crv = CKR_KEY_TYPE_INCONSISTENT;
             break;
@@ -1948,6 +1947,7 @@ sftk_mkPrivKey(SFTKObject *object, CK_KEY_TYPE key_type, CK_RV *crvp)
              * if we don't set it explicitly */
             break;
 
+#ifndef NSS_DISABLE_ECC
         case CKK_EC:
             privKey->keyType = NSSLOWKEYECKey;
             crv = sftk_Attribute2SSecItem(arena,
@@ -1992,6 +1992,7 @@ sftk_mkPrivKey(SFTKObject *object, CK_KEY_TYPE key_type, CK_RV *crvp)
 #endif
             }
             break;
+#endif /* NSS_DISABLE_ECC */
 
         default:
             crv = CKR_KEY_TYPE_INCONSISTENT;
@@ -2364,22 +2365,17 @@ sftk_SlotFromID(CK_SLOT_ID slotID, PRBool all)
     return slot;
 }
 
-CK_SLOT_ID
-sftk_SlotIDFromSessionHandle(CK_SESSION_HANDLE handle)
+SFTKSlot *
+sftk_SlotFromSessionHandle(CK_SESSION_HANDLE handle)
 {
     CK_ULONG slotIDIndex = (handle >> 24) & 0x7f;
     CK_ULONG moduleIndex = (handle >> 31) & 1;
 
     if (slotIDIndex >= nscSlotCount[moduleIndex]) {
-        return (CK_SLOT_ID)-1;
+        return NULL;
     }
-    return nscSlotList[moduleIndex][slotIDIndex];
-}
 
-SFTKSlot *
-sftk_SlotFromSessionHandle(CK_SESSION_HANDLE handle)
-{
-    return sftk_SlotFromID(sftk_SlotIDFromSessionHandle(handle), PR_FALSE);
+    return sftk_SlotFromID(nscSlotList[moduleIndex][slotIDIndex], PR_FALSE);
 }
 
 static CK_RV
@@ -3309,15 +3305,6 @@ NSC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo)
         }
     }
 
-    /* If there is no key database, this is for example the case when NSS was
-     * initialized with NSS_NoDbInit(), then there won't be any point in
-     * requesting a PIN. Set the CKF_USER_PIN_INITIALIZED bit so that
-     * PK11_NeedUserInit() doesn't indicate that a PIN is needed.
-     */
-    if (slot->keyDB == NULL) {
-        pInfo->flags |= CKF_USER_PIN_INITIALIZED;
-    }
-
     /* ok we really should read it out of the keydb file. */
     /* pInfo->hardwareVersion.major = NSSLOWKEY_DB_FILE_VERSION; */
     pInfo->hardwareVersion.major = SOFTOKEN_VMAJOR;
@@ -3579,6 +3566,7 @@ NSC_InitToken(CK_SLOT_ID slotID, CK_CHAR_PTR pPin,
 {
     SFTKSlot *slot = sftk_SlotFromID(slotID, PR_FALSE);
     SFTKDBHandle *handle;
+    SFTKDBHandle *certHandle;
     SECStatus rv;
     unsigned int i;
     SFTKObject *object;
@@ -3626,16 +3614,19 @@ NSC_InitToken(CK_SLOT_ID slotID, CK_CHAR_PTR pPin,
     }
 
     rv = sftkdb_ResetKeyDB(handle);
-    /* clear the password */
-    sftkdb_ClearPassword(handle);
-    /* update slot->needLogin (should be true now since no password is set) */
-    sftk_checkNeedLogin(slot, handle);
     sftk_freeDB(handle);
     if (rv != SECSuccess) {
         return CKR_DEVICE_ERROR;
     }
 
-    return CKR_OK;
+    /* finally  mark all the user certs as non-user certs */
+    certHandle = sftk_getCertDB(slot);
+    if (certHandle == NULL)
+        return CKR_OK;
+
+    sftk_freeDB(certHandle);
+
+    return CKR_OK; /*is this the right function for not implemented*/
 }
 
 /* NSC_InitPIN initializes the normal user's PIN. */
@@ -3801,10 +3792,7 @@ NSC_SetPIN(CK_SESSION_HANDLE hSession, CK_CHAR_PTR pOldPin,
 
     /* Now update our local copy of the pin */
     if (rv == SECSuccess) {
-        PZ_Lock(slot->slotLock);
         slot->needLogin = (PRBool)(ulNewLen != 0);
-        slot->isLoggedIn = (PRBool)(sftkdb_PWCached(handle) == SECSuccess);
-        PZ_Unlock(slot->slotLock);
         /* Reset login flags. */
         if (ulNewLen == 0) {
             PRBool tokenRemoved = PR_FALSE;
diff --git a/security/nss/lib/softoken/pkcs11c.c b/security/nss/lib/softoken/pkcs11c.c
index d675d7331..0234aa431 100644
--- a/security/nss/lib/softoken/pkcs11c.c
+++ b/security/nss/lib/softoken/pkcs11c.c
@@ -65,6 +65,7 @@ sftk_Null(void *data, PRBool freeit)
     return;
 }
 
+#ifndef NSS_DISABLE_ECC
 #ifdef EC_DEBUG
 #define SEC_PRINT(str1, str2, num, sitem)             \
     printf("pkcs11c.c:%s:%s (keytype=%d) [len=%d]\n", \
@@ -77,6 +78,7 @@ sftk_Null(void *data, PRBool freeit)
 #undef EC_DEBUG
 #define SEC_PRINT(a, b, c, d)
 #endif
+#endif /* NSS_DISABLE_ECC */
 
 /*
  * free routines.... Free local type  allocated data, and convert
@@ -122,6 +124,7 @@ sftk_MapCryptError(int error)
             return CKR_KEY_SIZE_RANGE; /* the closest error code */
         case SEC_ERROR_UNSUPPORTED_EC_POINT_FORM:
             return CKR_TEMPLATE_INCONSISTENT;
+        /* EC functions set this error if NSS_DISABLE_ECC is defined */
         case SEC_ERROR_UNSUPPORTED_KEYALG:
             return CKR_MECHANISM_INVALID;
         case SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE:
@@ -1524,7 +1527,8 @@ NSC_DecryptUpdate(CK_SESSION_HANDLE hSession,
             maxout -= padoutlen;
         }
         /* now save the final block for the next decrypt or the final */
-        PORT_Memcpy(context->padBuf, &pEncryptedPart[ulEncryptedPartLen - context->blockSize],
+        PORT_Memcpy(context->padBuf, &pEncryptedPart[ulEncryptedPartLen -
+                                                     context->blockSize],
                     context->blockSize);
         context->padDataLength = context->blockSize;
         ulEncryptedPartLen -= context->padDataLength;
@@ -2413,6 +2417,7 @@ nsc_DSA_Sign_Stub(void *ctx, void *sigBuf,
     return rv;
 }
 
+#ifndef NSS_DISABLE_ECC
 static SECStatus
 nsc_ECDSAVerifyStub(void *ctx, void *sigBuf, unsigned int sigLen,
                     void *dataBuf, unsigned int dataLen)
@@ -2447,6 +2452,7 @@ nsc_ECDSASignStub(void *ctx, void *sigBuf,
     *sigLen = signature.len;
     return rv;
 }
+#endif /* NSS_DISABLE_ECC */
 
 /* NSC_SignInit setups up the signing operations. There are three basic
  * types of signing:
@@ -2606,6 +2612,7 @@ NSC_SignInit(CK_SESSION_HANDLE hSession,
 
             break;
 
+#ifndef NSS_DISABLE_ECC
         case CKM_ECDSA_SHA1:
             context->multi = PR_TRUE;
             crv = sftk_doSubSHA1(context);
@@ -2628,6 +2635,7 @@ NSC_SignInit(CK_SESSION_HANDLE hSession,
             context->maxLen = MAX_ECKEY_LEN * 2;
 
             break;
+#endif /* NSS_DISABLE_ECC */
 
 #define INIT_HMAC_MECH(mmm)                                               \
     case CKM_##mmm##_HMAC_GENERAL:                                        \
@@ -3295,6 +3303,7 @@ NSC_VerifyInit(CK_SESSION_HANDLE hSession,
             context->verify = (SFTKVerify)nsc_DSA_Verify_Stub;
             context->destroy = sftk_Null;
             break;
+#ifndef NSS_DISABLE_ECC
         case CKM_ECDSA_SHA1:
             context->multi = PR_TRUE;
             crv = sftk_doSubSHA1(context);
@@ -3315,6 +3324,7 @@ NSC_VerifyInit(CK_SESSION_HANDLE hSession,
             context->verify = (SFTKVerify)nsc_ECDSAVerifyStub;
             context->destroy = sftk_Null;
             break;
+#endif /* NSS_DISABLE_ECC */
 
             INIT_HMAC_MECH(MD2)
             INIT_HMAC_MECH(MD5)
@@ -4614,10 +4624,12 @@ sftk_PairwiseConsistencyCheck(CK_SESSION_HANDLE hSession,
                 pairwise_digest_length = subPrimeLen;
                 mech.mechanism = CKM_DSA;
                 break;
+#ifndef NSS_DISABLE_ECC
             case CKK_EC:
                 signature_length = MAX_ECKEY_LEN * 2;
                 mech.mechanism = CKM_ECDSA;
                 break;
+#endif
             default:
                 return CKR_DEVICE_ERROR;
         }
@@ -4734,10 +4746,12 @@ NSC_GenerateKeyPair(CK_SESSION_HANDLE hSession,
     /* Diffie Hellman */
     DHPrivateKey *dhPriv;
 
+#ifndef NSS_DISABLE_ECC
     /* Elliptic Curve Cryptography */
     SECItem ecEncodedParams; /* DER Encoded parameters */
     ECPrivateKey *ecPriv;
     ECParams *ecParams;
+#endif /* NSS_DISABLE_ECC */
 
     CHECK_FORK();
 
@@ -5083,6 +5097,7 @@ NSC_GenerateKeyPair(CK_SESSION_HANDLE hSession,
             PORT_FreeArena(dhPriv->arena, PR_TRUE);
             break;
 
+#ifndef NSS_DISABLE_ECC
         case CKM_EC_KEY_PAIR_GEN:
             sftk_DeleteAttributeType(privateKey, CKA_EC_PARAMS);
             sftk_DeleteAttributeType(privateKey, CKA_VALUE);
@@ -5151,6 +5166,7 @@ NSC_GenerateKeyPair(CK_SESSION_HANDLE hSession,
             /* should zeroize, since this function doesn't. */
             PORT_FreeArena(ecPriv->ecParams.arena, PR_TRUE);
             break;
+#endif /* NSS_DISABLE_ECC */
 
         default:
             crv = CKR_MECHANISM_INVALID;
@@ -5280,10 +5296,12 @@ sftk_PackagePrivateKey(SFTKObject *key, CK_RV *crvp)
     void *dummy, *param = NULL;
     SECStatus rv = SECSuccess;
     SECItem *encodedKey = NULL;
+#ifndef NSS_DISABLE_ECC
 #ifdef EC_DEBUG
     SECItem *fordebug;
 #endif
     int savelen;
+#endif
 
     if (!key) {
         *crvp = CKR_KEY_HANDLE_INVALID; /* really can't happen */
@@ -5335,6 +5353,7 @@ sftk_PackagePrivateKey(SFTKObject *key, CK_RV *crvp)
                                        nsslowkey_PQGParamsTemplate);
             algorithm = SEC_OID_ANSIX9_DSA_SIGNATURE;
             break;
+#ifndef NSS_DISABLE_ECC
         case NSSLOWKEYECKey:
             prepare_low_ec_priv_key_for_asn1(lk);
             /* Public value is encoded as a bit string so adjust length
@@ -5363,6 +5382,7 @@ sftk_PackagePrivateKey(SFTKObject *key, CK_RV *crvp)
 
             algorithm = SEC_OID_ANSIX962_EC_PUBLIC_KEY;
             break;
+#endif /* NSS_DISABLE_ECC */
         case NSSLOWKEYDHKey:
         default:
             dummy = NULL;
@@ -5621,7 +5641,8 @@ sftk_unwrapPrivateKey(SFTKObject *key, SECItem *bpki)
             prepare_low_dsa_priv_key_export_for_asn1(lpk);
             prepare_low_pqg_params_for_asn1(&lpk->u.dsa.params);
             break;
-        /* case NSSLOWKEYDHKey: */
+/* case NSSLOWKEYDHKey: */
+#ifndef NSS_DISABLE_ECC
         case SEC_OID_ANSIX962_EC_PUBLIC_KEY:
             keyTemplate = nsslowkey_ECPrivateKeyTemplate;
             paramTemplate = NULL;
@@ -5630,6 +5651,7 @@ sftk_unwrapPrivateKey(SFTKObject *key, SECItem *bpki)
             prepare_low_ec_priv_key_for_asn1(lpk);
             prepare_low_ecparams_for_asn1(&lpk->u.ec.ecParams);
             break;
+#endif /* NSS_DISABLE_ECC */
         default:
             keyTemplate = NULL;
             paramTemplate = NULL;
@@ -5644,6 +5666,7 @@ sftk_unwrapPrivateKey(SFTKObject *key, SECItem *bpki)
     /* decode the private key and any algorithm parameters */
     rv = SEC_QuickDERDecodeItem(arena, lpk, keyTemplate, &pki->privateKey);
 
+#ifndef NSS_DISABLE_ECC
     if (lpk->keyType == NSSLOWKEYECKey) {
         /* convert length in bits to length in bytes */
         lpk->u.ec.publicValue.len >>= 3;
@@ -5654,6 +5677,7 @@ sftk_unwrapPrivateKey(SFTKObject *key, SECItem *bpki)
             goto loser;
         }
     }
+#endif /* NSS_DISABLE_ECC */
 
     if (rv != SECSuccess) {
         goto loser;
@@ -5766,7 +5790,8 @@ sftk_unwrapPrivateKey(SFTKObject *key, SECItem *bpki)
             keyType = CKK_DH;
             break;
 #endif
-        /* what about fortezza??? */
+/* what about fortezza??? */
+#ifndef NSS_DISABLE_ECC
         case NSSLOWKEYECKey:
             keyType = CKK_EC;
             crv = (sftk_hasAttribute(key, CKA_NETSCAPE_DB)) ? CKR_OK : CKR_KEY_TYPE_INCONSISTENT;
@@ -5798,6 +5823,7 @@ sftk_unwrapPrivateKey(SFTKObject *key, SECItem *bpki)
                 break;
             /* XXX Do we need to decode the EC Params here ?? */
             break;
+#endif /* NSS_DISABLE_ECC */
         default:
             crv = CKR_KEY_TYPE_INCONSISTENT;
             break;
@@ -6127,6 +6153,7 @@ sftk_MapKeySize(CK_KEY_TYPE keyType)
     return 0;
 }
 
+#ifndef NSS_DISABLE_ECC
 /* Inputs:
  *  key_len: Length of derived key to be generated.
  *  SharedSecret: a shared secret that is the output of a key agreement primitive.
@@ -6239,43 +6266,7 @@ sftk_ANSI_X9_63_kdf(CK_BYTE **key, CK_ULONG key_len,
     else
         return CKR_MECHANISM_INVALID;
 }
-
-/*
- *  Handle the derive from a block encryption cipher
- */
-CK_RV
-sftk_DeriveEncrypt(SFTKCipher encrypt, void *cipherInfo,
-                   int blockSize, SFTKObject *key, CK_ULONG keySize,
-                   unsigned char *data, CK_ULONG len)
-{
-    /* large enough for a 512-bit key */
-    unsigned char tmpdata[SFTK_MAX_DERIVE_KEY_SIZE];
-    SECStatus rv;
-    unsigned int outLen;
-    CK_RV crv;
-
-    if ((len % blockSize) != 0) {
-        return CKR_MECHANISM_PARAM_INVALID;
-    }
-    if (len > SFTK_MAX_DERIVE_KEY_SIZE) {
-        return CKR_MECHANISM_PARAM_INVALID;
-    }
-    if (keySize && (len < keySize)) {
-        return CKR_MECHANISM_PARAM_INVALID;
-    }
-    if (keySize == 0) {
-        keySize = len;
-    }
-
-    rv = (*encrypt)(cipherInfo, &tmpdata, &outLen, len, data, len);
-    if (rv != SECSuccess) {
-        crv = sftk_MapCryptError(PORT_GetError());
-        return crv;
-    }
-
-    crv = sftk_forceAttribute(key, CKA_VALUE, tmpdata, keySize);
-    return crv;
-}
+#endif /* NSS_DISABLE_ECC */
 
 /*
  * SSL Key generation given pre master secret
@@ -6935,172 +6926,6 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession,
             break;
         }
 
-        case CKM_DES3_ECB_ENCRYPT_DATA:
-        case CKM_DES3_CBC_ENCRYPT_DATA: {
-            void *cipherInfo;
-            unsigned char des3key[MAX_DES3_KEY_SIZE];
-            CK_DES_CBC_ENCRYPT_DATA_PARAMS *desEncryptPtr;
-            int mode;
-            unsigned char *iv;
-            unsigned char *data;
-            CK_ULONG len;
-
-            if (mechanism == CKM_DES3_ECB_ENCRYPT_DATA) {
-                stringPtr = (CK_KEY_DERIVATION_STRING_DATA *)
-                                pMechanism->pParameter;
-                mode = NSS_DES_EDE3;
-                iv = NULL;
-                data = stringPtr->pData;
-                len = stringPtr->ulLen;
-            } else {
-                mode = NSS_DES_EDE3_CBC;
-                desEncryptPtr =
-                    (CK_DES_CBC_ENCRYPT_DATA_PARAMS *)
-                        pMechanism->pParameter;
-                iv = desEncryptPtr->iv;
-                data = desEncryptPtr->pData;
-                len = desEncryptPtr->length;
-            }
-            if (att->attrib.ulValueLen == 16) {
-                PORT_Memcpy(des3key, att->attrib.pValue, 16);
-                PORT_Memcpy(des3key + 16, des3key, 8);
-            } else if (att->attrib.ulValueLen == 24) {
-                PORT_Memcpy(des3key, att->attrib.pValue, 24);
-            } else {
-                crv = CKR_KEY_SIZE_RANGE;
-                break;
-            }
-            cipherInfo = DES_CreateContext(des3key, iv, mode, PR_TRUE);
-            PORT_Memset(des3key, 0, 24);
-            if (cipherInfo == NULL) {
-                crv = CKR_HOST_MEMORY;
-                break;
-            }
-            crv = sftk_DeriveEncrypt((SFTKCipher)DES_Encrypt,
-                                     cipherInfo, 8, key, keySize,
-                                     data, len);
-            DES_DestroyContext(cipherInfo, PR_TRUE);
-            break;
-        }
-
-        case CKM_AES_ECB_ENCRYPT_DATA:
-        case CKM_AES_CBC_ENCRYPT_DATA: {
-            void *cipherInfo;
-            CK_AES_CBC_ENCRYPT_DATA_PARAMS *aesEncryptPtr;
-            int mode;
-            unsigned char *iv;
-            unsigned char *data;
-            CK_ULONG len;
-
-            if (mechanism == CKM_AES_ECB_ENCRYPT_DATA) {
-                mode = NSS_AES;
-                iv = NULL;
-                stringPtr = (CK_KEY_DERIVATION_STRING_DATA *)pMechanism->pParameter;
-                data = stringPtr->pData;
-                len = stringPtr->ulLen;
-            } else {
-                aesEncryptPtr =
-                    (CK_AES_CBC_ENCRYPT_DATA_PARAMS *)pMechanism->pParameter;
-                mode = NSS_AES_CBC;
-                iv = aesEncryptPtr->iv;
-                data = aesEncryptPtr->pData;
-                len = aesEncryptPtr->length;
-            }
-
-            cipherInfo = AES_CreateContext((unsigned char *)att->attrib.pValue,
-                                           iv, mode, PR_TRUE,
-                                           att->attrib.ulValueLen, 16);
-            if (cipherInfo == NULL) {
-                crv = CKR_HOST_MEMORY;
-                break;
-            }
-            crv = sftk_DeriveEncrypt((SFTKCipher)AES_Encrypt,
-                                     cipherInfo, 16, key, keySize,
-                                     data, len);
-            AES_DestroyContext(cipherInfo, PR_TRUE);
-            break;
-        }
-
-        case CKM_CAMELLIA_ECB_ENCRYPT_DATA:
-        case CKM_CAMELLIA_CBC_ENCRYPT_DATA: {
-            void *cipherInfo;
-            CK_AES_CBC_ENCRYPT_DATA_PARAMS *aesEncryptPtr;
-            int mode;
-            unsigned char *iv;
-            unsigned char *data;
-            CK_ULONG len;
-
-            if (mechanism == CKM_CAMELLIA_ECB_ENCRYPT_DATA) {
-                stringPtr = (CK_KEY_DERIVATION_STRING_DATA *)
-                                pMechanism->pParameter;
-                aesEncryptPtr = NULL;
-                mode = NSS_CAMELLIA;
-                data = stringPtr->pData;
-                len = stringPtr->ulLen;
-                iv = NULL;
-            } else {
-                stringPtr = NULL;
-                aesEncryptPtr = (CK_AES_CBC_ENCRYPT_DATA_PARAMS *)
-                                    pMechanism->pParameter;
-                mode = NSS_CAMELLIA_CBC;
-                iv = aesEncryptPtr->iv;
-                data = aesEncryptPtr->pData;
-                len = aesEncryptPtr->length;
-            }
-
-            cipherInfo = Camellia_CreateContext((unsigned char *)att->attrib.pValue,
-                                                iv, mode, PR_TRUE,
-                                                att->attrib.ulValueLen);
-            if (cipherInfo == NULL) {
-                crv = CKR_HOST_MEMORY;
-                break;
-            }
-            crv = sftk_DeriveEncrypt((SFTKCipher)Camellia_Encrypt,
-                                     cipherInfo, 16, key, keySize,
-                                     data, len);
-            Camellia_DestroyContext(cipherInfo, PR_TRUE);
-            break;
-        }
-
-        case CKM_SEED_ECB_ENCRYPT_DATA:
-        case CKM_SEED_CBC_ENCRYPT_DATA: {
-            void *cipherInfo;
-            CK_AES_CBC_ENCRYPT_DATA_PARAMS *aesEncryptPtr;
-            int mode;
-            unsigned char *iv;
-            unsigned char *data;
-            CK_ULONG len;
-
-            if (mechanism == CKM_SEED_ECB_ENCRYPT_DATA) {
-                mode = NSS_SEED;
-                stringPtr = (CK_KEY_DERIVATION_STRING_DATA *)
-                                pMechanism->pParameter;
-                aesEncryptPtr = NULL;
-                data = stringPtr->pData;
-                len = stringPtr->ulLen;
-                iv = NULL;
-            } else {
-                mode = NSS_SEED_CBC;
-                aesEncryptPtr = (CK_AES_CBC_ENCRYPT_DATA_PARAMS *)
-                                    pMechanism->pParameter;
-                iv = aesEncryptPtr->iv;
-                data = aesEncryptPtr->pData;
-                len = aesEncryptPtr->length;
-            }
-
-            cipherInfo = SEED_CreateContext((unsigned char *)att->attrib.pValue,
-                                            iv, mode, PR_TRUE);
-            if (cipherInfo == NULL) {
-                crv = CKR_HOST_MEMORY;
-                break;
-            }
-            crv = sftk_DeriveEncrypt((SFTKCipher)SEED_Encrypt,
-                                     cipherInfo, 16, key, keySize,
-                                     data, len);
-            SEED_DestroyContext(cipherInfo, PR_TRUE);
-            break;
-        }
-
         case CKM_CONCATENATE_BASE_AND_KEY: {
             SFTKObject *newKey;
 
@@ -7417,6 +7242,7 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession,
             break;
         }
 
+#ifndef NSS_DISABLE_ECC
         case CKM_ECDH1_DERIVE:
         case CKM_ECDH1_COFACTOR_DERIVE: {
             SECItem ecScalar, ecPoint;
@@ -7556,6 +7382,7 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession,
             }
             break;
         }
+#endif /* NSS_DISABLE_ECC */
 
         /* See RFC 5869 and CK_NSS_HKDFParams for documentation. */
         case CKM_NSS_HKDF_SHA1:
diff --git a/security/nss/lib/softoken/pkcs11i.h b/security/nss/lib/softoken/pkcs11i.h
index 7e57dc5e5..c5f21c30a 100644
--- a/security/nss/lib/softoken/pkcs11i.h
+++ b/security/nss/lib/softoken/pkcs11i.h
@@ -667,7 +667,6 @@ extern CK_RV sftk_handleObject(SFTKObject *object, SFTKSession *session);
 
 extern SFTKSlot *sftk_SlotFromID(CK_SLOT_ID slotID, PRBool all);
 extern SFTKSlot *sftk_SlotFromSessionHandle(CK_SESSION_HANDLE handle);
-extern CK_SLOT_ID sftk_SlotIDFromSessionHandle(CK_SESSION_HANDLE handle);
 extern SFTKSession *sftk_SessionFromHandle(CK_SESSION_HANDLE handle);
 extern void sftk_FreeSession(SFTKSession *session);
 extern SFTKSession *sftk_NewSession(CK_SLOT_ID slotID, CK_NOTIFY notify,
diff --git a/security/nss/lib/softoken/pkcs11u.c b/security/nss/lib/softoken/pkcs11u.c
index 27e411759..c51211b6c 100644
--- a/security/nss/lib/softoken/pkcs11u.c
+++ b/security/nss/lib/softoken/pkcs11u.c
@@ -1261,11 +1261,13 @@ static const CK_ATTRIBUTE_TYPE dhPubKeyAttrs[] = {
 };
 static const CK_ULONG dhPubKeyAttrsCount =
     sizeof(dhPubKeyAttrs) / sizeof(dhPubKeyAttrs[0]);
+#ifndef NSS_DISABLE_ECC
 static const CK_ATTRIBUTE_TYPE ecPubKeyAttrs[] = {
     CKA_EC_PARAMS, CKA_EC_POINT
 };
 static const CK_ULONG ecPubKeyAttrsCount =
     sizeof(ecPubKeyAttrs) / sizeof(ecPubKeyAttrs[0]);
+#endif
 
 static const CK_ATTRIBUTE_TYPE commonPrivKeyAttrs[] = {
     CKA_DECRYPT, CKA_SIGN, CKA_SIGN_RECOVER, CKA_UNWRAP, CKA_SUBJECT,
@@ -1292,11 +1294,13 @@ static const CK_ATTRIBUTE_TYPE dhPrivKeyAttrs[] = {
 };
 static const CK_ULONG dhPrivKeyAttrsCount =
     sizeof(dhPrivKeyAttrs) / sizeof(dhPrivKeyAttrs[0]);
+#ifndef NSS_DISABLE_ECC
 static const CK_ATTRIBUTE_TYPE ecPrivKeyAttrs[] = {
     CKA_EC_PARAMS, CKA_VALUE
 };
 static const CK_ULONG ecPrivKeyAttrsCount =
     sizeof(ecPrivKeyAttrs) / sizeof(ecPrivKeyAttrs[0]);
+#endif
 
 static const CK_ATTRIBUTE_TYPE certAttrs[] = {
     CKA_CERTIFICATE_TYPE, CKA_VALUE, CKA_SUBJECT, CKA_ISSUER, CKA_SERIAL_NUMBER
@@ -1401,10 +1405,12 @@ stfk_CopyTokenPrivateKey(SFTKObject *destObject, SFTKTokenObject *src_to)
             crv = stfk_CopyTokenAttributes(destObject, src_to, dhPrivKeyAttrs,
                                            dhPrivKeyAttrsCount);
             break;
+#ifndef NSS_DISABLE_ECC
         case CKK_EC:
             crv = stfk_CopyTokenAttributes(destObject, src_to, ecPrivKeyAttrs,
                                            ecPrivKeyAttrsCount);
             break;
+#endif
         default:
             crv = CKR_DEVICE_ERROR; /* shouldn't happen unless we store more types
                                      * of token keys into our database. */
@@ -1461,10 +1467,12 @@ stfk_CopyTokenPublicKey(SFTKObject *destObject, SFTKTokenObject *src_to)
             crv = stfk_CopyTokenAttributes(destObject, src_to, dhPubKeyAttrs,
                                            dhPubKeyAttrsCount);
             break;
+#ifndef NSS_DISABLE_ECC
         case CKK_EC:
             crv = stfk_CopyTokenAttributes(destObject, src_to, ecPubKeyAttrs,
                                            ecPubKeyAttrsCount);
             break;
+#endif
         default:
             crv = CKR_DEVICE_ERROR; /* shouldn't happen unless we store more types
                                      * of token keys into our database. */
diff --git a/security/nss/lib/softoken/sdb.c b/security/nss/lib/softoken/sdb.c
index 96717cb26..8690df34c 100644
--- a/security/nss/lib/softoken/sdb.c
+++ b/security/nss/lib/softoken/sdb.c
@@ -37,7 +37,6 @@
 #elif defined(XP_UNIX)
 #include <unistd.h>
 #endif
-#include "utilpars.h"
 
 #ifdef SQLITE_UNSAFE_THREADS
 #include "prlock.h"
@@ -191,34 +190,6 @@ sdb_done(int err, int *count)
     return 0;
 }
 
-#if defined(_WIN32)
-/*
- * NSPR functions and narrow CRT functions do not handle UTF-8 file paths that
- * sqlite3 expects.
- */
-
-static int
-sdb_chmod(const char *filename, int pmode)
-{
-    int result;
-
-    if (!filename) {
-        return -1;
-    }
-
-    wchar_t *filenameWide = _NSSUTIL_UTF8ToWide(filename);
-    if (!filenameWide) {
-        return -1;
-    }
-    result = _wchmod(filenameWide, pmode);
-    PORT_Free(filenameWide);
-
-    return result;
-}
-#else
-#define sdb_chmod(filename, pmode) chmod((filename), (pmode))
-#endif
-
 /*
  * find out where sqlite stores the temp tables. We do this by replicating
  * the logic from sqlite.
@@ -1629,7 +1600,7 @@ loser:
     return error;
 }
 
-static const char RESET_CMD[] = "DELETE FROM %s;";
+static const char RESET_CMD[] = "DROP TABLE IF EXISTS %s;";
 CK_RV
 sdb_Reset(SDB *sdb)
 {
@@ -1650,19 +1621,17 @@ sdb_Reset(SDB *sdb)
         goto loser;
     }
 
-    if (tableExists(sqlDB, sdb_p->table)) {
-        /* delete the contents of the key table */
-        newStr = sqlite3_mprintf(RESET_CMD, sdb_p->table);
-        if (newStr == NULL) {
-            error = CKR_HOST_MEMORY;
-            goto loser;
-        }
-        sqlerr = sqlite3_exec(sqlDB, newStr, NULL, 0, NULL);
-        sqlite3_free(newStr);
-
-        if (sqlerr != SQLITE_OK)
-            goto loser;
+    /* delete the key table */
+    newStr = sqlite3_mprintf(RESET_CMD, sdb_p->table);
+    if (newStr == NULL) {
+        error = CKR_HOST_MEMORY;
+        goto loser;
     }
+    sqlerr = sqlite3_exec(sqlDB, newStr, NULL, 0, NULL);
+    sqlite3_free(newStr);
+
+    if (sqlerr != SQLITE_OK)
+        goto loser;
 
     /* delete the password entry table */
     sqlerr = sqlite3_exec(sqlDB, "DROP TABLE IF EXISTS metaData;",
@@ -1768,7 +1737,7 @@ sdb_init(char *dbname, char *table, sdbDataType type, int *inUpdate,
      * sqlite3 will always create it.
      */
     LOCK_SQLITE();
-    create = (_NSSUTIL_Access(dbname, PR_ACCESS_EXISTS) != PR_SUCCESS);
+    create = (PR_Access(dbname, PR_ACCESS_EXISTS) != PR_SUCCESS);
     if ((flags == SDB_RDONLY) && create) {
         error = sdb_mapSQLError(type, SQLITE_CANTOPEN);
         goto loser;
@@ -1785,7 +1754,7 @@ sdb_init(char *dbname, char *table, sdbDataType type, int *inUpdate,
      *
      * NO NSPR call for chmod? :(
      */
-    if (create && sdb_chmod(dbname, 0600) != 0) {
+    if (create && chmod(dbname, 0600) != 0) {
         error = sdb_mapSQLError(type, SQLITE_CANTOPEN);
         goto loser;
     }
@@ -1897,29 +1866,30 @@ sdb_init(char *dbname, char *table, sdbDataType type, int *inUpdate,
      * so we use it for the cache (see sdb_buildCache for how it's done).*/
 
     /*
-     * we decide whether or not to use the cache based on the following input.
-     *
-     * NSS_SDB_USE_CACHE environment variable is set to anything other than
-     *   "yes" or "no" (for instance, "auto"): NSS will measure the performance
-     *   of access to the temp database versus the access to the user's
-     *   passed-in database location. If the temp database location is
-     *   "significantly" faster we will use the cache.
-     *
-     * NSS_SDB_USE_CACHE environment variable is nonexistent or set to "no":
-     *   cache will not be used.
-     *
-     * NSS_SDB_USE_CACHE environment variable is set to "yes": cache will
-     *   always be used.
-     *
-     * It is expected that most applications will not need this feature, and
-     * thus it is disabled by default.
-     */
+      * we decide whether or not to use the cache based on the following input.
+      *
+      * NSS_SDB_USE_CACHE environment variable is non-existant or set to
+      *   anything other than "no" or "yes" ("auto", for instance).
+      *   This is the normal case. NSS will measure the performance of access
+      *   to the temp database versus the access to the users passed in
+      *   database location. If the temp database location is "significantly"
+      *   faster we will use the cache.
+      *
+      * NSS_SDB_USE_CACHE environment variable is set to "no": cache will not
+      *   be used.
+      *
+      * NSS_SDB_USE_CACHE environment variable is set to "yes": cache will
+      *   always be used.
+      *
+      * It is expected that most applications would use the "auto" selection,
+      * the environment variable is primarily to simplify testing, and to
+      * correct potential corner cases where  */
 
     env = PR_GetEnvSecure("NSS_SDB_USE_CACHE");
 
-    if (!env || PORT_Strcasecmp(env, "no") == 0) {
+    if (env && PORT_Strcasecmp(env, "no") == 0) {
         enableCache = PR_FALSE;
-    } else if (PORT_Strcasecmp(env, "yes") == 0) {
+    } else if (env && PORT_Strcasecmp(env, "yes") == 0) {
         enableCache = PR_TRUE;
     } else {
         char *tempDir = NULL;
@@ -2065,11 +2035,10 @@ s_open(const char *directory, const char *certPrefix, const char *keyPrefix,
     {
         char *env;
         env = PR_GetEnvSecure("NSS_SDB_USE_CACHE");
-        /* If the environment variable is undefined or set to yes or no,
-         * sdb_init() will ignore the value of accessOps, and we can skip the
-         * measuring.*/
-        if (env && PORT_Strcasecmp(env, "no") != 0 &&
-            PORT_Strcasecmp(env, "yes") != 0) {
+        /* If the environment variable is set to yes or no, sdb_init() will
+         * ignore the value of accessOps, and we can skip the measuring.*/
+        if (!env || ((PORT_Strcasecmp(env, "no") != 0) &&
+                     (PORT_Strcasecmp(env, "yes") != 0))) {
             accessOps = sdb_measureAccess(directory);
         }
     }
diff --git a/security/nss/lib/softoken/sdb.h b/security/nss/lib/softoken/sdb.h
index 8ff254bf7..04b873e02 100644
--- a/security/nss/lib/softoken/sdb.h
+++ b/security/nss/lib/softoken/sdb.h
@@ -83,10 +83,6 @@ CK_RV s_open(const char *directory, const char *certPrefix,
              int flags, SDB **certdb, SDB **keydb, int *newInit);
 CK_RV s_shutdown();
 
-#if defined(_WIN32)
-wchar_t *sdb_UTF8ToWide(const char *buf);
-#endif
-
 /* flags */
 #define SDB_RDONLY 1
 #define SDB_RDWR 2
diff --git a/security/nss/lib/softoken/sftkdb.c b/security/nss/lib/softoken/sftkdb.c
index 2ae084068..52e516117 100644
--- a/security/nss/lib/softoken/sftkdb.c
+++ b/security/nss/lib/softoken/sftkdb.c
@@ -28,9 +28,6 @@
 #include "utilpars.h"
 #include "secerr.h"
 #include "softoken.h"
-#if defined(_WIN32)
-#include <windows.h>
-#endif
 
 /*
  * We want all databases to have the same binary representation independent of
@@ -43,7 +40,7 @@
  */
 #define BBP 8
 
-PRBool
+static PRBool
 sftkdb_isULONGAttribute(CK_ATTRIBUTE_TYPE type)
 {
     switch (type) {
@@ -1373,8 +1370,7 @@ sftkdb_SetAttributeValue(SFTKDBHandle *handle, SFTKObject *object,
     }
 
     /* make sure we don't have attributes that conflict with the existing DB */
-    crv = sftkdb_checkConflicts(db, object->objclass, ntemplate, count,
-                                objectID);
+    crv = sftkdb_checkConflicts(db, object->objclass, template, count, objectID);
     if (crv != CKR_OK) {
         goto loser;
     }
@@ -1390,8 +1386,8 @@ sftkdb_SetAttributeValue(SFTKDBHandle *handle, SFTKObject *object,
         goto loser;
     }
     inTransaction = PR_TRUE;
-    crv = sftkdb_setAttributeValue(arena, handle, db, objectID, ntemplate,
-                                   count);
+    crv = sftkdb_setAttributeValue(arena, handle, db,
+                                   objectID, template, count);
     if (crv != CKR_OK) {
         goto loser;
     }
@@ -2315,13 +2311,6 @@ loser:
         crv = (*handle->update->sdb_GetMetaData)(handle->update, "password",
                                                  &item1, &item2);
         if (crv != CKR_OK) {
-            /* if we get here, neither the source, nor the target has been initialized
-             * with a password entry. Create a metadata table now so that we don't
-             * mistake this for a partially updated database */
-            item1.data[0] = 0;
-            item2.data[0] = 0;
-            item1.len = item2.len = 1;
-            crv = (*handle->db->sdb_PutMetaData)(handle->db, "empty", &item1, &item2);
             goto done;
         }
         crv = (*handle->db->sdb_PutMetaData)(handle->db, "password", &item1,
@@ -2512,53 +2501,6 @@ sftk_oldVersionExists(const char *dir, int version)
     return PR_FALSE;
 }
 
-#if defined(_WIN32)
-/*
- * Convert an sdb path (encoded in UTF-8) to a legacy path (encoded in the
- * current system codepage). Fails if the path contains a character outside
- * the current system codepage.
- */
-static char *
-sftk_legacyPathFromSDBPath(const char *confdir)
-{
-    wchar_t *confdirWide;
-    DWORD size;
-    char *nconfdir;
-    BOOL unmappable;
-
-    if (!confdir) {
-        return NULL;
-    }
-    confdirWide = _NSSUTIL_UTF8ToWide(confdir);
-    if (!confdirWide) {
-        return NULL;
-    }
-
-    size = WideCharToMultiByte(CP_ACP, WC_NO_BEST_FIT_CHARS, confdirWide, -1,
-                               NULL, 0, NULL, &unmappable);
-    if (size == 0 || unmappable) {
-        PORT_Free(confdirWide);
-        return NULL;
-    }
-    nconfdir = PORT_Alloc(sizeof(char) * size);
-    if (!nconfdir) {
-        PORT_Free(confdirWide);
-        return NULL;
-    }
-    size = WideCharToMultiByte(CP_ACP, WC_NO_BEST_FIT_CHARS, confdirWide, -1,
-                               nconfdir, size, NULL, &unmappable);
-    PORT_Free(confdirWide);
-    if (size == 0 || unmappable) {
-        PORT_Free(nconfdir);
-        return NULL;
-    }
-
-    return nconfdir;
-}
-#else
-#define sftk_legacyPathFromSDBPath(confdir) PORT_Strdup((confdir))
-#endif
-
 static PRBool
 sftk_hasLegacyDB(const char *confdir, const char *certPrefix,
                  const char *keyPrefix, int certVersion, int keyVersion)
@@ -2618,7 +2560,6 @@ sftk_DBInit(const char *configdir, const char *certPrefix,
     int flags = SDB_RDONLY;
     PRBool newInit = PR_FALSE;
     PRBool needUpdate = PR_FALSE;
-    char *nconfdir = NULL;
 
     if (!readOnly) {
         flags = SDB_CREATE;
@@ -2657,14 +2598,11 @@ sftk_DBInit(const char *configdir, const char *certPrefix,
              * the exists.
              */
             if (crv != CKR_OK) {
-                if ((flags & SDB_RDONLY) == SDB_RDONLY) {
-                    nconfdir = sftk_legacyPathFromSDBPath(confdir);
-                }
-                if (nconfdir &&
-                    sftk_hasLegacyDB(nconfdir, certPrefix, keyPrefix, 8, 3)) {
+                if (((flags & SDB_RDONLY) == SDB_RDONLY) &&
+                    sftk_hasLegacyDB(confdir, certPrefix, keyPrefix, 8, 3)) {
                     /* we have legacy databases, if we failed to open the new format
                      * DB's read only, just use the legacy ones */
-                    crv = sftkdbCall_open(nconfdir, certPrefix,
+                    crv = sftkdbCall_open(confdir, certPrefix,
                                           keyPrefix, 8, 3, flags,
                                           noCertDB ? NULL : &certSDB, noKeyDB ? NULL : &keySDB);
                 }
@@ -2693,10 +2631,7 @@ sftk_DBInit(const char *configdir, const char *certPrefix,
                 /* if the new format DB was also a newly created DB, and we
                  * succeeded, then need to update that new database with data
                  * from the existing legacy DB */
-                nconfdir = sftk_legacyPathFromSDBPath(confdir);
-                if (nconfdir &&
-                    sftk_hasLegacyDB(nconfdir, certPrefix, keyPrefix, 8, 3)) {
-                    confdir = nconfdir;
+                if (sftk_hasLegacyDB(confdir, certPrefix, keyPrefix, 8, 3)) {
                     needUpdate = PR_TRUE;
                 }
             }
@@ -2769,9 +2704,6 @@ done:
     if (appName) {
         PORT_Free(appName);
     }
-    if (nconfdir) {
-        PORT_Free(nconfdir);
-    }
     return forceOpen ? CKR_OK : crv;
 }
 
diff --git a/security/nss/lib/softoken/sftkdbti.h b/security/nss/lib/softoken/sftkdbti.h
index 7b1db4560..4942e1b12 100644
--- a/security/nss/lib/softoken/sftkdbti.h
+++ b/security/nss/lib/softoken/sftkdbti.h
@@ -49,7 +49,6 @@ SECStatus sftkdb_VerifyAttribute(SECItem *passKey,
                                  CK_ATTRIBUTE_TYPE attrType,
                                  SECItem *plainText, SECItem *sigText);
 
-PRBool sftkdb_isULONGAttribute(CK_ATTRIBUTE_TYPE type);
 void sftk_ULong2SDBULong(unsigned char *data, CK_ULONG value);
 CK_RV sftkdb_Update(SFTKDBHandle *handle, SECItem *key);
 CK_RV sftkdb_PutAttributeSignature(SFTKDBHandle *handle,
diff --git a/security/nss/lib/softoken/sftkpwd.c b/security/nss/lib/softoken/sftkpwd.c
index 07b6922dc..0b8c91bfd 100644
--- a/security/nss/lib/softoken/sftkpwd.c
+++ b/security/nss/lib/softoken/sftkpwd.c
@@ -273,7 +273,7 @@ sftkdb_EncryptAttribute(PLArenaPool *arena, SECItem *passKey,
     RNG_GenerateGlobalRandomBytes(saltData, cipherValue.salt.len);
 
     param = nsspkcs5_NewParam(cipherValue.alg, HASH_AlgSHA1, &cipherValue.salt,
-                              30000);
+                              1);
     if (param == NULL) {
         rv = SECFailure;
         goto loser;
@@ -444,7 +444,7 @@ sftkdb_SignAttribute(PLArenaPool *arena, SECItem *passKey,
     RNG_GenerateGlobalRandomBytes(saltData, prfLength);
 
     /* initialize our pkcs5 parameter */
-    param = nsspkcs5_NewParam(signValue.alg, HASH_AlgSHA1, &signValue.salt, 30000);
+    param = nsspkcs5_NewParam(signValue.alg, HASH_AlgSHA1, &signValue.salt, 1);
     if (param == NULL) {
         rv = SECFailure;
         goto loser;
@@ -926,13 +926,6 @@ sftk_updateMacs(PLArenaPool *arena, SFTKDBHandle *handle,
             continue;
         }
 
-        if (authAttrs[i].ulValueLen == sizeof(CK_ULONG) &&
-            sftkdb_isULONGAttribute(authAttrs[i].type)) {
-            CK_ULONG value = *(CK_ULONG *)authAttrs[i].pValue;
-            sftk_ULong2SDBULong(authAttrs[i].pValue, value);
-            authAttrs[i].ulValueLen = SDB_ULONG_SIZE;
-        }
-
         plainText.data = authAttrs[i].pValue;
         plainText.len = authAttrs[i].ulValueLen;
         rv = sftkdb_SignAttribute(arena, newKey, id,
diff --git a/security/nss/lib/softoken/softkver.h b/security/nss/lib/softoken/softkver.h
index 9fd99a8e0..fb2e5bda5 100644
--- a/security/nss/lib/softoken/softkver.h
+++ b/security/nss/lib/softoken/softkver.h
@@ -8,7 +8,11 @@
 #ifndef _SOFTKVER_H_
 #define _SOFTKVER_H_
 
+#ifndef NSS_DISABLE_ECC
 #define SOFTOKEN_ECC_STRING " Basic ECC"
+#else
+#define SOFTOKEN_ECC_STRING ""
+#endif
 
 /*
  * Softoken's major version, minor version, patch level, build number,
@@ -17,10 +21,10 @@
  * The format of the version string should be
  *     "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
  */
-#define SOFTOKEN_VERSION "3.35" SOFTOKEN_ECC_STRING
+#define SOFTOKEN_VERSION "3.32.1" SOFTOKEN_ECC_STRING
 #define SOFTOKEN_VMAJOR 3
-#define SOFTOKEN_VMINOR 35
-#define SOFTOKEN_VPATCH 0
+#define SOFTOKEN_VMINOR 32
+#define SOFTOKEN_VPATCH 1
 #define SOFTOKEN_VBUILD 0
 #define SOFTOKEN_BETA PR_FALSE
 
diff --git a/security/nss/lib/softoken/softoknt.h b/security/nss/lib/softoken/softoknt.h
index 03c92361c..071689842 100644
--- a/security/nss/lib/softoken/softoknt.h
+++ b/security/nss/lib/softoken/softoknt.h
@@ -9,9 +9,6 @@
 #define _SOFTOKNT_H_
 
 #define NSS_SOFTOKEN_DEFAULT_CHUNKSIZE 2048
-#define DES_BLOCK_SIZE 8     /* bytes */
-#define MAX_DES3_KEY_SIZE 24 /* DES_BLOCK_SIZE * 3 */
-#define SFTK_MAX_DERIVE_KEY_SIZE 64
 
 /*
  * FIPS 140-2 auditing
diff --git a/security/nss/lib/ssl/SSLerrs.h b/security/nss/lib/ssl/SSLerrs.h
index c95fe661a..b73fb6bd0 100644
--- a/security/nss/lib/ssl/SSLerrs.h
+++ b/security/nss/lib/ssl/SSLerrs.h
@@ -473,7 +473,8 @@ ER3(SSL_ERROR_RX_MALFORMED_PRE_SHARED_KEY, (SSL_ERROR_BASE + 147),
 ER3(SSL_ERROR_RX_MALFORMED_EARLY_DATA, (SSL_ERROR_BASE + 148),
     "SSL received an invalid EarlyData extension.")
 
-UNUSED_ERROR(149)
+ER3(SSL_ERROR_END_OF_EARLY_DATA_ALERT, (SSL_ERROR_BASE + 149),
+    "SSL received an unexpected end of early data alert.")
 
 ER3(SSL_ERROR_MISSING_ALPN_EXTENSION, (SSL_ERROR_BASE + 150),
     "SSL didn't receive an expected ALPN extension.")
@@ -510,33 +511,3 @@ ER3(SSL_ERROR_DOWNGRADE_WITH_EARLY_DATA, (SSL_ERROR_BASE + 160),
 
 ER3(SSL_ERROR_TOO_MUCH_EARLY_DATA, (SSL_ERROR_BASE + 161),
     "SSL received more early data than permitted.")
-
-ER3(SSL_ERROR_RX_UNEXPECTED_END_OF_EARLY_DATA, (SSL_ERROR_BASE + 162),
-    "SSL received an unexpected End of Early Data message.")
-
-ER3(SSL_ERROR_RX_MALFORMED_END_OF_EARLY_DATA, (SSL_ERROR_BASE + 163),
-    "SSL received a malformed End of Early Data message.")
-
-ER3(SSL_ERROR_UNSUPPORTED_EXPERIMENTAL_API, (SSL_ERROR_BASE + 164),
-    "An experimental API was called, but not supported.")
-
-ER3(SSL_ERROR_APPLICATION_ABORT, (SSL_ERROR_BASE + 165),
-    "SSL handshake aborted by the application.")
-
-ER3(SSL_ERROR_APP_CALLBACK_ERROR, (SSL_ERROR_BASE + 166),
-    "An application callback produced an invalid response.")
-
-ER3(SSL_ERROR_NO_TIMERS_ERROR, (SSL_ERROR_BASE + 167),
-    "No timers are currently running.")
-
-ER3(SSL_ERROR_MISSING_COOKIE_EXTENSION, (SSL_ERROR_BASE + 168),
-    "A second ClientHello was received without a cookie extension.")
-
-ER3(SSL_ERROR_RX_UNEXPECTED_KEY_UPDATE, (SSL_ERROR_BASE + 169),
-    "SSL received an unexpected key update message.")
-
-ER3(SSL_ERROR_RX_MALFORMED_KEY_UPDATE, (SSL_ERROR_BASE + 170),
-    "SSL received a malformed key update message.")
-
-ER3(SSL_ERROR_TOO_MANY_KEY_UPDATES, (SSL_ERROR_BASE + 171),
-    "SSL attempted too many key updates.")
diff --git a/security/nss/lib/ssl/authcert.c b/security/nss/lib/ssl/authcert.c
index 2765c8342..88c7c084a 100644
--- a/security/nss/lib/ssl/authcert.c
+++ b/security/nss/lib/ssl/authcert.c
@@ -17,7 +17,6 @@
 #include "nss.h"
 #include "ssl.h"
 #include "pk11func.h" /* for PK11_ function calls */
-#include "sslimpl.h"
 
 /*
  * This callback used by SSL to pull client sertificate upon
@@ -64,7 +63,7 @@ NSS_GetClientAuthData(void *arg,
                 if (!cert)
                     continue;
                 /* Only check unexpired certs */
-                if (CERT_CheckCertValidTimes(cert, ssl_TimeUsec(), PR_TRUE) !=
+                if (CERT_CheckCertValidTimes(cert, PR_Now(), PR_TRUE) !=
                     secCertTimeValid) {
                     CERT_DestroyCertificate(cert);
                     continue;
diff --git a/security/nss/lib/ssl/config.mk b/security/nss/lib/ssl/config.mk
index d13613f78..c8b053cab 100644
--- a/security/nss/lib/ssl/config.mk
+++ b/security/nss/lib/ssl/config.mk
@@ -57,6 +57,11 @@ endif
 
 endif
 
+ifdef NSS_SSL_ENABLE_ZLIB
+DEFINES += -DNSS_SSL_ENABLE_ZLIB
+include $(CORE_DEPTH)/coreconf/zlib.mk
+endif
+
 ifdef NSS_DISABLE_TLS_1_3
 DEFINES += -DNSS_DISABLE_TLS_1_3
 endif
diff --git a/security/nss/lib/ssl/dtls13con.c b/security/nss/lib/ssl/dtls13con.c
deleted file mode 100644
index aba0f62ab..000000000
--- a/security/nss/lib/ssl/dtls13con.c
+++ /dev/null
@@ -1,457 +0,0 @@
-/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-/*
- * DTLS 1.3 Protocol
- */
-
-#include "ssl.h"
-#include "sslimpl.h"
-#include "sslproto.h"
-
-/* DTLS 1.3 Record map for ACK processing.
- * This represents a single fragment, so a record which includes
- * multiple fragments will have one entry for each fragment on the
- * sender. We use the same structure on the receiver for convenience
- * but the only value we actually use is |record|.
- */
-typedef struct DTLSHandshakeRecordEntryStr {
-    PRCList link;
-    PRUint16 messageSeq;      /* The handshake message sequence number. */
-    PRUint32 offset;          /* The offset into the handshake message. */
-    PRUint32 length;          /* The length of the fragment. */
-    sslSequenceNumber record; /* The record (includes epoch). */
-    PRBool acked;             /* Has this packet been acked. */
-} DTLSHandshakeRecordEntry;
-
-/* Combine the epoch and sequence number into a single value. */
-static inline sslSequenceNumber
-dtls_CombineSequenceNumber(DTLSEpoch epoch, sslSequenceNumber seqNum)
-{
-    PORT_Assert(seqNum <= RECORD_SEQ_MAX);
-    return ((sslSequenceNumber)epoch << 48) | seqNum;
-}
-
-SECStatus
-dtls13_RememberFragment(sslSocket *ss,
-                        PRCList *list,
-                        PRUint32 sequence,
-                        PRUint32 offset,
-                        PRUint32 length,
-                        DTLSEpoch epoch,
-                        sslSequenceNumber record)
-{
-    DTLSHandshakeRecordEntry *entry;
-
-    PORT_Assert(IS_DTLS(ss));
-    /* We should never send an empty fragment with offset > 0. */
-    PORT_Assert(length || !offset);
-
-    if (!tls13_MaybeTls13(ss)) {
-        return SECSuccess;
-    }
-
-    SSL_TRC(20, ("%d: SSL3[%d]: %s remembering %s record=%llx msg=%d offset=%d",
-                 SSL_GETPID(), ss->fd,
-                 SSL_ROLE(ss),
-                 list == &ss->ssl3.hs.dtlsSentHandshake ? "sent" : "received",
-                 dtls_CombineSequenceNumber(epoch, record), sequence, offset));
-
-    entry = PORT_ZAlloc(sizeof(DTLSHandshakeRecordEntry));
-    if (!entry) {
-        return SECFailure;
-    }
-
-    entry->messageSeq = sequence;
-    entry->offset = offset;
-    entry->length = length;
-    entry->record = dtls_CombineSequenceNumber(epoch, record);
-    entry->acked = PR_FALSE;
-
-    PR_APPEND_LINK(&entry->link, list);
-
-    return SECSuccess;
-}
-
-SECStatus
-dtls13_SendAck(sslSocket *ss)
-{
-    sslBuffer buf = SSL_BUFFER_EMPTY;
-    SECStatus rv = SECSuccess;
-    PRCList *cursor;
-    PRInt32 sent;
-
-    SSL_TRC(10, ("%d: SSL3[%d]: Sending ACK",
-                 SSL_GETPID(), ss->fd));
-
-    for (cursor = PR_LIST_HEAD(&ss->ssl3.hs.dtlsRcvdHandshake);
-         cursor != &ss->ssl3.hs.dtlsRcvdHandshake;
-         cursor = PR_NEXT_LINK(cursor)) {
-        DTLSHandshakeRecordEntry *entry = (DTLSHandshakeRecordEntry *)cursor;
-
-        SSL_TRC(10, ("%d: SSL3[%d]: ACK for record=%llx",
-                     SSL_GETPID(), ss->fd, entry->record));
-        rv = sslBuffer_AppendNumber(&buf, entry->record, 8);
-        if (rv != SECSuccess) {
-            goto loser;
-        }
-    }
-
-    ssl_GetXmitBufLock(ss);
-    sent = ssl3_SendRecord(ss, NULL, content_ack,
-                           buf.buf, buf.len, 0);
-    ssl_ReleaseXmitBufLock(ss);
-    if (sent != buf.len) {
-        rv = SECFailure;
-        if (sent != -1) {
-            PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-        }
-    }
-
-loser:
-    sslBuffer_Clear(&buf);
-    return rv;
-}
-
-void
-dtls13_SendAckCb(sslSocket *ss)
-{
-    if (!IS_DTLS(ss)) {
-        return;
-    }
-    (void)dtls13_SendAck(ss);
-}
-
-/* Zero length messages are very simple to check. */
-static PRBool
-dtls_IsEmptyMessageAcknowledged(sslSocket *ss, PRUint16 msgSeq, PRUint32 offset)
-{
-    PRCList *cursor;
-
-    for (cursor = PR_LIST_HEAD(&ss->ssl3.hs.dtlsSentHandshake);
-         cursor != &ss->ssl3.hs.dtlsSentHandshake;
-         cursor = PR_NEXT_LINK(cursor)) {
-        DTLSHandshakeRecordEntry *entry = (DTLSHandshakeRecordEntry *)cursor;
-        if (!entry->acked || msgSeq != entry->messageSeq) {
-            continue;
-        }
-        /* Empty fragments are always offset 0. */
-        if (entry->length == 0) {
-            PORT_Assert(!entry->offset);
-            return PR_TRUE;
-        }
-    }
-    return PR_FALSE;
-}
-
-/* Take a range starting at |*start| and that start forwards based on the
- * contents of the acknowedgement in |entry|. Only move if the acknowledged
- * range overlaps |*start|. Return PR_TRUE if it moves. */
-static PRBool
-dtls_MoveUnackedStartForward(DTLSHandshakeRecordEntry *entry, PRUint32 *start)
-{
-    /* This entry starts too late. */
-    if (*start < entry->offset) {
-        return PR_FALSE;
-    }
-    /* This entry ends too early. */
-    if (*start >= entry->offset + entry->length) {
-        return PR_FALSE;
-    }
-    *start = entry->offset + entry->length;
-    return PR_TRUE;
-}
-
-/* Take a range ending at |*end| and move that end backwards based on the
- * contents of the acknowedgement in |entry|. Only move if the acknowledged
- * range overlaps |*end|. Return PR_TRUE if it moves. */
-static PRBool
-dtls_MoveUnackedEndBackward(DTLSHandshakeRecordEntry *entry, PRUint32 *end)
-{
-    /* This entry ends too early. */
-    if (*end > entry->offset + entry->length) {
-        return PR_FALSE;
-    }
-    /* This entry starts too late. */
-    if (*end <= entry->offset) {
-        return PR_FALSE;
-    }
-    *end = entry->offset;
-    return PR_TRUE;
-}
-
-/* Get the next contiguous range of unacknowledged bytes from the handshake
- * message identified by |msgSeq|.  The search starts at the offset in |offset|.
- * |len| contains the full length of the message.
- *
- * Returns PR_TRUE if there is an unacknowledged range.  In this case, values at
- * |start| and |end| are modified to contain the range.
- *
- * Returns PR_FALSE if the message is entirely acknowledged from |offset|
- * onwards.
- */
-PRBool
-dtls_NextUnackedRange(sslSocket *ss, PRUint16 msgSeq, PRUint32 offset,
-                      PRUint32 len, PRUint32 *startOut, PRUint32 *endOut)
-{
-    PRCList *cur_p;
-    PRBool done = PR_FALSE;
-    DTLSHandshakeRecordEntry *entry;
-    PRUint32 start;
-    PRUint32 end;
-
-    PORT_Assert(IS_DTLS(ss));
-
-    *startOut = offset;
-    *endOut = len;
-    if (!tls13_MaybeTls13(ss)) {
-        return PR_TRUE;
-    }
-
-    /* The message is empty. Use a simple search. */
-    if (!len) {
-        PORT_Assert(!offset);
-        return !dtls_IsEmptyMessageAcknowledged(ss, msgSeq, offset);
-    }
-
-    /* This iterates multiple times over the acknowledgments and only terminates
-     * when an entire iteration happens without start or end moving.  If that
-     * happens without start and end crossing each other, then there is a range
-     * of unacknowledged data.  If they meet, then the message is fully
-     * acknowledged. */
-    start = offset;
-    end = len;
-    while (!done) {
-        done = PR_TRUE;
-        for (cur_p = PR_LIST_HEAD(&ss->ssl3.hs.dtlsSentHandshake);
-             cur_p != &ss->ssl3.hs.dtlsSentHandshake;
-             cur_p = PR_NEXT_LINK(cur_p)) {
-            entry = (DTLSHandshakeRecordEntry *)cur_p;
-            if (!entry->acked || msgSeq != entry->messageSeq) {
-                continue;
-            }
-
-            if (dtls_MoveUnackedStartForward(entry, &start) ||
-                dtls_MoveUnackedEndBackward(entry, &end)) {
-                if (start >= end) {
-                    /* The message is all acknowledged. */
-                    return PR_FALSE;
-                }
-                /* Start over again and keep going until we don't move either
-                 * start or end. */
-                done = PR_FALSE;
-                break;
-            }
-        }
-    }
-    PORT_Assert(start < end);
-
-    *startOut = start;
-    *endOut = end;
-    return PR_TRUE;
-}
-
-SECStatus
-dtls13_SetupAcks(sslSocket *ss)
-{
-    if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) {
-        return SECSuccess;
-    }
-
-    if (ss->ssl3.hs.endOfFlight) {
-        dtls_CancelTimer(ss, ss->ssl3.hs.ackTimer);
-
-        if (ss->ssl3.hs.ws == idle_handshake && ss->sec.isServer) {
-            SSL_TRC(10, ("%d: SSL3[%d]: dtls_HandleHandshake, sending ACK",
-                         SSL_GETPID(), ss->fd));
-            return dtls13_SendAck(ss);
-        }
-        return SECSuccess;
-    }
-
-    /* We need to send an ACK. */
-    if (!ss->ssl3.hs.ackTimer->cb) {
-        /* We're not armed, so arm. */
-        SSL_TRC(10, ("%d: SSL3[%d]: dtls_HandleHandshake, arming ack timer",
-                     SSL_GETPID(), ss->fd));
-        return dtls_StartTimer(ss, ss->ssl3.hs.ackTimer,
-                               DTLS_RETRANSMIT_INITIAL_MS / 4,
-                               dtls13_SendAckCb);
-    }
-    /* The ack timer is already armed, so just return. */
-    return SECSuccess;
-}
-
-/*
- * Special case processing for out-of-epoch records.
- * This can only handle ACKs for now and everything else generates
- * an error. In future, may also handle KeyUpdate.
- *
- * The error checking here is as follows:
- *
- * - If it's not encrypted, out of epoch stuff is just discarded.
- * - If it's encrypted, out of epoch stuff causes an error.
- */
-SECStatus
-dtls13_HandleOutOfEpochRecord(sslSocket *ss, const ssl3CipherSpec *spec,
-                              SSL3ContentType rType,
-                              sslBuffer *databuf)
-{
-    SECStatus rv;
-    sslBuffer buf = *databuf;
-
-    databuf->len = 0; /* Discard data whatever happens. */
-    PORT_Assert(IS_DTLS(ss));
-    PORT_Assert(ss->version >= SSL_LIBRARY_VERSION_TLS_1_3);
-    /* Can't happen, but double check. */
-    if (!IS_DTLS(ss) || (ss->version < SSL_LIBRARY_VERSION_TLS_1_3)) {
-        tls13_FatalError(ss, SEC_ERROR_LIBRARY_FAILURE, internal_error);
-        return SECFailure;
-    }
-    SSL_TRC(10, ("%d: DTLS13[%d]: handle out of epoch record: type=%d", SSL_GETPID(),
-                 ss->fd, rType));
-
-    if (rType == content_ack) {
-        ssl_GetSSL3HandshakeLock(ss);
-        rv = dtls13_HandleAck(ss, &buf);
-        ssl_ReleaseSSL3HandshakeLock(ss);
-        PORT_Assert(databuf->len == 0);
-        return rv;
-    }
-
-    switch (spec->epoch) {
-        case TrafficKeyClearText:
-            /* Drop. */
-            return SECSuccess;
-
-        case TrafficKeyHandshake:
-            /* Drop out of order handshake messages, but if we are the
-             * server, we might have processed the client's Finished and
-             * moved on to application data keys, but the client has
-             * retransmitted Finished (e.g., because our ACK got lost.)
-             * We just retransmit the previous Finished to let the client
-             * complete. */
-            if (rType == content_handshake) {
-                if ((ss->sec.isServer) &&
-                    (ss->ssl3.hs.ws == idle_handshake)) {
-                    PORT_Assert(dtls_TimerActive(ss, ss->ssl3.hs.hdTimer));
-                    return dtls13_SendAck(ss);
-                }
-                return SECSuccess;
-            }
-
-            /* This isn't a handshake record, so shouldn't be encrypted
-             * under the handshake key. */
-            break;
-
-        default:
-            /* Any other epoch is forbidden. */
-            break;
-    }
-
-    SSL_TRC(10, ("%d: SSL3[%d]: unexpected out of epoch record type %d", SSL_GETPID(),
-                 ss->fd, rType));
-
-    (void)SSL3_SendAlert(ss, alert_fatal, illegal_parameter);
-    PORT_SetError(SSL_ERROR_RX_UNKNOWN_RECORD_TYPE);
-    return SECFailure;
-}
-
-SECStatus
-dtls13_HandleAck(sslSocket *ss, sslBuffer *databuf)
-{
-    PRUint8 *b = databuf->buf;
-    PRUint32 l = databuf->len;
-    SECStatus rv;
-
-    /* Ensure we don't loop. */
-    databuf->len = 0;
-
-    PORT_Assert(IS_DTLS(ss));
-    if (!tls13_MaybeTls13(ss)) {
-        tls13_FatalError(ss, SSL_ERROR_RX_UNKNOWN_RECORD_TYPE, illegal_parameter);
-        return SECSuccess;
-    }
-
-    SSL_TRC(10, ("%d: SSL3[%d]: Handling ACK", SSL_GETPID(), ss->fd));
-    while (l > 0) {
-        PRUint64 seq;
-        PRCList *cursor;
-
-        rv = ssl3_ConsumeHandshakeNumber64(ss, &seq, 8, &b, &l);
-        if (rv != SECSuccess) {
-            return SECFailure;
-        }
-
-        for (cursor = PR_LIST_HEAD(&ss->ssl3.hs.dtlsSentHandshake);
-             cursor != &ss->ssl3.hs.dtlsSentHandshake;
-             cursor = PR_NEXT_LINK(cursor)) {
-            DTLSHandshakeRecordEntry *entry = (DTLSHandshakeRecordEntry *)cursor;
-
-            if (entry->record == seq) {
-                SSL_TRC(10, (
-                                "%d: SSL3[%d]: Marking record=%llx message %d offset %d length=%d as ACKed",
-                                SSL_GETPID(), ss->fd,
-                                seq, entry->messageSeq, entry->offset, entry->length));
-                entry->acked = PR_TRUE;
-            }
-        }
-    }
-
-    /* Try to flush. */
-    rv = dtls_TransmitMessageFlight(ss);
-    if (rv != SECSuccess) {
-        return SECFailure;
-    }
-
-    /* Reset the retransmit timer. */
-    if (ss->ssl3.hs.rtTimer->cb) {
-        (void)dtls_RestartTimer(ss, ss->ssl3.hs.rtTimer);
-    }
-
-    /* If there are no more messages to send, cleanup. */
-    if (PR_CLIST_IS_EMPTY(&ss->ssl3.hs.lastMessageFlight)) {
-        SSL_TRC(10, ("%d: SSL3[%d]: No more unacked handshake messages",
-                     SSL_GETPID(), ss->fd));
-
-        dtls_CancelTimer(ss, ss->ssl3.hs.rtTimer);
-        ssl_ClearPRCList(&ss->ssl3.hs.dtlsSentHandshake, NULL);
-        /* If the handshake is finished, and we're the client then
-         * also clean up the handshake read cipher spec. Any ACKs
-         * we receive will be with the application data cipher spec.
-         * The server needs to keep the handshake cipher spec around
-         * for the holddown period to process retransmitted Finisheds.
-         */
-        if (!ss->sec.isServer && (ss->ssl3.hs.ws == idle_handshake)) {
-            ssl_CipherSpecReleaseByEpoch(ss, CipherSpecRead,
-                                         TrafficKeyHandshake);
-        }
-    }
-    return SECSuccess;
-}
-
-/* Clean up the read timer for the handshake cipher suites on the
- * server.
- *
- * In DTLS 1.3, the client speaks last (Finished), and will retransmit
- * until the server ACKs that message (using application data cipher
- * suites). I.e.,
- *
- * - The client uses the retransmit timer and retransmits using the
- *   saved write handshake cipher suite.
- * - The server keeps the saved read handshake cipher suite around
- *   for the holddown period in case it needs to read the Finished.
- *
- * After the holddown period, the server assumes the client is happy
- * and discards the handshake read cipher suite.
- */
-void
-dtls13_HolddownTimerCb(sslSocket *ss)
-{
-    SSL_TRC(10, ("%d: SSL3[%d]: holddown timer fired",
-                 SSL_GETPID(), ss->fd));
-    ssl_CipherSpecReleaseByEpoch(ss, CipherSpecRead, TrafficKeyHandshake);
-    ssl_ClearPRCList(&ss->ssl3.hs.dtlsRcvdHandshake, NULL);
-}
diff --git a/security/nss/lib/ssl/dtls13con.h b/security/nss/lib/ssl/dtls13con.h
deleted file mode 100644
index bf14d3bd2..000000000
--- a/security/nss/lib/ssl/dtls13con.h
+++ /dev/null
@@ -1,29 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
-/*
- * This file is PRIVATE to SSL.
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#ifndef __dtls13con_h_
-#define __dtls13con_h_
-
-SECStatus dtls13_RememberFragment(sslSocket *ss, PRCList *list,
-                                  PRUint32 sequence, PRUint32 offset,
-                                  PRUint32 length, DTLSEpoch epoch,
-                                  sslSequenceNumber record);
-PRBool dtls_NextUnackedRange(sslSocket *ss, PRUint16 msgSeq, PRUint32 offset,
-                             PRUint32 len, PRUint32 *startOut, PRUint32 *endOut);
-SECStatus dtls13_SetupAcks(sslSocket *ss);
-SECStatus dtls13_HandleOutOfEpochRecord(sslSocket *ss, const ssl3CipherSpec *spec,
-                                        SSL3ContentType rType,
-                                        sslBuffer *databuf);
-SECStatus dtls13_HandleAck(sslSocket *ss, sslBuffer *databuf);
-
-SECStatus dtls13_SendAck(sslSocket *ss);
-void dtls13_SendAckCb(sslSocket *ss);
-void dtls13_HolddownTimerCb(sslSocket *ss);
-void dtls_ReceivedFirstMessageInFlight(sslSocket *ss);
-
-#endif
diff --git a/security/nss/lib/ssl/dtlscon.c b/security/nss/lib/ssl/dtlscon.c
index 2f335f924..fbd1779db 100644
--- a/security/nss/lib/ssl/dtlscon.c
+++ b/security/nss/lib/ssl/dtlscon.c
@@ -10,17 +10,16 @@
 #include "ssl.h"
 #include "sslimpl.h"
 #include "sslproto.h"
-#include "dtls13con.h"
 
 #ifndef PR_ARRAY_SIZE
 #define PR_ARRAY_SIZE(a) (sizeof(a) / sizeof((a)[0]))
 #endif
 
+static SECStatus dtls_TransmitMessageFlight(sslSocket *ss);
 static SECStatus dtls_StartRetransmitTimer(sslSocket *ss);
 static void dtls_RetransmitTimerExpiredCb(sslSocket *ss);
 static SECStatus dtls_SendSavedWriteData(sslSocket *ss);
 static void dtls_FinishedTimerCb(sslSocket *ss);
-static void dtls_CancelAllTimers(sslSocket *ss);
 
 /* -28 adjusts for the IP/UDP header */
 static const PRUint16 COMMON_MTU_VALUES[] = {
@@ -31,9 +30,6 @@ static const PRUint16 COMMON_MTU_VALUES[] = {
 };
 
 #define DTLS_COOKIE_BYTES 32
-/* Maximum DTLS expansion = header + IV + max CBC padding +
- * maximum MAC. */
-#define DTLS_MAX_EXPANSION (DTLS_RECORD_HEADER_LENGTH + 16 + 16 + 32)
 
 /* List copied from ssl3con.c:cipherSuites */
 static const ssl3CipherSuite nonDTLSSuites[] = {
@@ -123,9 +119,9 @@ static DTLSQueuedMessage *
 dtls_AllocQueuedMessage(ssl3CipherSpec *cwSpec, SSL3ContentType type,
                         const unsigned char *data, PRUint32 len)
 {
-    DTLSQueuedMessage *msg;
+    DTLSQueuedMessage *msg = NULL;
 
-    msg = PORT_ZNew(DTLSQueuedMessage);
+    msg = PORT_ZAlloc(sizeof(DTLSQueuedMessage));
     if (!msg)
         return NULL;
 
@@ -141,7 +137,7 @@ dtls_AllocQueuedMessage(ssl3CipherSpec *cwSpec, SSL3ContentType type,
     msg->type = type;
     /* Safe if we are < 1.3, since the refct is
      * already very high. */
-    ssl_CipherSpecAddRef(cwSpec);
+    tls13_CipherSpecAddRef(cwSpec);
 
     return msg;
 }
@@ -159,7 +155,7 @@ dtls_FreeHandshakeMessage(DTLSQueuedMessage *msg)
 
     /* Safe if we are < 1.3, since the refct is
      * already very high. */
-    ssl_CipherSpecRelease(msg->cwSpec);
+    tls13_CipherSpecRelease(msg->cwSpec);
     PORT_ZFree(msg->data, msg->len);
     PORT_Free(msg);
 }
@@ -188,38 +184,37 @@ dtls_FreeHandshakeMessages(PRCList *list)
 static SECStatus
 dtls_RetransmitDetected(sslSocket *ss)
 {
-    dtlsTimer *timer = ss->ssl3.hs.rtTimer;
     SECStatus rv = SECSuccess;
 
     PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
     PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
 
-    if (timer->cb == dtls_RetransmitTimerExpiredCb) {
+    if (ss->ssl3.hs.rtTimerCb == dtls_RetransmitTimerExpiredCb) {
         /* Check to see if we retransmitted recently. If so,
          * suppress the triggered retransmit. This avoids
          * retransmit wars after packet loss.
          * This is not in RFC 5346 but it should be.
          */
-        if ((PR_IntervalNow() - timer->started) >
-            (timer->timeout / 4)) {
+        if ((PR_IntervalNow() - ss->ssl3.hs.rtTimerStarted) >
+            (ss->ssl3.hs.rtTimeoutMs / 4)) {
             SSL_TRC(30,
                     ("%d: SSL3[%d]: Shortcutting retransmit timer",
                      SSL_GETPID(), ss->fd));
 
             /* Cancel the timer and call the CB,
              * which re-arms the timer */
-            dtls_CancelTimer(ss, ss->ssl3.hs.rtTimer);
+            dtls_CancelTimer(ss);
             dtls_RetransmitTimerExpiredCb(ss);
         } else {
             SSL_TRC(30,
                     ("%d: SSL3[%d]: Ignoring retransmission: "
                      "last retransmission %dms ago, suppressed for %dms",
                      SSL_GETPID(), ss->fd,
-                     PR_IntervalNow() - timer->started,
-                     timer->timeout / 4));
+                     PR_IntervalNow() - ss->ssl3.hs.rtTimerStarted,
+                     ss->ssl3.hs.rtTimeoutMs / 4));
         }
 
-    } else if (timer->cb == dtls_FinishedTimerCb) {
+    } else if (ss->ssl3.hs.rtTimerCb == dtls_FinishedTimerCb) {
         SSL_TRC(30, ("%d: SSL3[%d]: Retransmit detected in holddown",
                      SSL_GETPID(), ss->fd));
         /* Retransmit the messages and re-arm the timer
@@ -227,14 +222,14 @@ dtls_RetransmitDetected(sslSocket *ss)
          * The spec isn't clear and my reasoning is that this
          * may be a re-ordered packet rather than slowness,
          * so let's be aggressive. */
-        dtls_CancelTimer(ss, ss->ssl3.hs.rtTimer);
+        dtls_CancelTimer(ss);
         rv = dtls_TransmitMessageFlight(ss);
         if (rv == SECSuccess) {
             rv = dtls_StartHolddownTimer(ss);
         }
 
     } else {
-        PORT_Assert(timer->cb == NULL);
+        PORT_Assert(ss->ssl3.hs.rtTimerCb == NULL);
         /* ... and ignore it. */
     }
     return rv;
@@ -243,8 +238,19 @@ dtls_RetransmitDetected(sslSocket *ss)
 static SECStatus
 dtls_HandleHandshakeMessage(sslSocket *ss, PRUint8 *data, PRBool last)
 {
+
+    /* At this point we are advancing our state machine, so we can free our last
+     * flight of messages. */
+    dtls_FreeHandshakeMessages(&ss->ssl3.hs.lastMessageFlight);
     ss->ssl3.hs.recvdHighWater = -1;
 
+    /* Reset the timer to the initial value if the retry counter
+     * is 0, per Sec. 4.2.4.1 */
+    dtls_CancelTimer(ss);
+    if (ss->ssl3.hs.rtRetries == 0) {
+        ss->ssl3.hs.rtTimeoutMs = DTLS_RETRANSMIT_INITIAL_MS;
+    }
+
     return ssl3_HandleHandshakeMessage(ss, data, ss->ssl3.hs.msg_len,
                                        last);
 }
@@ -267,8 +273,7 @@ dtls_HandleHandshakeMessage(sslSocket *ss, PRUint8 *data, PRBool last)
 #define OFFSET_MASK(o) (1 << (o % 8))
 
 SECStatus
-dtls_HandleHandshake(sslSocket *ss, DTLSEpoch epoch, sslSequenceNumber seqNum,
-                     sslBuffer *origBuf)
+dtls_HandleHandshake(sslSocket *ss, sslBuffer *origBuf)
 {
     /* XXX OK for now.
      * This doesn't work properly with asynchronous certificate validation.
@@ -278,9 +283,6 @@ dtls_HandleHandshake(sslSocket *ss, DTLSEpoch epoch, sslSequenceNumber seqNum,
      */
     sslBuffer buf = *origBuf;
     SECStatus rv = SECSuccess;
-    PRBool discarded = PR_FALSE;
-
-    ss->ssl3.hs.endOfFlight = PR_FALSE;
 
     PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
     PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
@@ -296,7 +298,7 @@ dtls_HandleHandshake(sslSocket *ss, DTLSEpoch epoch, sslSequenceNumber seqNum,
         if (buf.len < 12) {
             PORT_SetError(SSL_ERROR_RX_MALFORMED_HANDSHAKE);
             rv = SECFailure;
-            goto loser;
+            break;
         }
 
         /* Parse the header */
@@ -321,28 +323,14 @@ dtls_HandleHandshake(sslSocket *ss, DTLSEpoch epoch, sslSequenceNumber seqNum,
         if (buf.len < fragment_length) {
             PORT_SetError(SSL_ERROR_RX_MALFORMED_HANDSHAKE);
             rv = SECFailure;
-            goto loser;
+            break;
         }
 
         /* Sanity check the packet contents */
         if ((fragment_length + fragment_offset) > message_length) {
             PORT_SetError(SSL_ERROR_RX_MALFORMED_HANDSHAKE);
             rv = SECFailure;
-            goto loser;
-        }
-
-        /* If we're a server and we receive what appears to be a retried
-         * ClientHello, and we are expecting a ClientHello, move the receive
-         * sequence number forward.  This allows for a retried ClientHello if we
-         * send a stateless HelloRetryRequest. */
-        if (message_seq > ss->ssl3.hs.recvMessageSeq &&
-            message_seq == 1 &&
-            fragment_offset == 0 &&
-            ss->ssl3.hs.ws == wait_client_hello &&
-            (SSLHandshakeType)type == ssl_hs_client_hello) {
-            SSL_TRC(5, ("%d: DTLS[%d]: Received apparent 2nd ClientHello",
-                        SSL_GETPID(), ss->fd));
-            ss->ssl3.hs.recvMessageSeq = 1;
+            break;
         }
 
         /* There are three ways we could not be ready for this packet.
@@ -358,20 +346,20 @@ dtls_HandleHandshake(sslSocket *ss, DTLSEpoch epoch, sslSequenceNumber seqNum,
             (fragment_offset == 0) &&
             (fragment_length == message_length)) {
             /* Complete next message. Process immediately */
-            ss->ssl3.hs.msg_type = (SSLHandshakeType)type;
+            ss->ssl3.hs.msg_type = (SSL3HandshakeType)type;
             ss->ssl3.hs.msg_len = message_length;
 
             rv = dtls_HandleHandshakeMessage(ss, buf.buf,
                                              buf.len == fragment_length);
             if (rv == SECFailure) {
-                goto loser;
+                break; /* Discard the remainder of the record. */
             }
         } else {
             if (message_seq < ss->ssl3.hs.recvMessageSeq) {
                 /* Case 3: we do an immediate retransmit if we're
                  * in a waiting state. */
                 rv = dtls_RetransmitDetected(ss);
-                goto loser;
+                break;
             } else if (message_seq > ss->ssl3.hs.recvMessageSeq) {
                 /* Case 2
                  *
@@ -381,12 +369,7 @@ dtls_HandleHandshake(sslSocket *ss, DTLSEpoch epoch, sslSequenceNumber seqNum,
                  *
                  * XXX OK for now. Maybe do something smarter at some point?
                  */
-                SSL_TRC(10, ("%d: SSL3[%d]: dtls_HandleHandshake, discarding handshake message",
-                             SSL_GETPID(), ss->fd));
-                discarded = PR_TRUE;
             } else {
-                PRInt32 end = fragment_offset + fragment_length;
-
                 /* Case 1
                  *
                  * Buffer the fragment for reassembly
@@ -397,18 +380,18 @@ dtls_HandleHandshake(sslSocket *ss, DTLSEpoch epoch, sslSequenceNumber seqNum,
 
                     rv = sslBuffer_Grow(&ss->ssl3.hs.msg_body, message_length);
                     if (rv != SECSuccess)
-                        goto loser;
+                        break;
                     /* Make room for the fragment map */
                     rv = sslBuffer_Grow(&ss->ssl3.hs.recvdFragments,
                                         map_length);
                     if (rv != SECSuccess)
-                        goto loser;
+                        break;
 
                     /* Reset the reassembly map */
                     ss->ssl3.hs.recvdHighWater = 0;
                     PORT_Memset(ss->ssl3.hs.recvdFragments.buf, 0,
                                 ss->ssl3.hs.recvdFragments.space);
-                    ss->ssl3.hs.msg_type = (SSLHandshakeType)type;
+                    ss->ssl3.hs.msg_type = (SSL3HandshakeType)type;
                     ss->ssl3.hs.msg_len = message_length;
                 }
 
@@ -420,14 +403,14 @@ dtls_HandleHandshake(sslSocket *ss, DTLSEpoch epoch, sslSequenceNumber seqNum,
                     ss->ssl3.hs.recvdHighWater = -1;
                     PORT_SetError(SSL_ERROR_RX_MALFORMED_HANDSHAKE);
                     rv = SECFailure;
-                    goto loser;
+                    break;
                 }
 
-                /* Now copy this fragment into the buffer. */
-                if (end > ss->ssl3.hs.recvdHighWater) {
-                    PORT_Memcpy(ss->ssl3.hs.msg_body.buf + fragment_offset,
-                                buf.buf, fragment_length);
-                }
+                /* Now copy this fragment into the buffer */
+                PORT_Assert((fragment_offset + fragment_length) <=
+                            ss->ssl3.hs.msg_body.space);
+                PORT_Memcpy(ss->ssl3.hs.msg_body.buf + fragment_offset,
+                            buf.buf, fragment_length);
 
                 /* This logic is a bit tricky. We have two values for
                  * reassembly state:
@@ -443,11 +426,12 @@ dtls_HandleHandshake(sslSocket *ss, DTLSEpoch epoch, sslSequenceNumber seqNum,
                 if (fragment_offset <= (unsigned int)ss->ssl3.hs.recvdHighWater) {
                     /* Either this is the adjacent fragment or an overlapping
                      * fragment */
-                    if (end > ss->ssl3.hs.recvdHighWater) {
-                        ss->ssl3.hs.recvdHighWater = end;
-                    }
+                    ss->ssl3.hs.recvdHighWater = fragment_offset +
+                                                 fragment_length;
                 } else {
-                    for (offset = fragment_offset; offset < end; offset++) {
+                    for (offset = fragment_offset;
+                         offset < fragment_offset + fragment_length;
+                         offset++) {
                         ss->ssl3.hs.recvdFragments.buf[OFFSET_BYTE(offset)] |=
                             OFFSET_MASK(offset);
                     }
@@ -473,7 +457,7 @@ dtls_HandleHandshake(sslSocket *ss, DTLSEpoch epoch, sslSequenceNumber seqNum,
                                                      buf.len == fragment_length);
 
                     if (rv == SECFailure) {
-                        goto loser;
+                        break; /* Discard the rest of the record. */
                     }
                 }
             }
@@ -483,26 +467,6 @@ dtls_HandleHandshake(sslSocket *ss, DTLSEpoch epoch, sslSequenceNumber seqNum,
         buf.len -= fragment_length;
     }
 
-    // This should never happen, but belt and suspenders.
-    if (rv == SECFailure) {
-        PORT_Assert(0);
-        goto loser;
-    }
-
-    /* If we processed all the fragments in this message, then mark it as remembered.
-     * TODO(ekr@rtfm.com): Store out of order messages for DTLS 1.3 so ACKs work
-     * better. Bug 1392620.*/
-    if (!discarded && tls13_MaybeTls13(ss)) {
-        rv = dtls13_RememberFragment(ss, &ss->ssl3.hs.dtlsRcvdHandshake,
-                                     0, 0, 0, epoch, seqNum);
-    }
-    if (rv != SECSuccess) {
-        goto loser;
-    }
-
-    rv = dtls13_SetupAcks(ss);
-
-loser:
     origBuf->len = 0; /* So ssl3_GatherAppDataRecord will keep looping. */
 
     /* XXX OK for now. In future handle rv == SECWouldBlock safely in order
@@ -596,8 +560,6 @@ dtls_FlushHandshakeMessages(sslSocket *ss, PRInt32 flags)
 
         if (!(flags & ssl_SEND_FLAG_NO_RETRANSMIT)) {
             rv = dtls_StartRetransmitTimer(ss);
-        } else {
-            PORT_Assert(ss->version < SSL_LIBRARY_VERSION_TLS_1_3);
         }
     }
 
@@ -614,7 +576,7 @@ static void
 dtls_RetransmitTimerExpiredCb(sslSocket *ss)
 {
     SECStatus rv;
-    dtlsTimer *timer = ss->ssl3.hs.rtTimer;
+
     ss->ssl3.hs.rtRetries++;
 
     if (!(ss->ssl3.hs.rtRetries % 3)) {
@@ -627,239 +589,175 @@ dtls_RetransmitTimerExpiredCb(sslSocket *ss)
     rv = dtls_TransmitMessageFlight(ss);
     if (rv == SECSuccess) {
         /* Re-arm the timer */
-        timer->timeout *= 2;
-        if (timer->timeout > DTLS_RETRANSMIT_MAX_MS) {
-            timer->timeout = DTLS_RETRANSMIT_MAX_MS;
+        ss->ssl3.hs.rtTimeoutMs *= 2;
+        if (ss->ssl3.hs.rtTimeoutMs > DTLS_RETRANSMIT_MAX_MS) {
+            ss->ssl3.hs.rtTimeoutMs = DTLS_RETRANSMIT_MAX_MS;
         }
 
-        timer->started = PR_IntervalNow();
-        timer->cb = dtls_RetransmitTimerExpiredCb;
+        ss->ssl3.hs.rtTimerStarted = PR_IntervalNow();
+        ss->ssl3.hs.rtTimerCb = dtls_RetransmitTimerExpiredCb;
 
         SSL_TRC(30,
                 ("%d: SSL3[%d]: Retransmit #%d, next in %d",
                  SSL_GETPID(), ss->fd,
-                 ss->ssl3.hs.rtRetries, timer->timeout));
+                 ss->ssl3.hs.rtRetries, ss->ssl3.hs.rtTimeoutMs));
     }
     /* else: OK for now. In future maybe signal the stack that we couldn't
      * transmit. For now, let the read handle any real network errors */
 }
 
-#define DTLS_HS_HDR_LEN 12
-#define DTLS_MIN_FRAGMENT (DTLS_HS_HDR_LEN + 1 + DTLS_MAX_EXPANSION)
-
-/* Encrypt and encode a handshake message fragment.  Flush the data out to the
- * network if there is insufficient space for any fragment. */
-static SECStatus
-dtls_SendFragment(sslSocket *ss, DTLSQueuedMessage *msg, PRUint8 *data,
-                  unsigned int len)
-{
-    PRInt32 sent;
-    SECStatus rv;
-
-    PRINT_BUF(40, (ss, "dtls_SendFragment", data, len));
-    sent = ssl3_SendRecord(ss, msg->cwSpec, msg->type, data, len,
-                           ssl_SEND_FLAG_FORCE_INTO_BUFFER);
-    if (sent != len) {
-        if (sent != -1) {
-            PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-        }
-        return SECFailure;
-    }
-
-    /* If another fragment won't fit, flush. */
-    if (ss->ssl3.mtu < ss->pendingBuf.len + DTLS_MIN_FRAGMENT) {
-        SSL_TRC(20, ("%d: DTLS[%d]: dtls_SendFragment: flush",
-                     SSL_GETPID(), ss->fd));
-        rv = dtls_SendSavedWriteData(ss);
-        if (rv != SECSuccess) {
-            return SECFailure;
-        }
-    }
-    return SECSuccess;
-}
-
-/* Fragment a handshake message into multiple records and send them. */
-static SECStatus
-dtls_FragmentHandshake(sslSocket *ss, DTLSQueuedMessage *msg)
-{
-    PRBool fragmentWritten = PR_FALSE;
-    PRUint16 msgSeq;
-    PRUint8 *fragment;
-    PRUint32 fragmentOffset = 0;
-    PRUint32 fragmentLen;
-    const PRUint8 *content = msg->data + DTLS_HS_HDR_LEN;
-    PRUint32 contentLen = msg->len - DTLS_HS_HDR_LEN;
-    SECStatus rv;
-
-    /* The headers consume 12 bytes so the smallest possible message (i.e., an
-     * empty one) is 12 bytes. */
-    PORT_Assert(msg->len >= DTLS_HS_HDR_LEN);
-
-    /* DTLS only supports fragmenting handshaking messages. */
-    PORT_Assert(msg->type == content_handshake);
-
-    msgSeq = (msg->data[4] << 8) | msg->data[5];
-
-    /* do {} while() so that empty messages are sent at least once. */
-    do {
-        PRUint8 buf[DTLS_MAX_MTU]; /* >= than largest plausible MTU */
-        PRBool hasUnackedRange;
-        PRUint32 end;
-
-        hasUnackedRange = dtls_NextUnackedRange(ss, msgSeq,
-                                                fragmentOffset, contentLen,
-                                                &fragmentOffset, &end);
-        if (!hasUnackedRange) {
-            SSL_TRC(20, ("%d: SSL3[%d]: FragmentHandshake %d: all acknowledged",
-                         SSL_GETPID(), ss->fd, msgSeq));
-            break;
-        }
-
-        SSL_TRC(20, ("%d: SSL3[%d]: FragmentHandshake %d: unacked=%u-%u",
-                     SSL_GETPID(), ss->fd, msgSeq, fragmentOffset, end));
-
-        /* Cut down to the data we have available. */
-        PORT_Assert(fragmentOffset <= contentLen);
-        PORT_Assert(fragmentOffset <= end);
-        PORT_Assert(end <= contentLen);
-        fragmentLen = PR_MIN(end, contentLen) - fragmentOffset;
-
-        /* Reduce to the space remaining in the MTU.  Allow for any existing
-         * messages, record expansion, and the handshake header. */
-        fragmentLen = PR_MIN(fragmentLen,
-                             ss->ssl3.mtu -           /* MTU estimate. */
-                                 ss->pendingBuf.len - /* Less unsent records. */
-                                 DTLS_MAX_EXPANSION - /* Allow for expansion. */
-                                 DTLS_HS_HDR_LEN);    /* + handshake header. */
-        PORT_Assert(fragmentLen > 0 || fragmentOffset == 0);
-
-        /* Make totally sure that we will fit in the buffer. This should be
-         * impossible; DTLS_MAX_MTU should always be more than ss->ssl3.mtu. */
-        if (fragmentLen >= (DTLS_MAX_MTU - DTLS_HS_HDR_LEN)) {
-            PORT_Assert(0);
-            PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-            return SECFailure;
-        }
-
-        if (fragmentLen == contentLen) {
-            fragment = msg->data;
-        } else {
-            sslBuffer tmp = SSL_BUFFER_FIXED(buf, sizeof(buf));
-
-            /* Construct an appropriate-sized fragment */
-            /* Type, length, sequence */
-            rv = sslBuffer_Append(&tmp, msg->data, 6);
-            if (rv != SECSuccess) {
-                return SECFailure;
-            }
-            /* Offset. */
-            rv = sslBuffer_AppendNumber(&tmp, fragmentOffset, 3);
-            if (rv != SECSuccess) {
-                return SECFailure;
-            }
-            /* Length. */
-            rv = sslBuffer_AppendNumber(&tmp, fragmentLen, 3);
-            if (rv != SECSuccess) {
-                return SECFailure;
-            }
-            /* Data. */
-            rv = sslBuffer_Append(&tmp, content + fragmentOffset, fragmentLen);
-            if (rv != SECSuccess) {
-                return SECFailure;
-            }
-
-            fragment = SSL_BUFFER_BASE(&tmp);
-        }
-
-        /* Record that we are sending first, because encrypting
-         * increments the sequence number. */
-        rv = dtls13_RememberFragment(ss, &ss->ssl3.hs.dtlsSentHandshake,
-                                     msgSeq, fragmentOffset, fragmentLen,
-                                     msg->cwSpec->epoch,
-                                     msg->cwSpec->seqNum);
-        if (rv != SECSuccess) {
-            return SECFailure;
-        }
-
-        rv = dtls_SendFragment(ss, msg, fragment,
-                               fragmentLen + DTLS_HS_HDR_LEN);
-        if (rv != SECSuccess) {
-            return SECFailure;
-        }
-
-        fragmentWritten = PR_TRUE;
-        fragmentOffset += fragmentLen;
-    } while (fragmentOffset < contentLen);
-
-    if (!fragmentWritten) {
-        /* Nothing was written if we got here, so the whole message must have
-         * been acknowledged.  Discard it. */
-        SSL_TRC(10, ("%d: SSL3[%d]: FragmentHandshake %d: removed",
-                     SSL_GETPID(), ss->fd, msgSeq));
-        PR_REMOVE_LINK(&msg->link);
-        dtls_FreeHandshakeMessage(msg);
-    }
-
-    return SECSuccess;
-}
-
 /* Transmit a flight of handshake messages, stuffing them
- * into as few records as seems reasonable.
- *
- * TODO: Space separate UDP packets out a little.
+ * into as few records as seems reasonable
  *
  * Called from:
  *             dtls_FlushHandshake()
  *             dtls_RetransmitTimerExpiredCb()
  */
-SECStatus
+static SECStatus
 dtls_TransmitMessageFlight(sslSocket *ss)
 {
     SECStatus rv = SECSuccess;
     PRCList *msg_p;
-
-    SSL_TRC(10, ("%d: SSL3[%d]: dtls_TransmitMessageFlight",
-                 SSL_GETPID(), ss->fd));
+    PRUint16 room_left = ss->ssl3.mtu;
+    PRInt32 sent;
 
     ssl_GetXmitBufLock(ss);
     ssl_GetSpecReadLock(ss);
 
-    /* DTLS does not buffer its handshake messages in ss->pendingBuf, but rather
-     * in the lastMessageFlight structure. This is just a sanity check that some
-     * programming error hasn't inadvertantly stuffed something in
-     * ss->pendingBuf.  This function uses ss->pendingBuf temporarily and it
-     * needs to be empty to start.
+    /* DTLS does not buffer its handshake messages in
+     * ss->pendingBuf, but rather in the lastMessageFlight
+     * structure. This is just a sanity check that
+     * some programming error hasn't inadvertantly
+     * stuffed something in ss->pendingBuf
      */
     PORT_Assert(!ss->pendingBuf.len);
-
     for (msg_p = PR_LIST_HEAD(&ss->ssl3.hs.lastMessageFlight);
-         msg_p != &ss->ssl3.hs.lastMessageFlight;) {
+         msg_p != &ss->ssl3.hs.lastMessageFlight;
+         msg_p = PR_NEXT_LINK(msg_p)) {
         DTLSQueuedMessage *msg = (DTLSQueuedMessage *)msg_p;
 
-        /* Move the pointer forward so that the functions below are free to
-         * remove messages from the list. */
-        msg_p = PR_NEXT_LINK(msg_p);
+        /* The logic here is:
+         *
+         * 1. If this is a message that will not fit into the remaining
+         *    space, then flush.
+         * 2. If the message will now fit into the remaining space,
+         *    encrypt, buffer, and loop.
+         * 3. If the message will not fit, then fragment.
+         *
+         * At the end of the function, flush.
+         */
+        if ((msg->len + SSL3_BUFFER_FUDGE) > room_left) {
+            /* The message will not fit into the remaining space, so flush */
+            rv = dtls_SendSavedWriteData(ss);
+            if (rv != SECSuccess)
+                break;
+
+            room_left = ss->ssl3.mtu;
+        }
 
-        /* Note: This function fragments messages so that each record is close
-         * to full.  This produces fewer records, but it means that messages can
-         * be quite fragmented.  Adding an extra flush here would push new
-         * messages into new records and reduce fragmentation. */
+        if ((msg->len + SSL3_BUFFER_FUDGE) <= room_left) {
+            /* The message will fit, so encrypt and then continue with the
+             * next packet */
+            sent = ssl3_SendRecord(ss, msg->cwSpec, msg->type,
+                                   msg->data, msg->len,
+                                   ssl_SEND_FLAG_FORCE_INTO_BUFFER);
+            if (sent != msg->len) {
+                rv = SECFailure;
+                if (sent != -1) {
+                    PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+                }
+                break;
+            }
 
-        if (msg->type == content_handshake) {
-            rv = dtls_FragmentHandshake(ss, msg);
+            room_left = ss->ssl3.mtu - ss->pendingBuf.len;
         } else {
-            PORT_Assert(!tls13_MaybeTls13(ss));
-            rv = dtls_SendFragment(ss, msg, msg->data, msg->len);
-        }
-        if (rv != SECSuccess) {
-            break;
+            /* The message will not fit, so fragment.
+             *
+             * XXX OK for now. Arrange to coalesce the last fragment
+             * of this message with the next message if possible.
+             * That would be more efficient.
+             */
+            PRUint32 fragment_offset = 0;
+            unsigned char fragment[DTLS_MAX_MTU]; /* >= than largest
+                                                   * plausible MTU */
+
+            /* Assert that we have already flushed */
+            PORT_Assert(room_left == ss->ssl3.mtu);
+
+            /* Case 3: We now need to fragment this message
+             * DTLS only supports fragmenting handshaking messages */
+            PORT_Assert(msg->type == content_handshake);
+
+            /* The headers consume 12 bytes so the smalles possible
+             *  message (i.e., an empty one) is 12 bytes
+             */
+            PORT_Assert(msg->len >= 12);
+
+            while ((fragment_offset + 12) < msg->len) {
+                PRUint32 fragment_len;
+                const unsigned char *content = msg->data + 12;
+                PRUint32 content_len = msg->len - 12;
+
+                /* The reason we use 8 here is that that's the length of
+                 * the new DTLS data that we add to the header */
+                fragment_len = PR_MIN((PRUint32)room_left - (SSL3_BUFFER_FUDGE + 8),
+                                      content_len - fragment_offset);
+                PORT_Assert(fragment_len < DTLS_MAX_MTU - 12);
+                /* Make totally sure that we are within the buffer.
+                 * Note that the only way that fragment len could get
+                 * adjusted here is if
+                 *
+                 * (a) we are in release mode so the PORT_Assert is compiled out
+                 * (b) either the MTU table is inconsistent with DTLS_MAX_MTU
+                 * or ss->ssl3.mtu has become corrupt.
+                 */
+                fragment_len = PR_MIN(fragment_len, DTLS_MAX_MTU - 12);
+
+                /* Construct an appropriate-sized fragment */
+                /* Type, length, sequence */
+                PORT_Memcpy(fragment, msg->data, 6);
+
+                /* Offset */
+                fragment[6] = (fragment_offset >> 16) & 0xff;
+                fragment[7] = (fragment_offset >> 8) & 0xff;
+                fragment[8] = (fragment_offset)&0xff;
+
+                /* Fragment length */
+                fragment[9] = (fragment_len >> 16) & 0xff;
+                fragment[10] = (fragment_len >> 8) & 0xff;
+                fragment[11] = (fragment_len)&0xff;
+
+                PORT_Memcpy(fragment + 12, content + fragment_offset,
+                            fragment_len);
+
+                /*
+                 *  Send the record. We do this in two stages
+                 * 1. Encrypt
+                 */
+                sent = ssl3_SendRecord(ss, msg->cwSpec, msg->type,
+                                       fragment, fragment_len + 12,
+                                       ssl_SEND_FLAG_FORCE_INTO_BUFFER);
+                if (sent != (fragment_len + 12)) {
+                    rv = SECFailure;
+                    if (sent != -1) {
+                        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+                    }
+                    break;
+                }
+
+                /* 2. Flush */
+                rv = dtls_SendSavedWriteData(ss);
+                if (rv != SECSuccess)
+                    break;
+
+                fragment_offset += fragment_len;
+            }
         }
     }
 
-    /* Finally, flush any data that wasn't flushed already. */
-    if (rv == SECSuccess) {
+    /* Finally, we need to flush */
+    if (rv == SECSuccess)
         rv = dtls_SendSavedWriteData(ss);
-    }
 
     /* Give up the locks */
     ssl_ReleaseSpecReadLock(ss);
@@ -898,59 +796,23 @@ dtls_SendSavedWriteData(sslSocket *ss)
     return SECSuccess;
 }
 
-void
-dtls_InitTimers(sslSocket *ss)
-{
-    unsigned int i;
-    dtlsTimer **timers[PR_ARRAY_SIZE(ss->ssl3.hs.timers)] = {
-        &ss->ssl3.hs.rtTimer,
-        &ss->ssl3.hs.ackTimer,
-        &ss->ssl3.hs.hdTimer
-    };
-    static const char *timerLabels[] = {
-        "retransmit", "ack", "holddown"
-    };
-
-    PORT_Assert(PR_ARRAY_SIZE(timers) == PR_ARRAY_SIZE(timerLabels));
-    for (i = 0; i < PR_ARRAY_SIZE(ss->ssl3.hs.timers); ++i) {
-        *timers[i] = &ss->ssl3.hs.timers[i];
-        ss->ssl3.hs.timers[i].label = timerLabels[i];
-    }
-}
-
-SECStatus
-dtls_StartTimer(sslSocket *ss, dtlsTimer *timer, PRUint32 time, DTLSTimerCb cb)
+static SECStatus
+dtls_StartTimer(sslSocket *ss, PRUint32 time, DTLSTimerCb cb)
 {
-    PORT_Assert(timer->cb == NULL);
-
-    SSL_TRC(10, ("%d: SSL3[%d]: %s dtls_StartTimer %s timeout=%d",
-                 SSL_GETPID(), ss->fd, SSL_ROLE(ss), timer->label, time));
-
-    timer->started = PR_IntervalNow();
-    timer->timeout = time;
-    timer->cb = cb;
-    return SECSuccess;
-}
+    PORT_Assert(ss->ssl3.hs.rtTimerCb == NULL);
 
-SECStatus
-dtls_RestartTimer(sslSocket *ss, dtlsTimer *timer)
-{
-    timer->started = PR_IntervalNow();
+    ss->ssl3.hs.rtRetries = 0;
+    ss->ssl3.hs.rtTimerStarted = PR_IntervalNow();
+    ss->ssl3.hs.rtTimeoutMs = time;
+    ss->ssl3.hs.rtTimerCb = cb;
     return SECSuccess;
 }
 
-PRBool
-dtls_TimerActive(sslSocket *ss, dtlsTimer *timer)
-{
-    return timer->cb != NULL;
-}
 /* Start a timer for retransmission. */
 static SECStatus
 dtls_StartRetransmitTimer(sslSocket *ss)
 {
-    ss->ssl3.hs.rtRetries = 0;
-    return dtls_StartTimer(ss, ss->ssl3.hs.rtTimer,
-                           DTLS_RETRANSMIT_INITIAL_MS,
+    return dtls_StartTimer(ss, DTLS_RETRANSMIT_INITIAL_MS,
                            dtls_RetransmitTimerExpiredCb);
 }
 
@@ -958,9 +820,7 @@ dtls_StartRetransmitTimer(sslSocket *ss)
 SECStatus
 dtls_StartHolddownTimer(sslSocket *ss)
 {
-    ss->ssl3.hs.rtRetries = 0;
-    return dtls_StartTimer(ss, ss->ssl3.hs.rtTimer,
-                           DTLS_RETRANSMIT_FINISHED_MS,
+    return dtls_StartTimer(ss, DTLS_RETRANSMIT_FINISHED_MS,
                            dtls_FinishedTimerCb);
 }
 
@@ -971,25 +831,11 @@ dtls_StartHolddownTimer(sslSocket *ss)
  *              dtls_CheckTimer()
  */
 void
-dtls_CancelTimer(sslSocket *ss, dtlsTimer *timer)
+dtls_CancelTimer(sslSocket *ss)
 {
-    SSL_TRC(30, ("%d: SSL3[%d]: %s dtls_CancelTimer %s",
-                 SSL_GETPID(), ss->fd, SSL_ROLE(ss),
-                 timer->label));
-
     PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
 
-    timer->cb = NULL;
-}
-
-static void
-dtls_CancelAllTimers(sslSocket *ss)
-{
-    unsigned int i;
-
-    for (i = 0; i < PR_ARRAY_SIZE(ss->ssl3.hs.timers); ++i) {
-        dtls_CancelTimer(ss, &ss->ssl3.hs.timers[i]);
-    }
+    ss->ssl3.hs.rtTimerCb = NULL;
 }
 
 /* Check the pending timer and fire the callback if it expired
@@ -999,33 +845,22 @@ dtls_CancelAllTimers(sslSocket *ss)
 void
 dtls_CheckTimer(sslSocket *ss)
 {
-    unsigned int i;
-    SSL_TRC(30, ("%d: SSL3[%d]: dtls_CheckTimer (%s)",
-                 SSL_GETPID(), ss->fd, ss->sec.isServer ? "server" : "client"));
-
     ssl_GetSSL3HandshakeLock(ss);
+    if (!ss->ssl3.hs.rtTimerCb) {
+        ssl_ReleaseSSL3HandshakeLock(ss);
+        return;
+    }
 
-    for (i = 0; i < PR_ARRAY_SIZE(ss->ssl3.hs.timers); ++i) {
-        dtlsTimer *timer = &ss->ssl3.hs.timers[i];
-        if (!timer->cb) {
-            continue;
-        }
-
-        if ((PR_IntervalNow() - timer->started) >=
-            PR_MillisecondsToInterval(timer->timeout)) {
-            /* Timer has expired */
-            DTLSTimerCb cb = timer->cb;
-
-            SSL_TRC(10, ("%d: SSL3[%d]: %s firing timer %s",
-                         SSL_GETPID(), ss->fd, SSL_ROLE(ss),
-                         timer->label));
+    if ((PR_IntervalNow() - ss->ssl3.hs.rtTimerStarted) >
+        PR_MillisecondsToInterval(ss->ssl3.hs.rtTimeoutMs)) {
+        /* Timer has expired */
+        DTLSTimerCb cb = ss->ssl3.hs.rtTimerCb;
 
-            /* Cancel the timer so that we can call the CB safely */
-            dtls_CancelTimer(ss, timer);
+        /* Cancel the timer so that we can call the CB safely */
+        dtls_CancelTimer(ss);
 
-            /* Now call the CB */
-            cb(ss);
-        }
+        /* Now call the CB */
+        cb(ss);
     }
     ssl_ReleaseSSL3HandshakeLock(ss);
 }
@@ -1039,6 +874,9 @@ static void
 dtls_FinishedTimerCb(sslSocket *ss)
 {
     dtls_FreeHandshakeMessages(&ss->ssl3.hs.lastMessageFlight);
+    if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) {
+        ssl3_DestroyCipherSpec(ss->ssl3.pwSpec, PR_FALSE);
+    }
 }
 
 /* Cancel the Finished hold-down timer and destroy the
@@ -1057,8 +895,8 @@ dtls_RehandshakeCleanup(sslSocket *ss)
         return;
     }
     PORT_Assert((ss->version < SSL_LIBRARY_VERSION_TLS_1_3));
-    dtls_CancelAllTimers(ss);
-    dtls_FreeHandshakeMessages(&ss->ssl3.hs.lastMessageFlight);
+    dtls_CancelTimer(ss);
+    ssl3_DestroyCipherSpec(ss->ssl3.pwSpec, PR_FALSE);
     ss->ssl3.hs.sendMessageSeq = 0;
     ss->ssl3.hs.recvMessageSeq = 0;
 }
@@ -1121,8 +959,6 @@ dtls_HandleHelloVerifyRequest(sslSocket *ss, PRUint8 *b, PRUint32 length)
         goto alert_loser;
     }
 
-    dtls_ReceivedFirstMessageInFlight(ss);
-
     /* The version.
      *
      * RFC 4347 required that you verify that the server versions
@@ -1267,53 +1103,27 @@ SECStatus
 DTLS_GetHandshakeTimeout(PRFileDesc *socket, PRIntervalTime *timeout)
 {
     sslSocket *ss = NULL;
-    PRBool found = PR_FALSE;
-    PRIntervalTime now = PR_IntervalNow();
-    PRIntervalTime to;
-    unsigned int i;
-
-    *timeout = PR_INTERVAL_NO_TIMEOUT;
+    PRIntervalTime elapsed;
+    PRIntervalTime desired;
 
     ss = ssl_FindSocket(socket);
 
-    if (!ss) {
-        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+    if (!ss)
         return SECFailure;
-    }
 
-    if (!IS_DTLS(ss)) {
-        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+    if (!IS_DTLS(ss))
         return SECFailure;
-    }
-
-    for (i = 0; i < PR_ARRAY_SIZE(ss->ssl3.hs.timers); ++i) {
-        PRIntervalTime elapsed;
-        PRIntervalTime desired;
-        dtlsTimer *timer = &ss->ssl3.hs.timers[i];
-
-        if (!timer->cb) {
-            continue;
-        }
-        found = PR_TRUE;
-
-        elapsed = now - timer->started;
-        desired = PR_MillisecondsToInterval(timer->timeout);
-        if (elapsed > desired) {
-            /* Timer expired */
-            *timeout = PR_INTERVAL_NO_WAIT;
-            return SECSuccess;
-        } else {
-            to = desired - elapsed;
-        }
-
-        if (*timeout > to) {
-            *timeout = to;
-        }
-    }
 
-    if (!found) {
-        PORT_SetError(SSL_ERROR_NO_TIMERS_FOUND);
+    if (!ss->ssl3.hs.rtTimerCb)
         return SECFailure;
+
+    elapsed = PR_IntervalNow() - ss->ssl3.hs.rtTimerStarted;
+    desired = PR_MillisecondsToInterval(ss->ssl3.hs.rtTimeoutMs);
+    if (elapsed > desired) {
+        /* Timer expired */
+        *timeout = PR_INTERVAL_NO_WAIT;
+    } else {
+        *timeout = desired - elapsed;
     }
 
     return SECSuccess;
@@ -1327,50 +1137,72 @@ DTLS_GetHandshakeTimeout(PRFileDesc *socket, PRIntervalTime *timeout)
  * seems like a good tradeoff for implementation effort and is
  * consistent with the guidance of RFC 6347 Sections 4.1 and 4.2.4.1.
  *
- * If the packet is not relevant, this function returns PR_FALSE.  If the packet
- * is relevant, this function returns PR_TRUE and sets |*seqNumOut| to the
- * packet sequence number (removing the epoch).
+ * If the packet is not relevant, this function returns PR_FALSE.
+ * If the packet is relevant, this function returns PR_TRUE
+ * and sets |*seqNum| to the packet sequence number.
  */
 PRBool
-dtls_IsRelevant(sslSocket *ss, const ssl3CipherSpec *spec,
-                const SSL3Ciphertext *cText,
-                sslSequenceNumber *seqNumOut)
+dtls_IsRelevant(sslSocket *ss, const SSL3Ciphertext *cText,
+                PRBool *sameEpoch, PRUint64 *seqNum)
 {
-    sslSequenceNumber seqNum = cText->seq_num & RECORD_SEQ_MASK;
-    if (dtls_RecordGetRecvd(&spec->recvdRecords, seqNum) != 0) {
-        SSL_TRC(10, ("%d: SSL3[%d]: dtls_IsRelevant, rejecting "
-                     "potentially replayed packet",
-                     SSL_GETPID(), ss->fd));
+    const ssl3CipherSpec *crSpec = ss->ssl3.crSpec;
+    DTLSEpoch epoch;
+    sslSequenceNumber dtls_seq_num;
+
+    epoch = cText->seq_num >> 48;
+    *sameEpoch = crSpec->epoch == epoch;
+    if (!*sameEpoch) {
+        SSL_DBG(("%d: SSL3[%d]: dtls_IsRelevant, received packet "
+                 "from irrelevant epoch %d",
+                 SSL_GETPID(), ss->fd, epoch));
+        return PR_FALSE;
+    }
+
+    dtls_seq_num = cText->seq_num & RECORD_SEQ_MAX;
+    if (dtls_RecordGetRecvd(&crSpec->recvdRecords, dtls_seq_num) != 0) {
+        SSL_DBG(("%d: SSL3[%d]: dtls_IsRelevant, rejecting "
+                 "potentially replayed packet",
+                 SSL_GETPID(), ss->fd));
         return PR_FALSE;
     }
 
-    *seqNumOut = seqNum;
+    *seqNum = dtls_seq_num;
     return PR_TRUE;
 }
 
-void
-dtls_ReceivedFirstMessageInFlight(sslSocket *ss)
+/* In TLS 1.3, a client that receives a retransmission of the server's first
+ * flight will reject that message and discard it (see dtls_IsRelevant() above).
+ * However, we need to trigger retransmission to prevent loss of the client's
+ * last flight from causing the connection to fail.
+ *
+ * This only triggers for a retransmitted ServerHello.  Other (encrypted)
+ * handshake messages do not trigger retransmission, so we are a little more
+ * exposed to loss than is ideal.
+ *
+ * Note: This isn't an issue in earlier versions because the second-to-last
+ * flight (sent by the server) includes the Finished message, which is not
+ * dropped because it has the same epoch that the client currently expects.
+ */
+SECStatus
+dtls_MaybeRetransmitHandshake(sslSocket *ss, const SSL3Ciphertext *cText,
+                              PRBool sameEpoch)
 {
-    if (!IS_DTLS(ss))
-        return;
+    SECStatus rv = SECSuccess;
+    DTLSEpoch messageEpoch = cText->seq_num >> 48;
 
-    /* At this point we are advancing our state machine, so we can free our last
-     * flight of messages. */
-    if (ss->ssl3.hs.ws != idle_handshake ||
-        ss->version >= SSL_LIBRARY_VERSION_TLS_1_3) {
-        /* We need to keep our last flight around in DTLS 1.2 and below,
-         * so we can retransmit it in response to other people's
-         * retransmits. */
-        dtls_FreeHandshakeMessages(&ss->ssl3.hs.lastMessageFlight);
-
-        /* Reset the timer to the initial value if the retry counter
-         * is 0, per RFC 6347, Sec. 4.2.4.1 */
-        dtls_CancelTimer(ss, ss->ssl3.hs.rtTimer);
-        if (ss->ssl3.hs.rtRetries == 0) {
-            ss->ssl3.hs.rtTimer->timeout = DTLS_RETRANSMIT_INITIAL_MS;
-        }
+    /* Drop messages from other epochs if we are ignoring things. */
+    if (!sameEpoch && ss->ssl3.hs.zeroRttIgnore != ssl_0rtt_ignore_none) {
+        return SECSuccess;
     }
 
-    /* Empty the ACK queue (TLS 1.3 only). */
-    ssl_ClearPRCList(&ss->ssl3.hs.dtlsRcvdHandshake, NULL);
+    if (!ss->sec.isServer && ss->version >= SSL_LIBRARY_VERSION_TLS_1_3 &&
+        messageEpoch == 0 && cText->type == content_handshake) {
+        ssl_GetSSL3HandshakeLock(ss);
+        if (ss->ssl3.hs.rtTimerCb == dtls_FinishedTimerCb &&
+            ss->ssl3.hs.ws == idle_handshake) {
+            rv = dtls_RetransmitDetected(ss);
+        }
+        ssl_ReleaseSSL3HandshakeLock(ss);
+    }
+    return rv;
 }
diff --git a/security/nss/lib/ssl/dtlscon.h b/security/nss/lib/ssl/dtlscon.h
deleted file mode 100644
index d094380f8..000000000
--- a/security/nss/lib/ssl/dtlscon.h
+++ /dev/null
@@ -1,48 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
-/*
- * This file is PRIVATE to SSL.
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#ifndef __dtlscon_h_
-#define __dtlscon_h_
-
-extern void dtls_FreeHandshakeMessage(DTLSQueuedMessage *msg);
-extern void dtls_FreeHandshakeMessages(PRCList *lst);
-SECStatus dtls_TransmitMessageFlight(sslSocket *ss);
-void dtls_InitTimers(sslSocket *ss);
-SECStatus dtls_StartTimer(sslSocket *ss, dtlsTimer *timer,
-                          PRUint32 time, DTLSTimerCb cb);
-SECStatus dtls_RestartTimer(sslSocket *ss, dtlsTimer *timer);
-PRBool dtls_TimerActive(sslSocket *ss, dtlsTimer *timer);
-extern SECStatus dtls_HandleHandshake(sslSocket *ss, DTLSEpoch epoch,
-                                      sslSequenceNumber seqNum,
-                                      sslBuffer *origBuf);
-extern SECStatus dtls_HandleHelloVerifyRequest(sslSocket *ss,
-                                               PRUint8 *b, PRUint32 length);
-extern SECStatus dtls_StageHandshakeMessage(sslSocket *ss);
-extern SECStatus dtls_QueueMessage(sslSocket *ss, SSL3ContentType type,
-                                   const PRUint8 *pIn, PRInt32 nIn);
-extern SECStatus dtls_FlushHandshakeMessages(sslSocket *ss, PRInt32 flags);
-SECStatus ssl3_DisableNonDTLSSuites(sslSocket *ss);
-extern SECStatus dtls_StartHolddownTimer(sslSocket *ss);
-extern void dtls_CheckTimer(sslSocket *ss);
-extern void dtls_CancelTimer(sslSocket *ss, dtlsTimer *timer);
-extern void dtls_SetMTU(sslSocket *ss, PRUint16 advertised);
-extern void dtls_InitRecvdRecords(DTLSRecvdRecords *records);
-extern int dtls_RecordGetRecvd(const DTLSRecvdRecords *records,
-                               sslSequenceNumber seq);
-extern void dtls_RecordSetRecvd(DTLSRecvdRecords *records,
-                                sslSequenceNumber seq);
-extern void dtls_RehandshakeCleanup(sslSocket *ss);
-extern SSL3ProtocolVersion
-dtls_TLSVersionToDTLSVersion(SSL3ProtocolVersion tlsv);
-extern SSL3ProtocolVersion
-dtls_DTLSVersionToTLSVersion(SSL3ProtocolVersion dtlsv);
-extern PRBool dtls_IsRelevant(sslSocket *ss, const ssl3CipherSpec *spec,
-                              const SSL3Ciphertext *cText,
-                              sslSequenceNumber *seqNum);
-void dtls_ReceivedFirstMessageInFlight(sslSocket *ss);
-#endif
diff --git a/security/nss/lib/ssl/exports.gyp b/security/nss/lib/ssl/exports.gyp
index c3b34c6cc..e2123af84 100644
--- a/security/nss/lib/ssl/exports.gyp
+++ b/security/nss/lib/ssl/exports.gyp
@@ -15,7 +15,6 @@
             'preenc.h',
             'ssl.h',
             'sslerr.h',
-            'sslexp.h',
             'sslproto.h',
             'sslt.h'
           ],
diff --git a/security/nss/lib/ssl/manifest.mn b/security/nss/lib/ssl/manifest.mn
index ca9b9ee7b..fbb88baff 100644
--- a/security/nss/lib/ssl/manifest.mn
+++ b/security/nss/lib/ssl/manifest.mn
@@ -10,7 +10,6 @@ EXPORTS = \
         ssl.h \
         sslt.h \
         sslerr.h \
-        sslexp.h \
         sslproto.h \
         preenc.h \
         $(NULL)
@@ -20,15 +19,13 @@ MAPFILE = $(OBJDIR)/ssl.def
 
 CSRCS = \
         dtlscon.c \
-        dtls13con.c \
         prelib.c \
         ssl3con.c \
         ssl3gthr.c \
         sslauth.c \
-        sslbloom.c \
         sslcon.c \
         ssldef.c \
-        sslencode.c \
+        ssl3encode.c \
         sslenum.c \
         sslerr.c \
         sslerrstrs.c \
@@ -41,7 +38,6 @@ CSRCS = \
         sslsecur.c \
         sslsnce.c \
         sslsock.c \
-        sslspec.c \
         ssltrace.c \
         sslver.c \
         authcert.c \
@@ -51,9 +47,7 @@ CSRCS = \
         ssl3ecc.c \
         tls13con.c \
         tls13exthandle.c \
-        tls13hashstate.c \
         tls13hkdf.c \
-        tls13replay.c \
         sslcert.c \
         sslgrp.c \
         $(NULL)
diff --git a/security/nss/lib/ssl/selfencrypt.c b/security/nss/lib/ssl/selfencrypt.c
index 97217b4a6..6d6e25cfc 100644
--- a/security/nss/lib/ssl/selfencrypt.c
+++ b/security/nss/lib/ssl/selfencrypt.c
@@ -11,6 +11,7 @@
 #include "pk11func.h"
 #include "ssl.h"
 #include "sslt.h"
+#include "ssl3encode.h"
 #include "sslimpl.h"
 #include "selfencrypt.h"
 
@@ -120,11 +121,12 @@ ssl_SelfEncryptProtectInt(
     PRUint8 *out, unsigned int *outLen, unsigned int maxOutLen)
 {
     unsigned int len;
-    unsigned int lenOffset;
     unsigned char iv[AES_BLOCK_SIZE];
     SECItem ivItem = { siBuffer, iv, sizeof(iv) };
-    /* Write directly to out. */
-    sslBuffer buf = SSL_BUFFER_FIXED(out, maxOutLen);
+    unsigned char mac[SHA256_LENGTH]; /* SHA-256 */
+    unsigned int macLen;
+    SECItem outItem = { siBuffer, out, maxOutLen };
+    SECItem lengthBytesItem;
     SECStatus rv;
 
     /* Generate a random IV */
@@ -135,54 +137,52 @@ ssl_SelfEncryptProtectInt(
     }
 
     /* Add header. */
-    rv = sslBuffer_Append(&buf, keyName, SELF_ENCRYPT_KEY_NAME_LEN);
+    rv = ssl3_AppendToItem(&outItem, keyName, SELF_ENCRYPT_KEY_NAME_LEN);
     if (rv != SECSuccess) {
         return SECFailure;
     }
-    rv = sslBuffer_Append(&buf, iv, sizeof(iv));
+    rv = ssl3_AppendToItem(&outItem, iv, sizeof(iv));
     if (rv != SECSuccess) {
         return SECFailure;
     }
 
-    /* Leave space for the length of the ciphertext. */
-    rv = sslBuffer_Skip(&buf, 2, &lenOffset);
+    /* Skip forward by two so we can encode the ciphertext in place. */
+    lengthBytesItem = outItem;
+    rv = ssl3_AppendNumberToItem(&outItem, 0, 2);
     if (rv != SECSuccess) {
         return SECFailure;
     }
 
-    /* Encode the ciphertext in place. */
     rv = PK11_Encrypt(encKey, CKM_AES_CBC_PAD, &ivItem,
-                      SSL_BUFFER_NEXT(&buf), &len,
-                      SSL_BUFFER_SPACE(&buf), in, inLen);
-    if (rv != SECSuccess) {
-        return SECFailure;
-    }
-    rv = sslBuffer_Skip(&buf, len, NULL);
+                      outItem.data, &len, outItem.len, in, inLen);
     if (rv != SECSuccess) {
         return SECFailure;
     }
 
-    rv = sslBuffer_InsertLength(&buf, lenOffset, 2);
+    outItem.data += len;
+    outItem.len -= len;
+
+    /* Now encode the ciphertext length. */
+    rv = ssl3_AppendNumberToItem(&lengthBytesItem, len, 2);
     if (rv != SECSuccess) {
         return SECFailure;
     }
 
-    /* MAC the entire output buffer into the output. */
-    PORT_Assert(buf.space - buf.len >= SHA256_LENGTH);
+    /* MAC the entire output buffer and append the MAC to the end. */
     rv = ssl_MacBuffer(macKey, CKM_SHA256_HMAC,
-                       SSL_BUFFER_BASE(&buf), /* input */
-                       SSL_BUFFER_LEN(&buf),
-                       SSL_BUFFER_NEXT(&buf), &len, /* output */
-                       SHA256_LENGTH);
+                       out, outItem.data - out,
+                       mac, &macLen, sizeof(mac));
     if (rv != SECSuccess) {
         return SECFailure;
     }
-    rv = sslBuffer_Skip(&buf, len, NULL);
+    PORT_Assert(macLen == sizeof(mac));
+
+    rv = ssl3_AppendToItem(&outItem, mac, macLen);
     if (rv != SECSuccess) {
         return SECFailure;
     }
 
-    *outLen = SSL_BUFFER_LEN(&buf);
+    *outLen = outItem.data - out;
     return SECSuccess;
 }
 
@@ -269,17 +269,6 @@ ssl_SelfEncryptUnprotectInt(
 }
 #endif
 
-/* Predict the size of the encrypted data, including padding */
-unsigned int
-ssl_SelfEncryptGetProtectedSize(unsigned int inLen)
-{
-    return SELF_ENCRYPT_KEY_NAME_LEN +
-           AES_BLOCK_SIZE +
-           2 +
-           ((inLen / AES_BLOCK_SIZE) + 1) * AES_BLOCK_SIZE + /* Padded */
-           SHA256_LENGTH;
-}
-
 SECStatus
 ssl_SelfEncryptProtect(
     sslSocket *ss, const PRUint8 *in, unsigned int inLen,
diff --git a/security/nss/lib/ssl/selfencrypt.h b/security/nss/lib/ssl/selfencrypt.h
index 5415ac09f..5bc8e4348 100644
--- a/security/nss/lib/ssl/selfencrypt.h
+++ b/security/nss/lib/ssl/selfencrypt.h
@@ -11,7 +11,6 @@
 
 #include "secmodt.h"
 
-unsigned int ssl_SelfEncryptGetProtectedSize(unsigned int inLen);
 SECStatus ssl_SelfEncryptProtect(
     sslSocket *ss, const PRUint8 *in, unsigned int inLen,
     PRUint8 *out, unsigned int *outLen, unsigned int maxOutLen);
diff --git a/security/nss/lib/ssl/ssl.def b/security/nss/lib/ssl/ssl.def
index 9a447dbef..94d304223 100644
--- a/security/nss/lib/ssl/ssl.def
+++ b/security/nss/lib/ssl/ssl.def
@@ -234,9 +234,3 @@ SSL_AlertSentCallback;
 ;+    local:
 ;+*;
 ;+};
-;+NSS_3.33 {    # NSS 3.33 release
-;+    global:
-SSL_GetExperimentalAPI;
-;+    local:
-;+*;
-;+};
diff --git a/security/nss/lib/ssl/ssl.gyp b/security/nss/lib/ssl/ssl.gyp
index 3694ab91a..03b2d6014 100644
--- a/security/nss/lib/ssl/ssl.gyp
+++ b/security/nss/lib/ssl/ssl.gyp
@@ -13,20 +13,18 @@
         'authcert.c',
         'cmpcert.c',
         'dtlscon.c',
-        'dtls13con.c',
         'prelib.c',
         'selfencrypt.c',
         'ssl3con.c',
         'ssl3ecc.c',
+        'ssl3encode.c',
         'ssl3ext.c',
         'ssl3exthandle.c',
         'ssl3gthr.c',
         'sslauth.c',
-        'sslbloom.c',
         'sslcert.c',
         'sslcon.c',
         'ssldef.c',
-        'sslencode.c',
         'sslenum.c',
         'sslerr.c',
         'sslerrstrs.c',
@@ -39,14 +37,11 @@
         'sslsecur.c',
         'sslsnce.c',
         'sslsock.c',
-        'sslspec.c',
         'ssltrace.c',
         'sslver.c',
         'tls13con.c',
         'tls13exthandle.c',
-        'tls13hashstate.c',
         'tls13hkdf.c',
-        'tls13replay.c',
       ],
       'conditions': [
         [ 'OS=="win"', {
@@ -62,6 +57,14 @@
             'unix_err.c'
           ],
         }],
+        [ 'ssl_enable_zlib==1', {
+          'dependencies': [
+            '<(DEPTH)/lib/zlib/zlib.gyp:nss_zlib'
+          ],
+          'defines': [
+            'NSS_SSL_ENABLE_ZLIB',
+          ],
+        }],
         [ 'fuzz_tls==1', {
           'defines': [
             'UNSAFE_FUZZER_MODE',
diff --git a/security/nss/lib/ssl/ssl.h b/security/nss/lib/ssl/ssl.h
index 25aabbaa2..7e538ac1f 100644
--- a/security/nss/lib/ssl/ssl.h
+++ b/security/nss/lib/ssl/ssl.h
@@ -107,7 +107,8 @@ SSL_IMPORT PRFileDesc *DTLS_ImportFD(PRFileDesc *model, PRFileDesc *fd);
 #define SSL_NO_LOCKS 17                 /* Don't use locks for protection */
 #define SSL_ENABLE_SESSION_TICKETS 18   /* Enable TLS SessionTicket       */
                                         /* extension (off by default)     */
-#define SSL_ENABLE_DEFLATE 19           /* (unsupported, deprecated, off) */
+#define SSL_ENABLE_DEFLATE 19           /* Enable TLS compression with    */
+                                        /* DEFLATE (off by default)       */
 #define SSL_ENABLE_RENEGOTIATION 20     /* Values below (default: never)  */
 #define SSL_REQUIRE_SAFE_NEGOTIATION 21 /* Peer must send Signaling       */
                                         /* Cipher Suite Value (SCSV) or   */
@@ -230,46 +231,25 @@ SSL_IMPORT PRFileDesc *DTLS_ImportFD(PRFileDesc *model, PRFileDesc *fd);
  * parameters.
  *
  * The transition between the 0-RTT and 1-RTT modes is marked by the
- * handshake callback.  However, it is possible to force the completion
- * of the handshake (and cause the handshake callback to be called)
- * prior to reading all 0-RTT data using SSL_ForceHandshake().  To
- * ensure that all early data is read before the handshake callback, any
- * time that SSL_ForceHandshake() returns a PR_WOULD_BLOCK_ERROR, use
- * PR_Read() to read all available data.  If PR_Read() is called
- * multiple times, this will result in the handshake completing, but the
- * handshake callback will occur after early data has all been read.
+ * handshake callback.
  *
  * WARNING: 0-RTT data has different anti-replay and PFS properties than
- * the rest of the TLS data. See [draft-ietf-tls-tls13; Section 8]
+ * the rest of the TLS data. See [draft-ietf-tls-tls13; Section 6.2.3]
  * for more details.
- *
- * Note: when DTLS 1.3 is in use, any 0-RTT data received after EndOfEarlyData
- * (e.g., because of reordering) is discarded.
  */
 #define SSL_ENABLE_0RTT_DATA 33
 
-/* Enables TLS 1.3 compatibility mode.  In this mode, the client includes a fake
- * session ID in the handshake and sends a ChangeCipherSpec.  A server will
- * always use the setting chosen by the client, so the value of this option has
- * no effect for a server. This setting is ignored for DTLS. */
-#define SSL_ENABLE_TLS13_COMPAT_MODE 35
-
 #ifdef SSL_DEPRECATED_FUNCTION
 /* Old deprecated function names */
-SSL_IMPORT SECStatus SSL_Enable(PRFileDesc *fd, int option, PRIntn on);
-SSL_IMPORT SECStatus SSL_EnableDefault(int option, PRIntn on);
+SSL_IMPORT SECStatus SSL_Enable(PRFileDesc *fd, int option, PRBool on);
+SSL_IMPORT SECStatus SSL_EnableDefault(int option, PRBool on);
 #endif
 
-/* Set (and get) options for sockets and defaults for newly created sockets.
- *
- * While the |val| parameter of these methods is PRIntn, options only support
- * two values by default: PR_TRUE or PR_FALSE.  The documentation of specific
- * options will explain if other values are permitted.
- */
-SSL_IMPORT SECStatus SSL_OptionSet(PRFileDesc *fd, PRInt32 option, PRIntn val);
-SSL_IMPORT SECStatus SSL_OptionGet(PRFileDesc *fd, PRInt32 option, PRIntn *val);
-SSL_IMPORT SECStatus SSL_OptionSetDefault(PRInt32 option, PRIntn val);
-SSL_IMPORT SECStatus SSL_OptionGetDefault(PRInt32 option, PRIntn *val);
+/* New function names */
+SSL_IMPORT SECStatus SSL_OptionSet(PRFileDesc *fd, PRInt32 option, PRBool on);
+SSL_IMPORT SECStatus SSL_OptionGet(PRFileDesc *fd, PRInt32 option, PRBool *on);
+SSL_IMPORT SECStatus SSL_OptionSetDefault(PRInt32 option, PRBool on);
+SSL_IMPORT SECStatus SSL_OptionGetDefault(PRInt32 option, PRBool *on);
 SSL_IMPORT SECStatus SSL_CertDBHandleSet(PRFileDesc *fd, CERTCertDBHandle *dbHandle);
 
 /* SSLNextProtoCallback is called during the handshake for the client, when a
@@ -1394,13 +1374,6 @@ extern const char *NSSSSL_GetVersion(void);
  */
 SSL_IMPORT SECStatus SSL_AuthCertificateComplete(PRFileDesc *fd,
                                                  PRErrorCode error);
-
-/*
- * This is used to access experimental APIs.  Don't call this directly.  This is
- * used to enable the experimental APIs that are defined in "sslexp.h".
- */
-SSL_IMPORT void *SSL_GetExperimentalAPI(const char *name);
-
 SEC_END_PROTOS
 
 #endif /* __ssl_h_ */
diff --git a/security/nss/lib/ssl/ssl3con.c b/security/nss/lib/ssl/ssl3con.c
index 61878ae99..5cbe2bd09 100644
--- a/security/nss/lib/ssl/ssl3con.c
+++ b/security/nss/lib/ssl/ssl3con.c
@@ -34,13 +34,14 @@
 #include "blapi.h"
 
 #include <stdio.h>
+#ifdef NSS_SSL_ENABLE_ZLIB
+#include "zlib.h"
+#endif
 
 static PK11SymKey *ssl3_GenerateRSAPMS(sslSocket *ss, ssl3CipherSpec *spec,
                                        PK11SlotInfo *serverKeySlot);
-static SECStatus ssl3_ComputeMasterSecret(sslSocket *ss, PK11SymKey *pms,
-                                          PK11SymKey **msp);
-static SECStatus ssl3_DeriveConnectionKeys(sslSocket *ss,
-                                           PK11SymKey *masterSecret);
+static SECStatus ssl3_DeriveMasterSecret(sslSocket *ss, PK11SymKey *pms);
+static SECStatus ssl3_DeriveConnectionKeys(sslSocket *ss);
 static SECStatus ssl3_HandshakeFailure(sslSocket *ss);
 static SECStatus ssl3_SendCertificate(sslSocket *ss);
 static SECStatus ssl3_SendCertificateRequest(sslSocket *ss);
@@ -50,28 +51,27 @@ static SECStatus ssl3_SendServerHelloDone(sslSocket *ss);
 static SECStatus ssl3_SendServerKeyExchange(sslSocket *ss);
 static SECStatus ssl3_HandleClientHelloPart2(sslSocket *ss,
                                              SECItem *suites,
-                                             sslSessionID *sid,
-                                             const PRUint8 *msg,
-                                             unsigned int len);
+                                             SECItem *comps,
+                                             sslSessionID *sid);
 static SECStatus ssl3_HandleServerHelloPart2(sslSocket *ss,
                                              const SECItem *sidBytes,
                                              int *retErrCode);
 static SECStatus ssl3_HandlePostHelloHandshakeMessage(sslSocket *ss,
                                                       PRUint8 *b,
-                                                      PRUint32 length);
+                                                      PRUint32 length,
+                                                      SSL3Hashes *hashesPtr);
 static SECStatus ssl3_FlushHandshakeMessages(sslSocket *ss, PRInt32 flags);
 
+static SECStatus Null_Cipher(void *ctx, unsigned char *output, int *outputLen,
+                             int maxOutputLen, const unsigned char *input,
+                             int inputLen);
+
 static CK_MECHANISM_TYPE ssl3_GetHashMechanismByHashType(SSLHashType hashType);
 static CK_MECHANISM_TYPE ssl3_GetMgfMechanismByHashType(SSLHashType hash);
 PRBool ssl_IsRsaPssSignatureScheme(SSLSignatureScheme scheme);
 
-const PRUint8 ssl_hello_retry_random[] = {
-    0xCF, 0x21, 0xAD, 0x74, 0xE5, 0x9A, 0x61, 0x11,
-    0xBE, 0x1D, 0x8C, 0x02, 0x1E, 0x65, 0xB8, 0x91,
-    0xC2, 0xA2, 0x11, 0x16, 0x7A, 0xBB, 0x8C, 0x5E,
-    0x07, 0x9E, 0x09, 0xE2, 0xC8, 0xA8, 0x33, 0x9C
-};
-PR_STATIC_ASSERT(PR_ARRAY_SIZE(ssl_hello_retry_random) == SSL3_RANDOM_LENGTH);
+#define MAX_SEND_BUF_LENGTH 32000 /* watch for 16-bit integer overflow */
+#define MIN_SEND_BUF_LENGTH 4000
 
 /* This list of SSL3 cipher suites is sorted in descending order of
  * precedence (desirability).  It only includes cipher suites we implement.
@@ -214,6 +214,52 @@ ssl3_CheckCipherSuiteOrderConsistency()
 }
 #endif
 
+/* This list of SSL3 compression methods is sorted in descending order of
+ * precedence (desirability).  It only includes compression methods we
+ * implement.
+ */
+static const SSLCompressionMethod ssl_compression_methods[] = {
+#ifdef NSS_SSL_ENABLE_ZLIB
+    ssl_compression_deflate,
+#endif
+    ssl_compression_null
+};
+
+static const unsigned int ssl_compression_method_count =
+    PR_ARRAY_SIZE(ssl_compression_methods);
+
+/* compressionEnabled returns true iff the compression algorithm is enabled
+ * for the given SSL socket. */
+static PRBool
+ssl_CompressionEnabled(sslSocket *ss, SSLCompressionMethod compression)
+{
+    SSL3ProtocolVersion version;
+
+    if (compression == ssl_compression_null) {
+        return PR_TRUE; /* Always enabled */
+    }
+    if (ss->sec.isServer) {
+        /* We can't easily check that the client didn't attempt TLS 1.3,
+         * so this will have to do. */
+        PORT_Assert(ss->version < SSL_LIBRARY_VERSION_TLS_1_3);
+        version = ss->version;
+    } else {
+        version = ss->vrange.max;
+    }
+    if (version >= SSL_LIBRARY_VERSION_TLS_1_3) {
+        return PR_FALSE;
+    }
+#ifdef NSS_SSL_ENABLE_ZLIB
+    if (compression == ssl_compression_deflate) {
+        if (IS_DTLS(ss)) {
+            return PR_FALSE;
+        }
+        return ss->opt.enableDeflate;
+    }
+#endif
+    return PR_FALSE;
+}
+
 static const /*SSL3ClientCertificateType */ PRUint8 certificate_types[] = {
     ct_RSA_sign,
     ct_ECDSA_sign,
@@ -222,125 +268,173 @@ static const /*SSL3ClientCertificateType */ PRUint8 certificate_types[] = {
 
 static SSL3Statistics ssl3stats;
 
+/* Record protection algorithms, indexed by SSL3BulkCipher.
+ *
+ * The |max_records| field (|mr| below) is set to a number that is higher than
+ * recommended in some literature (esp. TLS 1.3) because we currently abort the
+ * connection when this limit is reached and we want to ensure that we only
+ * rarely hit this limit.  See bug 1268745 for details.
+ */
+#define MR_MAX RECORD_SEQ_MAX  /* 2^48-1 */
+#define MR_128 (0x5aULL << 28) /* For AES and similar. */
+#define MR_LOW (1ULL << 20)    /* For weak ciphers. */
+/* clang-format off */
+static const ssl3BulkCipherDef bulk_cipher_defs[] = {
+    /*                                    |--------- Lengths ---------| */
+    /* cipher             calg            :  s                        : */
+    /*                                    :  e                  b     n */
+    /* oid                short_name mr   :                     l     o */
+    /*                                    k  r                  o  t  n */
+    /*                                    e  e               i  c  a  c */
+    /*                                    y  t  type         v  k  g  e */
+    {cipher_null,         calg_null,      0, 0, type_stream, 0, 0, 0, 0,
+     SEC_OID_NULL_CIPHER, "NULL", MR_MAX},
+    {cipher_rc4,          calg_rc4,      16,16, type_stream, 0, 0, 0, 0,
+     SEC_OID_RC4,         "RC4", MR_LOW},
+    {cipher_des,          calg_des,       8, 8, type_block,  8, 8, 0, 0,
+     SEC_OID_DES_CBC,     "DES-CBC", MR_LOW},
+    {cipher_3des,         calg_3des,     24,24, type_block,  8, 8, 0, 0,
+     SEC_OID_DES_EDE3_CBC, "3DES-EDE-CBC", MR_LOW},
+    {cipher_aes_128,      calg_aes,      16,16, type_block, 16,16, 0, 0,
+     SEC_OID_AES_128_CBC, "AES-128", MR_128},
+    {cipher_aes_256,      calg_aes,      32,32, type_block, 16,16, 0, 0,
+     SEC_OID_AES_256_CBC, "AES-256", MR_128},
+    {cipher_camellia_128, calg_camellia, 16,16, type_block, 16,16, 0, 0,
+     SEC_OID_CAMELLIA_128_CBC, "Camellia-128", MR_128},
+    {cipher_camellia_256, calg_camellia, 32,32, type_block, 16,16, 0, 0,
+     SEC_OID_CAMELLIA_256_CBC, "Camellia-256", MR_128},
+    {cipher_seed,         calg_seed,     16,16, type_block, 16,16, 0, 0,
+     SEC_OID_SEED_CBC,    "SEED-CBC", MR_128},
+    {cipher_aes_128_gcm,  calg_aes_gcm,  16,16, type_aead,   4, 0,16, 8,
+     SEC_OID_AES_128_GCM, "AES-128-GCM", MR_128},
+    {cipher_aes_256_gcm,  calg_aes_gcm,  32,32, type_aead,   4, 0,16, 8,
+     SEC_OID_AES_256_GCM, "AES-256-GCM", MR_128},
+    {cipher_chacha20,     calg_chacha20, 32,32, type_aead,  12, 0,16, 0,
+     SEC_OID_CHACHA20_POLY1305, "ChaCha20-Poly1305", MR_MAX},
+    {cipher_missing,      calg_null,      0, 0, type_stream, 0, 0, 0, 0,
+     SEC_OID_UNKNOWN,     "missing", 0U},
+};
+
 static const ssl3KEADef kea_defs[] =
-    {
-      /* indexed by SSL3KeyExchangeAlgorithm */
-      /* kea            exchKeyType signKeyType authKeyType ephemeral  oid */
-      { kea_null, ssl_kea_null, nullKey, ssl_auth_null, PR_FALSE, 0 },
-      { kea_rsa, ssl_kea_rsa, nullKey, ssl_auth_rsa_decrypt, PR_FALSE, SEC_OID_TLS_RSA },
-      { kea_dh_dss, ssl_kea_dh, dsaKey, ssl_auth_dsa, PR_FALSE, SEC_OID_TLS_DH_DSS },
-      { kea_dh_rsa, ssl_kea_dh, rsaKey, ssl_auth_rsa_sign, PR_FALSE, SEC_OID_TLS_DH_RSA },
-      { kea_dhe_dss, ssl_kea_dh, dsaKey, ssl_auth_dsa, PR_TRUE, SEC_OID_TLS_DHE_DSS },
-      { kea_dhe_rsa, ssl_kea_dh, rsaKey, ssl_auth_rsa_sign, PR_TRUE, SEC_OID_TLS_DHE_RSA },
-      { kea_dh_anon, ssl_kea_dh, nullKey, ssl_auth_null, PR_TRUE, SEC_OID_TLS_DH_ANON },
-      { kea_ecdh_ecdsa, ssl_kea_ecdh, nullKey, ssl_auth_ecdh_ecdsa, PR_FALSE, SEC_OID_TLS_ECDH_ECDSA },
-      { kea_ecdhe_ecdsa, ssl_kea_ecdh, ecKey, ssl_auth_ecdsa, PR_TRUE, SEC_OID_TLS_ECDHE_ECDSA },
-      { kea_ecdh_rsa, ssl_kea_ecdh, nullKey, ssl_auth_ecdh_rsa, PR_FALSE, SEC_OID_TLS_ECDH_RSA },
-      { kea_ecdhe_rsa, ssl_kea_ecdh, rsaKey, ssl_auth_rsa_sign, PR_TRUE, SEC_OID_TLS_ECDHE_RSA },
-      { kea_ecdh_anon, ssl_kea_ecdh, nullKey, ssl_auth_null, PR_TRUE, SEC_OID_TLS_ECDH_ANON },
-      { kea_ecdhe_psk, ssl_kea_ecdh_psk, nullKey, ssl_auth_psk, PR_TRUE, SEC_OID_TLS_ECDHE_PSK },
-      { kea_dhe_psk, ssl_kea_dh_psk, nullKey, ssl_auth_psk, PR_TRUE, SEC_OID_TLS_DHE_PSK },
-      { kea_tls13_any, ssl_kea_tls13_any, nullKey, ssl_auth_tls13_any, PR_TRUE, SEC_OID_TLS13_KEA_ANY },
-    };
+{ /* indexed by SSL3KeyExchangeAlgorithm */
+    /* kea            exchKeyType signKeyType authKeyType ephemeral  oid */
+    {kea_null,           ssl_kea_null, nullKey, ssl_auth_null, PR_FALSE, 0},
+    {kea_rsa,            ssl_kea_rsa,  nullKey, ssl_auth_rsa_decrypt, PR_FALSE, SEC_OID_TLS_RSA},
+    {kea_dh_dss,         ssl_kea_dh,   dsaKey, ssl_auth_dsa, PR_FALSE, SEC_OID_TLS_DH_DSS},
+    {kea_dh_rsa,         ssl_kea_dh,   rsaKey, ssl_auth_rsa_sign, PR_FALSE, SEC_OID_TLS_DH_RSA},
+    {kea_dhe_dss,        ssl_kea_dh,   dsaKey, ssl_auth_dsa, PR_TRUE,  SEC_OID_TLS_DHE_DSS},
+    {kea_dhe_rsa,        ssl_kea_dh,   rsaKey, ssl_auth_rsa_sign, PR_TRUE,  SEC_OID_TLS_DHE_RSA},
+    {kea_dh_anon,        ssl_kea_dh,   nullKey, ssl_auth_null, PR_TRUE,  SEC_OID_TLS_DH_ANON},
+    {kea_ecdh_ecdsa,     ssl_kea_ecdh, nullKey, ssl_auth_ecdh_ecdsa, PR_FALSE, SEC_OID_TLS_ECDH_ECDSA},
+    {kea_ecdhe_ecdsa,    ssl_kea_ecdh, ecKey, ssl_auth_ecdsa, PR_TRUE,  SEC_OID_TLS_ECDHE_ECDSA},
+    {kea_ecdh_rsa,       ssl_kea_ecdh, nullKey, ssl_auth_ecdh_rsa, PR_FALSE, SEC_OID_TLS_ECDH_RSA},
+    {kea_ecdhe_rsa,      ssl_kea_ecdh, rsaKey, ssl_auth_rsa_sign, PR_TRUE,  SEC_OID_TLS_ECDHE_RSA},
+    {kea_ecdh_anon,      ssl_kea_ecdh, nullKey, ssl_auth_null, PR_TRUE,  SEC_OID_TLS_ECDH_ANON},
+    {kea_ecdhe_psk,      ssl_kea_ecdh_psk, nullKey, ssl_auth_psk, PR_TRUE, SEC_OID_TLS_ECDHE_PSK},
+    {kea_dhe_psk,      ssl_kea_dh_psk, nullKey, ssl_auth_psk, PR_TRUE, SEC_OID_TLS_DHE_PSK},
+    {kea_tls13_any,      ssl_kea_tls13_any, nullKey, ssl_auth_tls13_any, PR_TRUE, SEC_OID_TLS13_KEA_ANY},
+};
 
 /* must use ssl_LookupCipherSuiteDef to access */
 static const ssl3CipherSuiteDef cipher_suite_defs[] =
-    {
-      /*  cipher_suite                    bulk_cipher_alg mac_alg key_exchange_alg prf_hash */
-      /*  Note that the prf_hash_alg is the hash function used by the PRF, see sslimpl.h.  */
-
-      { TLS_NULL_WITH_NULL_NULL, cipher_null, ssl_mac_null, kea_null, ssl_hash_none },
-      { TLS_RSA_WITH_NULL_MD5, cipher_null, ssl_mac_md5, kea_rsa, ssl_hash_none },
-      { TLS_RSA_WITH_NULL_SHA, cipher_null, ssl_mac_sha, kea_rsa, ssl_hash_none },
-      { TLS_RSA_WITH_NULL_SHA256, cipher_null, ssl_hmac_sha256, kea_rsa, ssl_hash_sha256 },
-      { TLS_RSA_WITH_RC4_128_MD5, cipher_rc4, ssl_mac_md5, kea_rsa, ssl_hash_none },
-      { TLS_RSA_WITH_RC4_128_SHA, cipher_rc4, ssl_mac_sha, kea_rsa, ssl_hash_none },
-      { TLS_RSA_WITH_DES_CBC_SHA, cipher_des, ssl_mac_sha, kea_rsa, ssl_hash_none },
-      { TLS_RSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, ssl_mac_sha, kea_rsa, ssl_hash_none },
-      { TLS_DHE_DSS_WITH_DES_CBC_SHA, cipher_des, ssl_mac_sha, kea_dhe_dss, ssl_hash_none },
-      { TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
-        cipher_3des, ssl_mac_sha, kea_dhe_dss, ssl_hash_none },
-      { TLS_DHE_DSS_WITH_RC4_128_SHA, cipher_rc4, ssl_mac_sha, kea_dhe_dss, ssl_hash_none },
-      { TLS_DHE_RSA_WITH_DES_CBC_SHA, cipher_des, ssl_mac_sha, kea_dhe_rsa, ssl_hash_none },
-      { TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
-        cipher_3des, ssl_mac_sha, kea_dhe_rsa, ssl_hash_none },
-
-      /* New TLS cipher suites */
-      { TLS_RSA_WITH_AES_128_CBC_SHA, cipher_aes_128, ssl_mac_sha, kea_rsa, ssl_hash_none },
-      { TLS_RSA_WITH_AES_128_CBC_SHA256, cipher_aes_128, ssl_hmac_sha256, kea_rsa, ssl_hash_sha256 },
-      { TLS_DHE_DSS_WITH_AES_128_CBC_SHA, cipher_aes_128, ssl_mac_sha, kea_dhe_dss, ssl_hash_none },
-      { TLS_DHE_RSA_WITH_AES_128_CBC_SHA, cipher_aes_128, ssl_mac_sha, kea_dhe_rsa, ssl_hash_none },
-      { TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, cipher_aes_128, ssl_hmac_sha256, kea_dhe_rsa, ssl_hash_sha256 },
-      { TLS_RSA_WITH_AES_256_CBC_SHA, cipher_aes_256, ssl_mac_sha, kea_rsa, ssl_hash_none },
-      { TLS_RSA_WITH_AES_256_CBC_SHA256, cipher_aes_256, ssl_hmac_sha256, kea_rsa, ssl_hash_sha256 },
-      { TLS_DHE_DSS_WITH_AES_256_CBC_SHA, cipher_aes_256, ssl_mac_sha, kea_dhe_dss, ssl_hash_none },
-      { TLS_DHE_RSA_WITH_AES_256_CBC_SHA, cipher_aes_256, ssl_mac_sha, kea_dhe_rsa, ssl_hash_none },
-      { TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, cipher_aes_256, ssl_hmac_sha256, kea_dhe_rsa, ssl_hash_sha256 },
-      { TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, cipher_aes_256_gcm, ssl_mac_aead, kea_dhe_rsa, ssl_hash_sha384 },
-
-      { TLS_RSA_WITH_SEED_CBC_SHA, cipher_seed, ssl_mac_sha, kea_rsa, ssl_hash_none },
-
-      { TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, cipher_camellia_128, ssl_mac_sha, kea_rsa, ssl_hash_none },
-      { TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
-        cipher_camellia_128, ssl_mac_sha, kea_dhe_dss, ssl_hash_none },
-      { TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
-        cipher_camellia_128, ssl_mac_sha, kea_dhe_rsa, ssl_hash_none },
-      { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, cipher_camellia_256, ssl_mac_sha, kea_rsa, ssl_hash_none },
-      { TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
-        cipher_camellia_256, ssl_mac_sha, kea_dhe_dss, ssl_hash_none },
-      { TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
-        cipher_camellia_256, ssl_mac_sha, kea_dhe_rsa, ssl_hash_none },
-
-      { TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, ssl_mac_aead, kea_dhe_rsa, ssl_hash_sha256 },
-      { TLS_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, ssl_mac_aead, kea_rsa, ssl_hash_sha256 },
-
-      { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, ssl_mac_aead, kea_ecdhe_rsa, ssl_hash_sha256 },
-      { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, ssl_mac_aead, kea_ecdhe_ecdsa, ssl_hash_sha256 },
-      { TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, cipher_aes_256_gcm, ssl_mac_aead, kea_ecdhe_ecdsa, ssl_hash_sha384 },
-      { TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, cipher_aes_256_gcm, ssl_mac_aead, kea_ecdhe_rsa, ssl_hash_sha384 },
-      { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, cipher_aes_256, ssl_hmac_sha384, kea_ecdhe_ecdsa, ssl_hash_sha384 },
-      { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, cipher_aes_256, ssl_hmac_sha384, kea_ecdhe_rsa, ssl_hash_sha384 },
-      { TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, ssl_mac_aead, kea_dhe_dss, ssl_hash_sha256 },
-      { TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, cipher_aes_128, ssl_hmac_sha256, kea_dhe_dss, ssl_hash_sha256 },
-      { TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, cipher_aes_256, ssl_hmac_sha256, kea_dhe_dss, ssl_hash_sha256 },
-      { TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, cipher_aes_256_gcm, ssl_mac_aead, kea_dhe_dss, ssl_hash_sha384 },
-      { TLS_RSA_WITH_AES_256_GCM_SHA384, cipher_aes_256_gcm, ssl_mac_aead, kea_rsa, ssl_hash_sha384 },
-
-      { TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, cipher_chacha20, ssl_mac_aead, kea_dhe_rsa, ssl_hash_sha256 },
-
-      { TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, cipher_chacha20, ssl_mac_aead, kea_ecdhe_rsa, ssl_hash_sha256 },
-      { TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, cipher_chacha20, ssl_mac_aead, kea_ecdhe_ecdsa, ssl_hash_sha256 },
-
-      { TLS_ECDH_ECDSA_WITH_NULL_SHA, cipher_null, ssl_mac_sha, kea_ecdh_ecdsa, ssl_hash_none },
-      { TLS_ECDH_ECDSA_WITH_RC4_128_SHA, cipher_rc4, ssl_mac_sha, kea_ecdh_ecdsa, ssl_hash_none },
-      { TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, ssl_mac_sha, kea_ecdh_ecdsa, ssl_hash_none },
-      { TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, cipher_aes_128, ssl_mac_sha, kea_ecdh_ecdsa, ssl_hash_none },
-      { TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, cipher_aes_256, ssl_mac_sha, kea_ecdh_ecdsa, ssl_hash_none },
-
-      { TLS_ECDHE_ECDSA_WITH_NULL_SHA, cipher_null, ssl_mac_sha, kea_ecdhe_ecdsa, ssl_hash_none },
-      { TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, cipher_rc4, ssl_mac_sha, kea_ecdhe_ecdsa, ssl_hash_none },
-      { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, ssl_mac_sha, kea_ecdhe_ecdsa, ssl_hash_none },
-      { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, cipher_aes_128, ssl_mac_sha, kea_ecdhe_ecdsa, ssl_hash_none },
-      { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, cipher_aes_128, ssl_hmac_sha256, kea_ecdhe_ecdsa, ssl_hash_sha256 },
-      { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, cipher_aes_256, ssl_mac_sha, kea_ecdhe_ecdsa, ssl_hash_none },
-
-      { TLS_ECDH_RSA_WITH_NULL_SHA, cipher_null, ssl_mac_sha, kea_ecdh_rsa, ssl_hash_none },
-      { TLS_ECDH_RSA_WITH_RC4_128_SHA, cipher_rc4, ssl_mac_sha, kea_ecdh_rsa, ssl_hash_none },
-      { TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, ssl_mac_sha, kea_ecdh_rsa, ssl_hash_none },
-      { TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, cipher_aes_128, ssl_mac_sha, kea_ecdh_rsa, ssl_hash_none },
-      { TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, cipher_aes_256, ssl_mac_sha, kea_ecdh_rsa, ssl_hash_none },
-
-      { TLS_ECDHE_RSA_WITH_NULL_SHA, cipher_null, ssl_mac_sha, kea_ecdhe_rsa, ssl_hash_none },
-      { TLS_ECDHE_RSA_WITH_RC4_128_SHA, cipher_rc4, ssl_mac_sha, kea_ecdhe_rsa, ssl_hash_none },
-      { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, ssl_mac_sha, kea_ecdhe_rsa, ssl_hash_none },
-      { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, cipher_aes_128, ssl_mac_sha, kea_ecdhe_rsa, ssl_hash_none },
-      { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, cipher_aes_128, ssl_hmac_sha256, kea_ecdhe_rsa, ssl_hash_sha256 },
-      { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, cipher_aes_256, ssl_mac_sha, kea_ecdhe_rsa, ssl_hash_none },
-
-      { TLS_AES_128_GCM_SHA256, cipher_aes_128_gcm, ssl_mac_aead, kea_tls13_any, ssl_hash_sha256 },
-      { TLS_CHACHA20_POLY1305_SHA256, cipher_chacha20, ssl_mac_aead, kea_tls13_any, ssl_hash_sha256 },
-      { TLS_AES_256_GCM_SHA384, cipher_aes_256_gcm, ssl_mac_aead, kea_tls13_any, ssl_hash_sha384 },
-    };
+{
+/*  cipher_suite                    bulk_cipher_alg mac_alg key_exchange_alg prf_hash */
+/*  Note that the prf_hash_alg is the hash function used by the PRF, see sslimpl.h.  */
+
+    {TLS_NULL_WITH_NULL_NULL,       cipher_null,   mac_null, kea_null, ssl_hash_none},
+    {TLS_RSA_WITH_NULL_MD5,         cipher_null,   mac_md5, kea_rsa, ssl_hash_none},
+    {TLS_RSA_WITH_NULL_SHA,         cipher_null,   mac_sha, kea_rsa, ssl_hash_none},
+    {TLS_RSA_WITH_NULL_SHA256,      cipher_null,   hmac_sha256, kea_rsa, ssl_hash_sha256},
+    {TLS_RSA_WITH_RC4_128_MD5,      cipher_rc4,    mac_md5, kea_rsa, ssl_hash_none},
+    {TLS_RSA_WITH_RC4_128_SHA,      cipher_rc4,    mac_sha, kea_rsa, ssl_hash_none},
+    {TLS_RSA_WITH_DES_CBC_SHA,      cipher_des,    mac_sha, kea_rsa, ssl_hash_none},
+    {TLS_RSA_WITH_3DES_EDE_CBC_SHA, cipher_3des,   mac_sha, kea_rsa, ssl_hash_none},
+    {TLS_DHE_DSS_WITH_DES_CBC_SHA,  cipher_des,    mac_sha, kea_dhe_dss, ssl_hash_none},
+    {TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
+                                    cipher_3des,   mac_sha, kea_dhe_dss, ssl_hash_none},
+    {TLS_DHE_DSS_WITH_RC4_128_SHA,  cipher_rc4,    mac_sha, kea_dhe_dss, ssl_hash_none},
+    {TLS_DHE_RSA_WITH_DES_CBC_SHA,  cipher_des,    mac_sha, kea_dhe_rsa, ssl_hash_none},
+    {TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
+                                    cipher_3des,   mac_sha, kea_dhe_rsa, ssl_hash_none},
+
+
+/* New TLS cipher suites */
+    {TLS_RSA_WITH_AES_128_CBC_SHA,      cipher_aes_128, mac_sha, kea_rsa, ssl_hash_none},
+    {TLS_RSA_WITH_AES_128_CBC_SHA256,   cipher_aes_128, hmac_sha256, kea_rsa, ssl_hash_sha256},
+    {TLS_DHE_DSS_WITH_AES_128_CBC_SHA,  cipher_aes_128, mac_sha, kea_dhe_dss, ssl_hash_none},
+    {TLS_DHE_RSA_WITH_AES_128_CBC_SHA,  cipher_aes_128, mac_sha, kea_dhe_rsa, ssl_hash_none},
+    {TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, cipher_aes_128, hmac_sha256, kea_dhe_rsa, ssl_hash_sha256},
+    {TLS_RSA_WITH_AES_256_CBC_SHA,      cipher_aes_256, mac_sha, kea_rsa, ssl_hash_none},
+    {TLS_RSA_WITH_AES_256_CBC_SHA256,   cipher_aes_256, hmac_sha256, kea_rsa, ssl_hash_sha256},
+    {TLS_DHE_DSS_WITH_AES_256_CBC_SHA,  cipher_aes_256, mac_sha, kea_dhe_dss, ssl_hash_none},
+    {TLS_DHE_RSA_WITH_AES_256_CBC_SHA,  cipher_aes_256, mac_sha, kea_dhe_rsa, ssl_hash_none},
+    {TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, cipher_aes_256, hmac_sha256, kea_dhe_rsa, ssl_hash_sha256},
+    {TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, cipher_aes_256_gcm, mac_aead, kea_dhe_rsa, ssl_hash_sha384},
+
+    {TLS_RSA_WITH_SEED_CBC_SHA,     cipher_seed,   mac_sha, kea_rsa, ssl_hash_none},
+
+    {TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, cipher_camellia_128, mac_sha, kea_rsa, ssl_hash_none},
+    {TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
+     cipher_camellia_128, mac_sha, kea_dhe_dss, ssl_hash_none},
+    {TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
+     cipher_camellia_128, mac_sha, kea_dhe_rsa, ssl_hash_none},
+    {TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, cipher_camellia_256, mac_sha, kea_rsa, ssl_hash_none},
+    {TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
+     cipher_camellia_256, mac_sha, kea_dhe_dss, ssl_hash_none},
+    {TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
+     cipher_camellia_256, mac_sha, kea_dhe_rsa, ssl_hash_none},
+
+    {TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_dhe_rsa, ssl_hash_sha256},
+    {TLS_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_rsa, ssl_hash_sha256},
+
+    {TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_rsa, ssl_hash_sha256},
+    {TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_ecdsa, ssl_hash_sha256},
+    {TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, cipher_aes_256_gcm, mac_aead, kea_ecdhe_ecdsa, ssl_hash_sha384},
+    {TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, cipher_aes_256_gcm, mac_aead, kea_ecdhe_rsa, ssl_hash_sha384},
+    {TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, cipher_aes_256, hmac_sha384, kea_ecdhe_ecdsa, ssl_hash_sha384},
+    {TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, cipher_aes_256, hmac_sha384, kea_ecdhe_rsa, ssl_hash_sha384},
+    {TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_dhe_dss, ssl_hash_sha256},
+    {TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, cipher_aes_128, hmac_sha256, kea_dhe_dss, ssl_hash_sha256},
+    {TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, cipher_aes_256, hmac_sha256, kea_dhe_dss, ssl_hash_sha256},
+    {TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, cipher_aes_256_gcm, mac_aead, kea_dhe_dss, ssl_hash_sha384},
+    {TLS_RSA_WITH_AES_256_GCM_SHA384, cipher_aes_256_gcm, mac_aead, kea_rsa, ssl_hash_sha384},
+
+    {TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, cipher_chacha20, mac_aead, kea_dhe_rsa, ssl_hash_sha256},
+
+    {TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, cipher_chacha20, mac_aead, kea_ecdhe_rsa, ssl_hash_sha256},
+    {TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, cipher_chacha20, mac_aead, kea_ecdhe_ecdsa, ssl_hash_sha256},
+
+    {TLS_ECDH_ECDSA_WITH_NULL_SHA,        cipher_null, mac_sha, kea_ecdh_ecdsa, ssl_hash_none},
+    {TLS_ECDH_ECDSA_WITH_RC4_128_SHA,      cipher_rc4, mac_sha, kea_ecdh_ecdsa, ssl_hash_none},
+    {TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_ecdh_ecdsa, ssl_hash_none},
+    {TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_ecdh_ecdsa, ssl_hash_none},
+    {TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_ecdh_ecdsa, ssl_hash_none},
+
+    {TLS_ECDHE_ECDSA_WITH_NULL_SHA,        cipher_null, mac_sha, kea_ecdhe_ecdsa, ssl_hash_none},
+    {TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,      cipher_rc4, mac_sha, kea_ecdhe_ecdsa, ssl_hash_none},
+    {TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_ecdhe_ecdsa, ssl_hash_none},
+    {TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_ecdhe_ecdsa, ssl_hash_none},
+    {TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, cipher_aes_128, hmac_sha256, kea_ecdhe_ecdsa, ssl_hash_sha256},
+    {TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_ecdhe_ecdsa, ssl_hash_none},
+
+    {TLS_ECDH_RSA_WITH_NULL_SHA,         cipher_null,    mac_sha, kea_ecdh_rsa, ssl_hash_none},
+    {TLS_ECDH_RSA_WITH_RC4_128_SHA,      cipher_rc4,     mac_sha, kea_ecdh_rsa, ssl_hash_none},
+    {TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, cipher_3des,    mac_sha, kea_ecdh_rsa, ssl_hash_none},
+    {TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,  cipher_aes_128, mac_sha, kea_ecdh_rsa, ssl_hash_none},
+    {TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,  cipher_aes_256, mac_sha, kea_ecdh_rsa, ssl_hash_none},
+
+    {TLS_ECDHE_RSA_WITH_NULL_SHA,         cipher_null,    mac_sha, kea_ecdhe_rsa, ssl_hash_none},
+    {TLS_ECDHE_RSA_WITH_RC4_128_SHA,      cipher_rc4,     mac_sha, kea_ecdhe_rsa, ssl_hash_none},
+    {TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, cipher_3des,    mac_sha, kea_ecdhe_rsa, ssl_hash_none},
+    {TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,  cipher_aes_128, mac_sha, kea_ecdhe_rsa, ssl_hash_none},
+    {TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, cipher_aes_128, hmac_sha256, kea_ecdhe_rsa, ssl_hash_sha256},
+    {TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,  cipher_aes_256, mac_sha, kea_ecdhe_rsa, ssl_hash_none},
+
+    {TLS_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_tls13_any, ssl_hash_sha256},
+    {TLS_CHACHA20_POLY1305_SHA256, cipher_chacha20, mac_aead, kea_tls13_any, ssl_hash_sha256},
+    {TLS_AES_256_GCM_SHA384, cipher_aes_256_gcm, mac_aead, kea_tls13_any, ssl_hash_sha384},
+};
+/* clang-format on */
 
 static const CK_MECHANISM_TYPE auth_alg_defs[] = {
     CKM_INVALID_MECHANISM, /* ssl_auth_null */
@@ -377,20 +471,44 @@ typedef struct SSLCipher2MechStr {
 /* indexed by type SSLCipherAlgorithm */
 static const SSLCipher2Mech alg2Mech[] = {
     /* calg,          cmech  */
-    { ssl_calg_null, CKM_INVALID_MECHANISM },
-    { ssl_calg_rc4, CKM_RC4 },
-    { ssl_calg_rc2, CKM_RC2_CBC },
-    { ssl_calg_des, CKM_DES_CBC },
-    { ssl_calg_3des, CKM_DES3_CBC },
-    { ssl_calg_idea, CKM_IDEA_CBC },
-    { ssl_calg_fortezza, CKM_SKIPJACK_CBC64 },
-    { ssl_calg_aes, CKM_AES_CBC },
-    { ssl_calg_camellia, CKM_CAMELLIA_CBC },
-    { ssl_calg_seed, CKM_SEED_CBC },
-    { ssl_calg_aes_gcm, CKM_AES_GCM },
-    { ssl_calg_chacha20, CKM_NSS_CHACHA20_POLY1305 },
+    { calg_null, (CK_MECHANISM_TYPE)0x80000000L },
+    { calg_rc4, CKM_RC4 },
+    { calg_rc2, CKM_RC2_CBC },
+    { calg_des, CKM_DES_CBC },
+    { calg_3des, CKM_DES3_CBC },
+    { calg_idea, CKM_IDEA_CBC },
+    { calg_fortezza, CKM_SKIPJACK_CBC64 },
+    { calg_aes, CKM_AES_CBC },
+    { calg_camellia, CKM_CAMELLIA_CBC },
+    { calg_seed, CKM_SEED_CBC },
+    { calg_aes_gcm, CKM_AES_GCM },
+    { calg_chacha20, CKM_NSS_CHACHA20_POLY1305 },
+    /*  { calg_init     , (CK_MECHANISM_TYPE)0x7fffffffL    }  */
 };
 
+#define mmech_invalid (CK_MECHANISM_TYPE)0x80000000L
+#define mmech_md5 CKM_SSL3_MD5_MAC
+#define mmech_sha CKM_SSL3_SHA1_MAC
+#define mmech_md5_hmac CKM_MD5_HMAC
+#define mmech_sha_hmac CKM_SHA_1_HMAC
+#define mmech_sha256_hmac CKM_SHA256_HMAC
+#define mmech_sha384_hmac CKM_SHA384_HMAC
+
+/* clang-format off */
+static const ssl3MACDef mac_defs[] = { /* indexed by SSL3MACAlgorithm */
+    /* pad_size is only used for SSL 3.0 MAC. See RFC 6101 Sec. 5.2.3.1. */
+    /* mac      mmech       pad_size  mac_size                       */
+    { mac_null, mmech_invalid,    0,  0         ,  0},
+    { mac_md5,  mmech_md5,       48,  MD5_LENGTH,  SEC_OID_HMAC_MD5 },
+    { mac_sha,  mmech_sha,       40,  SHA1_LENGTH, SEC_OID_HMAC_SHA1},
+    {hmac_md5,  mmech_md5_hmac,   0,  MD5_LENGTH,  SEC_OID_HMAC_MD5},
+    {hmac_sha,  mmech_sha_hmac,   0,  SHA1_LENGTH, SEC_OID_HMAC_SHA1},
+    {hmac_sha256, mmech_sha256_hmac, 0, SHA256_LENGTH, SEC_OID_HMAC_SHA256},
+    { mac_aead, mmech_invalid,    0,  0, 0 },
+    {hmac_sha384, mmech_sha384_hmac, 0, SHA384_LENGTH, SEC_OID_HMAC_SHA384}
+};
+/* clang-format on */
+
 const PRUint8 tls13_downgrade_random[] = { 0x44, 0x4F, 0x57, 0x4E,
                                            0x47, 0x52, 0x44, 0x01 };
 const PRUint8 tls12_downgrade_random[] = { 0x44, 0x4F, 0x57, 0x4E,
@@ -436,57 +554,48 @@ ssl3_DecodeHandshakeType(int msgType)
     static char line[40];
 
     switch (msgType) {
-        case ssl_hs_hello_request:
+        case hello_request:
             rv = "hello_request (0)";
             break;
-        case ssl_hs_client_hello:
+        case client_hello:
             rv = "client_hello  (1)";
             break;
-        case ssl_hs_server_hello:
+        case server_hello:
             rv = "server_hello  (2)";
             break;
-        case ssl_hs_hello_verify_request:
+        case hello_verify_request:
             rv = "hello_verify_request (3)";
             break;
-        case ssl_hs_new_session_ticket:
-            rv = "new_session_ticket (4)";
-            break;
-        case ssl_hs_end_of_early_data:
-            rv = "end_of_early_data (5)";
+        case new_session_ticket:
+            rv = "session_ticket (4)";
             break;
-        case ssl_hs_hello_retry_request:
+        case hello_retry_request:
             rv = "hello_retry_request (6)";
             break;
-        case ssl_hs_encrypted_extensions:
+        case encrypted_extensions:
             rv = "encrypted_extensions (8)";
             break;
-        case ssl_hs_certificate:
+        case certificate:
             rv = "certificate  (11)";
             break;
-        case ssl_hs_server_key_exchange:
+        case server_key_exchange:
             rv = "server_key_exchange (12)";
             break;
-        case ssl_hs_certificate_request:
+        case certificate_request:
             rv = "certificate_request (13)";
             break;
-        case ssl_hs_server_hello_done:
+        case server_hello_done:
             rv = "server_hello_done   (14)";
             break;
-        case ssl_hs_certificate_verify:
+        case certificate_verify:
             rv = "certificate_verify  (15)";
             break;
-        case ssl_hs_client_key_exchange:
+        case client_key_exchange:
             rv = "client_key_exchange (16)";
             break;
-        case ssl_hs_finished:
+        case finished:
             rv = "finished     (20)";
             break;
-        case ssl_hs_certificate_status:
-            rv = "certificate_status  (22)";
-            break;
-        case ssl_hs_key_update:
-            rv = "key_update   (24)";
-            break;
         default:
             sprintf(line, "*UNKNOWN* handshake type! (%d)", msgType);
             rv = line;
@@ -513,9 +622,6 @@ ssl3_DecodeContentType(int msgType)
         case content_application_data:
             rv = "application_data (23)";
             break;
-        case content_ack:
-            rv = "ack (25)";
-            break;
         default:
             sprintf(line, "*UNKNOWN* record type! (%d)", msgType);
             rv = line;
@@ -768,12 +874,20 @@ ssl_HasCert(const sslSocket *ss, SSLAuthType authType)
     return PR_FALSE;
 }
 
+const ssl3BulkCipherDef *
+ssl_GetBulkCipherDef(const ssl3CipherSuiteDef *cipher_def)
+{
+    PORT_Assert(cipher_def->bulk_cipher_alg < PR_ARRAY_SIZE(bulk_cipher_defs));
+    PORT_Assert(bulk_cipher_defs[cipher_def->bulk_cipher_alg].cipher == cipher_def->bulk_cipher_alg);
+    return &bulk_cipher_defs[cipher_def->bulk_cipher_alg];
+}
+
 /* Initialize the suite->isPresent value for config_match
  * Returns count of enabled ciphers supported by extant tokens,
  * regardless of policy or user preference.
  * If this returns zero, the user cannot do SSL v3.
  */
-unsigned int
+int
 ssl3_config_match_init(sslSocket *ss)
 {
     ssl3CipherSuiteCfg *suite;
@@ -782,9 +896,9 @@ ssl3_config_match_init(sslSocket *ss)
     CK_MECHANISM_TYPE cipher_mech;
     SSLAuthType authType;
     SSLKEAType keaType;
-    unsigned int i;
-    unsigned int numPresent = 0;
-    unsigned int numEnabled = 0;
+    int i;
+    int numPresent = 0;
+    int numEnabled = 0;
 
     PORT_Assert(ss);
     if (!ss) {
@@ -795,7 +909,6 @@ ssl3_config_match_init(sslSocket *ss)
         return 0;
     }
 
-    ssl_FilterSupportedGroups(ss);
     for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) {
         suite = &ss->cipherSuites[i];
         if (suite->enabled) {
@@ -831,7 +944,7 @@ ssl3_config_match_init(sslSocket *ss)
                 suite->isPresent = PR_FALSE;
             }
 
-            if (cipher_alg != ssl_calg_null &&
+            if (cipher_alg != calg_null &&
                 !PK11_TokenExists(cipher_mech)) {
                 suite->isPresent = PR_FALSE;
             }
@@ -842,7 +955,7 @@ ssl3_config_match_init(sslSocket *ss)
         }
     }
     PORT_Assert(numPresent > 0 || numEnabled == 0);
-    if (numPresent == 0) {
+    if (numPresent <= 0) {
         PORT_SetError(SSL_ERROR_NO_CIPHERS_SUPPORTED);
     }
     return numPresent;
@@ -887,10 +1000,10 @@ config_match(const ssl3CipherSuiteCfg *suite, int policy,
 
 /* Return the number of cipher suites that are usable. */
 /* called from ssl3_SendClientHello */
-static unsigned int
+static int
 count_cipher_suites(sslSocket *ss, int policy)
 {
-    unsigned int i, count = 0;
+    int i, count = 0;
 
     if (SSL_ALL_VERSIONS_DISABLED(&ss->vrange)) {
         return 0;
@@ -899,7 +1012,7 @@ count_cipher_suites(sslSocket *ss, int policy)
         if (config_match(&ss->cipherSuites[i], policy, &ss->vrange, ss))
             count++;
     }
-    if (count == 0) {
+    if (count <= 0) {
         PORT_SetError(SSL_ERROR_SSL_DISABLED);
     }
     return count;
@@ -908,7 +1021,7 @@ count_cipher_suites(sslSocket *ss, int policy)
 /*
  * Null compression, mac and encryption functions
  */
-SECStatus
+static SECStatus
 Null_Cipher(void *ctx, unsigned char *output, int *outputLen, int maxOutputLen,
             const unsigned char *input, int inputLen)
 {
@@ -928,19 +1041,6 @@ Null_Cipher(void *ctx, unsigned char *output, int *outputLen, int maxOutputLen,
  * SSL3 Utility functions
  */
 
-static void
-ssl_SetSpecVersions(sslSocket *ss, ssl3CipherSpec *spec)
-{
-    spec->version = ss->version;
-    if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_3) {
-        tls13_SetSpecRecordVersion(ss, spec);
-    } else if (IS_DTLS(ss)) {
-        spec->recordVersion = dtls_TLSVersionToDTLSVersion(ss->version);
-    } else {
-        spec->recordVersion = ss->version;
-    }
-}
-
 /* allowLargerPeerVersion controls whether the function will select the
  * highest enabled SSL version or fail when peerVersion is greater than the
  * highest enabled version.
@@ -952,8 +1052,6 @@ SECStatus
 ssl3_NegotiateVersion(sslSocket *ss, SSL3ProtocolVersion peerVersion,
                       PRBool allowLargerPeerVersion)
 {
-    SSL3ProtocolVersion negotiated;
-
     if (SSL_ALL_VERSIONS_DISABLED(&ss->vrange)) {
         PORT_SetError(SSL_ERROR_SSL_DISABLED);
         return SECFailure;
@@ -965,14 +1063,9 @@ ssl3_NegotiateVersion(sslSocket *ss, SSL3ProtocolVersion peerVersion,
         return SECFailure;
     }
 
-    negotiated = PR_MIN(peerVersion, ss->vrange.max);
-    PORT_Assert(ssl3_VersionIsSupported(ss->protocolVariant, negotiated));
-    if (ss->firstHsDone && ss->version != negotiated) {
-        PORT_SetError(SSL_ERROR_UNSUPPORTED_VERSION);
-        return SECFailure;
-    }
+    ss->version = PR_MIN(peerVersion, ss->vrange.max);
+    PORT_Assert(ssl3_VersionIsSupported(ss->protocolVariant, ss->version));
 
-    ss->version = negotiated;
     return SECSuccess;
 }
 
@@ -1011,16 +1104,24 @@ ssl_ClientReadVersion(sslSocket *ss, PRUint8 **b, unsigned int *len,
         v = dtls_DTLSVersionToTLSVersion(v);
     }
 
+    PORT_Assert(!SSL_ALL_VERSIONS_DISABLED(&ss->vrange));
+    if (ss->vrange.min > v || ss->vrange.max < v) {
+        (void)SSL3_SendAlert(ss, alert_fatal,
+                             (v > SSL_LIBRARY_VERSION_3_0) ? protocol_version
+                                                           : handshake_failure);
+        PORT_SetError(SSL_ERROR_UNSUPPORTED_VERSION);
+        return SECFailure;
+    }
     *version = v;
     return SECSuccess;
 }
 
 static SECStatus
-ssl3_GetNewRandom(SSL3Random random)
+ssl3_GetNewRandom(SSL3Random *random)
 {
     SECStatus rv;
 
-    rv = PK11_GenerateRandom(random, SSL3_RANDOM_LENGTH);
+    rv = PK11_GenerateRandom(random->rand, SSL3_RANDOM_LENGTH);
     if (rv != SECSuccess) {
         ssl_MapLowLevelError(SSL_ERROR_GENERATE_RANDOM_FAILURE);
     }
@@ -1034,7 +1135,7 @@ ssl3_SignHashes(sslSocket *ss, SSL3Hashes *hash, SECKEYPrivateKey *key,
 {
     SECStatus rv = SECFailure;
     PRBool doDerEncode = PR_FALSE;
-    PRBool isTLS = (PRBool)(ss->version > SSL_LIBRARY_VERSION_3_0);
+    PRBool isTLS = (PRBool)(ss->ssl3.pwSpec->version > SSL_LIBRARY_VERSION_3_0);
     PRBool useRsaPss = ssl_IsRsaPssSignatureScheme(ss->ssl3.hs.signatureScheme);
     SECItem hashItem;
 
@@ -1320,110 +1421,124 @@ static SECStatus
 ssl3_ComputeDHKeyHash(sslSocket *ss, SSLHashType hashAlg, SSL3Hashes *hashes,
                       SECItem dh_p, SECItem dh_g, SECItem dh_Ys, PRBool padY)
 {
-    sslBuffer buf = SSL_BUFFER_EMPTY;
-    SECStatus rv;
-    unsigned int yLen;
-    unsigned int i;
+    PRUint8 *hashBuf;
+    PRUint8 *pBuf;
+    SECStatus rv = SECSuccess;
+    unsigned int bufLen, yLen;
+    PRUint8 buf[2 * SSL3_RANDOM_LENGTH + 2 + 4096 / 8 + 2 + 4096 / 8];
 
     PORT_Assert(dh_p.data);
     PORT_Assert(dh_g.data);
     PORT_Assert(dh_Ys.data);
 
-    rv = sslBuffer_Append(&buf, ss->ssl3.hs.client_random, SSL3_RANDOM_LENGTH);
-    if (rv != SECSuccess) {
-        goto loser;
-    }
-    rv = sslBuffer_Append(&buf, ss->ssl3.hs.server_random, SSL3_RANDOM_LENGTH);
-    if (rv != SECSuccess) {
-        goto loser;
-    }
-    /* p */
-    rv = sslBuffer_AppendVariable(&buf, dh_p.data, dh_p.len, 2);
-    if (rv != SECSuccess) {
-        goto loser;
-    }
-    /* g */
-    rv = sslBuffer_AppendVariable(&buf, dh_g.data, dh_g.len, 2);
-    if (rv != SECSuccess) {
-        goto loser;
-    }
-    /* y - complicated by padding */
     yLen = padY ? dh_p.len : dh_Ys.len;
-    rv = sslBuffer_AppendNumber(&buf, yLen, 2);
-    if (rv != SECSuccess) {
-        goto loser;
-    }
-    /* If we're padding Y, dh_Ys can't be longer than dh_p. */
-    PORT_Assert(!padY || dh_p.len >= dh_Ys.len);
-    for (i = dh_Ys.len; i < yLen; ++i) {
-        rv = sslBuffer_AppendNumber(&buf, 0, 1);
-        if (rv != SECSuccess) {
-            goto loser;
+    bufLen = 2 * SSL3_RANDOM_LENGTH +
+             2 + dh_p.len +
+             2 + dh_g.len +
+             2 + yLen;
+    if (bufLen <= sizeof buf) {
+        hashBuf = buf;
+    } else {
+        hashBuf = PORT_Alloc(bufLen);
+        if (!hashBuf) {
+            return SECFailure;
         }
     }
-    rv = sslBuffer_Append(&buf, dh_Ys.data, dh_Ys.len);
-    if (rv != SECSuccess) {
-        goto loser;
-    }
 
-    rv = ssl3_ComputeCommonKeyHash(hashAlg, SSL_BUFFER_BASE(&buf),
-                                   SSL_BUFFER_LEN(&buf), hashes);
-    if (rv != SECSuccess) {
-        goto loser;
+    memcpy(hashBuf, &ss->ssl3.hs.client_random, SSL3_RANDOM_LENGTH);
+    pBuf = hashBuf + SSL3_RANDOM_LENGTH;
+    memcpy(pBuf, &ss->ssl3.hs.server_random, SSL3_RANDOM_LENGTH);
+    pBuf += SSL3_RANDOM_LENGTH;
+    pBuf = ssl_EncodeUintX(dh_p.len, 2, pBuf);
+    memcpy(pBuf, dh_p.data, dh_p.len);
+    pBuf += dh_p.len;
+    pBuf = ssl_EncodeUintX(dh_g.len, 2, pBuf);
+    memcpy(pBuf, dh_g.data, dh_g.len);
+    pBuf += dh_g.len;
+    pBuf = ssl_EncodeUintX(yLen, 2, pBuf);
+    if (padY && dh_p.len > dh_Ys.len) {
+        memset(pBuf, 0, dh_p.len - dh_Ys.len);
+        pBuf += dh_p.len - dh_Ys.len;
     }
+    /* If we're padding Y, dh_Ys can't be longer than dh_p. */
+    PORT_Assert(!padY || dh_p.len >= dh_Ys.len);
+    memcpy(pBuf, dh_Ys.data, dh_Ys.len);
+    pBuf += dh_Ys.len;
+    PORT_Assert((unsigned int)(pBuf - hashBuf) == bufLen);
 
-    PRINT_BUF(95, (NULL, "DHkey hash: ", SSL_BUFFER_BASE(&buf),
-                   SSL_BUFFER_LEN(&buf)));
-    if (hashAlg == ssl_hash_none) {
-        PRINT_BUF(95, (NULL, "DHkey hash: MD5 result",
-                       hashes->u.s.md5, MD5_LENGTH));
-        PRINT_BUF(95, (NULL, "DHkey hash: SHA1 result",
-                       hashes->u.s.sha, SHA1_LENGTH));
-    } else {
-        PRINT_BUF(95, (NULL, "DHkey hash: result",
-                       hashes->u.raw, hashes->len));
-    }
+    rv = ssl3_ComputeCommonKeyHash(hashAlg, hashBuf, bufLen, hashes);
 
-    sslBuffer_Clear(&buf);
-    return SECSuccess;
+    PRINT_BUF(95, (NULL, "DHkey hash: ", hashBuf, bufLen));
+    if (rv == SECSuccess) {
+        if (hashAlg == ssl_hash_none) {
+            PRINT_BUF(95, (NULL, "DHkey hash: MD5 result",
+                           hashes->u.s.md5, MD5_LENGTH));
+            PRINT_BUF(95, (NULL, "DHkey hash: SHA1 result",
+                           hashes->u.s.sha, SHA1_LENGTH));
+        } else {
+            PRINT_BUF(95, (NULL, "DHkey hash: result",
+                           hashes->u.raw, hashes->len));
+        }
+    }
 
-loser:
-    sslBuffer_Clear(&buf);
-    return SECFailure;
+    if (hashBuf != buf && hashBuf != NULL)
+        PORT_Free(hashBuf);
+    return rv;
 }
 
-static SECStatus
-ssl3_SetupPendingCipherSpec(sslSocket *ss, CipherSpecDirection direction,
-                            const ssl3CipherSuiteDef *suiteDef,
-                            ssl3CipherSpec **specp)
+/* Called twice, only from ssl3_DestroyCipherSpec (immediately below). */
+static void
+ssl3_CleanupKeyMaterial(ssl3KeyMaterial *mat)
 {
-    ssl3CipherSpec *spec;
-    const ssl3CipherSpec *prev;
-
-    prev = (direction == CipherSpecWrite) ? ss->ssl3.cwSpec : ss->ssl3.crSpec;
-    if (prev->epoch == PR_UINT16_MAX) {
-        PORT_SetError(SSL_ERROR_RENEGOTIATION_NOT_ALLOWED);
-        return SECFailure;
+    if (mat->write_key != NULL) {
+        PK11_FreeSymKey(mat->write_key);
+        mat->write_key = NULL;
     }
-
-    spec = ssl_CreateCipherSpec(ss, direction);
-    if (!spec) {
-        return SECFailure;
+    if (mat->write_mac_key != NULL) {
+        PK11_FreeSymKey(mat->write_mac_key);
+        mat->write_mac_key = NULL;
     }
-
-    spec->cipherDef = ssl_GetBulkCipherDef(suiteDef);
-    spec->macDef = ssl_GetMacDef(ss, suiteDef);
-
-    spec->epoch = prev->epoch + 1;
-    spec->seqNum = 0;
-    if (IS_DTLS(ss) && direction == CipherSpecRead) {
-        dtls_InitRecvdRecords(&spec->recvdRecords);
+    if (mat->write_mac_context != NULL) {
+        PK11_DestroyContext(mat->write_mac_context, PR_TRUE);
+        mat->write_mac_context = NULL;
     }
-    ssl_SetSpecVersions(ss, spec);
+}
 
-    ssl_SaveCipherSpec(ss, spec);
-    *specp = spec;
-    return SECSuccess;
+/* Called from ssl3_SendChangeCipherSpecs() and
+**         ssl3_HandleChangeCipherSpecs()
+**             ssl3_DestroySSL3Info
+** Caller must hold SpecWriteLock.
+*/
+void
+ssl3_DestroyCipherSpec(ssl3CipherSpec *spec, PRBool freeSrvName)
+{
+    /*  PORT_Assert( ss->opt.noLocks || ssl_HaveSpecWriteLock(ss)); Don't have ss! */
+    if (spec->encodeContext) {
+        PK11_DestroyContext(spec->encodeContext, PR_TRUE);
+        spec->encodeContext = NULL;
+    }
+    if (spec->decodeContext) {
+        PK11_DestroyContext(spec->decodeContext, PR_TRUE);
+        spec->decodeContext = NULL;
+    }
+    if (spec->destroyCompressContext && spec->compressContext) {
+        spec->destroyCompressContext(spec->compressContext, 1);
+        spec->compressContext = NULL;
+    }
+    if (spec->destroyDecompressContext && spec->decompressContext) {
+        spec->destroyDecompressContext(spec->decompressContext, 1);
+        spec->decompressContext = NULL;
+    }
+    if (spec->master_secret != NULL) {
+        PK11_FreeSymKey(spec->master_secret);
+        spec->master_secret = NULL;
+    }
+    spec->msItem.data = NULL;
+    spec->msItem.len = 0;
+    ssl3_CleanupKeyMaterial(&spec->client);
+    ssl3_CleanupKeyMaterial(&spec->server);
+    spec->destroyCompressContext = NULL;
+    spec->destroyDecompressContext = NULL;
 }
 
 /* Fill in the pending cipher spec with info from the selected ciphersuite.
@@ -1433,116 +1548,272 @@ ssl3_SetupPendingCipherSpec(sslSocket *ss, CipherSpecDirection direction,
 ** Acquires & releases SpecWriteLock.
 */
 SECStatus
-ssl3_SetupBothPendingCipherSpecs(sslSocket *ss)
+ssl3_SetupPendingCipherSpec(sslSocket *ss)
 {
+    ssl3CipherSpec *pwSpec;
+    ssl3CipherSpec *cwSpec;
     ssl3CipherSuite suite = ss->ssl3.hs.cipher_suite;
+    SSL3MACAlgorithm mac;
     SSL3KeyExchangeAlgorithm kea;
-    const ssl3CipherSuiteDef *suiteDef;
-    SECStatus rv;
+    const ssl3CipherSuiteDef *suite_def;
+    PRBool isTLS;
 
     PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
     PORT_Assert(ss->version < SSL_LIBRARY_VERSION_TLS_1_3);
 
     ssl_GetSpecWriteLock(ss); /*******************************/
 
+    pwSpec = ss->ssl3.pwSpec;
+    PORT_Assert(pwSpec == ss->ssl3.prSpec);
+
     /* This hack provides maximal interoperability with SSL 3 servers. */
-    if (ss->ssl3.cwSpec->macDef->mac == ssl_mac_null) {
+    cwSpec = ss->ssl3.cwSpec;
+    if (cwSpec->mac_def->mac == mac_null) {
         /* SSL records are not being MACed. */
-        ss->ssl3.cwSpec->version = ss->version;
+        cwSpec->version = ss->version;
     }
 
+    pwSpec->version = ss->version;
+    isTLS = (PRBool)(pwSpec->version > SSL_LIBRARY_VERSION_3_0);
+
     SSL_TRC(3, ("%d: SSL3[%d]: Set XXX Pending Cipher Suite to 0x%04x",
                 SSL_GETPID(), ss->fd, suite));
 
-    suiteDef = ssl_LookupCipherSuiteDef(suite);
-    if (suiteDef == NULL) {
-        goto loser;
+    suite_def = ssl_LookupCipherSuiteDef(suite);
+    if (suite_def == NULL) {
+        ssl_ReleaseSpecWriteLock(ss);
+        return SECFailure; /* error code set by ssl_LookupCipherSuiteDef */
     }
 
     if (IS_DTLS(ss)) {
         /* Double-check that we did not pick an RC4 suite */
-        PORT_Assert(suiteDef->bulk_cipher_alg != cipher_rc4);
+        PORT_Assert(suite_def->bulk_cipher_alg != cipher_rc4);
     }
 
-    ss->ssl3.hs.suite_def = suiteDef;
+    kea = suite_def->key_exchange_alg;
+    mac = suite_def->mac_alg;
+    if (mac <= ssl_mac_sha && mac != ssl_mac_null && isTLS)
+        mac += 2;
 
-    kea = suiteDef->key_exchange_alg;
+    ss->ssl3.hs.suite_def = suite_def;
     ss->ssl3.hs.kea_def = &kea_defs[kea];
     PORT_Assert(ss->ssl3.hs.kea_def->kea == kea);
 
-    rv = ssl3_SetupPendingCipherSpec(ss, CipherSpecRead, suiteDef,
-                                     &ss->ssl3.prSpec);
-    if (rv != SECSuccess) {
-        goto loser;
+    pwSpec->cipher_def = ssl_GetBulkCipherDef(suite_def);
+
+    pwSpec->mac_def = &mac_defs[mac];
+    PORT_Assert(pwSpec->mac_def->mac == mac);
+
+    pwSpec->encodeContext = NULL;
+    pwSpec->decodeContext = NULL;
+
+    pwSpec->mac_size = pwSpec->mac_def->mac_size;
+
+    pwSpec->compression_method = ss->ssl3.hs.compression;
+    pwSpec->compressContext = NULL;
+    pwSpec->decompressContext = NULL;
+
+    ssl_ReleaseSpecWriteLock(ss); /*******************************/
+    return SECSuccess;
+}
+
+#ifdef NSS_SSL_ENABLE_ZLIB
+#define SSL3_DEFLATE_CONTEXT_SIZE sizeof(z_stream)
+
+static SECStatus
+ssl3_MapZlibError(int zlib_error)
+{
+    switch (zlib_error) {
+        case Z_OK:
+            return SECSuccess;
+        default:
+            return SECFailure;
     }
-    rv = ssl3_SetupPendingCipherSpec(ss, CipherSpecWrite, suiteDef,
-                                     &ss->ssl3.pwSpec);
-    if (rv != SECSuccess) {
-        goto loser;
+}
+
+static SECStatus
+ssl3_DeflateInit(void *void_context)
+{
+    z_stream *context = void_context;
+    context->zalloc = NULL;
+    context->zfree = NULL;
+    context->opaque = NULL;
+
+    return ssl3_MapZlibError(deflateInit(context, Z_DEFAULT_COMPRESSION));
+}
+
+static SECStatus
+ssl3_InflateInit(void *void_context)
+{
+    z_stream *context = void_context;
+    context->zalloc = NULL;
+    context->zfree = NULL;
+    context->opaque = NULL;
+    context->next_in = NULL;
+    context->avail_in = 0;
+
+    return ssl3_MapZlibError(inflateInit(context));
+}
+
+static SECStatus
+ssl3_DeflateCompress(void *void_context, unsigned char *out, int *out_len,
+                     int maxout, const unsigned char *in, int inlen)
+{
+    z_stream *context = void_context;
+
+    if (!inlen) {
+        *out_len = 0;
+        return SECSuccess;
     }
 
-    ssl_ReleaseSpecWriteLock(ss); /*******************************/
+    context->next_in = (unsigned char *)in;
+    context->avail_in = inlen;
+    context->next_out = out;
+    context->avail_out = maxout;
+    if (deflate(context, Z_SYNC_FLUSH) != Z_OK) {
+        return SECFailure;
+    }
+    if (context->avail_out == 0) {
+        /* We ran out of space! */
+        SSL_TRC(3, ("%d: SSL3[%d] Ran out of buffer while compressing",
+                    SSL_GETPID()));
+        return SECFailure;
+    }
+
+    *out_len = maxout - context->avail_out;
     return SECSuccess;
+}
 
-loser:
-    ssl_ReleaseSpecWriteLock(ss);
-    return SECFailure;
+static SECStatus
+ssl3_DeflateDecompress(void *void_context, unsigned char *out, int *out_len,
+                       int maxout, const unsigned char *in, int inlen)
+{
+    z_stream *context = void_context;
+
+    if (!inlen) {
+        *out_len = 0;
+        return SECSuccess;
+    }
+
+    context->next_in = (unsigned char *)in;
+    context->avail_in = inlen;
+    context->next_out = out;
+    context->avail_out = maxout;
+    if (inflate(context, Z_SYNC_FLUSH) != Z_OK) {
+        PORT_SetError(SSL_ERROR_DECOMPRESSION_FAILURE);
+        return SECFailure;
+    }
+
+    *out_len = maxout - context->avail_out;
+    return SECSuccess;
+}
+
+static SECStatus
+ssl3_DestroyCompressContext(void *void_context, PRBool unused)
+{
+    deflateEnd(void_context);
+    PORT_Free(void_context);
+    return SECSuccess;
 }
 
-/* ssl3_BuildRecordPseudoHeader writes the SSL/TLS pseudo-header (the data which
- * is included in the MAC or AEAD additional data) to |buf|. See
- * https://tools.ietf.org/html/rfc5246#section-6.2.3.3 for the definition of the
- * AEAD additional data.
+static SECStatus
+ssl3_DestroyDecompressContext(void *void_context, PRBool unused)
+{
+    inflateEnd(void_context);
+    PORT_Free(void_context);
+    return SECSuccess;
+}
+
+#endif /* NSS_SSL_ENABLE_ZLIB */
+
+/* Initialize the compression functions and contexts for the given
+ * CipherSpec.  */
+static SECStatus
+ssl3_InitCompressionContext(ssl3CipherSpec *pwSpec)
+{
+    /* Setup the compression functions */
+    switch (pwSpec->compression_method) {
+        case ssl_compression_null:
+            pwSpec->compressor = NULL;
+            pwSpec->decompressor = NULL;
+            pwSpec->compressContext = NULL;
+            pwSpec->decompressContext = NULL;
+            pwSpec->destroyCompressContext = NULL;
+            pwSpec->destroyDecompressContext = NULL;
+            break;
+#ifdef NSS_SSL_ENABLE_ZLIB
+        case ssl_compression_deflate:
+            pwSpec->compressor = ssl3_DeflateCompress;
+            pwSpec->decompressor = ssl3_DeflateDecompress;
+            pwSpec->compressContext = PORT_Alloc(SSL3_DEFLATE_CONTEXT_SIZE);
+            pwSpec->decompressContext = PORT_Alloc(SSL3_DEFLATE_CONTEXT_SIZE);
+            pwSpec->destroyCompressContext = ssl3_DestroyCompressContext;
+            pwSpec->destroyDecompressContext = ssl3_DestroyDecompressContext;
+            ssl3_DeflateInit(pwSpec->compressContext);
+            ssl3_InflateInit(pwSpec->decompressContext);
+            break;
+#endif /* NSS_SSL_ENABLE_ZLIB */
+        default:
+            PORT_Assert(0);
+            PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+            return SECFailure;
+    }
+
+    return SECSuccess;
+}
+
+/* ssl3_BuildRecordPseudoHeader writes the SSL/TLS pseudo-header (the data
+ * which is included in the MAC or AEAD additional data) to |out| and returns
+ * its length. See https://tools.ietf.org/html/rfc5246#section-6.2.3.3 for the
+ * definition of the AEAD additional data.
  *
  * TLS pseudo-header includes the record's version field, SSL's doesn't. Which
- * pseudo-header definition to use should be decided based on the version of
+ * pseudo-header defintiion to use should be decided based on the version of
  * the protocol that was negotiated when the cipher spec became current, NOT
  * based on the version value in the record itself, and the decision is passed
  * to this function as the |includesVersion| argument. But, the |version|
  * argument should be the record's version value.
  */
-static SECStatus
-ssl3_BuildRecordPseudoHeader(DTLSEpoch epoch,
-                             sslSequenceNumber seqNum,
+static unsigned int
+ssl3_BuildRecordPseudoHeader(unsigned char *out,
+                             sslSequenceNumber seq_num,
                              SSL3ContentType type,
                              PRBool includesVersion,
                              SSL3ProtocolVersion version,
                              PRBool isDTLS,
-                             int length,
-                             sslBuffer *buf)
-{
-    SECStatus rv;
-    if (isDTLS) {
-        rv = sslBuffer_AppendNumber(buf, epoch, 2);
-        if (rv != SECSuccess) {
-            return SECFailure;
-        }
-        rv = sslBuffer_AppendNumber(buf, seqNum, 6);
-    } else {
-        rv = sslBuffer_AppendNumber(buf, seqNum, 8);
-    }
-    if (rv != SECSuccess) {
-        return SECFailure;
-    }
-    rv = sslBuffer_AppendNumber(buf, type, 1);
-    if (rv != SECSuccess) {
-        return SECFailure;
-    }
+                             int length)
+{
+    out[0] = (unsigned char)(seq_num >> 56);
+    out[1] = (unsigned char)(seq_num >> 48);
+    out[2] = (unsigned char)(seq_num >> 40);
+    out[3] = (unsigned char)(seq_num >> 32);
+    out[4] = (unsigned char)(seq_num >> 24);
+    out[5] = (unsigned char)(seq_num >> 16);
+    out[6] = (unsigned char)(seq_num >> 8);
+    out[7] = (unsigned char)(seq_num >> 0);
+    out[8] = type;
 
     /* SSL3 MAC doesn't include the record's version field. */
-    if (includesVersion) {
-        /* TLS MAC and AEAD additional data include version. */
-        rv = sslBuffer_AppendNumber(buf, version, 2);
-        if (rv != SECSuccess) {
-            return SECFailure;
-        }
-    }
-    rv = sslBuffer_AppendNumber(buf, length, 2);
-    if (rv != SECSuccess) {
-        return SECFailure;
+    if (!includesVersion) {
+        out[9] = MSB(length);
+        out[10] = LSB(length);
+        return 11;
     }
 
-    return SECSuccess;
+    /* TLS MAC and AEAD additional data include version. */
+    if (isDTLS) {
+        SSL3ProtocolVersion dtls_version;
+
+        dtls_version = dtls_TLSVersionToDTLSVersion(version);
+        out[9] = MSB(dtls_version);
+        out[10] = LSB(dtls_version);
+    } else {
+        out[9] = MSB(version);
+        out[10] = LSB(version);
+    }
+    out[11] = MSB(length);
+    out[12] = LSB(length);
+    return 13;
 }
 
 static SECStatus
@@ -1562,12 +1833,13 @@ ssl3_AESGCM(ssl3KeyMaterial *keys,
     unsigned int uOutLen;
     CK_GCM_PARAMS gcmParams;
 
-    const int tagSize = 16;
-    const int explicitNonceLen = 8;
+    const int tagSize = bulk_cipher_defs[cipher_aes_128_gcm].tag_size;
+    const int explicitNonceLen =
+        bulk_cipher_defs[cipher_aes_128_gcm].explicit_nonce_size;
 
     /* See https://tools.ietf.org/html/rfc5288#section-3 for details of how the
      * nonce is formed. */
-    memcpy(nonce, keys->iv, 4);
+    memcpy(nonce, keys->write_iv, 4);
     if (doDecrypt) {
         memcpy(nonce + 4, in, explicitNonceLen);
         in += explicitNonceLen;
@@ -1596,10 +1868,10 @@ ssl3_AESGCM(ssl3KeyMaterial *keys,
     gcmParams.ulTagBits = tagSize * 8;
 
     if (doDecrypt) {
-        rv = PK11_Decrypt(keys->key, CKM_AES_GCM, &param, out, &uOutLen,
+        rv = PK11_Decrypt(keys->write_key, CKM_AES_GCM, &param, out, &uOutLen,
                           maxout, in, inlen);
     } else {
-        rv = PK11_Encrypt(keys->key, CKM_AES_GCM, &param, out, &uOutLen,
+        rv = PK11_Encrypt(keys->write_key, CKM_AES_GCM, &param, out, &uOutLen,
                           maxout, in, inlen);
     }
     *outlen += (int)uOutLen;
@@ -1621,12 +1893,12 @@ ssl3_ChaCha20Poly1305(ssl3KeyMaterial *keys, PRBool doDecrypt,
     unsigned char nonce[12];
     CK_NSS_AEAD_PARAMS aeadParams;
 
-    const int tagSize = 16;
+    const int tagSize = bulk_cipher_defs[cipher_chacha20].tag_size;
 
     /* See
      * https://tools.ietf.org/html/draft-ietf-tls-chacha20-poly1305-04#section-2
      * for details of how the nonce is formed. */
-    PORT_Memcpy(nonce, keys->iv, 12);
+    PORT_Memcpy(nonce, keys->write_iv, 12);
 
     /* XOR the last 8 bytes of the IV with the sequence number. */
     PORT_Assert(additionalDataLen >= 8);
@@ -1645,10 +1917,10 @@ ssl3_ChaCha20Poly1305(ssl3KeyMaterial *keys, PRBool doDecrypt,
     aeadParams.ulTagLen = tagSize;
 
     if (doDecrypt) {
-        rv = PK11_Decrypt(keys->key, CKM_NSS_CHACHA20_POLY1305, &param,
+        rv = PK11_Decrypt(keys->write_key, CKM_NSS_CHACHA20_POLY1305, &param,
                           out, &uOutLen, maxout, in, inlen);
     } else {
-        rv = PK11_Encrypt(keys->key, CKM_NSS_CHACHA20_POLY1305, &param,
+        rv = PK11_Encrypt(keys->write_key, CKM_NSS_CHACHA20_POLY1305, &param,
                           out, &uOutLen, maxout, in, inlen);
     }
     *outlen = (int)uOutLen;
@@ -1661,31 +1933,44 @@ ssl3_ChaCha20Poly1305(ssl3KeyMaterial *keys, PRBool doDecrypt,
  * Caller holds Spec write lock.
  */
 static SECStatus
-ssl3_InitPendingContexts(sslSocket *ss, ssl3CipherSpec *spec)
+ssl3_InitPendingContexts(sslSocket *ss)
 {
-    CK_MECHANISM_TYPE encMechanism;
-    CK_ATTRIBUTE_TYPE encMode;
-    SECItem macParam;
+    ssl3CipherSpec *pwSpec;
+    const ssl3BulkCipherDef *cipher_def;
+    PK11Context *serverContext = NULL;
+    PK11Context *clientContext = NULL;
+    SECItem *param;
+    CK_MECHANISM_TYPE mechanism;
+    CK_MECHANISM_TYPE mac_mech;
     CK_ULONG macLength;
     SECItem iv;
+    SECItem mac_param;
     SSLCipherAlgorithm calg;
 
     PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
     PORT_Assert(ss->opt.noLocks || ssl_HaveSpecWriteLock(ss));
+    PORT_Assert(ss->ssl3.prSpec == ss->ssl3.pwSpec);
 
-    macLength = spec->macDef->mac_size;
-    calg = spec->cipherDef->calg;
+    pwSpec = ss->ssl3.pwSpec;
+    cipher_def = pwSpec->cipher_def;
+    macLength = pwSpec->mac_size;
+    calg = cipher_def->calg;
     PORT_Assert(alg2Mech[calg].calg == calg);
 
-    if (spec->cipherDef->type == type_aead) {
-        spec->cipher = NULL;
-        spec->cipherContext = NULL;
+    pwSpec->client.write_mac_context = NULL;
+    pwSpec->server.write_mac_context = NULL;
+
+    if (cipher_def->type == type_aead) {
+        pwSpec->encode = NULL;
+        pwSpec->decode = NULL;
+        pwSpec->encodeContext = NULL;
+        pwSpec->decodeContext = NULL;
         switch (calg) {
-            case ssl_calg_aes_gcm:
-                spec->aead = ssl3_AESGCM;
+            case calg_aes_gcm:
+                pwSpec->aead = ssl3_AESGCM;
                 break;
-            case ssl_calg_chacha20:
-                spec->aead = ssl3_ChaCha20Poly1305;
+            case calg_chacha20:
+                pwSpec->aead = ssl3_ChaCha20Poly1305;
                 break;
             default:
                 PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
@@ -1698,43 +1983,128 @@ ssl3_InitPendingContexts(sslSocket *ss, ssl3CipherSpec *spec)
     ** Now setup the MAC contexts,
     **   crypto contexts are setup below.
     */
-    macParam.data = (unsigned char *)&macLength;
-    macParam.len = sizeof(macLength);
-    macParam.type = siBuffer;
 
-    spec->keyMaterial.macContext = PK11_CreateContextBySymKey(
-        spec->macDef->mmech, CKA_SIGN, spec->keyMaterial.macKey, &macParam);
-    if (!spec->keyMaterial.macContext) {
+    mac_mech = pwSpec->mac_def->mmech;
+    mac_param.data = (unsigned char *)&macLength;
+    mac_param.len = sizeof(macLength);
+    mac_param.type = 0;
+
+    pwSpec->client.write_mac_context = PK11_CreateContextBySymKey(
+        mac_mech, CKA_SIGN, pwSpec->client.write_mac_key, &mac_param);
+    if (pwSpec->client.write_mac_context == NULL) {
         ssl_MapLowLevelError(SSL_ERROR_SYM_KEY_CONTEXT_FAILURE);
-        return SECFailure;
+        goto fail;
+    }
+    pwSpec->server.write_mac_context = PK11_CreateContextBySymKey(
+        mac_mech, CKA_SIGN, pwSpec->server.write_mac_key, &mac_param);
+    if (pwSpec->server.write_mac_context == NULL) {
+        ssl_MapLowLevelError(SSL_ERROR_SYM_KEY_CONTEXT_FAILURE);
+        goto fail;
     }
 
     /*
     ** Now setup the crypto contexts.
     */
-    if (calg == ssl_calg_null) {
-        spec->cipher = Null_Cipher;
+
+    if (calg == calg_null) {
+        pwSpec->encode = Null_Cipher;
+        pwSpec->decode = Null_Cipher;
         return SECSuccess;
     }
+    mechanism = ssl3_Alg2Mech(calg);
 
-    spec->cipher = (SSLCipher)PK11_CipherOp;
-    encMechanism = ssl3_Alg2Mech(calg);
-    encMode = (spec->direction == CipherSpecWrite) ? CKA_ENCRYPT : CKA_DECRYPT;
+    /*
+     * build the server context
+     */
+    iv.data = pwSpec->server.write_iv;
+    iv.len = cipher_def->iv_size;
+    param = PK11_ParamFromIV(mechanism, &iv);
+    if (param == NULL) {
+        ssl_MapLowLevelError(SSL_ERROR_IV_PARAM_FAILURE);
+        goto fail;
+    }
+    serverContext = PK11_CreateContextBySymKey(mechanism,
+                                               (ss->sec.isServer ? CKA_ENCRYPT
+                                                                 : CKA_DECRYPT),
+                                               pwSpec->server.write_key, param);
+    iv.data = PK11_IVFromParam(mechanism, param, (int *)&iv.len);
+    if (iv.data)
+        PORT_Memcpy(pwSpec->server.write_iv, iv.data, iv.len);
+    SECITEM_FreeItem(param, PR_TRUE);
+    if (serverContext == NULL) {
+        ssl_MapLowLevelError(SSL_ERROR_SYM_KEY_CONTEXT_FAILURE);
+        goto fail;
+    }
 
     /*
-     * build the context
+     * build the client context
      */
-    iv.data = spec->keyMaterial.iv;
-    iv.len = spec->cipherDef->iv_size;
-    spec->cipherContext = PK11_CreateContextBySymKey(encMechanism, encMode,
-                                                     spec->keyMaterial.key,
-                                                     &iv);
-    if (!spec->cipherContext) {
+    iv.data = pwSpec->client.write_iv;
+    iv.len = cipher_def->iv_size;
+
+    param = PK11_ParamFromIV(mechanism, &iv);
+    if (param == NULL) {
+        ssl_MapLowLevelError(SSL_ERROR_IV_PARAM_FAILURE);
+        goto fail;
+    }
+    clientContext = PK11_CreateContextBySymKey(mechanism,
+                                               (ss->sec.isServer ? CKA_DECRYPT
+                                                                 : CKA_ENCRYPT),
+                                               pwSpec->client.write_key, param);
+    iv.data = PK11_IVFromParam(mechanism, param, (int *)&iv.len);
+    if (iv.data)
+        PORT_Memcpy(pwSpec->client.write_iv, iv.data, iv.len);
+    SECITEM_FreeItem(param, PR_TRUE);
+    if (clientContext == NULL) {
         ssl_MapLowLevelError(SSL_ERROR_SYM_KEY_CONTEXT_FAILURE);
-        return SECFailure;
+        goto fail;
     }
+    pwSpec->encode = (SSLCipher)PK11_CipherOp;
+    pwSpec->decode = (SSLCipher)PK11_CipherOp;
+
+    pwSpec->encodeContext = (ss->sec.isServer) ? serverContext : clientContext;
+    pwSpec->decodeContext = (ss->sec.isServer) ? clientContext : serverContext;
+
+    serverContext = NULL;
+    clientContext = NULL;
+
+    ssl3_InitCompressionContext(pwSpec);
 
     return SECSuccess;
+
+fail:
+    if (serverContext != NULL)
+        PK11_DestroyContext(serverContext, PR_TRUE);
+    if (pwSpec->client.write_mac_context != NULL) {
+        PK11_DestroyContext(pwSpec->client.write_mac_context, PR_TRUE);
+        pwSpec->client.write_mac_context = NULL;
+    }
+    if (pwSpec->server.write_mac_context != NULL) {
+        PK11_DestroyContext(pwSpec->server.write_mac_context, PR_TRUE);
+        pwSpec->server.write_mac_context = NULL;
+    }
+
+    return SECFailure;
+}
+
+HASH_HashType
+ssl3_GetTls12HashType(sslSocket *ss)
+{
+    if (ss->ssl3.pwSpec->version < SSL_LIBRARY_VERSION_TLS_1_2) {
+        return HASH_AlgNULL;
+    }
+
+    switch (ss->ssl3.hs.suite_def->prf_hash) {
+        case ssl_hash_sha384:
+            return HASH_AlgSHA384;
+        case ssl_hash_sha256:
+        case ssl_hash_none:
+            /* ssl_hash_none is for pre-1.2 suites, which use SHA-256. */
+            return HASH_AlgSHA256;
+        default:
+            PORT_Assert(0);
+    }
+    return HASH_AlgSHA256;
 }
 
 /* Complete the initialization of all keys, ciphers, MACs and their contexts
@@ -1744,78 +2114,73 @@ ssl3_InitPendingContexts(sslSocket *ss, ssl3CipherSpec *spec)
  *              ssl3_HandleServerHello      (for session restart)
  *              ssl3_HandleClientHello      (for session restart)
  * Sets error code, but caller probably should override to disambiguate.
+ * NULL pms means re-use old master_secret.
  *
- * If |secret| is a master secret from a previous connection is reused, |derive|
- * is PR_FALSE.  If the secret is a pre-master secret, then |derive| is PR_TRUE
- * and the master secret is derived from |secret|.
+ *  If the old master secret is reused, pms is NULL and the master secret is
+ *  already in pwSpec->master_secret.
  */
 SECStatus
-ssl3_InitPendingCipherSpecs(sslSocket *ss, PK11SymKey *secret, PRBool derive)
+ssl3_InitPendingCipherSpec(sslSocket *ss, PK11SymKey *pms)
 {
-    PK11SymKey *masterSecret;
     ssl3CipherSpec *pwSpec;
-    ssl3CipherSpec *prSpec;
+    ssl3CipherSpec *cwSpec;
     SECStatus rv;
 
     PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-    PORT_Assert(secret);
 
     ssl_GetSpecWriteLock(ss); /**************************************/
 
-    PORT_Assert(ss->ssl3.pwSpec);
-    PORT_Assert(ss->ssl3.cwSpec->epoch == ss->ssl3.crSpec->epoch);
-    prSpec = ss->ssl3.prSpec;
-    pwSpec = ss->ssl3.pwSpec;
+    PORT_Assert(ss->ssl3.prSpec == ss->ssl3.pwSpec);
 
-    if (ss->ssl3.cwSpec->epoch == PR_UINT16_MAX) {
-        /* The problem here is that we have rehandshaked too many
-         * times (you are not allowed to wrap the epoch). The
-         * spec says you should be discarding the connection
-         * and start over, so not much we can do here. */
-        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-        goto loser;
-    }
+    pwSpec = ss->ssl3.pwSpec;
+    cwSpec = ss->ssl3.cwSpec;
 
-    if (derive) {
-        rv = ssl3_ComputeMasterSecret(ss, secret, &masterSecret);
+    if (pms || (!pwSpec->msItem.len && !pwSpec->master_secret)) {
+        rv = ssl3_DeriveMasterSecret(ss, pms);
         if (rv != SECSuccess) {
-            goto loser;
+            goto done; /* err code set by ssl3_DeriveMasterSecret */
         }
-    } else {
-        masterSecret = secret;
     }
-
-    PORT_Assert(masterSecret);
-    rv = ssl3_DeriveConnectionKeys(ss, masterSecret);
-    if (rv != SECSuccess) {
-        if (derive) {
-            /* masterSecret was created here. */
-            PK11_FreeSymKey(masterSecret);
+    if (pwSpec->master_secret) {
+        rv = ssl3_DeriveConnectionKeys(ss);
+        if (rv == SECSuccess) {
+            rv = ssl3_InitPendingContexts(ss);
         }
-        goto loser;
+    } else {
+        PORT_Assert(pwSpec->master_secret);
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        rv = SECFailure;
     }
-
-    /* Both cipher specs maintain a reference to the master secret, since each
-     * is managed and freed independently. */
-    prSpec->masterSecret = masterSecret;
-    pwSpec->masterSecret = PK11_ReferenceSymKey(masterSecret);
-    rv = ssl3_InitPendingContexts(ss, ss->ssl3.prSpec);
     if (rv != SECSuccess) {
-        goto loser;
+        goto done;
     }
 
-    rv = ssl3_InitPendingContexts(ss, ss->ssl3.pwSpec);
-    if (rv != SECSuccess) {
-        goto loser;
-    }
+    /* Generic behaviors -- common to all crypto methods */
+    if (!IS_DTLS(ss)) {
+        pwSpec->read_seq_num = pwSpec->write_seq_num = 0;
+    } else {
+        if (cwSpec->epoch == PR_UINT16_MAX) {
+            /* The problem here is that we have rehandshaked too many
+             * times (you are not allowed to wrap the epoch). The
+             * spec says you should be discarding the connection
+             * and start over, so not much we can do here. */
+            PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+            rv = SECFailure;
+            goto done;
+        }
+        /* The sequence number has the high 16 bits as the epoch. */
+        pwSpec->epoch = cwSpec->epoch + 1;
+        pwSpec->read_seq_num = pwSpec->write_seq_num =
+            (sslSequenceNumber)pwSpec->epoch << 48;
 
-    ssl_ReleaseSpecWriteLock(ss); /******************************/
-    return SECSuccess;
+        dtls_InitRecvdRecords(&pwSpec->recvdRecords);
+    }
 
-loser:
+done:
     ssl_ReleaseSpecWriteLock(ss); /******************************/
-    ssl_MapLowLevelError(SSL_ERROR_SESSION_KEY_GEN_FAILURE);
-    return SECFailure;
+    if (rv != SECSuccess)
+        ssl_MapLowLevelError(SSL_ERROR_SESSION_KEY_GEN_FAILURE);
+    return rv;
 }
 
 /*
@@ -1848,33 +2213,36 @@ static const unsigned char mac_pad_2[60] = {
 static SECStatus
 ssl3_ComputeRecordMAC(
     ssl3CipherSpec *spec,
+    PRBool useServerMacKey,
     const unsigned char *header,
     unsigned int headerLen,
     const PRUint8 *input,
-    int inputLen,
+    int inputLength,
     unsigned char *outbuf,
-    unsigned int *outLen)
+    unsigned int *outLength)
 {
-    PK11Context *context;
-    int macSize = spec->macDef->mac_size;
+    const ssl3MACDef *mac_def;
     SECStatus rv;
 
     PRINT_BUF(95, (NULL, "frag hash1: header", header, headerLen));
-    PRINT_BUF(95, (NULL, "frag hash1: input", input, inputLen));
+    PRINT_BUF(95, (NULL, "frag hash1: input", input, inputLength));
 
-    if (spec->macDef->mac == ssl_mac_null) {
-        *outLen = 0;
+    mac_def = spec->mac_def;
+    if (mac_def->mac == mac_null) {
+        *outLength = 0;
         return SECSuccess;
     }
 
-    context = spec->keyMaterial.macContext;
-    rv = PK11_DigestBegin(context);
-    rv |= PK11_DigestOp(context, header, headerLen);
-    rv |= PK11_DigestOp(context, input, inputLen);
-    rv |= PK11_DigestFinal(context, outbuf, outLen, macSize);
-    PORT_Assert(rv != SECSuccess || *outLen == (unsigned)macSize);
+    PK11Context *mac_context =
+        (useServerMacKey ? spec->server.write_mac_context
+                         : spec->client.write_mac_context);
+    rv = PK11_DigestBegin(mac_context);
+    rv |= PK11_DigestOp(mac_context, header, headerLen);
+    rv |= PK11_DigestOp(mac_context, input, inputLength);
+    rv |= PK11_DigestFinal(mac_context, outbuf, outLength, spec->mac_size);
+    PORT_Assert(rv != SECSuccess || *outLength == (unsigned)spec->mac_size);
 
-    PRINT_BUF(95, (NULL, "frag hash2: result", outbuf, *outLen));
+    PRINT_BUF(95, (NULL, "frag hash2: result", outbuf, *outLength));
 
     if (rv != SECSuccess) {
         rv = SECFailure;
@@ -1892,6 +2260,7 @@ ssl3_ComputeRecordMAC(
 static SECStatus
 ssl3_ComputeRecordMACConstantTime(
     ssl3CipherSpec *spec,
+    PRBool useServerMacKey,
     const unsigned char *header,
     unsigned int headerLen,
     const PRUint8 *input,
@@ -1903,13 +2272,13 @@ ssl3_ComputeRecordMACConstantTime(
     CK_MECHANISM_TYPE macType;
     CK_NSS_MAC_CONSTANT_TIME_PARAMS params;
     SECItem param, inputItem, outputItem;
-    int macSize = spec->macDef->mac_size;
     SECStatus rv;
+    PK11SymKey *key;
 
-    PORT_Assert(inputLen >= spec->macDef->mac_size);
+    PORT_Assert(inputLen >= spec->mac_size);
     PORT_Assert(originalLen >= inputLen);
 
-    if (spec->macDef->mac == ssl_mac_null) {
+    if (spec->mac_def->mac == mac_null) {
         *outLen = 0;
         return SECSuccess;
     }
@@ -1919,7 +2288,7 @@ ssl3_ComputeRecordMACConstantTime(
         macType = CKM_NSS_SSL3_MAC_CONSTANT_TIME;
     }
 
-    params.macAlg = spec->macDef->mmech;
+    params.macAlg = spec->mac_def->mmech;
     params.ulBodyTotalLen = originalLen;
     params.pHeader = (unsigned char *)header; /* const cast */
     params.ulHeaderLen = headerLen;
@@ -1936,14 +2305,19 @@ ssl3_ComputeRecordMACConstantTime(
     outputItem.len = *outLen;
     outputItem.type = 0;
 
-    rv = PK11_SignWithSymKey(spec->keyMaterial.macKey, macType, &param,
-                             &outputItem, &inputItem);
+    key = spec->server.write_mac_key;
+    if (!useServerMacKey) {
+        key = spec->client.write_mac_key;
+    }
+
+    rv = PK11_SignWithSymKey(key, macType, &param, &outputItem, &inputItem);
     if (rv != SECSuccess) {
         if (PORT_GetError() == SEC_ERROR_INVALID_ALGORITHM) {
             /* ssl3_ComputeRecordMAC() expects the MAC to have been removed
              * from the input length already. */
-            return ssl3_ComputeRecordMAC(spec, header, headerLen,
-                                         input, inputLen - macSize,
+            return ssl3_ComputeRecordMAC(spec, useServerMacKey,
+                                         header, headerLen,
+                                         input, inputLen - spec->mac_size,
                                          outbuf, outLen);
         }
 
@@ -1953,7 +2327,7 @@ ssl3_ComputeRecordMACConstantTime(
         return rv;
     }
 
-    PORT_Assert(outputItem.len == (unsigned)macSize);
+    PORT_Assert(outputItem.len == (unsigned)spec->mac_size);
     *outLen = outputItem.len;
 
     return rv;
@@ -1989,30 +2363,34 @@ ssl3_ClientAuthTokenPresent(sslSessionID *sid)
 
 /* Caller must hold the spec read lock. */
 SECStatus
-ssl3_MACEncryptRecord(ssl3CipherSpec *cwSpec,
-                      PRBool isServer,
-                      PRBool isDTLS,
-                      SSL3ContentType type,
-                      const PRUint8 *pIn,
-                      PRUint32 contentLen,
-                      sslBuffer *wrBuf)
-{
+ssl3_CompressMACEncryptRecord(ssl3CipherSpec *cwSpec,
+                              PRBool isServer,
+                              PRBool isDTLS,
+                              PRBool capRecordVersion,
+                              SSL3ContentType type,
+                              const PRUint8 *pIn,
+                              PRUint32 contentLen,
+                              sslBuffer *wrBuf)
+{
+    const ssl3BulkCipherDef *cipher_def;
     SECStatus rv;
     PRUint32 macLen = 0;
     PRUint32 fragLen;
     PRUint32 p1Len, p2Len, oddLen = 0;
     unsigned int ivLen = 0;
-    unsigned char pseudoHeaderBuf[13];
-    sslBuffer pseudoHeader = SSL_BUFFER(pseudoHeaderBuf);
+    unsigned char pseudoHeader[13];
+    unsigned int pseudoHeaderLen;
+
+    cipher_def = cwSpec->cipher_def;
 
-    if (cwSpec->cipherDef->type == type_block &&
+    if (cipher_def->type == type_block &&
         cwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_1) {
         /* Prepend the per-record explicit IV using technique 2b from
          * RFC 4346 section 6.2.3.2: The IV is a cryptographically
          * strong random number XORed with the CBC residue from the previous
          * record.
          */
-        ivLen = cwSpec->cipherDef->iv_size;
+        ivLen = cipher_def->iv_size;
         if (ivLen > wrBuf->space) {
             PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
             return SECFailure;
@@ -2022,7 +2400,7 @@ ssl3_MACEncryptRecord(ssl3CipherSpec *cwSpec,
             ssl_MapLowLevelError(SSL_ERROR_GENERATE_RANDOM_FAILURE);
             return rv;
         }
-        rv = cwSpec->cipher(cwSpec->cipherContext,
+        rv = cwSpec->encode(cwSpec->encodeContext,
                             wrBuf->buf,         /* output */
                             (int *)&wrBuf->len, /* outlen */
                             ivLen,              /* max outlen */
@@ -2034,14 +2412,24 @@ ssl3_MACEncryptRecord(ssl3CipherSpec *cwSpec,
         }
     }
 
-    rv = ssl3_BuildRecordPseudoHeader(
-        cwSpec->epoch, cwSpec->seqNum, type,
-        cwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_0, cwSpec->recordVersion,
-        isDTLS, contentLen, &pseudoHeader);
-    PORT_Assert(rv == SECSuccess);
-    if (cwSpec->cipherDef->type == type_aead) {
-        const int nonceLen = cwSpec->cipherDef->explicit_nonce_size;
-        const int tagLen = cwSpec->cipherDef->tag_size;
+    if (cwSpec->compressor) {
+        int outlen;
+        rv = cwSpec->compressor(cwSpec->compressContext, wrBuf->buf + ivLen,
+                                &outlen, wrBuf->space - ivLen, pIn, contentLen);
+        if (rv != SECSuccess)
+            return rv;
+        pIn = wrBuf->buf + ivLen;
+        contentLen = outlen;
+    }
+
+    pseudoHeaderLen = ssl3_BuildRecordPseudoHeader(
+        pseudoHeader, cwSpec->write_seq_num, type,
+        cwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_0, cwSpec->version,
+        isDTLS, contentLen);
+    PORT_Assert(pseudoHeaderLen <= sizeof(pseudoHeader));
+    if (cipher_def->type == type_aead) {
+        const int nonceLen = cipher_def->explicit_nonce_size;
+        const int tagLen = cipher_def->tag_size;
 
         if (nonceLen + contentLen + tagLen > wrBuf->space) {
             PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
@@ -2049,26 +2437,23 @@ ssl3_MACEncryptRecord(ssl3CipherSpec *cwSpec,
         }
 
         rv = cwSpec->aead(
-            &cwSpec->keyMaterial,
+            isServer ? &cwSpec->server : &cwSpec->client,
             PR_FALSE,           /* do encrypt */
             wrBuf->buf,         /* output  */
             (int *)&wrBuf->len, /* out len */
             wrBuf->space,       /* max out */
             pIn, contentLen,    /* input   */
-            SSL_BUFFER_BASE(&pseudoHeader), SSL_BUFFER_LEN(&pseudoHeader));
+            pseudoHeader, pseudoHeaderLen);
         if (rv != SECSuccess) {
             PORT_SetError(SSL_ERROR_ENCRYPTION_FAILURE);
             return SECFailure;
         }
     } else {
-        int blockSize = cwSpec->cipherDef->block_size;
-
         /*
          * Add the MAC
          */
-        rv = ssl3_ComputeRecordMAC(cwSpec, SSL_BUFFER_BASE(&pseudoHeader),
-                                   SSL_BUFFER_LEN(&pseudoHeader),
-                                   pIn, contentLen,
+        rv = ssl3_ComputeRecordMAC(cwSpec, isServer, pseudoHeader,
+                                   pseudoHeaderLen, pIn, contentLen,
                                    wrBuf->buf + ivLen + contentLen, &macLen);
         if (rv != SECSuccess) {
             ssl_MapLowLevelError(SSL_ERROR_MAC_COMPUTATION_FAILURE);
@@ -2083,16 +2468,16 @@ ssl3_MACEncryptRecord(ssl3CipherSpec *cwSpec,
          * Pad the text (if we're doing a block cipher)
          * then Encrypt it
          */
-        if (cwSpec->cipherDef->type == type_block) {
+        if (cipher_def->type == type_block) {
             unsigned char *pBuf;
             int padding_length;
             int i;
 
-            oddLen = contentLen % blockSize;
+            oddLen = contentLen % cipher_def->block_size;
             /* Assume blockSize is a power of two */
-            padding_length = blockSize - 1 - ((fragLen) & (blockSize - 1));
+            padding_length = cipher_def->block_size - 1 - ((fragLen) & (cipher_def->block_size - 1));
             fragLen += padding_length + 1;
-            PORT_Assert((fragLen % blockSize) == 0);
+            PORT_Assert((fragLen % cipher_def->block_size) == 0);
 
             /* Pad according to TLS rules (also acceptable to SSL3). */
             pBuf = &wrBuf->buf[ivLen + fragLen - 1];
@@ -2110,13 +2495,13 @@ ssl3_MACEncryptRecord(ssl3CipherSpec *cwSpec,
         }
         if (oddLen) {
             p2Len += oddLen;
-            PORT_Assert((blockSize < 2) ||
-                        (p2Len % blockSize) == 0);
+            PORT_Assert((cipher_def->block_size < 2) ||
+                        (p2Len % cipher_def->block_size) == 0);
             memmove(wrBuf->buf + ivLen + p1Len, pIn + p1Len, oddLen);
         }
         if (p1Len > 0) {
             int cipherBytesPart1 = -1;
-            rv = cwSpec->cipher(cwSpec->cipherContext,
+            rv = cwSpec->encode(cwSpec->encodeContext,
                                 wrBuf->buf + ivLen, /* output */
                                 &cipherBytesPart1,  /* actual outlen */
                                 p1Len,              /* max outlen */
@@ -2131,7 +2516,7 @@ ssl3_MACEncryptRecord(ssl3CipherSpec *cwSpec,
         }
         if (p2Len > 0) {
             int cipherBytesPart2 = -1;
-            rv = cwSpec->cipher(cwSpec->cipherContext,
+            rv = cwSpec->encode(cwSpec->encodeContext,
                                 wrBuf->buf + ivLen + p1Len,
                                 &cipherBytesPart2, /* output and actual outLen */
                                 p2Len,             /* max outlen */
@@ -2149,66 +2534,34 @@ ssl3_MACEncryptRecord(ssl3CipherSpec *cwSpec,
     return SECSuccess;
 }
 
-/* Note: though this can report failure, it shouldn't. */
-static SECStatus
-ssl_InsertRecordHeader(const sslSocket *ss, ssl3CipherSpec *cwSpec,
-                       SSL3ContentType contentType, unsigned int len,
-                       sslBuffer *wrBuf)
-{
-    SECStatus rv;
-
-#ifndef UNSAFE_FUZZER_MODE
-    if (cwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_3 &&
-        cwSpec->cipherDef->calg != ssl_calg_null) {
-        contentType = content_application_data;
-    }
-#endif
-    rv = sslBuffer_AppendNumber(wrBuf, contentType, 1);
-    if (rv != SECSuccess) {
-        return SECFailure;
-    }
-
-    rv = sslBuffer_AppendNumber(wrBuf, cwSpec->recordVersion, 2);
-    if (rv != SECSuccess) {
-        return SECFailure;
-    }
-    if (IS_DTLS(ss)) {
-        rv = sslBuffer_AppendNumber(wrBuf, cwSpec->epoch, 2);
-        if (rv != SECSuccess) {
-            return SECFailure;
-        }
-        rv = sslBuffer_AppendNumber(wrBuf, cwSpec->seqNum, 6);
-        if (rv != SECSuccess) {
-            return SECFailure;
-        }
-    }
-    rv = sslBuffer_AppendNumber(wrBuf, len, 2);
-    if (rv != SECSuccess) {
-        return SECFailure;
-    }
-
-    return SECSuccess;
-}
-
 SECStatus
-ssl_ProtectRecord(sslSocket *ss, ssl3CipherSpec *cwSpec, SSL3ContentType type,
+ssl_ProtectRecord(sslSocket *ss, ssl3CipherSpec *cwSpec,
+                  PRBool capRecordVersion, SSL3ContentType type,
                   const PRUint8 *pIn, PRUint32 contentLen, sslBuffer *wrBuf)
 {
-    unsigned int headerLen = IS_DTLS(ss) ? DTLS_RECORD_HEADER_LENGTH
-                                         : SSL3_RECORD_HEADER_LENGTH;
-    sslBuffer protBuf = SSL_BUFFER_FIXED(SSL_BUFFER_BASE(wrBuf) + headerLen,
-                                         SSL_BUFFER_SPACE(wrBuf) - headerLen);
+    const ssl3BulkCipherDef *cipher_def = cwSpec->cipher_def;
+    PRUint16 headerLen;
+    sslBuffer protBuf;
+    SSL3ProtocolVersion version = cwSpec->version;
     PRBool isTLS13;
+    PRUint8 *ptr = wrBuf->buf;
     SECStatus rv;
 
-    PORT_Assert(cwSpec->direction == CipherSpecWrite);
-    PORT_Assert(SSL_BUFFER_LEN(wrBuf) == 0);
-    PORT_Assert(cwSpec->cipherDef->max_records <= RECORD_SEQ_MAX);
-    if (cwSpec->seqNum >= cwSpec->cipherDef->max_records) {
-        /* We should have automatically updated before here in TLS 1.3. */
-        PORT_Assert(cwSpec->version < SSL_LIBRARY_VERSION_TLS_1_3);
+    if (ss->ssl3.hs.shortHeaders) {
+        PORT_Assert(!IS_DTLS(ss));
+        PORT_Assert(ss->version >= SSL_LIBRARY_VERSION_TLS_1_3);
+        headerLen = TLS13_RECORD_HEADER_LENGTH_SHORT;
+    } else {
+        headerLen = IS_DTLS(ss) ? DTLS_RECORD_HEADER_LENGTH : SSL3_RECORD_HEADER_LENGTH;
+    }
+    protBuf.buf = wrBuf->buf + headerLen;
+    protBuf.len = 0;
+    protBuf.space = wrBuf->space - headerLen;
+
+    PORT_Assert(cipher_def->max_records <= RECORD_SEQ_MAX);
+    if ((cwSpec->write_seq_num & RECORD_SEQ_MAX) >= cipher_def->max_records) {
         SSL_TRC(3, ("%d: SSL[-]: write sequence number at limit 0x%0llx",
-                    SSL_GETPID(), cwSpec->seqNum));
+                    SSL_GETPID(), cwSpec->write_seq_num));
         PORT_SetError(SSL_ERROR_TOO_MANY_RECORDS);
         return SECFailure;
     }
@@ -2216,22 +2569,15 @@ ssl_ProtectRecord(sslSocket *ss, ssl3CipherSpec *cwSpec, SSL3ContentType type,
     isTLS13 = (PRBool)(cwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_3);
 
 #ifdef UNSAFE_FUZZER_MODE
-    {
-        int len;
-        rv = Null_Cipher(NULL, SSL_BUFFER_BASE(&protBuf), &len,
-                         SSL_BUFFER_SPACE(&protBuf), pIn, contentLen);
-        if (rv != SECSuccess) {
-            return SECFailure; /* error was set */
-        }
-        rv = sslBuffer_Skip(&protBuf, len, NULL);
-        PORT_Assert(rv == SECSuccess); /* Can't fail. */
-    }
+    rv = Null_Cipher(NULL, protBuf.buf, (int *)&protBuf.len, protBuf.space,
+                     pIn, contentLen);
 #else
     if (isTLS13) {
         rv = tls13_ProtectRecord(ss, cwSpec, type, pIn, contentLen, &protBuf);
     } else {
-        rv = ssl3_MACEncryptRecord(cwSpec, ss->sec.isServer, IS_DTLS(ss), type,
-                                   pIn, contentLen, &protBuf);
+        rv = ssl3_CompressMACEncryptRecord(cwSpec, ss->sec.isServer,
+                                           IS_DTLS(ss), capRecordVersion, type,
+                                           pIn, contentLen, &protBuf);
     }
 #endif
     if (rv != SECSuccess) {
@@ -2239,58 +2585,40 @@ ssl_ProtectRecord(sslSocket *ss, ssl3CipherSpec *cwSpec, SSL3ContentType type,
     }
 
     PORT_Assert(protBuf.len <= MAX_FRAGMENT_LENGTH + (isTLS13 ? 256 : 1024));
+    wrBuf->len = protBuf.len + headerLen;
 
-    rv = ssl_InsertRecordHeader(ss, cwSpec, type, SSL_BUFFER_LEN(&protBuf),
-                                wrBuf);
-    if (rv != SECSuccess) {
-        return SECFailure;
-    }
-
-    PORT_Assert(SSL_BUFFER_LEN(wrBuf) == headerLen);
-    rv = sslBuffer_Skip(wrBuf, SSL_BUFFER_LEN(&protBuf), NULL);
-    if (rv != SECSuccess) {
-        PORT_Assert(0); /* Can't fail. */
-        return SECFailure;
-    }
-    ++cwSpec->seqNum;
-
-    return SECSuccess;
-}
+    if (ss->ssl3.hs.shortHeaders) {
+        PORT_Assert(!IS_DTLS(ss)); /* Decoder not yet implemented. */
+        (void)ssl_EncodeUintX(0x8000 | protBuf.len, 2, ptr);
+    } else {
+#ifndef UNSAFE_FUZZER_MODE
+        if (isTLS13 && cipher_def->calg != ssl_calg_null) {
+            *ptr++ = content_application_data;
+        } else
+#endif
+        {
+            *ptr++ = type;
+        }
 
-SECStatus
-ssl_ProtectNextRecord(sslSocket *ss, ssl3CipherSpec *spec, SSL3ContentType type,
-                      const PRUint8 *pIn, unsigned int nIn,
-                      unsigned int *written)
-{
-    sslBuffer *wrBuf = &ss->sec.writeBuf;
-    unsigned int contentLen;
-    unsigned int spaceNeeded;
-    SECStatus rv;
+        if (IS_DTLS(ss)) {
+            version = isTLS13 ? SSL_LIBRARY_VERSION_TLS_1_1 : version;
+            version = dtls_TLSVersionToDTLSVersion(version);
 
-    contentLen = PR_MIN(nIn, MAX_FRAGMENT_LENGTH);
-    spaceNeeded = contentLen + SSL3_BUFFER_FUDGE;
-    if (spec->version >= SSL_LIBRARY_VERSION_TLS_1_1 &&
-        spec->cipherDef->type == type_block) {
-        spaceNeeded += spec->cipherDef->iv_size;
-    }
-    if (spaceNeeded > SSL_BUFFER_SPACE(wrBuf)) {
-        rv = sslBuffer_Grow(wrBuf, spaceNeeded);
-        if (rv != SECSuccess) {
-            SSL_DBG(("%d: SSL3[%d]: failed to expand write buffer to %d",
-                     SSL_GETPID(), ss->fd, spaceNeeded));
-            return SECFailure;
+            ptr = ssl_EncodeUintX(version, 2, ptr);
+            ptr = ssl_EncodeUintX(cwSpec->write_seq_num, 8, ptr);
+        } else {
+            if (capRecordVersion || isTLS13) {
+                version = PR_MIN(SSL_LIBRARY_VERSION_TLS_1_0, version);
+            }
+            ptr = ssl_EncodeUintX(version, 2, ptr);
         }
+        (void)ssl_EncodeUintX(protBuf.len, 2, ptr);
     }
+    ++cwSpec->write_seq_num;
 
-    rv = ssl_ProtectRecord(ss, spec, type, pIn, contentLen, wrBuf);
-    if (rv != SECSuccess) {
-        return SECFailure;
-    }
-    PRINT_BUF(50, (ss, "send (encrypted) record data:",
-                   SSL_BUFFER_BASE(wrBuf), SSL_BUFFER_LEN(wrBuf)));
-    *written = contentLen;
     return SECSuccess;
 }
+
 /* Process the plain text before sending it.
  * Returns the number of bytes of plaintext that were successfully sent
  *  plus the number of bytes of plaintext that were copied into the
@@ -2311,6 +2639,16 @@ ssl_ProtectNextRecord(sslSocket *ss, ssl3CipherSpec *spec, SSL3ContentType type,
  *    all ciphertext into the pending ciphertext buffer.
  * ssl_SEND_FLAG_USE_EPOCH (for DTLS)
  *    Forces the use of the provided epoch
+ * ssl_SEND_FLAG_CAP_RECORD_VERSION
+ *    Caps the record layer version number of TLS ClientHello to { 3, 1 }
+ *    (TLS 1.0). Some TLS 1.0 servers (which seem to use F5 BIG-IP) ignore
+ *    ClientHello.client_version and use the record layer version number
+ *    (TLSPlaintext.version) instead when negotiating protocol versions. In
+ *    addition, if the record layer version number of ClientHello is { 3, 2 }
+ *    (TLS 1.1) or higher, these servers reset the TCP connections. Lastly,
+ *    some F5 BIG-IP servers hang if a record containing a ClientHello has a
+ *    version greater than { 3, 1 } and a length greater than 255. Set this
+ *    flag to work around such servers.
  */
 PRInt32
 ssl3_SendRecord(sslSocket *ss,
@@ -2321,9 +2659,10 @@ ssl3_SendRecord(sslSocket *ss,
                 PRInt32 flags)
 {
     sslBuffer *wrBuf = &ss->sec.writeBuf;
-    ssl3CipherSpec *spec;
     SECStatus rv;
     PRInt32 totalSent = 0;
+    PRBool capRecordVersion;
+    ssl3CipherSpec *spec;
 
     SSL_TRC(3, ("%d: SSL3[%d] SendRecord type: %s nIn=%d",
                 SSL_GETPID(), ss->fd, ssl3_DecodeContentType(type),
@@ -2331,7 +2670,6 @@ ssl3_SendRecord(sslSocket *ss,
     PRINT_BUF(50, (ss, "Send record (plain text)", pIn, nIn));
 
     PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
-    PORT_Assert(SSL_BUFFER_LEN(wrBuf) == 0);
 
     if (ss->ssl3.fatalAlertSent) {
         SSL_TRC(3, ("%d: SSL3[%d] Suppress write, fatal alert already sent",
@@ -2339,41 +2677,114 @@ ssl3_SendRecord(sslSocket *ss,
         return SECFailure;
     }
 
+    capRecordVersion = ((flags & ssl_SEND_FLAG_CAP_RECORD_VERSION) != 0);
+
+    if (capRecordVersion) {
+        /* ssl_SEND_FLAG_CAP_RECORD_VERSION can only be used with the
+         * TLS initial ClientHello. */
+        PORT_Assert(!IS_DTLS(ss));
+        PORT_Assert(!ss->firstHsDone);
+        PORT_Assert(type == content_handshake);
+        PORT_Assert(ss->ssl3.hs.ws == wait_server_hello);
+    }
+
+    if (ss->ssl3.initialized == PR_FALSE) {
+        /* This can happen on a server if the very first incoming record
+        ** looks like a defective ssl3 record (e.g. too long), and we're
+        ** trying to send an alert.
+        */
+        PR_ASSERT(type == content_alert);
+        ssl3_InitState(ss);
+    }
+
     /* check for Token Presence */
     if (!ssl3_ClientAuthTokenPresent(ss->sec.ci.sid)) {
         PORT_SetError(SSL_ERROR_TOKEN_INSERTION_REMOVAL);
         return SECFailure;
     }
 
-    if (cwSpec) {
-        /* cwSpec can only be set for retransmissions of the DTLS handshake. */
-        PORT_Assert(IS_DTLS(ss) &&
-                    (type == content_handshake ||
-                     type == content_change_cipher_spec));
-        spec = cwSpec;
-    } else {
-        spec = ss->ssl3.cwSpec;
-    }
-
     while (nIn > 0) {
-        unsigned int written = 0;
-        PRInt32 sent;
+        PRUint32 contentLen = PR_MIN(nIn, MAX_FRAGMENT_LENGTH);
+        unsigned int spaceNeeded;
+        unsigned int numRecords;
 
-        ssl_GetSpecReadLock(ss);
-        rv = ssl_ProtectNextRecord(ss, spec, type, pIn, nIn, &written);
-        ssl_ReleaseSpecReadLock(ss);
-        if (rv != SECSuccess) {
-            return SECFailure;
+        ssl_GetSpecReadLock(ss); /********************************/
+
+        if (nIn > 1 && ss->opt.cbcRandomIV &&
+            ss->ssl3.cwSpec->version < SSL_LIBRARY_VERSION_TLS_1_1 &&
+            type == content_application_data &&
+            ss->ssl3.cwSpec->cipher_def->type == type_block /* CBC mode */) {
+            /* We will split the first byte of the record into its own record,
+             * as explained in the documentation for SSL_CBC_RANDOM_IV in ssl.h
+             */
+            numRecords = 2;
+        } else {
+            numRecords = 1;
         }
 
-        PORT_Assert(written > 0);
-        /* DTLS should not fragment non-application data here. */
-        if (IS_DTLS(ss) && type != content_application_data) {
-            PORT_Assert(written == nIn);
+        spaceNeeded = contentLen + (numRecords * SSL3_BUFFER_FUDGE);
+        if (ss->ssl3.cwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_1 &&
+            ss->ssl3.cwSpec->cipher_def->type == type_block) {
+            spaceNeeded += ss->ssl3.cwSpec->cipher_def->iv_size;
+        }
+        if (spaceNeeded > wrBuf->space) {
+            rv = sslBuffer_Grow(wrBuf, spaceNeeded);
+            if (rv != SECSuccess) {
+                SSL_DBG(("%d: SSL3[%d]: SendRecord, tried to get %d bytes",
+                         SSL_GETPID(), ss->fd, spaceNeeded));
+                goto spec_locked_loser; /* sslBuffer_Grow set error code. */
+            }
+        }
+
+        if (numRecords == 2) {
+            sslBuffer secondRecord;
+            rv = ssl_ProtectRecord(ss, ss->ssl3.cwSpec, capRecordVersion, type,
+                                   pIn, 1, wrBuf);
+            if (rv != SECSuccess)
+                goto spec_locked_loser;
+
+            PRINT_BUF(50, (ss, "send (encrypted) record data [1/2]:",
+                           wrBuf->buf, wrBuf->len));
+
+            secondRecord.buf = wrBuf->buf + wrBuf->len;
+            secondRecord.len = 0;
+            secondRecord.space = wrBuf->space - wrBuf->len;
+
+            rv = ssl_ProtectRecord(ss, ss->ssl3.cwSpec, capRecordVersion, type,
+                                   pIn + 1, contentLen - 1, &secondRecord);
+            if (rv == SECSuccess) {
+                PRINT_BUF(50, (ss, "send (encrypted) record data [2/2]:",
+                               secondRecord.buf, secondRecord.len));
+                wrBuf->len += secondRecord.len;
+            }
+        } else {
+            if (cwSpec) {
+                /* cwSpec can only be set for retransmissions of DTLS handshake
+                 * messages. */
+                PORT_Assert(IS_DTLS(ss) &&
+                            (type == content_handshake ||
+                             type == content_change_cipher_spec));
+                spec = cwSpec;
+            } else {
+                spec = ss->ssl3.cwSpec;
+            }
+
+            rv = ssl_ProtectRecord(ss, spec, !IS_DTLS(ss) && capRecordVersion,
+                                   type, pIn, contentLen, wrBuf);
+            if (rv == SECSuccess) {
+                PRINT_BUF(50, (ss, "send (encrypted) record data:",
+                               wrBuf->buf, wrBuf->len));
+            }
         }
 
-        pIn += written;
-        nIn -= written;
+    spec_locked_loser:
+        ssl_ReleaseSpecReadLock(ss); /************************************/
+
+        if (rv != SECSuccess)
+            return SECFailure;
+
+        pIn += contentLen;
+        nIn -= contentLen;
         PORT_Assert(nIn >= 0);
 
         /* If there's still some previously saved ciphertext,
@@ -2383,64 +2794,58 @@ ssl3_SendRecord(sslSocket *ss,
         if ((ss->pendingBuf.len > 0) ||
             (flags & ssl_SEND_FLAG_FORCE_INTO_BUFFER)) {
 
-            rv = ssl_SaveWriteData(ss, SSL_BUFFER_BASE(wrBuf),
-                                   SSL_BUFFER_LEN(wrBuf));
+            rv = ssl_SaveWriteData(ss, wrBuf->buf, wrBuf->len);
             if (rv != SECSuccess) {
                 /* presumably a memory error, SEC_ERROR_NO_MEMORY */
-                goto loser;
+                return SECFailure;
             }
+            wrBuf->len = 0; /* All cipher text is saved away. */
 
             if (!(flags & ssl_SEND_FLAG_FORCE_INTO_BUFFER)) {
+                PRInt32 sent;
                 ss->handshakeBegun = 1;
                 sent = ssl_SendSavedWriteData(ss);
                 if (sent < 0 && PR_GetError() != PR_WOULD_BLOCK_ERROR) {
                     ssl_MapLowLevelError(SSL_ERROR_SOCKET_WRITE_FAILURE);
-                    goto loser;
+                    return SECFailure;
                 }
                 if (ss->pendingBuf.len) {
                     flags |= ssl_SEND_FLAG_FORCE_INTO_BUFFER;
                 }
             }
-        } else {
-            PORT_Assert(SSL_BUFFER_LEN(wrBuf) > 0);
+        } else if (wrBuf->len > 0) {
+            PRInt32 sent;
             ss->handshakeBegun = 1;
-            sent = ssl_DefSend(ss, SSL_BUFFER_BASE(wrBuf),
-                               SSL_BUFFER_LEN(wrBuf),
+            sent = ssl_DefSend(ss, wrBuf->buf, wrBuf->len,
                                flags & ~ssl_SEND_FLAG_MASK);
             if (sent < 0) {
-                if (PORT_GetError() != PR_WOULD_BLOCK_ERROR) {
+                if (PR_GetError() != PR_WOULD_BLOCK_ERROR) {
                     ssl_MapLowLevelError(SSL_ERROR_SOCKET_WRITE_FAILURE);
-                    goto loser;
+                    return SECFailure;
                 }
                 /* we got PR_WOULD_BLOCK_ERROR, which means none was sent. */
                 sent = 0;
             }
-            if (SSL_BUFFER_LEN(wrBuf) > (unsigned int)sent) {
+            wrBuf->len -= sent;
+            if (wrBuf->len) {
                 if (IS_DTLS(ss)) {
                     /* DTLS just says no in this case. No buffering */
-                    PORT_SetError(PR_WOULD_BLOCK_ERROR);
-                    goto loser;
+                    PR_SetError(PR_WOULD_BLOCK_ERROR, 0);
+                    return SECFailure;
                 }
                 /* now take all the remaining unsent new ciphertext and
                  * append it to the buffer of previously unsent ciphertext.
                  */
-                rv = ssl_SaveWriteData(ss, SSL_BUFFER_BASE(wrBuf) + sent,
-                                       SSL_BUFFER_LEN(wrBuf) - sent);
+                rv = ssl_SaveWriteData(ss, wrBuf->buf + sent, wrBuf->len);
                 if (rv != SECSuccess) {
                     /* presumably a memory error, SEC_ERROR_NO_MEMORY */
-                    goto loser;
+                    return SECFailure;
                 }
             }
         }
-        wrBuf->len = 0;
-        totalSent += written;
+        totalSent += contentLen;
     }
     return totalSent;
-
-loser:
-    /* Don't leave bits of buffer lying around. */
-    wrBuf->len = 0;
-    return -1;
 }
 
 #define SSL3_PENDING_HIGH_WATER 1024
@@ -2454,7 +2859,6 @@ ssl3_SendApplicationData(sslSocket *ss, const unsigned char *in,
 {
     PRInt32 totalSent = 0;
     PRInt32 discarded = 0;
-    PRBool splitNeeded = PR_FALSE;
 
     PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
     /* These flags for internal use only */
@@ -2481,16 +2885,6 @@ ssl3_SendApplicationData(sslSocket *ss, const unsigned char *in,
         len--;
         discarded = 1;
     }
-
-    /* We will split the first byte of the record into its own record, as
-     * explained in the documentation for SSL_CBC_RANDOM_IV in ssl.h.
-     */
-    if (len > 1 && ss->opt.cbcRandomIV &&
-        ss->version < SSL_LIBRARY_VERSION_TLS_1_1 &&
-        ss->ssl3.cwSpec->cipherDef->type == type_block /* CBC */) {
-        splitNeeded = PR_TRUE;
-    }
-
     while (len > totalSent) {
         PRInt32 sent, toSend;
 
@@ -2505,13 +2899,7 @@ ssl3_SendApplicationData(sslSocket *ss, const unsigned char *in,
             PR_Sleep(PR_INTERVAL_NO_WAIT); /* PR_Yield(); */
             ssl_GetXmitBufLock(ss);
         }
-
-        if (splitNeeded) {
-            toSend = 1;
-            splitNeeded = PR_FALSE;
-        } else {
-            toSend = PR_MIN(len - totalSent, MAX_FRAGMENT_LENGTH);
-        }
+        toSend = PR_MIN(len - totalSent, MAX_FRAGMENT_LENGTH);
 
         /*
          * Note that the 0 epoch is OK because flags will never require
@@ -2571,8 +2959,9 @@ ssl3_FlushHandshake(sslSocket *ss, PRInt32 flags)
 {
     if (IS_DTLS(ss)) {
         return dtls_FlushHandshakeMessages(ss, flags);
+    } else {
+        return ssl3_FlushHandshakeMessages(ss, flags);
     }
-    return ssl3_FlushHandshakeMessages(ss, flags);
 }
 
 /* Attempt to send the content of sendBuf buffer in an SSL handshake record.
@@ -2584,7 +2973,8 @@ ssl3_FlushHandshake(sslSocket *ss, PRInt32 flags)
 static SECStatus
 ssl3_FlushHandshakeMessages(sslSocket *ss, PRInt32 flags)
 {
-    static const PRInt32 allowedFlags = ssl_SEND_FLAG_FORCE_INTO_BUFFER;
+    static const PRInt32 allowedFlags = ssl_SEND_FLAG_FORCE_INTO_BUFFER |
+                                        ssl_SEND_FLAG_CAP_RECORD_VERSION;
     PRInt32 count = -1;
     SECStatus rv;
 
@@ -2715,15 +3105,6 @@ SSL3_SendAlert(sslSocket *ss, SSL3AlertLevel level, SSL3AlertDescription desc)
             ss->sec.uncache(ss->sec.ci.sid);
         }
     }
-
-    rv = tls13_SetAlertCipherSpec(ss);
-    if (rv != SECSuccess) {
-        if (needHsLock) {
-            ssl_ReleaseSSL3HandshakeLock(ss);
-        }
-        return rv;
-    }
-
     ssl_GetXmitBufLock(ss);
     rv = ssl3_FlushHandshake(ss, ssl_SEND_FLAG_FORCE_INTO_BUFFER);
     if (rv == SECSuccess) {
@@ -2959,6 +3340,9 @@ ssl3_HandleAlert(sslSocket *ss, sslBuffer *buf)
         case bad_certificate_hash_value:
             error = SSL_ERROR_BAD_CERT_HASH_VALUE_ALERT;
             break;
+        case end_of_early_data:
+            error = SSL_ERROR_END_OF_EARLY_DATA_ALERT;
+            break;
         default:
             error = SSL_ERROR_RX_UNKNOWN_ALERT;
             break;
@@ -2970,6 +3354,7 @@ ssl3_HandleAlert(sslSocket *ss, sslBuffer *buf)
         switch (desc) {
             case close_notify:
             case user_canceled:
+            case end_of_early_data:
                 break;
             default:
                 level = alert_fatal;
@@ -2989,6 +3374,9 @@ ssl3_HandleAlert(sslSocket *ss, sslBuffer *buf)
         PORT_SetError(error);
         return SECFailure;
     }
+    if (desc == end_of_early_data) {
+        return tls13_HandleEndOfEarlyData(ss);
+    }
     if ((desc == no_certificate) && (ss->ssl3.hs.ws == wait_client_cert)) {
         /* I'm a server. I've requested a client cert. He hasn't got one. */
         SECStatus rv;
@@ -3011,64 +3399,59 @@ ssl3_HandleAlert(sslSocket *ss, sslBuffer *buf)
  * and pending write spec pointers.
  */
 
-SECStatus
-ssl3_SendChangeCipherSpecsInt(sslSocket *ss)
+static SECStatus
+ssl3_SendChangeCipherSpecs(sslSocket *ss)
 {
     PRUint8 change = change_cipher_spec_choice;
+    ssl3CipherSpec *pwSpec;
     SECStatus rv;
+    PRInt32 sent;
 
     SSL_TRC(3, ("%d: SSL3[%d]: send change_cipher_spec record",
                 SSL_GETPID(), ss->fd));
 
+    PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+
     rv = ssl3_FlushHandshake(ss, ssl_SEND_FLAG_FORCE_INTO_BUFFER);
     if (rv != SECSuccess) {
-        return SECFailure; /* error code set by ssl3_FlushHandshake */
+        return rv; /* error code set by ssl3_FlushHandshake */
     }
-
     if (!IS_DTLS(ss)) {
-        PRInt32 sent;
-        sent = ssl3_SendRecord(ss, NULL, content_change_cipher_spec,
-                               &change, 1, ssl_SEND_FLAG_FORCE_INTO_BUFFER);
+        sent = ssl3_SendRecord(ss, NULL, content_change_cipher_spec, &change, 1,
+                               ssl_SEND_FLAG_FORCE_INTO_BUFFER);
         if (sent < 0) {
-            return SECFailure; /* error code set by ssl3_SendRecord */
+            return (SECStatus)sent; /* error code set by ssl3_SendRecord */
         }
     } else {
-        SECStatus rv;
         rv = dtls_QueueMessage(ss, content_change_cipher_spec, &change, 1);
         if (rv != SECSuccess) {
-            return SECFailure;
+            return rv;
         }
     }
-    return SECSuccess;
-}
-
-static SECStatus
-ssl3_SendChangeCipherSpecs(sslSocket *ss)
-{
-    SECStatus rv;
-
-    PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-
-    rv = ssl3_SendChangeCipherSpecsInt(ss);
-    if (rv != SECSuccess) {
-        return rv; /* Error code set. */
-    }
 
     /* swap the pending and current write specs. */
     ssl_GetSpecWriteLock(ss); /**************************************/
+    pwSpec = ss->ssl3.pwSpec;
 
-    ssl_CipherSpecRelease(ss->ssl3.cwSpec);
-    ss->ssl3.cwSpec = ss->ssl3.pwSpec;
-    ss->ssl3.pwSpec = NULL;
+    ss->ssl3.pwSpec = ss->ssl3.cwSpec;
+    ss->ssl3.cwSpec = pwSpec;
 
     SSL_TRC(3, ("%d: SSL3[%d] Set Current Write Cipher Suite to Pending",
                 SSL_GETPID(), ss->fd));
 
-    /* With DTLS, we need to set a holddown timer in case the final
-     * message got lost */
-    if (IS_DTLS(ss) && ss->ssl3.crSpec->epoch == ss->ssl3.cwSpec->epoch) {
-        rv = dtls_StartHolddownTimer(ss);
+    /* We need to free up the contexts, keys and certs ! */
+    /* If we are really through with the old cipher spec
+     * (Both the read and write sides have changed) destroy it.
+     */
+    if (ss->ssl3.prSpec == ss->ssl3.pwSpec) {
+        if (!IS_DTLS(ss)) {
+            ssl3_DestroyCipherSpec(ss->ssl3.pwSpec, PR_FALSE /*freeSrvName*/);
+        } else {
+            /* With DTLS, we need to set a holddown timer in case the final
+             * message got lost */
+            rv = dtls_StartHolddownTimer(ss);
+        }
     }
     ssl_ReleaseSpecWriteLock(ss); /**************************************/
 
@@ -3084,6 +3467,7 @@ ssl3_SendChangeCipherSpecs(sslSocket *ss)
 static SECStatus
 ssl3_HandleChangeCipherSpecs(sslSocket *ss, sslBuffer *buf)
 {
+    ssl3CipherSpec *prSpec;
     SSL3WaitState ws = ss->ssl3.hs.ws;
     SSL3ChangeCipherSpecChoice change;
 
@@ -3093,18 +3477,19 @@ ssl3_HandleChangeCipherSpecs(sslSocket *ss, sslBuffer *buf)
     SSL_TRC(3, ("%d: SSL3[%d]: handle change_cipher_spec record",
                 SSL_GETPID(), ss->fd));
 
-    /* For DTLS: Ignore this if we aren't expecting it.  Don't kill a connection
-     *           as a result of receiving trash.
-     * For TLS: Maybe ignore, but only after checking format. */
-    if (ws != wait_change_cipher && IS_DTLS(ss)) {
-        /* Ignore this because it's out of order. */
-        SSL_TRC(3, ("%d: SSL3[%d]: discard out of order "
-                    "DTLS change_cipher_spec",
-                    SSL_GETPID(), ss->fd));
-        buf->len = 0;
-        return SECSuccess;
+    if (ws != wait_change_cipher) {
+        if (IS_DTLS(ss)) {
+            /* Ignore this because it's out of order. */
+            SSL_TRC(3, ("%d: SSL3[%d]: discard out of order "
+                        "DTLS change_cipher_spec",
+                        SSL_GETPID(), ss->fd));
+            buf->len = 0;
+            return SECSuccess;
+        }
+        (void)SSL3_SendAlert(ss, alert_fatal, unexpected_message);
+        PORT_SetError(SSL_ERROR_RX_UNEXPECTED_CHANGE_CIPHER);
+        return SECFailure;
     }
-
     /* Handshake messages should not span ChangeCipherSpec. */
     if (ss->ssl3.hs.header_bytes) {
         (void)SSL3_SendAlert(ss, alert_fatal, unexpected_message);
@@ -3123,44 +3508,26 @@ ssl3_HandleChangeCipherSpecs(sslSocket *ss, sslBuffer *buf)
         PORT_SetError(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER);
         return SECFailure;
     }
-
     buf->len = 0;
-    if (ws != wait_change_cipher) {
-        /* Ignore a CCS for TLS 1.3. This only happens if the server sends a
-         * HelloRetryRequest.  In other cases, the CCS will fail decryption and
-         * will be discarded by ssl3_HandleRecord(). */
-        if (ws == wait_server_hello &&
-            ss->version >= SSL_LIBRARY_VERSION_TLS_1_3 &&
-            ss->ssl3.hs.helloRetry) {
-            PORT_Assert(!ss->sec.isServer);
-            return SECSuccess;
-        }
-        /* Note: For a server, we can't test ss->ssl3.hs.helloRetry or
-         * ss->version because the server might be stateless (and so it won't
-         * have set either value yet). Set a flag so that at least we will
-         * guarantee that the server will treat any ClientHello properly. */
-        if (ws == wait_client_hello &&
-            ss->vrange.max >= SSL_LIBRARY_VERSION_TLS_1_3 &&
-            !ss->ssl3.hs.receivedCcs) {
-            PORT_Assert(ss->sec.isServer);
-            ss->ssl3.hs.receivedCcs = PR_TRUE;
-            return SECSuccess;
-        }
-        (void)SSL3_SendAlert(ss, alert_fatal, unexpected_message);
-        PORT_SetError(SSL_ERROR_RX_UNEXPECTED_CHANGE_CIPHER);
-        return SECFailure;
-    }
 
-    SSL_TRC(3, ("%d: SSL3[%d] Set Current Read Cipher Suite to Pending",
-                SSL_GETPID(), ss->fd));
+    /* Swap the pending and current read specs. */
     ssl_GetSpecWriteLock(ss); /*************************************/
-    PORT_Assert(ss->ssl3.prSpec);
-    ssl_CipherSpecRelease(ss->ssl3.crSpec);
-    ss->ssl3.crSpec = ss->ssl3.prSpec;
-    ss->ssl3.prSpec = NULL;
-    ssl_ReleaseSpecWriteLock(ss); /*************************************/
+    prSpec = ss->ssl3.prSpec;
 
+    ss->ssl3.prSpec = ss->ssl3.crSpec;
+    ss->ssl3.crSpec = prSpec;
     ss->ssl3.hs.ws = wait_finished;
+
+    SSL_TRC(3, ("%d: SSL3[%d] Set Current Read Cipher Suite to Pending",
+                SSL_GETPID(), ss->fd));
+
+    /* If we are really through with the old cipher prSpec
+     * (Both the read and write sides have changed) destroy it.
+     */
+    if (ss->ssl3.prSpec == ss->ssl3.pwSpec) {
+        ssl3_DestroyCipherSpec(ss->ssl3.prSpec, PR_FALSE /*freeSrvName*/);
+    }
+    ssl_ReleaseSpecWriteLock(ss); /*************************************/
     return SECSuccess;
 }
 
@@ -3283,8 +3650,12 @@ static SECStatus
 ssl3_ComputeMasterSecretInt(sslSocket *ss, PK11SymKey *pms,
                             PK11SymKey **msp)
 {
-    PRBool isTLS = (PRBool)(ss->version > SSL_LIBRARY_VERSION_3_0);
-    PRBool isTLS12 = (PRBool)(ss->version >= SSL_LIBRARY_VERSION_TLS_1_2);
+    ssl3CipherSpec *pwSpec = ss->ssl3.pwSpec;
+    unsigned char *cr = (unsigned char *)&ss->ssl3.hs.client_random;
+    unsigned char *sr = (unsigned char *)&ss->ssl3.hs.server_random;
+    PRBool isTLS = (PRBool)(pwSpec->version > SSL_LIBRARY_VERSION_3_0);
+    PRBool isTLS12 =
+        (PRBool)(isTLS && pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2);
     /*
      * Whenever isDH is true, we need to use CKM_TLS_MASTER_KEY_DERIVE_DH
      * which, unlike CKM_TLS_MASTER_KEY_DERIVE, converts arbitrary size
@@ -3330,9 +3701,9 @@ ssl3_ComputeMasterSecretInt(sslSocket *ss, PK11SymKey *pms,
     }
 
     master_params.pVersion = pms_version_ptr;
-    master_params.RandomInfo.pClientRandom = ss->ssl3.hs.client_random;
+    master_params.RandomInfo.pClientRandom = cr;
     master_params.RandomInfo.ulClientRandomLen = SSL3_RANDOM_LENGTH;
-    master_params.RandomInfo.pServerRandom = ss->ssl3.hs.server_random;
+    master_params.RandomInfo.pServerRandom = sr;
     master_params.RandomInfo.ulServerRandomLen = SSL3_RANDOM_LENGTH;
     if (isTLS12) {
         master_params.prfHashMechanism = ssl3_GetPrfHashMechanism(ss);
@@ -3392,7 +3763,7 @@ tls_ComputeExtendedMasterSecretInt(sslSocket *ss, PK11SymKey *pms,
         pms_version_ptr = &pms_version;
     }
 
-    if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_2) {
+    if (pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2) {
         /* TLS 1.2+ */
         extended_master_params.prfHashMechanism = ssl3_GetPrfHashMechanism(ss);
         key_derive = CKM_TLS12_KEY_AND_MAC_DERIVE;
@@ -3424,6 +3795,7 @@ ssl3_ComputeMasterSecret(sslSocket *ss, PK11SymKey *pms,
 {
     PORT_Assert(pms != NULL);
     PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+    PORT_Assert(ss->ssl3.prSpec == ss->ssl3.pwSpec);
 
     if (ssl3_ExtensionNegotiated(ss, ssl_extended_master_secret_xtn)) {
         return tls_ComputeExtendedMasterSecretInt(ss, pms, msp);
@@ -3432,6 +3804,36 @@ ssl3_ComputeMasterSecret(sslSocket *ss, PK11SymKey *pms,
     }
 }
 
+/* This method uses PKCS11 to derive the MS from the PMS, where PMS
+** is a PKCS11 symkey. We call ssl3_ComputeMasterSecret to do the
+** computations and then modify the pwSpec->state as a side effect.
+**
+** This is used in all cases except the "triple bypass" with RSA key
+** exchange.
+**
+** Called from ssl3_InitPendingCipherSpec.   prSpec is pwSpec.
+*/
+static SECStatus
+ssl3_DeriveMasterSecret(sslSocket *ss, PK11SymKey *pms)
+{
+    SECStatus rv;
+    PK11SymKey *ms = NULL;
+    ssl3CipherSpec *pwSpec = ss->ssl3.pwSpec;
+
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSpecWriteLock(ss));
+    PORT_Assert(ss->ssl3.prSpec == ss->ssl3.pwSpec);
+
+    if (pms) {
+        rv = ssl3_ComputeMasterSecret(ss, pms, &ms);
+        pwSpec->master_secret = ms;
+        if (rv != SECSuccess)
+            return rv;
+    }
+
+    return SECSuccess;
+}
+
 /*
  * Derive encryption and MAC Keys (and IVs) from master secret
  * Sets a useful error code when returning SECFailure.
@@ -3448,18 +3850,17 @@ ssl3_ComputeMasterSecret(sslSocket *ss, PK11SymKey *pms,
  *
  */
 static SECStatus
-ssl3_DeriveConnectionKeys(sslSocket *ss, PK11SymKey *masterSecret)
+ssl3_DeriveConnectionKeys(sslSocket *ss)
 {
     ssl3CipherSpec *pwSpec = ss->ssl3.pwSpec;
-    ssl3CipherSpec *prSpec = ss->ssl3.prSpec;
-    ssl3CipherSpec *clientSpec;
-    ssl3CipherSpec *serverSpec;
-    PRBool isTLS = (PRBool)(ss->version > SSL_LIBRARY_VERSION_3_0);
+    unsigned char *cr = (unsigned char *)&ss->ssl3.hs.client_random;
+    unsigned char *sr = (unsigned char *)&ss->ssl3.hs.server_random;
+    PRBool isTLS = (PRBool)(pwSpec->version > SSL_LIBRARY_VERSION_3_0);
     PRBool isTLS12 =
-        (PRBool)(isTLS && ss->version >= SSL_LIBRARY_VERSION_TLS_1_2);
-    const ssl3BulkCipherDef *cipher_def = pwSpec->cipherDef;
+        (PRBool)(isTLS && pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2);
+    const ssl3BulkCipherDef *cipher_def = pwSpec->cipher_def;
     PK11SlotInfo *slot = NULL;
-    PK11SymKey *derivedKeyHandle = NULL;
+    PK11SymKey *symKey = NULL;
     void *pwArg = ss->pkcs11PinArg;
     int keySize;
     CK_TLS12_KEY_MAT_PARAMS key_material_params; /* may be used as a
@@ -3470,53 +3871,48 @@ ssl3_DeriveConnectionKeys(sslSocket *ss, PK11SymKey *masterSecret)
     CK_MECHANISM_TYPE bulk_mechanism;
     SSLCipherAlgorithm calg;
     SECItem params;
-    PRBool skipKeysAndIVs = (PRBool)(cipher_def->calg == ssl_calg_null);
+    PRBool skipKeysAndIVs = (PRBool)(cipher_def->calg == calg_null);
 
     PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
     PORT_Assert(ss->opt.noLocks || ssl_HaveSpecWriteLock(ss));
-    PORT_Assert(masterSecret);
+    PORT_Assert(ss->ssl3.prSpec == ss->ssl3.pwSpec);
 
-    /* These functions operate in terms of who is writing specs. */
-    if (ss->sec.isServer) {
-        clientSpec = prSpec;
-        serverSpec = pwSpec;
-    } else {
-        clientSpec = pwSpec;
-        serverSpec = prSpec;
+    if (!pwSpec->master_secret) {
+        PORT_SetError(SSL_ERROR_SESSION_KEY_GEN_FAILURE);
+        return SECFailure;
     }
-
     /*
      * generate the key material
      */
+    key_material_params.ulMacSizeInBits = pwSpec->mac_size * BPB;
+    key_material_params.ulKeySizeInBits = cipher_def->secret_key_size * BPB;
+    key_material_params.ulIVSizeInBits = cipher_def->iv_size * BPB;
     if (cipher_def->type == type_block &&
-        ss->version >= SSL_LIBRARY_VERSION_TLS_1_1) {
+        pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_1) {
         /* Block ciphers in >= TLS 1.1 use a per-record, explicit IV. */
         key_material_params.ulIVSizeInBits = 0;
-        PORT_Memset(clientSpec->keyMaterial.iv, 0, cipher_def->iv_size);
-        PORT_Memset(serverSpec->keyMaterial.iv, 0, cipher_def->iv_size);
+        memset(pwSpec->client.write_iv, 0, cipher_def->iv_size);
+        memset(pwSpec->server.write_iv, 0, cipher_def->iv_size);
     }
 
     key_material_params.bIsExport = PR_FALSE;
-    key_material_params.RandomInfo.pClientRandom = ss->ssl3.hs.client_random;
+    key_material_params.RandomInfo.pClientRandom = cr;
     key_material_params.RandomInfo.ulClientRandomLen = SSL3_RANDOM_LENGTH;
-    key_material_params.RandomInfo.pServerRandom = ss->ssl3.hs.server_random;
+    key_material_params.RandomInfo.pServerRandom = sr;
     key_material_params.RandomInfo.ulServerRandomLen = SSL3_RANDOM_LENGTH;
     key_material_params.pReturnedKeyMaterial = &returnedKeys;
 
+    returnedKeys.pIVClient = pwSpec->client.write_iv;
+    returnedKeys.pIVServer = pwSpec->server.write_iv;
+    keySize = cipher_def->key_size;
+
     if (skipKeysAndIVs) {
         keySize = 0;
-        returnedKeys.pIVClient = NULL;
-        returnedKeys.pIVServer = NULL;
         key_material_params.ulKeySizeInBits = 0;
         key_material_params.ulIVSizeInBits = 0;
-    } else {
-        keySize = cipher_def->key_size;
-        returnedKeys.pIVClient = clientSpec->keyMaterial.iv;
-        returnedKeys.pIVServer = serverSpec->keyMaterial.iv;
-        key_material_params.ulKeySizeInBits = cipher_def->secret_key_size * BPB;
-        key_material_params.ulIVSizeInBits = cipher_def->iv_size * BPB;
+        returnedKeys.pIVClient = NULL;
+        returnedKeys.pIVServer = NULL;
     }
-    key_material_params.ulMacSizeInBits = pwSpec->macDef->mac_size * BPB;
 
     calg = cipher_def->calg;
     bulk_mechanism = ssl3_Alg2Mech(calg);
@@ -3538,9 +3934,9 @@ ssl3_DeriveConnectionKeys(sslSocket *ss, PK11SymKey *masterSecret)
 
     /* CKM_SSL3_KEY_AND_MAC_DERIVE is defined to set ENCRYPT, DECRYPT, and
      * DERIVE by DEFAULT */
-    derivedKeyHandle = PK11_Derive(masterSecret, key_derive, &params,
-                                   bulk_mechanism, CKA_ENCRYPT, keySize);
-    if (!derivedKeyHandle) {
+    symKey = PK11_Derive(pwSpec->master_secret, key_derive, &params,
+                         bulk_mechanism, CKA_ENCRYPT, keySize);
+    if (!symKey) {
         ssl_MapLowLevelError(SSL_ERROR_SESSION_KEY_GEN_FAILURE);
         return SECFailure;
     }
@@ -3548,44 +3944,41 @@ ssl3_DeriveConnectionKeys(sslSocket *ss, PK11SymKey *masterSecret)
      * don't because these types are used to map keytype anyway and both
      * mac's map to the same keytype.
      */
-    slot = PK11_GetSlotFromKey(derivedKeyHandle);
+    slot = PK11_GetSlotFromKey(symKey);
 
     PK11_FreeSlot(slot); /* slot is held until the key is freed */
-    clientSpec->keyMaterial.macKey =
-        PK11_SymKeyFromHandle(slot, derivedKeyHandle, PK11_OriginDerive,
-                              CKM_SSL3_SHA1_MAC, returnedKeys.hClientMacSecret,
-                              PR_TRUE, pwArg);
-    if (clientSpec->keyMaterial.macKey == NULL) {
+    pwSpec->client.write_mac_key =
+        PK11_SymKeyFromHandle(slot, symKey, PK11_OriginDerive,
+                              CKM_SSL3_SHA1_MAC, returnedKeys.hClientMacSecret, PR_TRUE, pwArg);
+    if (pwSpec->client.write_mac_key == NULL) {
         goto loser; /* loser sets err */
     }
-    serverSpec->keyMaterial.macKey =
-        PK11_SymKeyFromHandle(slot, derivedKeyHandle, PK11_OriginDerive,
-                              CKM_SSL3_SHA1_MAC, returnedKeys.hServerMacSecret,
-                              PR_TRUE, pwArg);
-    if (serverSpec->keyMaterial.macKey == NULL) {
+    pwSpec->server.write_mac_key =
+        PK11_SymKeyFromHandle(slot, symKey, PK11_OriginDerive,
+                              CKM_SSL3_SHA1_MAC, returnedKeys.hServerMacSecret, PR_TRUE, pwArg);
+    if (pwSpec->server.write_mac_key == NULL) {
         goto loser; /* loser sets err */
     }
     if (!skipKeysAndIVs) {
-        clientSpec->keyMaterial.key =
-            PK11_SymKeyFromHandle(slot, derivedKeyHandle, PK11_OriginDerive,
-                                  bulk_mechanism, returnedKeys.hClientKey,
-                                  PR_TRUE, pwArg);
-        if (clientSpec->keyMaterial.key == NULL) {
+        pwSpec->client.write_key =
+            PK11_SymKeyFromHandle(slot, symKey, PK11_OriginDerive,
+                                  bulk_mechanism, returnedKeys.hClientKey, PR_TRUE, pwArg);
+        if (pwSpec->client.write_key == NULL) {
             goto loser; /* loser sets err */
         }
-        serverSpec->keyMaterial.key =
-            PK11_SymKeyFromHandle(slot, derivedKeyHandle, PK11_OriginDerive,
-                                  bulk_mechanism, returnedKeys.hServerKey,
-                                  PR_TRUE, pwArg);
-        if (serverSpec->keyMaterial.key == NULL) {
+        pwSpec->server.write_key =
+            PK11_SymKeyFromHandle(slot, symKey, PK11_OriginDerive,
+                                  bulk_mechanism, returnedKeys.hServerKey, PR_TRUE, pwArg);
+        if (pwSpec->server.write_key == NULL) {
             goto loser; /* loser sets err */
         }
     }
-    PK11_FreeSymKey(derivedKeyHandle);
+    PK11_FreeSymKey(symKey);
     return SECSuccess;
 
 loser:
-    PK11_FreeSymKey(derivedKeyHandle);
+    if (symKey)
+        PK11_FreeSymKey(symKey);
     ssl_MapLowLevelError(SSL_ERROR_SESSION_KEY_GEN_FAILURE);
     return SECFailure;
 }
@@ -3629,11 +4022,11 @@ ssl3_InitHandshakeHashes(sslSocket *ss)
                 return SECFailure;
             }
             ss->ssl3.hs.hashType = handshake_hash_single;
+
             if (PK11_DigestBegin(ss->ssl3.hs.sha) != SECSuccess) {
                 ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE);
                 return SECFailure;
             }
-
         } else {
             /* Both ss->ssl3.hs.md5 and ss->ssl3.hs.sha should be NULL or
              * created successfully. */
@@ -3724,7 +4117,7 @@ ssl3_UpdateHandshakeHashes(sslSocket *ss, const unsigned char *b, unsigned int l
         return sslBuffer_Append(&ss->ssl3.hs.messages, b, l);
     }
 
-    PRINT_BUF(90, (ss, "handshake hash input:", b, l));
+    PRINT_BUF(90, (NULL, "handshake hash input:", b, l));
 
     if (ss->ssl3.hs.hashType == handshake_hash_single) {
         PORT_Assert(ss->version >= SSL_LIBRARY_VERSION_TLS_1_3);
@@ -3748,8 +4141,104 @@ ssl3_UpdateHandshakeHashes(sslSocket *ss, const unsigned char *b, unsigned int l
     return rv;
 }
 
+/**************************************************************************
+ * Append Handshake functions.
+ * All these functions set appropriate error codes.
+ * Most rely on ssl3_AppendHandshake to set the error code.
+ **************************************************************************/
+SECStatus
+ssl3_AppendHandshake(sslSocket *ss, const void *void_src, PRInt32 bytes)
+{
+    unsigned char *src = (unsigned char *)void_src;
+    int room = ss->sec.ci.sendBuf.space - ss->sec.ci.sendBuf.len;
+    SECStatus rv;
+
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); /* protects sendBuf. */
+
+    if (!bytes)
+        return SECSuccess;
+    if (ss->sec.ci.sendBuf.space < MAX_SEND_BUF_LENGTH && room < bytes) {
+        rv = sslBuffer_Grow(&ss->sec.ci.sendBuf, PR_MAX(MIN_SEND_BUF_LENGTH,
+                                                        PR_MIN(MAX_SEND_BUF_LENGTH, ss->sec.ci.sendBuf.len + bytes)));
+        if (rv != SECSuccess)
+            return rv; /* sslBuffer_Grow has set a memory error code. */
+        room = ss->sec.ci.sendBuf.space - ss->sec.ci.sendBuf.len;
+    }
+
+    PRINT_BUF(60, (ss, "Append to Handshake", (unsigned char *)void_src, bytes));
+    rv = ssl3_UpdateHandshakeHashes(ss, src, bytes);
+    if (rv != SECSuccess)
+        return rv; /* error code set by ssl3_UpdateHandshakeHashes */
+
+    while (bytes > room) {
+        if (room > 0)
+            PORT_Memcpy(ss->sec.ci.sendBuf.buf + ss->sec.ci.sendBuf.len, src,
+                        room);
+        ss->sec.ci.sendBuf.len += room;
+        rv = ssl3_FlushHandshake(ss, ssl_SEND_FLAG_FORCE_INTO_BUFFER);
+        if (rv != SECSuccess) {
+            return rv; /* error code set by ssl3_FlushHandshake */
+        }
+        bytes -= room;
+        src += room;
+        room = ss->sec.ci.sendBuf.space;
+        PORT_Assert(ss->sec.ci.sendBuf.len == 0);
+    }
+    PORT_Memcpy(ss->sec.ci.sendBuf.buf + ss->sec.ci.sendBuf.len, src, bytes);
+    ss->sec.ci.sendBuf.len += bytes;
+    return SECSuccess;
+}
+
+SECStatus
+ssl3_AppendHandshakeNumber(sslSocket *ss, PRInt32 num, PRInt32 lenSize)
+{
+    SECStatus rv;
+    PRUint8 b[4];
+    PRUint8 *p = b;
+
+    PORT_Assert(lenSize <= 4 && lenSize > 0);
+    if (lenSize < 4 && num >= (1L << (lenSize * 8))) {
+        PORT_SetError(SSL_ERROR_TX_RECORD_TOO_LONG);
+        return SECFailure;
+    }
+
+    switch (lenSize) {
+        case 4:
+            *p++ = (num >> 24) & 0xff;
+        case 3:
+            *p++ = (num >> 16) & 0xff;
+        case 2:
+            *p++ = (num >> 8) & 0xff;
+        case 1:
+            *p = num & 0xff;
+    }
+    SSL_TRC(60, ("%d: number:", SSL_GETPID()));
+    rv = ssl3_AppendHandshake(ss, &b[0], lenSize);
+    return rv; /* error code set by AppendHandshake, if applicable. */
+}
+
+SECStatus
+ssl3_AppendHandshakeVariable(
+    sslSocket *ss, const PRUint8 *src, PRInt32 bytes, PRInt32 lenSize)
+{
+    SECStatus rv;
+
+    PORT_Assert((bytes < (1 << 8) && lenSize == 1) ||
+                (bytes < (1L << 16) && lenSize == 2) ||
+                (bytes < (1L << 24) && lenSize == 3));
+
+    SSL_TRC(60, ("%d: append variable:", SSL_GETPID()));
+    rv = ssl3_AppendHandshakeNumber(ss, bytes, lenSize);
+    if (rv != SECSuccess) {
+        return rv; /* error code set by AppendHandshake, if applicable. */
+    }
+    SSL_TRC(60, ("data:"));
+    rv = ssl3_AppendHandshake(ss, src, bytes);
+    return rv; /* error code set by AppendHandshake, if applicable. */
+}
+
 SECStatus
-ssl3_AppendHandshakeHeader(sslSocket *ss, SSLHandshakeType t, PRUint32 length)
+ssl3_AppendHandshakeHeader(sslSocket *ss, SSL3HandshakeType t, PRUint32 length)
 {
     SECStatus rv;
 
@@ -3841,22 +4330,17 @@ ssl3_ConsumeHandshake(sslSocket *ss, void *v, PRUint32 bytes, PRUint8 **b,
  * On error, an alert has been sent, and a generic error code has been set.
  */
 SECStatus
-ssl3_ConsumeHandshakeNumber64(sslSocket *ss, PRUint64 *num, PRUint32 bytes,
-                              PRUint8 **b, PRUint32 *length)
+ssl3_ConsumeHandshakeNumber(sslSocket *ss, PRUint32 *num, PRUint32 bytes,
+                            PRUint8 **b, PRUint32 *length)
 {
     PRUint8 *buf = *b;
-    PRUint32 i;
+    int i;
 
     PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
     PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
 
     *num = 0;
-    if (bytes > sizeof(*num)) {
-        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-        return SECFailure;
-    }
-
-    if (bytes > *length) {
+    if (bytes > *length || bytes > sizeof(*num)) {
         return ssl3_DecodeError(ss);
     }
     PRINT_BUF(60, (ss, "consume bytes:", *b, bytes));
@@ -3869,26 +4353,6 @@ ssl3_ConsumeHandshakeNumber64(sslSocket *ss, PRUint64 *num, PRUint32 bytes,
     return SECSuccess;
 }
 
-SECStatus
-ssl3_ConsumeHandshakeNumber(sslSocket *ss, PRUint32 *num, PRUint32 bytes,
-                            PRUint8 **b, PRUint32 *length)
-{
-    PRUint64 num64;
-    SECStatus rv;
-
-    PORT_Assert(bytes <= sizeof(*num));
-    if (bytes > sizeof(*num)) {
-        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-        return SECFailure;
-    }
-    rv = ssl3_ConsumeHandshakeNumber64(ss, &num64, bytes, b, length);
-    if (rv != SECSuccess) {
-        return SECFailure;
-    }
-    *num = num64 & 0xffffffff;
-    return SECSuccess;
-}
-
 /* Read in two values from the incoming decrypted byte stream "b", which is
  * *length bytes long.  The first value is a number whose size is "bytes"
  * bytes long.  The second value is a byte-string whose size is the value
@@ -4298,8 +4762,6 @@ ssl3_ComputeHandshakeHashes(sslSocket *ss,
         unsigned int md5StateLen, shaStateLen;
         unsigned char md5StackBuf[256];
         unsigned char shaStackBuf[512];
-        const int md5Pad = ssl_GetMacDefByAlg(ssl_mac_md5)->pad_size;
-        const int shaPad = ssl_GetMacDefByAlg(ssl_mac_sha)->pad_size;
 
         md5StateBuf = PK11_SaveContextAlloc(ss->ssl3.hs.md5, md5StackBuf,
                                             sizeof md5StackBuf, &md5StateLen);
@@ -4321,7 +4783,7 @@ ssl3_ComputeHandshakeHashes(sslSocket *ss,
             /* compute hashes for SSL3. */
             unsigned char s[4];
 
-            if (!spec->masterSecret) {
+            if (!spec->master_secret) {
                 PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE);
                 rv = SECFailure;
                 goto loser;
@@ -4337,10 +4799,11 @@ ssl3_ComputeHandshakeHashes(sslSocket *ss,
                 PRINT_BUF(95, (NULL, "MD5 inner: sender", s, 4));
             }
 
-            PRINT_BUF(95, (NULL, "MD5 inner: MAC Pad 1", mac_pad_1, md5Pad));
+            PRINT_BUF(95, (NULL, "MD5 inner: MAC Pad 1", mac_pad_1,
+                           mac_defs[mac_md5].pad_size));
 
-            rv |= PK11_DigestKey(md5, spec->masterSecret);
-            rv |= PK11_DigestOp(md5, mac_pad_1, md5Pad);
+            rv |= PK11_DigestKey(md5, spec->master_secret);
+            rv |= PK11_DigestOp(md5, mac_pad_1, mac_defs[mac_md5].pad_size);
             rv |= PK11_DigestFinal(md5, md5_inner, &outLength, MD5_LENGTH);
             PORT_Assert(rv != SECSuccess || outLength == MD5_LENGTH);
             if (rv != SECSuccess) {
@@ -4356,10 +4819,11 @@ ssl3_ComputeHandshakeHashes(sslSocket *ss,
                 PRINT_BUF(95, (NULL, "SHA inner: sender", s, 4));
             }
 
-            PRINT_BUF(95, (NULL, "SHA inner: MAC Pad 1", mac_pad_1, shaPad));
+            PRINT_BUF(95, (NULL, "SHA inner: MAC Pad 1", mac_pad_1,
+                           mac_defs[mac_sha].pad_size));
 
-            rv |= PK11_DigestKey(sha, spec->masterSecret);
-            rv |= PK11_DigestOp(sha, mac_pad_1, shaPad);
+            rv |= PK11_DigestKey(sha, spec->master_secret);
+            rv |= PK11_DigestOp(sha, mac_pad_1, mac_defs[mac_sha].pad_size);
             rv |= PK11_DigestFinal(sha, sha_inner, &outLength, SHA1_LENGTH);
             PORT_Assert(rv != SECSuccess || outLength == SHA1_LENGTH);
             if (rv != SECSuccess) {
@@ -4370,12 +4834,13 @@ ssl3_ComputeHandshakeHashes(sslSocket *ss,
 
             PRINT_BUF(95, (NULL, "SHA inner: result", sha_inner, outLength));
 
-            PRINT_BUF(95, (NULL, "MD5 outer: MAC Pad 2", mac_pad_2, md5Pad));
+            PRINT_BUF(95, (NULL, "MD5 outer: MAC Pad 2", mac_pad_2,
+                           mac_defs[mac_md5].pad_size));
             PRINT_BUF(95, (NULL, "MD5 outer: MD5 inner", md5_inner, MD5_LENGTH));
 
             rv |= PK11_DigestBegin(md5);
-            rv |= PK11_DigestKey(md5, spec->masterSecret);
-            rv |= PK11_DigestOp(md5, mac_pad_2, md5Pad);
+            rv |= PK11_DigestKey(md5, spec->master_secret);
+            rv |= PK11_DigestOp(md5, mac_pad_2, mac_defs[mac_md5].pad_size);
             rv |= PK11_DigestOp(md5, md5_inner, MD5_LENGTH);
         }
         rv |= PK11_DigestFinal(md5, hashes->u.s.md5, &outLength, MD5_LENGTH);
@@ -4389,12 +4854,13 @@ ssl3_ComputeHandshakeHashes(sslSocket *ss,
         PRINT_BUF(60, (NULL, "MD5 outer: result", hashes->u.s.md5, MD5_LENGTH));
 
         if (!isTLS) {
-            PRINT_BUF(95, (NULL, "SHA outer: MAC Pad 2", mac_pad_2, shaPad));
+            PRINT_BUF(95, (NULL, "SHA outer: MAC Pad 2", mac_pad_2,
+                           mac_defs[mac_sha].pad_size));
             PRINT_BUF(95, (NULL, "SHA outer: SHA inner", sha_inner, SHA1_LENGTH));
 
             rv |= PK11_DigestBegin(sha);
-            rv |= PK11_DigestKey(sha, spec->masterSecret);
-            rv |= PK11_DigestOp(sha, mac_pad_2, shaPad);
+            rv |= PK11_DigestKey(sha, spec->master_secret);
+            rv |= PK11_DigestOp(sha, mac_pad_2, mac_defs[mac_sha].pad_size);
             rv |= PK11_DigestOp(sha, sha_inner, SHA1_LENGTH);
         }
         rv |= PK11_DigestFinal(sha, hashes->u.s.sha, &outLength, SHA1_LENGTH);
@@ -4460,48 +4926,6 @@ ssl_ClientHelloTypeName(sslClientHelloType type)
 #undef CHTYPE
 #endif
 
-PR_STATIC_ASSERT(SSL3_SESSIONID_BYTES == SSL3_RANDOM_LENGTH);
-static void
-ssl_MakeFakeSid(sslSocket *ss, PRUint8 *buf)
-{
-    PRUint8 x = 0x5a;
-    int i;
-    for (i = 0; i < SSL3_SESSIONID_BYTES; ++i) {
-        x += ss->ssl3.hs.client_random[i];
-        buf[i] = x;
-    }
-}
-
-/* Set the version fields of the cipher spec for a ClientHello. */
-static void
-ssl_SetClientHelloSpecVersion(sslSocket *ss, ssl3CipherSpec *spec)
-{
-    ssl_GetSpecWriteLock(ss);
-    PORT_Assert(spec->cipherDef->cipher == cipher_null);
-    /* This is - a best guess - but it doesn't matter here. */
-    spec->version = ss->vrange.max;
-    if (IS_DTLS(ss)) {
-        spec->recordVersion = SSL_LIBRARY_VERSION_DTLS_1_0_WIRE;
-    } else {
-        /* For new connections, cap the record layer version number of TLS
-         * ClientHello to { 3, 1 } (TLS 1.0). Some TLS 1.0 servers (which seem
-         * to use F5 BIG-IP) ignore ClientHello.client_version and use the
-         * record layer version number (TLSPlaintext.version) instead when
-         * negotiating protocol versions. In addition, if the record layer
-         * version number of ClientHello is { 3, 2 } (TLS 1.1) or higher, these
-         * servers reset the TCP connections. Lastly, some F5 BIG-IP servers
-         * hang if a record containing a ClientHello has a version greater than
-         * { 3, 1 } and a length greater than 255. Set this flag to work around
-         * such servers.
-         *
-         * The final version is set when a version is negotiated.
-         */
-        spec->recordVersion = PR_MIN(SSL_LIBRARY_VERSION_TLS_1_0,
-                                     ss->vrange.max);
-    }
-    ssl_ReleaseSpecWriteLock(ss);
-}
-
 /* Called from ssl3_HandleHelloRequest(),
  *             ssl3_RedoHandshake()
  *             ssl_BeginClientHandshake (when resuming ssl3 session)
@@ -4518,18 +4942,18 @@ SECStatus
 ssl3_SendClientHello(sslSocket *ss, sslClientHelloType type)
 {
     sslSessionID *sid;
+    ssl3CipherSpec *cwSpec;
     SECStatus rv;
-    unsigned int i;
-    unsigned int length;
-    unsigned int num_suites;
-    unsigned int actual_count = 0;
+    int i;
+    int length;
+    int num_suites;
+    int actual_count = 0;
     PRBool isTLS = PR_FALSE;
     PRBool requestingResume = PR_FALSE, fallbackSCSV = PR_FALSE;
-    PRBool unlockNeeded = PR_FALSE;
-    sslBuffer extensionBuf = SSL_BUFFER_EMPTY;
-    PRUint16 version = ss->vrange.max;
+    PRInt32 total_exten_len = 0;
+    unsigned numCompressionMethods;
+    PRUint16 version;
     PRInt32 flags;
-    unsigned int cookieLen = ss->ssl3.hs.cookie.len;
 
     SSL_TRC(3, ("%d: SSL3[%d]: send %s ClientHello handshake", SSL_GETPID(),
                 ss->fd, ssl_ClientHelloTypeName(type)));
@@ -4548,26 +4972,22 @@ ssl3_SendClientHello(sslSocket *ss, sslClientHelloType type)
      * to maintain the handshake hashes. */
     if (ss->ssl3.hs.helloRetry) {
         PORT_Assert(type == client_hello_retry);
-        /* This cookieLen applies to the cookie that appears in the DTLS
-           ClientHello, which isn't used in DTLS 1.3. */
-        cookieLen = 0;
     } else {
+        ssl3_InitState(ss);
         ssl3_RestartHandshakeHashes(ss);
     }
 
-    if (type == client_hello_initial) {
-        ssl_SetClientHelloSpecVersion(ss, ss->ssl3.cwSpec);
-    }
     /* These must be reset every handshake. */
-    ssl3_ResetExtensionData(&ss->xtnData, ss);
     ss->ssl3.hs.sendingSCSV = PR_FALSE;
     ss->ssl3.hs.preliminaryInfo = 0;
     PORT_Assert(IS_DTLS(ss) || type != client_hello_retransmit);
     SECITEM_FreeItem(&ss->ssl3.hs.newSessionTicket.ticket, PR_FALSE);
     ss->ssl3.hs.receivedNewSessionTicket = PR_FALSE;
+    ssl3_ResetExtensionData(&ss->xtnData);
 
     /* How many suites does our PKCS11 support (regardless of policy)? */
-    if (ssl3_config_match_init(ss) == 0) {
+    num_suites = ssl3_config_match_init(ss);
+    if (!num_suites) {
         return SECFailure; /* ssl3_config_match_init has set error code. */
     }
 
@@ -4615,7 +5035,7 @@ ssl3_SendClientHello(sslSocket *ss, sslClientHelloType type)
         }
 
         /* Check that we can recover the master secret. */
-        if (sidOK) {
+        if (sidOK && sid->u.ssl3.keys.msIsWrapped) {
             PK11SlotInfo *slot = NULL;
             if (sid->u.ssl3.masterValid) {
                 slot = SECMOD_LookupSlot(sid->u.ssl3.masterModuleID,
@@ -4680,6 +5100,8 @@ ssl3_SendClientHello(sslSocket *ss, sslClientHelloType type)
                 if (sid->version < ss->vrange.min ||
                     sid->version > ss->vrange.max) {
                     sidOK = PR_FALSE;
+                } else {
+                    version = ss->vrange.max;
                 }
             }
         }
@@ -4713,6 +5135,8 @@ ssl3_SendClientHello(sslSocket *ss, sslClientHelloType type)
          */
         if (ss->firstHsDone) {
             version = ss->clientHelloVersion;
+        } else {
+            version = ss->vrange.max;
         }
 
         sid = ssl3_NewSessionID(ss, PR_FALSE);
@@ -4725,9 +5149,10 @@ ssl3_SendClientHello(sslSocket *ss, sslClientHelloType type)
 
     isTLS = (version > SSL_LIBRARY_VERSION_3_0);
     ssl_GetSpecWriteLock(ss);
-    if (ss->ssl3.cwSpec->macDef->mac == ssl_mac_null) {
+    cwSpec = ss->ssl3.cwSpec;
+    if (cwSpec->mac_def->mac == mac_null) {
         /* SSL records are not being MACed. */
-        ss->ssl3.cwSpec->version = version;
+        cwSpec->version = version;
     }
     ssl_ReleaseSpecWriteLock(ss);
 
@@ -4751,10 +5176,9 @@ ssl3_SendClientHello(sslSocket *ss, sslClientHelloType type)
      * NewSessionTicket that will cause the ticket in the sid to be replaced.
      * Once we've copied the session ticket into our ClientHello message, it
      * is OK for the ticket to change, so we just need to make sure we hold
-     * the lock across the calls to ssl_ConstructExtensions.
+     * the lock across the calls to ssl3_CallHelloExtensionSenders.
      */
     if (sid->u.ssl3.lock) {
-        unlockNeeded = PR_TRUE;
         PR_RWLock_Rlock(sid->u.ssl3.lock);
     }
 
@@ -4762,14 +5186,24 @@ ssl3_SendClientHello(sslSocket *ss, sslClientHelloType type)
         type == client_hello_initial) {
         rv = tls13_SetupClientHello(ss);
         if (rv != SECSuccess) {
-            goto loser;
+            return SECFailure;
         }
     }
     if (isTLS || (ss->firstHsDone && ss->peerRequestedProtection)) {
-        rv = ssl_ConstructExtensions(ss, &extensionBuf, ssl_hs_client_hello);
-        if (rv != SECSuccess) {
-            goto loser;
+        PRUint32 maxBytes = 65535; /* 2^16 - 1 */
+        PRInt32 extLen;
+
+        extLen = ssl3_CallHelloExtensionSenders(ss, PR_FALSE, maxBytes, NULL);
+        if (extLen < 0) {
+            if (sid->u.ssl3.lock) {
+                PR_RWLock_Unlock(sid->u.ssl3.lock);
+            }
+            return SECFailure;
         }
+        total_exten_len += extLen;
+
+        if (total_exten_len > 0)
+            total_exten_len += 2;
     }
 
     if (IS_DTLS(ss)) {
@@ -4779,7 +5213,10 @@ ssl3_SendClientHello(sslSocket *ss, sslClientHelloType type)
     /* how many suites are permitted by policy and user preference? */
     num_suites = count_cipher_suites(ss, ss->ssl3.policy);
     if (!num_suites) {
-        goto loser; /* count_cipher_suites has set error code. */
+        if (sid->u.ssl3.lock) {
+            PR_RWLock_Unlock(sid->u.ssl3.lock);
+        }
+        return SECFailure; /* count_cipher_suites has set error code. */
     }
 
     fallbackSCSV = ss->opt.enableFallbackSCSV && (!requestingResume ||
@@ -4792,30 +5229,37 @@ ssl3_SendClientHello(sslSocket *ss, sslClientHelloType type)
         ++num_suites;
     }
 
+    /* count compression methods */
+    numCompressionMethods = 0;
+    for (i = 0; i < ssl_compression_method_count; i++) {
+        if (ssl_CompressionEnabled(ss, ssl_compression_methods[i]))
+            numCompressionMethods++;
+    }
+
     length = sizeof(SSL3ProtocolVersion) + SSL3_RANDOM_LENGTH +
-             1 + /* session id */
+             1 + (sid->version >= SSL_LIBRARY_VERSION_TLS_1_3
+                      ? 0
+                      : sid->u.ssl3.sessionIDLength) +
              2 + num_suites * sizeof(ssl3CipherSuite) +
-             1 + 1 /* compression methods */;
-    if (sid->version < SSL_LIBRARY_VERSION_TLS_1_3) {
-        length += sid->u.ssl3.sessionIDLength;
-    } else if (ss->opt.enableTls13CompatMode && !IS_DTLS(ss)) {
-        length += SSL3_SESSIONID_BYTES;
-    }
+             1 + numCompressionMethods + total_exten_len;
     if (IS_DTLS(ss)) {
-        length += 1 + cookieLen;
+        length += 1 + ss->ssl3.hs.cookie.len;
     }
 
-    if (extensionBuf.len) {
-        rv = ssl_InsertPaddingExtension(ss, length, &extensionBuf);
-        if (rv != SECSuccess) {
-            goto loser; /* err set by ssl_InsertPaddingExtension */
+    if (total_exten_len > 0) {
+        ssl3_CalculatePaddingExtLen(ss, length);
+        if (ss->xtnData.paddingLen) {
+            total_exten_len += 4 + ss->xtnData.paddingLen;
+            length += 4 + ss->xtnData.paddingLen;
         }
-        length += 2 + extensionBuf.len;
     }
 
-    rv = ssl3_AppendHandshakeHeader(ss, ssl_hs_client_hello, length);
+    rv = ssl3_AppendHandshakeHeader(ss, client_hello, length);
     if (rv != SECSuccess) {
-        goto loser; /* err set by ssl3_AppendHandshake* */
+        if (sid->u.ssl3.lock) {
+            PR_RWLock_Unlock(sid->u.ssl3.lock);
+        }
+        return rv; /* err set by ssl3_AppendHandshake* */
     }
 
     if (ss->firstHsDone) {
@@ -4833,49 +5277,60 @@ ssl3_SendClientHello(sslSocket *ss, sslClientHelloType type)
         rv = ssl3_AppendHandshakeNumber(ss, ss->clientHelloVersion, 2);
     }
     if (rv != SECSuccess) {
-        goto loser; /* err set by ssl3_AppendHandshake* */
+        if (sid->u.ssl3.lock) {
+            PR_RWLock_Unlock(sid->u.ssl3.lock);
+        }
+        return rv; /* err set by ssl3_AppendHandshake* */
     }
 
     /* Generate a new random if this is the first attempt. */
     if (type == client_hello_initial) {
-        rv = ssl3_GetNewRandom(ss->ssl3.hs.client_random);
+        rv = ssl3_GetNewRandom(&ss->ssl3.hs.client_random);
         if (rv != SECSuccess) {
-            goto loser; /* err set by GetNewRandom. */
+            if (sid->u.ssl3.lock) {
+                PR_RWLock_Unlock(sid->u.ssl3.lock);
+            }
+            return rv; /* err set by GetNewRandom. */
         }
     }
-    rv = ssl3_AppendHandshake(ss, ss->ssl3.hs.client_random,
+    rv = ssl3_AppendHandshake(ss, &ss->ssl3.hs.client_random,
                               SSL3_RANDOM_LENGTH);
     if (rv != SECSuccess) {
-        goto loser; /* err set by ssl3_AppendHandshake* */
+        if (sid->u.ssl3.lock) {
+            PR_RWLock_Unlock(sid->u.ssl3.lock);
+        }
+        return rv; /* err set by ssl3_AppendHandshake* */
     }
 
-    if (sid->version < SSL_LIBRARY_VERSION_TLS_1_3) {
+    if (sid->version < SSL_LIBRARY_VERSION_TLS_1_3)
         rv = ssl3_AppendHandshakeVariable(
             ss, sid->u.ssl3.sessionID, sid->u.ssl3.sessionIDLength, 1);
-    } else if (ss->opt.enableTls13CompatMode && !IS_DTLS(ss)) {
-        /* We're faking session resumption, so rather than create new
-         * randomness, just mix up the client random a little. */
-        PRUint8 buf[SSL3_SESSIONID_BYTES];
-        ssl_MakeFakeSid(ss, buf);
-        rv = ssl3_AppendHandshakeVariable(ss, buf, SSL3_SESSIONID_BYTES, 1);
-    } else {
+    else
         rv = ssl3_AppendHandshakeNumber(ss, 0, 1);
-    }
     if (rv != SECSuccess) {
-        goto loser; /* err set by ssl3_AppendHandshake* */
+        if (sid->u.ssl3.lock) {
+            PR_RWLock_Unlock(sid->u.ssl3.lock);
+        }
+        return rv; /* err set by ssl3_AppendHandshake* */
     }
 
     if (IS_DTLS(ss)) {
         rv = ssl3_AppendHandshakeVariable(
-            ss, ss->ssl3.hs.cookie.data, cookieLen, 1);
+            ss, ss->ssl3.hs.cookie.data, ss->ssl3.hs.cookie.len, 1);
         if (rv != SECSuccess) {
-            goto loser; /* err set by ssl3_AppendHandshake* */
+            if (sid->u.ssl3.lock) {
+                PR_RWLock_Unlock(sid->u.ssl3.lock);
+            }
+            return rv; /* err set by ssl3_AppendHandshake* */
         }
     }
 
     rv = ssl3_AppendHandshakeNumber(ss, num_suites * sizeof(ssl3CipherSuite), 2);
     if (rv != SECSuccess) {
-        goto loser; /* err set by ssl3_AppendHandshake* */
+        if (sid->u.ssl3.lock) {
+            PR_RWLock_Unlock(sid->u.ssl3.lock);
+        }
+        return rv; /* err set by ssl3_AppendHandshake* */
     }
 
     if (ss->ssl3.hs.sendingSCSV) {
@@ -4883,7 +5338,10 @@ ssl3_SendClientHello(sslSocket *ss, sslClientHelloType type)
         rv = ssl3_AppendHandshakeNumber(ss, TLS_EMPTY_RENEGOTIATION_INFO_SCSV,
                                         sizeof(ssl3CipherSuite));
         if (rv != SECSuccess) {
-            goto loser; /* err set by ssl3_AppendHandshake* */
+            if (sid->u.ssl3.lock) {
+                PR_RWLock_Unlock(sid->u.ssl3.lock);
+            }
+            return rv; /* err set by ssl3_AppendHandshake* */
         }
         actual_count++;
     }
@@ -4891,7 +5349,10 @@ ssl3_SendClientHello(sslSocket *ss, sslClientHelloType type)
         rv = ssl3_AppendHandshakeNumber(ss, TLS_FALLBACK_SCSV,
                                         sizeof(ssl3CipherSuite));
         if (rv != SECSuccess) {
-            goto loser; /* err set by ssl3_AppendHandshake* */
+            if (sid->u.ssl3.lock) {
+                PR_RWLock_Unlock(sid->u.ssl3.lock);
+            }
+            return rv; /* err set by ssl3_AppendHandshake* */
         }
         actual_count++;
     }
@@ -4900,14 +5361,20 @@ ssl3_SendClientHello(sslSocket *ss, sslClientHelloType type)
         if (config_match(suite, ss->ssl3.policy, &ss->vrange, ss)) {
             actual_count++;
             if (actual_count > num_suites) {
+                if (sid->u.ssl3.lock) {
+                    PR_RWLock_Unlock(sid->u.ssl3.lock);
+                }
                 /* set error card removal/insertion error */
                 PORT_SetError(SSL_ERROR_TOKEN_INSERTION_REMOVAL);
-                goto loser;
+                return SECFailure;
             }
             rv = ssl3_AppendHandshakeNumber(ss, suite->cipher_suite,
                                             sizeof(ssl3CipherSuite));
             if (rv != SECSuccess) {
-                goto loser; /* err set by ssl3_AppendHandshake* */
+                if (sid->u.ssl3.lock) {
+                    PR_RWLock_Unlock(sid->u.ssl3.lock);
+                }
+                return rv; /* err set by ssl3_AppendHandshake* */
             }
         }
     }
@@ -4917,37 +5384,57 @@ ssl3_SendClientHello(sslSocket *ss, sslClientHelloType type)
      * the server.. */
     if (actual_count != num_suites) {
         /* Card removal/insertion error */
+        if (sid->u.ssl3.lock) {
+            PR_RWLock_Unlock(sid->u.ssl3.lock);
+        }
         PORT_SetError(SSL_ERROR_TOKEN_INSERTION_REMOVAL);
-        goto loser;
+        return SECFailure;
     }
 
-    /* Compression methods: count is always 1, null compression. */
-    rv = ssl3_AppendHandshakeNumber(ss, 1, 1);
+    rv = ssl3_AppendHandshakeNumber(ss, numCompressionMethods, 1);
     if (rv != SECSuccess) {
-        goto loser; /* err set by ssl3_AppendHandshake* */
+        if (sid->u.ssl3.lock) {
+            PR_RWLock_Unlock(sid->u.ssl3.lock);
+        }
+        return rv; /* err set by ssl3_AppendHandshake* */
     }
-    rv = ssl3_AppendHandshakeNumber(ss, ssl_compression_null, 1);
-    if (rv != SECSuccess) {
-        goto loser; /* err set by ssl3_AppendHandshake* */
+    for (i = 0; i < ssl_compression_method_count; i++) {
+        if (!ssl_CompressionEnabled(ss, ssl_compression_methods[i]))
+            continue;
+        rv = ssl3_AppendHandshakeNumber(ss, ssl_compression_methods[i], 1);
+        if (rv != SECSuccess) {
+            if (sid->u.ssl3.lock) {
+                PR_RWLock_Unlock(sid->u.ssl3.lock);
+            }
+            return rv; /* err set by ssl3_AppendHandshake* */
+        }
     }
 
-    if (extensionBuf.len) {
-        /* If we are sending a PSK binder, replace the dummy value.  Note that
-         * we only set statelessResume on the client in TLS 1.3. */
-        if (ss->statelessResume &&
-            ss->xtnData.sentSessionTicketInClientHello) {
-            rv = tls13_WriteExtensionsWithBinder(ss, &extensionBuf);
-        } else {
-            rv = ssl3_AppendBufferToHandshakeVariable(ss, &extensionBuf, 2);
-        }
+    if (total_exten_len) {
+        PRUint32 maxBytes = total_exten_len - 2;
+        PRInt32 extLen;
+
+        rv = ssl3_AppendHandshakeNumber(ss, maxBytes, 2);
         if (rv != SECSuccess) {
-            goto loser; /* err set by AppendHandshake. */
+            if (sid->u.ssl3.lock) {
+                PR_RWLock_Unlock(sid->u.ssl3.lock);
+            }
+            return rv; /* err set by AppendHandshake. */
+        }
+
+        extLen = ssl3_CallHelloExtensionSenders(ss, PR_TRUE, maxBytes, NULL);
+        if (extLen < 0) {
+            if (sid->u.ssl3.lock) {
+                PR_RWLock_Unlock(sid->u.ssl3.lock);
+            }
+            return SECFailure;
         }
+        maxBytes -= extLen;
+
+        PORT_Assert(!maxBytes);
     }
 
-    sslBuffer_Clear(&extensionBuf);
-    if (unlockNeeded) {
-        /* Note: goto loser can't be used past this point. */
+    if (sid->u.ssl3.lock) {
         PR_RWLock_Unlock(sid->u.ssl3.lock);
     }
 
@@ -4963,6 +5450,9 @@ ssl3_SendClientHello(sslSocket *ss, sslClientHelloType type)
     }
 
     flags = 0;
+    if (!ss->firstHsDone && !IS_DTLS(ss)) {
+        flags |= ssl_SEND_FLAG_CAP_RECORD_VERSION;
+    }
     rv = ssl3_FlushHandshake(ss, flags);
     if (rv != SECSuccess) {
         return rv; /* error code set by ssl3_FlushHandshake */
@@ -4977,13 +5467,6 @@ ssl3_SendClientHello(sslSocket *ss, sslClientHelloType type)
 
     ss->ssl3.hs.ws = wait_server_hello;
     return SECSuccess;
-
-loser:
-    if (unlockNeeded) {
-        PR_RWLock_Unlock(sid->u.ssl3.lock);
-    }
-    sslBuffer_Clear(&extensionBuf);
-    return SECFailure;
 }
 
 /* Called from ssl3_HandlePostHelloHandshakeMessage() when it has deciphered a
@@ -5535,7 +6018,7 @@ ssl3_SendRSAClientKeyExchange(sslSocket *ss, SECKEYPublicKey *svrPubKey)
 
     /* Generate the pre-master secret ...  */
     ssl_GetSpecWriteLock(ss);
-    isTLS = (PRBool)(ss->version > SSL_LIBRARY_VERSION_3_0);
+    isTLS = (PRBool)(ss->ssl3.pwSpec->version > SSL_LIBRARY_VERSION_3_0);
 
     pms = ssl3_GenerateRSAPMS(ss, ss->ssl3.pwSpec, NULL);
     ssl_ReleaseSpecWriteLock(ss);
@@ -5558,20 +6041,41 @@ ssl3_SendRSAClientKeyExchange(sslSocket *ss, SECKEYPublicKey *svrPubKey)
         goto loser;
     }
 
-#ifdef TRACE
-    if (ssl_trace >= 100) {
+#ifdef NSS_ALLOW_SSLKEYLOGFILE
+    if (ssl_keylog_iob) {
         SECStatus extractRV = PK11_ExtractKeyValue(pms);
         if (extractRV == SECSuccess) {
             SECItem *keyData = PK11_GetKeyData(pms);
             if (keyData && keyData->data && keyData->len) {
-                ssl_PrintBuf(ss, "Pre-Master Secret",
-                             keyData->data, keyData->len);
+#ifdef TRACE
+                if (ssl_trace >= 100) {
+                    ssl_PrintBuf(ss, "Pre-Master Secret",
+                                 keyData->data, keyData->len);
+                }
+#endif
+                if (ssl_keylog_iob && enc_pms.len >= 8 && keyData->len == 48) {
+                    /* https://developer.mozilla.org/en/NSS_Key_Log_Format */
+
+                    /* There could be multiple, concurrent writers to the
+                     * keylog, so we have to do everything in a single call to
+                     * fwrite. */
+                    char buf[4 + 8 * 2 + 1 + 48 * 2 + 1];
+
+                    strcpy(buf, "RSA ");
+                    hexEncode(buf + 4, enc_pms.data, 8);
+                    buf[20] = ' ';
+                    hexEncode(buf + 21, keyData->data, 48);
+                    buf[sizeof(buf) - 1] = '\n';
+
+                    fwrite(buf, sizeof(buf), 1, ssl_keylog_iob);
+                    fflush(ssl_keylog_iob);
+                }
             }
         }
     }
 #endif
 
-    rv = ssl3_AppendHandshakeHeader(ss, ssl_hs_client_key_exchange,
+    rv = ssl3_AppendHandshakeHeader(ss, client_key_exchange,
                                     isTLS ? enc_pms.len + 2
                                           : enc_pms.len);
     if (rv != SECSuccess) {
@@ -5586,7 +6090,7 @@ ssl3_SendRSAClientKeyExchange(sslSocket *ss, SECKEYPublicKey *svrPubKey)
         goto loser; /* err set by ssl3_AppendHandshake* */
     }
 
-    rv = ssl3_InitPendingCipherSpecs(ss, pms, PR_TRUE);
+    rv = ssl3_InitPendingCipherSpec(ss, pms);
     PK11_FreeSymKey(pms);
     pms = NULL;
 
@@ -5610,27 +6114,27 @@ loser:
 /* DH shares need to be padded to the size of their prime.  Some implementations
  * require this.  TLS 1.3 also requires this. */
 SECStatus
-ssl_AppendPaddedDHKeyShare(sslBuffer *buf, const SECKEYPublicKey *pubKey,
+ssl_AppendPaddedDHKeyShare(const sslSocket *ss, const SECKEYPublicKey *pubKey,
                            PRBool appendLength)
 {
     SECStatus rv;
     unsigned int pad = pubKey->u.dh.prime.len - pubKey->u.dh.publicValue.len;
 
     if (appendLength) {
-        rv = sslBuffer_AppendNumber(buf, pubKey->u.dh.prime.len, 2);
+        rv = ssl3_ExtAppendHandshakeNumber(ss, pubKey->u.dh.prime.len, 2);
         if (rv != SECSuccess) {
             return rv;
         }
     }
     while (pad) {
-        rv = sslBuffer_AppendNumber(buf, 0, 1);
+        rv = ssl3_ExtAppendHandshakeNumber(ss, 0, 1);
         if (rv != SECSuccess) {
             return rv;
         }
         --pad;
     }
-    rv = sslBuffer_Append(buf, pubKey->u.dh.publicValue.data,
-                          pubKey->u.dh.publicValue.len);
+    rv = ssl3_ExtAppendHandshake(ss, pubKey->u.dh.publicValue.data,
+                                 pubKey->u.dh.publicValue.len);
     if (rv != SECSuccess) {
         return rv;
     }
@@ -5654,13 +6158,11 @@ ssl3_SendDHClientKeyExchange(sslSocket *ss, SECKEYPublicKey *svrPubKey)
     };
     sslEphemeralKeyPair *keyPair = NULL;
     SECKEYPublicKey *pubKey;
-    PRUint8 dhData[1026]; /* Enough for the 8192-bit group. */
-    sslBuffer dhBuf = SSL_BUFFER(dhData);
 
     PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
     PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
 
-    isTLS = (PRBool)(ss->version > SSL_LIBRARY_VERSION_3_0);
+    isTLS = (PRBool)(ss->ssl3.pwSpec->version > SSL_LIBRARY_VERSION_3_0);
 
     /* Copy DH parameters from server key */
 
@@ -5715,27 +6217,22 @@ ssl3_SendDHClientKeyExchange(sslSocket *ss, SECKEYPublicKey *svrPubKey)
     }
 
     /* Note: send the DH share padded to avoid triggering bugs. */
-    rv = ssl3_AppendHandshakeHeader(ss, ssl_hs_client_key_exchange,
+    rv = ssl3_AppendHandshakeHeader(ss, client_key_exchange,
                                     params->prime.len + 2);
     if (rv != SECSuccess) {
         goto loser; /* err set by ssl3_AppendHandshake* */
     }
-    rv = ssl_AppendPaddedDHKeyShare(&dhBuf, pubKey, PR_TRUE);
+    rv = ssl_AppendPaddedDHKeyShare(ss, pubKey, PR_TRUE);
     if (rv != SECSuccess) {
         goto loser; /* err set by ssl_AppendPaddedDHKeyShare */
     }
-    rv = ssl3_AppendBufferToHandshake(ss, &dhBuf);
-    if (rv != SECSuccess) {
-        goto loser; /* err set by ssl3_AppendBufferToHandshake */
-    }
 
-    rv = ssl3_InitPendingCipherSpecs(ss, pms, PR_TRUE);
+    rv = ssl3_InitPendingCipherSpec(ss, pms);
     if (rv != SECSuccess) {
         ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
         goto loser;
     }
 
-    sslBuffer_Clear(&dhBuf);
     PK11_FreeSymKey(pms);
     ssl_FreeEphemeralKeyPair(keyPair);
     return SECSuccess;
@@ -5745,7 +6242,6 @@ loser:
         PK11_FreeSymKey(pms);
     if (keyPair)
         ssl_FreeEphemeralKeyPair(keyPair);
-    sslBuffer_Clear(&dhBuf);
     return SECFailure;
 }
 
@@ -5926,8 +6422,8 @@ ssl3_PickServerSignatureScheme(sslSocket *ss)
 
     /* Sets error code, if needed. */
     return ssl_PickSignatureScheme(ss, keyPair->pubKey, keyPair->privKey,
-                                   ss->xtnData.sigSchemes,
-                                   ss->xtnData.numSigSchemes,
+                                   ss->xtnData.clientSigSchemes,
+                                   ss->xtnData.numClientSigScheme,
                                    PR_FALSE /* requireSha1 */);
 }
 
@@ -6044,7 +6540,7 @@ ssl3_SendCertificateVerify(sslSocket *ss, SECKEYPrivateKey *privKey)
 
     len = buf.len + 2 + (isTLS12 ? 2 : 0);
 
-    rv = ssl3_AppendHandshakeHeader(ss, ssl_hs_certificate_verify, len);
+    rv = ssl3_AppendHandshakeHeader(ss, certificate_verify, len);
     if (rv != SECSuccess) {
         goto done; /* error code set by AppendHandshake */
     }
@@ -6068,9 +6564,11 @@ done:
 /* Once a cipher suite has been selected, make sure that the necessary secondary
  * information is properly set. */
 SECStatus
-ssl3_SetupCipherSuite(sslSocket *ss, PRBool initHashes)
+ssl3_SetCipherSuite(sslSocket *ss, ssl3CipherSuite chosenSuite,
+                    PRBool initHashes)
 {
-    ss->ssl3.hs.suite_def = ssl_LookupCipherSuiteDef(ss->ssl3.hs.cipher_suite);
+    ss->ssl3.hs.cipher_suite = chosenSuite;
+    ss->ssl3.hs.suite_def = ssl_LookupCipherSuiteDef(chosenSuite);
     if (!ss->ssl3.hs.suite_def) {
         PORT_Assert(0);
         PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
@@ -6083,53 +6581,10 @@ ssl3_SetupCipherSuite(sslSocket *ss, PRBool initHashes)
     if (!initHashes) {
         return SECSuccess;
     }
-    /* Now we have a cipher suite, initialize the handshake hashes. */
+    /* Now we've have a cipher suite, initialize the handshake hashes. */
     return ssl3_InitHandshakeHashes(ss);
 }
 
-SECStatus
-ssl_ClientSetCipherSuite(sslSocket *ss, SSL3ProtocolVersion version,
-                         ssl3CipherSuite suite, PRBool initHashes)
-{
-    unsigned int i;
-    if (ssl3_config_match_init(ss) == 0) {
-        PORT_Assert(PR_FALSE);
-        return SECFailure;
-    }
-    for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) {
-        ssl3CipherSuiteCfg *suiteCfg = &ss->cipherSuites[i];
-        if (suite == suiteCfg->cipher_suite) {
-            SSLVersionRange vrange = { version, version };
-            if (!config_match(suiteCfg, ss->ssl3.policy, &vrange, ss)) {
-                /* config_match already checks whether the cipher suite is
-                 * acceptable for the version, but the check is repeated here
-                 * in order to give a more precise error code. */
-                if (!ssl3_CipherSuiteAllowedForVersionRange(suite, &vrange)) {
-                    PORT_SetError(SSL_ERROR_CIPHER_DISALLOWED_FOR_VERSION);
-                } else {
-                    PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP);
-                }
-                return SECFailure;
-            }
-            break;
-        }
-    }
-    if (i >= ssl_V3_SUITES_IMPLEMENTED) {
-        PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP);
-        return SECFailure;
-    }
-
-    /* Don't let the server change its mind. */
-    if (ss->ssl3.hs.helloRetry && suite != ss->ssl3.hs.cipher_suite) {
-        (void)SSL3_SendAlert(ss, alert_fatal, illegal_parameter);
-        PORT_SetError(SSL_ERROR_RX_MALFORMED_SERVER_HELLO);
-        return SECFailure;
-    }
-
-    ss->ssl3.hs.cipher_suite = (ssl3CipherSuite)suite;
-    return ssl3_SetupCipherSuite(ss, initHashes);
-}
-
 /* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete
  * ssl3 ServerHello message.
  * Caller must hold Handshake and RecvBuf locks.
@@ -6137,16 +6592,14 @@ ssl_ClientSetCipherSuite(sslSocket *ss, SSL3ProtocolVersion version,
 static SECStatus
 ssl3_HandleServerHello(sslSocket *ss, PRUint8 *b, PRUint32 length)
 {
-    PRUint32 cipher;
+    PRUint32 temp;
+    PRBool suite_found = PR_FALSE;
+    int i;
     int errCode = SSL_ERROR_RX_MALFORMED_SERVER_HELLO;
-    PRUint32 compression;
     SECStatus rv;
     SECItem sidBytes = { siBuffer, NULL, 0 };
-    PRBool isHelloRetry;
+    PRBool isTLS = PR_FALSE;
     SSL3AlertDescription desc = illegal_parameter;
-    TLSExtension *versionExtension;
-    const PRUint8 *savedMsg = b;
-    const PRUint32 savedLength = length;
 #ifndef TLS_1_3_DRAFT_VERSION
     SSL3ProtocolVersion downgradeCheckVersion;
 #endif
@@ -6155,6 +6608,7 @@ ssl3_HandleServerHello(sslSocket *ss, PRUint8 *b, PRUint32 length)
                 SSL_GETPID(), ss->fd));
     PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
     PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+    PORT_Assert(ss->ssl3.initialized);
 
     if (ss->ssl3.hs.ws != wait_server_hello) {
         errCode = SSL_ERROR_RX_UNEXPECTED_SERVER_HELLO;
@@ -6176,95 +6630,11 @@ ssl3_HandleServerHello(sslSocket *ss, PRUint8 *b, PRUint32 length)
         ss->ssl3.clientPrivateKey = NULL;
     }
 
-    /* Note that if the server selects TLS 1.3, this will set the version to TLS
-     * 1.2.  We will amend that once all other fields have been read. */
     rv = ssl_ClientReadVersion(ss, &b, &length, &ss->version);
     if (rv != SECSuccess) {
         goto loser; /* alert has been sent */
     }
 
-    rv = ssl3_ConsumeHandshake(
-        ss, ss->ssl3.hs.server_random, SSL3_RANDOM_LENGTH, &b, &length);
-    if (rv != SECSuccess) {
-        goto loser; /* alert has been sent */
-    }
-    isHelloRetry = !PORT_Memcmp(ss->ssl3.hs.server_random,
-                                ssl_hello_retry_random, SSL3_RANDOM_LENGTH);
-
-    rv = ssl3_ConsumeHandshakeVariable(ss, &sidBytes, 1, &b, &length);
-    if (rv != SECSuccess) {
-        goto loser; /* alert has been sent */
-    }
-    if (sidBytes.len > SSL3_SESSIONID_BYTES) {
-        if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_0)
-            desc = decode_error;
-        goto alert_loser; /* malformed. */
-    }
-
-    /* Read the cipher suite. */
-    rv = ssl3_ConsumeHandshakeNumber(ss, &cipher, 2, &b, &length);
-    if (rv != SECSuccess) {
-        goto loser; /* alert has been sent */
-    }
-
-    /* Compression method. */
-    rv = ssl3_ConsumeHandshakeNumber(ss, &compression, 1, &b, &length);
-    if (rv != SECSuccess) {
-        goto loser; /* alert has been sent */
-    }
-    if (compression != ssl_compression_null) {
-        desc = illegal_parameter;
-        errCode = SSL_ERROR_RX_MALFORMED_SERVER_HELLO;
-        goto alert_loser;
-    }
-
-    /* Parse extensions. */
-    if (length != 0) {
-        PRUint32 extensionLength;
-        rv = ssl3_ConsumeHandshakeNumber(ss, &extensionLength, 2, &b, &length);
-        if (rv != SECSuccess) {
-            goto loser; /* alert already sent */
-        }
-        if (extensionLength != length) {
-            desc = decode_error;
-            goto alert_loser;
-        }
-        rv = ssl3_ParseExtensions(ss, &b, &length);
-        if (rv != SECSuccess) {
-            goto alert_loser; /* malformed */
-        }
-    }
-
-    /* Update the version based on the extension, as necessary. */
-    versionExtension = ssl3_FindExtension(ss, ssl_tls13_supported_versions_xtn);
-    if (versionExtension) {
-        rv = ssl_ClientReadVersion(ss, &versionExtension->data.data,
-                                   &versionExtension->data.len,
-                                   &ss->version);
-        if (rv != SECSuccess) {
-            errCode = PORT_GetError();
-            goto loser; /* An alert is sent by ssl_ClientReadVersion */
-        }
-    }
-
-    PORT_Assert(!SSL_ALL_VERSIONS_DISABLED(&ss->vrange));
-    /* Check that the version is within the configured range. */
-    if (ss->vrange.min > ss->version || ss->vrange.max < ss->version) {
-        desc = (ss->version > SSL_LIBRARY_VERSION_3_0)
-                   ? protocol_version
-                   : handshake_failure;
-        errCode = SSL_ERROR_UNSUPPORTED_VERSION;
-        goto alert_loser;
-    }
-
-    if (isHelloRetry && ss->ssl3.hs.helloRetry) {
-        SSL_TRC(3, ("%d: SSL3[%d]: received a second hello_retry_request",
-                    SSL_GETPID(), ss->fd));
-        desc = unexpected_message;
-        errCode = SSL_ERROR_RX_UNEXPECTED_HELLO_RETRY_REQUEST;
-        goto alert_loser;
-    }
-
     /* The server didn't pick 1.3 although we either received a
      * HelloRetryRequest, or we prepared to send early app data. */
     if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) {
@@ -6287,10 +6657,18 @@ ssl3_HandleServerHello(sslSocket *ss, PRUint8 *b, PRUint32 length)
      * us to be getting this version number, but it's what we have.
      * (1294697). */
     if (ss->firstHsDone && (ss->version != ss->ssl3.crSpec->version)) {
-        desc = protocol_version;
+        desc = illegal_parameter;
         errCode = SSL_ERROR_UNSUPPORTED_VERSION;
         goto alert_loser;
     }
+    ss->ssl3.hs.preliminaryInfo |= ssl_preinfo_version;
+    isTLS = (ss->version > SSL_LIBRARY_VERSION_3_0);
+
+    rv = ssl3_ConsumeHandshake(
+        ss, &ss->ssl3.hs.server_random, SSL3_RANDOM_LENGTH, &b, &length);
+    if (rv != SECSuccess) {
+        goto loser; /* alert has been sent */
+    }
 
 #ifndef TLS_1_3_DRAFT_VERSION
     /* Check the ServerHello.random per
@@ -6310,8 +6688,8 @@ ssl3_HandleServerHello(sslSocket *ss, PRUint8 *b, PRUint32 length)
     if (downgradeCheckVersion >= SSL_LIBRARY_VERSION_TLS_1_2 &&
         downgradeCheckVersion > ss->version) {
         /* Both sections use the same sentinel region. */
-        PRUint8 *downgrade_sentinel =
-            ss->ssl3.hs.server_random +
+        unsigned char *downgrade_sentinel =
+            ss->ssl3.hs.server_random.rand +
             SSL3_RANDOM_LENGTH - sizeof(tls13_downgrade_random);
         if (!PORT_Memcmp(downgrade_sentinel,
                          tls13_downgrade_random,
@@ -6326,64 +6704,110 @@ ssl3_HandleServerHello(sslSocket *ss, PRUint8 *b, PRUint32 length)
     }
 #endif
 
-    /* Finally, now all the version-related checks have passed. */
-    ss->ssl3.hs.preliminaryInfo |= ssl_preinfo_version;
-    /* Update the write cipher spec to match the version. But not after
-     * HelloRetryRequest, because cwSpec might be a 0-RTT cipher spec. */
-    if (!ss->firstHsDone && !ss->ssl3.hs.helloRetry) {
-        ssl_GetSpecWriteLock(ss);
-        ssl_SetSpecVersions(ss, ss->ssl3.cwSpec);
-        ssl_ReleaseSpecWriteLock(ss);
-    }
-
-    /* Check that the session ID is as expected. */
-    if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_3) {
-        PRUint8 buf[SSL3_SESSIONID_BYTES];
-        unsigned int expectedSidLen;
-        if (ss->opt.enableTls13CompatMode && !IS_DTLS(ss)) {
-            expectedSidLen = SSL3_SESSIONID_BYTES;
-            ssl_MakeFakeSid(ss, buf);
-        } else {
-            expectedSidLen = 0;
+    if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) {
+        rv = ssl3_ConsumeHandshakeVariable(ss, &sidBytes, 1, &b, &length);
+        if (rv != SECSuccess) {
+            goto loser; /* alert has been sent */
         }
-        if (sidBytes.len != expectedSidLen ||
-            (expectedSidLen > 0 &&
-             PORT_Memcmp(buf, sidBytes.data, expectedSidLen) != 0)) {
-            desc = illegal_parameter;
-            errCode = SSL_ERROR_RX_MALFORMED_SERVER_HELLO;
-            goto alert_loser;
+        if (sidBytes.len > SSL3_SESSIONID_BYTES) {
+            if (isTLS)
+                desc = decode_error;
+            goto alert_loser; /* malformed. */
         }
     }
 
-    /* Only initialize hashes if this isn't a Hello Retry. */
-    rv = ssl_ClientSetCipherSuite(ss, ss->version, cipher,
-                                  !isHelloRetry);
+    /* find selected cipher suite in our list. */
+    rv = ssl3_ConsumeHandshakeNumber(ss, &temp, 2, &b, &length);
     if (rv != SECSuccess) {
-        desc = illegal_parameter;
+        goto loser; /* alert has been sent */
+    }
+    i = ssl3_config_match_init(ss);
+    PORT_Assert(i > 0);
+    if (i <= 0) {
         errCode = PORT_GetError();
-        goto alert_loser;
+        goto loser;
     }
+    for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) {
+        ssl3CipherSuiteCfg *suite = &ss->cipherSuites[i];
+        if (temp == suite->cipher_suite) {
+            SSLVersionRange vrange = { ss->version, ss->version };
+            if (!config_match(suite, ss->ssl3.policy, &vrange, ss)) {
+                /* config_match already checks whether the cipher suite is
+                 * acceptable for the version, but the check is repeated here
+                 * in order to give a more precise error code. */
+                if (!ssl3_CipherSuiteAllowedForVersionRange(temp, &vrange)) {
+                    desc = handshake_failure;
+                    errCode = SSL_ERROR_CIPHER_DISALLOWED_FOR_VERSION;
+                    goto alert_loser;
+                }
 
-    dtls_ReceivedFirstMessageInFlight(ss);
+                break; /* failure */
+            }
 
-    if (isHelloRetry) {
-        rv = tls13_HandleHelloRetryRequest(ss, savedMsg, savedLength);
-        if (rv != SECSuccess) {
-            goto loser;
+            suite_found = PR_TRUE;
+            break; /* success */
         }
-        return SECSuccess;
+    }
+    if (!suite_found) {
+        desc = handshake_failure;
+        errCode = SSL_ERROR_NO_CYPHER_OVERLAP;
+        goto alert_loser;
     }
 
-    rv = ssl3_HandleParsedExtensions(ss, ssl_hs_server_hello);
-    ssl3_DestroyRemoteExtensions(&ss->ssl3.hs.remoteExtensions);
+    rv = ssl3_SetCipherSuite(ss, (ssl3CipherSuite)temp, PR_TRUE);
     if (rv != SECSuccess) {
+        desc = internal_error;
+        errCode = PORT_GetError();
         goto alert_loser;
     }
 
-    rv = ssl_HashHandshakeMessage(ss, ssl_hs_server_hello,
-                                  savedMsg, savedLength);
-    if (rv != SECSuccess) {
-        goto loser;
+    if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) {
+        /* find selected compression method in our list. */
+        rv = ssl3_ConsumeHandshakeNumber(ss, &temp, 1, &b, &length);
+        if (rv != SECSuccess) {
+            goto loser; /* alert has been sent */
+        }
+        suite_found = PR_FALSE;
+        for (i = 0; i < ssl_compression_method_count; i++) {
+            if (temp == ssl_compression_methods[i]) {
+                if (!ssl_CompressionEnabled(ss, ssl_compression_methods[i])) {
+                    break; /* failure */
+                }
+                suite_found = PR_TRUE;
+                break; /* success */
+            }
+        }
+        if (!suite_found) {
+            desc = handshake_failure;
+            errCode = SSL_ERROR_NO_COMPRESSION_OVERLAP;
+            goto alert_loser;
+        }
+        ss->ssl3.hs.compression = (SSLCompressionMethod)temp;
+    } else {
+        ss->ssl3.hs.compression = ssl_compression_null;
+    }
+
+    /* Note that if !isTLS and the extra stuff is not extensions, we
+     * do NOT goto alert_loser.
+     * There are some old SSL 3.0 implementations that do send stuff
+     * after the end of the server hello, and we deliberately ignore
+     * such stuff in the interest of maximal interoperability (being
+     * "generous in what you accept").
+     * Update: Starting in NSS 3.12.6, we handle the renegotiation_info
+     * extension in SSL 3.0.
+     */
+    if (length != 0) {
+        SECItem extensions;
+        rv = ssl3_ConsumeHandshakeVariable(ss, &extensions, 2, &b, &length);
+        if (rv != SECSuccess || length != 0) {
+            if (isTLS)
+                goto alert_loser;
+        } else {
+            rv = ssl3_HandleExtensions(ss, &extensions.data,
+                                       &extensions.len, server_hello);
+            if (rv != SECSuccess)
+                goto alert_loser;
+        }
     }
 
     if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_3) {
@@ -6411,51 +6835,6 @@ loser:
 }
 
 static SECStatus
-ssl3_UnwrapMasterSecretClient(sslSocket *ss, sslSessionID *sid, PK11SymKey **ms)
-{
-    PK11SlotInfo *slot;
-    PK11SymKey *wrapKey;
-    CK_FLAGS keyFlags = 0;
-    SECItem wrappedMS = {
-        siBuffer,
-        sid->u.ssl3.keys.wrapped_master_secret,
-        sid->u.ssl3.keys.wrapped_master_secret_len
-    };
-
-    /* unwrap master secret */
-    slot = SECMOD_LookupSlot(sid->u.ssl3.masterModuleID,
-                             sid->u.ssl3.masterSlotID);
-    if (slot == NULL) {
-        return SECFailure;
-    }
-    if (!PK11_IsPresent(slot)) {
-        PK11_FreeSlot(slot);
-        return SECFailure;
-    }
-    wrapKey = PK11_GetWrapKey(slot, sid->u.ssl3.masterWrapIndex,
-                              sid->u.ssl3.masterWrapMech,
-                              sid->u.ssl3.masterWrapSeries,
-                              ss->pkcs11PinArg);
-    PK11_FreeSlot(slot);
-    if (wrapKey == NULL) {
-        return SECFailure;
-    }
-
-    if (ss->version > SSL_LIBRARY_VERSION_3_0) { /* isTLS */
-        keyFlags = CKF_SIGN | CKF_VERIFY;
-    }
-
-    *ms = PK11_UnwrapSymKeyWithFlags(wrapKey, sid->u.ssl3.masterWrapMech,
-                                     NULL, &wrappedMS, CKM_SSL3_MASTER_KEY_DERIVE,
-                                     CKA_DERIVE, SSL3_MASTER_SECRET_LENGTH, keyFlags);
-    PK11_FreeSymKey(wrapKey);
-    if (!*ms) {
-        return SECFailure;
-    }
-    return SECSuccess;
-}
-
-static SECStatus
 ssl3_HandleServerHelloPart2(sslSocket *ss, const SECItem *sidBytes,
                             int *retErrCode)
 {
@@ -6481,7 +6860,7 @@ ssl3_HandleServerHelloPart2(sslSocket *ss, const SECItem *sidBytes,
 
     /* we need to call ssl3_SetupPendingCipherSpec here so we can check the
      * key exchange algorithm. */
-    rv = ssl3_SetupBothPendingCipherSpecs(ss);
+    rv = ssl3_SetupPendingCipherSpec(ss);
     if (rv != SECSuccess) {
         goto alert_loser; /* error code is set. */
     }
@@ -6504,7 +6883,9 @@ ssl3_HandleServerHelloPart2(sslSocket *ss, const SECItem *sidBytes,
             goto alert_loser;
         }
         do {
-            PK11SymKey *masterSecret;
+            ssl3CipherSpec *pwSpec = ss->ssl3.pwSpec;
+
+            SECItem wrappedMS; /* wrapped master secret. */
 
             /* [draft-ietf-tls-session-hash-06; Section 5.3]
              *
@@ -6536,12 +6917,60 @@ ssl3_HandleServerHelloPart2(sslSocket *ss, const SECItem *sidBytes,
             ss->sec.authKeyBits = sid->authKeyBits;
             ss->sec.keaType = sid->keaType;
             ss->sec.keaKeyBits = sid->keaKeyBits;
-            ss->sec.originalKeaGroup = ssl_LookupNamedGroup(sid->keaGroup);
-            ss->sec.signatureScheme = sid->sigScheme;
 
-            rv = ssl3_UnwrapMasterSecretClient(ss, sid, &masterSecret);
-            if (rv != SECSuccess) {
-                break; /* not considered an error */
+            if (sid->u.ssl3.keys.msIsWrapped) {
+                PK11SlotInfo *slot;
+                PK11SymKey *wrapKey; /* wrapping key */
+                CK_FLAGS keyFlags = 0;
+
+                /* unwrap master secret */
+                slot = SECMOD_LookupSlot(sid->u.ssl3.masterModuleID,
+                                         sid->u.ssl3.masterSlotID);
+                if (slot == NULL) {
+                    break; /* not considered an error. */
+                }
+                if (!PK11_IsPresent(slot)) {
+                    PK11_FreeSlot(slot);
+                    break; /* not considered an error. */
+                }
+                wrapKey = PK11_GetWrapKey(slot, sid->u.ssl3.masterWrapIndex,
+                                          sid->u.ssl3.masterWrapMech,
+                                          sid->u.ssl3.masterWrapSeries,
+                                          ss->pkcs11PinArg);
+                PK11_FreeSlot(slot);
+                if (wrapKey == NULL) {
+                    break; /* not considered an error. */
+                }
+
+                if (ss->version > SSL_LIBRARY_VERSION_3_0) { /* isTLS */
+                    keyFlags =
+                        CKF_SIGN | CKF_VERIFY;
+                }
+
+                wrappedMS.data = sid->u.ssl3.keys.wrapped_master_secret;
+                wrappedMS.len = sid->u.ssl3.keys.wrapped_master_secret_len;
+                pwSpec->master_secret =
+                    PK11_UnwrapSymKeyWithFlags(wrapKey, sid->u.ssl3.masterWrapMech,
+                                               NULL, &wrappedMS, CKM_SSL3_MASTER_KEY_DERIVE,
+                                               CKA_DERIVE, sizeof(SSL3MasterSecret), keyFlags);
+                errCode = PORT_GetError();
+                PK11_FreeSymKey(wrapKey);
+                if (pwSpec->master_secret == NULL) {
+                    break; /* errorCode set just after call to UnwrapSymKey. */
+                }
+            } else {
+                /* need to import the raw master secret to session object */
+                PK11SlotInfo *slot = PK11_GetInternalSlot();
+                wrappedMS.data = sid->u.ssl3.keys.wrapped_master_secret;
+                wrappedMS.len = sid->u.ssl3.keys.wrapped_master_secret_len;
+                pwSpec->master_secret =
+                    PK11_ImportSymKey(slot, CKM_SSL3_MASTER_KEY_DERIVE,
+                                      PK11_OriginUnwrap, CKA_ENCRYPT,
+                                      &wrappedMS, NULL);
+                PK11_FreeSlot(slot);
+                if (pwSpec->master_secret == NULL) {
+                    break;
+                }
             }
 
             /* Got a Match */
@@ -6563,8 +6992,8 @@ ssl3_HandleServerHelloPart2(sslSocket *ss, const SECItem *sidBytes,
                 ss->sec.peerCert = CERT_DupCertificate(sid->peerCert);
             }
 
-            /* We are re-using the old MS, so no need to derive again. */
-            rv = ssl3_InitPendingCipherSpecs(ss, masterSecret, PR_FALSE);
+            /* NULL value for PMS because we are reusing the old MS */
+            rv = ssl3_InitPendingCipherSpec(ss, NULL);
             if (rv != SECSuccess) {
                 goto alert_loser; /* err code was set */
             }
@@ -6669,11 +7098,11 @@ ssl_HandleDHServerKeyExchange(sslSocket *ss, PRUint8 *b, PRUint32 length)
     }
 
     rv = NSS_OptionGet(NSS_DH_MIN_KEY_SIZE, &minDH);
-    if (rv != SECSuccess || minDH <= 0) {
+    if (rv != SECSuccess) {
         minDH = SSL_DH_MIN_P_BITS;
     }
     dh_p_bits = SECKEY_BigIntegerBitLength(&dh_p);
-    if (dh_p_bits < (unsigned)minDH) {
+    if (dh_p_bits < minDH) {
         errCode = SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY;
         goto alert_loser;
     }
@@ -6854,7 +7283,7 @@ typedef struct dnameNode {
  */
 SECStatus
 ssl3_ParseCertificateRequestCAs(sslSocket *ss, PRUint8 **b, PRUint32 *length,
-                                CERTDistNames *ca_list)
+                                PLArenaPool *arena, CERTDistNames *ca_list)
 {
     PRUint32 remaining;
     int nnames = 0;
@@ -6869,7 +7298,7 @@ ssl3_ParseCertificateRequestCAs(sslSocket *ss, PRUint8 **b, PRUint32 *length,
     if (remaining > *length)
         goto alert_loser;
 
-    ca_list->head = node = PORT_ArenaZNew(ca_list->arena, dnameNode);
+    ca_list->head = node = PORT_ArenaZNew(arena, dnameNode);
     if (node == NULL)
         goto no_mem;
 
@@ -6895,14 +7324,14 @@ ssl3_ParseCertificateRequestCAs(sslSocket *ss, PRUint8 **b, PRUint32 *length,
         if (remaining <= 0)
             break; /* success */
 
-        node->next = PORT_ArenaZNew(ca_list->arena, dnameNode);
+        node->next = PORT_ArenaZNew(arena, dnameNode);
         node = node->next;
         if (node == NULL)
             goto no_mem;
     }
 
     ca_list->nnames = nnames;
-    ca_list->names = PORT_ArenaNewArray(ca_list->arena, SECItem, nnames);
+    ca_list->names = PORT_ArenaNewArray(arena, SECItem, nnames);
     if (nnames > 0 && ca_list->names == NULL)
         goto no_mem;
 
@@ -7046,7 +7475,7 @@ ssl3_HandleCertificateRequest(sslSocket *ss, PRUint8 *b, PRUint32 length)
         }
     }
 
-    rv = ssl3_ParseCertificateRequestCAs(ss, &b, &length, &ca_list);
+    rv = ssl3_ParseCertificateRequestCAs(ss, &b, &length, arena, &ca_list);
     if (rv != SECSuccess)
         goto done; /* alert sent in ssl3_ParseCertificateRequestCAs */
 
@@ -7146,7 +7575,7 @@ ssl3_CompleteHandleCertificateRequest(sslSocket *ss,
         case SECFailure:
         default:
         send_no_certificate:
-            if (ss->version > SSL_LIBRARY_VERSION_3_0) {
+            if (ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0) {
                 ss->ssl3.sendEmptyCert = PR_TRUE;
             } else {
                 (void)SSL3_SendAlert(ss, alert_warning, no_certificate);
@@ -7177,7 +7606,7 @@ ssl3_CheckFalseStart(sslSocket *ss)
          * sufficiently strong that the attack can gain no advantage.
          * Therefore we always require an 80-bit cipher. */
         ssl_GetSpecReadLock(ss);
-        maybeFalseStart = ss->ssl3.cwSpec->cipherDef->secret_key_size >= 10;
+        maybeFalseStart = ss->ssl3.cwSpec->cipher_def->secret_key_size >= 10;
         ssl_ReleaseSpecReadLock(ss);
 
         if (!maybeFalseStart) {
@@ -7429,7 +7858,7 @@ ssl3_SendHelloRequest(sslSocket *ss)
     PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
     PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
 
-    rv = ssl3_AppendHandshakeHeader(ss, ssl_hs_hello_request, 0);
+    rv = ssl3_AppendHandshakeHeader(ss, hello_request, 0);
     if (rv != SECSuccess) {
         return rv; /* err set by AppendHandshake */
     }
@@ -7498,7 +7927,6 @@ ssl3_NewSessionID(sslSocket *ss, PRBool is_server)
     sid->references = 1;
     sid->cached = never_cached;
     sid->version = ss->version;
-    sid->sigScheme = ssl_sig_none;
 
     sid->u.ssl3.keys.resumable = PR_TRUE;
     sid->u.ssl3.policy = SSL_ALLOWED;
@@ -7609,8 +8037,8 @@ SECStatus
 ssl3_NegotiateCipherSuite(sslSocket *ss, const SECItem *suites,
                           PRBool initHashes)
 {
-    unsigned int j;
-    unsigned int i;
+    int j;
+    int i;
 
     for (j = 0; j < ssl_V3_SUITES_IMPLEMENTED; j++) {
         ssl3CipherSuiteCfg *suite = &ss->cipherSuites[j];
@@ -7621,8 +8049,7 @@ ssl3_NegotiateCipherSuite(sslSocket *ss, const SECItem *suites,
         for (i = 0; i + 1 < suites->len; i += 2) {
             PRUint16 suite_i = (suites->data[i] << 8) | suites->data[i + 1];
             if (suite_i == suite->cipher_suite) {
-                ss->ssl3.hs.cipher_suite = suite_i;
-                return ssl3_SetupCipherSuite(ss, initHashes);
+                return ssl3_SetCipherSuite(ss, suite_i, initHashes);
             }
         }
     }
@@ -7721,6 +8148,7 @@ ssl3_ServerCallSNICallback(sslSocket *ss)
                  * and save the name. */
                 SECStatus rv;
                 SECItem *name = &ss->xtnData.sniNameArr[ret];
+                int configedCiphers;
                 SECItem *pwsName;
 
                 /* get rid of the old name and save the newly picked. */
@@ -7749,7 +8177,8 @@ ssl3_ServerCallSNICallback(sslSocket *ss)
                     ret = SSL_SNI_SEND_ALERT;
                     break;
                 }
-                if (ssl3_config_match_init(ss) == 0) {
+                configedCiphers = ssl3_config_match_init(ss);
+                if (configedCiphers <= 0) {
                     /* no ciphers are working/supported */
                     errCode = PORT_GetError();
                     desc = handshake_failure;
@@ -7760,7 +8189,7 @@ ssl3_ServerCallSNICallback(sslSocket *ss)
                  * the name from the offered list and reconfigured the socket.
                  */
                 ssl3_RegisterExtensionSender(ss, &ss->xtnData, ssl_server_name_xtn,
-                                             ssl_SendEmptyExtension);
+                                             ssl3_SendServerNameXtn);
             } else {
                 /* Callback returned index outside of the boundary. */
                 PORT_Assert((unsigned int)ret < ss->xtnData.sniNameArrSize);
@@ -7859,14 +8288,13 @@ ssl3_HandleClientHello(sslSocket *ss, PRUint8 *b, PRUint32 length)
     SECItem suites = { siBuffer, NULL, 0 };
     SECItem comps = { siBuffer, NULL, 0 };
     PRBool isTLS13;
-    const PRUint8 *savedMsg = b;
-    const PRUint32 savedLen = length;
 
     SSL_TRC(3, ("%d: SSL3[%d]: handle client_hello handshake",
                 SSL_GETPID(), ss->fd));
 
     PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
     PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+    PORT_Assert(ss->ssl3.initialized);
     ss->ssl3.hs.preliminaryInfo = 0;
 
     if (!ss->sec.isServer ||
@@ -7891,9 +8319,6 @@ ssl3_HandleClientHello(sslSocket *ss, PRUint8 *b, PRUint32 length)
         }
     }
 
-    /* We should always be in a fresh state. */
-    SSL_ASSERT_HASHES_EMPTY(ss);
-
     /* Get peer name of client */
     rv = ssl_GetPeerInfo(ss);
     if (rv != SECSuccess) {
@@ -7903,7 +8328,7 @@ ssl3_HandleClientHello(sslSocket *ss, PRUint8 *b, PRUint32 length)
     /* We might be starting session renegotiation in which case we should
      * clear previous state.
      */
-    ssl3_ResetExtensionData(&ss->xtnData, ss);
+    ssl3_ResetExtensionData(&ss->xtnData);
     ss->statelessResume = PR_FALSE;
 
     if (IS_DTLS(ss)) {
@@ -7924,7 +8349,7 @@ ssl3_HandleClientHello(sslSocket *ss, PRUint8 *b, PRUint32 length)
 
     /* Grab the client random data. */
     rv = ssl3_ConsumeHandshake(
-        ss, ss->ssl3.hs.client_random, SSL3_RANDOM_LENGTH, &b, &length);
+        ss, &ss->ssl3.hs.client_random, SSL3_RANDOM_LENGTH, &b, &length);
     if (rv != SECSuccess) {
         goto loser; /* malformed */
     }
@@ -7941,9 +8366,6 @@ ssl3_HandleClientHello(sslSocket *ss, PRUint8 *b, PRUint32 length)
         if (rv != SECSuccess) {
             goto loser; /* malformed */
         }
-        if (cookieBytes.len != 0) {
-            goto loser; /* We never send cookies in DTLS 1.2. */
-        }
     }
 
     /* Grab the list of cipher suites. */
@@ -7967,15 +8389,14 @@ ssl3_HandleClientHello(sslSocket *ss, PRUint8 *b, PRUint32 length)
 
     if (length) {
         /* Get length of hello extensions */
-        PRUint32 extensionLength;
-        rv = ssl3_ConsumeHandshakeNumber(ss, &extensionLength, 2, &b, &length);
+        PRUint32 extension_length;
+        rv = ssl3_ConsumeHandshakeNumber(ss, &extension_length, 2, &b, &length);
         if (rv != SECSuccess) {
             goto loser; /* alert already sent */
         }
-        if (extensionLength != length) {
-            errCode = SSL_ERROR_RX_MALFORMED_CLIENT_HELLO;
-            desc = decode_error;
-            goto alert_loser;
+        if (extension_length != length) {
+            ssl3_DecodeError(ss); /* send alert */
+            goto loser;
         }
 
         rv = ssl3_ParseExtensions(ss, &b, &length);
@@ -8006,35 +8427,17 @@ ssl3_HandleClientHello(sslSocket *ss, PRUint8 *b, PRUint32 length)
             goto alert_loser;
         }
     }
-
-    if (ss->firstHsDone && ss->version >= SSL_LIBRARY_VERSION_TLS_1_3) {
-        desc = unexpected_message;
-        errCode = SSL_ERROR_RENEGOTIATION_NOT_ALLOWED;
-        goto alert_loser;
-    }
-
     isTLS13 = ss->version >= SSL_LIBRARY_VERSION_TLS_1_3;
     ss->ssl3.hs.preliminaryInfo |= ssl_preinfo_version;
-    /* Update the write spec to match the selected version. */
-    if (!ss->firstHsDone) {
-        ssl_GetSpecWriteLock(ss);
-        ssl_SetSpecVersions(ss, ss->ssl3.cwSpec);
-        ssl_ReleaseSpecWriteLock(ss);
-    }
 
-    if (isTLS13 && sidBytes.len > 0 && !IS_DTLS(ss)) {
-        SECITEM_FreeItem(&ss->ssl3.hs.fakeSid, PR_FALSE);
-        rv = SECITEM_CopyItem(NULL, &ss->ssl3.hs.fakeSid, &sidBytes);
-        if (rv != SECSuccess) {
-            desc = internal_error;
-            errCode = PORT_GetError();
-            goto alert_loser;
-        }
+    /* You can't resume TLS 1.3 like this. */
+    if (isTLS13 && sidBytes.len) {
+        goto alert_loser;
     }
 
     /* Generate the Server Random now so it is available
      * when we process the ClientKeyShare in TLS 1.3 */
-    rv = ssl3_GetNewRandom(ss->ssl3.hs.server_random);
+    rv = ssl3_GetNewRandom(&ss->ssl3.hs.server_random);
     if (rv != SECSuccess) {
         errCode = SSL_ERROR_GENERATE_RANDOM_FAILURE;
         goto loser;
@@ -8060,8 +8463,8 @@ ssl3_HandleClientHello(sslSocket *ss, PRUint8 *b, PRUint32 length)
      * we ship the final version of TLS 1.3. Bug 1306672.
      */
     if (ss->vrange.max > ss->version) {
-        PRUint8 *downgrade_sentinel =
-            ss->ssl3.hs.server_random +
+        unsigned char *downgrade_sentinel =
+            ss->ssl3.hs.server_random.rand +
             SSL3_RANDOM_LENGTH - sizeof(tls13_downgrade_random);
 
         switch (ss->vrange.max) {
@@ -8082,25 +8485,8 @@ ssl3_HandleClientHello(sslSocket *ss, PRUint8 *b, PRUint32 length)
     }
 #endif
 
-    /* If there is a cookie, then this is a second ClientHello (TLS 1.3). */
-    if (ssl3_FindExtension(ss, ssl_tls13_cookie_xtn)) {
-        ss->ssl3.hs.helloRetry = PR_TRUE;
-    }
-
-    if (ss->ssl3.hs.receivedCcs) {
-        /* This is only valid if we sent HelloRetryRequest, so we should have
-         * negotiated TLS 1.3 and there should be a cookie extension. */
-        if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3 ||
-            !ss->ssl3.hs.helloRetry) {
-            desc = unexpected_message;
-            errCode = SSL_ERROR_RX_UNEXPECTED_CHANGE_CIPHER;
-            goto alert_loser;
-        }
-    }
-
     /* Now parse the rest of the extensions. */
-    rv = ssl3_HandleParsedExtensions(ss, ssl_hs_client_hello);
-    ssl3_DestroyRemoteExtensions(&ss->ssl3.hs.remoteExtensions);
+    rv = ssl3_HandleParsedExtensions(ss, client_hello);
     if (rv != SECSuccess) {
         goto loser; /* malformed */
     }
@@ -8123,12 +8509,6 @@ ssl3_HandleClientHello(sslSocket *ss, PRUint8 *b, PRUint32 length)
         if (comps.len != 1 || comps.data[0] != ssl_compression_null) {
             goto alert_loser;
         }
-    } else {
-        /* Other versions need to include null somewhere. */
-        if (comps.len < 1 ||
-            !memchr(comps.data, ssl_compression_null, comps.len)) {
-            goto alert_loser;
-        }
     }
 
     if (!ssl3_ExtensionNegotiated(ss, ssl_renegotiation_info_xtn)) {
@@ -8141,30 +8521,34 @@ ssl3_HandleClientHello(sslSocket *ss, PRUint8 *b, PRUint32 length)
             if (suite_i == TLS_EMPTY_RENEGOTIATION_INFO_SCSV) {
                 PRUint8 *b2 = (PRUint8 *)emptyRIext;
                 PRUint32 L2 = sizeof emptyRIext;
-                (void)ssl3_HandleExtensions(ss, &b2, &L2, ssl_hs_client_hello);
+                (void)ssl3_HandleExtensions(ss, &b2, &L2, client_hello);
                 break;
             }
         }
     }
-
-    /* The check for renegotiation in TLS 1.3 is earlier. */
-    if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) {
-        if (ss->firstHsDone &&
-            (ss->opt.enableRenegotiation == SSL_RENEGOTIATE_REQUIRES_XTN ||
-             ss->opt.enableRenegotiation == SSL_RENEGOTIATE_TRANSITIONAL) &&
-            !ssl3_ExtensionNegotiated(ss, ssl_renegotiation_info_xtn)) {
-            desc = no_renegotiation;
-            level = alert_warning;
-            errCode = SSL_ERROR_RENEGOTIATION_NOT_ALLOWED;
-            goto alert_loser;
-        }
-        if ((ss->opt.requireSafeNegotiation ||
-             (ss->firstHsDone && ss->peerRequestedProtection)) &&
-            !ssl3_ExtensionNegotiated(ss, ssl_renegotiation_info_xtn)) {
-            desc = handshake_failure;
-            errCode = SSL_ERROR_UNSAFE_NEGOTIATION;
-            goto alert_loser;
-        }
+    /* This is a second check for TLS 1.3 and re-handshake to stop us
+     * from re-handshake up to TLS 1.3, so it happens after version
+     * negotiation. */
+    if (ss->firstHsDone && ss->version >= SSL_LIBRARY_VERSION_TLS_1_3) {
+        desc = unexpected_message;
+        errCode = SSL_ERROR_RENEGOTIATION_NOT_ALLOWED;
+        goto alert_loser;
+    }
+    if (ss->firstHsDone &&
+        (ss->opt.enableRenegotiation == SSL_RENEGOTIATE_REQUIRES_XTN ||
+         ss->opt.enableRenegotiation == SSL_RENEGOTIATE_TRANSITIONAL) &&
+        !ssl3_ExtensionNegotiated(ss, ssl_renegotiation_info_xtn)) {
+        desc = no_renegotiation;
+        level = alert_warning;
+        errCode = SSL_ERROR_RENEGOTIATION_NOT_ALLOWED;
+        goto alert_loser;
+    }
+    if ((ss->opt.requireSafeNegotiation ||
+         (ss->firstHsDone && ss->peerRequestedProtection)) &&
+        !ssl3_ExtensionNegotiated(ss, ssl_renegotiation_info_xtn)) {
+        desc = handshake_failure;
+        errCode = SSL_ERROR_UNSAFE_NEGOTIATION;
+        goto alert_loser;
     }
 
     /* We do stateful resumes only if we are in TLS < 1.3 and
@@ -8237,14 +8621,21 @@ ssl3_HandleClientHello(sslSocket *ss, PRUint8 *b, PRUint32 length)
 
     if (IS_DTLS(ss)) {
         ssl3_DisableNonDTLSSuites(ss);
-        dtls_ReceivedFirstMessageInFlight(ss);
     }
 
+#ifdef PARANOID
+    /* Look for a matching cipher suite. */
+    j = ssl3_config_match_init(ss);
+    if (j <= 0) {                  /* no ciphers are working/supported by PK11 */
+        errCode = PORT_GetError(); /* error code is already set. */
+        goto alert_loser;
+    }
+#endif
+
     if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_3) {
-        rv = tls13_HandleClientHelloPart2(ss, &suites, sid, savedMsg, savedLen);
+        rv = tls13_HandleClientHelloPart2(ss, &suites, sid);
     } else {
-        rv = ssl3_HandleClientHelloPart2(ss, &suites, sid,
-                                         savedMsg, savedLen);
+        rv = ssl3_HandleClientHelloPart2(ss, &suites, &comps, sid);
     }
     if (rv != SECSuccess) {
         errCode = PORT_GetError();
@@ -8261,60 +8652,22 @@ loser:
 }
 
 static SECStatus
-ssl3_UnwrapMasterSecretServer(sslSocket *ss, sslSessionID *sid, PK11SymKey **ms)
-{
-    PK11SymKey *wrapKey;
-    CK_FLAGS keyFlags = 0;
-    SECItem wrappedMS = {
-        siBuffer,
-        sid->u.ssl3.keys.wrapped_master_secret,
-        sid->u.ssl3.keys.wrapped_master_secret_len
-    };
-
-    wrapKey = ssl3_GetWrappingKey(ss, NULL, sid->u.ssl3.masterWrapMech,
-                                  ss->pkcs11PinArg);
-    if (!wrapKey) {
-        return SECFailure;
-    }
-
-    if (ss->version > SSL_LIBRARY_VERSION_3_0) { /* isTLS */
-        keyFlags = CKF_SIGN | CKF_VERIFY;
-    }
-
-    /* unwrap the master secret. */
-    *ms = PK11_UnwrapSymKeyWithFlags(wrapKey, sid->u.ssl3.masterWrapMech,
-                                     NULL, &wrappedMS, CKM_SSL3_MASTER_KEY_DERIVE,
-                                     CKA_DERIVE, SSL3_MASTER_SECRET_LENGTH, keyFlags);
-    PK11_FreeSymKey(wrapKey);
-    if (!*ms) {
-        return SECFailure;
-    }
-    return SECSuccess;
-}
-
-static SECStatus
 ssl3_HandleClientHelloPart2(sslSocket *ss,
                             SECItem *suites,
-                            sslSessionID *sid,
-                            const PRUint8 *msg,
-                            unsigned int len)
+                            SECItem *comps,
+                            sslSessionID *sid)
 {
+    PRBool haveSpecWriteLock = PR_FALSE;
     PRBool haveXmitBufLock = PR_FALSE;
     int errCode = SSL_ERROR_RX_MALFORMED_CLIENT_HELLO;
     SSL3AlertDescription desc = illegal_parameter;
     SECStatus rv;
     unsigned int i;
-    unsigned int j;
+    int j;
 
-    rv = ssl_HashHandshakeMessage(ss, ssl_hs_client_hello, msg, len);
-    if (rv != SECSuccess) {
-        errCode = SEC_ERROR_LIBRARY_FAILURE;
-        desc = internal_error;
-        goto alert_loser;
-    }
-
-    /* If we already have a session for this client, be sure to pick the same
-    ** cipher suite we picked before.  This is not a loop, despite appearances.
+    /* If we already have a session for this client, be sure to pick the
+    ** same cipher suite and compression method we picked before.
+    ** This is not a loop, despite appearances.
     */
     if (sid)
         do {
@@ -8323,6 +8676,18 @@ ssl3_HandleClientHelloPart2(sslSocket *ss,
             SSLVersionRange vrange = { ss->version, ss->version };
 #endif
 
+            /* Check that the cached compression method is still enabled. */
+            if (!ssl_CompressionEnabled(ss, sid->u.ssl3.compression))
+                break;
+
+            /* Check that the cached compression method is in the client's list */
+            for (i = 0; i < comps->len; i++) {
+                if (comps->data[i] == sid->u.ssl3.compression)
+                    break;
+            }
+            if (i == comps->len)
+                break;
+
             suite = ss->cipherSuites;
             /* Find the entry for the cipher suite used in the cached session. */
             for (j = ssl_V3_SUITES_IMPLEMENTED; j > 0; --j, ++suite) {
@@ -8330,7 +8695,7 @@ ssl3_HandleClientHelloPart2(sslSocket *ss,
                     break;
             }
             PORT_Assert(j > 0);
-            if (j == 0)
+            if (j <= 0)
                 break;
 #ifdef PARANOID
             /* Double check that the cached cipher suite is still enabled,
@@ -8349,15 +8714,17 @@ ssl3_HandleClientHelloPart2(sslSocket *ss,
             for (i = 0; i + 1 < suites->len; i += 2) {
                 PRUint16 suite_i = (suites->data[i] << 8) | suites->data[i + 1];
                 if (suite_i == suite->cipher_suite) {
-                    ss->ssl3.hs.cipher_suite = suite_i;
-                    rv = ssl3_SetupCipherSuite(ss, PR_TRUE);
+                    rv = ssl3_SetCipherSuite(ss, suite_i, PR_TRUE);
                     if (rv != SECSuccess) {
                         desc = internal_error;
                         errCode = PORT_GetError();
                         goto alert_loser;
                     }
 
-                    goto cipher_found;
+                    /* Use the cached compression method. */
+                    ss->ssl3.hs.compression =
+                        sid->u.ssl3.compression;
+                    goto compression_found;
                 }
             }
         } while (0);
@@ -8365,7 +8732,8 @@ ssl3_HandleClientHelloPart2(sslSocket *ss,
 
 #ifndef PARANOID
     /* Look for a matching cipher suite. */
-    if (ssl3_config_match_init(ss) == 0) {
+    j = ssl3_config_match_init(ss);
+    if (j <= 0) { /* no ciphers are working/supported by PK11 */
         desc = internal_error;
         errCode = PORT_GetError(); /* error code is already set. */
         goto alert_loser;
@@ -8379,8 +8747,25 @@ ssl3_HandleClientHelloPart2(sslSocket *ss,
         goto alert_loser;
     }
 
-cipher_found:
+    /* Select a compression algorithm. */
+    for (i = 0; i < comps->len; i++) {
+        SSLCompressionMethod method = (SSLCompressionMethod)comps->data[i];
+        if (!ssl_CompressionEnabled(ss, method))
+            continue;
+        for (j = 0; j < ssl_compression_method_count; j++) {
+            if (method == ssl_compression_methods[j]) {
+                ss->ssl3.hs.compression = ssl_compression_methods[j];
+                goto compression_found;
+            }
+        }
+    }
+    errCode = SSL_ERROR_NO_COMPRESSION_OVERLAP;
+    /* null compression must be supported */
+    goto alert_loser;
+
+compression_found:
     suites->data = NULL;
+    comps->data = NULL;
 
     /* If there are any failures while processing the old sid,
      * we don't consider them to be errors.  Instead, We just behave
@@ -8390,10 +8775,12 @@ cipher_found:
      */
     if (sid != NULL)
         do {
-            PK11SymKey *masterSecret;
+            ssl3CipherSpec *pwSpec;
+            SECItem wrappedMS; /* wrapped key */
 
             if (sid->version != ss->version ||
-                sid->u.ssl3.cipherSuite != ss->ssl3.hs.cipher_suite) {
+                sid->u.ssl3.cipherSuite != ss->ssl3.hs.cipher_suite ||
+                sid->u.ssl3.compression != ss->ssl3.hs.compression) {
                 break; /* not an error */
             }
 
@@ -8442,13 +8829,54 @@ cipher_found:
                 }
                 ss->sec.ci.sid = NULL;
             }
-
             /* we need to resurrect the master secret.... */
-            rv = ssl3_UnwrapMasterSecretServer(ss, sid, &masterSecret);
-            if (rv != SECSuccess) {
-                break; /* not an error */
-            }
 
+            ssl_GetSpecWriteLock(ss);
+            haveSpecWriteLock = PR_TRUE;
+            pwSpec = ss->ssl3.pwSpec;
+            if (sid->u.ssl3.keys.msIsWrapped) {
+                PK11SymKey *wrapKey; /* wrapping key */
+                CK_FLAGS keyFlags = 0;
+
+                wrapKey = ssl3_GetWrappingKey(ss, NULL,
+                                              sid->u.ssl3.masterWrapMech,
+                                              ss->pkcs11PinArg);
+                if (!wrapKey) {
+                    /* we have a SID cache entry, but no wrapping key for it??? */
+                    break;
+                }
+
+                if (ss->version > SSL_LIBRARY_VERSION_3_0) { /* isTLS */
+                    keyFlags = CKF_SIGN | CKF_VERIFY;
+                }
+
+                wrappedMS.data = sid->u.ssl3.keys.wrapped_master_secret;
+                wrappedMS.len = sid->u.ssl3.keys.wrapped_master_secret_len;
+
+                /* unwrap the master secret. */
+                pwSpec->master_secret =
+                    PK11_UnwrapSymKeyWithFlags(wrapKey, sid->u.ssl3.masterWrapMech,
+                                               NULL, &wrappedMS, CKM_SSL3_MASTER_KEY_DERIVE,
+                                               CKA_DERIVE, sizeof(SSL3MasterSecret), keyFlags);
+                PK11_FreeSymKey(wrapKey);
+                if (pwSpec->master_secret == NULL) {
+                    break; /* not an error */
+                }
+            } else {
+                /* need to import the raw master secret to session object */
+                PK11SlotInfo *slot;
+                wrappedMS.data = sid->u.ssl3.keys.wrapped_master_secret;
+                wrappedMS.len = sid->u.ssl3.keys.wrapped_master_secret_len;
+                slot = PK11_GetInternalSlot();
+                pwSpec->master_secret =
+                    PK11_ImportSymKey(slot, CKM_SSL3_MASTER_KEY_DERIVE,
+                                      PK11_OriginUnwrap, CKA_ENCRYPT, &wrappedMS,
+                                      NULL);
+                PK11_FreeSlot(slot);
+                if (pwSpec->master_secret == NULL) {
+                    break; /* not an error */
+                }
+            }
             ss->sec.ci.sid = sid;
             if (sid->peerCert != NULL) {
                 ss->sec.peerCert = CERT_DupCertificate(sid->peerCert);
@@ -8456,6 +8884,8 @@ cipher_found:
 
             /*
              * Old SID passed all tests, so resume this old session.
+             *
+             * XXX make sure compression still matches
              */
             SSL_AtomicIncrementLong(&ssl3stats.hch_sid_cache_hits);
             if (ss->statelessResume)
@@ -8466,8 +8896,6 @@ cipher_found:
             ss->sec.authKeyBits = sid->authKeyBits;
             ss->sec.keaType = sid->keaType;
             ss->sec.keaKeyBits = sid->keaKeyBits;
-            ss->sec.originalKeaGroup = ssl_LookupNamedGroup(sid->keaGroup);
-            ss->sec.signatureScheme = sid->sigScheme;
 
             ss->sec.localCert =
                 CERT_DupCertificate(ss->sec.serverCert->serverCert);
@@ -8502,8 +8930,13 @@ cipher_found:
                 goto loser;
             }
 
-            /* We are re-using the old MS, so no need to derive again. */
-            rv = ssl3_InitPendingCipherSpecs(ss, masterSecret, PR_FALSE);
+            if (haveSpecWriteLock) {
+                ssl_ReleaseSpecWriteLock(ss);
+                haveSpecWriteLock = PR_FALSE;
+            }
+
+            /* NULL value for PMS because we are re-using the old MS */
+            rv = ssl3_InitPendingCipherSpec(ss, NULL);
             if (rv != SECSuccess) {
                 errCode = PORT_GetError();
                 goto loser;
@@ -8528,8 +8961,12 @@ cipher_found:
             return SECSuccess;
         } while (0);
 
+    if (haveSpecWriteLock) {
+        ssl_ReleaseSpecWriteLock(ss);
+        haveSpecWriteLock = PR_FALSE;
+    }
+
     if (sid) { /* we had a sid, but it's no longer valid, free it */
-        ss->statelessResume = PR_FALSE;
         SSL_AtomicIncrementLong(&ssl3stats.hch_sid_cache_not_ok);
         ss->sec.uncache(sid);
         ssl_FreeSID(sid);
@@ -8548,8 +8985,9 @@ cipher_found:
      */
     if (ssl3_ExtensionNegotiated(ss, ssl_session_ticket_xtn) &&
         ssl3_KEASupportsTickets(ss->ssl3.hs.kea_def)) {
-        ssl3_RegisterExtensionSender(ss, &ss->xtnData, ssl_session_ticket_xtn,
-                                     ssl_SendEmptyExtension);
+        ssl3_RegisterExtensionSender(ss, &ss->xtnData,
+                                     ssl_session_ticket_xtn,
+                                     ssl3_SendSessionTicketXtn);
     }
 
     rv = ssl3_ServerCallSNICallback(ss);
@@ -8593,6 +9031,10 @@ cipher_found:
     return SECSuccess;
 
 alert_loser:
+    if (haveSpecWriteLock) {
+        ssl_ReleaseSpecWriteLock(ss);
+        haveSpecWriteLock = PR_FALSE;
+    }
     (void)SSL3_SendAlert(ss, alert_fatal, desc);
 /* FALLTHRU */
 loser:
@@ -8601,6 +9043,10 @@ loser:
         ssl_FreeSID(sid);
     }
 
+    if (haveSpecWriteLock) {
+        ssl_ReleaseSpecWriteLock(ss);
+    }
+
     if (haveXmitBufLock) {
         ssl_ReleaseXmitBufLock(ss);
     }
@@ -8614,7 +9060,7 @@ loser:
  * in asking to use the V3 handshake.
  */
 SECStatus
-ssl3_HandleV2ClientHello(sslSocket *ss, unsigned char *buffer, unsigned int length,
+ssl3_HandleV2ClientHello(sslSocket *ss, unsigned char *buffer, int length,
                          PRUint8 padding)
 {
     sslSessionID *sid = NULL;
@@ -8622,11 +9068,11 @@ ssl3_HandleV2ClientHello(sslSocket *ss, unsigned char *buffer, unsigned int leng
     unsigned char *random;
     SSL3ProtocolVersion version;
     SECStatus rv;
-    unsigned int i;
-    unsigned int j;
-    unsigned int sid_length;
-    unsigned int suite_length;
-    unsigned int rand_length;
+    int i;
+    int j;
+    int sid_length;
+    int suite_length;
+    int rand_length;
     int errCode = SSL_ERROR_RX_MALFORMED_CLIENT_HELLO;
     SSL3AlertDescription desc = handshake_failure;
     unsigned int total = SSL_HL_CLIENT_HELLO_HBYTES;
@@ -8637,11 +9083,14 @@ ssl3_HandleV2ClientHello(sslSocket *ss, unsigned char *buffer, unsigned int leng
 
     ssl_GetSSL3HandshakeLock(ss);
 
+    ssl3_ResetExtensionData(&ss->xtnData);
+
     version = (buffer[1] << 8) | buffer[2];
     if (version < SSL_LIBRARY_VERSION_3_0) {
         goto loser;
     }
 
+    ssl3_InitState(ss);
     ssl3_RestartHandshakeHashes(ss);
 
     if (ss->ssl3.hs.ws != wait_client_hello) {
@@ -8673,11 +9122,6 @@ ssl3_HandleV2ClientHello(sslSocket *ss, unsigned char *buffer, unsigned int leng
         goto alert_loser;
     }
     ss->ssl3.hs.preliminaryInfo |= ssl_preinfo_version;
-    if (!ss->firstHsDone) {
-        ssl_GetSpecWriteLock(ss);
-        ssl_SetSpecVersions(ss, ss->ssl3.cwSpec);
-        ssl_ReleaseSpecWriteLock(ss);
-    }
 
     /* if we get a non-zero SID, just ignore it. */
     if (length != total) {
@@ -8700,14 +9144,15 @@ ssl3_HandleV2ClientHello(sslSocket *ss, unsigned char *buffer, unsigned int leng
 
     PORT_Assert(SSL_MAX_CHALLENGE_BYTES == SSL3_RANDOM_LENGTH);
 
-    PORT_Memset(ss->ssl3.hs.client_random, 0, SSL3_RANDOM_LENGTH);
-    PORT_Memcpy(&ss->ssl3.hs.client_random[SSL3_RANDOM_LENGTH - rand_length],
-                random, rand_length);
+    PORT_Memset(&ss->ssl3.hs.client_random, 0, SSL3_RANDOM_LENGTH);
+    PORT_Memcpy(
+        &ss->ssl3.hs.client_random.rand[SSL3_RANDOM_LENGTH - rand_length],
+        random, rand_length);
 
-    PRINT_BUF(60, (ss, "client random:", ss->ssl3.hs.client_random,
+    PRINT_BUF(60, (ss, "client random:", &ss->ssl3.hs.client_random.rand[0],
                    SSL3_RANDOM_LENGTH));
-
-    if (ssl3_config_match_init(ss) == 0) {
+    i = ssl3_config_match_init(ss);
+    if (i <= 0) {
         errCode = PORT_GetError(); /* error code is already set. */
         goto alert_loser;
     }
@@ -8716,6 +9161,8 @@ ssl3_HandleV2ClientHello(sslSocket *ss, unsigned char *buffer, unsigned int leng
     **
     ** NOTE: This suite selection algorithm should be the same as the one in
     ** ssl3_HandleClientHello().
+    **
+    ** See the comments about export cipher suites in ssl3_HandleClientHello().
     */
     for (j = 0; j < ssl_V3_SUITES_IMPLEMENTED; j++) {
         ssl3CipherSuiteCfg *suite = &ss->cipherSuites[j];
@@ -8726,8 +9173,7 @@ ssl3_HandleV2ClientHello(sslSocket *ss, unsigned char *buffer, unsigned int leng
         for (i = 0; i + 2 < suite_length; i += 3) {
             PRUint32 suite_i = (suites[i] << 16) | (suites[i + 1] << 8) | suites[i + 2];
             if (suite_i == suite->cipher_suite) {
-                ss->ssl3.hs.cipher_suite = suite_i;
-                rv = ssl3_SetupCipherSuite(ss, PR_TRUE);
+                rv = ssl3_SetCipherSuite(ss, suite_i, PR_TRUE);
                 if (rv != SECSuccess) {
                     desc = internal_error;
                     errCode = PORT_GetError();
@@ -8763,7 +9209,7 @@ suite_found:
         if (suite_i == TLS_EMPTY_RENEGOTIATION_INFO_SCSV) {
             PRUint8 *b2 = (PRUint8 *)emptyRIext;
             PRUint32 L2 = sizeof emptyRIext;
-            (void)ssl3_HandleExtensions(ss, &b2, &L2, ssl_hs_client_hello);
+            (void)ssl3_HandleExtensions(ss, &b2, &L2, client_hello);
             break;
         }
     }
@@ -8775,6 +9221,8 @@ suite_found:
         goto alert_loser;
     }
 
+    ss->ssl3.hs.compression = ssl_compression_null;
+
     rv = ssl3_SelectServerCert(ss);
     if (rv != SECSuccess) {
         errCode = PORT_GetError();
@@ -8818,64 +9266,6 @@ loser:
     return SECFailure;
 }
 
-SECStatus
-ssl_ConstructServerHello(sslSocket *ss, PRBool helloRetry,
-                         const sslBuffer *extensionBuf, sslBuffer *messageBuf)
-{
-    SECStatus rv;
-    SSL3ProtocolVersion version;
-    sslSessionID *sid = ss->sec.ci.sid;
-
-    if (IS_DTLS(ss) && ss->version < SSL_LIBRARY_VERSION_TLS_1_3) {
-        version = dtls_TLSVersionToDTLSVersion(ss->version);
-    } else {
-        version = PR_MIN(ss->version, SSL_LIBRARY_VERSION_TLS_1_2);
-    }
-
-    rv = sslBuffer_AppendNumber(messageBuf, version, 2);
-    if (rv != SECSuccess) {
-        return SECFailure;
-    }
-    /* Random already generated in ssl3_HandleClientHello */
-    rv = sslBuffer_Append(messageBuf, helloRetry ? ssl_hello_retry_random : ss->ssl3.hs.server_random,
-                          SSL3_RANDOM_LENGTH);
-    if (rv != SECSuccess) {
-        return SECFailure;
-    }
-
-    if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) {
-        if (sid) {
-            rv = sslBuffer_AppendVariable(messageBuf, sid->u.ssl3.sessionID,
-                                          sid->u.ssl3.sessionIDLength, 1);
-        } else {
-            rv = sslBuffer_AppendNumber(messageBuf, 0, 1);
-        }
-    } else {
-        rv = sslBuffer_AppendVariable(messageBuf, ss->ssl3.hs.fakeSid.data,
-                                      ss->ssl3.hs.fakeSid.len, 1);
-    }
-    if (rv != SECSuccess) {
-        return SECFailure;
-    }
-
-    rv = sslBuffer_AppendNumber(messageBuf, ss->ssl3.hs.cipher_suite, 2);
-    if (rv != SECSuccess) {
-        return SECFailure;
-    }
-    rv = sslBuffer_AppendNumber(messageBuf, ssl_compression_null, 1);
-    if (rv != SECSuccess) {
-        return SECFailure;
-    }
-    if (SSL_BUFFER_LEN(extensionBuf)) {
-        rv = sslBuffer_AppendBufferVariable(messageBuf, extensionBuf, 2);
-        if (rv != SECSuccess) {
-            return SECFailure;
-        }
-    }
-
-    return SECSuccess;
-}
-
 /* The negotiated version number has been already placed in ss->version.
 **
 ** Called from:  ssl3_HandleClientHello                     (resuming session),
@@ -8885,9 +9275,12 @@ ssl_ConstructServerHello(sslSocket *ss, PRBool helloRetry,
 SECStatus
 ssl3_SendServerHello(sslSocket *ss)
 {
+    sslSessionID *sid;
     SECStatus rv;
-    sslBuffer extensionBuf = SSL_BUFFER_EMPTY;
-    sslBuffer messageBuf = SSL_BUFFER_EMPTY;
+    PRUint32 maxBytes = 65535;
+    PRUint32 length;
+    PRInt32 extensions_len = 0;
+    SSL3ProtocolVersion version;
 
     SSL_TRC(3, ("%d: SSL3[%d]: send server_hello handshake", SSL_GETPID(),
                 ss->fd));
@@ -8901,43 +9294,94 @@ ssl3_SendServerHello(sslSocket *ss)
         return SECFailure;
     }
 
-    rv = ssl_ConstructExtensions(ss, &extensionBuf, ssl_hs_server_hello);
-    if (rv != SECSuccess) {
-        goto loser;
+    sid = ss->sec.ci.sid;
+
+    extensions_len = ssl3_CallHelloExtensionSenders(
+        ss, PR_FALSE, maxBytes, &ss->xtnData.serverHelloSenders[0]);
+    if (extensions_len > 0)
+        extensions_len += 2; /* Add sizeof total extension length */
+
+    /* TLS 1.3 doesn't use the session_id or compression_method
+     * fields in the ServerHello. */
+    length = sizeof(SSL3ProtocolVersion) + SSL3_RANDOM_LENGTH;
+    if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) {
+        length += 1 + ((sid == NULL) ? 0 : sid->u.ssl3.sessionIDLength);
     }
+    length += sizeof(ssl3CipherSuite);
+    if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) {
+        length += 1; /* Compression */
+    }
+    length += extensions_len;
 
-    rv = ssl_ConstructServerHello(ss, PR_FALSE, &extensionBuf, &messageBuf);
+    rv = ssl3_AppendHandshakeHeader(ss, server_hello, length);
     if (rv != SECSuccess) {
-        goto loser;
+        return rv; /* err set by AppendHandshake. */
+    }
+
+    if (IS_DTLS(ss) && ss->version < SSL_LIBRARY_VERSION_TLS_1_3) {
+        version = dtls_TLSVersionToDTLSVersion(ss->version);
+    } else {
+        version = tls13_EncodeDraftVersion(ss->version);
     }
 
-    rv = ssl3_AppendHandshakeHeader(ss, ssl_hs_server_hello,
-                                    SSL_BUFFER_LEN(&messageBuf));
+    rv = ssl3_AppendHandshakeNumber(ss, version, 2);
     if (rv != SECSuccess) {
-        goto loser; /* err set by AppendHandshake. */
+        return rv; /* err set by AppendHandshake. */
+    }
+    /* Random already generated in ssl3_HandleClientHello */
+    rv = ssl3_AppendHandshake(
+        ss, &ss->ssl3.hs.server_random, SSL3_RANDOM_LENGTH);
+    if (rv != SECSuccess) {
+        return rv; /* err set by AppendHandshake. */
     }
 
-    rv = ssl3_AppendHandshake(ss, SSL_BUFFER_BASE(&messageBuf),
-                              SSL_BUFFER_LEN(&messageBuf));
+    if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) {
+        if (sid) {
+            rv = ssl3_AppendHandshakeVariable(
+                ss, sid->u.ssl3.sessionID, sid->u.ssl3.sessionIDLength, 1);
+        } else {
+            rv = ssl3_AppendHandshakeNumber(ss, 0, 1);
+        }
+        if (rv != SECSuccess) {
+            return rv; /* err set by AppendHandshake. */
+        }
+    }
+
+    rv = ssl3_AppendHandshakeNumber(ss, ss->ssl3.hs.cipher_suite, 2);
     if (rv != SECSuccess) {
-        goto loser; /* err set by AppendHandshake. */
+        return rv; /* err set by AppendHandshake. */
+    }
+    if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) {
+        rv = ssl3_AppendHandshakeNumber(ss, ss->ssl3.hs.compression, 1);
+        if (rv != SECSuccess) {
+            return rv; /* err set by AppendHandshake. */
+        }
+    }
+    if (extensions_len) {
+        PRInt32 sent_len;
+
+        extensions_len -= 2;
+        rv = ssl3_AppendHandshakeNumber(ss, extensions_len, 2);
+        if (rv != SECSuccess)
+            return rv; /* err set by ssl3_AppendHandshakeNumber */
+        sent_len = ssl3_CallHelloExtensionSenders(ss, PR_TRUE, extensions_len,
+                                                  &ss->xtnData.serverHelloSenders[0]);
+        PORT_Assert(sent_len == extensions_len);
+        if (sent_len != extensions_len) {
+            if (sent_len >= 0)
+                PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+            return SECFailure;
+        }
     }
 
     if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) {
-        rv = ssl3_SetupBothPendingCipherSpecs(ss);
+        rv = ssl3_SetupPendingCipherSpec(ss);
         if (rv != SECSuccess) {
-            goto loser; /* err set */
+            return rv; /* err set by ssl3_SetupPendingCipherSpec */
         }
     }
 
-    sslBuffer_Clear(&extensionBuf);
-    sslBuffer_Clear(&messageBuf);
     return SECSuccess;
-
-loser:
-    sslBuffer_Clear(&extensionBuf);
-    sslBuffer_Clear(&messageBuf);
-    return SECFailure;
 }
 
 SECStatus
@@ -8994,8 +9438,6 @@ ssl3_SendDHServerKeyExchange(sslSocket *ss)
     SECKEYPublicKey *pubKey;
     SECKEYPrivateKey *certPrivateKey;
     const sslNamedGroupDef *groupDef;
-    /* Do this on the heap, this could be over 2k long. */
-    sslBuffer dhBuf = SSL_BUFFER_EMPTY;
 
     if (kea_def->kea != kea_dhe_dss && kea_def->kea != kea_dhe_rsa) {
         /* TODO: Support DH_anon. It might be sufficient to drop the signature.
@@ -9019,7 +9461,7 @@ ssl3_SendDHServerKeyExchange(sslSocket *ss)
     }
     PR_APPEND_LINK(&keyPair->link, &ss->ephemeralKeyPairs);
 
-    if (ss->version == SSL_LIBRARY_VERSION_TLS_1_2) {
+    if (ss->ssl3.pwSpec->version == SSL_LIBRARY_VERSION_TLS_1_2) {
         hashAlg = ssl_SignatureSchemeToHashType(ss->ssl3.hs.signatureScheme);
     } else {
         /* Use ssl_hash_none to represent the MD5+SHA1 combo. */
@@ -9051,11 +9493,11 @@ ssl3_SendDHServerKeyExchange(sslSocket *ss)
              2 + pubKey->u.dh.prime.len +
              2 + signed_hash.len;
 
-    if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_2) {
+    if (ss->ssl3.pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2) {
         length += 2;
     }
 
-    rv = ssl3_AppendHandshakeHeader(ss, ssl_hs_server_key_exchange, length);
+    rv = ssl3_AppendHandshakeHeader(ss, server_key_exchange, length);
     if (rv != SECSuccess) {
         goto loser; /* err set by AppendHandshake. */
     }
@@ -9072,16 +9514,12 @@ ssl3_SendDHServerKeyExchange(sslSocket *ss)
         goto loser; /* err set by AppendHandshake. */
     }
 
-    rv = ssl_AppendPaddedDHKeyShare(&dhBuf, pubKey, PR_TRUE);
-    if (rv != SECSuccess) {
-        goto loser; /* err set by AppendPaddedDHKeyShare. */
-    }
-    rv = ssl3_AppendBufferToHandshake(ss, &dhBuf);
+    rv = ssl_AppendPaddedDHKeyShare(ss, pubKey, PR_TRUE);
     if (rv != SECSuccess) {
         goto loser; /* err set by AppendHandshake. */
     }
 
-    if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_2) {
+    if (ss->ssl3.pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2) {
         rv = ssl3_AppendHandshakeNumber(ss, ss->ssl3.hs.signatureScheme, 2);
         if (rv != SECSuccess) {
             goto loser; /* err set by AppendHandshake. */
@@ -9093,15 +9531,12 @@ ssl3_SendDHServerKeyExchange(sslSocket *ss)
     if (rv != SECSuccess) {
         goto loser; /* err set by AppendHandshake. */
     }
-
-    sslBuffer_Clear(&dhBuf);
     PORT_Free(signed_hash.data);
     return SECSuccess;
 
 loser:
     if (signed_hash.data)
         PORT_Free(signed_hash.data);
-    sslBuffer_Clear(&dhBuf);
     return SECFailure;
 }
 
@@ -9136,15 +9571,14 @@ ssl3_SendServerKeyExchange(sslSocket *ss)
 }
 
 SECStatus
-ssl3_EncodeSigAlgs(const sslSocket *ss, sslBuffer *buf)
+ssl3_EncodeSigAlgs(const sslSocket *ss, PRUint8 *buf, unsigned maxLen, PRUint32 *len)
 {
-    unsigned int lengthOffset;
     unsigned int i;
-    PRBool found = PR_FALSE;
-    SECStatus rv;
+    PRUint8 *p = buf;
 
-    rv = sslBuffer_Skip(buf, 2, &lengthOffset);
-    if (rv != SECSuccess) {
+    PORT_Assert(maxLen >= ss->ssl3.signatureSchemeCount * 2);
+    if (maxLen < ss->ssl3.signatureSchemeCount * 2) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
         return SECFailure;
     }
 
@@ -9162,21 +9596,16 @@ ssl3_EncodeSigAlgs(const sslSocket *ss, sslBuffer *buf)
 
         if ((NSS_GetAlgorithmPolicy(hashOID, &policy) != SECSuccess) ||
             (policy & NSS_USE_ALG_IN_SSL_KX)) {
-            rv = sslBuffer_AppendNumber(buf, ss->ssl3.signatureSchemes[i], 2);
-            if (rv != SECSuccess) {
-                return SECFailure;
-            }
-
-            found = PR_TRUE;
+            p = ssl_EncodeUintX((PRUint32)ss->ssl3.signatureSchemes[i], 2, p);
         }
     }
 
-    if (!found) {
+    if (p == buf) {
         PORT_SetError(SSL_ERROR_NO_SUPPORTED_SIGNATURE_ALGORITHM);
         return SECFailure;
     }
-
-    return sslBuffer_InsertLength(buf, lengthOffset, 2);
+    *len = p - buf;
+    return SECSuccess;
 }
 
 static SECStatus
@@ -9185,15 +9614,15 @@ ssl3_SendCertificateRequest(sslSocket *ss)
     PRBool isTLS12;
     const PRUint8 *certTypes;
     SECStatus rv;
-    PRUint32 length;
-    const SECItem *names;
+    int length;
+    SECItem *names;
     unsigned int calen;
     unsigned int nnames;
-    const SECItem *name;
-    unsigned int i;
+    SECItem *name;
+    int i;
     int certTypesLength;
-    PRUint8 sigAlgs[2 + MAX_SIGNATURE_SCHEMES * 2];
-    sslBuffer sigAlgsBuf = SSL_BUFFER(sigAlgs);
+    PRUint8 sigAlgs[MAX_SIGNATURE_SCHEMES * 2];
+    unsigned int sigAlgsLength = 0;
 
     SSL_TRC(3, ("%d: SSL3[%d]: send certificate_request handshake",
                 SSL_GETPID(), ss->fd));
@@ -9201,7 +9630,7 @@ ssl3_SendCertificateRequest(sslSocket *ss)
     PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
     PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
 
-    isTLS12 = (PRBool)(ss->version >= SSL_LIBRARY_VERSION_TLS_1_2);
+    isTLS12 = (PRBool)(ss->ssl3.pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2);
 
     rv = ssl_GetCertificateRequestCAs(ss, &calen, &names, &nnames);
     if (rv != SECSuccess) {
@@ -9212,14 +9641,14 @@ ssl3_SendCertificateRequest(sslSocket *ss)
 
     length = 1 + certTypesLength + 2 + calen;
     if (isTLS12) {
-        rv = ssl3_EncodeSigAlgs(ss, &sigAlgsBuf);
+        rv = ssl3_EncodeSigAlgs(ss, sigAlgs, sizeof(sigAlgs), &sigAlgsLength);
         if (rv != SECSuccess) {
             return rv;
         }
-        length += SSL_BUFFER_LEN(&sigAlgsBuf);
+        length += 2 + sigAlgsLength;
     }
 
-    rv = ssl3_AppendHandshakeHeader(ss, ssl_hs_certificate_request, length);
+    rv = ssl3_AppendHandshakeHeader(ss, certificate_request, length);
     if (rv != SECSuccess) {
         return rv; /* err set by AppendHandshake. */
     }
@@ -9228,8 +9657,7 @@ ssl3_SendCertificateRequest(sslSocket *ss)
         return rv; /* err set by AppendHandshake. */
     }
     if (isTLS12) {
-        rv = ssl3_AppendHandshake(ss, SSL_BUFFER_BASE(&sigAlgsBuf),
-                                  SSL_BUFFER_LEN(&sigAlgsBuf));
+        rv = ssl3_AppendHandshakeVariable(ss, sigAlgs, sigAlgsLength, 2);
         if (rv != SECSuccess) {
             return rv; /* err set by AppendHandshake. */
         }
@@ -9259,7 +9687,7 @@ ssl3_SendServerHelloDone(sslSocket *ss)
     PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
     PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
 
-    rv = ssl3_AppendHandshakeHeader(ss, ssl_hs_server_hello_done, 0);
+    rv = ssl3_AppendHandshakeHeader(ss, server_hello_done, 0);
     if (rv != SECSuccess) {
         return rv; /* err set by AppendHandshake. */
     }
@@ -9275,7 +9703,8 @@ ssl3_SendServerHelloDone(sslSocket *ss)
  * Caller must hold Handshake and RecvBuf locks.
  */
 static SECStatus
-ssl3_HandleCertificateVerify(sslSocket *ss, PRUint8 *b, PRUint32 length)
+ssl3_HandleCertificateVerify(sslSocket *ss, PRUint8 *b, PRUint32 length,
+                             SSL3Hashes *hashes)
 {
     SECItem signed_hash = { siBuffer, NULL, 0 };
     SECStatus rv;
@@ -9283,9 +9712,9 @@ ssl3_HandleCertificateVerify(sslSocket *ss, PRUint8 *b, PRUint32 length)
     SSL3AlertDescription desc = handshake_failure;
     PRBool isTLS;
     SSLSignatureScheme sigScheme;
-    SSL3Hashes hashes;
-    const PRUint8 *savedMsg = b;
-    const PRUint32 savedLen = length;
+    SSLHashType hashAlg;
+    SSL3Hashes localHashes;
+    SSL3Hashes *hashesForVerify = NULL;
 
     SSL_TRC(3, ("%d: SSL3[%d]: handle certificate_verify handshake",
                 SSL_GETPID(), ss->fd));
@@ -9301,8 +9730,14 @@ ssl3_HandleCertificateVerify(sslSocket *ss, PRUint8 *b, PRUint32 length)
     /* TLS 1.3 is handled by tls13_HandleCertificateVerify */
     PORT_Assert(ss->ssl3.prSpec->version <= SSL_LIBRARY_VERSION_TLS_1_2);
 
-    if (ss->ssl3.prSpec->version == SSL_LIBRARY_VERSION_TLS_1_2) {
-        PORT_Assert(ss->ssl3.hs.hashType == handshake_hash_record);
+    if (!hashes) {
+        PORT_Assert(0);
+        desc = internal_error;
+        errCode = SEC_ERROR_LIBRARY_FAILURE;
+        goto alert_loser;
+    }
+
+    if (ss->ssl3.hs.hashType == handshake_hash_record) {
         rv = ssl_ConsumeSignatureScheme(ss, &b, &length, &sigScheme);
         if (rv != SECSuccess) {
             goto loser; /* malformed or unsupported. */
@@ -9315,20 +9750,25 @@ ssl3_HandleCertificateVerify(sslSocket *ss, PRUint8 *b, PRUint32 length)
             goto alert_loser;
         }
 
+        hashAlg = ssl_SignatureSchemeToHashType(sigScheme);
+
+        /* Read from the message buffer, but we need to use only up to the end
+         * of the previous handshake message. The length of the transcript up to
+         * that point is saved in |hashes->u.transcriptLen|. */
         rv = ssl3_ComputeHandshakeHash(ss->ssl3.hs.messages.buf,
-                                       ss->ssl3.hs.messages.len,
-                                       ssl_SignatureSchemeToHashType(sigScheme),
-                                       &hashes);
+                                       hashes->u.transcriptLen,
+                                       hashAlg, &localHashes);
+
+        if (rv == SECSuccess) {
+            hashesForVerify = &localHashes;
+        } else {
+            errCode = SSL_ERROR_DIGEST_FAILURE;
+            desc = decrypt_error;
+            goto alert_loser;
+        }
     } else {
-        PORT_Assert(ss->ssl3.hs.hashType != handshake_hash_record);
+        hashesForVerify = hashes;
         sigScheme = ssl_sig_none;
-        rv = ssl3_ComputeHandshakeHashes(ss, ss->ssl3.prSpec, &hashes, 0);
-    }
-
-    if (rv != SECSuccess) {
-        errCode = SSL_ERROR_DIGEST_FAILURE;
-        desc = decrypt_error;
-        goto alert_loser;
     }
 
     rv = ssl3_ConsumeHandshakeVariable(ss, &signed_hash, 2, &b, &length);
@@ -9339,7 +9779,7 @@ ssl3_HandleCertificateVerify(sslSocket *ss, PRUint8 *b, PRUint32 length)
     isTLS = (PRBool)(ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0);
 
     /* XXX verify that the key & kea match */
-    rv = ssl3_VerifySignedHashes(ss, sigScheme, &hashes, &signed_hash);
+    rv = ssl3_VerifySignedHashes(ss, sigScheme, hashesForVerify, &signed_hash);
     if (rv != SECSuccess) {
         errCode = PORT_GetError();
         desc = isTLS ? decrypt_error : handshake_failure;
@@ -9352,14 +9792,6 @@ ssl3_HandleCertificateVerify(sslSocket *ss, PRUint8 *b, PRUint32 length)
         desc = isTLS ? decode_error : illegal_parameter;
         goto alert_loser; /* malformed */
     }
-
-    rv = ssl_HashHandshakeMessage(ss, ssl_hs_certificate_verify,
-                                  savedMsg, savedLen);
-    if (rv != SECSuccess) {
-        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-        return rv;
-    }
-
     ss->ssl3.hs.ws = wait_change_cipher;
     return SECSuccess;
 
@@ -9400,9 +9832,9 @@ ssl3_GenerateRSAPMS(sslSocket *ss, ssl3CipherSpec *spec,
         ** slot already hold the SpecWriteLock.
         */
         PORT_Assert(ss->opt.noLocks || ssl_HaveSpecWriteLock(ss));
-        PORT_Assert(ss->ssl3.prSpec->epoch == ss->ssl3.pwSpec->epoch);
+        PORT_Assert(ss->ssl3.prSpec == ss->ssl3.pwSpec);
 
-        calg = spec->cipherDef->calg;
+        calg = spec->cipher_def->calg;
 
         /* First get an appropriate slot.  */
         mechanism_array[0] = CKM_SSL3_PRE_MASTER_KEY_GEN;
@@ -9470,7 +9902,7 @@ ssl3_HandleRSAClientKeyExchange(sslSocket *ss,
 
     PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
     PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-    PORT_Assert(ss->ssl3.prSpec->epoch == ss->ssl3.pwSpec->epoch);
+    PORT_Assert(ss->ssl3.prSpec == ss->ssl3.pwSpec);
 
     enc_pms.data = b;
     enc_pms.len = length;
@@ -9567,7 +9999,7 @@ ssl3_HandleRSAClientKeyExchange(sslSocket *ss,
     }
 
     /* This step will derive the MS from the PMS, among other things. */
-    rv = ssl3_InitPendingCipherSpecs(ss, currentPms, PR_TRUE);
+    rv = ssl3_InitPendingCipherSpec(ss, currentPms);
     PK11_FreeSymKey(currentPms);
 
     if (rv != SECSuccess) {
@@ -9632,7 +10064,7 @@ ssl3_HandleDHClientKeyExchange(sslSocket *ss,
         return SECFailure;
     }
 
-    rv = ssl3_InitPendingCipherSpecs(ss, pms, PR_TRUE);
+    rv = ssl3_InitPendingCipherSpec(ss, pms);
     PK11_FreeSymKey(pms);
     ssl_FreeEphemeralKeyPairs(ss);
     return rv;
@@ -9731,13 +10163,13 @@ ssl3_SendEmptyCertificate(sslSocket *ss)
     const SECItem *context;
 
     if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_3) {
-        PORT_Assert(ss->ssl3.hs.clientCertRequested);
-        context = &ss->xtnData.certReqContext;
+        PORT_Assert(ss->ssl3.hs.certificateRequest);
+        context = &ss->ssl3.hs.certificateRequest->context;
         len = context->len + 1;
         isTLS13 = PR_TRUE;
     }
 
-    rv = ssl3_AppendHandshakeHeader(ss, ssl_hs_certificate, len + 3);
+    rv = ssl3_AppendHandshakeHeader(ss, certificate, len + 3);
     if (rv != SECSuccess) {
         return rv;
     }
@@ -9763,14 +10195,13 @@ ssl3_SendNewSessionTicket(sslSocket *ss)
     SECStatus rv;
     NewSessionTicket nticket = { 0 };
 
-    rv = ssl3_EncodeSessionTicket(ss, &nticket, NULL, 0,
-                                  ss->ssl3.pwSpec->masterSecret, &ticket);
+    rv = ssl3_EncodeSessionTicket(ss, &nticket, &ticket);
     if (rv != SECSuccess)
         goto loser;
 
     /* Serialize the handshake message. Length =
      * lifetime (4) + ticket length (2) + ticket. */
-    rv = ssl3_AppendHandshakeHeader(ss, ssl_hs_new_session_ticket,
+    rv = ssl3_AppendHandshakeHeader(ss, new_session_ticket,
                                     4 + 2 + ticket.len);
     if (rv != SECSuccess)
         goto loser;
@@ -9820,7 +10251,7 @@ ssl3_HandleNewSessionTicket(sslSocket *ss, PRUint8 *b, PRUint32 length)
      * until it has verified the server's Finished message." See the comment in
      * ssl3_FinishHandshake for more details.
      */
-    ss->ssl3.hs.newSessionTicket.received_timestamp = ssl_TimeUsec();
+    ss->ssl3.hs.newSessionTicket.received_timestamp = PR_Now();
     if (length < 4) {
         (void)SSL3_SendAlert(ss, alert_fatal, decode_error);
         PORT_SetError(SSL_ERROR_RX_MALFORMED_NEW_SESSION_TICKET);
@@ -9962,8 +10393,8 @@ ssl3_SendCertificate(sslSocket *ss)
     if (isTLS13) {
         contextLen = 1; /* Size of the context length */
         if (!ss->sec.isServer) {
-            PORT_Assert(ss->ssl3.hs.clientCertRequested);
-            context = ss->xtnData.certReqContext;
+            PORT_Assert(ss->ssl3.hs.certificateRequest);
+            context = ss->ssl3.hs.certificateRequest->context;
             contextLen += context.len;
         }
     }
@@ -9981,7 +10412,7 @@ ssl3_SendCertificate(sslSocket *ss)
         }
     }
 
-    rv = ssl3_AppendHandshakeHeader(ss, ssl_hs_certificate,
+    rv = ssl3_AppendHandshakeHeader(ss, certificate,
                                     contextLen + certChainLen + 3);
     if (rv != SECSuccess) {
         return rv; /* err set by AppendHandshake. */
@@ -10056,7 +10487,7 @@ ssl3_SendCertificateStatus(sslSocket *ss)
     /* Use the array's first item only (single stapling) */
     len = 1 + statusToSend->items[0].len + 3;
 
-    rv = ssl3_AppendHandshakeHeader(ss, ssl_hs_certificate_status, len);
+    rv = ssl3_AppendHandshakeHeader(ss, certificate_status, len);
     if (rv != SECSuccess) {
         return rv; /* err set by AppendHandshake. */
     }
@@ -10187,10 +10618,6 @@ ssl3_HandleCertificate(sslSocket *ss, PRUint8 *b, PRUint32 length)
         return SECFailure;
     }
 
-    if (ss->sec.isServer) {
-        dtls_ReceivedFirstMessageInFlight(ss);
-    }
-
     return ssl3_CompleteHandleCertificate(ss, b, length);
 }
 
@@ -10410,8 +10837,7 @@ ssl3_AuthCertificate(sslSocket *ss)
         }
         if (pubKey) {
             KeyType pubKeyType;
-            PRUint32 minKey;
-            PRInt32 optval;
+            PRInt32 minKey;
             /* This partly fixes Bug 124230 and may cause problems for
              * callers which depend on the old (wrong) behavior. */
             ss->sec.authKeyBits = SECKEY_PublicKeyStrengthInBits(pubKey);
@@ -10422,29 +10848,29 @@ ssl3_AuthCertificate(sslSocket *ss)
                 case rsaPssKey:
                 case rsaOaepKey:
                     rv =
-                        NSS_OptionGet(NSS_RSA_MIN_KEY_SIZE, &optval);
-                    if (rv == SECSuccess && optval > 0) {
-                        minKey = (PRUint32)optval;
-                    } else {
-                        minKey = SSL_RSA_MIN_MODULUS_BITS;
+                        NSS_OptionGet(NSS_RSA_MIN_KEY_SIZE, &minKey);
+                    if (rv !=
+                        SECSuccess) {
+                        minKey =
+                            SSL_RSA_MIN_MODULUS_BITS;
                     }
                     break;
                 case dsaKey:
                     rv =
-                        NSS_OptionGet(NSS_DSA_MIN_KEY_SIZE, &optval);
-                    if (rv == SECSuccess && optval > 0) {
-                        minKey = (PRUint32)optval;
-                    } else {
-                        minKey = SSL_DSA_MIN_P_BITS;
+                        NSS_OptionGet(NSS_DSA_MIN_KEY_SIZE, &minKey);
+                    if (rv !=
+                        SECSuccess) {
+                        minKey =
+                            SSL_DSA_MIN_P_BITS;
                     }
                     break;
                 case dhKey:
                     rv =
-                        NSS_OptionGet(NSS_DH_MIN_KEY_SIZE, &optval);
-                    if (rv == SECSuccess && optval > 0) {
-                        minKey = (PRUint32)optval;
-                    } else {
-                        minKey = SSL_DH_MIN_P_BITS;
+                        NSS_OptionGet(NSS_DH_MIN_KEY_SIZE, &minKey);
+                    if (rv !=
+                        SECSuccess) {
+                        minKey =
+                            SSL_DH_MIN_P_BITS;
                     }
                     break;
                 default:
@@ -10603,8 +11029,8 @@ ssl3_ComputeTLSFinished(sslSocket *ss, ssl3CipherSpec *spec,
     PK11Context *prf_context;
     unsigned int retLen;
 
-    PORT_Assert(spec->masterSecret);
-    if (!spec->masterSecret) {
+    PORT_Assert(spec->master_secret);
+    if (!spec->master_secret) {
         PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
         return SECFailure;
     }
@@ -10619,7 +11045,7 @@ ssl3_ComputeTLSFinished(sslSocket *ss, ssl3CipherSpec *spec,
     param.data = (unsigned char *)&tls_mac_params;
     param.len = sizeof(tls_mac_params);
     prf_context = PK11_CreateContextBySymKey(CKM_TLS_MAC, CKA_SIGN,
-                                             spec->masterSecret, &param);
+                                             spec->master_secret, &param);
     if (!prf_context)
         return SECFailure;
 
@@ -10644,39 +11070,40 @@ ssl3_TLSPRFWithMasterSecret(sslSocket *ss, ssl3CipherSpec *spec,
                             const unsigned char *val, unsigned int valLen,
                             unsigned char *out, unsigned int outLen)
 {
-    SECItem param = { siBuffer, NULL, 0 };
-    CK_MECHANISM_TYPE mech = CKM_TLS_PRF_GENERAL;
-    PK11Context *prf_context;
-    unsigned int retLen;
-    SECStatus rv;
+    SECStatus rv = SECSuccess;
 
-    if (!spec->masterSecret) {
-        PORT_Assert(spec->masterSecret);
-        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-        return SECFailure;
-    }
+    if (spec->master_secret) {
+        SECItem param = { siBuffer, NULL, 0 };
+        CK_MECHANISM_TYPE mech = CKM_TLS_PRF_GENERAL;
+        PK11Context *prf_context;
+        unsigned int retLen;
 
-    if (spec->version >= SSL_LIBRARY_VERSION_TLS_1_2) {
-        /* Bug 1312976 non-SHA256 exporters are broken. */
-        if (ssl3_GetPrfHashMechanism(ss) != CKM_SHA256) {
-            PORT_Assert(0);
-            PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-            return SECFailure;
+        if (spec->version >= SSL_LIBRARY_VERSION_TLS_1_2) {
+            /* Bug 1312976 non-SHA256 exporters are broken. */
+            if (ssl3_GetPrfHashMechanism(ss) != CKM_SHA256) {
+                PORT_Assert(0);
+                PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+                return SECFailure;
+            }
+            mech = CKM_NSS_TLS_PRF_GENERAL_SHA256;
         }
-        mech = CKM_NSS_TLS_PRF_GENERAL_SHA256;
-    }
-    prf_context = PK11_CreateContextBySymKey(mech, CKA_SIGN,
-                                             spec->masterSecret, &param);
-    if (!prf_context)
-        return SECFailure;
+        prf_context = PK11_CreateContextBySymKey(mech, CKA_SIGN,
+                                                 spec->master_secret, &param);
+        if (!prf_context)
+            return SECFailure;
 
-    rv = PK11_DigestBegin(prf_context);
-    rv |= PK11_DigestOp(prf_context, (unsigned char *)label, labelLen);
-    rv |= PK11_DigestOp(prf_context, val, valLen);
-    rv |= PK11_DigestFinal(prf_context, out, &retLen, outLen);
-    PORT_Assert(rv != SECSuccess || retLen == outLen);
+        rv = PK11_DigestBegin(prf_context);
+        rv |= PK11_DigestOp(prf_context, (unsigned char *)label, labelLen);
+        rv |= PK11_DigestOp(prf_context, val, valLen);
+        rv |= PK11_DigestFinal(prf_context, out, &retLen, outLen);
+        PORT_Assert(rv != SECSuccess || retLen == outLen);
 
-    PK11_DestroyContext(prf_context, PR_TRUE);
+        PK11_DestroyContext(prf_context, PR_TRUE);
+    } else {
+        PORT_Assert(spec->master_secret);
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        rv = SECFailure;
+    }
     return rv;
 }
 
@@ -10700,7 +11127,7 @@ ssl3_SendNextProto(sslSocket *ss)
 
     padding_len = 32 - ((ss->xtnData.nextProto.len + 2) % 32);
 
-    rv = ssl3_AppendHandshakeHeader(ss, ssl_hs_next_proto, ss->xtnData.nextProto.len + 2 + padding_len);
+    rv = ssl3_AppendHandshakeHeader(ss, next_proto, ss->xtnData.nextProto.len + 2 + padding_len);
     if (rv != SECSuccess) {
         return rv; /* error code set by AppendHandshakeHeader */
     }
@@ -10716,44 +11143,40 @@ ssl3_SendNextProto(sslSocket *ss)
     return rv;
 }
 
-/* called from ssl3_SendFinished and tls13_DeriveSecret.
+/* called from ssl3_SendFinished
  *
  * This function is simply a debugging aid and therefore does not return a
  * SECStatus. */
-void
-ssl3_RecordKeyLog(sslSocket *ss, const char *label, PK11SymKey *secret)
+static void
+ssl3_RecordKeyLog(sslSocket *ss)
 {
 #ifdef NSS_ALLOW_SSLKEYLOGFILE
     SECStatus rv;
     SECItem *keyData;
-    /* Longest label is "CLIENT_HANDSHAKE_TRAFFIC_SECRET", master secret is 48
-     * bytes which happens to be the largest in TLS 1.3 as well (SHA384).
-     * Maximum line length: "CLIENT_HANDSHAKE_TRAFFIC_SECRET" (31) + " " (1) +
-     * client_random (32*2) + " " (1) +
-     * traffic_secret (48*2) + "\n" (1) = 194. */
-    char buf[200];
-    unsigned int offset, len;
+    char buf[14 /* "CLIENT_RANDOM " */ +
+             SSL3_RANDOM_LENGTH * 2 /* client_random */ +
+             1 /* " " */ +
+             48 * 2 /* master secret */ +
+             1 /* new line */];
+    unsigned int j;
 
     PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
 
     if (!ssl_keylog_iob)
         return;
 
-    rv = PK11_ExtractKeyValue(secret);
+    rv = PK11_ExtractKeyValue(ss->ssl3.cwSpec->master_secret);
     if (rv != SECSuccess)
         return;
 
-    /* keyData does not need to be freed. */
-    keyData = PK11_GetKeyData(secret);
-    if (!keyData || !keyData->data)
-        return;
+    ssl_GetSpecReadLock(ss);
 
-    len = strlen(label) + 1 +          /* label + space */
-          SSL3_RANDOM_LENGTH * 2 + 1 + /* client random (hex) + space */
-          keyData->len * 2 + 1;        /* secret (hex) + newline */
-    PORT_Assert(len <= sizeof(buf));
-    if (len > sizeof(buf))
+    /* keyData does not need to be freed. */
+    keyData = PK11_GetKeyData(ss->ssl3.cwSpec->master_secret);
+    if (!keyData || !keyData->data || keyData->len != 48) {
+        ssl_ReleaseSpecReadLock(ss);
         return;
+    }
 
     /* https://developer.mozilla.org/en/NSS_Key_Log_Format */
 
@@ -10761,22 +11184,23 @@ ssl3_RecordKeyLog(sslSocket *ss, const char *label, PK11SymKey *secret)
      * keylog, so we have to do everything in a single call to
      * fwrite. */
 
-    strcpy(buf, label);
-    offset = strlen(label);
-    buf[offset++] += ' ';
-    hexEncode(buf + offset, ss->ssl3.hs.client_random, SSL3_RANDOM_LENGTH);
-    offset += SSL3_RANDOM_LENGTH * 2;
-    buf[offset++] = ' ';
-    hexEncode(buf + offset, keyData->data, keyData->len);
-    offset += keyData->len * 2;
-    buf[offset++] = '\n';
-
-    PORT_Assert(offset == len);
-
-    PZ_Lock(ssl_keylog_lock);
-    if (fwrite(buf, len, 1, ssl_keylog_iob) == 1)
-        fflush(ssl_keylog_iob);
-    PZ_Unlock(ssl_keylog_lock);
+    memcpy(buf, "CLIENT_RANDOM ", 14);
+    j = 14;
+    hexEncode(buf + j, ss->ssl3.hs.client_random.rand, SSL3_RANDOM_LENGTH);
+    j += SSL3_RANDOM_LENGTH * 2;
+    buf[j++] = ' ';
+    hexEncode(buf + j, keyData->data, 48);
+    j += 48 * 2;
+    buf[j++] = '\n';
+
+    PORT_Assert(j == sizeof(buf));
+
+    ssl_ReleaseSpecReadLock(ss);
+
+    if (fwrite(buf, sizeof(buf), 1, ssl_keylog_iob) != 1)
+        return;
+    fflush(ssl_keylog_iob);
+    return;
 #endif
 }
 
@@ -10818,7 +11242,7 @@ ssl3_SendFinished(sslSocket *ss, PRInt32 flags)
         else
             ss->ssl3.hs.finishedMsgs.tFinished[0] = tlsFinished;
         ss->ssl3.hs.finishedBytes = sizeof tlsFinished;
-        rv = ssl3_AppendHandshakeHeader(ss, ssl_hs_finished, sizeof tlsFinished);
+        rv = ssl3_AppendHandshakeHeader(ss, finished, sizeof tlsFinished);
         if (rv != SECSuccess)
             goto fail; /* err set by AppendHandshake. */
         rv = ssl3_AppendHandshake(ss, &tlsFinished, sizeof tlsFinished);
@@ -10831,7 +11255,7 @@ ssl3_SendFinished(sslSocket *ss, PRInt32 flags)
             ss->ssl3.hs.finishedMsgs.sFinished[0] = hashes.u.s;
         PORT_Assert(hashes.len == sizeof hashes.u.s);
         ss->ssl3.hs.finishedBytes = sizeof hashes.u.s;
-        rv = ssl3_AppendHandshakeHeader(ss, ssl_hs_finished, sizeof hashes.u.s);
+        rv = ssl3_AppendHandshakeHeader(ss, finished, sizeof hashes.u.s);
         if (rv != SECSuccess)
             goto fail; /* err set by AppendHandshake. */
         rv = ssl3_AppendHandshake(ss, &hashes.u.s, sizeof hashes.u.s);
@@ -10843,7 +11267,7 @@ ssl3_SendFinished(sslSocket *ss, PRInt32 flags)
         goto fail; /* error code set by ssl3_FlushHandshake */
     }
 
-    ssl3_RecordKeyLog(ss, "CLIENT_RANDOM", ss->ssl3.cwSpec->masterSecret);
+    ssl3_RecordKeyLog(ss);
 
     return SECSuccess;
 
@@ -10855,8 +11279,8 @@ fail:
  * Caller holds the Spec read lock.
  */
 SECStatus
-ssl3_CacheWrappedSecret(sslSocket *ss, sslSessionID *sid,
-                        PK11SymKey *secret)
+ssl3_CacheWrappedMasterSecret(sslSocket *ss, sslSessionID *sid,
+                              ssl3CipherSpec *spec)
 {
     PK11SymKey *wrappingKey = NULL;
     PK11SlotInfo *symKeySlot;
@@ -10865,7 +11289,7 @@ ssl3_CacheWrappedSecret(sslSocket *ss, sslSessionID *sid,
     PRBool isServer = ss->sec.isServer;
     CK_MECHANISM_TYPE mechanism = CKM_INVALID_MECHANISM;
 
-    symKeySlot = PK11_GetSlotFromKey(secret);
+    symKeySlot = PK11_GetSlotFromKey(spec->master_secret);
     if (!isServer) {
         int wrapKeyIndex;
         int incarnation;
@@ -10926,7 +11350,7 @@ ssl3_CacheWrappedSecret(sslSocket *ss, sslSessionID *sid,
         wmsItem.data = sid->u.ssl3.keys.wrapped_master_secret;
         wmsItem.len = sizeof sid->u.ssl3.keys.wrapped_master_secret;
         rv = PK11_WrapSymKey(mechanism, NULL, wrappingKey,
-                             secret, &wmsItem);
+                             spec->master_secret, &wmsItem);
         /* rv is examined below. */
         sid->u.ssl3.keys.wrapped_master_secret_len = wmsItem.len;
         PK11_FreeSymKey(wrappingKey);
@@ -10939,13 +11363,13 @@ ssl3_CacheWrappedSecret(sslSocket *ss, sslSessionID *sid,
  * Caller must hold Handshake and RecvBuf locks.
  */
 static SECStatus
-ssl3_HandleFinished(sslSocket *ss, PRUint8 *b, PRUint32 length)
+ssl3_HandleFinished(sslSocket *ss, PRUint8 *b, PRUint32 length,
+                    const SSL3Hashes *hashes)
 {
     sslSessionID *sid = ss->sec.ci.sid;
     SECStatus rv = SECSuccess;
     PRBool isServer = ss->sec.isServer;
     PRBool isTLS;
-    SSL3Hashes hashes;
 
     PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
     PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
@@ -10959,23 +11383,13 @@ ssl3_HandleFinished(sslSocket *ss, PRUint8 *b, PRUint32 length)
         return SECFailure;
     }
 
-    if (!ss->sec.isServer || !ss->opt.requestCertificate) {
-        dtls_ReceivedFirstMessageInFlight(ss);
-    }
-
-    rv = ssl3_ComputeHandshakeHashes(ss, ss->ssl3.crSpec, &hashes,
-                                     isServer ? sender_client : sender_server);
-    if (rv != SECSuccess) {
+    if (!hashes) {
+        PORT_Assert(0);
+        SSL3_SendAlert(ss, alert_fatal, internal_error);
         PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
         return SECFailure;
     }
 
-    rv = ssl_HashHandshakeMessage(ss, ssl_hs_finished, b, length);
-    if (rv != SECSuccess) {
-        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-        return rv;
-    }
-
     isTLS = (PRBool)(ss->ssl3.crSpec->version > SSL_LIBRARY_VERSION_3_0);
     if (isTLS) {
         TLSFinished tlsFinished;
@@ -10988,7 +11402,7 @@ ssl3_HandleFinished(sslSocket *ss, PRUint8 *b, PRUint32 length)
 #endif
         }
         rv = ssl3_ComputeTLSFinished(ss, ss->ssl3.crSpec, !isServer,
-                                     &hashes, &tlsFinished);
+                                     hashes, &tlsFinished);
         if (!isServer)
             ss->ssl3.hs.finishedMsgs.tFinished[1] = tlsFinished;
         else
@@ -11011,12 +11425,12 @@ ssl3_HandleFinished(sslSocket *ss, PRUint8 *b, PRUint32 length)
         }
 
         if (!isServer)
-            ss->ssl3.hs.finishedMsgs.sFinished[1] = hashes.u.s;
+            ss->ssl3.hs.finishedMsgs.sFinished[1] = hashes->u.s;
         else
-            ss->ssl3.hs.finishedMsgs.sFinished[0] = hashes.u.s;
-        PORT_Assert(hashes.len == sizeof hashes.u.s);
-        ss->ssl3.hs.finishedBytes = sizeof hashes.u.s;
-        if (0 != NSS_SecureMemcmp(&hashes.u.s, b, length)) {
+            ss->ssl3.hs.finishedMsgs.sFinished[0] = hashes->u.s;
+        PORT_Assert(hashes->len == sizeof hashes->u.s);
+        ss->ssl3.hs.finishedBytes = sizeof hashes->u.s;
+        if (0 != NSS_SecureMemcmp(&hashes->u.s, b, length)) {
             (void)ssl3_HandshakeFailure(ss);
             PORT_SetError(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE);
             return SECFailure;
@@ -11086,7 +11500,7 @@ xmit_loser:
     }
 
     if (sid->cached == never_cached && !ss->opt.noCache) {
-        rv = ssl3_FillInCachedSID(ss, sid, ss->ssl3.crSpec->masterSecret);
+        rv = ssl3_FillInCachedSID(ss, sid);
 
         /* If the wrap failed, we don't cache the sid.
          * The connection continues normally however.
@@ -11110,26 +11524,21 @@ xmit_loser:
 }
 
 SECStatus
-ssl3_FillInCachedSID(sslSocket *ss, sslSessionID *sid, PK11SymKey *secret)
+ssl3_FillInCachedSID(sslSocket *ss, sslSessionID *sid)
 {
-    PORT_Assert(secret);
+    SECStatus rv;
 
     /* fill in the sid */
     sid->u.ssl3.cipherSuite = ss->ssl3.hs.cipher_suite;
+    sid->u.ssl3.compression = ss->ssl3.hs.compression;
     sid->u.ssl3.policy = ss->ssl3.policy;
     sid->version = ss->version;
     sid->authType = ss->sec.authType;
     sid->authKeyBits = ss->sec.authKeyBits;
     sid->keaType = ss->sec.keaType;
     sid->keaKeyBits = ss->sec.keaKeyBits;
-    if (ss->sec.keaGroup) {
-        sid->keaGroup = ss->sec.keaGroup->name;
-    } else {
-        sid->keaGroup = ssl_grp_none;
-    }
-    sid->sigScheme = ss->sec.signatureScheme;
-    sid->lastAccessTime = sid->creationTime = ssl_TimeUsec();
-    sid->expirationTime = sid->creationTime + ssl3_sid_timeout * PR_USEC_PER_SEC;
+    sid->lastAccessTime = sid->creationTime = ssl_Time();
+    sid->expirationTime = sid->creationTime + ssl3_sid_timeout;
     sid->localCert = CERT_DupCertificate(ss->sec.localCert);
     if (ss->sec.isServer) {
         sid->namedCurve = ss->sec.serverCert->namedCurve;
@@ -11143,8 +11552,25 @@ ssl3_FillInCachedSID(sslSocket *ss, sslSessionID *sid, PK11SymKey *secret)
         }
     }
 
+    ssl_GetSpecReadLock(ss); /*************************************/
+
     /* Copy the master secret (wrapped or unwrapped) into the sid */
-    return ssl3_CacheWrappedSecret(ss, ss->sec.ci.sid, secret);
+    if (ss->ssl3.crSpec->msItem.len && ss->ssl3.crSpec->msItem.data) {
+        sid->u.ssl3.keys.wrapped_master_secret_len =
+            ss->ssl3.crSpec->msItem.len;
+        memcpy(sid->u.ssl3.keys.wrapped_master_secret,
+               ss->ssl3.crSpec->msItem.data, ss->ssl3.crSpec->msItem.len);
+        sid->u.ssl3.masterValid = PR_TRUE;
+        sid->u.ssl3.keys.msIsWrapped = PR_FALSE;
+        rv = SECSuccess;
+    } else {
+        rv = ssl3_CacheWrappedMasterSecret(ss, ss->sec.ci.sid,
+                                           ss->ssl3.crSpec);
+        sid->u.ssl3.keys.msIsWrapped = PR_TRUE;
+    }
+    ssl_ReleaseSpecReadLock(ss); /*************************************/
+
+    return rv;
 }
 
 /* The return type is SECStatus instead of void because this function needs
@@ -11193,66 +11619,8 @@ ssl3_FinishHandshake(sslSocket *ss)
     return SECSuccess;
 }
 
-SECStatus
-ssl_HashHandshakeMessageInt(sslSocket *ss, SSLHandshakeType type,
-                            PRUint32 dtlsSeq,
-                            const PRUint8 *b, PRUint32 length)
-{
-    PRUint8 hdr[4];
-    PRUint8 dtlsData[8];
-    SECStatus rv;
-
-    PRINT_BUF(50, (ss, "Hash handshake message:", b, length));
-
-    hdr[0] = (PRUint8)type;
-    hdr[1] = (PRUint8)(length >> 16);
-    hdr[2] = (PRUint8)(length >> 8);
-    hdr[3] = (PRUint8)(length);
-
-    rv = ssl3_UpdateHandshakeHashes(ss, (unsigned char *)hdr, 4);
-    if (rv != SECSuccess)
-        return rv; /* err code already set. */
-
-    /* Extra data to simulate a complete DTLS handshake fragment */
-    if (IS_DTLS(ss)) {
-        /* Sequence number */
-        dtlsData[0] = MSB(dtlsSeq);
-        dtlsData[1] = LSB(dtlsSeq);
-
-        /* Fragment offset */
-        dtlsData[2] = 0;
-        dtlsData[3] = 0;
-        dtlsData[4] = 0;
-
-        /* Fragment length */
-        dtlsData[5] = (PRUint8)(length >> 16);
-        dtlsData[6] = (PRUint8)(length >> 8);
-        dtlsData[7] = (PRUint8)(length);
-
-        rv = ssl3_UpdateHandshakeHashes(ss, (unsigned char *)dtlsData,
-                                        sizeof(dtlsData));
-        if (rv != SECSuccess)
-            return rv; /* err code already set. */
-    }
-
-    /* The message body */
-    rv = ssl3_UpdateHandshakeHashes(ss, b, length);
-    if (rv != SECSuccess)
-        return rv; /* err code already set. */
-
-    return SECSuccess;
-}
-
-SECStatus
-ssl_HashHandshakeMessage(sslSocket *ss, SSLHandshakeType type,
-                         const PRUint8 *b, PRUint32 length)
-{
-    return ssl_HashHandshakeMessageInt(ss, type, ss->ssl3.hs.recvMessageSeq,
-                                       b, length);
-}
-
 /* Called from ssl3_HandleHandshake() when it has gathered a complete ssl3
- * handshake message.
+ * hanshake message.
  * Caller must hold Handshake and RecvBuf locks.
  */
 SECStatus
@@ -11260,43 +11628,130 @@ ssl3_HandleHandshakeMessage(sslSocket *ss, PRUint8 *b, PRUint32 length,
                             PRBool endOfRecord)
 {
     SECStatus rv = SECSuccess;
+    SSL3HandshakeType type = ss->ssl3.hs.msg_type;
+    SSL3Hashes hashes;            /* computed hashes are put here. */
+    SSL3Hashes *hashesPtr = NULL; /* Set when hashes are computed */
+    PRUint8 hdr[4];
+    PRUint8 dtlsData[8];
+    PRBool computeHashes = PR_FALSE;
     PRUint16 epoch;
 
     PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
     PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+    /*
+     * We have to compute the hashes before we update them with the
+     * current message.
+     */
+    if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) {
+        if ((type == finished) && (ss->ssl3.hs.ws == wait_finished)) {
+            computeHashes = PR_TRUE;
+        } else if ((type == certificate_verify) && (ss->ssl3.hs.ws == wait_cert_verify)) {
+            if (ss->ssl3.hs.hashType == handshake_hash_record) {
+                /* We cannot compute the hash yet. We must wait until we have
+                 * decoded the certificate_verify message in
+                 * ssl3_HandleCertificateVerify, which will tell us which
+                 * hash function we must use.
+                 *
+                 * (ssl3_HandleCertificateVerify cannot simply look at the
+                 * buffer length itself, because at the time we reach it,
+                 * additional handshake messages will have been added to the
+                 * buffer, e.g. the certificate_verify message itself.)
+                 *
+                 * Therefore, we use SSL3Hashes.u.transcriptLen to save how much
+                 * data there is and read directly from ss->ssl3.hs.messages
+                 * when calculating the hashes.
+                 *
+                 * ssl3_HandleCertificateVerify will detect
+                 *     hashType == handshake_hash_record
+                 * and use that information to calculate the hash.
+                 */
+                hashes.u.transcriptLen = ss->ssl3.hs.messages.len;
+                hashesPtr = &hashes;
+            } else {
+                computeHashes = PR_TRUE;
+            }
+        }
+    } else {
+        if (type == certificate_verify) {
+            computeHashes = TLS13_IN_HS_STATE(ss, wait_cert_verify);
+        } else if (type == finished) {
+            computeHashes =
+                TLS13_IN_HS_STATE(ss, wait_cert_request, wait_finished);
+        }
+    }
 
+    ssl_GetSpecReadLock(ss); /************************************/
+    if (computeHashes) {
+        SSL3Sender sender = (SSL3Sender)0;
+        ssl3CipherSpec *rSpec = ss->version >= SSL_LIBRARY_VERSION_TLS_1_3 ? ss->ssl3.crSpec
+                                                                           : ss->ssl3.prSpec;
+
+        if (type == finished) {
+            sender = ss->sec.isServer ? sender_client : sender_server;
+            rSpec = ss->ssl3.crSpec;
+        }
+        rv = ssl3_ComputeHandshakeHashes(ss, rSpec, &hashes, sender);
+        if (rv == SECSuccess) {
+            hashesPtr = &hashes;
+        }
+    }
+    ssl_ReleaseSpecReadLock(ss); /************************************/
+    if (rv != SECSuccess) {
+        return rv; /* error code was set by ssl3_ComputeHandshakeHashes*/
+    }
     SSL_TRC(30, ("%d: SSL3[%d]: handle handshake message: %s", SSL_GETPID(),
                  ss->fd, ssl3_DecodeHandshakeType(ss->ssl3.hs.msg_type)));
 
-    /* Start new handshake hashes when we start a new handshake. */
-    if (ss->ssl3.hs.msg_type == ssl_hs_client_hello) {
+    hdr[0] = (PRUint8)ss->ssl3.hs.msg_type;
+    hdr[1] = (PRUint8)(length >> 16);
+    hdr[2] = (PRUint8)(length >> 8);
+    hdr[3] = (PRUint8)(length);
+
+    /* Start new handshake hashes when we start a new handshake.  Unless this is
+     * TLS 1.3 and we sent a HelloRetryRequest. */
+    if (ss->ssl3.hs.msg_type == client_hello && !ss->ssl3.hs.helloRetry) {
         ssl3_RestartHandshakeHashes(ss);
     }
-    switch (ss->ssl3.hs.msg_type) {
-        case ssl_hs_hello_request:
-        case ssl_hs_hello_verify_request:
-            /* We don't include hello_request and hello_verify_request messages
-             * in the handshake hashes */
-            break;
+    /* We should not include hello_request and hello_verify_request messages
+     * in the handshake hashes */
+    if ((ss->ssl3.hs.msg_type != hello_request) &&
+        (ss->ssl3.hs.msg_type != hello_verify_request)) {
+        rv = ssl3_UpdateHandshakeHashes(ss, (unsigned char *)hdr, 4);
+        if (rv != SECSuccess)
+            return rv; /* err code already set. */
 
-        /* Defer hashing of these messages until the message handlers. */
-        case ssl_hs_client_hello:
-        case ssl_hs_server_hello:
-        case ssl_hs_certificate_verify:
-        case ssl_hs_finished:
-            break;
+        /* Extra data to simulate a complete DTLS handshake fragment */
+        if (IS_DTLS(ss)) {
+            /* Sequence number */
+            dtlsData[0] = MSB(ss->ssl3.hs.recvMessageSeq);
+            dtlsData[1] = LSB(ss->ssl3.hs.recvMessageSeq);
 
-        default:
-            rv = ssl_HashHandshakeMessage(ss, ss->ssl3.hs.msg_type, b, length);
-            if (rv != SECSuccess) {
-                return SECFailure;
-            }
+            /* Fragment offset */
+            dtlsData[2] = 0;
+            dtlsData[3] = 0;
+            dtlsData[4] = 0;
+
+            /* Fragment length */
+            dtlsData[5] = (PRUint8)(length >> 16);
+            dtlsData[6] = (PRUint8)(length >> 8);
+            dtlsData[7] = (PRUint8)(length);
+
+            rv = ssl3_UpdateHandshakeHashes(ss, (unsigned char *)dtlsData,
+                                            sizeof(dtlsData));
+            if (rv != SECSuccess)
+                return rv; /* err code already set. */
+        }
+
+        /* The message body */
+        rv = ssl3_UpdateHandshakeHashes(ss, b, length);
+        if (rv != SECSuccess)
+            return rv; /* err code already set. */
     }
 
     PORT_SetError(0); /* each message starts with no error. */
 
     if (ss->ssl3.hs.ws == wait_certificate_status &&
-        ss->ssl3.hs.msg_type != ssl_hs_certificate_status) {
+        ss->ssl3.hs.msg_type != certificate_status) {
         /* If we negotiated the certificate_status extension then we deferred
          * certificate validation until we get the CertificateStatus messsage.
          * But the CertificateStatus message is optional. If the server did
@@ -11313,7 +11768,7 @@ ssl3_HandleHandshakeMessage(sslSocket *ss, PRUint8 *b, PRUint32 length,
 
     epoch = ss->ssl3.crSpec->epoch;
     switch (ss->ssl3.hs.msg_type) {
-        case ssl_hs_client_hello:
+        case client_hello:
             if (!ss->sec.isServer) {
                 (void)SSL3_SendAlert(ss, alert_fatal, unexpected_message);
                 PORT_SetError(SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO);
@@ -11321,7 +11776,7 @@ ssl3_HandleHandshakeMessage(sslSocket *ss, PRUint8 *b, PRUint32 length,
             }
             rv = ssl3_HandleClientHello(ss, b, length);
             break;
-        case ssl_hs_server_hello:
+        case server_hello:
             if (ss->sec.isServer) {
                 (void)SSL3_SendAlert(ss, alert_fatal, unexpected_message);
                 PORT_SetError(SSL_ERROR_RX_UNEXPECTED_SERVER_HELLO);
@@ -11331,9 +11786,10 @@ ssl3_HandleHandshakeMessage(sslSocket *ss, PRUint8 *b, PRUint32 length,
             break;
         default:
             if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) {
-                rv = ssl3_HandlePostHelloHandshakeMessage(ss, b, length);
+                rv = ssl3_HandlePostHelloHandshakeMessage(ss, b, length, hashesPtr);
             } else {
-                rv = tls13_HandlePostHelloHandshakeMessage(ss, b, length);
+                rv = tls13_HandlePostHelloHandshakeMessage(ss, b, length,
+                                                           hashesPtr);
             }
             break;
     }
@@ -11355,13 +11811,13 @@ ssl3_HandleHandshakeMessage(sslSocket *ss, PRUint8 *b, PRUint32 length,
 
 static SECStatus
 ssl3_HandlePostHelloHandshakeMessage(sslSocket *ss, PRUint8 *b,
-                                     PRUint32 length)
+                                     PRUint32 length, SSL3Hashes *hashesPtr)
 {
     SECStatus rv;
     PORT_Assert(ss->version < SSL_LIBRARY_VERSION_TLS_1_3);
 
     switch (ss->ssl3.hs.msg_type) {
-        case ssl_hs_hello_request:
+        case hello_request:
             if (length != 0) {
                 (void)ssl3_DecodeError(ss);
                 PORT_SetError(SSL_ERROR_RX_MALFORMED_HELLO_REQUEST);
@@ -11375,7 +11831,13 @@ ssl3_HandlePostHelloHandshakeMessage(sslSocket *ss, PRUint8 *b,
             rv = ssl3_HandleHelloRequest(ss);
             break;
 
-        case ssl_hs_hello_verify_request:
+        case hello_retry_request:
+            /* This arrives here because - as a client - we haven't received a
+             * final decision on the version from the server. */
+            rv = tls13_HandleHelloRetryRequest(ss, b, length);
+            break;
+
+        case hello_verify_request:
             if (!IS_DTLS(ss) || ss->sec.isServer) {
                 (void)SSL3_SendAlert(ss, alert_fatal, unexpected_message);
                 PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HELLO_VERIFY_REQUEST);
@@ -11383,13 +11845,13 @@ ssl3_HandlePostHelloHandshakeMessage(sslSocket *ss, PRUint8 *b,
             }
             rv = dtls_HandleHelloVerifyRequest(ss, b, length);
             break;
-        case ssl_hs_certificate:
+        case certificate:
             rv = ssl3_HandleCertificate(ss, b, length);
             break;
-        case ssl_hs_certificate_status:
+        case certificate_status:
             rv = ssl3_HandleCertificateStatus(ss, b, length);
             break;
-        case ssl_hs_server_key_exchange:
+        case server_key_exchange:
             if (ss->sec.isServer) {
                 (void)SSL3_SendAlert(ss, alert_fatal, unexpected_message);
                 PORT_SetError(SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH);
@@ -11397,7 +11859,7 @@ ssl3_HandlePostHelloHandshakeMessage(sslSocket *ss, PRUint8 *b,
             }
             rv = ssl3_HandleServerKeyExchange(ss, b, length);
             break;
-        case ssl_hs_certificate_request:
+        case certificate_request:
             if (ss->sec.isServer) {
                 (void)SSL3_SendAlert(ss, alert_fatal, unexpected_message);
                 PORT_SetError(SSL_ERROR_RX_UNEXPECTED_CERT_REQUEST);
@@ -11405,7 +11867,7 @@ ssl3_HandlePostHelloHandshakeMessage(sslSocket *ss, PRUint8 *b,
             }
             rv = ssl3_HandleCertificateRequest(ss, b, length);
             break;
-        case ssl_hs_server_hello_done:
+        case server_hello_done:
             if (length != 0) {
                 (void)ssl3_DecodeError(ss);
                 PORT_SetError(SSL_ERROR_RX_MALFORMED_HELLO_DONE);
@@ -11418,15 +11880,15 @@ ssl3_HandlePostHelloHandshakeMessage(sslSocket *ss, PRUint8 *b,
             }
             rv = ssl3_HandleServerHelloDone(ss);
             break;
-        case ssl_hs_certificate_verify:
+        case certificate_verify:
             if (!ss->sec.isServer) {
                 (void)SSL3_SendAlert(ss, alert_fatal, unexpected_message);
                 PORT_SetError(SSL_ERROR_RX_UNEXPECTED_CERT_VERIFY);
                 return SECFailure;
             }
-            rv = ssl3_HandleCertificateVerify(ss, b, length);
+            rv = ssl3_HandleCertificateVerify(ss, b, length, hashesPtr);
             break;
-        case ssl_hs_client_key_exchange:
+        case client_key_exchange:
             if (!ss->sec.isServer) {
                 (void)SSL3_SendAlert(ss, alert_fatal, unexpected_message);
                 PORT_SetError(SSL_ERROR_RX_UNEXPECTED_CLIENT_KEY_EXCH);
@@ -11434,7 +11896,7 @@ ssl3_HandlePostHelloHandshakeMessage(sslSocket *ss, PRUint8 *b,
             }
             rv = ssl3_HandleClientKeyExchange(ss, b, length);
             break;
-        case ssl_hs_new_session_ticket:
+        case new_session_ticket:
             if (ss->sec.isServer) {
                 (void)SSL3_SendAlert(ss, alert_fatal, unexpected_message);
                 PORT_SetError(SSL_ERROR_RX_UNEXPECTED_NEW_SESSION_TICKET);
@@ -11442,8 +11904,8 @@ ssl3_HandlePostHelloHandshakeMessage(sslSocket *ss, PRUint8 *b,
             }
             rv = ssl3_HandleNewSessionTicket(ss, b, length);
             break;
-        case ssl_hs_finished:
-            rv = ssl3_HandleFinished(ss, b, length);
+        case finished:
+            rv = ssl3_HandleFinished(ss, b, length, hashesPtr);
             break;
         default:
             (void)SSL3_SendAlert(ss, alert_fatal, unexpected_message);
@@ -11484,7 +11946,7 @@ ssl3_HandleHandshake(sslSocket *ss, sslBuffer *origBuf)
             t = *(buf->buf++);
             buf->len--;
             if (ss->ssl3.hs.header_bytes++ == 0)
-                ss->ssl3.hs.msg_type = (SSLHandshakeType)t;
+                ss->ssl3.hs.msg_type = (SSL3HandshakeType)t;
             else
                 ss->ssl3.hs.msg_len = (ss->ssl3.hs.msg_len << 8) + t;
             if (ss->ssl3.hs.header_bytes < 4)
@@ -11814,34 +12276,31 @@ ssl_CBCExtractMAC(sslBuffer *plaintext,
  *
  */
 static SECStatus
-ssl3_UnprotectRecord(sslSocket *ss,
-                     ssl3CipherSpec *spec,
-                     SSL3Ciphertext *cText, sslBuffer *plaintext,
+ssl3_UnprotectRecord(sslSocket *ss, SSL3Ciphertext *cText, sslBuffer *plaintext,
                      SSL3AlertDescription *alert)
 {
-    const ssl3BulkCipherDef *cipher_def = spec->cipherDef;
+    ssl3CipherSpec *crSpec = ss->ssl3.crSpec;
+    const ssl3BulkCipherDef *cipher_def = crSpec->cipher_def;
     PRBool isTLS;
     unsigned int good;
     unsigned int ivLen = 0;
     SSL3ContentType rType;
     unsigned int minLength;
     unsigned int originalLen = 0;
-    PRUint8 headerBuf[13];
-    sslBuffer header = SSL_BUFFER(headerBuf);
+    unsigned char header[13];
+    unsigned int headerLen;
     PRUint8 hash[MAX_MAC_LENGTH];
     PRUint8 givenHashBuf[MAX_MAC_LENGTH];
     PRUint8 *givenHash;
     unsigned int hashBytes = MAX_MAC_LENGTH + 1;
     SECStatus rv;
 
-    PORT_Assert(spec->direction == CipherSpecRead);
-
     good = ~0U;
-    minLength = spec->macDef->mac_size;
+    minLength = crSpec->mac_size;
     if (cipher_def->type == type_block) {
         /* CBC records have a padding length byte at the end. */
         minLength++;
-        if (spec->version >= SSL_LIBRARY_VERSION_TLS_1_1) {
+        if (crSpec->version >= SSL_LIBRARY_VERSION_TLS_1_1) {
             /* With >= TLS 1.1, CBC records have an explicit IV. */
             minLength += cipher_def->iv_size;
         }
@@ -11856,7 +12315,7 @@ ssl3_UnprotectRecord(sslSocket *ss,
     }
 
     if (cipher_def->type == type_block &&
-        spec->version >= SSL_LIBRARY_VERSION_TLS_1_1) {
+        crSpec->version >= SSL_LIBRARY_VERSION_TLS_1_1) {
         /* Consume the per-record explicit IV. RFC 4346 Section 6.2.3.2 states
          * "The receiver decrypts the entire GenericBlockCipher structure and
          * then discards the first cipher block corresponding to the IV
@@ -11879,8 +12338,8 @@ ssl3_UnprotectRecord(sslSocket *ss,
          * the block it doesn't matter.  The decryption of the next block
          * depends only on the ciphertext of the IV block.
          */
-        rv = spec->cipher(spec->cipherContext, iv, &decoded,
-                          sizeof(iv), cText->buf->buf, ivLen);
+        rv = crSpec->decode(crSpec->decodeContext, iv, &decoded,
+                            sizeof(iv), cText->buf->buf, ivLen);
 
         good &= SECStatusToMask(rv);
     }
@@ -11888,7 +12347,7 @@ ssl3_UnprotectRecord(sslSocket *ss,
     PRINT_BUF(80, (ss, "ciphertext:", cText->buf->buf + ivLen,
                    cText->buf->len - ivLen));
 
-    isTLS = (PRBool)(spec->version > SSL_LIBRARY_VERSION_3_0);
+    isTLS = (PRBool)(crSpec->version > SSL_LIBRARY_VERSION_3_0);
 
     if (isTLS && cText->buf->len - ivLen > (MAX_FRAGMENT_LENGTH + 2048)) {
         *alert = record_overflow;
@@ -11905,18 +12364,19 @@ ssl3_UnprotectRecord(sslSocket *ss,
         unsigned int decryptedLen =
             cText->buf->len - cipher_def->explicit_nonce_size -
             cipher_def->tag_size;
-        rv = ssl3_BuildRecordPseudoHeader(
-            spec->epoch, IS_DTLS(ss) ? cText->seq_num : spec->seqNum,
-            rType, isTLS, cText->version, IS_DTLS(ss), decryptedLen, &header);
-        PORT_Assert(rv == SECSuccess);
-        rv = spec->aead(&spec->keyMaterial,
-                        PR_TRUE,                /* do decrypt */
-                        plaintext->buf,         /* out */
-                        (int *)&plaintext->len, /* outlen */
-                        plaintext->space,       /* maxout */
-                        cText->buf->buf,        /* in */
-                        cText->buf->len,        /* inlen */
-                        SSL_BUFFER_BASE(&header), SSL_BUFFER_LEN(&header));
+        headerLen = ssl3_BuildRecordPseudoHeader(
+            header, IS_DTLS(ss) ? cText->seq_num : crSpec->read_seq_num,
+            rType, isTLS, cText->version, IS_DTLS(ss), decryptedLen);
+        PORT_Assert(headerLen <= sizeof(header));
+        rv = crSpec->aead(
+            ss->sec.isServer ? &crSpec->client : &crSpec->server,
+            PR_TRUE,                /* do decrypt */
+            plaintext->buf,         /* out */
+            (int *)&plaintext->len, /* outlen */
+            plaintext->space,       /* maxout */
+            cText->buf->buf,        /* in */
+            cText->buf->len,        /* inlen */
+            header, headerLen);
         if (rv != SECSuccess) {
             good = 0;
         }
@@ -11927,8 +12387,8 @@ ssl3_UnprotectRecord(sslSocket *ss,
         }
 
         /* decrypt from cText buf to plaintext. */
-        rv = spec->cipher(
-            spec->cipherContext, plaintext->buf, (int *)&plaintext->len,
+        rv = crSpec->decode(
+            crSpec->decodeContext, plaintext->buf, (int *)&plaintext->len,
             plaintext->space, cText->buf->buf + ivLen, cText->buf->len - ivLen);
         if (rv != SECSuccess) {
             goto decrypt_loser;
@@ -11941,7 +12401,7 @@ ssl3_UnprotectRecord(sslSocket *ss,
         /* If it's a block cipher, check and strip the padding. */
         if (cipher_def->type == type_block) {
             const unsigned int blockSize = cipher_def->block_size;
-            const unsigned int macSize = spec->macDef->mac_size;
+            const unsigned int macSize = crSpec->mac_size;
 
             if (!isTLS) {
                 good &= SECStatusToMask(ssl_RemoveSSLv3CBCPadding(
@@ -11953,32 +12413,32 @@ ssl3_UnprotectRecord(sslSocket *ss,
         }
 
         /* compute the MAC */
-        rv = ssl3_BuildRecordPseudoHeader(
-            spec->epoch, IS_DTLS(ss) ? cText->seq_num : spec->seqNum,
+        headerLen = ssl3_BuildRecordPseudoHeader(
+            header, IS_DTLS(ss) ? cText->seq_num : crSpec->read_seq_num,
             rType, isTLS, cText->version, IS_DTLS(ss),
-            plaintext->len - spec->macDef->mac_size, &header);
-        PORT_Assert(rv == SECSuccess);
+            plaintext->len - crSpec->mac_size);
+        PORT_Assert(headerLen <= sizeof(header));
         if (cipher_def->type == type_block) {
             rv = ssl3_ComputeRecordMACConstantTime(
-                spec, SSL_BUFFER_BASE(&header), SSL_BUFFER_LEN(&header),
+                crSpec, (PRBool)(!ss->sec.isServer), header, headerLen,
                 plaintext->buf, plaintext->len, originalLen,
                 hash, &hashBytes);
 
             ssl_CBCExtractMAC(plaintext, originalLen, givenHashBuf,
-                              spec->macDef->mac_size);
+                              crSpec->mac_size);
             givenHash = givenHashBuf;
 
             /* plaintext->len will always have enough space to remove the MAC
              * because in ssl_Remove{SSLv3|TLS}CBCPadding we only adjust
              * plaintext->len if the result has enough space for the MAC and we
              * tested the unadjusted size against minLength, above. */
-            plaintext->len -= spec->macDef->mac_size;
+            plaintext->len -= crSpec->mac_size;
         } else {
             /* This is safe because we checked the minLength above. */
-            plaintext->len -= spec->macDef->mac_size;
+            plaintext->len -= crSpec->mac_size;
 
             rv = ssl3_ComputeRecordMAC(
-                spec, SSL_BUFFER_BASE(&header), SSL_BUFFER_LEN(&header),
+                crSpec, (PRBool)(!ss->sec.isServer), header, headerLen,
                 plaintext->buf, plaintext->len, hash, &hashBytes);
 
             /* We can read the MAC directly from the record because its location
@@ -11988,8 +12448,8 @@ ssl3_UnprotectRecord(sslSocket *ss,
 
         good &= SECStatusToMask(rv);
 
-        if (hashBytes != (unsigned)spec->macDef->mac_size ||
-            NSS_SecureMemcmp(givenHash, hash, spec->macDef->mac_size) != 0) {
+        if (hashBytes != (unsigned)crSpec->mac_size ||
+            NSS_SecureMemcmp(givenHash, hash, crSpec->mac_size) != 0) {
             /* We're allowed to leak whether or not the MAC check was correct */
             good = 0;
         }
@@ -12005,84 +12465,7 @@ ssl3_UnprotectRecord(sslSocket *ss,
     return SECSuccess;
 }
 
-static SECStatus
-ssl3_HandleNonApplicationData(sslSocket *ss, SSL3ContentType rType,
-                              DTLSEpoch epoch, sslSequenceNumber seqNum,
-                              sslBuffer *databuf)
-{
-    SECStatus rv;
-
-    ssl_GetSSL3HandshakeLock(ss);
-
-    /* All the functions called in this switch MUST set error code if
-    ** they return SECFailure or SECWouldBlock.
-    */
-    switch (rType) {
-        case content_change_cipher_spec:
-            rv = ssl3_HandleChangeCipherSpecs(ss, databuf);
-            break;
-        case content_alert:
-            rv = ssl3_HandleAlert(ss, databuf);
-            break;
-        case content_handshake:
-            if (!IS_DTLS(ss)) {
-                rv = ssl3_HandleHandshake(ss, databuf);
-            } else {
-                rv = dtls_HandleHandshake(ss, epoch, seqNum, databuf);
-            }
-            break;
-        case content_ack:
-            if (IS_DTLS(ss) && tls13_MaybeTls13(ss)) {
-                rv = dtls13_HandleAck(ss, databuf);
-                break;
-            }
-        /* Fall through. */
-        default:
-            SSL_DBG(("%d: SSL3[%d]: bogus content type=%d",
-                     SSL_GETPID(), ss->fd, rType));
-            PORT_SetError(SSL_ERROR_RX_UNKNOWN_RECORD_TYPE);
-            ssl3_DecodeError(ss);
-            rv = SECFailure;
-            break;
-    }
-
-    ssl_ReleaseSSL3HandshakeLock(ss);
-    return rv;
-}
-
-/* Find the cipher spec to use for a given record. For TLS, this
- * is the current cipherspec. For DTLS, we look up by epoch.
- * In DTLS < 1.3 this just means the current epoch or nothing,
- * but in DTLS >= 1.3, we keep multiple reading cipherspecs.
- * Returns NULL if no appropriate cipher spec is found.
- */
-static ssl3CipherSpec *
-ssl3_GetCipherSpec(sslSocket *ss, sslSequenceNumber seq)
-{
-    ssl3CipherSpec *crSpec = ss->ssl3.crSpec;
-    ssl3CipherSpec *newSpec = NULL;
-    DTLSEpoch epoch = seq >> 48;
-
-    if (!IS_DTLS(ss)) {
-        return crSpec;
-    }
-    if (crSpec->epoch == epoch) {
-        return crSpec;
-    }
-    if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_3) {
-        /* Try to find the cipher spec. */
-        newSpec = ssl_FindCipherSpecByEpoch(ss, CipherSpecRead,
-                                            epoch);
-        if (newSpec != NULL) {
-            return newSpec;
-        }
-    }
-    SSL_TRC(10, ("%d: DTLS[%d]: Couldn't find cipherspec from epoch %d",
-                 SSL_GETPID(), ss->fd, epoch));
-    return NULL;
-}
-
-/* if cText is non-null, then decipher and check the MAC of the
+/* if cText is non-null, then decipher, check MAC, and decompress the
  * SSL record from cText->buf (typically gs->inbuf)
  * into databuf (typically gs->buf), and any previous contents of databuf
  * is lost.  Then handle databuf according to its SSL record type,
@@ -12092,8 +12475,8 @@ ssl3_GetCipherSpec(sslSocket *ss, sslSequenceNumber seq)
  * checked, and is already sitting in databuf.  It is processed as an SSL
  * Handshake message.
  *
- * DOES NOT process the decrypted application data.
- * On return, databuf contains the decrypted record.
+ * DOES NOT process the decrypted/decompressed application data.
+ * On return, databuf contains the decrypted/decompressed record.
  *
  * Called from ssl3_GatherCompleteHandshake
  *             ssl3_RestartHandshakeAfterCertReq
@@ -12109,15 +12492,20 @@ ssl3_HandleRecord(sslSocket *ss, SSL3Ciphertext *cText, sslBuffer *databuf)
 {
     SECStatus rv;
     PRBool isTLS;
-    DTLSEpoch epoch;
-    sslSequenceNumber seqNum = 0;
-    ssl3CipherSpec *spec = NULL;
-    PRBool outOfOrderSpec = PR_FALSE;
+    sslSequenceNumber seq_num = 0;
+    ssl3CipherSpec *crSpec;
     SSL3ContentType rType;
     sslBuffer *plaintext;
+    sslBuffer temp_buf = { NULL, 0, 0 };
     SSL3AlertDescription alert = internal_error;
     PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
 
+    if (!ss->ssl3.initialized) {
+        ssl_GetSSL3HandshakeLock(ss);
+        ssl3_InitState(ss);
+        ssl_ReleaseSSL3HandshakeLock(ss);
+    }
+
     /* check for Token Presence */
     if (!ssl3_ClientAuthTokenPresent(ss->sec.ci.sid)) {
         PORT_SetError(SSL_ERROR_TOKEN_INSERTION_REMOVAL);
@@ -12131,48 +12519,41 @@ ssl3_HandleRecord(sslSocket *ss, SSL3Ciphertext *cText, sslBuffer *databuf)
     if (cText == NULL) {
         SSL_DBG(("%d: SSL3[%d]: HandleRecord, resuming handshake",
                  SSL_GETPID(), ss->fd));
-        /* Note that this doesn't pass the epoch and sequence number of the
-         * record through, which DTLS 1.3 depends on.  DTLS doesn't support
-         * asynchronous certificate validation, so that should be OK. */
-        PORT_Assert(!IS_DTLS(ss));
-        return ssl3_HandleNonApplicationData(ss, content_handshake,
-                                             0, 0, databuf);
+        rType = content_handshake;
+        goto process_it;
     }
 
     ssl_GetSpecReadLock(ss); /******************************************/
-    spec = ssl3_GetCipherSpec(ss, cText->seq_num);
-    if (!spec) {
-        PORT_Assert(IS_DTLS(ss));
-        ssl_ReleaseSpecReadLock(ss); /*****************************/
-        databuf->len = 0;            /* Needed to ensure data not left around */
-        return SECSuccess;
-    }
-    if (spec != ss->ssl3.crSpec) {
-        PORT_Assert(IS_DTLS(ss));
-        SSL_TRC(3, ("%d: DTLS[%d]: Handling out-of-epoch record from epoch=%d",
-                    SSL_GETPID(), ss->fd, spec->epoch));
-        outOfOrderSpec = PR_TRUE;
-    }
-    isTLS = (PRBool)(spec->version > SSL_LIBRARY_VERSION_3_0);
+    crSpec = ss->ssl3.crSpec;
+    isTLS = (PRBool)(crSpec->version > SSL_LIBRARY_VERSION_3_0);
+
     if (IS_DTLS(ss)) {
-        if (!dtls_IsRelevant(ss, spec, cText, &seqNum)) {
+        PRBool sameEpoch;
+        if (!dtls_IsRelevant(ss, cText, &sameEpoch, &seq_num)) {
             ssl_ReleaseSpecReadLock(ss); /*****************************/
             databuf->len = 0;            /* Needed to ensure data not left around */
 
-            return SECSuccess;
+            /* Maybe retransmit if needed. */
+            return dtls_MaybeRetransmitHandshake(ss, cText, sameEpoch);
         }
     } else {
-        seqNum = spec->seqNum + 1;
+        seq_num = crSpec->read_seq_num + 1;
     }
-    if (seqNum >= spec->cipherDef->max_records) {
+    if (seq_num >= crSpec->cipher_def->max_records) {
         ssl_ReleaseSpecReadLock(ss); /*****************************/
         SSL_TRC(3, ("%d: SSL[%d]: read sequence number at limit 0x%0llx",
-                    SSL_GETPID(), ss->fd, seqNum));
+                    SSL_GETPID(), ss->fd, seq_num));
         PORT_SetError(SSL_ERROR_TOO_MANY_RECORDS);
         return SECFailure;
     }
 
-    plaintext = databuf;
+    /* If we will be decompressing the buffer we need to decrypt somewhere
+     * other than into databuf */
+    if (crSpec->decompressor) {
+        plaintext = &temp_buf;
+    } else {
+        plaintext = databuf;
+    }
     plaintext->len = 0; /* filled in by Unprotect call below. */
 
     /* We're waiting for another ClientHello, which will appear unencrypted.
@@ -12207,12 +12588,12 @@ ssl3_HandleRecord(sslSocket *ss, SSL3Ciphertext *cText, sslBuffer *databuf)
     /* IMPORTANT: Unprotect functions MUST NOT send alerts
      * because we still hold the spec read lock. Instead, if they
      * return SECFailure, they set *alert to the alert to be sent. */
-    if (spec->version < SSL_LIBRARY_VERSION_TLS_1_3 ||
-        spec->cipherDef->calg == ssl_calg_null) {
+    if (crSpec->version < SSL_LIBRARY_VERSION_TLS_1_3 ||
+        crSpec->cipher_def->calg == ssl_calg_null) {
         /* Unencrypted TLS 1.3 records use the pre-TLS 1.3 format. */
-        rv = ssl3_UnprotectRecord(ss, spec, cText, plaintext, &alert);
+        rv = ssl3_UnprotectRecord(ss, cText, plaintext, &alert);
     } else {
-        rv = tls13_UnprotectRecord(ss, spec, cText, plaintext, &alert);
+        rv = tls13_UnprotectRecord(ss, cText, plaintext, &alert);
     }
 #endif
 
@@ -12221,25 +12602,14 @@ ssl3_HandleRecord(sslSocket *ss, SSL3Ciphertext *cText, sslBuffer *databuf)
 
         SSL_DBG(("%d: SSL3[%d]: decryption failed", SSL_GETPID(), ss->fd));
 
-        /* Ensure that we don't process this data again. */
-        databuf->len = 0;
+        /* Clear the temp buffer used for decompression upon failure. */
+        sslBuffer_Clear(&temp_buf);
 
-        /* Ignore a CCS if the alternative handshake is negotiated.  Note that
-         * this will fail if the server fails to negotiate the alternative
-         * handshake type in a 0-RTT session that is resumed from a session that
-         * did negotiate it.  We don't care about that corner case right now. */
-        if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_3 &&
-            cText->type == content_change_cipher_spec &&
-            ss->ssl3.hs.ws != idle_handshake &&
-            cText->buf->len == 1 &&
-            cText->buf->buf[0] == change_cipher_spec_choice) {
-            /* Ignore the CCS. */
-            return SECSuccess;
-        }
         if (IS_DTLS(ss) ||
             (ss->sec.isServer &&
              ss->ssl3.hs.zeroRttIgnore == ssl_0rtt_ignore_trial)) {
             /* Silently drop the packet */
+            databuf->len = 0; /* Needed to ensure data not left around */
             return SECSuccess;
         } else {
             int errCode = PORT_GetError();
@@ -12252,11 +12622,10 @@ ssl3_HandleRecord(sslSocket *ss, SSL3Ciphertext *cText, sslBuffer *databuf)
     }
 
     /* SECSuccess */
-    spec->seqNum = PR_MAX(spec->seqNum, seqNum);
+    crSpec->read_seq_num = seq_num;
     if (IS_DTLS(ss)) {
-        dtls_RecordSetRecvd(&spec->recvdRecords, seqNum);
+        dtls_RecordSetRecvd(&crSpec->recvdRecords, seq_num);
     }
-    epoch = spec->epoch;
 
     ssl_ReleaseSpecReadLock(ss); /*****************************************/
 
@@ -12266,16 +12635,70 @@ ssl3_HandleRecord(sslSocket *ss, SSL3Ciphertext *cText, sslBuffer *databuf)
     rType = cText->type; /* This must go after decryption because TLS 1.3
                           * has encrypted content types. */
 
-    /* IMPORTANT: We are in DTLS 1.3 mode and we have processed something
-     * from the wrong epoch. Divert to a divert processing function to make
-     * sure we don't accidentally use the data unsafely. */
-    if (outOfOrderSpec) {
-        PORT_Assert(IS_DTLS(ss) && ss->version >= SSL_LIBRARY_VERSION_TLS_1_3);
-        return dtls13_HandleOutOfEpochRecord(ss, spec, rType, databuf);
+    /* possibly decompress the record. If we aren't using compression then
+     * plaintext == databuf and so the uncompressed data is already in
+     * databuf. */
+    if (crSpec->decompressor) {
+        if (databuf->space < plaintext->len + SSL3_COMPRESSION_MAX_EXPANSION) {
+            rv = sslBuffer_Grow(
+                databuf, plaintext->len + SSL3_COMPRESSION_MAX_EXPANSION);
+            if (rv != SECSuccess) {
+                SSL_DBG(("%d: SSL3[%d]: HandleRecord, tried to get %d bytes",
+                         SSL_GETPID(), ss->fd,
+                         plaintext->len +
+                             SSL3_COMPRESSION_MAX_EXPANSION));
+                /* sslBuffer_Grow has set a memory error code. */
+                /* Perhaps we should send an alert. (but we have no memory!) */
+                sslBuffer_Clear(&temp_buf);
+                return SECFailure;
+            }
+        }
+
+        rv = crSpec->decompressor(crSpec->decompressContext,
+                                  databuf->buf,
+                                  (int *)&databuf->len,
+                                  databuf->space,
+                                  plaintext->buf,
+                                  plaintext->len);
+
+        if (rv != SECSuccess) {
+            int err = ssl_MapLowLevelError(SSL_ERROR_DECOMPRESSION_FAILURE);
+            SSL3_SendAlert(ss, alert_fatal,
+                           isTLS ? decompression_failure
+                                 : bad_record_mac);
+
+            /* There appears to be a bug with (at least) Apache + OpenSSL where
+             * resumed SSLv3 connections don't actually use compression. See
+             * comments 93-95 of
+             * https://bugzilla.mozilla.org/show_bug.cgi?id=275744
+             *
+             * So, if we get a decompression error, and the record appears to
+             * be already uncompressed, then we return a more specific error
+             * code to hopefully save somebody some debugging time in the
+             * future.
+             */
+            if (plaintext->len >= 4) {
+                unsigned int len = ((unsigned int)plaintext->buf[1] << 16) |
+                                   ((unsigned int)plaintext->buf[2] << 8) |
+                                   (unsigned int)plaintext->buf[3];
+                if (len == plaintext->len - 4) {
+                    /* This appears to be uncompressed already */
+                    err = SSL_ERROR_RX_UNEXPECTED_UNCOMPRESSED_RECORD;
+                }
+            }
+
+            sslBuffer_Clear(&temp_buf);
+            PORT_SetError(err);
+            return SECFailure;
+        }
+
+        sslBuffer_Clear(&temp_buf);
     }
 
-    /* Check the length of the plaintext. */
-    if (isTLS && databuf->len > MAX_FRAGMENT_LENGTH) {
+    /*
+    ** Having completed the decompression, check the length again.
+    */
+    if (isTLS && databuf->len > (MAX_FRAGMENT_LENGTH + 1024)) {
         SSL3_SendAlert(ss, alert_fatal, record_overflow);
         PORT_SetError(SSL_ERROR_RX_RECORD_TOO_LONG);
         return SECFailure;
@@ -12297,7 +12720,45 @@ ssl3_HandleRecord(sslSocket *ss, SSL3Ciphertext *cText, sslBuffer *databuf)
         return SECFailure;
     }
 
-    return ssl3_HandleNonApplicationData(ss, rType, epoch, seqNum, databuf);
+/* It's a record that must be handled by ssl itself, not the application.
+    */
+process_it:
+    /* XXX  Get the xmit lock here.  Odds are very high that we'll be xmiting
+     * data ang getting the xmit lock here prevents deadlocks.
+     */
+    ssl_GetSSL3HandshakeLock(ss);
+
+    /* All the functions called in this switch MUST set error code if
+    ** they return SECFailure or SECWouldBlock.
+    */
+    switch (rType) {
+        case content_change_cipher_spec:
+            rv = ssl3_HandleChangeCipherSpecs(ss, databuf);
+            break;
+        case content_alert:
+            rv = ssl3_HandleAlert(ss, databuf);
+            break;
+        case content_handshake:
+            if (!IS_DTLS(ss)) {
+                rv = ssl3_HandleHandshake(ss, databuf);
+            } else {
+                rv = dtls_HandleHandshake(ss, databuf);
+            }
+            break;
+        /*
+        case content_application_data is handled before this switch
+        */
+        default:
+            SSL_DBG(("%d: SSL3[%d]: bogus content type=%d",
+                     SSL_GETPID(), ss->fd, cText->type));
+            PORT_SetError(SSL_ERROR_RX_UNKNOWN_RECORD_TYPE);
+            ssl3_DecodeError(ss);
+            rv = SECFailure;
+            break;
+    }
+
+    ssl_ReleaseSSL3HandshakeLock(ss);
+    return rv;
 }
 
 /*
@@ -12315,36 +12776,83 @@ ssl_InitSecState(sslSecurityInfo *sec)
     sec->keaGroup = NULL;
 }
 
-SECStatus
+/* Called from ssl3_InitState, immediately below. */
+/* Caller must hold the SpecWriteLock. */
+void
+ssl3_InitCipherSpec(ssl3CipherSpec *spec)
+{
+    spec->cipher_def = &bulk_cipher_defs[cipher_null];
+    PORT_Assert(spec->cipher_def->cipher == cipher_null);
+    spec->mac_def = &mac_defs[mac_null];
+    PORT_Assert(spec->mac_def->mac == mac_null);
+    spec->encode = Null_Cipher;
+    spec->decode = Null_Cipher;
+    spec->compressor = NULL;
+    spec->decompressor = NULL;
+    spec->destroyCompressContext = NULL;
+    spec->destroyDecompressContext = NULL;
+    spec->mac_size = 0;
+    spec->master_secret = NULL;
+
+    spec->msItem.data = NULL;
+    spec->msItem.len = 0;
+
+    spec->client.write_key = NULL;
+    spec->client.write_mac_key = NULL;
+    spec->client.write_mac_context = NULL;
+
+    spec->server.write_key = NULL;
+    spec->server.write_mac_key = NULL;
+    spec->server.write_mac_context = NULL;
+
+    spec->write_seq_num = 0;
+    spec->read_seq_num = 0;
+    spec->epoch = 0;
+
+    spec->refCt = 128; /* Arbitrarily high number to prevent
+                        * non-TLS 1.3 cipherSpecs from being
+                        * GCed. This will be overwritten with
+                        * a valid refCt for TLS 1.3. */
+    dtls_InitRecvdRecords(&spec->recvdRecords);
+}
+
+/* Called from: ssl3_SendRecord
+**      ssl3_SendClientHello()
+**      ssl3_HandleV2ClientHello()
+**      ssl3_HandleRecord()
+**
+** This function should perhaps acquire and release the SpecWriteLock.
+*/
+void
 ssl3_InitState(sslSocket *ss)
 {
-    SECStatus rv;
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+
+    if (ss->ssl3.initialized)
+        return; /* Function should be idempotent */
 
     ss->ssl3.policy = SSL_ALLOWED;
 
     ssl_InitSecState(&ss->sec);
 
     ssl_GetSpecWriteLock(ss);
-    PR_INIT_CLIST(&ss->ssl3.hs.cipherSpecs);
-    rv = ssl_SetupNullCipherSpec(ss, CipherSpecRead);
-    rv |= ssl_SetupNullCipherSpec(ss, CipherSpecWrite);
-    ss->ssl3.pwSpec = ss->ssl3.prSpec = NULL;
+    ss->ssl3.crSpec = ss->ssl3.cwSpec = &ss->ssl3.specs[0];
+    ss->ssl3.prSpec = ss->ssl3.pwSpec = &ss->ssl3.specs[1];
+    ssl3_InitCipherSpec(ss->ssl3.crSpec);
+    ssl3_InitCipherSpec(ss->ssl3.prSpec);
+    ss->ssl3.crSpec->version = ss->ssl3.prSpec->version = ss->vrange.max;
     ssl_ReleaseSpecWriteLock(ss);
-    if (rv != SECSuccess) {
-        /* Rely on ssl_CreateNullCipherSpec() to set error code. */
-        return SECFailure;
-    }
 
     ss->ssl3.hs.sendingSCSV = PR_FALSE;
     ss->ssl3.hs.preliminaryInfo = 0;
-    ss->ssl3.hs.ws = (ss->sec.isServer) ? wait_client_hello : idle_handshake;
+    ss->ssl3.hs.ws = (ss->sec.isServer) ? wait_client_hello : wait_server_hello;
 
-    ssl3_ResetExtensionData(&ss->xtnData, ss);
+    ssl3_ResetExtensionData(&ss->xtnData);
     PR_INIT_CLIST(&ss->ssl3.hs.remoteExtensions);
     if (IS_DTLS(ss)) {
         ss->ssl3.hs.sendMessageSeq = 0;
         ss->ssl3.hs.recvMessageSeq = 0;
-        ss->ssl3.hs.rtTimer->timeout = DTLS_RETRANSMIT_INITIAL_MS;
+        ss->ssl3.hs.rtTimeoutMs = DTLS_RETRANSMIT_INITIAL_MS;
         ss->ssl3.hs.rtRetries = 0;
         ss->ssl3.hs.recvdHighWater = -1;
         PR_INIT_CLIST(&ss->ssl3.hs.lastMessageFlight);
@@ -12360,6 +12868,8 @@ ssl3_InitState(sslSocket *ss)
     ss->ssl3.hs.serverHsTrafficSecret = NULL;
     ss->ssl3.hs.clientTrafficSecret = NULL;
     ss->ssl3.hs.serverTrafficSecret = NULL;
+    ss->ssl3.hs.certificateRequest = NULL;
+    PR_INIT_CLIST(&ss->ssl3.hs.cipherSpecs);
 
     PORT_Assert(!ss->ssl3.hs.messages.buf && !ss->ssl3.hs.messages.space);
     ss->ssl3.hs.messages.buf = NULL;
@@ -12371,7 +12881,9 @@ ssl3_InitState(sslSocket *ss)
 
     ss->ssl3.hs.zeroRttState = ssl_0rtt_none;
 
-    return SECSuccess;
+    ssl_FilterSupportedGroups(ss);
+
+    ss->ssl3.initialized = PR_TRUE;
 }
 
 /* record the export policy for this cipher suite */
@@ -12625,7 +13137,8 @@ ssl3_RedoHandshake(sslSocket *ss, PRBool flushCache)
 
     PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
 
-    if (!ss->firstHsDone || (ss->ssl3.hs.ws != idle_handshake)) {
+    if (!ss->firstHsDone ||
+        (ss->ssl3.initialized && (ss->ssl3.hs.ws != idle_handshake))) {
         PORT_SetError(SSL_ERROR_HANDSHAKE_NOT_COMPLETED);
         return SECFailure;
     }
@@ -12639,11 +13152,6 @@ ssl3_RedoHandshake(sslSocket *ss, PRBool flushCache)
         PORT_SetError(SSL_ERROR_RENEGOTIATION_NOT_ALLOWED);
         return SECFailure;
     }
-    if (ss->version > ss->vrange.max || ss->version < ss->vrange.min) {
-        PORT_SetError(SSL_ERROR_UNSUPPORTED_VERSION);
-        return SECFailure;
-    }
-
     if (sid && flushCache) {
         ss->sec.uncache(sid); /* remove it from whichever cache it's in. */
         ssl_FreeSID(sid);     /* dec ref count and free if zero. */
@@ -12701,7 +13209,15 @@ ssl3_DestroySSL3Info(sslSocket *ss)
 
     SECITEM_FreeItem(&ss->ssl3.hs.newSessionTicket.ticket, PR_FALSE);
     SECITEM_FreeItem(&ss->ssl3.hs.srvVirtName, PR_FALSE);
-    SECITEM_FreeItem(&ss->ssl3.hs.fakeSid, PR_FALSE);
+
+    if (ss->ssl3.hs.certificateRequest) {
+        PORT_FreeArena(ss->ssl3.hs.certificateRequest->arena, PR_FALSE);
+        ss->ssl3.hs.certificateRequest = NULL;
+    }
+
+    /* free up the CipherSpecs */
+    ssl3_DestroyCipherSpec(&ss->ssl3.specs[0], PR_TRUE /*freeSrvName*/);
+    ssl3_DestroyCipherSpec(&ss->ssl3.specs[1], PR_TRUE /*freeSrvName*/);
 
     /* Destroy the DTLS data */
     if (IS_DTLS(ss)) {
@@ -12713,10 +13229,10 @@ ssl3_DestroySSL3Info(sslSocket *ss)
 
     /* Destroy remote extensions */
     ssl3_DestroyRemoteExtensions(&ss->ssl3.hs.remoteExtensions);
-    ssl3_DestroyExtensionData(&ss->xtnData);
+    ssl3_ResetExtensionData(&ss->xtnData);
 
-    /* Destroy cipher specs */
-    ssl_DestroyCipherSpecs(&ss->ssl3.hs.cipherSpecs);
+    /* Destroy TLS 1.3 cipher specs */
+    tls13_DestroyCipherSpecs(&ss->ssl3.hs.cipherSpecs);
 
     /* Destroy TLS 1.3 keys */
     if (ss->ssl3.hs.currentSecret)
@@ -12745,6 +13261,8 @@ ssl3_DestroySSL3Info(sslSocket *ss)
     ss->ssl3.hs.zeroRttState = ssl_0rtt_none;
     /* Destroy TLS 1.3 buffered early data. */
     tls13_DestroyEarlyData(&ss->ssl3.hs.bufferedEarlyData);
+
+    ss->ssl3.initialized = PR_FALSE;
 }
 
 #define MAP_NULL(x) (((x) != 0) ? (x) : SEC_OID_NULL_CIPHER)
@@ -12783,7 +13301,7 @@ ssl3_ApplyNSSPolicy(void)
         }
 
         if (ssl_GetBulkCipherDef(suite)->type != type_aead) {
-            policyOid = MAP_NULL(ssl_GetMacDefByAlg(suite->mac_alg)->oid);
+            policyOid = MAP_NULL(mac_defs[suite->mac_alg].oid);
             rv = NSS_GetAlgorithmPolicy(policyOid, &policy);
             if (rv == SECSuccess && !(policy & NSS_USE_ALG_IN_SSL)) {
                 ssl_CipherPrefSetDefault(suite->cipher_suite, PR_FALSE);
diff --git a/security/nss/lib/ssl/ssl3ecc.c b/security/nss/lib/ssl/ssl3ecc.c
index 913a14f63..b440b4b02 100644
--- a/security/nss/lib/ssl/ssl3ecc.c
+++ b/security/nss/lib/ssl/ssl3ecc.c
@@ -111,7 +111,7 @@ ssl_ECPubKey2NamedGroup(const SECKEYPublicKey *pubKey)
 static SECStatus
 ssl3_ComputeECDHKeyHash(SSLHashType hashAlg,
                         SECItem ec_params, SECItem server_ecpoint,
-                        PRUint8 *client_rand, PRUint8 *server_rand,
+                        SSL3Random *client_rand, SSL3Random *server_rand,
                         SSL3Hashes *hashes)
 {
     PRUint8 *hashBuf;
@@ -175,8 +175,8 @@ ssl3_SendECDHClientKeyExchange(sslSocket *ss, SECKEYPublicKey *svrPubKey)
     PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
     PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
 
-    isTLS = (PRBool)(ss->version > SSL_LIBRARY_VERSION_3_0);
-    isTLS12 = (PRBool)(ss->version >= SSL_LIBRARY_VERSION_TLS_1_2);
+    isTLS = (PRBool)(ss->ssl3.pwSpec->version > SSL_LIBRARY_VERSION_3_0);
+    isTLS12 = (PRBool)(ss->ssl3.pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2);
 
     /* Generate ephemeral EC keypair */
     if (svrPubKey->keyType != ecKey) {
@@ -219,7 +219,7 @@ ssl3_SendECDHClientKeyExchange(sslSocket *ss, SECKEYPublicKey *svrPubKey)
         goto loser;
     }
 
-    rv = ssl3_AppendHandshakeHeader(ss, ssl_hs_client_key_exchange,
+    rv = ssl3_AppendHandshakeHeader(ss, client_key_exchange,
                                     pubKey->u.ec.publicValue.len + 1);
     if (rv != SECSuccess) {
         goto loser; /* err set by ssl3_AppendHandshake* */
@@ -232,7 +232,7 @@ ssl3_SendECDHClientKeyExchange(sslSocket *ss, SECKEYPublicKey *svrPubKey)
         goto loser; /* err set by ssl3_AppendHandshake* */
     }
 
-    rv = ssl3_InitPendingCipherSpecs(ss, pms, PR_TRUE);
+    rv = ssl3_InitPendingCipherSpec(ss, pms);
     if (rv != SECSuccess) {
         ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
         goto loser;
@@ -250,6 +250,19 @@ loser:
     return SECFailure;
 }
 
+/* This function encodes the key_exchange field in
+ * the KeyShareEntry structure. */
+SECStatus
+tls13_EncodeECDHEKeyShareKEX(const sslSocket *ss, const SECKEYPublicKey *pubKey)
+{
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
+    PORT_Assert(pubKey->keyType == ecKey);
+
+    return ssl3_ExtAppendHandshake(ss, pubKey->u.ec.publicValue.data,
+                                   pubKey->u.ec.publicValue.len);
+}
+
 /*
 ** Called from ssl3_HandleClientKeyExchange()
 */
@@ -313,7 +326,7 @@ ssl3_HandleECDHClientKeyExchange(sslSocket *ss, PRUint8 *b,
         return SECFailure;
     }
 
-    rv = ssl3_InitPendingCipherSpecs(ss, pms, PR_TRUE);
+    rv = ssl3_InitPendingCipherSpec(ss, pms);
     PK11_FreeSymKey(pms);
     if (rv != SECSuccess) {
         /* error code set by ssl3_InitPendingCipherSpec */
@@ -584,8 +597,8 @@ ssl3_HandleECDHServerKeyExchange(sslSocket *ss, PRUint8 *b, PRUint32 length)
      *  check to make sure the hash is signed by right guy
      */
     rv = ssl3_ComputeECDHKeyHash(hashAlg, ec_params, ec_point,
-                                 ss->ssl3.hs.client_random,
-                                 ss->ssl3.hs.server_random,
+                                 &ss->ssl3.hs.client_random,
+                                 &ss->ssl3.hs.server_random,
                                  &hashes);
 
     if (rv != SECSuccess) {
@@ -690,7 +703,7 @@ ssl3_SendECDHServerKeyExchange(sslSocket *ss)
     ec_params.data[2] = keyPair->group->name & 0xff;
 
     pubKey = keyPair->keys->pubKey;
-    if (ss->version == SSL_LIBRARY_VERSION_TLS_1_2) {
+    if (ss->ssl3.pwSpec->version == SSL_LIBRARY_VERSION_TLS_1_2) {
         hashAlg = ssl_SignatureSchemeToHashType(ss->ssl3.hs.signatureScheme);
     } else {
         /* Use ssl_hash_none to represent the MD5+SHA1 combo. */
@@ -698,15 +711,15 @@ ssl3_SendECDHServerKeyExchange(sslSocket *ss)
     }
     rv = ssl3_ComputeECDHKeyHash(hashAlg, ec_params,
                                  pubKey->u.ec.publicValue,
-                                 ss->ssl3.hs.client_random,
-                                 ss->ssl3.hs.server_random,
+                                 &ss->ssl3.hs.client_random,
+                                 &ss->ssl3.hs.server_random,
                                  &hashes);
     if (rv != SECSuccess) {
         ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
         goto loser;
     }
 
-    isTLS12 = (PRBool)(ss->version >= SSL_LIBRARY_VERSION_TLS_1_2);
+    isTLS12 = (PRBool)(ss->ssl3.pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2);
 
     rv = ssl3_SignHashes(ss, &hashes,
                          ss->sec.serverCert->serverKeyPair->privKey, &signed_hash);
@@ -718,7 +731,7 @@ ssl3_SendECDHServerKeyExchange(sslSocket *ss)
              1 + pubKey->u.ec.publicValue.len +
              (isTLS12 ? 2 : 0) + 2 + signed_hash.len;
 
-    rv = ssl3_AppendHandshakeHeader(ss, ssl_hs_server_key_exchange, length);
+    rv = ssl3_AppendHandshakeHeader(ss, server_key_exchange, length);
     if (rv != SECSuccess) {
         goto loser; /* err set by AppendHandshake. */
     }
@@ -857,16 +870,20 @@ ssl_IsDHEEnabled(const sslSocket *ss)
 }
 
 /* Send our Supported Groups extension. */
-SECStatus
-ssl_SendSupportedGroupsXtn(const sslSocket *ss, TLSExtensionData *xtnData,
-                           sslBuffer *buf, PRBool *added)
+PRInt32
+ssl_SendSupportedGroupsXtn(const sslSocket *ss,
+                           TLSExtensionData *xtnData,
+                           PRBool append, PRUint32 maxBytes)
 {
+    PRInt32 extension_length;
+    unsigned char enabledGroups[64];
+    unsigned int enabledGroupsLen = 0;
     unsigned int i;
     PRBool ec;
     PRBool ff = PR_FALSE;
-    PRBool found = PR_FALSE;
-    SECStatus rv;
-    unsigned int lengthOffset;
+
+    if (!ss)
+        return 0;
 
     /* We only send FF supported groups if we require DH named groups
      * or if TLS 1.3 is a possibility. */
@@ -875,19 +892,13 @@ ssl_SendSupportedGroupsXtn(const sslSocket *ss, TLSExtensionData *xtnData,
         if (ss->opt.requireDHENamedGroups) {
             ff = ssl_IsDHEEnabled(ss);
         }
-        if (!ec && !ff) {
-            return SECSuccess;
-        }
+        if (!ec && !ff)
+            return 0;
     } else {
         ec = ff = PR_TRUE;
     }
 
-    /* Mark the location of the length. */
-    rv = sslBuffer_Skip(buf, 2, &lengthOffset);
-    if (rv != SECSuccess) {
-        return SECFailure;
-    }
-
+    PORT_Assert(sizeof(enabledGroups) > SSL_NAMED_GROUP_COUNT * 2);
     for (i = 0; i < SSL_NAMED_GROUP_COUNT; ++i) {
         const sslNamedGroupDef *group = ss->namedGroupPreferences[i];
         if (!group) {
@@ -900,53 +911,78 @@ ssl_SendSupportedGroupsXtn(const sslSocket *ss, TLSExtensionData *xtnData,
             continue;
         }
 
-        found = PR_TRUE;
-        rv = sslBuffer_AppendNumber(buf, group->name, 2);
-        if (rv != SECSuccess) {
-            return SECFailure;
+        if (append) {
+            (void)ssl_EncodeUintX(group->name, 2, &enabledGroups[enabledGroupsLen]);
+        }
+        enabledGroupsLen += 2;
+    }
+
+    if (enabledGroupsLen == 0) {
+        return 0;
+    }
+
+    extension_length =
+        2 /* extension type */ +
+        2 /* extension length */ +
+        2 /* enabled groups length */ +
+        enabledGroupsLen;
+
+    if (maxBytes < (PRUint32)extension_length) {
+        return 0;
+    }
+
+    if (append) {
+        SECStatus rv;
+        rv = ssl3_ExtAppendHandshakeNumber(ss, ssl_supported_groups_xtn, 2);
+        if (rv != SECSuccess)
+            return -1;
+        rv = ssl3_ExtAppendHandshakeNumber(ss, extension_length - 4, 2);
+        if (rv != SECSuccess)
+            return -1;
+        rv = ssl3_ExtAppendHandshakeVariable(ss, enabledGroups,
+                                             enabledGroupsLen, 2);
+        if (rv != SECSuccess)
+            return -1;
+        if (!ss->sec.isServer) {
+            xtnData->advertised[xtnData->numAdvertised++] =
+                ssl_supported_groups_xtn;
         }
     }
-
-    if (!found) {
-        /* We added nothing, don't send the extension. */
-        return SECSuccess;
-    }
-
-    rv = sslBuffer_InsertLength(buf, lengthOffset, 2);
-    if (rv != SECSuccess) {
-        return SECFailure;
-    }
-
-    *added = PR_TRUE;
-    return SECSuccess;
+    return extension_length;
 }
 
 /* Send our "canned" (precompiled) Supported Point Formats extension,
  * which says that we only support uncompressed points.
  */
-SECStatus
-ssl3_SendSupportedPointFormatsXtn(const sslSocket *ss, TLSExtensionData *xtnData,
-                                  sslBuffer *buf, PRBool *added)
+PRInt32
+ssl3_SendSupportedPointFormatsXtn(
+    const sslSocket *ss,
+    TLSExtensionData *xtnData,
+    PRBool append,
+    PRUint32 maxBytes)
 {
-    SECStatus rv;
+    static const PRUint8 ecPtFmt[6] = {
+        0, 11, /* Extension type */
+        0, 2,  /* octets that follow */
+        1,     /* octets that follow */
+        0      /* uncompressed type only */
+    };
 
     /* No point in doing this unless we have a socket that supports ECC.
      * Similarly, no point if we are going to do TLS 1.3 only or we have already
      * picked TLS 1.3 (server) given that it doesn't use point formats. */
     if (!ss || !ssl_IsECCEnabled(ss) ||
         ss->vrange.min >= SSL_LIBRARY_VERSION_TLS_1_3 ||
-        (ss->sec.isServer && ss->version >= SSL_LIBRARY_VERSION_TLS_1_3)) {
-        return SECSuccess;
-    }
-    rv = sslBuffer_AppendNumber(buf, 1, 1); /* length */
-    if (rv != SECSuccess) {
-        return SECFailure;
-    }
-    rv = sslBuffer_AppendNumber(buf, 0, 1); /* uncompressed type only */
-    if (rv != SECSuccess) {
-        return SECFailure;
+        (ss->sec.isServer && ss->version >= SSL_LIBRARY_VERSION_TLS_1_3))
+        return 0;
+    if (append && maxBytes >= (sizeof ecPtFmt)) {
+        SECStatus rv = ssl3_ExtAppendHandshake(ss, ecPtFmt, (sizeof ecPtFmt));
+        if (rv != SECSuccess)
+            return -1;
+        if (!ss->sec.isServer) {
+            xtnData->advertised[xtnData->numAdvertised++] =
+                ssl_ec_point_formats_xtn;
+        }
     }
-
-    *added = PR_TRUE;
-    return SECSuccess;
+    return sizeof(ecPtFmt);
 }
diff --git a/security/nss/lib/ssl/ssl3ext.c b/security/nss/lib/ssl/ssl3ext.c
index ade280903..271084cf7 100644
--- a/security/nss/lib/ssl/ssl3ext.c
+++ b/security/nss/lib/ssl/ssl3ext.c
@@ -14,20 +14,8 @@
 #include "sslimpl.h"
 #include "sslproto.h"
 #include "ssl3exthandle.h"
-#include "tls13err.h"
 #include "tls13exthandle.h"
 
-/* Callback function that handles a received extension. */
-typedef SECStatus (*ssl3ExtensionHandlerFunc)(const sslSocket *ss,
-                                              TLSExtensionData *xtnData,
-                                              SECItem *data);
-
-/* Row in a table of hello extension handlers. */
-typedef struct {
-    SSLExtensionType ex_type;
-    ssl3ExtensionHandlerFunc ex_handler;
-} ssl3ExtensionHandler;
-
 /* Table of handlers for received TLS hello extensions, one per extension.
  * In the second generation, this table will be dynamic, and functions
  * will be registered here.
@@ -43,15 +31,16 @@ static const ssl3ExtensionHandler clientHelloHandlers[] = {
     { ssl_app_layer_protocol_xtn, &ssl3_ServerHandleAppProtoXtn },
     { ssl_use_srtp_xtn, &ssl3_ServerHandleUseSRTPXtn },
     { ssl_cert_status_xtn, &ssl3_ServerHandleStatusRequestXtn },
-    { ssl_signature_algorithms_xtn, &ssl3_HandleSigAlgsXtn },
+    { ssl_signature_algorithms_xtn, &ssl3_ServerHandleSigAlgsXtn },
     { ssl_extended_master_secret_xtn, &ssl3_HandleExtendedMasterSecretXtn },
     { ssl_signed_cert_timestamp_xtn, &ssl3_ServerHandleSignedCertTimestampXtn },
     { ssl_tls13_key_share_xtn, &tls13_ServerHandleKeyShareXtn },
     { ssl_tls13_pre_shared_key_xtn, &tls13_ServerHandlePreSharedKeyXtn },
     { ssl_tls13_early_data_xtn, &tls13_ServerHandleEarlyDataXtn },
-    { ssl_tls13_psk_key_exchange_modes_xtn, &tls13_ServerHandlePskModesXtn },
-    { ssl_tls13_cookie_xtn, &tls13_ServerHandleCookieXtn },
-    { 0, NULL }
+    { ssl_tls13_psk_key_exchange_modes_xtn,
+      &tls13_ServerHandlePskKeyExchangeModesXtn },
+    { ssl_tls13_short_header_xtn, &tls13_HandleShortHeaderXtn },
+    { -1, NULL }
 };
 
 /* These two tables are used by the client, to handle server hello
@@ -70,38 +59,36 @@ static const ssl3ExtensionHandler serverHelloHandlersTLS[] = {
     { ssl_tls13_key_share_xtn, &tls13_ClientHandleKeyShareXtn },
     { ssl_tls13_pre_shared_key_xtn, &tls13_ClientHandlePreSharedKeyXtn },
     { ssl_tls13_early_data_xtn, &tls13_ClientHandleEarlyDataXtn },
-    { 0, NULL }
+    { ssl_tls13_short_header_xtn, &tls13_HandleShortHeaderXtn },
+    { -1, NULL }
 };
 
 static const ssl3ExtensionHandler helloRetryRequestHandlers[] = {
     { ssl_tls13_key_share_xtn, tls13_ClientHandleKeyShareXtnHrr },
     { ssl_tls13_cookie_xtn, tls13_ClientHandleHrrCookie },
-    { 0, NULL }
+    { -1, NULL }
 };
 
 static const ssl3ExtensionHandler serverHelloHandlersSSL3[] = {
     { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn },
-    { 0, NULL }
+    { -1, NULL }
 };
 
 static const ssl3ExtensionHandler newSessionTicketHandlers[] = {
-    { ssl_tls13_early_data_xtn,
-      &tls13_ClientHandleTicketEarlyDataXtn },
-    { 0, NULL }
+    { ssl_tls13_ticket_early_data_info_xtn,
+      &tls13_ClientHandleTicketEarlyDataInfoXtn },
+    { -1, NULL }
 };
 
 /* This table is used by the client to handle server certificates in TLS 1.3 */
 static const ssl3ExtensionHandler serverCertificateHandlers[] = {
     { ssl_signed_cert_timestamp_xtn, &ssl3_ClientHandleSignedCertTimestampXtn },
     { ssl_cert_status_xtn, &ssl3_ClientHandleStatusRequestXtn },
-    { 0, NULL }
+    { -1, NULL }
 };
 
 static const ssl3ExtensionHandler certificateRequestHandlers[] = {
-    { ssl_signature_algorithms_xtn, &ssl3_HandleSigAlgsXtn },
-    { ssl_tls13_certificate_authorities_xtn,
-      &tls13_ClientHandleCertAuthoritiesXtn },
-    { 0, NULL }
+    { -1, NULL }
 };
 
 /* Tables of functions to format TLS hello extensions, one function per
@@ -114,14 +101,14 @@ static const ssl3ExtensionHandler certificateRequestHandlers[] = {
  * the client hello is empty (for example, the extended master secret
  * extension, if it were listed last). See bug 1243641.
  */
-static const sslExtensionBuilder clientHelloSendersTLS[] =
+static const ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] =
     {
-      { ssl_server_name_xtn, &ssl3_ClientSendServerNameXtn },
+      { ssl_server_name_xtn, &ssl3_SendServerNameXtn },
       { ssl_extended_master_secret_xtn, &ssl3_SendExtendedMasterSecretXtn },
       { ssl_renegotiation_info_xtn, &ssl3_SendRenegotiationInfoXtn },
       { ssl_supported_groups_xtn, &ssl_SendSupportedGroupsXtn },
       { ssl_ec_point_formats_xtn, &ssl3_SendSupportedPointFormatsXtn },
-      { ssl_session_ticket_xtn, &ssl3_ClientSendSessionTicketXtn },
+      { ssl_session_ticket_xtn, &ssl3_SendSessionTicketXtn },
       { ssl_next_proto_nego_xtn, &ssl3_ClientSendNextProtoNegoXtn },
       { ssl_app_layer_protocol_xtn, &ssl3_ClientSendAppProtoXtn },
       { ssl_use_srtp_xtn, &ssl3_ClientSendUseSRTPXtn },
@@ -134,155 +121,22 @@ static const sslExtensionBuilder clientHelloSendersTLS[] =
        * client hello is empty. They are not intolerant of TLS 1.2, so list
        * signature_algorithms at the end. See bug 1243641. */
       { ssl_tls13_supported_versions_xtn, &tls13_ClientSendSupportedVersionsXtn },
-      { ssl_signature_algorithms_xtn, &ssl3_SendSigAlgsXtn },
+      { ssl_tls13_short_header_xtn, &tls13_SendShortHeaderXtn },
+      { ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn },
       { ssl_tls13_cookie_xtn, &tls13_ClientSendHrrCookieXtn },
-      { ssl_tls13_psk_key_exchange_modes_xtn, &tls13_ClientSendPskModesXtn },
+      { ssl_tls13_psk_key_exchange_modes_xtn,
+        &tls13_ClientSendPskKeyExchangeModesXtn },
+      { ssl_padding_xtn, &ssl3_ClientSendPaddingExtension },
       /* The pre_shared_key extension MUST be last. */
       { ssl_tls13_pre_shared_key_xtn, &tls13_ClientSendPreSharedKeyXtn },
-      { 0, NULL }
+      /* any extra entries will appear as { 0, NULL }    */
     };
 
-static const sslExtensionBuilder clientHelloSendersSSL3[] = {
-    { ssl_renegotiation_info_xtn, &ssl3_SendRenegotiationInfoXtn },
-    { 0, NULL }
-};
-
-static const sslExtensionBuilder tls13_cert_req_senders[] = {
-    { ssl_signature_algorithms_xtn, &ssl3_SendSigAlgsXtn },
-    { ssl_tls13_certificate_authorities_xtn, &tls13_SendCertAuthoritiesXtn },
-    { 0, NULL }
-};
-
-static const sslExtensionBuilder tls13_hrr_senders[] = {
-    { ssl_tls13_key_share_xtn, &tls13_ServerSendHrrKeyShareXtn },
-    { ssl_tls13_cookie_xtn, &tls13_ServerSendHrrCookieXtn },
-    { ssl_tls13_supported_versions_xtn, &tls13_ServerSendSupportedVersionsXtn },
-    { 0, NULL }
-};
-
-static const struct {
-    SSLExtensionType type;
-    SSLExtensionSupport support;
-} ssl_supported_extensions[] = {
-    { ssl_server_name_xtn, ssl_ext_native_only },
-    { ssl_cert_status_xtn, ssl_ext_native },
-    { ssl_supported_groups_xtn, ssl_ext_native_only },
-    { ssl_ec_point_formats_xtn, ssl_ext_native },
-    { ssl_signature_algorithms_xtn, ssl_ext_native_only },
-    { ssl_use_srtp_xtn, ssl_ext_native },
-    { ssl_app_layer_protocol_xtn, ssl_ext_native_only },
-    { ssl_signed_cert_timestamp_xtn, ssl_ext_native },
-    { ssl_padding_xtn, ssl_ext_native },
-    { ssl_extended_master_secret_xtn, ssl_ext_native_only },
-    { ssl_session_ticket_xtn, ssl_ext_native_only },
-    { ssl_tls13_key_share_xtn, ssl_ext_native_only },
-    { ssl_tls13_pre_shared_key_xtn, ssl_ext_native_only },
-    { ssl_tls13_early_data_xtn, ssl_ext_native_only },
-    { ssl_tls13_supported_versions_xtn, ssl_ext_native_only },
-    { ssl_tls13_cookie_xtn, ssl_ext_native_only },
-    { ssl_tls13_psk_key_exchange_modes_xtn, ssl_ext_native_only },
-    { ssl_tls13_ticket_early_data_info_xtn, ssl_ext_native_only },
-    { ssl_tls13_certificate_authorities_xtn, ssl_ext_native },
-    { ssl_next_proto_nego_xtn, ssl_ext_none },
-    { ssl_renegotiation_info_xtn, ssl_ext_native }
+static const ssl3HelloExtensionSender clientHelloSendersSSL3[SSL_MAX_EXTENSIONS] = {
+    { ssl_renegotiation_info_xtn, &ssl3_SendRenegotiationInfoXtn }
+    /* any extra entries will appear as { 0, NULL }    */
 };
 
-static SSLExtensionSupport
-ssl_GetExtensionSupport(PRUint16 type)
-{
-    unsigned int i;
-    for (i = 0; i < PR_ARRAY_SIZE(ssl_supported_extensions); ++i) {
-        if (type == ssl_supported_extensions[i].type) {
-            return ssl_supported_extensions[i].support;
-        }
-    }
-    return ssl_ext_none;
-}
-
-SECStatus
-SSLExp_GetExtensionSupport(PRUint16 type, SSLExtensionSupport *support)
-{
-    *support = ssl_GetExtensionSupport(type);
-    return SECSuccess;
-}
-
-SECStatus
-SSLExp_InstallExtensionHooks(PRFileDesc *fd, PRUint16 extension,
-                             SSLExtensionWriter writer, void *writerArg,
-                             SSLExtensionHandler handler, void *handlerArg)
-{
-    sslSocket *ss = ssl_FindSocket(fd);
-    PRCList *cursor;
-    sslCustomExtensionHooks *hook;
-
-    if (!ss) {
-        return SECFailure; /* Code already set. */
-    }
-
-    /* Need to specify both or neither, but not just one. */
-    if ((writer && !handler) || (!writer && handler)) {
-        PORT_SetError(SEC_ERROR_INVALID_ARGS);
-        return SECFailure;
-    }
-
-    if (ssl_GetExtensionSupport(extension) == ssl_ext_native_only) {
-        PORT_SetError(SEC_ERROR_INVALID_ARGS);
-        return SECFailure;
-    }
-
-    if (ss->firstHsDone || ((ss->ssl3.hs.ws != idle_handshake) &&
-                            (ss->ssl3.hs.ws != wait_client_hello))) {
-        PORT_SetError(PR_INVALID_STATE_ERROR);
-        return SECFailure;
-    }
-
-    /* Remove any old handler. */
-    for (cursor = PR_NEXT_LINK(&ss->extensionHooks);
-         cursor != &ss->extensionHooks;
-         cursor = PR_NEXT_LINK(cursor)) {
-        hook = (sslCustomExtensionHooks *)cursor;
-        if (hook->type == extension) {
-            PR_REMOVE_LINK(&hook->link);
-            PORT_Free(hook);
-            break;
-        }
-    }
-
-    if (!writer && !handler) {
-        return SECSuccess;
-    }
-
-    hook = PORT_ZNew(sslCustomExtensionHooks);
-    if (!hook) {
-        return SECFailure; /* This removed the old one, oh well. */
-    }
-
-    hook->type = extension;
-    hook->writer = writer;
-    hook->writerArg = writerArg;
-    hook->handler = handler;
-    hook->handlerArg = handlerArg;
-    PR_APPEND_LINK(&hook->link, &ss->extensionHooks);
-    return SECSuccess;
-}
-
-static sslCustomExtensionHooks *
-ssl_FindCustomExtensionHooks(sslSocket *ss, PRUint16 extension)
-{
-    PRCList *cursor;
-
-    for (cursor = PR_NEXT_LINK(&ss->extensionHooks);
-         cursor != &ss->extensionHooks;
-         cursor = PR_NEXT_LINK(cursor)) {
-        sslCustomExtensionHooks *hook = (sslCustomExtensionHooks *)cursor;
-        if (hook->type == extension) {
-            return hook;
-        }
-    }
-
-    return NULL;
-}
-
 static PRBool
 arrayContainsExtension(const PRUint16 *array, PRUint32 len, PRUint16 ex_type)
 {
@@ -302,11 +156,8 @@ ssl3_ExtensionNegotiated(const sslSocket *ss, PRUint16 ex_type)
                                   xtnData->numNegotiated, ex_type);
 }
 
-/* This checks for whether an extension was advertised.  On the client, this
- * covers extensions that are sent in ClientHello; on the server, extensions
- * sent in CertificateRequest (TLS 1.3 only). */
 PRBool
-ssl3_ExtensionAdvertised(const sslSocket *ss, PRUint16 ex_type)
+ssl3_ClientExtensionAdvertised(const sslSocket *ss, PRUint16 ex_type)
 {
     const TLSExtensionData *xtnData = &ss->xtnData;
     return arrayContainsExtension(xtnData->advertised,
@@ -389,44 +240,6 @@ ssl3_FindExtension(sslSocket *ss, SSLExtensionType extension_type)
     return NULL;
 }
 
-static SECStatus
-ssl_CallExtensionHandler(sslSocket *ss, SSLHandshakeType handshakeMessage,
-                         TLSExtension *extension,
-                         const ssl3ExtensionHandler *handler)
-{
-    SECStatus rv = SECSuccess;
-    SSLAlertDescription alert = handshake_failure;
-    sslCustomExtensionHooks *customHooks;
-
-    customHooks = ssl_FindCustomExtensionHooks(ss, extension->type);
-    if (customHooks) {
-        if (customHooks->handler) {
-            rv = customHooks->handler(ss->fd, handshakeMessage,
-                                      extension->data.data,
-                                      extension->data.len,
-                                      &alert, customHooks->handlerArg);
-        }
-    } else {
-        /* Find extension_type in table of Hello Extension Handlers. */
-        for (; handler->ex_handler != NULL; ++handler) {
-            if (handler->ex_type == extension->type) {
-                rv = (*handler->ex_handler)(ss, &ss->xtnData, &extension->data);
-                break;
-            }
-        }
-    }
-
-    if (rv != SECSuccess) {
-        if (!ss->ssl3.fatalAlertSent) {
-            /* Send an alert if the handler didn't already. */
-            (void)SSL3_SendAlert(ss, alert_fatal, alert);
-        }
-        return SECFailure;
-    }
-
-    return SECSuccess;
-}
-
 /* Go through the hello extensions in |ss->ssl3.hs.remoteExtensions|.
  * For each one, find the extension handler in the table, and
  * if present, invoke that handler.
@@ -437,46 +250,42 @@ ssl_CallExtensionHandler(sslSocket *ss, SSLHandshakeType handshakeMessage,
  * right phase.
  */
 SECStatus
-ssl3_HandleParsedExtensions(sslSocket *ss, SSLHandshakeType message)
+ssl3_HandleParsedExtensions(sslSocket *ss,
+                            SSL3HandshakeType handshakeMessage)
 {
     const ssl3ExtensionHandler *handlers;
     /* HelloRetryRequest doesn't set ss->version. It might be safe to
      * do so, but we weren't entirely sure. TODO(ekr@rtfm.com). */
     PRBool isTLS13 = (ss->version >= SSL_LIBRARY_VERSION_TLS_1_3) ||
-                     (message == ssl_hs_hello_retry_request);
-    /* The following messages can include extensions that were not included in
-     * the original ClientHello. */
-    PRBool allowNotOffered = (message == ssl_hs_client_hello) ||
-                             (message == ssl_hs_certificate_request) ||
-                             (message == ssl_hs_new_session_ticket);
+                     (handshakeMessage == hello_retry_request);
     PRCList *cursor;
 
-    switch (message) {
-        case ssl_hs_client_hello:
+    switch (handshakeMessage) {
+        case client_hello:
             handlers = clientHelloHandlers;
             break;
-        case ssl_hs_new_session_ticket:
+        case new_session_ticket:
             PORT_Assert(ss->version >= SSL_LIBRARY_VERSION_TLS_1_3);
             handlers = newSessionTicketHandlers;
             break;
-        case ssl_hs_hello_retry_request:
+        case hello_retry_request:
             handlers = helloRetryRequestHandlers;
             break;
-        case ssl_hs_encrypted_extensions:
+        case encrypted_extensions:
             PORT_Assert(ss->version >= SSL_LIBRARY_VERSION_TLS_1_3);
         /* fall through */
-        case ssl_hs_server_hello:
+        case server_hello:
             if (ss->version > SSL_LIBRARY_VERSION_3_0) {
                 handlers = serverHelloHandlersTLS;
             } else {
                 handlers = serverHelloHandlersSSL3;
             }
             break;
-        case ssl_hs_certificate:
+        case certificate:
             PORT_Assert(!ss->sec.isServer);
             handlers = serverCertificateHandlers;
             break;
-        case ssl_hs_certificate_request:
+        case certificate_request:
             PORT_Assert(!ss->sec.isServer);
             handlers = certificateRequestHandlers;
             break;
@@ -490,39 +299,28 @@ ssl3_HandleParsedExtensions(sslSocket *ss, SSLHandshakeType message)
          cursor != &ss->ssl3.hs.remoteExtensions;
          cursor = PR_NEXT_LINK(cursor)) {
         TLSExtension *extension = (TLSExtension *)cursor;
-        SECStatus rv;
+        const ssl3ExtensionHandler *handler;
 
         /* Check whether the server sent an extension which was not advertised
-         * in the ClientHello.
-         *
-         * Note that a TLS 1.3 server should check if CertificateRequest
-         * extensions were sent.  But the extensions used for CertificateRequest
-         * do not have any response, so we rely on
-         * ssl3_ExtensionAdvertised to return false on the server.  That
-         * results in the server only rejecting any extension. */
-        if (!allowNotOffered && (extension->type != ssl_tls13_cookie_xtn) &&
-            !ssl3_ExtensionAdvertised(ss, extension->type)) {
+         * in the ClientHello */
+        if (!ss->sec.isServer &&
+            !ssl3_ClientExtensionAdvertised(ss, extension->type) &&
+            (handshakeMessage != new_session_ticket) &&
+            (extension->type != ssl_tls13_cookie_xtn)) {
             (void)SSL3_SendAlert(ss, alert_fatal, unsupported_extension);
             PORT_SetError(SSL_ERROR_RX_UNEXPECTED_EXTENSION);
             return SECFailure;
         }
 
         /* Check that this is a legal extension in TLS 1.3 */
-        if (isTLS13 &&
-            !ssl_FindCustomExtensionHooks(ss, extension->type)) {
-            switch (tls13_ExtensionStatus(extension->type, message)) {
-                case tls13_extension_allowed:
-                    break;
-                case tls13_extension_unknown:
-                    if (allowNotOffered) {
-                        continue; /* Skip over unknown extensions. */
-                    }
-                /* Fall through. */
-                case tls13_extension_disallowed:
-                    tls13_FatalError(ss, SSL_ERROR_EXTENSION_DISALLOWED_FOR_VERSION,
-                                     unsupported_extension);
-                    return SECFailure;
+        if (isTLS13 && !tls13_ExtensionAllowed(extension->type, handshakeMessage)) {
+            if (handshakeMessage == client_hello) {
+                /* Skip extensions not used in TLS 1.3 */
+                continue;
             }
+            tls13_FatalError(ss, SSL_ERROR_EXTENSION_DISALLOWED_FOR_VERSION,
+                             unsupported_extension);
+            return SECFailure;
         }
 
         /* Special check for this being the last extension if it's
@@ -536,9 +334,23 @@ ssl3_HandleParsedExtensions(sslSocket *ss, SSLHandshakeType message)
             return SECFailure;
         }
 
-        rv = ssl_CallExtensionHandler(ss, message, extension, handlers);
-        if (rv != SECSuccess) {
-            return SECFailure;
+        /* find extension_type in table of Hello Extension Handlers */
+        for (handler = handlers; handler->ex_type >= 0; handler++) {
+            /* if found, call this handler */
+            if (handler->ex_type == extension->type) {
+                SECStatus rv;
+
+                rv = (*handler->ex_handler)(ss, &ss->xtnData,
+                                            (PRUint16)extension->type,
+                                            &extension->data);
+                if (rv != SECSuccess) {
+                    if (!ss->ssl3.fatalAlertSent) {
+                        /* send a generic alert if the handler didn't already */
+                        (void)SSL3_SendAlert(ss, alert_fatal, handshake_failure);
+                    }
+                    return SECFailure;
+                }
+            }
         }
     }
     return SECSuccess;
@@ -549,7 +361,7 @@ ssl3_HandleParsedExtensions(sslSocket *ss, SSLHandshakeType message)
 SECStatus
 ssl3_HandleExtensions(sslSocket *ss,
                       PRUint8 **b, PRUint32 *length,
-                      SSLHandshakeType handshakeMessage)
+                      SSL3HandshakeType handshakeMessage)
 {
     SECStatus rv;
 
@@ -571,30 +383,21 @@ SECStatus
 ssl3_RegisterExtensionSender(const sslSocket *ss,
                              TLSExtensionData *xtnData,
                              PRUint16 ex_type,
-                             sslExtensionBuilderFunc cb)
+                             ssl3HelloExtensionSenderFunc cb)
 {
     int i;
-    sslExtensionBuilder *sender;
+    ssl3HelloExtensionSender *sender;
     if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) {
         sender = &xtnData->serverHelloSenders[0];
     } else {
-        if (tls13_ExtensionStatus(ex_type, ssl_hs_server_hello) ==
-            tls13_extension_allowed) {
-            PORT_Assert(tls13_ExtensionStatus(ex_type,
-                                              ssl_hs_encrypted_extensions) ==
-                        tls13_extension_disallowed);
+        if (tls13_ExtensionAllowed(ex_type, server_hello)) {
+            PORT_Assert(!tls13_ExtensionAllowed(ex_type, encrypted_extensions));
             sender = &xtnData->serverHelloSenders[0];
-        } else if (tls13_ExtensionStatus(ex_type,
-                                         ssl_hs_encrypted_extensions) ==
-                   tls13_extension_allowed) {
-            sender = &xtnData->encryptedExtensionsSenders[0];
-        } else if (tls13_ExtensionStatus(ex_type, ssl_hs_certificate) ==
-                   tls13_extension_allowed) {
+        } else if (tls13_ExtensionAllowed(ex_type, certificate)) {
             sender = &xtnData->certificateSenders[0];
         } else {
-            PORT_Assert(0);
-            PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-            return SECFailure;
+            PORT_Assert(tls13_ExtensionAllowed(ex_type, encrypted_extensions));
+            sender = &xtnData->encryptedExtensionsSenders[0];
         }
     }
     for (i = 0; i < SSL_MAX_EXTENSIONS; ++i, ++sender) {
@@ -615,289 +418,32 @@ ssl3_RegisterExtensionSender(const sslSocket *ss,
     return SECFailure;
 }
 
-static SECStatus
-ssl_CallCustomExtensionSenders(sslSocket *ss, sslBuffer *buf,
-                               SSLHandshakeType message)
+/* call each of the extension senders and return the accumulated length */
+PRInt32
+ssl3_CallHelloExtensionSenders(sslSocket *ss, PRBool append, PRUint32 maxBytes,
+                               const ssl3HelloExtensionSender *sender)
 {
-    sslBuffer tail = SSL_BUFFER_EMPTY;
-    SECStatus rv;
-    PRCList *cursor;
-
-    /* Save any extensions that want to be last. */
-    if (ss->xtnData.lastXtnOffset) {
-        rv = sslBuffer_Append(&tail, buf->buf + ss->xtnData.lastXtnOffset,
-                              buf->len - ss->xtnData.lastXtnOffset);
-        if (rv != SECSuccess) {
-            return SECFailure;
-        }
-        buf->len = ss->xtnData.lastXtnOffset;
-    }
-
-    /* Reserve the maximum amount of space possible. */
-    rv = sslBuffer_Grow(buf, 65535);
-    if (rv != SECSuccess) {
-        return SECFailure;
-    }
-
-    for (cursor = PR_NEXT_LINK(&ss->extensionHooks);
-         cursor != &ss->extensionHooks;
-         cursor = PR_NEXT_LINK(cursor)) {
-        sslCustomExtensionHooks *hook =
-            (sslCustomExtensionHooks *)cursor;
-        PRBool append = PR_FALSE;
-        unsigned int len = 0;
-
-        if (hook->writer) {
-            /* The writer writes directly into |buf|.  Provide space that allows
-             * for the existing extensions, any tail, plus type and length. */
-            unsigned int space = buf->space - (buf->len + tail.len + 4);
-            append = (*hook->writer)(ss->fd, message,
-                                     buf->buf + buf->len + 4, &len, space,
-                                     hook->writerArg);
-            if (len > space) {
-                PORT_SetError(SEC_ERROR_APPLICATION_CALLBACK_ERROR);
-                goto loser;
-            }
-        }
-        if (!append) {
-            continue;
-        }
-
-        rv = sslBuffer_AppendNumber(buf, hook->type, 2);
-        if (rv != SECSuccess) {
-            goto loser; /* Code already set. */
-        }
-        rv = sslBuffer_AppendNumber(buf, len, 2);
-        if (rv != SECSuccess) {
-            goto loser; /* Code already set. */
-        }
-        buf->len += len;
-
-        if (message == ssl_hs_client_hello ||
-            message == ssl_hs_certificate_request) {
-            ss->xtnData.advertised[ss->xtnData.numAdvertised++] = hook->type;
-        }
-    }
-
-    sslBuffer_Append(buf, tail.buf, tail.len);
-    sslBuffer_Clear(&tail);
-    return SECSuccess;
-
-loser:
-    sslBuffer_Clear(&tail);
-    return SECFailure;
-}
-
-/* Call extension handlers for the given message. */
-SECStatus
-ssl_ConstructExtensions(sslSocket *ss, sslBuffer *buf, SSLHandshakeType message)
-{
-    const sslExtensionBuilder *sender;
-    SECStatus rv;
-
-    PORT_Assert(buf->len == 0);
-
-    switch (message) {
-        case ssl_hs_client_hello:
-            if (ss->vrange.max > SSL_LIBRARY_VERSION_3_0) {
-                sender = clientHelloSendersTLS;
-            } else {
-                sender = clientHelloSendersSSL3;
-            }
-            break;
-
-        case ssl_hs_server_hello:
-            sender = ss->xtnData.serverHelloSenders;
-            break;
-
-        case ssl_hs_certificate_request:
-            PORT_Assert(ss->version >= SSL_LIBRARY_VERSION_TLS_1_3);
-            sender = tls13_cert_req_senders;
-            break;
-
-        case ssl_hs_certificate:
-            PORT_Assert(ss->version >= SSL_LIBRARY_VERSION_TLS_1_3);
-            sender = ss->xtnData.certificateSenders;
-            break;
-
-        case ssl_hs_encrypted_extensions:
-            PORT_Assert(ss->version >= SSL_LIBRARY_VERSION_TLS_1_3);
-            sender = ss->xtnData.encryptedExtensionsSenders;
-            break;
-
-        case ssl_hs_hello_retry_request:
-            PORT_Assert(ss->version >= SSL_LIBRARY_VERSION_TLS_1_3);
-            sender = tls13_hrr_senders;
-            break;
-
-        default:
-            PORT_Assert(0);
-            PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-            return SECFailure;
-    }
-
-    for (; sender->ex_sender != NULL; ++sender) {
-        PRBool append = PR_FALSE;
-        unsigned int start = buf->len;
-        unsigned int length;
-
-        if (ssl_FindCustomExtensionHooks(ss, sender->ex_type)) {
-            continue;
-        }
-
-        /* Save space for the extension type and length. Note that we don't grow
-         * the buffer now; rely on sslBuffer_Append* to do that. */
-        buf->len += 4;
-        rv = (*sender->ex_sender)(ss, &ss->xtnData, buf, &append);
-        if (rv != SECSuccess) {
-            goto loser;
-        }
-
-        /* Save the length and go back to the start. */
-        length = buf->len - start - 4;
-        buf->len = start;
-        if (!append) {
-            continue;
-        }
-
-        buf->len = start;
-        rv = sslBuffer_AppendNumber(buf, sender->ex_type, 2);
-        if (rv != SECSuccess) {
-            goto loser; /* Code already set. */
-        }
-        rv = sslBuffer_AppendNumber(buf, length, 2);
-        if (rv != SECSuccess) {
-            goto loser; /* Code already set. */
-        }
-        /* Skip over the extension body. */
-        buf->len += length;
-
-        if (message == ssl_hs_client_hello ||
-            message == ssl_hs_certificate_request) {
-            ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
-                sender->ex_type;
-        }
-    }
+    PRInt32 total_exten_len = 0;
+    int i;
 
-    if (!PR_CLIST_IS_EMPTY(&ss->extensionHooks)) {
-        rv = ssl_CallCustomExtensionSenders(ss, buf, message);
-        if (rv != SECSuccess) {
-            goto loser;
+    if (!sender) {
+        if (ss->vrange.max > SSL_LIBRARY_VERSION_3_0) {
+            sender = &clientHelloSendersTLS[0];
+        } else {
+            sender = &clientHelloSendersSSL3[0];
         }
     }
 
-    if (buf->len > 0xffff) {
-        PORT_SetError(SSL_ERROR_TX_RECORD_TOO_LONG);
-        goto loser;
-    }
-
-    return SECSuccess;
-
-loser:
-    sslBuffer_Clear(buf);
-    return SECFailure;
-}
-
-/* This extension sender can be used anywhere that an always empty extension is
- * needed. Mostly that is for ServerHello where sender registration is dynamic;
- * ClientHello senders are usually conditional in some way. */
-SECStatus
-ssl_SendEmptyExtension(const sslSocket *ss, TLSExtensionData *xtnData,
-                       sslBuffer *buf, PRBool *append)
-{
-    *append = PR_TRUE;
-    return SECSuccess;
-}
-
-/* Takes the size of the ClientHello, less the record header, and determines how
- * much padding is required. */
-static unsigned int
-ssl_CalculatePaddingExtLen(const sslSocket *ss, unsigned int clientHelloLength)
-{
-    unsigned int recordLength = 1 /* handshake message type */ +
-                                3 /* handshake message length */ +
-                                clientHelloLength;
-    unsigned int extensionLen;
-
-    /* Don't pad for DTLS, for SSLv3, or for renegotiation. */
-    if (IS_DTLS(ss) ||
-        ss->vrange.max < SSL_LIBRARY_VERSION_TLS_1_0 ||
-        ss->firstHsDone) {
-        return 0;
-    }
-
-    /* A padding extension may be included to ensure that the record containing
-     * the ClientHello doesn't have a length between 256 and 511 bytes
-     * (inclusive). Initial ClientHello records with such lengths trigger bugs
-     * in F5 devices. */
-    if (recordLength < 256 || recordLength >= 512) {
-        return 0;
-    }
-
-    extensionLen = 512 - recordLength;
-    /* Extensions take at least four bytes to encode. Always include at least
-     * one byte of data if we are padding. Some servers will time out or
-     * terminate the connection if the last ClientHello extension is empty. */
-    if (extensionLen < 5) {
-        extensionLen = 5;
-    }
-
-    return extensionLen - 4;
-}
-
-/* ssl3_SendPaddingExtension possibly adds an extension which ensures that a
- * ClientHello record is either < 256 bytes or is >= 512 bytes. This ensures
- * that we don't trigger bugs in F5 products.
- *
- * This takes an existing extension buffer, |buf|, and the length of the
- * remainder of the ClientHello, |prefixLen|.  It modifies the extension buffer
- * to insert padding at the right place.
- */
-SECStatus
-ssl_InsertPaddingExtension(const sslSocket *ss, unsigned int prefixLen,
-                           sslBuffer *buf)
-{
-    static unsigned char padding[252] = { 0 };
-    unsigned int paddingLen;
-    unsigned int tailLen;
-    SECStatus rv;
-
-    /* Account for the size of the header, the length field of the extensions
-     * block and the size of the existing extensions. */
-    paddingLen = ssl_CalculatePaddingExtLen(ss, prefixLen + 2 + buf->len);
-    if (!paddingLen) {
-        return SECSuccess;
-    }
-
-    /* Move the tail if there is one. This only happens if we are sending the
-     * TLS 1.3 PSK extension, which needs to be at the end. */
-    if (ss->xtnData.lastXtnOffset) {
-        PORT_Assert(buf->len > ss->xtnData.lastXtnOffset);
-        tailLen = buf->len - ss->xtnData.lastXtnOffset;
-        rv = sslBuffer_Grow(buf, buf->len + 4 + paddingLen);
-        if (rv != SECSuccess) {
-            return SECFailure;
+    for (i = 0; i < SSL_MAX_EXTENSIONS; ++i, ++sender) {
+        if (sender->ex_sender) {
+            PRInt32 extLen = (*sender->ex_sender)(ss, &ss->xtnData, append, maxBytes);
+            if (extLen < 0)
+                return -1;
+            maxBytes -= extLen;
+            total_exten_len += extLen;
         }
-        PORT_Memmove(buf->buf + ss->xtnData.lastXtnOffset + 4 + paddingLen,
-                     buf->buf + ss->xtnData.lastXtnOffset,
-                     tailLen);
-        buf->len = ss->xtnData.lastXtnOffset;
-    } else {
-        tailLen = 0;
     }
-
-    rv = sslBuffer_AppendNumber(buf, ssl_padding_xtn, 2);
-    if (rv != SECSuccess) {
-        return SECFailure; /* Code already set. */
-    }
-    rv = sslBuffer_AppendVariable(buf, padding, paddingLen, 2);
-    if (rv != SECSuccess) {
-        return SECFailure; /* Code already set. */
-    }
-
-    buf->len += tailLen;
-
-    return SECSuccess;
+    return total_exten_len;
 }
 
 void
@@ -914,59 +460,52 @@ ssl3_DestroyRemoteExtensions(PRCList *list)
 
 /* Initialize the extension data block. */
 void
-ssl3_InitExtensionData(TLSExtensionData *xtnData, const sslSocket *ss)
+ssl3_InitExtensionData(TLSExtensionData *xtnData)
 {
-    unsigned int advertisedMax;
-    PRCList *cursor;
-
     /* Set things up to the right starting state. */
     PORT_Memset(xtnData, 0, sizeof(*xtnData));
     xtnData->peerSupportsFfdheGroups = PR_FALSE;
     PR_INIT_CLIST(&xtnData->remoteKeyShares);
-
-    /* Allocate enough to allow for native extensions, plus any custom ones. */
-    if (ss->sec.isServer) {
-        advertisedMax = PR_MAX(PR_ARRAY_SIZE(certificateRequestHandlers),
-                               PR_ARRAY_SIZE(tls13_cert_req_senders));
-    } else {
-        advertisedMax = PR_MAX(PR_ARRAY_SIZE(clientHelloHandlers),
-                               PR_ARRAY_SIZE(clientHelloSendersTLS));
-        ++advertisedMax; /* For the RI SCSV, which we also track. */
-    }
-    for (cursor = PR_NEXT_LINK(&ss->extensionHooks);
-         cursor != &ss->extensionHooks;
-         cursor = PR_NEXT_LINK(cursor)) {
-        ++advertisedMax;
-    }
-    xtnData->advertised = PORT_ZNewArray(PRUint16, advertisedMax);
 }
 
+/* Free everything that has been allocated and then reset back to
+ * the starting state. */
 void
-ssl3_DestroyExtensionData(TLSExtensionData *xtnData)
+ssl3_ResetExtensionData(TLSExtensionData *xtnData)
 {
+    /* Clean up. */
     ssl3_FreeSniNameArray(xtnData);
-    PORT_Free(xtnData->sigSchemes);
+    PORT_Free(xtnData->clientSigSchemes);
     SECITEM_FreeItem(&xtnData->nextProto, PR_FALSE);
     tls13_DestroyKeyShares(&xtnData->remoteKeyShares);
-    SECITEM_FreeItem(&xtnData->certReqContext, PR_FALSE);
-    SECITEM_FreeItem(&xtnData->applicationToken, PR_FALSE);
-    if (xtnData->certReqAuthorities.arena) {
-        PORT_FreeArena(xtnData->certReqAuthorities.arena, PR_FALSE);
-        xtnData->certReqAuthorities.arena = NULL;
-    }
-    PORT_Free(xtnData->advertised);
+
+    /* Now reinit. */
+    ssl3_InitExtensionData(xtnData);
 }
 
-/* Free everything that has been allocated and then reset back to
- * the starting state. */
-void
-ssl3_ResetExtensionData(TLSExtensionData *xtnData, const sslSocket *ss)
+/* Thunks to let extension handlers operate on const sslSocket* objects. */
+SECStatus
+ssl3_ExtAppendHandshake(const sslSocket *ss, const void *void_src,
+                        PRInt32 bytes)
 {
-    ssl3_DestroyExtensionData(xtnData);
-    ssl3_InitExtensionData(xtnData, ss);
+    return ssl3_AppendHandshake((sslSocket *)ss, void_src, bytes);
+}
+
+SECStatus
+ssl3_ExtAppendHandshakeNumber(const sslSocket *ss, PRInt32 num,
+                              PRInt32 lenSize)
+{
+    return ssl3_AppendHandshakeNumber((sslSocket *)ss, num, lenSize);
+}
+
+SECStatus
+ssl3_ExtAppendHandshakeVariable(const sslSocket *ss,
+                                const PRUint8 *src, PRInt32 bytes,
+                                PRInt32 lenSize)
+{
+    return ssl3_AppendHandshakeVariable((sslSocket *)ss, src, bytes, lenSize);
 }
 
-/* Thunks to let extension handlers operate on const sslSocket* objects. */
 void
 ssl3_ExtSendAlert(const sslSocket *ss, SSL3AlertLevel level,
                   SSL3AlertDescription desc)
diff --git a/security/nss/lib/ssl/ssl3ext.h b/security/nss/lib/ssl/ssl3ext.h
index d0f75a599..90407375a 100644
--- a/security/nss/lib/ssl/ssl3ext.h
+++ b/security/nss/lib/ssl/ssl3ext.h
@@ -9,38 +9,54 @@
 #ifndef __ssl3ext_h_
 #define __ssl3ext_h_
 
-#include "sslencode.h"
-
 typedef enum {
     sni_nametype_hostname
 } SNINameType;
 typedef struct TLSExtensionDataStr TLSExtensionData;
 
-/* Registerable callback function that either appends extension to buffer
+/* registerable callback function that either appends extension to buffer
  * or returns length of data that it would have appended.
  */
-typedef SECStatus (*sslExtensionBuilderFunc)(const sslSocket *ss,
-                                             TLSExtensionData *xtnData,
-                                             sslBuffer *buf, PRBool *added);
+typedef PRInt32 (*ssl3HelloExtensionSenderFunc)(const sslSocket *ss,
+                                                TLSExtensionData *xtnData,
+                                                PRBool append,
+                                                PRUint32 maxBytes);
+
+/* registerable callback function that handles a received extension,
+ * of the given type.
+ */
+typedef SECStatus (*ssl3ExtensionHandlerFunc)(const sslSocket *ss,
+                                              TLSExtensionData *xtnData,
+                                              PRUint16 ex_type,
+                                              SECItem *data);
 
 /* row in a table of hello extension senders */
 typedef struct {
     PRInt32 ex_type;
-    sslExtensionBuilderFunc ex_sender;
-} sslExtensionBuilder;
+    ssl3HelloExtensionSenderFunc ex_sender;
+} ssl3HelloExtensionSender;
+
+/* row in a table of hello extension handlers */
+typedef struct {
+    PRInt32 ex_type;
+    ssl3ExtensionHandlerFunc ex_handler;
+} ssl3ExtensionHandler;
 
 struct TLSExtensionDataStr {
     /* registered callbacks that send server hello extensions */
-    sslExtensionBuilder serverHelloSenders[SSL_MAX_EXTENSIONS];
-    sslExtensionBuilder encryptedExtensionsSenders[SSL_MAX_EXTENSIONS];
-    sslExtensionBuilder certificateSenders[SSL_MAX_EXTENSIONS];
+    ssl3HelloExtensionSender serverHelloSenders[SSL_MAX_EXTENSIONS];
+    ssl3HelloExtensionSender encryptedExtensionsSenders[SSL_MAX_EXTENSIONS];
+    ssl3HelloExtensionSender certificateSenders[SSL_MAX_EXTENSIONS];
 
-    /* Keep track of the extensions that are advertised or negotiated. */
+    /* Keep track of the extensions that are negotiated. */
     PRUint16 numAdvertised;
-    PRUint16 *advertised; /* Allocated dynamically. */
     PRUint16 numNegotiated;
+    PRUint16 advertised[SSL_MAX_EXTENSIONS];
     PRUint16 negotiated[SSL_MAX_EXTENSIONS];
 
+    /* Amount of padding we need to add. */
+    PRUint16 paddingLen;
+
     /* SessionTicket Extension related data. */
     PRBool ticketTimestampVerified;
     PRBool emptySessionTicket;
@@ -70,13 +86,10 @@ struct TLSExtensionDataStr {
     PRBool peerSupportsFfdheGroups; /* if the peer supports named ffdhe groups */
 
     /* clientSigAndHash contains the contents of the signature_algorithms
-     * extension (if any) the other side supports. This is only valid for TLS
-     * 1.2 or later. In TLS 1.3, it is also used for CertificateRequest. */
-    SSLSignatureScheme *sigSchemes;
-    unsigned int numSigSchemes;
-
-    SECItem certReqContext;
-    CERTDistNames certReqAuthorities;
+     * extension (if any) from the client. This is only valid for TLS 1.2
+     * or later. */
+    SSLSignatureScheme *clientSigSchemes;
+    unsigned int numClientSigScheme;
 
     /* In a client: if the server supports Next Protocol Negotiation, then
      * this is the protocol that was negotiated.
@@ -86,18 +99,9 @@ struct TLSExtensionDataStr {
 
     PRUint16 dtlsSRTPCipherSuite; /* 0 if not selected */
 
-    unsigned int lastXtnOffset; /* Where to insert padding. 0 = end. */
-    PRCList remoteKeyShares;    /* The other side's public keys (TLS 1.3) */
-
-    /* The following are used by a TLS 1.3 server. */
-    SECItem pskBinder;                     /* The binder for the first PSK. */
-    unsigned int pskBindersLen;            /* The length of the binders. */
-    PRUint32 ticketAge;                    /* Used to accept early data. */
-    SECItem cookie;                        /* HRR Cookie. */
-    const sslNamedGroupDef *selectedGroup; /* For HRR. */
-    /* The application token contains a value that was passed to the client via
-     * a session ticket, or the cookie in a HelloRetryRequest. */
-    SECItem applicationToken;
+    SECItem pskBinder;                /* The PSK binder for the first PSK (TLS 1.3) */
+    unsigned long pskBinderPrefixLen; /* The length of the binder input. */
+    PRCList remoteKeyShares;          /* The other side's public keys (TLS 1.3) */
 };
 
 typedef struct TLSExtensionStr {
@@ -106,44 +110,40 @@ typedef struct TLSExtensionStr {
     SECItem data;  /* Pointers into the handshake data. */
 } TLSExtension;
 
-typedef struct sslCustomExtensionHooks {
-    PRCList link;
-    PRUint16 type;
-    SSLExtensionWriter writer;
-    void *writerArg;
-    SSLExtensionHandler handler;
-    void *handlerArg;
-} sslCustomExtensionHooks;
-
 SECStatus ssl3_HandleExtensions(sslSocket *ss,
                                 PRUint8 **b, PRUint32 *length,
-                                SSLHandshakeType handshakeMessage);
+                                SSL3HandshakeType handshakeMessage);
 SECStatus ssl3_ParseExtensions(sslSocket *ss,
                                PRUint8 **b, PRUint32 *length);
 SECStatus ssl3_HandleParsedExtensions(sslSocket *ss,
-                                      SSLHandshakeType handshakeMessage);
+                                      SSL3HandshakeType handshakeMessage);
 TLSExtension *ssl3_FindExtension(sslSocket *ss,
                                  SSLExtensionType extension_type);
 void ssl3_DestroyRemoteExtensions(PRCList *list);
-void ssl3_InitExtensionData(TLSExtensionData *xtnData, const sslSocket *ss);
-void ssl3_DestroyExtensionData(TLSExtensionData *xtnData);
-void ssl3_ResetExtensionData(TLSExtensionData *xtnData, const sslSocket *ss);
+void ssl3_InitExtensionData(TLSExtensionData *xtnData);
+void ssl3_ResetExtensionData(TLSExtensionData *xtnData);
 
 PRBool ssl3_ExtensionNegotiated(const sslSocket *ss, PRUint16 ex_type);
-PRBool ssl3_ExtensionAdvertised(const sslSocket *ss, PRUint16 ex_type);
+PRBool ssl3_ClientExtensionAdvertised(const sslSocket *ss, PRUint16 ex_type);
 
 SECStatus ssl3_RegisterExtensionSender(const sslSocket *ss,
                                        TLSExtensionData *xtnData,
                                        PRUint16 ex_type,
-                                       sslExtensionBuilderFunc cb);
-SECStatus ssl_ConstructExtensions(sslSocket *ss, sslBuffer *buf,
-                                  SSLHandshakeType message);
-SECStatus ssl_SendEmptyExtension(const sslSocket *ss, TLSExtensionData *xtnData,
-                                 sslBuffer *buf, PRBool *append);
-SECStatus ssl_InsertPaddingExtension(const sslSocket *ss, unsigned int prefixLen,
-                                     sslBuffer *buf);
+                                       ssl3HelloExtensionSenderFunc cb);
+PRInt32 ssl3_CallHelloExtensionSenders(sslSocket *ss, PRBool append, PRUint32 maxBytes,
+                                       const ssl3HelloExtensionSender *sender);
+
+void ssl3_CalculatePaddingExtLen(sslSocket *ss,
+                                 unsigned int clientHelloLength);
 
 /* Thunks to let us operate on const sslSocket* objects. */
+SECStatus ssl3_ExtAppendHandshake(const sslSocket *ss, const void *void_src,
+                                  PRInt32 bytes);
+SECStatus ssl3_ExtAppendHandshakeNumber(const sslSocket *ss, PRInt32 num,
+                                        PRInt32 lenSize);
+SECStatus ssl3_ExtAppendHandshakeVariable(const sslSocket *ss,
+                                          const PRUint8 *src, PRInt32 bytes,
+                                          PRInt32 lenSize);
 void ssl3_ExtSendAlert(const sslSocket *ss, SSL3AlertLevel level,
                        SSL3AlertDescription desc);
 void ssl3_ExtDecodeError(const sslSocket *ss);
@@ -156,10 +156,4 @@ SECStatus ssl3_ExtConsumeHandshakeVariable(const sslSocket *ss, SECItem *i,
                                            PRUint32 bytes, PRUint8 **b,
                                            PRUint32 *length);
 
-SECStatus SSLExp_GetExtensionSupport(PRUint16 type,
-                                     SSLExtensionSupport *support);
-SECStatus SSLExp_InstallExtensionHooks(
-    PRFileDesc *fd, PRUint16 extension, SSLExtensionWriter writer,
-    void *writerArg, SSLExtensionHandler handler, void *handlerArg);
-
 #endif
diff --git a/security/nss/lib/ssl/ssl3exthandle.c b/security/nss/lib/ssl/ssl3exthandle.c
index c0fbda7ab..370bd8b3e 100644
--- a/security/nss/lib/ssl/ssl3exthandle.c
+++ b/security/nss/lib/ssl/ssl3exthandle.c
@@ -13,6 +13,7 @@
 #include "blapit.h"
 #include "prinit.h"
 #include "selfencrypt.h"
+#include "ssl3encode.h"
 #include "ssl3ext.h"
 #include "ssl3exthandle.h"
 #include "tls13exthandle.h" /* For tls13_ServerSendStatusRequestXtn. */
@@ -21,48 +22,70 @@
  * unless that name is a dotted decimal string.
  * Used by client and server.
  */
-SECStatus
-ssl3_ClientSendServerNameXtn(const sslSocket *ss, TLSExtensionData *xtnData,
-                             sslBuffer *buf, PRBool *added)
+PRInt32
+ssl3_SendServerNameXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRBool append,
+                       PRUint32 maxBytes)
 {
-    unsigned int len;
-    PRNetAddr netAddr;
     SECStatus rv;
-
-    /* must have a hostname */
-    if (!ss->url || !ss->url[0]) {
-        return SECSuccess;
-    }
-    /* must not be an IPv4 or IPv6 address */
-    if (PR_SUCCESS == PR_StringToNetAddr(ss->url, &netAddr)) {
-        /* is an IP address (v4 or v6) */
-        return SECSuccess;
-    }
-    len = PORT_Strlen(ss->url);
-    /* length of server_name_list */
-    rv = sslBuffer_AppendNumber(buf, len + 3, 2);
-    if (rv != SECSuccess) {
-        return SECFailure;
-    }
-    /* Name Type (sni_host_name) */
-    rv = sslBuffer_AppendNumber(buf, 0, 1);
-    if (rv != SECSuccess) {
-        return SECFailure;
+    if (!ss)
+        return 0;
+    if (!ss->sec.isServer) {
+        PRUint32 len;
+        PRNetAddr netAddr;
+
+        /* must have a hostname */
+        if (!ss->url || !ss->url[0])
+            return 0;
+        /* must not be an IPv4 or IPv6 address */
+        if (PR_SUCCESS == PR_StringToNetAddr(ss->url, &netAddr)) {
+            /* is an IP address (v4 or v6) */
+            return 0;
+        }
+        len = PORT_Strlen(ss->url);
+        if (append && maxBytes >= len + 9) {
+            /* extension_type */
+            rv = ssl3_ExtAppendHandshakeNumber(ss, ssl_server_name_xtn, 2);
+            if (rv != SECSuccess)
+                return -1;
+            /* length of extension_data */
+            rv = ssl3_ExtAppendHandshakeNumber(ss, len + 5, 2);
+            if (rv != SECSuccess)
+                return -1;
+            /* length of server_name_list */
+            rv = ssl3_ExtAppendHandshakeNumber(ss, len + 3, 2);
+            if (rv != SECSuccess)
+                return -1;
+            /* Name Type (sni_host_name) */
+            rv = ssl3_ExtAppendHandshake(ss, "\0", 1);
+            if (rv != SECSuccess)
+                return -1;
+            /* HostName (length and value) */
+            rv = ssl3_ExtAppendHandshakeVariable(ss, (PRUint8 *)ss->url, len, 2);
+            if (rv != SECSuccess)
+                return -1;
+            if (!ss->sec.isServer) {
+                xtnData->advertised[xtnData->numAdvertised++] =
+                    ssl_server_name_xtn;
+            }
+        }
+        return len + 9;
     }
-    /* HostName (length and value) */
-    rv = sslBuffer_AppendVariable(buf, (const PRUint8 *)ss->url, len, 2);
-    if (rv != SECSuccess) {
-        return SECFailure;
+    /* Server side */
+    if (append && maxBytes >= 4) {
+        rv = ssl3_ExtAppendHandshakeNumber(ss, ssl_server_name_xtn, 2);
+        if (rv != SECSuccess)
+            return -1;
+        /* length of extension_data */
+        rv = ssl3_ExtAppendHandshakeNumber(ss, 0, 2);
+        if (rv != SECSuccess)
+            return -1;
     }
-
-    *added = PR_TRUE;
-    return SECSuccess;
+    return 4;
 }
 
 /* Handle an incoming SNI extension. */
 SECStatus
-ssl3_HandleServerNameXtn(const sslSocket *ss, TLSExtensionData *xtnData,
-                         SECItem *data)
+ssl3_HandleServerNameXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRUint16 ex_type, SECItem *data)
 {
     SECItem *names = NULL;
     PRUint32 listLenBytes = 0;
@@ -171,54 +194,88 @@ ssl3_FreeSniNameArray(TLSExtensionData *xtnData)
  * sends an empty ticket.  Servers always send empty tickets.
  */
 PRInt32
-ssl3_ClientSendSessionTicketXtn(const sslSocket *ss, TLSExtensionData *xtnData,
-                                sslBuffer *buf, PRBool *added)
+ssl3_SendSessionTicketXtn(
+    const sslSocket *ss,
+    TLSExtensionData *xtnData,
+    PRBool append,
+    PRUint32 maxBytes)
 {
+    PRInt32 extension_length;
     NewSessionTicket *session_ticket = NULL;
     sslSessionID *sid = ss->sec.ci.sid;
-    SECStatus rv;
-
-    PORT_Assert(!ss->sec.isServer);
 
     /* Never send an extension with a ticket for TLS 1.3, but
      * OK to send the empty one in case the server does 1.2. */
     if (sid->cached == in_client_cache &&
         sid->version >= SSL_LIBRARY_VERSION_TLS_1_3) {
-        return SECSuccess;
+        return 0;
     }
 
     /* Ignore the SessionTicket extension if processing is disabled. */
-    if (!ss->opt.enableSessionTickets) {
-        return SECSuccess;
-    }
+    if (!ss->opt.enableSessionTickets)
+        return 0;
 
-    /* Send a session ticket if one is available.
-     *
-     * The caller must be holding sid->u.ssl3.lock for reading. We cannot
-     * just acquire and release the lock within this function because the
-     * caller will call this function twice, and we need the inputs to be
-     * consistent between the two calls. Note that currently the caller
-     * will only be holding the lock when we are the client and when we're
-     * attempting to resume an existing session.
+    /* Empty extension length = extension_type (2-bytes) +
+     * length(extension_data) (2-bytes)
      */
-    session_ticket = &sid->u.ssl3.locked.sessionTicket;
-    if (session_ticket->ticket.data &&
-        (xtnData->ticketTimestampVerified ||
-         ssl_TicketTimeValid(session_ticket))) {
+    extension_length = 4;
 
-        xtnData->ticketTimestampVerified = PR_FALSE;
+    /* If we are a client then send a session ticket if one is availble.
+     * Servers that support the extension and are willing to negotiate the
+     * the extension always respond with an empty extension.
+     */
+    if (!ss->sec.isServer) {
+        /* The caller must be holding sid->u.ssl3.lock for reading. We cannot
+         * just acquire and release the lock within this function because the
+         * caller will call this function twice, and we need the inputs to be
+         * consistent between the two calls. Note that currently the caller
+         * will only be holding the lock when we are the client and when we're
+         * attempting to resume an existing session.
+         */
 
-        rv = sslBuffer_Append(buf, session_ticket->ticket.data,
-                              session_ticket->ticket.len);
-        if (rv != SECSuccess) {
-            return SECFailure;
+        session_ticket = &sid->u.ssl3.locked.sessionTicket;
+        if (session_ticket->ticket.data) {
+            if (xtnData->ticketTimestampVerified) {
+                extension_length += session_ticket->ticket.len;
+            } else if (!append && ssl_TicketTimeValid(session_ticket)) {
+                extension_length += session_ticket->ticket.len;
+                xtnData->ticketTimestampVerified = PR_TRUE;
+            }
         }
+    }
 
-        xtnData->sentSessionTicketInClientHello = PR_TRUE;
+    if (maxBytes < (PRUint32)extension_length) {
+        PORT_Assert(0);
+        return 0;
     }
+    if (append) {
+        SECStatus rv;
+        /* extension_type */
+        rv = ssl3_ExtAppendHandshakeNumber(ss, ssl_session_ticket_xtn, 2);
+        if (rv != SECSuccess)
+            goto loser;
+        if (session_ticket && session_ticket->ticket.data &&
+            xtnData->ticketTimestampVerified) {
+            rv = ssl3_ExtAppendHandshakeVariable(ss, session_ticket->ticket.data,
+                                                 session_ticket->ticket.len, 2);
+            xtnData->ticketTimestampVerified = PR_FALSE;
+            xtnData->sentSessionTicketInClientHello = PR_TRUE;
+        } else {
+            rv = ssl3_ExtAppendHandshakeNumber(ss, 0, 2);
+        }
+        if (rv != SECSuccess)
+            goto loser;
 
-    *added = PR_TRUE;
-    return SECSuccess;
+        if (!ss->sec.isServer) {
+            xtnData->advertised[xtnData->numAdvertised++] =
+                ssl_session_ticket_xtn;
+        }
+    }
+    return extension_length;
+
+loser:
+    xtnData->ticketTimestampVerified = PR_FALSE;
+    return -1;
 }
 
 PRBool
@@ -244,18 +301,16 @@ ssl_AlpnTagAllowed(const sslSocket *ss, const SECItem *tag)
 
 /* handle an incoming Next Protocol Negotiation extension. */
 SECStatus
-ssl3_ServerHandleNextProtoNegoXtn(const sslSocket *ss, TLSExtensionData *xtnData,
+ssl3_ServerHandleNextProtoNegoXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRUint16 ex_type,
                                   SECItem *data)
 {
-    PORT_Assert(ss->version < SSL_LIBRARY_VERSION_TLS_1_3);
-
     if (ss->firstHsDone || data->len != 0) {
         /* Clients MUST send an empty NPN extension, if any. */
         PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
         return SECFailure;
     }
 
-    xtnData->negotiated[xtnData->numNegotiated++] = ssl_next_proto_nego_xtn;
+    xtnData->negotiated[xtnData->numNegotiated++] = ex_type;
 
     /* TODO: server side NPN support would require calling
      * ssl3_RegisterServerHelloExtensionSender here in order to echo the
@@ -289,7 +344,7 @@ ssl3_ValidateNextProtoNego(const unsigned char *data, unsigned int length)
 /* protocol selection handler for ALPN (server side) and NPN (client side) */
 static SECStatus
 ssl3_SelectAppProtocol(const sslSocket *ss, TLSExtensionData *xtnData,
-                       PRUint16 extension, SECItem *data)
+                       PRUint16 ex_type, SECItem *data)
 {
     SECStatus rv;
     unsigned char resultBuffer[255];
@@ -326,7 +381,7 @@ ssl3_SelectAppProtocol(const sslSocket *ss, TLSExtensionData *xtnData,
 
     SECITEM_FreeItem(&xtnData->nextProto, PR_FALSE);
 
-    if (extension == ssl_app_layer_protocol_xtn &&
+    if (ex_type == ssl_app_layer_protocol_xtn &&
         xtnData->nextProtoState != SSL_NEXT_PROTO_NEGOTIATED) {
         /* The callback might say OK, but then it picks a default value - one
          * that was not listed.  That's OK for NPN, but not ALPN. */
@@ -335,14 +390,13 @@ ssl3_SelectAppProtocol(const sslSocket *ss, TLSExtensionData *xtnData,
         return SECFailure;
     }
 
-    xtnData->negotiated[xtnData->numNegotiated++] = extension;
+    xtnData->negotiated[xtnData->numNegotiated++] = ex_type;
     return SECITEM_CopyItem(NULL, &xtnData->nextProto, &result);
 }
 
 /* handle an incoming ALPN extension at the server */
 SECStatus
-ssl3_ServerHandleAppProtoXtn(const sslSocket *ss, TLSExtensionData *xtnData,
-                             SECItem *data)
+ssl3_ServerHandleAppProtoXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRUint16 ex_type, SECItem *data)
 {
     PRUint32 count;
     SECStatus rv;
@@ -369,16 +423,15 @@ ssl3_ServerHandleAppProtoXtn(const sslSocket *ss, TLSExtensionData *xtnData,
         return SECSuccess;
     }
 
-    rv = ssl3_SelectAppProtocol(ss, xtnData, ssl_app_layer_protocol_xtn, data);
+    rv = ssl3_SelectAppProtocol(ss, xtnData, ex_type, data);
     if (rv != SECSuccess) {
         return rv;
     }
 
     /* prepare to send back a response, if we negotiated */
     if (xtnData->nextProtoState == SSL_NEXT_PROTO_NEGOTIATED) {
-        rv = ssl3_RegisterExtensionSender(ss, xtnData,
-                                          ssl_app_layer_protocol_xtn,
-                                          ssl3_ServerSendAppProtoXtn);
+        rv = ssl3_RegisterExtensionSender(
+            ss, xtnData, ex_type, ssl3_ServerSendAppProtoXtn);
         if (rv != SECSuccess) {
             ssl3_ExtSendAlert(ss, alert_fatal, internal_error);
             PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
@@ -389,10 +442,9 @@ ssl3_ServerHandleAppProtoXtn(const sslSocket *ss, TLSExtensionData *xtnData,
 }
 
 SECStatus
-ssl3_ClientHandleNextProtoNegoXtn(const sslSocket *ss, TLSExtensionData *xtnData,
+ssl3_ClientHandleNextProtoNegoXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRUint16 ex_type,
                                   SECItem *data)
 {
-    PORT_Assert(ss->version < SSL_LIBRARY_VERSION_TLS_1_3);
     PORT_Assert(!ss->firstHsDone);
 
     if (ssl3_ExtensionNegotiated(ss, ssl_app_layer_protocol_xtn)) {
@@ -418,12 +470,11 @@ ssl3_ClientHandleNextProtoNegoXtn(const sslSocket *ss, TLSExtensionData *xtnData
         return SECFailure;
     }
 
-    return ssl3_SelectAppProtocol(ss, xtnData, ssl_next_proto_nego_xtn, data);
+    return ssl3_SelectAppProtocol(ss, xtnData, ex_type, data);
 }
 
 SECStatus
-ssl3_ClientHandleAppProtoXtn(const sslSocket *ss, TLSExtensionData *xtnData,
-                             SECItem *data)
+ssl3_ClientHandleAppProtoXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRUint16 ex_type, SECItem *data)
 {
     SECStatus rv;
     PRUint32 list_len;
@@ -470,168 +521,265 @@ ssl3_ClientHandleAppProtoXtn(const sslSocket *ss, TLSExtensionData *xtnData,
 
     SECITEM_FreeItem(&xtnData->nextProto, PR_FALSE);
     xtnData->nextProtoState = SSL_NEXT_PROTO_SELECTED;
-    xtnData->negotiated[xtnData->numNegotiated++] = ssl_app_layer_protocol_xtn;
+    xtnData->negotiated[xtnData->numNegotiated++] = ex_type;
     return SECITEM_CopyItem(NULL, &xtnData->nextProto, &protocol_name);
 }
 
-SECStatus
-ssl3_ClientSendNextProtoNegoXtn(const sslSocket *ss, TLSExtensionData *xtnData,
-                                sslBuffer *buf, PRBool *added)
+PRInt32
+ssl3_ClientSendNextProtoNegoXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRBool append,
+                                PRUint32 maxBytes)
 {
+    PRInt32 extension_length;
+
     /* Renegotiations do not send this extension. */
     if (!ss->opt.enableNPN || !ss->nextProtoCallback || ss->firstHsDone) {
-        return SECSuccess;
+        return 0;
     }
 
-    *added = PR_TRUE;
-    return SECSuccess;
+    extension_length = 4;
+
+    if (maxBytes < (PRUint32)extension_length) {
+        return 0;
+    }
+    if (append) {
+        SECStatus rv;
+        rv = ssl3_ExtAppendHandshakeNumber(ss, ssl_next_proto_nego_xtn, 2);
+        if (rv != SECSuccess)
+            goto loser;
+        rv = ssl3_ExtAppendHandshakeNumber(ss, 0, 2);
+        if (rv != SECSuccess)
+            goto loser;
+        xtnData->advertised[xtnData->numAdvertised++] =
+            ssl_next_proto_nego_xtn;
+    }
+
+    return extension_length;
+
+loser:
+    return -1;
 }
 
-SECStatus
-ssl3_ClientSendAppProtoXtn(const sslSocket *ss, TLSExtensionData *xtnData,
-                           sslBuffer *buf, PRBool *added)
+PRInt32
+ssl3_ClientSendAppProtoXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRBool append, PRUint32 maxBytes)
 {
-    SECStatus rv;
-    const unsigned int len = ss->opt.nextProtoNego.len;
+    PRInt32 extension_length;
+    unsigned char *alpn_protos = NULL;
 
     /* Renegotiations do not send this extension. */
     if (!ss->opt.enableALPN || !ss->opt.nextProtoNego.data || ss->firstHsDone) {
-        return SECSuccess;
+        return 0;
     }
 
-    /* NPN requires that the client's fallback protocol is first in the
-     * list. However, ALPN sends protocols in preference order. So move the
-     * first protocol to the end of the list. */
+    extension_length = 2 /* extension type */ + 2 /* extension length */ +
+                       2 /* protocol name list length */ +
+                       ss->opt.nextProtoNego.len;
 
-    if (len > 0) {
-        /* Each protocol string is prefixed with a single byte length. */
-        unsigned int i;
+    if (maxBytes < (PRUint32)extension_length) {
+        return 0;
+    }
+    if (append) {
+        /* NPN requires that the client's fallback protocol is first in the
+         * list. However, ALPN sends protocols in preference order. So we
+         * allocate a buffer and move the first protocol to the end of the
+         * list. */
+        SECStatus rv;
+        const unsigned int len = ss->opt.nextProtoNego.len;
 
-        rv = sslBuffer_AppendNumber(buf, len, 2);
-        if (rv != SECSuccess) {
+        alpn_protos = PORT_Alloc(len);
+        if (alpn_protos == NULL) {
             return SECFailure;
         }
-
-        i = ss->opt.nextProtoNego.data[0] + 1;
-        if (i <= len) {
-            rv = sslBuffer_Append(buf, &ss->opt.nextProtoNego.data[i], len - i);
-            if (rv != SECSuccess) {
-                return SECFailure;
-            }
-            rv = sslBuffer_Append(buf, ss->opt.nextProtoNego.data, i);
-            if (rv != SECSuccess) {
-                return SECFailure;
-            }
-        } else {
-            /* This seems to be invalid data so we'll send as-is. */
-            rv = sslBuffer_Append(buf, ss->opt.nextProtoNego.data, len);
-            if (rv != SECSuccess) {
-                return SECFailure;
+        if (len > 0) {
+            /* Each protocol string is prefixed with a single byte length. */
+            unsigned int i = ss->opt.nextProtoNego.data[0] + 1;
+            if (i <= len) {
+                memcpy(alpn_protos, &ss->opt.nextProtoNego.data[i], len - i);
+                memcpy(alpn_protos + len - i, ss->opt.nextProtoNego.data, i);
+            } else {
+                /* This seems to be invalid data so we'll send as-is. */
+                memcpy(alpn_protos, ss->opt.nextProtoNego.data, len);
             }
         }
+
+        rv = ssl3_ExtAppendHandshakeNumber(ss, ssl_app_layer_protocol_xtn, 2);
+        if (rv != SECSuccess) {
+            goto loser;
+        }
+        rv = ssl3_ExtAppendHandshakeNumber(ss, extension_length - 4, 2);
+        if (rv != SECSuccess) {
+            goto loser;
+        }
+        rv = ssl3_ExtAppendHandshakeVariable(ss, alpn_protos, len, 2);
+        PORT_Free(alpn_protos);
+        alpn_protos = NULL;
+        if (rv != SECSuccess) {
+            goto loser;
+        }
+        xtnData->advertised[xtnData->numAdvertised++] =
+            ssl_app_layer_protocol_xtn;
     }
 
-    *added = PR_TRUE;
-    return SECSuccess;
+    return extension_length;
+
+loser:
+    if (alpn_protos) {
+        PORT_Free(alpn_protos);
+    }
+    return -1;
 }
 
-SECStatus
-ssl3_ServerSendAppProtoXtn(const sslSocket *ss, TLSExtensionData *xtnData,
-                           sslBuffer *buf, PRBool *added)
+PRInt32
+ssl3_ServerSendAppProtoXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRBool append, PRUint32 maxBytes)
 {
-    SECStatus rv;
+    PRInt32 extension_length;
 
-    /* We're in over our heads if any of these fail */
+    /* we're in over our heads if any of these fail */
     PORT_Assert(ss->opt.enableALPN);
     PORT_Assert(xtnData->nextProto.data);
     PORT_Assert(xtnData->nextProto.len > 0);
     PORT_Assert(xtnData->nextProtoState == SSL_NEXT_PROTO_NEGOTIATED);
     PORT_Assert(!ss->firstHsDone);
 
-    rv = sslBuffer_AppendNumber(buf, xtnData->nextProto.len + 1, 2);
-    if (rv != SECSuccess) {
-        return SECFailure;
+    extension_length = 2 /* extension type */ + 2 /* extension length */ +
+                       2 /* protocol name list */ + 1 /* name length */ +
+                       xtnData->nextProto.len;
+
+    if (maxBytes < (PRUint32)extension_length) {
+        return 0;
     }
-    rv = sslBuffer_AppendVariable(buf, xtnData->nextProto.data,
-                                  xtnData->nextProto.len, 1);
-    if (rv != SECSuccess) {
-        return SECFailure;
+    if (append) {
+        SECStatus rv;
+        rv = ssl3_ExtAppendHandshakeNumber(ss, ssl_app_layer_protocol_xtn, 2);
+        if (rv != SECSuccess) {
+            return -1;
+        }
+        rv = ssl3_ExtAppendHandshakeNumber(ss, extension_length - 4, 2);
+        if (rv != SECSuccess) {
+            return -1;
+        }
+        rv = ssl3_ExtAppendHandshakeNumber(ss, xtnData->nextProto.len + 1, 2);
+        if (rv != SECSuccess) {
+            return -1;
+        }
+        rv = ssl3_ExtAppendHandshakeVariable(ss, xtnData->nextProto.data,
+                                             xtnData->nextProto.len, 1);
+        if (rv != SECSuccess) {
+            return -1;
+        }
     }
 
-    *added = PR_TRUE;
-    return SECSuccess;
+    return extension_length;
 }
 
 SECStatus
-ssl3_ServerHandleStatusRequestXtn(const sslSocket *ss, TLSExtensionData *xtnData,
+ssl3_ServerHandleStatusRequestXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRUint16 ex_type,
                                   SECItem *data)
 {
-    sslExtensionBuilderFunc sender;
+    ssl3HelloExtensionSenderFunc sender;
 
     PORT_Assert(ss->sec.isServer);
 
     /* remember that we got this extension. */
-    xtnData->negotiated[xtnData->numNegotiated++] = ssl_cert_status_xtn;
+    xtnData->negotiated[xtnData->numNegotiated++] = ex_type;
 
     if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_3) {
         sender = tls13_ServerSendStatusRequestXtn;
     } else {
         sender = ssl3_ServerSendStatusRequestXtn;
     }
-    return ssl3_RegisterExtensionSender(ss, xtnData, ssl_cert_status_xtn, sender);
+    return ssl3_RegisterExtensionSender(ss, xtnData, ex_type, sender);
 }
 
-SECStatus
-ssl3_ServerSendStatusRequestXtn(const sslSocket *ss, TLSExtensionData *xtnData,
-                                sslBuffer *buf, PRBool *added)
+PRInt32
+ssl3_ServerSendStatusRequestXtn(
+    const sslSocket *ss,
+    TLSExtensionData *xtnData,
+    PRBool append,
+    PRUint32 maxBytes)
 {
+    PRInt32 extension_length;
     const sslServerCert *serverCert = ss->sec.serverCert;
+    SECStatus rv;
 
     if (!serverCert->certStatusArray ||
         !serverCert->certStatusArray->len) {
-        return SECSuccess;
+        return 0;
     }
 
-    *added = PR_TRUE;
-    return SECSuccess;
+    extension_length = 2 + 2;
+    if (maxBytes < (PRUint32)extension_length) {
+        return 0;
+    }
+    if (append) {
+        /* extension_type */
+        rv = ssl3_ExtAppendHandshakeNumber(ss, ssl_cert_status_xtn, 2);
+        if (rv != SECSuccess)
+            return -1;
+        /* length of extension_data */
+        rv = ssl3_ExtAppendHandshakeNumber(ss, 0, 2);
+        if (rv != SECSuccess)
+            return -1;
+        /* The certificate status data is sent in ssl3_SendCertificateStatus. */
+    }
+
+    return extension_length;
 }
 
 /* ssl3_ClientSendStatusRequestXtn builds the status_request extension on the
  * client side. See RFC 6066 section 8. */
-SECStatus
-ssl3_ClientSendStatusRequestXtn(const sslSocket *ss, TLSExtensionData *xtnData,
-                                sslBuffer *buf, PRBool *added)
+PRInt32
+ssl3_ClientSendStatusRequestXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRBool append,
+                                PRUint32 maxBytes)
 {
-    SECStatus rv;
+    PRInt32 extension_length;
 
-    if (!ss->opt.enableOCSPStapling) {
-        return SECSuccess;
-    }
+    if (!ss->opt.enableOCSPStapling)
+        return 0;
 
-    rv = sslBuffer_AppendNumber(buf, 1 /* status_type ocsp */, 1);
-    if (rv != SECSuccess) {
-        return SECFailure;
-    }
-    /* A zero length responder_id_list means that the responders are
-     * implicitly known to the server. */
-    rv = sslBuffer_AppendNumber(buf, 0, 2);
-    if (rv != SECSuccess) {
-        return SECFailure;
-    }
-    /* A zero length request_extensions means that there are no extensions.
-     * Specifically, we don't set the id-pkix-ocsp-nonce extension. This
-     * means that the server can replay a cached OCSP response to us. */
-    rv = sslBuffer_AppendNumber(buf, 0, 2);
-    if (rv != SECSuccess) {
-        return SECFailure;
+    /* extension_type (2-bytes) +
+     * length(extension_data) (2-bytes) +
+     * status_type (1) +
+     * responder_id_list length (2) +
+     * request_extensions length (2)
+     */
+    extension_length = 9;
+
+    if (maxBytes < (PRUint32)extension_length) {
+        PORT_Assert(0);
+        return 0;
     }
+    if (append) {
+        SECStatus rv;
 
-    *added = PR_TRUE;
-    return SECSuccess;
+        /* extension_type */
+        rv = ssl3_ExtAppendHandshakeNumber(ss, ssl_cert_status_xtn, 2);
+        if (rv != SECSuccess)
+            return -1;
+        rv = ssl3_ExtAppendHandshakeNumber(ss, extension_length - 4, 2);
+        if (rv != SECSuccess)
+            return -1;
+        rv = ssl3_ExtAppendHandshakeNumber(ss, 1 /* status_type ocsp */, 1);
+        if (rv != SECSuccess)
+            return -1;
+        /* A zero length responder_id_list means that the responders are
+         * implicitly known to the server. */
+        rv = ssl3_ExtAppendHandshakeNumber(ss, 0, 2);
+        if (rv != SECSuccess)
+            return -1;
+        /* A zero length request_extensions means that there are no extensions.
+         * Specifically, we don't set the id-pkix-ocsp-nonce extension. This
+         * means that the server can replay a cached OCSP response to us. */
+        rv = ssl3_ExtAppendHandshakeNumber(ss, 0, 2);
+        if (rv != SECSuccess)
+            return -1;
+
+        xtnData->advertised[xtnData->numAdvertised++] = ssl_cert_status_xtn;
+    }
+    return extension_length;
 }
 
 SECStatus
-ssl3_ClientHandleStatusRequestXtn(const sslSocket *ss, TLSExtensionData *xtnData,
+ssl3_ClientHandleStatusRequestXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRUint16 ex_type,
                                   SECItem *data)
 {
     /* In TLS 1.3, the extension carries the OCSP response. */
@@ -649,32 +797,36 @@ ssl3_ClientHandleStatusRequestXtn(const sslSocket *ss, TLSExtensionData *xtnData
     }
 
     /* Keep track of negotiated extensions. */
-    xtnData->negotiated[xtnData->numNegotiated++] = ssl_cert_status_xtn;
+    xtnData->negotiated[xtnData->numNegotiated++] = ex_type;
     return SECSuccess;
 }
 
 PRUint32 ssl_ticket_lifetime = 2 * 24 * 60 * 60; /* 2 days in seconds */
-#define TLS_EX_SESS_TICKET_VERSION (0x010a)
+#define TLS_EX_SESS_TICKET_VERSION (0x0105)
 
 /*
  * Called from ssl3_SendNewSessionTicket, tls13_SendNewSessionTicket
  */
 SECStatus
-ssl3_EncodeSessionTicket(sslSocket *ss, const NewSessionTicket *ticket,
-                         const PRUint8 *appToken, unsigned int appTokenLen,
-                         PK11SymKey *secret, SECItem *ticket_data)
+ssl3_EncodeSessionTicket(sslSocket *ss,
+                         const NewSessionTicket *ticket,
+                         SECItem *ticket_data)
 {
     SECStatus rv;
-    sslBuffer plaintext = SSL_BUFFER_EMPTY;
+    SECItem plaintext;
+    SECItem plaintext_item = { 0, NULL, 0 };
+    PRUint32 plaintext_length;
     SECItem ticket_buf = { 0, NULL, 0 };
-    sslSessionID sid;
+    PRBool ms_is_wrapped;
     unsigned char wrapped_ms[SSL3_MASTER_SECRET_LENGTH];
     SECItem ms_item = { 0, NULL, 0 };
-    PRTime now;
+    PRUint32 cert_length = 0;
+    PRUint32 now;
     SECItem *srvName = NULL;
-    CK_MECHANISM_TYPE msWrapMech;
+    CK_MECHANISM_TYPE msWrapMech = 0; /* dummy default value,
+                                          * must be >= 0 */
+    ssl3CipherSpec *spec;
     SECItem *alpnSelection = NULL;
-    PRUint32 ticketAgeBaseline;
 
     SSL_TRC(3, ("%d: SSL3[%d]: send session_ticket handshake",
                 SSL_GETPID(), ss->fd));
@@ -682,69 +834,107 @@ ssl3_EncodeSessionTicket(sslSocket *ss, const NewSessionTicket *ticket,
     PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
     PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
 
-    /* Extract the master secret wrapped. */
+    if (ss->opt.requestCertificate && ss->sec.ci.sid->peerCert) {
+        cert_length = 2 + ss->sec.ci.sid->peerCert->derCert.len;
+    }
 
-    PORT_Memset(&sid, 0, sizeof(sslSessionID));
+    if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_3) {
+        spec = ss->ssl3.cwSpec;
+    } else {
+        spec = ss->ssl3.pwSpec;
+    }
+    if (spec->msItem.len && spec->msItem.data) {
+        /* The master secret is available unwrapped. */
+        ms_item.data = spec->msItem.data;
+        ms_item.len = spec->msItem.len;
+        ms_is_wrapped = PR_FALSE;
+    } else {
+        /* Extract the master secret wrapped. */
+        sslSessionID sid;
+        PORT_Memset(&sid, 0, sizeof(sslSessionID));
 
-    PORT_Assert(secret);
-    rv = ssl3_CacheWrappedSecret(ss, &sid, secret);
-    if (rv == SECSuccess) {
-        if (sid.u.ssl3.keys.wrapped_master_secret_len > sizeof(wrapped_ms))
+        rv = ssl3_CacheWrappedMasterSecret(ss, &sid, spec);
+        if (rv == SECSuccess) {
+            if (sid.u.ssl3.keys.wrapped_master_secret_len > sizeof(wrapped_ms))
+                goto loser;
+            memcpy(wrapped_ms, sid.u.ssl3.keys.wrapped_master_secret,
+                   sid.u.ssl3.keys.wrapped_master_secret_len);
+            ms_item.data = wrapped_ms;
+            ms_item.len = sid.u.ssl3.keys.wrapped_master_secret_len;
+            msWrapMech = sid.u.ssl3.masterWrapMech;
+        } else {
+            /* TODO: else send an empty ticket. */
             goto loser;
-        memcpy(wrapped_ms, sid.u.ssl3.keys.wrapped_master_secret,
-               sid.u.ssl3.keys.wrapped_master_secret_len);
-        ms_item.data = wrapped_ms;
-        ms_item.len = sid.u.ssl3.keys.wrapped_master_secret_len;
-        msWrapMech = sid.u.ssl3.masterWrapMech;
-    } else {
-        /* TODO: else send an empty ticket. */
-        goto loser;
+        }
+        ms_is_wrapped = PR_TRUE;
     }
     /* Prep to send negotiated name */
     srvName = &ss->sec.ci.sid->u.ssl3.srvName;
 
+    PORT_Assert(ss->xtnData.nextProtoState == SSL_NEXT_PROTO_SELECTED ||
+                ss->xtnData.nextProtoState == SSL_NEXT_PROTO_NEGOTIATED ||
+                ss->xtnData.nextProto.len == 0);
+    alpnSelection = &ss->xtnData.nextProto;
+
+    plaintext_length =
+        sizeof(PRUint16)                       /* ticket version */
+        + sizeof(SSL3ProtocolVersion)          /* ssl_version */
+        + sizeof(ssl3CipherSuite)              /* ciphersuite */
+        + 1                                    /* compression */
+        + 10                                   /* cipher spec parameters */
+        + 1                                    /* certType arguments */
+        + 1                                    /* SessionTicket.ms_is_wrapped */
+        + 4                                    /* msWrapMech */
+        + 2                                    /* master_secret.length */
+        + ms_item.len                          /* master_secret */
+        + 1                                    /* client_auth_type */
+        + cert_length                          /* cert */
+        + 2 + srvName->len                     /* name len + length field */
+        + 1                                    /* extendedMasterSecretUsed */
+        + sizeof(ticket->ticket_lifetime_hint) /* ticket lifetime hint */
+        + sizeof(ticket->flags)                /* ticket flags */
+        + 1 + alpnSelection->len               /* alpn value + length field */
+        + 4;                                   /* maxEarlyData */
+
+    if (SECITEM_AllocItem(NULL, &plaintext_item, plaintext_length) == NULL)
+        goto loser;
+
+    plaintext = plaintext_item;
+
     /* ticket version */
-    rv = sslBuffer_AppendNumber(&plaintext, TLS_EX_SESS_TICKET_VERSION,
-                                sizeof(PRUint16));
+    rv = ssl3_AppendNumberToItem(&plaintext, TLS_EX_SESS_TICKET_VERSION,
+                                 sizeof(PRUint16));
     if (rv != SECSuccess)
         goto loser;
 
     /* ssl_version */
-    rv = sslBuffer_AppendNumber(&plaintext, ss->version,
-                                sizeof(SSL3ProtocolVersion));
+    rv = ssl3_AppendNumberToItem(&plaintext, ss->version,
+                                 sizeof(SSL3ProtocolVersion));
     if (rv != SECSuccess)
         goto loser;
 
     /* ciphersuite */
-    rv = sslBuffer_AppendNumber(&plaintext, ss->ssl3.hs.cipher_suite,
-                                sizeof(ssl3CipherSuite));
+    rv = ssl3_AppendNumberToItem(&plaintext, ss->ssl3.hs.cipher_suite,
+                                 sizeof(ssl3CipherSuite));
     if (rv != SECSuccess)
         goto loser;
 
-    /* cipher spec parameters */
-    rv = sslBuffer_AppendNumber(&plaintext, ss->sec.authType, 1);
+    /* compression */
+    rv = ssl3_AppendNumberToItem(&plaintext, ss->ssl3.hs.compression, 1);
     if (rv != SECSuccess)
         goto loser;
-    rv = sslBuffer_AppendNumber(&plaintext, ss->sec.authKeyBits, 4);
+
+    /* cipher spec parameters */
+    rv = ssl3_AppendNumberToItem(&plaintext, ss->sec.authType, 1);
     if (rv != SECSuccess)
         goto loser;
-    rv = sslBuffer_AppendNumber(&plaintext, ss->sec.keaType, 1);
+    rv = ssl3_AppendNumberToItem(&plaintext, ss->sec.authKeyBits, 4);
     if (rv != SECSuccess)
         goto loser;
-    rv = sslBuffer_AppendNumber(&plaintext, ss->sec.keaKeyBits, 4);
+    rv = ssl3_AppendNumberToItem(&plaintext, ss->sec.keaType, 1);
     if (rv != SECSuccess)
         goto loser;
-    if (ss->sec.keaGroup) {
-        rv = sslBuffer_AppendNumber(&plaintext, ss->sec.keaGroup->name, 4);
-        if (rv != SECSuccess)
-            goto loser;
-    } else {
-        /* No kea group. Write 0 as invalid value. */
-        rv = sslBuffer_AppendNumber(&plaintext, 0, 4);
-        if (rv != SECSuccess)
-            goto loser;
-    }
-    rv = sslBuffer_AppendNumber(&plaintext, ss->sec.signatureScheme, 4);
+    rv = ssl3_AppendNumberToItem(&plaintext, ss->sec.keaKeyBits, 4);
     if (rv != SECSuccess)
         goto loser;
 
@@ -755,120 +945,102 @@ ssl3_EncodeSessionTicket(sslSocket *ss, const NewSessionTicket *ticket,
         PORT_Assert(cert->namedCurve);
         /* EC curves only use the second of the two bytes. */
         PORT_Assert(cert->namedCurve->name < 256);
-        rv = sslBuffer_AppendNumber(&plaintext, cert->namedCurve->name, 1);
+        rv = ssl3_AppendNumberToItem(&plaintext, cert->namedCurve->name, 1);
     } else {
-        rv = sslBuffer_AppendNumber(&plaintext, 0, 1);
+        rv = ssl3_AppendNumberToItem(&plaintext, 0, 1);
     }
     if (rv != SECSuccess)
         goto loser;
 
     /* master_secret */
-    rv = sslBuffer_AppendNumber(&plaintext, msWrapMech, 4);
+    rv = ssl3_AppendNumberToItem(&plaintext, ms_is_wrapped, 1);
+    if (rv != SECSuccess)
+        goto loser;
+    rv = ssl3_AppendNumberToItem(&plaintext, msWrapMech, 4);
     if (rv != SECSuccess)
         goto loser;
-    rv = sslBuffer_AppendVariable(&plaintext, ms_item.data, ms_item.len, 2);
+    rv = ssl3_AppendNumberToItem(&plaintext, ms_item.len, 2);
+    if (rv != SECSuccess)
+        goto loser;
+    rv = ssl3_AppendToItem(&plaintext, ms_item.data, ms_item.len);
     if (rv != SECSuccess)
         goto loser;
 
     /* client identity */
     if (ss->opt.requestCertificate && ss->sec.ci.sid->peerCert) {
-        rv = sslBuffer_AppendNumber(&plaintext, CLIENT_AUTH_CERTIFICATE, 1);
+        rv = ssl3_AppendNumberToItem(&plaintext, CLIENT_AUTH_CERTIFICATE, 1);
+        if (rv != SECSuccess)
+            goto loser;
+        rv = ssl3_AppendNumberToItem(&plaintext,
+                                     ss->sec.ci.sid->peerCert->derCert.len, 2);
         if (rv != SECSuccess)
             goto loser;
-        rv = sslBuffer_AppendVariable(&plaintext,
-                                      ss->sec.ci.sid->peerCert->derCert.data,
-                                      ss->sec.ci.sid->peerCert->derCert.len, 2);
+        rv = ssl3_AppendToItem(&plaintext,
+                               ss->sec.ci.sid->peerCert->derCert.data,
+                               ss->sec.ci.sid->peerCert->derCert.len);
         if (rv != SECSuccess)
             goto loser;
     } else {
-        rv = sslBuffer_AppendNumber(&plaintext, 0, 1);
+        rv = ssl3_AppendNumberToItem(&plaintext, 0, 1);
         if (rv != SECSuccess)
             goto loser;
     }
 
     /* timestamp */
-    now = ssl_TimeUsec();
-    PORT_Assert(sizeof(now) == 8);
-    rv = sslBuffer_AppendNumber(&plaintext, now, 8);
+    now = ssl_Time();
+    rv = ssl3_AppendNumberToItem(&plaintext, now,
+                                 sizeof(ticket->ticket_lifetime_hint));
     if (rv != SECSuccess)
         goto loser;
 
     /* HostName (length and value) */
-    rv = sslBuffer_AppendVariable(&plaintext, srvName->data, srvName->len, 2);
+    rv = ssl3_AppendNumberToItem(&plaintext, srvName->len, 2);
     if (rv != SECSuccess)
         goto loser;
+    if (srvName->len) {
+        rv = ssl3_AppendToItem(&plaintext, srvName->data, srvName->len);
+        if (rv != SECSuccess)
+            goto loser;
+    }
 
     /* extendedMasterSecretUsed */
-    rv = sslBuffer_AppendNumber(
+    rv = ssl3_AppendNumberToItem(
         &plaintext, ss->sec.ci.sid->u.ssl3.keys.extendedMasterSecretUsed, 1);
     if (rv != SECSuccess)
         goto loser;
 
     /* Flags */
-    rv = sslBuffer_AppendNumber(&plaintext, ticket->flags,
-                                sizeof(ticket->flags));
+    rv = ssl3_AppendNumberToItem(&plaintext, ticket->flags,
+                                 sizeof(ticket->flags));
     if (rv != SECSuccess)
         goto loser;
 
     /* ALPN value. */
-    PORT_Assert(ss->xtnData.nextProtoState == SSL_NEXT_PROTO_SELECTED ||
-                ss->xtnData.nextProtoState == SSL_NEXT_PROTO_NEGOTIATED ||
-                ss->xtnData.nextProto.len == 0);
-    alpnSelection = &ss->xtnData.nextProto;
     PORT_Assert(alpnSelection->len < 256);
-    rv = sslBuffer_AppendVariable(&plaintext, alpnSelection->data,
-                                  alpnSelection->len, 1);
-    if (rv != SECSuccess)
-        goto loser;
-
-    rv = sslBuffer_AppendNumber(&plaintext, ssl_max_early_data_size, 4);
-    if (rv != SECSuccess)
-        goto loser;
-
-    /*
-     * We store this in the ticket:
-     *    ticket_age_baseline = 1rtt - ticket_age_add
-     *
-     * When the client resumes, it will provide:
-     *    obfuscated_age = ticket_age_client + ticket_age_add
-     *
-     * We expect to receive the ticket at:
-     *    ticket_create + 1rtt + ticket_age_server
-     *
-     * We calculate the client's estimate of this as:
-     *    ticket_create + ticket_age_baseline + obfuscated_age
-     *    = ticket_create + 1rtt + ticket_age_client
-     *
-     * This is compared to the expected time, which should differ only as a
-     * result of clock errors or errors in the RTT estimate.
-     */
-    ticketAgeBaseline = (ssl_TimeUsec() - ss->ssl3.hs.serverHelloTime) / PR_USEC_PER_MSEC;
-    ticketAgeBaseline -= ticket->ticket_age_add;
-    rv = sslBuffer_AppendNumber(&plaintext, ticketAgeBaseline, 4);
+    rv = ssl3_AppendNumberToItem(&plaintext, alpnSelection->len, 1);
     if (rv != SECSuccess)
         goto loser;
+    if (alpnSelection->len) {
+        rv = ssl3_AppendToItem(&plaintext, alpnSelection->data,
+                               alpnSelection->len);
+        if (rv != SECSuccess)
+            goto loser;
+    }
 
-    /* Application token */
-    rv = sslBuffer_AppendVariable(&plaintext, appToken, appTokenLen, 2);
+    rv = ssl3_AppendNumberToItem(&plaintext, ssl_max_early_data_size, 4);
     if (rv != SECSuccess)
         goto loser;
 
-    /* This really only happens if appTokenLen is too much, and that always
-     * comes from the using application. */
-    if (SSL_BUFFER_LEN(&plaintext) > 0xffff) {
-        PORT_SetError(SEC_ERROR_INVALID_ARGS);
-        goto loser;
-    }
+    /* Check that we are totally full. */
+    PORT_Assert(plaintext.len == 0);
 
-    ticket_buf.len = ssl_SelfEncryptGetProtectedSize(SSL_BUFFER_LEN(&plaintext));
-    PORT_Assert(ticket_buf.len > 0);
-    if (SECITEM_AllocItem(NULL, &ticket_buf, ticket_buf.len) == NULL) {
+    /* 128 just gives us enough room for overhead. */
+    if (SECITEM_AllocItem(NULL, &ticket_buf, plaintext_length + 128) == NULL) {
         goto loser;
     }
 
     /* Finally, encrypt the ticket. */
-    rv = ssl_SelfEncryptProtect(ss, SSL_BUFFER_BASE(&plaintext),
-                                SSL_BUFFER_LEN(&plaintext),
+    rv = ssl_SelfEncryptProtect(ss, plaintext_item.data, plaintext_item.len,
                                 ticket_buf.data, &ticket_buf.len, ticket_buf.len);
     if (rv != SECSuccess) {
         goto loser;
@@ -877,11 +1049,13 @@ ssl3_EncodeSessionTicket(sslSocket *ss, const NewSessionTicket *ticket,
     /* Give ownership of memory to caller. */
     *ticket_data = ticket_buf;
 
-    sslBuffer_Clear(&plaintext);
+    SECITEM_FreeItem(&plaintext_item, PR_FALSE);
     return SECSuccess;
 
 loser:
-    sslBuffer_Clear(&plaintext);
+    if (plaintext_item.data) {
+        SECITEM_FreeItem(&plaintext_item, PR_FALSE);
+    }
     if (ticket_buf.data) {
         SECITEM_FreeItem(&ticket_buf, PR_FALSE);
     }
@@ -893,22 +1067,18 @@ loser:
  * message is expected during the handshake.
  */
 SECStatus
-ssl3_ClientHandleSessionTicketXtn(const sslSocket *ss, TLSExtensionData *xtnData,
+ssl3_ClientHandleSessionTicketXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRUint16 ex_type,
                                   SECItem *data)
 {
-    PORT_Assert(ss->version < SSL_LIBRARY_VERSION_TLS_1_3);
-
     if (data->len != 0) {
         return SECSuccess; /* Ignore the extension. */
     }
 
     /* Keep track of negotiated extensions. */
-    xtnData->negotiated[xtnData->numNegotiated++] = ssl_session_ticket_xtn;
+    xtnData->negotiated[xtnData->numNegotiated++] = ex_type;
     return SECSuccess;
 }
 
-PR_STATIC_ASSERT((TLS_EX_SESS_TICKET_VERSION >> 8) == 1);
-
 static SECStatus
 ssl_ParseSessionTicket(sslSocket *ss, const SECItem *decryptedTicket,
                        SessionTicket *parsedTicket)
@@ -935,12 +1105,6 @@ ssl_ParseSessionTicket(sslSocket *ss, const SECItem *decryptedTicket,
         return SECFailure;
     }
 
-    /* All ticket versions start with 0x01, so check to see if this
-     * is a ticket or some other self-encrypted thing. */
-    if ((temp >> 8) != 1) {
-        PORT_SetError(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO);
-        return SECFailure;
-    }
     /* Skip the ticket if the version is wrong.  This won't result in a
      * handshake failure, just a failure to resume. */
     if (temp != TLS_EX_SESS_TICKET_VERSION) {
@@ -968,6 +1132,14 @@ ssl_ParseSessionTicket(sslSocket *ss, const SECItem *decryptedTicket,
     }
     parsedTicket->cipher_suite = (ssl3CipherSuite)temp;
 
+    /* Read compression_method. */
+    rv = ssl3_ExtConsumeHandshakeNumber(ss, &temp, 1, &buffer, &len);
+    if (rv != SECSuccess) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+    parsedTicket->compression_method = (SSLCompressionMethod)temp;
+
     /* Read cipher spec parameters. */
     rv = ssl3_ExtConsumeHandshakeNumber(ss, &temp, 1, &buffer, &len);
     if (rv != SECSuccess) {
@@ -993,18 +1165,6 @@ ssl_ParseSessionTicket(sslSocket *ss, const SECItem *decryptedTicket,
         return SECFailure;
     }
     parsedTicket->keaKeyBits = temp;
-    rv = ssl3_ExtConsumeHandshakeNumber(ss, &temp, 4, &buffer, &len);
-    if (rv != SECSuccess) {
-        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-        return SECFailure;
-    }
-    parsedTicket->originalKeaGroup = temp;
-    rv = ssl3_ExtConsumeHandshakeNumber(ss, &temp, 4, &buffer, &len);
-    if (rv != SECSuccess) {
-        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-        return SECFailure;
-    }
-    parsedTicket->signatureScheme = (SSLSignatureScheme)temp;
 
     /* Read the optional named curve. */
     rv = ssl3_ExtConsumeHandshakeNumber(ss, &temp, 1, &buffer, &len);
@@ -1025,6 +1185,14 @@ ssl_ParseSessionTicket(sslSocket *ss, const SECItem *decryptedTicket,
     }
 
     /* Read the master secret (and how it is wrapped). */
+    rv = ssl3_ExtConsumeHandshakeNumber(ss, &temp, 1, &buffer, &len);
+    if (rv != SECSuccess) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+    PORT_Assert(temp == PR_TRUE || temp == PR_FALSE);
+    parsedTicket->ms_is_wrapped = (PRBool)temp;
+
     rv = ssl3_ExtConsumeHandshakeNumber(ss, &temp, 4, &buffer, &len);
     if (rv != SECSuccess) {
         PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
@@ -1072,21 +1240,13 @@ ssl_ParseSessionTicket(sslSocket *ss, const SECItem *decryptedTicket,
             PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
             return SECFailure;
     }
-
-    /* Read timestamp.  This is a 64-bit value and
-     * ssl3_ExtConsumeHandshakeNumber only reads 32-bits at a time. */
-    rv = ssl3_ExtConsumeHandshakeNumber(ss, &temp, 4, &buffer, &len);
-    if (rv != SECSuccess) {
-        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-        return SECFailure;
-    }
-    parsedTicket->timestamp = (PRTime)temp << 32;
+    /* Read timestamp. */
     rv = ssl3_ExtConsumeHandshakeNumber(ss, &temp, 4, &buffer, &len);
     if (rv != SECSuccess) {
         PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
         return SECFailure;
     }
-    parsedTicket->timestamp |= (PRTime)temp;
+    parsedTicket->timestamp = temp;
 
     /* Read server name */
     rv = ssl3_ExtConsumeHandshakeVariable(ss, &parsedTicket->srvName, 2,
@@ -1127,20 +1287,6 @@ ssl_ParseSessionTicket(sslSocket *ss, const SECItem *decryptedTicket,
     }
     parsedTicket->maxEarlyData = temp;
 
-    rv = ssl3_ExtConsumeHandshakeNumber(ss, &temp, 4, &buffer, &len);
-    if (rv != SECSuccess) {
-        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-        return SECFailure;
-    }
-    parsedTicket->ticketAgeBaseline = temp;
-
-    rv = ssl3_ExtConsumeHandshakeVariable(ss, &parsedTicket->applicationToken,
-                                          2, &buffer, &len);
-    if (rv != SECSuccess) {
-        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-        return SECFailure;
-    }
-
 #ifndef UNSAFE_FUZZER_MODE
     /* Done parsing.  Check that all bytes have been consumed. */
     if (len != 0) {
@@ -1167,15 +1313,13 @@ ssl_CreateSIDFromTicket(sslSocket *ss, const SECItem *rawTicket,
 
     /* Copy over parameters. */
     sid->version = parsedTicket->ssl_version;
-    sid->creationTime = parsedTicket->timestamp;
     sid->u.ssl3.cipherSuite = parsedTicket->cipher_suite;
+    sid->u.ssl3.compression = parsedTicket->compression_method;
     sid->authType = parsedTicket->authType;
     sid->authKeyBits = parsedTicket->authKeyBits;
     sid->keaType = parsedTicket->keaType;
     sid->keaKeyBits = parsedTicket->keaKeyBits;
-    sid->keaGroup = parsedTicket->originalKeaGroup;
     sid->namedCurve = parsedTicket->namedCurve;
-    sid->sigScheme = parsedTicket->signatureScheme;
 
     rv = SECITEM_CopyItem(NULL, &sid->u.ssl3.locked.sessionTicket.ticket,
                           rawTicket);
@@ -1194,6 +1338,7 @@ ssl_CreateSIDFromTicket(sslSocket *ss, const SECItem *rawTicket,
                 parsedTicket->master_secret, parsedTicket->ms_length);
     sid->u.ssl3.keys.wrapped_master_secret_len = parsedTicket->ms_length;
     sid->u.ssl3.masterWrapMech = parsedTicket->msWrapMech;
+    sid->u.ssl3.keys.msIsWrapped = parsedTicket->ms_is_wrapped;
     sid->u.ssl3.masterValid = PR_TRUE;
     sid->u.ssl3.keys.resumable = PR_TRUE;
     sid->u.ssl3.keys.extendedMasterSecretUsed = parsedTicket->extendedMasterSecretUsed;
@@ -1236,12 +1381,10 @@ loser:
 
 /* Generic ticket processing code, common to all TLS versions. */
 SECStatus
-ssl3_ProcessSessionTicketCommon(sslSocket *ss, const SECItem *ticket,
-                                SECItem *appToken)
+ssl3_ProcessSessionTicketCommon(sslSocket *ss, SECItem *data)
 {
     SECItem decryptedTicket = { siBuffer, NULL, 0 };
     SessionTicket parsedTicket;
-    sslSessionID *sid = NULL;
     SECStatus rv;
 
     if (ss->sec.ci.sid != NULL) {
@@ -1250,12 +1393,12 @@ ssl3_ProcessSessionTicketCommon(sslSocket *ss, const SECItem *ticket,
         ss->sec.ci.sid = NULL;
     }
 
-    if (!SECITEM_AllocItem(NULL, &decryptedTicket, ticket->len)) {
+    if (!SECITEM_AllocItem(NULL, &decryptedTicket, data->len)) {
         return SECFailure;
     }
 
     /* Decrypt the ticket. */
-    rv = ssl_SelfEncryptUnprotect(ss, ticket->data, ticket->len,
+    rv = ssl_SelfEncryptUnprotect(ss, data->data, data->len,
                                   decryptedTicket.data,
                                   &decryptedTicket.len,
                                   decryptedTicket.len);
@@ -1285,28 +1428,16 @@ ssl3_ProcessSessionTicketCommon(sslSocket *ss, const SECItem *ticket,
     }
 
     /* Use the ticket if it is valid and unexpired. */
-    if (parsedTicket.timestamp + ssl_ticket_lifetime * PR_USEC_PER_SEC >
-        ssl_TimeUsec()) {
+    if (parsedTicket.valid &&
+        parsedTicket.timestamp + ssl_ticket_lifetime > ssl_Time()) {
+        sslSessionID *sid;
 
-        rv = ssl_CreateSIDFromTicket(ss, ticket, &parsedTicket, &sid);
+        rv = ssl_CreateSIDFromTicket(ss, data, &parsedTicket, &sid);
         if (rv != SECSuccess) {
             goto loser; /* code already set */
         }
-        if (appToken && parsedTicket.applicationToken.len) {
-            rv = SECITEM_CopyItem(NULL, appToken,
-                                  &parsedTicket.applicationToken);
-            if (rv != SECSuccess) {
-                goto loser; /* code already set */
-            }
-        }
-
         ss->statelessResume = PR_TRUE;
         ss->sec.ci.sid = sid;
-
-        /* We have the baseline value for the obfuscated ticket age here.  Save
-         * that in xtnData temporarily.  This value is updated in
-         * tls13_ServerHandlePreSharedKeyXtn with the final estimate. */
-        ss->xtnData.ticketAge = parsedTicket.ticketAgeBaseline;
     }
 
     SECITEM_ZfreeItem(&decryptedTicket, PR_FALSE);
@@ -1314,19 +1445,15 @@ ssl3_ProcessSessionTicketCommon(sslSocket *ss, const SECItem *ticket,
     return SECSuccess;
 
 loser:
-    if (sid) {
-        ssl_FreeSID(sid);
-    }
     SECITEM_ZfreeItem(&decryptedTicket, PR_FALSE);
     PORT_Memset(&parsedTicket, 0, sizeof(parsedTicket));
     return SECFailure;
 }
 
 SECStatus
-ssl3_ServerHandleSessionTicketXtn(const sslSocket *ss, TLSExtensionData *xtnData,
+ssl3_ServerHandleSessionTicketXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRUint16 ex_type,
                                   SECItem *data)
 {
-    PORT_Assert(ss->version < SSL_LIBRARY_VERSION_TLS_1_3);
 
     /* Ignore the SessionTicket extension if processing is disabled. */
     if (!ss->opt.enableSessionTickets) {
@@ -1339,7 +1466,7 @@ ssl3_ServerHandleSessionTicketXtn(const sslSocket *ss, TLSExtensionData *xtnData
     }
 
     /* Keep track of negotiated extensions. */
-    xtnData->negotiated[xtnData->numNegotiated++] = ssl_session_ticket_xtn;
+    xtnData->negotiated[xtnData->numNegotiated++] = ex_type;
 
     /* Parse the received ticket sent in by the client.  We are
      * lenient about some parse errors, falling back to a fullshake
@@ -1350,8 +1477,7 @@ ssl3_ServerHandleSessionTicketXtn(const sslSocket *ss, TLSExtensionData *xtnData
         return SECSuccess;
     }
 
-    return ssl3_ProcessSessionTicketCommon(CONST_CAST(sslSocket, ss), data,
-                                           NULL);
+    return ssl3_ProcessSessionTicketCommon(CONST_CAST(sslSocket, ss), data);
 }
 
 /* Extension format:
@@ -1361,45 +1487,60 @@ ssl3_ServerHandleSessionTicketXtn(const sslSocket *ss, TLSExtensionData *xtnData
  * Verify Data (TLS): 12 bytes (client) or 24 bytes (server)
  * Verify Data (SSL): 36 bytes (client) or 72 bytes (server)
  */
-SECStatus
-ssl3_SendRenegotiationInfoXtn(const sslSocket *ss, TLSExtensionData *xtnData,
-                              sslBuffer *buf, PRBool *added)
+PRInt32
+ssl3_SendRenegotiationInfoXtn(
+    const sslSocket *ss,
+    TLSExtensionData *xtnData,
+    PRBool append,
+    PRUint32 maxBytes)
 {
     PRInt32 len = 0;
-    SECStatus rv;
+    PRInt32 needed;
 
-    /* In RFC 5746, it is NOT RECOMMENDED to send both the SCSV and the empty
-     * RI, so when we send SCSV in the initial handshake, we don't also send RI.
+    /* In draft-ietf-tls-renegotiation-03, it is NOT RECOMMENDED to send
+     * both the SCSV and the empty RI, so when we send SCSV in
+     * the initial handshake, we don't also send RI.
      */
-    if (ss->ssl3.hs.sendingSCSV) {
+    if (!ss || ss->ssl3.hs.sendingSCSV)
         return 0;
-    }
     if (ss->firstHsDone) {
         len = ss->sec.isServer ? ss->ssl3.hs.finishedBytes * 2
                                : ss->ssl3.hs.finishedBytes;
     }
-
-    /* verify_Data from previous Finished message(s) */
-    rv = sslBuffer_AppendVariable(buf,
-                                  ss->ssl3.hs.finishedMsgs.data, len, 1);
-    if (rv != SECSuccess) {
-        return SECFailure;
+    needed = 5 + len;
+    if (maxBytes < (PRUint32)needed) {
+        return 0;
     }
-
-    *added = PR_TRUE;
-    return SECSuccess;
+    if (append) {
+        SECStatus rv;
+        /* extension_type */
+        rv = ssl3_ExtAppendHandshakeNumber(ss, ssl_renegotiation_info_xtn, 2);
+        if (rv != SECSuccess)
+            return -1;
+        /* length of extension_data */
+        rv = ssl3_ExtAppendHandshakeNumber(ss, len + 1, 2);
+        if (rv != SECSuccess)
+            return -1;
+        /* verify_Data from previous Finished message(s) */
+        rv = ssl3_ExtAppendHandshakeVariable(ss,
+                                             ss->ssl3.hs.finishedMsgs.data, len, 1);
+        if (rv != SECSuccess)
+            return -1;
+        if (!ss->sec.isServer) {
+            xtnData->advertised[xtnData->numAdvertised++] =
+                ssl_renegotiation_info_xtn;
+        }
+    }
+    return needed;
 }
 
 /* This function runs in both the client and server.  */
 SECStatus
-ssl3_HandleRenegotiationInfoXtn(const sslSocket *ss, TLSExtensionData *xtnData,
-                                SECItem *data)
+ssl3_HandleRenegotiationInfoXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRUint16 ex_type, SECItem *data)
 {
     SECStatus rv = SECSuccess;
     PRUint32 len = 0;
 
-    PORT_Assert(ss->version < SSL_LIBRARY_VERSION_TLS_1_3);
-
     if (ss->firstHsDone) {
         len = ss->sec.isServer ? ss->ssl3.hs.finishedBytes
                                : ss->ssl3.hs.finishedBytes * 2;
@@ -1417,78 +1558,97 @@ ssl3_HandleRenegotiationInfoXtn(const sslSocket *ss, TLSExtensionData *xtnData,
     /* remember that we got this extension and it was correct. */
     CONST_CAST(sslSocket, ss)
         ->peerRequestedProtection = 1;
-    xtnData->negotiated[xtnData->numNegotiated++] = ssl_renegotiation_info_xtn;
+    xtnData->negotiated[xtnData->numNegotiated++] = ex_type;
     if (ss->sec.isServer) {
         /* prepare to send back the appropriate response */
-        rv = ssl3_RegisterExtensionSender(ss, xtnData,
-                                          ssl_renegotiation_info_xtn,
+        rv = ssl3_RegisterExtensionSender(ss, xtnData, ex_type,
                                           ssl3_SendRenegotiationInfoXtn);
     }
     return rv;
 }
 
-SECStatus
-ssl3_ClientSendUseSRTPXtn(const sslSocket *ss, TLSExtensionData *xtnData,
-                          sslBuffer *buf, PRBool *added)
+PRInt32
+ssl3_ClientSendUseSRTPXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRBool append, PRUint32 maxBytes)
 {
-    unsigned int i;
+    PRUint32 ext_data_len;
+    PRInt16 i;
     SECStatus rv;
 
-    if (!IS_DTLS(ss) || !ss->ssl3.dtlsSRTPCipherCount) {
-        return SECSuccess; /* Not relevant */
-    }
+    if (!ss)
+        return 0;
 
-    /* Length of the SRTP cipher list */
-    rv = sslBuffer_AppendNumber(buf, 2 * ss->ssl3.dtlsSRTPCipherCount, 2);
-    if (rv != SECSuccess) {
-        return SECFailure;
-    }
-    /* The SRTP ciphers */
-    for (i = 0; i < ss->ssl3.dtlsSRTPCipherCount; i++) {
-        rv = sslBuffer_AppendNumber(buf, ss->ssl3.dtlsSRTPCiphers[i], 2);
-        if (rv != SECSuccess) {
-            return SECFailure;
+    if (!IS_DTLS(ss) || !ss->ssl3.dtlsSRTPCipherCount)
+        return 0; /* Not relevant */
+
+    ext_data_len = 2 + 2 * ss->ssl3.dtlsSRTPCipherCount + 1;
+
+    if (append && maxBytes >= 4 + ext_data_len) {
+        /* Extension type */
+        rv = ssl3_ExtAppendHandshakeNumber(ss, ssl_use_srtp_xtn, 2);
+        if (rv != SECSuccess)
+            return -1;
+        /* Length of extension data */
+        rv = ssl3_ExtAppendHandshakeNumber(ss, ext_data_len, 2);
+        if (rv != SECSuccess)
+            return -1;
+        /* Length of the SRTP cipher list */
+        rv = ssl3_ExtAppendHandshakeNumber(ss,
+                                           2 * ss->ssl3.dtlsSRTPCipherCount,
+                                           2);
+        if (rv != SECSuccess)
+            return -1;
+        /* The SRTP ciphers */
+        for (i = 0; i < ss->ssl3.dtlsSRTPCipherCount; i++) {
+            rv = ssl3_ExtAppendHandshakeNumber(ss,
+                                               ss->ssl3.dtlsSRTPCiphers[i],
+                                               2);
+            if (rv != SECSuccess)
+                return -1;
         }
-    }
-    /* Empty MKI value */
-    rv = sslBuffer_AppendNumber(buf, 0, 1);
-    if (rv != SECSuccess) {
-        return SECFailure;
+        /* Empty MKI value */
+        ssl3_ExtAppendHandshakeVariable(ss, NULL, 0, 1);
+
+        xtnData->advertised[xtnData->numAdvertised++] =
+            ssl_use_srtp_xtn;
     }
 
-    *added = PR_TRUE;
-    return SECSuccess;
+    return 4 + ext_data_len;
 }
 
-SECStatus
-ssl3_ServerSendUseSRTPXtn(const sslSocket *ss, TLSExtensionData *xtnData,
-                          sslBuffer *buf, PRBool *added)
+PRInt32
+ssl3_ServerSendUseSRTPXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRBool append, PRUint32 maxBytes)
 {
     SECStatus rv;
 
-    /* Length of the SRTP cipher list */
-    rv = sslBuffer_AppendNumber(buf, 2, 2);
-    if (rv != SECSuccess) {
-        return SECFailure;
+    /* Server side */
+    if (!append || maxBytes < 9) {
+        return 9;
     }
+
+    /* Extension type */
+    rv = ssl3_ExtAppendHandshakeNumber(ss, ssl_use_srtp_xtn, 2);
+    if (rv != SECSuccess)
+        return -1;
+    /* Length of extension data */
+    rv = ssl3_ExtAppendHandshakeNumber(ss, 5, 2);
+    if (rv != SECSuccess)
+        return -1;
+    /* Length of the SRTP cipher list */
+    rv = ssl3_ExtAppendHandshakeNumber(ss, 2, 2);
+    if (rv != SECSuccess)
+        return -1;
     /* The selected cipher */
-    rv = sslBuffer_AppendNumber(buf, xtnData->dtlsSRTPCipherSuite, 2);
-    if (rv != SECSuccess) {
-        return SECFailure;
-    }
+    rv = ssl3_ExtAppendHandshakeNumber(ss, xtnData->dtlsSRTPCipherSuite, 2);
+    if (rv != SECSuccess)
+        return -1;
     /* Empty MKI value */
-    rv = sslBuffer_AppendNumber(buf, 0, 1);
-    if (rv != SECSuccess) {
-        return SECFailure;
-    }
+    ssl3_ExtAppendHandshakeVariable(ss, NULL, 0, 1);
 
-    *added = PR_TRUE;
-    return SECSuccess;
+    return 9;
 }
 
 SECStatus
-ssl3_ClientHandleUseSRTPXtn(const sslSocket *ss, TLSExtensionData *xtnData,
-                            SECItem *data)
+ssl3_ClientHandleUseSRTPXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRUint16 ex_type, SECItem *data)
 {
     SECStatus rv;
     SECItem ciphers = { siBuffer, NULL, 0 };
@@ -1558,8 +1718,7 @@ ssl3_ClientHandleUseSRTPXtn(const sslSocket *ss, TLSExtensionData *xtnData,
 }
 
 SECStatus
-ssl3_ServerHandleUseSRTPXtn(const sslSocket *ss, TLSExtensionData *xtnData,
-                            SECItem *data)
+ssl3_ServerHandleUseSRTPXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRUint16 ex_type, SECItem *data)
 {
     SECStatus rv;
     SECItem ciphers = { siBuffer, NULL, 0 };
@@ -1630,12 +1789,11 @@ ssl3_ServerHandleUseSRTPXtn(const sslSocket *ss, TLSExtensionData *xtnData,
                                         ssl3_ServerSendUseSRTPXtn);
 }
 
-/* ssl3_HandleSigAlgsXtn handles the signature_algorithms extension from a
- * client.  In TLS 1.3, the client uses this to parse CertificateRequest
- * extensions.  See https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */
+/* ssl3_ServerHandleSigAlgsXtn handles the signature_algorithms extension
+ * from a client.
+ * See https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */
 SECStatus
-ssl3_HandleSigAlgsXtn(const sslSocket *ss, TLSExtensionData *xtnData,
-                      SECItem *data)
+ssl3_ServerHandleSigAlgsXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRUint16 ex_type, SECItem *data)
 {
     SECStatus rv;
 
@@ -1644,15 +1802,15 @@ ssl3_HandleSigAlgsXtn(const sslSocket *ss, TLSExtensionData *xtnData,
         return SECSuccess;
     }
 
-    if (xtnData->sigSchemes) {
-        PORT_Free(xtnData->sigSchemes);
-        xtnData->sigSchemes = NULL;
+    if (xtnData->clientSigSchemes) {
+        PORT_Free(xtnData->clientSigSchemes);
+        xtnData->clientSigSchemes = NULL;
     }
     rv = ssl_ParseSignatureSchemes(ss, NULL,
-                                   &xtnData->sigSchemes,
-                                   &xtnData->numSigSchemes,
+                                   &xtnData->clientSigSchemes,
+                                   &xtnData->numClientSigScheme,
                                    &data->data, &data->len);
-    if (rv != SECSuccess || xtnData->numSigSchemes == 0) {
+    if (rv != SECSuccess || xtnData->numClientSigScheme == 0) {
         ssl3_ExtSendAlert(ss, alert_fatal, decode_error);
         PORT_SetError(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO);
         return SECFailure;
@@ -1665,52 +1823,177 @@ ssl3_HandleSigAlgsXtn(const sslSocket *ss, TLSExtensionData *xtnData,
     }
 
     /* Keep track of negotiated extensions. */
-    xtnData->negotiated[xtnData->numNegotiated++] = ssl_signature_algorithms_xtn;
+    xtnData->negotiated[xtnData->numNegotiated++] = ex_type;
     return SECSuccess;
 }
 
 /* ssl3_ClientSendSigAlgsXtn sends the signature_algorithm extension for TLS
  * 1.2 ClientHellos. */
-SECStatus
-ssl3_SendSigAlgsXtn(const sslSocket *ss, TLSExtensionData *xtnData,
-                    sslBuffer *buf, PRBool *added)
+PRInt32
+ssl3_ClientSendSigAlgsXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRBool append, PRUint32 maxBytes)
 {
+    PRInt32 extension_length;
+    PRUint8 buf[MAX_SIGNATURE_SCHEMES * 2];
+    PRUint32 len;
     SECStatus rv;
 
     if (ss->vrange.max < SSL_LIBRARY_VERSION_TLS_1_2) {
-        return SECSuccess;
+        return 0;
     }
 
-    rv = ssl3_EncodeSigAlgs(ss, buf);
+    rv = ssl3_EncodeSigAlgs(ss, buf, sizeof(buf), &len);
     if (rv != SECSuccess) {
-        return SECFailure;
+        return -1;
     }
 
-    *added = PR_TRUE;
-    return SECSuccess;
+    extension_length =
+        2 /* extension type */ +
+        2 /* extension length */ +
+        2 /* supported_signature_algorithms length */ +
+        len;
+
+    if (maxBytes < extension_length) {
+        PORT_Assert(0);
+        return 0;
+    }
+
+    if (append) {
+        SECStatus rv;
+        rv = ssl3_ExtAppendHandshakeNumber(ss, ssl_signature_algorithms_xtn, 2);
+        if (rv != SECSuccess) {
+            return -1;
+        }
+        rv = ssl3_ExtAppendHandshakeNumber(ss, len + 2, 2);
+        if (rv != SECSuccess) {
+            return -1;
+        }
+
+        rv = ssl3_ExtAppendHandshakeVariable(ss, buf, len, 2);
+        if (rv != SECSuccess) {
+            return -1;
+        }
+
+        xtnData->advertised[xtnData->numAdvertised++] =
+            ssl_signature_algorithms_xtn;
+    }
+
+    return extension_length;
 }
 
-SECStatus
-ssl3_SendExtendedMasterSecretXtn(const sslSocket *ss, TLSExtensionData *xtnData,
-                                 sslBuffer *buf, PRBool *added)
+/* Takes the size of the ClientHello, less the record header, and determines how
+ * much padding is required. */
+void
+ssl3_CalculatePaddingExtLen(sslSocket *ss,
+                            unsigned int clientHelloLength)
+{
+    unsigned int recordLength = 1 /* handshake message type */ +
+                                3 /* handshake message length */ +
+                                clientHelloLength;
+    unsigned int extensionLen;
+
+    /* Don't pad for DTLS, for SSLv3, or for renegotiation. */
+    if (IS_DTLS(ss) ||
+        ss->vrange.max < SSL_LIBRARY_VERSION_TLS_1_0 ||
+        ss->firstHsDone) {
+        return;
+    }
+
+    /* A padding extension may be included to ensure that the record containing
+     * the ClientHello doesn't have a length between 256 and 511 bytes
+     * (inclusive). Initial ClientHello records with such lengths trigger bugs
+     * in F5 devices. */
+    if (recordLength < 256 || recordLength >= 512) {
+        return;
+    }
+
+    extensionLen = 512 - recordLength;
+    /* Extensions take at least four bytes to encode. Always include at least
+     * one byte of data if we are padding. Some servers will time out or
+     * terminate the connection if the last ClientHello extension is empty. */
+    if (extensionLen < 4 + 1) {
+        extensionLen = 4 + 1;
+    }
+
+    ss->xtnData.paddingLen = extensionLen - 4;
+}
+
+/* ssl3_SendPaddingExtension possibly adds an extension which ensures that a
+ * ClientHello record is either < 256 bytes or is >= 512 bytes. This ensures
+ * that we don't trigger bugs in F5 products. */
+PRInt32
+ssl3_ClientSendPaddingExtension(const sslSocket *ss, TLSExtensionData *xtnData,
+                                PRBool append, PRUint32 maxBytes)
+{
+    static unsigned char padding[252] = { 0 };
+    unsigned int extensionLen;
+    SECStatus rv;
+
+    /* On the length-calculation pass, report zero total length.  The record
+     * will be larger on the second pass if needed. */
+    if (!append || !xtnData->paddingLen) {
+        return 0;
+    }
+
+    extensionLen = xtnData->paddingLen + 4;
+    if (extensionLen > maxBytes ||
+        xtnData->paddingLen > sizeof(padding)) {
+        PORT_Assert(0);
+        return -1;
+    }
+
+    rv = ssl3_ExtAppendHandshakeNumber(ss, ssl_padding_xtn, 2);
+    if (rv != SECSuccess) {
+        return -1;
+    }
+    rv = ssl3_ExtAppendHandshakeVariable(ss, padding, xtnData->paddingLen, 2);
+    if (rv != SECSuccess) {
+        return -1;
+    }
+
+    return extensionLen;
+}
+
+PRInt32
+ssl3_SendExtendedMasterSecretXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRBool append,
+                                 PRUint32 maxBytes)
 {
+    PRInt32 extension_length;
+
     if (!ss->opt.enableExtendedMS) {
-        return SECSuccess;
+        return 0;
     }
 
     /* Always send the extension in this function, since the
      * client always sends it and this function is only called on
      * the server if we negotiated the extension. */
-    *added = PR_TRUE;
-    return SECSuccess;
+    extension_length = 4; /* Type + length (0) */
+    if (maxBytes < extension_length) {
+        PORT_Assert(0);
+        return 0;
+    }
+
+    if (append) {
+        SECStatus rv;
+        rv = ssl3_ExtAppendHandshakeNumber(ss, ssl_extended_master_secret_xtn, 2);
+        if (rv != SECSuccess)
+            goto loser;
+        rv = ssl3_ExtAppendHandshakeNumber(ss, 0, 2);
+        if (rv != SECSuccess)
+            goto loser;
+        xtnData->advertised[xtnData->numAdvertised++] =
+            ssl_extended_master_secret_xtn;
+    }
+
+    return extension_length;
+
+loser:
+    return -1;
 }
 
 SECStatus
-ssl3_HandleExtendedMasterSecretXtn(const sslSocket *ss, TLSExtensionData *xtnData,
+ssl3_HandleExtendedMasterSecretXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRUint16 ex_type,
                                    SECItem *data)
 {
-    PORT_Assert(ss->version < SSL_LIBRARY_VERSION_TLS_1_3);
-
     if (ss->version < SSL_LIBRARY_VERSION_TLS_1_0) {
         return SECSuccess;
     }
@@ -1730,34 +2013,54 @@ ssl3_HandleExtendedMasterSecretXtn(const sslSocket *ss, TLSExtensionData *xtnDat
              SSL_GETPID(), ss->fd));
 
     /* Keep track of negotiated extensions. */
-    xtnData->negotiated[xtnData->numNegotiated++] = ssl_extended_master_secret_xtn;
+    xtnData->negotiated[xtnData->numNegotiated++] = ex_type;
 
     if (ss->sec.isServer) {
-        return ssl3_RegisterExtensionSender(ss, xtnData,
-                                            ssl_extended_master_secret_xtn,
-                                            ssl_SendEmptyExtension);
+        return ssl3_RegisterExtensionSender(
+            ss, xtnData, ex_type, ssl3_SendExtendedMasterSecretXtn);
     }
     return SECSuccess;
 }
 
 /* ssl3_ClientSendSignedCertTimestampXtn sends the signed_certificate_timestamp
  * extension for TLS ClientHellos. */
-SECStatus
-ssl3_ClientSendSignedCertTimestampXtn(const sslSocket *ss,
-                                      TLSExtensionData *xtnData,
-                                      sslBuffer *buf, PRBool *added)
+PRInt32
+ssl3_ClientSendSignedCertTimestampXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRBool append,
+                                      PRUint32 maxBytes)
 {
+    PRInt32 extension_length = 2 /* extension_type */ +
+                               2 /* length(extension_data) */;
+
     /* Only send the extension if processing is enabled. */
-    if (!ss->opt.enableSignedCertTimestamps) {
-        return SECSuccess;
+    if (!ss->opt.enableSignedCertTimestamps)
+        return 0;
+
+    if (append && maxBytes >= extension_length) {
+        SECStatus rv;
+        /* extension_type */
+        rv = ssl3_ExtAppendHandshakeNumber(ss,
+                                           ssl_signed_cert_timestamp_xtn,
+                                           2);
+        if (rv != SECSuccess)
+            goto loser;
+        /* zero length */
+        rv = ssl3_ExtAppendHandshakeNumber(ss, 0, 2);
+        if (rv != SECSuccess)
+            goto loser;
+        xtnData->advertised[xtnData->numAdvertised++] =
+            ssl_signed_cert_timestamp_xtn;
+    } else if (maxBytes < extension_length) {
+        PORT_Assert(0);
+        return 0;
     }
 
-    *added = PR_TRUE;
-    return SECSuccess;
+    return extension_length;
+loser:
+    return -1;
 }
 
 SECStatus
-ssl3_ClientHandleSignedCertTimestampXtn(const sslSocket *ss, TLSExtensionData *xtnData,
+ssl3_ClientHandleSignedCertTimestampXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRUint16 ex_type,
                                         SECItem *data)
 {
     /* We do not yet know whether we'll be resuming a session or creating
@@ -1777,34 +2080,54 @@ ssl3_ClientHandleSignedCertTimestampXtn(const sslSocket *ss, TLSExtensionData *x
     }
     *scts = *data;
     /* Keep track of negotiated extensions. */
-    xtnData->negotiated[xtnData->numNegotiated++] = ssl_signed_cert_timestamp_xtn;
+    xtnData->negotiated[xtnData->numNegotiated++] = ex_type;
     return SECSuccess;
 }
 
-SECStatus
+PRInt32
 ssl3_ServerSendSignedCertTimestampXtn(const sslSocket *ss, TLSExtensionData *xtnData,
-                                      sslBuffer *buf, PRBool *added)
+                                      PRBool append,
+                                      PRUint32 maxBytes)
 {
+    PRInt32 extension_length;
     const SECItem *scts = &ss->sec.serverCert->signedCertTimestamps;
-    SECStatus rv;
 
     if (!scts->len) {
         /* No timestamps to send */
-        return SECSuccess;
+        return 0;
     }
 
-    rv = sslBuffer_Append(buf, scts->data, scts->len);
-    if (rv != SECSuccess) {
-        return SECFailure;
+    extension_length = 2 /* extension_type */ +
+                       2 /* length(extension_data) */ +
+                       scts->len;
+
+    if (maxBytes < extension_length) {
+        PORT_Assert(0);
+        return 0;
+    }
+    if (append) {
+        SECStatus rv;
+        /* extension_type */
+        rv = ssl3_ExtAppendHandshakeNumber(ss,
+                                           ssl_signed_cert_timestamp_xtn,
+                                           2);
+        if (rv != SECSuccess) {
+            return -1;
+        }
+        /* extension_data */
+        rv = ssl3_ExtAppendHandshakeVariable(ss, scts->data, scts->len, 2);
+        if (rv != SECSuccess) {
+            return -1;
+        }
     }
 
-    *added = PR_TRUE;
-    return SECSuccess;
+    return extension_length;
 }
 
 SECStatus
 ssl3_ServerHandleSignedCertTimestampXtn(const sslSocket *ss,
                                         TLSExtensionData *xtnData,
+                                        PRUint16 ex_type,
                                         SECItem *data)
 {
     if (data->len != 0) {
@@ -1813,25 +2136,22 @@ ssl3_ServerHandleSignedCertTimestampXtn(const sslSocket *ss,
         return SECFailure;
     }
 
-    xtnData->negotiated[xtnData->numNegotiated++] = ssl_signed_cert_timestamp_xtn;
+    xtnData->negotiated[xtnData->numNegotiated++] = ex_type;
     PORT_Assert(ss->sec.isServer);
-    return ssl3_RegisterExtensionSender(ss, xtnData,
-                                        ssl_signed_cert_timestamp_xtn,
-                                        ssl3_ServerSendSignedCertTimestampXtn);
+    return ssl3_RegisterExtensionSender(
+        ss, xtnData, ex_type, ssl3_ServerSendSignedCertTimestampXtn);
 }
 
 /* Just make sure that the remote client supports uncompressed points,
  * Since that is all we support.  Disable ECC cipher suites if it doesn't.
  */
 SECStatus
-ssl3_HandleSupportedPointFormatsXtn(const sslSocket *ss,
-                                    TLSExtensionData *xtnData,
+ssl3_HandleSupportedPointFormatsXtn(const sslSocket *ss, TLSExtensionData *xtnData,
+                                    PRUint16 ex_type,
                                     SECItem *data)
 {
     int i;
 
-    PORT_Assert(ss->version < SSL_LIBRARY_VERSION_TLS_1_3);
-
     if (data->len < 2 || data->len > 255 || !data->data ||
         data->len != (unsigned int)data->data[0] + 1) {
         ssl3_ExtDecodeError(ss);
@@ -1840,9 +2160,10 @@ ssl3_HandleSupportedPointFormatsXtn(const sslSocket *ss,
     for (i = data->len; --i > 0;) {
         if (data->data[i] == 0) {
             /* indicate that we should send a reply */
-            return ssl3_RegisterExtensionSender(
-                ss, xtnData, ssl_ec_point_formats_xtn,
-                &ssl3_SendSupportedPointFormatsXtn);
+            SECStatus rv;
+            rv = ssl3_RegisterExtensionSender(ss, xtnData, ex_type,
+                                              &ssl3_SendSupportedPointFormatsXtn);
+            return rv;
         }
     }
 
@@ -1927,7 +2248,7 @@ ssl_UpdateSupportedGroups(sslSocket *ss, SECItem *data)
  */
 SECStatus
 ssl_HandleSupportedGroupsXtn(const sslSocket *ss, TLSExtensionData *xtnData,
-                             SECItem *data)
+                             PRUint16 ex_type, SECItem *data)
 {
     SECStatus rv;
 
@@ -1937,7 +2258,7 @@ ssl_HandleSupportedGroupsXtn(const sslSocket *ss, TLSExtensionData *xtnData,
 
     /* TLS 1.3 permits the server to send this extension so make it so. */
     if (ss->sec.isServer && ss->version >= SSL_LIBRARY_VERSION_TLS_1_3) {
-        rv = ssl3_RegisterExtensionSender(ss, xtnData, ssl_supported_groups_xtn,
+        rv = ssl3_RegisterExtensionSender(ss, xtnData, ex_type,
                                           &ssl_SendSupportedGroupsXtn);
         if (rv != SECSuccess) {
             return SECFailure; /* error already set. */
@@ -1945,7 +2266,7 @@ ssl_HandleSupportedGroupsXtn(const sslSocket *ss, TLSExtensionData *xtnData,
     }
 
     /* Remember that we negotiated this extension. */
-    xtnData->negotiated[xtnData->numNegotiated++] = ssl_supported_groups_xtn;
+    xtnData->negotiated[xtnData->numNegotiated++] = ex_type;
 
     return SECSuccess;
 }
diff --git a/security/nss/lib/ssl/ssl3exthandle.h b/security/nss/lib/ssl/ssl3exthandle.h
index b84bd074c..5fdbe9053 100644
--- a/security/nss/lib/ssl/ssl3exthandle.h
+++ b/security/nss/lib/ssl/ssl3exthandle.h
@@ -9,114 +9,90 @@
 #ifndef __ssl3exthandle_h_
 #define __ssl3exthandle_h_
 
-#include "sslencode.h"
-
-SECStatus ssl3_SendRenegotiationInfoXtn(const sslSocket *ss,
-                                        TLSExtensionData *xtnData,
-                                        sslBuffer *buf, PRBool *added);
-SECStatus ssl3_HandleRenegotiationInfoXtn(const sslSocket *ss,
-                                          TLSExtensionData *xtnData,
-                                          SECItem *data);
-SECStatus ssl3_ClientHandleNextProtoNegoXtn(const sslSocket *ss,
-                                            TLSExtensionData *xtnData,
-                                            SECItem *data);
-SECStatus ssl3_ClientHandleAppProtoXtn(const sslSocket *ss,
-                                       TLSExtensionData *xtnData,
-                                       SECItem *data);
-SECStatus ssl3_ServerHandleNextProtoNegoXtn(const sslSocket *ss,
-                                            TLSExtensionData *xtnData,
-                                            SECItem *data);
-SECStatus ssl3_ServerHandleAppProtoXtn(const sslSocket *ss,
-                                       TLSExtensionData *xtnData,
+PRInt32 ssl3_SendRenegotiationInfoXtn(const sslSocket *ss, TLSExtensionData *xtnData,
+                                      PRBool append, PRUint32 maxBytes);
+SECStatus ssl3_HandleRenegotiationInfoXtn(const sslSocket *ss, TLSExtensionData *xtnData,
+                                          PRUint16 ex_type, SECItem *data);
+SECStatus ssl3_ClientHandleNextProtoNegoXtn(const sslSocket *ss, TLSExtensionData *xtnData,
+                                            PRUint16 ex_type, SECItem *data);
+SECStatus ssl3_ClientHandleAppProtoXtn(const sslSocket *ss, TLSExtensionData *xtnData,
+                                       PRUint16 ex_type, SECItem *data);
+SECStatus ssl3_ServerHandleNextProtoNegoXtn(const sslSocket *ss, TLSExtensionData *xtnData,
+                                            PRUint16 ex_type, SECItem *data);
+SECStatus ssl3_ServerHandleAppProtoXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRUint16 ex_type,
                                        SECItem *data);
-SECStatus ssl3_ClientSendNextProtoNegoXtn(const sslSocket *ss,
-                                          TLSExtensionData *xtnData,
-                                          sslBuffer *buf, PRBool *added);
-SECStatus ssl3_ClientSendAppProtoXtn(const sslSocket *ss,
-                                     TLSExtensionData *xtnData,
-                                     sslBuffer *buf, PRBool *added);
-SECStatus ssl3_ServerSendAppProtoXtn(const sslSocket *ss,
-                                     TLSExtensionData *xtnData,
-                                     sslBuffer *buf, PRBool *added);
-SECStatus ssl3_ClientSendUseSRTPXtn(const sslSocket *ss,
-                                    TLSExtensionData *xtnData,
-                                    sslBuffer *buf, PRBool *added);
-SECStatus ssl3_ServerSendUseSRTPXtn(const sslSocket *ss,
-                                    TLSExtensionData *xtnData,
-                                    sslBuffer *buf, PRBool *added);
-SECStatus ssl3_ClientHandleUseSRTPXtn(const sslSocket *ss,
-                                      TLSExtensionData *xtnData,
+PRInt32 ssl3_ClientSendNextProtoNegoXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRBool append,
+                                        PRUint32 maxBytes);
+PRInt32 ssl3_ClientSendAppProtoXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRBool append,
+                                   PRUint32 maxBytes);
+PRInt32 ssl3_ServerSendAppProtoXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRBool append,
+                                   PRUint32 maxBytes);
+PRInt32 ssl3_ClientSendUseSRTPXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRBool append,
+                                  PRUint32 maxBytes);
+PRInt32 ssl3_ServerSendUseSRTPXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRBool append,
+                                  PRUint32 maxBytes);
+SECStatus ssl3_ClientHandleUseSRTPXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRUint16 ex_type,
                                       SECItem *data);
-SECStatus ssl3_ServerHandleUseSRTPXtn(const sslSocket *ss,
-                                      TLSExtensionData *xtnData,
+SECStatus ssl3_ServerHandleUseSRTPXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRUint16 ex_type,
                                       SECItem *data);
-SECStatus ssl3_ServerSendStatusRequestXtn(const sslSocket *ss,
-                                          TLSExtensionData *xtnData,
-                                          sslBuffer *buf, PRBool *added);
-SECStatus ssl3_ServerHandleStatusRequestXtn(const sslSocket *ss,
-                                            TLSExtensionData *xtnData,
-                                            SECItem *data);
-SECStatus ssl3_ClientHandleStatusRequestXtn(const sslSocket *ss,
-                                            TLSExtensionData *xtnData,
+PRInt32 ssl3_ServerSendStatusRequestXtn(const sslSocket *ss, TLSExtensionData *xtnData,
+                                        PRBool append, PRUint32 maxBytes);
+SECStatus ssl3_ServerHandleStatusRequestXtn(const sslSocket *ss, TLSExtensionData *xtnData,
+                                            PRUint16 ex_type, SECItem *data);
+SECStatus ssl3_ClientHandleStatusRequestXtn(const sslSocket *ss, TLSExtensionData *xtnData,
+                                            PRUint16 ex_type,
                                             SECItem *data);
-SECStatus ssl3_ClientSendStatusRequestXtn(const sslSocket *ss,
-                                          TLSExtensionData *xtnData,
-                                          sslBuffer *buf, PRBool *added);
-SECStatus ssl3_SendSigAlgsXtn(const sslSocket *ss, TLSExtensionData *xtnData,
-                              sslBuffer *buf, PRBool *added);
-SECStatus ssl3_HandleSigAlgsXtn(const sslSocket *ss, TLSExtensionData *xtnData,
-                                SECItem *data);
+PRInt32 ssl3_ClientSendStatusRequestXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRBool append,
+                                        PRUint32 maxBytes);
+PRInt32 ssl3_ClientSendSigAlgsXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRBool append,
+                                  PRUint32 maxBytes);
+SECStatus ssl3_ServerHandleSigAlgsXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRUint16 ex_type,
+                                      SECItem *data);
 
-SECStatus ssl3_ClientSendPaddingExtension(const sslSocket *ss,
-                                          TLSExtensionData *xtnData,
-                                          sslBuffer *buf, PRBool *added);
+PRInt32 ssl3_ClientSendPaddingExtension(const sslSocket *ss, TLSExtensionData *xtnData,
+                                        PRBool append, PRUint32 maxBytes);
 
-SECStatus ssl3_ClientSendSignedCertTimestampXtn(const sslSocket *ss,
-                                                TLSExtensionData *xtnData,
-                                                sslBuffer *buf, PRBool *added);
-SECStatus ssl3_ClientHandleSignedCertTimestampXtn(const sslSocket *ss,
-                                                  TLSExtensionData *xtnData,
+PRInt32 ssl3_ClientSendSignedCertTimestampXtn(const sslSocket *ss, TLSExtensionData *xtnData,
+                                              PRBool append,
+                                              PRUint32 maxBytes);
+SECStatus ssl3_ClientHandleSignedCertTimestampXtn(const sslSocket *ss, TLSExtensionData *xtnData,
+                                                  PRUint16 ex_type,
                                                   SECItem *data);
-SECStatus ssl3_ServerSendSignedCertTimestampXtn(const sslSocket *ss,
-                                                TLSExtensionData *xtnData,
-                                                sslBuffer *buf, PRBool *added);
-SECStatus ssl3_ServerHandleSignedCertTimestampXtn(const sslSocket *ss,
-                                                  TLSExtensionData *xtnData,
+PRInt32 ssl3_ServerSendSignedCertTimestampXtn(const sslSocket *ss, TLSExtensionData *xtnData,
+                                              PRBool append,
+                                              PRUint32 maxBytes);
+SECStatus ssl3_ServerHandleSignedCertTimestampXtn(const sslSocket *ss, TLSExtensionData *xtnData,
+                                                  PRUint16 ex_type,
                                                   SECItem *data);
-SECStatus ssl3_SendExtendedMasterSecretXtn(const sslSocket *ss,
-                                           TLSExtensionData *xtnData,
-                                           sslBuffer *buf, PRBool *added);
-SECStatus ssl3_HandleExtendedMasterSecretXtn(const sslSocket *ss,
-                                             TLSExtensionData *xtnData,
+PRInt32 ssl3_SendExtendedMasterSecretXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRBool append,
+                                         PRUint32 maxBytes);
+SECStatus ssl3_HandleExtendedMasterSecretXtn(const sslSocket *ss, TLSExtensionData *xtnData,
+                                             PRUint16 ex_type,
                                              SECItem *data);
-SECStatus ssl3_ProcessSessionTicketCommon(sslSocket *ss, const SECItem *ticket,
-                                          /* out */ SECItem *appToken);
-SECStatus ssl3_ClientSendServerNameXtn(const sslSocket *ss,
-                                       TLSExtensionData *xtnData,
-                                       sslBuffer *buf, PRBool *added);
-SECStatus ssl3_HandleServerNameXtn(const sslSocket *ss,
+SECStatus ssl3_ProcessSessionTicketCommon(sslSocket *ss, SECItem *data);
+PRInt32 ssl3_SendServerNameXtn(const sslSocket *ss,
+                               TLSExtensionData *xtnData,
+                               PRBool append,
+                               PRUint32 maxBytes);
+SECStatus ssl3_HandleServerNameXtn(const sslSocket *ss, TLSExtensionData *xtnData,
+                                   PRUint16 ex_type, SECItem *data);
+SECStatus ssl_HandleSupportedGroupsXtn(const sslSocket *ss, TLSExtensionData *xtnData,
+                                       PRUint16 ex_type, SECItem *data);
+SECStatus ssl3_HandleSupportedPointFormatsXtn(const sslSocket *ss, TLSExtensionData *xtnData,
+                                              PRUint16 ex_type, SECItem *data);
+SECStatus ssl3_ClientHandleSessionTicketXtn(const sslSocket *ss, TLSExtensionData *xtnData,
+                                            PRUint16 ex_type, SECItem *data);
+SECStatus ssl3_ServerHandleSessionTicketXtn(const sslSocket *ss, TLSExtensionData *xtnData,
+                                            PRUint16 ex_type, SECItem *data);
+PRInt32 ssl3_SendSessionTicketXtn(const sslSocket *ss,
+                                  TLSExtensionData *xtnData,
+                                  PRBool append,
+                                  PRUint32 maxBytes);
+
+PRInt32 ssl_SendSupportedGroupsXtn(const sslSocket *ss,
                                    TLSExtensionData *xtnData,
-                                   SECItem *data);
-SECStatus ssl_HandleSupportedGroupsXtn(const sslSocket *ss,
-                                       TLSExtensionData *xtnData,
-                                       SECItem *data);
-SECStatus ssl3_HandleSupportedPointFormatsXtn(const sslSocket *ss,
-                                              TLSExtensionData *xtnData,
-                                              SECItem *data);
-SECStatus ssl3_ClientHandleSessionTicketXtn(const sslSocket *ss,
-                                            TLSExtensionData *xtnData,
-                                            SECItem *data);
-SECStatus ssl3_ServerHandleSessionTicketXtn(const sslSocket *ss,
-                                            TLSExtensionData *xtnData,
-                                            SECItem *data);
-SECStatus ssl3_ClientSendSessionTicketXtn(const sslSocket *ss,
+                                   PRBool append, PRUint32 maxBytes);
+PRInt32 ssl3_SendSupportedPointFormatsXtn(const sslSocket *ss,
                                           TLSExtensionData *xtnData,
-                                          sslBuffer *buf, PRBool *added);
-
-SECStatus ssl_SendSupportedGroupsXtn(const sslSocket *ss,
-                                     TLSExtensionData *xtnData,
-                                     sslBuffer *buf, PRBool *added);
-SECStatus ssl3_SendSupportedPointFormatsXtn(const sslSocket *ss,
-                                            TLSExtensionData *xtnData,
-                                            sslBuffer *buf, PRBool *added);
+                                          PRBool append, PRUint32 maxBytes);
 #endif
diff --git a/security/nss/lib/ssl/ssl3gthr.c b/security/nss/lib/ssl/ssl3gthr.c
index 20404f4da..cf6f4cb33 100644
--- a/security/nss/lib/ssl/ssl3gthr.c
+++ b/security/nss/lib/ssl/ssl3gthr.c
@@ -1,4 +1,3 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
 /*
  * Gather (Read) entire SSL3 records from socket into buffer.
  *
@@ -99,7 +98,7 @@ ssl3_GatherData(sslSocket *ss, sslGather *gs, int flags, ssl2Gather *ssl2gs)
     PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
     if (gs->state == GS_INIT) {
         gs->state = GS_HEADER;
-        gs->remainder = 5;
+        gs->remainder = ss->ssl3.hs.shortHeaders ? 2 : 5;
         gs->offset = 0;
         gs->writeOffset = 0;
         gs->readOffset = 0;
@@ -157,7 +156,19 @@ ssl3_GatherData(sslSocket *ss, sslGather *gs, int flags, ssl2Gather *ssl2gs)
                     /* Should have a non-SSLv2 record header in gs->hdr. Extract
                      * the length of the following encrypted data, and then
                      * read in the rest of the record into gs->inbuf. */
-                    gs->remainder = (gs->hdr[3] << 8) | gs->hdr[4];
+                    if (ss->ssl3.hs.shortHeaders) {
+                        PRUint16 len = (gs->hdr[0] << 8) | gs->hdr[1];
+                        if (!(len & 0x8000)) {
+                            SSL_DBG(("%d: SSL3[%d]: incorrectly formatted header"));
+                            SSL3_SendAlert(ss, alert_fatal, illegal_parameter);
+                            gs->state = GS_INIT;
+                            PORT_SetError(SSL_ERROR_BAD_MAC_READ);
+                            return SECFailure;
+                        }
+                        gs->remainder = len & ~0x8000;
+                    } else {
+                        gs->remainder = (gs->hdr[3] << 8) | gs->hdr[4];
+                    }
                 } else {
                     /* Probably an SSLv2 record header. No need to handle any
                      * security escapes (gs->hdr[0] & 0x40) as we wouldn't get
@@ -350,9 +361,6 @@ dtls_GatherData(sslSocket *ss, sslGather *gs, int flags)
         }
     }
 
-    SSL_TRC(20, ("%d: SSL3[%d]: dtls gathered record type=%d len=%d",
-                 SSL_GETPID(), ss->fd, gs->hdr[0], gs->inbuf.len));
-
     memcpy(gs->inbuf.buf, gs->dtlsPacket.buf + gs->dtlsPacketOffset,
            gs->remainder);
     gs->inbuf.len = gs->remainder;
@@ -386,8 +394,7 @@ ssl3_GatherCompleteHandshake(sslSocket *ss, int flags)
     SSL3Ciphertext cText;
     PRBool keepGoing = PR_TRUE;
 
-    SSL_TRC(30, ("%d: SSL3[%d]: ssl3_GatherCompleteHandshake",
-                 SSL_GETPID(), ss->fd));
+    SSL_TRC(30, ("ssl3_GatherCompleteHandshake"));
 
     /* ssl3_HandleRecord may end up eventually calling ssl_FinishHandshake,
      * which requires the 1stHandshakeLock, which must be acquired before the
@@ -398,12 +405,9 @@ ssl3_GatherCompleteHandshake(sslSocket *ss, int flags)
 
     do {
         PRBool handleRecordNow = PR_FALSE;
-        PRBool processingEarlyData;
 
         ssl_GetSSL3HandshakeLock(ss);
 
-        processingEarlyData = ss->ssl3.hs.zeroRttState == ssl_0rtt_accepted;
-
         /* Without this, we may end up wrongly reporting
          * SSL_ERROR_RX_UNEXPECTED_* errors if we receive any records from the
          * peer while we are waiting to be restarted.
@@ -489,12 +493,18 @@ ssl3_GatherCompleteHandshake(sslSocket *ss, int flags)
                  * If it's a change cipher spec, alert, or handshake message,
                  * ss->gs.buf.len will be 0 when ssl3_HandleRecord returns SECSuccess.
                  */
-                cText.type = (SSL3ContentType)ss->gs.hdr[0];
-                cText.version = (ss->gs.hdr[1] << 8) | ss->gs.hdr[2];
+                if (ss->ssl3.hs.shortHeaders) {
+                    cText.type = content_application_data;
+                    cText.version = SSL_LIBRARY_VERSION_TLS_1_0;
+                } else {
+                    cText.type = (SSL3ContentType)ss->gs.hdr[0];
+                    cText.version = (ss->gs.hdr[1] << 8) | ss->gs.hdr[2];
+                }
 
                 if (IS_DTLS(ss)) {
                     sslSequenceNumber seq_num;
 
+                    cText.version = dtls_DTLSVersionToTLSVersion(cText.version);
                     /* DTLS sequence number */
                     PORT_Memcpy(&seq_num, &ss->gs.hdr[3], sizeof(seq_num));
                     cText.seq_num = PR_ntohll(seq_num);
@@ -545,22 +555,12 @@ ssl3_GatherCompleteHandshake(sslSocket *ss, int flags)
             } else {
                 ss->ssl3.hs.canFalseStart = PR_FALSE;
             }
-        } else if (processingEarlyData &&
-                   ss->ssl3.hs.zeroRttState == ssl_0rtt_done &&
-                   !PR_CLIST_IS_EMPTY(&ss->ssl3.hs.bufferedEarlyData)) {
-            /* If we were processing early data and we are no longer, then force
-             * the handshake to block.  This ensures that early data is
-             * delivered to the application before the handshake completes. */
-            ssl_ReleaseSSL3HandshakeLock(ss);
-            PORT_SetError(PR_WOULD_BLOCK_ERROR);
-            return SECWouldBlock;
         }
         ssl_ReleaseSSL3HandshakeLock(ss);
     } while (keepGoing);
 
-    /* Service the DTLS timer so that the post-handshake timers
-     * fire. */
-    if (IS_DTLS(ss) && (ss->ssl3.hs.ws == idle_handshake)) {
+    /* Service the DTLS timer so that the holddown timer eventually fires. */
+    if (IS_DTLS(ss)) {
         dtls_CheckTimer(ss);
     }
     ss->gs.readOffset = 0;
diff --git a/security/nss/lib/ssl/ssl3prot.h b/security/nss/lib/ssl/ssl3prot.h
index d1f46db97..ac31cf263 100644
--- a/security/nss/lib/ssl/ssl3prot.h
+++ b/security/nss/lib/ssl/ssl3prot.h
@@ -16,12 +16,13 @@ typedef PRUint16 SSL3ProtocolVersion;
 /* The TLS 1.3 draft version. Used to avoid negotiating
  * between incompatible pre-standard TLS 1.3 drafts.
  * TODO(ekr@rtfm.com): Remove when TLS 1.3 is published. */
-#define TLS_1_3_DRAFT_VERSION 23
+#define TLS_1_3_DRAFT_VERSION 18
 
 typedef PRUint16 ssl3CipherSuite;
 /* The cipher suites are defined in sslproto.h */
 
 #define MAX_CERT_TYPES 10
+#define MAX_COMPRESSION_METHODS 10
 #define MAX_MAC_LENGTH 64
 #define MAX_PADDING_LENGTH 64
 #define MAX_KEY_LENGTH 64
@@ -29,6 +30,7 @@ typedef PRUint16 ssl3CipherSuite;
 #define SSL3_RANDOM_LENGTH 32
 
 #define SSL3_RECORD_HEADER_LENGTH 5
+#define TLS13_RECORD_HEADER_LENGTH_SHORT 2
 
 /* SSL3_RECORD_HEADER_LENGTH + epoch/sequence_number */
 #define DTLS_RECORD_HEADER_LENGTH 13
@@ -39,18 +41,47 @@ typedef enum {
     content_change_cipher_spec = 20,
     content_alert = 21,
     content_handshake = 22,
-    content_application_data = 23,
-    content_alt_handshake = 24,
-    content_ack = 25
+    content_application_data = 23
 } SSL3ContentType;
 
+typedef struct {
+    SSL3ContentType type;
+    SSL3ProtocolVersion version;
+    PRUint16 length;
+    SECItem fragment;
+} SSL3Plaintext;
+
+typedef struct {
+    SSL3ContentType type;
+    SSL3ProtocolVersion version;
+    PRUint16 length;
+    SECItem fragment;
+} SSL3Compressed;
+
+typedef struct {
+    SECItem content;
+    PRUint8 MAC[MAX_MAC_LENGTH];
+} SSL3GenericStreamCipher;
+
+typedef struct {
+    SECItem content;
+    PRUint8 MAC[MAX_MAC_LENGTH];
+    PRUint8 padding[MAX_PADDING_LENGTH];
+    PRUint8 padding_length;
+} SSL3GenericBlockCipher;
+
 typedef enum { change_cipher_spec_choice = 1 } SSL3ChangeCipherSpecChoice;
 
+typedef struct {
+    SSL3ChangeCipherSpecChoice choice;
+} SSL3ChangeCipherSpec;
+
 typedef enum { alert_warning = 1,
                alert_fatal = 2 } SSL3AlertLevel;
 
 typedef enum {
     close_notify = 0,
+    end_of_early_data = 1, /* TLS 1.3 */
     unexpected_message = 10,
     bad_record_mac = 20,
     decryption_failed_RESERVED = 21, /* do not send; see RFC 5246 */
@@ -91,13 +122,64 @@ typedef enum {
     no_alert = 256
 } SSL3AlertDescription;
 
-typedef PRUint8 SSL3Random[SSL3_RANDOM_LENGTH];
+typedef struct {
+    SSL3AlertLevel level;
+    SSL3AlertDescription description;
+} SSL3Alert;
+
+typedef enum {
+    hello_request = 0,
+    client_hello = 1,
+    server_hello = 2,
+    hello_verify_request = 3,
+    new_session_ticket = 4,
+    hello_retry_request = 6,
+    encrypted_extensions = 8,
+    certificate = 11,
+    server_key_exchange = 12,
+    certificate_request = 13,
+    server_hello_done = 14,
+    certificate_verify = 15,
+    client_key_exchange = 16,
+    finished = 20,
+    certificate_status = 22,
+    next_proto = 67
+} SSL3HandshakeType;
+
+typedef struct {
+    PRUint8 empty;
+} SSL3HelloRequest;
+
+typedef struct {
+    PRUint8 rand[SSL3_RANDOM_LENGTH];
+} SSL3Random;
 
 typedef struct {
     PRUint8 id[32];
     PRUint8 length;
 } SSL3SessionID;
 
+typedef struct {
+    SSL3ProtocolVersion client_version;
+    SSL3Random random;
+    SSL3SessionID session_id;
+    SECItem cipher_suites;
+    PRUint8 cm_count;
+    SSLCompressionMethod compression_methods[MAX_COMPRESSION_METHODS];
+} SSL3ClientHello;
+
+typedef struct {
+    SSL3ProtocolVersion server_version;
+    SSL3Random random;
+    SSL3SessionID session_id;
+    ssl3CipherSuite cipher_suite;
+    SSLCompressionMethod compression_method;
+} SSL3ServerHello;
+
+typedef struct {
+    SECItem list;
+} SSL3Certificate;
+
 /* SSL3SignType moved to ssl.h */
 
 /* The SSL key exchange method used */
@@ -119,6 +201,24 @@ typedef enum {
     kea_tls13_any,
 } SSL3KeyExchangeAlgorithm;
 
+typedef struct {
+    SECItem modulus;
+    SECItem exponent;
+} SSL3ServerRSAParams;
+
+typedef struct {
+    SECItem p;
+    SECItem g;
+    SECItem Ys;
+} SSL3ServerDHParams;
+
+typedef struct {
+    union {
+        SSL3ServerDHParams dh;
+        SSL3ServerRSAParams rsa;
+    } u;
+} SSL3ServerParams;
+
 /* SSL3HashesIndividually contains a combination MD5/SHA1 hash, as used in TLS
  * prior to 1.2. */
 typedef struct {
@@ -135,9 +235,17 @@ typedef struct {
     union {
         PRUint8 raw[64];
         SSL3HashesIndividually s;
+        unsigned int transcriptLen;
     } u;
 } SSL3Hashes;
 
+typedef struct {
+    union {
+        PRUint8 anonymous;
+        SSL3Hashes certified;
+    } u;
+} SSL3ServerKeyExchange;
+
 typedef enum {
     ct_RSA_sign = 1,
     ct_DSS_sign = 2,
@@ -148,8 +256,16 @@ typedef enum {
     ct_ECDSA_sign = 64,
     ct_RSA_fixed_ECDH = 65,
     ct_ECDSA_fixed_ECDH = 66
+
 } SSL3ClientCertificateType;
 
+typedef struct {
+    PRUint8 client_version[2];
+    PRUint8 random[46];
+} SSL3RSAPreMasterSecret;
+
+typedef PRUint8 SSL3MasterSecret[48];
+
 typedef enum {
     sender_client = 0x434c4e54,
     sender_server = 0x53525652
diff --git a/security/nss/lib/ssl/sslbloom.c b/security/nss/lib/ssl/sslbloom.c
deleted file mode 100644
index 3d5f9d1f1..000000000
--- a/security/nss/lib/ssl/sslbloom.c
+++ /dev/null
@@ -1,94 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
-/*
- * A bloom filter.
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "sslbloom.h"
-#include "prnetdb.h"
-#include "secport.h"
-
-static inline unsigned int
-sslBloom_Size(unsigned int bits)
-{
-    return (bits >= 3) ? (1 << (bits - 3)) : 1;
-}
-
-SECStatus
-sslBloom_Init(sslBloomFilter *filter, unsigned int k, unsigned int bits)
-{
-    PORT_Assert(filter);
-    PORT_Assert(bits > 0);
-    PORT_Assert(bits <= sizeof(PRUint32) * 8);
-    PORT_Assert(k > 0);
-
-    filter->filter = PORT_ZNewArray(PRUint8, sslBloom_Size(bits));
-    if (!filter->filter) {
-        return SECFailure; /* Error code already set. */
-    }
-
-    filter->k = k;
-    filter->bits = bits;
-    return SECSuccess;
-}
-
-void
-sslBloom_Zero(sslBloomFilter *filter)
-{
-    PORT_Memset(filter->filter, 0, sslBloom_Size(filter->bits));
-}
-
-void
-sslBloom_Fill(sslBloomFilter *filter)
-{
-    PORT_Memset(filter->filter, 0xff, sslBloom_Size(filter->bits));
-}
-
-static PRBool
-sslBloom_AddOrCheck(sslBloomFilter *filter, const PRUint8 *hashes, PRBool add)
-{
-    unsigned int iteration;
-    unsigned int bitIndex;
-    PRUint32 tmp = 0;
-    PRUint8 mask;
-    unsigned int bytes = (filter->bits + 7) / 8;
-    unsigned int shift = (bytes * 8) - filter->bits;
-    PRBool found = PR_TRUE;
-
-    PORT_Assert(bytes <= sizeof(unsigned int));
-
-    for (iteration = 0; iteration < filter->k; ++iteration) {
-        PORT_Memcpy(((PRUint8 *)&tmp) + (sizeof(tmp) - bytes),
-                    hashes, bytes);
-        hashes += bytes;
-        bitIndex = PR_ntohl(tmp) >> shift;
-
-        mask = 1 << (bitIndex % 8);
-        found = found && filter->filter[bitIndex / 8] & mask;
-        if (add) {
-            filter->filter[bitIndex / 8] |= mask;
-        }
-    }
-    return found;
-}
-
-PRBool
-sslBloom_Add(sslBloomFilter *filter, const PRUint8 *hashes)
-{
-    return sslBloom_AddOrCheck(filter, hashes, PR_TRUE);
-}
-
-PRBool
-sslBloom_Check(sslBloomFilter *filter, const PRUint8 *hashes)
-{
-    return sslBloom_AddOrCheck(filter, hashes, PR_FALSE);
-}
-
-void
-sslBloom_Destroy(sslBloomFilter *filter)
-{
-    PORT_Free(filter->filter);
-    PORT_Memset(filter, 0, sizeof(*filter));
-}
diff --git a/security/nss/lib/ssl/sslbloom.h b/security/nss/lib/ssl/sslbloom.h
deleted file mode 100644
index 032c94b0f..000000000
--- a/security/nss/lib/ssl/sslbloom.h
+++ /dev/null
@@ -1,32 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
-/*
- * A bloom filter.
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#ifndef __sslbloom_h_
-#define __sslbloom_h_
-
-#include "prtypes.h"
-#include "seccomon.h"
-
-typedef struct sslBloomFilterStr {
-    unsigned int k;    /* The number of hashes. */
-    unsigned int bits; /* The number of bits in each hash: bits = log2(m) */
-    PRUint8 *filter;   /* The filter itself. */
-} sslBloomFilter;
-
-SECStatus sslBloom_Init(sslBloomFilter *filter, unsigned int k, unsigned int bits);
-void sslBloom_Zero(sslBloomFilter *filter);
-void sslBloom_Fill(sslBloomFilter *filter);
-/* Add the given hashes to the filter.  It's the caller's responsibility to
- * ensure that there is at least |ceil(k*bits/8)| bytes of data available in
- * |hashes|. Returns PR_TRUE if the entry was already present or it was likely
- * to be present. */
-PRBool sslBloom_Add(sslBloomFilter *filter, const PRUint8 *hashes);
-PRBool sslBloom_Check(sslBloomFilter *filter, const PRUint8 *hashes);
-void sslBloom_Destroy(sslBloomFilter *filter);
-
-#endif /* __sslbloom_h_ */
diff --git a/security/nss/lib/ssl/sslcert.c b/security/nss/lib/ssl/sslcert.c
index 6cd02e402..cc1d3c683 100644
--- a/security/nss/lib/ssl/sslcert.c
+++ b/security/nss/lib/ssl/sslcert.c
@@ -46,7 +46,7 @@ ssl_SetupCAListOnce(void *arg)
 }
 
 SECStatus
-ssl_SetupCAList(const sslSocket *ss)
+ssl_SetupCAList(sslSocket *ss)
 {
     if (PR_SUCCESS != PR_CallOnceWithArg(&ssl_server_ca_list.setup,
                                          &ssl_SetupCAListOnce,
@@ -58,11 +58,11 @@ ssl_SetupCAList(const sslSocket *ss)
 }
 
 SECStatus
-ssl_GetCertificateRequestCAs(const sslSocket *ss, unsigned int *calen,
-                             const SECItem **names, unsigned int *nnames)
+ssl_GetCertificateRequestCAs(sslSocket *ss, unsigned int *calen,
+                             SECItem **names, unsigned int *nnames)
 {
-    const SECItem *name;
-    const CERTDistNames *ca_list;
+    SECItem *name;
+    CERTDistNames *ca_list;
     unsigned int i;
 
     *calen = 0;
diff --git a/security/nss/lib/ssl/sslencode.c b/security/nss/lib/ssl/sslencode.c
deleted file mode 100644
index 2f127fe8f..000000000
--- a/security/nss/lib/ssl/sslencode.c
+++ /dev/null
@@ -1,296 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
-/*
- * This file is PRIVATE to SSL.
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "nss.h"
-#include "prnetdb.h"
-#include "ssl.h"
-#include "sslimpl.h"
-
-/* Helper function to encode an unsigned integer into a buffer. */
-static void
-ssl_EncodeUintX(PRUint8 *to, PRUint64 value, unsigned int bytes)
-{
-    PRUint64 encoded;
-
-    PORT_Assert(bytes > 0 && bytes <= sizeof(encoded));
-
-    encoded = PR_htonll(value);
-    PORT_Memcpy(to, ((unsigned char *)(&encoded)) + (sizeof(encoded) - bytes),
-                bytes);
-}
-
-/* Grow a buffer to hold newLen bytes of data.  When used for recv/xmit buffers,
- * the caller must hold xmitBufLock or recvBufLock, as appropriate. */
-SECStatus
-sslBuffer_Grow(sslBuffer *b, unsigned int newLen)
-{
-    if (b->fixed) {
-        PORT_Assert(newLen <= b->space);
-        if (newLen > b->space) {
-            PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-            return SECFailure;
-        }
-        return SECSuccess;
-    }
-
-    newLen = PR_MAX(newLen, b->len + 1024);
-    if (newLen > b->space) {
-        unsigned char *newBuf;
-        if (b->buf) {
-            newBuf = (unsigned char *)PORT_Realloc(b->buf, newLen);
-        } else {
-            newBuf = (unsigned char *)PORT_Alloc(newLen);
-        }
-        if (!newBuf) {
-            return SECFailure;
-        }
-        b->buf = newBuf;
-        b->space = newLen;
-    }
-    return SECSuccess;
-}
-
-SECStatus
-sslBuffer_Append(sslBuffer *b, const void *data, unsigned int len)
-{
-    SECStatus rv = sslBuffer_Grow(b, b->len + len);
-    if (rv != SECSuccess) {
-        return SECFailure; /* Code already set. */
-    }
-    PORT_Memcpy(SSL_BUFFER_NEXT(b), data, len);
-    b->len += len;
-    return SECSuccess;
-}
-
-SECStatus
-sslBuffer_AppendNumber(sslBuffer *b, PRUint64 v, unsigned int size)
-{
-    SECStatus rv = sslBuffer_Grow(b, b->len + size);
-    if (rv != SECSuccess) {
-        return SECFailure;
-    }
-    ssl_EncodeUintX(SSL_BUFFER_NEXT(b), v, size);
-    b->len += size;
-    return SECSuccess;
-}
-
-SECStatus
-sslBuffer_AppendVariable(sslBuffer *b, const PRUint8 *data, unsigned int len,
-                         unsigned int size)
-{
-    PORT_Assert(size <= 4 && size > 0);
-    if (len >= (1ULL << (8 * size))) {
-        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-        return SECFailure;
-    }
-
-    if (sslBuffer_Grow(b, b->len + len + size) != SECSuccess) {
-        return SECFailure;
-    }
-
-    ssl_EncodeUintX(SSL_BUFFER_NEXT(b), len, size);
-    b->len += size;
-    PORT_Memcpy(SSL_BUFFER_NEXT(b), data, len);
-    b->len += len;
-    return SECSuccess;
-}
-
-SECStatus
-sslBuffer_AppendBuffer(sslBuffer *b, const sslBuffer *append)
-{
-    return sslBuffer_Append(b, append->buf, append->len);
-}
-
-SECStatus
-sslBuffer_AppendBufferVariable(sslBuffer *b, const sslBuffer *append,
-                               unsigned int size)
-{
-    return sslBuffer_AppendVariable(b, append->buf, append->len, size);
-}
-
-SECStatus
-sslBuffer_Skip(sslBuffer *b, unsigned int size, unsigned int *savedOffset)
-{
-    if (sslBuffer_Grow(b, b->len + size) != SECSuccess) {
-        return SECFailure;
-    }
-
-    if (savedOffset) {
-        *savedOffset = b->len;
-    }
-    b->len += size;
-    return SECSuccess;
-}
-
-/* A common problem is that a buffer is used to construct a variable length
- * structure of unknown length.  The length field for that structure is then
- * populated afterwards.  This function makes this process a little easier.
- *
- * To use this, before encoding the variable length structure, skip the spot
- * where the length would be using sslBuffer_Skip().  After encoding the
- * structure, and before encoding anything else, call this function passing the
- * value returned from sslBuffer_Skip() as |at| to have the length inserted.
- */
-SECStatus
-sslBuffer_InsertLength(sslBuffer *b, unsigned int at, unsigned int size)
-{
-    unsigned int len;
-
-    PORT_Assert(b->len >= at + size);
-    PORT_Assert(b->space >= at + size);
-    len = b->len - (at + size);
-
-    PORT_Assert(size <= 4 && size > 0);
-    if (len >= (1ULL << (8 * size))) {
-        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-        return SECFailure;
-    }
-
-    ssl_EncodeUintX(SSL_BUFFER_BASE(b) + at, len, size);
-    return SECSuccess;
-}
-
-void
-sslBuffer_Clear(sslBuffer *b)
-{
-    if (!b->fixed) {
-        if (b->buf) {
-            PORT_Free(b->buf);
-            b->buf = NULL;
-        }
-        b->space = 0;
-    }
-    b->len = 0;
-}
-
-SECStatus
-ssl3_ConsumeFromItem(SECItem *item, unsigned char **buf, unsigned int size)
-{
-    if (size > item->len) {
-        PORT_SetError(SEC_ERROR_BAD_DATA);
-        return SECFailure;
-    }
-
-    *buf = item->data;
-    item->data += size;
-    item->len -= size;
-    return SECSuccess;
-}
-
-SECStatus
-ssl3_ConsumeNumberFromItem(SECItem *item, PRUint32 *num, unsigned int size)
-{
-    int i;
-
-    if (size > item->len || size > sizeof(*num)) {
-        PORT_SetError(SEC_ERROR_BAD_DATA);
-        return SECFailure;
-    }
-
-    *num = 0;
-    for (i = 0; i < size; i++) {
-        *num = (*num << 8) + item->data[i];
-    }
-
-    item->data += size;
-    item->len -= size;
-
-    return SECSuccess;
-}
-
-/**************************************************************************
- * Append Handshake functions.
- * All these functions set appropriate error codes.
- * Most rely on ssl3_AppendHandshake to set the error code.
- **************************************************************************/
-#define MAX_SEND_BUF_LENGTH 32000 /* watch for 16-bit integer overflow */
-#define MIN_SEND_BUF_LENGTH 4000
-
-SECStatus
-ssl3_AppendHandshake(sslSocket *ss, const void *void_src, unsigned int bytes)
-{
-    unsigned char *src = (unsigned char *)void_src;
-    int room = ss->sec.ci.sendBuf.space - ss->sec.ci.sendBuf.len;
-    SECStatus rv;
-
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); /* protects sendBuf. */
-
-    if (!bytes)
-        return SECSuccess;
-    if (ss->sec.ci.sendBuf.space < MAX_SEND_BUF_LENGTH && room < bytes) {
-        rv = sslBuffer_Grow(&ss->sec.ci.sendBuf, PR_MAX(MIN_SEND_BUF_LENGTH,
-                                                        PR_MIN(MAX_SEND_BUF_LENGTH, ss->sec.ci.sendBuf.len + bytes)));
-        if (rv != SECSuccess)
-            return SECFailure; /* sslBuffer_Grow sets a memory error code. */
-        room = ss->sec.ci.sendBuf.space - ss->sec.ci.sendBuf.len;
-    }
-
-    PRINT_BUF(60, (ss, "Append to Handshake", (unsigned char *)void_src, bytes));
-    rv = ssl3_UpdateHandshakeHashes(ss, src, bytes);
-    if (rv != SECSuccess)
-        return SECFailure; /* error code set by ssl3_UpdateHandshakeHashes */
-
-    while (bytes > room) {
-        if (room > 0)
-            PORT_Memcpy(ss->sec.ci.sendBuf.buf + ss->sec.ci.sendBuf.len, src,
-                        room);
-        ss->sec.ci.sendBuf.len += room;
-        rv = ssl3_FlushHandshake(ss, ssl_SEND_FLAG_FORCE_INTO_BUFFER);
-        if (rv != SECSuccess) {
-            return SECFailure; /* error code set by ssl3_FlushHandshake */
-        }
-        bytes -= room;
-        src += room;
-        room = ss->sec.ci.sendBuf.space;
-        PORT_Assert(ss->sec.ci.sendBuf.len == 0);
-    }
-    PORT_Memcpy(ss->sec.ci.sendBuf.buf + ss->sec.ci.sendBuf.len, src, bytes);
-    ss->sec.ci.sendBuf.len += bytes;
-    return SECSuccess;
-}
-
-SECStatus
-ssl3_AppendHandshakeNumber(sslSocket *ss, PRUint64 num, unsigned int lenSize)
-{
-    PRUint8 b[sizeof(num)];
-    SSL_TRC(60, ("%d: number:", SSL_GETPID()));
-    ssl_EncodeUintX(b, num, lenSize);
-    return ssl3_AppendHandshake(ss, b, lenSize);
-}
-
-SECStatus
-ssl3_AppendHandshakeVariable(sslSocket *ss, const PRUint8 *src,
-                             unsigned int bytes, unsigned int lenSize)
-{
-    SECStatus rv;
-
-    PORT_Assert((bytes < (1 << 8) && lenSize == 1) ||
-                (bytes < (1L << 16) && lenSize == 2) ||
-                (bytes < (1L << 24) && lenSize == 3));
-
-    SSL_TRC(60, ("%d: append variable:", SSL_GETPID()));
-    rv = ssl3_AppendHandshakeNumber(ss, bytes, lenSize);
-    if (rv != SECSuccess) {
-        return SECFailure; /* error code set by AppendHandshake. */
-    }
-    SSL_TRC(60, ("data:"));
-    return ssl3_AppendHandshake(ss, src, bytes);
-}
-
-SECStatus
-ssl3_AppendBufferToHandshake(sslSocket *ss, sslBuffer *buf)
-{
-    return ssl3_AppendHandshake(ss, buf->buf, buf->len);
-}
-
-SECStatus
-ssl3_AppendBufferToHandshakeVariable(sslSocket *ss, sslBuffer *buf,
-                                     unsigned int lenSize)
-{
-    return ssl3_AppendHandshakeVariable(ss, buf->buf, buf->len, lenSize);
-}
diff --git a/security/nss/lib/ssl/sslencode.h b/security/nss/lib/ssl/sslencode.h
deleted file mode 100644
index a1b04d88f..000000000
--- a/security/nss/lib/ssl/sslencode.h
+++ /dev/null
@@ -1,69 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
-/*
- * This file is PRIVATE to SSL.
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#ifndef __sslencode_h_
-#define __sslencode_h_
-
-/* A buffer object, used for assembling messages. */
-typedef struct sslBufferStr {
-    PRUint8 *buf;
-    unsigned int len;
-    unsigned int space;
-    /* Set to true if the storage for the buffer is fixed, such as a stack
-     * variable or a view on another buffer. Growing a fixed buffer fails. */
-    PRBool fixed;
-} sslBuffer;
-
-#define SSL_BUFFER_EMPTY     \
-    {                        \
-        NULL, 0, 0, PR_FALSE \
-    }
-#define SSL_BUFFER_FIXED(b, maxlen) \
-    {                               \
-        b, 0, maxlen, PR_TRUE       \
-    }
-#define SSL_BUFFER(b) SSL_BUFFER_FIXED(b, sizeof(b))
-#define SSL_BUFFER_BASE(b) ((b)->buf)
-#define SSL_BUFFER_LEN(b) ((b)->len)
-#define SSL_BUFFER_NEXT(b) ((b)->buf + (b)->len)
-#define SSL_BUFFER_SPACE(b) ((b)->space - (b)->len)
-
-SECStatus sslBuffer_Grow(sslBuffer *b, unsigned int newLen);
-SECStatus sslBuffer_Append(sslBuffer *b, const void *data, unsigned int len);
-SECStatus sslBuffer_AppendNumber(sslBuffer *b, PRUint64 v, unsigned int size);
-SECStatus sslBuffer_AppendVariable(sslBuffer *b, const PRUint8 *data,
-                                   unsigned int len, unsigned int size);
-SECStatus sslBuffer_AppendBuffer(sslBuffer *b, const sslBuffer *append);
-SECStatus sslBuffer_AppendBufferVariable(sslBuffer *b, const sslBuffer *append,
-                                         unsigned int size);
-SECStatus sslBuffer_Skip(sslBuffer *b, unsigned int size,
-                         unsigned int *savedOffset);
-SECStatus sslBuffer_InsertLength(sslBuffer *b, unsigned int at,
-                                 unsigned int size);
-void sslBuffer_Clear(sslBuffer *b);
-
-/* All of these functions modify the underlying SECItem, and so should
- * be performed on a shallow copy.*/
-SECStatus ssl3_ConsumeFromItem(SECItem *item,
-                               PRUint8 **buf, unsigned int size);
-SECStatus ssl3_ConsumeNumberFromItem(SECItem *item,
-                                     PRUint32 *num, unsigned int size);
-
-SECStatus ssl3_AppendHandshake(sslSocket *ss, const void *void_src,
-                               unsigned int bytes);
-SECStatus ssl3_AppendHandshakeHeader(sslSocket *ss,
-                                     SSLHandshakeType t, unsigned int length);
-SECStatus ssl3_AppendHandshakeNumber(sslSocket *ss, PRUint64 num,
-                                     unsigned int lenSize);
-SECStatus ssl3_AppendHandshakeVariable(sslSocket *ss, const PRUint8 *src,
-                                       unsigned int bytes, unsigned int lenSize);
-SECStatus ssl3_AppendBufferToHandshake(sslSocket *ss, sslBuffer *buf);
-SECStatus ssl3_AppendBufferToHandshakeVariable(sslSocket *ss, sslBuffer *buf,
-                                               unsigned int lenSize);
-
-#endif /* __sslencode_h_ */
diff --git a/security/nss/lib/ssl/sslerr.h b/security/nss/lib/ssl/sslerr.h
index 90815dd79..865077cda 100644
--- a/security/nss/lib/ssl/sslerr.h
+++ b/security/nss/lib/ssl/sslerr.h
@@ -234,7 +234,6 @@ typedef enum {
     SSL_ERROR_MALFORMED_PRE_SHARED_KEY = (SSL_ERROR_BASE + 147),
     SSL_ERROR_MALFORMED_EARLY_DATA = (SSL_ERROR_BASE + 148),
     SSL_ERROR_END_OF_EARLY_DATA_ALERT = (SSL_ERROR_BASE + 149),
-                                      /* error 149 is obsolete */
     SSL_ERROR_MISSING_ALPN_EXTENSION = (SSL_ERROR_BASE + 150),
     SSL_ERROR_RX_UNEXPECTED_EXTENSION = (SSL_ERROR_BASE + 151),
     SSL_ERROR_MISSING_SUPPORTED_GROUPS_EXTENSION = (SSL_ERROR_BASE + 152),
@@ -247,19 +246,6 @@ typedef enum {
     SSL_ERROR_MISSING_PSK_KEY_EXCHANGE_MODES = (SSL_ERROR_BASE + 159),
     SSL_ERROR_DOWNGRADE_WITH_EARLY_DATA = (SSL_ERROR_BASE + 160),
     SSL_ERROR_TOO_MUCH_EARLY_DATA = (SSL_ERROR_BASE + 161),
-    SSL_ERROR_RX_UNEXPECTED_END_OF_EARLY_DATA = (SSL_ERROR_BASE + 162),
-    SSL_ERROR_RX_MALFORMED_END_OF_EARLY_DATA = (SSL_ERROR_BASE + 163),
-
-    SSL_ERROR_UNSUPPORTED_EXPERIMENTAL_API = (SSL_ERROR_BASE + 164),
-
-    SSL_ERROR_APPLICATION_ABORT = (SSL_ERROR_BASE + 165),
-    SSL_ERROR_APP_CALLBACK_ERROR = (SSL_ERROR_BASE + 166),
-    SSL_ERROR_NO_TIMERS_FOUND = (SSL_ERROR_BASE + 167),
-    SSL_ERROR_MISSING_COOKIE_EXTENSION = (SSL_ERROR_BASE + 168),
-
-    SSL_ERROR_RX_UNEXPECTED_KEY_UPDATE = (SSL_ERROR_BASE + 169),
-    SSL_ERROR_RX_MALFORMED_KEY_UPDATE = (SSL_ERROR_BASE + 170),
-    SSL_ERROR_TOO_MANY_KEY_UPDATES = (SSL_ERROR_BASE + 171),
     SSL_ERROR_END_OF_LIST   /* let the c compiler determine the value of this. */
 } SSLErrorCodes;
 #endif /* NO_SECURITY_ERROR_ENUM */
diff --git a/security/nss/lib/ssl/sslexp.h b/security/nss/lib/ssl/sslexp.h
deleted file mode 100644
index 569add861..000000000
--- a/security/nss/lib/ssl/sslexp.h
+++ /dev/null
@@ -1,358 +0,0 @@
-/*
- * This file contains prototypes for experimental SSL functions.
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#ifndef __sslexp_h_
-#define __sslexp_h_
-
-#include "ssl.h"
-#include "sslerr.h"
-
-SEC_BEGIN_PROTOS
-
-/* The functions in this header file are not guaranteed to remain available in
- * future NSS versions. Code that uses these functions needs to safeguard
- * against the function not being available. */
-
-#define SSL_EXPERIMENTAL_API(name, arglist, args)                   \
-    (SSL_GetExperimentalAPI(name)                                   \
-         ? ((SECStatus(*) arglist)SSL_GetExperimentalAPI(name))args \
-         : SECFailure)
-#define SSL_DEPRECATED_EXPERIMENTAL_API \
-    (PR_SetError(SSL_ERROR_UNSUPPORTED_EXPERIMENTAL_API, 0), SECFailure)
-
-/*
- * SSL_GetExtensionSupport() returns whether NSS supports a particular TLS
- * extension.
- *
- * - ssl_ext_none indicates that NSS does not support the extension and
- *   extension hooks can be installed.
- *
- * - ssl_ext_native indicates that NSS supports the extension natively, but
- *   allows an application to override that support and install its own
- *   extension hooks.
- *
- * - ssl_ext_native_only indicates that NSS supports the extension natively
- *   and does not permit custom extension hooks to be installed.  These
- *   extensions are critical to the functioning of NSS.
- */
-typedef enum {
-    ssl_ext_none,
-    ssl_ext_native,
-    ssl_ext_native_only
-} SSLExtensionSupport;
-
-#define SSL_GetExtensionSupport(extension, support)        \
-    SSL_EXPERIMENTAL_API("SSL_GetExtensionSupport",        \
-                         (PRUint16 _extension,             \
-                          SSLExtensionSupport * _support), \
-                         (extension, support))
-
-/*
- * Custom extension hooks.
- *
- * The SSL_InstallExtensionHooks() registers two callback functions for use
- * with the identified extension type.
- *
- * Installing extension hooks disables the checks in TLS 1.3 that ensure that
- * extensions are only added to the correct messages.  The application is
- * responsible for ensuring that extensions are only sent with the right message
- * or messages.
- *
- * Installing an extension handler does not disable checks for whether an
- * extension can be used in a message that is a response to an extension in
- * another message.  Extensions in ServerHello, EncryptedExtensions and the
- * server Certificate messages are rejected unless the client sends an extension
- * in the ClientHello.  Similarly, a client Certificate message cannot contain
- * extensions that don't appear in a CertificateRequest (in TLS 1.3).
- *
- * Setting both |writer| and |handler| to NULL removes any existing hooks for
- * that extension.
- *
- * == SSLExtensionWriter
- *
- * An SSLExtensionWriter function is responsible for constructing the contents
- * of an extension.  This function is called during the construction of all
- * handshake messages where an extension might be included.
- *
- * - The |fd| argument is the socket file descriptor.
- *
- * - The |message| argument is the TLS handshake message type.  The writer will
- *   be called for every handshake message that NSS sends.  Most extensions
- *   should only be sent in a subset of messages.  NSS doesn’t check that
- *   extension writers don’t violate protocol rules regarding which message an
- *   extension can be sent in.
- *
- * - The |data| argument is a pointer to a buffer that should be written to with
- *   any data for the extension.
- *
- * - The |len| argument is an outparam indicating how many bytes were written to
- *   |data|.  The value referenced by |len| is initialized to zero, so an
- *   extension that is empty does not need to write to this value.
- *
- * - The |maxLen| indicates the maximum number of bytes that can be written to
- *   |data|.
- *
- * - The |arg| argument is the value of the writerArg that was passed during
- *   installation.
- *
- * An SSLExtensionWriter function returns PR_TRUE if an extension should be
- * written, and PR_FALSE otherwise.
- *
- * If there is an error, return PR_FALSE; if the error is truly fatal, the
- * application can mark the connection as failed. However, recursively calling
- * functions that alter the file descriptor in the callback - such as PR_Close()
- * - should be avoided.
- *
- * Note: The ClientHello message can be sent twice in TLS 1.3.  An
- * SSLExtensionWriter will be called twice with the same arguments in that case;
- * NSS does not distinguish between a first and second ClientHello.  It is up to
- * the application to track this if it needs to act differently each time.  In
- * most cases the correct behaviour is to provide an identical extension on each
- * invocation.
- *
- * == SSLExtensionHandler
- *
- * An SSLExtensionHandler function consumes a handshake message.  This function
- * is called when an extension is present.
- *
- * - The |fd| argument is the socket file descriptor.
- *
- * - The |message| argument is the TLS handshake message type. This can be used
- *   to validate that the extension was included in the correct handshake
- *   message.
- *
- * - The |data| argument points to the contents of the extension.
- *
- * - The |len| argument contains the length of the extension.
- *
- * - The |alert| argument is an outparam that allows an application to choose
- *   which alert is sent in the case of a fatal error.
- *
- * - The |arg| argument is the value of the handlerArg that was passed during
- *   installation.
- *
- * An SSLExtensionHandler function returns SECSuccess when the extension is
- * process successfully.  It can return SECFailure to cause the handshake to
- * fail.  If the value of alert is written to, NSS will generate a fatal alert
- * using the provided alert code.  The value of |alert| is otherwise not used.
- */
-typedef PRBool(PR_CALLBACK *SSLExtensionWriter)(
-    PRFileDesc *fd, SSLHandshakeType message,
-    PRUint8 *data, unsigned int *len, unsigned int maxLen, void *arg);
-
-typedef SECStatus(PR_CALLBACK *SSLExtensionHandler)(
-    PRFileDesc *fd, SSLHandshakeType message,
-    const PRUint8 *data, unsigned int len,
-    SSLAlertDescription *alert, void *arg);
-
-#define SSL_InstallExtensionHooks(fd, extension, writer, writerArg,         \
-                                  handler, handlerArg)                      \
-    SSL_EXPERIMENTAL_API("SSL_InstallExtensionHooks",                       \
-                         (PRFileDesc * _fd, PRUint16 _extension,            \
-                          SSLExtensionWriter _writer, void *_writerArg,     \
-                          SSLExtensionHandler _handler, void *_handlerArg), \
-                         (fd, extension, writer, writerArg,                 \
-                          handler, handlerArg))
-
-/*
- * Setup the anti-replay buffer for supporting 0-RTT in TLS 1.3 on servers.
- *
- * To use 0-RTT on a server, you must call this function.  Failing to call this
- * function will result in all 0-RTT being rejected.  Connections will complete,
- * but early data will be rejected.
- *
- * NSS uses a Bloom filter to track the ClientHello messages that it receives
- * (specifically, it uses the PSK binder).  This function initializes a pair of
- * Bloom filters.  The two filters are alternated over time, with new
- * ClientHello messages recorded in the current filter and, if they are not
- * already present, being checked against the previous filter.  If the
- * ClientHello is found, then early data is rejected, but the handshake is
- * allowed to proceed.
- *
- * The false-positive probability of Bloom filters means that some valid
- * handshakes will be marked as potential replays.  Early data will be rejected
- * for a false positive.  To minimize this and to allow a trade-off of space
- * against accuracy, the size of the Bloom filter can be set by this function.
- *
- * The first tuning parameter to consider is |window|, which determines the
- * window over which ClientHello messages will be tracked.  This also causes
- * early data to be rejected if a ClientHello contains a ticket age parameter
- * that is outside of this window (see Section 4.2.10.4 of
- * draft-ietf-tls-tls13-20 for details).  Set |window| to account for any
- * potential sources of clock error.  |window| is the entire width of the
- * window, which is symmetrical.  Therefore to allow 5 seconds of clock error in
- * both directions, set the value to 10 seconds (i.e., 10 * PR_USEC_PER_SEC).
- *
- * After calling this function, early data will be rejected until |window|
- * elapses.  This prevents replay across crashes and restarts.  Only call this
- * function once to avoid inadvertently disabling 0-RTT (use PR_CallOnce() to
- * avoid this problem).
- *
- * The primary tuning parameter is |bits| which determines the amount of memory
- * allocated to each Bloom filter.  NSS will allocate two Bloom filters, each
- * |2^(bits - 3)| octets in size.  The value of |bits| is primarily driven by
- * the number of connections that are expected in any time window.  Note that
- * this needs to account for there being two filters both of which have
- * (presumably) independent false positive rates.  The following formulae can be
- * used to find a value of |bits| and |k| given a chosen false positive
- * probability |p| and the number of requests expected in a given window |n|:
- *
- *   bits = log2(n) + log2(-ln(1 - sqrt(1 - p))) + 1.0575327458897952
- *   k = -log2(p)
- *
- * ... where log2 and ln are base 2 and e logarithms respectively.  For a target
- * false positive rate of 1% and 1000 handshake attempts, this produces bits=14
- * and k=7.  This results in two Bloom filters that are 2kB each in size.  Note
- * that rounding |k| and |bits| up causes the false positive probability for
- * these values to be a much lower 0.123%.
- *
- * IMPORTANT: This anti-replay scheme has several weaknesses.  See the TLS 1.3
- * specification for the details of the generic problems with this technique.
- *
- * In addition to the generic anti-replay weaknesses, the state that the server
- * maintains is in local memory only.  Servers that operate in a cluster, even
- * those that use shared memory for tickets, will not share anti-replay state.
- * Early data can be replayed at least once with every server instance that will
- * accept tickets that are encrypted with the same key.
- */
-#define SSL_SetupAntiReplay(window, k, bits)                                    \
-    SSL_EXPERIMENTAL_API("SSL_SetupAntiReplay",                                 \
-                         (PRTime _window, unsigned int _k, unsigned int _bits), \
-                         (window, k, bits))
-
-/*
- * This function allows a server application to generate a session ticket that
- * will embed the provided token.
- *
- * This function will cause a NewSessionTicket message to be sent by a server.
- * This happens even if SSL_ENABLE_SESSION_TICKETS is disabled.  This allows a
- * server to suppress the usually automatic generation of a session ticket at
- * the completion of the handshake - which do not include any token - and to
- * control when session tickets are transmitted.
- *
- * This function will fail unless the socket has an active TLS 1.3 session.
- * Earlier versions of TLS do not support the spontaneous sending of the
- * NewSessionTicket message.
- */
-#define SSL_SendSessionTicket(fd, appToken, appTokenLen)              \
-    SSL_EXPERIMENTAL_API("SSL_SendSessionTicket",                     \
-                         (PRFileDesc * _fd, const PRUint8 *_appToken, \
-                          unsigned int _appTokenLen),                 \
-                         (fd, appToken, appTokenLen))
-
-/*
- * A stateless retry handler gives an application some control over NSS handling
- * of ClientHello messages.
- *
- * SSL_HelloRetryRequestCallback() installs a callback that allows an
- * application to control how NSS sends HelloRetryRequest messages.  This
- * handler is only used on servers and will only be called if the server selects
- * TLS 1.3.  Support for older TLS versions could be added in other releases.
- *
- * The SSLHelloRetryRequestCallback is invoked during the processing of a
- * TLS 1.3 ClientHello message.  It takes the following arguments:
- *
- * - |firstHello| indicates if the NSS believes that this is an initial
- *   ClientHello.  An initial ClientHello will never include a cookie extension,
- *   though it may contain a session ticket.
- *
- * - |clientToken| includes a token previously provided by the application.  If
- *   |clientTokenLen| is 0, then |clientToken| may be NULL.
- *
- *   - If |firstHello| is PR_FALSE, the value that was provided in the
- *     |retryToken| outparam of previous invocations of this callback will be
- *     present here.
- *
- *   - If |firstHello| is PR_TRUE, and the handshake is resuming a session, then
- *     this will contain any value that was passed in the |token| parameter of
- *     SSL_SendNewSessionTicket() method (see below).  If this is not resuming a
- *     session, then the token will be empty (and this value could be NULL).
- *
- * - |clientTokenLen| is the length of |clientToken|.
- *
- * - |retryToken| is an item that callback can write to.  This provides NSS with
- *   a token.  This token is encrypted and integrity protected and embedded in
- *   the cookie extension of a HelloRetryRequest.  The value of this field is
- *   only used if the handler returns ssl_stateless_retry_check.  NSS allocates
- *   space for this value.
- *
- * - |retryTokenLen| is an outparam for the length of the token. If this value
- *   is not set, or set to 0, an empty token will be sent.
- *
- * - |retryTokenMax| is the size of the space allocated for retryToken. An
- *   application cannot write more than this many bytes to retryToken.
- *
- * - |arg| is the same value that was passed to
- *   SSL_InstallStatelessRetryHandler().
- *
- * The handler can validate any the value of |clientToken|, query the socket
- * status (using SSL_GetPreliminaryChannelInfo() for example) and decide how to
- * proceed:
- *
- * - Returning ssl_hello_retry_fail causes the handshake to fail.  This might be
- *   used if the token is invalid or the application wishes to abort the
- *   handshake.
- *
- * - Returning ssl_hello_retry_accept causes the handshake to proceed.
- *
- * - Returning ssl_hello_retry_request causes NSS to send a HelloRetryRequest
- *   message and request a second ClientHello.  NSS generates a cookie extension
- *   and embeds the value of |retryToken|.  The value of |retryToken| value may
- *   be left empty if the application does not require any additional context to
- *   validate a second ClientHello attempt.  This return code cannot be used to
- *   reject a second ClientHello (i.e., when firstHello is PR_FALSE); NSS will
- *   abort the handshake if this value is returned from a second call.
- *
- * An application that chooses to perform a stateless retry can discard the
- * server socket.  All necessary state to continue the TLS handshake will be
- * included in the cookie extension.  This makes it possible to use a new socket
- * to handle the remainder of the handshake.  The existing socket can be safely
- * discarded.
- *
- * If the same socket is retained, the information in the cookie will be checked
- * for consistency against the existing state of the socket.  Any discrepancy
- * will result in the connection being closed.
- *
- * Tokens should be kept as small as possible.  NSS sets a limit on the size of
- * tokens, which it passes in |retryTokenMax|.  Depending on circumstances,
- * observing a smaller limit might be desirable or even necessary.  For
- * instance, having HelloRetryRequest and ClientHello fit in a single packet has
- * significant performance benefits.
- */
-typedef enum {
-    ssl_hello_retry_fail,
-    ssl_hello_retry_accept,
-    ssl_hello_retry_request
-} SSLHelloRetryRequestAction;
-
-typedef SSLHelloRetryRequestAction(PR_CALLBACK *SSLHelloRetryRequestCallback)(
-    PRBool firstHello, const PRUint8 *clientToken, unsigned int clientTokenLen,
-    PRUint8 *retryToken, unsigned int *retryTokenLen, unsigned int retryTokMax,
-    void *arg);
-
-#define SSL_HelloRetryRequestCallback(fd, cb, arg)                       \
-    SSL_EXPERIMENTAL_API("SSL_HelloRetryRequestCallback",                \
-                         (PRFileDesc * _fd,                              \
-                          SSLHelloRetryRequestCallback _cb, void *_arg), \
-                         (fd, cb, arg))
-
-/* Update traffic keys (TLS 1.3 only).
- *
- * The |requestUpdate| flag determines whether to request an update from the
- * remote peer.
- */
-#define SSL_KeyUpdate(fd, requestUpdate)                            \
-    SSL_EXPERIMENTAL_API("SSL_KeyUpdate",                           \
-                         (PRFileDesc * _fd, PRBool _requestUpdate), \
-                         (fd, requestUpdate))
-
-#define SSL_UseAltServerHelloType(fd, enable) \
-    SSL_DEPRECATED_EXPERIMENTAL_API
-
-SEC_END_PROTOS
-
-#endif /* __sslexp_h_ */
diff --git a/security/nss/lib/ssl/sslimpl.h b/security/nss/lib/ssl/sslimpl.h
index dee9aa20f..64694b0df 100644
--- a/security/nss/lib/ssl/sslimpl.h
+++ b/security/nss/lib/ssl/sslimpl.h
@@ -19,7 +19,6 @@
 #include "secport.h"
 #include "secerr.h"
 #include "sslerr.h"
-#include "sslexp.h"
 #include "ssl3prot.h"
 #include "hasht.h"
 #include "nssilock.h"
@@ -35,11 +34,36 @@
 #include "sslt.h" /* for some formerly private types, now public */
 
 typedef struct sslSocketStr sslSocket;
-typedef struct sslNamedGroupDefStr sslNamedGroupDef;
-#include "sslencode.h"
-#include "sslexp.h"
+typedef struct ssl3CipherSpecStr ssl3CipherSpec;
 #include "ssl3ext.h"
-#include "sslspec.h"
+
+/* to make some of these old enums public without namespace pollution,
+** it was necessary to prepend ssl_ to the names.
+** These #defines preserve compatibility with the old code here in libssl.
+*/
+typedef SSLMACAlgorithm SSL3MACAlgorithm;
+
+#define calg_null ssl_calg_null
+#define calg_rc4 ssl_calg_rc4
+#define calg_rc2 ssl_calg_rc2
+#define calg_des ssl_calg_des
+#define calg_3des ssl_calg_3des
+#define calg_idea ssl_calg_idea
+#define calg_fortezza ssl_calg_fortezza /* deprecated, must preserve */
+#define calg_aes ssl_calg_aes
+#define calg_camellia ssl_calg_camellia
+#define calg_seed ssl_calg_seed
+#define calg_aes_gcm ssl_calg_aes_gcm
+#define calg_chacha20 ssl_calg_chacha20
+
+#define mac_null ssl_mac_null
+#define mac_md5 ssl_mac_md5
+#define mac_sha ssl_mac_sha
+#define hmac_md5 ssl_hmac_md5
+#define hmac_sha ssl_hmac_sha
+#define hmac_sha256 ssl_hmac_sha256
+#define hmac_sha384 ssl_hmac_sha384
+#define mac_aead ssl_mac_aead
 
 #if defined(DEBUG) || defined(TRACE)
 #ifdef __cplusplus
@@ -136,7 +160,7 @@ typedef enum {
     ticket_allow_psk_sign_auth = 16
 } TLS13SessionTicketFlags;
 
-struct sslNamedGroupDefStr {
+typedef struct {
     /* The name is the value that is encoded on the wire in TLS. */
     SSLNamedGroup name;
     /* The number of bits in the group. */
@@ -148,8 +172,9 @@ struct sslNamedGroupDefStr {
     SECOidTag oidTag;
     /* Assume that the group is always supported. */
     PRBool assumeSupported;
-};
+} sslNamedGroupDef;
 
+typedef struct sslBufferStr sslBuffer;
 typedef struct sslConnectInfoStr sslConnectInfo;
 typedef struct sslGatherStr sslGather;
 typedef struct sslSecurityInfoStr sslSecurityInfo;
@@ -158,6 +183,8 @@ typedef struct sslSocketOpsStr sslSocketOps;
 
 typedef struct ssl3StateStr ssl3State;
 typedef struct ssl3CertNodeStr ssl3CertNode;
+typedef struct ssl3BulkCipherDefStr ssl3BulkCipherDef;
+typedef struct ssl3MACDefStr ssl3MACDef;
 typedef struct sslKeyPairStr sslKeyPair;
 typedef struct ssl3DHParamsStr ssl3DHParams;
 
@@ -174,6 +201,9 @@ typedef sslSessionID *(*sslSessionIDLookupFunc)(const PRIPv6Addr *addr,
                                                 unsigned char *sid,
                                                 unsigned int sidLen,
                                                 CERTCertDBHandle *dbHandle);
+typedef void (*sslCipherSpecChangedFunc)(void *arg,
+                                         PRBool sending,
+                                         ssl3CipherSpec *newSpec);
 
 /* Socket ops */
 struct sslSocketOpsStr {
@@ -199,9 +229,20 @@ struct sslSocketOpsStr {
 #define ssl_SEND_FLAG_FORCE_INTO_BUFFER 0x40000000
 #define ssl_SEND_FLAG_NO_BUFFER 0x20000000
 #define ssl_SEND_FLAG_NO_RETRANSMIT 0x08000000 /* DTLS only */
+#define ssl_SEND_FLAG_CAP_RECORD_VERSION \
+    0x04000000 /* TLS only */
 #define ssl_SEND_FLAG_MASK 0x7f000000
 
 /*
+** A buffer object.
+*/
+struct sslBufferStr {
+    unsigned char *buf;
+    unsigned int len;
+    unsigned int space;
+};
+
+/*
 ** SSL3 cipher suite policy and preference struct.
 */
 typedef struct {
@@ -241,7 +282,7 @@ typedef struct sslOptionsStr {
     unsigned int detectRollBack : 1;
     unsigned int noLocks : 1;
     unsigned int enableSessionTickets : 1;
-    unsigned int enableDeflate : 1; /* Deprecated. */
+    unsigned int enableDeflate : 1;
     unsigned int enableRenegotiation : 2;
     unsigned int requireSafeNegotiation : 1;
     unsigned int enableFalseStart : 1;
@@ -256,7 +297,7 @@ typedef struct sslOptionsStr {
     unsigned int enableSignedCertTimestamps : 1;
     unsigned int requireDHENamedGroups : 1;
     unsigned int enable0RttData : 1;
-    unsigned int enableTls13CompatMode : 1;
+    unsigned int enableShortHeaders : 1;
 } sslOptions;
 
 typedef enum { sslHandshakingUndetermined = 0,
@@ -341,13 +382,136 @@ struct sslGatherStr {
 #define GS_HEADER 1
 #define GS_DATA 2
 
+/*
+** ssl3State and CipherSpec structs
+*/
+
+/* The SSL bulk cipher definition */
+typedef enum {
+    cipher_null,
+    cipher_rc4,
+    cipher_des,
+    cipher_3des,
+    cipher_aes_128,
+    cipher_aes_256,
+    cipher_camellia_128,
+    cipher_camellia_256,
+    cipher_seed,
+    cipher_aes_128_gcm,
+    cipher_aes_256_gcm,
+    cipher_chacha20,
+    cipher_missing /* reserved for no such supported cipher */
+    /* This enum must match ssl3_cipherName[] in ssl3con.c.  */
+} SSL3BulkCipher;
+
+typedef enum { type_stream,
+               type_block,
+               type_aead } CipherType;
+
+#define MAX_IV_LENGTH 24
+
+typedef PRUint64 sslSequenceNumber;
+typedef PRUint16 DTLSEpoch;
+
+typedef void (*DTLSTimerCb)(sslSocket *);
+
 typedef struct {
     PRUint8 wrapped_master_secret[48];
     PRUint16 wrapped_master_secret_len;
+    PRUint8 msIsWrapped;
     PRUint8 resumable;
     PRUint8 extendedMasterSecretUsed;
 } ssl3SidKeys; /* 52 bytes */
 
+typedef struct {
+    PK11SymKey *write_key;
+    PK11SymKey *write_mac_key;
+    PK11Context *write_mac_context;
+    SECItem write_key_item;
+    SECItem write_iv_item;
+    SECItem write_mac_key_item;
+    PRUint8 write_iv[MAX_IV_LENGTH];
+} ssl3KeyMaterial;
+
+typedef SECStatus (*SSLCipher)(void *context,
+                               unsigned char *out,
+                               int *outlen,
+                               int maxout,
+                               const unsigned char *in,
+                               int inlen);
+typedef SECStatus (*SSLAEADCipher)(
+    ssl3KeyMaterial *keys,
+    PRBool doDecrypt,
+    unsigned char *out,
+    int *outlen,
+    int maxout,
+    const unsigned char *in,
+    int inlen,
+    const unsigned char *additionalData,
+    int additionalDataLen);
+typedef SECStatus (*SSLCompressor)(void *context,
+                                   unsigned char *out,
+                                   int *outlen,
+                                   int maxout,
+                                   const unsigned char *in,
+                                   int inlen);
+typedef SECStatus (*SSLDestroy)(void *context, PRBool freeit);
+
+/* The DTLS anti-replay window in number of packets. Defined here because we
+ * need it in the cipher spec. Note that this is a ring buffer but left and
+ * right represent the true window, with modular arithmetic used to map them
+ * onto the buffer.
+ */
+#define DTLS_RECVD_RECORDS_WINDOW 1024
+#define RECORD_SEQ_MAX ((1ULL << 48) - 1)
+PR_STATIC_ASSERT(DTLS_RECVD_RECORDS_WINDOW % 8 == 0);
+
+typedef struct DTLSRecvdRecordsStr {
+    unsigned char data[DTLS_RECVD_RECORDS_WINDOW / 8];
+    sslSequenceNumber left;
+    sslSequenceNumber right;
+} DTLSRecvdRecords;
+
+/*
+** These are the "specs" in the "ssl3" struct.
+** Access to the pointers to these specs, and all the specs' contents
+** (direct and indirect) is protected by the reader/writer lock ss->specLock.
+*/
+struct ssl3CipherSpecStr {
+    PRCList link;
+    const ssl3BulkCipherDef *cipher_def;
+    const ssl3MACDef *mac_def;
+    SSLCompressionMethod compression_method;
+    int mac_size;
+    SSLCipher encode;
+    SSLCipher decode;
+    SSLAEADCipher aead;
+    void *encodeContext;
+    void *decodeContext;
+    SSLCompressor compressor;   /* Don't name these fields compress */
+    SSLCompressor decompressor; /* and uncompress because zconf.h   */
+                                /* may define them as macros.       */
+    SSLDestroy destroyCompressContext;
+    void *compressContext;
+    SSLDestroy destroyDecompressContext;
+    void *decompressContext;
+    PK11SymKey *master_secret;
+    sslSequenceNumber write_seq_num;
+    sslSequenceNumber read_seq_num;
+    SSL3ProtocolVersion version;
+    ssl3KeyMaterial client;
+    ssl3KeyMaterial server;
+    SECItem msItem;
+    DTLSEpoch epoch;
+    DTLSRecvdRecords recvdRecords;
+    /* The number of 0-RTT bytes that can be sent or received in TLS 1.3. This
+     * will be zero for everything but 0-RTT. */
+    PRUint32 earlyDataRemaining;
+
+    PRUint8 refCt;
+    const char *phase;
+};
+
 typedef enum { never_cached,
                in_client_cache,
                in_server_cache,
@@ -363,7 +527,7 @@ struct sslSessionIDStr {
     sslSessionID *next; /* chain used for client sockets, only */
     Cached cached;
     int references;
-    PRTime lastAccessTime;
+    PRUint32 lastAccessTime; /* seconds since Jan 1, 1970 */
 
     /* The rest of the members, except for the members of u.ssl3.locked, may
      * be modified only when the sid is not in any cache.
@@ -381,15 +545,13 @@ struct sslSessionIDStr {
 
     SSL3ProtocolVersion version;
 
-    PRTime creationTime;
-    PRTime expirationTime;
+    PRUint32 creationTime;   /* seconds since Jan 1, 1970 */
+    PRUint32 expirationTime; /* seconds since Jan 1, 1970 */
 
     SSLAuthType authType;
     PRUint32 authKeyBits;
     SSLKEAType keaType;
     PRUint32 keaKeyBits;
-    SSLNamedGroup keaGroup;
-    SSLSignatureScheme sigScheme;
 
     union {
         struct {
@@ -398,6 +560,7 @@ struct sslSessionIDStr {
             PRUint8 sessionID[SSL3_SESSIONID_BYTES];
 
             ssl3CipherSuite cipherSuite;
+            SSLCompressionMethod compression;
             int policy;
             ssl3SidKeys keys;
             /* mechanism used to wrap master secret */
@@ -464,13 +627,13 @@ struct sslSessionIDStr {
     } u;
 };
 
-struct ssl3CipherSuiteDefStr {
+typedef struct ssl3CipherSuiteDefStr {
     ssl3CipherSuite cipher_suite;
     SSL3BulkCipher bulk_cipher_alg;
     SSL3MACAlgorithm mac_alg;
     SSL3KeyExchangeAlgorithm key_exchange_alg;
     SSLHashType prf_hash;
-};
+} ssl3CipherSuiteDef;
 
 /*
 ** There are tables of these, all const.
@@ -493,6 +656,37 @@ typedef struct {
     SECOidTag oid;
 } ssl3KEADef;
 
+/*
+** There are tables of these, all const.
+*/
+struct ssl3BulkCipherDefStr {
+    SSL3BulkCipher cipher;
+    SSLCipherAlgorithm calg;
+    unsigned int key_size;
+    unsigned int secret_key_size;
+    CipherType type;
+    unsigned int iv_size;
+    unsigned int block_size;
+    unsigned int tag_size;            /* for AEAD ciphers. */
+    unsigned int explicit_nonce_size; /* for AEAD ciphers. */
+    SECOidTag oid;
+    const char *short_name;
+    /* The maximum number of records that can be sent/received with the same
+      * symmetric key before the connection will be terminated. */
+    PRUint64 max_records;
+};
+
+/*
+** There are tables of these, all const.
+*/
+struct ssl3MACDefStr {
+    SSL3MACAlgorithm mac;
+    CK_MECHANISM_TYPE mmech;
+    int pad_size;
+    int mac_size;
+    SECOidTag oid;
+};
+
 typedef enum {
     ssl_0rtt_none,     /* 0-RTT not present */
     ssl_0rtt_sent,     /* 0-RTT sent (no decision yet) */
@@ -510,7 +704,6 @@ typedef enum {
 typedef enum {
     idle_handshake,
     wait_client_hello,
-    wait_end_of_early_data,
     wait_client_cert,
     wait_client_key,
     wait_cert_verify,
@@ -567,15 +760,14 @@ typedef enum {
     handshake_hash_record
 } SSL3HandshakeHashType;
 
-// A DTLS Timer.
-typedef void (*DTLSTimerCb)(sslSocket *);
-
-typedef struct {
-    const char *label;
-    DTLSTimerCb cb;
-    PRIntervalTime started;
-    PRUint32 timeout;
-} dtlsTimer;
+/* This holds state for TLS 1.3 CertificateRequest handling. */
+typedef struct TLS13CertificateRequestStr {
+    PLArenaPool *arena;
+    SECItem context;
+    SSLSignatureScheme *signatureSchemes;
+    unsigned int signatureSchemeCount;
+    CERTDistNames ca_list;
+} TLS13CertificateRequest;
 
 /*
 ** This is the "hs" member of the "ssl3" struct.
@@ -599,12 +791,13 @@ typedef struct SSL3HandshakeStateStr {
     const ssl3KEADef *kea_def;
     ssl3CipherSuite cipher_suite;
     const ssl3CipherSuiteDef *suite_def;
+    SSLCompressionMethod compression;
     sslBuffer msg_body; /* protected by recvBufLock */
                         /* partial handshake message from record layer */
     unsigned int header_bytes;
     /* number of bytes consumed from handshake */
     /* message for message type and header length */
-    SSLHandshakeType msg_type;
+    SSL3HandshakeType msg_type;
     unsigned long msg_len;
     PRBool isResuming;  /* we are resuming (not used in TLS 1.3) */
     PRBool sendingSCSV; /* instead of empty RI */
@@ -641,25 +834,25 @@ typedef struct SSL3HandshakeStateStr {
     PRCList remoteExtensions; /* Parsed incoming extensions */
 
     /* This group of values is used for DTLS */
-    PRUint16 sendMessageSeq;   /* The sending message sequence
+    PRUint16 sendMessageSeq;       /* The sending message sequence
                                     * number */
-    PRCList lastMessageFlight; /* The last message flight we
+    PRCList lastMessageFlight;     /* The last message flight we
                                     * sent */
-    PRUint16 maxMessageSent;   /* The largest message we sent */
-    PRUint16 recvMessageSeq;   /* The receiving message sequence
+    PRUint16 maxMessageSent;       /* The largest message we sent */
+    PRUint16 recvMessageSeq;       /* The receiving message sequence
                                     * number */
-    sslBuffer recvdFragments;  /* The fragments we have received in
+    sslBuffer recvdFragments;      /* The fragments we have received in
                                     * a bitmask */
-    PRInt32 recvdHighWater;    /* The high water mark for fragments
+    PRInt32 recvdHighWater;        /* The high water mark for fragments
                                     * received. -1 means no reassembly
                                     * in progress. */
-    SECItem cookie;            /* The Hello(Retry|Verify)Request cookie. */
-    dtlsTimer timers[3];       /* Holder for timers. */
-    dtlsTimer *rtTimer;        /* Retransmit timer. */
-    dtlsTimer *ackTimer;       /* Ack timer (DTLS 1.3 only). */
-    dtlsTimer *hdTimer;        /* Read cipher holddown timer (DLTS 1.3 only) */
-    PRUint32 rtRetries;        /* The retry counter */
-    SECItem srvVirtName;       /* for server: name that was negotiated
+    SECItem cookie;                /* The Hello(Retry|Verify)Request cookie. */
+    PRIntervalTime rtTimerStarted; /* When the timer was started */
+    DTLSTimerCb rtTimerCb;         /* The function to call on expiry */
+    PRUint32 rtTimeoutMs;          /* The length of the current timeout
+                                    * used for backoff (in ms) */
+    PRUint32 rtRetries;            /* The retry counter */
+    SECItem srvVirtName;           /* for server: name that was negotiated
                                     * with a client. For client - is
                                     * always set to NULL.*/
 
@@ -676,37 +869,22 @@ typedef struct SSL3HandshakeStateStr {
     PK11SymKey *serverTrafficSecret;      /* traffic keys */
     PK11SymKey *earlyExporterSecret;      /* for 0-RTT exporters */
     PK11SymKey *exporterSecret;           /* for exporters */
-    PRCList cipherSpecs;                  /* The cipher specs in the sequence they
-                                           * will be applied. */
-    sslZeroRttState zeroRttState;         /* Are we doing a 0-RTT handshake? */
-    sslZeroRttIgnore zeroRttIgnore;       /* Are we ignoring 0-RTT? */
-    ssl3CipherSuite zeroRttSuite;         /* The cipher suite we used for 0-RTT. */
-    PRCList bufferedEarlyData;            /* Buffered TLS 1.3 early data
-                                           * on server.*/
-    PRBool helloRetry;                    /* True if HelloRetryRequest has been sent
-                                           * or received. */
-    PRBool receivedCcs;                   /* A server received ChangeCipherSpec
-                                           * before the handshake started. */
-    PRBool clientCertRequested;           /* True if CertificateRequest received. */
-    ssl3KEADef kea_def_mutable;           /* Used to hold the writable kea_def
-                                           * we use for TLS 1.3 */
-    PRTime serverHelloTime;               /* Time the ServerHello flight was sent. */
-    PRUint16 ticketNonce;                 /* A counter we use for tickets. */
-    SECItem fakeSid;                      /* ... (server) the SID the client used. */
-    PRBool endOfFlight;                   /* Processed a full flight (DTLS 1.3). */
-
-    /* The following lists contain DTLSHandshakeRecordEntry */
-    PRCList dtlsSentHandshake; /* Used to map records to handshake fragments. */
-    PRCList dtlsRcvdHandshake; /* Handshake records we have received
-                                * used to generate ACKs. */
+    /* The certificate request from the server. */
+    TLS13CertificateRequest *certificateRequest;
+    PRCList cipherSpecs;            /* The cipher specs in the sequence they
+                                     * will be applied. */
+    sslZeroRttState zeroRttState;   /* Are we doing a 0-RTT handshake? */
+    sslZeroRttIgnore zeroRttIgnore; /* Are we ignoring 0-RTT? */
+    ssl3CipherSuite zeroRttSuite;   /* The cipher suite we used for 0-RTT. */
+    PRCList bufferedEarlyData;      /* Buffered TLS 1.3 early data
+                                     * on server.*/
+    PRBool helloRetry;              /* True if HelloRetryRequest has been sent
+                                     * or received. */
+    ssl3KEADef kea_def_mutable;     /* Used to hold the writable kea_def
+                                     * we use for TLS 1.3 */
+    PRBool shortHeaders;            /* Assigned if we are doing short headers. */
 } SSL3HandshakeState;
 
-#define SSL_ASSERT_HASHES_EMPTY(ss)                                  \
-    do {                                                             \
-        PORT_Assert(ss->ssl3.hs.hashType == handshake_hash_unknown); \
-        PORT_Assert(ss->ssl3.hs.messages.len == 0);                  \
-    } while (0)
-
 /*
 ** This is the "ssl3" struct, as in "ss->ssl3".
 ** note:
@@ -726,10 +904,6 @@ struct ssl3StateStr {
     ssl3CipherSpec *cwSpec; /* current write spec. */
     ssl3CipherSpec *pwSpec; /* pending write spec. */
 
-    /* This is true after the peer requests a key update; false after a key
-     * update is initiated locally. */
-    PRBool peerRequestedKeyUpdate;
-
     /* Internal callback for when we do a cipher suite change. Used for
      * debugging in TLS 1.3. This can only be set by non-public functions. */
     sslCipherSpecChangedFunc changedCipherSpecFunc;
@@ -750,7 +924,9 @@ struct ssl3StateStr {
     /* chain while we are trying to validate it.   */
     CERTDistNames *ca_list;
     /* used by server.  trusted CAs for this socket. */
+    PRBool initialized;
     SSL3HandshakeState hs;
+    ssl3CipherSpec specs[2]; /* one is current, one is pending. */
 
     PRUint16 mtu; /* Our estimate of the MTU */
 
@@ -819,12 +995,11 @@ typedef struct SessionTicketStr {
     PRBool valid;
     SSL3ProtocolVersion ssl_version;
     ssl3CipherSuite cipher_suite;
+    SSLCompressionMethod compression_method;
     SSLAuthType authType;
     PRUint32 authKeyBits;
     SSLKEAType keaType;
     PRUint32 keaKeyBits;
-    SSLNamedGroup originalKeaGroup;
-    SSLSignatureScheme signatureScheme;
     const sslNamedGroupDef *namedCurve; /* For certificate lookup. */
 
     /*
@@ -837,13 +1012,11 @@ typedef struct SessionTicketStr {
     PRBool extendedMasterSecretUsed;
     ClientAuthenticationType client_auth_type;
     SECItem peer_cert;
-    PRTime timestamp;
+    PRUint32 timestamp;
     PRUint32 flags;
     SECItem srvName; /* negotiated server name */
     SECItem alpnSelection;
     PRUint32 maxEarlyData;
-    PRUint32 ticketAgeBaseline;
-    SECItem applicationToken;
 } SessionTicket;
 
 /*
@@ -893,7 +1066,6 @@ struct sslSecurityInfoStr {
     SSLKEAType keaType;
     PRUint32 keaKeyBits;
     const sslNamedGroupDef *keaGroup;
-    const sslNamedGroupDef *originalKeaGroup;
     /* The selected certificate (for servers only). */
     const sslServerCert *serverCert;
 
@@ -979,9 +1151,6 @@ struct sslSocketStr {
     void *pkcs11PinArg;
     SSLNextProtoCallback nextProtoCallback;
     void *nextProtoArg;
-    SSLHelloRetryRequestCallback hrrCallback;
-    void *hrrCallbackArg;
-    PRCList extensionHooks;
 
     PRIntervalTime rTimeout; /* timeout for NSPR I/O */
     PRIntervalTime wTimeout; /* timeout for NSPR I/O */
@@ -1072,7 +1241,6 @@ extern char ssl_debug;
 extern char ssl_trace;
 extern FILE *ssl_trace_iob;
 extern FILE *ssl_keylog_iob;
-extern PZLock *ssl_keylog_lock;
 extern PRUint32 ssl3_sid_timeout;
 extern PRUint32 ssl_ticket_lifetime;
 extern PRUint32 ssl_max_early_data_size;
@@ -1163,10 +1331,14 @@ extern SECStatus ssl_BeginClientHandshake(sslSocket *ss);
 extern SECStatus ssl_BeginServerHandshake(sslSocket *ss);
 extern int ssl_Do1stHandshake(sslSocket *ss);
 
+extern SECStatus sslBuffer_Grow(sslBuffer *b, unsigned int newLen);
+extern SECStatus sslBuffer_Append(sslBuffer *b, const void *data,
+                                  unsigned int len);
+extern void sslBuffer_Clear(sslBuffer *b);
+
 extern void ssl_ChooseSessionIDProcs(sslSecurityInfo *sec);
 
-extern SECStatus ssl3_InitPendingCipherSpecs(sslSocket *ss, PK11SymKey *secret,
-                                             PRBool derive);
+extern void ssl3_InitCipherSpec(ssl3CipherSpec *spec);
 extern sslSessionID *ssl3_NewSessionID(sslSocket *ss, PRBool is_server);
 extern sslSessionID *ssl_LookupSID(const PRIPv6Addr *addr, PRUint16 port,
                                    const char *peerID, const char *urlSvrName);
@@ -1191,20 +1363,11 @@ extern SECStatus ssl_CipherPrefSetDefault(PRInt32 which, PRBool enabled);
 
 extern SECStatus ssl3_ConstrainRangeByPolicy(void);
 
-extern SECStatus ssl3_InitState(sslSocket *ss);
-extern SECStatus Null_Cipher(void *ctx, unsigned char *output, int *outputLen,
-                             int maxOutputLen, const unsigned char *input,
-                             int inputLen);
+extern void ssl3_InitState(sslSocket *ss);
 extern void ssl3_RestartHandshakeHashes(sslSocket *ss);
 extern SECStatus ssl3_UpdateHandshakeHashes(sslSocket *ss,
                                             const unsigned char *b,
                                             unsigned int l);
-SECStatus
-ssl_HashHandshakeMessageInt(sslSocket *ss, SSLHandshakeType type,
-                            PRUint32 dtlsSeq,
-                            const PRUint8 *b, PRUint32 length);
-SECStatus ssl_HashHandshakeMessage(sslSocket *ss, SSLHandshakeType type,
-                                   const PRUint8 *b, PRUint32 length);
 
 /* Returns PR_TRUE if we are still waiting for the server to complete its
  * response to our client second round. Once we've received the Finished from
@@ -1217,14 +1380,21 @@ extern PRInt32 ssl3_SendRecord(sslSocket *ss, ssl3CipherSpec *cwSpec,
                                const PRUint8 *pIn, PRInt32 nIn,
                                PRInt32 flags);
 
-/* Clear any PRCList, optionally calling f on the value. */
-void ssl_ClearPRCList(PRCList *list, void (*f)(void *));
+#ifdef NSS_SSL_ENABLE_ZLIB
+/*
+ * The DEFLATE algorithm can result in an expansion of 0.1% + 12 bytes. For a
+ * maximum TLS record payload of 2**14 bytes, that's 29 bytes.
+ */
+#define SSL3_COMPRESSION_MAX_EXPANSION 29
+#else /* !NSS_SSL_ENABLE_ZLIB */
+#define SSL3_COMPRESSION_MAX_EXPANSION 0
+#endif
 
 /*
- * Make sure there is room in the write buffer for padding and
- * cryptographic expansions.
+ * make sure there is room in the write buffer for padding and
+ * other compression and cryptographic expansions.
  */
-#define SSL3_BUFFER_FUDGE 100
+#define SSL3_BUFFER_FUDGE 100 + SSL3_COMPRESSION_MAX_EXPANSION
 
 #define SSL_LOCK_READER(ss) \
     if (ss->recvLock)       \
@@ -1377,7 +1547,7 @@ extern SECStatus ssl3_AuthCertificateComplete(sslSocket *ss, PRErrorCode error);
  * for dealing with SSL 3.0 clients sending SSL 2.0 format hellos
  */
 extern SECStatus ssl3_HandleV2ClientHello(
-    sslSocket *ss, unsigned char *buffer, unsigned int length, PRUint8 padding);
+    sslSocket *ss, unsigned char *buffer, int length, PRUint8 padding);
 
 SECStatus ssl3_SendClientHello(sslSocket *ss, sslClientHelloType type);
 
@@ -1413,7 +1583,7 @@ extern PRBool ssl_HaveEphemeralKeyPair(const sslSocket *ss,
                                        const sslNamedGroupDef *groupDef);
 extern void ssl_FreeEphemeralKeyPairs(sslSocket *ss);
 
-extern SECStatus ssl_AppendPaddedDHKeyShare(sslBuffer *buf,
+extern SECStatus ssl_AppendPaddedDHKeyShare(const sslSocket *ss,
                                             const SECKEYPublicKey *pubKey,
                                             PRBool appendLength);
 extern const ssl3DHParams *ssl_GetDHEParams(const sslNamedGroupDef *groupDef);
@@ -1475,10 +1645,6 @@ extern SECStatus ssl_ClientReadVersion(sslSocket *ss, PRUint8 **b,
 extern SECStatus ssl3_NegotiateVersion(sslSocket *ss,
                                        SSL3ProtocolVersion peerVersion,
                                        PRBool allowLargerPeerVersion);
-extern SECStatus ssl_ClientSetCipherSuite(sslSocket *ss,
-                                          SSL3ProtocolVersion version,
-                                          ssl3CipherSuite suite,
-                                          PRBool initHashes);
 
 extern SECStatus ssl_GetPeerInfo(sslSocket *ss);
 
@@ -1494,11 +1660,23 @@ extern SECStatus ssl3_SendECDHServerKeyExchange(sslSocket *ss);
 extern SECStatus ssl_ImportECDHKeyShare(
     sslSocket *ss, SECKEYPublicKey *peerKey,
     PRUint8 *b, PRUint32 length, const sslNamedGroupDef *curve);
+SECStatus tls13_EncodeECDHEKeyShareKEX(const sslSocket *ss,
+                                       const SECKEYPublicKey *pubKey);
 
 extern SECStatus ssl3_ComputeCommonKeyHash(SSLHashType hashAlg,
                                            PRUint8 *hashBuf,
                                            unsigned int bufLen,
                                            SSL3Hashes *hashes);
+extern void ssl3_DestroyCipherSpec(ssl3CipherSpec *spec, PRBool freeSrvName);
+extern SECStatus ssl3_InitPendingCipherSpec(sslSocket *ss, PK11SymKey *pms);
+extern SECStatus ssl3_AppendHandshake(sslSocket *ss, const void *void_src,
+                                      PRInt32 bytes);
+extern SECStatus ssl3_AppendHandshakeHeader(sslSocket *ss,
+                                            SSL3HandshakeType t, PRUint32 length);
+extern SECStatus ssl3_AppendHandshakeNumber(sslSocket *ss, PRInt32 num,
+                                            PRInt32 lenSize);
+extern SECStatus ssl3_AppendHandshakeVariable(sslSocket *ss,
+                                              const PRUint8 *src, PRInt32 bytes, PRInt32 lenSize);
 extern SECStatus ssl3_AppendSignatureAndHashAlgorithm(
     sslSocket *ss, const SSLSignatureAndHashAlg *sigAndHash);
 extern SECStatus ssl3_ConsumeHandshake(sslSocket *ss, void *v, PRUint32 bytes,
@@ -1506,12 +1684,11 @@ extern SECStatus ssl3_ConsumeHandshake(sslSocket *ss, void *v, PRUint32 bytes,
 extern SECStatus ssl3_ConsumeHandshakeNumber(sslSocket *ss, PRUint32 *num,
                                              PRUint32 bytes, PRUint8 **b,
                                              PRUint32 *length);
-extern SECStatus ssl3_ConsumeHandshakeNumber64(sslSocket *ss, PRUint64 *num,
-                                               PRUint32 bytes, PRUint8 **b,
-                                               PRUint32 *length);
 extern SECStatus ssl3_ConsumeHandshakeVariable(sslSocket *ss, SECItem *i,
                                                PRUint32 bytes, PRUint8 **b,
                                                PRUint32 *length);
+extern PRUint8 *ssl_EncodeUintX(PRUint64 value, unsigned int bytes,
+                                PRUint8 *to);
 extern PRBool ssl_IsSupportedSignatureScheme(SSLSignatureScheme scheme);
 extern SECStatus ssl_CheckSignatureSchemeConsistency(
     sslSocket *ss, SSLSignatureScheme scheme, CERTCertificate *cert);
@@ -1526,20 +1703,16 @@ extern SECStatus ssl3_SignHashes(sslSocket *ss, SSL3Hashes *hash,
                                  SECKEYPrivateKey *key, SECItem *buf);
 extern SECStatus ssl3_VerifySignedHashes(sslSocket *ss, SSLSignatureScheme scheme,
                                          SSL3Hashes *hash, SECItem *buf);
-extern SECStatus ssl3_CacheWrappedSecret(sslSocket *ss, sslSessionID *sid,
-                                         PK11SymKey *secret);
+extern SECStatus ssl3_CacheWrappedMasterSecret(
+    sslSocket *ss, sslSessionID *sid, ssl3CipherSpec *spec);
 extern void ssl3_FreeSniNameArray(TLSExtensionData *xtnData);
 
 /* Hello Extension related routines. */
 extern void ssl3_SetSIDSessionTicket(sslSessionID *sid,
                                      /*in/out*/ NewSessionTicket *session_ticket);
 SECStatus ssl3_EncodeSessionTicket(sslSocket *ss,
-                                   const NewSessionTicket *ticket,
-                                   const PRUint8 *appToken,
-                                   unsigned int appTokenLen,
-                                   PK11SymKey *secret, SECItem *ticket_data);
-SECStatus SSLExp_SendSessionTicket(PRFileDesc *fd, const PRUint8 *token,
-                                   unsigned int tokenLen);
+                                   const NewSessionTicket *ticket_input,
+                                   SECItem *ticket_data);
 
 SECStatus ssl_MaybeSetSelfEncryptKeyPair(const sslKeyPair *keyPair);
 SECStatus ssl_GetSelfEncryptKeys(sslSocket *ss, unsigned char *keyName,
@@ -1555,7 +1728,7 @@ extern void ssl_FreePRSocket(PRFileDesc *fd);
 
 /* Internal config function so SSL3 can initialize the present state of
  * various ciphers */
-extern unsigned int ssl3_config_match_init(sslSocket *);
+extern int ssl3_config_match_init(sslSocket *);
 
 /* calls for accessing wrapping keys across processes. */
 extern SECStatus
@@ -1585,11 +1758,44 @@ extern SECStatus ssl_InitSessionCacheLocks(PRBool lazyInit);
 
 extern SECStatus ssl_FreeSessionCacheLocks(void);
 
+/**************** DTLS-specific functions **************/
+extern void dtls_FreeHandshakeMessage(DTLSQueuedMessage *msg);
+extern void dtls_FreeHandshakeMessages(PRCList *lst);
+
+extern SECStatus dtls_HandleHandshake(sslSocket *ss, sslBuffer *origBuf);
+extern SECStatus dtls_HandleHelloVerifyRequest(sslSocket *ss,
+                                               PRUint8 *b, PRUint32 length);
+extern SECStatus dtls_StageHandshakeMessage(sslSocket *ss);
+extern SECStatus dtls_QueueMessage(sslSocket *ss, SSL3ContentType type,
+                                   const PRUint8 *pIn, PRInt32 nIn);
+extern SECStatus dtls_FlushHandshakeMessages(sslSocket *ss, PRInt32 flags);
+SECStatus ssl3_DisableNonDTLSSuites(sslSocket *ss);
+extern SECStatus dtls_StartHolddownTimer(sslSocket *ss);
+extern void dtls_CheckTimer(sslSocket *ss);
+extern void dtls_CancelTimer(sslSocket *ss);
+extern void dtls_SetMTU(sslSocket *ss, PRUint16 advertised);
+extern void dtls_InitRecvdRecords(DTLSRecvdRecords *records);
+extern int dtls_RecordGetRecvd(const DTLSRecvdRecords *records,
+                               sslSequenceNumber seq);
+extern void dtls_RecordSetRecvd(DTLSRecvdRecords *records,
+                                sslSequenceNumber seq);
+extern void dtls_RehandshakeCleanup(sslSocket *ss);
+extern SSL3ProtocolVersion
+dtls_TLSVersionToDTLSVersion(SSL3ProtocolVersion tlsv);
+extern SSL3ProtocolVersion
+dtls_DTLSVersionToTLSVersion(SSL3ProtocolVersion dtlsv);
+extern PRBool dtls_IsRelevant(sslSocket *ss, const SSL3Ciphertext *cText,
+                              PRBool *sameEpoch, PRUint64 *seqNum);
+extern SECStatus dtls_MaybeRetransmitHandshake(sslSocket *ss,
+                                               const SSL3Ciphertext *cText,
+                                               PRBool sameEpoch);
+
 CK_MECHANISM_TYPE ssl3_Alg2Mech(SSLCipherAlgorithm calg);
 SECStatus ssl3_NegotiateCipherSuite(sslSocket *ss, const SECItem *suites,
                                     PRBool initHashes);
 SECStatus ssl3_InitHandshakeHashes(sslSocket *ss);
 SECStatus ssl3_ServerCallSNICallback(sslSocket *ss);
+SECStatus ssl3_SetupPendingCipherSpec(sslSocket *ss);
 SECStatus ssl3_FlushHandshake(sslSocket *ss, PRInt32 flags);
 SECStatus ssl3_CompleteHandleCertificate(sslSocket *ss,
                                          PRUint8 *b, PRUint32 length);
@@ -1601,21 +1807,17 @@ SECStatus ssl3_SendCertificateStatus(sslSocket *ss);
 SECStatus ssl3_AuthCertificate(sslSocket *ss);
 SECStatus ssl_ReadCertificateStatus(sslSocket *ss, PRUint8 *b,
                                     PRUint32 length);
-SECStatus ssl3_EncodeSigAlgs(const sslSocket *ss, sslBuffer *buf);
-SECStatus ssl_GetCertificateRequestCAs(const sslSocket *ss,
-                                       unsigned int *calenp,
-                                       const SECItem **namesp,
-                                       unsigned int *nnamesp);
+SECStatus ssl3_EncodeSigAlgs(const sslSocket *ss, PRUint8 *buf,
+                             unsigned maxLen, PRUint32 *len);
+SECStatus ssl_GetCertificateRequestCAs(sslSocket *ss, unsigned int *calenp,
+                                       SECItem **namesp, unsigned int *nnamesp);
 SECStatus ssl3_ParseCertificateRequestCAs(sslSocket *ss, PRUint8 **b,
-                                          PRUint32 *length, CERTDistNames *ca_list);
+                                          PRUint32 *length, PLArenaPool *arena,
+                                          CERTDistNames *ca_list);
 SECStatus ssl3_CompleteHandleCertificateRequest(
     sslSocket *ss, const SSLSignatureScheme *signatureSchemes,
     unsigned int signatureSchemeCount, CERTDistNames *ca_list);
-SECStatus ssl_ConstructServerHello(sslSocket *ss, PRBool helloRetry,
-                                   const sslBuffer *extensionBuf,
-                                   sslBuffer *messageBuf);
 SECStatus ssl3_SendServerHello(sslSocket *ss);
-SECStatus ssl3_SendChangeCipherSpecsInt(sslSocket *ss);
 SECStatus ssl3_ComputeHandshakeHashes(sslSocket *ss,
                                       ssl3CipherSpec *spec,
                                       SSL3Hashes *hashes,
@@ -1630,9 +1832,10 @@ PK11SymKey *ssl3_GetWrappingKey(sslSocket *ss,
                                 PK11SlotInfo *masterSecretSlot,
                                 CK_MECHANISM_TYPE masterWrapMech,
                                 void *pwArg);
-SECStatus ssl3_FillInCachedSID(sslSocket *ss, sslSessionID *sid,
-                               PK11SymKey *secret);
+SECStatus ssl3_FillInCachedSID(sslSocket *ss, sslSessionID *sid);
 const ssl3CipherSuiteDef *ssl_LookupCipherSuiteDef(ssl3CipherSuite suite);
+const ssl3BulkCipherDef *
+ssl_GetBulkCipherDef(const ssl3CipherSuiteDef *cipher_def);
 SECStatus ssl3_SelectServerCert(sslSocket *ss);
 SECStatus ssl_PickSignatureScheme(sslSocket *ss,
                                   SECKEYPublicKey *pubKey,
@@ -1644,14 +1847,11 @@ SECOidTag ssl3_HashTypeToOID(SSLHashType hashType);
 SSLHashType ssl_SignatureSchemeToHashType(SSLSignatureScheme scheme);
 KeyType ssl_SignatureSchemeToKeyType(SSLSignatureScheme scheme);
 
-SECStatus ssl3_SetupCipherSuite(sslSocket *ss, PRBool initHashes);
-
-/* Pull in DTLS functions */
-#include "dtlscon.h"
+SECStatus ssl3_SetCipherSuite(sslSocket *ss, ssl3CipherSuite chosenSuite,
+                              PRBool initHashes);
 
 /* Pull in TLS 1.3 functions */
 #include "tls13con.h"
-#include "dtls13con.h"
 
 /********************** misc calls *********************/
 
@@ -1661,27 +1861,22 @@ extern void ssl3_CheckCipherSuiteOrderConsistency();
 
 extern int ssl_MapLowLevelError(int hiLevelError);
 
-extern PRUint32 ssl_TimeSec(void);
-#ifdef UNSAFE_FUZZER_MODE
-#define ssl_TimeUsec() ((PRTime)12345678)
-#else
-#define ssl_TimeUsec() (PR_Now())
-#endif
+extern PRUint32 ssl_Time(void);
 extern PRBool ssl_TicketTimeValid(const NewSessionTicket *ticket);
 
 extern void SSL_AtomicIncrementLong(long *x);
 
 SECStatus ssl3_ApplyNSSPolicy(void);
 
+extern HASH_HashType
+ssl3_GetTls12HashType(sslSocket *ss);
+
 extern SECStatus
 ssl3_TLSPRFWithMasterSecret(sslSocket *ss, ssl3CipherSpec *spec,
                             const char *label, unsigned int labelLen,
                             const unsigned char *val, unsigned int valLen,
                             unsigned char *out, unsigned int outLen);
 
-extern void
-ssl3_RecordKeyLog(sslSocket *ss, const char *label, PK11SymKey *secret);
-
 PRBool ssl_AlpnTagAllowed(const sslSocket *ss, const SECItem *tag);
 
 #ifdef TRACE
diff --git a/security/nss/lib/ssl/sslinfo.c b/security/nss/lib/ssl/sslinfo.c
index 4e58c5ae7..88162d814 100644
--- a/security/nss/lib/ssl/sslinfo.c
+++ b/security/nss/lib/ssl/sslinfo.c
@@ -2,12 +2,26 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-#include "pk11pub.h"
 #include "ssl.h"
 #include "sslimpl.h"
 #include "sslproto.h"
 #include "tls13hkdf.h"
 
+static const char *
+ssl_GetCompressionMethodName(SSLCompressionMethod compression)
+{
+    switch (compression) {
+        case ssl_compression_null:
+            return "NULL";
+#ifdef NSS_ENABLE_ZLIB
+        case ssl_compression_deflate:
+            return "DEFLATE";
+#endif
+        default:
+            return "???";
+    }
+}
+
 SECStatus
 SSL_GetChannelInfo(PRFileDesc *fd, SSLChannelInfo *info, PRUintn len)
 {
@@ -34,58 +48,48 @@ SSL_GetChannelInfo(PRFileDesc *fd, SSLChannelInfo *info, PRUintn len)
     inf.length = PR_MIN(sizeof inf, len);
 
     if (ss->opt.useSecurity && ss->enoughFirstHsDone) {
-        SSLCipherSuiteInfo cinfo;
-        SECStatus rv;
-
         sid = ss->sec.ci.sid;
         inf.protocolVersion = ss->version;
         inf.authKeyBits = ss->sec.authKeyBits;
         inf.keaKeyBits = ss->sec.keaKeyBits;
-
-        ssl_GetSpecReadLock(ss);
-        /* XXX  The cipher suite should be in the specs and this
-         * function should get it from cwSpec rather than from the "hs".
-         * See bug 275744 comment 69 and bug 766137.
-         */
-        inf.cipherSuite = ss->ssl3.hs.cipher_suite;
-        ssl_ReleaseSpecReadLock(ss);
-        inf.compressionMethod = ssl_compression_null;
-        inf.compressionMethodName = "NULL";
-
-        /* Fill in the cipher details from the cipher suite. */
-        rv = SSL_GetCipherSuiteInfo(inf.cipherSuite,
-                                    &cinfo, sizeof(cinfo));
-        if (rv != SECSuccess) {
-            return SECFailure; /* Error code already set. */
-        }
-        inf.symCipher = cinfo.symCipher;
-        inf.macAlgorithm = cinfo.macAlgorithm;
-        /* Get these fromm |ss->sec| because that is accurate
-         * even with TLS 1.3 disaggregated cipher suites. */
-        inf.keaType = ss->sec.keaType;
-        inf.originalKeaGroup = ss->sec.originalKeaGroup
-                                   ? ss->sec.originalKeaGroup->name
-                                   : ssl_grp_none;
-        inf.keaGroup = ss->sec.keaGroup
-                           ? ss->sec.keaGroup->name
-                           : ssl_grp_none;
-        inf.keaKeyBits = ss->sec.keaKeyBits;
-        inf.authType = ss->sec.authType;
-        inf.authKeyBits = ss->sec.authKeyBits;
-        inf.signatureScheme = ss->sec.signatureScheme;
-        /* If this is a resumed session, signatureScheme isn't set in ss->sec.
-         * Use the signature scheme from the previous handshake. */
-        if (inf.signatureScheme == ssl_sig_none && sid->sigScheme) {
-            inf.signatureScheme = sid->sigScheme;
+        if (ss->ssl3.initialized) {
+            SSLCipherSuiteInfo cinfo;
+            SECStatus rv;
+
+            ssl_GetSpecReadLock(ss);
+            /* XXX  The cipher suite should be in the specs and this
+             * function should get it from cwSpec rather than from the "hs".
+             * See bug 275744 comment 69 and bug 766137.
+             */
+            inf.cipherSuite = ss->ssl3.hs.cipher_suite;
+            inf.compressionMethod = ss->ssl3.cwSpec->compression_method;
+            ssl_ReleaseSpecReadLock(ss);
+            inf.compressionMethodName =
+                ssl_GetCompressionMethodName(inf.compressionMethod);
+
+            /* Fill in the cipher details from the cipher suite. */
+            rv = SSL_GetCipherSuiteInfo(inf.cipherSuite,
+                                        &cinfo, sizeof(cinfo));
+            if (rv != SECSuccess) {
+                return SECFailure; /* Error code already set. */
+            }
+            inf.symCipher = cinfo.symCipher;
+            inf.macAlgorithm = cinfo.macAlgorithm;
+            /* Get these fromm |ss->sec| because that is accurate
+             * even with TLS 1.3 disaggregated cipher suites. */
+            inf.keaType = ss->sec.keaType;
+            inf.keaGroup = ss->sec.keaGroup ? ss->sec.keaGroup->name : ssl_grp_none;
+            inf.keaKeyBits = ss->sec.keaKeyBits;
+            inf.authType = ss->sec.authType;
+            inf.authKeyBits = ss->sec.authKeyBits;
+            inf.signatureScheme = ss->sec.signatureScheme;
         }
-        inf.resumed = ss->statelessResume || ss->ssl3.hs.isResuming;
-
         if (sid) {
             unsigned int sidLen;
 
-            inf.creationTime = sid->creationTime / PR_USEC_PER_SEC;
-            inf.lastAccessTime = sid->lastAccessTime / PR_USEC_PER_SEC;
-            inf.expirationTime = sid->expirationTime / PR_USEC_PER_SEC;
+            inf.creationTime = sid->creationTime;
+            inf.lastAccessTime = sid->lastAccessTime;
+            inf.expirationTime = sid->expirationTime;
             inf.extendedMasterSecretUsed =
                 (ss->version >= SSL_LIBRARY_VERSION_TLS_1_3 ||
                  sid->u.ssl3.keys.extendedMasterSecretUsed)
@@ -192,17 +196,17 @@ SSL_GetPreliminaryChannelInfo(PRFileDesc *fd,
 #define K_ANY "TLS 1.3", ssl_kea_tls13_any
 
 /* record protection cipher */
-#define C_SEED "SEED", ssl_calg_seed
-#define C_CAMELLIA "CAMELLIA", ssl_calg_camellia
-#define C_AES "AES", ssl_calg_aes
-#define C_RC4 "RC4", ssl_calg_rc4
-#define C_RC2 "RC2", ssl_calg_rc2
-#define C_DES "DES", ssl_calg_des
-#define C_3DES "3DES", ssl_calg_3des
-#define C_NULL "NULL", ssl_calg_null
-#define C_SJ "SKIPJACK", ssl_calg_sj
-#define C_AESGCM "AES-GCM", ssl_calg_aes_gcm
-#define C_CHACHA20 "CHACHA20POLY1305", ssl_calg_chacha20
+#define C_SEED "SEED", calg_seed
+#define C_CAMELLIA "CAMELLIA", calg_camellia
+#define C_AES "AES", calg_aes
+#define C_RC4 "RC4", calg_rc4
+#define C_RC2 "RC2", calg_rc2
+#define C_DES "DES", calg_des
+#define C_3DES "3DES", calg_3des
+#define C_NULL "NULL", calg_null
+#define C_SJ "SKIPJACK", calg_sj
+#define C_AESGCM "AES-GCM", calg_aes_gcm
+#define C_CHACHA20 "CHACHA20POLY1305", calg_chacha20
 
 /* "block cipher" sizes */
 #define B_256 256, 256, 256
@@ -363,7 +367,8 @@ SSL_GetNegotiatedHostInfo(PRFileDesc *fd)
     }
 
     if (ss->sec.isServer) {
-        if (ss->version > SSL_LIBRARY_VERSION_3_0) { /* TLS */
+        if (ss->version > SSL_LIBRARY_VERSION_3_0 &&
+            ss->ssl3.initialized) { /* TLS */
             SECItem *crsName;
             ssl_GetSpecReadLock(ss); /*********************************/
             crsName = &ss->ssl3.hs.srvVirtName;
@@ -387,47 +392,22 @@ SSL_GetNegotiatedHostInfo(PRFileDesc *fd)
     return sniName;
 }
 
-/*
- *     HKDF-Expand-Label(Derive-Secret(Secret, label, ""),
- *                       "exporter", Hash(context_value), key_length)
- */
 static SECStatus
 tls13_Exporter(sslSocket *ss, PK11SymKey *secret,
                const char *label, unsigned int labelLen,
                const unsigned char *context, unsigned int contextLen,
                unsigned char *out, unsigned int outLen)
 {
-    SSL3Hashes contextHash;
-    PK11SymKey *innerSecret = NULL;
-    SECStatus rv;
-
-    static const char *kExporterInnerLabel = "exporter";
-
     if (!secret) {
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
         return SECFailure;
     }
 
-    /* Pre-hash the context. */
-    rv = tls13_ComputeHash(ss, &contextHash, context, contextLen);
-    if (rv != SECSuccess) {
-        return rv;
-    }
-
-    rv = tls13_DeriveSecretNullHash(ss, secret, label, labelLen,
-                                    &innerSecret);
-    if (rv != SECSuccess) {
-        return rv;
-    }
-
-    rv = tls13_HkdfExpandLabelRaw(innerSecret,
-                                  tls13_GetHash(ss),
-                                  contextHash.u.raw, contextHash.len,
-                                  kExporterInnerLabel,
-                                  strlen(kExporterInnerLabel),
-                                  out, outLen);
-    PK11_FreeSymKey(innerSecret);
-    return rv;
+    return tls13_HkdfExpandLabelRaw(secret,
+                                    tls13_GetHash(ss),
+                                    context, contextLen,
+                                    label, labelLen,
+                                    out, outLen);
 }
 
 SECStatus
@@ -477,9 +457,9 @@ SSL_ExportKeyingMaterial(PRFileDesc *fd,
         return SECFailure;
     }
     i = 0;
-    PORT_Memcpy(val + i, ss->ssl3.hs.client_random, SSL3_RANDOM_LENGTH);
+    PORT_Memcpy(val + i, &ss->ssl3.hs.client_random.rand, SSL3_RANDOM_LENGTH);
     i += SSL3_RANDOM_LENGTH;
-    PORT_Memcpy(val + i, ss->ssl3.hs.server_random, SSL3_RANDOM_LENGTH);
+    PORT_Memcpy(val + i, &ss->ssl3.hs.server_random.rand, SSL3_RANDOM_LENGTH);
     i += SSL3_RANDOM_LENGTH;
     if (hasContext) {
         val[i++] = contextLen >> 8;
@@ -493,7 +473,7 @@ SSL_ExportKeyingMaterial(PRFileDesc *fd,
      * secret is available and we have sent ChangeCipherSpec.
      */
     ssl_GetSpecReadLock(ss);
-    if (!ss->ssl3.cwSpec->masterSecret) {
+    if (!ss->ssl3.cwSpec->master_secret && !ss->ssl3.cwSpec->msItem.len) {
         PORT_SetError(SSL_ERROR_HANDSHAKE_NOT_COMPLETED);
         rv = SECFailure;
     } else {
diff --git a/security/nss/lib/ssl/sslnonce.c b/security/nss/lib/ssl/sslnonce.c
index 228834e3d..7ad1c6bc7 100644
--- a/security/nss/lib/ssl/sslnonce.c
+++ b/security/nss/lib/ssl/sslnonce.c
@@ -256,7 +256,7 @@ ssl_LookupSID(const PRIPv6Addr *addr, PRUint16 port, const char *peerID,
 
     if (!urlSvrName)
         return NULL;
-    now = ssl_TimeSec();
+    now = ssl_Time();
     LOCK_CACHE;
     sidp = &cache;
     while ((sid = *sidp) != 0) {
@@ -306,6 +306,8 @@ ssl_LookupSID(const PRIPv6Addr *addr, PRUint16 port, const char *peerID,
 static void
 CacheSID(sslSessionID *sid)
 {
+    PRUint32 expirationPeriod;
+
     PORT_Assert(sid->cached == never_cached);
 
     SSL_TRC(8, ("SSL: Cache: sid=0x%x cached=%d addr=0x%08x%08x%08x%08x port=0x%04x "
@@ -333,6 +335,7 @@ CacheSID(sslSessionID *sid)
             return;
         sid->u.ssl3.sessionIDLength = SSL3_SESSIONID_BYTES;
     }
+    expirationPeriod = ssl3_sid_timeout;
     PRINT_BUF(8, (0, "sessionID:",
                   sid->u.ssl3.sessionID, sid->u.ssl3.sessionIDLength));
 
@@ -342,9 +345,9 @@ CacheSID(sslSessionID *sid)
     }
     PORT_Assert(sid->creationTime != 0 && sid->expirationTime != 0);
     if (!sid->creationTime)
-        sid->lastAccessTime = sid->creationTime = ssl_TimeUsec();
+        sid->lastAccessTime = sid->creationTime = ssl_Time();
     if (!sid->expirationTime)
-        sid->expirationTime = sid->creationTime + ssl3_sid_timeout * PR_USEC_PER_SEC;
+        sid->expirationTime = sid->creationTime + expirationPeriod;
 
     /*
      * Put sid into the cache.  Bump reference count to indicate that
@@ -435,7 +438,7 @@ SSL_ClearSessionCache(void)
 
 /* returns an unsigned int containing the number of seconds in PR_Now() */
 PRUint32
-ssl_TimeSec(void)
+ssl_Time(void)
 {
 #ifdef UNSAFE_FUZZER_MODE
     return 1234;
@@ -468,7 +471,7 @@ ssl_TicketTimeValid(const NewSessionTicket *ticket)
 
     endTime = ticket->received_timestamp +
               (PRTime)(ticket->ticket_lifetime_hint * PR_USEC_PER_SEC);
-    return endTime > ssl_TimeUsec();
+    return endTime > PR_Now();
 }
 
 void
diff --git a/security/nss/lib/ssl/sslreveal.c b/security/nss/lib/ssl/sslreveal.c
index cc16f574d..4c124a1dc 100644
--- a/security/nss/lib/ssl/sslreveal.c
+++ b/security/nss/lib/ssl/sslreveal.c
@@ -92,16 +92,18 @@ SSL_HandshakeNegotiatedExtension(PRFileDesc *socket,
 
     /* according to public API SSL_GetChannelInfo, this doesn't need a lock */
     if (sslsocket->opt.useSecurity) {
-        /* now we know this socket went through ssl3_InitState() and
-         * ss->xtnData got initialized, which is the only member accessed by
-         * ssl3_ExtensionNegotiated();
-         * Member xtnData appears to get accessed in functions that handle
-         * the handshake (hello messages and extension sending),
-         * therefore the handshake lock should be sufficient.
-         */
-        ssl_GetSSL3HandshakeLock(sslsocket);
-        *pYes = ssl3_ExtensionNegotiated(sslsocket, extId);
-        ssl_ReleaseSSL3HandshakeLock(sslsocket);
+        if (sslsocket->ssl3.initialized) { /* SSL3 and TLS */
+            /* now we know this socket went through ssl3_InitState() and
+             * ss->xtnData got initialized, which is the only member accessed by
+             * ssl3_ExtensionNegotiated();
+             * Member xtnData appears to get accessed in functions that handle
+             * the handshake (hello messages and extension sending),
+             * therefore the handshake lock should be sufficient.
+             */
+            ssl_GetSSL3HandshakeLock(sslsocket);
+            *pYes = ssl3_ExtensionNegotiated(sslsocket, extId);
+            ssl_ReleaseSSL3HandshakeLock(sslsocket);
+        }
     }
 
     return SECSuccess;
diff --git a/security/nss/lib/ssl/sslsecur.c b/security/nss/lib/ssl/sslsecur.c
index 3f7060f22..8bec3d327 100644
--- a/security/nss/lib/ssl/sslsecur.c
+++ b/security/nss/lib/ssl/sslsecur.c
@@ -1,4 +1,3 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
 /*
  * Various SSL functions.
  *
@@ -201,7 +200,7 @@ SSL_ResetHandshake(PRFileDesc *s, PRBool asServer)
     ssl_Release1stHandshakeLock(ss);
 
     ssl3_DestroyRemoteExtensions(&ss->ssl3.hs.remoteExtensions);
-    ssl3_ResetExtensionData(&ss->xtnData, ss);
+    ssl3_ResetExtensionData(&ss->xtnData);
 
     if (!ss->TCPconnected)
         ss->TCPconnected = (PR_SUCCESS == ssl_DefGetpeername(ss, &addr));
@@ -343,6 +342,11 @@ SSL_RecommendedCanFalseStart(PRFileDesc *fd, PRBool *canFalseStart)
         return SECFailure;
     }
 
+    if (!ss->ssl3.initialized) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
     /* Require a forward-secret key exchange. */
     *canFalseStart = ss->ssl3.hs.kea_def->kea == kea_dhe_dss ||
                      ss->ssl3.hs.kea_def->kea == kea_dhe_rsa ||
@@ -431,6 +435,58 @@ SSL_ForceHandshakeWithTimeout(PRFileDesc *fd,
 /************************************************************************/
 
 /*
+** Grow a buffer to hold newLen bytes of data.
+** Called for both recv buffers and xmit buffers.
+** Caller must hold xmitBufLock or recvBufLock, as appropriate.
+*/
+SECStatus
+sslBuffer_Grow(sslBuffer *b, unsigned int newLen)
+{
+    newLen = PR_MAX(newLen, MAX_FRAGMENT_LENGTH + 2048);
+    if (newLen > b->space) {
+        unsigned char *newBuf;
+        if (b->buf) {
+            newBuf = (unsigned char *)PORT_Realloc(b->buf, newLen);
+        } else {
+            newBuf = (unsigned char *)PORT_Alloc(newLen);
+        }
+        if (!newBuf) {
+            return SECFailure;
+        }
+        SSL_TRC(10, ("%d: SSL: grow buffer from %d to %d",
+                     SSL_GETPID(), b->space, newLen));
+        b->buf = newBuf;
+        b->space = newLen;
+    }
+    return SECSuccess;
+}
+
+SECStatus
+sslBuffer_Append(sslBuffer *b, const void *data, unsigned int len)
+{
+    unsigned int newLen = b->len + len;
+    SECStatus rv;
+
+    rv = sslBuffer_Grow(b, newLen);
+    if (rv != SECSuccess)
+        return rv;
+    PORT_Memcpy(b->buf + b->len, data, len);
+    b->len += len;
+    return SECSuccess;
+}
+
+void
+sslBuffer_Clear(sslBuffer *b)
+{
+    if (b->buf) {
+        PORT_Free(b->buf);
+        b->buf = NULL;
+        b->len = 0;
+        b->space = 0;
+    }
+}
+
+/*
 ** Save away write data that is trying to be written before the security
 ** handshake has been completed. When the handshake is completed, we will
 ** flush this data out.
@@ -718,7 +774,8 @@ ssl_SecureClose(sslSocket *ss)
 
     if (!(ss->shutdownHow & ssl_SHUTDOWN_SEND) &&
         ss->firstHsDone &&
-        !ss->recvdCloseNotify) {
+        !ss->recvdCloseNotify &&
+        ss->ssl3.initialized) {
 
         /* We don't want the final alert to be Nagle delayed. */
         if (!ss->delayDisabled) {
@@ -748,7 +805,8 @@ ssl_SecureShutdown(sslSocket *ss, int nsprHow)
     if ((sslHow & ssl_SHUTDOWN_SEND) != 0 &&
         !(ss->shutdownHow & ssl_SHUTDOWN_SEND) &&
         ss->firstHsDone &&
-        !ss->recvdCloseNotify) {
+        !ss->recvdCloseNotify &&
+        ss->ssl3.initialized) {
 
         (void)SSL3_SendAlert(ss, alert_warning, close_notify);
     }
@@ -762,55 +820,6 @@ ssl_SecureShutdown(sslSocket *ss, int nsprHow)
 
 /************************************************************************/
 
-static SECStatus
-tls13_CheckKeyUpdate(sslSocket *ss, CipherSpecDirection dir)
-{
-    PRBool keyUpdate;
-    ssl3CipherSpec *spec;
-    sslSequenceNumber seqNum;
-    sslSequenceNumber margin;
-    SECStatus rv;
-
-    /* Bug 1413368: enable for DTLS */
-    if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3 || IS_DTLS(ss)) {
-        return SECSuccess;
-    }
-
-    /* If both sides update at the same number, then this will cause two updates
-     * to happen at once. The problem is that the KeyUpdate itself consumes a
-     * sequence number, and that will trigger the reading side to request an
-     * update.
-     *
-     * If we have the writing side update first, the writer will be the one that
-     * drives the update.  An update by the writer doesn't need a response, so
-     * it is more efficient overall.  The margins here are pretty arbitrary, but
-     * having the write margin larger reduces the number of times that a
-     * KeyUpdate is sent by a reader. */
-    ssl_GetSpecReadLock(ss);
-    if (dir == CipherSpecRead) {
-        spec = ss->ssl3.crSpec;
-        margin = spec->cipherDef->max_records / 8;
-    } else {
-        spec = ss->ssl3.cwSpec;
-        margin = spec->cipherDef->max_records / 4;
-    }
-    seqNum = spec->seqNum;
-    keyUpdate = seqNum > spec->cipherDef->max_records - margin;
-    ssl_ReleaseSpecReadLock(ss);
-    if (!keyUpdate) {
-        return SECSuccess;
-    }
-
-    SSL_TRC(5, ("%d: SSL[%d]: automatic key update at %llx for %s cipher spec",
-                SSL_GETPID(), ss->fd, seqNum,
-                (dir == CipherSpecRead) ? "read" : "write"));
-    ssl_GetSSL3HandshakeLock(ss);
-    rv = tls13_SendKeyUpdate(ss, (dir == CipherSpecRead) ? update_requested : update_not_requested,
-                             dir == CipherSpecWrite /* buffer */);
-    ssl_ReleaseSSL3HandshakeLock(ss);
-    return rv;
-}
-
 int
 ssl_SecureRecv(sslSocket *ss, unsigned char *buf, int len, int flags)
 {
@@ -850,17 +859,8 @@ ssl_SecureRecv(sslSocket *ss, unsigned char *buf, int len, int flags)
             rv = ssl_Do1stHandshake(ss);
         }
         ssl_Release1stHandshakeLock(ss);
-    } else {
-        if (tls13_CheckKeyUpdate(ss, CipherSpecRead) != SECSuccess) {
-            rv = PR_FAILURE;
-        }
     }
     if (rv < 0) {
-        if (PORT_GetError() == PR_WOULD_BLOCK_ERROR &&
-            !PR_CLIST_IS_EMPTY(&ss->ssl3.hs.bufferedEarlyData)) {
-            PORT_Assert(ss->version >= SSL_LIBRARY_VERSION_TLS_1_3);
-            return tls13_Read0RttData(ss, buf, len);
-        }
         return rv;
     }
 
@@ -942,19 +942,11 @@ ssl_SecureSend(sslSocket *ss, const unsigned char *buf, int len, int flags)
         }
         ssl_Release1stHandshakeLock(ss);
     }
-
     if (rv < 0) {
         ss->writerThread = NULL;
         goto done;
     }
 
-    if (ss->firstHsDone) {
-        if (tls13_CheckKeyUpdate(ss, CipherSpecWrite) != SECSuccess) {
-            rv = PR_FAILURE;
-            goto done;
-        }
-    }
-
     if (zeroRtt) {
         /* There's a limit to the number of early data octets we can send.
          *
@@ -1249,7 +1241,14 @@ SSL_AuthCertificateComplete(PRFileDesc *fd, PRErrorCode error)
     }
 
     ssl_Get1stHandshakeLock(ss);
-    rv = ssl3_AuthCertificateComplete(ss, error);
+
+    if (!ss->ssl3.initialized) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        rv = SECFailure;
+    } else {
+        rv = ssl3_AuthCertificateComplete(ss, error);
+    }
+
     ssl_Release1stHandshakeLock(ss);
 
     return rv;
diff --git a/security/nss/lib/ssl/sslsnce.c b/security/nss/lib/ssl/sslsnce.c
index 279f3c015..3ef11f7a7 100644
--- a/security/nss/lib/ssl/sslsnce.c
+++ b/security/nss/lib/ssl/sslsnce.c
@@ -85,12 +85,11 @@
 /*
 ** Format of a cache entry in the shared memory.
 */
-PR_STATIC_ASSERT(sizeof(PRTime) == 8);
 struct sidCacheEntryStr {
     /* 16 */ PRIPv6Addr addr; /* client's IP address */
-    /*  8 */ PRTime creationTime;
-    /*  8 */ PRTime lastAccessTime;
-    /*  8 */ PRTime expirationTime;
+    /*  4 */ PRUint32 creationTime;
+    /*  4 */ PRUint32 lastAccessTime;
+    /*  4 */ PRUint32 expirationTime;
     /*  2 */ PRUint16 version;
     /*  1 */ PRUint8 valid;
     /*  1 */ PRUint8 sessionIDLength;
@@ -99,25 +98,25 @@ struct sidCacheEntryStr {
     /*  2 */ PRUint16 authKeyBits;
     /*  2 */ PRUint16 keaType;
     /*  2 */ PRUint16 keaKeyBits;
-    /*  4 */ PRUint32 signatureScheme;
-    /*  4 */ PRUint32 keaGroup;
-    /* 92  - common header total */
+    /* 72  - common header total */
 
     union {
         struct {
             /*  2 */ ssl3CipherSuite cipherSuite;
-            /* 52 */ ssl3SidKeys keys; /* keys, wrapped as needed. */
+            /*  2 */ PRUint16 compression; /* SSLCompressionMethod */
+
+            /* 54 */ ssl3SidKeys keys; /* keys, wrapped as needed. */
 
             /*  4 */ PRUint32 masterWrapMech;
             /*  4 */ PRInt32 certIndex;
             /*  4 */ PRInt32 srvNameIndex;
             /* 32 */ PRUint8 srvNameHash[SHA256_LENGTH]; /* SHA256 name hash */
             /*  2 */ PRUint16 namedCurve;
-/*100 */} ssl3;
+/*104 */} ssl3;
 
 /* force sizeof(sidCacheEntry) to be a multiple of cache line size */
 struct {
-    /*116 */ PRUint8 filler[116]; /* 92+116==208, a multiple of 16 */
+    /*120 */ PRUint8 filler[120]; /* 72+120==192, a multiple of 16 */
 } forceSize;
     } u;
 };
@@ -283,7 +282,7 @@ LockSidCacheLock(sidCacheLock *lock, PRUint32 now)
     if (rv != SECSuccess)
         return 0;
     if (!now)
-        now = ssl_TimeSec();
+        now = ssl_Time();
     lock->timeStamp = now;
     lock->pid = myPid;
     return now;
@@ -299,7 +298,7 @@ UnlockSidCacheLock(sidCacheLock *lock)
     return rv;
 }
 
-/* returns the value of ssl_TimeSec on success, zero on failure. */
+/* returns the value of ssl_Time on success, zero on failure. */
 static PRUint32
 LockSet(cacheDesc *cache, PRUint32 set, PRUint32 now)
 {
@@ -433,10 +432,9 @@ ConvertFromSID(sidCacheEntry *to, sslSessionID *from)
     to->authKeyBits = from->authKeyBits;
     to->keaType = from->keaType;
     to->keaKeyBits = from->keaKeyBits;
-    to->keaGroup = from->keaGroup;
-    to->signatureScheme = from->sigScheme;
 
     to->u.ssl3.cipherSuite = from->u.ssl3.cipherSuite;
+    to->u.ssl3.compression = (PRUint16)from->u.ssl3.compression;
     to->u.ssl3.keys = from->u.ssl3.keys;
     to->u.ssl3.masterWrapMech = from->u.ssl3.masterWrapMech;
     to->sessionIDLength = from->u.ssl3.sessionIDLength;
@@ -454,10 +452,9 @@ ConvertFromSID(sidCacheEntry *to, sslSessionID *from)
 
     SSL_TRC(8, ("%d: SSL3: ConvertSID: time=%d addr=0x%08x%08x%08x%08x "
                 "cipherSuite=%d",
-                myPid, to->creationTime / PR_USEC_PER_SEC,
-                to->addr.pr_s6_addr32[0], to->addr.pr_s6_addr32[1],
-                to->addr.pr_s6_addr32[2], to->addr.pr_s6_addr32[3],
-                to->u.ssl3.cipherSuite));
+                myPid, to->creationTime, to->addr.pr_s6_addr32[0],
+                to->addr.pr_s6_addr32[1], to->addr.pr_s6_addr32[2],
+                to->addr.pr_s6_addr32[3], to->u.ssl3.cipherSuite));
 }
 
 /*
@@ -479,6 +476,7 @@ ConvertToSID(sidCacheEntry *from,
 
     to->u.ssl3.sessionIDLength = from->sessionIDLength;
     to->u.ssl3.cipherSuite = from->u.ssl3.cipherSuite;
+    to->u.ssl3.compression = (SSLCompressionMethod)from->u.ssl3.compression;
     to->u.ssl3.keys = from->u.ssl3.keys;
     to->u.ssl3.masterWrapMech = from->u.ssl3.masterWrapMech;
     if (from->u.ssl3.srvNameIndex != -1 && psnce) {
@@ -543,8 +541,6 @@ ConvertToSID(sidCacheEntry *from,
     to->authKeyBits = from->authKeyBits;
     to->keaType = from->keaType;
     to->keaKeyBits = from->keaKeyBits;
-    to->keaGroup = from->keaGroup;
-    to->sigScheme = from->signatureScheme;
 
     return to;
 
@@ -752,19 +748,17 @@ ServerSessionIDCache(sslSessionID *sid)
 
         PORT_Assert(sid->creationTime != 0);
         if (!sid->creationTime)
-            sid->lastAccessTime = sid->creationTime = ssl_TimeUsec();
+            sid->lastAccessTime = sid->creationTime = ssl_Time();
         /* override caller's expiration time, which uses client timeout
          * duration, not server timeout duration.
          */
-        sid->expirationTime =
-            sid->creationTime + cache->ssl3Timeout * PR_USEC_PER_SEC;
+        sid->expirationTime = sid->creationTime + cache->ssl3Timeout;
         SSL_TRC(8, ("%d: SSL: CacheMT: cached=%d addr=0x%08x%08x%08x%08x time=%x "
                     "cipherSuite=%d",
                     myPid, sid->cached,
                     sid->addr.pr_s6_addr32[0], sid->addr.pr_s6_addr32[1],
                     sid->addr.pr_s6_addr32[2], sid->addr.pr_s6_addr32[3],
-                    sid->creationTime / PR_USEC_PER_SEC,
-                    sid->u.ssl3.cipherSuite));
+                    sid->creationTime, sid->u.ssl3.cipherSuite));
         PRINT_BUF(8, (0, "sessionID:", sid->u.ssl3.sessionID,
                       sid->u.ssl3.sessionIDLength));
 
@@ -826,8 +820,7 @@ ServerSessionIDUncache(sslSessionID *sid)
                 myPid, sid->cached,
                 sid->addr.pr_s6_addr32[0], sid->addr.pr_s6_addr32[1],
                 sid->addr.pr_s6_addr32[2], sid->addr.pr_s6_addr32[3],
-                sid->creationTime / PR_USEC_PER_SEC,
-                sid->u.ssl3.cipherSuite));
+                sid->creationTime, sid->u.ssl3.cipherSuite));
     PRINT_BUF(8, (0, "sessionID:", sessionID, sessionIDLength));
     set = SIDindex(cache, &sid->addr, sessionID, sessionIDLength);
     now = LockSet(cache, set, 0);
@@ -1093,7 +1086,7 @@ InitCache(cacheDesc *cache, int maxCacheEntries, int maxCertCacheEntries,
     cache->srvNameCacheData = (srvNameCacheEntry *)(cache->cacheMem + (ptrdiff_t)cache->srvNameCacheData);
 
     /* initialize the locks */
-    init_time = ssl_TimeSec();
+    init_time = ssl_Time();
     pLock = cache->sidCacheLocks;
     for (locks_to_initialize = cache->numSIDCacheLocks + 3;
          locks_initialized < locks_to_initialize;
@@ -1141,10 +1134,6 @@ SSL_SetMaxServerCacheLocks(PRUint32 maxLocks)
     return SECSuccess;
 }
 
-PR_STATIC_ASSERT(sizeof(sidCacheEntry) % 16 == 0);
-PR_STATIC_ASSERT(sizeof(certCacheEntry) == 4096);
-PR_STATIC_ASSERT(sizeof(srvNameCacheEntry) == 1072);
-
 static SECStatus
 ssl_ConfigServerSessionIDCacheInstanceWithOpt(cacheDesc *cache,
                                               PRUint32 ssl3_timeout,
@@ -1156,6 +1145,10 @@ ssl_ConfigServerSessionIDCacheInstanceWithOpt(cacheDesc *cache,
 {
     SECStatus rv;
 
+    PORT_Assert(sizeof(sidCacheEntry) == 192);
+    PORT_Assert(sizeof(certCacheEntry) == 4096);
+    PORT_Assert(sizeof(srvNameCacheEntry) == 1072);
+
     rv = ssl_Init();
     if (rv != SECSuccess) {
         return rv;
@@ -1526,7 +1519,7 @@ LockPoller(void *arg)
         if (sharedCache->stopPolling)
             break;
 
-        now = ssl_TimeSec();
+        now = ssl_Time();
         then = now - expiration;
         for (pLock = cache->sidCacheLocks, locks_polled = 0;
              locks_to_poll > locks_polled && !sharedCache->stopPolling;
diff --git a/security/nss/lib/ssl/sslsock.c b/security/nss/lib/ssl/sslsock.c
index 4893cb9f9..99828c85b 100644
--- a/security/nss/lib/ssl/sslsock.c
+++ b/security/nss/lib/ssl/sslsock.c
@@ -11,7 +11,6 @@
 #include "cert.h"
 #include "keyhi.h"
 #include "ssl.h"
-#include "sslexp.h"
 #include "sslimpl.h"
 #include "sslproto.h"
 #include "nspr.h"
@@ -80,7 +79,11 @@ static sslOptions ssl_defaults = {
     PR_FALSE,              /* enableSignedCertTimestamps */
     PR_FALSE,              /* requireDHENamedGroups */
     PR_FALSE,              /* enable0RttData */
-    PR_FALSE               /* enableTls13CompatMode */
+#ifdef NSS_ENABLE_TLS13_SHORT_HEADERS
+    PR_TRUE /* enableShortHeaders */
+#else
+    PR_FALSE /* enableShortHeaders */
+#endif
 };
 
 /*
@@ -107,6 +110,7 @@ sslSessionIDLookupFunc ssl_sid_lookup;
 sslSessionIDCacheFunc ssl_sid_cache;
 sslSessionIDUncacheFunc ssl_sid_uncache;
 
+static PRBool ssl_inited = PR_FALSE;
 static PRDescIdentity ssl_layer_id;
 
 PRBool locksEverDisabled; /* implicitly PR_FALSE */
@@ -118,7 +122,6 @@ FILE *ssl_trace_iob;
 
 #ifdef NSS_ALLOW_SSLKEYLOGFILE
 FILE *ssl_keylog_iob;
-PZLock *ssl_keylog_lock;
 #endif
 
 char lockStatus[] = "Locks are ENABLED.  ";
@@ -297,7 +300,6 @@ ssl_DupSocket(sslSocket *os)
 
     if (ss->opt.useSecurity) {
         PRCList *cursor;
-
         for (cursor = PR_NEXT_LINK(&os->serverCerts);
              cursor != &os->serverCerts;
              cursor = PR_NEXT_LINK(cursor)) {
@@ -307,6 +309,7 @@ ssl_DupSocket(sslSocket *os)
             PR_APPEND_LINK(&sc->link, &ss->serverCerts);
         }
 
+        PR_INIT_CLIST(&ss->ephemeralKeyPairs);
         for (cursor = PR_NEXT_LINK(&os->ephemeralKeyPairs);
              cursor != &os->ephemeralKeyPairs;
              cursor = PR_NEXT_LINK(cursor)) {
@@ -317,18 +320,6 @@ ssl_DupSocket(sslSocket *os)
             PR_APPEND_LINK(&skp->link, &ss->ephemeralKeyPairs);
         }
 
-        for (cursor = PR_NEXT_LINK(&os->extensionHooks);
-             cursor != &os->extensionHooks;
-             cursor = PR_NEXT_LINK(cursor)) {
-            sslCustomExtensionHooks *oh = (sslCustomExtensionHooks *)cursor;
-            sslCustomExtensionHooks *sh = PORT_ZNew(sslCustomExtensionHooks);
-            if (!sh) {
-                goto loser;
-            }
-            *sh = *oh;
-            PR_APPEND_LINK(&sh->link, &ss->extensionHooks);
-        }
-
         /*
          * XXX the preceding CERT_ and SECKEY_ functions can fail and return NULL.
          * XXX We should detect this, and not just march on with NULL pointers.
@@ -363,7 +354,6 @@ ssl_DupSocket(sslSocket *os)
             goto loser;
         }
     }
-
     return ss;
 
 loser:
@@ -432,16 +422,9 @@ ssl_DestroySocketContents(sslSocket *ss)
         PR_REMOVE_LINK(cursor);
         ssl_FreeServerCert((sslServerCert *)cursor);
     }
-
-    /* Remove extension handlers. */
-    ssl_ClearPRCList(&ss->extensionHooks, NULL);
-
     ssl_FreeEphemeralKeyPairs(ss);
     SECITEM_FreeItem(&ss->opt.nextProtoNego, PR_FALSE);
     ssl3_FreeSniNameArray(&ss->xtnData);
-
-    ssl_ClearPRCList(&ss->ssl3.hs.dtlsSentHandshake, NULL);
-    ssl_ClearPRCList(&ss->ssl3.hs.dtlsRcvdHandshake, NULL);
 }
 
 /*
@@ -518,7 +501,7 @@ PrepareSocket(sslSocket *ss)
 }
 
 SECStatus
-SSL_Enable(PRFileDesc *fd, int which, PRIntn on)
+SSL_Enable(PRFileDesc *fd, int which, PRBool on)
 {
     return SSL_OptionSet(fd, which, on);
 }
@@ -530,9 +513,9 @@ static PRBool ssl_VersionIsSupportedByPolicy(
  * ssl.h in the section "SSL version range setting API".
  */
 static void
-ssl_EnableTLS(SSLVersionRange *vrange, PRIntn enable)
+ssl_EnableTLS(SSLVersionRange *vrange, PRBool on)
 {
-    if (enable) {
+    if (on) {
         /* don't turn it on if tls1.0 disallowed by by policy */
         if (!ssl_VersionIsSupportedByPolicy(ssl_variant_stream,
                                             SSL_LIBRARY_VERSION_TLS_1_0)) {
@@ -540,14 +523,14 @@ ssl_EnableTLS(SSLVersionRange *vrange, PRIntn enable)
         }
     }
     if (SSL_ALL_VERSIONS_DISABLED(vrange)) {
-        if (enable) {
+        if (on) {
             vrange->min = SSL_LIBRARY_VERSION_TLS_1_0;
             vrange->max = SSL_LIBRARY_VERSION_TLS_1_0;
         } /* else don't change anything */
         return;
     }
 
-    if (enable) {
+    if (on) {
         /* Expand the range of enabled version to include TLS 1.0 */
         vrange->min = PR_MIN(vrange->min, SSL_LIBRARY_VERSION_TLS_1_0);
         vrange->max = PR_MAX(vrange->max, SSL_LIBRARY_VERSION_TLS_1_0);
@@ -567,9 +550,9 @@ ssl_EnableTLS(SSLVersionRange *vrange, PRIntn enable)
  * ssl.h in the section "SSL version range setting API".
  */
 static void
-ssl_EnableSSL3(SSLVersionRange *vrange, PRIntn enable)
+ssl_EnableSSL3(SSLVersionRange *vrange, PRBool on)
 {
-    if (enable) {
+    if (on) {
         /* don't turn it on if ssl3 disallowed by by policy */
         if (!ssl_VersionIsSupportedByPolicy(ssl_variant_stream,
                                             SSL_LIBRARY_VERSION_3_0)) {
@@ -577,14 +560,14 @@ ssl_EnableSSL3(SSLVersionRange *vrange, PRIntn enable)
         }
     }
     if (SSL_ALL_VERSIONS_DISABLED(vrange)) {
-        if (enable) {
+        if (on) {
             vrange->min = SSL_LIBRARY_VERSION_3_0;
             vrange->max = SSL_LIBRARY_VERSION_3_0;
         } /* else don't change anything */
         return;
     }
 
-    if (enable) {
+    if (on) {
         /* Expand the range of enabled versions to include SSL 3.0. We know
          * SSL 3.0 or some version of TLS is already enabled at this point, so
          * we don't need to change vrange->max.
@@ -603,7 +586,7 @@ ssl_EnableSSL3(SSLVersionRange *vrange, PRIntn enable)
 }
 
 SECStatus
-SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRIntn val)
+SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRBool on)
 {
     sslSocket *ss = ssl_FindSocket(fd);
     SECStatus rv = SECSuccess;
@@ -622,63 +605,63 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRIntn val)
         case SSL_SOCKS:
             ss->opt.useSocks = PR_FALSE;
             rv = PrepareSocket(ss);
-            if (val) {
+            if (on) {
                 PORT_SetError(SEC_ERROR_INVALID_ARGS);
                 rv = SECFailure;
             }
             break;
 
         case SSL_SECURITY:
-            ss->opt.useSecurity = val;
+            ss->opt.useSecurity = on;
             rv = PrepareSocket(ss);
             break;
 
         case SSL_REQUEST_CERTIFICATE:
-            ss->opt.requestCertificate = val;
+            ss->opt.requestCertificate = on;
             break;
 
         case SSL_REQUIRE_CERTIFICATE:
-            ss->opt.requireCertificate = val;
+            ss->opt.requireCertificate = on;
             break;
 
         case SSL_HANDSHAKE_AS_CLIENT:
-            if (ss->opt.handshakeAsServer && val) {
+            if (ss->opt.handshakeAsServer && on) {
                 PORT_SetError(SEC_ERROR_INVALID_ARGS);
                 rv = SECFailure;
                 break;
             }
-            ss->opt.handshakeAsClient = val;
+            ss->opt.handshakeAsClient = on;
             break;
 
         case SSL_HANDSHAKE_AS_SERVER:
-            if (ss->opt.handshakeAsClient && val) {
+            if (ss->opt.handshakeAsClient && on) {
                 PORT_SetError(SEC_ERROR_INVALID_ARGS);
                 rv = SECFailure;
                 break;
             }
-            ss->opt.handshakeAsServer = val;
+            ss->opt.handshakeAsServer = on;
             break;
 
         case SSL_ENABLE_TLS:
             if (IS_DTLS(ss)) {
-                if (val) {
+                if (on) {
                     PORT_SetError(SEC_ERROR_INVALID_ARGS);
                     rv = SECFailure; /* not allowed */
                 }
                 break;
             }
-            ssl_EnableTLS(&ss->vrange, val);
+            ssl_EnableTLS(&ss->vrange, on);
             break;
 
         case SSL_ENABLE_SSL3:
             if (IS_DTLS(ss)) {
-                if (val) {
+                if (on) {
                     PORT_SetError(SEC_ERROR_INVALID_ARGS);
                     rv = SECFailure; /* not allowed */
                 }
                 break;
             }
-            ssl_EnableSSL3(&ss->vrange, val);
+            ssl_EnableSSL3(&ss->vrange, on);
             break;
 
         case SSL_ENABLE_SSL2:
@@ -687,26 +670,26 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRIntn val)
              * However, if an old application requests to disable SSL v2,
              * we shouldn't fail.
              */
-            if (val) {
+            if (on) {
                 PORT_SetError(SEC_ERROR_INVALID_ARGS);
                 rv = SECFailure;
             }
             break;
 
         case SSL_NO_CACHE:
-            ss->opt.noCache = val;
+            ss->opt.noCache = on;
             break;
 
         case SSL_ENABLE_FDX:
-            if (val && ss->opt.noLocks) {
+            if (on && ss->opt.noLocks) {
                 PORT_SetError(SEC_ERROR_INVALID_ARGS);
                 rv = SECFailure;
             }
-            ss->opt.fdx = val;
+            ss->opt.fdx = on;
             break;
 
         case SSL_ROLLBACK_DETECTION:
-            ss->opt.detectRollBack = val;
+            ss->opt.detectRollBack = on;
             break;
 
         case SSL_NO_STEP_DOWN:
@@ -716,14 +699,14 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRIntn val)
             break;
 
         case SSL_NO_LOCKS:
-            if (val && ss->opt.fdx) {
+            if (on && ss->opt.fdx) {
                 PORT_SetError(SEC_ERROR_INVALID_ARGS);
                 rv = SECFailure;
             }
-            if (val && ssl_force_locks)
-                val = PR_FALSE; /* silent override */
-            ss->opt.noLocks = val;
-            if (val) {
+            if (on && ssl_force_locks)
+                on = PR_FALSE; /* silent override */
+            ss->opt.noLocks = on;
+            if (on) {
                 locksEverDisabled = PR_TRUE;
                 strcpy(lockStatus + LOCKSTATUS_OFFSET, "DISABLED.");
             } else if (!holdingLocks) {
@@ -735,75 +718,71 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRIntn val)
             break;
 
         case SSL_ENABLE_SESSION_TICKETS:
-            ss->opt.enableSessionTickets = val;
+            ss->opt.enableSessionTickets = on;
             break;
 
         case SSL_ENABLE_DEFLATE:
-            ss->opt.enableDeflate = val;
+            ss->opt.enableDeflate = on;
             break;
 
         case SSL_ENABLE_RENEGOTIATION:
-            if (IS_DTLS(ss) && val != SSL_RENEGOTIATE_NEVER) {
+            if (IS_DTLS(ss) && on != SSL_RENEGOTIATE_NEVER) {
                 PORT_SetError(SEC_ERROR_INVALID_ARGS);
                 rv = SECFailure;
                 break;
             }
-            ss->opt.enableRenegotiation = val;
+            ss->opt.enableRenegotiation = on;
             break;
 
         case SSL_REQUIRE_SAFE_NEGOTIATION:
-            ss->opt.requireSafeNegotiation = val;
+            ss->opt.requireSafeNegotiation = on;
             break;
 
         case SSL_ENABLE_FALSE_START:
-            ss->opt.enableFalseStart = val;
+            ss->opt.enableFalseStart = on;
             break;
 
         case SSL_CBC_RANDOM_IV:
-            ss->opt.cbcRandomIV = val;
+            ss->opt.cbcRandomIV = on;
             break;
 
         case SSL_ENABLE_OCSP_STAPLING:
-            ss->opt.enableOCSPStapling = val;
+            ss->opt.enableOCSPStapling = on;
             break;
 
         case SSL_ENABLE_NPN:
             break;
 
         case SSL_ENABLE_ALPN:
-            ss->opt.enableALPN = val;
+            ss->opt.enableALPN = on;
             break;
 
         case SSL_REUSE_SERVER_ECDHE_KEY:
-            ss->opt.reuseServerECDHEKey = val;
+            ss->opt.reuseServerECDHEKey = on;
             break;
 
         case SSL_ENABLE_FALLBACK_SCSV:
-            ss->opt.enableFallbackSCSV = val;
+            ss->opt.enableFallbackSCSV = on;
             break;
 
         case SSL_ENABLE_SERVER_DHE:
-            ss->opt.enableServerDhe = val;
+            ss->opt.enableServerDhe = on;
             break;
 
         case SSL_ENABLE_EXTENDED_MASTER_SECRET:
-            ss->opt.enableExtendedMS = val;
+            ss->opt.enableExtendedMS = on;
             break;
 
         case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
-            ss->opt.enableSignedCertTimestamps = val;
+            ss->opt.enableSignedCertTimestamps = on;
             break;
 
         case SSL_REQUIRE_DH_NAMED_GROUPS:
-            ss->opt.requireDHENamedGroups = val;
+            ss->opt.requireDHENamedGroups = on;
             break;
 
         case SSL_ENABLE_0RTT_DATA:
-            ss->opt.enable0RttData = val;
-            break;
-
-        case SSL_ENABLE_TLS13_COMPAT_MODE:
-            ss->opt.enableTls13CompatMode = val;
+            ss->opt.enable0RttData = on;
             break;
 
         default:
@@ -825,19 +804,19 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRIntn val)
 }
 
 SECStatus
-SSL_OptionGet(PRFileDesc *fd, PRInt32 which, PRIntn *pVal)
+SSL_OptionGet(PRFileDesc *fd, PRInt32 which, PRBool *pOn)
 {
     sslSocket *ss = ssl_FindSocket(fd);
     SECStatus rv = SECSuccess;
-    PRIntn val = PR_FALSE;
+    PRBool on = PR_FALSE;
 
-    if (!pVal) {
+    if (!pOn) {
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
         return SECFailure;
     }
     if (!ss) {
         SSL_DBG(("%d: SSL[%d]: bad socket in Enable", SSL_GETPID(), fd));
-        *pVal = PR_FALSE;
+        *pOn = PR_FALSE;
         return SECFailure;
     }
 
@@ -846,101 +825,98 @@ SSL_OptionGet(PRFileDesc *fd, PRInt32 which, PRIntn *pVal)
 
     switch (which) {
         case SSL_SOCKS:
-            val = PR_FALSE;
+            on = PR_FALSE;
             break;
         case SSL_SECURITY:
-            val = ss->opt.useSecurity;
+            on = ss->opt.useSecurity;
             break;
         case SSL_REQUEST_CERTIFICATE:
-            val = ss->opt.requestCertificate;
+            on = ss->opt.requestCertificate;
             break;
         case SSL_REQUIRE_CERTIFICATE:
-            val = ss->opt.requireCertificate;
+            on = ss->opt.requireCertificate;
             break;
         case SSL_HANDSHAKE_AS_CLIENT:
-            val = ss->opt.handshakeAsClient;
+            on = ss->opt.handshakeAsClient;
             break;
         case SSL_HANDSHAKE_AS_SERVER:
-            val = ss->opt.handshakeAsServer;
+            on = ss->opt.handshakeAsServer;
             break;
         case SSL_ENABLE_TLS:
-            val = ss->vrange.max >= SSL_LIBRARY_VERSION_TLS_1_0;
+            on = ss->vrange.max >= SSL_LIBRARY_VERSION_TLS_1_0;
             break;
         case SSL_ENABLE_SSL3:
-            val = ss->vrange.min == SSL_LIBRARY_VERSION_3_0;
+            on = ss->vrange.min == SSL_LIBRARY_VERSION_3_0;
             break;
         case SSL_ENABLE_SSL2:
         case SSL_V2_COMPATIBLE_HELLO:
-            val = PR_FALSE;
+            on = PR_FALSE;
             break;
         case SSL_NO_CACHE:
-            val = ss->opt.noCache;
+            on = ss->opt.noCache;
             break;
         case SSL_ENABLE_FDX:
-            val = ss->opt.fdx;
+            on = ss->opt.fdx;
             break;
         case SSL_ROLLBACK_DETECTION:
-            val = ss->opt.detectRollBack;
+            on = ss->opt.detectRollBack;
             break;
         case SSL_NO_STEP_DOWN:
-            val = PR_FALSE;
+            on = PR_FALSE;
             break;
         case SSL_BYPASS_PKCS11:
-            val = PR_FALSE;
+            on = PR_FALSE;
             break;
         case SSL_NO_LOCKS:
-            val = ss->opt.noLocks;
+            on = ss->opt.noLocks;
             break;
         case SSL_ENABLE_SESSION_TICKETS:
-            val = ss->opt.enableSessionTickets;
+            on = ss->opt.enableSessionTickets;
             break;
         case SSL_ENABLE_DEFLATE:
-            val = ss->opt.enableDeflate;
+            on = ss->opt.enableDeflate;
             break;
         case SSL_ENABLE_RENEGOTIATION:
-            val = ss->opt.enableRenegotiation;
+            on = ss->opt.enableRenegotiation;
             break;
         case SSL_REQUIRE_SAFE_NEGOTIATION:
-            val = ss->opt.requireSafeNegotiation;
+            on = ss->opt.requireSafeNegotiation;
             break;
         case SSL_ENABLE_FALSE_START:
-            val = ss->opt.enableFalseStart;
+            on = ss->opt.enableFalseStart;
             break;
         case SSL_CBC_RANDOM_IV:
-            val = ss->opt.cbcRandomIV;
+            on = ss->opt.cbcRandomIV;
             break;
         case SSL_ENABLE_OCSP_STAPLING:
-            val = ss->opt.enableOCSPStapling;
+            on = ss->opt.enableOCSPStapling;
             break;
         case SSL_ENABLE_NPN:
-            val = ss->opt.enableNPN;
+            on = ss->opt.enableNPN;
             break;
         case SSL_ENABLE_ALPN:
-            val = ss->opt.enableALPN;
+            on = ss->opt.enableALPN;
             break;
         case SSL_REUSE_SERVER_ECDHE_KEY:
-            val = ss->opt.reuseServerECDHEKey;
+            on = ss->opt.reuseServerECDHEKey;
             break;
         case SSL_ENABLE_FALLBACK_SCSV:
-            val = ss->opt.enableFallbackSCSV;
+            on = ss->opt.enableFallbackSCSV;
             break;
         case SSL_ENABLE_SERVER_DHE:
-            val = ss->opt.enableServerDhe;
+            on = ss->opt.enableServerDhe;
             break;
         case SSL_ENABLE_EXTENDED_MASTER_SECRET:
-            val = ss->opt.enableExtendedMS;
+            on = ss->opt.enableExtendedMS;
             break;
         case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
-            val = ss->opt.enableSignedCertTimestamps;
+            on = ss->opt.enableSignedCertTimestamps;
             break;
         case SSL_REQUIRE_DH_NAMED_GROUPS:
-            val = ss->opt.requireDHENamedGroups;
+            on = ss->opt.requireDHENamedGroups;
             break;
         case SSL_ENABLE_0RTT_DATA:
-            val = ss->opt.enable0RttData;
-            break;
-        case SSL_ENABLE_TLS13_COMPAT_MODE:
-            val = ss->opt.enableTls13CompatMode;
+            on = ss->opt.enable0RttData;
             break;
         default:
             PORT_SetError(SEC_ERROR_INVALID_ARGS);
@@ -950,17 +926,17 @@ SSL_OptionGet(PRFileDesc *fd, PRInt32 which, PRIntn *pVal)
     ssl_ReleaseSSL3HandshakeLock(ss);
     ssl_Release1stHandshakeLock(ss);
 
-    *pVal = val;
+    *pOn = on;
     return rv;
 }
 
 SECStatus
-SSL_OptionGetDefault(PRInt32 which, PRIntn *pVal)
+SSL_OptionGetDefault(PRInt32 which, PRBool *pOn)
 {
     SECStatus rv = SECSuccess;
-    PRIntn val = PR_FALSE;
+    PRBool on = PR_FALSE;
 
-    if (!pVal) {
+    if (!pOn) {
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
         return SECFailure;
     }
@@ -969,117 +945,114 @@ SSL_OptionGetDefault(PRInt32 which, PRIntn *pVal)
 
     switch (which) {
         case SSL_SOCKS:
-            val = PR_FALSE;
+            on = PR_FALSE;
             break;
         case SSL_SECURITY:
-            val = ssl_defaults.useSecurity;
+            on = ssl_defaults.useSecurity;
             break;
         case SSL_REQUEST_CERTIFICATE:
-            val = ssl_defaults.requestCertificate;
+            on = ssl_defaults.requestCertificate;
             break;
         case SSL_REQUIRE_CERTIFICATE:
-            val = ssl_defaults.requireCertificate;
+            on = ssl_defaults.requireCertificate;
             break;
         case SSL_HANDSHAKE_AS_CLIENT:
-            val = ssl_defaults.handshakeAsClient;
+            on = ssl_defaults.handshakeAsClient;
             break;
         case SSL_HANDSHAKE_AS_SERVER:
-            val = ssl_defaults.handshakeAsServer;
+            on = ssl_defaults.handshakeAsServer;
             break;
         case SSL_ENABLE_TLS:
-            val = versions_defaults_stream.max >= SSL_LIBRARY_VERSION_TLS_1_0;
+            on = versions_defaults_stream.max >= SSL_LIBRARY_VERSION_TLS_1_0;
             break;
         case SSL_ENABLE_SSL3:
-            val = versions_defaults_stream.min == SSL_LIBRARY_VERSION_3_0;
+            on = versions_defaults_stream.min == SSL_LIBRARY_VERSION_3_0;
             break;
         case SSL_ENABLE_SSL2:
         case SSL_V2_COMPATIBLE_HELLO:
-            val = PR_FALSE;
+            on = PR_FALSE;
             break;
         case SSL_NO_CACHE:
-            val = ssl_defaults.noCache;
+            on = ssl_defaults.noCache;
             break;
         case SSL_ENABLE_FDX:
-            val = ssl_defaults.fdx;
+            on = ssl_defaults.fdx;
             break;
         case SSL_ROLLBACK_DETECTION:
-            val = ssl_defaults.detectRollBack;
+            on = ssl_defaults.detectRollBack;
             break;
         case SSL_NO_STEP_DOWN:
-            val = PR_FALSE;
+            on = PR_FALSE;
             break;
         case SSL_BYPASS_PKCS11:
-            val = PR_FALSE;
+            on = PR_FALSE;
             break;
         case SSL_NO_LOCKS:
-            val = ssl_defaults.noLocks;
+            on = ssl_defaults.noLocks;
             break;
         case SSL_ENABLE_SESSION_TICKETS:
-            val = ssl_defaults.enableSessionTickets;
+            on = ssl_defaults.enableSessionTickets;
             break;
         case SSL_ENABLE_DEFLATE:
-            val = ssl_defaults.enableDeflate;
+            on = ssl_defaults.enableDeflate;
             break;
         case SSL_ENABLE_RENEGOTIATION:
-            val = ssl_defaults.enableRenegotiation;
+            on = ssl_defaults.enableRenegotiation;
             break;
         case SSL_REQUIRE_SAFE_NEGOTIATION:
-            val = ssl_defaults.requireSafeNegotiation;
+            on = ssl_defaults.requireSafeNegotiation;
             break;
         case SSL_ENABLE_FALSE_START:
-            val = ssl_defaults.enableFalseStart;
+            on = ssl_defaults.enableFalseStart;
             break;
         case SSL_CBC_RANDOM_IV:
-            val = ssl_defaults.cbcRandomIV;
+            on = ssl_defaults.cbcRandomIV;
             break;
         case SSL_ENABLE_OCSP_STAPLING:
-            val = ssl_defaults.enableOCSPStapling;
+            on = ssl_defaults.enableOCSPStapling;
             break;
         case SSL_ENABLE_NPN:
-            val = ssl_defaults.enableNPN;
+            on = ssl_defaults.enableNPN;
             break;
         case SSL_ENABLE_ALPN:
-            val = ssl_defaults.enableALPN;
+            on = ssl_defaults.enableALPN;
             break;
         case SSL_REUSE_SERVER_ECDHE_KEY:
-            val = ssl_defaults.reuseServerECDHEKey;
+            on = ssl_defaults.reuseServerECDHEKey;
             break;
         case SSL_ENABLE_FALLBACK_SCSV:
-            val = ssl_defaults.enableFallbackSCSV;
+            on = ssl_defaults.enableFallbackSCSV;
             break;
         case SSL_ENABLE_SERVER_DHE:
-            val = ssl_defaults.enableServerDhe;
+            on = ssl_defaults.enableServerDhe;
             break;
         case SSL_ENABLE_EXTENDED_MASTER_SECRET:
-            val = ssl_defaults.enableExtendedMS;
+            on = ssl_defaults.enableExtendedMS;
             break;
         case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
-            val = ssl_defaults.enableSignedCertTimestamps;
+            on = ssl_defaults.enableSignedCertTimestamps;
             break;
         case SSL_ENABLE_0RTT_DATA:
-            val = ssl_defaults.enable0RttData;
-            break;
-        case SSL_ENABLE_TLS13_COMPAT_MODE:
-            val = ssl_defaults.enableTls13CompatMode;
+            on = ssl_defaults.enable0RttData;
             break;
         default:
             PORT_SetError(SEC_ERROR_INVALID_ARGS);
             rv = SECFailure;
     }
 
-    *pVal = val;
+    *pOn = on;
     return rv;
 }
 
 /* XXX Use Global Lock to protect this stuff. */
 SECStatus
-SSL_EnableDefault(int which, PRIntn val)
+SSL_EnableDefault(int which, PRBool on)
 {
-    return SSL_OptionSetDefault(which, val);
+    return SSL_OptionSetDefault(which, on);
 }
 
 SECStatus
-SSL_OptionSetDefault(PRInt32 which, PRIntn val)
+SSL_OptionSetDefault(PRInt32 which, PRBool on)
 {
     SECStatus status = ssl_Init();
 
@@ -1092,46 +1065,46 @@ SSL_OptionSetDefault(PRInt32 which, PRIntn val)
     switch (which) {
         case SSL_SOCKS:
             ssl_defaults.useSocks = PR_FALSE;
-            if (val) {
+            if (on) {
                 PORT_SetError(SEC_ERROR_INVALID_ARGS);
                 return SECFailure;
             }
             break;
 
         case SSL_SECURITY:
-            ssl_defaults.useSecurity = val;
+            ssl_defaults.useSecurity = on;
             break;
 
         case SSL_REQUEST_CERTIFICATE:
-            ssl_defaults.requestCertificate = val;
+            ssl_defaults.requestCertificate = on;
             break;
 
         case SSL_REQUIRE_CERTIFICATE:
-            ssl_defaults.requireCertificate = val;
+            ssl_defaults.requireCertificate = on;
             break;
 
         case SSL_HANDSHAKE_AS_CLIENT:
-            if (ssl_defaults.handshakeAsServer && val) {
+            if (ssl_defaults.handshakeAsServer && on) {
                 PORT_SetError(SEC_ERROR_INVALID_ARGS);
                 return SECFailure;
             }
-            ssl_defaults.handshakeAsClient = val;
+            ssl_defaults.handshakeAsClient = on;
             break;
 
         case SSL_HANDSHAKE_AS_SERVER:
-            if (ssl_defaults.handshakeAsClient && val) {
+            if (ssl_defaults.handshakeAsClient && on) {
                 PORT_SetError(SEC_ERROR_INVALID_ARGS);
                 return SECFailure;
             }
-            ssl_defaults.handshakeAsServer = val;
+            ssl_defaults.handshakeAsServer = on;
             break;
 
         case SSL_ENABLE_TLS:
-            ssl_EnableTLS(&versions_defaults_stream, val);
+            ssl_EnableTLS(&versions_defaults_stream, on);
             break;
 
         case SSL_ENABLE_SSL3:
-            ssl_EnableSSL3(&versions_defaults_stream, val);
+            ssl_EnableSSL3(&versions_defaults_stream, on);
             break;
 
         case SSL_ENABLE_SSL2:
@@ -1140,26 +1113,26 @@ SSL_OptionSetDefault(PRInt32 which, PRIntn val)
              * However, if an old application requests to disable SSL v2,
              * we shouldn't fail.
              */
-            if (val) {
+            if (on) {
                 PORT_SetError(SEC_ERROR_INVALID_ARGS);
                 return SECFailure;
             }
             break;
 
         case SSL_NO_CACHE:
-            ssl_defaults.noCache = val;
+            ssl_defaults.noCache = on;
             break;
 
         case SSL_ENABLE_FDX:
-            if (val && ssl_defaults.noLocks) {
+            if (on && ssl_defaults.noLocks) {
                 PORT_SetError(SEC_ERROR_INVALID_ARGS);
                 return SECFailure;
             }
-            ssl_defaults.fdx = val;
+            ssl_defaults.fdx = on;
             break;
 
         case SSL_ROLLBACK_DETECTION:
-            ssl_defaults.detectRollBack = val;
+            ssl_defaults.detectRollBack = on;
             break;
 
         case SSL_NO_STEP_DOWN:
@@ -1169,80 +1142,76 @@ SSL_OptionSetDefault(PRInt32 which, PRIntn val)
             break;
 
         case SSL_NO_LOCKS:
-            if (val && ssl_defaults.fdx) {
+            if (on && ssl_defaults.fdx) {
                 PORT_SetError(SEC_ERROR_INVALID_ARGS);
                 return SECFailure;
             }
-            if (val && ssl_force_locks)
-                val = PR_FALSE; /* silent override */
-            ssl_defaults.noLocks = val;
-            if (val) {
+            if (on && ssl_force_locks)
+                on = PR_FALSE; /* silent override */
+            ssl_defaults.noLocks = on;
+            if (on) {
                 locksEverDisabled = PR_TRUE;
                 strcpy(lockStatus + LOCKSTATUS_OFFSET, "DISABLED.");
             }
             break;
 
         case SSL_ENABLE_SESSION_TICKETS:
-            ssl_defaults.enableSessionTickets = val;
+            ssl_defaults.enableSessionTickets = on;
             break;
 
         case SSL_ENABLE_DEFLATE:
-            ssl_defaults.enableDeflate = val;
+            ssl_defaults.enableDeflate = on;
             break;
 
         case SSL_ENABLE_RENEGOTIATION:
-            ssl_defaults.enableRenegotiation = val;
+            ssl_defaults.enableRenegotiation = on;
             break;
 
         case SSL_REQUIRE_SAFE_NEGOTIATION:
-            ssl_defaults.requireSafeNegotiation = val;
+            ssl_defaults.requireSafeNegotiation = on;
             break;
 
         case SSL_ENABLE_FALSE_START:
-            ssl_defaults.enableFalseStart = val;
+            ssl_defaults.enableFalseStart = on;
             break;
 
         case SSL_CBC_RANDOM_IV:
-            ssl_defaults.cbcRandomIV = val;
+            ssl_defaults.cbcRandomIV = on;
             break;
 
         case SSL_ENABLE_OCSP_STAPLING:
-            ssl_defaults.enableOCSPStapling = val;
+            ssl_defaults.enableOCSPStapling = on;
             break;
 
         case SSL_ENABLE_NPN:
             break;
 
         case SSL_ENABLE_ALPN:
-            ssl_defaults.enableALPN = val;
+            ssl_defaults.enableALPN = on;
             break;
 
         case SSL_REUSE_SERVER_ECDHE_KEY:
-            ssl_defaults.reuseServerECDHEKey = val;
+            ssl_defaults.reuseServerECDHEKey = on;
             break;
 
         case SSL_ENABLE_FALLBACK_SCSV:
-            ssl_defaults.enableFallbackSCSV = val;
+            ssl_defaults.enableFallbackSCSV = on;
             break;
 
         case SSL_ENABLE_SERVER_DHE:
-            ssl_defaults.enableServerDhe = val;
+            ssl_defaults.enableServerDhe = on;
             break;
 
         case SSL_ENABLE_EXTENDED_MASTER_SECRET:
-            ssl_defaults.enableExtendedMS = val;
+            ssl_defaults.enableExtendedMS = on;
             break;
 
         case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
-            ssl_defaults.enableSignedCertTimestamps = val;
+            ssl_defaults.enableSignedCertTimestamps = on;
             break;
 
         case SSL_ENABLE_0RTT_DATA:
-            ssl_defaults.enable0RttData = val;
-            break;
-
-        case SSL_ENABLE_TLS13_COMPAT_MODE:
-            ssl_defaults.enableTls13CompatMode = val;
+            ssl_defaults.enable0RttData = on;
             break;
 
         default:
@@ -2155,25 +2124,6 @@ SSL_ReconfigFD(PRFileDesc *model, PRFileDesc *fd)
             return NULL;
         PR_APPEND_LINK(&skp->link, &ss->ephemeralKeyPairs);
     }
-
-    while (!PR_CLIST_IS_EMPTY(&ss->extensionHooks)) {
-        cursor = PR_LIST_TAIL(&ss->extensionHooks);
-        PR_REMOVE_LINK(cursor);
-        PORT_Free(cursor);
-    }
-    for (cursor = PR_NEXT_LINK(&sm->extensionHooks);
-         cursor != &sm->extensionHooks;
-         cursor = PR_NEXT_LINK(cursor)) {
-        SECStatus rv;
-        sslCustomExtensionHooks *hook = (sslCustomExtensionHooks *)cursor;
-        rv = SSL_InstallExtensionHooks(ss->fd, hook->type,
-                                       hook->writer, hook->writerArg,
-                                       hook->handler, hook->handlerArg);
-        if (rv != SECSuccess) {
-            return NULL;
-        }
-    }
-
     PORT_Memcpy((void *)ss->namedGroupPreferences,
                 sm->namedGroupPreferences,
                 sizeof(ss->namedGroupPreferences));
@@ -2264,7 +2214,7 @@ ssl3_GetEffectiveVersionPolicy(SSLProtocolVariant variant,
     return SECSuccess;
 }
 
-/*
+/* 
  * Assumes that rangeParam values are within the supported boundaries,
  * but should contain all potentially allowed versions, even if they contain
  * conflicting versions.
@@ -3174,7 +3124,7 @@ ssl_WriteV(PRFileDesc *fd, const PRIOVec *iov, PRInt32 vectors,
     }
     blocking = ssl_FdIsBlocking(fd);
 
-#define K16 ((int)sizeof(buf))
+#define K16 sizeof(buf)
 #define KILL_VECTORS                   \
     while (vectors && !iov->iov_len) { \
         ++iov;                         \
@@ -3461,6 +3411,7 @@ ssl_InitIOLayer(void)
 {
     ssl_layer_id = PR_GetUniqueIdentity("SSL");
     ssl_SetupIOMethods();
+    ssl_inited = PR_TRUE;
     return PR_SUCCESS;
 }
 
@@ -3470,13 +3421,15 @@ ssl_PushIOLayer(sslSocket *ns, PRFileDesc *stack, PRDescIdentity id)
     PRFileDesc *layer = NULL;
     PRStatus status;
 
-    status = PR_CallOnce(&initIoLayerOnce, &ssl_InitIOLayer);
-    if (status != PR_SUCCESS) {
-        goto loser;
+    if (!ssl_inited) {
+        status = PR_CallOnce(&initIoLayerOnce, &ssl_InitIOLayer);
+        if (status != PR_SUCCESS)
+            goto loser;
     }
-    if (ns == NULL) {
+
+    if (ns == NULL)
         goto loser;
-    }
+
     layer = PR_CreateIOLayerStub(ssl_layer_id, &combined_methods);
     if (layer == NULL)
         goto loser;
@@ -3589,12 +3542,6 @@ ssl_SetDefaultsFromEnvironment(void)
                           ssl_keylog_iob);
                 }
                 SSL_TRACE(("SSL: logging SSL/TLS secrets to %s", ev));
-                ssl_keylog_lock = PR_NewLock();
-                if (!ssl_keylog_lock) {
-                    SSL_TRACE(("SSL: failed to create key log lock"));
-                    fclose(ssl_keylog_iob);
-                    ssl_keylog_iob = NULL;
-                }
             }
         }
 #endif
@@ -3799,6 +3746,7 @@ ssl_NewSocket(PRBool makeLocks, SSLProtocolVariant protocolVariant)
     SECStatus rv;
     sslSocket *ss;
     int i;
+
     ssl_SetDefaultsFromEnvironment();
 
     if (ssl_force_locks)
@@ -3829,7 +3777,6 @@ ssl_NewSocket(PRBool makeLocks, SSLProtocolVariant protocolVariant)
 
     PR_INIT_CLIST(&ss->serverCerts);
     PR_INIT_CLIST(&ss->ephemeralKeyPairs);
-    PR_INIT_CLIST(&ss->extensionHooks);
 
     ss->dbHandle = CERT_GetDefaultCertDB();
 
@@ -3857,11 +3804,7 @@ ssl_NewSocket(PRBool makeLocks, SSLProtocolVariant protocolVariant)
     PR_INIT_CLIST(&ss->ssl3.hs.lastMessageFlight);
     PR_INIT_CLIST(&ss->ssl3.hs.cipherSpecs);
     PR_INIT_CLIST(&ss->ssl3.hs.bufferedEarlyData);
-    ssl3_InitExtensionData(&ss->xtnData, ss);
-    PR_INIT_CLIST(&ss->ssl3.hs.dtlsSentHandshake);
-    PR_INIT_CLIST(&ss->ssl3.hs.dtlsRcvdHandshake);
-    dtls_InitTimers(ss);
-
+    ssl3_InitExtensionData(&ss->xtnData);
     if (makeLocks) {
         rv = ssl_MakeLocks(ss);
         if (rv != SECSuccess)
@@ -3873,10 +3816,6 @@ ssl_NewSocket(PRBool makeLocks, SSLProtocolVariant protocolVariant)
     rv = ssl3_InitGather(&ss->gs);
     if (rv != SECSuccess)
         goto loser;
-    rv = ssl3_InitState(ss);
-    if (rv != SECSuccess) {
-        goto loser;
-    }
     return ss;
 
 loser:
@@ -3901,69 +3840,3 @@ SSL_CanBypass(CERTCertificate *cert, SECKEYPrivateKey *srvPrivkey,
     *pcanbypass = PR_FALSE;
     return SECSuccess;
 }
-
-/* Functions that are truly experimental use EXP, functions that are no longer
- * experimental use PUB.
- *
- * When initially defining a new API, add that API here using the EXP() macro
- * and name the function with a SSLExp_ prefix.  Define the experimental API as
- * a macro in sslexp.h using the SSL_EXPERIMENTAL_API() macro defined there.
- *
- * Once an API is stable and proven, move the macro definition in sslexp.h to a
- * proper function declaration in ssl.h.  Keeping the function in this list
- * ensures that code built against the release that contained the experimental
- * API will continue to work; use PUB() to reference the public function.
- */
-#define EXP(n)                \
-    {                         \
-        "SSL_" #n, SSLExp_##n \
-    }
-#define PUB(n)             \
-    {                      \
-        "SSL_" #n, SSL_##n \
-    }
-struct {
-    const char *const name;
-    void *function;
-} ssl_experimental_functions[] = {
-#ifndef SSL_DISABLE_EXPERIMENTAL_API
-    EXP(GetExtensionSupport),
-    EXP(HelloRetryRequestCallback),
-    EXP(InstallExtensionHooks),
-    EXP(KeyUpdate),
-    EXP(SendSessionTicket),
-    EXP(SetupAntiReplay),
-#endif
-    { "", NULL }
-};
-#undef EXP
-#undef PUB
-
-void *
-SSL_GetExperimentalAPI(const char *name)
-{
-    unsigned int i;
-    for (i = 0; i < PR_ARRAY_SIZE(ssl_experimental_functions); ++i) {
-        if (strcmp(name, ssl_experimental_functions[i].name) == 0) {
-            return ssl_experimental_functions[i].function;
-        }
-    }
-    PORT_SetError(SSL_ERROR_UNSUPPORTED_EXPERIMENTAL_API);
-    return NULL;
-}
-
-void
-ssl_ClearPRCList(PRCList *list, void (*f)(void *))
-{
-    PRCList *cursor;
-
-    while (!PR_CLIST_IS_EMPTY(list)) {
-        cursor = PR_LIST_TAIL(list);
-
-        PR_REMOVE_LINK(cursor);
-        if (f) {
-            f(cursor);
-        }
-        PORT_Free(cursor);
-    }
-}
diff --git a/security/nss/lib/ssl/sslspec.c b/security/nss/lib/ssl/sslspec.c
deleted file mode 100644
index 26c3eb546..000000000
--- a/security/nss/lib/ssl/sslspec.c
+++ /dev/null
@@ -1,273 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
-/*
- * Handling of cipher specs.
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "ssl.h"
-#include "sslproto.h"
-#include "pk11func.h"
-#include "secitem.h"
-
-#include "sslimpl.h"
-
-/* Record protection algorithms, indexed by SSL3BulkCipher.
- *
- * The |max_records| field (|mr| below) is set to a number that is higher than
- * recommended in some literature (esp. TLS 1.3) because we currently abort the
- * connection when this limit is reached and we want to ensure that we only
- * rarely hit this limit.  See bug 1268745 for details.
- */
-#define MR_MAX RECORD_SEQ_MAX  /* 2^48-1 */
-#define MR_128 (0x5aULL << 28) /* For AES and similar. */
-#define MR_LOW (1ULL << 20)    /* For weak ciphers. */
-/* clang-format off */
-static const ssl3BulkCipherDef ssl_bulk_cipher_defs[] = {
-    /*                                        |--------- Lengths ---------| */
-    /* cipher             calg                :  s                        : */
-    /*                                        :  e                  b     n */
-    /* oid                short_name mr       :  c                  l     o */
-    /*                                        k  r                  o  t  n */
-    /*                                        e  e               i  c  a  c */
-    /*                                        y  t  type         v  k  g  e */
-    {cipher_null,         ssl_calg_null,      0, 0, type_stream, 0, 0, 0, 0,
-     SEC_OID_NULL_CIPHER, "NULL", MR_MAX},
-    {cipher_rc4,          ssl_calg_rc4,      16,16, type_stream, 0, 0, 0, 0,
-     SEC_OID_RC4,         "RC4", MR_LOW},
-    {cipher_des,          ssl_calg_des,       8, 8, type_block,  8, 8, 0, 0,
-     SEC_OID_DES_CBC,     "DES-CBC", MR_LOW},
-    {cipher_3des,         ssl_calg_3des,     24,24, type_block,  8, 8, 0, 0,
-     SEC_OID_DES_EDE3_CBC, "3DES-EDE-CBC", MR_LOW},
-    {cipher_aes_128,      ssl_calg_aes,      16,16, type_block, 16,16, 0, 0,
-     SEC_OID_AES_128_CBC, "AES-128", MR_128},
-    {cipher_aes_256,      ssl_calg_aes,      32,32, type_block, 16,16, 0, 0,
-     SEC_OID_AES_256_CBC, "AES-256", MR_128},
-    {cipher_camellia_128, ssl_calg_camellia, 16,16, type_block, 16,16, 0, 0,
-     SEC_OID_CAMELLIA_128_CBC, "Camellia-128", MR_128},
-    {cipher_camellia_256, ssl_calg_camellia, 32,32, type_block, 16,16, 0, 0,
-     SEC_OID_CAMELLIA_256_CBC, "Camellia-256", MR_128},
-    {cipher_seed,         ssl_calg_seed,     16,16, type_block, 16,16, 0, 0,
-     SEC_OID_SEED_CBC,    "SEED-CBC", MR_128},
-    {cipher_aes_128_gcm,  ssl_calg_aes_gcm,  16,16, type_aead,   4, 0,16, 8,
-     SEC_OID_AES_128_GCM, "AES-128-GCM", MR_128},
-    {cipher_aes_256_gcm,  ssl_calg_aes_gcm,  32,32, type_aead,   4, 0,16, 8,
-     SEC_OID_AES_256_GCM, "AES-256-GCM", MR_128},
-    {cipher_chacha20,     ssl_calg_chacha20, 32,32, type_aead,  12, 0,16, 0,
-     SEC_OID_CHACHA20_POLY1305, "ChaCha20-Poly1305", MR_MAX},
-    {cipher_missing,      ssl_calg_null,      0, 0, type_stream, 0, 0, 0, 0,
-     SEC_OID_UNKNOWN,     "missing", 0U},
-};
-/* clang-format on */
-
-const ssl3BulkCipherDef *
-ssl_GetBulkCipherDef(const ssl3CipherSuiteDef *suiteDef)
-{
-    SSL3BulkCipher bulkCipher = suiteDef->bulk_cipher_alg;
-    PORT_Assert(bulkCipher < PR_ARRAY_SIZE(ssl_bulk_cipher_defs));
-    PORT_Assert(ssl_bulk_cipher_defs[bulkCipher].cipher == bulkCipher);
-    return &ssl_bulk_cipher_defs[bulkCipher];
-}
-
-/* indexed by SSL3MACAlgorithm */
-static const ssl3MACDef ssl_mac_defs[] = {
-    /* pad_size is only used for SSL 3.0 MAC. See RFC 6101 Sec. 5.2.3.1. */
-    /* mac      mmech       pad_size  mac_size                       */
-    { ssl_mac_null, CKM_INVALID_MECHANISM, 0, 0, 0 },
-    { ssl_mac_md5, CKM_SSL3_MD5_MAC, 48, MD5_LENGTH, SEC_OID_HMAC_MD5 },
-    { ssl_mac_sha, CKM_SSL3_SHA1_MAC, 40, SHA1_LENGTH, SEC_OID_HMAC_SHA1 },
-    { ssl_hmac_md5, CKM_MD5_HMAC, 0, MD5_LENGTH, SEC_OID_HMAC_MD5 },
-    { ssl_hmac_sha, CKM_SHA_1_HMAC, 0, SHA1_LENGTH, SEC_OID_HMAC_SHA1 },
-    { ssl_hmac_sha256, CKM_SHA256_HMAC, 0, SHA256_LENGTH, SEC_OID_HMAC_SHA256 },
-    { ssl_mac_aead, CKM_INVALID_MECHANISM, 0, 0, 0 },
-    { ssl_hmac_sha384, CKM_SHA384_HMAC, 0, SHA384_LENGTH, SEC_OID_HMAC_SHA384 }
-};
-
-const ssl3MACDef *
-ssl_GetMacDefByAlg(SSL3MACAlgorithm mac)
-{
-    /* Cast here for clang: https://bugs.llvm.org/show_bug.cgi?id=16154 */
-    PORT_Assert((size_t)mac < PR_ARRAY_SIZE(ssl_mac_defs));
-    PORT_Assert(ssl_mac_defs[mac].mac == mac);
-    return &ssl_mac_defs[mac];
-}
-
-const ssl3MACDef *
-ssl_GetMacDef(const sslSocket *ss, const ssl3CipherSuiteDef *suiteDef)
-{
-    SSL3MACAlgorithm mac = suiteDef->mac_alg;
-    if (ss->version > SSL_LIBRARY_VERSION_3_0) {
-        switch (mac) {
-            case ssl_mac_md5:
-                mac = ssl_hmac_md5;
-                break;
-            case ssl_mac_sha:
-                mac = ssl_hmac_sha;
-                break;
-            default:
-                break;
-        }
-    }
-    return ssl_GetMacDefByAlg(mac);
-}
-
-ssl3CipherSpec *
-ssl_FindCipherSpecByEpoch(sslSocket *ss, CipherSpecDirection direction,
-                          DTLSEpoch epoch)
-{
-    PRCList *cur_p;
-    for (cur_p = PR_LIST_HEAD(&ss->ssl3.hs.cipherSpecs);
-         cur_p != &ss->ssl3.hs.cipherSpecs;
-         cur_p = PR_NEXT_LINK(cur_p)) {
-        ssl3CipherSpec *spec = (ssl3CipherSpec *)cur_p;
-
-        if (spec->epoch != epoch) {
-            continue;
-        }
-        if (direction != spec->direction) {
-            continue;
-        }
-        return spec;
-    }
-    return NULL;
-}
-
-ssl3CipherSpec *
-ssl_CreateCipherSpec(sslSocket *ss, CipherSpecDirection direction)
-{
-    ssl3CipherSpec *spec = PORT_ZNew(ssl3CipherSpec);
-    if (!spec) {
-        return NULL;
-    }
-    spec->refCt = 1;
-    spec->version = ss->version;
-    spec->direction = direction;
-    SSL_TRC(10, ("%d: SSL[%d]: new %s spec %d ct=%d",
-                 SSL_GETPID(), ss->fd, SPEC_DIR(spec), spec,
-                 spec->refCt));
-    return spec;
-}
-
-void
-ssl_SaveCipherSpec(sslSocket *ss, ssl3CipherSpec *spec)
-{
-    PR_APPEND_LINK(&spec->link, &ss->ssl3.hs.cipherSpecs);
-}
-
-/* Called from ssl3_InitState. */
-/* Caller must hold the SpecWriteLock. */
-SECStatus
-ssl_SetupNullCipherSpec(sslSocket *ss, CipherSpecDirection dir)
-{
-    ssl3CipherSpec *spec;
-
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSpecWriteLock(ss));
-
-    spec = ssl_CreateCipherSpec(ss, dir);
-    if (!spec) {
-        return SECFailure;
-    }
-
-    /* Set default versions.  This value will be used to generate and send
-     * alerts if a version is not negotiated.  These values are overridden when
-     * sending a ClientHello and when a version is negotiated. */
-    spec->version = SSL_LIBRARY_VERSION_TLS_1_0;
-    spec->recordVersion = IS_DTLS(ss)
-                              ? SSL_LIBRARY_VERSION_DTLS_1_0_WIRE
-                              : SSL_LIBRARY_VERSION_TLS_1_0;
-    spec->cipherDef = &ssl_bulk_cipher_defs[cipher_null];
-    PORT_Assert(spec->cipherDef->cipher == cipher_null);
-    spec->macDef = &ssl_mac_defs[ssl_mac_null];
-    PORT_Assert(spec->macDef->mac == ssl_mac_null);
-    spec->cipher = Null_Cipher;
-
-    spec->phase = "cleartext";
-    dtls_InitRecvdRecords(&spec->recvdRecords);
-
-    ssl_SaveCipherSpec(ss, spec);
-    if (dir == CipherSpecRead) {
-        ss->ssl3.crSpec = spec;
-    } else {
-        ss->ssl3.cwSpec = spec;
-    }
-    return SECSuccess;
-}
-
-void
-ssl_CipherSpecAddRef(ssl3CipherSpec *spec)
-{
-    ++spec->refCt;
-    SSL_TRC(10, ("%d: SSL[-]: Increment ref ct for %s spec %d. new ct = %d",
-                 SSL_GETPID(), SPEC_DIR(spec), spec, spec->refCt));
-}
-
-static void
-ssl_DestroyKeyMaterial(ssl3KeyMaterial *keyMaterial)
-{
-    PK11_FreeSymKey(keyMaterial->key);
-    PK11_FreeSymKey(keyMaterial->macKey);
-    if (keyMaterial->macContext != NULL) {
-        PK11_DestroyContext(keyMaterial->macContext, PR_TRUE);
-    }
-}
-
-static void
-ssl_FreeCipherSpec(ssl3CipherSpec *spec)
-{
-    SSL_TRC(10, ("%d: SSL[-]: Freeing %s spec %d. epoch=%d",
-                 SSL_GETPID(), SPEC_DIR(spec), spec, spec->epoch));
-
-    PR_REMOVE_LINK(&spec->link);
-
-    /*  PORT_Assert( ss->opt.noLocks || ssl_HaveSpecWriteLock(ss)); Don't have ss! */
-    if (spec->cipherContext) {
-        PK11_DestroyContext(spec->cipherContext, PR_TRUE);
-    }
-    PK11_FreeSymKey(spec->masterSecret);
-    ssl_DestroyKeyMaterial(&spec->keyMaterial);
-
-    PORT_ZFree(spec, sizeof(*spec));
-}
-
-/* This function is never called on a spec which is on the
- * cipherSpecs list. */
-void
-ssl_CipherSpecRelease(ssl3CipherSpec *spec)
-{
-    if (!spec) {
-        return;
-    }
-
-    PORT_Assert(spec->refCt > 0);
-    --spec->refCt;
-    SSL_TRC(10, ("%d: SSL[-]: decrement refct for %s spec %d. epoch=%d new ct = %d",
-                 SSL_GETPID(), SPEC_DIR(spec), spec, spec->epoch, spec->refCt));
-    if (!spec->refCt) {
-        ssl_FreeCipherSpec(spec);
-    }
-}
-
-void
-ssl_DestroyCipherSpecs(PRCList *list)
-{
-    while (!PR_CLIST_IS_EMPTY(list)) {
-        ssl3CipherSpec *spec = (ssl3CipherSpec *)PR_LIST_TAIL(list);
-        ssl_FreeCipherSpec(spec);
-    }
-}
-
-void
-ssl_CipherSpecReleaseByEpoch(sslSocket *ss, CipherSpecDirection dir,
-                             DTLSEpoch epoch)
-{
-    ssl3CipherSpec *spec;
-    SSL_TRC(10, ("%d: SSL[%d]: releasing %s cipher spec for epoch %d",
-                 SSL_GETPID(), ss->fd,
-                 (dir == CipherSpecRead) ? "read" : "write", epoch));
-
-    spec = ssl_FindCipherSpecByEpoch(ss, dir, epoch);
-    if (spec) {
-        ssl_CipherSpecRelease(spec);
-    }
-}
diff --git a/security/nss/lib/ssl/sslspec.h b/security/nss/lib/ssl/sslspec.h
deleted file mode 100644
index 729ac1006..000000000
--- a/security/nss/lib/ssl/sslspec.h
+++ /dev/null
@@ -1,194 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
-/*
- * This file is PRIVATE to SSL.
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#ifndef __sslspec_h_
-#define __sslspec_h_
-
-#include "sslexp.h"
-#include "prclist.h"
-
-typedef enum {
-    TrafficKeyClearText = 0,
-    TrafficKeyEarlyApplicationData = 1,
-    TrafficKeyHandshake = 2,
-    TrafficKeyApplicationData = 3
-} TrafficKeyType;
-
-typedef enum {
-    CipherSpecRead,
-    CipherSpecWrite,
-} CipherSpecDirection;
-
-#define SPEC_DIR(spec) \
-    ((spec->direction == CipherSpecRead) ? "read" : "write")
-
-typedef struct ssl3CipherSpecStr ssl3CipherSpec;
-typedef struct ssl3BulkCipherDefStr ssl3BulkCipherDef;
-typedef struct ssl3MACDefStr ssl3MACDef;
-typedef struct ssl3CipherSuiteDefStr ssl3CipherSuiteDef;
-typedef PRUint64 sslSequenceNumber;
-typedef PRUint16 DTLSEpoch;
-
-/* The SSL bulk cipher definition */
-typedef enum {
-    cipher_null,
-    cipher_rc4,
-    cipher_des,
-    cipher_3des,
-    cipher_aes_128,
-    cipher_aes_256,
-    cipher_camellia_128,
-    cipher_camellia_256,
-    cipher_seed,
-    cipher_aes_128_gcm,
-    cipher_aes_256_gcm,
-    cipher_chacha20,
-    cipher_missing /* reserved for no such supported cipher */
-    /* This enum must match ssl3_cipherName[] in ssl3con.c.  */
-} SSL3BulkCipher;
-
-typedef enum {
-    type_stream,
-    type_block,
-    type_aead
-} CipherType;
-
-/*
-** There are tables of these, all const.
-*/
-struct ssl3BulkCipherDefStr {
-    SSL3BulkCipher cipher;
-    SSLCipherAlgorithm calg;
-    unsigned int key_size;
-    unsigned int secret_key_size;
-    CipherType type;
-    unsigned int iv_size;
-    unsigned int block_size;
-    unsigned int tag_size;            /* for AEAD ciphers. */
-    unsigned int explicit_nonce_size; /* for AEAD ciphers. */
-    SECOidTag oid;
-    const char *short_name;
-    /* The maximum number of records that can be sent/received with the same
-      * symmetric key before the connection will be terminated. */
-    PRUint64 max_records;
-};
-
-/* to make some of these old enums public without namespace pollution,
-** it was necessary to prepend ssl_ to the names.
-** These #defines preserve compatibility with the old code here in libssl.
-*/
-typedef SSLMACAlgorithm SSL3MACAlgorithm;
-
-/*
- * There are tables of these, all const.
- */
-struct ssl3MACDefStr {
-    SSL3MACAlgorithm mac;
-    CK_MECHANISM_TYPE mmech;
-    int pad_size;
-    int mac_size;
-    SECOidTag oid;
-};
-
-#define MAX_IV_LENGTH 24
-
-typedef struct {
-    PK11SymKey *key;
-    PK11SymKey *macKey;
-    PK11Context *macContext;
-    PRUint8 iv[MAX_IV_LENGTH];
-} ssl3KeyMaterial;
-
-typedef SECStatus (*SSLCipher)(void *context,
-                               unsigned char *out,
-                               int *outlen,
-                               int maxout,
-                               const unsigned char *in,
-                               int inlen);
-typedef SECStatus (*SSLAEADCipher)(
-    ssl3KeyMaterial *keys,
-    PRBool doDecrypt,
-    unsigned char *out,
-    int *outlen,
-    int maxout,
-    const unsigned char *in,
-    int inlen,
-    const unsigned char *additionalData,
-    int additionalDataLen);
-
-/* The DTLS anti-replay window in number of packets. Defined here because we
- * need it in the cipher spec. Note that this is a ring buffer but left and
- * right represent the true window, with modular arithmetic used to map them
- * onto the buffer.
- */
-#define DTLS_RECVD_RECORDS_WINDOW 1024
-#define RECORD_SEQ_MASK ((1ULL << 48) - 1)
-#define RECORD_SEQ_MAX RECORD_SEQ_MASK
-PR_STATIC_ASSERT(DTLS_RECVD_RECORDS_WINDOW % 8 == 0);
-
-typedef struct DTLSRecvdRecordsStr {
-    unsigned char data[DTLS_RECVD_RECORDS_WINDOW / 8];
-    sslSequenceNumber left;
-    sslSequenceNumber right;
-} DTLSRecvdRecords;
-
-/*
- * These are the "specs" used for reading and writing records.  Access to the
- * pointers to these specs, and all the specs' contents (direct and indirect) is
- * protected by the reader/writer lock ss->specLock.
- */
-struct ssl3CipherSpecStr {
-    PRCList link;
-    PRUint8 refCt;
-
-    CipherSpecDirection direction;
-    SSL3ProtocolVersion version;
-    SSL3ProtocolVersion recordVersion;
-
-    const ssl3BulkCipherDef *cipherDef;
-    const ssl3MACDef *macDef;
-
-    SSLCipher cipher;
-    SSLAEADCipher aead;
-    void *cipherContext;
-
-    PK11SymKey *masterSecret;
-    ssl3KeyMaterial keyMaterial;
-
-    DTLSEpoch epoch;
-    const char *phase;
-    sslSequenceNumber seqNum;
-    DTLSRecvdRecords recvdRecords;
-
-    /* The number of 0-RTT bytes that can be sent or received in TLS 1.3. This
-     * will be zero for everything but 0-RTT. */
-    PRUint32 earlyDataRemaining;
-};
-
-typedef void (*sslCipherSpecChangedFunc)(void *arg,
-                                         PRBool sending,
-                                         ssl3CipherSpec *newSpec);
-
-const ssl3BulkCipherDef *ssl_GetBulkCipherDef(const ssl3CipherSuiteDef *cipher_def);
-const ssl3MACDef *ssl_GetMacDefByAlg(SSL3MACAlgorithm mac);
-const ssl3MACDef *ssl_GetMacDef(const sslSocket *ss, const ssl3CipherSuiteDef *suiteDef);
-
-ssl3CipherSpec *ssl_CreateCipherSpec(sslSocket *ss, CipherSpecDirection direction);
-void ssl_SaveCipherSpec(sslSocket *ss, ssl3CipherSpec *spec);
-void ssl_CipherSpecAddRef(ssl3CipherSpec *spec);
-void ssl_CipherSpecRelease(ssl3CipherSpec *spec);
-void ssl_DestroyCipherSpecs(PRCList *list);
-SECStatus ssl_SetupNullCipherSpec(sslSocket *ss, CipherSpecDirection dir);
-
-ssl3CipherSpec *ssl_FindCipherSpecByEpoch(sslSocket *ss,
-                                          CipherSpecDirection direction,
-                                          DTLSEpoch epoch);
-void ssl_CipherSpecReleaseByEpoch(sslSocket *ss, CipherSpecDirection direction,
-                                  DTLSEpoch epoch);
-
-#endif /* __sslspec_h_ */
diff --git a/security/nss/lib/ssl/sslt.h b/security/nss/lib/ssl/sslt.h
index ce8f6e281..bd9a2ae88 100644
--- a/security/nss/lib/ssl/sslt.h
+++ b/security/nss/lib/ssl/sslt.h
@@ -13,28 +13,6 @@
 #include "secitem.h"
 #include "certt.h"
 
-typedef enum {
-    ssl_hs_hello_request = 0,
-    ssl_hs_client_hello = 1,
-    ssl_hs_server_hello = 2,
-    ssl_hs_hello_verify_request = 3,
-    ssl_hs_new_session_ticket = 4,
-    ssl_hs_end_of_early_data = 5,
-    ssl_hs_hello_retry_request = 6,
-    ssl_hs_encrypted_extensions = 8,
-    ssl_hs_certificate = 11,
-    ssl_hs_server_key_exchange = 12,
-    ssl_hs_certificate_request = 13,
-    ssl_hs_server_hello_done = 14,
-    ssl_hs_certificate_verify = 15,
-    ssl_hs_client_key_exchange = 16,
-    ssl_hs_finished = 20,
-    ssl_hs_certificate_status = 22,
-    ssl_hs_key_update = 24,
-    ssl_hs_next_proto = 67,
-    ssl_hs_message_hash = 254, /* Not a real message. */
-} SSLHandshakeType;
-
 typedef struct SSL3StatisticsStr {
     /* statistics from ssl3_SendClientHello (sch) */
     long sch_sid_cache_hits;
@@ -297,14 +275,6 @@ typedef struct SSLChannelInfoStr {
     SSLAuthType authType;
     SSLSignatureScheme signatureScheme;
 
-    /* The following fields were added in NSS 3.34. */
-    /* When the session was resumed this holds the key exchange group of the
-     * original handshake. */
-    SSLNamedGroup originalKeaGroup;
-    /* This field is PR_TRUE when the session is resumed and PR_FALSE
-     * otherwise. */
-    PRBool resumed;
-
     /* When adding new fields to this structure, please document the
      * NSS version in which they were added. */
 } SSLChannelInfo;
@@ -425,19 +395,16 @@ typedef enum {
     ssl_padding_xtn = 21,
     ssl_extended_master_secret_xtn = 23,
     ssl_session_ticket_xtn = 35,
-    /* 40 was used in draft versions of TLS 1.3; it is now reserved. */
+    ssl_tls13_key_share_xtn = 40,
     ssl_tls13_pre_shared_key_xtn = 41,
     ssl_tls13_early_data_xtn = 42,
     ssl_tls13_supported_versions_xtn = 43,
     ssl_tls13_cookie_xtn = 44,
     ssl_tls13_psk_key_exchange_modes_xtn = 45,
-    ssl_tls13_ticket_early_data_info_xtn = 46, /* Deprecated. */
-    ssl_tls13_certificate_authorities_xtn = 47,
-    ssl_signature_algorithms_cert_xtn = 50,
-    ssl_tls13_key_share_xtn = 51,
-    ssl_next_proto_nego_xtn = 13172, /* Deprecated. */
+    ssl_tls13_ticket_early_data_info_xtn = 46,
+    ssl_next_proto_nego_xtn = 13172,
     ssl_renegotiation_info_xtn = 0xff01,
-    ssl_tls13_short_header_xtn = 0xff03 /* Deprecated. */
+    ssl_tls13_short_header_xtn = 0xff03
 } SSLExtensionType;
 
 /* This is the old name for the supported_groups extensions. */
diff --git a/security/nss/lib/ssl/tls13con.c b/security/nss/lib/ssl/tls13con.c
index 1fecaf3f8..560493848 100644
--- a/security/nss/lib/ssl/tls13con.c
+++ b/security/nss/lib/ssl/tls13con.c
@@ -17,14 +17,23 @@
 #include "sslimpl.h"
 #include "sslproto.h"
 #include "sslerr.h"
-#include "ssl3exthandle.h"
 #include "tls13hkdf.h"
 #include "tls13con.h"
-#include "tls13err.h"
 #include "tls13exthandle.h"
-#include "tls13hashstate.h"
 
-static SECStatus tls13_SetCipherSpec(sslSocket *ss, PRUint16 epoch,
+typedef enum {
+    TrafficKeyClearText = 0,
+    TrafficKeyEarlyApplicationData = 1,
+    TrafficKeyHandshake = 2,
+    TrafficKeyApplicationData = 3
+} TrafficKeyType;
+
+typedef enum {
+    CipherSpecRead,
+    CipherSpecWrite,
+} CipherSpecDirection;
+
+static SECStatus tls13_SetCipherSpec(sslSocket *ss, TrafficKeyType type,
                                      CipherSpecDirection install,
                                      PRBool deleteSecret);
 static SECStatus tls13_AESGCM(
@@ -44,9 +53,8 @@ static SECStatus tls13_SendEncryptedExtensions(sslSocket *ss);
 static void tls13_SetKeyExchangeType(sslSocket *ss, const sslNamedGroupDef *group);
 static SECStatus tls13_HandleClientKeyShare(sslSocket *ss,
                                             TLS13KeyShareEntry *peerShare);
-static SECStatus tls13_SendHelloRetryRequest(
-    sslSocket *ss, const sslNamedGroupDef *selectedGroup,
-    const PRUint8 *token, unsigned int tokenLen);
+static SECStatus tls13_SendHelloRetryRequest(sslSocket *ss,
+                                             const sslNamedGroupDef *selectedGroup);
 
 static SECStatus tls13_HandleServerKeyShare(sslSocket *ss);
 static SECStatus tls13_HandleEncryptedExtensions(sslSocket *ss, PRUint8 *b,
@@ -54,46 +62,40 @@ static SECStatus tls13_HandleEncryptedExtensions(sslSocket *ss, PRUint8 *b,
 static SECStatus tls13_SendCertificate(sslSocket *ss);
 static SECStatus tls13_HandleCertificate(
     sslSocket *ss, PRUint8 *b, PRUint32 length);
-static SECStatus tls13_ReinjectHandshakeTranscript(sslSocket *ss);
 static SECStatus tls13_HandleCertificateRequest(sslSocket *ss, PRUint8 *b,
                                                 PRUint32 length);
 static SECStatus
 tls13_SendCertificateVerify(sslSocket *ss, SECKEYPrivateKey *privKey);
 static SECStatus tls13_HandleCertificateVerify(
-    sslSocket *ss, PRUint8 *b, PRUint32 length);
+    sslSocket *ss, PRUint8 *b, PRUint32 length,
+    SSL3Hashes *hashes);
 static SECStatus tls13_RecoverWrappedSharedSecret(sslSocket *ss,
                                                   sslSessionID *sid);
 static SECStatus
-tls13_DeriveSecretWrap(sslSocket *ss, PK11SymKey *key,
-                       const char *prefix,
-                       const char *suffix,
-                       const char *keylogLabel,
-                       PK11SymKey **dest);
-static SECStatus
 tls13_DeriveSecret(sslSocket *ss, PK11SymKey *key,
-                   const char *label,
-                   unsigned int labelLen,
+                   const char *prefix,
+                   const char *suffix,
                    const SSL3Hashes *hashes,
                    PK11SymKey **dest);
 static SECStatus tls13_SendEndOfEarlyData(sslSocket *ss);
-static SECStatus tls13_HandleEndOfEarlyData(sslSocket *ss, PRUint8 *b,
-                                            PRUint32 length);
 static SECStatus tls13_SendFinished(sslSocket *ss, PK11SymKey *baseKey);
-static SECStatus tls13_ComputePskBinderHash(sslSocket *ss, unsigned int prefix,
+static SECStatus tls13_ComputePskBinderHash(sslSocket *ss,
+                                            unsigned long prefixLength,
                                             SSL3Hashes *hashes);
-static SECStatus tls13_VerifyFinished(sslSocket *ss, SSLHandshakeType message,
+static SECStatus tls13_VerifyFinished(sslSocket *ss, SSL3HandshakeType message,
                                       PK11SymKey *secret,
                                       PRUint8 *b, PRUint32 length,
                                       const SSL3Hashes *hashes);
 static SECStatus tls13_ClientHandleFinished(sslSocket *ss,
-                                            PRUint8 *b, PRUint32 length);
+                                            PRUint8 *b, PRUint32 length,
+                                            const SSL3Hashes *hashes);
 static SECStatus tls13_ServerHandleFinished(sslSocket *ss,
-                                            PRUint8 *b, PRUint32 length);
-static SECStatus tls13_SendNewSessionTicket(sslSocket *ss,
-                                            const PRUint8 *appToken,
-                                            unsigned int appTokenLen);
+                                            PRUint8 *b, PRUint32 length,
+                                            const SSL3Hashes *hashes);
 static SECStatus tls13_HandleNewSessionTicket(sslSocket *ss, PRUint8 *b,
                                               PRUint32 length);
+static SECStatus tls13_ComputeHandshakeHashes(sslSocket *ss,
+                                              SSL3Hashes *hashes);
 static SECStatus tls13_ComputeEarlySecrets(sslSocket *ss);
 static SECStatus tls13_ComputeHandshakeSecrets(sslSocket *ss);
 static SECStatus tls13_ComputeApplicationSecrets(sslSocket *ss);
@@ -105,28 +107,26 @@ static SECStatus tls13_ComputeFinished(
 static SECStatus tls13_SendClientSecondRound(sslSocket *ss);
 static SECStatus tls13_FinishHandshake(sslSocket *ss);
 
-const char kHkdfLabelClient[] = "c";
-const char kHkdfLabelServer[] = "s";
-const char kHkdfLabelDerivedSecret[] = "derived";
-const char kHkdfLabelPskBinderKey[] = "res binder";
-const char kHkdfLabelEarlyTrafficSecret[] = "e traffic";
-const char kHkdfLabelEarlyExporterSecret[] = "e exp master";
-const char kHkdfLabelHandshakeTrafficSecret[] = "hs traffic";
-const char kHkdfLabelApplicationTrafficSecret[] = "ap traffic";
+const char kHkdfLabelClient[] = "client";
+const char kHkdfLabelServer[] = "server";
+const char kHkdfLabelPskBinderKey[] = "resumption psk binder key";
+const char kHkdfLabelEarlyTrafficSecret[] = "early traffic secret";
+const char kHkdfLabelEarlyExporterSecret[] = "early exporter master secret";
+const char kHkdfLabelHandshakeTrafficSecret[] = "handshake traffic secret";
+const char kHkdfLabelApplicationTrafficSecret[] = "application traffic secret";
 const char kHkdfLabelFinishedSecret[] = "finished";
-const char kHkdfLabelResumptionMasterSecret[] = "res master";
-const char kHkdfLabelExporterMasterSecret[] = "exp master";
-const char kHkdfLabelResumption[] = "resumption";
+const char kHkdfLabelResumptionMasterSecret[] = "resumption master secret";
+const char kHkdfLabelExporterMasterSecret[] = "exporter master secret";
 const char kHkdfPurposeKey[] = "key";
 const char kHkdfPurposeIv[] = "iv";
 
-const char keylogLabelClientEarlyTrafficSecret[] = "CLIENT_EARLY_TRAFFIC_SECRET";
-const char keylogLabelClientHsTrafficSecret[] = "CLIENT_HANDSHAKE_TRAFFIC_SECRET";
-const char keylogLabelServerHsTrafficSecret[] = "SERVER_HANDSHAKE_TRAFFIC_SECRET";
-const char keylogLabelClientTrafficSecret[] = "CLIENT_TRAFFIC_SECRET_0";
-const char keylogLabelServerTrafficSecret[] = "SERVER_TRAFFIC_SECRET_0";
-const char keylogLabelEarlyExporterSecret[] = "EARLY_EXPORTER_SECRET";
-const char keylogLabelExporterSecret[] = "EXPORTER_SECRET";
+#define TRAFFIC_SECRET(ss, dir, name) ((ss->sec.isServer ^            \
+                                        (dir == CipherSpecWrite))     \
+                                           ? ss->ssl3.hs.client##name \
+                                           : ss->ssl3.hs.server##name)
+
+const SSL3ProtocolVersion kTlsRecordVersion = SSL_LIBRARY_VERSION_TLS_1_0;
+const SSL3ProtocolVersion kDtlsRecordVersion = SSL_LIBRARY_VERSION_TLS_1_1;
 
 /* Belt and suspenders in case we ever add a TLS 1.4. */
 PR_STATIC_ASSERT(SSL_LIBRARY_VERSION_MAX_SUPPORTED <=
@@ -165,7 +165,6 @@ tls13_HandshakeState(SSL3WaitState st)
     switch (st) {
         STATE_CASE(idle_handshake);
         STATE_CASE(wait_client_hello);
-        STATE_CASE(wait_end_of_early_data);
         STATE_CASE(wait_client_cert);
         STATE_CASE(wait_client_key);
         STATE_CASE(wait_cert_verify);
@@ -337,23 +336,6 @@ tls13_GetHmacMechanism(sslSocket *ss)
 }
 
 SECStatus
-tls13_ComputeHash(sslSocket *ss, SSL3Hashes *hashes,
-                  const PRUint8 *buf, unsigned int len)
-{
-    SECStatus rv;
-
-    rv = PK11_HashBuf(ssl3_HashTypeToOID(tls13_GetHash(ss)),
-                      hashes->u.raw, buf, len);
-    if (rv != SECSuccess) {
-        FATAL_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE, internal_error);
-        return SECFailure;
-    }
-    hashes->len = tls13_GetHashSize(ss);
-
-    return SECSuccess;
-}
-
-SECStatus
 tls13_CreateKeyShare(sslSocket *ss, const sslNamedGroupDef *groupDef)
 {
     SECStatus rv;
@@ -468,8 +450,7 @@ tls13_SetupClientHello(sslSocket *ss)
             return SECFailure;
         }
 
-        ss->ssl3.hs.cipher_suite = ss->sec.ci.sid->u.ssl3.cipherSuite;
-        rv = ssl3_SetupCipherSuite(ss, PR_FALSE);
+        rv = ssl3_SetCipherSuite(ss, ss->sec.ci.sid->u.ssl3.cipherSuite, PR_FALSE);
         if (rv != SECSuccess) {
             FATAL_ERROR(ss, PORT_GetError(), internal_error);
             return SECFailure;
@@ -577,241 +558,9 @@ loser:
     return SECFailure;
 }
 
-static PRBool
-tls13_UseServerSecret(sslSocket *ss, CipherSpecDirection direction)
-{
-    return ss->sec.isServer == (direction == CipherSpecWrite);
-}
-
-static PK11SymKey **
-tls13_TrafficSecretRef(sslSocket *ss, CipherSpecDirection direction)
-{
-    if (tls13_UseServerSecret(ss, direction)) {
-        return &ss->ssl3.hs.serverTrafficSecret;
-    }
-    return &ss->ssl3.hs.clientTrafficSecret;
-}
-
-SECStatus
-tls13_UpdateTrafficKeys(sslSocket *ss, CipherSpecDirection direction)
-{
-    PK11SymKey **secret;
-    PK11SymKey *updatedSecret;
-    PRUint16 epoch;
-    SECStatus rv;
-
-    secret = tls13_TrafficSecretRef(ss, direction);
-    rv = tls13_HkdfExpandLabel(*secret, tls13_GetHash(ss),
-                               NULL, 0,
-                               kHkdfLabelApplicationTrafficSecret,
-                               strlen(kHkdfLabelApplicationTrafficSecret),
-                               tls13_GetHmacMechanism(ss),
-                               tls13_GetHashSize(ss),
-                               &updatedSecret);
-    if (rv != SECSuccess) {
-        return SECFailure;
-    }
-
-    PK11_FreeSymKey(*secret);
-    *secret = updatedSecret;
-
-    ssl_GetSpecReadLock(ss);
-    if (direction == CipherSpecRead) {
-        epoch = ss->ssl3.crSpec->epoch;
-    } else {
-        epoch = ss->ssl3.cwSpec->epoch;
-    }
-    ssl_ReleaseSpecReadLock(ss);
-
-    if (epoch == PR_UINT16_MAX) {
-        /* Good chance that this is an overflow from too many updates. */
-        FATAL_ERROR(ss, SSL_ERROR_TOO_MANY_KEY_UPDATES, internal_error);
-        return SECFailure;
-    }
-    ++epoch;
-
-    rv = tls13_SetCipherSpec(ss, epoch, direction, PR_FALSE);
-    if (rv != SECSuccess) {
-        FATAL_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE, internal_error);
-        return SECFailure;
-    }
-
-    return SECSuccess;
-}
-
-SECStatus
-tls13_SendKeyUpdate(sslSocket *ss, tls13KeyUpdateRequest request, PRBool buffer)
-{
-    SECStatus rv;
-
-    SSL_TRC(3, ("%d: TLS13[%d]: %s send key update, response %s",
-                SSL_GETPID(), ss->fd, SSL_ROLE(ss),
-                (request == update_requested) ? "requested"
-                                              : "not requested"));
-
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-
-    if (!ss->firstHsDone) {
-        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-        return SECFailure;
-    }
-
-    rv = TLS13_CHECK_HS_STATE(ss, SEC_ERROR_LIBRARY_FAILURE,
-                              idle_handshake);
-    if (rv != SECSuccess) {
-        return SECFailure;
-    }
-
-    /* Not supported. */
-    if (IS_DTLS(ss)) {
-        PORT_SetError(SEC_ERROR_INVALID_ARGS);
-        return SECFailure;
-    }
-
-    ssl_GetXmitBufLock(ss);
-    rv = ssl3_AppendHandshakeHeader(ss, ssl_hs_key_update, 1);
-    if (rv != SECSuccess) {
-        FATAL_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE, internal_error);
-        goto loser;
-    }
-    rv = ssl3_AppendHandshakeNumber(ss, request, 1);
-    if (rv != SECSuccess) {
-        FATAL_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE, internal_error);
-        goto loser;
-    }
-
-    /* If we have been asked to buffer, then do so.  This allows us to coalesce
-     * a KeyUpdate with a pending write. */
-    rv = ssl3_FlushHandshake(ss, buffer ? ssl_SEND_FLAG_FORCE_INTO_BUFFER : 0);
-    if (rv != SECSuccess) {
-        goto loser; /* error code set by ssl3_FlushHandshake */
-    }
-    ssl_ReleaseXmitBufLock(ss);
-
-    rv = tls13_UpdateTrafficKeys(ss, CipherSpecWrite);
-    if (rv != SECSuccess) {
-        goto loser; /* error code set by tls13_UpdateTrafficKeys */
-    }
-
-    return SECSuccess;
-
-loser:
-    ssl_ReleaseXmitBufLock(ss);
-    return SECFailure;
-}
-
-SECStatus
-SSLExp_KeyUpdate(PRFileDesc *fd, PRBool requestUpdate)
-{
-    SECStatus rv;
-    sslSocket *ss = ssl_FindSocket(fd);
-    if (!ss) {
-        return SECFailure;
-    }
-
-    if (!ss->firstHsDone) {
-        PORT_SetError(SEC_ERROR_INVALID_ARGS);
-        return SECFailure;
-    }
-
-    rv = TLS13_CHECK_HS_STATE(ss, SEC_ERROR_INVALID_ARGS,
-                              idle_handshake);
-    if (rv != SECSuccess) {
-        return SECFailure;
-    }
-
-    ssl_GetSSL3HandshakeLock(ss);
-    rv = tls13_SendKeyUpdate(ss, requestUpdate ? update_requested : update_not_requested,
-                             PR_FALSE /* don't buffer */);
-
-    /* Remember that we are the ones that initiated this KeyUpdate. */
-    if (rv == SECSuccess) {
-        ss->ssl3.peerRequestedKeyUpdate = PR_FALSE;
-    }
-    ssl_ReleaseSSL3HandshakeLock(ss);
-    return rv;
-}
-
-/*
- * enum {
- *     update_not_requested(0), update_requested(1), (255)
- * } KeyUpdateRequest;
- *
- * struct {
- *     KeyUpdateRequest request_update;
- * } KeyUpdate;
- */
-static SECStatus
-tls13_HandleKeyUpdate(sslSocket *ss, PRUint8 *b, unsigned int length)
-{
-    SECStatus rv;
-    PRUint32 update;
-
-    SSL_TRC(3, ("%d: TLS13[%d]: %s handle key update",
-                SSL_GETPID(), ss->fd, SSL_ROLE(ss)));
-
-    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-
-    PORT_Assert(ss->firstHsDone);
-    if (!ss->firstHsDone) {
-        FATAL_ERROR(ss, SSL_ERROR_RX_UNEXPECTED_KEY_UPDATE, unexpected_message);
-        return SECFailure;
-    }
-
-    rv = TLS13_CHECK_HS_STATE(ss, SSL_ERROR_RX_UNEXPECTED_KEY_UPDATE,
-                              idle_handshake);
-    if (rv != SECSuccess) {
-        /* We should never be idle_handshake prior to firstHsDone. */
-        FATAL_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE, internal_error);
-        return SECFailure;
-    }
-
-    rv = ssl3_ConsumeHandshakeNumber(ss, &update, 1, &b, &length);
-    if (rv != SECSuccess) {
-        return SECFailure; /* Error code set already. */
-    }
-    if (length != 0) {
-        FATAL_ERROR(ss, SSL_ERROR_RX_MALFORMED_KEY_UPDATE, decode_error);
-        return SECFailure;
-    }
-    if (!(update == update_requested ||
-          update == update_not_requested)) {
-        FATAL_ERROR(ss, SSL_ERROR_RX_MALFORMED_KEY_UPDATE, decode_error);
-        return SECFailure;
-    }
-
-    rv = tls13_UpdateTrafficKeys(ss, CipherSpecRead);
-    if (rv != SECSuccess) {
-        return SECFailure; /* Error code set by tls13_UpdateTrafficKeys. */
-    }
-
-    if (update == update_requested) {
-        PRBool sendUpdate;
-        if (ss->ssl3.peerRequestedKeyUpdate) {
-            /* Only send an update if we have sent with the current spec.  This
-             * prevents us from being forced to crank forward pointlessly. */
-            ssl_GetSpecReadLock(ss);
-            sendUpdate = ss->ssl3.cwSpec->seqNum > 0;
-            ssl_ReleaseSpecReadLock(ss);
-        } else {
-            sendUpdate = PR_TRUE;
-        }
-        if (sendUpdate) {
-            /* Respond immediately (don't buffer). */
-            rv = tls13_SendKeyUpdate(ss, update_not_requested, PR_FALSE);
-            if (rv != SECSuccess) {
-                return SECFailure; /* Error already set. */
-            }
-        }
-        ss->ssl3.peerRequestedKeyUpdate = PR_TRUE;
-    }
-
-    return SECSuccess;
-}
-
 SECStatus
-tls13_HandlePostHelloHandshakeMessage(sslSocket *ss, PRUint8 *b, PRUint32 length)
+tls13_HandlePostHelloHandshakeMessage(sslSocket *ss, PRUint8 *b,
+                                      PRUint32 length, SSL3Hashes *hashesPtr)
 {
     if (ss->sec.isServer && ss->ssl3.hs.zeroRttIgnore != ssl_0rtt_ignore_none) {
         SSL_TRC(3, ("%d: TLS13[%d]: %s successfully decrypted handshake after"
@@ -822,34 +571,36 @@ tls13_HandlePostHelloHandshakeMessage(sslSocket *ss, PRUint8 *b, PRUint32 length
 
     /* TODO(ekr@rtfm.com): Would it be better to check all the states here? */
     switch (ss->ssl3.hs.msg_type) {
-        case ssl_hs_certificate:
+        case certificate:
             return tls13_HandleCertificate(ss, b, length);
 
-        case ssl_hs_certificate_request:
+        case certificate_request:
             return tls13_HandleCertificateRequest(ss, b, length);
 
-        case ssl_hs_certificate_verify:
-            return tls13_HandleCertificateVerify(ss, b, length);
+        case certificate_verify:
+            if (!hashesPtr) {
+                FATAL_ERROR(ss, SSL_ERROR_RX_UNEXPECTED_CERT_VERIFY, unexpected_message);
+                return SECFailure;
+            }
+            return tls13_HandleCertificateVerify(ss, b, length, hashesPtr);
 
-        case ssl_hs_encrypted_extensions:
+        case encrypted_extensions:
             return tls13_HandleEncryptedExtensions(ss, b, length);
 
-        case ssl_hs_new_session_ticket:
+        case new_session_ticket:
             return tls13_HandleNewSessionTicket(ss, b, length);
 
-        case ssl_hs_finished:
+        case finished:
+            if (!hashesPtr) {
+                FATAL_ERROR(ss, SSL_ERROR_RX_UNEXPECTED_FINISHED, unexpected_message);
+                return SECFailure;
+            }
             if (ss->sec.isServer) {
-                return tls13_ServerHandleFinished(ss, b, length);
+                return tls13_ServerHandleFinished(ss, b, length, hashesPtr);
             } else {
-                return tls13_ClientHandleFinished(ss, b, length);
+                return tls13_ClientHandleFinished(ss, b, length, hashesPtr);
             }
 
-        case ssl_hs_end_of_early_data:
-            return tls13_HandleEndOfEarlyData(ss, b, length);
-
-        case ssl_hs_key_update:
-            return tls13_HandleKeyUpdate(ss, b, length);
-
         default:
             FATAL_ERROR(ss, SSL_ERROR_RX_UNKNOWN_HANDSHAKE, unexpected_message);
             return SECFailure;
@@ -868,6 +619,10 @@ tls13_RecoverWrappedSharedSecret(sslSocket *ss, sslSessionID *sid)
 
     SSL_TRC(3, ("%d: TLS13[%d]: recovering static secret (%s)",
                 SSL_GETPID(), ss->fd, SSL_ROLE(ss)));
+    if (!sid->u.ssl3.keys.msIsWrapped) {
+        PORT_Assert(0); /* I think this can't happen. */
+        return SECFailure;
+    }
 
     /* Now find the hash used as the PRF for the previous handshake. */
     hashType = tls13_GetHashForCipherSuite(sid->u.ssl3.cipherSuite);
@@ -918,55 +673,53 @@ tls13_RecoverWrappedSharedSecret(sslSocket *ss, sslSessionID *sid)
 
 /* Key Derivation Functions.
  *
+ * Below is the key schedule from [draft-ietf-tls-tls13].
+ *
+ * * The relevant functions from this file are indicated by tls13_Foo().
  *                 0
  *                 |
  *                 v
- *   PSK ->  HKDF-Extract = Early Secret
+ *   PSK ->  HKDF-Extract
  *                 |
- *                 +-----> Derive-Secret(., "ext binder" | "res binder", "")
- *                 |                     = binder_key
- *                 |
- *                 +-----> Derive-Secret(., "c e traffic",
- *                 |                     ClientHello)
- *                 |                     = client_early_traffic_secret
- *                 |
- *                 +-----> Derive-Secret(., "e exp master",
- *                 |                     ClientHello)
- *                 |                     = early_exporter_secret
  *                 v
- *           Derive-Secret(., "derived", "")
+ *           Early Secret ---> Derive-Secret(., "client early traffic secret",
+ *                 |                         ClientHello)
+ *                 |                         = client_early_traffic_secret
+ *                 v
+ * (EC)DHE -> HKDF-Extract
  *                 |
  *                 v
- *(EC)DHE -> HKDF-Extract = Handshake Secret
+ *         Handshake Secret
  *                 |
- *                 +-----> Derive-Secret(., "c hs traffic",
- *                 |                     ClientHello...ServerHello)
- *                 |                     = client_handshake_traffic_secret
+ *                 +---------> Derive-Secret(., "client handshake traffic secret",
+ *                 |                         ClientHello...ServerHello)
+ *                 |                         = client_handshake_traffic_secret
+ *                 |
+ *                 +---------> Derive-Secret(., "server handshake traffic secret",
+ *                 |                         ClientHello...ServerHello)
+ *                 |                         = server_handshake_traffic_secret
  *                 |
- *                 +-----> Derive-Secret(., "s hs traffic",
- *                 |                     ClientHello...ServerHello)
- *                 |                     = server_handshake_traffic_secret
  *                 v
- *           Derive-Secret(., "derived", "")
+ *      0 -> HKDF-Extract
  *                 |
  *                 v
- *      0 -> HKDF-Extract = Master Secret
+ *            Master Secret
  *                 |
- *                 +-----> Derive-Secret(., "c ap traffic",
- *                 |                     ClientHello...Server Finished)
- *                 |                     = client_traffic_secret_0
+ *                 +---------> Derive-Secret(., "client application traffic secret",
+ *                 |                         ClientHello...Server Finished)
+ *                 |                         = client_traffic_secret_0
  *                 |
- *                 +-----> Derive-Secret(., "s ap traffic",
- *                 |                     ClientHello...Server Finished)
- *                 |                     = server_traffic_secret_0
+ *                 +---------> Derive-Secret(., "server application traffic secret",
+ *                 |                         ClientHello...Server Finished)
+ *                 |                         = server_traffic_secret_0
  *                 |
- *                 +-----> Derive-Secret(., "exp master",
- *                 |                     ClientHello...Server Finished)
- *                 |                     = exporter_secret
+ *                 +---------> Derive-Secret(., "exporter master secret",
+ *                 |                         ClientHello...Client Finished)
+ *                 |                         = exporter_secret
  *                 |
- *                 +-----> Derive-Secret(., "res master",
- *                                       ClientHello...Client Finished)
- *                                       = resumption_master_secret
+ *                 +---------> Derive-Secret(., "resumption master secret",
+ *                                           ClientHello...Client Finished)
+ *                                           = resumption_secret
  *
  */
 
@@ -989,43 +742,35 @@ tls13_ComputeEarlySecrets(sslSocket *ss)
 
     PORT_Assert(ss->statelessResume == (ss->ssl3.hs.resumptionMasterSecret != NULL));
     if (ss->statelessResume) {
+        PRUint8 buf[1] = { 0 };
+        SSL3Hashes hashes;
+
         PK11_FreeSymKey(ss->ssl3.hs.resumptionMasterSecret);
         ss->ssl3.hs.resumptionMasterSecret = NULL;
 
-        rv = tls13_DeriveSecretNullHash(ss, ss->ssl3.hs.currentSecret,
-                                        kHkdfLabelPskBinderKey,
-                                        strlen(kHkdfLabelPskBinderKey),
-                                        &ss->ssl3.hs.pskBinderKey);
+        rv = PK11_HashBuf(ssl3_HashTypeToOID(tls13_GetHash(ss)),
+                          hashes.u.raw, buf, 0);
         if (rv != SECSuccess) {
+            FATAL_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE, internal_error);
             return SECFailure;
         }
-    }
-    PORT_Assert(!ss->ssl3.hs.resumptionMasterSecret);
-
-    return SECSuccess;
-}
+        hashes.len = tls13_GetHashSize(ss);
 
-/* This derives the early traffic and early exporter secrets. */
-static SECStatus
-tls13_DeriveEarlySecrets(sslSocket *ss)
-{
-    SECStatus rv;
-
-    rv = tls13_DeriveSecretWrap(ss, ss->ssl3.hs.currentSecret,
-                                kHkdfLabelClient,
-                                kHkdfLabelEarlyTrafficSecret,
-                                keylogLabelClientEarlyTrafficSecret,
-                                &ss->ssl3.hs.clientEarlyTrafficSecret);
-    if (rv != SECSuccess) {
-        return SECFailure;
-    }
+        rv = tls13_DeriveSecret(ss, ss->ssl3.hs.currentSecret,
+                                NULL, kHkdfLabelPskBinderKey, &hashes,
+                                &ss->ssl3.hs.pskBinderKey);
+        if (rv != SECSuccess) {
+            return SECFailure;
+        }
 
-    rv = tls13_DeriveSecretWrap(ss, ss->ssl3.hs.currentSecret,
+        rv = tls13_DeriveSecret(ss, ss->ssl3.hs.currentSecret,
                                 NULL, kHkdfLabelEarlyExporterSecret,
-                                keylogLabelEarlyExporterSecret,
-                                &ss->ssl3.hs.earlyExporterSecret);
-    if (rv != SECSuccess) {
-        return SECFailure;
+                                &hashes, &ss->ssl3.hs.earlyExporterSecret);
+        if (rv != SECSuccess) {
+            return SECFailure;
+        }
+    } else {
+        PORT_Assert(!ss->ssl3.hs.resumptionMasterSecret);
     }
 
     return SECSuccess;
@@ -1035,7 +780,6 @@ static SECStatus
 tls13_ComputeHandshakeSecrets(sslSocket *ss)
 {
     SECStatus rv;
-    PK11SymKey *derivedSecret = NULL;
     PK11SymKey *newSecret = NULL;
 
     SSL_TRC(5, ("%d: TLS13[%d]: compute handshake secrets (%s)",
@@ -1044,21 +788,8 @@ tls13_ComputeHandshakeSecrets(sslSocket *ss)
     /* First update |currentSecret| to add |dheSecret|, if any. */
     PORT_Assert(ss->ssl3.hs.currentSecret);
     PORT_Assert(ss->ssl3.hs.dheSecret);
-
-    /* Expand before we extract. */
-    rv = tls13_DeriveSecretNullHash(ss, ss->ssl3.hs.currentSecret,
-                                    kHkdfLabelDerivedSecret,
-                                    strlen(kHkdfLabelDerivedSecret),
-                                    &derivedSecret);
-    if (rv != SECSuccess) {
-        LOG_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE);
-        return rv;
-    }
-
-    rv = tls13_HkdfExtract(derivedSecret, ss->ssl3.hs.dheSecret,
+    rv = tls13_HkdfExtract(ss->ssl3.hs.currentSecret, ss->ssl3.hs.dheSecret,
                            tls13_GetHash(ss), &newSecret);
-    PK11_FreeSymKey(derivedSecret);
-
     if (rv != SECSuccess) {
         LOG_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE);
         return rv;
@@ -1069,20 +800,18 @@ tls13_ComputeHandshakeSecrets(sslSocket *ss)
     ss->ssl3.hs.currentSecret = newSecret;
 
     /* Now compute |*HsTrafficSecret| */
-    rv = tls13_DeriveSecretWrap(ss, ss->ssl3.hs.currentSecret,
-                                kHkdfLabelClient,
-                                kHkdfLabelHandshakeTrafficSecret,
-                                keylogLabelClientHsTrafficSecret,
-                                &ss->ssl3.hs.clientHsTrafficSecret);
+    rv = tls13_DeriveSecret(ss, ss->ssl3.hs.currentSecret,
+                            kHkdfLabelClient,
+                            kHkdfLabelHandshakeTrafficSecret, NULL,
+                            &ss->ssl3.hs.clientHsTrafficSecret);
     if (rv != SECSuccess) {
         LOG_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE);
         return rv;
     }
-    rv = tls13_DeriveSecretWrap(ss, ss->ssl3.hs.currentSecret,
-                                kHkdfLabelServer,
-                                kHkdfLabelHandshakeTrafficSecret,
-                                keylogLabelServerHsTrafficSecret,
-                                &ss->ssl3.hs.serverHsTrafficSecret);
+    rv = tls13_DeriveSecret(ss, ss->ssl3.hs.currentSecret,
+                            kHkdfLabelServer,
+                            kHkdfLabelHandshakeTrafficSecret, NULL,
+                            &ss->ssl3.hs.serverHsTrafficSecret);
     if (rv != SECSuccess) {
         LOG_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE);
         return rv;
@@ -1093,19 +822,11 @@ tls13_ComputeHandshakeSecrets(sslSocket *ss)
 
     /* Crank HKDF forward to make master secret, which we
      * stuff in current secret. */
-    rv = tls13_DeriveSecretNullHash(ss, ss->ssl3.hs.currentSecret,
-                                    kHkdfLabelDerivedSecret,
-                                    strlen(kHkdfLabelDerivedSecret),
-                                    &derivedSecret);
-    if (rv != SECSuccess) {
-        LOG_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE);
-        return rv;
-    }
-    rv = tls13_HkdfExtract(derivedSecret,
+    rv = tls13_HkdfExtract(ss->ssl3.hs.currentSecret,
                            NULL,
                            tls13_GetHash(ss),
                            &newSecret);
-    PK11_FreeSymKey(derivedSecret);
+
     if (rv != SECSuccess) {
         LOG_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE);
         return SECFailure;
@@ -1121,27 +842,26 @@ tls13_ComputeApplicationSecrets(sslSocket *ss)
 {
     SECStatus rv;
 
-    rv = tls13_DeriveSecretWrap(ss, ss->ssl3.hs.currentSecret,
-                                kHkdfLabelClient,
-                                kHkdfLabelApplicationTrafficSecret,
-                                keylogLabelClientTrafficSecret,
-                                &ss->ssl3.hs.clientTrafficSecret);
+    rv = tls13_DeriveSecret(ss, ss->ssl3.hs.currentSecret,
+                            kHkdfLabelClient,
+                            kHkdfLabelApplicationTrafficSecret,
+                            NULL,
+                            &ss->ssl3.hs.clientTrafficSecret);
     if (rv != SECSuccess) {
         return SECFailure;
     }
-    rv = tls13_DeriveSecretWrap(ss, ss->ssl3.hs.currentSecret,
-                                kHkdfLabelServer,
-                                kHkdfLabelApplicationTrafficSecret,
-                                keylogLabelServerTrafficSecret,
-                                &ss->ssl3.hs.serverTrafficSecret);
+    rv = tls13_DeriveSecret(ss, ss->ssl3.hs.currentSecret,
+                            kHkdfLabelServer,
+                            kHkdfLabelApplicationTrafficSecret,
+                            NULL,
+                            &ss->ssl3.hs.serverTrafficSecret);
     if (rv != SECSuccess) {
         return SECFailure;
     }
 
-    rv = tls13_DeriveSecretWrap(ss, ss->ssl3.hs.currentSecret,
-                                NULL, kHkdfLabelExporterMasterSecret,
-                                keylogLabelExporterSecret,
-                                &ss->ssl3.hs.exporterSecret);
+    rv = tls13_DeriveSecret(ss, ss->ssl3.hs.currentSecret,
+                            NULL, kHkdfLabelExporterMasterSecret,
+                            NULL, &ss->ssl3.hs.exporterSecret);
     if (rv != SECSuccess) {
         return SECFailure;
     }
@@ -1153,20 +873,30 @@ static SECStatus
 tls13_ComputeFinalSecrets(sslSocket *ss)
 {
     SECStatus rv;
+    PK11SymKey *resumptionMasterSecret = NULL;
 
-    PORT_Assert(!ss->ssl3.crSpec->masterSecret);
-    PORT_Assert(!ss->ssl3.cwSpec->masterSecret);
+    PORT_Assert(!ss->ssl3.crSpec->master_secret);
+    PORT_Assert(!ss->ssl3.cwSpec->master_secret);
 
-    rv = tls13_DeriveSecretWrap(ss, ss->ssl3.hs.currentSecret,
-                                NULL, kHkdfLabelResumptionMasterSecret,
-                                NULL,
-                                &ss->ssl3.hs.resumptionMasterSecret);
+    rv = tls13_DeriveSecret(ss, ss->ssl3.hs.currentSecret,
+                            NULL, kHkdfLabelResumptionMasterSecret,
+                            NULL, &resumptionMasterSecret);
     PK11_FreeSymKey(ss->ssl3.hs.currentSecret);
     ss->ssl3.hs.currentSecret = NULL;
     if (rv != SECSuccess) {
         return SECFailure;
     }
 
+    /* This is pretty gross. TLS 1.3 uses a number of master secrets:
+     * The master secret to generate the keys and then the resumption
+     * master secret for future connections. To make this work without
+     * refactoring too much of the SSLv3 code, we store the RMS in
+     * |crSpec->master_secret| and |cwSpec->master_secret|.
+     */
+    ss->ssl3.crSpec->master_secret = resumptionMasterSecret;
+    ss->ssl3.cwSpec->master_secret =
+        PK11_ReferenceSymKey(ss->ssl3.crSpec->master_secret);
+
     return SECSuccess;
 }
 
@@ -1179,8 +909,6 @@ tls13_RestoreCipherInfo(sslSocket *ss, sslSessionID *sid)
      */
     ss->sec.authType = sid->authType;
     ss->sec.authKeyBits = sid->authKeyBits;
-    ss->sec.originalKeaGroup = ssl_LookupNamedGroup(sid->keaGroup);
-    ss->sec.signatureScheme = sid->sigScheme;
 }
 
 /* Check whether resumption-PSK is allowed. */
@@ -1233,10 +961,6 @@ tls13_CanNegotiateZeroRtt(sslSocket *ss, const sslSessionID *sid)
                             &sid->u.ssl3.alpnSelection) != 0)
         return PR_FALSE;
 
-    if (tls13_IsReplay(ss, sid)) {
-        return PR_FALSE;
-    }
-
     return PR_TRUE;
 }
 
@@ -1322,9 +1046,7 @@ tls13_FindKeyShareEntry(sslSocket *ss, const sslNamedGroupDef *group)
 }
 
 static SECStatus
-tls13_NegotiateKeyExchange(sslSocket *ss,
-                           const sslNamedGroupDef **requestedGroup,
-                           TLS13KeyShareEntry **clientShare)
+tls13_NegotiateKeyExchange(sslSocket *ss, TLS13KeyShareEntry **clientShare)
 {
     unsigned int index;
     TLS13KeyShareEntry *entry = NULL;
@@ -1404,16 +1126,13 @@ tls13_NegotiateKeyExchange(sslSocket *ss,
     SSL_TRC(3, ("%d: TLS13[%d]: group = %d", SSL_GETPID(), ss->fd,
                 preferredGroup->name));
 
-    /* Either provide a share, or provide a group that should be requested in a
-     * HelloRetryRequest, but not both. */
-    if (entry) {
-        PORT_Assert(preferredGroup == entry->group);
-        *clientShare = entry;
-        *requestedGroup = NULL;
-    } else {
-        *clientShare = NULL;
-        *requestedGroup = preferredGroup;
+    if (!entry) {
+        return tls13_SendHelloRetryRequest(ss, preferredGroup);
     }
+
+    PORT_Assert(preferredGroup == entry->group);
+    *clientShare = entry;
+
     return SECSuccess;
 }
 
@@ -1471,8 +1190,8 @@ tls13_SelectServerCert(sslSocket *ss)
         rv = ssl_PickSignatureScheme(ss,
                                      cert->serverKeyPair->pubKey,
                                      cert->serverKeyPair->privKey,
-                                     ss->xtnData.sigSchemes,
-                                     ss->xtnData.numSigSchemes,
+                                     ss->xtnData.clientSigSchemes,
+                                     ss->xtnData.numClientSigScheme,
                                      PR_FALSE);
         if (rv == SECSuccess) {
             /* Found one. */
@@ -1489,62 +1208,6 @@ tls13_SelectServerCert(sslSocket *ss)
     return SECFailure;
 }
 
-/* Note: |requestedGroup| is non-NULL when we send a key_share extension. */
-static SECStatus
-tls13_MaybeSendHelloRetry(sslSocket *ss, const sslNamedGroupDef *requestedGroup,
-                          PRBool *hrrSent)
-{
-    SSLHelloRetryRequestAction action = ssl_hello_retry_accept;
-    PRUint8 token[256] = { 0 };
-    unsigned int tokenLen = 0;
-    SECStatus rv;
-
-    if (ss->hrrCallback) {
-        action = ss->hrrCallback(!ss->ssl3.hs.helloRetry,
-                                 ss->xtnData.applicationToken.data,
-                                 ss->xtnData.applicationToken.len,
-                                 token, &tokenLen, sizeof(token),
-                                 ss->hrrCallbackArg);
-    }
-
-    /* These use SSL3_SendAlert directly to avoid an assertion in
-     * tls13_FatalError(), which is ordinarily OK. */
-    if (action == ssl_hello_retry_request && ss->ssl3.hs.helloRetry) {
-        (void)SSL3_SendAlert(ss, alert_fatal, internal_error);
-        PORT_SetError(SSL_ERROR_APP_CALLBACK_ERROR);
-        return SECFailure;
-    }
-
-    if (action != ssl_hello_retry_request && tokenLen) {
-        (void)SSL3_SendAlert(ss, alert_fatal, internal_error);
-        PORT_SetError(SSL_ERROR_APP_CALLBACK_ERROR);
-        return SECFailure;
-    }
-
-    if (tokenLen > sizeof(token)) {
-        (void)SSL3_SendAlert(ss, alert_fatal, internal_error);
-        PORT_SetError(SSL_ERROR_APP_CALLBACK_ERROR);
-        return SECFailure;
-    }
-
-    if (action == ssl_hello_retry_fail) {
-        FATAL_ERROR(ss, SSL_ERROR_APPLICATION_ABORT, handshake_failure);
-        return SECFailure;
-    }
-
-    if (!requestedGroup && action != ssl_hello_retry_request) {
-        return SECSuccess;
-    }
-
-    rv = tls13_SendHelloRetryRequest(ss, requestedGroup, token, tokenLen);
-    if (rv != SECSuccess) {
-        return SECFailure; /* Code already set. */
-    }
-
-    *hrrSent = PR_TRUE;
-    return SECSuccess;
-}
-
 static SECStatus
 tls13_NegotiateAuthentication(sslSocket *ss)
 {
@@ -1574,19 +1237,13 @@ tls13_NegotiateAuthentication(sslSocket *ss)
 SECStatus
 tls13_HandleClientHelloPart2(sslSocket *ss,
                              const SECItem *suites,
-                             sslSessionID *sid,
-                             const PRUint8 *msg,
-                             unsigned int len)
+                             sslSessionID *sid)
 {
     SECStatus rv;
     SSL3Statistics *ssl3stats = SSL_GetStatistics();
-    const sslNamedGroupDef *requestedGroup = NULL;
     TLS13KeyShareEntry *clientShare = NULL;
-    ssl3CipherSuite previousCipherSuite = 0;
-    const sslNamedGroupDef *previousGroup = NULL;
-    PRBool hrr = PR_FALSE;
-
-    ss->ssl3.hs.endOfFlight = PR_TRUE;
+    int j;
+    ssl3CipherSuite previousCipherSuite;
 
     if (ssl3_ExtensionNegotiated(ss, ssl_tls13_early_data_xtn)) {
         ss->ssl3.hs.zeroRttState = ssl_0rtt_sent;
@@ -1594,59 +1251,24 @@ tls13_HandleClientHelloPart2(sslSocket *ss,
 
 #ifndef PARANOID
     /* Look for a matching cipher suite. */
-    if (ssl3_config_match_init(ss) == 0) { /* no ciphers are working/supported by PK11 */
+    j = ssl3_config_match_init(ss);
+    if (j <= 0) { /* no ciphers are working/supported by PK11 */
         FATAL_ERROR(ss, PORT_GetError(), internal_error);
         goto loser;
     }
 #endif
 
-    /* Negotiate cipher suite. */
+    previousCipherSuite = ss->ssl3.hs.cipher_suite;
     rv = ssl3_NegotiateCipherSuite(ss, suites, PR_FALSE);
     if (rv != SECSuccess) {
         FATAL_ERROR(ss, SSL_ERROR_NO_CYPHER_OVERLAP, handshake_failure);
         goto loser;
     }
-
     /* If we are going around again, then we should make sure that the cipher
      * suite selection doesn't change. That's a sign of client shennanigans. */
-    if (ss->ssl3.hs.helloRetry) {
-
-        /* Update sequence numbers before checking the cookie so that any alerts
-         * we generate are sent with the right sequence numbers. */
-        if (IS_DTLS(ss)) {
-            /* Count the first ClientHello and the HelloRetryRequest. */
-            ss->ssl3.hs.sendMessageSeq = 1;
-            ss->ssl3.hs.recvMessageSeq = 1;
-            ssl_GetSpecWriteLock(ss);
-            /* Increase the write sequence number.  The read sequence number
-             * will be reset after this to early data or handshake. */
-            ss->ssl3.cwSpec->seqNum = 1;
-            ssl_ReleaseSpecWriteLock(ss);
-        }
-
-        if (!ssl3_ExtensionNegotiated(ss, ssl_tls13_cookie_xtn) ||
-            !ss->xtnData.cookie.len) {
-            FATAL_ERROR(ss, SSL_ERROR_MISSING_COOKIE_EXTENSION,
-                        missing_extension);
-            goto loser;
-        }
-        PRINT_BUF(50, (ss, "Client sent cookie",
-                       ss->xtnData.cookie.data, ss->xtnData.cookie.len));
-
-        rv = tls13_RecoverHashState(ss, ss->xtnData.cookie.data,
-                                    ss->xtnData.cookie.len,
-                                    &previousCipherSuite,
-                                    &previousGroup);
-        if (rv != SECSuccess) {
-            FATAL_ERROR(ss, SSL_ERROR_BAD_2ND_CLIENT_HELLO, illegal_parameter);
-            goto loser;
-        }
-    }
-
-    /* Now merge the ClientHello into the hash state. */
-    rv = ssl_HashHandshakeMessage(ss, ssl_hs_client_hello, msg, len);
-    if (rv != SECSuccess) {
-        FATAL_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE, internal_error);
+    if (ss->ssl3.hs.helloRetry &&
+        ss->ssl3.hs.cipher_suite != previousCipherSuite) {
+        FATAL_ERROR(ss, SSL_ERROR_RX_MALFORMED_CLIENT_HELLO, handshake_failure);
         goto loser;
     }
 
@@ -1674,50 +1296,13 @@ tls13_HandleClientHelloPart2(sslSocket *ss,
     }
 
     /* Select key exchange. */
-    rv = tls13_NegotiateKeyExchange(ss, &requestedGroup, &clientShare);
+    rv = tls13_NegotiateKeyExchange(ss, &clientShare);
     if (rv != SECSuccess) {
         goto loser;
     }
-    /* We should get either one of these, but not both. */
-    PORT_Assert((requestedGroup && !clientShare) ||
-                (!requestedGroup && clientShare));
 
-    /* After HelloRetryRequest, check consistency of cipher and group. */
-    if (ss->ssl3.hs.helloRetry) {
-        PORT_Assert(previousCipherSuite);
-        if (ss->ssl3.hs.cipher_suite != previousCipherSuite) {
-            FATAL_ERROR(ss, SSL_ERROR_BAD_2ND_CLIENT_HELLO,
-                        illegal_parameter);
-            goto loser;
-        }
-        if (!clientShare) {
-            FATAL_ERROR(ss, SSL_ERROR_BAD_2ND_CLIENT_HELLO,
-                        illegal_parameter);
-            goto loser;
-        }
-
-        /* If we requested a new key share, check that the client provided just
-         * one of the right type. */
-        if (previousGroup) {
-            if (PR_PREV_LINK(&ss->xtnData.remoteKeyShares) !=
-                PR_NEXT_LINK(&ss->xtnData.remoteKeyShares)) {
-                FATAL_ERROR(ss, SSL_ERROR_BAD_2ND_CLIENT_HELLO,
-                            illegal_parameter);
-                goto loser;
-            }
-            if (clientShare->group != previousGroup) {
-                FATAL_ERROR(ss, SSL_ERROR_BAD_2ND_CLIENT_HELLO,
-                            illegal_parameter);
-                goto loser;
-            }
-        }
-    }
-
-    rv = tls13_MaybeSendHelloRetry(ss, requestedGroup, &hrr);
-    if (rv != SECSuccess) {
-        goto loser;
-    }
-    if (hrr) {
+    /* If we didn't find a client key share, we have to retry. */
+    if (!clientShare) {
         if (sid) { /* Free the sid. */
             ss->sec.uncache(sid);
             ssl_FreeSID(sid);
@@ -1788,17 +1373,14 @@ tls13_HandleClientHelloPart2(sslSocket *ss,
     if (ss->statelessResume) {
         SSL3Hashes hashes;
 
-        PORT_Assert(ss->ssl3.hs.messages.len > ss->xtnData.pskBindersLen);
-        rv = tls13_ComputePskBinderHash(
-            ss,
-            ss->ssl3.hs.messages.len - ss->xtnData.pskBindersLen,
-            &hashes);
+        rv = tls13_ComputePskBinderHash(ss, ss->xtnData.pskBinderPrefixLen,
+                                        &hashes);
         if (rv != SECSuccess) {
             FATAL_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE, internal_error);
             goto loser;
         }
 
-        rv = tls13_VerifyFinished(ss, ssl_hs_client_hello,
+        rv = tls13_VerifyFinished(ss, client_hello,
                                   ss->ssl3.hs.pskBinderKey,
                                   ss->xtnData.pskBinder.data,
                                   ss->xtnData.pskBinder.len,
@@ -1847,7 +1429,11 @@ tls13_HandleClientHelloPart2(sslSocket *ss,
     sid = NULL;
 
     if (ss->ssl3.hs.zeroRttState == ssl_0rtt_accepted) {
-        rv = tls13_DeriveEarlySecrets(ss);
+        rv = tls13_DeriveSecret(ss, ss->ssl3.hs.currentSecret,
+                                kHkdfLabelClient,
+                                kHkdfLabelEarlyTrafficSecret,
+                                NULL, /* Current running hash. */
+                                &ss->ssl3.hs.clientEarlyTrafficSecret);
         if (rv != SECSuccess) {
             FATAL_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE, internal_error);
             return SECFailure;
@@ -1872,143 +1458,70 @@ loser:
     return SECFailure;
 }
 
-SECStatus
-SSLExp_HelloRetryRequestCallback(PRFileDesc *fd,
-                                 SSLHelloRetryRequestCallback cb, void *arg)
+static SECStatus
+tls13_SendHelloRetryRequest(sslSocket *ss, const sslNamedGroupDef *selectedGroup)
 {
-    sslSocket *ss = ssl_FindSocket(fd);
-    if (!ss) {
-        return SECFailure; /* Code already set. */
-    }
+    SECStatus rv;
 
-    ss->hrrCallback = cb;
-    ss->hrrCallbackArg = arg;
-    return SECSuccess;
-}
+    SSL_TRC(3, ("%d: TLS13[%d]: send hello retry request handshake",
+                SSL_GETPID(), ss->fd));
 
-/*
- * struct {
- *     ProtocolVersion server_version;
- *     CipherSuite cipher_suite;
- *     Extension extensions<2..2^16-1>;
- * } HelloRetryRequest;
- *
- * Note: this function takes an empty buffer and returns
- * a non-empty one on success, in which case the caller must
- * eventually clean up.
- */
-SECStatus
-tls13_ConstructHelloRetryRequest(sslSocket *ss,
-                                 ssl3CipherSuite cipherSuite,
-                                 const sslNamedGroupDef *selectedGroup,
-                                 PRUint8 *cookie, unsigned int cookieLen,
-                                 sslBuffer *buffer)
-{
-    SECStatus rv;
-    sslBuffer extensionsBuf = SSL_BUFFER_EMPTY;
-    PORT_Assert(buffer->len == 0);
-
-    /* Note: cookie is pointing to a stack variable, so is only valid
-     * now. */
-    ss->xtnData.selectedGroup = selectedGroup;
-    ss->xtnData.cookie.data = cookie;
-    ss->xtnData.cookie.len = cookieLen;
-    rv = ssl_ConstructExtensions(ss, &extensionsBuf,
-                                 ssl_hs_hello_retry_request);
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+
+    /* We asked already, but made no progress. */
+    if (ss->ssl3.hs.helloRetry) {
+        FATAL_ERROR(ss, SSL_ERROR_BAD_2ND_CLIENT_HELLO, illegal_parameter);
+        return SECFailure;
+    }
+
+    ssl_GetXmitBufLock(ss);
+    rv = ssl3_AppendHandshakeHeader(ss, hello_retry_request,
+                                    2 +     /* version */
+                                        2 + /* extension length */
+                                        2 + /* group extension id */
+                                        2 + /* group extension length */
+                                        2 /* group */);
     if (rv != SECSuccess) {
+        FATAL_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE, internal_error);
         goto loser;
     }
-    /* These extensions can't be empty. */
-    PORT_Assert(SSL_BUFFER_LEN(&extensionsBuf) > 0);
 
-    /* Clean up cookie so we're not pointing at random memory. */
-    ss->xtnData.cookie.data = NULL;
-    ss->xtnData.cookie.len = 0;
-
-    rv = ssl_ConstructServerHello(ss, PR_TRUE, &extensionsBuf, buffer);
+    rv = ssl3_AppendHandshakeNumber(
+        ss, tls13_EncodeDraftVersion(ss->version), 2);
     if (rv != SECSuccess) {
+        FATAL_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE, internal_error);
         goto loser;
     }
-    sslBuffer_Clear(&extensionsBuf);
-    return SECSuccess;
-
-loser:
-    sslBuffer_Clear(&extensionsBuf);
-    sslBuffer_Clear(buffer);
-    return SECFailure;
-}
-
-static SECStatus
-tls13_SendHelloRetryRequest(sslSocket *ss,
-                            const sslNamedGroupDef *requestedGroup,
-                            const PRUint8 *appToken, unsigned int appTokenLen)
-{
-    SECStatus rv;
-    unsigned int cookieLen;
-    PRUint8 cookie[1024];
-    sslBuffer messageBuf = SSL_BUFFER_EMPTY;
 
-    SSL_TRC(3, ("%d: TLS13[%d]: send hello retry request handshake",
-                SSL_GETPID(), ss->fd));
-
-    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-
-    /* Compute the cookie we are going to need. */
-    rv = tls13_MakeHrrCookie(ss, requestedGroup,
-                             appToken, appTokenLen,
-                             cookie, &cookieLen, sizeof(cookie));
+    /* Length of extensions. */
+    rv = ssl3_AppendHandshakeNumber(ss, 2 + 2 + 2, 2);
     if (rv != SECSuccess) {
         FATAL_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE, internal_error);
-        return SECFailure;
+        goto loser;
     }
 
-    /* Now build the body of the message. */
-    rv = tls13_ConstructHelloRetryRequest(ss, ss->ssl3.hs.cipher_suite,
-                                          requestedGroup,
-                                          cookie, cookieLen, &messageBuf);
+    /* Key share extension - currently the only reason we send this. */
+    rv = ssl3_AppendHandshakeNumber(ss, ssl_tls13_key_share_xtn, 2);
     if (rv != SECSuccess) {
         FATAL_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE, internal_error);
-        return SECFailure;
+        goto loser;
     }
-
-    /* And send it. */
-    ssl_GetXmitBufLock(ss);
-    rv = ssl3_AppendHandshakeHeader(ss, ssl_hs_server_hello,
-                                    SSL_BUFFER_LEN(&messageBuf));
+    /* Key share extension length. */
+    rv = ssl3_AppendHandshakeNumber(ss, 2, 2);
     if (rv != SECSuccess) {
+        FATAL_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE, internal_error);
         goto loser;
     }
-    rv = ssl3_AppendBufferToHandshake(ss, &messageBuf);
+    rv = ssl3_AppendHandshakeNumber(ss, selectedGroup->name, 2);
     if (rv != SECSuccess) {
+        FATAL_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE, internal_error);
         goto loser;
     }
-    sslBuffer_Clear(&messageBuf); /* Done with messageBuf */
-
-    if (ss->ssl3.hs.fakeSid.len) {
-        PRInt32 sent;
 
-        PORT_Assert(!IS_DTLS(ss));
-        rv = ssl3_SendChangeCipherSpecsInt(ss);
-        if (rv != SECSuccess) {
-            goto loser;
-        }
-        /* ssl3_SendChangeCipherSpecsInt() only flushes to the output buffer, so we
-         * have to force a send. */
-        sent = ssl_SendSavedWriteData(ss);
-        if (sent < 0 && PORT_GetError() != PR_WOULD_BLOCK_ERROR) {
-            PORT_SetError(SSL_ERROR_SOCKET_WRITE_FAILURE);
-            goto loser;
-        }
-    } else {
-        rv = ssl3_FlushHandshake(ss, 0);
-        if (rv != SECSuccess) {
-            goto loser; /* error code set by ssl3_FlushHandshake */
-        }
+    rv = ssl3_FlushHandshake(ss, 0);
+    if (rv != SECSuccess) {
+        goto loser; /* error code set by ssl3_FlushHandshake */
     }
-
-    /* We depend on this being exactly one record and one message. */
-    PORT_Assert(!IS_DTLS(ss) || (ss->ssl3.hs.sendMessageSeq == 1 &&
-                                 ss->ssl3.cwSpec->seqNum == 1));
     ssl_ReleaseXmitBufLock(ss);
 
     ss->ssl3.hs.helloRetry = PR_TRUE;
@@ -2022,7 +1535,6 @@ tls13_SendHelloRetryRequest(sslSocket *ss,
     return SECSuccess;
 
 loser:
-    sslBuffer_Clear(&messageBuf);
     ssl_ReleaseXmitBufLock(ss);
     return SECFailure;
 }
@@ -2094,96 +1606,67 @@ static SECStatus
 tls13_SendCertificateRequest(sslSocket *ss)
 {
     SECStatus rv;
-    sslBuffer extensionBuf = SSL_BUFFER_EMPTY;
+    unsigned int calen;
+    SECItem *names;
+    unsigned int nnames;
+    SECItem *name;
+    int i;
+    PRUint8 sigSchemes[MAX_SIGNATURE_SCHEMES * 2];
+    unsigned int sigSchemesLength = 0;
+    int length;
 
     SSL_TRC(3, ("%d: TLS13[%d]: begin send certificate_request",
                 SSL_GETPID(), ss->fd));
 
-    rv = ssl_ConstructExtensions(ss, &extensionBuf, ssl_hs_certificate_request);
+    rv = ssl3_EncodeSigAlgs(ss, sigSchemes, sizeof(sigSchemes),
+                            &sigSchemesLength);
     if (rv != SECSuccess) {
-        return SECFailure; /* Code already set. */
+        return rv;
     }
-    /* We should always have at least one of these. */
-    PORT_Assert(SSL_BUFFER_LEN(&extensionBuf) > 0);
 
-    rv = ssl3_AppendHandshakeHeader(ss, ssl_hs_certificate_request,
-                                    1 + 0 + /* empty request context */
-                                        2 + /* extension length */
-                                        SSL_BUFFER_LEN(&extensionBuf));
+    rv = ssl_GetCertificateRequestCAs(ss, &calen, &names, &nnames);
     if (rv != SECSuccess) {
-        goto loser; /* err set by AppendHandshake. */
+        return rv;
     }
+    length = 1 + 0 /* length byte for empty request context */ +
+             2 + sigSchemesLength + 2 + calen + 2;
 
-    /* Context. */
+    rv = ssl3_AppendHandshakeHeader(ss, certificate_request, length);
+    if (rv != SECSuccess) {
+        return rv; /* err set by AppendHandshake. */
+    }
     rv = ssl3_AppendHandshakeNumber(ss, 0, 1);
     if (rv != SECSuccess) {
-        goto loser; /* err set by AppendHandshake. */
+        return rv; /* err set by AppendHandshake. */
     }
-    /* Extensions. */
-    rv = ssl3_AppendBufferToHandshakeVariable(ss, &extensionBuf, 2);
+    rv = ssl3_AppendHandshakeVariable(ss, sigSchemes, sigSchemesLength, 2);
     if (rv != SECSuccess) {
-        goto loser; /* err set by AppendHandshake. */
+        return rv; /* err set by AppendHandshake. */
     }
-
-    sslBuffer_Clear(&extensionBuf);
-    return SECSuccess;
-
-loser:
-    sslBuffer_Clear(&extensionBuf);
-    return SECFailure;
-}
-
-/* [draft-ietf-tls-tls13; S 4.4.1] says:
- *
- *     Transcript-Hash(ClientHello1, HelloRetryRequest, ... MN) =
- *      Hash(message_hash ||        // Handshake type
- *           00 00 Hash.length ||   // Handshake message length
- *           Hash(ClientHello1) ||  // Hash of ClientHello1
- *           HelloRetryRequest ... MN)
- */
-static SECStatus
-tls13_ReinjectHandshakeTranscript(sslSocket *ss)
-{
-    SSL3Hashes hashes;
-    SECStatus rv;
-
-    // First compute the hash.
-    rv = tls13_ComputeHash(ss, &hashes,
-                           ss->ssl3.hs.messages.buf,
-                           ss->ssl3.hs.messages.len);
+    rv = ssl3_AppendHandshakeNumber(ss, calen, 2);
     if (rv != SECSuccess) {
-        return SECFailure;
+        return rv; /* err set by AppendHandshake. */
     }
-
-    // Now re-init the handshake.
-    ssl3_RestartHandshakeHashes(ss);
-
-    // And reinject the message.
-    rv = ssl_HashHandshakeMessage(ss, ssl_hs_message_hash,
-                                  hashes.u.raw, hashes.len);
+    for (i = 0, name = names; i < nnames; i++, name++) {
+        rv = ssl3_AppendHandshakeVariable(ss, name->data, name->len, 2);
+        if (rv != SECSuccess) {
+            return rv; /* err set by AppendHandshake. */
+        }
+    }
+    rv = ssl3_AppendHandshakeNumber(ss, 0, 2);
     if (rv != SECSuccess) {
-        return SECFailure;
+        return rv; /* err set by AppendHandshake. */
     }
 
     return SECSuccess;
 }
 
-static unsigned int
-ssl_ListCount(PRCList *list)
-{
-    unsigned int c = 0;
-    PRCList *cur;
-    for (cur = PR_NEXT_LINK(list); cur != list; cur = PR_NEXT_LINK(cur)) {
-        ++c;
-    }
-    return c;
-}
-
 SECStatus
-tls13_HandleHelloRetryRequest(sslSocket *ss, const PRUint8 *savedMsg,
-                              PRUint32 savedLength)
+tls13_HandleHelloRetryRequest(sslSocket *ss, PRUint8 *b, PRUint32 length)
 {
     SECStatus rv;
+    PRUint32 tmp;
+    SSL3ProtocolVersion version;
 
     SSL_TRC(3, ("%d: TLS13[%d]: handle hello retry request",
                 SSL_GETPID(), ss->fd));
@@ -2196,77 +1679,84 @@ tls13_HandleHelloRetryRequest(sslSocket *ss, const PRUint8 *savedMsg,
                     unexpected_message);
         return SECFailure;
     }
-    PORT_Assert(ss->ssl3.hs.ws == wait_server_hello);
+
+    /* Client only. */
+    rv = TLS13_CHECK_HS_STATE(ss, SSL_ERROR_RX_UNEXPECTED_HELLO_RETRY_REQUEST,
+                              wait_server_hello);
+    if (rv != SECSuccess) {
+        return SECFailure;
+    }
+
+    /* Fool me once, shame on you; fool me twice... */
+    if (ss->ssl3.hs.helloRetry) {
+        FATAL_ERROR(ss, SSL_ERROR_RX_UNEXPECTED_HELLO_RETRY_REQUEST,
+                    unexpected_message);
+        return SECFailure;
+    }
 
     if (ss->ssl3.hs.zeroRttState == ssl_0rtt_sent) {
         ss->ssl3.hs.zeroRttState = ssl_0rtt_ignored;
         /* Restore the null cipher spec for writing. */
         ssl_GetSpecWriteLock(ss);
-        ssl_CipherSpecRelease(ss->ssl3.cwSpec);
-        ss->ssl3.cwSpec = ssl_FindCipherSpecByEpoch(ss, CipherSpecWrite,
-                                                    TrafficKeyClearText);
-        PORT_Assert(ss->ssl3.cwSpec);
+        tls13_CipherSpecRelease(ss->ssl3.cwSpec);
+        ss->ssl3.cwSpec = ss->ssl3.crSpec;
+        PORT_Assert(ss->ssl3.cwSpec->cipher_def->cipher == cipher_null);
         ssl_ReleaseSpecWriteLock(ss);
     } else {
         PORT_Assert(ss->ssl3.hs.zeroRttState == ssl_0rtt_none);
     }
 
-    /* Extensions must contain more than just supported_versions.  This will
-     * ensure that a HelloRetryRequest isn't a no-op: we must have at least two
-     * extensions, supported_versions plus one other.  That other must be one
-     * that we understand and recognize as being valid for HelloRetryRequest,
-     * and all the extensions we permit cause us to modify our second
-     * ClientHello in some meaningful way. */
-    if (ssl_ListCount(&ss->ssl3.hs.remoteExtensions) <= 1) {
+    /* Version. */
+    rv = ssl_ClientReadVersion(ss, &b, &length, &version);
+    if (rv != SECSuccess) {
+        return SECFailure; /* alert already sent */
+    }
+    if (version > ss->vrange.max || version < SSL_LIBRARY_VERSION_TLS_1_3) {
         FATAL_ERROR(ss, SSL_ERROR_RX_MALFORMED_HELLO_RETRY_REQUEST,
-                    decode_error);
+                    protocol_version);
         return SECFailure;
     }
 
-    rv = ssl3_HandleParsedExtensions(ss, ssl_hs_hello_retry_request);
-    ssl3_DestroyRemoteExtensions(&ss->ssl3.hs.remoteExtensions);
+    /* Extensions. */
+    rv = ssl3_ConsumeHandshakeNumber(ss, &tmp, 2, &b, &length);
     if (rv != SECSuccess) {
-        return SECFailure; /* Error code set below */
+        return SECFailure; /* error code already set */
     }
-
-    ss->ssl3.hs.helloRetry = PR_TRUE;
-    rv = tls13_ReinjectHandshakeTranscript(ss);
-    if (rv != SECSuccess) {
-        return rv;
+    /* Extensions must be non-empty and use the remainder of the message.
+     * This means that a HelloRetryRequest cannot be a no-op: we must have an
+     * extension, it must be one that we understand and recognize as being valid
+     * for HelloRetryRequest, and all the extensions we permit cause us to
+     * modify our ClientHello in some way. */
+    if (!tmp || tmp != length) {
+        FATAL_ERROR(ss, SSL_ERROR_RX_MALFORMED_HELLO_RETRY_REQUEST,
+                    decode_error);
+        return SECFailure;
     }
 
-    rv = ssl_HashHandshakeMessage(ss, ssl_hs_server_hello,
-                                  savedMsg, savedLength);
+    rv = ssl3_HandleExtensions(ss, &b, &length, hello_retry_request);
     if (rv != SECSuccess) {
-        return SECFailure;
+        return SECFailure; /* Error code set below */
     }
 
+    ss->ssl3.hs.helloRetry = PR_TRUE;
+
     ssl_GetXmitBufLock(ss);
-    if (ss->opt.enableTls13CompatMode && !IS_DTLS(ss) &&
-        ss->ssl3.hs.zeroRttState == ssl_0rtt_none) {
-        rv = ssl3_SendChangeCipherSpecsInt(ss);
-        if (rv != SECSuccess) {
-            goto loser;
-        }
-    }
     rv = ssl3_SendClientHello(ss, client_hello_retry);
+    ssl_ReleaseXmitBufLock(ss);
     if (rv != SECSuccess) {
-        goto loser;
+        return SECFailure;
     }
 
-    ssl_ReleaseXmitBufLock(ss);
     return SECSuccess;
-
-loser:
-    ssl_ReleaseXmitBufLock(ss);
-    return SECFailure;
 }
 
 static SECStatus
 tls13_HandleCertificateRequest(sslSocket *ss, PRUint8 *b, PRUint32 length)
 {
     SECStatus rv;
+    TLS13CertificateRequest *certRequest = NULL;
     SECItem context = { siBuffer, NULL, 0 };
+    PLArenaPool *arena;
     SECItem extensionsData = { siBuffer, NULL, 0 };
 
     SSL_TRC(3, ("%d: TLS13[%d]: handle certificate_request sequence",
@@ -2285,51 +1775,71 @@ tls13_HandleCertificateRequest(sslSocket *ss, PRUint8 *b, PRUint32 length)
     PORT_Assert(ss->ssl3.clientCertChain == NULL);
     PORT_Assert(ss->ssl3.clientCertificate == NULL);
     PORT_Assert(ss->ssl3.clientPrivateKey == NULL);
-    PORT_Assert(!ss->ssl3.hs.clientCertRequested);
+    PORT_Assert(ss->ssl3.hs.certificateRequest == NULL);
 
-    rv = ssl3_ConsumeHandshakeVariable(ss, &context, 1, &b, &length);
-    if (rv != SECSuccess) {
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (!arena) {
+        FATAL_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE, internal_error);
         return SECFailure;
     }
 
+    rv = ssl3_ConsumeHandshakeVariable(ss, &context, 1, &b, &length);
+    if (rv != SECSuccess)
+        goto loser;
+
     /* We don't support post-handshake client auth, the certificate request
-     * context must always be empty. */
+     * context must always be null. */
     if (context.len > 0) {
         FATAL_ERROR(ss, SSL_ERROR_RX_MALFORMED_CERT_REQUEST, illegal_parameter);
-        return SECFailure;
+        goto loser;
     }
 
-    rv = ssl3_ConsumeHandshakeVariable(ss, &extensionsData, 2, &b, &length);
-    if (rv != SECSuccess) {
-        return SECFailure;
+    certRequest = PORT_ArenaZNew(arena, TLS13CertificateRequest);
+    if (!certRequest)
+        goto loser;
+    certRequest->arena = arena;
+    certRequest->ca_list.arena = arena;
+
+    rv = ssl_ParseSignatureSchemes(ss, arena,
+                                   &certRequest->signatureSchemes,
+                                   &certRequest->signatureSchemeCount,
+                                   &b, &length);
+    if (rv != SECSuccess || certRequest->signatureSchemeCount == 0) {
+        FATAL_ERROR(ss, SSL_ERROR_RX_MALFORMED_CERT_REQUEST,
+                    decode_error);
+        goto loser;
     }
 
-    if (length) {
-        FATAL_ERROR(ss, SSL_ERROR_RX_MALFORMED_CERT_REQUEST, decode_error);
-        return SECFailure;
-    }
+    rv = ssl3_ParseCertificateRequestCAs(ss, &b, &length, arena,
+                                         &certRequest->ca_list);
+    if (rv != SECSuccess)
+        goto loser; /* alert already sent */
 
-    /* Process all the extensions. */
-    rv = ssl3_HandleExtensions(ss, &extensionsData.data, &extensionsData.len,
-                               ssl_hs_certificate_request);
+    /* Verify that the extensions are sane. */
+    rv = ssl3_ConsumeHandshakeVariable(ss, &extensionsData, 2, &b, &length);
     if (rv != SECSuccess) {
-        return SECFailure;
-    }
-
-    if (!ss->xtnData.numSigSchemes) {
-        FATAL_ERROR(ss, SSL_ERROR_MISSING_SIGNATURE_ALGORITHMS_EXTENSION,
-                    missing_extension);
-        return SECFailure;
+        goto loser;
     }
 
-    rv = SECITEM_CopyItem(NULL, &ss->xtnData.certReqContext, &context);
+    /* Process all the extensions (note: currently a no-op). */
+    rv = ssl3_HandleExtensions(ss, &extensionsData.data, &extensionsData.len,
+                               certificate_request);
     if (rv != SECSuccess) {
-        return SECFailure;
+        goto loser;
     }
 
-    ss->ssl3.hs.clientCertRequested = PR_TRUE;
+    rv = SECITEM_CopyItem(arena, &certRequest->context, &context);
+    if (rv != SECSuccess)
+        goto loser;
+
     TLS13_SET_HS_STATE(ss, wait_server_cert);
+    ss->ssl3.hs.certificateRequest = certRequest;
+
     return SECSuccess;
+
+loser:
+    PORT_FreeArena(arena, PR_FALSE);
+    return SECFailure;
 }
 
 static SECStatus
@@ -2349,10 +1859,12 @@ tls13_SendEncryptedServerSequence(sslSocket *ss)
         return SECFailure;
     }
 
+    ss->ssl3.hs.shortHeaders = ssl3_ExtensionNegotiated(
+        ss, ssl_tls13_short_header_xtn);
+
     if (ss->ssl3.hs.zeroRttState == ssl_0rtt_accepted) {
-        rv = ssl3_RegisterExtensionSender(ss, &ss->xtnData,
-                                          ssl_tls13_early_data_xtn,
-                                          ssl_SendEmptyExtension);
+        rv = ssl3_RegisterExtensionSender(ss, &ss->xtnData, ssl_tls13_early_data_xtn,
+                                          tls13_ServerSendEarlyDataXtn);
         if (rv != SECSuccess) {
             return SECFailure; /* Error code set already. */
         }
@@ -2405,29 +1917,11 @@ tls13_SendServerHelloSequence(sslSocket *ss)
     PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
     PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
 
-    rv = ssl3_RegisterExtensionSender(ss, &ss->xtnData,
-                                      ssl_tls13_supported_versions_xtn,
-                                      tls13_ServerSendSupportedVersionsXtn);
-    if (rv != SECSuccess) {
-        return SECFailure;
-    }
-
     rv = ssl3_SendServerHello(ss);
     if (rv != SECSuccess) {
         return rv; /* err code is set. */
     }
 
-    if (ss->ssl3.hs.fakeSid.len) {
-        PORT_Assert(!IS_DTLS(ss));
-        SECITEM_FreeItem(&ss->ssl3.hs.fakeSid, PR_FALSE);
-        if (!ss->ssl3.hs.helloRetry) {
-            rv = ssl3_SendChangeCipherSpecsInt(ss);
-            if (rv != SECSuccess) {
-                return rv;
-            }
-        }
-    }
-
     rv = tls13_SendEncryptedServerSequence(ss);
     if (rv != SECSuccess) {
         err = PORT_GetError();
@@ -2459,18 +1953,14 @@ tls13_SendServerHelloSequence(sslSocket *ss)
         return SECFailure;
     }
 
-    if (IS_DTLS(ss)) {
-        /* We need this for reading ACKs. */
-        ssl_CipherSpecAddRef(ss->ssl3.crSpec);
-    }
     if (ss->ssl3.hs.zeroRttState == ssl_0rtt_accepted) {
-        rv = tls13_SetCipherSpec(ss, TrafficKeyEarlyApplicationData,
+        rv = tls13_SetCipherSpec(ss,
+                                 TrafficKeyEarlyApplicationData,
                                  CipherSpecRead, PR_TRUE);
         if (rv != SECSuccess) {
             LOG_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE);
             return SECFailure;
         }
-        TLS13_SET_HS_STATE(ss, wait_end_of_early_data);
     } else {
         PORT_Assert(ss->ssl3.hs.zeroRttState == ssl_0rtt_none ||
                     ss->ssl3.hs.zeroRttState == ssl_0rtt_ignored);
@@ -2482,12 +1972,11 @@ tls13_SendServerHelloSequence(sslSocket *ss)
             LOG_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE);
             return SECFailure;
         }
-        TLS13_SET_HS_STATE(ss,
-                           ss->opt.requestCertificate ? wait_client_cert
-                                                      : wait_finished);
     }
 
-    ss->ssl3.hs.serverHelloTime = ssl_TimeUsec();
+    TLS13_SET_HS_STATE(ss,
+                       ss->opt.requestCertificate ? wait_client_cert
+                                                  : wait_finished);
     return SECSuccess;
 }
 
@@ -2534,7 +2023,7 @@ tls13_HandleServerHelloPart2(sslSocket *ss)
         SSL_AtomicIncrementLong(&ssl3stats->hsh_sid_stateless_resumes);
     } else {
         /* !PSK */
-        if (ssl3_ExtensionAdvertised(ss, ssl_tls13_pre_shared_key_xtn)) {
+        if (ssl3_ClientExtensionAdvertised(ss, ssl_tls13_pre_shared_key_xtn)) {
             SSL_AtomicIncrementLong(&ssl3stats->hsh_sid_cache_misses);
         }
         if (sid->cached == in_client_cache) {
@@ -2579,12 +2068,8 @@ tls13_HandleServerHelloPart2(sslSocket *ss)
         return SECFailure; /* error code is set. */
     }
 
-    if (ss->ssl3.hs.zeroRttState == ssl_0rtt_sent) {
-        /* When we send 0-RTT, we saved the null spec in case we needed it to
-         * send another ClientHello in response to a HelloRetryRequest.  Now
-         * that we won't be receiving a HelloRetryRequest, release the spec. */
-        ssl_CipherSpecReleaseByEpoch(ss, CipherSpecWrite, TrafficKeyClearText);
-    }
+    ss->ssl3.hs.shortHeaders = ssl3_ExtensionNegotiated(
+        ss, ssl_tls13_short_header_xtn);
 
     rv = tls13_SetCipherSpec(ss, TrafficKeyHandshake,
                              CipherSpecRead, PR_FALSE);
@@ -2686,7 +2171,8 @@ tls13_SendCertificate(sslSocket *ss)
     int certChainLen = 0;
     int i;
     SECItem context = { siBuffer, NULL, 0 };
-    sslBuffer extensionBuf = SSL_BUFFER_EMPTY;
+    PRInt32 extensionsLen = 0;
+    PRUint32 maxBytes = 65535;
 
     SSL_TRC(3, ("%d: TLS1.3[%d]: send certificate handshake",
                 SSL_GETPID(), ss->fd));
@@ -2709,28 +2195,26 @@ tls13_SendCertificate(sslSocket *ss)
         ss->sec.localCert = CERT_DupCertificate(ss->ssl3.clientCertificate);
     }
 
+    /* Get the extensions length. This only applies to the leaf cert,
+     * because we don't yet send extensions for non-leaf certs. */
+    extensionsLen = ssl3_CallHelloExtensionSenders(
+        ss, PR_FALSE, maxBytes, &ss->xtnData.certificateSenders[0]);
+
     if (!ss->sec.isServer) {
-        PORT_Assert(ss->ssl3.hs.clientCertRequested);
-        context = ss->xtnData.certReqContext;
+        PORT_Assert(ss->ssl3.hs.certificateRequest);
+        context = ss->ssl3.hs.certificateRequest->context;
     }
     if (certChain) {
         for (i = 0; i < certChain->len; i++) {
-            /* Each cert is 3 octet length, cert, and extensions */
-            certChainLen += 3 + certChain->certs[i].len + 2;
-        }
-
-        /* Build the extensions. This only applies to the leaf cert, because we
-         * don't yet send extensions for non-leaf certs. */
-        rv = ssl_ConstructExtensions(ss, &extensionBuf, ssl_hs_certificate);
-        if (rv != SECSuccess) {
-            return SECFailure; /* code already set */
+            certChainLen +=
+                3 + certChain->certs[i].len + /* cert length + cert */
+                2 + (!i ? extensionsLen : 0); /* extensions length + extensions */
         }
-        /* extensionBuf.len is only added once, for the leaf cert. */
-        certChainLen += SSL_BUFFER_LEN(&extensionBuf);
     }
 
-    rv = ssl3_AppendHandshakeHeader(ss, ssl_hs_certificate,
-                                    1 + context.len + 3 + certChainLen);
+    rv = ssl3_AppendHandshakeHeader(ss, certificate,
+                                    1 + context.len +
+                                        3 + certChainLen);
     if (rv != SECSuccess) {
         return SECFailure; /* err set by AppendHandshake. */
     }
@@ -2738,44 +2222,50 @@ tls13_SendCertificate(sslSocket *ss)
     rv = ssl3_AppendHandshakeVariable(ss, context.data,
                                       context.len, 1);
     if (rv != SECSuccess) {
-        goto loser; /* err set by AppendHandshake. */
+        return SECFailure; /* err set by AppendHandshake. */
     }
 
     rv = ssl3_AppendHandshakeNumber(ss, certChainLen, 3);
     if (rv != SECSuccess) {
-        goto loser; /* err set by AppendHandshake. */
+        return SECFailure; /* err set by AppendHandshake. */
     }
     if (certChain) {
         for (i = 0; i < certChain->len; i++) {
+            PRInt32 sentLen;
+
             rv = ssl3_AppendHandshakeVariable(ss, certChain->certs[i].data,
                                               certChain->certs[i].len, 3);
             if (rv != SECSuccess) {
-                goto loser; /* err set by AppendHandshake. */
+                return SECFailure; /* err set by AppendHandshake. */
             }
 
             if (i) {
                 /* Not end-entity. */
                 rv = ssl3_AppendHandshakeNumber(ss, 0, 2);
                 if (rv != SECSuccess) {
-                    goto loser; /* err set by AppendHandshake. */
+                    return SECFailure; /* err set by AppendHandshake. */
                 }
                 continue;
             }
 
             /* End-entity, send extensions. */
-            rv = ssl3_AppendBufferToHandshakeVariable(ss, &extensionBuf, 2);
+            rv = ssl3_AppendHandshakeNumber(ss, extensionsLen, 2);
             if (rv != SECSuccess) {
-                goto loser; /* err set by AppendHandshake. */
+                return SECFailure; /* err set by AppendHandshake. */
+            }
+
+            sentLen = ssl3_CallHelloExtensionSenders(
+                ss, PR_TRUE, extensionsLen,
+                &ss->xtnData.certificateSenders[0]);
+            PORT_Assert(sentLen == extensionsLen);
+            if (sentLen != extensionsLen) {
+                LOG_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE);
+                return SECFailure;
             }
         }
     }
 
-    sslBuffer_Clear(&extensionBuf);
     return SECSuccess;
-
-loser:
-    sslBuffer_Clear(&extensionBuf);
-    return SECFailure;
 }
 
 static SECStatus
@@ -2803,7 +2293,7 @@ tls13_HandleCertificateEntry(sslSocket *ss, SECItem *data, PRBool first,
     if (first && !ss->sec.isServer) {
         rv = ssl3_HandleExtensions(ss, &extensionsData.data,
                                    &extensionsData.len,
-                                   ssl_hs_certificate);
+                                   certificate);
         if (rv != SECSuccess) {
             return SECFailure;
         }
@@ -2861,11 +2351,6 @@ tls13_HandleCertificate(sslSocket *ss, PRUint8 *b, PRUint32 length)
     if (rv != SECSuccess)
         return SECFailure;
 
-    /* We can ignore any other cleartext from the client. */
-    if (ss->sec.isServer && IS_DTLS(ss)) {
-        ssl_CipherSpecReleaseByEpoch(ss, CipherSpecRead, TrafficKeyClearText);
-        dtls_ReceivedFirstMessageInFlight(ss);
-    }
     /* Process the context string */
     rv = ssl3_ConsumeHandshakeVariable(ss, &context, 1, &b, &length);
     if (rv != SECSuccess)
@@ -2960,6 +2445,32 @@ tls13_HandleCertificate(sslSocket *ss, PRUint8 *b, PRUint32 length)
     return ssl3_AuthCertificate(ss); /* sets ss->ssl3.hs.ws */
 }
 
+void
+tls13_CipherSpecAddRef(ssl3CipherSpec *spec)
+{
+    ++spec->refCt;
+    SSL_TRC(10, ("%d: TLS13[-]: Increment ref ct for spec %d. new ct = %d",
+                 SSL_GETPID(), spec, spec->refCt));
+}
+
+/* This function is never called on a spec which is on the
+ * cipherSpecs list. */
+void
+tls13_CipherSpecRelease(ssl3CipherSpec *spec)
+{
+    PORT_Assert(spec->refCt > 0);
+    --spec->refCt;
+    SSL_TRC(10, ("%d: TLS13[-]: decrement refct for spec %d. phase=%s new ct = %d",
+                 SSL_GETPID(), spec, spec->phase, spec->refCt));
+    if (!spec->refCt) {
+        SSL_TRC(10, ("%d: TLS13[-]: Freeing spec %d. phase=%s",
+                     SSL_GETPID(), spec, spec->phase));
+        PR_REMOVE_LINK(&spec->link);
+        ssl3_DestroyCipherSpec(spec, PR_TRUE);
+        PORT_Free(spec);
+    }
+}
+
 /* Add context to the hash functions as described in
    [draft-ietf-tls-tls13; Section 4.9.1] */
 SECStatus
@@ -3028,56 +2539,15 @@ loser:
  *       HKDF-Expand-Label(Secret, Label,
  *                         Hash(Messages) + Hash(resumption_context), L))
  */
-SECStatus
+static SECStatus
 tls13_DeriveSecret(sslSocket *ss, PK11SymKey *key,
-                   const char *label,
-                   unsigned int labelLen,
+                   const char *prefix,
+                   const char *suffix,
                    const SSL3Hashes *hashes,
                    PK11SymKey **dest)
 {
     SECStatus rv;
-
-    rv = tls13_HkdfExpandLabel(key, tls13_GetHash(ss),
-                               hashes->u.raw, hashes->len,
-                               label, labelLen,
-                               tls13_GetHkdfMechanism(ss),
-                               tls13_GetHashSize(ss), dest);
-    if (rv != SECSuccess) {
-        LOG_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE);
-        return SECFailure;
-    }
-    return SECSuccess;
-}
-
-/* Convenience wrapper for the empty hash. */
-SECStatus
-tls13_DeriveSecretNullHash(sslSocket *ss, PK11SymKey *key,
-                           const char *label,
-                           unsigned int labelLen,
-                           PK11SymKey **dest)
-{
-    SSL3Hashes hashes;
-    SECStatus rv;
-    PRUint8 buf[] = { 0 };
-
-    rv = tls13_ComputeHash(ss, &hashes, buf, 0);
-    if (rv != SECSuccess) {
-        return SECFailure;
-    }
-
-    return tls13_DeriveSecret(ss, key, label, labelLen, &hashes, dest);
-}
-
-/* Convenience wrapper that lets us supply a separate prefix and suffix. */
-static SECStatus
-tls13_DeriveSecretWrap(sslSocket *ss, PK11SymKey *key,
-                       const char *prefix,
-                       const char *suffix,
-                       const char *keylogLabel,
-                       PK11SymKey **dest)
-{
-    SECStatus rv;
-    SSL3Hashes hashes;
+    SSL3Hashes hashesTmp;
     char buf[100];
     const char *label;
 
@@ -3096,22 +2566,25 @@ tls13_DeriveSecretWrap(sslSocket *ss, PK11SymKey *key,
 
     SSL_TRC(3, ("%d: TLS13[%d]: deriving secret '%s'",
                 SSL_GETPID(), ss->fd, label));
-    rv = tls13_ComputeHandshakeHashes(ss, &hashes);
-    if (rv != SECSuccess) {
-        PORT_Assert(0); /* Should never fail */
-        ssl_MapLowLevelError(SEC_ERROR_LIBRARY_FAILURE);
-        return SECFailure;
+    if (!hashes) {
+        rv = tls13_ComputeHandshakeHashes(ss, &hashesTmp);
+        if (rv != SECSuccess) {
+            PORT_Assert(0); /* Should never fail */
+            ssl_MapLowLevelError(SEC_ERROR_LIBRARY_FAILURE);
+            return SECFailure;
+        }
+        hashes = &hashesTmp;
     }
 
-    rv = tls13_DeriveSecret(ss, key, label, strlen(label),
-                            &hashes, dest);
+    rv = tls13_HkdfExpandLabel(key, tls13_GetHash(ss),
+                               hashes->u.raw, hashes->len,
+                               label, strlen(label),
+                               tls13_GetHkdfMechanism(ss),
+                               tls13_GetHashSize(ss), dest);
     if (rv != SECSuccess) {
+        LOG_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE);
         return SECFailure;
     }
-
-    if (keylogLabel) {
-        ssl3_RecordKeyLog(ss, keylogLabel, *dest);
-    }
     return SECSuccess;
 }
 
@@ -3119,41 +2592,49 @@ tls13_DeriveSecretWrap(sslSocket *ss, PK11SymKey *key,
 static SECStatus
 tls13_DeriveTrafficKeys(sslSocket *ss, ssl3CipherSpec *spec,
                         TrafficKeyType type,
+                        CipherSpecDirection direction,
                         PRBool deleteSecret)
 {
-    size_t keySize = spec->cipherDef->key_size;
-    size_t ivSize = spec->cipherDef->iv_size +
-                    spec->cipherDef->explicit_nonce_size; /* This isn't always going to
-                                                           * work, but it does for
-                                                           * AES-GCM */
-    CK_MECHANISM_TYPE bulkAlgorithm = ssl3_Alg2Mech(spec->cipherDef->calg);
+    size_t keySize = spec->cipher_def->key_size;
+    size_t ivSize = spec->cipher_def->iv_size +
+                    spec->cipher_def->explicit_nonce_size; /* This isn't always going to
+                                                              * work, but it does for
+                                                              * AES-GCM */
+    CK_MECHANISM_TYPE bulkAlgorithm = ssl3_Alg2Mech(spec->cipher_def->calg);
     PK11SymKey **prkp = NULL;
     PK11SymKey *prk = NULL;
-    PRBool clientSecret;
+    PRBool clientKey;
+    ssl3KeyMaterial *target;
+    const char *phase;
     SECStatus rv;
     /* These labels are just used for debugging. */
     static const char kHkdfPhaseEarlyApplicationDataKeys[] = "early application data";
     static const char kHkdfPhaseHandshakeKeys[] = "handshake data";
     static const char kHkdfPhaseApplicationDataKeys[] = "application data";
 
+    if (ss->sec.isServer ^ (direction == CipherSpecWrite)) {
+        clientKey = PR_TRUE;
+        target = &spec->client;
+    } else {
+        clientKey = PR_FALSE;
+        target = &spec->server;
+    }
+
     PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
 
-    clientSecret = !tls13_UseServerSecret(ss, spec->direction);
     switch (type) {
         case TrafficKeyEarlyApplicationData:
-            PORT_Assert(clientSecret);
+            PORT_Assert(clientKey);
+            phase = kHkdfPhaseEarlyApplicationDataKeys;
             prkp = &ss->ssl3.hs.clientEarlyTrafficSecret;
-            spec->phase = kHkdfPhaseEarlyApplicationDataKeys;
             break;
         case TrafficKeyHandshake:
-            prkp = clientSecret ? &ss->ssl3.hs.clientHsTrafficSecret
-                                : &ss->ssl3.hs.serverHsTrafficSecret;
-            spec->phase = kHkdfPhaseHandshakeKeys;
+            phase = kHkdfPhaseHandshakeKeys;
+            prkp = clientKey ? &ss->ssl3.hs.clientHsTrafficSecret : &ss->ssl3.hs.serverHsTrafficSecret;
             break;
         case TrafficKeyApplicationData:
-            prkp = clientSecret ? &ss->ssl3.hs.clientTrafficSecret
-                                : &ss->ssl3.hs.serverTrafficSecret;
-            spec->phase = kHkdfPhaseApplicationDataKeys;
+            phase = kHkdfPhaseApplicationDataKeys;
+            prkp = clientKey ? &ss->ssl3.hs.clientTrafficSecret : &ss->ssl3.hs.serverTrafficSecret;
             break;
         default:
             LOG_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE);
@@ -3163,15 +2644,17 @@ tls13_DeriveTrafficKeys(sslSocket *ss, ssl3CipherSpec *spec,
     PORT_Assert(prkp != NULL);
     prk = *prkp;
 
-    SSL_TRC(3, ("%d: TLS13[%d]: deriving %s traffic keys epoch=%d (%s)",
-                SSL_GETPID(), ss->fd, SPEC_DIR(spec),
-                spec->epoch, spec->phase));
+    SSL_TRC(3, ("%d: TLS13[%d]: deriving %s traffic keys phase='%s'",
+                SSL_GETPID(), ss->fd,
+                (direction == CipherSpecWrite) ? "write" : "read", phase));
+    PORT_Assert(phase);
+    spec->phase = phase;
 
     rv = tls13_HkdfExpandLabel(prk, tls13_GetHash(ss),
                                NULL, 0,
                                kHkdfPurposeKey, strlen(kHkdfPurposeKey),
                                bulkAlgorithm, keySize,
-                               &spec->keyMaterial.key);
+                               &target->write_key);
     if (rv != SECSuccess) {
         LOG_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE);
         PORT_Assert(0);
@@ -3181,7 +2664,7 @@ tls13_DeriveTrafficKeys(sslSocket *ss, ssl3CipherSpec *spec,
     rv = tls13_HkdfExpandLabelRaw(prk, tls13_GetHash(ss),
                                   NULL, 0,
                                   kHkdfPurposeIv, strlen(kHkdfPurposeIv),
-                                  spec->keyMaterial.iv, ivSize);
+                                  target->write_iv, ivSize);
     if (rv != SECSuccess) {
         LOG_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE);
         PORT_Assert(0);
@@ -3198,111 +2681,38 @@ loser:
     return SECFailure;
 }
 
-void
-tls13_SetSpecRecordVersion(sslSocket *ss, ssl3CipherSpec *spec)
-{
-    /* Set the record version to pretend to be (D)TLS 1.2. */
-    if (IS_DTLS(ss)) {
-        spec->recordVersion = SSL_LIBRARY_VERSION_DTLS_1_2_WIRE;
-    } else {
-        spec->recordVersion = SSL_LIBRARY_VERSION_TLS_1_2;
-    }
-    SSL_TRC(10, ("%d: TLS13[%d]: set spec=%d record version to 0x%04x",
-                 SSL_GETPID(), ss->fd, spec, spec->recordVersion));
-}
-
 static SECStatus
-tls13_SetupPendingCipherSpec(sslSocket *ss, ssl3CipherSpec *spec)
+tls13_SetupPendingCipherSpec(sslSocket *ss)
 {
+    ssl3CipherSpec *pSpec;
     ssl3CipherSuite suite = ss->ssl3.hs.cipher_suite;
+    const ssl3BulkCipherDef *bulk = ssl_GetBulkCipherDef(
+        ssl_LookupCipherSuiteDef(suite));
 
     PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-    PORT_Assert(spec->epoch);
 
-    /* Version isn't set when we send 0-RTT data. */
-    spec->version = PR_MAX(SSL_LIBRARY_VERSION_TLS_1_3, ss->version);
+    ssl_GetSpecWriteLock(ss); /*******************************/
 
-    ssl_SaveCipherSpec(ss, spec);
-    /* We want to keep read cipher specs around longer because
-     * there are cases where we might get either epoch N or
-     * epoch N+1. */
-    if (IS_DTLS(ss) && spec->direction == CipherSpecRead) {
-        ssl_CipherSpecAddRef(spec);
-    }
+    pSpec = ss->ssl3.pwSpec;
+    /* Version isn't set when we send 0-RTT data. */
+    pSpec->version = PR_MAX(SSL_LIBRARY_VERSION_TLS_1_3, ss->version);
 
     SSL_TRC(3, ("%d: TLS13[%d]: Set Pending Cipher Suite to 0x%04x",
                 SSL_GETPID(), ss->fd, suite));
+    pSpec->cipher_def = bulk;
 
-    spec->cipherDef = ssl_GetBulkCipherDef(ssl_LookupCipherSuiteDef(suite));
-    switch (spec->cipherDef->calg) {
-        case ssl_calg_aes_gcm:
-            spec->aead = tls13_AESGCM;
-            break;
-        case ssl_calg_chacha20:
-            spec->aead = tls13_ChaCha20Poly1305;
-            break;
-        default:
-            PORT_Assert(0);
-            return SECFailure;
-    }
-
-    if (spec->epoch == TrafficKeyEarlyApplicationData) {
-        spec->earlyDataRemaining =
-            ss->sec.ci.sid->u.ssl3.locked.sessionTicket.max_early_data_size;
-    }
-
-    tls13_SetSpecRecordVersion(ss, spec);
-    return SECSuccess;
-}
-
-/*
- * Called before sending alerts to set up the right key on the client.
- * We might encounter errors during the handshake where the current
- * key is ClearText or EarlyApplicationData. This
- * function switches to the Handshake key if possible.
- */
-SECStatus
-tls13_SetAlertCipherSpec(sslSocket *ss)
-{
-    SECStatus rv;
-
-    if (ss->sec.isServer) {
-        return SECSuccess;
-    }
-    if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) {
-        return SECSuccess;
-    }
-    if (TLS13_IN_HS_STATE(ss, wait_server_hello)) {
-        return SECSuccess;
-    }
-    if ((ss->ssl3.cwSpec->epoch != TrafficKeyClearText) &&
-        (ss->ssl3.cwSpec->epoch != TrafficKeyEarlyApplicationData)) {
-        return SECSuccess;
-    }
-
-    rv = tls13_SetCipherSpec(ss, TrafficKeyHandshake,
-                             CipherSpecWrite, PR_FALSE);
-    if (rv != SECSuccess) {
-        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-        return SECFailure;
-    }
+    ssl_ReleaseSpecWriteLock(ss); /*******************************/
     return SECSuccess;
 }
 
-/* Install a new cipher spec for this direction.
- *
- * During the handshake, the values for |epoch| take values from the
- * TrafficKeyType enum.  Afterwards, key update increments them.
- */
+/* Install a new cipher spec for this direction. */
 static SECStatus
-tls13_SetCipherSpec(sslSocket *ss, PRUint16 epoch,
+tls13_SetCipherSpec(sslSocket *ss, TrafficKeyType type,
                     CipherSpecDirection direction, PRBool deleteSecret)
 {
-    TrafficKeyType type;
     SECStatus rv;
     ssl3CipherSpec *spec = NULL;
-    ssl3CipherSpec **specp;
-
+    ssl3CipherSpec **specp = (direction == CipherSpecRead) ? &ss->ssl3.crSpec : &ss->ssl3.cwSpec;
     /* Flush out old handshake data. */
     ssl_GetXmitBufLock(ss);
     rv = ssl3_FlushHandshake(ss, ssl_SEND_FLAG_FORCE_INTO_BUFFER);
@@ -3312,52 +2722,81 @@ tls13_SetCipherSpec(sslSocket *ss, PRUint16 epoch,
     }
 
     /* Create the new spec. */
-    spec = ssl_CreateCipherSpec(ss, direction);
+    spec = PORT_ZNew(ssl3CipherSpec);
     if (!spec) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
         return SECFailure;
     }
-    spec->epoch = epoch;
-    spec->seqNum = 0;
-    if (IS_DTLS(ss)) {
-        dtls_InitRecvdRecords(&spec->recvdRecords);
+    spec->refCt = 1;
+    PR_APPEND_LINK(&spec->link, &ss->ssl3.hs.cipherSpecs);
+    ss->ssl3.pwSpec = ss->ssl3.prSpec = spec;
+
+    rv = tls13_SetupPendingCipherSpec(ss);
+    if (rv != SECSuccess)
+        return SECFailure;
+
+    switch (spec->cipher_def->calg) {
+        case calg_aes_gcm:
+            spec->aead = tls13_AESGCM;
+            break;
+        case calg_chacha20:
+            spec->aead = tls13_ChaCha20Poly1305;
+            break;
+        default:
+            PORT_Assert(0);
+            return SECFailure;
+            break;
     }
 
-    /* This depends on spec having a valid direction and epoch. */
-    rv = tls13_SetupPendingCipherSpec(ss, spec);
+    rv = tls13_DeriveTrafficKeys(ss, spec, type, direction,
+                                 deleteSecret);
     if (rv != SECSuccess) {
-        goto loser;
+        return SECFailure;
     }
 
-    type = (TrafficKeyType)PR_MIN(TrafficKeyApplicationData, epoch);
-    rv = tls13_DeriveTrafficKeys(ss, spec, type, deleteSecret);
-    if (rv != SECSuccess) {
-        goto loser;
+    /* We use the epoch for cipher suite identification, so increment
+     * it in both TLS and DTLS. */
+    if ((*specp)->epoch == PR_UINT16_MAX) {
+        return SECFailure;
+    }
+    spec->epoch = (PRUint16)type;
+
+    if (!IS_DTLS(ss)) {
+        spec->read_seq_num = spec->write_seq_num = 0;
+    } else {
+        /* The sequence number has the high 16 bits as the epoch. */
+        spec->read_seq_num = spec->write_seq_num =
+            (sslSequenceNumber)spec->epoch << 48;
+
+        dtls_InitRecvdRecords(&spec->recvdRecords);
+    }
+
+    if (type == TrafficKeyEarlyApplicationData) {
+        spec->earlyDataRemaining =
+            ss->sec.ci.sid->u.ssl3.locked.sessionTicket.max_early_data_size;
     }
 
     /* Now that we've set almost everything up, finally cut over. */
-    specp = (direction == CipherSpecRead) ? &ss->ssl3.crSpec : &ss->ssl3.cwSpec;
     ssl_GetSpecWriteLock(ss);
-    ssl_CipherSpecRelease(*specp); /* May delete old cipher. */
-    *specp = spec;                 /* Overwrite. */
+    tls13_CipherSpecRelease(*specp); /* May delete old cipher. */
+    *specp = spec;                   /* Overwrite. */
     ssl_ReleaseSpecWriteLock(ss);
 
-    SSL_TRC(3, ("%d: TLS13[%d]: %s installed key for epoch=%d (%s) dir=%s",
-                SSL_GETPID(), ss->fd, SSL_ROLE(ss), spec->epoch,
-                spec->phase, SPEC_DIR(spec)));
+    SSL_TRC(3, ("%d: TLS13[%d]: %s installed key for phase='%s'.%d dir=%s",
+                SSL_GETPID(), ss->fd, SSL_ROLE(ss),
+                spec->phase, spec->epoch,
+                direction == CipherSpecRead ? "read" : "write"));
 
     if (ss->ssl3.changedCipherSpecFunc) {
         ss->ssl3.changedCipherSpecFunc(ss->ssl3.changedCipherSpecArg,
                                        direction == CipherSpecWrite, spec);
     }
     return SECSuccess;
-
-loser:
-    ssl_CipherSpecRelease(spec);
-    return SECFailure;
 }
 
-SECStatus
-tls13_ComputeHandshakeHashes(sslSocket *ss, SSL3Hashes *hashes)
+static SECStatus
+tls13_ComputeHandshakeHashes(sslSocket *ss,
+                             SSL3Hashes *hashes)
 {
     SECStatus rv;
     PK11Context *ctx = NULL;
@@ -3377,7 +2816,7 @@ tls13_ComputeHandshakeHashes(sslSocket *ss, SSL3Hashes *hashes)
             goto loser;
         }
 
-        PRINT_BUF(10, (ss, "Handshake hash computed over saved messages",
+        PRINT_BUF(10, (NULL, "Handshake hash computed over saved messages",
                        ss->ssl3.hs.messages.buf,
                        ss->ssl3.hs.messages.len));
 
@@ -3402,8 +2841,6 @@ tls13_ComputeHandshakeHashes(sslSocket *ss, SSL3Hashes *hashes)
         ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE);
         goto loser;
     }
-
-    PRINT_BUF(10, (ss, "Handshake hash", hashes->u.raw, hashes->len));
     PORT_Assert(hashes->len == tls13_GetHashSize(ss));
     PK11_DestroyContext(ctx, PR_TRUE);
 
@@ -3453,6 +2890,19 @@ tls13_DestroyEarlyData(PRCList *list)
     }
 }
 
+void
+tls13_DestroyCipherSpecs(PRCList *list)
+{
+    PRCList *cur_p;
+
+    while (!PR_CLIST_IS_EMPTY(list)) {
+        cur_p = PR_LIST_TAIL(list);
+        PR_REMOVE_LINK(cur_p);
+        ssl3_DestroyCipherSpec((ssl3CipherSpec *)cur_p, PR_FALSE);
+        PORT_Free(cur_p);
+    }
+}
+
 /* draft-ietf-tls-tls13 Section 5.2.2 specifies the following
  * nonce algorithm:
  *
@@ -3482,7 +2932,7 @@ tls13_WriteNonce(ssl3KeyMaterial *keys,
     size_t i;
 
     PORT_Assert(nonceLen == 12);
-    memcpy(nonce, keys->iv, 12);
+    memcpy(nonce, keys->write_iv, 12);
 
     /* XOR the last 8 bytes of the IV with the sequence number. */
     PORT_Assert(seqNumLen == 8);
@@ -3512,10 +2962,10 @@ tls13_AEAD(ssl3KeyMaterial *keys, PRBool doDecrypt,
     };
 
     if (doDecrypt) {
-        rv = PK11_Decrypt(keys->key, mechanism, &param,
+        rv = PK11_Decrypt(keys->write_key, mechanism, &param,
                           out, &uOutLen, maxout, in, inlen);
     } else {
-        rv = PK11_Encrypt(keys->key, mechanism, &param,
+        rv = PK11_Encrypt(keys->write_key, mechanism, &param,
                           out, &uOutLen, maxout, in, inlen);
     }
     *outlen = (int)uOutLen;
@@ -3612,7 +3062,7 @@ tls13_HandleEncryptedExtensions(sslSocket *ss, PRUint8 *b, PRUint32 length)
         ss->xtnData.nextProto.data = NULL;
         ss->xtnData.nextProtoState = SSL_NEXT_PROTO_NO_SUPPORT;
     }
-    rv = ssl3_HandleExtensions(ss, &b, &length, ssl_hs_encrypted_extensions);
+    rv = ssl3_HandleExtensions(ss, &b, &length, encrypted_extensions);
     if (rv != SECSuccess) {
         return SECFailure; /* Error code set below */
     }
@@ -3664,8 +3114,10 @@ tls13_HandleEncryptedExtensions(sslSocket *ss, PRUint8 *b, PRUint32 length)
 static SECStatus
 tls13_SendEncryptedExtensions(sslSocket *ss)
 {
-    sslBuffer extensions = SSL_BUFFER_EMPTY;
     SECStatus rv;
+    PRInt32 extensions_len = 0;
+    PRInt32 sent_len = 0;
+    PRUint32 maxBytes = 65535;
 
     SSL_TRC(3, ("%d: TLS13[%d]: send encrypted extensions handshake",
                 SSL_GETPID(), ss->fd));
@@ -3673,28 +3125,31 @@ tls13_SendEncryptedExtensions(sslSocket *ss)
     PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
     PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
 
-    rv = ssl_ConstructExtensions(ss, &extensions, ssl_hs_encrypted_extensions);
+    extensions_len = ssl3_CallHelloExtensionSenders(
+        ss, PR_FALSE, maxBytes, &ss->xtnData.encryptedExtensionsSenders[0]);
+
+    rv = ssl3_AppendHandshakeHeader(ss, encrypted_extensions,
+                                    extensions_len + 2);
     if (rv != SECSuccess) {
+        LOG_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE);
         return SECFailure;
     }
-
-    rv = ssl3_AppendHandshakeHeader(ss, ssl_hs_encrypted_extensions,
-                                    SSL_BUFFER_LEN(&extensions) + 2);
+    rv = ssl3_AppendHandshakeNumber(ss, extensions_len, 2);
     if (rv != SECSuccess) {
         LOG_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE);
-        goto loser;
+        return SECFailure;
     }
-    rv = ssl3_AppendBufferToHandshakeVariable(ss, &extensions, 2);
-    if (rv != SECSuccess) {
+    sent_len = ssl3_CallHelloExtensionSenders(
+        ss, PR_TRUE, extensions_len,
+        &ss->xtnData.encryptedExtensionsSenders[0]);
+    PORT_Assert(sent_len == extensions_len);
+    if (sent_len != extensions_len) {
         LOG_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE);
-        goto loser;
+        PORT_Assert(sent_len == 0);
+        return SECFailure;
     }
-    sslBuffer_Clear(&extensions);
-    return SECSuccess;
 
-loser:
-    sslBuffer_Clear(&extensions);
-    return SECFailure;
+    return SECSuccess;
 }
 
 SECStatus
@@ -3755,7 +3210,7 @@ tls13_SendCertificateVerify(sslSocket *ss, SECKEYPrivateKey *privKey)
 
     len = buf.len + 2 + 2;
 
-    rv = ssl3_AppendHandshakeHeader(ss, ssl_hs_certificate_verify, len);
+    rv = ssl3_AppendHandshakeHeader(ss, certificate_verify, len);
     if (rv != SECSuccess) {
         goto done; /* error code set by AppendHandshake */
     }
@@ -3783,14 +3238,14 @@ done:
  * Caller must hold Handshake and RecvBuf locks.
  */
 SECStatus
-tls13_HandleCertificateVerify(sslSocket *ss, PRUint8 *b, PRUint32 length)
+tls13_HandleCertificateVerify(sslSocket *ss, PRUint8 *b, PRUint32 length,
+                              SSL3Hashes *hashes)
 {
     SECItem signed_hash = { siBuffer, NULL, 0 };
     SECStatus rv;
     SSLSignatureScheme sigScheme;
     SSLHashType hashAlg;
     SSL3Hashes tbsHash;
-    SSL3Hashes hashes;
 
     SSL_TRC(3, ("%d: TLS13[%d]: handle certificate_verify handshake",
                 SSL_GETPID(), ss->fd));
@@ -3802,17 +3257,7 @@ tls13_HandleCertificateVerify(sslSocket *ss, PRUint8 *b, PRUint32 length)
     if (rv != SECSuccess) {
         return SECFailure;
     }
-
-    rv = tls13_ComputeHandshakeHashes(ss, &hashes);
-    if (rv != SECSuccess) {
-        return SECFailure;
-    }
-
-    rv = ssl_HashHandshakeMessage(ss, ssl_hs_certificate_verify, b, length);
-    if (rv != SECSuccess) {
-        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-        return SECFailure;
-    }
+    PORT_Assert(hashes);
 
     rv = ssl_ConsumeSignatureScheme(ss, &b, &length, &sigScheme);
     if (rv != SECSuccess) {
@@ -3827,7 +3272,7 @@ tls13_HandleCertificateVerify(sslSocket *ss, PRUint8 *b, PRUint32 length)
     }
     hashAlg = ssl_SignatureSchemeToHashType(sigScheme);
 
-    rv = tls13_AddContextToHashes(ss, &hashes, hashAlg, PR_FALSE, &tbsHash);
+    rv = tls13_AddContextToHashes(ss, hashes, hashAlg, PR_FALSE, &tbsHash);
     if (rv != SECSuccess) {
         FATAL_ERROR(ss, SSL_ERROR_DIGEST_FAILURE, internal_error);
         return SECFailure;
@@ -3856,11 +3301,13 @@ tls13_HandleCertificateVerify(sslSocket *ss, PRUint8 *b, PRUint32 length)
     }
 
     /* Request a client certificate now if one was requested. */
-    if (ss->ssl3.hs.clientCertRequested) {
+    if (ss->ssl3.hs.certificateRequest) {
+        TLS13CertificateRequest *req = ss->ssl3.hs.certificateRequest;
+
         PORT_Assert(!ss->sec.isServer);
-        rv = ssl3_CompleteHandleCertificateRequest(
-            ss, ss->xtnData.sigSchemes, ss->xtnData.numSigSchemes,
-            &ss->xtnData.certReqAuthorities);
+        rv = ssl3_CompleteHandleCertificateRequest(ss, req->signatureSchemes,
+                                                   req->signatureSchemeCount,
+                                                   &req->ca_list);
         if (rv != SECSuccess) {
             FATAL_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE, internal_error);
             return rv;
@@ -3873,7 +3320,7 @@ tls13_HandleCertificateVerify(sslSocket *ss, PRUint8 *b, PRUint32 length)
 }
 
 static SECStatus
-tls13_ComputePskBinderHash(sslSocket *ss, unsigned int prefixLength,
+tls13_ComputePskBinderHash(sslSocket *ss, unsigned long prefixLength,
                            SSL3Hashes *hashes)
 {
     SECStatus rv;
@@ -3885,75 +3332,38 @@ tls13_ComputePskBinderHash(sslSocket *ss, unsigned int prefixLength,
     PRINT_BUF(10, (NULL, "Handshake hash computed over ClientHello prefix",
                    ss->ssl3.hs.messages.buf, prefixLength));
     rv = PK11_HashBuf(ssl3_HashTypeToOID(tls13_GetHash(ss)),
-                      hashes->u.raw, ss->ssl3.hs.messages.buf, prefixLength);
+                      hashes->u.raw,
+                      ss->ssl3.hs.messages.buf, prefixLength);
     if (rv != SECSuccess) {
         ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE);
-        return SECFailure;
+        goto loser;
     }
-
     hashes->len = tls13_GetHashSize(ss);
-    PRINT_BUF(10, (NULL, "PSK Binder hash", hashes->u.raw, hashes->len));
+
+    PRINT_BUF(10, (NULL, "PSK Binder hash",
+                   hashes->u.raw, hashes->len));
 
     return SECSuccess;
-}
 
-/* Compute and inject the PSK Binder for sending.
- *
- * When sending a ClientHello, we construct all the extensions with a dummy
- * value for the binder.  To construct the binder, we commit the entire message
- * up to the point where the binders start.  Then we calculate the hash using
- * the saved message (in ss->ssl3.hs.messages).  This is written over the dummy
- * binder, after which we write the remainder of the binder extension. */
+loser:
+    return SECFailure;
+}
+/* Compute the PSK Binder This is kind of sneaky.*/
 SECStatus
-tls13_WriteExtensionsWithBinder(sslSocket *ss, sslBuffer *extensions)
+tls13_ComputePskBinder(sslSocket *ss, PRBool sending,
+                       unsigned int prefixLength,
+                       PRUint8 *output, unsigned int *outputLen,
+                       unsigned int maxOutputLen)
 {
     SSL3Hashes hashes;
     SECStatus rv;
-    unsigned int size = tls13_GetHashSize(ss);
-    unsigned int prefixLen = extensions->len - size - 3;
-    unsigned int finishedLen;
 
-    PORT_Assert(extensions->len >= size + 3);
-
-    rv = ssl3_AppendHandshakeNumber(ss, extensions->len, 2);
-    if (rv != SECSuccess) {
-        return SECFailure;
-    }
-
-    /* Only write the extension up to the point before the binders.  Assume that
-     * the pre_shared_key extension is at the end of the buffer.  Don't write
-     * the binder, or the lengths that precede it (a 2 octet length for the list
-     * of all binders, plus a 1 octet length for the binder length). */
-    rv = ssl3_AppendHandshake(ss, extensions->buf, prefixLen);
-    if (rv != SECSuccess) {
-        return SECFailure;
-    }
-
-    /* Calculate the binder based on what has been written out. */
-    rv = tls13_ComputePskBinderHash(ss, ss->ssl3.hs.messages.len, &hashes);
-    if (rv != SECSuccess) {
-        return SECFailure;
-    }
-
-    /* Write the binder into the extensions buffer, over the zeros we reserved
-     * previously.  This avoids an allocation and means that we don't need a
-     * separate write for the extra bits that precede the binder. */
-    rv = tls13_ComputeFinished(ss, ss->ssl3.hs.pskBinderKey, &hashes, PR_TRUE,
-                               extensions->buf + extensions->len - size,
-                               &finishedLen, size);
-    if (rv != SECSuccess) {
-        return SECFailure;
-    }
-    PORT_Assert(finishedLen == size);
-
-    /* Write out the remainder of the extension. */
-    rv = ssl3_AppendHandshake(ss, extensions->buf + prefixLen,
-                              extensions->len - prefixLen);
-    if (rv != SECSuccess) {
+    rv = tls13_ComputePskBinderHash(ss, prefixLength, &hashes);
+    if (rv != SECSuccess)
         return SECFailure;
-    }
 
-    return SECSuccess;
+    return tls13_ComputeFinished(ss, ss->ssl3.hs.pskBinderKey, &hashes,
+                                 sending, output, outputLen, maxOutputLen);
 }
 
 static SECStatus
@@ -4052,7 +3462,7 @@ tls13_SendFinished(sslSocket *ss, PK11SymKey *baseKey)
         return SECFailure;
     }
 
-    rv = ssl3_AppendHandshakeHeader(ss, ssl_hs_finished, finishedLen);
+    rv = ssl3_AppendHandshakeHeader(ss, finished, finishedLen);
     if (rv != SECSuccess) {
         return SECFailure; /* Error code already set. */
     }
@@ -4067,7 +3477,7 @@ tls13_SendFinished(sslSocket *ss, PK11SymKey *baseKey)
 }
 
 static SECStatus
-tls13_VerifyFinished(sslSocket *ss, SSLHandshakeType message,
+tls13_VerifyFinished(sslSocket *ss, SSL3HandshakeType message,
                      PK11SymKey *secret,
                      PRUint8 *b, PRUint32 length,
                      const SSL3Hashes *hashes)
@@ -4090,7 +3500,7 @@ tls13_VerifyFinished(sslSocket *ss, SSLHandshakeType message,
 
     if (length != finishedLen) {
 #ifndef UNSAFE_FUZZER_MODE
-        FATAL_ERROR(ss, message == ssl_hs_finished ? SSL_ERROR_RX_MALFORMED_FINISHED : SSL_ERROR_RX_MALFORMED_CLIENT_HELLO, illegal_parameter);
+        FATAL_ERROR(ss, message == finished ? SSL_ERROR_RX_MALFORMED_FINISHED : SSL_ERROR_RX_MALFORMED_CLIENT_HELLO, illegal_parameter);
         return SECFailure;
 #endif
     }
@@ -4107,37 +3517,8 @@ tls13_VerifyFinished(sslSocket *ss, SSLHandshakeType message,
 }
 
 static SECStatus
-tls13_CommonHandleFinished(sslSocket *ss, PK11SymKey *key,
-                           PRUint8 *b, PRUint32 length)
-{
-    SECStatus rv;
-    SSL3Hashes hashes;
-
-    rv = TLS13_CHECK_HS_STATE(ss, SSL_ERROR_RX_UNEXPECTED_FINISHED,
-                              wait_finished);
-    if (rv != SECSuccess) {
-        return SECFailure;
-    }
-    ss->ssl3.hs.endOfFlight = PR_TRUE;
-
-    rv = tls13_ComputeHandshakeHashes(ss, &hashes);
-    if (rv != SECSuccess) {
-        LOG_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE);
-        return SECFailure;
-    }
-
-    rv = ssl_HashHandshakeMessage(ss, ssl_hs_finished, b, length);
-    if (rv != SECSuccess) {
-        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-        return SECFailure;
-    }
-
-    return tls13_VerifyFinished(ss, ssl_hs_finished,
-                                key, b, length, &hashes);
-}
-
-static SECStatus
-tls13_ClientHandleFinished(sslSocket *ss, PRUint8 *b, PRUint32 length)
+tls13_ClientHandleFinished(sslSocket *ss, PRUint8 *b, PRUint32 length,
+                           const SSL3Hashes *hashes)
 {
     SECStatus rv;
 
@@ -4147,19 +3528,27 @@ tls13_ClientHandleFinished(sslSocket *ss, PRUint8 *b, PRUint32 length)
     SSL_TRC(3, ("%d: TLS13[%d]: client handle finished handshake",
                 SSL_GETPID(), ss->fd));
 
-    rv = tls13_CommonHandleFinished(ss, ss->ssl3.hs.serverHsTrafficSecret,
-                                    b, length);
+    rv = TLS13_CHECK_HS_STATE(ss, SSL_ERROR_RX_UNEXPECTED_FINISHED,
+                              wait_finished);
     if (rv != SECSuccess) {
         return SECFailure;
     }
 
+    rv = tls13_VerifyFinished(ss, finished,
+                              ss->ssl3.hs.serverHsTrafficSecret,
+                              b, length, hashes);
+    if (rv != SECSuccess)
+        return SECFailure;
+
     return tls13_SendClientSecondRound(ss);
 }
 
 static SECStatus
-tls13_ServerHandleFinished(sslSocket *ss, PRUint8 *b, PRUint32 length)
+tls13_ServerHandleFinished(sslSocket *ss, PRUint8 *b, PRUint32 length,
+                           const SSL3Hashes *hashes)
 {
     SECStatus rv;
+    PK11SymKey *secret;
 
     PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
     PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
@@ -4167,68 +3556,61 @@ tls13_ServerHandleFinished(sslSocket *ss, PRUint8 *b, PRUint32 length)
     SSL_TRC(3, ("%d: TLS13[%d]: server handle finished handshake",
                 SSL_GETPID(), ss->fd));
 
-    rv = tls13_CommonHandleFinished(ss, ss->ssl3.hs.clientHsTrafficSecret,
-                                    b, length);
+    rv = TLS13_CHECK_HS_STATE(ss, SSL_ERROR_RX_UNEXPECTED_FINISHED, wait_finished);
     if (rv != SECSuccess) {
         return SECFailure;
     }
 
-    if (!ss->opt.requestCertificate &&
-        (ss->ssl3.hs.zeroRttState != ssl_0rtt_done)) {
-        dtls_ReceivedFirstMessageInFlight(ss);
+    if (TLS13_IN_HS_STATE(ss, wait_finished)) {
+        secret = ss->ssl3.hs.clientHsTrafficSecret;
+    } else {
+        secret = ss->ssl3.hs.clientEarlyTrafficSecret;
     }
 
+    rv = tls13_VerifyFinished(ss, finished, secret, b, length, hashes);
+    if (rv != SECSuccess)
+        return SECFailure;
+
     rv = tls13_SetCipherSpec(ss, TrafficKeyApplicationData,
-                             CipherSpecRead, PR_FALSE);
+                             CipherSpecRead, PR_TRUE);
     if (rv != SECSuccess) {
         FATAL_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE, internal_error);
         return SECFailure;
     }
 
-    if (IS_DTLS(ss)) {
-        ssl_CipherSpecReleaseByEpoch(ss, CipherSpecRead, TrafficKeyClearText);
-        /* We need to keep the handshake cipher spec so we can
-         * read re-transmitted client Finished. */
-        rv = dtls_StartTimer(ss, ss->ssl3.hs.hdTimer,
-                             DTLS_RETRANSMIT_FINISHED_MS,
-                             dtls13_HolddownTimerCb);
-        if (rv != SECSuccess) {
-            return SECFailure;
-        }
-    }
-
-    rv = tls13_ComputeFinalSecrets(ss);
+    rv = tls13_FinishHandshake(ss);
     if (rv != SECSuccess) {
-        return SECFailure;
+        return SECFailure; /* Error code and alerts handled below */
     }
-
     ssl_GetXmitBufLock(ss);
     if (ss->opt.enableSessionTickets) {
-        rv = tls13_SendNewSessionTicket(ss, NULL, 0);
+        rv = tls13_SendNewSessionTicket(ss);
         if (rv != SECSuccess) {
-            goto loser;
+            ssl_ReleaseXmitBufLock(ss);
+            return SECFailure; /* Error code and alerts handled below */
         }
         rv = ssl3_FlushHandshake(ss, 0);
-        if (rv != SECSuccess) {
-            goto loser;
-        }
     }
     ssl_ReleaseXmitBufLock(ss);
+    if (rv != SECSuccess)
+        return SECFailure;
 
-    return tls13_FinishHandshake(ss);
-
-loser:
-    ssl_ReleaseXmitBufLock(ss);
-    return SECFailure;
+    return SECSuccess;
 }
 
 static SECStatus
 tls13_FinishHandshake(sslSocket *ss)
 {
+    SECStatus rv;
+
     PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
     PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
     PORT_Assert(ss->ssl3.hs.restartTarget == NULL);
 
+    rv = tls13_ComputeFinalSecrets(ss);
+    if (rv != SECSuccess)
+        return SECFailure;
+
     /* The first handshake is now completed. */
     ss->handshake = NULL;
 
@@ -4270,15 +3652,9 @@ tls13_SendClientSecondFlight(sslSocket *ss, PRBool sendClientCert,
             return SECFailure; /* error code is set. */
         }
     }
-    if (ss->ssl3.hs.clientCertRequested) {
-        SECITEM_FreeItem(&ss->xtnData.certReqContext, PR_FALSE);
-        if (ss->xtnData.certReqAuthorities.arena) {
-            PORT_FreeArena(ss->xtnData.certReqAuthorities.arena, PR_FALSE);
-            ss->xtnData.certReqAuthorities.arena = NULL;
-        }
-        PORT_Memset(&ss->xtnData.certReqAuthorities, 0,
-                    sizeof(ss->xtnData.certReqAuthorities));
-        ss->ssl3.hs.clientCertRequested = PR_FALSE;
+    if (ss->ssl3.hs.certificateRequest) {
+        PORT_FreeArena(ss->ssl3.hs.certificateRequest->arena, PR_FALSE);
+        ss->ssl3.hs.certificateRequest = NULL;
     }
 
     if (sendClientCert) {
@@ -4294,7 +3670,7 @@ tls13_SendClientSecondFlight(sslSocket *ss, PRBool sendClientCert,
     if (rv != SECSuccess) {
         return SECFailure; /* err code was set. */
     }
-    rv = ssl3_FlushHandshake(ss, 0);
+    rv = ssl3_FlushHandshake(ss, IS_DTLS(ss) ? ssl_SEND_FLAG_NO_RETRANSMIT : 0);
     if (rv != SECSuccess) {
         /* No point in sending an alert here because we're not going to
          * be able to send it if we couldn't flush the handshake. */
@@ -4302,6 +3678,11 @@ tls13_SendClientSecondFlight(sslSocket *ss, PRBool sendClientCert,
         return SECFailure;
     }
 
+    rv = dtls_StartHolddownTimer(ss);
+    if (rv != SECSuccess) {
+        return SECFailure; /* err code was set. */
+    }
+
     return SECSuccess;
 }
 
@@ -4336,28 +3717,11 @@ tls13_SendClientSecondRound(sslSocket *ss)
         return SECWouldBlock;
     }
 
-    rv = tls13_ComputeApplicationSecrets(ss);
-    if (rv != SECSuccess) {
-        FATAL_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE, internal_error);
-        return SECFailure;
-    }
-
     if (ss->ssl3.hs.zeroRttState == ssl_0rtt_accepted) {
-        ssl_GetXmitBufLock(ss); /*******************************/
         rv = tls13_SendEndOfEarlyData(ss);
-        ssl_ReleaseXmitBufLock(ss); /*******************************/
         if (rv != SECSuccess) {
             return SECFailure; /* Error code already set. */
         }
-    } else if (ss->opt.enableTls13CompatMode && !IS_DTLS(ss) &&
-               ss->ssl3.hs.zeroRttState == ssl_0rtt_none &&
-               !ss->ssl3.hs.helloRetry) {
-        ssl_GetXmitBufLock(ss); /*******************************/
-        rv = ssl3_SendChangeCipherSpecsInt(ss);
-        ssl_ReleaseXmitBufLock(ss); /*******************************/
-        if (rv != SECSuccess) {
-            return rv;
-        }
     }
 
     rv = tls13_SetCipherSpec(ss, TrafficKeyHandshake,
@@ -4367,6 +3731,12 @@ tls13_SendClientSecondRound(sslSocket *ss)
         return SECFailure;
     }
 
+    rv = tls13_ComputeApplicationSecrets(ss);
+    if (rv != SECSuccess) {
+        FATAL_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE, internal_error);
+        return SECFailure;
+    }
+
     rv = tls13_SetCipherSpec(ss, TrafficKeyApplicationData,
                              CipherSpecRead, PR_FALSE);
     if (rv != SECSuccess) {
@@ -4386,17 +3756,12 @@ tls13_SendClientSecondRound(sslSocket *ss)
         return SECFailure;
     }
     rv = tls13_SetCipherSpec(ss, TrafficKeyApplicationData,
-                             CipherSpecWrite, PR_FALSE);
+                             CipherSpecWrite, PR_TRUE);
     if (rv != SECSuccess) {
         PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
         return SECFailure;
     }
 
-    rv = tls13_ComputeFinalSecrets(ss);
-    if (rv != SECSuccess) {
-        return SECFailure;
-    }
-
     /* The handshake is now finished */
     return tls13_FinishHandshake(ss);
 }
@@ -4412,7 +3777,6 @@ tls13_SendClientSecondRound(sslSocket *ss)
  *   struct {
  *       uint32 ticket_lifetime;
  *       uint32 ticket_age_add;
- *       opaque ticket_nonce<1..255>;
  *       opaque ticket<1..2^16-1>;
  *       TicketExtension extensions<0..2^16-2>;
  *   } NewSessionTicket;
@@ -4420,22 +3784,14 @@ tls13_SendClientSecondRound(sslSocket *ss)
 
 PRUint32 ssl_max_early_data_size = (2 << 16); /* Arbitrary limit. */
 
-static SECStatus
-tls13_SendNewSessionTicket(sslSocket *ss, const PRUint8 *appToken,
-                           unsigned int appTokenLen)
+SECStatus
+tls13_SendNewSessionTicket(sslSocket *ss)
 {
     PRUint16 message_length;
-    PK11SymKey *secret;
     SECItem ticket_data = { 0, NULL, 0 };
     SECStatus rv;
     NewSessionTicket ticket = { 0 };
     PRUint32 max_early_data_size_len = 0;
-    PRUint8 ticketNonce[sizeof(ss->ssl3.hs.ticketNonce)];
-    sslBuffer ticketNonceBuf = SSL_BUFFER(ticketNonce);
-
-    SSL_TRC(3, ("%d: TLS13[%d]: send new session ticket message %d",
-                SSL_GETPID(), ss->fd, ss->ssl3.hs.ticketNonce));
-
     ticket.flags = 0;
     if (ss->opt.enable0RttData) {
         ticket.flags |= ticket_allow_early_data;
@@ -4443,44 +3799,18 @@ tls13_SendNewSessionTicket(sslSocket *ss, const PRUint8 *appToken,
     }
     ticket.ticket_lifetime_hint = ssl_ticket_lifetime;
 
-    /* The ticket age obfuscator. */
-    rv = PK11_GenerateRandom((PRUint8 *)&ticket.ticket_age_add,
-                             sizeof(ticket.ticket_age_add));
-    if (rv != SECSuccess)
-        goto loser;
-
-    rv = sslBuffer_AppendNumber(&ticketNonceBuf, ss->ssl3.hs.ticketNonce,
-                                sizeof(ticketNonce));
-    if (rv != SECSuccess) {
-        goto loser;
-    }
-    ++ss->ssl3.hs.ticketNonce;
-    rv = tls13_HkdfExpandLabel(ss->ssl3.hs.resumptionMasterSecret,
-                               tls13_GetHash(ss),
-                               ticketNonce, sizeof(ticketNonce),
-                               kHkdfLabelResumption,
-                               strlen(kHkdfLabelResumption),
-                               tls13_GetHkdfMechanism(ss),
-                               tls13_GetHashSize(ss), &secret);
-    if (rv != SECSuccess) {
-        goto loser;
-    }
-
-    rv = ssl3_EncodeSessionTicket(ss, &ticket, appToken, appTokenLen,
-                                  secret, &ticket_data);
-    PK11_FreeSymKey(secret);
+    rv = ssl3_EncodeSessionTicket(ss, &ticket, &ticket_data);
     if (rv != SECSuccess)
         goto loser;
 
     message_length =
         4 +                           /* lifetime */
         4 +                           /* ticket_age_add */
-        1 + sizeof(ticketNonce) +     /* ticket_nonce */
         2 + max_early_data_size_len + /* max_early_data_size_len */
         2 +                           /* ticket length */
         ticket_data.len;
 
-    rv = ssl3_AppendHandshakeHeader(ss, ssl_hs_new_session_ticket,
+    rv = ssl3_AppendHandshakeHeader(ss, new_session_ticket,
                                     message_length);
     if (rv != SECSuccess)
         goto loser;
@@ -4490,12 +3820,13 @@ tls13_SendNewSessionTicket(sslSocket *ss, const PRUint8 *appToken,
     if (rv != SECSuccess)
         goto loser;
 
-    rv = ssl3_AppendHandshakeNumber(ss, ticket.ticket_age_add, 4);
+    /* The ticket age obfuscator. */
+    rv = PK11_GenerateRandom((PRUint8 *)&ticket.ticket_age_add,
+                             sizeof(ticket.ticket_age_add));
     if (rv != SECSuccess)
         goto loser;
 
-    /* The ticket nonce. */
-    rv = ssl3_AppendHandshakeVariable(ss, ticketNonce, sizeof(ticketNonce), 1);
+    rv = ssl3_AppendHandshakeNumber(ss, ticket.ticket_age_add, 4);
     if (rv != SECSuccess)
         goto loser;
 
@@ -4512,7 +3843,7 @@ tls13_SendNewSessionTicket(sslSocket *ss, const PRUint8 *appToken,
 
     if (max_early_data_size_len) {
         rv = ssl3_AppendHandshakeNumber(
-            ss, ssl_tls13_early_data_xtn, 2);
+            ss, ssl_tls13_ticket_early_data_info_xtn, 2);
         if (rv != SECSuccess)
             goto loser;
 
@@ -4536,42 +3867,6 @@ loser:
     return SECFailure;
 }
 
-SECStatus
-SSLExp_SendSessionTicket(PRFileDesc *fd, const PRUint8 *token,
-                         unsigned int tokenLen)
-{
-    sslSocket *ss;
-    SECStatus rv;
-
-    ss = ssl_FindSocket(fd);
-    if (!ss) {
-        return SECFailure;
-    }
-
-    if (IS_DTLS(ss)) {
-        PORT_SetError(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_VERSION);
-        return SECFailure;
-    }
-
-    if (!ss->sec.isServer || !ss->firstHsDone ||
-        ss->version < SSL_LIBRARY_VERSION_TLS_1_3 ||
-        tokenLen > 0xffff) {
-        PORT_SetError(SEC_ERROR_INVALID_ARGS);
-        return SECFailure;
-    }
-
-    ssl_GetSSL3HandshakeLock(ss);
-    ssl_GetXmitBufLock(ss);
-    rv = tls13_SendNewSessionTicket(ss, token, tokenLen);
-    if (rv == SECSuccess) {
-        rv = ssl3_FlushHandshake(ss, 0);
-    }
-    ssl_ReleaseXmitBufLock(ss);
-    ssl_ReleaseSSL3HandshakeLock(ss);
-
-    return rv;
-}
-
 static SECStatus
 tls13_HandleNewSessionTicket(sslSocket *ss, PRUint8 *b, PRUint32 length)
 {
@@ -4579,7 +3874,6 @@ tls13_HandleNewSessionTicket(sslSocket *ss, PRUint8 *b, PRUint32 length)
     PRUint32 utmp;
     NewSessionTicket ticket = { 0 };
     SECItem data;
-    SECItem ticket_nonce;
     SECItem ticket_data;
 
     SSL_TRC(3, ("%d: TLS13[%d]: handle new session ticket message",
@@ -4596,7 +3890,7 @@ tls13_HandleNewSessionTicket(sslSocket *ss, PRUint8 *b, PRUint32 length)
         return SECFailure;
     }
 
-    ticket.received_timestamp = ssl_TimeUsec();
+    ticket.received_timestamp = PR_Now();
     rv = ssl3_ConsumeHandshakeNumber(ss, &ticket.ticket_lifetime_hint, 4, &b,
                                      &length);
     if (rv != SECSuccess) {
@@ -4614,14 +3908,6 @@ tls13_HandleNewSessionTicket(sslSocket *ss, PRUint8 *b, PRUint32 length)
     }
     ticket.ticket_age_add = PR_ntohl(utmp);
 
-    /* The nonce. */
-    rv = ssl3_ConsumeHandshakeVariable(ss, &ticket_nonce, 1, &b, &length);
-    if (rv != SECSuccess) {
-        FATAL_ERROR(ss, SSL_ERROR_RX_MALFORMED_NEW_SESSION_TICKET,
-                    decode_error);
-        return SECFailure;
-    }
-
     /* Get the ticket value. */
     rv = ssl3_ConsumeHandshakeVariable(ss, &ticket_data, 2, &b, &length);
     if (rv != SECSuccess || !ticket_data.len) {
@@ -4632,14 +3918,14 @@ tls13_HandleNewSessionTicket(sslSocket *ss, PRUint8 *b, PRUint32 length)
 
     /* Parse extensions. */
     rv = ssl3_ConsumeHandshakeVariable(ss, &data, 2, &b, &length);
-    if (rv != SECSuccess || length) {
+    if (rv != SECSuccess) {
         FATAL_ERROR(ss, SSL_ERROR_RX_MALFORMED_NEW_SESSION_TICKET,
                     decode_error);
         return SECFailure;
     }
 
     rv = ssl3_HandleExtensions(ss, &data.data,
-                               &data.len, ssl_hs_new_session_ticket);
+                               &data.len, new_session_ticket);
     if (rv != SECSuccess) {
         FATAL_ERROR(ss, SSL_ERROR_RX_MALFORMED_NEW_SESSION_TICKET,
                     decode_error);
@@ -4650,9 +3936,13 @@ tls13_HandleNewSessionTicket(sslSocket *ss, PRUint8 *b, PRUint32 length)
         ticket.max_early_data_size = ss->xtnData.max_early_data_size;
     }
 
-    if (!ss->opt.noCache) {
-        PK11SymKey *secret;
+    if (length != 0) {
+        FATAL_ERROR(ss, SSL_ERROR_RX_MALFORMED_NEW_SESSION_TICKET,
+                    decode_error);
+        return SECFailure;
+    }
 
+    if (!ss->opt.noCache) {
         PORT_Assert(ss->sec.ci.sid);
         rv = SECITEM_CopyItem(NULL, &ticket.ticket, &ticket_data);
         if (rv != SECSuccess) {
@@ -4689,22 +3979,9 @@ tls13_HandleNewSessionTicket(sslSocket *ss, PRUint8 *b, PRUint32 length)
         ssl3_SetSIDSessionTicket(ss->sec.ci.sid, &ticket);
         PORT_Assert(!ticket.ticket.data);
 
-        rv = tls13_HkdfExpandLabel(ss->ssl3.hs.resumptionMasterSecret,
-                                   tls13_GetHash(ss),
-                                   ticket_nonce.data, ticket_nonce.len,
-                                   kHkdfLabelResumption,
-                                   strlen(kHkdfLabelResumption),
-                                   tls13_GetHkdfMechanism(ss),
-                                   tls13_GetHashSize(ss), &secret);
-        if (rv != SECSuccess) {
+        rv = ssl3_FillInCachedSID(ss, ss->sec.ci.sid);
+        if (rv != SECSuccess)
             return SECFailure;
-        }
-
-        rv = ssl3_FillInCachedSID(ss, ss->sec.ci.sid, secret);
-        PK11_FreeSymKey(secret);
-        if (rv != SECSuccess) {
-            return SECFailure;
-        }
 
         /* Cache the session. */
         ss->sec.cache(ss->sec.ci.sid);
@@ -4713,103 +3990,111 @@ tls13_HandleNewSessionTicket(sslSocket *ss, PRUint8 *b, PRUint32 length)
     return SECSuccess;
 }
 
-#define _M(a) (1 << PR_MIN(a, 31))
-#define _M1(a) (_M(ssl_hs_##a))
-#define _M2(a, b) (_M1(a) | _M1(b))
-#define _M3(a, b, c) (_M1(a) | _M2(b, c))
+typedef enum {
+    ExtensionNotUsed,
+    ExtensionClientOnly,
+    ExtensionSendClear,
+    ExtensionSendClearOrHrr,
+    ExtensionSendHrr,
+    ExtensionSendEncrypted,
+    ExtensionSendCertificate,
+    ExtensionNewSessionTicket
+} Tls13ExtensionStatus;
 
 static const struct {
     PRUint16 ex_value;
-    PRUint32 messages;
+    Tls13ExtensionStatus status;
 } KnownExtensions[] = {
-    { ssl_server_name_xtn, _M2(client_hello, encrypted_extensions) },
-    { ssl_supported_groups_xtn, _M2(client_hello, encrypted_extensions) },
-    { ssl_signature_algorithms_xtn, _M2(client_hello, certificate_request) },
-    { ssl_signature_algorithms_cert_xtn, _M2(client_hello,
-                                             certificate_request) },
-    { ssl_use_srtp_xtn, _M2(client_hello, encrypted_extensions) },
-    { ssl_app_layer_protocol_xtn, _M2(client_hello, encrypted_extensions) },
-    { ssl_padding_xtn, _M1(client_hello) },
-    { ssl_tls13_key_share_xtn, _M3(client_hello, server_hello,
-                                   hello_retry_request) },
-    { ssl_tls13_pre_shared_key_xtn, _M2(client_hello, server_hello) },
-    { ssl_tls13_psk_key_exchange_modes_xtn, _M1(client_hello) },
-    { ssl_tls13_early_data_xtn, _M3(client_hello, encrypted_extensions,
-                                    new_session_ticket) },
-    { ssl_signed_cert_timestamp_xtn, _M3(client_hello, certificate_request,
-                                         certificate) },
-    { ssl_cert_status_xtn, _M3(client_hello, certificate_request,
-                               certificate) },
-    { ssl_tls13_cookie_xtn, _M2(client_hello, hello_retry_request) },
-    { ssl_tls13_certificate_authorities_xtn, _M1(certificate_request) },
-    { ssl_tls13_supported_versions_xtn, _M3(client_hello, server_hello,
-                                            hello_retry_request) }
+    { ssl_server_name_xtn, ExtensionSendEncrypted },
+    { ssl_supported_groups_xtn, ExtensionSendEncrypted },
+    { ssl_ec_point_formats_xtn, ExtensionNotUsed },
+    { ssl_signature_algorithms_xtn, ExtensionClientOnly },
+    { ssl_use_srtp_xtn, ExtensionSendEncrypted },
+    { ssl_app_layer_protocol_xtn, ExtensionSendEncrypted },
+    { ssl_padding_xtn, ExtensionNotUsed },
+    { ssl_extended_master_secret_xtn, ExtensionNotUsed },
+    { ssl_session_ticket_xtn, ExtensionClientOnly },
+    { ssl_tls13_key_share_xtn, ExtensionSendClearOrHrr },
+    { ssl_tls13_pre_shared_key_xtn, ExtensionSendClear },
+    { ssl_tls13_early_data_xtn, ExtensionSendEncrypted },
+    { ssl_next_proto_nego_xtn, ExtensionNotUsed },
+    { ssl_renegotiation_info_xtn, ExtensionNotUsed },
+    { ssl_signed_cert_timestamp_xtn, ExtensionSendCertificate },
+    { ssl_cert_status_xtn, ExtensionSendCertificate },
+    { ssl_tls13_ticket_early_data_info_xtn, ExtensionNewSessionTicket },
+    { ssl_tls13_cookie_xtn, ExtensionSendHrr },
+    { ssl_tls13_short_header_xtn, ExtensionSendClear }
 };
 
-tls13ExtensionStatus
-tls13_ExtensionStatus(PRUint16 extension, SSLHandshakeType message)
+PRBool
+tls13_ExtensionAllowed(PRUint16 extension, SSL3HandshakeType message)
 {
     unsigned int i;
 
-    PORT_Assert((message == ssl_hs_client_hello) ||
-                (message == ssl_hs_server_hello) ||
-                (message == ssl_hs_hello_retry_request) ||
-                (message == ssl_hs_encrypted_extensions) ||
-                (message == ssl_hs_new_session_ticket) ||
-                (message == ssl_hs_certificate) ||
-                (message == ssl_hs_certificate_request));
+    PORT_Assert((message == client_hello) ||
+                (message == server_hello) ||
+                (message == hello_retry_request) ||
+                (message == encrypted_extensions) ||
+                (message == new_session_ticket) ||
+                (message == certificate) ||
+                (message == certificate_request));
 
     for (i = 0; i < PR_ARRAY_SIZE(KnownExtensions); i++) {
-        /* Hacky check for message numbers > 30. */
-        PORT_Assert(!(KnownExtensions[i].messages & (1U << 31)));
-        if (KnownExtensions[i].ex_value == extension) {
+        if (KnownExtensions[i].ex_value == extension)
             break;
-        }
     }
-    if (i >= PR_ARRAY_SIZE(KnownExtensions)) {
-        return tls13_extension_unknown;
+    if (i == PR_ARRAY_SIZE(KnownExtensions)) {
+        /* We have never heard of this extension which is OK
+         * in client_hello and new_session_ticket. */
+        return (message == client_hello) ||
+               (message == new_session_ticket);
+    }
+
+    switch (KnownExtensions[i].status) {
+        case ExtensionNotUsed:
+            return PR_FALSE;
+        case ExtensionClientOnly:
+            return message == client_hello;
+        case ExtensionSendClear:
+            return message == client_hello ||
+                   message == server_hello;
+        case ExtensionSendClearOrHrr:
+            return message == client_hello ||
+                   message == server_hello ||
+                   message == hello_retry_request;
+        case ExtensionSendHrr:
+            return message == client_hello ||
+                   message == hello_retry_request;
+        case ExtensionSendEncrypted:
+            return message == client_hello ||
+                   message == encrypted_extensions;
+        case ExtensionNewSessionTicket:
+            return message == new_session_ticket;
+        case ExtensionSendCertificate:
+            return message == client_hello ||
+                   message == certificate;
     }
 
-    /* Return "disallowed" if the message mask bit isn't set. */
-    if (!(_M(message) & KnownExtensions[i].messages)) {
-        SSL_TRC(3, ("%d: TLS13: unexpected extension %d in message %d",
-                    SSL_GETPID(), extension, message));
-
-        return tls13_extension_disallowed;
-    }
+    PORT_Assert(0);
 
-    return tls13_extension_allowed;
+    /* Not reached */
+    return PR_TRUE;
 }
 
-#undef _M
-#undef _M1
-#undef _M2
-#undef _M3
-
 /* TLS 1.3 doesn't actually have additional data but the aead function
  * signature overloads additional data to carry the record sequence
  * number and that's what we put here. The TLS 1.3 AEAD functions
  * just use this input as the sequence number and not as additional
  * data. */
-static SECStatus
-tls13_FormatAdditionalData(sslSocket *ss, PRUint8 *aad, unsigned int length,
-                           DTLSEpoch epoch, sslSequenceNumber seqNum)
+static void
+tls13_FormatAdditionalData(PRUint8 *aad, unsigned int length,
+                           sslSequenceNumber seqNum)
 {
-    SECStatus rv;
-    sslBuffer buf = SSL_BUFFER_FIXED(aad, length);
+    PRUint8 *ptr = aad;
 
     PORT_Assert(length == 8);
-    if (IS_DTLS(ss)) {
-        rv = sslBuffer_AppendNumber(&buf, epoch, 2);
-        if (rv != SECSuccess) {
-            return SECFailure;
-        }
-    }
-    rv = sslBuffer_AppendNumber(&buf, seqNum, IS_DTLS(ss) ? 6 : 8);
-    if (rv != SECSuccess) {
-        return SECFailure;
-    }
-    return SECSuccess;
+    ptr = ssl_EncodeUintX(seqNum, 8, ptr);
+    PORT_Assert((ptr - aad) == length);
 }
 
 PRInt32
@@ -4842,14 +4127,13 @@ tls13_ProtectRecord(sslSocket *ss,
                     PRUint32 contentLen,
                     sslBuffer *wrBuf)
 {
-    const ssl3BulkCipherDef *cipher_def = cwSpec->cipherDef;
+    const ssl3BulkCipherDef *cipher_def = cwSpec->cipher_def;
     const int tagLen = cipher_def->tag_size;
     SECStatus rv;
 
-    PORT_Assert(cwSpec->direction == CipherSpecWrite);
-    SSL_TRC(3, ("%d: TLS13[%d]: spec=%d epoch=%d (%s) protect 0x%0llx len=%u",
-                SSL_GETPID(), ss->fd, cwSpec, cwSpec->epoch, cwSpec->phase,
-                cwSpec->seqNum, contentLen));
+    SSL_TRC(3, ("%d: TLS13[%d]: spec=%d (%s) protect record 0x%0llx len=%u",
+                SSL_GETPID(), ss->fd, cwSpec, cwSpec->phase,
+                cwSpec->write_seq_num, contentLen));
 
     if (contentLen + 1 + tagLen > wrBuf->space) {
         PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
@@ -4870,18 +4154,15 @@ tls13_ProtectRecord(sslSocket *ss,
         /* Add the content type at the end. */
         wrBuf->buf[contentLen] = type;
 
-        rv = tls13_FormatAdditionalData(ss, aad, sizeof(aad), cwSpec->epoch,
-                                        cwSpec->seqNum);
-        if (rv != SECSuccess) {
-            return SECFailure;
-        }
-        rv = cwSpec->aead(&cwSpec->keyMaterial,
-                          PR_FALSE,                   /* do encrypt */
-                          wrBuf->buf,                 /* output  */
-                          (int *)&wrBuf->len,         /* out len */
-                          wrBuf->space,               /* max out */
-                          wrBuf->buf, contentLen + 1, /* input   */
-                          aad, sizeof(aad));
+        tls13_FormatAdditionalData(aad, sizeof(aad), cwSpec->write_seq_num);
+        rv = cwSpec->aead(
+            ss->sec.isServer ? &cwSpec->server : &cwSpec->client,
+            PR_FALSE,                   /* do encrypt */
+            wrBuf->buf,                 /* output  */
+            (int *)&wrBuf->len,         /* out len */
+            wrBuf->space,               /* max out */
+            wrBuf->buf, contentLen + 1, /* input   */
+            aad, sizeof(aad));
         if (rv != SECSuccess) {
             PORT_SetError(SSL_ERROR_ENCRYPTION_FAILURE);
             return SECFailure;
@@ -4901,27 +4182,19 @@ tls13_ProtectRecord(sslSocket *ss,
  * 2. Call PORT_SetError() witn an appropriate code.
  */
 SECStatus
-tls13_UnprotectRecord(sslSocket *ss,
-                      ssl3CipherSpec *spec,
-                      SSL3Ciphertext *cText, sslBuffer *plaintext,
+tls13_UnprotectRecord(sslSocket *ss, SSL3Ciphertext *cText, sslBuffer *plaintext,
                       SSL3AlertDescription *alert)
 {
-    const ssl3BulkCipherDef *cipher_def = spec->cipherDef;
-    sslSequenceNumber seqNum;
+    ssl3CipherSpec *crSpec = ss->ssl3.crSpec;
+    const ssl3BulkCipherDef *cipher_def = crSpec->cipher_def;
     PRUint8 aad[8];
     SECStatus rv;
 
     *alert = bad_record_mac; /* Default alert for most issues. */
 
-    PORT_Assert(spec->direction == CipherSpecRead);
-    if (IS_DTLS(ss)) {
-        seqNum = cText->seq_num & RECORD_SEQ_MASK;
-    } else {
-        seqNum = spec->seqNum;
-    }
-    SSL_TRC(3, ("%d: TLS13[%d]: spec=%d epoch=%d (%s) unprotect 0x%0llx len=%u",
-                SSL_GETPID(), ss->fd, spec, spec->epoch, spec->phase, seqNum,
-                cText->buf->len));
+    SSL_TRC(3, ("%d: TLS13[%d]: spec=%d (%s) unprotect record 0x%0llx len=%u",
+                SSL_GETPID(), ss->fd, crSpec, crSpec->phase,
+                crSpec->read_seq_num, cText->buf->len));
 
     /* We can perform this test in variable time because the record's total
      * length and the ciphersuite are both public knowledge. */
@@ -4943,8 +4216,9 @@ tls13_UnprotectRecord(sslSocket *ss,
         return SECFailure;
     }
 
-    /* Check the version number in the record. */
-    if (cText->version != spec->recordVersion) {
+    /* Check the version number in the record */
+    if ((IS_DTLS(ss) && cText->version != kDtlsRecordVersion) ||
+        (!IS_DTLS(ss) && cText->version != kTlsRecordVersion)) {
         /* Do we need a better error here? */
         SSL_TRC(3,
                 ("%d: TLS13[%d]: record has bogus version",
@@ -4954,18 +4228,18 @@ tls13_UnprotectRecord(sslSocket *ss,
 
     /* Decrypt */
     PORT_Assert(cipher_def->type == type_aead);
-    rv = tls13_FormatAdditionalData(ss, aad, sizeof(aad), spec->epoch, seqNum);
-    if (rv != SECSuccess) {
-        return SECFailure;
-    }
-    rv = spec->aead(&spec->keyMaterial,
-                    PR_TRUE,                /* do decrypt */
-                    plaintext->buf,         /* out */
-                    (int *)&plaintext->len, /* outlen */
-                    plaintext->space,       /* maxout */
-                    cText->buf->buf,        /* in */
-                    cText->buf->len,        /* inlen */
-                    aad, sizeof(aad));
+    tls13_FormatAdditionalData(aad, sizeof(aad),
+                               IS_DTLS(ss) ? cText->seq_num
+                                           : crSpec->read_seq_num);
+    rv = crSpec->aead(
+        ss->sec.isServer ? &crSpec->client : &crSpec->server,
+        PR_TRUE,                /* do decrypt */
+        plaintext->buf,         /* out */
+        (int *)&plaintext->len, /* outlen */
+        plaintext->space,       /* maxout */
+        cText->buf->buf,        /* in */
+        cText->buf->len,        /* inlen */
+        aad, sizeof(aad));
     if (rv != SECSuccess) {
         SSL_TRC(3,
                 ("%d: TLS13[%d]: record has bogus MAC",
@@ -4997,14 +4271,14 @@ tls13_UnprotectRecord(sslSocket *ss,
     --plaintext->len;
 
     /* Check that we haven't received too much 0-RTT data. */
-    if (spec->epoch == TrafficKeyEarlyApplicationData &&
+    if (crSpec->epoch == TrafficKeyEarlyApplicationData &&
         cText->type == content_application_data) {
-        if (plaintext->len > spec->earlyDataRemaining) {
+        if (plaintext->len > crSpec->earlyDataRemaining) {
             *alert = unexpected_message;
             PORT_SetError(SSL_ERROR_TOO_MUCH_EARLY_DATA);
             return SECFailure;
         }
-        spec->earlyDataRemaining -= plaintext->len;
+        crSpec->earlyDataRemaining -= plaintext->len;
     }
 
     SSL_TRC(10,
@@ -5052,7 +4326,7 @@ tls13_MaybeDo0RTTHandshake(sslSocket *ss)
 
     /* Don't do anything if there is no early_data xtn, which means we're
      * not doing early data. */
-    if (!ssl3_ExtensionAdvertised(ss, ssl_tls13_early_data_xtn)) {
+    if (!ssl3_ClientExtensionAdvertised(ss, ssl_tls13_early_data_xtn)) {
         return SECSuccess;
     }
 
@@ -5067,41 +4341,25 @@ tls13_MaybeDo0RTTHandshake(sslSocket *ss)
         ss->xtnData.nextProtoState = SSL_NEXT_PROTO_EARLY_VALUE;
         rv = SECITEM_CopyItem(NULL, &ss->xtnData.nextProto,
                               &ss->sec.ci.sid->u.ssl3.alpnSelection);
-        if (rv != SECSuccess) {
-            return SECFailure;
-        }
-    }
-
-    if (ss->opt.enableTls13CompatMode && !IS_DTLS(ss)) {
-        /* Pretend that this is a proper ChangeCipherSpec even though it is sent
-         * before receiving the ServerHello. */
-        ssl_GetSpecWriteLock(ss);
-        tls13_SetSpecRecordVersion(ss, ss->ssl3.cwSpec);
-        ssl_ReleaseSpecWriteLock(ss);
-        ssl_GetXmitBufLock(ss);
-        rv = ssl3_SendChangeCipherSpecsInt(ss);
-        ssl_ReleaseXmitBufLock(ss);
-        if (rv != SECSuccess) {
-            return SECFailure;
-        }
+        if (rv != SECSuccess)
+            return rv;
     }
 
     /* Cipher suite already set in tls13_SetupClientHello. */
     ss->ssl3.hs.preliminaryInfo = 0;
 
-    rv = tls13_DeriveEarlySecrets(ss);
-    if (rv != SECSuccess) {
+    rv = tls13_DeriveSecret(ss, ss->ssl3.hs.currentSecret,
+                            kHkdfLabelClient,
+                            kHkdfLabelEarlyTrafficSecret,
+                            NULL,
+                            &ss->ssl3.hs.clientEarlyTrafficSecret);
+    if (rv != SECSuccess)
         return SECFailure;
-    }
-
-    /* Save cwSpec in case we get a HelloRetryRequest and have to send another
-     * ClientHello. */
-    ssl_CipherSpecAddRef(ss->ssl3.cwSpec);
 
     rv = tls13_SetCipherSpec(ss, TrafficKeyEarlyApplicationData,
                              CipherSpecWrite, PR_TRUE);
     if (rv != SECSuccess) {
-        return SECFailure;
+        return rv;
     }
 
     return SECSuccess;
@@ -5134,45 +4392,32 @@ tls13_SendEndOfEarlyData(sslSocket *ss)
 {
     SECStatus rv;
 
-    SSL_TRC(3, ("%d: TLS13[%d]: send EndOfEarlyData", SSL_GETPID(), ss->fd));
-    PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
+    SSL_TRC(3, ("%d: TLS13[%d]: send end_of_early_data extension",
+                SSL_GETPID(), ss->fd));
 
-    rv = ssl3_AppendHandshakeHeader(ss, ssl_hs_end_of_early_data, 0);
+    rv = SSL3_SendAlert(ss, alert_warning, end_of_early_data);
     if (rv != SECSuccess) {
-        return rv; /* err set by AppendHandshake. */
+        FATAL_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE, internal_error);
+        return SECFailure;
     }
 
     ss->ssl3.hs.zeroRttState = ssl_0rtt_done;
     return SECSuccess;
 }
 
-static SECStatus
-tls13_HandleEndOfEarlyData(sslSocket *ss, PRUint8 *b, PRUint32 length)
+SECStatus
+tls13_HandleEndOfEarlyData(sslSocket *ss)
 {
     SECStatus rv;
 
-    PORT_Assert(ss->version >= SSL_LIBRARY_VERSION_TLS_1_3);
-
-    rv = TLS13_CHECK_HS_STATE(ss, SSL_ERROR_RX_UNEXPECTED_END_OF_EARLY_DATA,
-                              wait_end_of_early_data);
-    if (rv != SECSuccess) {
+    if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3 ||
+        ss->ssl3.hs.zeroRttState != ssl_0rtt_accepted) {
+        (void)SSL3_SendAlert(ss, alert_fatal, unexpected_message);
+        PORT_SetError(SSL_ERROR_END_OF_EARLY_DATA_ALERT);
         return SECFailure;
     }
 
-    /* We shouldn't be getting any more early data, and if we do,
-     * it is because of reordering and we drop it. */
-    if (IS_DTLS(ss)) {
-        ssl_CipherSpecReleaseByEpoch(ss, CipherSpecRead,
-                                     TrafficKeyEarlyApplicationData);
-        dtls_ReceivedFirstMessageInFlight(ss);
-    }
-
-    PORT_Assert(ss->ssl3.hs.zeroRttState == ssl_0rtt_accepted);
-
-    if (length) {
-        FATAL_ERROR(ss, SSL_ERROR_RX_MALFORMED_END_OF_EARLY_DATA, decode_error);
-        return SECFailure;
-    }
+    PORT_Assert(TLS13_IN_HS_STATE(ss, ss->opt.requestCertificate ? wait_client_cert : wait_finished));
 
     rv = tls13_SetCipherSpec(ss, TrafficKeyHandshake,
                              CipherSpecRead, PR_FALSE);
@@ -5182,9 +4427,6 @@ tls13_HandleEndOfEarlyData(sslSocket *ss, PRUint8 *b, PRUint32 length)
     }
 
     ss->ssl3.hs.zeroRttState = ssl_0rtt_done;
-    TLS13_SET_HS_STATE(ss,
-                       ss->opt.requestCertificate ? wait_client_cert
-                                                  : wait_finished);
     return SECSuccess;
 }
 
@@ -5235,11 +4477,11 @@ tls13_EncodeDraftVersion(SSL3ProtocolVersion version)
 
 /* Pick the highest version we support that is also advertised. */
 SECStatus
-tls13_NegotiateVersion(sslSocket *ss, const TLSExtension *supportedVersions)
+tls13_NegotiateVersion(sslSocket *ss, const TLSExtension *supported_versions)
 {
     PRUint16 version;
-    /* Make a copy so we're nondestructive. */
-    SECItem data = supportedVersions->data;
+    /* Make a copy so we're nondestructive*/
+    SECItem data = supported_versions->data;
     SECItem versions;
     SECStatus rv;
 
@@ -5269,22 +4511,3 @@ tls13_NegotiateVersion(sslSocket *ss, const TLSExtension *supportedVersions)
     FATAL_ERROR(ss, SSL_ERROR_UNSUPPORTED_VERSION, protocol_version);
     return SECFailure;
 }
-
-/* This is TLS 1.3 or might negotiate to it. */
-PRBool
-tls13_MaybeTls13(sslSocket *ss)
-{
-    if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_3) {
-        return PR_TRUE;
-    }
-
-    if (ss->vrange.max < SSL_LIBRARY_VERSION_TLS_1_3) {
-        return PR_FALSE;
-    }
-
-    if (!(ss->ssl3.hs.preliminaryInfo & ssl_preinfo_version)) {
-        return PR_TRUE;
-    }
-
-    return PR_FALSE;
-}
diff --git a/security/nss/lib/ssl/tls13con.h b/security/nss/lib/ssl/tls13con.h
index 1aaffb651..92eb545b0 100644
--- a/security/nss/lib/ssl/tls13con.h
+++ b/security/nss/lib/ssl/tls13con.h
@@ -9,25 +9,15 @@
 #ifndef __tls13con_h_
 #define __tls13con_h_
 
-#include "sslexp.h"
-#include "sslspec.h"
-
-typedef enum {
-    tls13_extension_allowed,
-    tls13_extension_disallowed,
-    tls13_extension_unknown
-} tls13ExtensionStatus;
-
 typedef enum {
-    update_not_requested = 0,
-    update_requested = 1
-} tls13KeyUpdateRequest;
+    StaticSharedSecret,
+    EphemeralSharedSecret
+} SharedSecretType;
 
 #define TLS13_MAX_FINISHED_SIZE 64
 
 SECStatus tls13_UnprotectRecord(
-    sslSocket *ss, ssl3CipherSpec *spec,
-    SSL3Ciphertext *cText, sslBuffer *plaintext,
+    sslSocket *ss, SSL3Ciphertext *cText, sslBuffer *plaintext,
     SSL3AlertDescription *alert);
 
 #if defined(WIN32)
@@ -51,14 +41,6 @@ SSLHashType tls13_GetHash(const sslSocket *ss);
 unsigned int tls13_GetHashSizeForHash(SSLHashType hash);
 unsigned int tls13_GetHashSize(const sslSocket *ss);
 CK_MECHANISM_TYPE tls13_GetHkdfMechanism(sslSocket *ss);
-SECStatus tls13_ComputeHash(sslSocket *ss, SSL3Hashes *hashes,
-                            const PRUint8 *buf, unsigned int len);
-SECStatus tls13_ComputeHandshakeHashes(sslSocket *ss,
-                                       SSL3Hashes *hashes);
-SECStatus tls13_DeriveSecretNullHash(sslSocket *ss, PK11SymKey *key,
-                                     const char *label,
-                                     unsigned int labelLen,
-                                     PK11SymKey **dest);
 void tls13_FatalError(sslSocket *ss, PRErrorCode prError,
                       SSL3AlertDescription desc);
 SECStatus tls13_SetupClientHello(sslSocket *ss);
@@ -67,30 +49,27 @@ PRInt32 tls13_LimitEarlyData(sslSocket *ss, SSL3ContentType type, PRInt32 toSend
 PRBool tls13_AllowPskCipher(const sslSocket *ss,
                             const ssl3CipherSuiteDef *cipher_def);
 PRBool tls13_PskSuiteEnabled(sslSocket *ss);
-SECStatus tls13_WriteExtensionsWithBinder(sslSocket *ss, sslBuffer *extensions);
+SECStatus tls13_ComputePskBinder(sslSocket *ss, PRBool sending,
+                                 unsigned int prefixLength,
+                                 PRUint8 *output, unsigned int *outputLen,
+                                 unsigned int maxOutputLen);
 SECStatus tls13_HandleClientHelloPart2(sslSocket *ss,
                                        const SECItem *suites,
-                                       sslSessionID *sid,
-                                       const PRUint8 *msg,
-                                       unsigned int len);
+                                       sslSessionID *sid);
 SECStatus tls13_HandleServerHelloPart2(sslSocket *ss);
 SECStatus tls13_HandlePostHelloHandshakeMessage(sslSocket *ss, PRUint8 *b,
-                                                PRUint32 length);
-SECStatus tls13_ConstructHelloRetryRequest(sslSocket *ss,
-                                           ssl3CipherSuite cipherSuite,
-                                           const sslNamedGroupDef *selectedGroup,
-                                           PRUint8 *cookie,
-                                           unsigned int cookieLen,
-                                           sslBuffer *buffer);
-SECStatus tls13_HandleHelloRetryRequest(sslSocket *ss, const PRUint8 *b,
+                                                PRUint32 length,
+                                                SSL3Hashes *hashesPtr);
+SECStatus tls13_HandleHelloRetryRequest(sslSocket *ss, PRUint8 *b,
                                         PRUint32 length);
 void tls13_DestroyKeyShareEntry(TLS13KeyShareEntry *entry);
 void tls13_DestroyKeyShares(PRCList *list);
 SECStatus tls13_CreateKeyShare(sslSocket *ss, const sslNamedGroupDef *groupDef);
 void tls13_DestroyEarlyData(PRCList *list);
-SECStatus tls13_SetAlertCipherSpec(sslSocket *ss);
-tls13ExtensionStatus tls13_ExtensionStatus(PRUint16 extension,
-                                           SSLHandshakeType message);
+void tls13_CipherSpecAddRef(ssl3CipherSpec *spec);
+void tls13_CipherSpecRelease(ssl3CipherSpec *spec);
+void tls13_DestroyCipherSpecs(PRCList *list);
+PRBool tls13_ExtensionAllowed(PRUint16 extension, SSL3HandshakeType message);
 SECStatus tls13_ProtectRecord(sslSocket *ss,
                               ssl3CipherSpec *cwSpec,
                               SSL3ContentType type,
@@ -98,25 +77,13 @@ SECStatus tls13_ProtectRecord(sslSocket *ss,
                               PRUint32 contentLen,
                               sslBuffer *wrBuf);
 PRInt32 tls13_Read0RttData(sslSocket *ss, void *buf, PRInt32 len);
+SECStatus tls13_HandleEndOfEarlyData(sslSocket *ss);
 SECStatus tls13_HandleEarlyApplicationData(sslSocket *ss, sslBuffer *origBuf);
 PRBool tls13_ClientAllow0Rtt(const sslSocket *ss, const sslSessionID *sid);
 PRUint16 tls13_EncodeDraftVersion(SSL3ProtocolVersion version);
+PRUint16 tls13_DecodeDraftVersion(PRUint16 version);
 SECStatus tls13_NegotiateVersion(sslSocket *ss,
                                  const TLSExtension *supported_versions);
-
-PRBool tls13_IsReplay(const sslSocket *ss, const sslSessionID *sid);
-void tls13_AntiReplayRollover(PRTime now);
-
-SECStatus SSLExp_SetupAntiReplay(PRTime window, unsigned int k,
-                                 unsigned int bits);
-
-SECStatus SSLExp_HelloRetryRequestCallback(PRFileDesc *fd,
-                                           SSLHelloRetryRequestCallback cb,
-                                           void *arg);
-SECStatus tls13_SendKeyUpdate(sslSocket *ss, tls13KeyUpdateRequest request,
-                              PRBool buffer);
-SECStatus SSLExp_KeyUpdate(PRFileDesc *fd, PRBool requestUpdate);
-PRBool tls13_MaybeTls13(sslSocket *ss);
-void tls13_SetSpecRecordVersion(sslSocket *ss, ssl3CipherSpec *spec);
+SECStatus tls13_SendNewSessionTicket(sslSocket *ss);
 
 #endif /* __tls13con_h_ */
diff --git a/security/nss/lib/ssl/tls13err.h b/security/nss/lib/ssl/tls13err.h
deleted file mode 100644
index 8cdeb12eb..000000000
--- a/security/nss/lib/ssl/tls13err.h
+++ /dev/null
@@ -1,28 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
-/*
- * This file is PRIVATE to SSL.
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#ifndef __tls13err_h_
-#define __tls13err_h_
-
-/* Use this instead of FATAL_ERROR when an alert isn't possible. */
-#define LOG_ERROR(ss, prError)                                                     \
-    do {                                                                           \
-        SSL_TRC(3, ("%d: TLS13[%d]: fatal error %d in %s (%s:%d)",                 \
-                    SSL_GETPID(), ss->fd, prError, __func__, __FILE__, __LINE__)); \
-        PORT_SetError(prError);                                                    \
-    } while (0)
-
-/* Log an error and generate an alert because something is irreparably wrong. */
-#define FATAL_ERROR(ss, prError, desc)       \
-    do {                                     \
-        LOG_ERROR(ss, prError);              \
-        tls13_FatalError(ss, prError, desc); \
-    } while (0)
-
-void tls13_FatalError(sslSocket *ss, PRErrorCode prError, SSL3AlertDescription desc);
-#endif
diff --git a/security/nss/lib/ssl/tls13exthandle.c b/security/nss/lib/ssl/tls13exthandle.c
index 899f23827..c2ce390ff 100644
--- a/security/nss/lib/ssl/tls13exthandle.c
+++ b/security/nss/lib/ssl/tls13exthandle.c
@@ -14,35 +14,50 @@
 #include "ssl3exthandle.h"
 #include "tls13exthandle.h"
 
-SECStatus
-tls13_ServerSendStatusRequestXtn(const sslSocket *ss, TLSExtensionData *xtnData,
-                                 sslBuffer *buf, PRBool *added)
+PRInt32
+tls13_ServerSendStatusRequestXtn(
+    const sslSocket *ss,
+    TLSExtensionData *xtnData,
+    PRBool append,
+    PRUint32 maxBytes)
 {
+    PRInt32 extension_length;
     const sslServerCert *serverCert = ss->sec.serverCert;
     const SECItem *item;
     SECStatus rv;
 
     if (!serverCert->certStatusArray ||
         !serverCert->certStatusArray->len) {
-        return SECSuccess;
+        return 0;
     }
 
     item = &serverCert->certStatusArray->items[0];
 
     /* Only send the first entry. */
-    /* status_type == ocsp */
-    rv = sslBuffer_AppendNumber(buf, 1 /*ocsp*/, 1);
-    if (rv != SECSuccess) {
-        return SECFailure;
+    extension_length = 2 + 2 + 1 /* status_type */ + 3 + item->len;
+    if (maxBytes < (PRUint32)extension_length) {
+        return 0;
     }
-    /* opaque OCSPResponse<1..2^24-1> */
-    rv = sslBuffer_AppendVariable(buf, item->data, item->len, 3);
-    if (rv != SECSuccess) {
-        return SECFailure;
+    if (append) {
+        /* extension_type */
+        rv = ssl3_ExtAppendHandshakeNumber(ss, ssl_cert_status_xtn, 2);
+        if (rv != SECSuccess)
+            return -1;
+        /* length of extension_data */
+        rv = ssl3_ExtAppendHandshakeNumber(ss, extension_length - 4, 2);
+        if (rv != SECSuccess)
+            return -1;
+        /* status_type == ocsp */
+        rv = ssl3_ExtAppendHandshakeNumber(ss, 1 /*ocsp*/, 1);
+        if (rv != SECSuccess)
+            return rv; /* err set by AppendHandshake. */
+        /* opaque OCSPResponse<1..2^24-1> */
+        rv = ssl3_ExtAppendHandshakeVariable(ss, item->data, item->len, 3);
+        if (rv != SECSuccess)
+            return rv; /* err set by AppendHandshake. */
     }
 
-    *added = PR_TRUE;
-    return SECSuccess;
+    return extension_length;
 }
 
 /*
@@ -86,27 +101,41 @@ tls13_SizeOfKeyShareEntry(const SECKEYPublicKey *pubKey)
     return 0;
 }
 
+static PRUint32
+tls13_SizeOfClientKeyShareExtension(const sslSocket *ss)
+{
+    PRCList *cursor;
+    /* Size is: extension(2) + extension_len(2) + client_shares(2) */
+    PRUint32 size = 2 + 2 + 2;
+    for (cursor = PR_NEXT_LINK(&ss->ephemeralKeyPairs);
+         cursor != &ss->ephemeralKeyPairs;
+         cursor = PR_NEXT_LINK(cursor)) {
+        sslEphemeralKeyPair *keyPair = (sslEphemeralKeyPair *)cursor;
+        size += tls13_SizeOfKeyShareEntry(keyPair->keys->pubKey);
+    }
+    return size;
+}
+
 static SECStatus
-tls13_EncodeKeyShareEntry(sslBuffer *buf, const sslEphemeralKeyPair *keyPair)
+tls13_EncodeKeyShareEntry(const sslSocket *ss, const sslEphemeralKeyPair *keyPair)
 {
     SECStatus rv;
     SECKEYPublicKey *pubKey = keyPair->keys->pubKey;
     unsigned int size = tls13_SizeOfKeyShareEntry(pubKey);
 
-    rv = sslBuffer_AppendNumber(buf, keyPair->group->name, 2);
+    rv = ssl3_ExtAppendHandshakeNumber(ss, keyPair->group->name, 2);
     if (rv != SECSuccess)
         return rv;
-    rv = sslBuffer_AppendNumber(buf, size - 4, 2);
+    rv = ssl3_ExtAppendHandshakeNumber(ss, size - 4, 2);
     if (rv != SECSuccess)
         return rv;
 
     switch (pubKey->keyType) {
         case ecKey:
-            rv = sslBuffer_Append(buf, pubKey->u.ec.publicValue.data,
-                                  pubKey->u.ec.publicValue.len);
+            rv = tls13_EncodeECDHEKeyShareKEX(ss, pubKey);
             break;
         case dhKey:
-            rv = ssl_AppendPaddedDHKeyShare(buf, pubKey, PR_FALSE);
+            rv = ssl_AppendPaddedDHKeyShare(ss, pubKey, PR_FALSE);
             break;
         default:
             PORT_Assert(0);
@@ -117,16 +146,14 @@ tls13_EncodeKeyShareEntry(sslBuffer *buf, const sslEphemeralKeyPair *keyPair)
     return rv;
 }
 
-SECStatus
-tls13_ClientSendKeyShareXtn(const sslSocket *ss, TLSExtensionData *xtnData,
-                            sslBuffer *buf, PRBool *added)
+PRInt32
+tls13_ClientSendKeyShareXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRBool append,
+                            PRUint32 maxBytes)
 {
-    SECStatus rv;
-    PRCList *cursor;
-    unsigned int lengthOffset;
+    PRUint32 extension_length;
 
     if (ss->vrange.max < SSL_LIBRARY_VERSION_TLS_1_3) {
-        return SECSuccess;
+        return 0;
     }
 
     /* Optimistically try to send an ECDHE key using the
@@ -134,28 +161,47 @@ tls13_ClientSendKeyShareXtn(const sslSocket *ss, TLSExtensionData *xtnData,
     SSL_TRC(3, ("%d: TLS13[%d]: send client key share xtn",
                 SSL_GETPID(), ss->fd));
 
-    /* Save the offset to the length. */
-    rv = sslBuffer_Skip(buf, 2, &lengthOffset);
-    if (rv != SECSuccess) {
-        return SECFailure;
+    extension_length = tls13_SizeOfClientKeyShareExtension(ss);
+    if (maxBytes < extension_length) {
+        PORT_Assert(0);
+        return 0;
     }
 
-    for (cursor = PR_NEXT_LINK(&ss->ephemeralKeyPairs);
-         cursor != &ss->ephemeralKeyPairs;
-         cursor = PR_NEXT_LINK(cursor)) {
-        sslEphemeralKeyPair *keyPair = (sslEphemeralKeyPair *)cursor;
-        rv = tls13_EncodeKeyShareEntry(buf, keyPair);
-        if (rv != SECSuccess) {
-            return SECFailure;
+    if (append) {
+        SECStatus rv;
+        PRCList *cursor;
+
+        rv = ssl3_ExtAppendHandshakeNumber(ss, ssl_tls13_key_share_xtn, 2);
+        if (rv != SECSuccess)
+            goto loser;
+
+        /* The extension length */
+        rv = ssl3_ExtAppendHandshakeNumber(ss, extension_length - 4, 2);
+        if (rv != SECSuccess)
+            goto loser;
+
+        /* The length of KeyShares */
+        rv = ssl3_ExtAppendHandshakeNumber(ss, extension_length - 6, 2);
+        if (rv != SECSuccess)
+            goto loser;
+
+        for (cursor = PR_NEXT_LINK(&ss->ephemeralKeyPairs);
+             cursor != &ss->ephemeralKeyPairs;
+             cursor = PR_NEXT_LINK(cursor)) {
+            sslEphemeralKeyPair *keyPair = (sslEphemeralKeyPair *)cursor;
+            rv = tls13_EncodeKeyShareEntry(ss, keyPair);
+            if (rv != SECSuccess)
+                goto loser;
         }
-    }
-    rv = sslBuffer_InsertLength(buf, lengthOffset, 2);
-    if (rv != SECSuccess) {
-        return SECFailure;
+
+        xtnData->advertised[xtnData->numAdvertised++] =
+            ssl_tls13_key_share_xtn;
     }
 
-    *added = PR_TRUE;
-    return SECSuccess;
+    return extension_length;
+
+loser:
+    return -1;
 }
 
 static SECStatus
@@ -204,8 +250,7 @@ loser:
  * |xtnData->remoteKeyShares| for future use. The key
  * share is processed in tls13_HandleServerKeyShare(). */
 SECStatus
-tls13_ClientHandleKeyShareXtn(const sslSocket *ss, TLSExtensionData *xtnData,
-                              SECItem *data)
+tls13_ClientHandleKeyShareXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRUint16 ex_type, SECItem *data)
 {
     SECStatus rv;
     PORT_Assert(PR_CLIST_IS_EMPTY(&xtnData->remoteKeyShares));
@@ -236,8 +281,7 @@ tls13_ClientHandleKeyShareXtn(const sslSocket *ss, TLSExtensionData *xtnData,
 }
 
 SECStatus
-tls13_ClientHandleKeyShareXtnHrr(const sslSocket *ss, TLSExtensionData *xtnData,
-                                 SECItem *data)
+tls13_ClientHandleKeyShareXtnHrr(const sslSocket *ss, TLSExtensionData *xtnData, PRUint16 ex_type, SECItem *data)
 {
     SECStatus rv;
     PRUint32 tmp;
@@ -287,8 +331,7 @@ tls13_ClientHandleKeyShareXtnHrr(const sslSocket *ss, TLSExtensionData *xtnData,
  * |xtnData->remoteKeyShares| for future use. The key
  * share is processed in tls13_HandleClientKeyShare(). */
 SECStatus
-tls13_ServerHandleKeyShareXtn(const sslSocket *ss, TLSExtensionData *xtnData,
-                              SECItem *data)
+tls13_ServerHandleKeyShareXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRUint16 ex_type, SECItem *data)
 {
     SECStatus rv;
     PRUint32 length;
@@ -321,6 +364,16 @@ tls13_ServerHandleKeyShareXtn(const sslSocket *ss, TLSExtensionData *xtnData,
             goto loser;
     }
 
+    /* Check that the client only offered one share if this is
+     * after HRR. */
+    if (ss->ssl3.hs.helloRetry) {
+        if (PR_PREV_LINK(&xtnData->remoteKeyShares) !=
+            PR_NEXT_LINK(&xtnData->remoteKeyShares)) {
+            PORT_SetError(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO);
+            goto loser;
+        }
+    }
+
     return SECSuccess;
 
 loser:
@@ -328,10 +381,12 @@ loser:
     return SECFailure;
 }
 
-SECStatus
-tls13_ServerSendKeyShareXtn(const sslSocket *ss, TLSExtensionData *xtnData,
-                            sslBuffer *buf, PRBool *added)
+PRInt32
+tls13_ServerSendKeyShareXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRBool append,
+                            PRUint32 maxBytes)
 {
+    PRUint32 extension_length;
+    PRUint32 entry_length;
     SECStatus rv;
     sslEphemeralKeyPair *keyPair;
 
@@ -342,13 +397,31 @@ tls13_ServerSendKeyShareXtn(const sslSocket *ss, TLSExtensionData *xtnData,
 
     keyPair = (sslEphemeralKeyPair *)PR_NEXT_LINK(&ss->ephemeralKeyPairs);
 
-    rv = tls13_EncodeKeyShareEntry(buf, keyPair);
-    if (rv != SECSuccess) {
-        return SECFailure;
+    entry_length = tls13_SizeOfKeyShareEntry(keyPair->keys->pubKey);
+    extension_length = 2 + 2 + entry_length; /* Type + length + entry_length */
+    if (maxBytes < extension_length) {
+        PORT_Assert(0);
+        return 0;
     }
 
-    *added = PR_TRUE;
-    return SECSuccess;
+    if (append) {
+        rv = ssl3_ExtAppendHandshakeNumber(ss, ssl_tls13_key_share_xtn, 2);
+        if (rv != SECSuccess)
+            goto loser;
+
+        rv = ssl3_ExtAppendHandshakeNumber(ss, entry_length, 2);
+        if (rv != SECSuccess)
+            goto loser;
+
+        rv = tls13_EncodeKeyShareEntry(ss, keyPair);
+        if (rv != SECSuccess)
+            goto loser;
+    }
+
+    return extension_length;
+
+loser:
+    return -1;
 }
 
 /* Called by clients.
@@ -375,83 +448,113 @@ tls13_ServerSendKeyShareXtn(const sslSocket *ss, TLSExtensionData *xtnData,
  * Presently the only way to get a PSK is by resumption, so this is
  * really a ticket label and there will be at most one.
  */
-SECStatus
+PRInt32
 tls13_ClientSendPreSharedKeyXtn(const sslSocket *ss, TLSExtensionData *xtnData,
-                                sslBuffer *buf, PRBool *added)
+                                PRBool append,
+                                PRUint32 maxBytes)
 {
+    PRInt32 extension_length;
+    PRInt32 identities_length;
+    PRInt32 binders_length;
     NewSessionTicket *session_ticket;
-    PRTime age;
-    const static PRUint8 binder[TLS13_MAX_FINISHED_SIZE] = { 0 };
-    unsigned int binderLen;
-    SECStatus rv;
 
     /* We only set statelessResume on the client in TLS 1.3 code. */
-    if (!ss->statelessResume) {
-        return SECSuccess;
-    }
-
-    /* Save where this extension starts so that if we have to add padding, it
-     * can be inserted before this extension. */
-    PORT_Assert(buf->len >= 4);
-    xtnData->lastXtnOffset = buf->len - 4;
+    if (!ss->statelessResume)
+        return 0;
 
     PORT_Assert(ss->vrange.max >= SSL_LIBRARY_VERSION_TLS_1_3);
 
-    /* Send a single ticket identity. */
+    /* The length computations are simplified by the fact that there
+     * is just one ticket at most. */
     session_ticket = &ss->sec.ci.sid->u.ssl3.locked.sessionTicket;
-    rv = sslBuffer_AppendNumber(buf, 2 +                              /* identity length */
-                                         session_ticket->ticket.len + /* ticket */
-                                         4 /* obfuscated_ticket_age */,
-                                2);
-    if (rv != SECSuccess)
-        goto loser;
-    rv = sslBuffer_AppendVariable(buf, session_ticket->ticket.data,
-                                  session_ticket->ticket.len, 2);
-    if (rv != SECSuccess)
-        goto loser;
+    identities_length =
+        2 +                              /* vector length */
+        2 + session_ticket->ticket.len + /* identity length + ticket len */
+        4;                               /* obfuscated_ticket_age */
+    binders_length =
+        2 + /* vector length */
+        1 + tls13_GetHashSizeForHash(
+                tls13_GetHashForCipherSuite(ss->sec.ci.sid->u.ssl3.cipherSuite));
+    extension_length =
+        2 + 2 + /* Type + length */
+        identities_length + binders_length;
+
+    if (maxBytes < (PRUint32)extension_length) {
+        PORT_Assert(0);
+        return 0;
+    }
+
+    if (append) {
+        SECStatus rv;
+        PRTime age;
+        unsigned int prefixLength;
+        PRUint8 binder[TLS13_MAX_FINISHED_SIZE];
+        unsigned int binderLen;
+
+        /* extension_type */
+        rv = ssl3_ExtAppendHandshakeNumber(ss, ssl_tls13_pre_shared_key_xtn, 2);
+        if (rv != SECSuccess)
+            goto loser;
+        rv = ssl3_ExtAppendHandshakeNumber(ss, extension_length - 4, 2);
+        if (rv != SECSuccess)
+            goto loser;
+        rv = ssl3_ExtAppendHandshakeNumber(ss, identities_length - 2, 2);
+        if (rv != SECSuccess)
+            goto loser;
+        rv = ssl3_ExtAppendHandshakeVariable(ss, session_ticket->ticket.data,
+                                             session_ticket->ticket.len, 2);
+        if (rv != SECSuccess)
+            goto loser;
 
-    /* Obfuscated age. */
-    age = ssl_TimeUsec() - session_ticket->received_timestamp;
-    age /= PR_USEC_PER_MSEC;
-    age += session_ticket->ticket_age_add;
-    rv = sslBuffer_AppendNumber(buf, age, 4);
-    if (rv != SECSuccess)
-        goto loser;
+        /* Obfuscated age. */
+        age = PR_Now() - session_ticket->received_timestamp;
+        age /= PR_USEC_PER_MSEC;
+        age += session_ticket->ticket_age_add;
+        rv = ssl3_ExtAppendHandshakeNumber(ss, age, 4);
+        if (rv != SECSuccess)
+            goto loser;
 
-    /* Write out the binder list length. */
-    binderLen = tls13_GetHashSize(ss);
-    rv = sslBuffer_AppendNumber(buf, binderLen + 1, 2);
-    if (rv != SECSuccess)
-        goto loser;
-    /* Write zeroes for the binder for the moment. */
-    rv = sslBuffer_AppendVariable(buf, binder, binderLen, 1);
-    if (rv != SECSuccess)
-        goto loser;
+        /* Now the binders. */
+        prefixLength = ss->ssl3.hs.messages.len;
+        rv = tls13_ComputePskBinder(CONST_CAST(sslSocket, ss), PR_TRUE,
+                                    prefixLength, binder, &binderLen,
+                                    sizeof(binder));
+        if (rv != SECSuccess)
+            goto loser;
+        PORT_Assert(binderLen == tls13_GetHashSize(ss));
+        rv = ssl3_ExtAppendHandshakeNumber(ss, binders_length - 2, 2);
+        if (rv != SECSuccess)
+            goto loser;
+        rv = ssl3_ExtAppendHandshakeVariable(ss,
+                                             binder, binderLen, 1);
+        if (rv != SECSuccess)
+            goto loser;
 
-    PRINT_BUF(50, (ss, "Sending PreSharedKey value",
-                   session_ticket->ticket.data,
-                   session_ticket->ticket.len));
+        PRINT_BUF(50, (ss, "Sending PreSharedKey value",
+                       session_ticket->ticket.data,
+                       session_ticket->ticket.len));
 
-    xtnData->sentSessionTicketInClientHello = PR_TRUE;
-    *added = PR_TRUE;
-    return SECSuccess;
+        xtnData->sentSessionTicketInClientHello = PR_TRUE;
+        xtnData->advertised[xtnData->numAdvertised++] =
+            ssl_tls13_pre_shared_key_xtn;
+    }
+    return extension_length;
 
 loser:
     xtnData->ticketTimestampVerified = PR_FALSE;
-    return SECFailure;
+    return -1;
 }
 
 /* Handle a TLS 1.3 PreSharedKey Extension. We only accept PSKs
  * that contain session tickets. */
 SECStatus
-tls13_ServerHandlePreSharedKeyXtn(const sslSocket *ss, TLSExtensionData *xtnData,
+tls13_ServerHandlePreSharedKeyXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRUint16 ex_type,
                                   SECItem *data)
 {
     SECItem inner;
     SECStatus rv;
     unsigned int numIdentities = 0;
     unsigned int numBinders = 0;
-    SECItem *appToken;
 
     SSL_TRC(3, ("%d: SSL3[%d]: handle pre_shared_key extension",
                 SSL_GETPID(), ss->fd));
@@ -461,26 +564,16 @@ tls13_ServerHandlePreSharedKeyXtn(const sslSocket *ss, TLSExtensionData *xtnData
         return SECSuccess;
     }
 
-    /* The application token is set via the cookie extension if this is the
-     * second ClientHello.  Don't set it twice.  The cookie extension handler
-     * sets |helloRetry| and that will have been called already because this
-     * extension always comes last. */
-    if (!ss->ssl3.hs.helloRetry) {
-        appToken = &xtnData->applicationToken;
-    } else {
-        appToken = NULL;
-    }
-
     /* Parse the identities list. */
-    rv = ssl3_ExtConsumeHandshakeVariable(ss, &inner, 2,
-                                          &data->data, &data->len);
+    rv = ssl3_ExtConsumeHandshakeVariable(ss,
+                                          &inner, 2, &data->data, &data->len);
     if (rv != SECSuccess) {
         return SECFailure;
     }
 
     while (inner.len) {
         SECItem label;
-        PRUint32 obfuscatedAge;
+        PRUint32 utmp;
 
         rv = ssl3_ExtConsumeHandshakeVariable(ss, &label, 2,
                                               &inner.data, &inner.len);
@@ -490,8 +583,9 @@ tls13_ServerHandlePreSharedKeyXtn(const sslSocket *ss, TLSExtensionData *xtnData
             goto alert_loser;
         }
 
-        rv = ssl3_ExtConsumeHandshakeNumber(ss, &obfuscatedAge, 4,
-                                            &inner.data, &inner.len);
+        /* Read and discard session ticket age. Bug 1295163 */
+        rv = ssl3_ExtConsumeHandshake(ss, &utmp, 4,
+                                      &inner.data, &inner.len);
         if (rv != SECSuccess)
             return rv;
 
@@ -499,29 +593,17 @@ tls13_ServerHandlePreSharedKeyXtn(const sslSocket *ss, TLSExtensionData *xtnData
             PRINT_BUF(50, (ss, "Handling PreSharedKey value",
                            label.data, label.len));
             rv = ssl3_ProcessSessionTicketCommon(
-                CONST_CAST(sslSocket, ss), &label, appToken);
+                CONST_CAST(sslSocket, ss), &label);
             /* This only happens if we have an internal error, not
              * a malformed ticket. Bogus tickets just don't resume
              * and return SECSuccess. */
             if (rv != SECSuccess)
                 return SECFailure;
-
-            if (ss->sec.ci.sid) {
-                /* xtnData->ticketAge contains the baseline we use for
-                 * calculating the ticket age (i.e., our RTT estimate less the
-                 * value of ticket_age_add).
-                 *
-                 * Add that to the obfuscated ticket age to recover the client's
-                 * view of the ticket age plus the estimated RTT.
-                 *
-                 * See ssl3_EncodeSessionTicket() for details. */
-                xtnData->ticketAge += obfuscatedAge;
-            }
         }
         ++numIdentities;
     }
 
-    xtnData->pskBindersLen = data->len;
+    xtnData->pskBinderPrefixLen = ss->ssl3.hs.messages.len - data->len;
 
     /* Parse the binders list. */
     rv = ssl3_ExtConsumeHandshakeVariable(ss,
@@ -553,7 +635,7 @@ tls13_ServerHandlePreSharedKeyXtn(const sslSocket *ss, TLSExtensionData *xtnData
 
     /* Keep track of negotiated extensions. Note that this does not
      * mean we are resuming. */
-    xtnData->negotiated[xtnData->numNegotiated++] = ssl_tls13_pre_shared_key_xtn;
+    xtnData->negotiated[xtnData->numNegotiated++] = ex_type;
 
     return SECSuccess;
 
@@ -563,27 +645,43 @@ alert_loser:
     return SECFailure;
 }
 
-SECStatus
+PRInt32
 tls13_ServerSendPreSharedKeyXtn(const sslSocket *ss, TLSExtensionData *xtnData,
-                                sslBuffer *buf, PRBool *added)
+                                PRBool append,
+                                PRUint32 maxBytes)
 {
+    PRInt32 extension_length =
+        2 + 2 + 2; /* type + len + index */
     SECStatus rv;
 
-    /* We only process the first session ticket the client sends,
-     * so the index is always 0. */
-    rv = sslBuffer_AppendNumber(buf, 0, 2);
-    if (rv != SECSuccess) {
-        return SECFailure;
+    if (maxBytes < (PRUint32)extension_length) {
+        PORT_Assert(0);
+        return 0;
     }
 
-    *added = PR_TRUE;
-    return SECSuccess;
+    if (append) {
+        rv = ssl3_ExtAppendHandshakeNumber(ss, ssl_tls13_pre_shared_key_xtn, 2);
+        if (rv != SECSuccess)
+            return -1;
+
+        rv = ssl3_ExtAppendHandshakeNumber(ss, 2, 2);
+        if (rv != SECSuccess)
+            return -1;
+
+        /* We only process the first session ticket the client sends,
+         * so the index is always 0. */
+        rv = ssl3_ExtAppendHandshakeNumber(ss, 0, 2);
+        if (rv != SECSuccess)
+            return -1;
+    }
+
+    return extension_length;
 }
 
 /* Handle a TLS 1.3 PreSharedKey Extension. We only accept PSKs
  * that contain session tickets. */
 SECStatus
-tls13_ClientHandlePreSharedKeyXtn(const sslSocket *ss, TLSExtensionData *xtnData,
+tls13_ClientHandlePreSharedKeyXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRUint16 ex_type,
                                   SECItem *data)
 {
     PRUint32 index;
@@ -615,7 +713,7 @@ tls13_ClientHandlePreSharedKeyXtn(const sslSocket *ss, TLSExtensionData *xtnData
     }
 
     /* Keep track of negotiated extensions. */
-    xtnData->negotiated[xtnData->numNegotiated++] = ssl_tls13_pre_shared_key_xtn;
+    xtnData->negotiated[xtnData->numNegotiated++] = ex_type;
 
     return SECSuccess;
 }
@@ -623,20 +721,43 @@ tls13_ClientHandlePreSharedKeyXtn(const sslSocket *ss, TLSExtensionData *xtnData
 /*
  *  struct { } EarlyDataIndication;
  */
-SECStatus
+PRInt32
 tls13_ClientSendEarlyDataXtn(const sslSocket *ss, TLSExtensionData *xtnData,
-                             sslBuffer *buf, PRBool *added)
+                             PRBool append,
+                             PRUint32 maxBytes)
 {
-    if (!tls13_ClientAllow0Rtt(ss, ss->sec.ci.sid)) {
-        return SECSuccess;
+    SECStatus rv;
+    PRInt32 extension_length;
+
+    if (!tls13_ClientAllow0Rtt(ss, ss->sec.ci.sid))
+        return 0;
+
+    /* type + length */
+    extension_length = 2 + 2;
+
+    if (maxBytes < (PRUint32)extension_length) {
+        PORT_Assert(0);
+        return 0;
     }
 
-    *added = PR_TRUE;
-    return SECSuccess;
+    if (append) {
+        rv = ssl3_ExtAppendHandshakeNumber(ss, ssl_tls13_early_data_xtn, 2);
+        if (rv != SECSuccess)
+            return -1;
+
+        rv = ssl3_ExtAppendHandshakeNumber(ss, 0, 2);
+        if (rv != SECSuccess)
+            return -1;
+
+        xtnData->advertised[xtnData->numAdvertised++] =
+            ssl_tls13_early_data_xtn;
+    }
+
+    return extension_length;
 }
 
 SECStatus
-tls13_ServerHandleEarlyDataXtn(const sslSocket *ss, TLSExtensionData *xtnData,
+tls13_ServerHandleEarlyDataXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRUint16 ex_type,
                                SECItem *data)
 {
     SSL_TRC(3, ("%d: TLS13[%d]: handle early_data extension",
@@ -658,14 +779,44 @@ tls13_ServerHandleEarlyDataXtn(const sslSocket *ss, TLSExtensionData *xtnData,
         return SECFailure;
     }
 
-    xtnData->negotiated[xtnData->numNegotiated++] = ssl_tls13_early_data_xtn;
+    xtnData->negotiated[xtnData->numNegotiated++] = ex_type;
 
     return SECSuccess;
 }
 
+/* This is only registered if we are sending it. */
+PRInt32
+tls13_ServerSendEarlyDataXtn(const sslSocket *ss, TLSExtensionData *xtnData,
+                             PRBool append,
+                             PRUint32 maxBytes)
+{
+    SSL_TRC(3, ("%d: TLS13[%d]: send early_data extension",
+                SSL_GETPID(), ss->fd));
+
+    PORT_Assert(ss->ssl3.hs.zeroRttState == ssl_0rtt_accepted);
+    if (maxBytes < 4) {
+        PORT_Assert(0);
+        return 0;
+    }
+
+    if (append) {
+        SECStatus rv;
+
+        rv = ssl3_ExtAppendHandshakeNumber(ss, ssl_tls13_early_data_xtn, 2);
+        if (rv != SECSuccess)
+            return -1;
+
+        rv = ssl3_ExtAppendHandshakeNumber(ss, 0, 2);
+        if (rv != SECSuccess)
+            return -1;
+    }
+
+    return 4;
+}
+
 /* This will only be called if we also offered the extension. */
 SECStatus
-tls13_ClientHandleEarlyDataXtn(const sslSocket *ss, TLSExtensionData *xtnData,
+tls13_ClientHandleEarlyDataXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRUint16 ex_type,
                                SECItem *data)
 {
     SSL_TRC(3, ("%d: TLS13[%d]: handle early_data extension",
@@ -683,19 +834,19 @@ tls13_ClientHandleEarlyDataXtn(const sslSocket *ss, TLSExtensionData *xtnData,
     }
 
     /* Keep track of negotiated extensions. */
-    xtnData->negotiated[xtnData->numNegotiated++] = ssl_tls13_early_data_xtn;
+    xtnData->negotiated[xtnData->numNegotiated++] = ex_type;
 
     return SECSuccess;
 }
 
 SECStatus
-tls13_ClientHandleTicketEarlyDataXtn(const sslSocket *ss, TLSExtensionData *xtnData,
-                                     SECItem *data)
+tls13_ClientHandleTicketEarlyDataInfoXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRUint16 ex_type,
+                                         SECItem *data)
 {
     PRUint32 utmp;
     SECStatus rv;
 
-    SSL_TRC(3, ("%d: TLS13[%d]: handle ticket early_data extension",
+    SSL_TRC(3, ("%d: TLS13[%d]: handle early_data_info extension",
                 SSL_GETPID(), ss->fd));
 
     /* The server must not send this extension when negotiating < TLS 1.3. */
@@ -722,71 +873,59 @@ tls13_ClientHandleTicketEarlyDataXtn(const sslSocket *ss, TLSExtensionData *xtnD
 
 /*
  *     struct {
- *       select (Handshake.msg_type) {
- *       case client_hello:
  *          ProtocolVersion versions<2..254>;
- *       case server_hello:
- *          ProtocolVersion version;
- *       };
  *     } SupportedVersions;
  */
-SECStatus
-tls13_ClientSendSupportedVersionsXtn(const sslSocket *ss, TLSExtensionData *xtnData,
-                                     sslBuffer *buf, PRBool *added)
+PRInt32
+tls13_ClientSendSupportedVersionsXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRBool append,
+                                     PRUint32 maxBytes)
 {
+    PRInt32 extensions_len;
     PRUint16 version;
-    unsigned int lengthOffset;
     SECStatus rv;
 
     if (ss->vrange.max < SSL_LIBRARY_VERSION_TLS_1_3) {
-        return SECSuccess;
+        return 0;
     }
 
-    SSL_TRC(3, ("%d: TLS13[%d]: client send supported_versions extension",
+    SSL_TRC(3, ("%d: TLS13[%d]: send supported_versions extension",
                 SSL_GETPID(), ss->fd));
 
-    rv = sslBuffer_Skip(buf, 1, &lengthOffset);
-    if (rv != SECSuccess) {
-        return SECFailure;
-    }
+    /* Extension type, extension len fiels, vector len field,
+     * length of the values. */
+    extensions_len = 2 + 2 + 1 +
+                     2 * (ss->vrange.max - ss->vrange.min + 1);
 
-    for (version = ss->vrange.max; version >= ss->vrange.min; --version) {
-        rv = sslBuffer_AppendNumber(buf, tls13_EncodeDraftVersion(version), 2);
-        if (rv != SECSuccess) {
-            return SECFailure;
-        }
+    if (maxBytes < (PRUint32)extensions_len) {
+        PORT_Assert(0);
+        return 0;
     }
 
-    rv = sslBuffer_InsertLength(buf, lengthOffset, 1);
-    if (rv != SECSuccess) {
-        return SECFailure;
-    }
-
-    *added = PR_TRUE;
-    return SECSuccess;
-}
+    if (append) {
+        rv = ssl3_ExtAppendHandshakeNumber(ss, ssl_tls13_supported_versions_xtn, 2);
+        if (rv != SECSuccess)
+            return -1;
 
-SECStatus
-tls13_ServerSendSupportedVersionsXtn(const sslSocket *ss, TLSExtensionData *xtnData,
-                                     sslBuffer *buf, PRBool *added)
-{
-    SECStatus rv;
+        rv = ssl3_ExtAppendHandshakeNumber(ss, extensions_len - 4, 2);
+        if (rv != SECSuccess)
+            return -1;
 
-    if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) {
-        return SECSuccess;
-    }
+        rv = ssl3_ExtAppendHandshakeNumber(ss, extensions_len - 5, 1);
+        if (rv != SECSuccess)
+            return -1;
 
-    SSL_TRC(3, ("%d: TLS13[%d]: server send supported_versions extension",
-                SSL_GETPID(), ss->fd));
+        for (version = ss->vrange.max; version >= ss->vrange.min; --version) {
+            rv = ssl3_ExtAppendHandshakeNumber(
+                ss, tls13_EncodeDraftVersion(version), 2);
+            if (rv != SECSuccess)
+                return -1;
+        }
 
-    rv = sslBuffer_AppendNumber(
-        buf, tls13_EncodeDraftVersion(SSL_LIBRARY_VERSION_TLS_1_3), 2);
-    if (rv != SECSuccess) {
-        return SECFailure;
+        xtnData->advertised[xtnData->numAdvertised++] =
+            ssl_tls13_supported_versions_xtn;
     }
 
-    *added = PR_TRUE;
-    return SECSuccess;
+    return extensions_len;
 }
 
 /*
@@ -795,8 +934,7 @@ tls13_ServerSendSupportedVersionsXtn(const sslSocket *ss, TLSExtensionData *xtnD
  *    } Cookie;
  */
 SECStatus
-tls13_ClientHandleHrrCookie(const sslSocket *ss, TLSExtensionData *xtnData,
-                            SECItem *data)
+tls13_ClientHandleHrrCookie(const sslSocket *ss, TLSExtensionData *xtnData, PRUint16 ex_type, SECItem *data)
 {
     SECStatus rv;
 
@@ -822,57 +960,41 @@ tls13_ClientHandleHrrCookie(const sslSocket *ss, TLSExtensionData *xtnData,
     return SECSuccess;
 }
 
-SECStatus
-tls13_ClientSendHrrCookieXtn(const sslSocket *ss, TLSExtensionData *xtnData,
-                             sslBuffer *buf, PRBool *added)
+PRInt32
+tls13_ClientSendHrrCookieXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRBool append, PRUint32 maxBytes)
 {
-    SECStatus rv;
+    PRInt32 extension_len;
 
     if (ss->vrange.max < SSL_LIBRARY_VERSION_TLS_1_3 ||
         !ss->ssl3.hs.cookie.len) {
-        return SECSuccess;
+        return 0;
     }
 
     SSL_TRC(3, ("%d: TLS13[%d]: send cookie extension", SSL_GETPID(), ss->fd));
-    rv = sslBuffer_AppendVariable(buf, ss->ssl3.hs.cookie.data,
-                                  ss->ssl3.hs.cookie.len, 2);
-    if (rv != SECSuccess) {
-        return SECFailure;
-    }
-
-    *added = PR_TRUE;
-    return SECSuccess;
-}
 
-SECStatus
-tls13_ServerHandleCookieXtn(const sslSocket *ss, TLSExtensionData *xtnData,
-                            SECItem *data)
-{
-    SECStatus rv;
+    /* Extension type, length, cookie length, cookie value. */
+    extension_len = 2 + 2 + 2 + ss->ssl3.hs.cookie.len;
 
-    SSL_TRC(3, ("%d: TLS13[%d]: handle cookie extension",
-                SSL_GETPID(), ss->fd));
-
-    rv = ssl3_ExtConsumeHandshakeVariable(ss, &xtnData->cookie, 2,
-                                          &data->data, &data->len);
-    if (rv != SECSuccess) {
-        return SECFailure;
-    }
-
-    if (xtnData->cookie.len == 0) {
-        PORT_SetError(SSL_ERROR_RX_MALFORMED_SERVER_HELLO);
-        return SECFailure;
+    if (maxBytes < (PRUint32)extension_len) {
+        PORT_Assert(0);
+        return 0;
     }
 
-    if (data->len) {
-        PORT_SetError(SSL_ERROR_RX_MALFORMED_SERVER_HELLO);
-        return SECFailure;
-    }
+    if (append) {
+        SECStatus rv = ssl3_ExtAppendHandshakeNumber(ss, ssl_tls13_cookie_xtn, 2);
+        if (rv != SECSuccess)
+            return -1;
 
-    /* Keep track of negotiated extensions. */
-    xtnData->negotiated[xtnData->numNegotiated++] = ssl_tls13_cookie_xtn;
+        rv = ssl3_ExtAppendHandshakeNumber(ss, extension_len - 4, 2);
+        if (rv != SECSuccess)
+            return -1;
 
-    return SECSuccess;
+        rv = ssl3_ExtAppendHandshakeVariable(ss, ss->ssl3.hs.cookie.data,
+                                             ss->ssl3.hs.cookie.len, 2);
+        if (rv != SECSuccess)
+            return -1;
+    }
+    return extension_len;
 }
 
 /*
@@ -882,33 +1004,54 @@ tls13_ServerHandleCookieXtn(const sslSocket *ss, TLSExtensionData *xtnData,
  *         PskKeyExchangeMode ke_modes<1..255>;
  *     } PskKeyExchangeModes;
  */
-SECStatus
-tls13_ClientSendPskModesXtn(const sslSocket *ss, TLSExtensionData *xtnData,
-                            sslBuffer *buf, PRBool *added)
+PRInt32
+tls13_ClientSendPskKeyExchangeModesXtn(const sslSocket *ss,
+                                       TLSExtensionData *xtnData,
+                                       PRBool append, PRUint32 maxBytes)
 {
     static const PRUint8 ke_modes[] = { tls13_psk_dh_ke };
-    SECStatus rv;
+    static const unsigned long ke_modes_len = sizeof(ke_modes);
+    PRInt32 extension_len;
 
     if (ss->vrange.max < SSL_LIBRARY_VERSION_TLS_1_3 ||
         ss->opt.noCache) {
-        return SECSuccess;
+        return 0;
     }
 
+    extension_len =
+        2 + 2 +           /* Type + length */
+        1 + ke_modes_len; /* key exchange modes vector */
+
     SSL_TRC(3, ("%d: TLS13[%d]: send psk key exchange modes extension",
                 SSL_GETPID(), ss->fd));
 
-    rv = sslBuffer_AppendVariable(buf, ke_modes, sizeof(ke_modes), 1);
-    if (rv != SECSuccess) {
-        return SECFailure;
+    if (maxBytes < (PRUint32)extension_len) {
+        PORT_Assert(0);
+        return 0;
     }
 
-    *added = PR_TRUE;
-    return SECSuccess;
+    if (append) {
+        SECStatus rv = ssl3_ExtAppendHandshakeNumber(
+            ss, ssl_tls13_psk_key_exchange_modes_xtn, 2);
+        if (rv != SECSuccess)
+            return -1;
+
+        rv = ssl3_ExtAppendHandshakeNumber(ss, extension_len - 4, 2);
+        if (rv != SECSuccess)
+            return -1;
+
+        rv = ssl3_ExtAppendHandshakeVariable(
+            ss, ke_modes, ke_modes_len, 1);
+        if (rv != SECSuccess)
+            return -1;
+    }
+    return extension_len;
 }
 
 SECStatus
-tls13_ServerHandlePskModesXtn(const sslSocket *ss, TLSExtensionData *xtnData,
-                              SECItem *data)
+tls13_ServerHandlePskKeyExchangeModesXtn(const sslSocket *ss,
+                                         TLSExtensionData *xtnData,
+                                         PRUint16 ex_type, SECItem *data)
 {
     SECStatus rv;
 
@@ -933,126 +1076,112 @@ tls13_ServerHandlePskModesXtn(const sslSocket *ss, TLSExtensionData *xtnData,
     }
 
     /* Keep track of negotiated extensions. */
-    xtnData->negotiated[xtnData->numNegotiated++] =
-        ssl_tls13_psk_key_exchange_modes_xtn;
+    xtnData->negotiated[xtnData->numNegotiated++] = ex_type;
 
     return SECSuccess;
 }
 
-SECStatus
-tls13_SendCertAuthoritiesXtn(const sslSocket *ss, TLSExtensionData *xtnData,
-                             sslBuffer *buf, PRBool *added)
+PRInt32
+tls13_SendShortHeaderXtn(const sslSocket *ss,
+                         TLSExtensionData *xtnData,
+                         PRBool append, PRUint32 maxBytes)
 {
-    unsigned int calen;
-    const SECItem *name;
-    unsigned int nnames;
-    SECStatus rv;
+    PRUint32 extension_len = 2 + 2; /* Type + length (0). */
 
-    PORT_Assert(ss->version >= SSL_LIBRARY_VERSION_TLS_1_3);
-
-    rv = ssl_GetCertificateRequestCAs(ss, &calen, &name, &nnames);
-    if (rv != SECSuccess) {
-        return SECFailure;
+    if (!ss->opt.enableShortHeaders) {
+        return 0;
     }
 
-    if (!calen) {
-        return SECSuccess;
+    /* Presently this is incompatible with 0-RTT. We will fix if
+     * it becomes more than an experiment. */
+    if (ss->opt.enable0RttData) {
+        return 0;
     }
 
-    rv = sslBuffer_AppendNumber(buf, calen, 2);
-    if (rv != SECSuccess) {
-        return SECFailure;
+    if (IS_DTLS(ss)) {
+        return 0;
     }
 
-    while (nnames) {
-        rv = sslBuffer_AppendVariable(buf, name->data, name->len, 2);
-        if (rv != SECSuccess) {
-            return SECFailure;
-        }
-        ++name;
-        --nnames;
+    /* Don't send this if TLS 1.3 isn't at least possible. */
+    if (ss->vrange.max < SSL_LIBRARY_VERSION_TLS_1_3) {
+        /* This should only happen on the client. */
+        PORT_Assert(!ss->sec.isServer);
+        return 0;
     }
 
-    *added = PR_TRUE;
-    return SECSuccess;
-}
-
-SECStatus
-tls13_ClientHandleCertAuthoritiesXtn(const sslSocket *ss,
-                                     TLSExtensionData *xtnData,
-                                     SECItem *data)
-{
-    SECStatus rv;
-    PLArenaPool *arena;
+    SSL_TRC(3, ("%d: TLS13[%d]: send short_header extension",
+                SSL_GETPID(), ss->fd));
 
-    if (!data->len) {
-        ssl3_ExtSendAlert(ss, alert_fatal, decode_error);
-        PORT_SetError(SSL_ERROR_RX_MALFORMED_CERT_REQUEST);
-        return SECFailure;
+    if (maxBytes < extension_len) {
+        PORT_Assert(0);
+        return 0;
     }
 
-    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-    if (!arena) {
-        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-        return SECFailure;
-    }
+    if (append) {
+        SECStatus rv;
 
-    xtnData->certReqAuthorities.arena = arena;
-    rv = ssl3_ParseCertificateRequestCAs((sslSocket *)ss,
-                                         &data->data, &data->len,
-                                         &xtnData->certReqAuthorities);
-    if (rv != SECSuccess) {
-        goto loser;
-    }
-    if (data->len) {
-        ssl3_ExtSendAlert(ss, alert_fatal, decode_error);
-        PORT_SetError(SSL_ERROR_RX_MALFORMED_CERT_REQUEST);
-        goto loser;
+        rv = ssl3_ExtAppendHandshakeNumber(ss, ssl_tls13_short_header_xtn, 2);
+        if (rv != SECSuccess)
+            return -1;
+
+        rv = ssl3_ExtAppendHandshakeNumber(ss, 0, 2);
+        if (rv != SECSuccess)
+            return -1;
+
+        xtnData->advertised[xtnData->numAdvertised++] =
+            ssl_tls13_short_header_xtn;
     }
-    return SECSuccess;
 
-loser:
-    PORT_FreeArena(arena, PR_FALSE);
-    xtnData->certReqAuthorities.arena = NULL;
-    return SECFailure;
+    return extension_len;
 }
 
 SECStatus
-tls13_ServerSendHrrKeyShareXtn(const sslSocket *ss, TLSExtensionData *xtnData,
-                               sslBuffer *buf, PRBool *added)
+tls13_HandleShortHeaderXtn(
+    const sslSocket *ss, TLSExtensionData *xtnData, PRUint16 ex_type,
+    SECItem *data)
 {
-    SECStatus rv;
+    SSL_TRC(3, ("%d: TLS13[%d]: handle short_header extension",
+                SSL_GETPID(), ss->fd));
 
-    PORT_Assert(ss->version >= SSL_LIBRARY_VERSION_TLS_1_3);
+    /* The client might have asked for this, but we didn't negotiate TLS 1.3. */
+    if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) {
+        return SECSuccess;
+    }
 
-    if (!xtnData->selectedGroup) {
+    /* Presently this is incompatible with 0-RTT. We will fix if
+     * it becomes more than an experiment. */
+    if (ss->opt.enable0RttData) {
         return SECSuccess;
     }
 
-    rv = sslBuffer_AppendNumber(buf, xtnData->selectedGroup->name, 2);
-    if (rv != SECSuccess) {
+    if (IS_DTLS(ss)) {
+        PORT_SetError(SSL_ERROR_EXTENSION_DISALLOWED_FOR_VERSION);
         return SECFailure;
     }
 
-    *added = PR_TRUE;
-    return SECSuccess;
-}
+    if (data->len) {
+        PORT_SetError(SSL_ERROR_RX_MALFORMED_HANDSHAKE);
+        return SECFailure;
+    }
 
-SECStatus
-tls13_ServerSendHrrCookieXtn(const sslSocket *ss, TLSExtensionData *xtnData,
-                             sslBuffer *buf, PRBool *added)
-{
-    SECStatus rv;
+    if (!ss->opt.enableShortHeaders) {
+        /* Ignore. */
+        return SECSuccess;
+    }
 
-    PORT_Assert(ss->version >= SSL_LIBRARY_VERSION_TLS_1_3);
-    PORT_Assert(xtnData->cookie.len > 0);
+    /* Keep track of negotiated extensions. */
+    xtnData->negotiated[xtnData->numNegotiated++] = ex_type;
 
-    rv = sslBuffer_AppendVariable(buf,
-                                  xtnData->cookie.data, xtnData->cookie.len, 2);
-    if (rv != SECSuccess) {
-        return SECFailure;
+    if (ss->sec.isServer) {
+        SECStatus rv;
+
+        rv = ssl3_RegisterExtensionSender(ss, xtnData,
+                                          ssl_tls13_short_header_xtn,
+                                          tls13_SendShortHeaderXtn);
+        if (rv != SECSuccess) {
+            return SECFailure;
+        }
     }
 
-    *added = PR_TRUE;
     return SECSuccess;
 }
diff --git a/security/nss/lib/ssl/tls13exthandle.h b/security/nss/lib/ssl/tls13exthandle.h
index edce94d83..b798c6b55 100644
--- a/security/nss/lib/ssl/tls13exthandle.h
+++ b/security/nss/lib/ssl/tls13exthandle.h
@@ -9,80 +9,66 @@
 #ifndef __tls13exthandle_h_
 #define __tls13exthandle_h_
 
-SECStatus tls13_ServerSendStatusRequestXtn(const sslSocket *ss,
-                                           TLSExtensionData *xtnData,
-                                           sslBuffer *buf, PRBool *append);
-SECStatus tls13_ClientSendKeyShareXtn(const sslSocket *ss,
-                                      TLSExtensionData *xtnData,
-                                      sslBuffer *buf, PRBool *append);
-SECStatus tls13_ClientHandleKeyShareXtn(const sslSocket *ss,
-                                        TLSExtensionData *xtnData,
+PRInt32 tls13_ServerSendStatusRequestXtn(const sslSocket *ss, TLSExtensionData *xtnData,
+                                         PRBool append, PRUint32 maxBytes);
+PRInt32 tls13_ClientSendKeyShareXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRBool append,
+                                    PRUint32 maxBytes);
+SECStatus tls13_ClientHandleKeyShareXtn(const sslSocket *ss, TLSExtensionData *xtnData,
+                                        PRUint16 ex_type,
                                         SECItem *data);
-SECStatus tls13_ClientHandleKeyShareXtnHrr(const sslSocket *ss,
-                                           TLSExtensionData *xtnData,
+SECStatus tls13_ClientHandleKeyShareXtnHrr(const sslSocket *ss, TLSExtensionData *xtnData,
+                                           PRUint16 ex_type,
                                            SECItem *data);
-SECStatus tls13_ServerHandleKeyShareXtn(const sslSocket *ss,
-                                        TLSExtensionData *xtnData,
+SECStatus tls13_ServerHandleKeyShareXtn(const sslSocket *ss, TLSExtensionData *xtnData,
+                                        PRUint16 ex_type,
                                         SECItem *data);
-SECStatus tls13_ServerSendKeyShareXtn(const sslSocket *ss,
-                                      TLSExtensionData *xtnData,
-                                      sslBuffer *buf, PRBool *append);
-SECStatus tls13_ClientSendPreSharedKeyXtn(const sslSocket *ss,
-                                          TLSExtensionData *xtnData,
-                                          sslBuffer *buf, PRBool *append);
-SECStatus tls13_ServerHandlePreSharedKeyXtn(const sslSocket *ss,
-                                            TLSExtensionData *xtnData,
+PRInt32 tls13_ServerSendKeyShareXtn(const sslSocket *ss,
+                                    TLSExtensionData *xtnData,
+                                    PRBool append,
+                                    PRUint32 maxBytes);
+PRInt32 tls13_ClientSendPreSharedKeyXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRBool append,
+                                        PRUint32 maxBytes);
+SECStatus tls13_ServerHandlePreSharedKeyXtn(const sslSocket *ss, TLSExtensionData *xtnData,
+                                            PRUint16 ex_type,
                                             SECItem *data);
-SECStatus tls13_ClientHandlePreSharedKeyXtn(const sslSocket *ss,
-                                            TLSExtensionData *xtnData,
+SECStatus tls13_ClientHandlePreSharedKeyXtn(const sslSocket *ss, TLSExtensionData *xtnData,
+                                            PRUint16 ex_type,
                                             SECItem *data);
-SECStatus tls13_ServerSendPreSharedKeyXtn(const sslSocket *ss,
-                                          TLSExtensionData *xtnData,
-                                          sslBuffer *buf, PRBool *append);
-SECStatus tls13_ClientSendEarlyDataXtn(const sslSocket *ss,
-                                       TLSExtensionData *xtnData,
-                                       sslBuffer *buf, PRBool *append);
-SECStatus tls13_ServerHandleEarlyDataXtn(const sslSocket *ss,
-                                         TLSExtensionData *xtnData,
+PRInt32 tls13_ServerSendPreSharedKeyXtn(const sslSocket *ss, TLSExtensionData *xtnData,
+                                        PRBool append,
+                                        PRUint32 maxBytes);
+PRInt32 tls13_ClientSendEarlyDataXtn(const sslSocket *ss, TLSExtensionData *xtnData,
+                                     PRBool append,
+                                     PRUint32 maxBytes);
+SECStatus tls13_ServerHandleEarlyDataXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRUint16 ex_type,
                                          SECItem *data);
-SECStatus tls13_ClientHandleEarlyDataXtn(const sslSocket *ss,
-                                         TLSExtensionData *xtnData,
+SECStatus tls13_ClientHandleEarlyDataXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRUint16 ex_type,
                                          SECItem *data);
-SECStatus tls13_ClientHandleTicketEarlyDataXtn(const sslSocket *ss,
-                                               TLSExtensionData *xtnData,
-                                               SECItem *data);
-SECStatus tls13_ClientSendSupportedVersionsXtn(const sslSocket *ss,
-                                               TLSExtensionData *xtnData,
-                                               sslBuffer *buf, PRBool *append);
-SECStatus tls13_ServerSendSupportedVersionsXtn(const sslSocket *ss,
-                                               TLSExtensionData *xtnData,
-                                               sslBuffer *buf, PRBool *added);
-SECStatus tls13_ClientHandleHrrCookie(const sslSocket *ss,
-                                      TLSExtensionData *xtnData,
+PRInt32 tls13_ServerSendEarlyDataXtn(const sslSocket *ss, TLSExtensionData *xtnData,
+                                     PRBool append,
+                                     PRUint32 maxBytes);
+SECStatus tls13_ClientHandleTicketEarlyDataInfoXtn(
+    const sslSocket *ss, TLSExtensionData *xtnData, PRUint16 ex_type,
+    SECItem *data);
+PRInt32 tls13_ClientSendSupportedVersionsXtn(const sslSocket *ss, TLSExtensionData *xtnData,
+                                             PRBool append,
+                                             PRUint32 maxBytes);
+SECStatus tls13_ClientHandleHrrCookie(const sslSocket *ss, TLSExtensionData *xtnData, PRUint16 ex_type,
                                       SECItem *data);
-SECStatus tls13_ClientSendHrrCookieXtn(const sslSocket *ss,
-                                       TLSExtensionData *xtnData,
-                                       sslBuffer *buf, PRBool *append);
-SECStatus tls13_ClientSendPskModesXtn(const sslSocket *ss,
-                                      TLSExtensionData *xtnData,
-                                      sslBuffer *buf, PRBool *append);
-SECStatus tls13_ServerHandlePskModesXtn(const sslSocket *ss,
-                                        TLSExtensionData *xtnData,
-                                        SECItem *data);
-SECStatus tls13_SendCertAuthoritiesXtn(const sslSocket *ss,
-                                       TLSExtensionData *xtnData,
-                                       sslBuffer *buf, PRBool *append);
-SECStatus tls13_ClientHandleCertAuthoritiesXtn(const sslSocket *ss,
+PRInt32 tls13_ClientSendHrrCookieXtn(const sslSocket *ss, TLSExtensionData *xtnData,
+                                     PRBool append,
+                                     PRUint32 maxBytes);
+PRInt32 tls13_ClientSendPskKeyExchangeModesXtn(const sslSocket *ss,
                                                TLSExtensionData *xtnData,
-                                               SECItem *data);
-SECStatus tls13_ServerHandleCookieXtn(const sslSocket *ss,
-                                      TLSExtensionData *xtnData,
-                                      SECItem *data);
-SECStatus tls13_ServerSendHrrKeyShareXtn(const sslSocket *ss,
-                                         TLSExtensionData *xtnData,
-                                         sslBuffer *buf, PRBool *added);
-SECStatus tls13_ServerSendHrrCookieXtn(const sslSocket *ss,
-                                       TLSExtensionData *xtnData,
-                                       sslBuffer *buf, PRBool *added);
+                                               PRBool append, PRUint32 maxBytes);
+SECStatus tls13_ServerHandlePskKeyExchangeModesXtn(const sslSocket *ss,
+                                                   TLSExtensionData *xtnData,
+                                                   PRUint16 ex_type, SECItem *data);
+PRInt32 tls13_SendShortHeaderXtn(const sslSocket *ss,
+                                 TLSExtensionData *xtnData,
+                                 PRBool append, PRUint32 maxBytes);
+SECStatus tls13_HandleShortHeaderXtn(
+    const sslSocket *ss, TLSExtensionData *xtnData, PRUint16 ex_type,
+    SECItem *data);
 
 #endif
diff --git a/security/nss/lib/ssl/tls13hashstate.c b/security/nss/lib/ssl/tls13hashstate.c
deleted file mode 100644
index e3232f524..000000000
--- a/security/nss/lib/ssl/tls13hashstate.c
+++ /dev/null
@@ -1,181 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
-/*
- * This file is PRIVATE to SSL.
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "pk11func.h"
-#include "ssl.h"
-#include "sslt.h"
-#include "sslimpl.h"
-#include "selfencrypt.h"
-#include "tls13con.h"
-#include "tls13err.h"
-#include "tls13hashstate.h"
-
-/*
- * The cookie is structured as a self-encrypted structure with the
- * inner value being.
- *
- * struct {
- *     uint8 indicator = 0xff;            // To disambiguate from tickets.
- *     uint16 cipherSuite;                // Selected cipher suite.
- *     uint16 keyShare;                   // Requested key share group (0=none)
- *     opaque applicationToken<0..65535>; // Application token
- *     opaque ch_hash[rest_of_buffer];    // H(ClientHello)
- * } CookieInner;
- */
-SECStatus
-tls13_MakeHrrCookie(sslSocket *ss, const sslNamedGroupDef *selectedGroup,
-                    const PRUint8 *appToken, unsigned int appTokenLen,
-                    PRUint8 *buf, unsigned int *len, unsigned int maxlen)
-{
-    SECStatus rv;
-    SSL3Hashes hashes;
-    PRUint8 cookie[1024];
-    sslBuffer cookieBuf = SSL_BUFFER(cookie);
-    static const PRUint8 indicator = 0xff;
-
-    /* Encode header. */
-    rv = sslBuffer_Append(&cookieBuf, &indicator, 1);
-    if (rv != SECSuccess) {
-        return SECFailure;
-    }
-    rv = sslBuffer_AppendNumber(&cookieBuf, ss->ssl3.hs.cipher_suite, 2);
-    if (rv != SECSuccess) {
-        return SECFailure;
-    }
-    rv = sslBuffer_AppendNumber(&cookieBuf,
-                                selectedGroup ? selectedGroup->name : 0, 2);
-    if (rv != SECSuccess) {
-        return SECFailure;
-    }
-
-    /* Application token. */
-    rv = sslBuffer_AppendVariable(&cookieBuf, appToken, appTokenLen, 2);
-    if (rv != SECSuccess) {
-        return SECFailure;
-    }
-
-    /* Compute and encode hashes. */
-    rv = tls13_ComputeHandshakeHashes(ss, &hashes);
-    if (rv != SECSuccess) {
-        return SECFailure;
-    }
-    rv = sslBuffer_Append(&cookieBuf, hashes.u.raw, hashes.len);
-    if (rv != SECSuccess) {
-        return SECFailure;
-    }
-
-    /* Encrypt right into the buffer. */
-    rv = ssl_SelfEncryptProtect(ss, cookieBuf.buf, cookieBuf.len,
-                                buf, len, maxlen);
-    if (rv != SECSuccess) {
-        return SECFailure;
-    }
-
-    return SECSuccess;
-}
-
-/* Recover the hash state from the cookie. */
-SECStatus
-tls13_RecoverHashState(sslSocket *ss,
-                       unsigned char *cookie, unsigned int cookieLen,
-                       ssl3CipherSuite *previousCipherSuite,
-                       const sslNamedGroupDef **previousGroup)
-{
-    SECStatus rv;
-    unsigned char plaintext[1024];
-    SECItem ptItem = { siBuffer, plaintext, 0 };
-    sslBuffer messageBuf = SSL_BUFFER_EMPTY;
-    PRUint32 sentinel;
-    PRUint32 cipherSuite;
-    PRUint32 group;
-    const sslNamedGroupDef *selectedGroup;
-    PRUint32 appTokenLen;
-    PRUint8 *appToken;
-
-    rv = ssl_SelfEncryptUnprotect(ss, cookie, cookieLen,
-                                  ptItem.data, &ptItem.len, sizeof(plaintext));
-    if (rv != SECSuccess) {
-        return SECFailure;
-    }
-
-    /* Should start with 0xff. */
-    rv = ssl3_ConsumeNumberFromItem(&ptItem, &sentinel, 1);
-    if ((rv != SECSuccess) || (sentinel != 0xff)) {
-        FATAL_ERROR(ss, SSL_ERROR_RX_MALFORMED_CLIENT_HELLO, illegal_parameter);
-        return SECFailure;
-    }
-    /* The cipher suite should be the same or there are some shenanigans. */
-    rv = ssl3_ConsumeNumberFromItem(&ptItem, &cipherSuite, 2);
-    if (rv != SECSuccess) {
-        FATAL_ERROR(ss, SSL_ERROR_RX_MALFORMED_CLIENT_HELLO, illegal_parameter);
-        return SECFailure;
-    }
-
-    /* The named group, if any. */
-    rv = ssl3_ConsumeNumberFromItem(&ptItem, &group, 2);
-    if (rv != SECSuccess) {
-        FATAL_ERROR(ss, SSL_ERROR_RX_MALFORMED_CLIENT_HELLO, illegal_parameter);
-        return SECFailure;
-    }
-    selectedGroup = ssl_LookupNamedGroup(group);
-
-    /* Application token. */
-    PORT_Assert(ss->xtnData.applicationToken.len == 0);
-    rv = ssl3_ConsumeNumberFromItem(&ptItem, &appTokenLen, 2);
-    if (rv != SECSuccess) {
-        FATAL_ERROR(ss, SSL_ERROR_RX_MALFORMED_CLIENT_HELLO, illegal_parameter);
-        return SECFailure;
-    }
-    if (SECITEM_AllocItem(NULL, &ss->xtnData.applicationToken,
-                          appTokenLen) == NULL) {
-        FATAL_ERROR(ss, PORT_GetError(), internal_error);
-        return SECFailure;
-    }
-    ss->xtnData.applicationToken.len = appTokenLen;
-    rv = ssl3_ConsumeFromItem(&ptItem, &appToken, appTokenLen);
-    if (rv != SECSuccess) {
-        FATAL_ERROR(ss, SSL_ERROR_RX_MALFORMED_CLIENT_HELLO, illegal_parameter);
-        return SECFailure;
-    }
-    PORT_Memcpy(ss->xtnData.applicationToken.data, appToken, appTokenLen);
-
-    /* The remainder is the hash. */
-    if (ptItem.len != tls13_GetHashSize(ss)) {
-        FATAL_ERROR(ss, SSL_ERROR_RX_MALFORMED_CLIENT_HELLO, illegal_parameter);
-        return SECFailure;
-    }
-
-    /* Now reinject the message. */
-    SSL_ASSERT_HASHES_EMPTY(ss);
-    rv = ssl_HashHandshakeMessageInt(ss, ssl_hs_message_hash, 0,
-                                     ptItem.data, ptItem.len);
-    if (rv != SECSuccess) {
-        return SECFailure;
-    }
-
-    /* And finally reinject the HRR. */
-    rv = tls13_ConstructHelloRetryRequest(ss, cipherSuite,
-                                          selectedGroup,
-                                          cookie, cookieLen,
-                                          &messageBuf);
-    if (rv != SECSuccess) {
-        return SECFailure;
-    }
-
-    rv = ssl_HashHandshakeMessageInt(ss, ssl_hs_server_hello, 0,
-                                     SSL_BUFFER_BASE(&messageBuf),
-                                     SSL_BUFFER_LEN(&messageBuf));
-    sslBuffer_Clear(&messageBuf);
-    if (rv != SECSuccess) {
-        return SECFailure;
-    }
-
-    *previousCipherSuite = cipherSuite;
-    *previousGroup = selectedGroup;
-    return SECSuccess;
-}
diff --git a/security/nss/lib/ssl/tls13hashstate.h b/security/nss/lib/ssl/tls13hashstate.h
deleted file mode 100644
index e9a4aa84f..000000000
--- a/security/nss/lib/ssl/tls13hashstate.h
+++ /dev/null
@@ -1,25 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
-/*
- * This file is PRIVATE to SSL.
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#ifndef __tls13hashstate_h_
-#define __tls13hashstate_h_
-
-#include "ssl.h"
-#include "sslt.h"
-#include "sslimpl.h"
-
-SECStatus tls13_MakeHrrCookie(sslSocket *ss, const sslNamedGroupDef *selectedGroup,
-                              const PRUint8 *appToken, unsigned int appTokenLen,
-                              PRUint8 *buf, unsigned int *len, unsigned int maxlen);
-SECStatus tls13_GetHrrCookieLength(sslSocket *ss, unsigned int *length);
-SECStatus tls13_RecoverHashState(sslSocket *ss,
-                                 unsigned char *cookie,
-                                 unsigned int cookieLen,
-                                 ssl3CipherSuite *previousCipherSuite,
-                                 const sslNamedGroupDef **previousGroup);
-#endif
diff --git a/security/nss/lib/ssl/tls13hkdf.c b/security/nss/lib/ssl/tls13hkdf.c
index 8fa3375c6..7e69bb882 100644
--- a/security/nss/lib/ssl/tls13hkdf.c
+++ b/security/nss/lib/ssl/tls13hkdf.c
@@ -134,10 +134,10 @@ tls13_HkdfExpandLabel(PK11SymKey *prk, SSLHashType baseHash,
      * Label, plus HandshakeHash. If it's ever to small, the code will abort.
      */
     PRUint8 info[256];
-    sslBuffer infoBuf = SSL_BUFFER(info);
+    PRUint8 *ptr = info;
+    unsigned int infoLen;
     PK11SymKey *derived;
-    SECStatus rv;
-    const char *kLabelPrefix = "tls13 ";
+    const char *kLabelPrefix = "TLS 1.3, ";
     const unsigned int kLabelPrefixLen = strlen(kLabelPrefix);
 
     if (handshakeHash) {
@@ -170,31 +170,29 @@ tls13_HkdfExpandLabel(PK11SymKey *prk, SSLHashType baseHash,
      *  - HkdfLabel.label is "TLS 1.3, " + Label
      *
      */
-    rv = sslBuffer_AppendNumber(&infoBuf, keySize, 2);
-    if (rv != SECSuccess) {
-        return SECFailure;
-    }
-    rv = sslBuffer_AppendNumber(&infoBuf, labelLen + kLabelPrefixLen, 1);
-    if (rv != SECSuccess) {
-        return SECFailure;
-    }
-    rv = sslBuffer_Append(&infoBuf, kLabelPrefix, kLabelPrefixLen);
-    if (rv != SECSuccess) {
-        return SECFailure;
-    }
-    rv = sslBuffer_Append(&infoBuf, label, labelLen);
-    if (rv != SECSuccess) {
-        return SECFailure;
+    infoLen = 2 + 1 + kLabelPrefixLen + labelLen + 1 + handshakeHashLen;
+    if (infoLen > sizeof(info)) {
+        PORT_Assert(0);
+        goto abort;
     }
-    rv = sslBuffer_AppendVariable(&infoBuf, handshakeHash, handshakeHashLen, 1);
-    if (rv != SECSuccess) {
-        return SECFailure;
+
+    ptr = ssl_EncodeUintX(keySize, 2, ptr);
+    ptr = ssl_EncodeUintX(labelLen + kLabelPrefixLen, 1, ptr);
+    PORT_Memcpy(ptr, kLabelPrefix, kLabelPrefixLen);
+    ptr += kLabelPrefixLen;
+    PORT_Memcpy(ptr, label, labelLen);
+    ptr += labelLen;
+    ptr = ssl_EncodeUintX(handshakeHashLen, 1, ptr);
+    if (handshakeHash) {
+        PORT_Memcpy(ptr, handshakeHash, handshakeHashLen);
+        ptr += handshakeHashLen;
     }
+    PORT_Assert((ptr - info) == infoLen);
 
     params.bExtract = CK_FALSE;
     params.bExpand = CK_TRUE;
-    params.pInfo = SSL_BUFFER_BASE(&infoBuf);
-    params.ulInfoLen = SSL_BUFFER_LEN(&infoBuf);
+    params.pInfo = info;
+    params.ulInfoLen = infoLen;
     paramsi.data = (unsigned char *)&params;
     paramsi.len = sizeof(params);
 
@@ -213,17 +211,20 @@ tls13_HkdfExpandLabel(PK11SymKey *prk, SSLHashType baseHash,
         char labelStr[100];
         PORT_Memcpy(labelStr, label, labelLen);
         labelStr[labelLen] = 0;
-        SSL_TRC(50, ("HKDF Expand: label='tls13 %s',requested length=%d",
+        SSL_TRC(50, ("HKDF Expand: label=[TLS 1.3, ] + '%s',requested length=%d",
                      labelStr, keySize));
     }
     PRINT_KEY(50, (NULL, "PRK", prk));
     PRINT_BUF(50, (NULL, "Hash", handshakeHash, handshakeHashLen));
-    PRINT_BUF(50, (NULL, "Info", SSL_BUFFER_BASE(&infoBuf),
-                   SSL_BUFFER_LEN(&infoBuf)));
+    PRINT_BUF(50, (NULL, "Info", info, infoLen));
     PRINT_KEY(50, (NULL, "Derived key", derived));
 #endif
 
     return SECSuccess;
+
+abort:
+    PORT_SetError(SSL_ERROR_SYM_KEY_CONTEXT_FAILURE);
+    return SECFailure;
 }
 
 SECStatus
diff --git a/security/nss/lib/ssl/tls13replay.c b/security/nss/lib/ssl/tls13replay.c
deleted file mode 100644
index b090f9bca..000000000
--- a/security/nss/lib/ssl/tls13replay.c
+++ /dev/null
@@ -1,276 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
-/*
- * Anti-replay measures for TLS 1.3.
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "nss.h"      /* for NSS_RegisterShutdown */
-#include "nssilock.h" /* for PZMonitor */
-#include "pk11pub.h"
-#include "prinit.h" /* for PR_CallOnce */
-#include "prmon.h"
-#include "prtime.h"
-#include "secerr.h"
-#include "ssl.h"
-#include "sslbloom.h"
-#include "sslimpl.h"
-#include "tls13hkdf.h"
-
-static struct {
-    /* Used to ensure that we only initialize the cleanup function once. */
-    PRCallOnceType init;
-    /* Used to serialize access to the filters. */
-    PZMonitor *lock;
-    /* The filters, use of which alternates. */
-    sslBloomFilter filters[2];
-    /* Which of the two filters is active (0 or 1). */
-    PRUint8 current;
-    /* The time that we will next update. */
-    PRTime nextUpdate;
-    /* The width of the window; i.e., the period of updates. */
-    PRTime window;
-    /* This key ensures that the bloom filter index is unpredictable. */
-    PK11SymKey *key;
-} ssl_anti_replay;
-
-/* Clear the current state and free any resources we allocated. The signature
- * here is odd to allow this to be called during shutdown. */
-static SECStatus
-tls13_AntiReplayReset(void *appData, void *nssData)
-{
-    if (ssl_anti_replay.key) {
-        PK11_FreeSymKey(ssl_anti_replay.key);
-        ssl_anti_replay.key = NULL;
-    }
-    if (ssl_anti_replay.lock) {
-        PZ_DestroyMonitor(ssl_anti_replay.lock);
-        ssl_anti_replay.lock = NULL;
-    }
-    sslBloom_Destroy(&ssl_anti_replay.filters[0]);
-    sslBloom_Destroy(&ssl_anti_replay.filters[1]);
-    return SECSuccess;
-}
-
-static PRStatus
-tls13_AntiReplayInit(void)
-{
-    SECStatus rv = NSS_RegisterShutdown(tls13_AntiReplayReset, NULL);
-    if (rv != SECSuccess) {
-        return PR_FAILURE;
-    }
-    return PR_SUCCESS;
-}
-
-static SECStatus
-tls13_AntiReplayKeyGen()
-{
-    PRUint8 buf[32];
-    SECItem keyItem = { siBuffer, buf, sizeof(buf) };
-    PK11SlotInfo *slot;
-    SECStatus rv;
-
-    slot = PK11_GetInternalSlot();
-    if (!slot) {
-        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-        return SECFailure;
-    }
-    rv = PK11_GenerateRandomOnSlot(slot, buf, sizeof(buf));
-    if (rv != SECSuccess) {
-        goto loser;
-    }
-
-    ssl_anti_replay.key = PK11_ImportSymKey(slot, CKM_NSS_HKDF_SHA256,
-                                            PK11_OriginUnwrap, CKA_DERIVE,
-                                            &keyItem, NULL);
-    if (!ssl_anti_replay.key) {
-        goto loser;
-    }
-
-    PK11_FreeSlot(slot);
-    return SECSuccess;
-
-loser:
-    PK11_FreeSlot(slot);
-    return SECFailure;
-}
-
-/* Set a limit on the combination of number of hashes and bits in each hash. */
-#define SSL_MAX_BLOOM_FILTER_SIZE 64
-
-/*
- * The structures created by this function can be called concurrently on
- * multiple threads if the server is multi-threaded.  A monitor is used to
- * ensure that only one thread can access the structures that change over time,
- * but no such guarantee is provided for configuration data.
- *
- * Functions that read from static configuration data depend on there being a
- * memory barrier between the setup and use of this function.
- */
-SECStatus
-SSLExp_SetupAntiReplay(PRTime window, unsigned int k, unsigned int bits)
-{
-    SECStatus rv;
-
-    if (k == 0 || bits == 0) {
-        PORT_SetError(SEC_ERROR_INVALID_ARGS);
-        return SECFailure;
-    }
-    if ((k * (bits + 7) / 8) > SSL_MAX_BLOOM_FILTER_SIZE) {
-        PORT_SetError(SEC_ERROR_INVALID_ARGS);
-        return SECFailure;
-    }
-
-    if (PR_SUCCESS != PR_CallOnce(&ssl_anti_replay.init,
-                                  tls13_AntiReplayInit)) {
-        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-        return SECFailure;
-    }
-
-    (void)tls13_AntiReplayReset(NULL, NULL);
-
-    ssl_anti_replay.lock = PZ_NewMonitor(nssILockSSL);
-    if (!ssl_anti_replay.lock) {
-        goto loser; /* Code already set. */
-    }
-
-    rv = tls13_AntiReplayKeyGen();
-    if (rv != SECSuccess) {
-        goto loser; /* Code already set. */
-    }
-
-    rv = sslBloom_Init(&ssl_anti_replay.filters[0], k, bits);
-    if (rv != SECSuccess) {
-        goto loser; /* Code already set. */
-    }
-    rv = sslBloom_Init(&ssl_anti_replay.filters[1], k, bits);
-    if (rv != SECSuccess) {
-        goto loser; /* Code already set. */
-    }
-    /* When starting out, ensure that 0-RTT is not accepted until the window is
-     * updated.  A ClientHello might have been accepted prior to a restart. */
-    sslBloom_Fill(&ssl_anti_replay.filters[1]);
-
-    ssl_anti_replay.current = 0;
-    ssl_anti_replay.nextUpdate = ssl_TimeUsec() + window;
-    ssl_anti_replay.window = window;
-    return SECSuccess;
-
-loser:
-    (void)tls13_AntiReplayReset(NULL, NULL);
-    return SECFailure;
-}
-
-/* This is exposed to tests.  Though it could, this doesn't take the lock on the
- * basis that those tests use thread confinement. */
-void
-tls13_AntiReplayRollover(PRTime now)
-{
-    ssl_anti_replay.current ^= 1;
-    ssl_anti_replay.nextUpdate = now + ssl_anti_replay.window;
-    sslBloom_Zero(ssl_anti_replay.filters + ssl_anti_replay.current);
-}
-
-static void
-tls13_AntiReplayUpdate()
-{
-    PRTime now;
-
-    PR_ASSERT_CURRENT_THREAD_IN_MONITOR(ssl_anti_replay.lock);
-
-    now = ssl_TimeUsec();
-    if (now < ssl_anti_replay.nextUpdate) {
-        return;
-    }
-
-    tls13_AntiReplayRollover(now);
-}
-
-PRBool
-tls13_InWindow(const sslSocket *ss, const sslSessionID *sid)
-{
-    PRInt32 timeDelta;
-
-    /* Calculate the difference between the client's view of the age of the
-     * ticket (in |ss->xtnData.ticketAge|) and the server's view, which we now
-     * calculate.  The result should be close to zero.  timeDelta is signed to
-     * make the comparisons below easier. */
-    timeDelta = ss->xtnData.ticketAge -
-                ((ssl_TimeUsec() - sid->creationTime) / PR_USEC_PER_MSEC);
-
-    /* Only allow the time delta to be at most half of our window.  This is
-     * symmetrical, though it doesn't need to be; this assumes that clock errors
-     * on server and client will tend to cancel each other out.
-     *
-     * There are two anti-replay filters that roll over each window.  In the
-     * worst case, immediately after a rollover of the filters, we only have a
-     * single window worth of recorded 0-RTT attempts.  Thus, the period in
-     * which we can accept 0-RTT is at most one window wide.  This uses PR_ABS()
-     * and half the window so that the first attempt can be up to half a window
-     * early and then replays will be caught until the attempts are half a
-     * window late.
-     *
-     * For example, a 0-RTT attempt arrives early, but near the end of window 1.
-     * The attempt is then recorded in window 1.  Rollover to window 2 could
-     * occur immediately afterwards.  Window 1 is still checked for new 0-RTT
-     * attempts for the remainder of window 2.  Therefore, attempts to replay
-     * are detected because the value is recorded in window 1.  When rollover
-     * occurs again, window 1 is erased and window 3 instated.  If we allowed an
-     * attempt to be late by more than half a window, then this check would not
-     * prevent the same 0-RTT attempt from being accepted during window 1 and
-     * later window 3.
-     */
-    return PR_ABS(timeDelta) < (ssl_anti_replay.window / 2);
-}
-
-/* Checks for a duplicate in the two filters we have.  Performs maintenance on
- * the filters as a side-effect. This only detects a probable replay, it's
- * possible that this will return true when the 0-RTT attempt is not genuinely a
- * replay.  In that case, we reject 0-RTT unnecessarily, but that's OK because
- * no client expects 0-RTT to work every time. */
-PRBool
-tls13_IsReplay(const sslSocket *ss, const sslSessionID *sid)
-{
-    PRBool replay;
-    unsigned int size;
-    PRUint8 index;
-    SECStatus rv;
-    static const char *label = "tls13 anti-replay";
-    PRUint8 buf[SSL_MAX_BLOOM_FILTER_SIZE];
-
-    /* If SSL_SetupAntiReplay hasn't been called, then treat all attempts at
-     * 0-RTT as a replay. */
-    if (!ssl_anti_replay.init.initialized) {
-        return PR_TRUE;
-    }
-
-    if (!tls13_InWindow(ss, sid)) {
-        return PR_TRUE;
-    }
-
-    size = ssl_anti_replay.filters[0].k *
-           (ssl_anti_replay.filters[0].bits + 7) / 8;
-    PORT_Assert(size <= SSL_MAX_BLOOM_FILTER_SIZE);
-    rv = tls13_HkdfExpandLabelRaw(ssl_anti_replay.key, ssl_hash_sha256,
-                                  ss->xtnData.pskBinder.data,
-                                  ss->xtnData.pskBinder.len,
-                                  label, strlen(label),
-                                  buf, size);
-    if (rv != SECSuccess) {
-        return PR_TRUE;
-    }
-
-    PZ_EnterMonitor(ssl_anti_replay.lock);
-    tls13_AntiReplayUpdate();
-
-    index = ssl_anti_replay.current;
-    replay = sslBloom_Add(&ssl_anti_replay.filters[index], buf);
-    if (!replay) {
-        replay = sslBloom_Check(&ssl_anti_replay.filters[index ^ 1],
-                                buf);
-    }
-
-    PZ_ExitMonitor(ssl_anti_replay.lock);
-    return replay;
-}
diff --git a/security/nss/lib/util/nssb64d.c b/security/nss/lib/util/nssb64d.c
index e4bb20a3e..886ce21c0 100644
--- a/security/nss/lib/util/nssb64d.c
+++ b/security/nss/lib/util/nssb64d.c
@@ -249,7 +249,7 @@ pl_base64_decode_buffer(PLBase64Decoder *data, const unsigned char *in,
         }
         i = 0;
 
-        PR_ASSERT((PRUint32)(out - data->output_buffer + 3) <= data->output_buflen);
+        PR_ASSERT((out - data->output_buffer + 3) <= data->output_buflen);
 
         /*
          * Assume we are not at the end; the following function only works
diff --git a/security/nss/lib/util/nssrwlk.c b/security/nss/lib/util/nssrwlk.c
index 5af021762..dbaeca24b 100644
--- a/security/nss/lib/util/nssrwlk.c
+++ b/security/nss/lib/util/nssrwlk.c
@@ -120,8 +120,6 @@ NSSRWLock_Destroy(NSSRWLock *rwlock)
 {
     PR_ASSERT(rwlock != NULL);
     PR_ASSERT(rwlock->rw_waiting_readers == 0);
-    PR_ASSERT(rwlock->rw_writer_locks == 0);
-    PR_ASSERT(rwlock->rw_reader_locks == 0);
 
     /* XXX Shouldn't we lock the PZLock before destroying this?? */
 
diff --git a/security/nss/lib/util/nssutil.def b/security/nss/lib/util/nssutil.def
index 936455f6e..f4b9ef7ba 100644
--- a/security/nss/lib/util/nssutil.def
+++ b/security/nss/lib/util/nssutil.def
@@ -307,19 +307,3 @@ PK11URI_GetQueryAttribute;
 ;+    local:
 ;+       *;
 ;+};
-;+NSSUTIL_3.33 {         # NSS Utilities 3.33 release
-;+    global:
-PORT_ZAllocAligned_Util;
-PORT_ZAllocAlignedOffset_Util;
-NSS_SecureMemcmpZero;
-;+    local:
-;+       *;
-;+};
-;-NSSUTIL_3.35 {         # NSS Utilities 3.35 release
-;-    global:
-;-# private exports for softoken
-_NSSUTIL_UTF8ToWide;-
-_NSSUTIL_Access;-
-;-    local:
-;-       *;
-;-};
diff --git a/security/nss/lib/util/nssutil.h b/security/nss/lib/util/nssutil.h
index f86dfa91e..e8cb52aed 100644
--- a/security/nss/lib/util/nssutil.h
+++ b/security/nss/lib/util/nssutil.h
@@ -19,10 +19,10 @@
  * The format of the version string should be
  *     "<major version>.<minor version>[.<patch level>[.<build number>]][ <Beta>]"
  */
-#define NSSUTIL_VERSION "3.35"
+#define NSSUTIL_VERSION "3.32.1"
 #define NSSUTIL_VMAJOR 3
-#define NSSUTIL_VMINOR 35
-#define NSSUTIL_VPATCH 0
+#define NSSUTIL_VMINOR 32
+#define NSSUTIL_VPATCH 1
 #define NSSUTIL_VBUILD 0
 #define NSSUTIL_BETA PR_FALSE
 
diff --git a/security/nss/lib/util/pkcs11uri.c b/security/nss/lib/util/pkcs11uri.c
index 94b00171e..453440293 100644
--- a/security/nss/lib/util/pkcs11uri.c
+++ b/security/nss/lib/util/pkcs11uri.c
@@ -242,7 +242,7 @@ static int
 pk11uri_CompareByPosition(const char *a, const char *b,
                           const char **attr_names, size_t num_attr_names)
 {
-    size_t i, j;
+    int i, j;
 
     for (i = 0; i < num_attr_names; i++) {
         if (strcmp(a, attr_names[i]) == 0) {
diff --git a/security/nss/lib/util/quickder.c b/security/nss/lib/util/quickder.c
index 7a6ac1c53..1b474822e 100644
--- a/security/nss/lib/util/quickder.c
+++ b/security/nss/lib/util/quickder.c
@@ -520,7 +520,8 @@ DecodeGroup(void* dest,
         if (SECSuccess == rv) {
             /* allocate room for pointer array and entries */
             /* we want to allocate the array even if there is 0 entry */
-            entries = (void**)PORT_ArenaZAlloc(arena, sizeof(void*) * (totalEntries + 1) + /* the extra one is for NULL termination */
+            entries = (void**)PORT_ArenaZAlloc(arena, sizeof(void*) *
+                                                              (totalEntries + 1) + /* the extra one is for NULL termination */
                                                           subTemplate->size * totalEntries);
 
             if (entries) {
diff --git a/security/nss/lib/util/secasn1d.c b/security/nss/lib/util/secasn1d.c
index 4c5f0ce4b..e6abb5fd5 100644
--- a/security/nss/lib/util/secasn1d.c
+++ b/security/nss/lib/util/secasn1d.c
@@ -2721,7 +2721,9 @@ dump_states(SEC_ASN1DecoderContext *cx)
                (state == cx->current) ? "STATE" : "State",
                state->theTemplate,
                kindBuf);
-        printf(" %s", (state->place >= 0 && state->place <= notInUse) ? place_names[state->place] : "(undefined)");
+        printf(" %s", (state->place >= 0 && state->place <= notInUse)
+                          ? place_names[state->place]
+                          : "(undefined)");
         if (!i)
             printf(", expect 0x%02x",
                    state->expect_tag_number | state->expect_tag_modifiers);
diff --git a/security/nss/lib/util/secoid.c b/security/nss/lib/util/secoid.c
index a05621c59..da03b7c06 100644
--- a/security/nss/lib/util/secoid.c
+++ b/security/nss/lib/util/secoid.c
@@ -1841,11 +1841,13 @@ secoid_FindDynamic(const SECItem *key)
 {
     SECOidData *ret = NULL;
 
-    NSSRWLock_LockRead(dynOidLock);
     if (dynOidHash) {
-        ret = (SECOidData *)PL_HashTableLookup(dynOidHash, key);
+        NSSRWLock_LockRead(dynOidLock);
+        if (dynOidHash) { /* must check it again with lock held. */
+            ret = (SECOidData *)PL_HashTableLookup(dynOidHash, key);
+        }
+        NSSRWLock_UnlockRead(dynOidLock);
     }
-    NSSRWLock_UnlockRead(dynOidLock);
     if (ret == NULL) {
         PORT_SetError(SEC_ERROR_UNRECOGNIZED_OID);
     }
@@ -1864,12 +1866,14 @@ secoid_FindDynamicByTag(SECOidTag tagnum)
     }
     tagNumDiff = tagnum - SEC_OID_TOTAL;
 
-    NSSRWLock_LockRead(dynOidLock);
-    if (dynOidTable != NULL &&
-        tagNumDiff < dynOidEntriesUsed) {
-        dxo = dynOidTable[tagNumDiff];
+    if (dynOidTable) {
+        NSSRWLock_LockRead(dynOidLock);
+        if (dynOidTable != NULL && /* must check it again with lock held. */
+            tagNumDiff < dynOidEntriesUsed) {
+            dxo = dynOidTable[tagNumDiff];
+        }
+        NSSRWLock_UnlockRead(dynOidLock);
     }
-    NSSRWLock_UnlockRead(dynOidLock);
     if (dxo == NULL) {
         PORT_SetError(SEC_ERROR_UNRECOGNIZED_OID);
     }
diff --git a/security/nss/lib/util/secport.c b/security/nss/lib/util/secport.c
index e5bd4c1bb..01a7d0834 100644
--- a/security/nss/lib/util/secport.c
+++ b/security/nss/lib/util/secport.c
@@ -21,8 +21,6 @@
 #include "prenv.h"
 #include "prinit.h"
 
-#include <stdint.h>
-
 #ifdef DEBUG
 #define THREADMARK
 #endif /* DEBUG */
@@ -121,51 +119,6 @@ PORT_ZAlloc(size_t bytes)
     return rv;
 }
 
-/* aligned_alloc is C11. This is an alternative to get aligned memory. */
-void *
-PORT_ZAllocAligned(size_t bytes, size_t alignment, void **mem)
-{
-    size_t x = alignment - 1;
-
-    /* This only works if alignment is a power of 2. */
-    if ((alignment == 0) || (alignment & (alignment - 1))) {
-        PORT_SetError(SEC_ERROR_INVALID_ARGS);
-        return NULL;
-    }
-
-    if (!mem) {
-        return NULL;
-    }
-
-    /* Always allocate a non-zero amount of bytes */
-    *mem = PORT_ZAlloc((bytes ? bytes : 1) + x);
-    if (!*mem) {
-        PORT_SetError(SEC_ERROR_NO_MEMORY);
-        return NULL;
-    }
-
-    return (void *)(((uintptr_t)*mem + x) & ~(uintptr_t)x);
-}
-
-void *
-PORT_ZAllocAlignedOffset(size_t size, size_t alignment, size_t offset)
-{
-    PORT_Assert(offset < size);
-    if (offset > size) {
-        return NULL;
-    }
-
-    void *mem = NULL;
-    void *v = PORT_ZAllocAligned(size, alignment, &mem);
-    if (!v) {
-        return NULL;
-    }
-
-    PORT_Assert(mem);
-    *((void **)((uintptr_t)v + offset)) = mem;
-    return v;
-}
-
 void
 PORT_Free(void *ptr)
 {
@@ -780,18 +733,3 @@ NSS_SecureMemcmp(const void *ia, const void *ib, size_t n)
 
     return r;
 }
-
-/*
- * Perform a constant-time check if a memory region is all 0. The return value
- * is 0 if the memory region is all zero.
- */
-unsigned int
-NSS_SecureMemcmpZero(const void *mem, size_t n)
-{
-    PRUint8 zero = 0;
-    size_t i;
-    for (i = 0; i < n; ++i) {
-        zero |= *(PRUint8 *)((uintptr_t)mem + i);
-    }
-    return zero;
-}
diff --git a/security/nss/lib/util/secport.h b/security/nss/lib/util/secport.h
index f1665a2f5..fb9ff4ebb 100644
--- a/security/nss/lib/util/secport.h
+++ b/security/nss/lib/util/secport.h
@@ -45,7 +45,6 @@
 #include <string.h>
 #include <stddef.h>
 #include <stdlib.h>
-#include <stdint.h>
 #include "prtypes.h"
 #include "prlog.h" /* for PR_ASSERT */
 #include "plarena.h"
@@ -89,9 +88,6 @@ SEC_BEGIN_PROTOS
 extern void *PORT_Alloc(size_t len);
 extern void *PORT_Realloc(void *old, size_t len);
 extern void *PORT_ZAlloc(size_t len);
-extern void *PORT_ZAllocAligned(size_t bytes, size_t alignment, void **mem);
-extern void *PORT_ZAllocAlignedOffset(size_t bytes, size_t alignment,
-                                      size_t offset);
 extern void PORT_Free(void *ptr);
 extern void PORT_ZFree(void *ptr, size_t len);
 extern char *PORT_Strdup(const char *s);
@@ -135,8 +131,6 @@ SEC_END_PROTOS
 #define PORT_CheckSuccess(f) (f)
 #endif
 #define PORT_ZNew(type) (type *)PORT_ZAlloc(sizeof(type))
-#define PORT_ZNewAligned(type, alignment, mem) \
-    (type *)PORT_ZAllocAlignedOffset(sizeof(type), alignment, offsetof(type, mem))
 #define PORT_New(type) (type *)PORT_Alloc(sizeof(type))
 #define PORT_ArenaNew(poolp, type) \
     (type *)PORT_ArenaAlloc(poolp, sizeof(type))
@@ -252,7 +246,6 @@ sec_port_iso88591_utf8_conversion_function(
 extern int NSS_PutEnv(const char *envVarName, const char *envValue);
 
 extern int NSS_SecureMemcmp(const void *a, const void *b, size_t n);
-extern unsigned int NSS_SecureMemcmpZero(const void *mem, size_t n);
 
 /*
  * Load a shared library called "newShLibName" in the same directory as
diff --git a/security/nss/lib/util/utilmod.c b/security/nss/lib/util/utilmod.c
index 7d3fcda81..971b6c1dc 100644
--- a/security/nss/lib/util/utilmod.c
+++ b/security/nss/lib/util/utilmod.c
@@ -24,7 +24,6 @@
 
 #if defined(_WIN32)
 #include <io.h>
-#include <windows.h>
 #endif
 #ifdef XP_UNIX
 #include <unistd.h>
@@ -35,184 +34,15 @@
 #include <fcntl.h>
 
 #if defined(_WIN32)
+#define os_open _open
 #define os_fdopen _fdopen
+#define os_stat _stat
 #define os_truncate_open_flags _O_CREAT | _O_RDWR | _O_TRUNC
 #define os_append_open_flags _O_CREAT | _O_RDWR | _O_APPEND
 #define os_open_permissions_type int
 #define os_open_permissions_default _S_IREAD | _S_IWRITE
 #define os_stat_type struct _stat
-
-/*
- * Convert a UTF8 string to Unicode wide character
- */
-LPWSTR
-_NSSUTIL_UTF8ToWide(const char *buf)
-{
-    DWORD size;
-    LPWSTR wide;
-
-    if (!buf) {
-        return NULL;
-    }
-
-    size = MultiByteToWideChar(CP_UTF8, 0, buf, -1, NULL, 0);
-    if (size == 0) {
-        return NULL;
-    }
-    wide = PORT_Alloc(sizeof(WCHAR) * size);
-    if (!wide) {
-        return NULL;
-    }
-    size = MultiByteToWideChar(CP_UTF8, 0, buf, -1, wide, size);
-    if (size == 0) {
-        PORT_Free(wide);
-        return NULL;
-    }
-    return wide;
-}
-
-static int
-os_open(const char *filename, int oflag, int pmode)
-{
-    int fd;
-
-    if (!filename) {
-        return -1;
-    }
-
-    wchar_t *filenameWide = _NSSUTIL_UTF8ToWide(filename);
-    if (!filenameWide) {
-        return -1;
-    }
-    fd = _wopen(filenameWide, oflag, pmode);
-    PORT_Free(filenameWide);
-
-    return fd;
-}
-
-static int
-os_stat(const char *path, os_stat_type *buffer)
-{
-    int result;
-
-    if (!path) {
-        return -1;
-    }
-
-    wchar_t *pathWide = _NSSUTIL_UTF8ToWide(path);
-    if (!pathWide) {
-        return -1;
-    }
-    result = _wstat(pathWide, buffer);
-    PORT_Free(pathWide);
-
-    return result;
-}
-
-static FILE *
-os_fopen(const char *filename, const char *mode)
-{
-    FILE *fp;
-
-    if (!filename || !mode) {
-        return NULL;
-    }
-
-    wchar_t *filenameWide = _NSSUTIL_UTF8ToWide(filename);
-    if (!filenameWide) {
-        return NULL;
-    }
-    wchar_t *modeWide = _NSSUTIL_UTF8ToWide(mode);
-    if (!modeWide) {
-        PORT_Free(filenameWide);
-        return NULL;
-    }
-    fp = _wfopen(filenameWide, modeWide);
-    PORT_Free(filenameWide);
-    PORT_Free(modeWide);
-
-    return fp;
-}
-
-PRStatus
-_NSSUTIL_Access(const char *path, PRAccessHow how)
-{
-    int result;
-
-    if (!path) {
-        return PR_FAILURE;
-    }
-
-    int mode;
-    switch (how) {
-        case PR_ACCESS_WRITE_OK:
-            mode = 2;
-            break;
-        case PR_ACCESS_READ_OK:
-            mode = 4;
-            break;
-        case PR_ACCESS_EXISTS:
-            mode = 0;
-            break;
-        default:
-            return PR_FAILURE;
-    }
-
-    wchar_t *pathWide = _NSSUTIL_UTF8ToWide(path);
-    if (!pathWide) {
-        return PR_FAILURE;
-    }
-    result = _waccess(pathWide, mode);
-    PORT_Free(pathWide);
-
-    return result < 0 ? PR_FAILURE : PR_SUCCESS;
-}
-
-static PRStatus
-nssutil_Delete(const char *name)
-{
-    BOOL result;
-
-    if (!name) {
-        return PR_FAILURE;
-    }
-
-    wchar_t *nameWide = _NSSUTIL_UTF8ToWide(name);
-    if (!nameWide) {
-        return PR_FAILURE;
-    }
-    result = DeleteFileW(nameWide);
-    PORT_Free(nameWide);
-
-    return result ? PR_SUCCESS : PR_FAILURE;
-}
-
-static PRStatus
-nssutil_Rename(const char *from, const char *to)
-{
-    BOOL result;
-
-    if (!from || !to) {
-        return PR_FAILURE;
-    }
-
-    wchar_t *fromWide = _NSSUTIL_UTF8ToWide(from);
-    if (!fromWide) {
-        return PR_FAILURE;
-    }
-    wchar_t *toWide = _NSSUTIL_UTF8ToWide(to);
-    if (!toWide) {
-        PORT_Free(fromWide);
-        return PR_FAILURE;
-    }
-    result = MoveFileW(fromWide, toWide);
-    PORT_Free(fromWide);
-    PORT_Free(toWide);
-
-    return result ? PR_SUCCESS : PR_FAILURE;
-}
 #else
-#define os_fopen fopen
 #define os_open open
 #define os_fdopen fdopen
 #define os_stat stat
@@ -221,8 +51,6 @@ nssutil_Rename(const char *from, const char *to)
 #define os_open_permissions_type mode_t
 #define os_open_permissions_default 0600
 #define os_stat_type struct stat
-#define nssutil_Delete PR_Delete
-#define nssutil_Rename PR_Rename
 #endif
 
 /****************************************************************
@@ -391,7 +219,7 @@ nssutil_ReadSecmodDB(const char *appName,
     }
 
     /* do we really want to use streams here */
-    fd = os_fopen(dbname, "r");
+    fd = fopen(dbname, "r");
     if (fd == NULL)
         goto done;
 
@@ -575,7 +403,7 @@ done:
         }
 
         /* old one exists */
-        status = _NSSUTIL_Access(olddbname, PR_ACCESS_EXISTS);
+        status = PR_Access(olddbname, PR_ACCESS_EXISTS);
         if (status == PR_SUCCESS) {
             PR_smprintf_free(olddbname);
             PORT_ZFree(moduleList, useCount * sizeof(char *));
@@ -704,7 +532,7 @@ nssutil_DeleteSecmodDBEntry(const char *appName,
     }
 
     /* do we really want to use streams here */
-    fd = os_fopen(dbname, "r");
+    fd = fopen(dbname, "r");
     if (fd == NULL)
         goto loser;
 
@@ -774,10 +602,10 @@ nssutil_DeleteSecmodDBEntry(const char *appName,
     fclose(fd2);
     if (found) {
         /* rename dbname2 to dbname */
-        nssutil_Delete(dbname);
-        nssutil_Rename(dbname2, dbname);
+        PR_Delete(dbname);
+        PR_Rename(dbname2, dbname);
     } else {
-        nssutil_Delete(dbname2);
+        PR_Delete(dbname2);
     }
     PORT_Free(dbname2);
     PORT_Free(lib);
@@ -793,7 +621,7 @@ loser:
         fclose(fd2);
     }
     if (dbname2) {
-        nssutil_Delete(dbname2);
+        PR_Delete(dbname2);
         PORT_Free(dbname2);
     }
     PORT_Free(lib);
diff --git a/security/nss/lib/util/utilpars.c b/security/nss/lib/util/utilpars.c
index e7435bfcc..7116d26f3 100644
--- a/security/nss/lib/util/utilpars.c
+++ b/security/nss/lib/util/utilpars.c
@@ -589,7 +589,6 @@ struct nssutilArgSlotFlagTable {
     }
 static struct nssutilArgSlotFlagTable nssutil_argSlotFlagTable[] = {
     NSSUTIL_ARG_ENTRY(RSA, SECMOD_RSA_FLAG),
-    NSSUTIL_ARG_ENTRY(ECC, SECMOD_ECC_FLAG),
     NSSUTIL_ARG_ENTRY(DSA, SECMOD_RSA_FLAG),
     NSSUTIL_ARG_ENTRY(RC2, SECMOD_RC4_FLAG),
     NSSUTIL_ARG_ENTRY(RC4, SECMOD_RC2_FLAG),
@@ -1111,8 +1110,12 @@ _NSSUTIL_EvaluateConfigDir(const char *configdir,
     NSSDBType dbType;
     PRBool checkEnvDefaultDB = PR_FALSE;
     *appName = NULL;
-    /* force the default */
+/* force the default */
+#ifdef NSS_DISABLE_DBM
     dbType = NSS_DB_TYPE_SQL;
+#else
+    dbType = NSS_DB_TYPE_LEGACY;
+#endif
     if (configdir == NULL) {
         checkEnvDefaultDB = PR_TRUE;
     } else if (PORT_Strncmp(configdir, MULTIACCESS, sizeof(MULTIACCESS) - 1) == 0) {
diff --git a/security/nss/lib/util/utilpars.h b/security/nss/lib/util/utilpars.h
index 1b0b1ff1c..70767263a 100644
--- a/security/nss/lib/util/utilpars.h
+++ b/security/nss/lib/util/utilpars.h
@@ -59,11 +59,5 @@ char *NSSUTIL_MkNSSString(char **slotStrings, int slotCount, PRBool internal,
 char *_NSSUTIL_GetSecmodName(const char *param, NSSDBType *dbType,
                              char **appName, char **filename, PRBool *rw);
 const char *_NSSUTIL_EvaluateConfigDir(const char *configdir, NSSDBType *dbType, char **app);
-#if defined(_WIN32)
-wchar_t *_NSSUTIL_UTF8ToWide(const char *buf);
-PRStatus _NSSUTIL_Access(const char *path, PRAccessHow how);
-#else
-#define _NSSUTIL_Access(path, how) PR_Access((path), (how))
-#endif
 
 #endif /* _UTILPARS_H_ */
diff --git a/security/nss/lib/util/utilparst.h b/security/nss/lib/util/utilparst.h
index 5dda09028..f2148e6e3 100644
--- a/security/nss/lib/util/utilparst.h
+++ b/security/nss/lib/util/utilparst.h
@@ -43,7 +43,7 @@
 #define NSSUTIL_DEFAULT_INTERNAL_INIT3 \
     " askpw=any timeout=30})\""
 #define NSSUTIL_DEFAULT_SFTKN_FLAGS \
-    "slotFlags=[ECC,RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512]"
+    "slotFlags=[RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512]"
 
 #define NSSUTIL_DEFAULT_CIPHER_ORDER 0
 #define NSSUTIL_DEFAULT_TRUST_ORDER 50
diff --git a/security/nss/lib/util/utilrename.h b/security/nss/lib/util/utilrename.h
index 19ddba666..1aea3d284 100644
--- a/security/nss/lib/util/utilrename.h
+++ b/security/nss/lib/util/utilrename.h
@@ -70,8 +70,6 @@
 #define PORT_UCS2_ASCIIConversion PORT_UCS2_ASCIIConversion_Util
 #define PORT_UCS2_UTF8Conversion PORT_UCS2_UTF8Conversion_Util
 #define PORT_ZAlloc PORT_ZAlloc_Util
-#define PORT_ZAllocAligned PORT_ZAllocAligned_Util
-#define PORT_ZAllocAlignedOffset PORT_ZAllocAlignedOffset_Util
 #define PORT_ZFree PORT_ZFree_Util
 #define SEC_ASN1Decode SEC_ASN1Decode_Util
 #define SEC_ASN1DecodeInteger SEC_ASN1DecodeInteger_Util
diff --git a/security/nss/mach b/security/nss/mach
deleted file mode 100644
index 715f1a9e3..000000000
--- a/security/nss/mach
+++ /dev/null
@@ -1,219 +0,0 @@
-#!/usr/bin/env python
-#
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-##########################################################################
-#
-# This is a collection of helper tools to get stuff done in NSS.
-#
-
-import sys
-import argparse
-import subprocess
-import os
-import platform
-from hashlib import sha256
-
-cwd = os.path.dirname(os.path.abspath(__file__))
-
-
-class cfAction(argparse.Action):
-    docker_command = ["docker"]
-    restorecon = None
-
-    def __call__(self, parser, args, values, option_string=None):
-        if not args.noroot:
-            self.setDockerCommand()
-
-        if values:
-            files = [os.path.relpath(os.path.abspath(x), start=cwd) for x in values]
-        else:
-            files = self.modifiedFiles()
-        files = [os.path.join('/home/worker/nss', x) for x in files]
-
-        # First check if we can run docker.
-        try:
-            with open(os.devnull, "w") as f:
-                subprocess.check_call(
-                    self.docker_command + ["images"], stdout=f)
-        except:
-            print("Please install docker and start the docker daemon.")
-            sys.exit(1)
-
-        docker_image = 'clang-format-service:latest'
-        cf_docker_folder = cwd + "/automation/clang-format"
-
-        # Build the image if necessary.
-        if self.filesChanged(cf_docker_folder):
-            self.buildImage(docker_image, cf_docker_folder)
-
-        # Check if we have the docker image.
-        try:
-            command = self.docker_command + [
-                "image", "inspect", "clang-format-service:latest"
-            ]
-            with open(os.devnull, "w") as f:
-                subprocess.check_call(command, stdout=f)
-        except:
-            print("I have to build the docker image first.")
-            self.buildImage(docker_image, cf_docker_folder)
-
-        command = self.docker_command + [
-            'run', '-v', cwd + ':/home/worker/nss:Z', '--rm', '-ti', docker_image
-        ]
-        # The clang format script returns 1 if something's to do. We don't
-        # care.
-        subprocess.call(command + files)
-        if self.restorecon is not None:
-            subprocess.call([self.restorecon, '-R', cwd])
-
-    def filesChanged(self, path):
-        hash = sha256()
-        for dirname, dirnames, files in os.walk(path):
-            for file in files:
-                with open(os.path.join(dirname, file), "rb") as f:
-                    hash.update(f.read())
-        chk_file = cwd + "/.chk"
-        old_chk = ""
-        new_chk = hash.hexdigest()
-        if os.path.exists(chk_file):
-            with open(chk_file) as f:
-                old_chk = f.readline()
-        if old_chk != new_chk:
-            with open(chk_file, "w+") as f:
-                f.write(new_chk)
-            return True
-        return False
-
-    def buildImage(self, docker_image, cf_docker_folder):
-        command = self.docker_command + [
-            "build", "-t", docker_image, cf_docker_folder
-        ]
-        subprocess.check_call(command)
-        return
-
-    def setDockerCommand(self):
-        if platform.system() == "Linux":
-            from distutils.spawn import find_executable
-            self.restorecon = find_executable('restorecon')
-            self.docker_command = ["sudo"] + self.docker_command
-
-    def modifiedFiles(self):
-        files = []
-        if os.path.exists(os.path.join(cwd, '.hg')):
-            st = subprocess.Popen(['hg', 'status', '-m', '-a'],
-                                  cwd=cwd, stdout=subprocess.PIPE)
-            for line in iter(st.stdout.readline, ''):
-                files += [line[2:].rstrip()]
-        elif os.path.exists(os.path.join(cwd, '.git')):
-            st = subprocess.Popen(['git', 'status', '--porcelain'],
-                                  cwd=cwd, stdout=subprocess.PIPE)
-            for line in iter(st.stdout.readline, ''):
-                if line[1] == 'M' or line[1] != 'D' and \
-                        (line[0] == 'M' or line[0] == 'A' or
-                         line[0] == 'C' or line[0] == 'U'):
-                    files += [line[3:].rstrip()]
-                elif line[0] == 'R':
-                    files += [line[line.index(' -> ', beg=4) + 4:]]
-        else:
-            print('Warning: neither mercurial nor git detected!')
-
-        def isFormatted(x):
-            return x[-2:] == '.c' or x[-3:] == '.cc' or x[-2:] == '.h'
-        return [x for x in files if isFormatted(x)]
-
-
-class buildAction(argparse.Action):
-
-    def __call__(self, parser, args, values, option_string=None):
-        cwd = os.path.dirname(os.path.abspath(__file__))
-        subprocess.check_call([cwd + "/build.sh"] + values)
-
-
-class testAction(argparse.Action):
-
-    def runTest(self, test, cycles="standard"):
-        cwd = os.path.dirname(os.path.abspath(__file__))
-        domsuf = os.getenv('DOMSUF', "localdomain")
-        host = os.getenv('HOST', "localhost")
-        env = {
-            "NSS_TESTS": test,
-            "NSS_CYCLES": cycles,
-            "DOMSUF": domsuf,
-            "HOST": host
-        }
-        os_env = os.environ
-        os_env.update(env)
-        command = cwd + "/tests/all.sh"
-        subprocess.check_call(command, env=os_env)
-
-    def __call__(self, parser, args, values, option_string=None):
-        self.runTest(values)
-
-
-class commandsAction(argparse.Action):
-    commands = []
-
-    def __call__(self, parser, args, values, option_string=None):
-        for c in commandsAction.commands:
-            print(c)
-
-
-def parse_arguments():
-    parser = argparse.ArgumentParser(
-        description='NSS helper script. ' +
-        'Make sure to separate sub-command arguments with --.')
-    subparsers = parser.add_subparsers()
-
-    parser_build = subparsers.add_parser(
-        'build', help='All arguments are passed to build.sh')
-    parser_build.add_argument(
-        'build_args', nargs='*', help="build arguments", action=buildAction)
-
-    parser_cf = subparsers.add_parser(
-        'clang-format',
-        help="""
-        Run clang-format.
-
-        By default this runs against any files that you have modified.  If
-        there are no modified files, it checks everything.
-        """)
-    parser_cf.add_argument(
-        '--noroot',
-        help='On linux, suppress the use of \'sudo\' for running docker.',
-        action='store_true')
-    parser_cf.add_argument(
-        '<file/dir>',
-        nargs='*',
-        help="Specify files or directories to run clang-format on",
-        action=cfAction)
-
-    parser_test = subparsers.add_parser(
-        'tests', help='Run tests through tests/all.sh.')
-    tests = [
-        "cipher", "lowhash", "chains", "cert", "dbtests", "tools", "fips",
-        "sdr", "crmf", "smime", "ssl", "ocsp", "merge", "pkits", "ec",
-        "gtests", "ssl_gtests"
-    ]
-    parser_test.add_argument(
-        'test', choices=tests, help="Available tests", action=testAction)
-
-    parser_commands = subparsers.add_parser(
-        'mach-commands',
-        help="list commands")
-    parser_commands.add_argument(
-        'mach-commands',
-        nargs='*',
-        action=commandsAction)
-
-    commandsAction.commands = [c for c in subparsers.choices]
-    return parser.parse_args()
-
-
-def main():
-    parse_arguments()
-
-
-if __name__ == '__main__':
-    main()
diff --git a/security/nss/nss-tool/.clang-format b/security/nss/nss-tool/.clang-format
deleted file mode 100644
index 06e3c5115..000000000
--- a/security/nss/nss-tool/.clang-format
+++ /dev/null
@@ -1,4 +0,0 @@
----
-Language: Cpp
-BasedOnStyle: Google
-...
diff --git a/security/nss/nss-tool/common/argparse.cc b/security/nss/nss-tool/common/argparse.cc
deleted file mode 100644
index 3b7c73891..000000000
--- a/security/nss/nss-tool/common/argparse.cc
+++ /dev/null
@@ -1,23 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "argparse.h"
-
-ArgParser::ArgParser(const std::vector<std::string>& arguments) {
-  for (size_t i = 0; i < arguments.size(); i++) {
-    std::string arg = arguments.at(i);
-    if (arg.find("--") == 0) {
-      // look for an option argument
-      if (i + 1 < arguments.size() && arguments.at(i + 1).find("--") != 0) {
-        programArgs_[arg] = arguments.at(i + 1);
-        i++;
-      } else {
-        programArgs_[arg] = "";
-      }
-    } else {
-      // positional argument (e.g. required argument)
-      positionalArgs_.push_back(arg);
-    }
-  }
-}
diff --git a/security/nss/nss-tool/common/argparse.h b/security/nss/nss-tool/common/argparse.h
deleted file mode 100644
index 8645d5aaa..000000000
--- a/security/nss/nss-tool/common/argparse.h
+++ /dev/null
@@ -1,30 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#ifndef argparse_h__
-#define argparse_h__
-
-#include <string>
-#include <unordered_map>
-#include <vector>
-
-class ArgParser {
- public:
-  ArgParser(const std::vector<std::string>& arguments);
-
-  bool Has(std::string arg) const { return programArgs_.count(arg) > 0; }
-
-  std::string Get(std::string arg) const { return programArgs_.at(arg); }
-
-  size_t GetPositionalArgumentCount() const { return positionalArgs_.size(); }
-  std::string GetPositionalArgument(size_t pos) const {
-    return positionalArgs_.at(pos);
-  }
-
- private:
-  std::unordered_map<std::string, std::string> programArgs_;
-  std::vector<std::string> positionalArgs_;
-};
-
-#endif  // argparse_h__
diff --git a/security/nss/nss-tool/common/tool.h b/security/nss/nss-tool/common/tool.h
deleted file mode 100644
index 17ebcac29..000000000
--- a/security/nss/nss-tool/common/tool.h
+++ /dev/null
@@ -1,20 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#ifndef tool_h__
-#define tool_h__
-
-#include <string>
-#include <vector>
-
-class Tool {
- public:
-  virtual bool Run(const std::vector<std::string>& arguments) = 0;
-  virtual ~Tool() {}
-
- private:
-  virtual void Usage() = 0;
-};
-
-#endif  // tool_h__
diff --git a/security/nss/nss-tool/common/util.cc b/security/nss/nss-tool/common/util.cc
deleted file mode 100644
index 77459155a..000000000
--- a/security/nss/nss-tool/common/util.cc
+++ /dev/null
@@ -1,216 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "util.h"
-
-#include <fstream>
-#include <iomanip>
-#include <iostream>
-#include <sstream>
-#include <string>
-
-#include <prerror.h>
-
-#if defined(__unix__) || defined(__APPLE__)
-#include <termios.h>
-#include <unistd.h>
-#elif defined(WIN32) || defined(_WIN64)
-#include <Windows.h>
-#endif
-
-static std::string GetPassword(const std::string &prompt) {
-  std::cout << prompt << std::endl;
-
-#if defined(__unix__) || defined(__APPLE__)
-  termios oldt;
-  tcgetattr(STDIN_FILENO, &oldt);
-  termios newt = oldt;
-  newt.c_lflag &= ~ECHO;
-  tcsetattr(STDIN_FILENO, TCSANOW, &newt);
-#elif defined(WIN32) || defined(_WIN64)
-  HANDLE hStdin = GetStdHandle(STD_INPUT_HANDLE);
-  DWORD mode = 0;
-  GetConsoleMode(hStdin, &mode);
-  SetConsoleMode(hStdin, mode & (~ENABLE_ECHO_INPUT));
-#endif
-
-  std::string pw;
-  std::getline(std::cin, pw);
-
-#if defined(__unix__) || defined(__APPLE__)
-  tcsetattr(STDIN_FILENO, TCSANOW, &oldt);
-#elif defined(WIN32) || defined(_WIN64)
-  SetConsoleMode(hStdin, mode);
-#endif
-
-  return pw;
-}
-
-static char *GetModulePassword(PK11SlotInfo *slot, int retry, void *arg) {
-  if (arg == nullptr) {
-    return nullptr;
-  }
-
-  PwData *pwData = reinterpret_cast<PwData *>(arg);
-
-  if (retry > 0) {
-    std::cerr << "Incorrect password/PIN entered." << std::endl;
-    return nullptr;
-  }
-
-  switch (pwData->source) {
-    case PW_NONE:
-    case PW_FROMFILE:
-      std::cerr << "Password input method not supported." << std::endl;
-      return nullptr;
-    case PW_PLAINTEXT:
-      return PL_strdup(pwData->data);
-    default:
-      break;
-  }
-
-  std::cerr << "Password check failed:  No password found." << std::endl;
-  return nullptr;
-}
-
-static std::vector<uint8_t> ReadFromIstream(std::istream &is) {
-  std::vector<uint8_t> data;
-  while (is) {
-    char buf[1024];
-    is.read(buf, sizeof(buf));
-    data.insert(data.end(), buf, buf + is.gcount());
-  }
-
-  return data;
-}
-
-static std::string GetNewPasswordFromUser(void) {
-  std::string pw;
-
-  while (true) {
-    pw = GetPassword("Enter new password: ");
-    if (pw == GetPassword("Re-enter password: ")) {
-      break;
-    }
-
-    std::cerr << "Passwords do not match. Try again." << std::endl;
-  }
-
-  return pw;
-}
-
-bool InitSlotPassword(void) {
-  ScopedPK11SlotInfo slot(PK11_GetInternalKeySlot());
-  if (slot.get() == nullptr) {
-    std::cerr << "Error: Init PK11SlotInfo failed!" << std::endl;
-    return false;
-  }
-
-  std::cout << "Enter a password which will be used to encrypt your keys."
-            << std::endl
-            << std::endl;
-  std::string pw = GetNewPasswordFromUser();
-
-  SECStatus rv = PK11_InitPin(slot.get(), nullptr, pw.c_str());
-  if (rv != SECSuccess) {
-    std::cerr << "Init db password failed." << std::endl;
-    return false;
-  }
-
-  return true;
-}
-
-bool ChangeSlotPassword(void) {
-  ScopedPK11SlotInfo slot(PK11_GetInternalKeySlot());
-  if (slot.get() == nullptr) {
-    std::cerr << "Error: Init PK11SlotInfo failed!" << std::endl;
-    return false;
-  }
-
-  // get old password and authenticate to db
-  PK11_SetPasswordFunc(&GetModulePassword);
-  std::string oldPw = GetPassword("Enter your current password: ");
-  PwData pwData = {PW_PLAINTEXT, const_cast<char *>(oldPw.c_str())};
-  SECStatus rv = PK11_Authenticate(slot.get(), false /*loadCerts*/, &pwData);
-  if (rv != SECSuccess) {
-    std::cerr << "Password incorrect." << std::endl;
-    return false;
-  }
-
-  // get new password
-  std::string newPw = GetNewPasswordFromUser();
-
-  if (PK11_ChangePW(slot.get(), oldPw.c_str(), newPw.c_str()) != SECSuccess) {
-    std::cerr << "Failed to change password." << std::endl;
-    return false;
-  }
-
-  std::cout << "Password changed successfully." << std::endl;
-  return true;
-}
-
-bool DBLoginIfNeeded(const ScopedPK11SlotInfo &slot) {
-  if (!PK11_NeedLogin(slot.get())) {
-    return true;
-  }
-
-  PK11_SetPasswordFunc(&GetModulePassword);
-  std::string pw = GetPassword("Enter your password: ");
-  PwData pwData = {PW_PLAINTEXT, const_cast<char *>(pw.c_str())};
-  SECStatus rv = PK11_Authenticate(slot.get(), true /*loadCerts*/, &pwData);
-  if (rv != SECSuccess) {
-    std::cerr << "Could not authenticate to token "
-              << PK11_GetTokenName(slot.get()) << ". Failed with error "
-              << PR_ErrorToName(PR_GetError()) << std::endl;
-    return false;
-  }
-  std::cout << std::endl;
-
-  return true;
-}
-
-std::string StringToHex(const ScopedSECItem &input) {
-  std::stringstream ss;
-  ss << "0x";
-  for (size_t i = 0; i < input->len; i++) {
-    ss << std::hex << std::setfill('0') << std::setw(2)
-       << static_cast<int>(input->data[i]);
-  }
-
-  return ss.str();
-}
-
-std::vector<uint8_t> ReadInputData(std::string dataPath) {
-  std::vector<uint8_t> data;
-  if (dataPath.empty()) {
-    std::cout << "No input file path given, using stdin." << std::endl;
-    data = ReadFromIstream(std::cin);
-  } else {
-    std::ifstream is(dataPath, std::ifstream::binary);
-    if (is.good()) {
-      data = ReadFromIstream(is);
-    } else {
-      std::cerr << "IO Error when opening " << dataPath << std::endl;
-      std::cerr << "Input file does not exist or you don't have permissions."
-                << std::endl;
-    }
-  }
-
-  return data;
-}
-
-std::istream &GetStreamFromFileOrStdin(std::string &path, std::ifstream &ifs) {
-  if (path.empty()) {
-    return std::cin;
-  }
-
-  ifs.open(path, std::ifstream::binary);
-  if (!ifs.good()) {
-    std::cerr << "IO Error when opening " << path << std::endl;
-    std::cerr << "Input file does not exist or you don't have permissions."
-              << std::endl;
-  }
-
-  return ifs;
-}
diff --git a/security/nss/nss-tool/common/util.h b/security/nss/nss-tool/common/util.h
deleted file mode 100644
index 58fb05839..000000000
--- a/security/nss/nss-tool/common/util.h
+++ /dev/null
@@ -1,32 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#ifndef util_h__
-#define util_h__
-
-#include "nspr.h"
-#include "scoped_ptrs.h"
-
-#include <secmodt.h>
-#include <string>
-#include <vector>
-
-#ifndef PORT_Malloc
-#define PORT_Malloc PR_Malloc
-#endif
-
-enum PwDataType { PW_NONE = 0, PW_FROMFILE = 1, PW_PLAINTEXT = 2 };
-typedef struct {
-  PwDataType source;
-  char *data;
-} PwData;
-
-bool InitSlotPassword(void);
-bool ChangeSlotPassword(void);
-bool DBLoginIfNeeded(const ScopedPK11SlotInfo &slot);
-std::string StringToHex(const ScopedSECItem &input);
-std::vector<uint8_t> ReadInputData(std::string dataPath);
-std::istream &GetStreamFromFileOrStdin(std::string &path, std::ifstream &ifs);
-
-#endif  // util_h__
diff --git a/security/nss/nss-tool/db/dbtool.cc b/security/nss/nss-tool/db/dbtool.cc
deleted file mode 100644
index 8c369cf05..000000000
--- a/security/nss/nss-tool/db/dbtool.cc
+++ /dev/null
@@ -1,497 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "dbtool.h"
-#include "argparse.h"
-#include "scoped_ptrs.h"
-#include "util.h"
-
-#include <iomanip>
-#include <iostream>
-#include <regex>
-#include <sstream>
-
-#include <cert.h>
-#include <certdb.h>
-#include <nss.h>
-#include <pk11pub.h>
-#include <prerror.h>
-#include <prio.h>
-
-const std::vector<std::string> kCommandArgs(
-    {"--create", "--list-certs", "--import-cert", "--list-keys", "--import-key",
-     "--delete-cert", "--delete-key", "--change-password"});
-
-static bool HasSingleCommandArgument(const ArgParser &parser) {
-  auto pred = [&](const std::string &cmd) { return parser.Has(cmd); };
-  return std::count_if(kCommandArgs.begin(), kCommandArgs.end(), pred) == 1;
-}
-
-static bool HasArgumentRequiringWriteAccess(const ArgParser &parser) {
-  return parser.Has("--create") || parser.Has("--import-cert") ||
-         parser.Has("--import-key") || parser.Has("--delete-cert") ||
-         parser.Has("--delete-key") || parser.Has("--change-password");
-}
-
-static std::string PrintFlags(unsigned int flags) {
-  std::stringstream ss;
-  if ((flags & CERTDB_VALID_CA) && !(flags & CERTDB_TRUSTED_CA) &&
-      !(flags & CERTDB_TRUSTED_CLIENT_CA)) {
-    ss << "c";
-  }
-  if ((flags & CERTDB_TERMINAL_RECORD) && !(flags & CERTDB_TRUSTED)) {
-    ss << "p";
-  }
-  if (flags & CERTDB_TRUSTED_CA) {
-    ss << "C";
-  }
-  if (flags & CERTDB_TRUSTED_CLIENT_CA) {
-    ss << "T";
-  }
-  if (flags & CERTDB_TRUSTED) {
-    ss << "P";
-  }
-  if (flags & CERTDB_USER) {
-    ss << "u";
-  }
-  if (flags & CERTDB_SEND_WARN) {
-    ss << "w";
-  }
-  if (flags & CERTDB_INVISIBLE_CA) {
-    ss << "I";
-  }
-  if (flags & CERTDB_GOVT_APPROVED_CA) {
-    ss << "G";
-  }
-  return ss.str();
-}
-
-static const char *const keyTypeName[] = {"null", "rsa", "dsa", "fortezza",
-                                          "dh",   "kea", "ec"};
-
-void DBTool::Usage() {
-  std::cerr << "Usage: nss db [--path <directory>]" << std::endl;
-  std::cerr << "  --create" << std::endl;
-  std::cerr << "  --change-password" << std::endl;
-  std::cerr << "  --list-certs" << std::endl;
-  std::cerr << "  --import-cert [<path>] --name <name> [--trusts <trusts>]"
-            << std::endl;
-  std::cerr << "  --list-keys" << std::endl;
-  std::cerr << "  --import-key [<path> [-- name <name>]]" << std::endl;
-  std::cerr << "  --delete-cert <name>" << std::endl;
-  std::cerr << "  --delete-key <name>" << std::endl;
-}
-
-bool DBTool::Run(const std::vector<std::string> &arguments) {
-  ArgParser parser(arguments);
-
-  if (!HasSingleCommandArgument(parser)) {
-    Usage();
-    return false;
-  }
-
-  PRAccessHow how = PR_ACCESS_READ_OK;
-  bool readOnly = true;
-  if (HasArgumentRequiringWriteAccess(parser)) {
-    how = PR_ACCESS_WRITE_OK;
-    readOnly = false;
-  }
-
-  std::string initDir(".");
-  if (parser.Has("--path")) {
-    initDir = parser.Get("--path");
-  }
-  if (PR_Access(initDir.c_str(), how) != PR_SUCCESS) {
-    std::cerr << "Directory '" << initDir
-              << "' does not exist or you don't have permissions!" << std::endl;
-    return false;
-  }
-
-  std::cout << "Using database directory: " << initDir << std::endl
-            << std::endl;
-
-  bool dbFilesExist = PathHasDBFiles(initDir);
-  if (parser.Has("--create") && dbFilesExist) {
-    std::cerr << "Trying to create database files in a directory where they "
-                 "already exists. Delete the db files before creating new ones."
-              << std::endl;
-    return false;
-  }
-  if (!parser.Has("--create") && !dbFilesExist) {
-    std::cerr << "No db files found." << std::endl;
-    std::cerr << "Create them using 'nss db --create [--path /foo/bar]' before "
-                 "continuing."
-              << std::endl;
-    return false;
-  }
-
-  // init NSS
-  const char *certPrefix = "";  // certutil -P option  --- can leave this empty
-  SECStatus rv = NSS_Initialize(initDir.c_str(), certPrefix, certPrefix,
-                                "secmod.db", readOnly ? NSS_INIT_READONLY : 0);
-  if (rv != SECSuccess) {
-    std::cerr << "NSS init failed!" << std::endl;
-    return false;
-  }
-
-  bool ret = true;
-  if (parser.Has("--list-certs")) {
-    ListCertificates();
-  } else if (parser.Has("--import-cert")) {
-    ret = ImportCertificate(parser);
-  } else if (parser.Has("--create")) {
-    ret = InitSlotPassword();
-    if (ret) {
-      std::cout << "DB files created successfully." << std::endl;
-    }
-  } else if (parser.Has("--list-keys")) {
-    ret = ListKeys();
-  } else if (parser.Has("--import-key")) {
-    ret = ImportKey(parser);
-  } else if (parser.Has("--delete-cert")) {
-    ret = DeleteCert(parser);
-  } else if (parser.Has("--delete-key")) {
-    ret = DeleteKey(parser);
-  } else if (parser.Has("--change-password")) {
-    ret = ChangeSlotPassword();
-  }
-
-  // shutdown nss
-  if (NSS_Shutdown() != SECSuccess) {
-    std::cerr << "NSS Shutdown failed!" << std::endl;
-    return false;
-  }
-
-  return ret;
-}
-
-bool DBTool::PathHasDBFiles(std::string path) {
-  std::regex certDBPattern("cert.*\\.db");
-  std::regex keyDBPattern("key.*\\.db");
-
-  PRDir *dir = PR_OpenDir(path.c_str());
-  if (!dir) {
-    std::cerr << "Directory " << path << " could not be accessed!" << std::endl;
-    return false;
-  }
-
-  PRDirEntry *ent;
-  bool dbFileExists = false;
-  while ((ent = PR_ReadDir(dir, PR_SKIP_BOTH))) {
-    if (std::regex_match(ent->name, certDBPattern) ||
-        std::regex_match(ent->name, keyDBPattern) ||
-        "secmod.db" == std::string(ent->name)) {
-      dbFileExists = true;
-      break;
-    }
-  }
-
-  (void)PR_CloseDir(dir);
-  return dbFileExists;
-}
-
-void DBTool::ListCertificates() {
-  ScopedCERTCertList list(PK11_ListCerts(PK11CertListAll, nullptr));
-  CERTCertListNode *node;
-
-  std::cout << std::setw(60) << std::left << "Certificate Nickname"
-            << " "
-            << "Trust Attributes" << std::endl;
-  std::cout << std::setw(60) << std::left << ""
-            << " "
-            << "SSL,S/MIME,JAR/XPI" << std::endl
-            << std::endl;
-
-  for (node = CERT_LIST_HEAD(list); !CERT_LIST_END(node, list);
-       node = CERT_LIST_NEXT(node)) {
-    CERTCertificate *cert = node->cert;
-
-    std::string name("(unknown)");
-    char *appData = static_cast<char *>(node->appData);
-    if (appData && strlen(appData) > 0) {
-      name = appData;
-    } else if (cert->nickname && strlen(cert->nickname) > 0) {
-      name = cert->nickname;
-    } else if (cert->emailAddr && strlen(cert->emailAddr) > 0) {
-      name = cert->emailAddr;
-    }
-
-    CERTCertTrust trust;
-    std::string trusts;
-    if (CERT_GetCertTrust(cert, &trust) == SECSuccess) {
-      std::stringstream ss;
-      ss << PrintFlags(trust.sslFlags);
-      ss << ",";
-      ss << PrintFlags(trust.emailFlags);
-      ss << ",";
-      ss << PrintFlags(trust.objectSigningFlags);
-      trusts = ss.str();
-    } else {
-      trusts = ",,";
-    }
-    std::cout << std::setw(60) << std::left << name << " " << trusts
-              << std::endl;
-  }
-}
-
-bool DBTool::ImportCertificate(const ArgParser &parser) {
-  if (!parser.Has("--name")) {
-    std::cerr << "A name (--name) is required to import a certificate."
-              << std::endl;
-    Usage();
-    return false;
-  }
-
-  std::string derFilePath = parser.Get("--import-cert");
-  std::string certName = parser.Get("--name");
-  std::string trustString("TCu,Cu,Tu");
-  if (parser.Has("--trusts")) {
-    trustString = parser.Get("--trusts");
-  }
-
-  CERTCertTrust trust;
-  SECStatus rv = CERT_DecodeTrustString(&trust, trustString.c_str());
-  if (rv != SECSuccess) {
-    std::cerr << "Cannot decode trust string!" << std::endl;
-    return false;
-  }
-
-  ScopedPK11SlotInfo slot(PK11_GetInternalKeySlot());
-  if (slot.get() == nullptr) {
-    std::cerr << "Error: Init PK11SlotInfo failed!" << std::endl;
-    return false;
-  }
-
-  std::vector<uint8_t> certData = ReadInputData(derFilePath);
-
-  ScopedCERTCertificate cert(CERT_DecodeCertFromPackage(
-      reinterpret_cast<char *>(certData.data()), certData.size()));
-  if (cert.get() == nullptr) {
-    std::cerr << "Error: Could not decode certificate!" << std::endl;
-    return false;
-  }
-
-  rv = PK11_ImportCert(slot.get(), cert.get(), CK_INVALID_HANDLE,
-                       certName.c_str(), PR_FALSE);
-  if (rv != SECSuccess) {
-    // TODO handle authentication -> PK11_Authenticate (see certutil.c line
-    // 134)
-    std::cerr << "Error: Could not add certificate to database!" << std::endl;
-    return false;
-  }
-
-  rv = CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), cert.get(), &trust);
-  if (rv != SECSuccess) {
-    std::cerr << "Cannot change cert's trust" << std::endl;
-    return false;
-  }
-
-  std::cout << "Certificate import was successful!" << std::endl;
-  // TODO show information about imported certificate
-  return true;
-}
-
-bool DBTool::ListKeys() {
-  ScopedPK11SlotInfo slot(PK11_GetInternalKeySlot());
-  if (slot.get() == nullptr) {
-    std::cerr << "Error: Init PK11SlotInfo failed!" << std::endl;
-    return false;
-  }
-
-  if (!DBLoginIfNeeded(slot)) {
-    return false;
-  }
-
-  ScopedSECKEYPrivateKeyList list(PK11_ListPrivateKeysInSlot(slot.get()));
-  if (list.get() == nullptr) {
-    std::cerr << "Listing private keys failed with error "
-              << PR_ErrorToName(PR_GetError()) << std::endl;
-    return false;
-  }
-
-  SECKEYPrivateKeyListNode *node;
-  int count = 0;
-  for (node = PRIVKEY_LIST_HEAD(list.get());
-       !PRIVKEY_LIST_END(node, list.get()); node = PRIVKEY_LIST_NEXT(node)) {
-    char *keyNameRaw = PK11_GetPrivateKeyNickname(node->key);
-    std::string keyName(keyNameRaw ? keyNameRaw : "");
-
-    if (keyName.empty()) {
-      ScopedCERTCertificate cert(PK11_GetCertFromPrivateKey(node->key));
-      if (cert.get()) {
-        if (cert->nickname && strlen(cert->nickname) > 0) {
-          keyName = cert->nickname;
-        } else if (cert->emailAddr && strlen(cert->emailAddr) > 0) {
-          keyName = cert->emailAddr;
-        }
-      }
-      if (keyName.empty()) {
-        keyName = "(none)";  // default value
-      }
-    }
-
-    SECKEYPrivateKey *key = node->key;
-    ScopedSECItem keyIDItem(PK11_GetLowLevelKeyIDForPrivateKey(key));
-    if (keyIDItem.get() == nullptr) {
-      std::cerr << "Error: PK11_GetLowLevelKeyIDForPrivateKey failed!"
-                << std::endl;
-      continue;
-    }
-
-    std::string keyID = StringToHex(keyIDItem);
-
-    if (count++ == 0) {
-      // print header
-      std::cout << std::left << std::setw(20) << "<key#, key name>"
-                << std::setw(20) << "key type"
-                << "key id" << std::endl;
-    }
-
-    std::stringstream leftElem;
-    leftElem << "<" << count << ", " << keyName << ">";
-    std::cout << std::left << std::setw(20) << leftElem.str() << std::setw(20)
-              << keyTypeName[key->keyType] << keyID << std::endl;
-  }
-
-  if (count == 0) {
-    std::cout << "No keys found." << std::endl;
-  }
-
-  return true;
-}
-
-bool DBTool::ImportKey(const ArgParser &parser) {
-  std::string privKeyFilePath = parser.Get("--import-key");
-  std::string name;
-  if (parser.Has("--name")) {
-    name = parser.Get("--name");
-  }
-
-  ScopedPK11SlotInfo slot(PK11_GetInternalKeySlot());
-  if (slot.get() == nullptr) {
-    std::cerr << "Error: Init PK11SlotInfo failed!" << std::endl;
-    return false;
-  }
-
-  if (!DBLoginIfNeeded(slot)) {
-    return false;
-  }
-
-  std::vector<uint8_t> privKeyData = ReadInputData(privKeyFilePath);
-  if (privKeyData.empty()) {
-    return false;
-  }
-  SECItem pkcs8PrivKeyItem = {
-      siBuffer, reinterpret_cast<unsigned char *>(privKeyData.data()),
-      static_cast<unsigned int>(privKeyData.size())};
-
-  SECItem nickname = {siBuffer, nullptr, 0};
-  if (!name.empty()) {
-    nickname.data = const_cast<unsigned char *>(
-        reinterpret_cast<const unsigned char *>(name.c_str()));
-    nickname.len = static_cast<unsigned int>(name.size());
-  }
-
-  SECStatus rv = PK11_ImportDERPrivateKeyInfo(
-      slot.get(), &pkcs8PrivKeyItem,
-      nickname.data == nullptr ? nullptr : &nickname, nullptr /*publicValue*/,
-      true /*isPerm*/, false /*isPrivate*/, KU_ALL, nullptr);
-  if (rv != SECSuccess) {
-    std::cerr << "Importing a private key in DER format failed with error "
-              << PR_ErrorToName(PR_GetError()) << std::endl;
-    return false;
-  }
-
-  std::cout << "Key import succeeded." << std::endl;
-  return true;
-}
-
-bool DBTool::DeleteCert(const ArgParser &parser) {
-  std::string certName = parser.Get("--delete-cert");
-  if (certName.empty()) {
-    std::cerr << "A name is required to delete a certificate." << std::endl;
-    Usage();
-    return false;
-  }
-
-  ScopedCERTCertificate cert(CERT_FindCertByNicknameOrEmailAddr(
-      CERT_GetDefaultCertDB(), certName.c_str()));
-  if (!cert) {
-    std::cerr << "Could not find certificate with name " << certName << "."
-              << std::endl;
-    return false;
-  }
-
-  SECStatus rv = SEC_DeletePermCertificate(cert.get());
-  if (rv != SECSuccess) {
-    std::cerr << "Unable to delete certificate with name " << certName << "."
-              << std::endl;
-    return false;
-  }
-
-  std::cout << "Certificate with name " << certName << " deleted successfully."
-            << std::endl;
-  return true;
-}
-
-bool DBTool::DeleteKey(const ArgParser &parser) {
-  std::string keyName = parser.Get("--delete-key");
-  if (keyName.empty()) {
-    std::cerr << "A name is required to delete a key." << std::endl;
-    Usage();
-    return false;
-  }
-
-  ScopedPK11SlotInfo slot(PK11_GetInternalKeySlot());
-  if (slot.get() == nullptr) {
-    std::cerr << "Error: Init PK11SlotInfo failed!" << std::endl;
-    return false;
-  }
-
-  if (!DBLoginIfNeeded(slot)) {
-    return false;
-  }
-
-  ScopedSECKEYPrivateKeyList list(PK11_ListPrivKeysInSlot(
-      slot.get(), const_cast<char *>(keyName.c_str()), nullptr));
-  if (list.get() == nullptr) {
-    std::cerr << "Fetching private keys with nickname " << keyName
-              << " failed with error " << PR_ErrorToName(PR_GetError())
-              << std::endl;
-    return false;
-  }
-
-  unsigned int foundKeys = 0, deletedKeys = 0;
-  SECKEYPrivateKeyListNode *node;
-  for (node = PRIVKEY_LIST_HEAD(list.get());
-       !PRIVKEY_LIST_END(node, list.get()); node = PRIVKEY_LIST_NEXT(node)) {
-    SECKEYPrivateKey *privKey = node->key;
-    foundKeys++;
-    // see PK11_DeleteTokenPrivateKey for example usage
-    // calling PK11_DeleteTokenPrivateKey directly does not work because it also
-    // destroys the SECKEYPrivateKey (by calling SECKEY_DestroyPrivateKey) -
-    // then SECKEY_DestroyPrivateKeyList does not
-    // work because it also calls SECKEY_DestroyPrivateKey
-    SECStatus rv =
-        PK11_DestroyTokenObject(privKey->pkcs11Slot, privKey->pkcs11ID);
-    if (rv == SECSuccess) {
-      deletedKeys++;
-    }
-  }
-
-  if (foundKeys > deletedKeys) {
-    std::cerr << "Some keys could not be deleted." << std::endl;
-  }
-
-  if (deletedKeys > 0) {
-    std::cout << "Found " << foundKeys << " keys." << std::endl;
-    std::cout << "Successfully deleted " << deletedKeys
-              << " key(s) with nickname " << keyName << "." << std::endl;
-  } else {
-    std::cout << "No key with nickname " << keyName << " found to delete."
-              << std::endl;
-  }
-
-  return true;
-}
diff --git a/security/nss/nss-tool/db/dbtool.h b/security/nss/nss-tool/db/dbtool.h
deleted file mode 100644
index dd0ef0ace..000000000
--- a/security/nss/nss-tool/db/dbtool.h
+++ /dev/null
@@ -1,28 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#ifndef dbtool_h__
-#define dbtool_h__
-
-#include <string>
-#include <vector>
-#include "argparse.h"
-#include "tool.h"
-
-class DBTool : public Tool {
- public:
-  bool Run(const std::vector<std::string>& arguments) override;
-
- private:
-  void Usage() override;
-  bool PathHasDBFiles(std::string path);
-  void ListCertificates();
-  bool ImportCertificate(const ArgParser& parser);
-  bool ListKeys();
-  bool ImportKey(const ArgParser& parser);
-  bool DeleteCert(const ArgParser& parser);
-  bool DeleteKey(const ArgParser& parser);
-};
-
-#endif  // dbtool_h__
diff --git a/security/nss/nss-tool/digest/digesttool.cc b/security/nss/nss-tool/digest/digesttool.cc
deleted file mode 100644
index 08c3e3ba7..000000000
--- a/security/nss/nss-tool/digest/digesttool.cc
+++ /dev/null
@@ -1,161 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "digesttool.h"
-#include "argparse.h"
-#include "scoped_ptrs.h"
-#include "util.h"
-
-#include <algorithm>
-#include <fstream>
-#include <iomanip>
-#include <iostream>
-
-#include <hasht.h>  // contains supported digest types
-#include <nss.h>
-#include <pk11pub.h>
-#include <prio.h>
-
-static SECOidData* HashTypeToOID(HASH_HashType hashtype) {
-  SECOidTag hashtag;
-
-  if (hashtype <= HASH_AlgNULL || hashtype >= HASH_AlgTOTAL) {
-    return nullptr;
-  }
-
-  switch (hashtype) {
-    case HASH_AlgMD5:
-      hashtag = SEC_OID_MD5;
-      break;
-    case HASH_AlgSHA1:
-      hashtag = SEC_OID_SHA1;
-      break;
-    case HASH_AlgSHA224:
-      hashtag = SEC_OID_SHA224;
-      break;
-    case HASH_AlgSHA256:
-      hashtag = SEC_OID_SHA256;
-      break;
-    case HASH_AlgSHA384:
-      hashtag = SEC_OID_SHA384;
-      break;
-    case HASH_AlgSHA512:
-      hashtag = SEC_OID_SHA512;
-      break;
-    default:
-      return nullptr;
-  }
-
-  return SECOID_FindOIDByTag(hashtag);
-}
-
-static SECOidData* HashNameToOID(const std::string& hashName) {
-  for (size_t htype = HASH_AlgNULL + 1; htype < HASH_AlgTOTAL; htype++) {
-    SECOidData* hashOID = HashTypeToOID(static_cast<HASH_HashType>(htype));
-    if (hashOID && std::string(hashOID->desc) == hashName) {
-      return hashOID;
-    }
-  }
-
-  return nullptr;
-}
-
-static bool Digest(const ArgParser& parser, SECOidData* hashOID);
-static bool ComputeDigest(std::istream& is, ScopedPK11Context& hashCtx);
-
-bool DigestTool::Run(const std::vector<std::string>& arguments) {
-  ArgParser parser(arguments);
-
-  if (parser.GetPositionalArgumentCount() != 1) {
-    Usage();
-    return false;
-  }
-
-  // no need for a db for the digest tool
-  SECStatus rv = NSS_NoDB_Init(".");
-  if (rv != SECSuccess) {
-    std::cerr << "NSS init failed!" << std::endl;
-    return false;
-  }
-
-  std::string hashName = parser.GetPositionalArgument(0);
-  std::transform(hashName.begin(), hashName.end(), hashName.begin(), ::toupper);
-  SECOidData* hashOID = HashNameToOID(hashName);
-  if (hashOID == nullptr) {
-    std::cerr << "Error: Unknown digest type "
-              << parser.GetPositionalArgument(0) << "." << std::endl;
-    return false;
-  }
-
-  bool ret = Digest(parser, hashOID);
-
-  // shutdown nss
-  if (NSS_Shutdown() != SECSuccess) {
-    std::cerr << "NSS Shutdown failed!" << std::endl;
-    return false;
-  }
-
-  return ret;
-}
-
-void DigestTool::Usage() {
-  std::cerr << "Usage: nss digest md5|sha-1|sha-224|sha-256|sha-384|sha-512 "
-               "[--infile <path>]"
-            << std::endl;
-}
-
-static bool Digest(const ArgParser& parser, SECOidData* hashOID) {
-  std::string inputFile;
-  if (parser.Has("--infile")) {
-    inputFile = parser.Get("--infile");
-  }
-
-  ScopedPK11Context hashCtx(PK11_CreateDigestContext(hashOID->offset));
-  if (hashCtx == nullptr) {
-    std::cerr << "Creating digest context failed." << std::endl;
-    return false;
-  }
-  PK11_DigestBegin(hashCtx.get());
-
-  std::ifstream fis;
-  std::istream& is = GetStreamFromFileOrStdin(inputFile, fis);
-  if (!is.good() || !ComputeDigest(is, hashCtx)) {
-    return false;
-  }
-
-  unsigned char digest[HASH_LENGTH_MAX];
-  unsigned int len;
-  SECStatus rv = PK11_DigestFinal(hashCtx.get(), digest, &len, HASH_LENGTH_MAX);
-  if (rv != SECSuccess || len == 0) {
-    std::cerr << "Calculating final hash value failed." << std::endl;
-    return false;
-  }
-
-  // human readable output
-  for (size_t i = 0; i < len; i++) {
-    std::cout << std::setw(2) << std::setfill('0') << std::hex
-              << static_cast<int>(digest[i]);
-  }
-  std::cout << std::endl;
-
-  return true;
-}
-
-static bool ComputeDigest(std::istream& is, ScopedPK11Context& hashCtx) {
-  while (is) {
-    unsigned char buf[4096];
-    is.read(reinterpret_cast<char*>(buf), sizeof(buf));
-    if (is.fail() && !is.eof()) {
-      std::cerr << "Error reading from input stream." << std::endl;
-      return false;
-    }
-    SECStatus rv = PK11_DigestOp(hashCtx.get(), buf, is.gcount());
-    if (rv != SECSuccess) {
-      std::cerr << "PK11_DigestOp failed." << std::endl;
-      return false;
-    }
-  }
-
-  return true;
-}
diff --git a/security/nss/nss-tool/digest/digesttool.h b/security/nss/nss-tool/digest/digesttool.h
deleted file mode 100644
index 0e18346f5..000000000
--- a/security/nss/nss-tool/digest/digesttool.h
+++ /dev/null
@@ -1,20 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#ifndef digest_tool_h__
-#define digest_tool_h__
-
-#include <string>
-#include <vector>
-#include "tool.h"
-
-class DigestTool : public Tool {
- public:
-  bool Run(const std::vector<std::string>& arguments) override;
-
- private:
-  void Usage() override;
-};
-
-#endif  // digest_tool_h__
diff --git a/security/nss/nss-tool/enc/enctool.cc b/security/nss/nss-tool/enc/enctool.cc
deleted file mode 100644
index b3c0d1dbe..000000000
--- a/security/nss/nss-tool/enc/enctool.cc
+++ /dev/null
@@ -1,464 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "enctool.h"
-#include "argparse.h"
-#include "util.h"
-
-#include "nss.h"
-
-#include <assert.h>
-#include <chrono>
-#include <fstream>
-#include <iomanip>
-#include <iostream>
-
-void EncTool::PrintError(const std::string& m, size_t line_number) {
-  std::cerr << m << " - enctool.cc:" << line_number << std::endl;
-}
-
-void EncTool::PrintError(const std::string& m, PRErrorCode err,
-                         size_t line_number) {
-  std::cerr << m << " (error " << err << ")"
-            << " - enctool.cc:" << line_number << std::endl;
-}
-
-void EncTool::PrintBytes(const std::vector<uint8_t>& bytes,
-                         const std::string& txt) {
-  if (debug_) {
-    std::cerr << txt << ": ";
-    for (uint8_t b : bytes) {
-      std::cerr << std::setfill('0') << std::setw(2) << std::hex
-                << static_cast<int>(b);
-    }
-    std::cerr << std::endl << std::dec;
-  }
-}
-
-std::vector<uint8_t> EncTool::GenerateRandomness(size_t num_bytes) {
-  std::vector<uint8_t> bytes(num_bytes);
-  if (PK11_GenerateRandom(bytes.data(), num_bytes) != SECSuccess) {
-    PrintError("No randomness available. Abort!", __LINE__);
-    exit(1);
-  }
-  return bytes;
-}
-
-bool EncTool::WriteBytes(const std::vector<uint8_t>& bytes,
-                         std::string out_file) {
-  std::fstream output(out_file, std::ios::out | std::ios::binary);
-  if (!output.good()) {
-    return false;
-  }
-  output.write(reinterpret_cast<const char*>(
-                   const_cast<const unsigned char*>(bytes.data())),
-               bytes.size());
-  output.flush();
-  output.close();
-  return true;
-}
-
-bool EncTool::GetKey(const std::vector<uint8_t>& key_bytes,
-                     ScopedSECItem& key_item) {
-  if (key_bytes.empty()) {
-    return false;
-  }
-
-  // Build key.
-  key_item =
-      ScopedSECItem(SECITEM_AllocItem(nullptr, nullptr, key_bytes.size()));
-  if (!key_item) {
-    return false;
-  }
-  key_item->type = siBuffer;
-  memcpy(key_item->data, key_bytes.data(), key_bytes.size());
-  key_item->len = key_bytes.size();
-
-  return true;
-}
-
-bool EncTool::GetAesGcmKey(const std::vector<uint8_t>& aad,
-                           const std::vector<uint8_t>& iv_bytes,
-                           const std::vector<uint8_t>& key_bytes,
-                           ScopedSECItem& aes_key, ScopedSECItem& params) {
-  if (iv_bytes.empty()) {
-    return false;
-  }
-
-  // GCM params.
-  CK_GCM_PARAMS* gcm_params =
-      static_cast<CK_GCM_PARAMS*>(PORT_Malloc(sizeof(struct CK_GCM_PARAMS)));
-  if (!gcm_params) {
-    return false;
-  }
-
-  uint8_t* iv = static_cast<uint8_t*>(PORT_Malloc(iv_bytes.size()));
-  if (!iv) {
-    return false;
-  }
-  memcpy(iv, iv_bytes.data(), iv_bytes.size());
-  gcm_params->pIv = iv;
-  gcm_params->ulIvLen = iv_bytes.size();
-  gcm_params->ulTagBits = 128;
-  if (aad.empty()) {
-    gcm_params->pAAD = nullptr;
-    gcm_params->ulAADLen = 0;
-  } else {
-    uint8_t* ad = static_cast<uint8_t*>(PORT_Malloc(aad.size()));
-    if (!ad) {
-      return false;
-    }
-    memcpy(ad, aad.data(), aad.size());
-    gcm_params->pAAD = ad;
-    gcm_params->ulAADLen = aad.size();
-  }
-
-  params =
-      ScopedSECItem(SECITEM_AllocItem(nullptr, nullptr, sizeof(*gcm_params)));
-  if (!params) {
-    return false;
-  }
-  params->len = sizeof(*gcm_params);
-  params->type = siBuffer;
-  params->data = reinterpret_cast<unsigned char*>(gcm_params);
-
-  return GetKey(key_bytes, aes_key);
-}
-
-bool EncTool::GenerateAesGcmKey(const std::vector<uint8_t>& aad,
-                                ScopedSECItem& aes_key, ScopedSECItem& params) {
-  size_t key_size = 16, iv_size = 12;
-  std::vector<uint8_t> iv_bytes = GenerateRandomness(iv_size);
-  PrintBytes(iv_bytes, "IV");
-  std::vector<uint8_t> key_bytes = GenerateRandomness(key_size);
-  PrintBytes(key_bytes, "key");
-  // Maybe write out the key and parameters.
-  if (write_key_ && !WriteBytes(key_bytes, key_file_)) {
-    return false;
-  }
-  if (write_iv_ && !WriteBytes(iv_bytes, iv_file_)) {
-    return false;
-  }
-  return GetAesGcmKey(aad, iv_bytes, key_bytes, aes_key, params);
-}
-
-bool EncTool::ReadAesGcmKey(const std::vector<uint8_t>& aad,
-                            ScopedSECItem& aes_key, ScopedSECItem& params) {
-  std::vector<uint8_t> iv_bytes = ReadInputData(iv_file_);
-  PrintBytes(iv_bytes, "IV");
-  std::vector<uint8_t> key_bytes = ReadInputData(key_file_);
-  PrintBytes(key_bytes, "key");
-  return GetAesGcmKey(aad, iv_bytes, key_bytes, aes_key, params);
-}
-
-bool EncTool::GetChachaKey(const std::vector<uint8_t>& aad,
-                           const std::vector<uint8_t>& iv_bytes,
-                           const std::vector<uint8_t>& key_bytes,
-                           ScopedSECItem& chacha_key, ScopedSECItem& params) {
-  if (iv_bytes.empty()) {
-    return false;
-  }
-
-  // AEAD params.
-  CK_NSS_AEAD_PARAMS* aead_params = static_cast<CK_NSS_AEAD_PARAMS*>(
-      PORT_Malloc(sizeof(struct CK_NSS_AEAD_PARAMS)));
-  if (!aead_params) {
-    return false;
-  }
-
-  uint8_t* iv = static_cast<uint8_t*>(PORT_Malloc(iv_bytes.size()));
-  if (!iv) {
-    return false;
-  }
-  memcpy(iv, iv_bytes.data(), iv_bytes.size());
-  aead_params->pNonce = iv;
-  aead_params->ulNonceLen = iv_bytes.size();
-  aead_params->ulTagLen = 16;
-  if (aad.empty()) {
-    aead_params->pAAD = nullptr;
-    aead_params->ulAADLen = 0;
-  } else {
-    uint8_t* ad = static_cast<uint8_t*>(PORT_Malloc(aad.size()));
-    if (!ad) {
-      return false;
-    }
-    memcpy(ad, aad.data(), aad.size());
-    aead_params->pAAD = ad;
-    aead_params->ulAADLen = aad.size();
-  }
-
-  params =
-      ScopedSECItem(SECITEM_AllocItem(nullptr, nullptr, sizeof(*aead_params)));
-  if (!params) {
-    return false;
-  }
-  params->len = sizeof(*aead_params);
-  params->type = siBuffer;
-  params->data = reinterpret_cast<unsigned char*>(aead_params);
-
-  return GetKey(key_bytes, chacha_key);
-}
-
-bool EncTool::GenerateChachaKey(const std::vector<uint8_t>& aad,
-                                ScopedSECItem& chacha_key,
-                                ScopedSECItem& params) {
-  size_t key_size = 32, iv_size = 12;
-  std::vector<uint8_t> iv_bytes = GenerateRandomness(iv_size);
-  PrintBytes(iv_bytes, "IV");
-  std::vector<uint8_t> key_bytes = GenerateRandomness(key_size);
-  PrintBytes(key_bytes, "key");
-  // Maybe write out the key and parameters.
-  if (write_key_ && !WriteBytes(key_bytes, key_file_)) {
-    return false;
-  }
-  if (write_iv_ && !WriteBytes(iv_bytes, iv_file_)) {
-    return false;
-  }
-  return GetChachaKey(aad, iv_bytes, key_bytes, chacha_key, params);
-}
-
-bool EncTool::ReadChachaKey(const std::vector<uint8_t>& aad,
-                            ScopedSECItem& chacha_key, ScopedSECItem& params) {
-  std::vector<uint8_t> iv_bytes = ReadInputData(iv_file_);
-  PrintBytes(iv_bytes, "IV");
-  std::vector<uint8_t> key_bytes = ReadInputData(key_file_);
-  PrintBytes(key_bytes, "key");
-  return GetChachaKey(aad, iv_bytes, key_bytes, chacha_key, params);
-}
-
-bool EncTool::DoCipher(std::string file_name, std::string out_file,
-                       bool encrypt, key_func_t get_params) {
-  SECStatus rv;
-  unsigned int outLen = 0, chunkSize = 1024;
-  char buffer[1040];
-  const unsigned char* bufferStart =
-      reinterpret_cast<const unsigned char*>(buffer);
-
-  ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
-  if (!slot) {
-    PrintError("Unable to find security device", PR_GetError(), __LINE__);
-    return false;
-  }
-
-  ScopedSECItem key, params;
-  if (!(this->*get_params)(std::vector<uint8_t>(), key, params)) {
-    PrintError("Geting keys and params failed.", __LINE__);
-    return false;
-  }
-
-  ScopedPK11SymKey symKey(
-      PK11_ImportSymKey(slot.get(), cipher_mech_, PK11_OriginUnwrap,
-                        CKA_DECRYPT | CKA_ENCRYPT, key.get(), nullptr));
-  if (!symKey) {
-    PrintError("Failure to import key into NSS", PR_GetError(), __LINE__);
-    return false;
-  }
-
-  std::streambuf* buf;
-  std::ofstream output_file(out_file, std::ios::out | std::ios::binary);
-  if (!out_file.empty()) {
-    if (!output_file.good()) {
-      return false;
-    }
-    buf = output_file.rdbuf();
-  } else {
-    buf = std::cout.rdbuf();
-  }
-  std::ostream output(buf);
-
-  // Read from stdin.
-  if (file_name.empty()) {
-    std::vector<uint8_t> data = ReadInputData("");
-    std::vector<uint8_t> out(data.size() + 16);
-    SECStatus rv;
-    if (encrypt) {
-      rv = PK11_Encrypt(symKey.get(), cipher_mech_, params.get(), out.data(),
-                        &outLen, data.size() + 16, data.data(), data.size());
-    } else {
-      rv = PK11_Decrypt(symKey.get(), cipher_mech_, params.get(), out.data(),
-                        &outLen, data.size() + 16, data.data(), data.size());
-    }
-    if (rv != SECSuccess) {
-      PrintError(encrypt ? "Error encrypting" : "Error decrypting",
-                 PR_GetError(), __LINE__);
-      return false;
-    };
-    output.write(reinterpret_cast<char*>(out.data()), outLen);
-    output.flush();
-    if (output_file.good()) {
-      output_file.close();
-    } else {
-      output << std::endl;
-    }
-
-    std::cerr << "Done " << (encrypt ? "encrypting" : "decrypting")
-              << std::endl;
-    return true;
-  }
-
-  // Read file from file_name.
-  std::ifstream input(file_name, std::ios::binary);
-  if (!input.good()) {
-    return false;
-  }
-  uint8_t out[1040];
-  while (input) {
-    if (encrypt) {
-      input.read(buffer, chunkSize);
-      rv = PK11_Encrypt(symKey.get(), cipher_mech_, params.get(), out, &outLen,
-                        chunkSize + 16, bufferStart, input.gcount());
-    } else {
-      // We have to read the tag when decrypting.
-      input.read(buffer, chunkSize + 16);
-      rv = PK11_Decrypt(symKey.get(), cipher_mech_, params.get(), out, &outLen,
-                        chunkSize + 16, bufferStart, input.gcount());
-    }
-    if (rv != SECSuccess) {
-      PrintError(encrypt ? "Error encrypting" : "Error decrypting",
-                 PR_GetError(), __LINE__);
-      return false;
-    };
-    output.write(reinterpret_cast<const char*>(out), outLen);
-    output.flush();
-  }
-  if (output_file.good()) {
-    output_file.close();
-  } else {
-    output << std::endl;
-  }
-  std::cerr << "Done " << (encrypt ? "encrypting" : "decrypting") << std::endl;
-
-  return true;
-}
-
-size_t EncTool::PrintFileSize(std::string file_name) {
-  std::ifstream input(file_name, std::ifstream::ate | std::ifstream::binary);
-  auto size = input.tellg();
-  std::cerr << "Size of file to encrypt: " << size / 1024 / 1024 << " MB"
-            << std::endl;
-  return size;
-}
-
-bool EncTool::IsValidCommand(ArgParser arguments) {
-  // Either encrypt or decrypt is fine.
-  bool valid = arguments.Has("--encrypt") != arguments.Has("--decrypt");
-  // An input file is required for decryption only.
-  valid &= arguments.Has("--in") || arguments.Has("--encrypt");
-  // An output file is required for encryption only.
-  valid &= arguments.Has("--out") || arguments.Has("--decrypt");
-  // Files holding the IV and key are required for decryption.
-  valid &= arguments.Has("--iv") || arguments.Has("--encrypt");
-  valid &= arguments.Has("--key") || arguments.Has("--encrypt");
-  // Cipher is always required.
-  valid &= arguments.Has("--cipher");
-  return valid;
-}
-
-bool EncTool::Run(const std::vector<std::string>& arguments) {
-  ArgParser parser(arguments);
-
-  if (!IsValidCommand(parser)) {
-    Usage();
-    return false;
-  }
-
-  if (NSS_NoDB_Init(nullptr) != SECSuccess) {
-    PrintError("NSS initialization failed", PR_GetError(), __LINE__);
-    return false;
-  }
-
-  if (parser.Has("--debug")) {
-    debug_ = 1;
-  }
-  if (parser.Has("--iv")) {
-    iv_file_ = parser.Get("--iv");
-  } else {
-    write_iv_ = false;
-  }
-  if (parser.Has("--key")) {
-    key_file_ = parser.Get("--key");
-  } else {
-    write_key_ = false;
-  }
-
-  key_func_t get_params;
-  bool encrypt = parser.Has("--encrypt");
-  if (parser.Get("--cipher") == kAESCommand) {
-    cipher_mech_ = CKM_AES_GCM;
-    if (encrypt) {
-      get_params = &EncTool::GenerateAesGcmKey;
-    } else {
-      get_params = &EncTool::ReadAesGcmKey;
-    }
-  } else if (parser.Get("--cipher") == kChaChaCommand) {
-    cipher_mech_ = CKM_NSS_CHACHA20_POLY1305;
-    if (encrypt) {
-      get_params = &EncTool::GenerateChachaKey;
-    } else {
-      get_params = &EncTool::ReadChachaKey;
-    }
-  } else {
-    Usage();
-    return false;
-  }
-  // Don't write out key and iv when decrypting.
-  if (!encrypt) {
-    write_key_ = false;
-    write_iv_ = false;
-  }
-
-  std::string input_file = parser.Has("--in") ? parser.Get("--in") : "";
-  std::string output_file = parser.Has("--out") ? parser.Get("--out") : "";
-  size_t file_size = 0;
-  if (!input_file.empty()) {
-    file_size = PrintFileSize(input_file);
-  }
-  auto begin = std::chrono::high_resolution_clock::now();
-  if (!DoCipher(input_file, output_file, encrypt, get_params)) {
-    (void)NSS_Shutdown();
-    return false;
-  }
-  auto end = std::chrono::high_resolution_clock::now();
-  auto ns =
-      std::chrono::duration_cast<std::chrono::nanoseconds>(end - begin).count();
-  auto seconds = ns / 1000000000;
-  std::cerr << ns << " ns (~" << seconds << " s) and " << std::endl;
-  std::cerr << "That's approximately " << (double)file_size / ns << " b/ns"
-            << std::endl;
-
-  if (NSS_Shutdown() != SECSuccess) {
-    return false;
-  }
-
-  return true;
-}
-
-void EncTool::Usage() {
-  std::string const txt = R"~(
-Usage: nss encrypt|decrypt --cipher aes|chacha [--in <file>] [--out <file>]
-           [--key <file>] [--iv <file>]
-
-    --cipher         Set the cipher to use.
-                     --cipher aes:    Use AES-GCM to encrypt/decrypt.
-                     --cipher chacha: Use ChaCha20/Poly1305 to encrypt/decrypt.
-    --in             The file to encrypt/decrypt. If no file is given, we read
-                     from stdin (only when encrypting).
-    --out            The file to write the ciphertext/plaintext to. If no file
-                     is given we write the plaintext to stdout (only when
-                     decrypting).
-    --key            The file to write the used key to/to read the key
-                     from. Optional parameter. When not given, don't write out
-                     the key.
-    --iv             The file to write the used IV to/to read the IV
-                     from. Optional parameter. When not given, don't write out
-                     the IV.
-
-    Examples:
-        nss encrypt --cipher aes --iv iv --key key --out ciphertext
-        nss decrypt --cipher chacha --iv iv --key key --in ciphertex
-
-    Note: This tool overrides files without asking.
-)~";
-  std::cerr << txt << std::endl;
-}
diff --git a/security/nss/nss-tool/enc/enctool.h b/security/nss/nss-tool/enc/enctool.h
deleted file mode 100644
index 5a6a5a164..000000000
--- a/security/nss/nss-tool/enc/enctool.h
+++ /dev/null
@@ -1,62 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#ifndef enctool_h__
-#define enctool_h__
-
-#include <string>
-#include <vector>
-#include "argparse.h"
-#include "prerror.h"
-#include "scoped_ptrs.h"
-#include "tool.h"
-
-class EncTool : public Tool {
- public:
-  bool Run(const std::vector<std::string>& arguments) override;
-  void Usage() override;
-
- private:
-  typedef bool (EncTool::*key_func_t)(const std::vector<uint8_t>& aad,
-                                      ScopedSECItem& chacha_key,
-                                      ScopedSECItem& params);
-  void PrintBytes(const std::vector<uint8_t>& bytes, const std::string& txt);
-  bool WriteBytes(const std::vector<uint8_t>& bytes, std::string out_file);
-  void PrintError(const std::string& m, PRErrorCode err, size_t line_number);
-  void PrintError(const std::string& m, size_t line_number);
-  bool GetKey(const std::vector<uint8_t>& key_bytes, ScopedSECItem& key_item);
-  bool GetAesGcmKey(const std::vector<uint8_t>& aad,
-                    const std::vector<uint8_t>& iv_bytes,
-                    const std::vector<uint8_t>& key_bytes,
-                    ScopedSECItem& aes_key, ScopedSECItem& params);
-  bool GetChachaKey(const std::vector<uint8_t>& aad,
-                    const std::vector<uint8_t>& iv_bytes,
-                    const std::vector<uint8_t>& key_bytes,
-                    ScopedSECItem& chacha_key, ScopedSECItem& params);
-  bool GenerateAesGcmKey(const std::vector<uint8_t>& aad,
-                         ScopedSECItem& aes_key, ScopedSECItem& params);
-  bool ReadAesGcmKey(const std::vector<uint8_t>& aad, ScopedSECItem& aes_key,
-                     ScopedSECItem& params);
-  std::vector<uint8_t> GenerateRandomness(size_t num_bytes);
-  bool GenerateChachaKey(const std::vector<uint8_t>& aad,
-                         ScopedSECItem& chacha_key, ScopedSECItem& params);
-  bool ReadChachaKey(const std::vector<uint8_t>& aad, ScopedSECItem& chacha_key,
-                     ScopedSECItem& params);
-  bool DoCipher(std::string fileName, std::string outFile, bool encrypt,
-                key_func_t get_params);
-  size_t PrintFileSize(std::string fileName);
-  bool IsValidCommand(ArgParser arguments);
-
-  bool debug_ = false;
-  bool write_key_ = true;
-  bool write_iv_ = true;
-  std::string key_file_ = "/tmp/key";
-  std::string iv_file_ = "/tmp/iv";
-  CK_MECHANISM_TYPE cipher_mech_;
-
-  const std::string kAESCommand = "aes";
-  const std::string kChaChaCommand = "chacha";
-};
-
-#endif  // enctool_h__
diff --git a/security/nss/nss-tool/nss_tool.cc b/security/nss/nss-tool/nss_tool.cc
deleted file mode 100644
index 8864f140d..000000000
--- a/security/nss/nss-tool/nss_tool.cc
+++ /dev/null
@@ -1,70 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include <algorithm>
-#include <cstring>
-#include <iostream>
-#include <memory>
-#include <string>
-#include <vector>
-
-#include <prinit.h>
-
-#include "argparse.h"
-#include "db/dbtool.h"
-#include "digest/digesttool.h"
-#include "enc/enctool.h"
-#include "tool.h"
-
-static void Usage() {
-  std::cerr << "Usage: nss <command> <subcommand> [options]" << std::endl;
-  std::cerr << "       nss db [--path <directory>] <commands>" << std::endl;
-  std::cerr << "       nss encrypt <options>" << std::endl;
-  std::cerr << "       nss decrypt <options>" << std::endl;
-  std::cerr << "       nss digest <options>" << std::endl;
-}
-
-static const std::string kDbCommand = "db";
-static const std::string kEncryptCommand = "encrypt";
-static const std::string kDecryptCommand = "decrypt";
-static const std::string kDigestCommand = "digest";
-
-int main(int argc, char **argv) {
-  if (argc < 2) {
-    Usage();
-    return 1;
-  }
-  std::vector<std::string> arguments(argv + 2, argv + argc);
-
-  std::unique_ptr<Tool> tool = nullptr;
-  if (argv[1] == kDbCommand) {
-    tool = std::unique_ptr<Tool>(new DBTool());
-  }
-  if (argv[1] == kEncryptCommand) {
-    tool = std::unique_ptr<Tool>(new EncTool());
-    arguments.push_back("--encrypt");
-  }
-  if (argv[1] == kDecryptCommand) {
-    tool = std::unique_ptr<Tool>(new EncTool());
-    arguments.push_back("--decrypt");
-  }
-  if (argv[1] == kDigestCommand) {
-    tool = std::unique_ptr<Tool>(new DigestTool());
-  }
-  if (!tool) {
-    Usage();
-    return 1;
-  }
-
-  int exit_code = 0;
-  PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
-
-  if (!tool->Run(arguments)) {
-    exit_code = 1;
-  }
-
-  PR_Cleanup();
-
-  return exit_code;
-}
diff --git a/security/nss/nss-tool/nss_tool.gyp b/security/nss/nss-tool/nss_tool.gyp
deleted file mode 100644
index a5d03fcf9..000000000
--- a/security/nss/nss-tool/nss_tool.gyp
+++ /dev/null
@@ -1,31 +0,0 @@
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-{
-  'includes' : [
-    '../coreconf/config.gypi',
-    '../cmd/platlibs.gypi',
-  ],
-  'targets' : [
-    {
-      'target_name' : 'nss',
-      'type' : 'executable',
-      'sources' : [
-        'nss_tool.cc',
-        'common/argparse.cc',
-        'common/util.cc',
-        'db/dbtool.cc',
-        'enc/enctool.cc',
-        'digest/digesttool.cc'
-      ],
-      'include_dirs': [
-        'common',
-      ],
-      'dependencies' : [
-        '<(DEPTH)/cpputil/cpputil.gyp:cpputil',
-        '<(DEPTH)/exports.gyp:dbm_exports',
-        '<(DEPTH)/exports.gyp:nss_exports',
-      ],
-    }
-  ],
-}
diff --git a/security/nss/nss.gyp b/security/nss/nss.gyp
index 9e9b49f7f..e62d28449 100644
--- a/security/nss/nss.gyp
+++ b/security/nss/nss.gyp
@@ -131,6 +131,7 @@
             'cmd/digest/digest.gyp:digest',
             'cmd/ecperf/ecperf.gyp:ecperf',
             'cmd/fbectest/fbectest.gyp:fbectest',
+            'cmd/fipstest/fipstest.gyp:fipstest',
             'cmd/httpserv/httpserv.gyp:httpserv',
             'cmd/listsuites/listsuites.gyp:listsuites',
             'cmd/makepqg/makepqg.gyp:makepqg',
@@ -148,7 +149,6 @@
             'cmd/pk1sign/pk1sign.gyp:pk1sign',
             'cmd/pp/pp.gyp:pp',
             'cmd/rsaperf/rsaperf.gyp:rsaperf',
-            'cmd/rsapoptst/rsapoptst.gyp:rsapoptst',
             'cmd/sdrtest/sdrtest.gyp:sdrtest',
             'cmd/selfserv/selfserv.gyp:selfserv',
             'cmd/shlibsign/mangle/mangle.gyp:mangle',
@@ -164,13 +164,10 @@
             'cmd/vfychain/vfychain.gyp:vfychain',
             'cmd/vfyserv/vfyserv.gyp:vfyserv',
             'gtests/certhigh_gtest/certhigh_gtest.gyp:certhigh_gtest',
-            'gtests/cryptohi_gtest/cryptohi_gtest.gyp:cryptohi_gtest',
             'gtests/der_gtest/der_gtest.gyp:der_gtest',
             'gtests/certdb_gtest/certdb_gtest.gyp:certdb_gtest',
             'gtests/freebl_gtest/freebl_gtest.gyp:prng_gtest',
-            'gtests/freebl_gtest/freebl_gtest.gyp:blake2b_gtest',
             'gtests/pk11_gtest/pk11_gtest.gyp:pk11_gtest',
-            'gtests/softoken_gtest/softoken_gtest.gyp:softoken_gtest',
             'gtests/ssl_gtest/ssl_gtest.gyp:ssl_gtest',
             'gtests/util_gtest/util_gtest.gyp:util_gtest',
             'gtests/nss_bogo_shim/nss_bogo_shim.gyp:nss_bogo_shim',
@@ -192,11 +189,6 @@
                 'gtests/freebl_gtest/freebl_gtest.gyp:freebl_gtest',
               ],
             }],
-            [ 'disable_fips==0', {
-              'dependencies': [
-                'cmd/fipstest/fipstest.gyp:fipstest',
-              ],
-            }],
           ],
         },
       ],
diff --git a/security/nss/readme.md b/security/nss/readme.md
index 17b99e805..b75bfe7dd 100644
--- a/security/nss/readme.md
+++ b/security/nss/readme.md
@@ -41,8 +41,49 @@ directory `lib`, and tools in directory `bin`. In order to run the tools, set
 your system environment to use the libraries of your build from the "lib"
 directory, e.g., using the `LD_LIBRARY_PATH` or `DYLD_LIBRARY_PATH`.
 
-See [help.txt](https://hg.mozilla.org/projects/nss/raw-file/tip/help.txt) for
-more information on using build.sh.
+    Usage: build.sh [-hcv] [-j <n>] [--nspr] [--gyp|-g] [--opt|-o] [-m32]
+                    [--test] [--pprof] [--scan-build[=output]] [--ct-verif]
+                    [--asan] [--ubsan] [--msan] [--sancov[=edge|bb|func|...]]
+                    [--disable-tests] [--fuzz[=tls|oss]] [--system-sqlite]
+                    [--no-zdefs] [--with-nspr] [--system-nspr] [--enable-libpkix]
+
+    This script builds NSS with gyp and ninja.
+
+    This build system is still under development.  It does not yet support all
+    the features or platforms that NSS supports.
+
+    NSS build tool options:
+
+        -h               display this help and exit
+        -c               clean before build
+        -v               verbose build
+        -j <n>           run at most <n> concurrent jobs
+        --nspr           force a rebuild of NSPR
+        --gyp|-g         force a rerun of gyp
+        --opt|-o         do an opt build
+        -m32             do a 32-bit build on a 64-bit system
+        --test           ignore map files and export everything we have
+        --fuzz           build fuzzing targets (this always enables test builds)
+                         --fuzz=tls to enable TLS fuzzing mode
+                         --fuzz=oss to build for OSS-Fuzz
+        --pprof          build with gperftool support
+        --ct-verif       build with valgrind for ct-verif
+        --scan-build     run the build with scan-build (scan-build has to be in the path)
+                         --scan-build=/out/path sets the output path for scan-build
+        --asan           do an asan build
+        --ubsan          do an ubsan build
+                         --ubsan=bool,shift,... sets specific UB sanitizers
+        --msan           do an msan build
+        --sancov         do sanitize coverage builds
+                         --sancov=func sets coverage to function level for example
+        --disable-tests  don't build tests and corresponding cmdline utils
+        --system-sqlite  use system sqlite
+        --no-zdefs       don't set -Wl,-z,defs
+        --with-nspr      don't build NSPR but use the one at the given location, e.g.
+                         --with-nspr=/path/to/nspr/include:/path/to/nspr/lib
+        --system-nspr    use system nspr. This requires an installation of NSPR and
+                         might not work on all systems.
+        --enable-libpkix make libpkix part of the build.
 
 ## Building NSS (legacy build system)
 
@@ -81,6 +122,10 @@ set or export:
 Note that you might have to add `nss.local` to `/etc/hosts` if it's not
 there. The entry should look something like `127.0.0.1 nss.local nss`.
 
+If you get name resolution errors, try to ensure that you are using an IPv4
+address; IPv6 is the default on many systems for the loopback device which
+doesn't work.
+
 ### Running tests
 
 **Runnning all tests will take a while!**
@@ -137,50 +182,3 @@ The nss directory contains the following important subdirectories:
 A more comprehensible overview of the NSS folder structure and API guidelines
 can be found
 [here](https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_API_Guidelines).
-
-## Build mechanisms related to FIPS compliance
-
-NSS supports build configurations for FIPS-140 compliance, and alternative build
-configurations that disable functionality specific to FIPS-140 compliance.
-
-This section documents the environment variables and build parameters that
-control these configurations.
-
-### Build FIPS startup tests
-
-The C macro NSS_NO_INIT_SUPPORT controls the FIPS startup self tests.
-If NSS_NO_INIT_SUPPORT is defined, the startup tests are disabled.
-
-The legacy build system (make) by default disables these tests.
-To enable these tests, set environment variable NSS_FORCE_FIPS=1 at build time.
-
-The gyp build system by default disables these tests.
-To enable these tests, pass parameter --enable-fips to build.sh.
-
-### Building either FIPS compliant or alternative compliant code
-
-The C macro NSS_FIPS_DISABLED can be used to disable some FIPS compliant code
-and enable alternative implementations.
-
-The legacy build system (make) never defines NSS_FIPS_DISABLED and always uses
-the FIPS compliant code.
-
-The gyp build system by default defines NSS_FIPS_DISABLED.
-To use the FIPS compliant code, pass parameter --enable-fips to build.sh.
-
-### Test execution
-
-The NSS test suite may contain tests that are included, excluded, or are
-different based on the FIPS build configuration. To execute the correct tests,
-it's necessary to determine which build configuration was used.
-
-The legacy build system (make) uses environment variables to control all
-aspects of the build configuration, including FIPS build configuration.
-
-Because the gyp build system doesn't use environment variables to control the
-build configuration, the NSS tests cannot rely on environment variables to
-determine the build configuration.
-
-A helper binary named nss-build-flags is produced as part of the NSS build,
-which prints the C macro symbols that were defined at build time, and which are
-relevant to test execution.
diff --git a/security/nss/tests/all.sh b/security/nss/tests/all.sh
index 8d5bd2dbb..833817f4a 100755
--- a/security/nss/tests/all.sh
+++ b/security/nss/tests/all.sh
@@ -63,6 +63,10 @@
 #   BUILT_OPT    - use optimized/debug build
 #   USE_64       - use 64bit/32bit build
 #
+# Optional environment variables to enable specific NSS features:
+# ---------------------------------------------------------------
+#   NSS_DISABLE_ECC             - disable ECC
+#
 # Optional environment variables to select which cycles/suites to test:
 # ---------------------------------------------------------------------
 #   NSS_CYCLES     - list of cycles to run (separated by space
@@ -103,16 +107,12 @@
 #
 ########################################################################
 
-RUN_FIPS=""
-
 ############################## run_tests ###############################
 # run test suites defined in TESTS variable, skip scripts defined in
 # TESTS_SKIP variable
 ########################################################################
 run_tests()
 {
-    echo "Running test cycle: ${TEST_MODE} ----------------------"
-    echo "List of tests that will be executed: ${TESTS}"
     for TEST in ${TESTS}
     do
         # NOTE: the spaces are important. If you don't include
@@ -132,20 +132,14 @@ run_tests()
 }
 
 ########################## run_cycle_standard ##########################
-# run test suites with dbm database (no PKIX, no sharedb)
+# run test suites with defaults settings (no PKIX, no sharedb)
 ########################################################################
 run_cycle_standard()
 {
     TEST_MODE=STANDARD
 
     TESTS="${ALL_TESTS}"
-    TESTS_SKIP="cipher libpkix sdr ocsp pkits"
-
-    NSS_DEFAULT_DB_TYPE="dbm"
-    export NSS_DEFAULT_DB_TYPE
-
-    NSS_SSL_TESTS=`echo "${NSS_SSL_TESTS}" | sed -e "s/normal//g" -e "s/fips//g" -e "s/_//g"`
-    NSS_SSL_RUN=`echo "${NSS_SSL_RUN}" | sed -e "s/cov//g" -e "s/auth//g"`
+    TESTS_SKIP=
 
     run_tests
 }
@@ -170,13 +164,7 @@ run_cycle_pkix()
 
     TESTS="${ALL_TESTS}"
     TESTS_SKIP="cipher dbtests sdr crmf smime merge multinit"
-
     NSS_SSL_TESTS=`echo "${NSS_SSL_TESTS}" | sed -e "s/normal//g" -e "s/fips//g" -e "s/_//g"`
-    export -n NSS_SSL_RUN
-
-    # use the default format. (unset for the shell, export -n for binaries)
-    export -n NSS_DEFAULT_DB_TYPE
-    unset NSS_DEFAULT_DB_TYPE
 
     run_tests
 }
@@ -199,7 +187,7 @@ run_cycle_upgrade_db()
     init_directories
 
     if [ -r "${OLDHOSTDIR}/cert.log" ]; then
-        DIRS="alicedir bobdir CA cert_extensions client clientCA dave eccurves eve ext_client ext_server $RUN_FIPS SDR server serverCA stapling tools/copydir cert.log cert.done tests.*"
+        DIRS="alicedir bobdir CA cert_extensions client clientCA dave eccurves eve ext_client ext_server fips SDR server serverCA stapling tools/copydir cert.log cert.done tests.*"
         for i in $DIRS
         do
             cp -r ${OLDHOSTDIR}/${i} ${HOSTDIR} #2> /dev/null
@@ -245,10 +233,10 @@ run_cycle_shared_db()
 
     # run the tests for native sharedb support
     TESTS="${ALL_TESTS}"
-    TESTS_SKIP="dbupgrade"
+    TESTS_SKIP="cipher libpkix dbupgrade sdr ocsp pkits"
 
-    export -n NSS_SSL_TESTS
-    export -n NSS_SSL_RUN
+    NSS_SSL_TESTS=`echo "${NSS_SSL_TESTS}" | sed -e "s/normal//g" -e "s/fips//g" -e "s/_//g"`
+    NSS_SSL_RUN=`echo "${NSS_SSL_RUN}" | sed -e "s/cov//g" -e "s/auth//g"`
 
     run_tests
 }
@@ -282,25 +270,10 @@ run_cycles()
 
 ############################## main code ###############################
 
-SCRIPTNAME=all.sh
-CLEANUP="${SCRIPTNAME}"
-cd `dirname $0`
-
-# all.sh should be the first one to try to source the init
-if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then
-    cd common
-    . ./init.sh
-fi
-
 cycles="standard pkix upgradedb sharedb"
 CYCLES=${NSS_CYCLES:-$cycles}
 
-NO_INIT_SUPPORT=`certutil --build-flags |grep -cw NSS_NO_INIT_SUPPORT`
-if [ $NO_INIT_SUPPORT -eq 0 ]; then
-    RUN_FIPS="fips"
-fi
-
-tests="cipher lowhash libpkix cert dbtests tools $RUN_FIPS sdr crmf smime ssl ocsp merge pkits ec gtests ssl_gtests"
+tests="cipher lowhash libpkix cert dbtests tools fips sdr crmf smime ssl ocsp merge pkits ec gtests ssl_gtests"
 # Don't run chains tests when we have a gyp build.
 if [ "$OBJDIR" != "Debug" -a "$OBJDIR" != "Release" ]; then
   tests="$tests chains"
@@ -309,15 +282,22 @@ TESTS=${NSS_TESTS:-$tests}
 
 ALL_TESTS=${TESTS}
 
-nss_ssl_tests="crl iopr policy"
-if [ $NO_INIT_SUPPORT -eq 0 ]; then
-    nss_ssl_tests="$nss_ssl_tests fips_normal normal_fips"
-fi
+nss_ssl_tests="crl fips_normal normal_fips iopr policy"
 NSS_SSL_TESTS="${NSS_SSL_TESTS:-$nss_ssl_tests}"
 
 nss_ssl_run="cov auth stapling stress"
 NSS_SSL_RUN="${NSS_SSL_RUN:-$nss_ssl_run}"
 
+SCRIPTNAME=all.sh
+CLEANUP="${SCRIPTNAME}"
+cd `dirname $0`
+
+# all.sh should be the first one to try to source the init
+if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then
+    cd common
+    . ./init.sh
+fi
+
 # NOTE:
 # Lists of enabled tests and other settings are stored to ${ENV_BACKUP}
 # file and are are restored after every test cycle.
diff --git a/security/nss/tests/cert/TestCA-bogus-rsa-pss1.crt b/security/nss/tests/cert/TestCA-bogus-rsa-pss1.crt
deleted file mode 100644
index e3c8fcdcf..000000000
--- a/security/nss/tests/cert/TestCA-bogus-rsa-pss1.crt
+++ /dev/null
@@ -1,26 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEbDCCAxqgAwIBAgIBATBHBgkqhkiG9w0BAQowOqAPMA0GCWCGSAFlAwQCAQUA

-oRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUAogMCASCjBAICEmcwgYMxCzAJ

-BgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1Nb3VudGFp

-biBWaWV3MRIwEAYDVQQKEwlCT0dVUyBOU1MxMzAxBgNVBAMTKk5TUyBUZXN0IENB

-IChSU0EtUFNTIGludmFsaWQgdHJhaWxlckZpZWxkKTAgFw0xNzEyMDcxMjU3NDBa

-GA8yMDY3MTIwNzEyNTc0MFowgYMxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxp

-Zm9ybmlhMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRIwEAYDVQQKEwlCT0dVUyBO

-U1MxMzAxBgNVBAMTKk5TUyBUZXN0IENBIChSU0EtUFNTIGludmFsaWQgdHJhaWxl

-ckZpZWxkKTCCAVwwRwYJKoZIhvcNAQEKMDqgDzANBglghkgBZQMEAgEFAKEcMBoG

-CSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgowQCAhJnA4IBDwAwggEKAoIB

-AQDgkKJk+PoFpESak7kMQ0w147/xilUZCG7hDGG2uuGTbX8jqy9N9pxzB9sJjgJX

-yYND0XEmrUQ2Memmy8jufhXML5DekW1tr3Gi2L3VivbIReJZfXk1xDMvNbB/Gjjo

-SoPyu8C4hnevjgMlmqG3KdMkB+eN6PnBG64YFyki3vnLO5iTNHEBTgFYo0gTX4uK

-xl0hLtiDL+4K5l7BwVgxZwQF6uHoHjrjjlhkzR0FwjjqR8U0pH20Pb6IlRsFMv07

-/1GHf+jm34pKb/1ZNzAbiKxYv7YAQUWEZ7e/GSXgA6gbTpV9ueiLkVucUeXN/mXK

-Tqb4zivi5FaSGVl8SJnqsJXJAgMBAAGjOTA3MBQGCWCGSAGG+EIBAQEB/wQEAwIC

-BDAPBgNVHRMECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwICBDBHBgkqhkiG9w0BAQow

-OqAPMA0GCWCGSAFlAwQCAQUAoRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUA

-ogMCASCjBAICEmcDggEBAJht9t9p/dlhJtx7ShDvUXyq8N4tCoGKdREM83K/jlW8

-HxdHOz5PuvZx+UMlaUtqZVIriSCnRtEWkoSo0hWmcv1rp80it2G1zLfLPYdyrPba

-nQmE1iFb69Wr9dwrX7o/CII+WHQgoIGeFGntZ8YRZTe5+JeiGAlAyZCqUKbl9lhh

-pCpf1YYxb3VI8mAGVi0jwabWBEbInGBZYH9HP0nK7/Tflk6UY3f4h4Fbkk5D4WZA

-hFfkebx6Wh90QGiKQhp4/N+dYira8bKvWqqn0VqwzBoJBU/RmMaJVpwqFFvcaUJh

-uEKUPeQbqkYvj1WJYmy4ettVwi4OZU50+kCaRQhMsFA=
------END CERTIFICATE-----
diff --git a/security/nss/tests/cert/TestCA-bogus-rsa-pss2.crt b/security/nss/tests/cert/TestCA-bogus-rsa-pss2.crt
deleted file mode 100644
index d46442dc4..000000000
--- a/security/nss/tests/cert/TestCA-bogus-rsa-pss2.crt
+++ /dev/null
@@ -1,24 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEFzCCAs2gAwIBAgIBATA/BgkqhkiG9w0BAQowMqAOMAwGCCqGSIb3DQIFBQCh

-GzAZBgkqhkiG9w0BAQgwDAYIKoZIhvcNAgUFAKIDAgEgMH4xCzAJBgNVBAYTAlVT

-MRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRIw

-EAYDVQQKEwlCT0dVUyBOU1MxLjAsBgNVBAMTJU5TUyBUZXN0IENBIChSU0EtUFNT

-IGludmFsaWQgaGFzaEFsZykwIBcNMTcxMjA3MTQwNjQ0WhgPMjA2ODAxMDcxNDA2

-NDRaMH4xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH

-Ew1Nb3VudGFpbiBWaWV3MRIwEAYDVQQKEwlCT0dVUyBOU1MxLjAsBgNVBAMTJU5T

-UyBUZXN0IENBIChSU0EtUFNTIGludmFsaWQgaGFzaEFsZykwggEgMAsGCSqGSIb3

-DQEBCgOCAQ8AMIIBCgKCAQEAtDXA73yTOgs8zVYNMCtuQ9a07UgbfeQbjHp3pkF6

-7rsC/Q28mrLh+zLkht5e7qU/Qf/8a2ZkcYhPOBAjCzjgIXOdE2lsWvdVujOJLR0x

-Fesd3hDLRmL6f6momc+j1/Tw3bKyZinaeJ9BFRv9c94SayB3QUe+6+TNJKASwlhj

-sx6mUsND+h3DkuL77gi7hIUpUXfFSwa+zM69VLhIu+/WRZfG8gfKkCAIGUC3WYJa

-eU1HgQKfVSXW0ok4ototXWEe9ohU+Z1tO9LJStcY8mMpig7EU9zbpObhG46Sykfu

-aKsubB9J+gFgwP5Tb85tRYT6SbHeHR6U/N8GBrKdRcomWwIDAQABozwwOjAUBglg

-hkgBhvhCAQEBAf8EBAMCAgQwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8E

-BAMCAgQwPwYJKoZIhvcNAQEKMDKgDjAMBggqhkiG9w0CBQUAoRswGQYJKoZIhvcN

-AQEIMAwGCCqGSIb3DQIFBQCiAwIBIAOCAQEAjeemeTxh2xrMUJ6Z5Yn2nH2FbcPY

-fTHJcdfXjfNBkrMl5pe2/lk0JyNuACTuTYFCxdWNRL1coN//h9DSUbF3dpF1ex6D

-difo+6PwxkO2aPVGPYw4DSivt4SFbn5dKGgVqBQfnmNK7p/iT91AcErg/grRrNL+

-4jeT0UiRjQYeX9xKJArv+ocIidNpQL3QYxXuBLZxVC92Af69ol7WG8QBRLnFi1p2

-g6q8hOHqOfB29qnsSo3PkI1yuShOl50tRLbNgyotEfZdk1N3oXvapoBsm/jlcdCT

-0aKelCSQYYAfyl5PKCpa1lgBm7zfcHSDStMhEEFu/fbnJhqO9g9znj3STQ==
------END CERTIFICATE-----
diff --git a/security/nss/tests/cert/cert.sh b/security/nss/tests/cert/cert.sh
index d1a9148a9..9b3455747 100755
--- a/security/nss/tests/cert/cert.sh
+++ b/security/nss/tests/cert/cert.sh
@@ -46,7 +46,11 @@ cert_init()
   fi
   SCRIPTNAME="cert.sh"
   CRL_GRP_DATE=`date -u "+%Y%m%d%H%M%SZ"`
-  html_head "Certutil and Crlutil Tests"
+  if [ -z "$NSS_DISABLE_ECC" ] ; then
+      html_head "Certutil and Crlutil Tests with ECC"
+  else
+      html_head "Certutil and Crlutil Tests"
+  fi
 
   LIBDIR="${DIST}/${OBJDIR}/lib"
 
@@ -296,12 +300,14 @@ cert_create_cert()
 	fi
 
 
+    if [ -z "$NSS_DISABLE_ECC" ] ; then
 	CU_ACTION="Import EC Root CA for $CERTNAME"
 	certu -A -n "TestCA-ec" -t "TC,TC,TC" -f "${R_PWFILE}" \
 	    -d "${PROFILEDIR}" -i "${R_CADIR}/TestCA-ec.ca.cert" 2>&1
 	if [ "$RET" -ne 0 ]; then
             return $RET
 	fi
+    fi
 
     cert_add_cert "$5"
     return $?
@@ -396,6 +402,7 @@ cert_add_cert()
 #
 #   Generate and add EC cert
 #
+    if [ -z "$NSS_DISABLE_ECC" ] ; then
 	CURVE="secp384r1"
 	CU_ACTION="Generate EC Cert Request for $CERTNAME"
 	CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
@@ -447,6 +454,7 @@ cert_add_cert()
             return $RET
 	fi
 	cert_log "SUCCESS: $CERTNAME's mixed EC Cert Created"
+    fi
 
     return 0
 }
@@ -459,7 +467,6 @@ cert_add_cert()
 cert_all_CA()
 {
     echo nss > ${PWFILE}
-    echo > ${EMPTY_FILE}
 
     ALL_CU_SUBJECT="CN=NSS Test CA, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
     cert_CA $CADIR TestCA -x "CTu,CTu,CTu" ${D_CA} "1"
@@ -510,16 +517,10 @@ cert_all_CA()
 #	dsaroot.cert in $CLIENT_CADIR and in $SERVER_CADIR is one of the last 
 #	in the chain
 
-#
-#       Create RSA-PSS version of TestCA
-	ALL_CU_SUBJECT="CN=NSS Test CA (RSA-PSS), O=BOGUS NSS, L=Mountain View, ST=California, C=US"
-	cert_rsa_pss_CA $CADIR TestCA-rsa-pss -x "CTu,CTu,CTu" ${D_CA} "1" SHA256
-	rm $CADIR/rsapssroot.cert
 
-	ALL_CU_SUBJECT="CN=NSS Test CA (RSA-PSS-SHA1), O=BOGUS NSS, L=Mountain View, ST=California, C=US"
-	cert_rsa_pss_CA $CADIR TestCA-rsa-pss-sha1 -x "CTu,CTu,CTu" ${D_CA} "1" SHA1
-	rm $CADIR/rsapssroot.cert
 
+
+    if [ -z "$NSS_DISABLE_ECC" ] ; then
 #
 #       Create EC version of TestCA
 	CA_CURVE="secp521r1"
@@ -544,6 +545,8 @@ cert_all_CA()
 	rm $CLIENT_CADIR/ecroot.cert $SERVER_CADIR/ecroot.cert
 #	ecroot.cert in $CLIENT_CADIR and in $SERVER_CADIR is one of the last 
 #	in the chain
+
+    fi
 }
 
 ################################# cert_CA ################################
@@ -634,7 +637,7 @@ CERTSCRIPT
 ################################ cert_dsa_CA #############################
 # local shell function to build the Temp. Certificate Authority (CA)
 # used for testing purposes, creating  a CA Certificate and a root cert
-# This is the DSA version of cert_CA.
+# This is the ECC version of cert_CA.
 ##########################################################################
 cert_dsa_CA()
 {
@@ -645,7 +648,7 @@ cert_dsa_CA()
   DOMAIN=$5
   CERTSERIAL=$6
 
-  echo "$SCRIPTNAME: Creating a DSA CA Certificate $NICKNAME =========================="
+  echo "$SCRIPTNAME: Creating an DSA CA Certificate $NICKNAME =========================="
 
   if [ ! -d "${CUR_CADIR}" ]; then
       mkdir -p "${CUR_CADIR}"
@@ -658,7 +661,7 @@ cert_dsa_CA()
 	LPROFILE="multiaccess:${DOMAIN}"
   fi
 
-  ################# Creating a DSA CA Cert ###############################
+  ################# Creating an DSA CA Cert ###############################
   #
   CU_ACTION="Creating DSA CA Cert $NICKNAME "
   CU_SUBJECT=$ALL_CU_SUBJECT
@@ -697,79 +700,6 @@ CERTSCRIPT
 
 
 
-
-################################ cert_rsa_pss_CA #############################
-# local shell function to build the Temp. Certificate Authority (CA)
-# used for testing purposes, creating  a CA Certificate and a root cert
-# This is the RSA-PSS version of cert_CA.
-##########################################################################
-cert_rsa_pss_CA()
-{
-  CUR_CADIR=$1
-  NICKNAME=$2
-  SIGNER=$3
-  TRUSTARG=$4
-  DOMAIN=$5
-  CERTSERIAL=$6
-  HASHALG=$7
-
-  echo "$SCRIPTNAME: Creating an RSA-PSS CA Certificate $NICKNAME =========================="
-
-  if [ ! -d "${CUR_CADIR}" ]; then
-      mkdir -p "${CUR_CADIR}"
-  fi
-  cd ${CUR_CADIR}
-  pwd
-
-  LPROFILE=.
-  if [ -n "${MULTIACCESS_DBM}" ]; then
-	LPROFILE="multiaccess:${DOMAIN}"
-  fi
-
-  HASHOPT=
-  if [ -n "$HASHALG" ]; then
-        HASHOPT="-Z $HASHALG"
-  fi
-
-  ################# Creating an RSA-PSS CA Cert ###############################
-  #
-  CU_ACTION="Creating RSA-PSS CA Cert $NICKNAME "
-  CU_SUBJECT=$ALL_CU_SUBJECT
-  certu -S -n $NICKNAME -k rsa --pss $HASHOPT -t $TRUSTARG -v 600 $SIGNER \
-    -d ${LPROFILE} -1 -2 -5 -f ${R_PWFILE} -z ${R_NOISE_FILE} \
-    -m $CERTSERIAL 2>&1 <<CERTSCRIPT
-5
-6
-9
-n
-y
--1
-n
-5
-6
-7
-9
-n
-CERTSCRIPT
-
-  if [ "$RET" -ne 0 ]; then
-      echo "return value is $RET"
-      Exit 6 "Fatal - failed to create RSA-PSS CA cert"
-  fi
-
-  ################# Exporting RSA-PSS Root Cert ###############################
-  #
-  CU_ACTION="Exporting RSA-PSS Root Cert"
-  certu -L -n  $NICKNAME -r -d ${LPROFILE} -o rsapssroot.cert
-  if [ "$RET" -ne 0 ]; then
-      Exit 7 "Fatal - failed to export RSA-PSS root cert"
-  fi
-  cp rsapssroot.cert ${NICKNAME}.ca.cert
-}
-
-
-
-
 ################################ cert_ec_CA ##############################
 # local shell function to build the Temp. Certificate Authority (CA)
 # used for testing purposes, creating  a CA Certificate and a root cert
@@ -901,6 +831,7 @@ cert_smime_client()
   certu -E -t ",," -d ${P_R_BOBDIR} -f ${R_PWFILE} \
         -i ${R_EVEDIR}/Eve.cert 2>&1
 
+  if [ -z "$NSS_DISABLE_ECC" ] ; then
       echo "$SCRIPTNAME: Importing EC Certificates =============================="
       CU_ACTION="Import Bob's EC cert into Alice's db"
       certu -E -t ",," -d ${P_R_ALICEDIR} -f ${R_PWFILE} \
@@ -924,6 +855,7 @@ cert_smime_client()
 #     CU_ACTION="Import Eve's EC cert into Bob's DB"
 #     certu -E -t ",," -d ${P_R_BOBDIR} -f ${R_PWFILE} \
 #         -i ${R_EVEDIR}/Eve-ec.cert 2>&1
+  fi
 
   if [ "$CERTFAILED" != 0 ] ; then
       cert_log "ERROR: SMIME failed $RET"
@@ -1014,6 +946,7 @@ cert_extended_ssl()
 #	  -d "${PROFILEDIR}" -i "${CLIENT_CADIR}/clientCA-dsamixed.ca.cert" \
 #	  2>&1
 
+  if [ -z "$NSS_DISABLE_ECC" ] ; then
 #
 #     Repeat the above for EC certs
 #
@@ -1059,6 +992,7 @@ cert_extended_ssl()
 #      certu -A -n "clientCA-ecmixed" -t "T,," -f "${R_PWFILE}" \
 #	  -d "${PROFILEDIR}" -i "${CLIENT_CADIR}/clientCA-ecmixed.ca.cert" \
 #	  2>&1
+  fi
 
   echo "Importing all the server's own CA chain into the servers DB"
   for CA in `find ${SERVER_CADIR} -name "?*.ca.cert"` ;
@@ -1147,6 +1081,7 @@ cert_extended_ssl()
 # done with mixed DSA certs
 #
 
+  if [ -z "$NSS_DISABLE_ECC" ] ; then
 #
 #     Repeat the above for EC certs
 #
@@ -1193,6 +1128,7 @@ cert_extended_ssl()
 #
 # done with mixed EC certs
 #
+  fi
 
   echo "Importing all the client's own CA chain into the servers DB"
   for CA in `find ${CLIENT_CADIR} -name "?*.ca.cert"` ;
@@ -1239,8 +1175,10 @@ cert_ssl()
   CU_ACTION="Modify trust attributes of DSA Root CA -t TC,TC,TC"
   certu -M -n "TestCA-dsa" -t "TC,TC,TC" -d ${PROFILEDIR} -f "${R_PWFILE}"
 
-  CU_ACTION="Modify trust attributes of EC Root CA -t TC,TC,TC"
-  certu -M -n "TestCA-ec" -t "TC,TC,TC" -d ${PROFILEDIR} -f "${R_PWFILE}"
+  if [ -z "$NSS_DISABLE_ECC" ] ; then
+      CU_ACTION="Modify trust attributes of EC Root CA -t TC,TC,TC"
+      certu -M -n "TestCA-ec" -t "TC,TC,TC" -d ${PROFILEDIR} -f "${R_PWFILE}"
+  fi
 #  cert_init_cert ${SERVERDIR} "${HOSTADDR}" 1 ${D_SERVER}
 #  echo "************* Copying CA files to ${SERVERDIR}"
 #  cp ${CADIR}/*.db .
@@ -1261,12 +1199,6 @@ cert_ssl()
   cp -r ${R_SERVERDIR} ${R_STAPLINGDIR}
   pk12u -o ${R_STAPLINGDIR}/ca.p12 -n TestCA -k ${R_PWFILE} -w ${R_PWFILE} -d ${R_CADIR}
   pk12u -i ${R_STAPLINGDIR}/ca.p12 -k ${R_PWFILE} -w ${R_PWFILE} -d ${R_STAPLINGDIR}
-
-  echo "$SCRIPTNAME: Creating database for strsclnt no login tests  ==============="
-  echo "cp -r ${CLIENTDIR} ${NOLOGINDIR}"
-  cp -r ${R_CLIENTDIR} ${R_NOLOGINDIR}
-  # change the password to empty
-  certu -W -d "${R_NOLOGINDIR}" -f "${R_PWFILE}" -@ "${R_EMPTY_FILE}" 2>&1
 }
 
 ############################## cert_stresscerts ################################
@@ -1337,35 +1269,12 @@ MODSCRIPT
     html_passed "${CU_ACTION}"
   fi
 
-  CU_ACTION="Setting invalid database password in FIPS mode"
-  RETEXPECTED=255
-  certu -W -d "${PROFILEDIR}" -f "${R_FIPSPWFILE}" -@ "${R_FIPSBADPWFILE}" 2>&1
-  CU_ACTION="Attempt to generate a key with exponent of 3 (too small)"
-  certu -G -k rsa -g 2048 -y 3 -d "${PROFILEDIR}" -z ${R_NOISE_FILE} -f "${R_FIPSPWFILE}" 
-  CU_ACTION="Attempt to generate a key with exponent of 17 (too small)"
-  certu -G -k rsa -g 2048 -y 17 -d "${PROFILEDIR}" -z ${R_NOISE_FILE} -f "${R_FIPSPWFILE}" 
-  RETEXPECTED=0
-
   CU_ACTION="Generate Certificate for ${CERTNAME}"
   CU_SUBJECT="CN=${CERTNAME}, E=fips@bogus.com, O=BOGUS NSS, OU=FIPS PUB 140, L=Mountain View, ST=California, C=US"
   certu -S -n ${FIPSCERTNICK} -x -t "Cu,Cu,Cu" -d "${PROFILEDIR}" -f "${R_FIPSPWFILE}" -k dsa -v 600 -m 500 -z "${R_NOISE_FILE}" 2>&1
   if [ "$RET" -eq 0 ]; then
     cert_log "SUCCESS: FIPS passed"
   fi
-
-}
-
-########################## cert_rsa_exponent #################################
-# local shell function to verify small rsa exponent can be used (only
-# run if FIPS has not been turned on in the build).
-##############################################################################
-cert_rsa_exponent_nonfips()
-{
-  echo "$SCRIPTNAME: Verify that small RSA exponents still work  =============="
-  CU_ACTION="Attempt to generate a key with exponent of 3"
-  certu -G -k rsa -g 2048 -y 3 -d "${CLIENTDIR}" -z ${R_NOISE_FILE} -f "${R_PWFILE}" 
-  CU_ACTION="Attempt to generate a key with exponent of 17"
-  certu -G -k rsa -g 2048 -y 17 -d "${CLIENTDIR}" -z ${R_NOISE_FILE} -f "${R_PWFILE}" 
 }
 
 ############################## cert_eccurves ###########################
@@ -1375,6 +1284,7 @@ cert_eccurves()
 {
   ################# Creating Certs for EC curves test ########################
   #
+  if [ -z "$NSS_DISABLE_ECC" ] ; then
     echo "$SCRIPTNAME: Creating Server CA Issued Certificate for "
     echo "             EC Curves Test Certificates ------------------------------------"
 
@@ -1415,6 +1325,8 @@ cert_eccurves()
 		-f "${R_PWFILE}" -i "${CERTNAME}-ec.cert" 2>&1
 	fi
     done
+
+  fi # $NSS_DISABLE_ECC
 }
 
 ########################### cert_extensions_test #############################
@@ -1766,6 +1678,7 @@ EOF_CRLINI
 
 
 
+  if [ -z "$NSS_DISABLE_ECC" ] ; then
       CU_ACTION="Generating CRL (ECC) for range ${CRL_GRP_1_BEGIN}-${CRL_GRP_END} TestCA-ec authority"
 
 #     Until Bug 292285 is resolved, do not encode x400 Addresses. After
@@ -1780,6 +1693,7 @@ addext issuerAltNames 0 "rfc822Name:ca-ecemail@ca.com|dnsName:ca-ec.com|director
 EOF_CRLINI
       CRL_GEN_RES=`expr $? + $CRL_GEN_RES`
       chmod 600 ${CRL_FILE_GRP_1}_or-ec
+  fi
 
   echo test > file
   ############################# Modification ##################################
@@ -1810,6 +1724,7 @@ EOF_CRLINI
   TEMPFILES="$TEMPFILES ${CRL_FILE_GRP_1}_or-dsa"
 
 
+  if [ -z "$NSS_DISABLE_ECC" ] ; then
       CU_ACTION="Modify CRL (ECC) by adding one more cert"
       crlu -d $CADIR -M -n "TestCA-ec" -f ${R_PWFILE} \
 	  -o ${CRL_FILE_GRP_1}_or1-ec -i ${CRL_FILE_GRP_1}_or-ec <<EOF_CRLINI
@@ -1819,6 +1734,7 @@ EOF_CRLINI
       CRL_GEN_RES=`expr $? + $CRL_GEN_RES`
       chmod 600 ${CRL_FILE_GRP_1}_or1-ec
       TEMPFILES="$TEMPFILES ${CRL_FILE_GRP_1}_or-ec"
+  fi
 
   ########### Removing one cert ${UNREVOKED_CERT_GRP_1} #######################
   echo "$SCRIPTNAME: Modifying CA CRL by removing one cert ==============="
@@ -1847,6 +1763,7 @@ EOF_CRLINI
 
 
 
+  if [ -z "$NSS_DISABLE_ECC" ] ; then
       CU_ACTION="Modify CRL (ECC) by removing one cert"
       crlu -d $CADIR -M -n "TestCA-ec" -f ${R_PWFILE} -o ${CRL_FILE_GRP_1}-ec \
 	  -i ${CRL_FILE_GRP_1}_or1-ec <<EOF_CRLINI
@@ -1855,6 +1772,7 @@ rmcert  ${UNREVOKED_CERT_GRP_1}
 EOF_CRLINI
       chmod 600 ${CRL_FILE_GRP_1}-ec
       TEMPFILES="$TEMPFILES ${CRL_FILE_GRP_1}_or1-ec"
+  fi
 
   ########### Creating second CRL which includes groups 1 and 2 ##############
   CRL_GRP_END=`expr ${CRL_GRP_2_BEGIN} + ${CRL_GRP_2_RANGE} - 1`
@@ -1874,6 +1792,7 @@ rmcert  ${UNREVOKED_CERT_GRP_2}
 EOF_CRLINI
   CRL_GEN_RES=`expr $? + $CRL_GEN_RES`
   chmod 600 ${CRL_FILE_GRP_2}
+  if [ -z "$NSS_DISABLE_ECC" ] ; then
       CU_ACTION="Creating CRL (ECC) for groups 1 and 2"
       crlu -d $CADIR -M -n "TestCA-ec" -f ${R_PWFILE} -o ${CRL_FILE_GRP_2}-ec \
           -i ${CRL_FILE_GRP_1}-ec <<EOF_CRLINI
@@ -1884,6 +1803,7 @@ rmcert  ${UNREVOKED_CERT_GRP_2}
 EOF_CRLINI
       CRL_GEN_RES=`expr $? + $CRL_GEN_RES`
       chmod 600 ${CRL_FILE_GRP_2}-ec
+  fi
 
   ########### Creating second CRL which includes groups 1, 2 and 3 ##############
   CRL_GRP_END=`expr ${CRL_GRP_3_BEGIN} + ${CRL_GRP_3_RANGE} - 1`
@@ -1905,6 +1825,7 @@ addext crlNumber 0 2
 EOF_CRLINI
   CRL_GEN_RES=`expr $? + $CRL_GEN_RES`
   chmod 600 ${CRL_FILE_GRP_3}
+  if [ -z "$NSS_DISABLE_ECC" ] ; then
       CU_ACTION="Creating CRL (ECC) for groups 1, 2 and 3"
       crlu -d $CADIR -M -n "TestCA-ec" -f ${R_PWFILE} -o ${CRL_FILE_GRP_3}-ec \
           -i ${CRL_FILE_GRP_2}-ec <<EOF_CRLINI
@@ -1915,6 +1836,7 @@ addext crlNumber 0 2
 EOF_CRLINI
       CRL_GEN_RES=`expr $? + $CRL_GEN_RES`
       chmod 600 ${CRL_FILE_GRP_3}-ec
+  fi
 
   ############ Importing Server CA Issued CRL for certs of first group #######
 
@@ -1923,11 +1845,13 @@ EOF_CRLINI
   crlu -D -n TestCA  -f "${R_PWFILE}" -d "${R_SERVERDIR}"
   crlu -I -i ${CRL_FILE} -n "TestCA" -f "${R_PWFILE}" -d "${R_SERVERDIR}"
   CRL_GEN_RES=`expr $? + $CRL_GEN_RES`
+  if [ -z "$NSS_DISABLE_ECC" ] ; then
       CU_ACTION="Importing CRL (ECC) for groups 1"
       crlu -D -n TestCA-ec  -f "${R_PWFILE}" -d "${R_SERVERDIR}"
       crlu -I -i ${CRL_FILE}-ec -n "TestCA-ec" -f "${R_PWFILE}" \
 	  -d "${R_SERVERDIR}"
       CRL_GEN_RES=`expr $? + $CRL_GEN_RES`
+  fi
 
   if [ "$CERTFAILED" != 0 -o "$CRL_GEN_RES" != 0 ] ; then
       cert_log "ERROR: SSL CRL prep failed $CERTFAILED : $CRL_GEN_RES"
@@ -2044,387 +1968,6 @@ cert_test_ocspresp()
   ocspr ${SERVER_CADIR} "serverCA" "chain-1-serverCA" -f "${R_PWFILE}" 2>&1
 }
 
-cert_test_implicit_db_init()
-{
-  echo "$SCRIPTNAME: test implicit database init"
-
-  CU_ACTION="Add cert with trust flags to db with implicit init"
-  mkdir ${IMPLICIT_INIT_DIR}
-  certu -A -n ca -t 'C,C,C' -d ${P_R_IMPLICIT_INIT_DIR} -i "${SERVER_CADIR}/serverCA.ca.cert"
-}
-
-check_sign_algo()
-{
-  certu -L -n "$CERTNAME" -d "${PROFILEDIR}" -f "${R_PWFILE}" | \
-      sed -n '/^ *Data:/,/^$/{
-/^        Signature Algorithm/,/^ *Salt length/s/^        //p
-}' > ${TMP}/signalgo.txt
-
-  diff ${TMP}/signalgo.exp ${TMP}/signalgo.txt
-  RET=$?
-  if [ "$RET" -ne 0 ]; then
-      CERTFAILED=$RET
-      html_failed "${CU_ACTION} ($RET) "
-      cert_log "ERROR: ${CU_ACTION} failed $RET"
-  else
-      html_passed "${CU_ACTION}"
-  fi
-}
-
-cert_test_rsapss()
-{
-  TEMPFILES="$TEMPFILES ${TMP}/signalgo.exp ${TMP}/signalgo.txt"
-
-  cert_init_cert "${RSAPSSDIR}" "RSA-PSS Test Cert" 1000 "${D_RSAPSS}"
-
-  CU_ACTION="Initialize Cert DB"
-  certu -N -d "${PROFILEDIR}" -f "${R_PWFILE}" 2>&1
-
-  CU_ACTION="Import RSA CA Cert"
-  certu -A -n "TestCA" -t "C,," -d "${PROFILEDIR}" -f "${R_PWFILE}" \
-        -i "${R_CADIR}/TestCA.ca.cert" 2>&1
-
-  CU_ACTION="Import RSA-PSS CA Cert"
-  certu -A -n "TestCA-rsa-pss" -t "C,," -d "${PROFILEDIR}" -f "${R_PWFILE}" \
-        -i "${R_CADIR}/TestCA-rsa-pss.ca.cert" 2>&1
-
-  CU_ACTION="Verify RSA-PSS CA Cert"
-  certu -V -u L -e -n "TestCA-rsa-pss" -d "${PROFILEDIR}" -f "${R_PWFILE}"
-
-  CU_ACTION="Import RSA-PSS CA Cert (SHA1)"
-  certu -A -n "TestCA-rsa-pss-sha1" -t "C,," -d "${PROFILEDIR}" -f "${R_PWFILE}" \
-        -i "${R_CADIR}/TestCA-rsa-pss-sha1.ca.cert" 2>&1
-
-  CU_ACTION="Import Bogus RSA-PSS CA Cert (invalid trailerField)"
-  certu -A -n "TestCA-bogus-rsa-pss1" -t "C,," -d "${PROFILEDIR}" -f "${R_PWFILE}" \
-        -i "${QADIR}/cert/TestCA-bogus-rsa-pss1.crt" 2>&1
-  RETEXPECTED=255
-  certu -V -b 1712101010Z -n TestCA-bogus-rsa-pss1 -u L -e -d "${PROFILEDIR}" -f "${R_PWFILE}" 2>&1
-  RETEXPECTED=0
-
-  CU_ACTION="Import Bogus RSA-PSS CA Cert (invalid hashAlg)"
-  certu -A -n "TestCA-bogus-rsa-pss2" -t "C,," -d "${PROFILEDIR}" -f "${R_PWFILE}" \
-        -i "${QADIR}/cert/TestCA-bogus-rsa-pss2.crt" 2>&1
-  RETEXPECTED=255
-  certu -V -b 1712101010Z -n TestCA-bogus-rsa-pss2 -u L -e -d "${PROFILEDIR}" -f "${R_PWFILE}" 2>&1
-  RETEXPECTED=0
-
-  CERTSERIAL=200
-
-  # Subject certificate: RSA
-  # Issuer certificate: RSA
-  # Signature: RSA-PSS (explicit, with --pss-sign)
-  CERTNAME="TestUser-rsa-pss1"
-
-  CU_ACTION="Generate Cert Request for $CERTNAME"
-  CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
-  certu -R -d "${PROFILEDIR}" -f "${R_PWFILE}" -z "${R_NOISE_FILE}" -o req  2>&1
-
-  CU_ACTION="Sign ${CERTNAME}'s Request"
-  certu -C -c "TestCA" --pss-sign -m "${CERTSERIAL}" -v 60 -d "${P_R_CADIR}" \
-        -i req -o "${CERTNAME}.cert" -f "${R_PWFILE}" "$1" 2>&1
-
-  CU_ACTION="Import $CERTNAME's Cert"
-  certu -A -n "$CERTNAME" -t ",," -d "${PROFILEDIR}" -f "${R_PWFILE}" \
-        -i "${CERTNAME}.cert" 2>&1
-
-  CU_ACTION="Verify $CERTNAME's Cert"
-  certu -V -u V -e -n "$CERTNAME" -d "${PROFILEDIR}" -f "${R_PWFILE}"
-  cat > ${TMP}/signalgo.exp <<EOF
-Signature Algorithm: PKCS #1 RSA-PSS Signature
-    Parameters:
-        Hash algorithm: SHA-256
-        Mask algorithm: PKCS #1 MGF1 Mask Generation Function
-        Mask hash algorithm: SHA-256
-        Salt length: 32 (0x20)
-EOF
-  check_sign_algo
-
-  CERTSERIAL=`expr $CERTSERIAL + 1`
-
-  # Subject certificate: RSA
-  # Issuer certificate: RSA
-  # Signature: RSA-PSS (explict, with --pss-sign -Z SHA512)
-  CERTNAME="TestUser-rsa-pss2"
-
-  CU_ACTION="Generate Cert Request for $CERTNAME"
-  CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
-  certu -R -d "${PROFILEDIR}" -f "${R_PWFILE}" -z "${R_NOISE_FILE}" -o req  2>&1
-
-  CU_ACTION="Sign ${CERTNAME}'s Request"
-  certu -C -c "TestCA" --pss-sign -Z SHA512 -m "${CERTSERIAL}" -v 60 -d "${P_R_CADIR}" \
-        -i req -o "${CERTNAME}.cert" -f "${R_PWFILE}" "$1" 2>&1
-
-  CU_ACTION="Import $CERTNAME's Cert"
-  certu -A -n "$CERTNAME" -t ",," -d "${PROFILEDIR}" -f "${R_PWFILE}" \
-        -i "${CERTNAME}.cert" 2>&1
-
-  CU_ACTION="Verify $CERTNAME's Cert"
-  certu -V -u V -e -n "$CERTNAME" -d "${PROFILEDIR}" -f "${R_PWFILE}"
-  cat > ${TMP}/signalgo.exp <<EOF
-Signature Algorithm: PKCS #1 RSA-PSS Signature
-    Parameters:
-        Hash algorithm: SHA-512
-        Mask algorithm: PKCS #1 MGF1 Mask Generation Function
-        Mask hash algorithm: SHA-512
-        Salt length: 64 (0x40)
-EOF
-  check_sign_algo
-
-  CERTSERIAL=`expr $CERTSERIAL + 1`
-
-  # Subject certificate: RSA
-  # Issuer certificate: RSA-PSS
-  # Signature: RSA-PSS
-  CERTNAME="TestUser-rsa-pss3"
-
-  CU_ACTION="Generate Cert Request for $CERTNAME"
-  CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
-  certu -R -d "${PROFILEDIR}" -f "${R_PWFILE}" -z "${R_NOISE_FILE}" -o req  2>&1
-
-  CU_ACTION="Sign ${CERTNAME}'s Request"
-  certu -C -c "TestCA-rsa-pss" -m "${CERTSERIAL}" -v 60 -d "${P_R_CADIR}" \
-        -i req -o "${CERTNAME}.cert" -f "${R_PWFILE}" "$1" 2>&1
-
-  CU_ACTION="Import $CERTNAME's Cert"
-  certu -A -n "$CERTNAME" -t ",," -d "${PROFILEDIR}" -f "${R_PWFILE}" \
-        -i "${CERTNAME}.cert" 2>&1
-
-  CU_ACTION="Verify $CERTNAME's Cert"
-  certu -V -u V -e -n "$CERTNAME" -d "${PROFILEDIR}" -f "${R_PWFILE}"
-  cat > ${TMP}/signalgo.exp <<EOF
-Signature Algorithm: PKCS #1 RSA-PSS Signature
-    Parameters:
-        Hash algorithm: SHA-256
-        Mask algorithm: PKCS #1 MGF1 Mask Generation Function
-        Mask hash algorithm: SHA-256
-        Salt length: 32 (0x20)
-EOF
-  check_sign_algo
-
-  CERTSERIAL=`expr $CERTSERIAL + 1`
-
-  # Subject certificate: RSA-PSS
-  # Issuer certificate: RSA
-  # Signature: RSA-PSS (explicit, with --pss-sign)
-  CERTNAME="TestUser-rsa-pss4"
-
-  CU_ACTION="Generate Cert Request for $CERTNAME"
-  CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
-  certu -R -d "${PROFILEDIR}" -f "${R_PWFILE}" -z "${R_NOISE_FILE}" --pss -o req  2>&1
-
-  CU_ACTION="Sign ${CERTNAME}'s Request"
-  certu -C -c "TestCA" --pss-sign -m "${CERTSERIAL}" -v 60 -d "${P_R_CADIR}" \
-        -i req -o "${CERTNAME}.cert" -f "${R_PWFILE}" "$1" 2>&1
-
-  CU_ACTION="Import $CERTNAME's Cert"
-  certu -A -n "$CERTNAME" -t ",," -d "${PROFILEDIR}" -f "${R_PWFILE}" \
-        -i "${CERTNAME}.cert" 2>&1
-
-  CU_ACTION="Verify $CERTNAME's Cert"
-  certu -V -u V -e -n "$CERTNAME" -d "${PROFILEDIR}" -f "${R_PWFILE}"
-  cat > ${TMP}/signalgo.exp <<EOF
-Signature Algorithm: PKCS #1 RSA-PSS Signature
-    Parameters:
-        Hash algorithm: SHA-256
-        Mask algorithm: PKCS #1 MGF1 Mask Generation Function
-        Mask hash algorithm: SHA-256
-        Salt length: 32 (0x20)
-EOF
-  check_sign_algo
-
-  CERTSERIAL=`expr $CERTSERIAL + 1`
-
-  # Subject certificate: RSA-PSS
-  # Issuer certificate: RSA-PSS
-  # Signature: RSA-PSS (explicit, with --pss-sign)
-  CERTNAME="TestUser-rsa-pss5"
-
-  CU_ACTION="Generate Cert Request for $CERTNAME"
-  CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
-  certu -R -d "${PROFILEDIR}" -f "${R_PWFILE}" -z "${R_NOISE_FILE}" --pss -o req  2>&1
-
-  CU_ACTION="Sign ${CERTNAME}'s Request"
-  certu -C -c "TestCA-rsa-pss" --pss-sign -m "${CERTSERIAL}" -v 60 -d "${P_R_CADIR}" \
-        -i req -o "${CERTNAME}.cert" -f "${R_PWFILE}" "$1" 2>&1
-
-  CU_ACTION="Import $CERTNAME's Cert"
-  certu -A -n "$CERTNAME" -t ",," -d "${PROFILEDIR}" -f "${R_PWFILE}" \
-        -i "${CERTNAME}.cert" 2>&1
-
-  CU_ACTION="Verify $CERTNAME's Cert"
-  certu -V -u V -e -n "$CERTNAME" -d "${PROFILEDIR}" -f "${R_PWFILE}"
-  cat > ${TMP}/signalgo.exp <<EOF
-Signature Algorithm: PKCS #1 RSA-PSS Signature
-    Parameters:
-        Hash algorithm: SHA-256
-        Mask algorithm: PKCS #1 MGF1 Mask Generation Function
-        Mask hash algorithm: SHA-256
-        Salt length: 32 (0x20)
-EOF
-  check_sign_algo
-
-  CERTSERIAL=`expr $CERTSERIAL + 1`
-
-  # Subject certificate: RSA-PSS
-  # Issuer certificate: RSA-PSS
-  # Signature: RSA-PSS (implicit, without --pss-sign)
-  CERTNAME="TestUser-rsa-pss6"
-
-  CU_ACTION="Generate Cert Request for $CERTNAME"
-  CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
-  certu -R -d "${PROFILEDIR}" -f "${R_PWFILE}" -z "${R_NOISE_FILE}" --pss -o req  2>&1
-
-  CU_ACTION="Sign ${CERTNAME}'s Request"
-  # Sign without --pss-sign nor -Z option
-  certu -C -c "TestCA-rsa-pss" -m "${CERTSERIAL}" -v 60 -d "${P_R_CADIR}" \
-        -i req -o "${CERTNAME}.cert" -f "${R_PWFILE}" "$1" 2>&1
-
-  CU_ACTION="Import $CERTNAME's Cert"
-  certu -A -n "$CERTNAME" -t ",," -d "${PROFILEDIR}" -f "${R_PWFILE}" \
-        -i "${CERTNAME}.cert" 2>&1
-
-  CU_ACTION="Verify $CERTNAME's Cert"
-  certu -V -u V -e -n "$CERTNAME" -d "${PROFILEDIR}" -f "${R_PWFILE}"
-  cat > ${TMP}/signalgo.exp <<EOF
-Signature Algorithm: PKCS #1 RSA-PSS Signature
-    Parameters:
-        Hash algorithm: SHA-256
-        Mask algorithm: PKCS #1 MGF1 Mask Generation Function
-        Mask hash algorithm: SHA-256
-        Salt length: 32 (0x20)
-EOF
-  check_sign_algo
-
-  CERTSERIAL=`expr $CERTSERIAL + 1`
-
-  # Subject certificate: RSA-PSS
-  # Issuer certificate: RSA-PSS
-  # Signature: RSA-PSS (with conflicting hash algorithm)
-  CERTNAME="TestUser-rsa-pss7"
-
-  CU_ACTION="Generate Cert Request for $CERTNAME"
-  CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
-  certu -R -d "${PROFILEDIR}" -f "${R_PWFILE}" -z "${R_NOISE_FILE}" --pss -o req  2>&1
-
-  CU_ACTION="Sign ${CERTNAME}'s Request"
-  RETEXPECTED=255
-  certu -C -c "TestCA-rsa-pss" --pss-sign -Z SHA512 -m "${CERTSERIAL}" -v 60 -d "${P_R_CADIR}" \
-        -i req -o "${CERTNAME}.cert" -f "${R_PWFILE}" "$1" 2>&1
-  RETEXPECTED=0
-
-  CERTSERIAL=`expr $CERTSERIAL + 1`
-
-  # Subject certificate: RSA-PSS
-  # Issuer certificate: RSA-PSS
-  # Signature: RSA-PSS (with compatible hash algorithm)
-  CERTNAME="TestUser-rsa-pss8"
-
-  CU_ACTION="Generate Cert Request for $CERTNAME"
-  CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
-  certu -R -d "${PROFILEDIR}" -f "${R_PWFILE}" -z "${R_NOISE_FILE}" --pss -o req  2>&1
-
-  CU_ACTION="Sign ${CERTNAME}'s Request"
-  certu -C -c "TestCA-rsa-pss" --pss-sign -Z SHA256 -m "${CERTSERIAL}" -v 60 -d "${P_R_CADIR}" \
-        -i req -o "${CERTNAME}.cert" -f "${R_PWFILE}" "$1" 2>&1
-
-  CU_ACTION="Import $CERTNAME's Cert"
-  certu -A -n "$CERTNAME" -t ",," -d "${PROFILEDIR}" -f "${R_PWFILE}" \
-        -i "${CERTNAME}.cert" 2>&1
-
-  CU_ACTION="Verify $CERTNAME's Cert"
-  certu -V -u V -e -n "$CERTNAME" -d "${PROFILEDIR}" -f "${R_PWFILE}"
-  cat > ${TMP}/signalgo.exp <<EOF
-Signature Algorithm: PKCS #1 RSA-PSS Signature
-    Parameters:
-        Hash algorithm: SHA-256
-        Mask algorithm: PKCS #1 MGF1 Mask Generation Function
-        Mask hash algorithm: SHA-256
-        Salt length: 32 (0x20)
-EOF
-  check_sign_algo
-
-  CERTSERIAL=`expr $CERTSERIAL + 1`
-
-  # Subject certificate: RSA
-  # Issuer certificate: RSA
-  # Signature: RSA-PSS (explict, with --pss-sign -Z SHA1)
-  CERTNAME="TestUser-rsa-pss9"
-
-  CU_ACTION="Generate Cert Request for $CERTNAME"
-  CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
-  certu -R -d "${PROFILEDIR}" -f "${R_PWFILE}" -z "${R_NOISE_FILE}" -o req  2>&1
-
-  CU_ACTION="Sign ${CERTNAME}'s Request"
-  certu -C -c "TestCA" --pss-sign -Z SHA1 -m "${CERTSERIAL}" -v 60 -d "${P_R_CADIR}" \
-        -i req -o "${CERTNAME}.cert" -f "${R_PWFILE}" "$1" 2>&1
-
-  CU_ACTION="Import $CERTNAME's Cert"
-  certu -A -n "$CERTNAME" -t ",," -d "${PROFILEDIR}" -f "${R_PWFILE}" \
-        -i "${CERTNAME}.cert" 2>&1
-
-  CU_ACTION="Verify $CERTNAME's Cert"
-  certu -V -u V -e -n "$CERTNAME" -d "${PROFILEDIR}" -f "${R_PWFILE}"
-  cat > ${TMP}/signalgo.exp <<EOF
-Signature Algorithm: PKCS #1 RSA-PSS Signature
-    Parameters:
-        Hash algorithm: default, SHA-1
-        Mask algorithm: default, MGF1
-        Mask hash algorithm: default, SHA-1
-        Salt length: default, 20 (0x14)
-EOF
-  check_sign_algo
-
-  CERTSERIAL=`expr $CERTSERIAL + 1`
-
-  # Subject certificate: RSA-PSS
-  # Issuer certificate: RSA-PSS
-  # Signature: RSA-PSS (implicit, without --pss-sign, default parameters)
-  CERTNAME="TestUser-rsa-pss10"
-
-  CU_ACTION="Generate Cert Request for $CERTNAME"
-  CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
-  certu -R -d "${PROFILEDIR}" -f "${R_PWFILE}" -z "${R_NOISE_FILE}" -o req  2>&1
-
-  CU_ACTION="Sign ${CERTNAME}'s Request"
-  # Sign without --pss-sign nor -Z option
-  certu -C -c "TestCA-rsa-pss-sha1" -m "${CERTSERIAL}" -v 60 -d "${P_R_CADIR}" \
-        -i req -o "${CERTNAME}.cert" -f "${R_PWFILE}" "$1" 2>&1
-
-  CU_ACTION="Import $CERTNAME's Cert"
-  certu -A -n "$CERTNAME" -t ",," -d "${PROFILEDIR}" -f "${R_PWFILE}" \
-        -i "${CERTNAME}.cert" 2>&1
-
-  CU_ACTION="Verify $CERTNAME's Cert"
-  certu -V -u V -e -n "$CERTNAME" -d "${PROFILEDIR}" -f "${R_PWFILE}"
-  cat > ${TMP}/signalgo.exp <<EOF
-Signature Algorithm: PKCS #1 RSA-PSS Signature
-    Parameters:
-        Hash algorithm: default, SHA-1
-        Mask algorithm: default, MGF1
-        Mask hash algorithm: default, SHA-1
-        Salt length: default, 20 (0x14)
-EOF
-  check_sign_algo
-
-  CERTSERIAL=`expr $CERTSERIAL + 1`
-
-  # Subject certificate: RSA-PSS
-  # Issuer certificate: RSA-PSS
-  # Signature: RSA-PSS (with conflicting hash algorithm, default parameters)
-  CERTNAME="TestUser-rsa-pss11"
-
-  CU_ACTION="Generate Cert Request for $CERTNAME"
-  CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
-  certu -R -d "${PROFILEDIR}" -f "${R_PWFILE}" -z "${R_NOISE_FILE}" --pss -o req  2>&1
-
-  CU_ACTION="Sign ${CERTNAME}'s Request"
-  RETEXPECTED=255
-  certu -C -c "TestCA-rsa-pss-sha1" --pss-sign -Z SHA256 -m "${CERTSERIAL}" -v 60 -d "${P_R_CADIR}" \
-        -i req -o "${CERTNAME}.cert" -f "${R_PWFILE}" "$1" 2>&1
-  RETEXPECTED=0
-}
-
 ############################## cert_cleanup ############################
 # local shell function to finish this script (no exit since it might be
 # sourced)
@@ -2432,24 +1975,20 @@ EOF
 cert_cleanup()
 {
   cert_log "$SCRIPTNAME: finished $SCRIPTNAME"
-  html "</TABLE><BR>"
+  html "</TABLE><BR>" 
   cd ${QADIR}
   . common/cleanup.sh
 }
 
 ################## main #################################################
 
-cert_init
+cert_init 
 cert_all_CA
-cert_test_implicit_db_init
-cert_extended_ssl
-cert_ssl
-cert_smime_client
-IS_FIPS_DISABLED=`certutil --build-flags |grep -cw NSS_FIPS_DISABLED`
-if [ $IS_FIPS_DISABLED -ne 0 ]; then
-  cert_rsa_exponent_nonfips
-else
-  cert_fips
+cert_extended_ssl 
+cert_ssl 
+cert_smime_client        
+if [ -z "$NSS_TEST_DISABLE_FIPS" ]; then
+    cert_fips
 fi
 cert_eccurves
 cert_extensions
@@ -2457,7 +1996,6 @@ cert_san_and_generic_extensions
 cert_test_password
 cert_test_distrust
 cert_test_ocspresp
-cert_test_rsapss
 
 if [ -z "$NSS_TEST_DISABLE_CRL" ] ; then
     cert_crl_ssl
@@ -2466,7 +2004,7 @@ else
 fi
 
 if [ -n "$DO_DIST_ST" -a "$DO_DIST_ST" = "TRUE" ] ; then
-    cert_stresscerts
+    cert_stresscerts 
 fi
 
 cert_iopr_setup
diff --git a/security/nss/tests/cipher/cipher.sh b/security/nss/tests/cipher/cipher.sh
index 11a621815..1d2561d9c 100755
--- a/security/nss/tests/cipher/cipher.sh
+++ b/security/nss/tests/cipher/cipher.sh
@@ -107,21 +107,6 @@ cipher_gcm()
   done < ${GCM_TXT}
 }
 
-###################### cipher_rsa_populate ############################
-# Test the ability to reconstruct rsa private key reconstruction
-# also test the PK11GenericObject interface 
-###################################################################
-cipher_rsa_populate()
-{
-  TESTNAME="RSA Reconstruct Private Keys Test"
-  echo "$SCRIPTNAME: $TESTNAME --------------------------------"
-  echo "rsapoptst -t all -r 10"
-# skip e_d_q. It isn't reliable, and can return incorrect data. e_d_q should
-# be turned off.
-  ${PROFTOOL} ${BINDIR}/rsapoptst -t e_n_p,d_n_q,d_p_q,e_d_n -r 10
-  html_msg $? 0 "$TESTNAME"
-}
-
 ############################## cipher_cleanup ############################
 # local shell function to finish this script (no exit since it might be
 # sourced)
@@ -151,6 +136,5 @@ fi
 # Skip cipher_gcm if this is a softoken only build.
 if [ "${NSS_BUILD_SOFTOKEN_ONLY}" != "1" ]; then
     cipher_gcm
-    cipher_rsa_populate
 fi
 cipher_cleanup
diff --git a/security/nss/tests/common/init.sh b/security/nss/tests/common/init.sh
index 933551e83..caf3013e6 100644
--- a/security/nss/tests/common/init.sh
+++ b/security/nss/tests/common/init.sh
@@ -63,13 +63,11 @@ if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then
         DBPASSDIR=${HOSTDIR}/dbpass
         ECCURVES_DIR=${HOSTDIR}/eccurves
         DISTRUSTDIR=${HOSTDIR}/distrust
-        RSAPSSDIR=${HOSTDIR}/rsapss
 
         SERVER_CADIR=${HOSTDIR}/serverCA
         CLIENT_CADIR=${HOSTDIR}/clientCA
         EXT_SERVERDIR=${HOSTDIR}/ext_server
         EXT_CLIENTDIR=${HOSTDIR}/ext_client
-        IMPLICIT_INIT_DIR=${HOSTDIR}/implicit_init
 
         IOPR_CADIR=${HOSTDIR}/CA_iopr
         IOPR_SSL_SERVERDIR=${HOSTDIR}/server_ssl_iopr
@@ -78,12 +76,10 @@ if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then
 
         CERT_EXTENSIONS_DIR=${HOSTDIR}/cert_extensions
         STAPLINGDIR=${HOSTDIR}/stapling
-        NOLOGINDIR=${HOSTDIR}/nologin
         SSLGTESTDIR=${HOSTDIR}/ssl_gtests
         GTESTDIR=${HOSTDIR}/gtests
 
         PWFILE=${HOSTDIR}/tests.pw
-        EMPTY_FILE=${HOSTDIR}/tests_empty
         NOISE_FILE=${HOSTDIR}/tests_noise
         CORELIST_FILE=${HOSTDIR}/clist
 
@@ -532,16 +528,13 @@ if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then
     D_CLIENT_CA="ClientCA.$version"
     D_SERVER="Server.$version"
     D_CLIENT="Client.$version"
-    D_NOLOGIN="NoLogin.$version"
     D_FIPS="FIPS.$version"
     D_DBPASS="DBPASS.$version"
     D_ECCURVES="ECCURVES.$version"
     D_EXT_SERVER="ExtendedServer.$version"
     D_EXT_CLIENT="ExtendedClient.$version"
-    D_IMPLICIT_INIT="ImplicitInit.$version"
     D_CERT_EXTENSTIONS="CertExtensions.$version"
     D_DISTRUST="Distrust.$version"
-    D_RSAPSS="RSAPSS.$version"
 
     # we need relative pathnames of these files abd directories, since our
     # tools can't handle the unix style absolut pathnames on cygnus
@@ -559,10 +552,8 @@ if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then
     R_EVEDIR=../eve
     R_EXT_SERVERDIR=../ext_server
     R_EXT_CLIENTDIR=../ext_client
-    R_IMPLICIT_INIT_DIR=../implicit_init
     R_CERT_EXT=../cert_extensions
     R_STAPLINGDIR=../stapling
-    R_NOLOGINDIR=../nologin
     R_SSLGTESTDIR=../ssl_gtests
     R_GTESTDIR=../gtests
 
@@ -577,10 +568,8 @@ if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then
     P_R_EVEDIR=${R_EVEDIR}
     P_R_SERVERDIR=${R_SERVERDIR}
     P_R_CLIENTDIR=${R_CLIENTDIR}
-    P_R_NOLOGINDIR=${R_NOLOGINDIR}
     P_R_EXT_SERVERDIR=${R_EXT_SERVERDIR}
     P_R_EXT_CLIENTDIR=${R_EXT_CLIENTDIR}
-    P_R_IMPLICIT_INIT_DIR=${R_IMPLICIT_INIT_DIR}
     if [ -n "${MULTIACCESS_DBM}" ]; then
         P_R_CADIR="multiaccess:${D_CA}"
         P_R_ALICEDIR="multiaccess:${D_ALICE}"
@@ -589,14 +578,11 @@ if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then
         P_R_EVEDIR="multiaccess:${D_EVE}"
         P_R_SERVERDIR="multiaccess:${D_SERVER}"
         P_R_CLIENTDIR="multiaccess:${D_CLIENT}"
-        P_R_NOLOGINDIR="multiaccess:${D_NOLOGIN}"
         P_R_EXT_SERVERDIR="multiaccess:${D_EXT_SERVER}"
         P_R_EXT_CLIENTDIR="multiaccess:${D_EXT_CLIENT}"
-        P_R_IMPLICIT_INIT_DIR="multiaccess:${D_IMPLICIT_INIT}"
     fi
 
     R_PWFILE=../tests.pw
-    R_EMPTY_FILE=../tests_empty
     R_NOISE_FILE=../tests_noise
 
     R_FIPSPWFILE=../tests.fipspw
diff --git a/security/nss/tests/gtests/gtests.sh b/security/nss/tests/gtests/gtests.sh
index 6606b59e7..c785241c4 100755
--- a/security/nss/tests/gtests/gtests.sh
+++ b/security/nss/tests/gtests/gtests.sh
@@ -83,7 +83,7 @@ gtest_cleanup()
 }
 
 ################## main #################################################
-GTESTS="prng_gtest certhigh_gtest certdb_gtest der_gtest pk11_gtest util_gtest freebl_gtest softoken_gtest blake2b_gtest"
+GTESTS="prng_gtest certhigh_gtest certdb_gtest der_gtest pk11_gtest util_gtest freebl_gtest"
 SOURCE_DIR="$PWD"/../..
 gtest_init $0
 gtest_start
diff --git a/security/nss/tests/merge/merge.sh b/security/nss/tests/merge/merge.sh
index d17a8c4ef..1929b12c8 100755
--- a/security/nss/tests/merge/merge.sh
+++ b/security/nss/tests/merge/merge.sh
@@ -98,7 +98,7 @@ merge_init()
   # are dbm databases.
   if [ "${TEST_MODE}" = "UPGRADE_DB" ]; then
 	save=${NSS_DEFAULT_DB_TYPE}
-	NSS_DEFAULT_DB_TYPE=dbm ; export NSS_DEFAULT_DB_TYPE
+	NSS_DEFAULT_DB_TYPE= ; export NSS_DEFAULT_DB_TYPE
   fi
 
   certutil -N -d ${CONFLICT1DIR} -f ${R_PWFILE}
diff --git a/security/nss/tests/pkits/pkits.sh b/security/nss/tests/pkits/pkits.sh
index e79fdd382..ecf007736 100755
--- a/security/nss/tests/pkits/pkits.sh
+++ b/security/nss/tests/pkits/pkits.sh
@@ -93,7 +93,7 @@ pkits_init()
   ${BINDIR}/certutil -N -d ${PKITSdb} -f ${PKITSdb}/pw
 
   ${BINDIR}/certutil -A -n TrustAnchorRootCertificate -t "C,C,C" -i \
-      $certs/TrustAnchorRootCertificate.crt -d $PKITSdb -f ${PKITSdb}/pw
+      $certs/TrustAnchorRootCertificate.crt -d $PKITSdb
   if [ -z "$NSS_NO_PKITS_CRLS" ]; then
     ${BINDIR}/crlutil -I -i $crls/TrustAnchorRootCRL.crl -d ${PKITSdb} -f ${PKITSdb}/pw
   else
diff --git a/security/nss/tests/remote/Makefile b/security/nss/tests/remote/Makefile
index 4635bccc5..6c6e5bd55 100644
--- a/security/nss/tests/remote/Makefile
+++ b/security/nss/tests/remote/Makefile
@@ -80,6 +80,7 @@ package_for_testing:
 	echo 'export USE_64=$(USE_64)'               >> $(RTSH)
 	echo 'export BUILD_OPT=$(BUILD_OPT)'         >> $(RTSH)
 	echo 'export PKITS_DATA=$(PKITS_DATA)'       >> $(RTSH)
+	echo 'export NSS_DISABLE_ECC=$(NSS_DISABLE_ECC)'                     >> $(RTSH)
 	echo 'export NSPR_LOG_MODULES=$(NSPR_LOG_MODULES)'                   >> $(RTSH)
 ifeq ($(OS_TARGET),Android)
 	# Android doesn't support FIPS tests, because
diff --git a/security/nss/tests/smime/smime.sh b/security/nss/tests/smime/smime.sh
index 9cdc0875b..2360100de 100755
--- a/security/nss/tests/smime/smime.sh
+++ b/security/nss/tests/smime/smime.sh
@@ -40,7 +40,11 @@ smime_init()
   fi
   SCRIPTNAME=smime.sh
 
-  html_head "S/MIME Tests"
+  if [ -z "$NSS_DISABLE_ECC" ] ; then
+      html_head "S/MIME Tests with ECC"
+  else
+      html_head "S/MIME Tests"
+  fi
 
   grep "SUCCESS: SMIME passed" $CERT_LOG_FILE >/dev/null || {
       Exit 11 "Fatal - S/MIME of cert.sh needs to pass first"
@@ -81,27 +85,29 @@ smime_sign()
   html_msg $? 0 "Compare Attached Signed Data and Original (${HASH})" "."
 
 # Test ECDSA signing for all hash algorithms.
-  echo "$SCRIPTNAME: Signing Detached Message ECDSA w/ {$HASH} ------------------"
-  echo "cmsutil -S -T -N Alice-ec ${HASH_CMD} -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice-ec.d${SIG}"
-  ${PROFTOOL} ${BINDIR}/cmsutil -S -T -N Alice-ec ${HASH_CMD} -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice-ec.d${SIG}
-  html_msg $? 0 "Create Detached Signature Alice (ECDSA w/ ${HASH})" "."
-
-  echo "cmsutil -D -i alice-ec.d${SIG} -c alice.txt -d ${P_R_BOBDIR} "
-  ${PROFTOOL} ${BINDIR}/cmsutil -D -i alice-ec.d${SIG} -c alice.txt -d ${P_R_BOBDIR} 
-  html_msg $? 0 "Verifying Alice's Detached Signature (ECDSA w/ ${HASH})" "."
-
-  echo "$SCRIPTNAME: Signing Attached Message (ECDSA w/ ${HASH}) ------------------"
-  echo "cmsutil -S -N Alice-ec ${HASH_CMD} -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice-ec.${SIG}"
-  ${PROFTOOL} ${BINDIR}/cmsutil -S -N Alice-ec ${HASH_CMD} -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice-ec.${SIG}
-  html_msg $? 0 "Create Attached Signature Alice (ECDSA w/ ${HASH})" "."
-
-  echo "cmsutil -D -i alice-ec.${SIG} -d ${P_R_BOBDIR} -o alice-ec.data.${HASH}"
-  ${PROFTOOL} ${BINDIR}/cmsutil -D -i alice-ec.${SIG} -d ${P_R_BOBDIR} -o alice-ec.data.${HASH}
-  html_msg $? 0 "Decode Alice's Attached Signature (ECDSA w/ ${HASH})" "."
-
-  echo "diff alice.txt alice-ec.data.${HASH}"
-  diff alice.txt alice-ec.data.${HASH}
-  html_msg $? 0 "Compare Attached Signed Data and Original (ECDSA w/ ${HASH})" "."
+  if [ -z "$NSS_DISABLE_ECC" ] ; then
+      echo "$SCRIPTNAME: Signing Detached Message ECDSA w/ {$HASH} ------------------"
+      echo "cmsutil -S -T -N Alice-ec ${HASH_CMD} -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice-ec.d${SIG}"
+      ${PROFTOOL} ${BINDIR}/cmsutil -S -T -N Alice-ec ${HASH_CMD} -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice-ec.d${SIG}
+      html_msg $? 0 "Create Detached Signature Alice (ECDSA w/ ${HASH})" "."
+
+      echo "cmsutil -D -i alice-ec.d${SIG} -c alice.txt -d ${P_R_BOBDIR} "
+      ${PROFTOOL} ${BINDIR}/cmsutil -D -i alice-ec.d${SIG} -c alice.txt -d ${P_R_BOBDIR} 
+      html_msg $? 0 "Verifying Alice's Detached Signature (ECDSA w/ ${HASH})" "."
+
+      echo "$SCRIPTNAME: Signing Attached Message (ECDSA w/ ${HASH}) ------------------"
+      echo "cmsutil -S -N Alice-ec ${HASH_CMD} -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice-ec.${SIG}"
+      ${PROFTOOL} ${BINDIR}/cmsutil -S -N Alice-ec ${HASH_CMD} -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice-ec.${SIG}
+      html_msg $? 0 "Create Attached Signature Alice (ECDSA w/ ${HASH})" "."
+
+      echo "cmsutil -D -i alice-ec.${SIG} -d ${P_R_BOBDIR} -o alice-ec.data.${HASH}"
+      ${PROFTOOL} ${BINDIR}/cmsutil -D -i alice-ec.${SIG} -d ${P_R_BOBDIR} -o alice-ec.data.${HASH}
+      html_msg $? 0 "Decode Alice's Attached Signature (ECDSA w/ ${HASH})" "."
+
+      echo "diff alice.txt alice-ec.data.${HASH}"
+      diff alice.txt alice-ec.data.${HASH}
+      html_msg $? 0 "Compare Attached Signed Data and Original (ECDSA w/ ${HASH})" "."
+  fi
 
 }
 
diff --git a/security/nss/tests/ssl/ssl.sh b/security/nss/tests/ssl/ssl.sh
index de867a4bd..944849ad3 100755
--- a/security/nss/tests/ssl/ssl.sh
+++ b/security/nss/tests/ssl/ssl.sh
@@ -57,16 +57,10 @@ ssl_init()
   fi
 
   PORT=${PORT-8443}
-  # Avoid port conflicts when multiple tests are running on the same machine.
-  if [ -n "$NSS_TASKCLUSTER_MAC" ]; then
-    cwd=$(cd $(dirname $0); pwd -P)
-    padd=$(echo $cwd | cut -d "/" -f4 | sed 's/[^0-9]//g')
-    PORT=$(($PORT + $padd))
-  fi
   NSS_SSL_TESTS=${NSS_SSL_TESTS:-normal_normal}
-  nss_ssl_run="stapling signed_cert_timestamps cov auth stress dtls"
+  nss_ssl_run="stapling signed_cert_timestamps cov auth stress"
   NSS_SSL_RUN=${NSS_SSL_RUN:-$nss_ssl_run}
-  
+
   # Test case files
   SSLCOV=${QADIR}/ssl/sslcov.txt
   SSLAUTH=${QADIR}/ssl/sslauth.txt
@@ -96,8 +90,15 @@ ssl_init()
   NON_EC_SUITES=":0016:0032:0033:0038:0039:003B:003C:003D:0040:0041:0067:006A:006B"
   NON_EC_SUITES="${NON_EC_SUITES}:0084:009C:009D:009E:009F:00A2:00A3:CCAAcdeinvyz"
 
-  # List of cipher suites to test, including ECC cipher suites.
-  CIPHER_SUITES="-c ${EC_SUITES}${NON_EC_SUITES}"
+  if [ -z "$NSS_DISABLE_ECC" ] ; then
+      ECC_STRING=" - with ECC"
+      # List of cipher suites to test, including ECC cipher suites.
+      CIPHER_SUITES="-c ${EC_SUITES}${NON_EC_SUITES}"
+  else
+      ECC_STRING=""
+      # List of cipher suites to test, excluding ECC cipher suites.
+      CIPHER_SUITES="-c ${NON_EC_SUITES}"
+  fi
 
   if [ "${OS_ARCH}" != "WINNT" ]; then
       ulimit -n 1000 # make sure we have enough file descriptors
@@ -140,16 +141,16 @@ wait_for_selfserv()
 {
   #verbose="-v"
   echo "trying to connect to selfserv at `date`"
-  echo "tstclnt -4 -p ${PORT} -h ${HOSTADDR} ${CLIENT_OPTIONS} -q \\"
+  echo "tstclnt -p ${PORT} -h ${HOSTADDR} ${CLIENT_OPTIONS} -q \\"
   echo "        -d ${P_R_CLIENTDIR} $verbose < ${REQUEST_FILE}"
-  ${BINDIR}/tstclnt -4 -p ${PORT} -h ${HOSTADDR} ${CLIENT_OPTIONS} -q \
+  ${BINDIR}/tstclnt -p ${PORT} -h ${HOSTADDR} ${CLIENT_OPTIONS} -q \
           -d ${P_R_CLIENTDIR} $verbose < ${REQUEST_FILE}
   if [ $? -ne 0 ]; then
       sleep 5
       echo "retrying to connect to selfserv at `date`"
       echo "tstclnt -p ${PORT} -h ${HOSTADDR} ${CLIENT_OPTIONS} -q \\"
       echo "        -d ${P_R_CLIENTDIR} $verbose < ${REQUEST_FILE}"
-      ${BINDIR}/tstclnt -4 -p ${PORT} -h ${HOSTADDR} ${CLIENT_OPTIONS} -q \
+      ${BINDIR}/tstclnt -p ${PORT} -h ${HOSTADDR} ${CLIENT_OPTIONS} -q \
               -d ${P_R_CLIENTDIR} $verbose < ${REQUEST_FILE}
       if [ $? -ne 0 ]; then
           html_failed "Waiting for Server"
@@ -211,7 +212,8 @@ start_selfserv()
       echo "$SCRIPTNAME: $testname ----"
   fi
   sparam=`echo $sparam | sed -e 's;_; ;g'`
-  if [ -z "$NO_ECC_CERTS" -o "$NO_ECC_CERTS" != "1"  ] ; then
+  if [ -z "$NSS_DISABLE_ECC" ] && \
+     [ -z "$NO_ECC_CERTS" -o "$NO_ECC_CERTS" != "1"  ] ; then
       ECC_OPTIONS="-e ${HOSTADDR}-ecmixed -e ${HOSTADDR}-ec"
   else
       ECC_OPTIONS=""
@@ -256,18 +258,13 @@ start_selfserv()
   echo "selfserv with PID ${PID} started at `date`"
 }
 
-ignore_blank_lines()
-{
-  LC_ALL=C grep -v '^[[:space:]]*\(#\|$\)' "$1"
-}
-
 ############################## ssl_cov #################################
 # local shell function to perform SSL Cipher Coverage tests
 ########################################################################
 ssl_cov()
 {
   #verbose="-v"
-  html_head "SSL Cipher Coverage $NORM_EXT - server $SERVER_MODE/client $CLIENT_MODE"
+  html_head "SSL Cipher Coverage $NORM_EXT - server $SERVER_MODE/client $CLIENT_MODE $ECC_STRING"
 
   testname=""
   sparam="$CIPHER_SUITES"
@@ -277,15 +274,15 @@ ssl_cov()
   VMIN="ssl3"
   VMAX="tls1.1"
 
-  ignore_blank_lines ${SSLCOV} | \
+  exec < ${SSLCOV}
   while read ectype testmax param testname
   do
       echo "${testname}" | grep "EXPORT" > /dev/null
       EXP=$?
 
-      if [ "$ectype" = "ECC" ] ; then
+      if [ "$ectype" = "ECC" -a -n "$NSS_DISABLE_ECC" ] ; then
           echo "$SCRIPTNAME: skipping  $testname (ECC only)"
-      else
+      elif [ "`echo $ectype | cut -b 1`" != "#" ] ; then
           echo "$SCRIPTNAME: running $testname ----------------------------"
           VMAX="ssl3"
           if [ "$testmax" = "TLS10" ]; then
@@ -298,11 +295,11 @@ ssl_cov()
               VMAX="tls1.2"
           fi
 
-          echo "tstclnt -4 -p ${PORT} -h ${HOSTADDR} -c ${param} -V ${VMIN}:${VMAX} ${CLIENT_OPTIONS} \\"
+          echo "tstclnt -p ${PORT} -h ${HOSTADDR} -c ${param} -V ${VMIN}:${VMAX} ${CLIENT_OPTIONS} \\"
           echo "        -f -d ${P_R_CLIENTDIR} $verbose -w nss < ${REQUEST_FILE}"
 
           rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
-          ${PROFTOOL} ${BINDIR}/tstclnt -4 -p ${PORT} -h ${HOSTADDR} -c ${param} -V ${VMIN}:${VMAX} ${CLIENT_OPTIONS} -f \
+          ${PROFTOOL} ${BINDIR}/tstclnt -p ${PORT} -h ${HOSTADDR} -c ${param} -V ${VMIN}:${VMAX} ${CLIENT_OPTIONS} -f \
                   -d ${P_R_CLIENTDIR} $verbose -w nss < ${REQUEST_FILE} \
                   >${TMP}/$HOST.tmp.$$  2>&1
           ret=$?
@@ -323,11 +320,12 @@ ssl_cov()
 ssl_auth()
 {
   #verbose="-v"
-  html_head "SSL Client Authentication $NORM_EXT - server $SERVER_MODE/client $CLIENT_MODE"
+  html_head "SSL Client Authentication $NORM_EXT - server $SERVER_MODE/client $CLIENT_MODE $ECC_STRING"
 
-  ignore_blank_lines ${SSLAUTH} | \
+  exec < ${SSLAUTH}
   while read ectype value sparam cparam testname
   do
+      [ -z "$ectype" ] && continue
       echo "${testname}" | grep "don't require client auth" > /dev/null
       CAUTH=$?
 
@@ -335,9 +333,9 @@ ssl_auth()
           echo "$SCRIPTNAME: skipping  $testname (non-FIPS only)"
       elif [ "$ectype" = "SNI" -a "$NORM_EXT" = "Extended Test" ] ; then
           echo "$SCRIPTNAME: skipping  $testname for $NORM_EXT"
-      elif [ "$ectype" = "ECC" ] ; then
+      elif [ "$ectype" = "ECC" -a  -n "$NSS_DISABLE_ECC" ] ; then
           echo "$SCRIPTNAME: skipping  $testname (ECC only)"
-      else
+      elif [ "`echo $ectype | cut -b 1`" != "#" ]; then
           cparam=`echo $cparam | sed -e 's;_; ;g' -e "s/TestUser/$USER_NICKNAME/g" `
           if [ "$ectype" = "SNI" ]; then
               cparam=`echo $cparam | sed -e "s/Host/$HOST/g" -e "s/Dom/$DOMSUF/g" `
@@ -345,10 +343,10 @@ ssl_auth()
           fi
           start_selfserv
 
-          echo "tstclnt -4 -p ${PORT} -h ${HOSTADDR} -f -d ${P_R_CLIENTDIR} $verbose ${CLIENT_OPTIONS} \\"
+          echo "tstclnt -p ${PORT} -h ${HOSTADDR} -f -d ${P_R_CLIENTDIR} $verbose ${CLIENT_OPTIONS} \\"
           echo "        ${cparam}  < ${REQUEST_FILE}"
           rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
-          ${PROFTOOL} ${BINDIR}/tstclnt -4 -p ${PORT} -h ${HOSTADDR} -f ${cparam} $verbose ${CLIENT_OPTIONS} \
+          ${PROFTOOL} ${BINDIR}/tstclnt -p ${PORT} -h ${HOSTADDR} -f ${cparam} $verbose ${CLIENT_OPTIONS} \
                   -d ${P_R_CLIENTDIR} < ${REQUEST_FILE} \
                   >${TMP}/$HOST.tmp.$$  2>&1
           ret=$?
@@ -397,10 +395,10 @@ ssl_stapling_sub()
 
     start_selfserv
 
-    echo "tstclnt -4 -p ${PORT} -h ${HOSTADDR} -f -d ${P_R_CLIENTDIR} $verbose ${CLIENT_OPTIONS} \\"
+    echo "tstclnt -p ${PORT} -h ${HOSTADDR} -f -d ${P_R_CLIENTDIR} $verbose ${CLIENT_OPTIONS} \\"
     echo "        -c v -T -O -F -M 1 -V ssl3:tls1.2 < ${REQUEST_FILE}"
     rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
-    ${PROFTOOL} ${BINDIR}/tstclnt -4 -p ${PORT} -h ${HOSTADDR} -f ${CLIENT_OPTIONS} \
+    ${PROFTOOL} ${BINDIR}/tstclnt -p ${PORT} -h ${HOSTADDR} -f ${CLIENT_OPTIONS} \
 	    -d ${P_R_CLIENTDIR} $verbose -c v -T -O -F -M 1 -V ssl3:tls1.2 < ${REQUEST_FILE} \
 	    >${TMP}/$HOST.tmp.$$  2>&1
     ret=$?
@@ -467,7 +465,7 @@ ssl_stapling_stress()
 ########################################################################
 ssl_stapling()
 {
-  html_head "SSL Cert Status (OCSP Stapling) $NORM_EXT - server $SERVER_MODE/client $CLIENT_MODE"
+  html_head "SSL Cert Status (OCSP Stapling) $NORM_EXT - server $SERVER_MODE/client $CLIENT_MODE $ECC_STRING"
 
   # tstclnt Exit code:
   # 0: have fresh and valid revocation data, status good
@@ -500,7 +498,7 @@ ssl_stapling()
 ssl_signed_cert_timestamps()
 {
   #verbose="-v"
-  html_head "SSL Signed Certificate Timestamps $NORM_EXT - server $SERVER_MODE/client $CLIENT_MODE"
+  html_head "SSL Signed Certificate Timestamps $NORM_EXT - server $SERVER_MODE/client $CLIENT_MODE $ECC_STRING"
 
     testname="ssl_signed_cert_timestamps"
     value=0
@@ -516,10 +514,10 @@ ssl_signed_cert_timestamps()
 
     # Since we don't have server-side support, this test only covers advertising the
     # extension in the client hello.
-    echo "tstclnt -4 -p ${PORT} -h ${HOSTADDR} -f -d ${P_R_CLIENTDIR} $verbose ${CLIENT_OPTIONS} \\"
+    echo "tstclnt -p ${PORT} -h ${HOSTADDR} -f -d ${P_R_CLIENTDIR} $verbose ${CLIENT_OPTIONS} \\"
     echo "        -U -V tls1.0:tls1.2 < ${REQUEST_FILE}"
     rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
-    ${PROFTOOL} ${BINDIR}/tstclnt -4 -p ${PORT} -h ${HOSTADDR} -f ${CLIENT_OPTIONS} \
+    ${PROFTOOL} ${BINDIR}/tstclnt -p ${PORT} -h ${HOSTADDR} -f ${CLIENT_OPTIONS} \
             -d ${P_R_CLIENTDIR} $verbose -U -V tls1.0:tls1.2 < ${REQUEST_FILE} \
             >${TMP}/$HOST.tmp.$$  2>&1
     ret=$?
@@ -538,26 +536,26 @@ ssl_signed_cert_timestamps()
 ########################################################################
 ssl_stress()
 {
-  html_head "SSL Stress Test $NORM_EXT - server $SERVER_MODE/client $CLIENT_MODE"
+  html_head "SSL Stress Test $NORM_EXT - server $SERVER_MODE/client $CLIENT_MODE $ECC_STRING"
 
-  ignore_blank_lines ${SSLSTRESS} | \
+  exec < ${SSLSTRESS}
   while read ectype value sparam cparam testname
   do
+      if [ -z "$ectype" ]; then
+          # silently ignore blank lines
+          continue
+      fi
+
       echo "${testname}" | grep "client auth" > /dev/null
       CAUTH=$?
-      echo "${testname}" | grep "no login" > /dev/null
-      NOLOGIN=$?
 
       if [ "$ectype" = "SNI" -a "$NORM_EXT" = "Extended Test" ] ; then
           echo "$SCRIPTNAME: skipping  $testname for $NORM_EXT"
-      elif [ "$ectype" = "ECC" ] ; then
+      elif [ "$ectype" = "ECC" -a  -n "$NSS_DISABLE_ECC" ] ; then
           echo "$SCRIPTNAME: skipping  $testname (ECC only)"
       elif [ "${CLIENT_MODE}" = "fips" -a "${CAUTH}" -ne 0 ] ; then
           echo "$SCRIPTNAME: skipping  $testname (non-FIPS only)"
-      elif [ "${NOLOGIN}" -eq 0 ] && \
-           [ "${CLIENT_MODE}" = "fips" -o "$NORM_EXT" = "Extended Test" ] ; then
-          echo "$SCRIPTNAME: skipping  $testname for $NORM_EXT"
-      else
+      elif [ "`echo $ectype | cut -b 1`" != "#" ]; then
           cparam=`echo $cparam | sed -e 's;_; ;g' -e "s/TestUser/$USER_NICKNAME/g" `
           if [ "$ectype" = "SNI" ]; then
               cparam=`echo $cparam | sed -e "s/Host/$HOST/g" -e "s/Dom/$DOMSUF/g" `
@@ -571,16 +569,10 @@ ssl_stress()
               ps -ef | grep selfserv
           fi
 
-          if [ "${NOLOGIN}" -eq 0 ] ; then
-              dbdir=${P_R_NOLOGINDIR}
-          else
-              dbdir=${P_R_CLIENTDIR}
-          fi
-
-          echo "strsclnt -q -p ${PORT} -d ${dbdir} ${CLIENT_OPTIONS} -w nss $cparam \\"
+          echo "strsclnt -q -p ${PORT} -d ${P_R_CLIENTDIR} ${CLIENT_OPTIONS} -w nss $cparam \\"
           echo "         -V ssl3:tls1.2 $verbose ${HOSTADDR}"
           echo "strsclnt started at `date`"
-          ${PROFTOOL} ${BINDIR}/strsclnt -q -p ${PORT} -d ${dbdir} ${CLIENT_OPTIONS} -w nss $cparam \
+          ${PROFTOOL} ${BINDIR}/strsclnt -q -p ${PORT} -d ${P_R_CLIENTDIR} ${CLIENT_OPTIONS} -w nss $cparam \
                    -V ssl3:tls1.2 $verbose ${HOSTADDR}
           ret=$?
           echo "strsclnt completed at `date`"
@@ -604,7 +596,7 @@ ssl_stress()
 ssl_crl_ssl()
 {
   #verbose="-v"
-  html_head "CRL SSL Client Tests $NORM_EXT"
+  html_head "CRL SSL Client Tests $NORM_EXT $ECC_STRING"
 
   # Using First CRL Group for this test. There are $CRL_GRP_1_RANGE certs in it.
   # Cert number $UNREVOKED_CERT_GRP_1 was not revoked
@@ -612,14 +604,15 @@ ssl_crl_ssl()
   CRL_GROUP_RANGE=$CRL_GRP_1_RANGE
   UNREVOKED_CERT=$UNREVOKED_CERT_GRP_1
 
-  ignore_blank_lines ${SSLAUTH} | \
+  exec < ${SSLAUTH}
   while read ectype value sparam cparam testname
   do
-    if [ "$ectype" = "ECC" ] ; then
+    [ "$ectype" = "" ] && continue
+    if [ "$ectype" = "ECC" -a  -n "$NSS_DISABLE_ECC" ] ; then
         echo "$SCRIPTNAME: skipping $testname (ECC only)"
     elif [ "$ectype" = "SNI" ]; then
         continue
-    else
+    elif [ "`echo $ectype | cut -b 1`" != "#" ]; then
 	servarg=`echo $sparam | awk '{r=split($0,a,"-r") - 1;print r;}'`
 	pwd=`echo $cparam | grep nss`
 	user=`echo $cparam | grep TestUser`
@@ -649,10 +642,10 @@ ssl_crl_ssl()
 	  cparam=`echo $_cparam | sed -e 's;_; ;g' -e "s/TestUser/$USER_NICKNAME/g" `
 	  start_selfserv
 
-	  echo "tstclnt -4 -p ${PORT} -h ${HOSTADDR} -f -d ${R_CLIENTDIR} $verbose \\"
+	  echo "tstclnt -p ${PORT} -h ${HOSTADDR} -f -d ${R_CLIENTDIR} $verbose \\"
 	  echo "        ${cparam}  < ${REQUEST_FILE}"
 	  rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
-	  ${PROFTOOL} ${BINDIR}/tstclnt -4 -p ${PORT} -h ${HOSTADDR} -f ${cparam} \
+	  ${PROFTOOL} ${BINDIR}/tstclnt -p ${PORT} -h ${HOSTADDR} -f ${cparam} \
 	      -d ${R_CLIENTDIR} $verbose < ${REQUEST_FILE} \
 	      >${TMP}/$HOST.tmp.$$  2>&1
 	  ret=$?
@@ -676,47 +669,19 @@ ssl_crl_ssl()
   html "</TABLE><BR>"
 }
 
-############################# setup_policy #############################
-# local shell function to create policy configuration
-########################################################################
-setup_policy()
-{
-  policy="$1"
-  outdir="$2"
-  OUTFILE="${outdir}/pkcs11.txt"
-  cat > "$OUTFILE" << ++EOF++
-library=
-name=NSS Internal PKCS #11 Module
-parameters=configdir='./client' certPrefix='' keyPrefix='' secmod='secmod.db' flags= updatedir='' updateCertPrefix='' updateKeyPrefix='' updateid='' updateTokenDescription=''
-NSS=Flags=internal,critical trustOrder=75 cipherOrder=100 slotParams=(1={slotFlags=[RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512] askpw=any timeout=30})
-++EOF++
-  echo "config=${policy}" >> "$OUTFILE"
-  echo "" >> "$OUTFILE"
-  echo "library=${DIST}/${OBJDIR}/lib/libnssckbi.so" >> "$OUTFILE"
-  cat >> "$OUTFILE" << ++EOF++
-name=RootCerts
-NSS=trustOrder=100
-++EOF++
-
-  echo "******************************Testing with: "
-  cat "$OUTFILE"
-  echo "******************************"
-}
-
-############################## ssl_policy ##############################
+############################## ssl_cov #################################
 # local shell function to perform SSL Policy tests
 ########################################################################
 ssl_policy()
 {
   #verbose="-v"
-  html_head "SSL POLICY $NORM_EXT - server $SERVER_MODE/client $CLIENT_MODE"
+  html_head "SSL POLICY $NORM_EXT - server $SERVER_MODE/client $CLIENT_MODE $ECC_STRING"
 
   testname=""
   sparam="$CIPHER_SUITES"
 
   if [ ! -f "${P_R_CLIENTDIR}/pkcs11.txt" ] ; then
-      html_failed "${SCRIPTNAME}: ${P_R_CLIENTDIR} is not initialized"
-      return 1;
+      return;
   fi
 
   echo "Saving pkcs11.txt"
@@ -724,14 +689,17 @@ ssl_policy()
 
   start_selfserv # Launch the server
 
-  ignore_blank_lines ${SSLPOLICY} | \
+  VMIN="ssl3"
+  VMAX="tls1.2"
+
+  exec < ${SSLPOLICY}
   while read value ectype testmax param policy testname
   do
       VMIN="ssl3"
 
-      if [ "$ectype" = "ECC" ] ; then
+      if [ "$ectype" = "ECC" -a -n "$NSS_DISABLE_ECC" ] ; then
           echo "$SCRIPTNAME: skipping  $testname (ECC only)"
-      else
+      elif [ "`echo $value | cut -b 1`" != "#" ] ; then
           echo "$SCRIPTNAME: running $testname ----------------------------"
           VMAX="ssl3"
           if [ "$testmax" = "TLS10" ]; then
@@ -746,13 +714,30 @@ ssl_policy()
 
           # load the policy
           policy=`echo ${policy} | sed -e 's;_; ;g'`
-          setup_policy "$policy" ${P_R_CLIENTDIR}
 
-          echo "tstclnt -4 -p ${PORT} -h ${HOSTADDR} -c ${param} -V ${VMIN}:${VMAX} ${CLIENT_OPTIONS} \\"
+          cat  > ${P_R_CLIENTDIR}/pkcs11.txt << ++EOF++
+library=
+name=NSS Internal PKCS #11 Module
+parameters=configdir='./client' certPrefix='' keyPrefix='' secmod='secmod.db' flags= updatedir='' updateCertPrefix='' updateKeyPrefix='' updateid='' updateTokenDescription=''
+NSS=Flags=internal,critical trustOrder=75 cipherOrder=100 slotParams=(1={slotFlags=[RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512] askpw=any timeout=30})
+++EOF++
+          echo "config=${policy}" >> ${P_R_CLIENTDIR}/pkcs11.txt
+          echo "" >> ${P_R_CLIENTDIR}/pkcs11.txt
+          echo "library=${DIST}/${OBJDIR}/lib/libnssckbi.so" >> ${P_R_CLIENTDIR}/pkcs11.txt >> ${P_R_CLIENTDIR}/pkcs11.txt
+          cat  >> ${P_R_CLIENTDIR}/pkcs11.txt << ++EOF++
+name=RootCerts
+NSS=trustOrder=100
+++EOF++
+
+          echo "******************************Testing with: "
+	  cat ${P_R_CLIENTDIR}/pkcs11.txt
+          echo "******************************"
+
+          echo "tstclnt -p ${PORT} -h ${HOSTADDR} -c ${param} -V ${VMIN}:${VMAX} ${CLIENT_OPTIONS} \\"
           echo "        -f -d ${P_R_CLIENTDIR} $verbose -w nss < ${REQUEST_FILE}"
 
           rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
-          ${PROFTOOL} ${BINDIR}/tstclnt -4 -p ${PORT} -h ${HOSTADDR} -c ${param} -V ${VMIN}:${VMAX} ${CLIENT_OPTIONS} -f \
+          ${PROFTOOL} ${BINDIR}/tstclnt -p ${PORT} -h ${HOSTADDR} -c ${param} -V ${VMIN}:${VMAX} ${CLIENT_OPTIONS} -f \
                   -d ${P_R_CLIENTDIR} $verbose -w nss < ${REQUEST_FILE} \
                   >${TMP}/$HOST.tmp.$$  2>&1
           ret=$?
@@ -772,103 +757,6 @@ ssl_policy()
   kill_selfserv
   html "</TABLE><BR>"
 }
-
-list_enabled_suites()
-{
-  echo "SSL_DIR=${P_R_CLIENTDIR} ${BINDIR}/listsuites"
-  SSL_DIR="${P_R_CLIENTDIR}" ${BINDIR}/listsuites | tail -n+3 | \
-      sed -n -e '/^TLS_/h' -e '/^ .*Enabled.*/{g;p}' | sed 's/:$//'
-}
-
-############################## ssl_policy_listsuites ###################
-# local shell function to perform SSL Policy tests, using listsuites
-########################################################################
-ssl_policy_listsuites()
-{
-  #verbose="-v"
-  html_head "SSL POLICY LISTSUITES $NORM_EXT - server $SERVER_MODE/client $CLIENT_MODE"
-
-  testname=""
-  sparam="$CIPHER_SUITES"
-
-  if [ ! -f "${P_R_CLIENTDIR}/pkcs11.txt" ] ; then
-      html_failed "${SCRIPTNAME}: ${P_R_CLIENTDIR} is not initialized"
-      return 1;
-  fi
-
-  echo "Saving pkcs11.txt"
-  cp ${P_R_CLIENTDIR}/pkcs11.txt ${P_R_CLIENTDIR}/pkcs11.txt.sav
-
-  # Disallow all explicitly
-  setup_policy "disallow=all" ${P_R_CLIENTDIR}
-  RET_EXP=1
-  list_enabled_suites | grep '^TLS_'
-  RET=$?
-  html_msg $RET $RET_EXP "${testname}" \
-           "produced a returncode of $RET, expected is $RET_EXP"
-
-  # Disallow RSA in key exchange explicitly
-  setup_policy "disallow=rsa/ssl-key-exchange" ${P_R_CLIENTDIR}
-  RET_EXP=1
-  list_enabled_suites | grep '^TLS_RSA_'
-  RET=$?
-  html_msg $RET $RET_EXP "${testname}" \
-           "produced a returncode of $RET, expected is $RET_EXP"
-
-  cp ${P_R_CLIENTDIR}/pkcs11.txt.sav ${P_R_CLIENTDIR}/pkcs11.txt
-
-  html "</TABLE><BR>"
-}
-
-############################## ssl_policy_selfserv #####################
-# local shell function to perform SSL Policy tests, using selfserv
-########################################################################
-ssl_policy_selfserv()
-{
-  #verbose="-v"
-  html_head "SSL POLICY SELFSERV $NORM_EXT - server $SERVER_MODE/client $CLIENT_MODE"
-
-  testname=""
-  sparam="$CIPHER_SUITES"
-
-  if [ ! -f "${P_R_SERVERDIR}/pkcs11.txt" ] ; then
-      html_failed "${SCRIPTNAME}: ${P_R_SERVERDIR} is not initialized"
-      return 1;
-  fi
-
-  echo "Saving pkcs11.txt"
-  cp ${P_R_SERVERDIR}/pkcs11.txt ${P_R_SERVERDIR}/pkcs11.txt.sav
-
-  # Disallow RSA in key exchange explicitly
-  setup_policy "disallow=rsa/ssl-key-exchange" ${P_R_SERVERDIR}
-
-  start_selfserv # Launch the server
-
-  VMIN="ssl3"
-  VMAX="tls1.2"
-
-  # Try to connect to the server with a ciphersuite using RSA in key exchange
-  echo "tstclnt -4 -p ${PORT} -h ${HOSTADDR} -c d -V ${VMIN}:${VMAX} ${CLIENT_OPTIONS} \\"
-  echo "        -f -d ${P_R_CLIENTDIR} $verbose -w nss < ${REQUEST_FILE}"
-
-  rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
-  RET_EXP=254
-  ${PROFTOOL} ${BINDIR}/tstclnt -4 -p ${PORT} -h ${HOSTADDR} -c d -V ${VMIN}:${VMAX} ${CLIENT_OPTIONS} -f \
-          -d ${P_R_CLIENTDIR} $verbose -w nss < ${REQUEST_FILE} \
-          >${TMP}/$HOST.tmp.$$  2>&1
-  RET=$?
-  cat ${TMP}/$HOST.tmp.$$
-  rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
-
-  html_msg $RET $RET_EXP "${testname}" \
-           "produced a returncode of $RET, expected is $RET_EXP"
-
-  cp ${P_R_SERVERDIR}/pkcs11.txt.sav ${P_R_SERVERDIR}/pkcs11.txt
-
-  kill_selfserv
-  html "</TABLE><BR>"
-}
-
 ############################# is_revoked ###############################
 # local shell function to check if certificate is revoked
 ########################################################################
@@ -938,7 +826,7 @@ load_group_crl() {
         fi
         echo "================= Reloading ${eccomment}CRL for group $grpBegin - $grpEnd ============="
 
-        echo "tstclnt -4 -p ${PORT} -h ${HOSTADDR} -f -d ${R_CLIENTDIR} $verbose \\"
+        echo "tstclnt -p ${PORT} -h ${HOSTADDR} -f -d ${R_CLIENTDIR} $verbose \\"
         echo "          -V ssl3:tls1.2 -w nss -n TestUser${UNREVOKED_CERT_GRP_1}${ecsuffix}"
         echo "Request:"
         echo "GET crl://${SERVERDIR}/root.crl_${grpBegin}-${grpEnd}${ecsuffix}"
@@ -951,7 +839,7 @@ GET crl://${SERVERDIR}/root.crl_${grpBegin}-${grpEnd}${ecsuffix}
 
 _EOF_REQUEST_
 
-        ${PROFTOOL} ${BINDIR}/tstclnt -4 -p ${PORT} -h ${HOSTADDR} -f  \
+        ${PROFTOOL} ${BINDIR}/tstclnt -p ${PORT} -h ${HOSTADDR} -f  \
             -d ${R_CLIENTDIR} $verbose -V ssl3:tls1.2 -w nss -n TestUser${UNREVOKED_CERT_GRP_1}${ecsuffix} \
             >${OUTFILE_TMP}  2>&1 < ${REQF}
 
@@ -988,7 +876,7 @@ _EOF_REQUEST_
 ssl_crl_cache()
 {
   #verbose="-v"
-  html_head "Cache CRL SSL Client Tests $NORM_EXT"
+  html_head "Cache CRL SSL Client Tests $NORM_EXT $ECC_STRING"
   SSLAUTH_TMP=${TMP}/authin.tl.tmp
   SERV_ARG=-r_-r
   rm -f ${SSLAUTH_TMP}
@@ -1004,7 +892,7 @@ ssl_crl_cache()
     while read ectype value sparam cparam testname
       do
       [ "$ectype" = "" ] && continue
-      if [ "$ectype" = "ECC" ] ; then
+      if [ "$ectype" = "ECC" -a  -n "$NSS_DISABLE_ECC" ] ; then
         echo "$SCRIPTNAME: skipping  $testname (ECC only)"
       elif [ "$ectype" = "SNI" ]; then
           continue
@@ -1042,10 +930,10 @@ ssl_crl_cache()
             cparam=`echo $_cparam | sed -e 's;_; ;g' -e "s/TestUser/$USER_NICKNAME/g" `
 
             echo "Server Args: $SERV_ARG"
-            echo "tstclnt -4 -p ${PORT} -h ${HOSTADDR} -f -d ${R_CLIENTDIR} $verbose \\"
+            echo "tstclnt -p ${PORT} -h ${HOSTADDR} -f -d ${R_CLIENTDIR} $verbose \\"
             echo "        ${cparam}  < ${REQUEST_FILE}"
             rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
-            ${PROFTOOL} ${BINDIR}/tstclnt -4 -p ${PORT} -h ${HOSTADDR} -f ${cparam} \
+            ${PROFTOOL} ${BINDIR}/tstclnt -p ${PORT} -h ${HOSTADDR} -f ${cparam} \
 	        -d ${R_CLIENTDIR} $verbose < ${REQUEST_FILE} \
                 >${TMP}/$HOST.tmp.$$  2>&1
             ret=$?
@@ -1097,47 +985,6 @@ ssl_crl_cache()
   html "</TABLE><BR>"
 }
 
-############################ ssl_dtls ###################################
-# local shell function to test tstclnt acting as client and server for DTLS
-#########################################################################
-ssl_dtls()
-{
-  #verbose="-v"
-  html_head "SSL DTLS $NORM_EXT - server $SERVER_MODE/client $CLIENT_MODE"
-
-    testname="ssl_dtls"
-    value=0
-
-    if [ "$SERVER_MODE" = "fips" -o "$CLIENT_MODE" = "fips" ] ; then
-        echo "$SCRIPTNAME: skipping  $testname (non-FIPS only)"
-        return 0
-    fi
-
-    echo "${testname}"
-
-    echo "tstclnt -4 -p ${PORT} -h ${HOSTADDR} -f -d ${P_R_SERVERDIR} $verbose ${SERVER_OPTIONS} \\"
-    echo "        -U -V tls1.1:tls1.2 -P server -Q < ${REQUEST_FILE} &"
-
-    ${PROFTOOL} ${BINDIR}/tstclnt -4 -p ${PORT} -h ${HOSTADDR} -f ${SERVER_OPTIONS} \
-                -d ${P_R_SERVERDIR} $verbose -U -V tls1.1:tls1.2 -P server -n ${HOSTADDR} -w nss < ${REQUEST_FILE} 2>&1 &
-
-    PID=$!
-    
-    sleep 1
-    
-    echo "tstclnt -4 -p ${PORT} -h ${HOSTADDR} -f -d ${P_R_CLIENTDIR} $verbose ${CLIENT_OPTIONS} \\"
-    echo "        -U -V tls1.1:tls1.2 -P client -Q < ${REQUEST_FILE}"
-    ${PROFTOOL} ${BINDIR}/tstclnt -4 -p ${PORT} -h ${HOSTADDR} -f ${CLIENT_OPTIONS} \
-            -d ${P_R_CLIENTDIR} $verbose -U -V tls1.1:tls1.2 -P client -Q < ${REQUEST_FILE} 2>&1 
-    ret=$?
-    html_msg $ret $value "${testname}" \
-             "produced a returncode of $ret, expected is $value"
-
-    kill ${PID}
-    
-  html "</TABLE><BR>"
-}
-
 
 ############################## ssl_cleanup #############################
 # local shell function to finish this script (no exit since it might be
@@ -1175,9 +1022,6 @@ ssl_run()
         "stress")
             ssl_stress
             ;;
-        "dtls")
-            ssl_dtls
-            ;;
          esac
     done
 }
@@ -1299,9 +1143,7 @@ ssl_run_tests()
         case "${SSL_TEST}" in
         "policy")
             if [ "${TEST_MODE}" = "SHARED_DB" ] ; then
-                ssl_policy_listsuites
-                ssl_policy_selfserv
-                ssl_policy
+	        ssl_policy
             fi
             ;;
         "crl")
@@ -1324,8 +1166,8 @@ ssl_run_tests()
                 ssl_set_fips server on
                 ;;
             *)
-                html_failed "${SCRIPTNAME}: Error: Unknown server mode ${SERVER_MODE}"
-                return 1
+                echo "${SCRIPTNAME}: Error: Unknown server mode ${SERVER_MODE}"
+                continue
                 ;;
             esac
 
@@ -1338,8 +1180,8 @@ ssl_run_tests()
                 ssl_set_fips client on
                 ;;
             *)
-                html_failed "${SCRIPTNAME}: Error: Unknown client mode ${CLIENT_MODE}"
-                return 1
+                echo "${SCRIPTNAME}: Error: Unknown client mode ${CLIENT_MODE}"
+                continue
                 ;;
             esac
 
diff --git a/security/nss/tests/ssl/sslstress.txt b/security/nss/tests/ssl/sslstress.txt
index a87eedad7..e9defc502 100644
--- a/security/nss/tests/ssl/sslstress.txt
+++ b/security/nss/tests/ssl/sslstress.txt
@@ -21,7 +21,6 @@
 # add client auth versions here...
 #
   noECC     0      -r_-r     -c_100_-C_c_-V_ssl3:ssl3_-N_-n_TestUser Stress SSL3 RC4 128 with MD5 (no reuse, client auth)
-  noECC     0      -r_-r     -c_100_-C_c_-V_ssl3:ssl3_-N_-n_TestUser Stress SSL3 RC4 128 with MD5 (no reuse, client auth, no login)
   noECC     0      -r_-r     -c_100_-C_c_-N_-n_TestUser    Stress TLS RC4 128 with MD5 (no reuse, client auth)
   noECC     0      -r_-r_-u  -V_ssl3:tls1.2_-c_100_-C_c_-n_TestUser_-u Stress TLS RC4 128 with MD5 (session ticket, client auth)
   noECC     0      -r_-r_-z  -V_ssl3:tls1.2_-c_100_-C_c_-n_TestUser_-z Stress TLS RC4 128 with MD5 (compression, client auth)
diff --git a/security/nss/tests/ssl_gtests/ssl_gtests.sh b/security/nss/tests/ssl_gtests/ssl_gtests.sh
index fd678bf59..ac39f212c 100755
--- a/security/nss/tests/ssl_gtests/ssl_gtests.sh
+++ b/security/nss/tests/ssl_gtests/ssl_gtests.sh
@@ -21,17 +21,16 @@
 
 # Generate input to certutil
 certscript() {
-  ca=n
   while [ $# -gt 0 ]; do
     case $1 in
       sign) echo 0 ;;
       kex) echo 2 ;;
-      ca) echo 5;echo 6;ca=y ;;
+      ca) echo 5;echo 6 ;;
     esac; shift
   done;
   echo 9
   echo n
-  echo $ca
+  echo ${ca:-n}
   echo
   echo n
 }
@@ -42,7 +41,6 @@ certscript() {
 make_cert() {
   name=$1
   type=$2
-  unset type_args trust sign
   case $type in
     dsa) type_args='-g 1024' ;;
     rsa) type_args='-g 1024' ;;
@@ -51,11 +49,8 @@ make_cert() {
     p256) type_args='-q nistp256';type=ec ;;
     p384) type_args='-q secp384r1';type=ec ;;
     p521) type_args='-q secp521r1';type=ec ;;
-    rsa_ca) type_args='-g 1024';trust='CT,CT,CT';type=rsa ;;
+    rsa_ca) type_args='-g 1024';trust='CT,CT,CT';ca=y;type=rsa ;;
     rsa_chain) type_args='-g 1024';sign='-c rsa_ca';type=rsa;;
-    rsapss_ca) type_args='-g 1024 --pss';trust='CT,CT,CT';type=rsa ;;
-    rsapss_chain) type_args='-g 1024';sign='-c rsa_pss_ca';type=rsa;;
-    rsa_ca_rsapss_chain) type_args='-g 1024 --pss-sign';sign='-c rsa_ca';type=rsa;;
     ecdh_rsa) type_args='-q nistp256';sign='-c rsa_ca';type=ec ;;
   esac
   shift 2
@@ -92,9 +87,6 @@ ssl_gtest_certs() {
   make_cert ecdh_ecdsa p256 kex
   make_cert rsa_ca rsa_ca ca
   make_cert rsa_chain rsa_chain sign
-  make_cert rsa_pss_ca rsapss_ca ca
-  make_cert rsa_pss_chain rsapss_chain sign
-  make_cert rsa_ca_rsa_pss_chain rsa_ca_rsapss_chain sign
   make_cert ecdh_rsa ecdh_rsa kex
   make_cert dsa dsa sign
 }
diff --git a/security/nss/tests/tools/TestOldAES128CA.p12 b/security/nss/tests/tools/TestOldAES128CA.p12
deleted file mode 100644
index a05be8bde..000000000
--- a/security/nss/tests/tools/TestOldAES128CA.p12
+++ /dev/null
diff --git a/security/nss/tests/tools/TestOldCA.p12 b/security/nss/tests/tools/TestOldCA.p12
deleted file mode 100644
index 40d5671b9..000000000
--- a/security/nss/tests/tools/TestOldCA.p12
+++ /dev/null
diff --git a/security/nss/tests/tools/tools.sh b/security/nss/tests/tools/tools.sh
index 11be23e05..769bafa00 100644
--- a/security/nss/tests/tools/tools.sh
+++ b/security/nss/tests/tools/tools.sh
@@ -76,7 +76,11 @@ tools_init()
   fi
   SCRIPTNAME=tools.sh
 
-  html_head "Tools Tests"
+  if [ -z "$NSS_DISABLE_ECC" ] ; then
+      html_head "Tools Tests with ECC"
+  else
+      html_head "Tools Tests"
+  fi
 
   grep "SUCCESS: SMIME passed" $CERT_LOG_FILE >/dev/null || {
       Exit 15 "Fatal - S/MIME of cert.sh needs to pass first"
@@ -102,9 +106,6 @@ tools_init()
   cp ${ALICEDIR}/* ${SIGNDIR}/
   mkdir -p ${TOOLSDIR}/html
   cp ${QADIR}/tools/sign*.html ${TOOLSDIR}/html
-  mkdir -p ${TOOLSDIR}/data
-  cp ${QADIR}/tools/TestOldCA.p12 ${TOOLSDIR}/data
-  cp ${QADIR}/tools/TestOldAES128CA.p12 ${TOOLSDIR}/data
 
   cd ${TOOLSDIR}
 }
@@ -396,44 +397,30 @@ tools_p12_export_list_import_with_default_ciphers()
   
   export_list_import "DEFAULT" "DEFAULT"
 
-  echo "$SCRIPTNAME: Exporting Alice's email EC cert & key---------------"
-  echo "pk12util -o Alice-ec.p12 -n \"Alice-ec\" -d ${P_R_ALICEDIR} -k ${R_PWFILE} \\"
-  echo "         -w ${R_PWFILE}"
-  ${BINDIR}/pk12util -o Alice-ec.p12 -n "Alice-ec" -d ${P_R_ALICEDIR} -k ${R_PWFILE} \
-       -w ${R_PWFILE} 2>&1 
-  ret=$?
-  html_msg $ret 0 "Exporting Alice's email EC cert & key (pk12util -o)"
-  check_tmpfile
-
-  echo "$SCRIPTNAME: Importing Alice's email EC cert & key --------------"
-  echo "pk12util -i Alice-ec.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -w ${R_PWFILE}"
-  ${BINDIR}/pk12util -i Alice-ec.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -w ${R_PWFILE} 2>&1
-  ret=$?
-  html_msg $ret 0 "Importing Alice's email EC cert & key (pk12util -i)"
-  check_tmpfile
-
-  echo "$SCRIPTNAME: Listing Alice's pk12 EC file -----------------"
-  echo "pk12util -l Alice-ec.p12 -w ${R_PWFILE}"
-  ${BINDIR}/pk12util -l Alice-ec.p12 -w ${R_PWFILE} 2>&1
-  ret=$?
-  html_msg $ret 0 "Listing Alice's pk12 EC file (pk12util -l)"
-  check_tmpfile
-}
-
-tools_p12_import_old_files()
-{
-  echo "$SCRIPTNAME: Importing PKCS#12 files created with older NSS --------------"
-  echo "pk12util -i TestOldCA.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -w ${R_PWFILE}"
-  ${BINDIR}/pk12util -i ${TOOLSDIR}/data/TestOldCA.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -w ${R_PWFILE} 2>&1
-  ret=$?
-  html_msg $ret 0 "Importing PKCS#12 file created with NSS 3.21 (PBES2 with BMPString password)"
-  check_tmpfile
-
-  echo "pk12util -i TestOldAES128CA.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -w ${R_PWFILE}"
-  ${BINDIR}/pk12util -i ${TOOLSDIR}/data/TestOldAES128CA.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -w ${R_PWFILE} 2>&1
-  ret=$?
-  html_msg $ret 0 "Importing PKCS#12 file created with NSS 3.29.5 (PBES2 with incorrect AES-128-CBC algorithm ID)"
-  check_tmpfile
+  if [ -z "$NSS_DISABLE_ECC" ] ; then
+      echo "$SCRIPTNAME: Exporting Alice's email EC cert & key---------------"
+      echo "pk12util -o Alice-ec.p12 -n \"Alice-ec\" -d ${P_R_ALICEDIR} -k ${R_PWFILE} \\"
+      echo "         -w ${R_PWFILE}"
+      ${BINDIR}/pk12util -o Alice-ec.p12 -n "Alice-ec" -d ${P_R_ALICEDIR} -k ${R_PWFILE} \
+           -w ${R_PWFILE} 2>&1 
+      ret=$?
+      html_msg $ret 0 "Exporting Alice's email EC cert & key (pk12util -o)"
+      check_tmpfile
+
+      echo "$SCRIPTNAME: Importing Alice's email EC cert & key --------------"
+      echo "pk12util -i Alice-ec.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -w ${R_PWFILE}"
+      ${BINDIR}/pk12util -i Alice-ec.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -w ${R_PWFILE} 2>&1
+      ret=$?
+      html_msg $ret 0 "Importing Alice's email EC cert & key (pk12util -i)"
+      check_tmpfile
+
+      echo "$SCRIPTNAME: Listing Alice's pk12 EC file -----------------"
+      echo "pk12util -l Alice-ec.p12 -w ${R_PWFILE}"
+      ${BINDIR}/pk12util -l Alice-ec.p12 -w ${R_PWFILE} 2>&1
+      ret=$?
+      html_msg $ret 0 "Listing Alice's pk12 EC file (pk12util -l)"
+      check_tmpfile
+  fi
 }
 
 ############################## tools_p12 ###############################
@@ -447,7 +434,6 @@ tools_p12()
   tools_p12_export_list_import_all_pkcs12v2pbe_ciphers
   tools_p12_export_with_none_ciphers
   tools_p12_export_with_invalid_ciphers
-  tools_p12_import_old_files
 }
 
 ############################## tools_sign ##############################
@@ -517,21 +503,6 @@ SIGNSCRIPT
 
 }
 
-tools_modutil()
-{
-  echo "$SCRIPTNAME: Test if DB created by modutil -create is initialized"
-  mkdir -p ${R_TOOLSDIR}/moddir
-  # copied from modu function in cert.sh
-  # echo is used to press Enter expected by modutil
-  echo | ${BINDIR}/modutil -create -dbdir "${R_TOOLSDIR}/moddir" 2>&1
-  ret=$?
-  ${BINDIR}/certutil -S -s 'CN=TestUser' -d "${TOOLSDIR}/moddir" -n TestUser \
-	   -x -t ',,' -z "${R_NOISE_FILE}"
-  ret=$?
-  html_msg $ret 0 "Test if DB created by modutil -create is initialized"
-  check_tmpfile
-}
-
 ############################## tools_cleanup ###########################
 # local shell function to finish this script (no exit since it might be 
 # sourced)
@@ -548,7 +519,6 @@ tools_cleanup()
 tools_init
 tools_p12
 tools_sign
-tools_modutil
 tools_cleanup
 
 
diff --git a/toolkit/components/passwordmgr/content/passwordManager.js b/toolkit/components/passwordmgr/content/passwordManager.js
index 3fccb5d30..da63d7de8 100644
--- a/toolkit/components/passwordmgr/content/passwordManager.js
+++ b/toolkit/components/passwordmgr/content/passwordManager.js
@@ -80,6 +80,8 @@ function Startup() {
   togglePasswordsButton.label = kSignonBundle.getString("showPasswords");
   togglePasswordsButton.accessKey = kSignonBundle.getString("showPasswordsAccessKey");
   signonsIntro.textContent = kSignonBundle.getString("loginsDescriptionAll");
+  removeAllButton.setAttribute("label", kSignonBundle.getString("removeAll.label"));
+  removeAllButton.setAttribute("accesskey", kSignonBundle.getString("removeAll.accesskey"));
   document.getElementsByTagName("treecols")[0].addEventListener("click", (event) => {
     let { target, button } = event;
     let sortField = target.getAttribute("data-field-name");
@@ -555,6 +557,8 @@ function SignonClearFilter() {
   signonsTreeView._lastSelectedRanges = [];
 
   signonsIntro.textContent = kSignonBundle.getString("loginsDescriptionAll");
+  removeAllButton.setAttribute("label", kSignonBundle.getString("removeAll.label"));
+  removeAllButton.setAttribute("accesskey", kSignonBundle.getString("removeAll.accesskey"));
 }
 
 function FocusFilterBox() {
@@ -623,6 +627,8 @@ function FilterPasswords() {
     signonsTreeView.selection.select(0);
 
   signonsIntro.textContent = kSignonBundle.getString("loginsDescriptionFiltered");
+  removeAllButton.setAttribute("label", kSignonBundle.getString("removeAllShown.label"));
+  removeAllButton.setAttribute("accesskey", kSignonBundle.getString("removeAllShown.accesskey"));
 }
 
 function CopyPassword() {
diff --git a/toolkit/components/passwordmgr/content/passwordManager.xul b/toolkit/components/passwordmgr/content/passwordManager.xul
index 78dbd7ebc..c0a10bf8e 100644
--- a/toolkit/components/passwordmgr/content/passwordManager.xul
+++ b/toolkit/components/passwordmgr/content/passwordManager.xul
@@ -110,7 +110,6 @@
               label="&remove.label;" accesskey="&remove.accesskey;"
               oncommand="DeleteSignon();"/>
       <button id="removeAllSignons" icon="clear"
-              label="&removeall.label;" accesskey="&removeall.accesskey;"
               oncommand="DeleteAllSignons();"/>
       <spacer flex="1"/>
 #if defined(MC_BASILISK) && defined(XP_WIN)
diff --git a/toolkit/locales/en-US/chrome/passwordmgr/passwordManager.dtd b/toolkit/locales/en-US/chrome/passwordmgr/passwordManager.dtd
index 36a61cfd9..84e4ff69c 100644
--- a/toolkit/locales/en-US/chrome/passwordmgr/passwordManager.dtd
+++ b/toolkit/locales/en-US/chrome/passwordmgr/passwordManager.dtd
@@ -17,8 +17,6 @@
 
 <!ENTITY      remove.label                    "Remove">
 <!ENTITY      remove.accesskey                "R">
-<!ENTITY      removeall.label                 "Remove All">
-<!ENTITY      removeall.accesskey             "A">
 
 <!ENTITY      addLogin.label                  "Add Login">
 <!ENTITY      addLogin.accesskey              "L">
diff --git a/toolkit/locales/en-US/chrome/passwordmgr/passwordmgr.properties b/toolkit/locales/en-US/chrome/passwordmgr/passwordmgr.properties
index 96190a2d7..6a399bbfc 100644
--- a/toolkit/locales/en-US/chrome/passwordmgr/passwordmgr.properties
+++ b/toolkit/locales/en-US/chrome/passwordmgr/passwordmgr.properties
@@ -68,3 +68,14 @@ duplicateLogin=A duplicate login already exists.
 
 insecureFieldWarningDescription = This connection is not secure. Logins entered here could be compromised.
 insecureFieldWarningLearnMore = Learn More
+
+# LOCALIZATION NOTE (removeAll, removeAllShown):
+# removeAll and removeAllShown are both used on the same one button,
+# never displayed together and can share the same accesskey.
+# When only partial sites are shown as a result of keyword search,
+# removeAllShown is displayed as button label.
+# removeAll is displayed when no keyword search and all sites are shown.
+removeAll.label=Remove All
+removeAll.accesskey=A
+removeAllShown.label=Remove All Shown
+removeAllShown.accesskey=A
diff --git a/toolkit/themes/linux/global/inContentUI.css b/toolkit/themes/linux/global/inContentUI.css
new file mode 100644
index 000000000..afcef9274
--- /dev/null
+++ b/toolkit/themes/linux/global/inContentUI.css
@@ -0,0 +1,41 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * The default namespace for this file is XUL. Be sure to prefix rules that
+ * are applicable to both XUL and HTML with '*|'.
+ */
+@namespace url("http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul");
+@namespace html url("http://www.w3.org/1999/xhtml");
+
+/* Page background */
+*|*:root {
+  -moz-appearance: none;
+  padding: 18px;
+  background-color: Window;
+  background-image: /* Texture */
+                    url("chrome://global/skin/inContentUI/background-texture.png");
+  color: WindowText;
+}
+
+/* Use the new in-content colors for #contentAreaDownloadsView. After landing
+   of bug 989469 the colors can be moved to *|*:root */
+*|*#contentAreaDownloadsView {
+  background: #f1f1f1;
+  color: #424e5a;
+}
+
+html|html {
+  font: message-box;
+}
+
+/* Content */
+*|*.main-content {
+  /* Needed to allow the radius to clip the inner content, see bug 595656 */
+  overflow: hidden;
+  background-color: -moz-Field;
+  color: -moz-FieldText;
+  border: 1px solid ThreeDShadow;
+  border-radius: 5px;
+}
diff --git a/toolkit/themes/linux/global/jar.mn b/toolkit/themes/linux/global/jar.mn
index b0d0b9ddb..0efc8c5cf 100644
--- a/toolkit/themes/linux/global/jar.mn
+++ b/toolkit/themes/linux/global/jar.mn
@@ -16,6 +16,7 @@ toolkit.jar:
    skin/classic/global/findBar.css
    skin/classic/global/global.css
    skin/classic/global/groupbox.css
+   skin/classic/global/inContentUI.css
    skin/classic/global/listbox.css
    skin/classic/global/menu.css
    skin/classic/global/menulist.css
diff --git a/toolkit/themes/osx/global/inContentUI.css b/toolkit/themes/osx/global/inContentUI.css
new file mode 100644
index 000000000..17e2e6ae3
--- /dev/null
+++ b/toolkit/themes/osx/global/inContentUI.css
@@ -0,0 +1,144 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+%include shared.inc
+
+/*
+ * The default namespace for this file is XUL. Be sure to prefix rules that
+ * are applicable to both XUL and HTML with '*|'.
+ */
+@namespace url("http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul");
+@namespace html url("http://www.w3.org/1999/xhtml");
+
+/* Page background */
+*|*:root {
+  -moz-appearance: none;
+  padding: 18px;
+  background-image: /* Texture */
+                    url("chrome://global/skin/inContentUI/background-texture.png"),
+                    /* Gradient */
+                    linear-gradient(#ADB5C2, #BFC6D1);
+}
+
+/* Use the new in-content colors for #contentAreaDownloadsView. After landing
+   of bug 989469 the colors can be moved to *|*:root */
+*|*#contentAreaDownloadsView {
+  background: #f1f1f1;
+  color: #424e5a;
+}
+
+html|html {
+  font: message-box;
+}
+
+/* Content */
+*|*.main-content {
+  /* Needed to allow the radius to clip the inner content, see bug 595656 */
+  overflow: hidden;
+  background-image: linear-gradient(rgba(255, 255, 255, 0.4), rgba(255, 255, 255, 0.25) 50%, rgba(255, 255, 255, 0.05));
+  border: 1px solid rgba(50, 65, 92, 0.4);
+  border-radius: 5px;
+}
+
+/* Buttons */
+*|button,
+menulist,
+colorpicker[type="button"] {
+  -moz-appearance: none;
+  padding: 1px 4px;
+  min-width: 60px;
+  border-radius: 3px;
+  border: 1px solid rgba(60,73,97,0.5);
+  box-shadow: inset 0 1px rgba(255,255,255,0.25), 0 1px rgba(255,255,255,0.25);
+  background-color: transparent;
+  background-image: linear-gradient(rgba(255,255,255,0.45), rgba(255,255,255,0.2));
+  background-clip: padding-box;
+  color: #252F3B;
+  text-shadow: @loweredShadow@;
+}
+
+button:-moz-focusring > .button-box,
+menulist:-moz-focusring:not([open="true"]) > .menulist-label-box,
+colorpicker[type="button"]:-moz-focusring:not([open="true"]) > .colorpicker-button-colorbox {
+  outline: 1px dotted #252F3B;
+}
+
+html|button[disabled],
+button[disabled="true"],
+menulist[disabled="true"],
+colorpicker[type="button"][disabled="true"] {
+  opacity: 0.8;
+  color: #505050;
+}
+
+html|button:not([disabled]):active:hover,
+button:not([disabled="true"]):active:hover,
+menulist[open="true"]:not([disabled="true"]),
+colorpicker[type="button"][open="true"]:not([disabled="true"]) {
+  box-shadow: inset 0 1px 3px rgba(0,0,0,.2), 0 1px rgba(255,255,255,0.25);
+  background-image: linear-gradient(rgba(45,54,71,0.3), rgba(45,54,71,0.1));
+  border-color: rgba(60,73,97,0.7);
+}
+
+menulist {
+  -moz-padding-end: 0;
+  margin-left: 5px;
+  margin-right: 5px;
+}
+
+/* Tweak margins so the focus ring is in the right place. */
+menulist > .menulist-label-box {
+  -moz-margin-end: 3px;
+  margin-top: 1px;
+}
+
+menulist > .menulist-label-box > .menulist-label {
+  margin-top: 0px !important;
+  margin-bottom: 0px !important;
+}
+
+menulist > .menulist-dropmarker {
+  -moz-appearance: none;
+  display: -moz-box;
+  background: transparent;
+  border: none;
+  -moz-border-start: 1px solid rgba(60,73,97,0.5);
+  margin-top: -1px;
+  margin-bottom: -1px;
+}
+
+colorpicker[type="button"] {
+  margin: 1px 5px 2px 5px;
+  padding: 3px;
+  height: 25px;
+}
+
+spinbuttons {
+  -moz-appearance: none;
+}
+
+spinbuttons > .spinbuttons-box > .spinbuttons-button {
+  min-width: 12px;
+}
+
+.spinbuttons-button > .button-box > .button-text {
+  display: none;
+}
+
+.spinbuttons-button[disabled="true"] > .button-box > .button-icon {
+  opacity: 0.5;
+}
+
+spinbuttons > .spinbuttons-box > .spinbuttons-up {
+  list-style-image: url("chrome://global/skin/arrow/arrow-up.gif");
+  border-bottom-width: 0;
+  border-bottom-left-radius: 0;
+  border-bottom-right-radius: 0;
+}
+
+spinbuttons > .spinbuttons-box > .spinbuttons-down {
+  list-style-image: url("chrome://global/skin/arrow/arrow-dn.gif");
+  border-top-left-radius: 0;
+  border-top-right-radius: 0;
+}
diff --git a/toolkit/themes/osx/global/jar.mn b/toolkit/themes/osx/global/jar.mn
index 79bb062ab..9407ccee5 100644
--- a/toolkit/themes/osx/global/jar.mn
+++ b/toolkit/themes/osx/global/jar.mn
@@ -21,6 +21,7 @@ toolkit.jar:
 * skin/classic/global/findBar.css
 * skin/classic/global/global.css
   skin/classic/global/groupbox.css
+* skin/classic/global/inContentUI.css
   skin/classic/global/linkTree.css
   skin/classic/global/listbox.css
   skin/classic/global/menu.css
diff --git a/toolkit/themes/windows/global/inContentUI.css b/toolkit/themes/windows/global/inContentUI.css
new file mode 100644
index 000000000..a3bca7b06
--- /dev/null
+++ b/toolkit/themes/windows/global/inContentUI.css
@@ -0,0 +1,159 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * The default namespace for this file is XUL. Be sure to prefix rules that
+ * are applicable to both XUL and HTML with '*|'.
+ */
+@namespace url("http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul");
+@namespace html url("http://www.w3.org/1999/xhtml");
+
+/* Page background */
+*|*:root {
+  -moz-appearance: none;
+  padding: 18px;
+  background-repeat: repeat;
+  color: -moz-dialogText;
+  background-color: -moz-dialog;
+  background-image: /* Texture */
+                    url("chrome://global/skin/inContentUI/background-texture.png");
+}
+
+html|html {
+  font: message-box;
+}
+
+@media (-moz-windows-default-theme) and (-moz-os-version: windows-vista),
+       (-moz-windows-default-theme) and (-moz-os-version: windows-win7) {
+  *|*:root {
+    color: #000;
+    background-color: #CCD9EA;
+  }
+}
+
+@media (-moz-windows-glass) {
+  *|*:root {
+    /* Blame shorlander for this monstrosity. */
+    background-image: /* Side gradients */
+                      linear-gradient(to right,
+                                      rgba(255,255,255,0.2), transparent 40%,
+                                      transparent 60%, rgba(255,255,255,0.2)),
+                      /* Aero-style light beams */
+                      -moz-linear-gradient(left 32deg,
+                                           /* First light beam */
+                                           transparent 19.5%, rgba(255,255,255,0.1) 20%,
+                                           rgba(255,255,255,0.1) 21.5%, rgba(255,255,255,0.2) 22%,
+                                           rgba(255,255,255,0.2) 25.5%, rgba(255,255,255,0.1) 26%,
+                                           rgba(255,255,255,0.1) 27.5%, transparent 28%,
+                                           /* Second light beam */
+                                           transparent 49.5%, rgba(255,255,255,0.1) 50%,
+                                           rgba(255,255,255,0.1) 52.5%, rgba(255,255,255,0.2) 53%,
+                                           rgba(255,255,255,0.2) 54.5%, rgba(255,255,255,0.1) 55%,
+                                           rgba(255,255,255,0.1) 57.5%, transparent 58%,
+                                           /* Third light beam */
+                                           transparent 87%, rgba(255,255,255,0.2) 90%),
+                      /* Texture */
+                      url("chrome://global/skin/inContentUI/background-texture.png");
+  }
+}
+
+/* Use the new in-content colors for #contentAreaDownloadsView. After landing
+   of bug 989469 the colors can be moved to *|*:root */
+*|*#contentAreaDownloadsView {
+  background: #f1f1f1;
+  color: #424e5a;
+}
+
+/* Content */
+*|*.main-content {
+  /* Needed to allow the radius to clip the inner content, see bug 595656 */
+  overflow: hidden;
+  background-color: rgba(255, 255, 255, 0.35);
+  background-image: linear-gradient(rgba(255, 255, 255, 0),
+                                    rgba(255, 255, 255, 0.75));
+  border: 1px solid #C3CEDF;
+}
+
+%ifdef XP_WIN
+@media (-moz-os-version: windows-vista),
+       (-moz-os-version: windows-win7) {
+%endif
+  *|*.main-content {
+    border-radius: 5px;
+  }
+%ifdef XP_WIN
+}
+%endif
+
+@media (-moz-windows-glass) {
+  /* Buttons */
+  *|button,
+  menulist,
+  colorpicker[type="button"] {
+    -moz-appearance: none;
+    color: black;
+    padding: 0 5px;
+    background: linear-gradient(rgba(251, 252, 253, 0.95), transparent 49%, 
+                                rgba(211, 212, 213, 0.45) 51%, rgba(225, 226, 229, 0.3));
+    background-clip: padding-box;
+    border-radius: 3px;
+    border: 1px solid rgba(31, 64, 100, 0.4);
+    border-top-color: rgba(31, 64, 100, 0.3);
+    box-shadow: 0 0 0 1px rgba(255, 255, 255, 0.25) inset,
+                0 0 2px 1px rgba(255, 255, 255, 0.25) inset;
+  }
+
+  menulist {
+    -moz-padding-end: 0;
+  }
+
+  colorpicker[type="button"]:-moz-focusring:not([open="true"]) > .colorpicker-button-colorbox {
+    outline: 1px dotted ThreeDDarkShadow;
+  }
+
+  html|button[disabled],
+  button[disabled="true"],
+  menulist[disabled="true"],
+  colorpicker[type="button"][disabled="true"] {
+    -moz-border-top-colors: rgba(31, 64, 100, 0.3) !important;
+    -moz-border-right-colors: rgba(31, 64, 100, 0.4) !important;
+    -moz-border-bottom-colors: rgba(31, 64, 100, 0.4) !important;
+    -moz-border-left-colors: rgba(31, 64, 100, 0.4) !important;
+    opacity: 0.8;
+    color: #505050;
+  }
+
+  html|button:not([disabled]):active:hover,
+  button:not([disabled="true"]):active:hover,
+  menulist[open="true"]:not([disabled="true"]),
+  colorpicker[type="button"][open="true"]:not([disabled="true"]) {
+    background-color: rgba(61, 76, 92, 0.2);
+    border-color: rgba(39, 53, 68, 0.5);
+    box-shadow: 0 0 3px 1px rgba(39, 53, 68, 0.2) inset;
+  }
+
+  button > .button-box {
+    padding: 1px !important;
+  }
+
+  spinbuttons > .spinbuttons-box > .spinbuttons-button {
+    border-radius: 0;
+    padding: 0 4px;
+  }
+
+  spinbuttons > .spinbuttons-box > .spinbuttons-up {
+    list-style-image: url("chrome://global/skin/arrow/arrow-up.gif");
+    border-bottom-width: 0;
+  }
+
+  spinbuttons > .spinbuttons-box > .spinbuttons-down {
+    list-style-image: url("chrome://global/skin/arrow/arrow-dn.gif");
+  }
+}
+
+colorpicker[type="button"] {
+  margin: 1px 5px 2px 5px;
+  padding: 3px;
+  height: 25px;
+}
diff --git a/toolkit/themes/windows/global/jar.mn b/toolkit/themes/windows/global/jar.mn
index a6ccbd71d..8c5d5de5a 100644
--- a/toolkit/themes/windows/global/jar.mn
+++ b/toolkit/themes/windows/global/jar.mn
@@ -27,6 +27,7 @@ toolkit.jar:
   skin/classic/global/console/itemSelected.png             (console/itemSelected.png)
   skin/classic/global/findBar.css
 * skin/classic/global/global.css
+* skin/classic/global/inContentUI.css
   skin/classic/global/listbox.css
   skin/classic/global/netError.css
   skin/classic/global/numberbox.css